@holoyan/adonisjs-permissions 2.0.0-beta.2 → 2.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +16 -6
  2. package/build/src/services/permissions/permissions_service.d.ts +2 -2
  3. package/build/src/services/permissions/permissions_service.js +17 -3
  4. package/package.json +13 -13
package/README.md CHANGED
@@ -1,7 +1,13 @@
1
- # Role permissions system for AdonisJS V6+
1
+ # Role permissions system for AdonisJS
2
+
3
+ | Package version | AdonisJS version |
4
+ |----------------|-----------------|
5
+ | v1.x | v6 |
6
+ | v2.x | v7 |
2
7
 
3
8
  Checkout other AdonisJS packages
4
9
 
10
+ - [AdonisJs Lucid Polymorphic Relations](https://github.com/holoyan/adonisjs-polymorphic)
5
11
  - [AdonisJs activity log](https://github.com/holoyan/adonisjs-activitylog)
6
12
 
7
13
  [//]: # ([![test](https://github.com/holoyan/adonisjs-permissions/actions/workflows/test.yml/badge.svg)](https://github.com/holoyan/adonisjs-permissions/actions/workflows/test.yml))
@@ -14,8 +20,8 @@ Checkout other AdonisJS packages
14
20
 
15
21
  ## Release Notes
16
22
 
17
- Version: >= v2.0.0-beta.2
18
- * Fixed `permissionQueryHelpers()` mixin leaking internal relations (`_roles`, `_permissions`, `_model_roles`) into the public `related()` API, which caused incorrect IDE type inference on user-defined relations
23
+ Version: v2.0.2
24
+ * Fixed `PermissionsService.forbidden()` returning `false` for explicitly denied permissions ([#36](https://github.com/holoyan/adonisjs-permissions/issues/36)). The method was missing `await` on an async call (`!Promise` is always `false`) and used the wrong semantic (negating `hasAny` conflated "never granted" with "explicitly denied"). It now queries the forbid rows directly and is correctly `async`.
19
25
 
20
26
  ## Table of Contents
21
27
 
@@ -89,9 +95,15 @@ await user.allow('delete', post)
89
95
  To be able to use the full power of Acl, you should have a clear understanding of how it is structured and how it works. That's why the documentation will be divided into two parts: [Basic usage](#basic-usage) and [Advanced usage](#digging-deeper). For most applications, Basic Usage will be enough.
90
96
 
91
97
  ## Installation
92
-
98
+
99
+ For AdonisJS v7 (latest):
100
+
93
101
  npm i @holoyan/adonisjs-permissions
94
102
 
103
+ For AdonisJS v6:
104
+
105
+ npm i @holoyan/adonisjs-permissions@v1-latest
106
+
95
107
 
96
108
  Next publish config files
97
109
 
@@ -1364,8 +1376,6 @@ await Acl.permission(myPermission).detachFromRole(role_slug)
1364
1376
  |------------------------|-----------------|
1365
1377
  | v20.x | 0.10.x |
1366
1378
  | v21.x | 1.x |
1367
- | v22.x | 2.x |
1368
-
1369
1379
 
1370
1380
 
1371
1381
 
package/build/src/services/permissions/permissions_service.d.ts CHANGED
@@ -78,9 +78,9 @@ export default class PermissionsService extends BaseService {
78
78
  */
79
79
  containsAnyDirect(modelType: string, modelId: ModelIdType, permission: string[]): Promise<boolean>;
80
80
  /**
81
- * check if permission is forbidden, if there is same permission with allowed=false then return true;
81
+ * check if permission is forbidden if there is the same permission with allowed=false then return true;
82
82
  */
83
- forbidden(modelType: string, modelId: ModelIdType, permission: string, entityType: string | null, entityId: ModelIdType | null): boolean;
83
+ forbidden(modelType: string, modelId: ModelIdType, permission: string, entityType: string | null, entityId: ModelIdType | null): Promise<boolean>;
84
84
  /**
85
85
  * give permission to model
86
86
  */
package/build/src/services/permissions/permissions_service.js CHANGED
@@ -291,10 +291,24 @@ export default class PermissionsService extends BaseService {
291
291
  return r.length > 0;
292
292
  }
293
293
  /**
294
- * check if permission is forbidden, if there is same permission with allowed=false then return true;
294
+ * check if permission is forbidden if there is the same permission with allowed=false then return true;
295
295
  */
296
- forbidden(modelType, modelId, permission, entityType, entityId) {
297
- return !this.hasAny(modelType, modelId, [permission], entityType, entityId);
296
+ async forbidden(modelType, modelId, permission, entityType, entityId) {
297
+ const { slugs, ids } = this.formatList([permission]);
298
+ const q = this.permissionQuery
299
+ .leftJoin(this.modelPermissionTable + ' as mp', 'mp.permission_id', '=', this.permissionTable + '.id')
300
+ .where('mp.model_type', modelType)
301
+ .where('mp.model_id', modelId)
302
+ .where(this.permissionTable + '.allowed', false)
303
+ .where((sub) => {
304
+ if (slugs.length)
305
+ sub.orWhereIn(this.permissionTable + '.slug', slugs);
306
+ if (ids.length)
307
+ sub.orWhereIn(this.permissionTable + '.id', ids);
308
+ });
309
+ this.applyTargetRestriction(this.permissionTable, q, entityType, entityId);
310
+ const r = await q.select(this.permissionTable + '.id').limit(1);
311
+ return r.length > 0;
298
312
  }
299
313
  /**
300
314
  * give permission to model
package/package.json CHANGED
@@ -1,9 +1,9 @@
1
1
  {
2
2
  "name": "@holoyan/adonisjs-permissions",
3
3
  "description": "AdonisJs roles and permissions system",
4
- "version": "2.0.0-beta.2",
4
+ "version": "2.0.2",
5
5
  "engines": {
6
- "node": ">=24.0.0"
6
+ "node": ">=18.16.0"
7
7
  },
8
8
  "type": "module",
9
9
  "files": [
@@ -41,12 +41,12 @@
41
41
  "author": "holoyan",
42
42
  "license": "MIT",
43
43
  "devDependencies": {
44
- "@adonisjs/assembler": "^8.0.0-next.0",
45
- "@adonisjs/core": "^7.0.0-next.0",
44
+ "@adonisjs/assembler": "^8.0.1",
45
+ "@adonisjs/core": "^7.0.1",
46
46
  "@adonisjs/eslint-config": "^1.2.1",
47
- "@adonisjs/lucid": "^22.0.0-next.0",
47
+ "@adonisjs/lucid": "^22.1.1",
48
48
  "@adonisjs/prettier-config": "^1.2.1",
49
- "@adonisjs/tsconfig": "^2.0.0-next.3",
49
+ "@adonisjs/tsconfig": "^2.0.0",
50
50
  "@japa/assert": "^4.2.0",
51
51
  "@japa/runner": "^5.3.0",
52
52
  "@swc/core": "^1.3.102",
@@ -71,20 +71,20 @@
71
71
  "uuid": "^10.0.0"
72
72
  },
73
73
  "peerDependencies": {
74
- "@adonisjs/core": "^7.0.0-next.0",
75
- "@adonisjs/lucid": "^22.0.0-next.0",
74
+ "@adonisjs/core": "^7.0.1",
75
+ "@adonisjs/lucid": "^22.1.1",
76
76
  "@types/uuid": "^10.0.0",
77
- "luxon": "^3.4.4",
77
+ "luxon": "^3.7.2",
78
78
  "uuid": "^10.0.0"
79
79
  },
80
80
  "publishConfig": {
81
81
  "access": "public",
82
- "tag": "beta"
82
+ "tag": "latest"
83
83
  },
84
84
  "np": {
85
85
  "message": "chore(release): %s",
86
- "tag": "beta",
87
- "branch": "2.0.0-beta.1",
86
+ "tag": "latest",
87
+ "branch": "master",
88
88
  "anyBranch": false
89
89
  },
90
90
  "c8": {
@@ -101,7 +101,7 @@
101
101
  },
102
102
  "prettier": "@adonisjs/prettier-config",
103
103
  "dependencies": {
104
- "@holoyan/morph-map-js": "^0.1.2",
104
+ "@holoyan/morph-map-js": "^0.1.1",
105
105
  "@poppinss/hooks": "7.3.0"
106
106
  }
107
107
  }