initial
This commit is contained in:
sjvans
42
gdpr/srv/auth.js
Normal file
42
gdpr/srv/auth.js
Normal file
@@ -0,0 +1,42 @@
|
||||
/*
|
||||
* workaround to avoid approuter et al. setup
|
||||
*
|
||||
* DO NOT USE FOR PRODUCTION!
|
||||
* - no token validation
|
||||
* - no xsappname check
|
||||
*/
|
||||
|
||||
const jwt = require('jsonwebtoken')
|
||||
const tenant = process.env.VCAP_SERVICES
|
||||
? JSON.parse(process.env.VCAP_SERVICES).xsuaa[0].credentials.tenantid
|
||||
: 'anonymous'
|
||||
|
||||
module.exports = (req, res, next) => {
|
||||
// decode JWT coming from Personal Data Manager
|
||||
const bearer = req.headers.authorization && req.headers.authorization.split('Bearer ')[1]
|
||||
if (bearer) {
|
||||
const { client_id: id, zid: tenant, scope: roles } = jwt.decode(bearer)
|
||||
req.user = {
|
||||
id,
|
||||
tenant,
|
||||
is: role => roles.some(r => r.endsWith(`.${role}`))
|
||||
}
|
||||
return next()
|
||||
}
|
||||
|
||||
// mock user that has every role EXCEPT PersonalDataManagerUser
|
||||
const basic = req.headers.authorization && req.headers.authorization.split('Basic ')[1]
|
||||
if (basic) {
|
||||
const [id] = Buffer.from(basic, 'base64').toString('utf-8').split(':')
|
||||
req.user = {
|
||||
id,
|
||||
tenant,
|
||||
// is: role => role !== 'PersonalDataManagerUser'
|
||||
is: role => true
|
||||
}
|
||||
return next()
|
||||
}
|
||||
|
||||
// no bearer & no basic -> 401
|
||||
res.set('WWW-Authenticate', 'Basic realm="Users"').status(401).end()
|
||||
}
|
||||
10
gdpr/srv/gdpr-service.cds
Normal file
10
gdpr/srv/gdpr-service.cds
Normal file
@@ -0,0 +1,10 @@
|
||||
using {
|
||||
sap.capire.orders,
|
||||
sap.capire.gdpr
|
||||
} from '../db/schema';
|
||||
|
||||
@requires : 'admin' // > authorization check
|
||||
service GDPRService {
|
||||
entity Customers as projection on gdpr.Customers;
|
||||
entity Orders as projection on orders.Orders;
|
||||
}
|
||||
24
gdpr/srv/pdm-service.cds
Normal file
24
gdpr/srv/pdm-service.cds
Normal file
@@ -0,0 +1,24 @@
|
||||
using {
|
||||
sap.capire.gdpr as gdpr,
|
||||
sap.capire.orders as orders
|
||||
} from '../db/data-privacy';
|
||||
|
||||
@requires : 'PersonalDataManagerUser' // > authorization check
|
||||
service PDMService {
|
||||
|
||||
entity Customers as projection on gdpr.Customers;
|
||||
entity CustomerPostalAddresses as projection on gdpr.CustomerPostalAddresses;
|
||||
entity Orders as projection on orders.Orders;
|
||||
|
||||
/*
|
||||
* additional annotations for Personal Data Manager's Search Fields
|
||||
*/
|
||||
annotate Customers with @(Communication.Contact : {
|
||||
n : {
|
||||
surname : lastName,
|
||||
given : firstName
|
||||
},
|
||||
bday : dateOfBirth
|
||||
});
|
||||
|
||||
};
|
||||
Reference in New Issue
Block a user