@holoyan/adonisjs-permissions 0.5.2 → 0.6.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +277 -97
- package/build/configure.js +9 -0
- package/build/index.d.ts +2 -1
- package/build/index.js +2 -1
- package/build/providers/role_permission_provider.js +5 -3
- package/build/src/acl.d.ts +14 -6
- package/build/src/acl.js +33 -12
- package/build/src/mixins/has_permissions.d.ts +1 -2
- package/build/src/mixins/has_permissions.js +0 -3
- package/build/src/model_manager.d.ts +3 -3
- package/build/src/scope.d.ts +7 -0
- package/build/src/scope.js +14 -0
- package/build/src/services/model_has_role_permissions.d.ts +12 -3
- package/build/src/services/model_has_role_permissions.js +29 -2
- package/build/src/services/permissions/empty_permission.d.ts +5 -1
- package/build/src/services/permissions/empty_permission.js +10 -1
- package/build/src/services/permissions/permission_has_model_roles.d.ts +5 -2
- package/build/src/services/permissions/permission_has_model_roles.js +10 -1
- package/build/src/services/permissions/permissions_service.d.ts +11 -3
- package/build/src/services/permissions/permissions_service.js +48 -13
- package/build/src/services/query_helper.d.ts +4 -4
- package/build/src/services/query_helper.js +8 -8
- package/build/src/services/roles/empty_roles.d.ts +5 -1
- package/build/src/services/roles/empty_roles.js +10 -1
- package/build/src/services/roles/role_has_model_permissions.d.ts +7 -6
- package/build/src/services/roles/role_has_model_permissions.js +16 -6
- package/build/src/services/roles/roles_service.d.ts +10 -5
- package/build/src/services/roles/roles_service.js +16 -4
- package/build/src/types.d.ts +22 -1
- package/build/stubs/middlewares/acl_middleware.stub +26 -0
- package/package.json +1 -1
package/build/configure.js
CHANGED
|
@@ -30,4 +30,13 @@ export async function configure(_command) {
|
|
|
30
30
|
await codemods.updateRcFile((rcFile) => {
|
|
31
31
|
rcFile.addProvider('@holoyan/adonisjs-permissions/role_permission_provider');
|
|
32
32
|
});
|
|
33
|
+
/**
|
|
34
|
+
* Publish and register middleware
|
|
35
|
+
*/
|
|
36
|
+
await codemods.makeUsingStub(stubsRoot, 'middlewares/acl_middleware.stub', {});
|
|
37
|
+
await codemods.registerMiddleware('server', [
|
|
38
|
+
{
|
|
39
|
+
path: '#middleware/acl_middleware',
|
|
40
|
+
},
|
|
41
|
+
]);
|
|
33
42
|
}
|
package/build/index.d.ts
CHANGED
|
@@ -8,7 +8,8 @@ export declare const Permission: typeof permission;
|
|
|
8
8
|
export declare const Role: typeof role;
|
|
9
9
|
export { configure } from './configure.js';
|
|
10
10
|
export { stubsRoot } from './stubs/main.js';
|
|
11
|
-
export { Acl } from './src/acl.js';
|
|
11
|
+
export { Acl, AclManager } from './src/acl.js';
|
|
12
12
|
export { MorphMap, getClassPath } from './src/decorators.js';
|
|
13
13
|
export * as morphMapModel from './src/morph_map.js';
|
|
14
14
|
export { hasPermissions } from './src/mixins/has_permissions.js';
|
|
15
|
+
export { Scope } from './src/scope.js';
|
package/build/index.js
CHANGED
|
@@ -16,7 +16,8 @@ export const Permission = permission;
|
|
|
16
16
|
export const Role = role;
|
|
17
17
|
export { configure } from './configure.js';
|
|
18
18
|
export { stubsRoot } from './stubs/main.js';
|
|
19
|
-
export { Acl } from './src/acl.js';
|
|
19
|
+
export { Acl, AclManager } from './src/acl.js';
|
|
20
20
|
export { MorphMap, getClassPath } from './src/decorators.js';
|
|
21
21
|
export * as morphMapModel from './src/morph_map.js';
|
|
22
22
|
export { hasPermissions } from './src/mixins/has_permissions.js';
|
|
23
|
+
export { Scope } from './src/scope.js';
|
|
@@ -3,8 +3,9 @@ import Role from '../src/models/role.js';
|
|
|
3
3
|
import ModelPermission from '../src/models/model_permission.js';
|
|
4
4
|
import ModelRole from '../src/models/model_role.js';
|
|
5
5
|
import ModelManager from '../src/model_manager.js';
|
|
6
|
-
import {
|
|
6
|
+
import { AclManager } from '../src/acl.js';
|
|
7
7
|
import MorphMap from '../src/morph_map.js';
|
|
8
|
+
import { Scope } from '../src/scope.js';
|
|
8
9
|
export default class RolePermissionProvider {
|
|
9
10
|
app;
|
|
10
11
|
constructor(app) {
|
|
@@ -24,10 +25,11 @@ export default class RolePermissionProvider {
|
|
|
24
25
|
modelManager.setModel('role', Role);
|
|
25
26
|
modelManager.setModel('modelPermission', ModelPermission);
|
|
26
27
|
modelManager.setModel('modelRole', ModelRole);
|
|
27
|
-
|
|
28
|
+
modelManager.setModel('scope', Scope);
|
|
29
|
+
AclManager.setModelManager(modelManager);
|
|
28
30
|
const map = await this.app.container.make('morphMap');
|
|
29
31
|
map.set('permissions', Permission);
|
|
30
32
|
map.set('roles', Role);
|
|
31
|
-
|
|
33
|
+
AclManager.setMorphMap(map);
|
|
32
34
|
}
|
|
33
35
|
}
|
package/build/src/acl.d.ts
CHANGED
|
@@ -1,16 +1,24 @@
|
|
|
1
1
|
import { RoleHasModelPermissions } from './services/roles/role_has_model_permissions.js';
|
|
2
2
|
import { ModelHasRolePermissions } from './services/model_has_role_permissions.js';
|
|
3
|
-
import { AclModel, MorphInterface, PermissionInterface, RoleInterface } from './types.js';
|
|
4
|
-
import PermissionHasModelRoles from './services/permissions/permission_has_model_roles.js';
|
|
3
|
+
import { AclModel, MorphInterface, PermissionInterface, RoleInterface, ScopeInterface } from './types.js';
|
|
5
4
|
import ModelManager from './model_manager.js';
|
|
6
5
|
import EmptyPermission from './services/permissions/empty_permission.js';
|
|
7
6
|
import EmptyRoles from './services/roles/empty_roles.js';
|
|
8
|
-
export declare class
|
|
7
|
+
export declare class AclManager {
|
|
9
8
|
private static modelManager;
|
|
10
9
|
private static map;
|
|
11
10
|
static setModelManager(manager: ModelManager): void;
|
|
12
11
|
static setMorphMap(map: MorphInterface): void;
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
12
|
+
private _scope?;
|
|
13
|
+
private allowScopeRewriting;
|
|
14
|
+
constructor(allowScopeRewriting?: boolean);
|
|
15
|
+
model(model: AclModel): ModelHasRolePermissions;
|
|
16
|
+
role(): EmptyRoles;
|
|
17
|
+
role(role: RoleInterface): RoleHasModelPermissions;
|
|
18
|
+
permission(): EmptyPermission;
|
|
19
|
+
permission(permission: PermissionInterface): EmptyPermission;
|
|
20
|
+
private createNewScope;
|
|
21
|
+
scope(scope: ScopeInterface): this;
|
|
22
|
+
getScope(): ScopeInterface;
|
|
16
23
|
}
|
|
24
|
+
export declare const Acl: AclManager;
|
package/build/src/acl.js
CHANGED
|
@@ -6,7 +6,7 @@ import PermissionHasModelRoles from './services/permissions/permission_has_model
|
|
|
6
6
|
import ModelService from './services/model_service.js';
|
|
7
7
|
import EmptyPermission from './services/permissions/empty_permission.js';
|
|
8
8
|
import EmptyRoles from './services/roles/empty_roles.js';
|
|
9
|
-
export class
|
|
9
|
+
export class AclManager {
|
|
10
10
|
static modelManager;
|
|
11
11
|
static map;
|
|
12
12
|
static setModelManager(manager) {
|
|
@@ -15,23 +15,44 @@ export class Acl {
|
|
|
15
15
|
static setMorphMap(map) {
|
|
16
16
|
this.map = map;
|
|
17
17
|
}
|
|
18
|
-
|
|
19
|
-
|
|
18
|
+
_scope;
|
|
19
|
+
allowScopeRewriting = true;
|
|
20
|
+
constructor(allowScopeRewriting) {
|
|
21
|
+
if (allowScopeRewriting !== undefined) {
|
|
22
|
+
this.allowScopeRewriting = allowScopeRewriting;
|
|
23
|
+
}
|
|
24
|
+
}
|
|
25
|
+
model(model) {
|
|
26
|
+
const scope = this._scope || this.createNewScope();
|
|
27
|
+
return new ModelHasRolePermissions(model, new RolesService(AclManager.modelManager.getModel('role'), AclManager.modelManager.getModel('modelPermission'), AclManager.modelManager.getModel('modelRole'), AclManager.map, scope), new PermissionsService(AclManager.modelManager.getModel('permission'), AclManager.modelManager.getModel('role'), AclManager.modelManager.getModel('modelPermission'), AclManager.modelManager.getModel('modelRole'), AclManager.map, scope), AclManager.map, scope);
|
|
20
28
|
}
|
|
21
|
-
|
|
29
|
+
role(role) {
|
|
30
|
+
const scope = this._scope || this.createNewScope();
|
|
22
31
|
if (role) {
|
|
23
|
-
return new RoleHasModelPermissions(role, new PermissionsService(
|
|
24
|
-
}
|
|
25
|
-
else {
|
|
26
|
-
return new EmptyRoles(this.modelManager.getModel('role'));
|
|
32
|
+
return new RoleHasModelPermissions(role, new PermissionsService(AclManager.modelManager.getModel('permission'), AclManager.modelManager.getModel('role'), AclManager.modelManager.getModel('modelPermission'), AclManager.modelManager.getModel('modelRole'), AclManager.map, scope), new ModelService(AclManager.modelManager.getModel('modelPermission'), AclManager.modelManager.getModel('modelRole'), AclManager.map), AclManager.map, scope);
|
|
27
33
|
}
|
|
34
|
+
return new EmptyRoles(AclManager.modelManager.getModel('role'), scope);
|
|
28
35
|
}
|
|
29
|
-
|
|
36
|
+
permission(permission) {
|
|
37
|
+
const scope = this._scope || this.createNewScope();
|
|
30
38
|
if (permission) {
|
|
31
|
-
return new PermissionHasModelRoles(permission, new RolesService(
|
|
39
|
+
return new PermissionHasModelRoles(permission, new RolesService(AclManager.modelManager.getModel('role'), AclManager.modelManager.getModel('modelPermission'), AclManager.modelManager.getModel('modelRole'), AclManager.map, scope), new PermissionsService(AclManager.modelManager.getModel('permission'), AclManager.modelManager.getModel('role'), AclManager.modelManager.getModel('modelPermission'), AclManager.modelManager.getModel('modelRole'), AclManager.map, scope), new ModelService(AclManager.modelManager.getModel('modelPermission'), AclManager.modelManager.getModel('modelRole'), AclManager.map), AclManager.modelManager.getModel('modelPermission'), AclManager.modelManager.getModel('modelRole'), AclManager.map, scope);
|
|
32
40
|
}
|
|
33
|
-
|
|
34
|
-
|
|
41
|
+
return new EmptyPermission(AclManager.modelManager.getModel('permission'), scope);
|
|
42
|
+
}
|
|
43
|
+
createNewScope() {
|
|
44
|
+
const ScopeClass = AclManager.modelManager.getModel('scope');
|
|
45
|
+
return new ScopeClass();
|
|
46
|
+
}
|
|
47
|
+
scope(scope) {
|
|
48
|
+
if (!this.allowScopeRewriting) {
|
|
49
|
+
throw new Error('Scope method call is not available on global Acl object, use AclManager to create new scoped acl object');
|
|
35
50
|
}
|
|
51
|
+
this._scope = scope;
|
|
52
|
+
return this;
|
|
53
|
+
}
|
|
54
|
+
getScope() {
|
|
55
|
+
return this._scope || this.createNewScope();
|
|
36
56
|
}
|
|
37
57
|
}
|
|
58
|
+
export const Acl = new AclManager(false);
|
|
@@ -4,7 +4,7 @@ import { AclModel, RoleInterface } from '../types.js';
|
|
|
4
4
|
export declare function hasPermissions(): <Model extends NormalizeConstructor<import("@adonisjs/lucid/types/model").LucidModel>>(superclass: Model) => {
|
|
5
5
|
new (...args: any[]): {
|
|
6
6
|
getModelId(): number;
|
|
7
|
-
roles():
|
|
7
|
+
roles(): import("@adonisjs/lucid/types/model").ModelQueryBuilderContract<import("@adonisjs/lucid/types/model").LucidModel, import("../types.js").RoleModel<import("@adonisjs/lucid/types/model").LucidModel>>;
|
|
8
8
|
hasRole(role: string | RoleInterface): Promise<boolean>;
|
|
9
9
|
hasAllRoles(...roles: (string | RoleInterface)[]): Promise<boolean>;
|
|
10
10
|
hasAnyRole(...roles: (string | RoleInterface)[]): Promise<boolean>;
|
|
@@ -28,7 +28,6 @@ export declare function hasPermissions(): <Model extends NormalizeConstructor<im
|
|
|
28
28
|
hasAnyDirectPermission(permissions: (string | Permission)[], target?: AclModel | Function): Promise<boolean>;
|
|
29
29
|
hasDirectPermission(permission: string | Permission, target?: AclModel | Function): Promise<boolean>;
|
|
30
30
|
hasAllPermissionsDirect(permissions: (string | Permission)[], target?: AclModel | Function): Promise<boolean>;
|
|
31
|
-
can(permission: string | Permission, target?: AclModel | Function): Promise<boolean>;
|
|
32
31
|
canAll(permissions: (string | Permission)[], target?: AclModel | Function): Promise<boolean>;
|
|
33
32
|
canAny(permissions: (string | Permission)[], target?: AclModel | Function): Promise<boolean>;
|
|
34
33
|
assignDirectPermission(permission: string, target?: AclModel | Function): Promise<import("@adonisjs/lucid/types/model").LucidRow[]>;
|
|
@@ -79,9 +79,6 @@ export function hasPermissions() {
|
|
|
79
79
|
async hasAllPermissionsDirect(permissions, target) {
|
|
80
80
|
return Acl.model(this).hasAllPermissionsDirect(permissions, target);
|
|
81
81
|
}
|
|
82
|
-
can(permission, target) {
|
|
83
|
-
return Acl.model(this).can(permission, target);
|
|
84
|
-
}
|
|
85
82
|
canAll(permissions, target) {
|
|
86
83
|
return Acl.model(this).canAll(permissions, target);
|
|
87
84
|
}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { ModelManagerBindings } from './types.js';
|
|
2
2
|
export default class ModelManager {
|
|
3
3
|
private models;
|
|
4
|
-
setModel(key:
|
|
4
|
+
setModel<Binding extends keyof ModelManagerBindings>(key: Binding, className: ModelManagerBindings[Binding]): void;
|
|
5
5
|
has(key: string): boolean;
|
|
6
|
-
getModel(key:
|
|
6
|
+
getModel<Binding extends keyof ModelManagerBindings>(key: Binding): ModelManagerBindings[Binding];
|
|
7
7
|
}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { AclModel, MorphInterface, PermissionInterface, RoleInterface } from '../types.js';
|
|
1
|
+
import { AclModel, MorphInterface, PermissionInterface, RoleInterface, ScopeInterface } from '../types.js';
|
|
2
2
|
import PermissionsService from './permissions/permissions_service.js';
|
|
3
3
|
import RolesService from './roles/roles_service.js';
|
|
4
4
|
export declare class ModelHasRolePermissions {
|
|
@@ -6,12 +6,16 @@ export declare class ModelHasRolePermissions {
|
|
|
6
6
|
private roleService;
|
|
7
7
|
private permissionsService;
|
|
8
8
|
private map;
|
|
9
|
-
|
|
10
|
-
|
|
9
|
+
private scope;
|
|
10
|
+
constructor(model: AclModel, roleService: RolesService, permissionsService: PermissionsService, map: MorphInterface, scope: ScopeInterface);
|
|
11
|
+
on(scope: number): this;
|
|
12
|
+
getScope(): number;
|
|
13
|
+
roles(): import("@adonisjs/lucid/types/model").ModelQueryBuilderContract<import("@adonisjs/lucid/types/model").LucidModel, import("../types.js").RoleModel<import("@adonisjs/lucid/types/model").LucidModel>>;
|
|
11
14
|
hasRole(role: string | RoleInterface): Promise<boolean>;
|
|
12
15
|
hasAllRoles(...roles: (string | RoleInterface)[]): Promise<boolean>;
|
|
13
16
|
hasAnyRole(...roles: (string | RoleInterface)[]): Promise<boolean>;
|
|
14
17
|
assignRole(role: string | RoleInterface): Promise<boolean>;
|
|
18
|
+
assign(role: string | RoleInterface): Promise<boolean>;
|
|
15
19
|
assignAllRoles(...roles: (string | RoleInterface)[]): Promise<boolean>;
|
|
16
20
|
revokeRole(role: string | number | RoleInterface): Promise<boolean>;
|
|
17
21
|
revokeAllRoles(...roles: (string | number | RoleInterface)[]): Promise<boolean>;
|
|
@@ -19,9 +23,12 @@ export declare class ModelHasRolePermissions {
|
|
|
19
23
|
permissions(includeForbiddings?: boolean): Promise<import("../types.js").PermissionModel<import("@adonisjs/lucid/types/model").LucidModel>[]>;
|
|
20
24
|
globalPermissions(includeForbiddings?: boolean): Promise<import("../types.js").PermissionModel<import("@adonisjs/lucid/types/model").LucidModel>[]>;
|
|
21
25
|
onResourcePermissions(includeForbiddings?: boolean): Promise<import("../types.js").PermissionModel<import("@adonisjs/lucid/types/model").LucidModel>[]>;
|
|
26
|
+
directPermissions(includeForbiddings?: boolean): import("@adonisjs/lucid/types/model").ModelQueryBuilderContract<import("@adonisjs/lucid/types/model").LucidModel, import("../types.js").PermissionModel<import("@adonisjs/lucid/types/model").LucidModel>>;
|
|
27
|
+
rolePermissions(includeForbiddings?: boolean): Promise<import("../types.js").PermissionModel<import("@adonisjs/lucid/types/model").LucidModel>[]>;
|
|
22
28
|
directGlobalPermissions(includeForbiddings?: boolean): Promise<import("../types.js").PermissionModel<import("@adonisjs/lucid/types/model").LucidModel>[]>;
|
|
23
29
|
directResourcePermissions(includeForbiddings?: boolean): Promise<import("../types.js").PermissionModel<import("@adonisjs/lucid/types/model").LucidModel>[]>;
|
|
24
30
|
containsPermission(permission: string | PermissionInterface): Promise<boolean>;
|
|
31
|
+
contains(permission: string | PermissionInterface): Promise<boolean>;
|
|
25
32
|
containsAllPermissions(permissions: (string | PermissionInterface)[]): Promise<boolean>;
|
|
26
33
|
containsAnyPermission(permissions: (string | PermissionInterface)[]): Promise<boolean>;
|
|
27
34
|
containsDirectPermission(permission: string | PermissionInterface): Promise<boolean>;
|
|
@@ -40,6 +47,8 @@ export declare class ModelHasRolePermissions {
|
|
|
40
47
|
assignDirectAllPermissions(permissions: string[], target?: AclModel | Function): Promise<import("@adonisjs/lucid/types/model").LucidRow[]>;
|
|
41
48
|
allow(permission: string, target?: AclModel | Function): Promise<import("@adonisjs/lucid/types/model").LucidRow[]>;
|
|
42
49
|
revokePermission(permission: string, target?: AclModel | Function): Promise<any[]>;
|
|
50
|
+
revoke(permission: string, target?: AclModel | Function): Promise<any[]>;
|
|
51
|
+
revokeAll(permissions: string[], target?: AclModel | Function): Promise<any[]>;
|
|
43
52
|
revokeAllPermissions(permissions: string[], target?: AclModel | Function): Promise<any[]>;
|
|
44
53
|
flushPermissions(): Promise<any[]>;
|
|
45
54
|
flush(): Promise<boolean>;
|
|
@@ -4,14 +4,23 @@ export class ModelHasRolePermissions {
|
|
|
4
4
|
roleService;
|
|
5
5
|
permissionsService;
|
|
6
6
|
map;
|
|
7
|
-
|
|
7
|
+
scope;
|
|
8
|
+
constructor(model, roleService, permissionsService, map, scope) {
|
|
8
9
|
this.model = model;
|
|
9
10
|
this.roleService = roleService;
|
|
10
11
|
this.permissionsService = permissionsService;
|
|
11
12
|
this.map = map;
|
|
13
|
+
this.scope = scope;
|
|
14
|
+
}
|
|
15
|
+
on(scope) {
|
|
16
|
+
this.scope.set(scope);
|
|
17
|
+
return this;
|
|
18
|
+
}
|
|
19
|
+
getScope() {
|
|
20
|
+
return this.scope.get();
|
|
12
21
|
}
|
|
13
22
|
// roles related section BEGIN
|
|
14
|
-
|
|
23
|
+
roles() {
|
|
15
24
|
return this.roleService.all(this.map.getAlias(this.model), this.model.getModelId());
|
|
16
25
|
}
|
|
17
26
|
hasRole(role) {
|
|
@@ -26,6 +35,9 @@ export class ModelHasRolePermissions {
|
|
|
26
35
|
assignRole(role) {
|
|
27
36
|
return this.roleService.assign(role, this.map.getAlias(this.model), this.model.getModelId());
|
|
28
37
|
}
|
|
38
|
+
assign(role) {
|
|
39
|
+
return this.assignRole(role);
|
|
40
|
+
}
|
|
29
41
|
assignAllRoles(...roles) {
|
|
30
42
|
return this.roleService.assignAll(roles, this.map.getAlias(this.model), this.model.getModelId());
|
|
31
43
|
}
|
|
@@ -50,6 +62,12 @@ export class ModelHasRolePermissions {
|
|
|
50
62
|
async onResourcePermissions(includeForbiddings = false) {
|
|
51
63
|
return this.permissionsService.onResource(this.map.getAlias(this.model), this.model.getModelId(), includeForbiddings);
|
|
52
64
|
}
|
|
65
|
+
directPermissions(includeForbiddings = false) {
|
|
66
|
+
return this.permissionsService.direct(this.map.getAlias(this.model), this.model.getModelId(), includeForbiddings);
|
|
67
|
+
}
|
|
68
|
+
rolePermissions(includeForbiddings = false) {
|
|
69
|
+
return this.permissionsService.throughRoles(this.map.getAlias(this.model), this.model.getModelId(), includeForbiddings);
|
|
70
|
+
}
|
|
53
71
|
async directGlobalPermissions(includeForbiddings = false) {
|
|
54
72
|
return this.permissionsService.directGlobal(this.map.getAlias(this.model), this.model.getModelId(), includeForbiddings);
|
|
55
73
|
}
|
|
@@ -60,6 +78,9 @@ export class ModelHasRolePermissions {
|
|
|
60
78
|
const result = await this.permissionsService.containsAny(this.map.getAlias(this.model), this.model.getModelId(), [permission]);
|
|
61
79
|
return result;
|
|
62
80
|
}
|
|
81
|
+
async contains(permission) {
|
|
82
|
+
return this.containsPermission(permission);
|
|
83
|
+
}
|
|
63
84
|
async containsAllPermissions(permissions) {
|
|
64
85
|
const result = await this.permissionsService.containsAll(this.map.getAlias(this.model), this.model.getModelId(), permissions);
|
|
65
86
|
return result;
|
|
@@ -124,6 +145,12 @@ export class ModelHasRolePermissions {
|
|
|
124
145
|
async revokePermission(permission, target) {
|
|
125
146
|
return this.revokeAllPermissions([permission], target);
|
|
126
147
|
}
|
|
148
|
+
async revoke(permission, target) {
|
|
149
|
+
return this.revokeAllPermissions([permission], target);
|
|
150
|
+
}
|
|
151
|
+
async revokeAll(permissions, target) {
|
|
152
|
+
return this.revokeAllPermissions(permissions, target);
|
|
153
|
+
}
|
|
127
154
|
async revokeAllPermissions(permissions, target) {
|
|
128
155
|
const entity = await destructTarget(this.map, target);
|
|
129
156
|
return this.permissionsService.revokeAll(this.map.getAlias(this.model), this.model.getModelId(), permissions, entity.targetClass, entity.targetId);
|
|
@@ -1,8 +1,12 @@
|
|
|
1
1
|
import { BaseModel } from '@adonisjs/lucid/orm';
|
|
2
|
+
import { ScopeInterface } from '../../types.js';
|
|
2
3
|
export default class EmptyPermission {
|
|
3
4
|
private permissionClassName;
|
|
5
|
+
private scope;
|
|
4
6
|
private permissionQuery;
|
|
5
|
-
constructor(permissionClassName: typeof BaseModel);
|
|
7
|
+
constructor(permissionClassName: typeof BaseModel, scope: ScopeInterface);
|
|
8
|
+
on(scope: number): this;
|
|
9
|
+
getScope(): number;
|
|
6
10
|
delete(permission: string): import("@adonisjs/lucid/types/model").ModelQueryBuilderContract<import("@adonisjs/lucid/types/model").LucidModel, any>;
|
|
7
11
|
query(): import("@adonisjs/lucid/types/model").ModelQueryBuilderContract<import("@adonisjs/lucid/types/model").LucidModel, import("../../types.js").PermissionModel<import("@adonisjs/lucid/types/model").LucidModel>>;
|
|
8
12
|
}
|
|
@@ -1,11 +1,20 @@
|
|
|
1
1
|
import { getPermissionModelQuery } from '../query_helper.js';
|
|
2
2
|
export default class EmptyPermission {
|
|
3
3
|
permissionClassName;
|
|
4
|
+
scope;
|
|
4
5
|
permissionQuery;
|
|
5
|
-
constructor(permissionClassName) {
|
|
6
|
+
constructor(permissionClassName, scope) {
|
|
6
7
|
this.permissionClassName = permissionClassName;
|
|
8
|
+
this.scope = scope;
|
|
7
9
|
this.permissionQuery = getPermissionModelQuery(this.permissionClassName);
|
|
8
10
|
}
|
|
11
|
+
on(scope) {
|
|
12
|
+
this.scope.set(scope);
|
|
13
|
+
return this;
|
|
14
|
+
}
|
|
15
|
+
getScope() {
|
|
16
|
+
return this.scope.get();
|
|
17
|
+
}
|
|
9
18
|
delete(permission) {
|
|
10
19
|
// get all permissions by slug
|
|
11
20
|
// if there is permission with allowed false then check if it has `links`
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { AclModel, MorphInterface, PermissionInterface } from '../../types.js';
|
|
1
|
+
import { AclModel, MorphInterface, PermissionInterface, ScopeInterface } from '../../types.js';
|
|
2
2
|
import ModelService from '../model_service.js';
|
|
3
3
|
import RolesService from '../roles/roles_service.js';
|
|
4
4
|
import PermissionsService from './permissions_service.js';
|
|
@@ -11,11 +11,14 @@ export default class PermissionHasModelRoles {
|
|
|
11
11
|
private modelPermissionClassName;
|
|
12
12
|
private roleClassName;
|
|
13
13
|
private map;
|
|
14
|
+
private scope;
|
|
14
15
|
private modelPermissionQuery;
|
|
15
16
|
private roleQuery;
|
|
16
17
|
private readonly roleTable;
|
|
17
|
-
constructor(permission: PermissionInterface, roleService: RolesService, permissionService: PermissionsService, modelService: ModelService, modelPermissionClassName: typeof BaseModel, roleClassName: typeof BaseModel, map: MorphInterface);
|
|
18
|
+
constructor(permission: PermissionInterface, roleService: RolesService, permissionService: PermissionsService, modelService: ModelService, modelPermissionClassName: typeof BaseModel, roleClassName: typeof BaseModel, map: MorphInterface, scope: ScopeInterface);
|
|
18
19
|
models(): import("@adonisjs/lucid/types/model").ModelQueryBuilderContract<import("@adonisjs/lucid/types/model").LucidModel, import("../../types.js").ModelPermissionModel<import("@adonisjs/lucid/types/model").LucidModel>>;
|
|
20
|
+
on(scope: number): this;
|
|
21
|
+
getScope(): number;
|
|
19
22
|
modelsFor(modelType: string): Promise<any>;
|
|
20
23
|
roles(): Promise<import("../../types.js").RoleModel<import("@adonisjs/lucid/types/model").LucidModel>[]>;
|
|
21
24
|
belongsToRole(role: string | number): Promise<boolean>;
|
|
@@ -8,11 +8,12 @@ export default class PermissionHasModelRoles {
|
|
|
8
8
|
modelPermissionClassName;
|
|
9
9
|
roleClassName;
|
|
10
10
|
map;
|
|
11
|
+
scope;
|
|
11
12
|
modelPermissionQuery;
|
|
12
13
|
// private readonly modelPermissionTable
|
|
13
14
|
roleQuery;
|
|
14
15
|
roleTable;
|
|
15
|
-
constructor(permission, roleService, permissionService, modelService, modelPermissionClassName, roleClassName, map) {
|
|
16
|
+
constructor(permission, roleService, permissionService, modelService, modelPermissionClassName, roleClassName, map, scope) {
|
|
16
17
|
this.permission = permission;
|
|
17
18
|
this.roleService = roleService;
|
|
18
19
|
this.permissionService = permissionService;
|
|
@@ -20,6 +21,7 @@ export default class PermissionHasModelRoles {
|
|
|
20
21
|
this.modelPermissionClassName = modelPermissionClassName;
|
|
21
22
|
this.roleClassName = roleClassName;
|
|
22
23
|
this.map = map;
|
|
24
|
+
this.scope = scope;
|
|
23
25
|
this.modelPermissionQuery = getModelPermissionModelQuery(this.modelPermissionClassName);
|
|
24
26
|
// this.modelPermissionTable = this.modelPermissionClassName.table
|
|
25
27
|
this.roleQuery = getRoleModelQuery(this.roleClassName);
|
|
@@ -28,6 +30,13 @@ export default class PermissionHasModelRoles {
|
|
|
28
30
|
models() {
|
|
29
31
|
return this.modelService.allByPermission(this.permission.getModelId());
|
|
30
32
|
}
|
|
33
|
+
on(scope) {
|
|
34
|
+
this.scope.set(scope);
|
|
35
|
+
return this;
|
|
36
|
+
}
|
|
37
|
+
getScope() {
|
|
38
|
+
return this.scope.get();
|
|
39
|
+
}
|
|
31
40
|
modelsFor(modelType) {
|
|
32
41
|
return this.modelService.allByPermissionFor(modelType, this.permission.getModelId());
|
|
33
42
|
}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { ModelQueryBuilderContract } from '@adonisjs/lucid/types/model';
|
|
2
|
-
import { ModelPermissionsQuery, MorphInterface, PermissionInterface, PermissionModel } from '../../types.js';
|
|
2
|
+
import { ModelPermissionsQuery, MorphInterface, PermissionInterface, PermissionModel, ScopeInterface } from '../../types.js';
|
|
3
3
|
import BaseService from '../base_service.js';
|
|
4
4
|
import { BaseModel } from '@adonisjs/lucid/orm';
|
|
5
5
|
export default class PermissionsService extends BaseService {
|
|
@@ -8,12 +8,13 @@ export default class PermissionsService extends BaseService {
|
|
|
8
8
|
private modelPermissionClassName;
|
|
9
9
|
private modelRoleClassName;
|
|
10
10
|
private map;
|
|
11
|
-
private
|
|
11
|
+
private scope;
|
|
12
12
|
private readonly permissionTable;
|
|
13
13
|
private modelPermissionQuery;
|
|
14
14
|
private readonly modelPermissionTable;
|
|
15
15
|
private readonly modelRoleTable;
|
|
16
|
-
constructor(permissionClassName: typeof BaseModel, roleClassName: typeof BaseModel, modelPermissionClassName: typeof BaseModel, modelRoleClassName: typeof BaseModel, map: MorphInterface);
|
|
16
|
+
constructor(permissionClassName: typeof BaseModel, roleClassName: typeof BaseModel, modelPermissionClassName: typeof BaseModel, modelRoleClassName: typeof BaseModel, map: MorphInterface, scope: ScopeInterface);
|
|
17
|
+
private get permissionQuery();
|
|
17
18
|
/**
|
|
18
19
|
* return all permissions, including forbidden
|
|
19
20
|
*/
|
|
@@ -30,6 +31,7 @@ export default class PermissionsService extends BaseService {
|
|
|
30
31
|
* all direct permissions
|
|
31
32
|
*/
|
|
32
33
|
direct(modelType: string, modelId: number, includeForbiddings?: boolean): ModelQueryBuilderContract<import("@adonisjs/lucid/types/model").LucidModel, PermissionModel<import("@adonisjs/lucid/types/model").LucidModel>>;
|
|
34
|
+
throughRoles(modelType: string, modelId: number, includeForbiddings?: boolean): Promise<PermissionModel<import("@adonisjs/lucid/types/model").LucidModel>[]>;
|
|
33
35
|
directGlobal(modelType: string, modelId: number, includeForbiddings?: boolean): ModelQueryBuilderContract<import("@adonisjs/lucid/types/model").LucidModel, PermissionModel<import("@adonisjs/lucid/types/model").LucidModel>>;
|
|
34
36
|
/**
|
|
35
37
|
* return direct and resource assigned permissions
|
|
@@ -98,7 +100,13 @@ export default class PermissionsService extends BaseService {
|
|
|
98
100
|
findBySlug(slug: string, allowed?: boolean): Promise<PermissionModel<import("@adonisjs/lucid/types/model").LucidModel>>;
|
|
99
101
|
private modelPermissionQueryWithForbiddenCheck;
|
|
100
102
|
private modelPermissionQueryBuilder;
|
|
103
|
+
/**
|
|
104
|
+
* @deprecated
|
|
105
|
+
* @param conditions
|
|
106
|
+
*/
|
|
101
107
|
reverseModelPermissionQuery(conditions: Partial<ModelPermissionsQuery>): ModelQueryBuilderContract<import("@adonisjs/lucid/types/model").LucidModel, import("../../types.js").ModelPermissionModel<import("@adonisjs/lucid/types/model").LucidModel>>;
|
|
102
108
|
findAssignableEntity(permission: string[], entityClass: string | null, entityId: number | null, allowed: boolean): ModelQueryBuilderContract<import("@adonisjs/lucid/types/model").LucidModel, PermissionModel<import("@adonisjs/lucid/types/model").LucidModel>>;
|
|
103
109
|
private applyTargetRestriction;
|
|
110
|
+
private applyScopes;
|
|
111
|
+
private applyModelPermissionScopes;
|
|
104
112
|
}
|
|
@@ -6,7 +6,8 @@ export default class PermissionsService extends BaseService {
|
|
|
6
6
|
modelPermissionClassName;
|
|
7
7
|
modelRoleClassName;
|
|
8
8
|
map;
|
|
9
|
-
|
|
9
|
+
scope;
|
|
10
|
+
// private permissionQuery
|
|
10
11
|
permissionTable;
|
|
11
12
|
// private roleQuery
|
|
12
13
|
// private readonly roleTable
|
|
@@ -14,14 +15,15 @@ export default class PermissionsService extends BaseService {
|
|
|
14
15
|
modelPermissionTable;
|
|
15
16
|
// private modelRoleQuery
|
|
16
17
|
modelRoleTable;
|
|
17
|
-
constructor(permissionClassName, roleClassName, modelPermissionClassName, modelRoleClassName, map) {
|
|
18
|
+
constructor(permissionClassName, roleClassName, modelPermissionClassName, modelRoleClassName, map, scope) {
|
|
18
19
|
super();
|
|
19
20
|
this.permissionClassName = permissionClassName;
|
|
20
21
|
this.roleClassName = roleClassName;
|
|
21
22
|
this.modelPermissionClassName = modelPermissionClassName;
|
|
22
23
|
this.modelRoleClassName = modelRoleClassName;
|
|
23
24
|
this.map = map;
|
|
24
|
-
this.
|
|
25
|
+
this.scope = scope;
|
|
26
|
+
// this.permissionQuery = getPermissionModelQuery(this.permissionClassName)
|
|
25
27
|
this.permissionTable = this.permissionClassName.table;
|
|
26
28
|
// this.roleQuery = getRoleModelQuery(this.roleClassName)
|
|
27
29
|
// this.roleTable = this.roleClassName.table
|
|
@@ -30,6 +32,11 @@ export default class PermissionsService extends BaseService {
|
|
|
30
32
|
// this.modelRoleQuery = getModelRoleModelQuery(this.modelRoleClassName)
|
|
31
33
|
this.modelRoleTable = this.modelRoleClassName.table;
|
|
32
34
|
}
|
|
35
|
+
get permissionQuery() {
|
|
36
|
+
const q = getPermissionModelQuery(this.permissionClassName);
|
|
37
|
+
this.applyScopes(q);
|
|
38
|
+
return q;
|
|
39
|
+
}
|
|
33
40
|
/**
|
|
34
41
|
* return all permissions, including forbidden
|
|
35
42
|
*/
|
|
@@ -85,6 +92,16 @@ export default class PermissionsService extends BaseService {
|
|
|
85
92
|
.distinct(this.permissionTable + '.id')
|
|
86
93
|
.select(this.permissionTable + '.*');
|
|
87
94
|
}
|
|
95
|
+
async throughRoles(modelType, modelId, includeForbiddings = false) {
|
|
96
|
+
return this.modelPermissionQueryBuilder({
|
|
97
|
+
modelType,
|
|
98
|
+
modelId,
|
|
99
|
+
includeForbiddings,
|
|
100
|
+
throughRoles: true,
|
|
101
|
+
})
|
|
102
|
+
.distinct(this.permissionTable + '.id')
|
|
103
|
+
.select(this.permissionTable + '.*');
|
|
104
|
+
}
|
|
88
105
|
directGlobal(modelType, modelId, includeForbiddings = false) {
|
|
89
106
|
return this.modelPermissionQueryBuilder({
|
|
90
107
|
modelType,
|
|
@@ -106,7 +123,7 @@ export default class PermissionsService extends BaseService {
|
|
|
106
123
|
directPermissions: true,
|
|
107
124
|
includeForbiddings,
|
|
108
125
|
})
|
|
109
|
-
.
|
|
126
|
+
.where(this.permissionTable + '.entity_type', '!=', '*')
|
|
110
127
|
.distinct(this.permissionTable + '.id')
|
|
111
128
|
.select(this.permissionTable + '.*');
|
|
112
129
|
}
|
|
@@ -312,6 +329,7 @@ export default class PermissionsService extends BaseService {
|
|
|
312
329
|
.where('p.allowed', true)
|
|
313
330
|
.where(this.modelPermissionTable + '.model_type', modelType)
|
|
314
331
|
.where(this.modelPermissionTable + '.model_id', modelId);
|
|
332
|
+
this.applyModelPermissionScopes(q, 'p');
|
|
315
333
|
if (entityType) {
|
|
316
334
|
q.where('p.entity_type', entityType);
|
|
317
335
|
if (entityId) {
|
|
@@ -352,13 +370,13 @@ export default class PermissionsService extends BaseService {
|
|
|
352
370
|
* to remove forbidden permission on model
|
|
353
371
|
*/
|
|
354
372
|
async unforbidAll(modelType, modelId, permissionsSlug, entityType, entityId) {
|
|
355
|
-
// todo replace using reverseModelPermissionQuery() method
|
|
356
373
|
const q = this.modelPermissionQuery
|
|
357
374
|
.leftJoin(this.permissionTable + ' as p', 'p.id', '=', this.modelPermissionTable + '.permission_id')
|
|
358
375
|
.where('model_type', modelType)
|
|
359
376
|
.where('model_id', modelId)
|
|
360
377
|
.whereIn('p.slug', permissionsSlug)
|
|
361
378
|
.where('p.allowed', false);
|
|
379
|
+
this.applyModelPermissionScopes(q, 'p');
|
|
362
380
|
if (entityType) {
|
|
363
381
|
q.where('p.entity_type', entityType);
|
|
364
382
|
if (entityId) {
|
|
@@ -384,15 +402,21 @@ export default class PermissionsService extends BaseService {
|
|
|
384
402
|
else {
|
|
385
403
|
q.leftJoin(this.modelRoleTable + ' as mr', (joinQuery) => {
|
|
386
404
|
joinQuery.onVal('mr.model_type', modelType).onVal('mr.model_id', modelId);
|
|
387
|
-
}).where((subQuery) => {
|
|
388
|
-
subQuery
|
|
389
|
-
.where((query) => {
|
|
390
|
-
query.where('mp.model_type', modelType).where('mp.model_id', modelId);
|
|
391
|
-
})
|
|
392
|
-
.orWhere((query) => {
|
|
393
|
-
query.whereRaw('mr.role_id=mp.model_id').where('mp.model_type', 'roles');
|
|
394
|
-
});
|
|
395
405
|
});
|
|
406
|
+
if (conditions.throughRoles) {
|
|
407
|
+
q.whereRaw('mr.role_id=mp.model_id').where('mp.model_type', 'roles');
|
|
408
|
+
}
|
|
409
|
+
else {
|
|
410
|
+
q.where((subQuery) => {
|
|
411
|
+
subQuery
|
|
412
|
+
.where((query) => {
|
|
413
|
+
query.where('mp.model_type', modelType).where('mp.model_id', modelId);
|
|
414
|
+
})
|
|
415
|
+
.orWhere((query) => {
|
|
416
|
+
query.whereRaw('mr.role_id=mp.model_id').where('mp.model_type', 'roles');
|
|
417
|
+
});
|
|
418
|
+
});
|
|
419
|
+
}
|
|
396
420
|
}
|
|
397
421
|
}
|
|
398
422
|
if (!includeForbiddings) {
|
|
@@ -402,6 +426,7 @@ export default class PermissionsService extends BaseService {
|
|
|
402
426
|
.leftJoin(this.modelPermissionTable + ' as mp2', 'mp2.permission_id', '=', 'p2.id')
|
|
403
427
|
.where('p2.allowed', false)
|
|
404
428
|
.whereRaw('p2.slug=' + this.permissionTable + '.slug')
|
|
429
|
+
.whereRaw('p2.scope=' + this.permissionTable + '.scope')
|
|
405
430
|
.select('p2.slug')
|
|
406
431
|
.groupBy('p2.slug');
|
|
407
432
|
if (conditions.entity) {
|
|
@@ -414,6 +439,10 @@ export default class PermissionsService extends BaseService {
|
|
|
414
439
|
}
|
|
415
440
|
return q;
|
|
416
441
|
}
|
|
442
|
+
/**
|
|
443
|
+
* @deprecated
|
|
444
|
+
* @param conditions
|
|
445
|
+
*/
|
|
417
446
|
reverseModelPermissionQuery(conditions) {
|
|
418
447
|
const { modelId, modelType, permissionSlugs, directPermissions } = conditions;
|
|
419
448
|
const q = this.modelPermissionQuery.leftJoin(this.permissionTable + ' as p', 'p.id', '=', this.modelPermissionTable + '.permission_id');
|
|
@@ -478,4 +507,10 @@ export default class PermissionsService extends BaseService {
|
|
|
478
507
|
q.where(table + '.entity_type', '*').whereNull(table + '.entity_id');
|
|
479
508
|
}
|
|
480
509
|
}
|
|
510
|
+
applyScopes(q) {
|
|
511
|
+
q.where(this.permissionTable + '.scope', this.scope.get());
|
|
512
|
+
}
|
|
513
|
+
applyModelPermissionScopes(q, table) {
|
|
514
|
+
q.where(table + '.scope', this.scope.get());
|
|
515
|
+
}
|
|
481
516
|
}
|