1. 程式人生 > 其它 >cube.js 基於queryRewrite 進行安全控制

cube.js 基於queryRewrite 進行安全控制

基於queryRewrite 我們可以做強大的安全控制,比如基於角色的訪問控制以及基於列的訪問控制

基於角色的訪問控制

module.exports = {
  queryRewrite: (query, { securityContext }) => {
    if (!securityContext.role) {
      throw new Error('No role found in Security Context!');
    }
    if (securityContext.role == 'manager') {
      query.filters.push({
        member: 'Orders.status',
        operator: 'equals',
        values: ['shipped', 'completed'],
      });
    }
    if (securityContext.role == 'operator') {
      query.filters.push({
        member: 'Orders.status',
        operator: 'equals',
        values: ['processing'],
      });
    }
    return query;
  },
};

基於列的訪問控制

module.exports = {
  queryRewrite: (query, { securityContext }) => {
    const cubeNames = [
      ...Array.from(query.measures, (e) => e.split('.')[0]),
      ...Array.from(query.dimensions, (e) => e.split('.')[0]),
    ];
    if (cubeNames.includes('Products')) {
      if (!securityContext.email) {
        throw new Error('No email found in Security Context!');
      }
      query.filters.push({
        member: `Suppliers.email`,
        operator: 'equals',
        values: [securityContext.email],
      });
    }
    return query;
  },
};

說明

以上內容是基於官方文件的,是一個不錯的資料

參考資料

https://cube.dev/docs/recipes/column-based-access
https://cube.dev/docs/recipes/role-based-access