@exulu/backend 1.12.0 → 1.13.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +2 -2
- package/dist/index.cjs +30 -22
- package/dist/index.js +30 -22
- package/package.json +1 -1
- package/types/models/user-role.ts +5 -2
package/CHANGELOG.md
CHANGED
|
@@ -1,9 +1,9 @@
|
|
|
1
|
-
# [1.
|
|
1
|
+
# [1.13.0](https://github.com/Qventu/exulu-backend/compare/v1.12.0...v1.13.0) (2025-08-17)
|
|
2
2
|
|
|
3
3
|
|
|
4
4
|
### Features
|
|
5
5
|
|
|
6
|
-
*
|
|
6
|
+
* add api access rights to global access controls for roles and add created_by for jobs ([203a37a](https://github.com/Qventu/exulu-backend/commit/203a37abac9151189eefa9b418eed5df92d78a1c))
|
|
7
7
|
|
|
8
8
|
# [1.1.0](https://github.com/Qventu/exulu-backend/compare/v1.0.1...v1.1.0) (2025-07-30)
|
|
9
9
|
|
package/dist/index.cjs
CHANGED
|
@@ -2056,33 +2056,33 @@ var handleRBACUpdate = async (db3, entityName, resourceId, rbacData, existingRba
|
|
|
2056
2056
|
function createMutations(table) {
|
|
2057
2057
|
const tableNamePlural = table.name.plural.toLowerCase();
|
|
2058
2058
|
const validateWriteAccess = async (id, context) => {
|
|
2059
|
-
const { db: db3, req, user } = context;
|
|
2060
|
-
const hasRBAC = table.RBAC === true;
|
|
2061
|
-
if (!hasRBAC) {
|
|
2062
|
-
return true;
|
|
2063
|
-
}
|
|
2064
|
-
if (user.super_admin === true) {
|
|
2065
|
-
return true;
|
|
2066
|
-
}
|
|
2067
|
-
if (!user.role || !(table.name.plural.includes("agent") && user.role.agents === "write") && !(table.name.plural.includes("workflow") && user.role.workflows === "write") && !(table.name.plural.includes("variable") && user.role.variables === "write") && !(table.name.plural.includes("user") && user.role.users === "write")) {
|
|
2068
|
-
console.error("Access control error: no role found for current user or no access to entity type.");
|
|
2069
|
-
throw new Error("Access control error: no role found for current user or no access to entity type.");
|
|
2070
|
-
}
|
|
2071
2059
|
try {
|
|
2072
|
-
const
|
|
2073
|
-
if (authResult.error || !authResult.user) {
|
|
2074
|
-
throw new Error("Authentication required");
|
|
2075
|
-
}
|
|
2076
|
-
const user2 = authResult.user;
|
|
2060
|
+
const { db: db3, req, user } = context;
|
|
2077
2061
|
const record = await db3.from(tableNamePlural).select(["rights_mode", "created_by"]).where({ id }).first();
|
|
2078
2062
|
if (!record) {
|
|
2079
2063
|
throw new Error("Record not found");
|
|
2080
2064
|
}
|
|
2065
|
+
if (tableNamePlural === "jobs") {
|
|
2066
|
+
if (!user.super_admin && record.created_by !== user.id) {
|
|
2067
|
+
throw new Error("You are not authorized to edit this record");
|
|
2068
|
+
}
|
|
2069
|
+
}
|
|
2070
|
+
const hasRBAC = table.RBAC === true;
|
|
2071
|
+
if (!hasRBAC) {
|
|
2072
|
+
return true;
|
|
2073
|
+
}
|
|
2074
|
+
if (user.super_admin === true) {
|
|
2075
|
+
return true;
|
|
2076
|
+
}
|
|
2077
|
+
if (!user.role || !(table.name.plural === "agents" && user.role.agents === "write") && !(table.name.plural === "workflow_templates" && user.role.workflows === "write") && !(table.name.plural === "variables" && user.role.variables === "write") && !(table.name.plural === "users" && user.role.users === "write")) {
|
|
2078
|
+
console.error("Access control error: no role found for current user or no access to entity type.");
|
|
2079
|
+
throw new Error("Access control error: no role found for current user or no access to entity type.");
|
|
2080
|
+
}
|
|
2081
2081
|
if (record.rights_mode === "public") {
|
|
2082
2082
|
return true;
|
|
2083
2083
|
}
|
|
2084
2084
|
if (record.rights_mode === "private") {
|
|
2085
|
-
if (record.created_by ===
|
|
2085
|
+
if (record.created_by === user.id) {
|
|
2086
2086
|
return true;
|
|
2087
2087
|
}
|
|
2088
2088
|
throw new Error("Only the creator can edit this private record");
|
|
@@ -2092,7 +2092,7 @@ function createMutations(table) {
|
|
|
2092
2092
|
entity: table.name.singular,
|
|
2093
2093
|
target_resource_id: id,
|
|
2094
2094
|
access_type: "User",
|
|
2095
|
-
user_id:
|
|
2095
|
+
user_id: user.id,
|
|
2096
2096
|
rights: "write"
|
|
2097
2097
|
}).first();
|
|
2098
2098
|
if (rbacRecord) {
|
|
@@ -2100,12 +2100,12 @@ function createMutations(table) {
|
|
|
2100
2100
|
}
|
|
2101
2101
|
throw new Error("Insufficient user permissions to edit this record");
|
|
2102
2102
|
}
|
|
2103
|
-
if (record.rights_mode === "roles" &&
|
|
2103
|
+
if (record.rights_mode === "roles" && user.role) {
|
|
2104
2104
|
const rbacRecord = await db3.from("rbac").where({
|
|
2105
2105
|
entity: table.name.singular,
|
|
2106
2106
|
target_resource_id: id,
|
|
2107
2107
|
access_type: "Role",
|
|
2108
|
-
role_id:
|
|
2108
|
+
role_id: user.role,
|
|
2109
2109
|
rights: "write"
|
|
2110
2110
|
}).first();
|
|
2111
2111
|
if (rbacRecord) {
|
|
@@ -2265,7 +2265,11 @@ var applyAccessControl = (table, user, query) => {
|
|
|
2265
2265
|
if (user.super_admin === true) {
|
|
2266
2266
|
return query;
|
|
2267
2267
|
}
|
|
2268
|
-
if (
|
|
2268
|
+
if (table.name.plural === "jobs") {
|
|
2269
|
+
query = query.where("created_by", user.id);
|
|
2270
|
+
return query;
|
|
2271
|
+
}
|
|
2272
|
+
if (!user.role || !(table.name.plural === "agents" && (user.role.agents === "read" || user.role.agents === "write")) && !(table.name.plural === "workflow_templates" && (user.role.workflows === "read" || user.role.workflows === "write")) && !(table.name.plural === "variables" && (user.role.variables === "read" || user.role.variables === "write")) && !(table.name.plural === "users" && (user.role.users === "read" || user.role.users === "write"))) {
|
|
2269
2273
|
console.error("Access control error: no role found or no access to entity type.");
|
|
2270
2274
|
return query.where("1", "=", "0");
|
|
2271
2275
|
}
|
|
@@ -2980,6 +2984,10 @@ var jobsSchema = {
|
|
|
2980
2984
|
name: "session",
|
|
2981
2985
|
type: "text"
|
|
2982
2986
|
},
|
|
2987
|
+
{
|
|
2988
|
+
name: "created_by",
|
|
2989
|
+
type: "number"
|
|
2990
|
+
},
|
|
2983
2991
|
{
|
|
2984
2992
|
name: "status",
|
|
2985
2993
|
type: "text"
|
package/dist/index.js
CHANGED
|
@@ -2014,33 +2014,33 @@ var handleRBACUpdate = async (db3, entityName, resourceId, rbacData, existingRba
|
|
|
2014
2014
|
function createMutations(table) {
|
|
2015
2015
|
const tableNamePlural = table.name.plural.toLowerCase();
|
|
2016
2016
|
const validateWriteAccess = async (id, context) => {
|
|
2017
|
-
const { db: db3, req, user } = context;
|
|
2018
|
-
const hasRBAC = table.RBAC === true;
|
|
2019
|
-
if (!hasRBAC) {
|
|
2020
|
-
return true;
|
|
2021
|
-
}
|
|
2022
|
-
if (user.super_admin === true) {
|
|
2023
|
-
return true;
|
|
2024
|
-
}
|
|
2025
|
-
if (!user.role || !(table.name.plural.includes("agent") && user.role.agents === "write") && !(table.name.plural.includes("workflow") && user.role.workflows === "write") && !(table.name.plural.includes("variable") && user.role.variables === "write") && !(table.name.plural.includes("user") && user.role.users === "write")) {
|
|
2026
|
-
console.error("Access control error: no role found for current user or no access to entity type.");
|
|
2027
|
-
throw new Error("Access control error: no role found for current user or no access to entity type.");
|
|
2028
|
-
}
|
|
2029
2017
|
try {
|
|
2030
|
-
const
|
|
2031
|
-
if (authResult.error || !authResult.user) {
|
|
2032
|
-
throw new Error("Authentication required");
|
|
2033
|
-
}
|
|
2034
|
-
const user2 = authResult.user;
|
|
2018
|
+
const { db: db3, req, user } = context;
|
|
2035
2019
|
const record = await db3.from(tableNamePlural).select(["rights_mode", "created_by"]).where({ id }).first();
|
|
2036
2020
|
if (!record) {
|
|
2037
2021
|
throw new Error("Record not found");
|
|
2038
2022
|
}
|
|
2023
|
+
if (tableNamePlural === "jobs") {
|
|
2024
|
+
if (!user.super_admin && record.created_by !== user.id) {
|
|
2025
|
+
throw new Error("You are not authorized to edit this record");
|
|
2026
|
+
}
|
|
2027
|
+
}
|
|
2028
|
+
const hasRBAC = table.RBAC === true;
|
|
2029
|
+
if (!hasRBAC) {
|
|
2030
|
+
return true;
|
|
2031
|
+
}
|
|
2032
|
+
if (user.super_admin === true) {
|
|
2033
|
+
return true;
|
|
2034
|
+
}
|
|
2035
|
+
if (!user.role || !(table.name.plural === "agents" && user.role.agents === "write") && !(table.name.plural === "workflow_templates" && user.role.workflows === "write") && !(table.name.plural === "variables" && user.role.variables === "write") && !(table.name.plural === "users" && user.role.users === "write")) {
|
|
2036
|
+
console.error("Access control error: no role found for current user or no access to entity type.");
|
|
2037
|
+
throw new Error("Access control error: no role found for current user or no access to entity type.");
|
|
2038
|
+
}
|
|
2039
2039
|
if (record.rights_mode === "public") {
|
|
2040
2040
|
return true;
|
|
2041
2041
|
}
|
|
2042
2042
|
if (record.rights_mode === "private") {
|
|
2043
|
-
if (record.created_by ===
|
|
2043
|
+
if (record.created_by === user.id) {
|
|
2044
2044
|
return true;
|
|
2045
2045
|
}
|
|
2046
2046
|
throw new Error("Only the creator can edit this private record");
|
|
@@ -2050,7 +2050,7 @@ function createMutations(table) {
|
|
|
2050
2050
|
entity: table.name.singular,
|
|
2051
2051
|
target_resource_id: id,
|
|
2052
2052
|
access_type: "User",
|
|
2053
|
-
user_id:
|
|
2053
|
+
user_id: user.id,
|
|
2054
2054
|
rights: "write"
|
|
2055
2055
|
}).first();
|
|
2056
2056
|
if (rbacRecord) {
|
|
@@ -2058,12 +2058,12 @@ function createMutations(table) {
|
|
|
2058
2058
|
}
|
|
2059
2059
|
throw new Error("Insufficient user permissions to edit this record");
|
|
2060
2060
|
}
|
|
2061
|
-
if (record.rights_mode === "roles" &&
|
|
2061
|
+
if (record.rights_mode === "roles" && user.role) {
|
|
2062
2062
|
const rbacRecord = await db3.from("rbac").where({
|
|
2063
2063
|
entity: table.name.singular,
|
|
2064
2064
|
target_resource_id: id,
|
|
2065
2065
|
access_type: "Role",
|
|
2066
|
-
role_id:
|
|
2066
|
+
role_id: user.role,
|
|
2067
2067
|
rights: "write"
|
|
2068
2068
|
}).first();
|
|
2069
2069
|
if (rbacRecord) {
|
|
@@ -2223,7 +2223,11 @@ var applyAccessControl = (table, user, query) => {
|
|
|
2223
2223
|
if (user.super_admin === true) {
|
|
2224
2224
|
return query;
|
|
2225
2225
|
}
|
|
2226
|
-
if (
|
|
2226
|
+
if (table.name.plural === "jobs") {
|
|
2227
|
+
query = query.where("created_by", user.id);
|
|
2228
|
+
return query;
|
|
2229
|
+
}
|
|
2230
|
+
if (!user.role || !(table.name.plural === "agents" && (user.role.agents === "read" || user.role.agents === "write")) && !(table.name.plural === "workflow_templates" && (user.role.workflows === "read" || user.role.workflows === "write")) && !(table.name.plural === "variables" && (user.role.variables === "read" || user.role.variables === "write")) && !(table.name.plural === "users" && (user.role.users === "read" || user.role.users === "write"))) {
|
|
2227
2231
|
console.error("Access control error: no role found or no access to entity type.");
|
|
2228
2232
|
return query.where("1", "=", "0");
|
|
2229
2233
|
}
|
|
@@ -2938,6 +2942,10 @@ var jobsSchema = {
|
|
|
2938
2942
|
name: "session",
|
|
2939
2943
|
type: "text"
|
|
2940
2944
|
},
|
|
2945
|
+
{
|
|
2946
|
+
name: "created_by",
|
|
2947
|
+
type: "number"
|
|
2948
|
+
},
|
|
2941
2949
|
{
|
|
2942
2950
|
name: "status",
|
|
2943
2951
|
type: "text"
|
package/package.json
CHANGED
|
@@ -1,8 +1,11 @@
|
|
|
1
1
|
export type UserRole = {
|
|
2
|
-
id
|
|
3
|
-
name
|
|
2
|
+
id?: string;
|
|
3
|
+
name?: string;
|
|
4
4
|
agents?: "read" | "write" | null;
|
|
5
5
|
workflows?: "read" | "write" | null;
|
|
6
6
|
variables?: "read" | "write" | null;
|
|
7
7
|
users?: "read" | "write" | null;
|
|
8
|
+
api?: "read" | "write" | null;
|
|
9
|
+
createdAt?: string;
|
|
10
|
+
updatedAt?: string;
|
|
8
11
|
};
|