@holoyan/adonisjs-permissions 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE.md +9 -0
- package/README.md +661 -0
- package/build/configure.d.ts +2 -0
- package/build/configure.js +33 -0
- package/build/index.d.ts +8 -0
- package/build/index.js +17 -0
- package/build/providers/role_permission_provider.d.ts +12 -0
- package/build/providers/role_permission_provider.js +12 -0
- package/build/src/acl.d.ts +11 -0
- package/build/src/acl.js +29 -0
- package/build/src/decorators.d.ts +4 -0
- package/build/src/decorators.js +18 -0
- package/build/src/mixins/has_permissions.d.ts +133 -0
- package/build/src/mixins/has_permissions.js +19 -0
- package/build/src/mixins/has_role_permissions.d.ts +128 -0
- package/build/src/mixins/has_role_permissions.js +10 -0
- package/build/src/mixins/has_roles.d.ts +1 -0
- package/build/src/mixins/has_roles.js +47 -0
- package/build/src/models/model_permission.d.ts +12 -0
- package/build/src/models/model_permission.js +35 -0
- package/build/src/models/model_role.d.ts +11 -0
- package/build/src/models/model_role.js +31 -0
- package/build/src/models/permission.d.ts +16 -0
- package/build/src/models/permission.js +48 -0
- package/build/src/models/role.d.ts +16 -0
- package/build/src/models/role.js +48 -0
- package/build/src/morph_map.d.ts +8 -0
- package/build/src/morph_map.js +33 -0
- package/build/src/services/base_service.d.ts +14 -0
- package/build/src/services/base_service.js +12 -0
- package/build/src/services/helper.d.ts +21 -0
- package/build/src/services/helper.js +69 -0
- package/build/src/services/model_has_role_permissions.d.ts +48 -0
- package/build/src/services/model_has_role_permissions.js +172 -0
- package/build/src/services/model_service.d.ts +8 -0
- package/build/src/services/model_service.js +31 -0
- package/build/src/services/permissions/permission_has_model_roles.d.ts +20 -0
- package/build/src/services/permissions/permission_has_model_roles.js +67 -0
- package/build/src/services/permissions/permissions_service.d.ts +92 -0
- package/build/src/services/permissions/permissions_service.js +438 -0
- package/build/src/services/roles/role_has_model_permissions.d.ts +66 -0
- package/build/src/services/roles/role_has_model_permissions.js +152 -0
- package/build/src/services/roles/roles_service.d.ts +16 -0
- package/build/src/services/roles/roles_service.js +89 -0
- package/build/src/types.d.ts +21 -0
- package/build/src/types.js +1 -0
- package/build/stubs/configs/permissions.stub +20 -0
- package/build/stubs/main.d.ts +5 -0
- package/build/stubs/main.js +7 -0
- package/build/stubs/migrations/create_db.stub +97 -0
- package/package.json +95 -0
|
@@ -0,0 +1,92 @@
|
|
|
1
|
+
import { ModelQueryBuilderContract } from '@adonisjs/lucid/types/model';
|
|
2
|
+
import ModelPermission from '../../models/model_permission.js';
|
|
3
|
+
import Permission from '../../models/permission.js';
|
|
4
|
+
import { ModelPermissionsQuery } from '../../types.js';
|
|
5
|
+
import BaseService from '../base_service.js';
|
|
6
|
+
export default class PermissionsService extends BaseService {
|
|
7
|
+
/**
|
|
8
|
+
* return all permissions, including fodbidden
|
|
9
|
+
*/
|
|
10
|
+
all(modelType: string, modelId: number, includeForbiddens?: boolean): Promise<Permission[]>;
|
|
11
|
+
/**
|
|
12
|
+
* return only global assigned permissions, through role or direct
|
|
13
|
+
*/
|
|
14
|
+
global(modelType: string, modelId: number, includeForbiddens?: boolean): Promise<Permission[]>;
|
|
15
|
+
/**
|
|
16
|
+
* get all permissions which is assigned to concrete resource
|
|
17
|
+
*/
|
|
18
|
+
onResource(modelType: string, modelId: number, includeForbiddens?: boolean): Promise<Permission[]>;
|
|
19
|
+
/**
|
|
20
|
+
* all direct permissions
|
|
21
|
+
*/
|
|
22
|
+
direct(modelType: string, modelId: number, includeForbiddens?: boolean): ModelQueryBuilderContract<typeof Permission, Permission>;
|
|
23
|
+
directGlobal(modelType: string, modelId: number, includeForbiddens?: boolean): ModelQueryBuilderContract<typeof Permission, Permission>;
|
|
24
|
+
/**
|
|
25
|
+
* return direct and resource assigned permissions
|
|
26
|
+
*/
|
|
27
|
+
directResource(modelType: string, modelId: number, includeForbiddens?: boolean): ModelQueryBuilderContract<typeof Permission, Permission>;
|
|
28
|
+
/**
|
|
29
|
+
* @param modelType
|
|
30
|
+
* @param modelId
|
|
31
|
+
* @param permisison
|
|
32
|
+
* @returns
|
|
33
|
+
*/
|
|
34
|
+
hasAnyDirect(modelType: string, modelId: number, permisisons: (string | Permission)[], entityType: string | null, entityId: number | null): Promise<boolean>;
|
|
35
|
+
hasAllDirect(modelType: string, modelId: number, permisisons: (string | Permission)[], entityType: string | null, entityId: number | null): Promise<boolean>;
|
|
36
|
+
/**
|
|
37
|
+
* has all permissions
|
|
38
|
+
*/
|
|
39
|
+
hasAll(modelType: string, modelId: number, permisisons: (string | Permission)[], entityType: string | null, entityId: number | null): Promise<boolean>;
|
|
40
|
+
/**
|
|
41
|
+
* has any of permissions
|
|
42
|
+
*/
|
|
43
|
+
hasAny(modelType: string, modelId: number, permisison: (string | Permission)[], entityType: string | null, entityId: number | null): Promise<boolean>;
|
|
44
|
+
/**
|
|
45
|
+
* has all permissions
|
|
46
|
+
*/
|
|
47
|
+
containsAll(modelType: string, modelId: number, permisison: (string | Permission)[]): Promise<boolean>;
|
|
48
|
+
/**
|
|
49
|
+
* has any of permissions
|
|
50
|
+
*/
|
|
51
|
+
containsAny(modelType: string, modelId: number, permisison: (string | Permission)[]): Promise<boolean>;
|
|
52
|
+
/**
|
|
53
|
+
* has all permissions
|
|
54
|
+
*/
|
|
55
|
+
containsAllDirect(modelType: string, modelId: number, permisison: (string | Permission)[]): Promise<boolean>;
|
|
56
|
+
/**
|
|
57
|
+
* has any of permissions
|
|
58
|
+
*/
|
|
59
|
+
containsAnyDirect(modelType: string, modelId: number, permisison: (string | Permission)[]): Promise<boolean>;
|
|
60
|
+
/**
|
|
61
|
+
* check if permission is forbidden, if there is same permission with allowed=false then return true;
|
|
62
|
+
*/
|
|
63
|
+
forbidden(modelType: string, modelId: number, permisison: string | Permission, entityType: string | null, entityId: number | null): boolean;
|
|
64
|
+
/**
|
|
65
|
+
* give permission to model
|
|
66
|
+
*/
|
|
67
|
+
giveAll(modelType: string, modelId: number, slugs: string[], entityType: string | null, entityId: number | null, allowed: boolean): Promise<ModelPermission[]>;
|
|
68
|
+
revokeAll(modelType: string, modelId: number, permissions: string[], entityType: string | null, entityId: number | null): ModelQueryBuilderContract<typeof ModelPermission, ModelPermission>;
|
|
69
|
+
flush(modelType: string, modelId: number): ModelQueryBuilderContract<typeof ModelPermission, any>;
|
|
70
|
+
/**
|
|
71
|
+
* sync permissions, remove everything outside of the list
|
|
72
|
+
*/
|
|
73
|
+
sync(modelType: string, modelId: number, permissionId: string[]): Promise<ModelPermission[]>;
|
|
74
|
+
/**
|
|
75
|
+
* forbid permission on model
|
|
76
|
+
*/
|
|
77
|
+
forbid(modelType: string, modelId: number, permissionSlug: string, entityType: string | null, entityId: number | null): Promise<ModelPermission[]>;
|
|
78
|
+
/**
|
|
79
|
+
* forbid permission on model
|
|
80
|
+
*/
|
|
81
|
+
forbidAll(modelType: string, modelId: number, permissionsSlug: string[], entityType: string | null, entityId: number | null): Promise<ModelPermission[]>;
|
|
82
|
+
/**
|
|
83
|
+
* to remove forbidden permission on model
|
|
84
|
+
*/
|
|
85
|
+
unforbidAll(modelType: string, modelId: number, permissionsSlug: string[], entityType: string | null, entityId: number | null): Promise<any[]>;
|
|
86
|
+
findBySlug(slug: string, allowed?: boolean): Promise<Permission>;
|
|
87
|
+
private modelPermissionQueryWithForbiddenCheck;
|
|
88
|
+
private modelPermissionQuery;
|
|
89
|
+
reverseModelPermissionQuery(conditions: Partial<ModelPermissionsQuery>): ModelQueryBuilderContract<typeof ModelPermission, ModelPermission>;
|
|
90
|
+
findAssignableEntity(permisison: string[], entityClass: string | null, entityId: number | null, allowed: boolean): ModelQueryBuilderContract<typeof Permission, Permission>;
|
|
91
|
+
private applyTargetRestriction;
|
|
92
|
+
}
|
|
@@ -0,0 +1,438 @@
|
|
|
1
|
+
import ModelPermission from '../../models/model_permission.js';
|
|
2
|
+
import ModelRole from '../../models/model_role.js';
|
|
3
|
+
import Permission from '../../models/permission.js';
|
|
4
|
+
import Role from '../../models/role.js';
|
|
5
|
+
import BaseService from '../base_service.js';
|
|
6
|
+
import { morphMap } from '../helper.js';
|
|
7
|
+
export default class PermissionsService extends BaseService {
|
|
8
|
+
/**
|
|
9
|
+
* return all permissions, including fodbidden
|
|
10
|
+
*/
|
|
11
|
+
async all(modelType, modelId, includeForbiddens = false) {
|
|
12
|
+
const map = await morphMap();
|
|
13
|
+
return this.modelPermissionQuery({
|
|
14
|
+
modelType,
|
|
15
|
+
modelId,
|
|
16
|
+
directPermissions: map.getAlias(Role) === modelType,
|
|
17
|
+
includeForbiddens,
|
|
18
|
+
})
|
|
19
|
+
.groupBy(Permission.table + '.id')
|
|
20
|
+
.select(Permission.table + '.*');
|
|
21
|
+
}
|
|
22
|
+
/**
|
|
23
|
+
* return only global assigned permissions, through role or direct
|
|
24
|
+
*/
|
|
25
|
+
async global(modelType, modelId, includeForbiddens = false) {
|
|
26
|
+
const map = await morphMap();
|
|
27
|
+
return this.modelPermissionQuery({
|
|
28
|
+
modelType,
|
|
29
|
+
modelId,
|
|
30
|
+
directPermissions: map.getAlias(Role) === modelType,
|
|
31
|
+
includeForbiddens,
|
|
32
|
+
})
|
|
33
|
+
.where(Permission.table + '.entity_type', '*')
|
|
34
|
+
.whereNull(Permission.table + '.entity_id')
|
|
35
|
+
.groupBy(Permission.table + '.id')
|
|
36
|
+
.select(Permission.table + '.*');
|
|
37
|
+
}
|
|
38
|
+
/**
|
|
39
|
+
* get all permissions which is assigned to concrete resource
|
|
40
|
+
*/
|
|
41
|
+
async onResource(modelType, modelId, includeForbiddens = false) {
|
|
42
|
+
const map = await morphMap();
|
|
43
|
+
return this.modelPermissionQuery({
|
|
44
|
+
modelType,
|
|
45
|
+
modelId,
|
|
46
|
+
directPermissions: map.getAlias(Role) === modelType,
|
|
47
|
+
includeForbiddens,
|
|
48
|
+
})
|
|
49
|
+
.where(Permission.table + '.entity_type', '!=', '*')
|
|
50
|
+
.groupBy(Permission.table + '.id')
|
|
51
|
+
.select(Permission.table + '.*');
|
|
52
|
+
}
|
|
53
|
+
/**
|
|
54
|
+
* all direct permissions
|
|
55
|
+
*/
|
|
56
|
+
direct(modelType, modelId, includeForbiddens = false) {
|
|
57
|
+
return this.modelPermissionQuery({
|
|
58
|
+
modelType,
|
|
59
|
+
modelId,
|
|
60
|
+
directPermissions: true,
|
|
61
|
+
includeForbiddens,
|
|
62
|
+
})
|
|
63
|
+
.groupBy(Permission.table + '.id')
|
|
64
|
+
.select(Permission.table + '.*');
|
|
65
|
+
}
|
|
66
|
+
directGlobal(modelType, modelId, includeForbiddens = false) {
|
|
67
|
+
return this.modelPermissionQuery({
|
|
68
|
+
modelType,
|
|
69
|
+
modelId,
|
|
70
|
+
directPermissions: true,
|
|
71
|
+
includeForbiddens,
|
|
72
|
+
})
|
|
73
|
+
.whereNull(Permission.table + '.entity_id')
|
|
74
|
+
.groupBy(Permission.table + '.id')
|
|
75
|
+
.select(Permission.table + '.*');
|
|
76
|
+
}
|
|
77
|
+
/**
|
|
78
|
+
* return direct and resource assigned permissions
|
|
79
|
+
*/
|
|
80
|
+
directResource(modelType, modelId, includeForbiddens = false) {
|
|
81
|
+
return this.modelPermissionQuery({
|
|
82
|
+
modelType,
|
|
83
|
+
modelId,
|
|
84
|
+
directPermissions: true,
|
|
85
|
+
includeForbiddens,
|
|
86
|
+
})
|
|
87
|
+
.whereNotNull(Permission.table + '.entity_id')
|
|
88
|
+
.groupBy(Permission.table + '.id')
|
|
89
|
+
.select(Permission.table + '.*');
|
|
90
|
+
}
|
|
91
|
+
/**
|
|
92
|
+
* @param modelType
|
|
93
|
+
* @param modelId
|
|
94
|
+
* @param permisison
|
|
95
|
+
* @returns
|
|
96
|
+
*/
|
|
97
|
+
async hasAnyDirect(modelType, modelId, permisisons, entityType, entityId) {
|
|
98
|
+
const { slugs, ids } = this.formatList(permisisons);
|
|
99
|
+
const q = this.modelPermissionQueryWithForbiddenCheck({
|
|
100
|
+
modelType,
|
|
101
|
+
modelId,
|
|
102
|
+
directPermissions: true,
|
|
103
|
+
permissionSlugs: slugs,
|
|
104
|
+
permissionIds: ids,
|
|
105
|
+
});
|
|
106
|
+
this.applyTargetRestriction(q, entityType, entityId);
|
|
107
|
+
const r = await q.groupBy(Permission.table + '.id').select(Permission.table + '.id');
|
|
108
|
+
return r.length > 0;
|
|
109
|
+
}
|
|
110
|
+
async hasAllDirect(modelType, modelId, permisisons, entityType, entityId) {
|
|
111
|
+
const { slugs, ids } = this.formatList(permisisons);
|
|
112
|
+
const q = this.modelPermissionQueryWithForbiddenCheck({
|
|
113
|
+
modelType,
|
|
114
|
+
modelId,
|
|
115
|
+
directPermissions: true,
|
|
116
|
+
permissionSlugs: slugs,
|
|
117
|
+
permissionIds: ids,
|
|
118
|
+
});
|
|
119
|
+
this.applyTargetRestriction(q, entityType, entityId);
|
|
120
|
+
const r = await q.groupBy(Permission.table + '.id').select(Permission.table + '.id');
|
|
121
|
+
return r.length >= permisisons.length;
|
|
122
|
+
}
|
|
123
|
+
/**
|
|
124
|
+
* has all permissions
|
|
125
|
+
*/
|
|
126
|
+
async hasAll(modelType, modelId, permisisons, entityType, entityId) {
|
|
127
|
+
const map = await morphMap();
|
|
128
|
+
const { slugs, ids } = this.formatList(permisisons);
|
|
129
|
+
const q = this.modelPermissionQueryWithForbiddenCheck({
|
|
130
|
+
modelType,
|
|
131
|
+
modelId,
|
|
132
|
+
directPermissions: map.getAlias(Role) === modelType,
|
|
133
|
+
permissionSlugs: slugs,
|
|
134
|
+
permissionIds: ids,
|
|
135
|
+
});
|
|
136
|
+
this.applyTargetRestriction(q, entityType, entityId);
|
|
137
|
+
const r = await q.groupBy(Permission.table + '.id').select(Permission.table + '.id');
|
|
138
|
+
return r.length >= permisisons.length;
|
|
139
|
+
}
|
|
140
|
+
/**
|
|
141
|
+
* has any of permissions
|
|
142
|
+
*/
|
|
143
|
+
async hasAny(modelType, modelId, permisison, entityType, entityId) {
|
|
144
|
+
const map = await morphMap();
|
|
145
|
+
const { slugs, ids } = this.formatList(permisison);
|
|
146
|
+
const q = this.modelPermissionQueryWithForbiddenCheck({
|
|
147
|
+
modelType,
|
|
148
|
+
modelId,
|
|
149
|
+
directPermissions: map.getAlias(Role) === modelType,
|
|
150
|
+
permissionSlugs: slugs,
|
|
151
|
+
permissionIds: ids,
|
|
152
|
+
});
|
|
153
|
+
this.applyTargetRestriction(q, entityType, entityId);
|
|
154
|
+
const r = await q.groupBy(Permission.table + '.id').select(Permission.table + '.id');
|
|
155
|
+
return r.length > 0;
|
|
156
|
+
}
|
|
157
|
+
/**
|
|
158
|
+
* has all permissions
|
|
159
|
+
*/
|
|
160
|
+
async containsAll(modelType, modelId, permisison) {
|
|
161
|
+
const map = await morphMap();
|
|
162
|
+
const { slugs, ids } = this.formatList(permisison);
|
|
163
|
+
const q = this.modelPermissionQuery({
|
|
164
|
+
modelType,
|
|
165
|
+
modelId,
|
|
166
|
+
directPermissions: map.getAlias(Role) === modelType,
|
|
167
|
+
permissionSlugs: slugs,
|
|
168
|
+
permissionIds: ids,
|
|
169
|
+
}).groupBy(Permission.table + '.id');
|
|
170
|
+
const r = await q.select(Permission.table + '.id');
|
|
171
|
+
return r.length >= permisison.length;
|
|
172
|
+
}
|
|
173
|
+
/**
|
|
174
|
+
* has any of permissions
|
|
175
|
+
*/
|
|
176
|
+
async containsAny(modelType, modelId, permisison) {
|
|
177
|
+
const map = await morphMap();
|
|
178
|
+
const { slugs, ids } = this.formatList(permisison);
|
|
179
|
+
const q = this.modelPermissionQuery({
|
|
180
|
+
modelType,
|
|
181
|
+
modelId,
|
|
182
|
+
directPermissions: map.getAlias(Role) === modelType,
|
|
183
|
+
permissionSlugs: slugs,
|
|
184
|
+
permissionIds: ids,
|
|
185
|
+
}).groupBy(Permission.table + '.id');
|
|
186
|
+
const r = await q.select(Permission.table + '.id');
|
|
187
|
+
// @ts-ignore
|
|
188
|
+
return r.length > 0;
|
|
189
|
+
}
|
|
190
|
+
/**
|
|
191
|
+
* has all permissions
|
|
192
|
+
*/
|
|
193
|
+
async containsAllDirect(modelType, modelId, permisison) {
|
|
194
|
+
const { slugs, ids } = this.formatList(permisison);
|
|
195
|
+
const q = this.modelPermissionQuery({
|
|
196
|
+
modelType,
|
|
197
|
+
modelId,
|
|
198
|
+
directPermissions: true,
|
|
199
|
+
permissionSlugs: slugs,
|
|
200
|
+
permissionIds: ids,
|
|
201
|
+
}).groupBy(Permission.table + '.id');
|
|
202
|
+
const r = await q.select(Permission.table + '.id');
|
|
203
|
+
return r.length >= permisison.length;
|
|
204
|
+
}
|
|
205
|
+
/**
|
|
206
|
+
* has any of permissions
|
|
207
|
+
*/
|
|
208
|
+
async containsAnyDirect(modelType, modelId, permisison) {
|
|
209
|
+
const { slugs, ids } = this.formatList(permisison);
|
|
210
|
+
const q = this.modelPermissionQuery({
|
|
211
|
+
modelType,
|
|
212
|
+
modelId,
|
|
213
|
+
directPermissions: true,
|
|
214
|
+
permissionSlugs: slugs,
|
|
215
|
+
permissionIds: ids,
|
|
216
|
+
}).groupBy(Permission.table + '.id');
|
|
217
|
+
const r = await q.select(Permission.table + '.id');
|
|
218
|
+
// @ts-ignore
|
|
219
|
+
return r.length > 0;
|
|
220
|
+
}
|
|
221
|
+
/**
|
|
222
|
+
* check if permission is forbidden, if there is same permission with allowed=false then return true;
|
|
223
|
+
*/
|
|
224
|
+
forbidden(modelType, modelId, permisison, entityType, entityId) {
|
|
225
|
+
return !this.hasAny(modelType, modelId, [permisison], entityType, entityId);
|
|
226
|
+
}
|
|
227
|
+
/**
|
|
228
|
+
* give permission to model
|
|
229
|
+
*/
|
|
230
|
+
async giveAll(modelType, modelId, slugs, entityType, entityId, allowed) {
|
|
231
|
+
// if entityType is not null then we need to assigne permission for specific entity
|
|
232
|
+
let permissions = await this.findAssignableEntity(slugs, entityType, entityId, allowed);
|
|
233
|
+
//if no permissions then we will create permission for this specific entity
|
|
234
|
+
let createManyData = [];
|
|
235
|
+
let permissionIds = [];
|
|
236
|
+
for (const slug of slugs) {
|
|
237
|
+
const found = permissions.find((i) => i.slug === slug);
|
|
238
|
+
if (!found) {
|
|
239
|
+
createManyData.push({
|
|
240
|
+
slug,
|
|
241
|
+
title: slug,
|
|
242
|
+
entityType,
|
|
243
|
+
entityId,
|
|
244
|
+
allowed,
|
|
245
|
+
});
|
|
246
|
+
}
|
|
247
|
+
else {
|
|
248
|
+
permissionIds.push(found.id);
|
|
249
|
+
}
|
|
250
|
+
}
|
|
251
|
+
if (createManyData.length) {
|
|
252
|
+
const newPermissions = await Permission.createMany(createManyData);
|
|
253
|
+
newPermissions.map((i) => permissionIds.push(i.id));
|
|
254
|
+
}
|
|
255
|
+
let modelPermissionMany = permissionIds.map((i) => ({
|
|
256
|
+
modelType: modelType,
|
|
257
|
+
modelId: modelId,
|
|
258
|
+
permissionId: i,
|
|
259
|
+
}));
|
|
260
|
+
return ModelPermission.createMany(modelPermissionMany);
|
|
261
|
+
}
|
|
262
|
+
revokeAll(modelType, modelId, permissions, entityType, entityId) {
|
|
263
|
+
const q = ModelPermission.query()
|
|
264
|
+
.leftJoin(Permission.table + ' as p', 'p.id', '=', ModelPermission.table + '.permission_id')
|
|
265
|
+
.whereIn('p.slug', permissions)
|
|
266
|
+
.where('p.allowed', true)
|
|
267
|
+
.where(ModelPermission.table + '.model_type', modelType)
|
|
268
|
+
.where(ModelPermission.table + '.model_id', modelId);
|
|
269
|
+
if (entityType) {
|
|
270
|
+
q.where('p.entity_type', entityType);
|
|
271
|
+
if (entityId) {
|
|
272
|
+
q.where('p.entity_id', entityId);
|
|
273
|
+
}
|
|
274
|
+
}
|
|
275
|
+
return q;
|
|
276
|
+
}
|
|
277
|
+
flush(modelType, modelId) {
|
|
278
|
+
return ModelPermission.query()
|
|
279
|
+
.where(ModelPermission.table + '.model_type', modelType)
|
|
280
|
+
.where(ModelPermission.table + '.model_id', modelId)
|
|
281
|
+
.delete();
|
|
282
|
+
}
|
|
283
|
+
/**
|
|
284
|
+
* sync permissions, remove everything outside of the list
|
|
285
|
+
*/
|
|
286
|
+
async sync(modelType, modelId, permissionId) {
|
|
287
|
+
await ModelPermission.query().where('model_type', modelType).where('model_id', modelId).delete();
|
|
288
|
+
const many = await this.giveAll(modelType, modelId, permissionId, null, null, true);
|
|
289
|
+
return many;
|
|
290
|
+
}
|
|
291
|
+
/**
|
|
292
|
+
* forbid permission on model
|
|
293
|
+
*/
|
|
294
|
+
async forbid(modelType, modelId, permissionSlug, entityType, entityId) {
|
|
295
|
+
return this.forbidAll(modelType, modelId, [permissionSlug], entityType, entityId);
|
|
296
|
+
}
|
|
297
|
+
/**
|
|
298
|
+
* forbid permission on model
|
|
299
|
+
*/
|
|
300
|
+
async forbidAll(modelType, modelId, permissionsSlug, entityType, entityId) {
|
|
301
|
+
return this.giveAll(modelType, modelId, permissionsSlug, entityType, entityId, false);
|
|
302
|
+
}
|
|
303
|
+
/**
|
|
304
|
+
* to remove forbidden permission on model
|
|
305
|
+
*/
|
|
306
|
+
async unforbidAll(modelType, modelId, permissionsSlug, entityType, entityId) {
|
|
307
|
+
// todo replace using reverseModelPermissionQuery() method
|
|
308
|
+
const q = ModelPermission.query()
|
|
309
|
+
.leftJoin(Permission.table + ' as p', 'p.id', '=', ModelPermission.table + '.permission_id')
|
|
310
|
+
.where('model_type', modelType)
|
|
311
|
+
.where('model_id', modelId)
|
|
312
|
+
.whereIn('p.slug', permissionsSlug)
|
|
313
|
+
.where('p.allowed', false);
|
|
314
|
+
if (entityType) {
|
|
315
|
+
q.where('p.entity_type', entityType);
|
|
316
|
+
if (entityId) {
|
|
317
|
+
q.where('p.entity_id', entityId);
|
|
318
|
+
}
|
|
319
|
+
}
|
|
320
|
+
return q.delete();
|
|
321
|
+
}
|
|
322
|
+
findBySlug(slug, allowed = true) {
|
|
323
|
+
return Permission.query().where('slug', slug).where('allowed', allowed).firstOrFail();
|
|
324
|
+
}
|
|
325
|
+
modelPermissionQueryWithForbiddenCheck(conditions) {
|
|
326
|
+
const q = this.modelPermissionQuery(conditions);
|
|
327
|
+
q.whereNotExists((subQuery) => {
|
|
328
|
+
subQuery
|
|
329
|
+
.from(Permission.table + ' as p2')
|
|
330
|
+
.join(ModelPermission.table + ' as mp2', 'mp2.permission_id', '=', 'p2.id')
|
|
331
|
+
.where('p2.allowed', false)
|
|
332
|
+
.whereRaw('p2.slug=' + Permission.table + '.slug')
|
|
333
|
+
.whereRaw('mp2.id=mp.id');
|
|
334
|
+
});
|
|
335
|
+
return q;
|
|
336
|
+
}
|
|
337
|
+
modelPermissionQuery(conditions) {
|
|
338
|
+
const { modelId, modelType, permissionSlugs, directPermissions, includeForbiddens } = conditions;
|
|
339
|
+
const q = Permission.query().join(ModelPermission.table + ' as mp', 'mp.permission_id', '=', Permission.table + '.id');
|
|
340
|
+
if (modelId && modelType) {
|
|
341
|
+
if (directPermissions) {
|
|
342
|
+
q.where('mp.model_type', modelType).where('mp.model_id', modelId);
|
|
343
|
+
}
|
|
344
|
+
else {
|
|
345
|
+
q.join(ModelRole.table + ' as mr', (joinQuery) => {
|
|
346
|
+
joinQuery.onVal('mr.model_type', modelType).onVal('mr.model_id', modelId);
|
|
347
|
+
}).where((subQuery) => {
|
|
348
|
+
subQuery
|
|
349
|
+
.where((query) => {
|
|
350
|
+
query.where('mp.model_type', modelType).where('mp.model_id', modelId);
|
|
351
|
+
})
|
|
352
|
+
.orWhere((query) => {
|
|
353
|
+
query.whereRaw('mr.role_id=mp.model_id').where('mp.model_type', 'roles');
|
|
354
|
+
});
|
|
355
|
+
});
|
|
356
|
+
}
|
|
357
|
+
}
|
|
358
|
+
if (!includeForbiddens) {
|
|
359
|
+
q.whereNotExists((subQuery) => {
|
|
360
|
+
subQuery
|
|
361
|
+
.from(Permission.table + ' as p2')
|
|
362
|
+
.join(ModelPermission.table + ' as mp2', 'mp2.permission_id', '=', 'p2.id')
|
|
363
|
+
.where('p2.allowed', false)
|
|
364
|
+
.whereRaw('p2.slug=' + Permission.table + '.slug')
|
|
365
|
+
.whereRaw('mp2.id=mp.id');
|
|
366
|
+
});
|
|
367
|
+
}
|
|
368
|
+
if (permissionSlugs) {
|
|
369
|
+
q.whereIn(Permission.table + '.slug', permissionSlugs);
|
|
370
|
+
}
|
|
371
|
+
return q;
|
|
372
|
+
}
|
|
373
|
+
reverseModelPermissionQuery(conditions) {
|
|
374
|
+
const { modelId, modelType, permissionSlugs, directPermissions } = conditions;
|
|
375
|
+
const q = ModelPermission.query().leftJoin(Permission.table + ' as p', 'p.id', '=', ModelPermission.table + '.permission_id');
|
|
376
|
+
if (modelId && modelType) {
|
|
377
|
+
if (directPermissions) {
|
|
378
|
+
q.where(ModelPermission.table + '.model_type', modelType).where(ModelPermission.table + '.model_id', modelId);
|
|
379
|
+
}
|
|
380
|
+
else {
|
|
381
|
+
q.join(ModelRole.table + ' as mr', (joinQuery) => {
|
|
382
|
+
joinQuery.onVal('mr.model_type', modelType).andOnVal('mr.model_id', modelId);
|
|
383
|
+
}).where((subQuery) => {
|
|
384
|
+
subQuery
|
|
385
|
+
.where((query) => {
|
|
386
|
+
query
|
|
387
|
+
.where(ModelPermission.table + '.model_type', modelType)
|
|
388
|
+
.where(ModelPermission.table + '.model_id', modelId);
|
|
389
|
+
})
|
|
390
|
+
.orWhere((query) => {
|
|
391
|
+
query
|
|
392
|
+
.whereRaw('mr.role_id=' + ModelPermission.table + '.model_id')
|
|
393
|
+
.where(ModelPermission.table + '.model_type', 'roles');
|
|
394
|
+
});
|
|
395
|
+
});
|
|
396
|
+
}
|
|
397
|
+
}
|
|
398
|
+
if (permissionSlugs) {
|
|
399
|
+
q.whereIn('p.slug', permissionSlugs);
|
|
400
|
+
}
|
|
401
|
+
return q;
|
|
402
|
+
}
|
|
403
|
+
findAssignableEntity(permisison, entityClass, entityId, allowed) {
|
|
404
|
+
const q = Permission.query().whereIn('slug', permisison).where('allowed', allowed);
|
|
405
|
+
if (entityClass) {
|
|
406
|
+
q.where('entity_type', entityClass);
|
|
407
|
+
if (entityId) {
|
|
408
|
+
q.where('entity_id', entityId);
|
|
409
|
+
}
|
|
410
|
+
else {
|
|
411
|
+
q.whereNull('entity_id');
|
|
412
|
+
}
|
|
413
|
+
}
|
|
414
|
+
else {
|
|
415
|
+
q.whereNull('entity_type').whereNull('entity_id');
|
|
416
|
+
}
|
|
417
|
+
return q;
|
|
418
|
+
}
|
|
419
|
+
applyTargetRestriction(q, entityType, entityId) {
|
|
420
|
+
if (entityType) {
|
|
421
|
+
q.where((query) => {
|
|
422
|
+
query
|
|
423
|
+
.where(Permission.table + '.entity_type', entityType)
|
|
424
|
+
.orWhereNull(Permission.table + '.entity_type');
|
|
425
|
+
});
|
|
426
|
+
if (entityId) {
|
|
427
|
+
q.where((query) => {
|
|
428
|
+
query
|
|
429
|
+
.where(Permission.table + '.entity_id', entityId)
|
|
430
|
+
.orWhereNull(Permission.table + '.entity_id');
|
|
431
|
+
});
|
|
432
|
+
}
|
|
433
|
+
}
|
|
434
|
+
else {
|
|
435
|
+
q.whereNull(Permission.table + '.entity_type').whereNull(Permission.table + '.entity_id');
|
|
436
|
+
}
|
|
437
|
+
}
|
|
438
|
+
}
|
|
@@ -0,0 +1,66 @@
|
|
|
1
|
+
import Permission from '../../models/permission.js';
|
|
2
|
+
import Role from '../../models/role.js';
|
|
3
|
+
import ModelService from '../model_service.js';
|
|
4
|
+
import PermissionsService from '../permissions/permissions_service.js';
|
|
5
|
+
import { AclModel } from '../../types.js';
|
|
6
|
+
export declare class RoleHasModelPermissions {
|
|
7
|
+
private role;
|
|
8
|
+
private permissionService;
|
|
9
|
+
private modelService;
|
|
10
|
+
constructor(role: Role, permissionService: PermissionsService, modelService: ModelService);
|
|
11
|
+
models(): import("@adonisjs/lucid/types/model").ModelQueryBuilderContract<typeof import("../../models/model_role.js").default, import("../../models/model_role.js").default>;
|
|
12
|
+
modelsFor(modelType: string): Promise<any>;
|
|
13
|
+
/**
|
|
14
|
+
* todo
|
|
15
|
+
* @param model
|
|
16
|
+
*/
|
|
17
|
+
permissions(): Promise<Permission[]>;
|
|
18
|
+
globalPermissions(): Promise<Permission[]>;
|
|
19
|
+
onResourcePermissions(): Promise<Permission[]>;
|
|
20
|
+
containsPermission(permisison: string | Permission): Promise<boolean>;
|
|
21
|
+
/**
|
|
22
|
+
*
|
|
23
|
+
* @param permisisons
|
|
24
|
+
* @returns
|
|
25
|
+
*/
|
|
26
|
+
containsAllPermissions(permisisons: (string | Permission)[]): Promise<boolean>;
|
|
27
|
+
/**
|
|
28
|
+
*
|
|
29
|
+
* @param permisisons
|
|
30
|
+
* @returns
|
|
31
|
+
*/
|
|
32
|
+
containsAnyPermissions(permisisons: (string | Permission)[]): Promise<boolean>;
|
|
33
|
+
hasPermission(permisison: string | Permission, target?: AclModel | Function): Promise<boolean>;
|
|
34
|
+
/**
|
|
35
|
+
*
|
|
36
|
+
* @param permisisons
|
|
37
|
+
* @returns
|
|
38
|
+
*/
|
|
39
|
+
hasAllPermissions(permisisons: (string | Permission)[], target?: AclModel | Function): Promise<boolean>;
|
|
40
|
+
/**
|
|
41
|
+
*
|
|
42
|
+
* @param permisisons
|
|
43
|
+
* @returns
|
|
44
|
+
*/
|
|
45
|
+
hasAnyPermissions(permisisons: (string | Permission)[], target?: AclModel | Function): Promise<boolean>;
|
|
46
|
+
/**
|
|
47
|
+
*
|
|
48
|
+
* @param permisison
|
|
49
|
+
* @returns
|
|
50
|
+
*/
|
|
51
|
+
can(permisison: string | Permission): Promise<boolean>;
|
|
52
|
+
canAll(permisisons: (string | Permission)[]): Promise<boolean>;
|
|
53
|
+
canAny(permisisons: (string | Permission)[]): Promise<boolean>;
|
|
54
|
+
forbidden(permisison: string | Permission, target?: AclModel | Function): Promise<boolean>;
|
|
55
|
+
assign(permisison: string, target?: AclModel | Function): Promise<import("../../models/model_permission.js").default[]>;
|
|
56
|
+
give(permisison: string, target?: AclModel | Function): Promise<import("../../models/model_permission.js").default[]>;
|
|
57
|
+
giveAll(permisisons: string[], target?: AclModel | Function): Promise<import("../../models/model_permission.js").default[]>;
|
|
58
|
+
assingAll(permisisons: string[], target?: AclModel | Function): Promise<import("../../models/model_permission.js").default[]>;
|
|
59
|
+
revokePermission(permisison: string): Promise<import("../../models/model_permission.js").default[]>;
|
|
60
|
+
revoke(permisison: string): Promise<import("../../models/model_permission.js").default[]>;
|
|
61
|
+
revokeAll(permisisons: string[], target?: AclModel | Function): Promise<import("../../models/model_permission.js").default[]>;
|
|
62
|
+
revokeAllPermissions(permisisons: string[]): Promise<import("../../models/model_permission.js").default[]>;
|
|
63
|
+
flush(): Promise<any[]>;
|
|
64
|
+
forbid(permisison: string, target?: AclModel | Function): Promise<import("../../models/model_permission.js").default[]>;
|
|
65
|
+
unforbid(permisison: string, target?: AclModel | Function): Promise<any[]>;
|
|
66
|
+
}
|