/utils/roles
Roles utility module exports methods to inspect roles in object, checking object access, and merging roles objects based on provided user roles.
- Source
Requires
Methods
(inner) check(obj, user_roles) → {boolean}
Checks if an object should be accessible based on user roles
// Object with unrestricted access
check({ roles: { '*': true }, data: 'content' }, ['user']) // returns object
// Object with role restriction
check({ roles: { admin: true }, data: 'content' }, ['user']) // returns false
check({ roles: { admin: true }, data: 'content' }, ['admin']) // returns object
// Object with negated roles
check({ roles: { '!guest': true }, data: 'content' }, ['guest']) // returns false
check({ roles: { '!guest': true }, data: 'content' }, ['user']) // returns object
The check is also passed if the obj does not have a roles property.
| Name | Type | Description |
|---|---|---|
obj | Object | The object to check access for |
user_roles | Array.<string> | Array of roles assigned to the user |
| Name | Type | Description |
|---|---|---|
obj.roles | roles | Role configuration object |
- Source
Returns true if check is passed, false otherwise.
- Type:
- boolean
(inner) combine(child, parent)
Combines roles from a parent object into a child object. Handles two use cases:
- Template role assignment (when parent has localeRole, templateRole, or objRole properties)
- Simple parent-child role combination (for nested locales)
| Name | Type | Description |
|---|---|---|
child | Object | The child object (template or locale). |
parent | Object | The parent object providing role context. |
- Source
(inner) combineLocaleRoles(child, parent)
Combines roles for nested locales. Creates parent.child role combinations.
| Name | Type | Description |
|---|---|---|
child | Object | The child locale. |
parent | Object | The parent locale. |
- Source
(inner) combineTemplateRoles(template, obj)
Combines roles for templates. This replicates the old roleAssign behavior.
Templates may have an access role restriction. The template.role string property requires a user to have that role in order to access the template.
The role string will be added as boolean:true property to the template.roles object property if the property key is undefined.
template.role = 'bar' -> template.roles = {'bar':true}
A dot notation role key will be created if the obj has a role string property.
obj.role = 'foo' && template.role = 'bar' -> template.roles = {'foo.bar':true}
| Name | Type | Description |
|---|---|---|
template | Object | The template object (child). |
obj | Object | The parent object providing role context. |
- Source
(inner) objMerge(obj, user_roles) → {Object}
Recursively merges role-specific object properties based on user roles. The function handles several special cases:
- Recursively processes nested objects
- Handles arrays by mapping over their elements
- Processes negated roles (prefixed with '!')
- Preserves the original object if conditions aren't met
- Skip null or undefined values
const obj = {
name: 'layer',
roles: {
admin: { secretField: 'sensitive' },
user: { publicField: 'visible' }
}
};
// With admin role
objMerge(obj, ['admin']);
// Returns: { name: 'layer', secretField: 'sensitive', roles: {...} }
// With user role
objMerge(obj, ['user']);
// Returns: { name: 'layer', publicField: 'visible', roles: {...} }
| Name | Type | Description |
|---|---|---|
obj | Object | The object to process |
user_roles | Array.<string> | Array of roles assigned to the user |
| Name | Type | Description |
|---|---|---|
obj.roles | roles | Role configuration object |
- Source
Processed object with merged role-specific properties
- Type:
- Object
(inner) setInObj(rolesSet, obj)
The setInObj receives a set of roles and an object as params.
The method iterates through the object keys and will call itself for every object type property in the object param.
Any roles defined in the roles property of the object param will be added to the rolesSet param.
The method does not return anything but will modify the rolesSet param which is passed recursively.
Access roles defined as the role string property will also be added to the rolesSet.
| Name | Type | Description |
|---|---|---|
rolesSet | set | Set of roles to be modified while the param is passed recursively. |
obj | object | Object to evaluate for roles. |
| Name | Type | Attributes | Description |
|---|---|---|---|
obj.roles | object | <optional> | Roles in the object will be added to the rolesSet. |
obj.role | string | <optional> | Any [template] access role will be added to the rolesSet. |
- Source