From e0e330c43a69d7ad668393481075f320ec5a29eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matthias=20B=C3=BChl?= Date: Thu, 30 Jan 2020 17:32:23 +0100 Subject: [PATCH] XSUAA Config 1 --- package.json | 4 ++-- packages/bookshop/.cdsrc.json | 20 +++++++++++++++++ packages/bookshop/package.json | 30 ++++++++++++++++++++++++- packages/bookshop/srv/admin-service.cds | 4 ++++ packages/bookshop/srv/cat-service.js | 8 +++++++ 5 files changed, 63 insertions(+), 3 deletions(-) create mode 100644 packages/bookshop/.cdsrc.json diff --git a/package.json b/package.json index 499371c6..edd10d8f 100644 --- a/package.json +++ b/package.json @@ -11,13 +11,13 @@ "bookshop": "cds watch packages/bookshop", "bookshop-enhanced": "cds watch packages/bookshop-enhanced", "reviews-service": "cds watch packages/reviews-service", - "bookstore": "cds watch packages/bookstore", "media-server": "cds watch packages/media-server" }, "dependencies": { "@sap/cds": "latest", - "express": "*" + "express": "*", + "passport": "^0.4.1" }, "devDependencies": { "sqlite3": "*" diff --git a/packages/bookshop/.cdsrc.json b/packages/bookshop/.cdsrc.json new file mode 100644 index 00000000..d4a1031a --- /dev/null +++ b/packages/bookshop/.cdsrc.json @@ -0,0 +1,20 @@ +{ + "auth": { + "passport": { + "strategy": "mock", + "users": { + "alice": { + "password": "123", + "ID": "alice", + "roles": ["admin", "authenticated-user"], + "xs.user.attributes": { "currency": [ "USD" ] } + }, + "bob": { + "password": "123", + "ID": "bob", + "roles": ["authenticated-user"] + } + } + } +} +} diff --git a/packages/bookshop/package.json b/packages/bookshop/package.json index 4a9d52e9..1e34a6d9 100644 --- a/packages/bookshop/package.json +++ b/packages/bookshop/package.json @@ -5,10 +5,38 @@ "license": "SAP SAMPLE CODE LICENSE", "dependencies": { "@sap/cds": "latest", - "express": "*" + "express": "*", + "passport": "^0.4.1" }, "scripts": { "start": "cds run --in-memory?", "watch": "cds watch" + }, + "auth": { + "passport": { + "strategy": "mock", + "users": { + "alice": { + "password": "123", + "ID": "alice", + "roles": [ + "admin", + "authenticated-user" + ], + "xs.user.attributes": { + "country": [ + "US" + ] + } + }, + "bob": { + "password": "123", + "ID": "bob", + "roles": [ + "authenticated-user" + ] + } + } + } } } diff --git a/packages/bookshop/srv/admin-service.cds b/packages/bookshop/srv/admin-service.cds index a5b095dd..e88d7f0f 100644 --- a/packages/bookshop/srv/admin-service.cds +++ b/packages/bookshop/srv/admin-service.cds @@ -14,3 +14,7 @@ annotate AdminService.Orders with @odata.draft.enabled; extend service AdminService with { entity OrderItems as select from my.OrderItems; } +// Restrict access to orders to users with role "admin" + annotate AdminService.Orders with @(restrict: [ + { grant: 'READ', to: 'admin' } + ]); \ No newline at end of file diff --git a/packages/bookshop/srv/cat-service.js b/packages/bookshop/srv/cat-service.js index bd04c51e..dacdfef9 100644 --- a/packages/bookshop/srv/cat-service.js +++ b/packages/bookshop/srv/cat-service.js @@ -4,6 +4,7 @@ const { Books } = cds.entities /** Service implementation for CatalogService */ module.exports = cds.service.impl(function() { this.after ('READ', 'Books', each => each.stock > 111 && _addDiscount2(each,11)) + this.before ('CREATE', 'Orders', _checkOrderCreateAuth) this.before ('CREATE', 'Orders', _reduceStock) }) @@ -24,3 +25,10 @@ async function _reduceStock (req) { ) })) } + +/** Check authorization */ +function _checkOrderCreateAuth (req) { + req.user.country === req.data.country || req.reject(403) +} + +