npm - @abtnode/rbac - Versions diffs - 1.16.8-beta-186fd5aa → 1.16.8-next-d1e52353 - Mend

@abtnode/rbac 1.16.8-beta-186fd5aa → 1.16.8-next-d1e52353

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/lib/core/rbac.js CHANGED Viewed

@@ -32,7 +32,7 @@ module.exports = class RBAC {
    * RBAC constructor
    * @constructor RBAC
    * @param  {Object} options             Options for RBAC
-   * @param  {Storage}  [options.storage]  Storage of grants
+   * @param  {import('./storage')}  [options.storage]  Storage of grants
    * @param  {Array}    [options.roles]            List of role names (String)
    * @param  {Object}   [options.permissions]      List of permissions
    * @param  {Object}   [options.grants]           List of grants
@@ -179,6 +179,7 @@ module.exports = class RBAC {
    * @method RBAC#createRole
    * @param {String} roleName Name of new Role
    * @param {Boolean} [add] True if you need to add it to the storage
+   * @param {object} opt
    * @param {String} opt.title Title of new Role
    * @param {String} opt.description Description of new Role
    * @param {String} opt.extra Extra info of new Role
@@ -199,6 +200,7 @@ module.exports = class RBAC {
    * @param {String} action Name of action
    * @param {String} resource Name of resource
    * @param {Boolean} [add] True if you need to add it to the storage
+   * @param {object} opt
    * @param {String} opt.title Title of permission
    * @param {String} opt.description Description of permission
    * @param {String} opt.extra Extra info of permission
@@ -540,6 +542,7 @@ module.exports = class RBAC {
    * Update role or permission from RBAC
    * @method RBAC#updateByName
    * @param {String} name Name of role or permission
+   * @param {object} opt
    * @param {String} opt.title Title of role or permission
    * @param {String} opt.description Description of role or permission
    * @param {String} opt.extra Extra Info of role or permission

package/lib/core/storage.js CHANGED Viewed

@@ -72,6 +72,10 @@ module.exports = class Storage {
     throw new Error('Storage method getRoles is not implemented');
   }
+  async updateGrants() {
+    throw new Error('Storage method updateGrants is not implemented');
+  }
   /**
    * Get all instances of Permissions
    * @method Storage#getPermissions

package/lib/index.js CHANGED Viewed

@@ -1,13 +1,14 @@
 const { RBAC } = require('./core');
 const NedbStorage = require('./store/nedb');
+const SequelizeStorage = require('./store/sequelize');
 const MemoryStorage = require('./store/memory');
 /**
  * @param {object} options
- * @param {rbac.Storage} options.storage
- * @param {object} options.data
- * @param {array<string>} options.data.roles
+ * @param {import('./core/storage')} options.storage
+ * @param {object} [options.data]
+ * @param {Array<string>} options.data.roles
  * @param {object} options.data.permissions
  * @param {object} options.data.grant
  */
@@ -78,5 +79,6 @@ const createRBAC = async ({ storage, data = {} } = {}) => {
 module.exports = {
   NedbStorage,
   MemoryStorage,
+  SequelizeStorage,
   createRBAC,
 };

package/lib/store/sequelize.js ADDED Viewed

@@ -0,0 +1,218 @@
+const pick = require('lodash/pick');
+const Storage = require('../core/storage');
+const Permission = require('../core/permission');
+const Role = require('../core/role');
+const ItemTypes = Object.freeze({
+  Role: 'role',
+  Permission: 'permission',
+});
+class SequelizeStorage extends Storage {
+  constructor(db) {
+    super();
+    this.db = db;
+  }
+  async add(item) {
+    const { name } = item;
+    if (await this.db.count({ name })) {
+      throw new Error(`Item ${name} already exists`);
+    }
+    const doc = {
+      name: item.name,
+      title: item.title,
+      description: item.description,
+      extra: item.extra,
+    };
+    if (item instanceof Role) {
+      doc.type = ItemTypes.Role;
+      doc.grants = [];
+    }
+    if (item instanceof Permission) {
+      doc.type = ItemTypes.Permission;
+    }
+    await this.db.insert(doc);
+    return true;
+  }
+  async remove(item) {
+    const { name } = item;
+    if (!(await this.db.count({ name }))) {
+      throw new Error(`Item ${name} is not presented in storage`);
+    }
+    await this.db.remove({ name });
+    const docs = await this.db.find({ type: ItemTypes.Role });
+    await Promise.all(
+      docs.map((doc) => this.db.update({ id: doc.id }, { $set: { grants: doc.grants.filter((x) => x !== name) } }))
+    );
+    return true;
+  }
+  async update(item, { title, description, extra } = {}) {
+    const { name } = item;
+    if (!(await this.db.count({ name }))) {
+      throw new Error(`Item ${name} is not presented in storage`);
+    }
+    await this.db.update({ name }, pick({ title, description, extra }, 'title', 'description', 'extra'));
+    return this.get(name);
+  }
+  async grant(role, child) {
+    const { name } = role;
+    const { name: childName } = child;
+    if (!(await this.db.count({ name }))) {
+      throw new Error(`Role ${name} is not exist`);
+    }
+    if (!(await this.db.count({ name: childName }))) {
+      throw new Error(`Base ${childName} is not exist`);
+    }
+    if (!(role instanceof Role)) {
+      throw new Error('Role is not instance of Role');
+    }
+    if (name === childName) {
+      throw new Error(`You can grant yourself ${name}`);
+    }
+    const docs = await this.db.find({ name });
+    await Promise.all(
+      docs.map((doc) =>
+        this.db.update({ id: doc.id }, { grants: [...doc.grants.filter((x) => x !== childName), childName] })
+      )
+    );
+    return true;
+  }
+  async revoke(role, child) {
+    const { name } = role;
+    const { name: childName } = child;
+    if (!(await this.db.count({ name })) || !(await this.db.count({ name: childName }))) {
+      throw new Error('Role is not exist');
+    }
+    const docs = await this.db.find({ name });
+    await Promise.all(
+      docs.map((doc) => this.db.update({ id: doc.id }, { grants: doc.grants.filter((x) => x !== childName) }))
+    );
+    return true;
+  }
+  async get(name) {
+    const item = await this.db.findOne({ name });
+    if (!item) {
+      return undefined;
+    }
+    if (item.type === ItemTypes.Role) {
+      return this.resolveRole(item);
+    }
+    if (item.type === ItemTypes.Permission) {
+      return this.resolvePermission(item);
+    }
+    return undefined;
+  }
+  async getRoles() {
+    const roles = await this.db.find({ type: ItemTypes.Role }, {}, { createdAt: -1 });
+    return roles.map((item) => this.resolveRole(item));
+  }
+  async getPermissions() {
+    const permissions = await this.db.find({ type: ItemTypes.Permission }, {}, { createdAt: -1 });
+    return permissions.map((item) => this.resolvePermission(item));
+  }
+  async getGrants(name) {
+    const item = await this.db.findOne({ name });
+    if (item) {
+      const grants = await Promise.all((item.grants || []).map((x) => this.get(x)));
+      return grants;
+    }
+    return [];
+  }
+  // custom
+  async updateGrants(roleName, grantNames = []) {
+    const role = await this.db.findOne({ name: roleName });
+    if (!role) {
+      throw new Error(`Role ${roleName} is not exist`);
+    }
+    if (role.type !== ItemTypes.Role) {
+      throw new Error(`${roleName} is not a role`);
+    }
+    const names = await this.db.find({}, { name: 1 });
+    const namesMap = names.reduce((o, { name }) => {
+      o[name] = true;
+      return o;
+    }, {});
+    grantNames.forEach((grantName) => {
+      if (!namesMap[grantName]) {
+        throw new Error(`${grantName} is not exist`);
+      }
+      if (roleName === grantName) {
+        throw new Error(`You can grant yourself ${roleName}`);
+      }
+    });
+    await this.db.update({ name: roleName }, { grants: grantNames });
+    return this.get(roleName);
+  }
+  // private
+  /**
+   * @param {Object} item
+   *  name: string
+   *  type: ItemTypes
+   *  grants: string[]
+   */
+  resolveRole(item) {
+    const { name, title, description, extra } = item;
+    const role = new Role(this.rbac, name, { title, description, extra });
+    role.grants = item.grants;
+    return role;
+  }
+  /**
+   * @param {Object} item
+   *  name: string
+   *  type: ItemTypes
+   */
+  resolvePermission(item) {
+    const { name, title, description, extra } = item;
+    const { action, resource } = Permission.decodeName(name, this.rbac.options.delimiter);
+    const permission = new Permission(this.rbac, action, resource, { title, description, extra });
+    return permission;
+  }
+}
+module.exports = SequelizeStorage;

package/package.json CHANGED Viewed

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.16.8-beta-186fd5aa",
+  "version": "1.16.8-next-d1e52353",
   "description": "Simple lib to manage access controls in ABT Node",
   "main": "lib/index.js",
   "files": [
@@ -19,12 +19,12 @@
   "author": "linchen1987 <linchen.1987@foxmail.com> (http://github.com/linchen1987)",
   "license": "MIT",
   "dependencies": {
-    "@abtnode/db": "1.16.8-beta-186fd5aa",
+    "@abtnode/db": "1.16.8-next-d1e52353",
     "fs-extra": "^10.1.0",
     "lodash": "^4.17.21"
   },
   "devDependencies": {
     "jest": "^27.5.1"
   },
-  "gitHead": "3150c3a5c3e041fe7f5a3902418d9d62adee3173"
+  "gitHead": "d357376aa3df9ef789befc7f548629deecb04d96"
 }