cube.js 基于queryRewrite 进行安全控制

基于queryRewrite 我们可以做强大的安全控制,比如基于角色的访问控制以及基于列的访问控制

基于角色的访问控制

module.exports = {
  queryRewrite: (query, { securityContext }) => {
    if (!securityContext.role) {
      throw new Error('No role found in Security Context!');
    }
 
    if (securityContext.role == 'manager') {
      query.filters.push({
        member: 'Orders.status',
        operator: 'equals',
        values: ['shipped', 'completed'],
      });
    }
 
    if (securityContext.role == 'operator') {
      query.filters.push({
        member: 'Orders.status',
        operator: 'equals',
        values: ['processing'],
      });
    }
 
    return query;
  },
};

基于列的访问控制

module.exports = {
  queryRewrite: (query, { securityContext }) => {
    const cubeNames = [
      ...Array.from(query.measures, (e) => e.split('.')[0]),
      ...Array.from(query.dimensions, (e) => e.split('.')[0]),
    ];
 
    if (cubeNames.includes('Products')) {
      if (!securityContext.email) {
        throw new Error('No email found in Security Context!');
      }
 
      query.filters.push({
        member: `Suppliers.email`,
        operator: 'equals',
        values: [securityContext.email],
      });
    }
 
    return query;
  },
};

说明

以上内容是基于官方文档的,是一个不错的资料

参考资料

https://cube.dev/docs/recipes/column-based-access
https://cube.dev/docs/recipes/role-based-access

posted on 2021-08-24 21:51  荣锋亮  阅读(99)  评论(0编辑  收藏  举报

导航