@holoyan/adonisjs-permissions 1.3.2 → 1.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +10 -3
  2. package/build/src/services/permissions/permissions_service.d.ts +2 -2
  3. package/build/src/services/permissions/permissions_service.js +17 -3
  4. package/package.json +4 -4
package/README.md CHANGED
@@ -2,6 +2,7 @@
2
2
 
3
3
  Checkout other AdonisJS packages
4
4
 
5
+ - [AdonisJs Lucid Polymorphic Relations](https://github.com/holoyan/adonisjs-polymorphic)
5
6
  - [AdonisJs activity log](https://github.com/holoyan/adonisjs-activitylog)
6
7
 
7
8
  [//]: # ([![test](https://github.com/holoyan/adonisjs-permissions/actions/workflows/test.yml/badge.svg)](https://github.com/holoyan/adonisjs-permissions/actions/workflows/test.yml))
@@ -14,8 +15,8 @@ Checkout other AdonisJS packages
14
15
 
15
16
  ## Release Notes
16
17
 
17
- Version: >= v1.3.2
18
- * Fixed `permissionQueryHelpers()` mixin leaking internal relations (`_roles`, `_permissions`, `_model_roles`) into the public `related()` API, which caused incorrect IDE type inference on user-defined relations
18
+ Version: v1.3.4
19
+ * Fixed `PermissionsService.forbidden()` returning `false` for explicitly denied permissions ([#36](https://github.com/holoyan/adonisjs-permissions/issues/36)). The method was missing `await` on an async call (`!Promise` is always `false`) and used the wrong semantic (negating `hasAny` conflated "never granted" with "explicitly denied"). It now queries the forbid rows directly and is correctly `async`.
19
20
 
20
21
  ## Table of Contents
21
22
 
@@ -89,9 +90,15 @@ await user.allow('delete', post)
89
90
  To be able to use the full power of Acl, you should have a clear understanding of how it is structured and how it works. That's why the documentation will be divided into two parts: [Basic usage](#basic-usage) and [Advanced usage](#digging-deeper). For most applications, Basic Usage will be enough.
90
91
 
91
92
  ## Installation
92
-
93
+
94
+ For AdonisJS v7 (latest):
95
+
93
96
  npm i @holoyan/adonisjs-permissions
94
97
 
98
+ For AdonisJS v6:
99
+
100
+ npm i @holoyan/adonisjs-permissions@v1-latest
101
+
95
102
 
96
103
  Next publish config files
97
104
 
package/build/src/services/permissions/permissions_service.d.ts CHANGED
@@ -78,9 +78,9 @@ export default class PermissionsService extends BaseService {
78
78
  */
79
79
  containsAnyDirect(modelType: string, modelId: ModelIdType, permission: string[]): Promise<boolean>;
80
80
  /**
81
- * check if permission is forbidden, if there is same permission with allowed=false then return true;
81
+ * check if permission is forbidden if there is the same permission with allowed=false then return true;
82
82
  */
83
- forbidden(modelType: string, modelId: ModelIdType, permission: string, entityType: string | null, entityId: ModelIdType | null): boolean;
83
+ forbidden(modelType: string, modelId: ModelIdType, permission: string, entityType: string | null, entityId: ModelIdType | null): Promise<boolean>;
84
84
  /**
85
85
  * give permission to model
86
86
  */
package/build/src/services/permissions/permissions_service.js CHANGED
@@ -291,10 +291,24 @@ export default class PermissionsService extends BaseService {
291
291
  return r.length > 0;
292
292
  }
293
293
  /**
294
- * check if permission is forbidden, if there is same permission with allowed=false then return true;
294
+ * check if permission is forbidden if there is the same permission with allowed=false then return true;
295
295
  */
296
- forbidden(modelType, modelId, permission, entityType, entityId) {
297
- return !this.hasAny(modelType, modelId, [permission], entityType, entityId);
296
+ async forbidden(modelType, modelId, permission, entityType, entityId) {
297
+ const { slugs, ids } = this.formatList([permission]);
298
+ const q = this.permissionQuery
299
+ .leftJoin(this.modelPermissionTable + ' as mp', 'mp.permission_id', '=', this.permissionTable + '.id')
300
+ .where('mp.model_type', modelType)
301
+ .where('mp.model_id', modelId)
302
+ .where(this.permissionTable + '.allowed', false)
303
+ .where((sub) => {
304
+ if (slugs.length)
305
+ sub.orWhereIn(this.permissionTable + '.slug', slugs);
306
+ if (ids.length)
307
+ sub.orWhereIn(this.permissionTable + '.id', ids);
308
+ });
309
+ this.applyTargetRestriction(this.permissionTable, q, entityType, entityId);
310
+ const r = await q.select(this.permissionTable + '.id').limit(1);
311
+ return r.length > 0;
298
312
  }
299
313
  /**
300
314
  * give permission to model
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@holoyan/adonisjs-permissions",
3
3
  "description": "AdonisJs roles and permissions system",
4
- "version": "1.3.2",
4
+ "version": "1.3.4",
5
5
  "engines": {
6
6
  "node": ">=18.16.0"
7
7
  },
@@ -78,12 +78,12 @@
78
78
  },
79
79
  "publishConfig": {
80
80
  "access": "public",
81
- "tag": "latest"
81
+ "tag": "v1-latest"
82
82
  },
83
83
  "np": {
84
84
  "message": "chore(release): %s",
85
- "tag": "latest",
86
- "branch": "main",
85
+ "tag": "v1-latest",
86
+ "branch": "v1.3.x",
87
87
  "anyBranch": false
88
88
  },
89
89
  "c8": {