@flowerforce/flower-core 4.0.1-beta.1 → 4.0.1-beta.10

package/CHANGELOG.md

@@ -1,3 +1,38 @@
+## 3.5.2 (2025-04-23)
+
+
+### 🩹 Fixes
+
+- fix init nodes ([996d8af](https://github.com/flowerforce/flower/commit/996d8af))
+
+- package lock ([a3bb210](https://github.com/flowerforce/flower/commit/a3bb210))
+
+## 3.5.1 (2025-04-19)
+
+
+### 🩹 Fixes
+
+- remove empty object from init state ([8604346](https://github.com/flowerforce/flower/commit/8604346))
+
+## 3.5.0 (2025-04-19)
+
+
+### 🚀 Features
+
+- remove data blank from init nodes ([#80](https://github.com/flowerforce/flower/pull/80))
+
+## 3.4.0 (2025-04-19)
+
+
+### 🚀 Features
+
+- added remove value on hide element ([#68](https://github.com/flowerforce/flower/pull/68))
+
+
+### 🩹 Fixes
+
+- avoid validate hidden field ([#67](https://github.com/flowerforce/flower/pull/67))
+
 ## 3.3.0 (2024-10-08)
 
 

package/dist/index.cjs.js

@@ -62,6 +62,89 @@ const generateData = (data) => {
     };
 };
 
+class AbacEngine {
+    constructor(rules = []) {
+        // compile string conditions once
+        this.rules = (rules || [])
+            .map((r) => {
+            let conditionFn = undefined;
+            if (r.condition) {
+                try {
+                    // NOTE: uses new Function -> ensure rules.json is trusted by the app owner
+                    conditionFn = new Function('subject', 'resource', 'action', 'environment', `return (${r.condition});`);
+                }
+                catch (err) {
+                    console.error('ABAC: failed to compile rule condition', r.id, err);
+                }
+            }
+            return { ...r, conditionFn };
+        })
+            .sort((a, b) => (a.priority ?? 100) - (b.priority ?? 100));
+    }
+    decide(ctx) {
+        let anyPermit = false;
+        for (const r of this.rules) {
+            const matchesAction = Array.isArray(r.action)
+                ? r.action.includes(ctx.action)
+                : r.action === ctx.action || r.action === '*';
+            if (!matchesAction)
+                continue;
+            let matches = true;
+            if (r.conditionFn) {
+                try {
+                    matches = !!r.conditionFn(ctx.subject, ctx.resource, ctx.action, ctx.environment);
+                }
+                catch (err) {
+                    matches = false;
+                    console.error(`ABAC: rule ${r.id} threw while evaluating`, err);
+                }
+            }
+            if (!matches)
+                continue;
+            if (r.effect === 'Deny') {
+                // deny-overrides
+                return 'Deny';
+            }
+            if (r.effect === 'Permit') {
+                anyPermit = true;
+            }
+        }
+        return anyPermit ? 'Permit' : 'Deny';
+    }
+    // utility: checks multiple actions and returns those allowed
+    allowedActions(ctxBase, actions) {
+        return actions.filter((a) => this.decide({ ...ctxBase, action: a }) === 'Permit');
+    }
+}
+
+let engine = null;
+let rawRules = null;
+let currentSubject = null;
+function initAbac(rules) {
+    engine = new AbacEngine(rules);
+    rawRules = rules;
+}
+function getAbacEngine() {
+    if (!engine)
+        console.warn('ABAC engine non inizializzato');
+    return engine;
+}
+function getRawRules() {
+    return rawRules;
+}
+function isAbacInitialized() {
+    return engine !== null;
+}
+function setSubject(subject) {
+    currentSubject = subject;
+}
+function getSubject() {
+    return currentSubject;
+}
+function clearSubject() {
+    currentSubject = null;
+}
+
 const EMPTY_STRING_REGEXP = /^\s*$/;
 /**
  * Defines a utility object named rulesMatcherUtils, which contains various helper functions used for processing rules and data in a rule-matching context.
@@ -85,6 +168,11 @@ const rulesMatcherUtils = {
         if (!operators[op]) {
             throw new Error(`Error missing operator:${op}`);
         }
+        if (op === '$can') {
+            const subject = getSubject();
+            const valid = operators['$can'](subject ?? {}, _get(value, 'action'), _get(value, 'resource'));
+            return { valid, name: `${pathWithPrefix}___${name || op}` };
+        }
         const valid = operators[op] && operators[op](valueForKey, valueRef, opt, data);
         return { valid, name: `${pathWithPrefix}___${name || op}` };
     },
@@ -242,6 +330,11 @@ const rulesMatcherUtils = {
  * Defines a set of comparison operators used for matching rules against user input.
  */
 const operators = {
+    $can: (subject, action, resource) => getAbacEngine()?.decide({
+        subject: subject ?? {},
+        action,
+        resource
+    }) === 'Permit',
     $exists: (a, b) => !rulesMatcherUtils.isEmpty(a) === b,
     $eq: (a, b) => a === b,
     $ne: (a, b) => a !== b,
@@ -304,9 +397,6 @@ const flattenRules = (ob) => {
     }
     return result;
 };
-const getRulesExists = (rules) => {
-    return Object.keys(rules).length ? FlowUtils.mapEdge(rules) : undefined;
-};
 const FlowUtils = {
     generateRulesName: (nextRules) => {
         return nextRules.reduce((acc, inc) => {
@@ -363,23 +453,6 @@ const FlowUtils = {
         return res;
     },
     makeRules: (rules) => Object.entries(rules).reduce((acc2, [k, v]) => [...acc2, { nodeId: k, rules: v }], []),
-    // TODO: This function is strictly related to React nodes, could make sense to move it in the flower-react folder
-    generateNodesForFlowerJson: (nodes) => nodes
-        .filter((e) => !!_get(e, 'props.id'))
-        .map((e) => {
-        const rules = FlowUtils.makeRules(e.props.to ?? {});
-        const nextRules = getRulesExists(rules);
-        const children = e.props.data?.children;
-        return {
-            nodeId: e.props.id,
-            nodeType: e.type.displayName || e.props.as || 'FlowerNode',
-            nodeTitle: _get(e.props, 'data.title'),
-            children,
-            nextRules,
-            retain: e.props.retain,
-            disabled: e.props.disabled
-        };
-    }),
     allEqual: (arr, arr2) => arr.length === arr2.length && arr.every((v) => arr2.includes(v)),
     findValidRule: (nextRules, value, prefix) => find(nextRules, (rule) => {
         // fix per evitare di entrare in un nodo senza regole, ma con un name,
@@ -650,7 +723,7 @@ const FlowerCoreBaseReducers = {
             payload: { name: flowName, node: nextNumberNode }
         });
     },
-    prev: (state, { payload }) => {
+    back: (state, { payload }) => {
         const { name, flowName } = payload;
         FlowerCoreBaseReducers.historyPop(state, {
             type: 'historyPop',
@@ -843,6 +916,7 @@ const FlowerCoreStateSelectors = {
     ...FlowerCoreStateDataSelectors
 };
 
+exports.AbacEngine = AbacEngine;
 exports.CoreUtils = CoreUtils;
 exports.DataUtils = DataUtils;
 exports.Emitter = Emitter;
@@ -854,8 +928,15 @@ exports.FlowerCoreStateBaseSelectors = FlowerCoreStateBaseSelectors;
 exports.FlowerCoreStateDataSelectors = FlowerCoreStateDataSelectors;
 exports.FlowerCoreStateSelectors = FlowerCoreStateSelectors;
 exports.FlowerStateUtils = FlowerStateUtils;
+exports.clearSubject = clearSubject;
 exports.devtoolState = devtoolState;
 exports.flattenRules = flattenRules;
 exports.generateData = generateData;
+exports.getAbacEngine = getAbacEngine;
+exports.getRawRules = getRawRules;
+exports.getSubject = getSubject;
+exports.initAbac = initAbac;
+exports.isAbacInitialized = isAbacInitialized;
 exports.rulesMatcher = rulesMatcher;
 exports.rulesMatcherUtils = rulesMatcherUtils;
+exports.setSubject = setSubject;

package/dist/index.esm.js

@@ -60,6 +60,89 @@ const generateData = (data) => {
     };
 };
 
+class AbacEngine {
+    constructor(rules = []) {
+        // compile string conditions once
+        this.rules = (rules || [])
+            .map((r) => {
+            let conditionFn = undefined;
+            if (r.condition) {
+                try {
+                    // NOTE: uses new Function -> ensure rules.json is trusted by the app owner
+                    conditionFn = new Function('subject', 'resource', 'action', 'environment', `return (${r.condition});`);
+                }
+                catch (err) {
+                    console.error('ABAC: failed to compile rule condition', r.id, err);
+                }
+            }
+            return { ...r, conditionFn };
+        })
+            .sort((a, b) => (a.priority ?? 100) - (b.priority ?? 100));
+    }
+    decide(ctx) {
+        let anyPermit = false;
+        for (const r of this.rules) {
+            const matchesAction = Array.isArray(r.action)
+                ? r.action.includes(ctx.action)
+                : r.action === ctx.action || r.action === '*';
+            if (!matchesAction)
+                continue;
+            let matches = true;
+            if (r.conditionFn) {
+                try {
+                    matches = !!r.conditionFn(ctx.subject, ctx.resource, ctx.action, ctx.environment);
+                }
+                catch (err) {
+                    matches = false;
+                    console.error(`ABAC: rule ${r.id} threw while evaluating`, err);
+                }
+            }
+            if (!matches)
+                continue;
+            if (r.effect === 'Deny') {
+                // deny-overrides
+                return 'Deny';
+            }
+            if (r.effect === 'Permit') {
+                anyPermit = true;
+            }
+        }
+        return anyPermit ? 'Permit' : 'Deny';
+    }
+    // utility: checks multiple actions and returns those allowed
+    allowedActions(ctxBase, actions) {
+        return actions.filter((a) => this.decide({ ...ctxBase, action: a }) === 'Permit');
+    }
+}
+
+let engine = null;
+let rawRules = null;
+let currentSubject = null;
+function initAbac(rules) {
+    engine = new AbacEngine(rules);
+    rawRules = rules;
+}
+function getAbacEngine() {
+    if (!engine)
+        console.warn('ABAC engine non inizializzato');
+    return engine;
+}
+function getRawRules() {
+    return rawRules;
+}
+function isAbacInitialized() {
+    return engine !== null;
+}
+function setSubject(subject) {
+    currentSubject = subject;
+}
+function getSubject() {
+    return currentSubject;
+}
+function clearSubject() {
+    currentSubject = null;
+}
+
 const EMPTY_STRING_REGEXP = /^\s*$/;
 /**
  * Defines a utility object named rulesMatcherUtils, which contains various helper functions used for processing rules and data in a rule-matching context.
@@ -83,6 +166,11 @@ const rulesMatcherUtils = {
         if (!operators[op]) {
             throw new Error(`Error missing operator:${op}`);
         }
+        if (op === '$can') {
+            const subject = getSubject();
+            const valid = operators['$can'](subject ?? {}, _get(value, 'action'), _get(value, 'resource'));
+            return { valid, name: `${pathWithPrefix}___${name || op}` };
+        }
         const valid = operators[op] && operators[op](valueForKey, valueRef, opt, data);
         return { valid, name: `${pathWithPrefix}___${name || op}` };
     },
@@ -240,6 +328,11 @@ const rulesMatcherUtils = {
  * Defines a set of comparison operators used for matching rules against user input.
  */
 const operators = {
+    $can: (subject, action, resource) => getAbacEngine()?.decide({
+        subject: subject ?? {},
+        action,
+        resource
+    }) === 'Permit',
     $exists: (a, b) => !rulesMatcherUtils.isEmpty(a) === b,
     $eq: (a, b) => a === b,
     $ne: (a, b) => a !== b,
@@ -302,9 +395,6 @@ const flattenRules = (ob) => {
     }
     return result;
 };
-const getRulesExists = (rules) => {
-    return Object.keys(rules).length ? FlowUtils.mapEdge(rules) : undefined;
-};
 const FlowUtils = {
     generateRulesName: (nextRules) => {
         return nextRules.reduce((acc, inc) => {
@@ -361,23 +451,6 @@ const FlowUtils = {
         return res;
     },
     makeRules: (rules) => Object.entries(rules).reduce((acc2, [k, v]) => [...acc2, { nodeId: k, rules: v }], []),
-    // TODO: This function is strictly related to React nodes, could make sense to move it in the flower-react folder
-    generateNodesForFlowerJson: (nodes) => nodes
-        .filter((e) => !!_get(e, 'props.id'))
-        .map((e) => {
-        const rules = FlowUtils.makeRules(e.props.to ?? {});
-        const nextRules = getRulesExists(rules);
-        const children = e.props.data?.children;
-        return {
-            nodeId: e.props.id,
-            nodeType: e.type.displayName || e.props.as || 'FlowerNode',
-            nodeTitle: _get(e.props, 'data.title'),
-            children,
-            nextRules,
-            retain: e.props.retain,
-            disabled: e.props.disabled
-        };
-    }),
     allEqual: (arr, arr2) => arr.length === arr2.length && arr.every((v) => arr2.includes(v)),
     findValidRule: (nextRules, value, prefix) => find(nextRules, (rule) => {
         // fix per evitare di entrare in un nodo senza regole, ma con un name,
@@ -648,7 +721,7 @@ const FlowerCoreBaseReducers = {
             payload: { name: flowName, node: nextNumberNode }
         });
     },
-    prev: (state, { payload }) => {
+    back: (state, { payload }) => {
         const { name, flowName } = payload;
         FlowerCoreBaseReducers.historyPop(state, {
             type: 'historyPop',
@@ -841,4 +914,4 @@ const FlowerCoreStateSelectors = {
     ...FlowerCoreStateDataSelectors
 };
 
-export { CoreUtils, DataUtils, Emitter, FlowUtils, FlowerCoreBaseReducers, FlowerCoreDataReducers, FlowerCoreReducers, FlowerCoreStateBaseSelectors, FlowerCoreStateDataSelectors, FlowerCoreStateSelectors, FlowerStateUtils, REDUCER_NAME, devtoolState, flattenRules, generateData, rulesMatcher, rulesMatcherUtils };
+export { AbacEngine, CoreUtils, DataUtils, Emitter, FlowUtils, FlowerCoreBaseReducers, FlowerCoreDataReducers, FlowerCoreReducers, FlowerCoreStateBaseSelectors, FlowerCoreStateDataSelectors, FlowerCoreStateSelectors, FlowerStateUtils, REDUCER_NAME, clearSubject, devtoolState, flattenRules, generateData, getAbacEngine, getRawRules, getSubject, initAbac, isAbacInitialized, rulesMatcher, rulesMatcherUtils, setSubject };

package/dist/src/ABAC/abacEngine.d.ts

@@ -0,0 +1,32 @@
+export type Action = string;
+export type Subject = Record<string, any>;
+export type Resource = Record<string, any>;
+export type Environment = Record<string, any>;
+export type AbacCtx = {
+    subject: Subject;
+    resource?: Resource;
+    action: Action;
+    environment?: Environment;
+};
+export type RuleInput = {
+    id: string;
+    description?: string;
+    effect: 'Permit' | 'Deny';
+    priority?: number;
+    action?: string | string[];
+    /**
+     * condition: string JS expression that returns boolean.
+     * It can reference `subject`, `resource`, `action`, `environment`.
+     * Example: "action === 'read' && (!resource.confidential || resource.ownerID === subject.id)"
+     */
+    condition?: string;
+};
+export type CompiledRule = RuleInput & {
+    conditionFn?: (subject: Subject, resource?: Resource, action?: Action, environment?: Environment) => boolean;
+};
+export declare class AbacEngine {
+    private rules;
+    constructor(rules?: RuleInput[]);
+    decide(ctx: AbacCtx): 'Permit' | 'Deny';
+    allowedActions(ctxBase: Omit<AbacCtx, 'action'>, actions: Action[]): string[];
+}

package/dist/src/ABAC/abacSingleton.d.ts

@@ -0,0 +1,8 @@
+import { AbacEngine, RuleInput, Subject } from './abacEngine';
+export declare function initAbac(rules: RuleInput[]): void;
+export declare function getAbacEngine(): AbacEngine | null;
+export declare function getRawRules(): RuleInput[] | null;
+export declare function isAbacInitialized(): boolean;
+export declare function setSubject(subject: Subject): void;
+export declare function getSubject(): Subject | null;
+export declare function clearSubject(): void;

package/dist/src/ABAC/index.d.ts

@@ -0,0 +1,2 @@
+export * from './abacEngine';
+export * from './abacSingleton';

package/dist/src/index.d.ts

@@ -3,4 +3,5 @@ export * from './constants';
 export * from './utils';
 export * from './rules-matcher';
 export * from './state-manager';
+export * from './ABAC';
 export type * from './interfaces';

package/dist/src/interfaces/CoreInterface.d.ts

@@ -1,5 +1,6 @@
 export declare enum RulesOperators {
     $exists = "$exists",
+    $can = "$can",
     $eq = "$eq",
     $ne = "$ne",
     $gt = "$gt",
@@ -26,6 +27,15 @@ export type Edge<T = object> = {
         rules: RulesObject<T>;
     };
 };
+export type NodeConfig = {
+    nodeId: string | undefined;
+    nodeType: string;
+    nodeTitle: string;
+    children: Node['children'];
+    nextRules: ReturnType<MapEdge> | undefined;
+    retain: boolean;
+    disabled: boolean;
+};
 export type Node = {
     nodeId: string | undefined;
     nodeType: string;
@@ -93,22 +103,12 @@ export type MapEdge<K = RulesByNodeId<any>, T = K[]> = (nextNode: T) => Array<K>
 export type MakeRules<T extends Record<string, any> = {
     rules: RulesObject<any> | object;
 }> = (rules: T) => Array<RulesByNodeId<T>>;
-export type GetRulesExists = (rules: RulesByNodeId<any>[]) => ReturnType<MapEdge> | undefined;
-export type GenerateNodesForFlowerJson = (nodes: Node[], edges?: Edge[]) => {
-    nodeId: string | undefined;
-    nodeType: string;
-    nodeTitle: string;
-    children: Node['children'];
-    nextRules: ReturnType<GetRulesExists>;
-    retain: boolean;
-    disabled: boolean;
-}[];
 export type HasNode = (state: Record<string, any>, name: string, node: string) => boolean;
-export type MakeObjectRules = (nodes: Node[]) => {
+export type MakeObjectRules = (nodes: NodeConfig[]) => {
     [x: string]: Node['nextRules'];
 };
-export type GenerateNodes = (nodes: Node[]) => {
-    [x: string]: Omit<Node, 'nextRules'>;
+export type GenerateNodes = (nodes: NodeConfig[]) => {
+    [x: string]: Partial<Node>;
 };
 export type MapKeysDeepLodash = (obj: Record<string, any>, cb: (...args: any) => any, isRecursive?: boolean) => Record<string, any>;
 export type GenerateRulesName = (nextRules: RulesWithName[]) => {
@@ -176,13 +176,6 @@ export interface FlowUtilitiesFunctions {
      * @returns
      */
     makeRules: MakeRules;
-    /**
-     * Generates nodes for a flower JSON structure, extracting rules and other properties.
-     * @param nodes
-     *
-     * @returns
-     */
-    generateNodesForFlowerJson: GenerateNodesForFlowerJson;
     /**
      * Checks if two arrays are equal in length and have the same elements.
      * @param arr

package/dist/src/interfaces/ReducerInterface.d.ts

@@ -1,11 +1,11 @@
-import { Node } from './CoreInterface';
+import { NodeConfig } from './CoreInterface';
 import { Flower } from './Store';
 export type ActionWithPayload<T> = {
     type: string;
     payload: T;
 };
 type ReducerFunctionSign<T extends object, R> = (state: Record<string, Flower<T>>, action: ActionWithPayload<R>) => Record<string, Flower<T>> | void;
-export type CoreReducersFunctions<T extends Record<string, any> = Record<string, Flower<Record<string, any>>>> = {
+export type CoreReducersFunctions<T extends Record<string, any> = Record<FlowCaseReducersNames, Flower<Record<string, any>>>> = {
     /**
      * @param state
      * @param action
@@ -126,7 +126,7 @@ export type CoreReducersFunctions<T extends Record<string, any> = Record<string,
         name: string;
         startId: string;
         persist: boolean;
-        nodes: Node[];
+        nodes: NodeConfig[];
         initialState: {
             startId?: string;
             current?: string;
@@ -197,7 +197,7 @@ export type CoreReducersFunctions<T extends Record<string, any> = Record<string,
      *
      * @returns state
      */
-    prev: ReducerFunctionSign<T, {
+    back: ReducerFunctionSign<T, {
         name?: string;
         flowName?: string;
     }>;
@@ -235,10 +235,11 @@ export type CoreReducersFunctions<T extends Record<string, any> = Record<string,
      */
     >;
 };
+export type FlowCaseReducersNames = 'historyAdd' | 'historyPrevToNode' | 'forceAddHistory' | 'historyPop' | 'restoreHistory' | 'replaceNode' | 'forceResetHistory' | 'destroy' | 'initNodes' | 'setCurrentNode' | 'node' | 'prevToNode' | 'next' | 'back' | 'restart' | 'reset';
 type DataReducerFunctionSign<T extends object, R = object> = (state: Record<string, T>, action: ActionWithPayload<{
     rootName: string;
 } & R>) => Record<string, T> | void;
-export type DataReducersFunctions<T extends Record<string, any> = Record<string, Record<string, any>>> = {
+export type DataReducersFunctions<T extends Record<string, any> = Record<DataCaseReducersNames, Record<string, any>>> = {
     /**
      * @param state
      * @param action
@@ -403,4 +404,5 @@ export type DataReducersFunctions<T extends Record<string, any> = Record<string,
         initialData: Record<string, any>;
     }>;
 };
+export type DataCaseReducersNames = 'setFormSubmitted' | 'addCustomDataErrors' | 'addDataErrors' | 'fieldDirty' | 'fieldTouch' | 'fieldFocus' | 'removeDataErrors' | 'addData' | 'addDataByPath' | 'replaceData' | 'unsetData' | 'setIsDataValidating' | 'resetData' | 'initData';
 export {};

package/dist/src/interfaces/RulesMatcherInterface.d.ts

@@ -161,7 +161,18 @@ export interface RulesMatcherUtils {
     getKeys: <T extends Record<string, any>>(rules?: T, options?: Record<string, any>) => string[] | null;
 }
 export type OperatorsFunction = (a: any, b: any, opt?: any, data?: any) => boolean;
+export type DecisionFunction = (subject: Record<string, any>, action: string, resource: Record<string, any>) => boolean;
 export type Operators = {
+    /**
+     * @param subject
+     * @param action
+     * @param resource
+     *
+     * Checks if a operation is denied or permitted based on ABAC rules.
+     *
+     * @returns
+     */
+    $can: DecisionFunction;
     /**
      * @param a
      * @param b

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@flowerforce/flower-core",
-  "version": "4.0.1-beta.1",
+  "version": "4.0.1-beta.10",
   "description": "Core functions for flowerJS",
   "repository": {
     "type": "git",