@holoyan/adonisjs-permissions 0.1.0 → 0.5.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +160 -59
- package/build/index.d.ts +10 -4
- package/build/index.js +10 -5
- package/build/providers/role_permission_provider.d.ts +3 -0
- package/build/providers/role_permission_provider.js +21 -0
- package/build/src/acl.d.ts +10 -5
- package/build/src/acl.js +17 -9
- package/build/src/decorators.js +1 -0
- package/build/src/mixins/has_permissions.d.ts +58 -26
- package/build/src/mixins/has_permissions.js +123 -18
- package/build/src/model_manager.d.ts +7 -0
- package/build/src/model_manager.js +15 -0
- package/build/src/models/permission.d.ts +4 -4
- package/build/src/models/permission.js +2 -7
- package/build/src/models/role.d.ts +1 -1
- package/build/src/models/role.js +2 -7
- package/build/src/morph_map.d.ts +5 -2
- package/build/src/morph_map.js +16 -9
- package/build/src/services/helper.d.ts +2 -3
- package/build/src/services/helper.js +1 -7
- package/build/src/services/model_has_role_permissions.d.ts +41 -39
- package/build/src/services/model_has_role_permissions.js +92 -111
- package/build/src/services/model_service.d.ts +15 -6
- package/build/src/services/model_service.js +39 -14
- package/build/src/services/permissions/empty_permission.d.ts +8 -0
- package/build/src/services/permissions/empty_permission.js +17 -0
- package/build/src/services/permissions/permission_has_model_roles.d.ts +12 -8
- package/build/src/services/permissions/permission_has_model_roles.js +28 -19
- package/build/src/services/permissions/permissions_service.d.ts +42 -30
- package/build/src/services/permissions/permissions_service.js +198 -155
- package/build/src/services/query_helper.d.ts +7 -0
- package/build/src/services/query_helper.js +12 -0
- package/build/src/services/roles/empty_roles.d.ts +8 -0
- package/build/src/services/roles/empty_roles.js +17 -0
- package/build/src/services/roles/role_has_model_permissions.d.ts +32 -33
- package/build/src/services/roles/role_has_model_permissions.js +64 -78
- package/build/src/services/roles/roles_service.d.ts +20 -9
- package/build/src/services/roles/roles_service.js +90 -34
- package/build/src/types.d.ts +65 -5
- package/build/stubs/configs/permissions.stub +1 -1
- package/build/stubs/migrations/create_db.stub +8 -8
- package/package.json +3 -1
- package/build/src/mixins/has_role_permissions.d.ts +0 -128
- package/build/src/mixins/has_role_permissions.js +0 -10
- package/build/src/mixins/has_roles.d.ts +0 -1
- package/build/src/mixins/has_roles.js +0 -47
|
@@ -1,234 +1,270 @@
|
|
|
1
|
-
import ModelPermission from '../../models/model_permission.js';
|
|
2
|
-
import ModelRole from '../../models/model_role.js';
|
|
3
|
-
import Permission from '../../models/permission.js';
|
|
4
|
-
import Role from '../../models/role.js';
|
|
5
1
|
import BaseService from '../base_service.js';
|
|
6
|
-
import {
|
|
2
|
+
import { getModelPermissionModelQuery, getPermissionModelQuery } from '../query_helper.js';
|
|
7
3
|
export default class PermissionsService extends BaseService {
|
|
4
|
+
permissionClassName;
|
|
5
|
+
roleClassName;
|
|
6
|
+
modelPermissionClassName;
|
|
7
|
+
modelRoleClassName;
|
|
8
|
+
map;
|
|
9
|
+
permissionQuery;
|
|
10
|
+
permissionTable;
|
|
11
|
+
// private roleQuery
|
|
12
|
+
// private readonly roleTable
|
|
13
|
+
modelPermissionQuery;
|
|
14
|
+
modelPermissionTable;
|
|
15
|
+
// private modelRoleQuery
|
|
16
|
+
modelRoleTable;
|
|
17
|
+
constructor(permissionClassName, roleClassName, modelPermissionClassName, modelRoleClassName, map) {
|
|
18
|
+
super();
|
|
19
|
+
this.permissionClassName = permissionClassName;
|
|
20
|
+
this.roleClassName = roleClassName;
|
|
21
|
+
this.modelPermissionClassName = modelPermissionClassName;
|
|
22
|
+
this.modelRoleClassName = modelRoleClassName;
|
|
23
|
+
this.map = map;
|
|
24
|
+
this.permissionQuery = getPermissionModelQuery(this.permissionClassName);
|
|
25
|
+
this.permissionTable = this.permissionClassName.table;
|
|
26
|
+
// this.roleQuery = getRoleModelQuery(this.roleClassName)
|
|
27
|
+
// this.roleTable = this.roleClassName.table
|
|
28
|
+
this.modelPermissionQuery = getModelPermissionModelQuery(this.modelPermissionClassName);
|
|
29
|
+
this.modelPermissionTable = this.modelPermissionClassName.table;
|
|
30
|
+
// this.modelRoleQuery = getModelRoleModelQuery(this.modelRoleClassName)
|
|
31
|
+
this.modelRoleTable = this.modelRoleClassName.table;
|
|
32
|
+
}
|
|
8
33
|
/**
|
|
9
|
-
* return all permissions, including
|
|
34
|
+
* return all permissions, including forbidden
|
|
10
35
|
*/
|
|
11
|
-
async all(modelType, modelId,
|
|
12
|
-
|
|
13
|
-
return this.modelPermissionQuery({
|
|
36
|
+
async all(modelType, modelId, includeForbiddings = false) {
|
|
37
|
+
return this.modelPermissionQueryBuilder({
|
|
14
38
|
modelType,
|
|
15
39
|
modelId,
|
|
16
|
-
directPermissions: map.getAlias(
|
|
17
|
-
|
|
40
|
+
directPermissions: this.map.getAlias(this.roleClassName) === modelType,
|
|
41
|
+
includeForbiddings,
|
|
18
42
|
})
|
|
19
|
-
.
|
|
20
|
-
.select(
|
|
43
|
+
.distinct(this.permissionTable + '.id')
|
|
44
|
+
.select(this.permissionTable + '.*');
|
|
21
45
|
}
|
|
22
46
|
/**
|
|
23
47
|
* return only global assigned permissions, through role or direct
|
|
24
48
|
*/
|
|
25
|
-
async global(modelType, modelId,
|
|
26
|
-
|
|
27
|
-
return this.modelPermissionQuery({
|
|
49
|
+
async global(modelType, modelId, includeForbiddings = false) {
|
|
50
|
+
return this.modelPermissionQueryBuilder({
|
|
28
51
|
modelType,
|
|
29
52
|
modelId,
|
|
30
|
-
directPermissions: map.getAlias(
|
|
31
|
-
|
|
53
|
+
directPermissions: this.map.getAlias(this.roleClassName) === modelType,
|
|
54
|
+
includeForbiddings,
|
|
32
55
|
})
|
|
33
|
-
.where(
|
|
34
|
-
.whereNull(
|
|
35
|
-
.
|
|
36
|
-
.select(
|
|
56
|
+
.where(this.permissionTable + '.entity_type', '*')
|
|
57
|
+
.whereNull(this.permissionTable + '.entity_id')
|
|
58
|
+
.distinct(this.permissionTable + '.id')
|
|
59
|
+
.select(this.permissionTable + '.*');
|
|
37
60
|
}
|
|
38
61
|
/**
|
|
39
62
|
* get all permissions which is assigned to concrete resource
|
|
40
63
|
*/
|
|
41
|
-
async onResource(modelType, modelId,
|
|
42
|
-
|
|
43
|
-
return this.modelPermissionQuery({
|
|
64
|
+
async onResource(modelType, modelId, includeForbiddings = false) {
|
|
65
|
+
return this.modelPermissionQueryBuilder({
|
|
44
66
|
modelType,
|
|
45
67
|
modelId,
|
|
46
|
-
directPermissions: map.getAlias(
|
|
47
|
-
|
|
68
|
+
directPermissions: this.map.getAlias(this.roleClassName) === modelType,
|
|
69
|
+
includeForbiddings,
|
|
48
70
|
})
|
|
49
|
-
.where(
|
|
50
|
-
.
|
|
51
|
-
.select(
|
|
71
|
+
.where(this.permissionTable + '.entity_type', '!=', '*')
|
|
72
|
+
.distinct(this.permissionTable + '.id')
|
|
73
|
+
.select(this.permissionTable + '.*');
|
|
52
74
|
}
|
|
53
75
|
/**
|
|
54
76
|
* all direct permissions
|
|
55
77
|
*/
|
|
56
|
-
direct(modelType, modelId,
|
|
57
|
-
return this.
|
|
78
|
+
direct(modelType, modelId, includeForbiddings = false) {
|
|
79
|
+
return this.modelPermissionQueryBuilder({
|
|
58
80
|
modelType,
|
|
59
81
|
modelId,
|
|
60
82
|
directPermissions: true,
|
|
61
|
-
|
|
83
|
+
includeForbiddings,
|
|
62
84
|
})
|
|
63
|
-
.
|
|
64
|
-
.select(
|
|
85
|
+
.distinct(this.permissionTable + '.id')
|
|
86
|
+
.select(this.permissionTable + '.*');
|
|
65
87
|
}
|
|
66
|
-
directGlobal(modelType, modelId,
|
|
67
|
-
return this.
|
|
88
|
+
directGlobal(modelType, modelId, includeForbiddings = false) {
|
|
89
|
+
return this.modelPermissionQueryBuilder({
|
|
68
90
|
modelType,
|
|
69
91
|
modelId,
|
|
70
92
|
directPermissions: true,
|
|
71
|
-
|
|
93
|
+
includeForbiddings,
|
|
72
94
|
})
|
|
73
|
-
.whereNull(
|
|
74
|
-
.
|
|
75
|
-
.select(
|
|
95
|
+
.whereNull(this.permissionTable + '.entity_id')
|
|
96
|
+
.distinct(this.permissionTable + '.id')
|
|
97
|
+
.select(this.permissionTable + '.*');
|
|
76
98
|
}
|
|
77
99
|
/**
|
|
78
100
|
* return direct and resource assigned permissions
|
|
79
101
|
*/
|
|
80
|
-
directResource(modelType, modelId,
|
|
81
|
-
return this.
|
|
102
|
+
directResource(modelType, modelId, includeForbiddings = false) {
|
|
103
|
+
return this.modelPermissionQueryBuilder({
|
|
82
104
|
modelType,
|
|
83
105
|
modelId,
|
|
84
106
|
directPermissions: true,
|
|
85
|
-
|
|
107
|
+
includeForbiddings,
|
|
86
108
|
})
|
|
87
|
-
.whereNotNull(
|
|
88
|
-
.
|
|
89
|
-
.select(
|
|
109
|
+
.whereNotNull(this.permissionTable + '.entity_id')
|
|
110
|
+
.distinct(this.permissionTable + '.id')
|
|
111
|
+
.select(this.permissionTable + '.*');
|
|
90
112
|
}
|
|
91
113
|
/**
|
|
92
114
|
* @param modelType
|
|
93
115
|
* @param modelId
|
|
94
|
-
* @param
|
|
116
|
+
* @param permissions
|
|
117
|
+
* @param entityType
|
|
118
|
+
* @param entityId
|
|
95
119
|
* @returns
|
|
96
120
|
*/
|
|
97
|
-
async hasAnyDirect(modelType, modelId,
|
|
98
|
-
const { slugs, ids } = this.formatList(
|
|
121
|
+
async hasAnyDirect(modelType, modelId, permissions, entityType, entityId) {
|
|
122
|
+
const { slugs, ids } = this.formatList(permissions);
|
|
99
123
|
const q = this.modelPermissionQueryWithForbiddenCheck({
|
|
100
124
|
modelType,
|
|
101
125
|
modelId,
|
|
102
126
|
directPermissions: true,
|
|
103
127
|
permissionSlugs: slugs,
|
|
104
128
|
permissionIds: ids,
|
|
129
|
+
entity: {
|
|
130
|
+
type: entityType,
|
|
131
|
+
id: entityId,
|
|
132
|
+
},
|
|
105
133
|
});
|
|
106
|
-
this.applyTargetRestriction(q, entityType, entityId);
|
|
107
|
-
const r = await q.
|
|
134
|
+
this.applyTargetRestriction(this.permissionTable, q, entityType, entityId);
|
|
135
|
+
const r = await q.distinct(this.permissionTable + '.id').select(this.permissionTable + '.id');
|
|
108
136
|
return r.length > 0;
|
|
109
137
|
}
|
|
110
|
-
async hasAllDirect(modelType, modelId,
|
|
111
|
-
const { slugs, ids } = this.formatList(
|
|
138
|
+
async hasAllDirect(modelType, modelId, permissions, entityType, entityId) {
|
|
139
|
+
const { slugs, ids } = this.formatList(permissions);
|
|
112
140
|
const q = this.modelPermissionQueryWithForbiddenCheck({
|
|
113
141
|
modelType,
|
|
114
142
|
modelId,
|
|
115
143
|
directPermissions: true,
|
|
116
144
|
permissionSlugs: slugs,
|
|
117
145
|
permissionIds: ids,
|
|
146
|
+
entity: {
|
|
147
|
+
type: entityType,
|
|
148
|
+
id: entityId,
|
|
149
|
+
},
|
|
118
150
|
});
|
|
119
|
-
this.applyTargetRestriction(q, entityType, entityId);
|
|
120
|
-
const r = await q.
|
|
121
|
-
return r.length >=
|
|
151
|
+
this.applyTargetRestriction(this.permissionTable, q, entityType, entityId);
|
|
152
|
+
const r = await q.distinct(this.permissionTable + '.id').select(this.permissionTable + '.id');
|
|
153
|
+
return r.length >= permissions.length;
|
|
122
154
|
}
|
|
123
155
|
/**
|
|
124
156
|
* has all permissions
|
|
125
157
|
*/
|
|
126
|
-
async hasAll(modelType, modelId,
|
|
127
|
-
const
|
|
128
|
-
const { slugs, ids } = this.formatList(permisisons);
|
|
158
|
+
async hasAll(modelType, modelId, permissions, entityType, entityId) {
|
|
159
|
+
const { slugs, ids } = this.formatList(permissions);
|
|
129
160
|
const q = this.modelPermissionQueryWithForbiddenCheck({
|
|
130
161
|
modelType,
|
|
131
162
|
modelId,
|
|
132
|
-
directPermissions: map.getAlias(
|
|
163
|
+
directPermissions: this.map.getAlias(this.roleClassName) === modelType,
|
|
133
164
|
permissionSlugs: slugs,
|
|
134
165
|
permissionIds: ids,
|
|
166
|
+
entity: {
|
|
167
|
+
type: entityType,
|
|
168
|
+
id: entityId,
|
|
169
|
+
},
|
|
135
170
|
});
|
|
136
|
-
this.applyTargetRestriction(q, entityType, entityId);
|
|
137
|
-
const r = await q.
|
|
138
|
-
return r.length >=
|
|
171
|
+
this.applyTargetRestriction(this.permissionTable, q, entityType, entityId);
|
|
172
|
+
const r = await q.distinct(this.permissionTable + '.id').select(this.permissionTable + '.id');
|
|
173
|
+
return r.length >= permissions.length;
|
|
139
174
|
}
|
|
140
175
|
/**
|
|
141
176
|
* has any of permissions
|
|
142
177
|
*/
|
|
143
|
-
async hasAny(modelType, modelId,
|
|
144
|
-
const
|
|
145
|
-
const { slugs, ids } = this.formatList(permisison);
|
|
178
|
+
async hasAny(modelType, modelId, permission, entityType, entityId) {
|
|
179
|
+
const { slugs, ids } = this.formatList(permission);
|
|
146
180
|
const q = this.modelPermissionQueryWithForbiddenCheck({
|
|
147
181
|
modelType,
|
|
148
182
|
modelId,
|
|
149
|
-
directPermissions: map.getAlias(
|
|
183
|
+
directPermissions: this.map.getAlias(this.roleClassName) === modelType,
|
|
150
184
|
permissionSlugs: slugs,
|
|
151
185
|
permissionIds: ids,
|
|
186
|
+
entity: {
|
|
187
|
+
type: entityType,
|
|
188
|
+
id: entityId,
|
|
189
|
+
},
|
|
152
190
|
});
|
|
153
|
-
this.applyTargetRestriction(q, entityType, entityId);
|
|
154
|
-
const r = await q.
|
|
191
|
+
this.applyTargetRestriction(this.permissionTable, q, entityType, entityId);
|
|
192
|
+
const r = await q.distinct(this.permissionTable + '.id').select(this.permissionTable + '.id');
|
|
155
193
|
return r.length > 0;
|
|
156
194
|
}
|
|
157
195
|
/**
|
|
158
196
|
* has all permissions
|
|
159
197
|
*/
|
|
160
|
-
async containsAll(modelType, modelId,
|
|
161
|
-
const
|
|
162
|
-
const
|
|
163
|
-
const q = this.modelPermissionQuery({
|
|
198
|
+
async containsAll(modelType, modelId, permission) {
|
|
199
|
+
const { slugs, ids } = this.formatList(permission);
|
|
200
|
+
const q = this.modelPermissionQueryBuilder({
|
|
164
201
|
modelType,
|
|
165
202
|
modelId,
|
|
166
|
-
directPermissions: map.getAlias(
|
|
203
|
+
directPermissions: this.map.getAlias(this.roleClassName) === modelType,
|
|
167
204
|
permissionSlugs: slugs,
|
|
168
205
|
permissionIds: ids,
|
|
169
|
-
}).
|
|
170
|
-
const r = await q.select(
|
|
171
|
-
return r.length >=
|
|
206
|
+
}).distinct(this.permissionTable + '.id');
|
|
207
|
+
const r = await q.select(this.permissionTable + '.id');
|
|
208
|
+
return r.length >= permission.length;
|
|
172
209
|
}
|
|
173
210
|
/**
|
|
174
211
|
* has any of permissions
|
|
175
212
|
*/
|
|
176
|
-
async containsAny(modelType, modelId,
|
|
177
|
-
const
|
|
178
|
-
const
|
|
179
|
-
const q = this.modelPermissionQuery({
|
|
213
|
+
async containsAny(modelType, modelId, permission) {
|
|
214
|
+
const { slugs, ids } = this.formatList(permission);
|
|
215
|
+
const q = this.modelPermissionQueryBuilder({
|
|
180
216
|
modelType,
|
|
181
217
|
modelId,
|
|
182
|
-
directPermissions: map.getAlias(
|
|
218
|
+
directPermissions: this.map.getAlias(this.roleClassName) === modelType,
|
|
183
219
|
permissionSlugs: slugs,
|
|
184
220
|
permissionIds: ids,
|
|
185
|
-
}).
|
|
186
|
-
const r = await q.select(
|
|
221
|
+
}).distinct(this.permissionTable + '.id');
|
|
222
|
+
const r = await q.select(this.permissionTable + '.id');
|
|
187
223
|
// @ts-ignore
|
|
188
224
|
return r.length > 0;
|
|
189
225
|
}
|
|
190
226
|
/**
|
|
191
227
|
* has all permissions
|
|
192
228
|
*/
|
|
193
|
-
async containsAllDirect(modelType, modelId,
|
|
194
|
-
const { slugs, ids } = this.formatList(
|
|
195
|
-
const q = this.
|
|
229
|
+
async containsAllDirect(modelType, modelId, permission) {
|
|
230
|
+
const { slugs, ids } = this.formatList(permission);
|
|
231
|
+
const q = this.modelPermissionQueryBuilder({
|
|
196
232
|
modelType,
|
|
197
233
|
modelId,
|
|
198
234
|
directPermissions: true,
|
|
199
235
|
permissionSlugs: slugs,
|
|
200
236
|
permissionIds: ids,
|
|
201
|
-
}).
|
|
202
|
-
const r = await q.select(
|
|
203
|
-
return r.length >=
|
|
237
|
+
}).distinct(this.permissionTable + '.id');
|
|
238
|
+
const r = await q.select(this.permissionTable + '.id');
|
|
239
|
+
return r.length >= permission.length;
|
|
204
240
|
}
|
|
205
241
|
/**
|
|
206
242
|
* has any of permissions
|
|
207
243
|
*/
|
|
208
|
-
async containsAnyDirect(modelType, modelId,
|
|
209
|
-
const { slugs, ids } = this.formatList(
|
|
210
|
-
const q = this.
|
|
244
|
+
async containsAnyDirect(modelType, modelId, permission) {
|
|
245
|
+
const { slugs, ids } = this.formatList(permission);
|
|
246
|
+
const q = this.modelPermissionQueryBuilder({
|
|
211
247
|
modelType,
|
|
212
248
|
modelId,
|
|
213
249
|
directPermissions: true,
|
|
214
250
|
permissionSlugs: slugs,
|
|
215
251
|
permissionIds: ids,
|
|
216
|
-
}).
|
|
217
|
-
const r = await q.select(
|
|
252
|
+
}).distinct(this.permissionTable + '.id');
|
|
253
|
+
const r = await q.select(this.permissionTable + '.id');
|
|
218
254
|
// @ts-ignore
|
|
219
255
|
return r.length > 0;
|
|
220
256
|
}
|
|
221
257
|
/**
|
|
222
258
|
* check if permission is forbidden, if there is same permission with allowed=false then return true;
|
|
223
259
|
*/
|
|
224
|
-
forbidden(modelType, modelId,
|
|
225
|
-
return !this.hasAny(modelType, modelId, [
|
|
260
|
+
forbidden(modelType, modelId, permission, entityType, entityId) {
|
|
261
|
+
return !this.hasAny(modelType, modelId, [permission], entityType, entityId);
|
|
226
262
|
}
|
|
227
263
|
/**
|
|
228
264
|
* give permission to model
|
|
229
265
|
*/
|
|
230
266
|
async giveAll(modelType, modelId, slugs, entityType, entityId, allowed) {
|
|
231
|
-
// if entityType is not null then we need to
|
|
267
|
+
// if entityType is not null then we need to assign permission for specific entity
|
|
232
268
|
let permissions = await this.findAssignableEntity(slugs, entityType, entityId, allowed);
|
|
233
269
|
//if no permissions then we will create permission for this specific entity
|
|
234
270
|
let createManyData = [];
|
|
@@ -239,7 +275,7 @@ export default class PermissionsService extends BaseService {
|
|
|
239
275
|
createManyData.push({
|
|
240
276
|
slug,
|
|
241
277
|
title: slug,
|
|
242
|
-
entityType,
|
|
278
|
+
entityType: entityType || '*',
|
|
243
279
|
entityId,
|
|
244
280
|
allowed,
|
|
245
281
|
});
|
|
@@ -249,44 +285,56 @@ export default class PermissionsService extends BaseService {
|
|
|
249
285
|
}
|
|
250
286
|
}
|
|
251
287
|
if (createManyData.length) {
|
|
252
|
-
const newPermissions = await
|
|
288
|
+
const newPermissions = (await this.permissionClassName.createMany(createManyData));
|
|
253
289
|
newPermissions.map((i) => permissionIds.push(i.id));
|
|
254
290
|
}
|
|
291
|
+
// first check if there are assigned or not
|
|
292
|
+
const alreadyAssigned = await this.modelPermissionQuery
|
|
293
|
+
.whereIn('id', permissionIds)
|
|
294
|
+
.where('model_type', modelType)
|
|
295
|
+
.where('model_id', modelId)
|
|
296
|
+
.select('id');
|
|
297
|
+
const alreadyAssignedIds = alreadyAssigned.map((item) => item.id);
|
|
298
|
+
permissionIds = permissionIds.filter((item) => {
|
|
299
|
+
return !alreadyAssignedIds.includes(item);
|
|
300
|
+
});
|
|
255
301
|
let modelPermissionMany = permissionIds.map((i) => ({
|
|
256
302
|
modelType: modelType,
|
|
257
303
|
modelId: modelId,
|
|
258
304
|
permissionId: i,
|
|
259
305
|
}));
|
|
260
|
-
return
|
|
306
|
+
return this.modelPermissionClassName.createMany(modelPermissionMany);
|
|
261
307
|
}
|
|
262
308
|
revokeAll(modelType, modelId, permissions, entityType, entityId) {
|
|
263
|
-
const q =
|
|
264
|
-
.leftJoin(
|
|
309
|
+
const q = this.modelPermissionQuery
|
|
310
|
+
.leftJoin(this.permissionTable + ' as p', 'p.id', '=', this.modelPermissionTable + '.permission_id')
|
|
265
311
|
.whereIn('p.slug', permissions)
|
|
266
312
|
.where('p.allowed', true)
|
|
267
|
-
.where(
|
|
268
|
-
.where(
|
|
313
|
+
.where(this.modelPermissionTable + '.model_type', modelType)
|
|
314
|
+
.where(this.modelPermissionTable + '.model_id', modelId);
|
|
269
315
|
if (entityType) {
|
|
270
316
|
q.where('p.entity_type', entityType);
|
|
271
317
|
if (entityId) {
|
|
272
318
|
q.where('p.entity_id', entityId);
|
|
273
319
|
}
|
|
274
320
|
}
|
|
275
|
-
return q;
|
|
321
|
+
return q.delete();
|
|
276
322
|
}
|
|
277
323
|
flush(modelType, modelId) {
|
|
278
|
-
return
|
|
279
|
-
.where(
|
|
280
|
-
.where(
|
|
324
|
+
return this.modelPermissionQuery
|
|
325
|
+
.where(this.modelPermissionTable + '.model_type', modelType)
|
|
326
|
+
.where(this.modelPermissionTable + '.model_id', modelId)
|
|
281
327
|
.delete();
|
|
282
328
|
}
|
|
283
329
|
/**
|
|
284
330
|
* sync permissions, remove everything outside of the list
|
|
285
331
|
*/
|
|
286
332
|
async sync(modelType, modelId, permissionId) {
|
|
287
|
-
await
|
|
288
|
-
|
|
289
|
-
|
|
333
|
+
await this.modelPermissionQuery
|
|
334
|
+
.where('model_type', modelType)
|
|
335
|
+
.where('model_id', modelId)
|
|
336
|
+
.delete();
|
|
337
|
+
return await this.giveAll(modelType, modelId, permissionId, null, null, true);
|
|
290
338
|
}
|
|
291
339
|
/**
|
|
292
340
|
* forbid permission on model
|
|
@@ -305,8 +353,8 @@ export default class PermissionsService extends BaseService {
|
|
|
305
353
|
*/
|
|
306
354
|
async unforbidAll(modelType, modelId, permissionsSlug, entityType, entityId) {
|
|
307
355
|
// todo replace using reverseModelPermissionQuery() method
|
|
308
|
-
const q =
|
|
309
|
-
.leftJoin(
|
|
356
|
+
const q = this.modelPermissionQuery
|
|
357
|
+
.leftJoin(this.permissionTable + ' as p', 'p.id', '=', this.modelPermissionTable + '.permission_id')
|
|
310
358
|
.where('model_type', modelType)
|
|
311
359
|
.where('model_id', modelId)
|
|
312
360
|
.whereIn('p.slug', permissionsSlug)
|
|
@@ -319,30 +367,22 @@ export default class PermissionsService extends BaseService {
|
|
|
319
367
|
}
|
|
320
368
|
return q.delete();
|
|
321
369
|
}
|
|
322
|
-
findBySlug(slug, allowed = true) {
|
|
323
|
-
return
|
|
370
|
+
async findBySlug(slug, allowed = true) {
|
|
371
|
+
return this.permissionQuery.where('slug', slug).where('allowed', allowed).firstOrFail();
|
|
324
372
|
}
|
|
325
373
|
modelPermissionQueryWithForbiddenCheck(conditions) {
|
|
326
|
-
|
|
327
|
-
|
|
328
|
-
subQuery
|
|
329
|
-
.from(Permission.table + ' as p2')
|
|
330
|
-
.join(ModelPermission.table + ' as mp2', 'mp2.permission_id', '=', 'p2.id')
|
|
331
|
-
.where('p2.allowed', false)
|
|
332
|
-
.whereRaw('p2.slug=' + Permission.table + '.slug')
|
|
333
|
-
.whereRaw('mp2.id=mp.id');
|
|
334
|
-
});
|
|
335
|
-
return q;
|
|
374
|
+
conditions.includeForbiddings = false;
|
|
375
|
+
return this.modelPermissionQueryBuilder(conditions);
|
|
336
376
|
}
|
|
337
|
-
|
|
338
|
-
const { modelId, modelType, permissionSlugs, directPermissions,
|
|
339
|
-
const q =
|
|
377
|
+
modelPermissionQueryBuilder(conditions) {
|
|
378
|
+
const { modelId, modelType, permissionSlugs, directPermissions, includeForbiddings } = conditions;
|
|
379
|
+
const q = this.permissionQuery.leftJoin(this.modelPermissionTable + ' as mp', 'mp.permission_id', '=', this.permissionTable + '.id');
|
|
340
380
|
if (modelId && modelType) {
|
|
341
381
|
if (directPermissions) {
|
|
342
382
|
q.where('mp.model_type', modelType).where('mp.model_id', modelId);
|
|
343
383
|
}
|
|
344
384
|
else {
|
|
345
|
-
q.
|
|
385
|
+
q.leftJoin(this.modelRoleTable + ' as mr', (joinQuery) => {
|
|
346
386
|
joinQuery.onVal('mr.model_type', modelType).onVal('mr.model_id', modelId);
|
|
347
387
|
}).where((subQuery) => {
|
|
348
388
|
subQuery
|
|
@@ -355,42 +395,46 @@ export default class PermissionsService extends BaseService {
|
|
|
355
395
|
});
|
|
356
396
|
}
|
|
357
397
|
}
|
|
358
|
-
if (!
|
|
398
|
+
if (!includeForbiddings) {
|
|
359
399
|
q.whereNotExists((subQuery) => {
|
|
360
400
|
subQuery
|
|
361
|
-
.from(
|
|
362
|
-
.
|
|
401
|
+
.from(this.permissionTable + ' as p2')
|
|
402
|
+
.leftJoin(this.modelPermissionTable + ' as mp2', 'mp2.permission_id', '=', 'p2.id')
|
|
363
403
|
.where('p2.allowed', false)
|
|
364
|
-
.whereRaw('p2.slug=' +
|
|
365
|
-
.
|
|
404
|
+
.whereRaw('p2.slug=' + this.permissionTable + '.slug')
|
|
405
|
+
.select('p2.slug')
|
|
406
|
+
.groupBy('p2.slug');
|
|
407
|
+
if (conditions.entity) {
|
|
408
|
+
this.applyTargetRestriction('p2', subQuery, conditions.entity.type, conditions.entity.id);
|
|
409
|
+
}
|
|
366
410
|
});
|
|
367
411
|
}
|
|
368
412
|
if (permissionSlugs) {
|
|
369
|
-
q.whereIn(
|
|
413
|
+
q.whereIn(this.permissionTable + '.slug', permissionSlugs);
|
|
370
414
|
}
|
|
371
415
|
return q;
|
|
372
416
|
}
|
|
373
417
|
reverseModelPermissionQuery(conditions) {
|
|
374
418
|
const { modelId, modelType, permissionSlugs, directPermissions } = conditions;
|
|
375
|
-
const q =
|
|
419
|
+
const q = this.modelPermissionQuery.leftJoin(this.permissionTable + ' as p', 'p.id', '=', this.modelPermissionTable + '.permission_id');
|
|
376
420
|
if (modelId && modelType) {
|
|
377
421
|
if (directPermissions) {
|
|
378
|
-
q.where(
|
|
422
|
+
q.where(this.modelPermissionTable + '.model_type', modelType).where(this.modelPermissionTable + '.model_id', modelId);
|
|
379
423
|
}
|
|
380
424
|
else {
|
|
381
|
-
q.join(
|
|
425
|
+
q.join(this.modelRoleTable + ' as mr', (joinQuery) => {
|
|
382
426
|
joinQuery.onVal('mr.model_type', modelType).andOnVal('mr.model_id', modelId);
|
|
383
427
|
}).where((subQuery) => {
|
|
384
428
|
subQuery
|
|
385
429
|
.where((query) => {
|
|
386
430
|
query
|
|
387
|
-
.where(
|
|
388
|
-
.where(
|
|
431
|
+
.where(this.modelPermissionTable + '.model_type', modelType)
|
|
432
|
+
.where(this.modelPermissionTable + '.model_id', modelId);
|
|
389
433
|
})
|
|
390
434
|
.orWhere((query) => {
|
|
391
435
|
query
|
|
392
|
-
.whereRaw('mr.role_id=' +
|
|
393
|
-
.where(
|
|
436
|
+
.whereRaw('mr.role_id=' + this.modelPermissionTable + '.model_id')
|
|
437
|
+
.where(this.modelPermissionTable + '.model_type', 'roles');
|
|
394
438
|
});
|
|
395
439
|
});
|
|
396
440
|
}
|
|
@@ -400,8 +444,8 @@ export default class PermissionsService extends BaseService {
|
|
|
400
444
|
}
|
|
401
445
|
return q;
|
|
402
446
|
}
|
|
403
|
-
findAssignableEntity(
|
|
404
|
-
const q =
|
|
447
|
+
findAssignableEntity(permission, entityClass, entityId, allowed) {
|
|
448
|
+
const q = this.permissionQuery.whereIn('slug', permission).where('allowed', allowed);
|
|
405
449
|
if (entityClass) {
|
|
406
450
|
q.where('entity_type', entityClass);
|
|
407
451
|
if (entityId) {
|
|
@@ -412,27 +456,26 @@ export default class PermissionsService extends BaseService {
|
|
|
412
456
|
}
|
|
413
457
|
}
|
|
414
458
|
else {
|
|
415
|
-
q.
|
|
459
|
+
q.where('entity_type', '*').whereNull('entity_id');
|
|
416
460
|
}
|
|
417
461
|
return q;
|
|
418
462
|
}
|
|
419
|
-
applyTargetRestriction(q, entityType, entityId) {
|
|
463
|
+
applyTargetRestriction(table, q, entityType, entityId) {
|
|
420
464
|
if (entityType) {
|
|
421
465
|
q.where((query) => {
|
|
422
|
-
query
|
|
423
|
-
.where(Permission.table + '.entity_type', entityType)
|
|
424
|
-
.orWhereNull(Permission.table + '.entity_type');
|
|
466
|
+
query.where(table + '.entity_type', entityType).orWhere(table + '.entity_type', '*');
|
|
425
467
|
});
|
|
426
468
|
if (entityId) {
|
|
427
469
|
q.where((query) => {
|
|
428
|
-
query
|
|
429
|
-
.where(Permission.table + '.entity_id', entityId)
|
|
430
|
-
.orWhereNull(Permission.table + '.entity_id');
|
|
470
|
+
query.where(table + '.entity_id', entityId).orWhereNull(table + '.entity_id');
|
|
431
471
|
});
|
|
432
472
|
}
|
|
473
|
+
else {
|
|
474
|
+
q.whereNull(table + '.entity_id');
|
|
475
|
+
}
|
|
433
476
|
}
|
|
434
477
|
else {
|
|
435
|
-
q.
|
|
478
|
+
q.where(table + '.entity_type', '*').whereNull(table + '.entity_id');
|
|
436
479
|
}
|
|
437
480
|
}
|
|
438
481
|
}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
import { LucidModel, ModelQueryBuilderContract } from '@adonisjs/lucid/types/model';
|
|
2
|
+
import { BaseModel } from '@adonisjs/lucid/orm';
|
|
3
|
+
import { ModelPermissionModel, ModelRoleModel, PermissionModel, RoleModel } from '../types.js';
|
|
4
|
+
export declare function getPermissionModelQuery<T extends LucidModel>(permissionClassName: typeof BaseModel): ModelQueryBuilderContract<T, PermissionModel<T>>;
|
|
5
|
+
export declare function getRoleModelQuery<T extends LucidModel>(permissionClassName: typeof BaseModel): ModelQueryBuilderContract<T, RoleModel<T>>;
|
|
6
|
+
export declare function getModelPermissionModelQuery<T extends LucidModel>(permissionClassName: typeof BaseModel): ModelQueryBuilderContract<T, ModelPermissionModel<T>>;
|
|
7
|
+
export declare function getModelRoleModelQuery<T extends LucidModel>(permissionClassName: typeof BaseModel): ModelQueryBuilderContract<T, ModelRoleModel<T>>;
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
export function getPermissionModelQuery(permissionClassName) {
|
|
2
|
+
return permissionClassName.query();
|
|
3
|
+
}
|
|
4
|
+
export function getRoleModelQuery(permissionClassName) {
|
|
5
|
+
return permissionClassName.query();
|
|
6
|
+
}
|
|
7
|
+
export function getModelPermissionModelQuery(permissionClassName) {
|
|
8
|
+
return permissionClassName.query();
|
|
9
|
+
}
|
|
10
|
+
export function getModelRoleModelQuery(permissionClassName) {
|
|
11
|
+
return permissionClassName.query();
|
|
12
|
+
}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
import { BaseModel } from '@adonisjs/lucid/orm';
|
|
2
|
+
export default class EmptyRoles {
|
|
3
|
+
private roleClassName;
|
|
4
|
+
private roleQuery;
|
|
5
|
+
constructor(roleClassName: typeof BaseModel);
|
|
6
|
+
delete(role: string): import("@adonisjs/lucid/types/model").ModelQueryBuilderContract<import("@adonisjs/lucid/types/model").LucidModel, any>;
|
|
7
|
+
query(): import("@adonisjs/lucid/types/model").ModelQueryBuilderContract<import("@adonisjs/lucid/types/model").LucidModel, import("../../types.js").RoleModel<import("@adonisjs/lucid/types/model").LucidModel>>;
|
|
8
|
+
}
|