b.santos/cloud-cap-samples
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

XSUAA Config 1

Browse Source
This commit is contained in:
Matthias Bühl
2020-01-30 17:32:23 +01:00
parent 6d0194acc0
commit e0e330c43a
5 changed files with 63 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
package.json
View File

@@ -11,13 +11,13 @@
"bookshop": "cds watch packages/bookshop", "bookshop": "cds watch packages/bookshop",
"bookshop-enhanced": "cds watch packages/bookshop-enhanced", "bookshop-enhanced": "cds watch packages/bookshop-enhanced",
"reviews-service": "cds watch packages/reviews-service", "reviews-service": "cds watch packages/reviews-service",
"bookstore": "cds watch packages/bookstore", "bookstore": "cds watch packages/bookstore",
"media-server": "cds watch packages/media-server" "media-server": "cds watch packages/media-server"
}, },
"dependencies": { "dependencies": {
"@sap/cds": "latest", "@sap/cds": "latest",
"express": "*" "express": "*",
"passport": "^0.4.1"
}, },
"devDependencies": { "devDependencies": {
"sqlite3": "*" "sqlite3": "*"

20
packages/bookshop/.cdsrc.json Normal file
View File

@@ -0,0 +1,20 @@
{
"auth": {
"passport": {
"strategy": "mock",
"users": {
"alice": {
"password": "123",
"ID": "alice",
"roles": ["admin", "authenticated-user"],
"xs.user.attributes": { "currency": [ "USD" ] }
},
"bob": {
"password": "123",
"ID": "bob",
"roles": ["authenticated-user"]
}
}
}
}
}

30
packages/bookshop/package.json
View File

@@ -5,10 +5,38 @@
"license": "SAP SAMPLE CODE LICENSE", "license": "SAP SAMPLE CODE LICENSE",
"dependencies": { "dependencies": {
"@sap/cds": "latest", "@sap/cds": "latest",
"express": "*" "express": "*",
"passport": "^0.4.1"
}, },
"scripts": { "scripts": {
"start": "cds run --in-memory?", "start": "cds run --in-memory?",
"watch": "cds watch" "watch": "cds watch"
},
"auth": {
"passport": {
"strategy": "mock",
"users": {
"alice": {
"password": "123",
"ID": "alice",
"roles": [
"admin",
"authenticated-user"
],
"xs.user.attributes": {
"country": [
"US"
]
}
},
"bob": {
"password": "123",
"ID": "bob",
"roles": [
"authenticated-user"
]
}
}
}
} }
} }

4
packages/bookshop/srv/admin-service.cds
View File

@@ -14,3 +14,7 @@ annotate AdminService.Orders with @odata.draft.enabled;
extend service AdminService with { extend service AdminService with {
entity OrderItems as select from my.OrderItems; entity OrderItems as select from my.OrderItems;
} }
// Restrict access to orders to users with role "admin"
annotate AdminService.Orders with @(restrict: [
{ grant: 'READ', to: 'admin' }
]);

8
packages/bookshop/srv/cat-service.js
View File

@@ -4,6 +4,7 @@ const { Books } = cds.entities
/** Service implementation for CatalogService */ /** Service implementation for CatalogService */
module.exports = cds.service.impl(function() { module.exports = cds.service.impl(function() {
this.after ('READ', 'Books', each => each.stock > 111 && _addDiscount2(each,11)) this.after ('READ', 'Books', each => each.stock > 111 && _addDiscount2(each,11))
this.before ('CREATE', 'Orders', _checkOrderCreateAuth)
this.before ('CREATE', 'Orders', _reduceStock) this.before ('CREATE', 'Orders', _reduceStock)
}) })
@@ -24,3 +25,10 @@ async function _reduceStock (req) {
) )
})) }))
} }
/** Check authorization */
function _checkOrderCreateAuth (req) {
req.user.country === req.data.country || req.reject(403)
}