@holoyan/adonisjs-permissions 0.6.4 → 0.7.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +49 -32
- package/build/src/mixins/has_permissions.d.ts +22 -23
- package/build/src/models/model_permission.d.ts +4 -4
- package/build/src/models/model_permission.js +1 -5
- package/build/src/models/model_role.d.ts +4 -3
- package/build/src/models/permission.d.ts +6 -4
- package/build/src/models/permission.js +11 -1
- package/build/src/models/role.d.ts +7 -5
- package/build/src/models/role.js +11 -1
- package/build/src/services/helper.d.ts +1 -1
- package/build/src/services/helper.js +6 -5
- package/build/src/services/model_has_role_permissions.d.ts +26 -25
- package/build/src/services/model_has_role_permissions.js +6 -3
- package/build/src/services/model_service.d.ts +3 -3
- package/build/src/services/permissions/empty_permission.d.ts +3 -2
- package/build/src/services/permissions/empty_permission.js +10 -2
- package/build/src/services/permissions/permission_has_model_roles.d.ts +1 -1
- package/build/src/services/permissions/permission_has_model_roles.js +3 -2
- package/build/src/services/permissions/permissions_service.d.ts +25 -25
- package/build/src/services/permissions/permissions_service.js +7 -3
- package/build/src/services/roles/empty_roles.d.ts +3 -2
- package/build/src/services/roles/empty_roles.js +10 -2
- package/build/src/services/roles/role_has_model_permissions.d.ts +13 -11
- package/build/src/services/roles/role_has_model_permissions.js +4 -2
- package/build/src/services/roles/roles_service.d.ts +10 -10
- package/build/src/services/roles/roles_service.js +13 -15
- package/build/src/types.d.ts +15 -13
- package/build/stubs/configs/permissions.stub +2 -1
- package/build/stubs/migrations/create_db.stub +41 -31
- package/package.json +7 -3
package/README.md
CHANGED
|
@@ -19,6 +19,7 @@
|
|
|
19
19
|
- [Basic Usage](#basic-usage)
|
|
20
20
|
- [Creating roles and permissions](#creating-roles-and-permissions)
|
|
21
21
|
- [Assigning permissions to the roles (Globally)](#assigning-permissions-to-the-roles-globally)
|
|
22
|
+
- [Creating permission on a fly](#creating-permission-on-a-fly)
|
|
22
23
|
- [Assigning permissions and roles to the users (models)](#assigning-permissions-and-roles-to-the-users-models)
|
|
23
24
|
- [Multi-model support](#multi-model-support)
|
|
24
25
|
- [Getting all roles for a user](#getting-all-roles-for-a-user)
|
|
@@ -30,7 +31,7 @@
|
|
|
30
31
|
- [Middleware](#middleware)
|
|
31
32
|
- [Removing (revoking) roles and permissions from the model](#removing-revokingdetach-roles-and-permissions-from-the-model)
|
|
32
33
|
- [Digging deeper](#digging-deeper)
|
|
33
|
-
- [Restricting a permission to a model (On a resource)](#restricting-a-permission-
|
|
34
|
+
- [Restricting a permission to a model (On a resource)](#restricting-a-permission-on-a-resource)
|
|
34
35
|
- [Forbidding permissions](#forbidding-permissions)
|
|
35
36
|
- [Forbidding permissions on a resource](#forbidding-permissions-on-a-resource)
|
|
36
37
|
- [Checking for forbidden permissions](#checking-for-forbidden-permissions)
|
|
@@ -39,7 +40,8 @@
|
|
|
39
40
|
- [containsPermission v hasPermission](#containspermission-v-haspermission)
|
|
40
41
|
- [Scopes or Multi-tenancy](#scopes-or-multi-tenancy)
|
|
41
42
|
- [The Scope middleware](#the-scope-middleware)
|
|
42
|
-
- [Default Scope](#default-scope-tenant)
|
|
43
|
+
- [Default Scope](#default-scope-tenant)
|
|
44
|
+
- [Cheat sheet](#cheat-sheet)
|
|
43
45
|
- [Todo](#todo)
|
|
44
46
|
- [Test](#test)
|
|
45
47
|
- [License](#license)
|
|
@@ -115,7 +117,7 @@ export default class Admin extends BaseModel implements AclModelInterface {
|
|
|
115
117
|
|
|
116
118
|
@MorphMap('posts')
|
|
117
119
|
export default class Post extends BaseModel implements AclModelInterface {
|
|
118
|
-
getModelId(): number {
|
|
120
|
+
getModelId(): number { // use `string` return type if your model has uuid/string primary keys
|
|
119
121
|
return this.id
|
|
120
122
|
}
|
|
121
123
|
|
|
@@ -162,7 +164,9 @@ await user.allow('edit') // give edit permission
|
|
|
162
164
|
Currently supported databases: `postgres`, `mysql`, `mssql`
|
|
163
165
|
|
|
164
166
|
### UUID support
|
|
165
|
-
|
|
167
|
+
from `v0.7.11` UUID support available, all you need to do change `uuidSupport` value to `true` in `config/permissions.ts` file, then run the migration and don't forget to change return type for the `getModelId()` method
|
|
168
|
+
|
|
169
|
+
check [todo](#todo) list for more details
|
|
166
170
|
|
|
167
171
|
## Basic Usage
|
|
168
172
|
|
|
@@ -172,10 +176,13 @@ On this section, we will explore basic role permission methods.
|
|
|
172
176
|
|
|
173
177
|
Let's manually create `create,update,read,delete` permissions, as well as `admin,manager` roles
|
|
174
178
|
|
|
179
|
+
> Look also [Creating permissions on a fly](#creating-permissions-on-a-fly) section
|
|
180
|
+
|
|
175
181
|
```typescript
|
|
176
182
|
|
|
177
183
|
import { Permission } from '@holoyan/adonisjs-permissions'
|
|
178
184
|
import { Role } from '@holoyan/adonisjs-permissions'
|
|
185
|
+
import {Acl} from "@holoyan/adonisjs-permissions";
|
|
179
186
|
|
|
180
187
|
|
|
181
188
|
// create permissions
|
|
@@ -188,12 +195,14 @@ const update = await Permission.create({
|
|
|
188
195
|
slug:'update',
|
|
189
196
|
})
|
|
190
197
|
|
|
191
|
-
|
|
192
|
-
|
|
198
|
+
// or create using Acl (recomended way)
|
|
199
|
+
const read = await Acl.permission().create({
|
|
200
|
+
slug: 'read',
|
|
193
201
|
})
|
|
194
202
|
|
|
195
|
-
|
|
196
|
-
|
|
203
|
+
|
|
204
|
+
const delete = await Acl.permission().create({
|
|
205
|
+
slug: 'delete',
|
|
197
206
|
})
|
|
198
207
|
|
|
199
208
|
// create roles
|
|
@@ -202,8 +211,9 @@ const admin = await Role.create({
|
|
|
202
211
|
title:'Cool title for Admin', // optional
|
|
203
212
|
})
|
|
204
213
|
|
|
205
|
-
|
|
206
|
-
|
|
214
|
+
// or create using Acl (recomended way)
|
|
215
|
+
const manager = await Acl.role().create({
|
|
216
|
+
slug: 'manager',
|
|
207
217
|
})
|
|
208
218
|
|
|
209
219
|
```
|
|
@@ -228,13 +238,15 @@ await Acl.role(admin).giveAll(['read', 'delete'])
|
|
|
228
238
|
|
|
229
239
|
```
|
|
230
240
|
|
|
241
|
+
### Creating permissions on a fly
|
|
242
|
+
|
|
231
243
|
In case you are assigning a permission that is not already available, `Acl` will create new permission behind the scenes and assign them.
|
|
232
244
|
|
|
233
245
|
```typescript
|
|
234
246
|
|
|
235
|
-
// uploadFile
|
|
247
|
+
// uploadFile permission not available
|
|
236
248
|
await Acl.role(admin).allow('uploadFile')
|
|
237
|
-
// uploadFile permission created and assigned
|
|
249
|
+
// 'uploadFile' permission created and assigned
|
|
238
250
|
|
|
239
251
|
```
|
|
240
252
|
|
|
@@ -249,12 +261,12 @@ import User from "#models/user";
|
|
|
249
261
|
|
|
250
262
|
const user1 = await User.query().where(condition1).first()
|
|
251
263
|
// give manager role to the user1
|
|
252
|
-
await Acl.model(user1).assignRole(manager)
|
|
264
|
+
await Acl.model(user1).assignRole('manager')
|
|
253
265
|
// or just use assign() method, they are alias
|
|
254
|
-
// await Acl.model(user1).assign(manager)
|
|
266
|
+
// await Acl.model(user1).assign('manager')
|
|
255
267
|
|
|
256
268
|
const user2 = await User.query().where(condition2).first()
|
|
257
|
-
await Acl.model(user2).
|
|
269
|
+
await Acl.model(user2).assign(admin)
|
|
258
270
|
|
|
259
271
|
```
|
|
260
272
|
Or we can give permissions directly to users without having any role
|
|
@@ -265,7 +277,7 @@ import {Acl} from "@holoyan/adonisjs-permissions";
|
|
|
265
277
|
|
|
266
278
|
// create and assign a new permission
|
|
267
279
|
Acl.model(user1).assignDirectPermission('upload-file-slug')
|
|
268
|
-
// or use allow method
|
|
280
|
+
// or use allow() method
|
|
269
281
|
Acl.model(user1).allow('permissionSlug')
|
|
270
282
|
```
|
|
271
283
|
|
|
@@ -275,9 +287,9 @@ We are not limited to using only the User model. If you have a multi-auth system
|
|
|
275
287
|
|
|
276
288
|
|
|
277
289
|
```typescript
|
|
278
|
-
await Acl.model(user).assignRole(manager)
|
|
290
|
+
await Acl.model(user).assignRole('manager')
|
|
279
291
|
|
|
280
|
-
await Acl.model(admin).assignRole(admin)
|
|
292
|
+
await Acl.model(admin).assignRole('admin')
|
|
281
293
|
|
|
282
294
|
```
|
|
283
295
|
|
|
@@ -306,7 +318,7 @@ const roles = await Acl.role(role).permissions()
|
|
|
306
318
|
const roles = await Acl.model(user).permissions()
|
|
307
319
|
```
|
|
308
320
|
|
|
309
|
-
### Getting
|
|
321
|
+
### Getting models from the permission
|
|
310
322
|
|
|
311
323
|
```typescript
|
|
312
324
|
|
|
@@ -453,7 +465,7 @@ export default class AclMiddleware {
|
|
|
453
465
|
|
|
454
466
|
### Removing (revoking/detach) roles and permissions from the model
|
|
455
467
|
|
|
456
|
-
To
|
|
468
|
+
To revoke(detach) role from the user we can use `revoke` method
|
|
457
469
|
|
|
458
470
|
```typescript
|
|
459
471
|
|
|
@@ -465,7 +477,7 @@ await Acl.model(user).flushRoles()
|
|
|
465
477
|
|
|
466
478
|
```
|
|
467
479
|
|
|
468
|
-
|
|
480
|
+
Revoking permissions from the user
|
|
469
481
|
|
|
470
482
|
```typescript
|
|
471
483
|
await Acl.model(user).revokePermission('update')
|
|
@@ -503,7 +515,7 @@ await Acl.role(role).flushPermissions()
|
|
|
503
515
|
|
|
504
516
|
### Deleting roles and permissions (Important!)
|
|
505
517
|
|
|
506
|
-
>
|
|
518
|
+
> Recommended! use Acl to delete roles and permissions instead of directly making queries on the Role,Permission model, under the hood Acl does some checking
|
|
507
519
|
|
|
508
520
|
```typescript
|
|
509
521
|
|
|
@@ -519,9 +531,9 @@ To see in dept usage of this methods check [next section](#digging-deeper)
|
|
|
519
531
|
|
|
520
532
|
In the [previous](#basic-usage) section, we looked at basic examples and usage. Most of the time, basic usage will probably be enough for your project. However, there is much more we can do with `Acl`.
|
|
521
533
|
|
|
522
|
-
### Restricting a permission
|
|
534
|
+
### Restricting a permission on a resource
|
|
523
535
|
|
|
524
|
-
Sometimes you might want to restrict a permission
|
|
536
|
+
Sometimes you might want to restrict a permission on a specific model(resource). Simply pass the model as a second argument:
|
|
525
537
|
|
|
526
538
|
```typescript
|
|
527
539
|
import Product from "#models/product";
|
|
@@ -635,15 +647,15 @@ Good news!, we can do that
|
|
|
635
647
|
await Acl.role(manager).giveAll(['create','update','read','delete'])
|
|
636
648
|
|
|
637
649
|
// assigning to the users
|
|
638
|
-
await Acl.model(user1).assign(manager)
|
|
650
|
+
await Acl.model(user1).assign('manager')
|
|
639
651
|
|
|
640
|
-
await Acl.model(user3).assign(manager)
|
|
652
|
+
await Acl.model(user3).assign('manager')
|
|
641
653
|
await Acl.model(user3).forbid('delete')
|
|
642
654
|
|
|
643
|
-
await Acl.model(user1).hasRole(manager) // true
|
|
655
|
+
await Acl.model(user1).hasRole('manager') // true
|
|
644
656
|
await Acl.model(user1).can('delete') // true
|
|
645
657
|
|
|
646
|
-
await Acl.model(user3).hasRole(manager) // true
|
|
658
|
+
await Acl.model(user3).hasRole('manager') // true
|
|
647
659
|
await Acl.model(user3).can('delete') // false
|
|
648
660
|
|
|
649
661
|
await Acl.model(user3).contains('delete') // true
|
|
@@ -668,7 +680,7 @@ In [previous](#forbidding-permissions) section we saw how to forbid certain perm
|
|
|
668
680
|
|
|
669
681
|
```typescript
|
|
670
682
|
|
|
671
|
-
await Acl.model(user3).assignRole(manager)
|
|
683
|
+
await Acl.model(user3).assignRole('manager')
|
|
672
684
|
await Acl.model(user3).forbid('delete')
|
|
673
685
|
|
|
674
686
|
await Acl.model(user3).forbidden('delete') // true
|
|
@@ -688,7 +700,7 @@ await Acl.model(user).forbidden('edit', post7) // false becouse 'edit' action fo
|
|
|
688
700
|
|
|
689
701
|
```typescript
|
|
690
702
|
|
|
691
|
-
await Acl.model(user3).assignRole(manager)
|
|
703
|
+
await Acl.model(user3).assignRole('manager')
|
|
692
704
|
await Acl.model(user3).forbid('delete')
|
|
693
705
|
|
|
694
706
|
await Acl.model(user3).forbidden('delete') // true
|
|
@@ -703,7 +715,7 @@ await Acl.model(user3).can('delete') // true
|
|
|
703
715
|
Same behaviour applies with roles
|
|
704
716
|
|
|
705
717
|
```typescript
|
|
706
|
-
await Acl.role(role).assignRole(manager)
|
|
718
|
+
await Acl.role(role).assignRole('manager')
|
|
707
719
|
await Acl.role(role).forbid('delete')
|
|
708
720
|
|
|
709
721
|
await Acl.role(role).forbidden('delete') // true
|
|
@@ -922,10 +934,15 @@ export default class PostController {
|
|
|
922
934
|
> Default Scope value is equal to 0 (zero)
|
|
923
935
|
|
|
924
936
|
|
|
937
|
+
## Cheat sheet
|
|
938
|
+
|
|
939
|
+
Coming soon
|
|
940
|
+
|
|
941
|
+
|
|
925
942
|
## TODO
|
|
926
943
|
|
|
927
944
|
- [X] Scopes (Multitenancy)
|
|
928
|
-
- [
|
|
945
|
+
- [X] UUID support
|
|
929
946
|
- [ ] Events
|
|
930
947
|
- [ ] More test coverage
|
|
931
948
|
- [ ] Caching
|
|
@@ -1,35 +1,34 @@
|
|
|
1
1
|
import type { NormalizeConstructor } from '@adonisjs/core/types/helpers';
|
|
2
|
-
import
|
|
3
|
-
import { AclModel, RoleInterface } from '../types.js';
|
|
2
|
+
import { AclModel } from '../types.js';
|
|
4
3
|
export declare function hasPermissions(): <Model extends NormalizeConstructor<import("@adonisjs/lucid/types/model").LucidModel>>(superclass: Model) => {
|
|
5
4
|
new (...args: any[]): {
|
|
6
|
-
getModelId():
|
|
5
|
+
getModelId(): string;
|
|
7
6
|
roles(): import("@adonisjs/lucid/types/model").ModelQueryBuilderContract<import("@adonisjs/lucid/types/model").LucidModel, import("../types.js").RoleModel<import("@adonisjs/lucid/types/model").LucidModel>>;
|
|
8
|
-
hasRole(role: string
|
|
9
|
-
hasAllRoles(...roles:
|
|
10
|
-
hasAnyRole(...roles:
|
|
11
|
-
assignRole(role: string
|
|
12
|
-
revokeRole(role: string
|
|
13
|
-
revokeAllRoles(...roles:
|
|
7
|
+
hasRole(role: string): Promise<boolean>;
|
|
8
|
+
hasAllRoles(...roles: string[]): Promise<boolean>;
|
|
9
|
+
hasAnyRole(...roles: string[]): Promise<boolean>;
|
|
10
|
+
assignRole(role: string): Promise<boolean>;
|
|
11
|
+
revokeRole(role: string): Promise<boolean>;
|
|
12
|
+
revokeAllRoles(...roles: string[]): Promise<boolean>;
|
|
14
13
|
permissions(includeForbiddings?: boolean): Promise<import("../types.js").PermissionModel<import("@adonisjs/lucid/types/model").LucidModel>[]>;
|
|
15
14
|
globalPermissions(includeForbiddings?: boolean): Promise<import("../types.js").PermissionModel<import("@adonisjs/lucid/types/model").LucidModel>[]>;
|
|
16
15
|
onResourcePermissions(includeForbiddings?: boolean): Promise<import("../types.js").PermissionModel<import("@adonisjs/lucid/types/model").LucidModel>[]>;
|
|
17
16
|
directGlobalPermissions(includeForbiddings?: boolean): Promise<import("../types.js").PermissionModel<import("@adonisjs/lucid/types/model").LucidModel>[]>;
|
|
18
17
|
directResourcePermissions(includeForbiddings?: boolean): Promise<import("../types.js").PermissionModel<import("@adonisjs/lucid/types/model").LucidModel>[]>;
|
|
19
|
-
containsPermission(permission: string
|
|
20
|
-
containsAllPermissions(permissions:
|
|
21
|
-
containsAnyPermission(permissions:
|
|
22
|
-
containsDirectPermission(permission: string
|
|
23
|
-
containsAllPermissionsDirectly(permissions:
|
|
24
|
-
containsAnyPermissionDirectly(permissions:
|
|
25
|
-
hasPermission(permission: string
|
|
26
|
-
hasAllPermissions(permissions:
|
|
27
|
-
hasAnyPermission(permissions:
|
|
28
|
-
hasAnyDirectPermission(permissions:
|
|
29
|
-
hasDirectPermission(permission: string
|
|
30
|
-
hasAllPermissionsDirect(permissions:
|
|
31
|
-
canAll(permissions:
|
|
32
|
-
canAny(permissions:
|
|
18
|
+
containsPermission(permission: string): Promise<boolean>;
|
|
19
|
+
containsAllPermissions(permissions: string[]): Promise<boolean>;
|
|
20
|
+
containsAnyPermission(permissions: string[]): Promise<boolean>;
|
|
21
|
+
containsDirectPermission(permission: string): Promise<boolean>;
|
|
22
|
+
containsAllPermissionsDirectly(permissions: string[]): Promise<boolean>;
|
|
23
|
+
containsAnyPermissionDirectly(permissions: string[]): Promise<boolean>;
|
|
24
|
+
hasPermission(permission: string, target?: AclModel | Function): Promise<boolean>;
|
|
25
|
+
hasAllPermissions(permissions: string[], target?: AclModel | Function): Promise<boolean>;
|
|
26
|
+
hasAnyPermission(permissions: string[], target?: AclModel | Function): Promise<boolean>;
|
|
27
|
+
hasAnyDirectPermission(permissions: string[], target?: AclModel | Function): Promise<boolean>;
|
|
28
|
+
hasDirectPermission(permission: string, target?: AclModel | Function): Promise<boolean>;
|
|
29
|
+
hasAllPermissionsDirect(permissions: string[], target?: AclModel | Function): Promise<boolean>;
|
|
30
|
+
canAll(permissions: string[], target?: AclModel | Function): Promise<boolean>;
|
|
31
|
+
canAny(permissions: string[], target?: AclModel | Function): Promise<boolean>;
|
|
33
32
|
assignDirectPermission(permission: string, target?: AclModel | Function): Promise<import("@adonisjs/lucid/types/model").LucidRow[]>;
|
|
34
33
|
allow(permission: string, target?: AclModel | Function): Promise<import("@adonisjs/lucid/types/model").LucidRow[]>;
|
|
35
34
|
revokePermission(permission: string, target?: AclModel | Function): Promise<any[]>;
|
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
import { DateTime } from 'luxon';
|
|
2
2
|
import { BaseModel } from '@adonisjs/lucid/orm';
|
|
3
|
-
|
|
3
|
+
import { ModelIdType, ModelPermissionInterface } from '../types.js';
|
|
4
|
+
export default class ModelPermission extends BaseModel implements ModelPermissionInterface {
|
|
4
5
|
static get table(): string;
|
|
5
6
|
id: number;
|
|
6
|
-
permissionId:
|
|
7
|
+
permissionId: ModelIdType;
|
|
7
8
|
modelType: string;
|
|
8
|
-
modelId:
|
|
9
|
+
modelId: ModelIdType;
|
|
9
10
|
createdAt: DateTime;
|
|
10
11
|
updatedAt: DateTime;
|
|
11
|
-
static forModel: import("@adonisjs/lucid/types/model").QueryScope<import("@adonisjs/lucid/types/model").LucidModel, (query: import("@adonisjs/lucid/types/model").ModelQueryBuilderContract<import("@adonisjs/lucid/types/model").LucidModel, import("@adonisjs/lucid/types/model").LucidRow>, modelType: string, modelId: number | null) => void>;
|
|
12
12
|
}
|
|
@@ -4,16 +4,12 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
|
|
|
4
4
|
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
5
5
|
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
6
6
|
};
|
|
7
|
-
import { BaseModel, column
|
|
7
|
+
import { BaseModel, column } from '@adonisjs/lucid/orm';
|
|
8
8
|
import config from '@adonisjs/core/services/config';
|
|
9
9
|
export default class ModelPermission extends BaseModel {
|
|
10
10
|
static get table() {
|
|
11
11
|
return config.get('permissions.permissionsConfig.tables.modelPermissions');
|
|
12
12
|
}
|
|
13
|
-
static forModel = scope((query, modelType, modelId) => {
|
|
14
|
-
query.where('model_type', modelType);
|
|
15
|
-
modelId === null ? query.whereNull('model_id') : query.where('model_id', modelId);
|
|
16
|
-
});
|
|
17
13
|
}
|
|
18
14
|
__decorate([
|
|
19
15
|
column({ isPrimary: true })
|
|
@@ -1,11 +1,12 @@
|
|
|
1
1
|
import { DateTime } from 'luxon';
|
|
2
2
|
import { BaseModel } from '@adonisjs/lucid/orm';
|
|
3
|
-
|
|
3
|
+
import { ModelIdType, ModelRoleInterface } from '../types.js';
|
|
4
|
+
export default class ModelRole extends BaseModel implements ModelRoleInterface {
|
|
4
5
|
static get table(): string;
|
|
5
6
|
id: number;
|
|
6
|
-
roleId:
|
|
7
|
+
roleId: ModelIdType;
|
|
7
8
|
modelType: string;
|
|
8
|
-
modelId:
|
|
9
|
+
modelId: ModelIdType;
|
|
9
10
|
createdAt: DateTime;
|
|
10
11
|
updatedAt: DateTime;
|
|
11
12
|
}
|
|
@@ -1,14 +1,16 @@
|
|
|
1
1
|
import { DateTime } from 'luxon';
|
|
2
2
|
import { BaseModel } from '@adonisjs/lucid/orm';
|
|
3
|
-
import { PermissionInterface } from '../types.js';
|
|
3
|
+
import { ModelIdType, PermissionInterface } from '../types.js';
|
|
4
4
|
export default class Permission extends BaseModel implements PermissionInterface {
|
|
5
5
|
static get table(): string;
|
|
6
|
-
|
|
7
|
-
|
|
6
|
+
static get selfAssignPrimaryKey(): boolean;
|
|
7
|
+
static assignUuid(permission: Permission): void;
|
|
8
|
+
getModelId(): ModelIdType;
|
|
9
|
+
id: string;
|
|
8
10
|
slug: string;
|
|
9
11
|
title: string | null;
|
|
10
12
|
entityType: string;
|
|
11
|
-
entityId:
|
|
13
|
+
entityId: string | null;
|
|
12
14
|
allowed: boolean;
|
|
13
15
|
scope: number;
|
|
14
16
|
createdAt: DateTime;
|
|
@@ -4,12 +4,19 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
|
|
|
4
4
|
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
5
5
|
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
6
6
|
};
|
|
7
|
-
import {
|
|
7
|
+
import { v4 as uuidv4 } from 'uuid';
|
|
8
|
+
import { BaseModel, beforeCreate, column } from '@adonisjs/lucid/orm';
|
|
8
9
|
import config from '@adonisjs/core/services/config';
|
|
9
10
|
export default class Permission extends BaseModel {
|
|
10
11
|
static get table() {
|
|
11
12
|
return config.get('permissions.permissionsConfig.tables.permissions');
|
|
12
13
|
}
|
|
14
|
+
static get selfAssignPrimaryKey() {
|
|
15
|
+
return config.get('permissions.permissionsConfig.uuidSupport');
|
|
16
|
+
}
|
|
17
|
+
static assignUuid(permission) {
|
|
18
|
+
permission.id = uuidv4();
|
|
19
|
+
}
|
|
13
20
|
getModelId() {
|
|
14
21
|
return this.id;
|
|
15
22
|
}
|
|
@@ -41,3 +48,6 @@ __decorate([
|
|
|
41
48
|
__decorate([
|
|
42
49
|
column.dateTime({ autoCreate: true, autoUpdate: true })
|
|
43
50
|
], Permission.prototype, "updatedAt", void 0);
|
|
51
|
+
__decorate([
|
|
52
|
+
beforeCreate()
|
|
53
|
+
], Permission, "assignUuid", null);
|
|
@@ -1,14 +1,16 @@
|
|
|
1
1
|
import { DateTime } from 'luxon';
|
|
2
2
|
import { BaseModel } from '@adonisjs/lucid/orm';
|
|
3
|
-
import {
|
|
4
|
-
export default class Role extends BaseModel implements
|
|
3
|
+
import { ModelIdType, RoleInterface } from '../types.js';
|
|
4
|
+
export default class Role extends BaseModel implements RoleInterface {
|
|
5
5
|
static get table(): string;
|
|
6
|
-
|
|
7
|
-
|
|
6
|
+
static get selfAssignPrimaryKey(): boolean;
|
|
7
|
+
static assignUuid(role: Role): void;
|
|
8
|
+
getModelId(): ModelIdType;
|
|
9
|
+
id: string;
|
|
8
10
|
slug: string;
|
|
9
11
|
title: string | null;
|
|
10
12
|
entityType: string;
|
|
11
|
-
entityId:
|
|
13
|
+
entityId: string | null;
|
|
12
14
|
scope: number;
|
|
13
15
|
allowed: boolean;
|
|
14
16
|
createdAt: DateTime;
|
package/build/src/models/role.js
CHANGED
|
@@ -4,12 +4,19 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
|
|
|
4
4
|
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
5
5
|
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
6
6
|
};
|
|
7
|
-
import { BaseModel, column } from '@adonisjs/lucid/orm';
|
|
7
|
+
import { BaseModel, beforeCreate, column } from '@adonisjs/lucid/orm';
|
|
8
8
|
import config from '@adonisjs/core/services/config';
|
|
9
|
+
import { v4 as uuidv4 } from 'uuid';
|
|
9
10
|
export default class Role extends BaseModel {
|
|
10
11
|
static get table() {
|
|
11
12
|
return config.get('permissions.permissionsConfig.tables.roles');
|
|
12
13
|
}
|
|
14
|
+
static get selfAssignPrimaryKey() {
|
|
15
|
+
return config.get('permissions.permissionsConfig.uuidSupport');
|
|
16
|
+
}
|
|
17
|
+
static assignUuid(role) {
|
|
18
|
+
role.id = uuidv4();
|
|
19
|
+
}
|
|
13
20
|
getModelId() {
|
|
14
21
|
return this.id;
|
|
15
22
|
}
|
|
@@ -41,3 +48,6 @@ __decorate([
|
|
|
41
48
|
__decorate([
|
|
42
49
|
column.dateTime({ autoCreate: true, autoUpdate: true })
|
|
43
50
|
], Role.prototype, "updatedAt", void 0);
|
|
51
|
+
__decorate([
|
|
52
|
+
beforeCreate()
|
|
53
|
+
], Role, "assignUuid", null);
|
|
@@ -1,17 +1,18 @@
|
|
|
1
|
+
import { BaseModel } from '@adonisjs/lucid/orm';
|
|
1
2
|
export function formatList(models) {
|
|
2
3
|
let slugs = [];
|
|
3
4
|
let ids = [];
|
|
4
5
|
for (let model of models) {
|
|
5
|
-
if (
|
|
6
|
+
if (model instanceof BaseModel) {
|
|
7
|
+
// @ts-ignore
|
|
8
|
+
slugs.push(model.slug);
|
|
9
|
+
}
|
|
10
|
+
else if (typeof model === 'string' && Number.isNaN(+model)) {
|
|
6
11
|
slugs.push(model);
|
|
7
12
|
}
|
|
8
13
|
else if (typeof model === 'number') {
|
|
9
14
|
ids.push(model);
|
|
10
15
|
}
|
|
11
|
-
else {
|
|
12
|
-
// @ts-ignore
|
|
13
|
-
ids.push(model.id);
|
|
14
|
-
}
|
|
15
16
|
}
|
|
16
17
|
return { slugs, ids };
|
|
17
18
|
}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { AclModel, MorphInterface,
|
|
1
|
+
import { AclModel, MorphInterface, ScopeInterface } from '../types.js';
|
|
2
2
|
import PermissionsService from './permissions/permissions_service.js';
|
|
3
3
|
import RolesService from './roles/roles_service.js';
|
|
4
4
|
export declare class ModelHasRolePermissions {
|
|
@@ -11,14 +11,14 @@ export declare class ModelHasRolePermissions {
|
|
|
11
11
|
on(scope: number): this;
|
|
12
12
|
getScope(): number;
|
|
13
13
|
roles(): import("@adonisjs/lucid/types/model").ModelQueryBuilderContract<import("@adonisjs/lucid/types/model").LucidModel, import("../types.js").RoleModel<import("@adonisjs/lucid/types/model").LucidModel>>;
|
|
14
|
-
hasRole(role: string
|
|
15
|
-
hasAllRoles(...roles:
|
|
16
|
-
hasAnyRole(...roles:
|
|
17
|
-
assignRole(role: string
|
|
18
|
-
assign(role: string
|
|
19
|
-
assignAllRoles(...roles:
|
|
20
|
-
revokeRole(role: string
|
|
21
|
-
revokeAllRoles(...roles:
|
|
14
|
+
hasRole(role: string): Promise<boolean>;
|
|
15
|
+
hasAllRoles(...roles: string[]): Promise<boolean>;
|
|
16
|
+
hasAnyRole(...roles: string[]): Promise<boolean>;
|
|
17
|
+
assignRole(role: string): Promise<boolean>;
|
|
18
|
+
assign(role: string): Promise<boolean>;
|
|
19
|
+
assignAllRoles(...roles: string[]): Promise<boolean>;
|
|
20
|
+
revokeRole(role: string): Promise<boolean>;
|
|
21
|
+
revokeAllRoles(...roles: string[]): Promise<boolean>;
|
|
22
22
|
flushRoles(): import("@adonisjs/lucid/types/model").ModelQueryBuilderContract<import("@adonisjs/lucid/types/model").LucidModel, any>;
|
|
23
23
|
permissions(includeForbiddings?: boolean): Promise<import("../types.js").PermissionModel<import("@adonisjs/lucid/types/model").LucidModel>[]>;
|
|
24
24
|
globalPermissions(includeForbiddings?: boolean): Promise<import("../types.js").PermissionModel<import("@adonisjs/lucid/types/model").LucidModel>[]>;
|
|
@@ -27,25 +27,26 @@ export declare class ModelHasRolePermissions {
|
|
|
27
27
|
rolePermissions(includeForbiddings?: boolean): Promise<import("../types.js").PermissionModel<import("@adonisjs/lucid/types/model").LucidModel>[]>;
|
|
28
28
|
directGlobalPermissions(includeForbiddings?: boolean): Promise<import("../types.js").PermissionModel<import("@adonisjs/lucid/types/model").LucidModel>[]>;
|
|
29
29
|
directResourcePermissions(includeForbiddings?: boolean): Promise<import("../types.js").PermissionModel<import("@adonisjs/lucid/types/model").LucidModel>[]>;
|
|
30
|
-
containsPermission(permission: string
|
|
31
|
-
contains(permission: string
|
|
32
|
-
containsAllPermissions(permissions:
|
|
33
|
-
containsAnyPermission(permissions:
|
|
34
|
-
containsDirectPermission(permission: string
|
|
35
|
-
containsAllPermissionsDirectly(permissions:
|
|
36
|
-
containsAnyPermissionDirectly(permissions:
|
|
37
|
-
hasPermission(permission: string
|
|
38
|
-
hasAllPermissions(permissions:
|
|
39
|
-
hasAnyPermission(permissions:
|
|
40
|
-
hasAnyDirectPermission(permissions:
|
|
41
|
-
hasDirectPermission(permission: string
|
|
42
|
-
hasAllPermissionsDirect(permissions:
|
|
43
|
-
can(permission: string
|
|
44
|
-
canAll(permissions:
|
|
45
|
-
canAny(permissions:
|
|
30
|
+
containsPermission(permission: string): Promise<boolean>;
|
|
31
|
+
contains(permission: string): Promise<boolean>;
|
|
32
|
+
containsAllPermissions(permissions: string[]): Promise<boolean>;
|
|
33
|
+
containsAnyPermission(permissions: string[]): Promise<boolean>;
|
|
34
|
+
containsDirectPermission(permission: string): Promise<boolean>;
|
|
35
|
+
containsAllPermissionsDirectly(permissions: string[]): Promise<boolean>;
|
|
36
|
+
containsAnyPermissionDirectly(permissions: string[]): Promise<boolean>;
|
|
37
|
+
hasPermission(permission: string, target?: AclModel | Function): Promise<boolean>;
|
|
38
|
+
hasAllPermissions(permissions: string[], target?: AclModel | Function): Promise<boolean>;
|
|
39
|
+
hasAnyPermission(permissions: string[], target?: AclModel | Function): Promise<boolean>;
|
|
40
|
+
hasAnyDirectPermission(permissions: string[], target?: AclModel | Function): Promise<boolean>;
|
|
41
|
+
hasDirectPermission(permission: string, target?: AclModel | Function): Promise<boolean>;
|
|
42
|
+
hasAllPermissionsDirect(permissions: string[], target?: AclModel | Function): Promise<boolean>;
|
|
43
|
+
can(permission: string, target?: AclModel | Function): Promise<boolean>;
|
|
44
|
+
canAll(permissions: string[], target?: AclModel | Function): Promise<boolean>;
|
|
45
|
+
canAny(permissions: string[], target?: AclModel | Function): Promise<boolean>;
|
|
46
46
|
assignDirectPermission(permission: string, target?: AclModel | Function): Promise<import("@adonisjs/lucid/types/model").LucidRow[]>;
|
|
47
47
|
assignDirectAllPermissions(permissions: string[], target?: AclModel | Function): Promise<import("@adonisjs/lucid/types/model").LucidRow[]>;
|
|
48
48
|
allow(permission: string, target?: AclModel | Function): Promise<import("@adonisjs/lucid/types/model").LucidRow[]>;
|
|
49
|
+
allowAll(permission: string[], target?: AclModel | Function): Promise<import("@adonisjs/lucid/types/model").LucidRow[]>;
|
|
49
50
|
revokePermission(permission: string, target?: AclModel | Function): Promise<any[]>;
|
|
50
51
|
revoke(permission: string, target?: AclModel | Function): Promise<any[]>;
|
|
51
52
|
revokeAll(permissions: string[], target?: AclModel | Function): Promise<any[]>;
|
|
@@ -45,8 +45,8 @@ export class ModelHasRolePermissions {
|
|
|
45
45
|
return this.revokeAllRoles(role);
|
|
46
46
|
}
|
|
47
47
|
revokeAllRoles(...roles) {
|
|
48
|
-
const { slugs
|
|
49
|
-
return this.roleService.revokeAll(
|
|
48
|
+
const { slugs } = formatList(roles);
|
|
49
|
+
return this.roleService.revokeAll(slugs, this.model);
|
|
50
50
|
}
|
|
51
51
|
flushRoles() {
|
|
52
52
|
return this.roleService.flush(this.map.getAlias(this.model), this.model.getModelId());
|
|
@@ -140,7 +140,10 @@ export class ModelHasRolePermissions {
|
|
|
140
140
|
return this.permissionsService.giveAll(this.map.getAlias(this.model), this.model.getModelId(), permissions, entity.targetClass, entity.targetId, true);
|
|
141
141
|
}
|
|
142
142
|
allow(permission, target) {
|
|
143
|
-
return this.
|
|
143
|
+
return this.allowAll([permission], target);
|
|
144
|
+
}
|
|
145
|
+
allowAll(permission, target) {
|
|
146
|
+
return this.assignDirectAllPermissions(permission, target);
|
|
144
147
|
}
|
|
145
148
|
async revokePermission(permission, target) {
|
|
146
149
|
return this.revokeAllPermissions([permission], target);
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import BaseService from './base_service.js';
|
|
2
2
|
import { BaseModel } from '@adonisjs/lucid/orm';
|
|
3
|
-
import { MorphInterface } from '../types.js';
|
|
3
|
+
import { ModelIdType, MorphInterface } from '../types.js';
|
|
4
4
|
export default class ModelService extends BaseService {
|
|
5
5
|
private modelPermissionClassName;
|
|
6
6
|
private modelRoleClassName;
|
|
@@ -12,6 +12,6 @@ export default class ModelService extends BaseService {
|
|
|
12
12
|
constructor(modelPermissionClassName: typeof BaseModel, modelRoleClassName: typeof BaseModel, map: MorphInterface);
|
|
13
13
|
all(roleId: number): import("@adonisjs/lucid/types/model").ModelQueryBuilderContract<import("@adonisjs/lucid/types/model").LucidModel, import("../types.js").ModelRoleModel<import("@adonisjs/lucid/types/model").LucidModel>>;
|
|
14
14
|
allFor(modelType: string, roleId: number): Promise<any>;
|
|
15
|
-
allByPermission(permissionId:
|
|
16
|
-
allByPermissionFor(modelType: string, permissionId:
|
|
15
|
+
allByPermission(permissionId: ModelIdType): import("@adonisjs/lucid/types/model").ModelQueryBuilderContract<import("@adonisjs/lucid/types/model").LucidModel, import("../types.js").ModelPermissionModel<import("@adonisjs/lucid/types/model").LucidModel>>;
|
|
16
|
+
allByPermissionFor(modelType: string, permissionId: ModelIdType): Promise<any>;
|
|
17
17
|
}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { BaseModel } from '@adonisjs/lucid/orm';
|
|
2
|
-
import { ScopeInterface } from '../../types.js';
|
|
2
|
+
import { PermissionInterface, PermissionModel, ScopeInterface } from '../../types.js';
|
|
3
3
|
export default class EmptyPermission {
|
|
4
4
|
private permissionClassName;
|
|
5
5
|
private scope;
|
|
@@ -8,5 +8,6 @@ export default class EmptyPermission {
|
|
|
8
8
|
on(scope: number): this;
|
|
9
9
|
getScope(): number;
|
|
10
10
|
delete(permission: string): import("@adonisjs/lucid/types/model").ModelQueryBuilderContract<import("@adonisjs/lucid/types/model").LucidModel, any>;
|
|
11
|
-
|
|
11
|
+
create(values: Partial<PermissionInterface>): Promise<PermissionModel<import("@adonisjs/lucid/types/model").LucidModel>>;
|
|
12
|
+
query(): import("@adonisjs/lucid/types/model").ModelQueryBuilderContract<import("@adonisjs/lucid/types/model").LucidModel, PermissionModel<import("@adonisjs/lucid/types/model").LucidModel>>;
|
|
12
13
|
}
|