@nocobase/acl 0.7.0-alpha.3 → 0.7.0-alpha.32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/esm/acl.js +3 -0
  2. package/esm/acl.js.map +1 -1
  3. package/lib/acl.js +3 -0
  4. package/lib/acl.js.map +1 -1
  5. package/package.json +3 -3
package/esm/acl.js CHANGED
@@ -111,6 +111,9 @@ export class ACL extends EventEmitter {
111
111
  params: actionParams,
112
112
  };
113
113
  }
114
+ else {
115
+ return null;
116
+ }
114
117
  }
115
118
  if (!aclRole.strategy) {
116
119
  return null;
package/esm/acl.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"acl.js","sourceRoot":"","sources":["../src/acl.ts"],"names":[],"mappings":";;;;;;;;;AACA,OAAO,YAAY,MAAM,QAAQ,CAAC;AAClC,OAAO,OAAO,MAAM,aAAa,CAAC;AAClC,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EAAE,kBAAkB,EAA0B,MAAM,wBAAwB,CAAC;AACpF,OAAO,EAAE,oBAAoB,EAA4B,SAAS,EAAE,MAAM,0BAA0B,CAAC;AACrG,OAAO,EAAE,OAAO,EAAoB,MAAM,YAAY,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,MAAM,KAAK,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;AAoCxC,MAAM,OAAO,GAAI,SAAQ,YAAY;IAanC;QACE,KAAK,EAAE,CAAC;QAbA,qBAAgB,GAAG,IAAI,GAAG,EAA8B,CAAC;QACzD,sBAAiB,GAAG,IAAI,GAAG,EAAgC,CAAC;QAC5D,gBAAW,GAAG,EAAE,CAAC;QAEpB,iBAAY,GAAG,IAAI,YAAY,CAAC,IAAI,CAAC,CAAC;QAE7C,UAAK,GAAG,IAAI,GAAG,EAAmB,CAAC;QAEnC,gBAAW,GAAG,IAAI,GAAG,EAAkB,CAAC;QAExC,oBAAe,GAAa,EAAE,CAAC;QAK7B,IAAI,CAAC,iBAAiB,CAAC,CAAC,GAAG,EAAE,EAAE;YAC7B,IAAI,MAAM,CAAC,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE;gBACtD,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC,GAAG,CAAC,CAAC;aACtD;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,iBAAiB,CAAC,CAAC,GAAG,EAAE,EAAE;YAC7B,MAAM,UAAU,GAAG,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YAE3D,IAAI,MAAM,CAAC,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE;gBACpC,IAAI,CAAC,UAAU,KAAK,QAAQ,IAAI,UAAU,KAAK,QAAQ,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE;oBAC7E,GAAG,CAAC,MAAM,mCACL,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,KACpC,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,MAAM,GAC7B,CAAC;iBACH;gBAED,IAAI,UAAU,KAAK,MAAM,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE;oBAC9C,MAAM,YAAY,GAAG,CAAC,IAAI,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC;oBACtD,GAAG,CAAC,MAAM,mCACL,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,KACpC,MAAM,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,YAAY,CAAC,GAChD,CAAC;iBACH;aACF;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,aAAa,EAAE,CAAC,CAAC;IAC3D,CAAC;IAED,MAAM,CAAC,OAAsB;QAC3B,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;QAC9B,MAAM,IAAI,GAAG,IAAI,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAEzC,IAAI,OAAO,CAAC,QAAQ,EAAE;YACpB,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;SAClC;QAED,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,EAAE,CAAC;QAEtC,KAAK,MAAM,CAAC,UAAU,EAAE,YAAY,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;YAChE,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;SAC5C;QAED,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAE/B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,CAAC,IAAY;QAClB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC9B,CAAC;IAED,UAAU,CAAC,IAAY;QACrB,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACjC,CAAC;IAED,uBAAuB,CAAC,KAAe;QACrC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC;IAC7D,CAAC;IAED,sBAAsB,CAAC,IAAY;QACjC,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;IAED,gBAAgB,CAAC,IAAY;QAC3B,OAAO,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC7C,CAAC;IAED,kBAAkB,CAAC,IAAY,EAAE,OAA+B;QAC9D,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,kBAAkB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC;QAEvE,IAAI,OAAO,CAAC,OAAO,EAAE;YACnB,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YACtF,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE;gBAC3B,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;aACnC;SACF;IACH,CAAC;IAED,kBAAkB,CAAC,IAAY;QAC7B,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC;QACtD,OAAO,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC/C,CAAC;IAED,mBAAmB;QACjB,OAAO,IAAI,CAAC,gBAAgB,CAAC;IAC/B,CAAC;IAED,oBAAoB,CAAC,IAAY,EAAE,OAA8C;QAC/E,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,oBAAoB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC;IAC5E,CAAC;IAED,iBAAiB,CAAC,QAAmB;QACnC,IAAI,CAAC,WAAW,CAAC,mBAAmB,EAAE,QAAQ,CAAC,CAAC;IAClD,CAAC;IAED,GAAG,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAW;QACrC,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAErC,IAAI,CAAC,OAAO,EAAE;YACZ,OAAO,IAAI,CAAC;SACb;QAED,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QAElD,IAAI,WAAW,EAAE;YACf,MAAM,YAAY,GAAG,WAAW,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YAEnD,IAAI,YAAY,EAAE;gBAChB,8BAA8B;gBAC9B,OAAO;oBACL,IAAI;oBACJ,QAAQ;oBACR,MAAM;oBACN,MAAM,EAAE,YAAY;iBACrB,CAAC;aACH;SACF;QAED,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE;YACrB,OAAO,IAAI,CAAC;SACb;QAED,MAAM,YAAY,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC;YACpD,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC;YAC9C,CAAC,CAAC,IAAI,oBAAoB,CAAC,IAAI,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;QAErD,IAAI,CAAC,YAAY,EAAE;YACjB,OAAO,IAAI,CAAC;SACb;QAED,MAAM,kBAAkB,GAAG,YAAY,CAAC,KAAK,CAAC,QAAQ,EAAE,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC;QAEzF,IAAI,kBAAkB,EAAE;YACtB,MAAM,MAAM,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;YAE1C,IAAI,MAAM,CAAC,aAAa,CAAC,kBAAkB,CAAC,EAAE;gBAC5C,MAAM,CAAC,QAAQ,CAAC,GAAG,kBAAkB,CAAC;aACvC;YAED,OAAO,MAAM,CAAC;SACf;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAES,iBAAiB,CAAC,UAAkB;QAC5C,OAAO,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC,CAAC;IACxE,CAAC;IAEM,kBAAkB,CAAC,MAAc;QACtC,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;IAC9E,CAAC;IAED,GAAG,CAAC,EAAO;QACT,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC5B,CAAC;IAED,KAAK,CAAC,YAAoB,EAAE,WAA8B,EAAE,SAAe;QACzE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE;YAC/B,WAAW,GAAG,CAAC,WAAW,CAAC,CAAC;SAC7B;QAED,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE;YACpC,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,YAAY,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC;SAC9D;IACH,CAAC;IAED,iBAAiB,CAAC,IAAS,EAAE,GAAQ;QACnC,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC;YACjB,GAAG,EAAE;gBACH,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;aAC7C;SACF,CAAC,CAAC;IACL,CAAC;IAED,UAAU;QACR,MAAM,GAAG,GAAG,IAAI,CAAC;QAEjB,MAAM,YAAY,GAAG,CAAC,GAAG,EAAE,YAAY,EAAE,MAAM,EAAE,EAAE;;YACjD,IAAI,MAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,MAAM,0CAAE,WAAW,EAAE;gBAC/B,MAAM,UAAU,GAAG,GAAG,CAAC,EAAE,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;gBACtD,IAAI,UAAU,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE;oBACrD,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,oBAAoB,CAAC,CAAC;iBAClD;aACF;YAED,OAAO,MAAM,CAAC;QAChB,CAAC,CAAC;QAEF,OAAO,SAAe,aAAa,CAAC,GAAG,EAAE,IAAI;;gBAC3C,MAAM,QAAQ,GAAG,GAAG,CAAC,KAAK,CAAC,WAAW,IAAI,WAAW,CAAC;gBACtD,MAAM,EAAE,YAAY,EAAE,UAAU,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;gBAEhD,MAAM,eAAe,GAAW,GAAG,CAAC,MAAM,CAAC;gBAE3C,GAAG,CAAC,GAAG,GAAG,CAAC,OAA8B,EAAE,EAAE;oBAC3C,OAAO,GAAG,CAAC,GAAG,iBAAG,IAAI,EAAE,QAAQ,IAAK,OAAO,EAAG,CAAC;gBACjD,CAAC,CAAC;gBAEF,GAAG,CAAC,UAAU,GAAG;oBACf,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC;iBAC7D,CAAC;gBAEF,OAAO,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,GAAG,EAAE,GAAS,EAAE;oBAC9C,MAAM,UAAU,GAAG,GAAG,CAAC,UAAU,CAAC;oBAElC,IAAI,UAAU,CAAC,IAAI,EAAE;wBACnB,OAAO,IAAI,EAAE,CAAC;qBACf;oBAED,IAAI,CAAC,UAAU,CAAC,GAAG,IAAI,OAAO,UAAU,CAAC,GAAG,KAAK,QAAQ,EAAE;wBACzD,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC;wBACjC,OAAO;qBACR;oBAED,MAAM,EAAE,MAAM,EAAE,GAAG,UAAU,CAAC,GAAG,CAAC;oBAElC,IAAI,MAAM,EAAE;wBACV,MAAM,cAAc,GAAG,YAAY,CAAC,GAAG,EAAE,YAAY,EAAE,MAAM,CAAC,CAAC;wBAC/D,MAAM,YAAY,GAAG,GAAG,CAAC,iBAAiB,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC;wBAChE,eAAe,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;qBAC3C;oBAED,MAAM,IAAI,EAAE,CAAC;gBACf,CAAC,CAAA,CAAC,CAAC;YACL,CAAC;SAAA,CAAC;IACJ,CAAC;CACF","sourcesContent":["import { Action } from '@nocobase/resourcer';\nimport EventEmitter from 'events';\nimport compose from 'koa-compose';\nimport lodash from 'lodash';\nimport { AclAvailableAction, AvailableActionOptions } from './acl-available-action';\nimport { ACLAvailableStrategy, AvailableStrategyOptions, predicate } from './acl-available-strategy';\nimport { ACLRole, RoleActionParams } from './acl-role';\nimport { AllowManager } from './allow-manager';\nconst parse = require('json-templates');\n\ninterface CanResult {\n role: string;\n resource: string;\n action: string;\n params?: any;\n}\n\nexport interface DefineOptions {\n role: string;\n allowConfigure?: boolean;\n strategy?: string | Omit<AvailableStrategyOptions, 'acl'>;\n actions?: {\n [key: string]: RoleActionParams;\n };\n routes?: any;\n}\n\nexport interface ListenerContext {\n acl: ACL;\n role: ACLRole;\n path: string;\n actionName: string;\n resourceName: string;\n params: RoleActionParams;\n}\n\ntype Listener = (ctx: ListenerContext) => void;\n\ninterface CanArgs {\n role: string;\n resource: string;\n action: string;\n}\n\nexport class ACL extends EventEmitter {\n protected availableActions = new Map<string, AclAvailableAction>();\n protected availableStrategy = new Map<string, ACLAvailableStrategy>();\n protected middlewares = [];\n\n public allowManager = new AllowManager(this);\n\n roles = new Map<string, ACLRole>();\n\n actionAlias = new Map<string, string>();\n\n configResources: string[] = [];\n\n constructor() {\n super();\n\n this.beforeGrantAction((ctx) => {\n if (lodash.isPlainObject(ctx.params) && ctx.params.own) {\n ctx.params = lodash.merge(ctx.params, predicate.own);\n }\n });\n\n this.beforeGrantAction((ctx) => {\n const actionName = this.resolveActionAlias(ctx.actionName);\n\n if (lodash.isPlainObject(ctx.params)) {\n if ((actionName === 'create' || actionName === 'update') && ctx.params.fields) {\n ctx.params = {\n ...lodash.omit(ctx.params, 'fields'),\n whitelist: ctx.params.fields,\n };\n }\n\n if (actionName === 'view' && ctx.params.fields) {\n const appendFields = ['id', 'createdAt', 'updatedAt'];\n ctx.params = {\n ...lodash.omit(ctx.params, 'fields'),\n fields: [...ctx.params.fields, ...appendFields],\n };\n }\n }\n });\n\n this.middlewares.push(this.allowManager.aclMiddleware());\n }\n\n define(options: DefineOptions): ACLRole {\n const roleName = options.role;\n const role = new ACLRole(this, roleName);\n\n if (options.strategy) {\n role.strategy = options.strategy;\n }\n\n const actions = options.actions || {};\n\n for (const [actionName, actionParams] of Object.entries(actions)) {\n role.grantAction(actionName, actionParams);\n }\n\n this.roles.set(roleName, role);\n\n return role;\n }\n\n getRole(name: string): ACLRole {\n return this.roles.get(name);\n }\n\n removeRole(name: string) {\n return this.roles.delete(name);\n }\n\n registerConfigResources(names: string[]) {\n names.forEach((name) => this.registerConfigResource(name));\n }\n\n registerConfigResource(name: string) {\n this.configResources.push(name);\n }\n\n isConfigResource(name: string) {\n return this.configResources.includes(name);\n }\n\n setAvailableAction(name: string, options: AvailableActionOptions) {\n this.availableActions.set(name, new AclAvailableAction(name, options));\n\n if (options.aliases) {\n const aliases = lodash.isArray(options.aliases) ? options.aliases : [options.aliases];\n for (const alias of aliases) {\n this.actionAlias.set(alias, name);\n }\n }\n }\n\n getAvailableAction(name: string) {\n const actionName = this.actionAlias.get(name) || name;\n return this.availableActions.get(actionName);\n }\n\n getAvailableActions() {\n return this.availableActions;\n }\n\n setAvailableStrategy(name: string, options: Omit<AvailableStrategyOptions, 'acl'>) {\n this.availableStrategy.set(name, new ACLAvailableStrategy(this, options));\n }\n\n beforeGrantAction(listener?: Listener) {\n this.addListener('beforeGrantAction', listener);\n }\n\n can({ role, resource, action }: CanArgs): CanResult | null {\n const aclRole = this.roles.get(role);\n\n if (!aclRole) {\n return null;\n }\n\n const aclResource = aclRole.getResource(resource);\n\n if (aclResource) {\n const actionParams = aclResource.getAction(action);\n\n if (actionParams) {\n // handle single action config\n return {\n role,\n resource,\n action,\n params: actionParams,\n };\n }\n }\n\n if (!aclRole.strategy) {\n return null;\n }\n\n const roleStrategy = lodash.isString(aclRole.strategy)\n ? this.availableStrategy.get(aclRole.strategy)\n : new ACLAvailableStrategy(this, aclRole.strategy);\n\n if (!roleStrategy) {\n return null;\n }\n\n const roleStrategyParams = roleStrategy.allow(resource, this.resolveActionAlias(action));\n\n if (roleStrategyParams) {\n const result = { role, resource, action };\n\n if (lodash.isPlainObject(roleStrategyParams)) {\n result['params'] = roleStrategyParams;\n }\n\n return result;\n }\n\n return null;\n }\n\n protected isAvailableAction(actionName: string) {\n return this.availableActions.has(this.resolveActionAlias(actionName));\n }\n\n public resolveActionAlias(action: string) {\n return this.actionAlias.get(action) ? this.actionAlias.get(action) : action;\n }\n\n use(fn: any) {\n this.middlewares.push(fn);\n }\n\n allow(resourceName: string, actionNames: string[] | string, condition?: any) {\n if (!Array.isArray(actionNames)) {\n actionNames = [actionNames];\n }\n\n for (const actionName of actionNames) {\n this.allowManager.allow(resourceName, actionName, condition);\n }\n }\n\n parseJsonTemplate(json: any, ctx: any) {\n return parse(json)({\n ctx: {\n state: JSON.parse(JSON.stringify(ctx.state)),\n },\n });\n }\n\n middleware() {\n const acl = this;\n\n const filterParams = (ctx, resourceName, params) => {\n if (params?.filter?.createdById) {\n const collection = ctx.db.getCollection(resourceName);\n if (collection && !collection.getField('createdById')) {\n return lodash.omit(params, 'filter.createdById');\n }\n }\n\n return params;\n };\n\n return async function ACLMiddleware(ctx, next) {\n const roleName = ctx.state.currentRole || 'anonymous';\n const { resourceName, actionName } = ctx.action;\n\n const resourcerAction: Action = ctx.action;\n\n ctx.can = (options: Omit<CanArgs, 'role'>) => {\n return acl.can({ role: roleName, ...options });\n };\n\n ctx.permission = {\n can: ctx.can({ resource: resourceName, action: actionName }),\n };\n\n return compose(acl.middlewares)(ctx, async () => {\n const permission = ctx.permission;\n\n if (permission.skip) {\n return next();\n }\n\n if (!permission.can || typeof permission.can !== 'object') {\n ctx.throw(403, 'No permissions');\n return;\n }\n\n const { params } = permission.can;\n\n if (params) {\n const filteredParams = filterParams(ctx, resourceName, params);\n const parsedParams = acl.parseJsonTemplate(filteredParams, ctx);\n resourcerAction.mergeParams(parsedParams);\n }\n\n await next();\n });\n };\n }\n}\n"]}
1
+ {"version":3,"file":"acl.js","sourceRoot":"","sources":["../src/acl.ts"],"names":[],"mappings":";;;;;;;;;AACA,OAAO,YAAY,MAAM,QAAQ,CAAC;AAClC,OAAO,OAAO,MAAM,aAAa,CAAC;AAClC,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EAAE,kBAAkB,EAA0B,MAAM,wBAAwB,CAAC;AACpF,OAAO,EAAE,oBAAoB,EAA4B,SAAS,EAAE,MAAM,0BAA0B,CAAC;AACrG,OAAO,EAAE,OAAO,EAAoB,MAAM,YAAY,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,MAAM,KAAK,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;AAoCxC,MAAM,OAAO,GAAI,SAAQ,YAAY;IAanC;QACE,KAAK,EAAE,CAAC;QAbA,qBAAgB,GAAG,IAAI,GAAG,EAA8B,CAAC;QACzD,sBAAiB,GAAG,IAAI,GAAG,EAAgC,CAAC;QAC5D,gBAAW,GAAG,EAAE,CAAC;QAEpB,iBAAY,GAAG,IAAI,YAAY,CAAC,IAAI,CAAC,CAAC;QAE7C,UAAK,GAAG,IAAI,GAAG,EAAmB,CAAC;QAEnC,gBAAW,GAAG,IAAI,GAAG,EAAkB,CAAC;QAExC,oBAAe,GAAa,EAAE,CAAC;QAK7B,IAAI,CAAC,iBAAiB,CAAC,CAAC,GAAG,EAAE,EAAE;YAC7B,IAAI,MAAM,CAAC,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE;gBACtD,GAAG,CAAC,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,CAAC,GAAG,CAAC,CAAC;aACtD;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,iBAAiB,CAAC,CAAC,GAAG,EAAE,EAAE;YAC7B,MAAM,UAAU,GAAG,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YAE3D,IAAI,MAAM,CAAC,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE;gBACpC,IAAI,CAAC,UAAU,KAAK,QAAQ,IAAI,UAAU,KAAK,QAAQ,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE;oBAC7E,GAAG,CAAC,MAAM,mCACL,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,KACpC,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,MAAM,GAC7B,CAAC;iBACH;gBAED,IAAI,UAAU,KAAK,MAAM,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE;oBAC9C,MAAM,YAAY,GAAG,CAAC,IAAI,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC;oBACtD,GAAG,CAAC,MAAM,mCACL,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,KACpC,MAAM,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,YAAY,CAAC,GAChD,CAAC;iBACH;aACF;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,aAAa,EAAE,CAAC,CAAC;IAC3D,CAAC;IAED,MAAM,CAAC,OAAsB;QAC3B,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;QAC9B,MAAM,IAAI,GAAG,IAAI,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAEzC,IAAI,OAAO,CAAC,QAAQ,EAAE;YACpB,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;SAClC;QAED,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,EAAE,CAAC;QAEtC,KAAK,MAAM,CAAC,UAAU,EAAE,YAAY,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;YAChE,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;SAC5C;QAED,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAE/B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,CAAC,IAAY;QAClB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC9B,CAAC;IAED,UAAU,CAAC,IAAY;QACrB,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACjC,CAAC;IAED,uBAAuB,CAAC,KAAe;QACrC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC;IAC7D,CAAC;IAED,sBAAsB,CAAC,IAAY;QACjC,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;IAED,gBAAgB,CAAC,IAAY;QAC3B,OAAO,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC7C,CAAC;IAED,kBAAkB,CAAC,IAAY,EAAE,OAA+B;QAC9D,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,kBAAkB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC;QAEvE,IAAI,OAAO,CAAC,OAAO,EAAE;YACnB,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YACtF,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE;gBAC3B,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;aACnC;SACF;IACH,CAAC;IAED,kBAAkB,CAAC,IAAY;QAC7B,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC;QACtD,OAAO,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC/C,CAAC;IAED,mBAAmB;QACjB,OAAO,IAAI,CAAC,gBAAgB,CAAC;IAC/B,CAAC;IAED,oBAAoB,CAAC,IAAY,EAAE,OAA8C;QAC/E,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,oBAAoB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC;IAC5E,CAAC;IAED,iBAAiB,CAAC,QAAmB;QACnC,IAAI,CAAC,WAAW,CAAC,mBAAmB,EAAE,QAAQ,CAAC,CAAC;IAClD,CAAC;IAED,GAAG,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAW;QACrC,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAErC,IAAI,CAAC,OAAO,EAAE;YACZ,OAAO,IAAI,CAAC;SACb;QAED,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QAElD,IAAI,WAAW,EAAE;YACf,MAAM,YAAY,GAAG,WAAW,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YAEnD,IAAI,YAAY,EAAE;gBAChB,8BAA8B;gBAC9B,OAAO;oBACL,IAAI;oBACJ,QAAQ;oBACR,MAAM;oBACN,MAAM,EAAE,YAAY;iBACrB,CAAC;aACH;iBAAM;gBACL,OAAO,IAAI,CAAC;aACb;SACF;QAED,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE;YACrB,OAAO,IAAI,CAAC;SACb;QAED,MAAM,YAAY,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC;YACpD,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC;YAC9C,CAAC,CAAC,IAAI,oBAAoB,CAAC,IAAI,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;QAErD,IAAI,CAAC,YAAY,EAAE;YACjB,OAAO,IAAI,CAAC;SACb;QAED,MAAM,kBAAkB,GAAG,YAAY,CAAC,KAAK,CAAC,QAAQ,EAAE,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC;QAEzF,IAAI,kBAAkB,EAAE;YACtB,MAAM,MAAM,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;YAE1C,IAAI,MAAM,CAAC,aAAa,CAAC,kBAAkB,CAAC,EAAE;gBAC5C,MAAM,CAAC,QAAQ,CAAC,GAAG,kBAAkB,CAAC;aACvC;YAED,OAAO,MAAM,CAAC;SACf;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAES,iBAAiB,CAAC,UAAkB;QAC5C,OAAO,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC,CAAC;IACxE,CAAC;IAEM,kBAAkB,CAAC,MAAc;QACtC,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;IAC9E,CAAC;IAED,GAAG,CAAC,EAAO;QACT,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC5B,CAAC;IAED,KAAK,CAAC,YAAoB,EAAE,WAA8B,EAAE,SAAe;QACzE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE;YAC/B,WAAW,GAAG,CAAC,WAAW,CAAC,CAAC;SAC7B;QAED,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE;YACpC,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,YAAY,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC;SAC9D;IACH,CAAC;IAED,iBAAiB,CAAC,IAAS,EAAE,GAAQ;QACnC,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC;YACjB,GAAG,EAAE;gBACH,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;aAC7C;SACF,CAAC,CAAC;IACL,CAAC;IAED,UAAU;QACR,MAAM,GAAG,GAAG,IAAI,CAAC;QAEjB,MAAM,YAAY,GAAG,CAAC,GAAG,EAAE,YAAY,EAAE,MAAM,EAAE,EAAE;;YACjD,IAAI,MAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,MAAM,0CAAE,WAAW,EAAE;gBAC/B,MAAM,UAAU,GAAG,GAAG,CAAC,EAAE,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;gBACtD,IAAI,UAAU,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE;oBACrD,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,oBAAoB,CAAC,CAAC;iBAClD;aACF;YAED,OAAO,MAAM,CAAC;QAChB,CAAC,CAAC;QAEF,OAAO,SAAe,aAAa,CAAC,GAAG,EAAE,IAAI;;gBAC3C,MAAM,QAAQ,GAAG,GAAG,CAAC,KAAK,CAAC,WAAW,IAAI,WAAW,CAAC;gBACtD,MAAM,EAAE,YAAY,EAAE,UAAU,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;gBAEhD,MAAM,eAAe,GAAW,GAAG,CAAC,MAAM,CAAC;gBAE3C,GAAG,CAAC,GAAG,GAAG,CAAC,OAA8B,EAAE,EAAE;oBAC3C,OAAO,GAAG,CAAC,GAAG,iBAAG,IAAI,EAAE,QAAQ,IAAK,OAAO,EAAG,CAAC;gBACjD,CAAC,CAAC;gBAEF,GAAG,CAAC,UAAU,GAAG;oBACf,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC;iBAC7D,CAAC;gBAEF,OAAO,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,GAAG,EAAE,GAAS,EAAE;oBAC9C,MAAM,UAAU,GAAG,GAAG,CAAC,UAAU,CAAC;oBAElC,IAAI,UAAU,CAAC,IAAI,EAAE;wBACnB,OAAO,IAAI,EAAE,CAAC;qBACf;oBAED,IAAI,CAAC,UAAU,CAAC,GAAG,IAAI,OAAO,UAAU,CAAC,GAAG,KAAK,QAAQ,EAAE;wBACzD,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC;wBACjC,OAAO;qBACR;oBAED,MAAM,EAAE,MAAM,EAAE,GAAG,UAAU,CAAC,GAAG,CAAC;oBAElC,IAAI,MAAM,EAAE;wBACV,MAAM,cAAc,GAAG,YAAY,CAAC,GAAG,EAAE,YAAY,EAAE,MAAM,CAAC,CAAC;wBAC/D,MAAM,YAAY,GAAG,GAAG,CAAC,iBAAiB,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC;wBAChE,eAAe,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;qBAC3C;oBAED,MAAM,IAAI,EAAE,CAAC;gBACf,CAAC,CAAA,CAAC,CAAC;YACL,CAAC;SAAA,CAAC;IACJ,CAAC;CACF","sourcesContent":["import { Action } from '@nocobase/resourcer';\nimport EventEmitter from 'events';\nimport compose from 'koa-compose';\nimport lodash from 'lodash';\nimport { AclAvailableAction, AvailableActionOptions } from './acl-available-action';\nimport { ACLAvailableStrategy, AvailableStrategyOptions, predicate } from './acl-available-strategy';\nimport { ACLRole, RoleActionParams } from './acl-role';\nimport { AllowManager } from './allow-manager';\nconst parse = require('json-templates');\n\ninterface CanResult {\n role: string;\n resource: string;\n action: string;\n params?: any;\n}\n\nexport interface DefineOptions {\n role: string;\n allowConfigure?: boolean;\n strategy?: string | Omit<AvailableStrategyOptions, 'acl'>;\n actions?: {\n [key: string]: RoleActionParams;\n };\n routes?: any;\n}\n\nexport interface ListenerContext {\n acl: ACL;\n role: ACLRole;\n path: string;\n actionName: string;\n resourceName: string;\n params: RoleActionParams;\n}\n\ntype Listener = (ctx: ListenerContext) => void;\n\ninterface CanArgs {\n role: string;\n resource: string;\n action: string;\n}\n\nexport class ACL extends EventEmitter {\n protected availableActions = new Map<string, AclAvailableAction>();\n protected availableStrategy = new Map<string, ACLAvailableStrategy>();\n protected middlewares = [];\n\n public allowManager = new AllowManager(this);\n\n roles = new Map<string, ACLRole>();\n\n actionAlias = new Map<string, string>();\n\n configResources: string[] = [];\n\n constructor() {\n super();\n\n this.beforeGrantAction((ctx) => {\n if (lodash.isPlainObject(ctx.params) && ctx.params.own) {\n ctx.params = lodash.merge(ctx.params, predicate.own);\n }\n });\n\n this.beforeGrantAction((ctx) => {\n const actionName = this.resolveActionAlias(ctx.actionName);\n\n if (lodash.isPlainObject(ctx.params)) {\n if ((actionName === 'create' || actionName === 'update') && ctx.params.fields) {\n ctx.params = {\n ...lodash.omit(ctx.params, 'fields'),\n whitelist: ctx.params.fields,\n };\n }\n\n if (actionName === 'view' && ctx.params.fields) {\n const appendFields = ['id', 'createdAt', 'updatedAt'];\n ctx.params = {\n ...lodash.omit(ctx.params, 'fields'),\n fields: [...ctx.params.fields, ...appendFields],\n };\n }\n }\n });\n\n this.middlewares.push(this.allowManager.aclMiddleware());\n }\n\n define(options: DefineOptions): ACLRole {\n const roleName = options.role;\n const role = new ACLRole(this, roleName);\n\n if (options.strategy) {\n role.strategy = options.strategy;\n }\n\n const actions = options.actions || {};\n\n for (const [actionName, actionParams] of Object.entries(actions)) {\n role.grantAction(actionName, actionParams);\n }\n\n this.roles.set(roleName, role);\n\n return role;\n }\n\n getRole(name: string): ACLRole {\n return this.roles.get(name);\n }\n\n removeRole(name: string) {\n return this.roles.delete(name);\n }\n\n registerConfigResources(names: string[]) {\n names.forEach((name) => this.registerConfigResource(name));\n }\n\n registerConfigResource(name: string) {\n this.configResources.push(name);\n }\n\n isConfigResource(name: string) {\n return this.configResources.includes(name);\n }\n\n setAvailableAction(name: string, options: AvailableActionOptions) {\n this.availableActions.set(name, new AclAvailableAction(name, options));\n\n if (options.aliases) {\n const aliases = lodash.isArray(options.aliases) ? options.aliases : [options.aliases];\n for (const alias of aliases) {\n this.actionAlias.set(alias, name);\n }\n }\n }\n\n getAvailableAction(name: string) {\n const actionName = this.actionAlias.get(name) || name;\n return this.availableActions.get(actionName);\n }\n\n getAvailableActions() {\n return this.availableActions;\n }\n\n setAvailableStrategy(name: string, options: Omit<AvailableStrategyOptions, 'acl'>) {\n this.availableStrategy.set(name, new ACLAvailableStrategy(this, options));\n }\n\n beforeGrantAction(listener?: Listener) {\n this.addListener('beforeGrantAction', listener);\n }\n\n can({ role, resource, action }: CanArgs): CanResult | null {\n const aclRole = this.roles.get(role);\n\n if (!aclRole) {\n return null;\n }\n\n const aclResource = aclRole.getResource(resource);\n\n if (aclResource) {\n const actionParams = aclResource.getAction(action);\n\n if (actionParams) {\n // handle single action config\n return {\n role,\n resource,\n action,\n params: actionParams,\n };\n } else {\n return null;\n }\n }\n\n if (!aclRole.strategy) {\n return null;\n }\n\n const roleStrategy = lodash.isString(aclRole.strategy)\n ? this.availableStrategy.get(aclRole.strategy)\n : new ACLAvailableStrategy(this, aclRole.strategy);\n\n if (!roleStrategy) {\n return null;\n }\n\n const roleStrategyParams = roleStrategy.allow(resource, this.resolveActionAlias(action));\n\n if (roleStrategyParams) {\n const result = { role, resource, action };\n\n if (lodash.isPlainObject(roleStrategyParams)) {\n result['params'] = roleStrategyParams;\n }\n\n return result;\n }\n\n return null;\n }\n\n protected isAvailableAction(actionName: string) {\n return this.availableActions.has(this.resolveActionAlias(actionName));\n }\n\n public resolveActionAlias(action: string) {\n return this.actionAlias.get(action) ? this.actionAlias.get(action) : action;\n }\n\n use(fn: any) {\n this.middlewares.push(fn);\n }\n\n allow(resourceName: string, actionNames: string[] | string, condition?: any) {\n if (!Array.isArray(actionNames)) {\n actionNames = [actionNames];\n }\n\n for (const actionName of actionNames) {\n this.allowManager.allow(resourceName, actionName, condition);\n }\n }\n\n parseJsonTemplate(json: any, ctx: any) {\n return parse(json)({\n ctx: {\n state: JSON.parse(JSON.stringify(ctx.state)),\n },\n });\n }\n\n middleware() {\n const acl = this;\n\n const filterParams = (ctx, resourceName, params) => {\n if (params?.filter?.createdById) {\n const collection = ctx.db.getCollection(resourceName);\n if (collection && !collection.getField('createdById')) {\n return lodash.omit(params, 'filter.createdById');\n }\n }\n\n return params;\n };\n\n return async function ACLMiddleware(ctx, next) {\n const roleName = ctx.state.currentRole || 'anonymous';\n const { resourceName, actionName } = ctx.action;\n\n const resourcerAction: Action = ctx.action;\n\n ctx.can = (options: Omit<CanArgs, 'role'>) => {\n return acl.can({ role: roleName, ...options });\n };\n\n ctx.permission = {\n can: ctx.can({ resource: resourceName, action: actionName }),\n };\n\n return compose(acl.middlewares)(ctx, async () => {\n const permission = ctx.permission;\n\n if (permission.skip) {\n return next();\n }\n\n if (!permission.can || typeof permission.can !== 'object') {\n ctx.throw(403, 'No permissions');\n return;\n }\n\n const { params } = permission.can;\n\n if (params) {\n const filteredParams = filterParams(ctx, resourceName, params);\n const parsedParams = acl.parseJsonTemplate(filteredParams, ctx);\n resourcerAction.mergeParams(parsedParams);\n }\n\n await next();\n });\n };\n }\n}\n"]}
package/lib/acl.js CHANGED
@@ -117,6 +117,9 @@ class ACL extends events_1.default {
117
117
  params: actionParams,
118
118
  };
119
119
  }
120
+ else {
121
+ return null;
122
+ }
120
123
  }
121
124
  if (!aclRole.strategy) {
122
125
  return null;
package/lib/acl.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"acl.js","sourceRoot":"","sources":["../src/acl.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AACA,oDAAkC;AAClC,8DAAkC;AAClC,oDAA4B;AAC5B,iEAAoF;AACpF,qEAAqG;AACrG,yCAAuD;AACvD,mDAA+C;AAC/C,MAAM,KAAK,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;AAoCxC,MAAa,GAAI,SAAQ,gBAAY;IAanC;QACE,KAAK,EAAE,CAAC;QAbA,qBAAgB,GAAG,IAAI,GAAG,EAA8B,CAAC;QACzD,sBAAiB,GAAG,IAAI,GAAG,EAAgC,CAAC;QAC5D,gBAAW,GAAG,EAAE,CAAC;QAEpB,iBAAY,GAAG,IAAI,4BAAY,CAAC,IAAI,CAAC,CAAC;QAE7C,UAAK,GAAG,IAAI,GAAG,EAAmB,CAAC;QAEnC,gBAAW,GAAG,IAAI,GAAG,EAAkB,CAAC;QAExC,oBAAe,GAAa,EAAE,CAAC;QAK7B,IAAI,CAAC,iBAAiB,CAAC,CAAC,GAAG,EAAE,EAAE;YAC7B,IAAI,gBAAM,CAAC,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE;gBACtD,GAAG,CAAC,MAAM,GAAG,gBAAM,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,EAAE,kCAAS,CAAC,GAAG,CAAC,CAAC;aACtD;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,iBAAiB,CAAC,CAAC,GAAG,EAAE,EAAE;YAC7B,MAAM,UAAU,GAAG,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YAE3D,IAAI,gBAAM,CAAC,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE;gBACpC,IAAI,CAAC,UAAU,KAAK,QAAQ,IAAI,UAAU,KAAK,QAAQ,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE;oBAC7E,GAAG,CAAC,MAAM,mCACL,gBAAM,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,KACpC,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,MAAM,GAC7B,CAAC;iBACH;gBAED,IAAI,UAAU,KAAK,MAAM,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE;oBAC9C,MAAM,YAAY,GAAG,CAAC,IAAI,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC;oBACtD,GAAG,CAAC,MAAM,mCACL,gBAAM,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,KACpC,MAAM,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,YAAY,CAAC,GAChD,CAAC;iBACH;aACF;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,aAAa,EAAE,CAAC,CAAC;IAC3D,CAAC;IAED,MAAM,CAAC,OAAsB;QAC3B,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;QAC9B,MAAM,IAAI,GAAG,IAAI,kBAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAEzC,IAAI,OAAO,CAAC,QAAQ,EAAE;YACpB,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;SAClC;QAED,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,EAAE,CAAC;QAEtC,KAAK,MAAM,CAAC,UAAU,EAAE,YAAY,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;YAChE,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;SAC5C;QAED,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAE/B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,CAAC,IAAY;QAClB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC9B,CAAC;IAED,UAAU,CAAC,IAAY;QACrB,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACjC,CAAC;IAED,uBAAuB,CAAC,KAAe;QACrC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC;IAC7D,CAAC;IAED,sBAAsB,CAAC,IAAY;QACjC,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;IAED,gBAAgB,CAAC,IAAY;QAC3B,OAAO,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC7C,CAAC;IAED,kBAAkB,CAAC,IAAY,EAAE,OAA+B;QAC9D,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,yCAAkB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC;QAEvE,IAAI,OAAO,CAAC,OAAO,EAAE;YACnB,MAAM,OAAO,GAAG,gBAAM,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YACtF,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE;gBAC3B,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;aACnC;SACF;IACH,CAAC;IAED,kBAAkB,CAAC,IAAY;QAC7B,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC;QACtD,OAAO,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC/C,CAAC;IAED,mBAAmB;QACjB,OAAO,IAAI,CAAC,gBAAgB,CAAC;IAC/B,CAAC;IAED,oBAAoB,CAAC,IAAY,EAAE,OAA8C;QAC/E,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,6CAAoB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC;IAC5E,CAAC;IAED,iBAAiB,CAAC,QAAmB;QACnC,IAAI,CAAC,WAAW,CAAC,mBAAmB,EAAE,QAAQ,CAAC,CAAC;IAClD,CAAC;IAED,GAAG,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAW;QACrC,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAErC,IAAI,CAAC,OAAO,EAAE;YACZ,OAAO,IAAI,CAAC;SACb;QAED,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QAElD,IAAI,WAAW,EAAE;YACf,MAAM,YAAY,GAAG,WAAW,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YAEnD,IAAI,YAAY,EAAE;gBAChB,8BAA8B;gBAC9B,OAAO;oBACL,IAAI;oBACJ,QAAQ;oBACR,MAAM;oBACN,MAAM,EAAE,YAAY;iBACrB,CAAC;aACH;SACF;QAED,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE;YACrB,OAAO,IAAI,CAAC;SACb;QAED,MAAM,YAAY,GAAG,gBAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC;YACpD,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC;YAC9C,CAAC,CAAC,IAAI,6CAAoB,CAAC,IAAI,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;QAErD,IAAI,CAAC,YAAY,EAAE;YACjB,OAAO,IAAI,CAAC;SACb;QAED,MAAM,kBAAkB,GAAG,YAAY,CAAC,KAAK,CAAC,QAAQ,EAAE,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC;QAEzF,IAAI,kBAAkB,EAAE;YACtB,MAAM,MAAM,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;YAE1C,IAAI,gBAAM,CAAC,aAAa,CAAC,kBAAkB,CAAC,EAAE;gBAC5C,MAAM,CAAC,QAAQ,CAAC,GAAG,kBAAkB,CAAC;aACvC;YAED,OAAO,MAAM,CAAC;SACf;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAES,iBAAiB,CAAC,UAAkB;QAC5C,OAAO,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC,CAAC;IACxE,CAAC;IAEM,kBAAkB,CAAC,MAAc;QACtC,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;IAC9E,CAAC;IAED,GAAG,CAAC,EAAO;QACT,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC5B,CAAC;IAED,KAAK,CAAC,YAAoB,EAAE,WAA8B,EAAE,SAAe;QACzE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE;YAC/B,WAAW,GAAG,CAAC,WAAW,CAAC,CAAC;SAC7B;QAED,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE;YACpC,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,YAAY,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC;SAC9D;IACH,CAAC;IAED,iBAAiB,CAAC,IAAS,EAAE,GAAQ;QACnC,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC;YACjB,GAAG,EAAE;gBACH,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;aAC7C;SACF,CAAC,CAAC;IACL,CAAC;IAED,UAAU;QACR,MAAM,GAAG,GAAG,IAAI,CAAC;QAEjB,MAAM,YAAY,GAAG,CAAC,GAAG,EAAE,YAAY,EAAE,MAAM,EAAE,EAAE;;YACjD,IAAI,MAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,MAAM,0CAAE,WAAW,EAAE;gBAC/B,MAAM,UAAU,GAAG,GAAG,CAAC,EAAE,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;gBACtD,IAAI,UAAU,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE;oBACrD,OAAO,gBAAM,CAAC,IAAI,CAAC,MAAM,EAAE,oBAAoB,CAAC,CAAC;iBAClD;aACF;YAED,OAAO,MAAM,CAAC;QAChB,CAAC,CAAC;QAEF,OAAO,SAAe,aAAa,CAAC,GAAG,EAAE,IAAI;;gBAC3C,MAAM,QAAQ,GAAG,GAAG,CAAC,KAAK,CAAC,WAAW,IAAI,WAAW,CAAC;gBACtD,MAAM,EAAE,YAAY,EAAE,UAAU,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;gBAEhD,MAAM,eAAe,GAAW,GAAG,CAAC,MAAM,CAAC;gBAE3C,GAAG,CAAC,GAAG,GAAG,CAAC,OAA8B,EAAE,EAAE;oBAC3C,OAAO,GAAG,CAAC,GAAG,iBAAG,IAAI,EAAE,QAAQ,IAAK,OAAO,EAAG,CAAC;gBACjD,CAAC,CAAC;gBAEF,GAAG,CAAC,UAAU,GAAG;oBACf,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC;iBAC7D,CAAC;gBAEF,OAAO,IAAA,qBAAO,EAAC,GAAG,CAAC,WAAW,CAAC,CAAC,GAAG,EAAE,GAAS,EAAE;oBAC9C,MAAM,UAAU,GAAG,GAAG,CAAC,UAAU,CAAC;oBAElC,IAAI,UAAU,CAAC,IAAI,EAAE;wBACnB,OAAO,IAAI,EAAE,CAAC;qBACf;oBAED,IAAI,CAAC,UAAU,CAAC,GAAG,IAAI,OAAO,UAAU,CAAC,GAAG,KAAK,QAAQ,EAAE;wBACzD,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC;wBACjC,OAAO;qBACR;oBAED,MAAM,EAAE,MAAM,EAAE,GAAG,UAAU,CAAC,GAAG,CAAC;oBAElC,IAAI,MAAM,EAAE;wBACV,MAAM,cAAc,GAAG,YAAY,CAAC,GAAG,EAAE,YAAY,EAAE,MAAM,CAAC,CAAC;wBAC/D,MAAM,YAAY,GAAG,GAAG,CAAC,iBAAiB,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC;wBAChE,eAAe,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;qBAC3C;oBAED,MAAM,IAAI,EAAE,CAAC;gBACf,CAAC,CAAA,CAAC,CAAC;YACL,CAAC;SAAA,CAAC;IACJ,CAAC;CACF;AArPD,kBAqPC","sourcesContent":["import { Action } from '@nocobase/resourcer';\nimport EventEmitter from 'events';\nimport compose from 'koa-compose';\nimport lodash from 'lodash';\nimport { AclAvailableAction, AvailableActionOptions } from './acl-available-action';\nimport { ACLAvailableStrategy, AvailableStrategyOptions, predicate } from './acl-available-strategy';\nimport { ACLRole, RoleActionParams } from './acl-role';\nimport { AllowManager } from './allow-manager';\nconst parse = require('json-templates');\n\ninterface CanResult {\n role: string;\n resource: string;\n action: string;\n params?: any;\n}\n\nexport interface DefineOptions {\n role: string;\n allowConfigure?: boolean;\n strategy?: string | Omit<AvailableStrategyOptions, 'acl'>;\n actions?: {\n [key: string]: RoleActionParams;\n };\n routes?: any;\n}\n\nexport interface ListenerContext {\n acl: ACL;\n role: ACLRole;\n path: string;\n actionName: string;\n resourceName: string;\n params: RoleActionParams;\n}\n\ntype Listener = (ctx: ListenerContext) => void;\n\ninterface CanArgs {\n role: string;\n resource: string;\n action: string;\n}\n\nexport class ACL extends EventEmitter {\n protected availableActions = new Map<string, AclAvailableAction>();\n protected availableStrategy = new Map<string, ACLAvailableStrategy>();\n protected middlewares = [];\n\n public allowManager = new AllowManager(this);\n\n roles = new Map<string, ACLRole>();\n\n actionAlias = new Map<string, string>();\n\n configResources: string[] = [];\n\n constructor() {\n super();\n\n this.beforeGrantAction((ctx) => {\n if (lodash.isPlainObject(ctx.params) && ctx.params.own) {\n ctx.params = lodash.merge(ctx.params, predicate.own);\n }\n });\n\n this.beforeGrantAction((ctx) => {\n const actionName = this.resolveActionAlias(ctx.actionName);\n\n if (lodash.isPlainObject(ctx.params)) {\n if ((actionName === 'create' || actionName === 'update') && ctx.params.fields) {\n ctx.params = {\n ...lodash.omit(ctx.params, 'fields'),\n whitelist: ctx.params.fields,\n };\n }\n\n if (actionName === 'view' && ctx.params.fields) {\n const appendFields = ['id', 'createdAt', 'updatedAt'];\n ctx.params = {\n ...lodash.omit(ctx.params, 'fields'),\n fields: [...ctx.params.fields, ...appendFields],\n };\n }\n }\n });\n\n this.middlewares.push(this.allowManager.aclMiddleware());\n }\n\n define(options: DefineOptions): ACLRole {\n const roleName = options.role;\n const role = new ACLRole(this, roleName);\n\n if (options.strategy) {\n role.strategy = options.strategy;\n }\n\n const actions = options.actions || {};\n\n for (const [actionName, actionParams] of Object.entries(actions)) {\n role.grantAction(actionName, actionParams);\n }\n\n this.roles.set(roleName, role);\n\n return role;\n }\n\n getRole(name: string): ACLRole {\n return this.roles.get(name);\n }\n\n removeRole(name: string) {\n return this.roles.delete(name);\n }\n\n registerConfigResources(names: string[]) {\n names.forEach((name) => this.registerConfigResource(name));\n }\n\n registerConfigResource(name: string) {\n this.configResources.push(name);\n }\n\n isConfigResource(name: string) {\n return this.configResources.includes(name);\n }\n\n setAvailableAction(name: string, options: AvailableActionOptions) {\n this.availableActions.set(name, new AclAvailableAction(name, options));\n\n if (options.aliases) {\n const aliases = lodash.isArray(options.aliases) ? options.aliases : [options.aliases];\n for (const alias of aliases) {\n this.actionAlias.set(alias, name);\n }\n }\n }\n\n getAvailableAction(name: string) {\n const actionName = this.actionAlias.get(name) || name;\n return this.availableActions.get(actionName);\n }\n\n getAvailableActions() {\n return this.availableActions;\n }\n\n setAvailableStrategy(name: string, options: Omit<AvailableStrategyOptions, 'acl'>) {\n this.availableStrategy.set(name, new ACLAvailableStrategy(this, options));\n }\n\n beforeGrantAction(listener?: Listener) {\n this.addListener('beforeGrantAction', listener);\n }\n\n can({ role, resource, action }: CanArgs): CanResult | null {\n const aclRole = this.roles.get(role);\n\n if (!aclRole) {\n return null;\n }\n\n const aclResource = aclRole.getResource(resource);\n\n if (aclResource) {\n const actionParams = aclResource.getAction(action);\n\n if (actionParams) {\n // handle single action config\n return {\n role,\n resource,\n action,\n params: actionParams,\n };\n }\n }\n\n if (!aclRole.strategy) {\n return null;\n }\n\n const roleStrategy = lodash.isString(aclRole.strategy)\n ? this.availableStrategy.get(aclRole.strategy)\n : new ACLAvailableStrategy(this, aclRole.strategy);\n\n if (!roleStrategy) {\n return null;\n }\n\n const roleStrategyParams = roleStrategy.allow(resource, this.resolveActionAlias(action));\n\n if (roleStrategyParams) {\n const result = { role, resource, action };\n\n if (lodash.isPlainObject(roleStrategyParams)) {\n result['params'] = roleStrategyParams;\n }\n\n return result;\n }\n\n return null;\n }\n\n protected isAvailableAction(actionName: string) {\n return this.availableActions.has(this.resolveActionAlias(actionName));\n }\n\n public resolveActionAlias(action: string) {\n return this.actionAlias.get(action) ? this.actionAlias.get(action) : action;\n }\n\n use(fn: any) {\n this.middlewares.push(fn);\n }\n\n allow(resourceName: string, actionNames: string[] | string, condition?: any) {\n if (!Array.isArray(actionNames)) {\n actionNames = [actionNames];\n }\n\n for (const actionName of actionNames) {\n this.allowManager.allow(resourceName, actionName, condition);\n }\n }\n\n parseJsonTemplate(json: any, ctx: any) {\n return parse(json)({\n ctx: {\n state: JSON.parse(JSON.stringify(ctx.state)),\n },\n });\n }\n\n middleware() {\n const acl = this;\n\n const filterParams = (ctx, resourceName, params) => {\n if (params?.filter?.createdById) {\n const collection = ctx.db.getCollection(resourceName);\n if (collection && !collection.getField('createdById')) {\n return lodash.omit(params, 'filter.createdById');\n }\n }\n\n return params;\n };\n\n return async function ACLMiddleware(ctx, next) {\n const roleName = ctx.state.currentRole || 'anonymous';\n const { resourceName, actionName } = ctx.action;\n\n const resourcerAction: Action = ctx.action;\n\n ctx.can = (options: Omit<CanArgs, 'role'>) => {\n return acl.can({ role: roleName, ...options });\n };\n\n ctx.permission = {\n can: ctx.can({ resource: resourceName, action: actionName }),\n };\n\n return compose(acl.middlewares)(ctx, async () => {\n const permission = ctx.permission;\n\n if (permission.skip) {\n return next();\n }\n\n if (!permission.can || typeof permission.can !== 'object') {\n ctx.throw(403, 'No permissions');\n return;\n }\n\n const { params } = permission.can;\n\n if (params) {\n const filteredParams = filterParams(ctx, resourceName, params);\n const parsedParams = acl.parseJsonTemplate(filteredParams, ctx);\n resourcerAction.mergeParams(parsedParams);\n }\n\n await next();\n });\n };\n }\n}\n"]}
1
+ {"version":3,"file":"acl.js","sourceRoot":"","sources":["../src/acl.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AACA,oDAAkC;AAClC,8DAAkC;AAClC,oDAA4B;AAC5B,iEAAoF;AACpF,qEAAqG;AACrG,yCAAuD;AACvD,mDAA+C;AAC/C,MAAM,KAAK,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;AAoCxC,MAAa,GAAI,SAAQ,gBAAY;IAanC;QACE,KAAK,EAAE,CAAC;QAbA,qBAAgB,GAAG,IAAI,GAAG,EAA8B,CAAC;QACzD,sBAAiB,GAAG,IAAI,GAAG,EAAgC,CAAC;QAC5D,gBAAW,GAAG,EAAE,CAAC;QAEpB,iBAAY,GAAG,IAAI,4BAAY,CAAC,IAAI,CAAC,CAAC;QAE7C,UAAK,GAAG,IAAI,GAAG,EAAmB,CAAC;QAEnC,gBAAW,GAAG,IAAI,GAAG,EAAkB,CAAC;QAExC,oBAAe,GAAa,EAAE,CAAC;QAK7B,IAAI,CAAC,iBAAiB,CAAC,CAAC,GAAG,EAAE,EAAE;YAC7B,IAAI,gBAAM,CAAC,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,EAAE;gBACtD,GAAG,CAAC,MAAM,GAAG,gBAAM,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,EAAE,kCAAS,CAAC,GAAG,CAAC,CAAC;aACtD;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,iBAAiB,CAAC,CAAC,GAAG,EAAE,EAAE;YAC7B,MAAM,UAAU,GAAG,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;YAE3D,IAAI,gBAAM,CAAC,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE;gBACpC,IAAI,CAAC,UAAU,KAAK,QAAQ,IAAI,UAAU,KAAK,QAAQ,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE;oBAC7E,GAAG,CAAC,MAAM,mCACL,gBAAM,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,KACpC,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,MAAM,GAC7B,CAAC;iBACH;gBAED,IAAI,UAAU,KAAK,MAAM,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE;oBAC9C,MAAM,YAAY,GAAG,CAAC,IAAI,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC;oBACtD,GAAG,CAAC,MAAM,mCACL,gBAAM,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,QAAQ,CAAC,KACpC,MAAM,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,YAAY,CAAC,GAChD,CAAC;iBACH;aACF;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,aAAa,EAAE,CAAC,CAAC;IAC3D,CAAC;IAED,MAAM,CAAC,OAAsB;QAC3B,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;QAC9B,MAAM,IAAI,GAAG,IAAI,kBAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;QAEzC,IAAI,OAAO,CAAC,QAAQ,EAAE;YACpB,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;SAClC;QAED,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,EAAE,CAAC;QAEtC,KAAK,MAAM,CAAC,UAAU,EAAE,YAAY,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;YAChE,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;SAC5C;QAED,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;QAE/B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,CAAC,IAAY;QAClB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC9B,CAAC;IAED,UAAU,CAAC,IAAY;QACrB,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACjC,CAAC;IAED,uBAAuB,CAAC,KAAe;QACrC,KAAK,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC;IAC7D,CAAC;IAED,sBAAsB,CAAC,IAAY;QACjC,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;IAED,gBAAgB,CAAC,IAAY;QAC3B,OAAO,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IAC7C,CAAC;IAED,kBAAkB,CAAC,IAAY,EAAE,OAA+B;QAC9D,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,yCAAkB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC;QAEvE,IAAI,OAAO,CAAC,OAAO,EAAE;YACnB,MAAM,OAAO,GAAG,gBAAM,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;YACtF,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE;gBAC3B,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;aACnC;SACF;IACH,CAAC;IAED,kBAAkB,CAAC,IAAY;QAC7B,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC;QACtD,OAAO,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC/C,CAAC;IAED,mBAAmB;QACjB,OAAO,IAAI,CAAC,gBAAgB,CAAC;IAC/B,CAAC;IAED,oBAAoB,CAAC,IAAY,EAAE,OAA8C;QAC/E,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,IAAI,EAAE,IAAI,6CAAoB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC;IAC5E,CAAC;IAED,iBAAiB,CAAC,QAAmB;QACnC,IAAI,CAAC,WAAW,CAAC,mBAAmB,EAAE,QAAQ,CAAC,CAAC;IAClD,CAAC;IAED,GAAG,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAW;QACrC,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAErC,IAAI,CAAC,OAAO,EAAE;YACZ,OAAO,IAAI,CAAC;SACb;QAED,MAAM,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QAElD,IAAI,WAAW,EAAE;YACf,MAAM,YAAY,GAAG,WAAW,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YAEnD,IAAI,YAAY,EAAE;gBAChB,8BAA8B;gBAC9B,OAAO;oBACL,IAAI;oBACJ,QAAQ;oBACR,MAAM;oBACN,MAAM,EAAE,YAAY;iBACrB,CAAC;aACH;iBAAM;gBACL,OAAO,IAAI,CAAC;aACb;SACF;QAED,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE;YACrB,OAAO,IAAI,CAAC;SACb;QAED,MAAM,YAAY,GAAG,gBAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,CAAC;YACpD,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC;YAC9C,CAAC,CAAC,IAAI,6CAAoB,CAAC,IAAI,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;QAErD,IAAI,CAAC,YAAY,EAAE;YACjB,OAAO,IAAI,CAAC;SACb;QAED,MAAM,kBAAkB,GAAG,YAAY,CAAC,KAAK,CAAC,QAAQ,EAAE,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC;QAEzF,IAAI,kBAAkB,EAAE;YACtB,MAAM,MAAM,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;YAE1C,IAAI,gBAAM,CAAC,aAAa,CAAC,kBAAkB,CAAC,EAAE;gBAC5C,MAAM,CAAC,QAAQ,CAAC,GAAG,kBAAkB,CAAC;aACvC;YAED,OAAO,MAAM,CAAC;SACf;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAES,iBAAiB,CAAC,UAAkB;QAC5C,OAAO,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC,CAAC;IACxE,CAAC;IAEM,kBAAkB,CAAC,MAAc;QACtC,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;IAC9E,CAAC;IAED,GAAG,CAAC,EAAO;QACT,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC5B,CAAC;IAED,KAAK,CAAC,YAAoB,EAAE,WAA8B,EAAE,SAAe;QACzE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE;YAC/B,WAAW,GAAG,CAAC,WAAW,CAAC,CAAC;SAC7B;QAED,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE;YACpC,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,YAAY,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC;SAC9D;IACH,CAAC;IAED,iBAAiB,CAAC,IAAS,EAAE,GAAQ;QACnC,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC;YACjB,GAAG,EAAE;gBACH,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;aAC7C;SACF,CAAC,CAAC;IACL,CAAC;IAED,UAAU;QACR,MAAM,GAAG,GAAG,IAAI,CAAC;QAEjB,MAAM,YAAY,GAAG,CAAC,GAAG,EAAE,YAAY,EAAE,MAAM,EAAE,EAAE;;YACjD,IAAI,MAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,MAAM,0CAAE,WAAW,EAAE;gBAC/B,MAAM,UAAU,GAAG,GAAG,CAAC,EAAE,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;gBACtD,IAAI,UAAU,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE;oBACrD,OAAO,gBAAM,CAAC,IAAI,CAAC,MAAM,EAAE,oBAAoB,CAAC,CAAC;iBAClD;aACF;YAED,OAAO,MAAM,CAAC;QAChB,CAAC,CAAC;QAEF,OAAO,SAAe,aAAa,CAAC,GAAG,EAAE,IAAI;;gBAC3C,MAAM,QAAQ,GAAG,GAAG,CAAC,KAAK,CAAC,WAAW,IAAI,WAAW,CAAC;gBACtD,MAAM,EAAE,YAAY,EAAE,UAAU,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;gBAEhD,MAAM,eAAe,GAAW,GAAG,CAAC,MAAM,CAAC;gBAE3C,GAAG,CAAC,GAAG,GAAG,CAAC,OAA8B,EAAE,EAAE;oBAC3C,OAAO,GAAG,CAAC,GAAG,iBAAG,IAAI,EAAE,QAAQ,IAAK,OAAO,EAAG,CAAC;gBACjD,CAAC,CAAC;gBAEF,GAAG,CAAC,UAAU,GAAG;oBACf,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC;iBAC7D,CAAC;gBAEF,OAAO,IAAA,qBAAO,EAAC,GAAG,CAAC,WAAW,CAAC,CAAC,GAAG,EAAE,GAAS,EAAE;oBAC9C,MAAM,UAAU,GAAG,GAAG,CAAC,UAAU,CAAC;oBAElC,IAAI,UAAU,CAAC,IAAI,EAAE;wBACnB,OAAO,IAAI,EAAE,CAAC;qBACf;oBAED,IAAI,CAAC,UAAU,CAAC,GAAG,IAAI,OAAO,UAAU,CAAC,GAAG,KAAK,QAAQ,EAAE;wBACzD,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC;wBACjC,OAAO;qBACR;oBAED,MAAM,EAAE,MAAM,EAAE,GAAG,UAAU,CAAC,GAAG,CAAC;oBAElC,IAAI,MAAM,EAAE;wBACV,MAAM,cAAc,GAAG,YAAY,CAAC,GAAG,EAAE,YAAY,EAAE,MAAM,CAAC,CAAC;wBAC/D,MAAM,YAAY,GAAG,GAAG,CAAC,iBAAiB,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC;wBAChE,eAAe,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;qBAC3C;oBAED,MAAM,IAAI,EAAE,CAAC;gBACf,CAAC,CAAA,CAAC,CAAC;YACL,CAAC;SAAA,CAAC;IACJ,CAAC;CACF;AAvPD,kBAuPC","sourcesContent":["import { Action } from '@nocobase/resourcer';\nimport EventEmitter from 'events';\nimport compose from 'koa-compose';\nimport lodash from 'lodash';\nimport { AclAvailableAction, AvailableActionOptions } from './acl-available-action';\nimport { ACLAvailableStrategy, AvailableStrategyOptions, predicate } from './acl-available-strategy';\nimport { ACLRole, RoleActionParams } from './acl-role';\nimport { AllowManager } from './allow-manager';\nconst parse = require('json-templates');\n\ninterface CanResult {\n role: string;\n resource: string;\n action: string;\n params?: any;\n}\n\nexport interface DefineOptions {\n role: string;\n allowConfigure?: boolean;\n strategy?: string | Omit<AvailableStrategyOptions, 'acl'>;\n actions?: {\n [key: string]: RoleActionParams;\n };\n routes?: any;\n}\n\nexport interface ListenerContext {\n acl: ACL;\n role: ACLRole;\n path: string;\n actionName: string;\n resourceName: string;\n params: RoleActionParams;\n}\n\ntype Listener = (ctx: ListenerContext) => void;\n\ninterface CanArgs {\n role: string;\n resource: string;\n action: string;\n}\n\nexport class ACL extends EventEmitter {\n protected availableActions = new Map<string, AclAvailableAction>();\n protected availableStrategy = new Map<string, ACLAvailableStrategy>();\n protected middlewares = [];\n\n public allowManager = new AllowManager(this);\n\n roles = new Map<string, ACLRole>();\n\n actionAlias = new Map<string, string>();\n\n configResources: string[] = [];\n\n constructor() {\n super();\n\n this.beforeGrantAction((ctx) => {\n if (lodash.isPlainObject(ctx.params) && ctx.params.own) {\n ctx.params = lodash.merge(ctx.params, predicate.own);\n }\n });\n\n this.beforeGrantAction((ctx) => {\n const actionName = this.resolveActionAlias(ctx.actionName);\n\n if (lodash.isPlainObject(ctx.params)) {\n if ((actionName === 'create' || actionName === 'update') && ctx.params.fields) {\n ctx.params = {\n ...lodash.omit(ctx.params, 'fields'),\n whitelist: ctx.params.fields,\n };\n }\n\n if (actionName === 'view' && ctx.params.fields) {\n const appendFields = ['id', 'createdAt', 'updatedAt'];\n ctx.params = {\n ...lodash.omit(ctx.params, 'fields'),\n fields: [...ctx.params.fields, ...appendFields],\n };\n }\n }\n });\n\n this.middlewares.push(this.allowManager.aclMiddleware());\n }\n\n define(options: DefineOptions): ACLRole {\n const roleName = options.role;\n const role = new ACLRole(this, roleName);\n\n if (options.strategy) {\n role.strategy = options.strategy;\n }\n\n const actions = options.actions || {};\n\n for (const [actionName, actionParams] of Object.entries(actions)) {\n role.grantAction(actionName, actionParams);\n }\n\n this.roles.set(roleName, role);\n\n return role;\n }\n\n getRole(name: string): ACLRole {\n return this.roles.get(name);\n }\n\n removeRole(name: string) {\n return this.roles.delete(name);\n }\n\n registerConfigResources(names: string[]) {\n names.forEach((name) => this.registerConfigResource(name));\n }\n\n registerConfigResource(name: string) {\n this.configResources.push(name);\n }\n\n isConfigResource(name: string) {\n return this.configResources.includes(name);\n }\n\n setAvailableAction(name: string, options: AvailableActionOptions) {\n this.availableActions.set(name, new AclAvailableAction(name, options));\n\n if (options.aliases) {\n const aliases = lodash.isArray(options.aliases) ? options.aliases : [options.aliases];\n for (const alias of aliases) {\n this.actionAlias.set(alias, name);\n }\n }\n }\n\n getAvailableAction(name: string) {\n const actionName = this.actionAlias.get(name) || name;\n return this.availableActions.get(actionName);\n }\n\n getAvailableActions() {\n return this.availableActions;\n }\n\n setAvailableStrategy(name: string, options: Omit<AvailableStrategyOptions, 'acl'>) {\n this.availableStrategy.set(name, new ACLAvailableStrategy(this, options));\n }\n\n beforeGrantAction(listener?: Listener) {\n this.addListener('beforeGrantAction', listener);\n }\n\n can({ role, resource, action }: CanArgs): CanResult | null {\n const aclRole = this.roles.get(role);\n\n if (!aclRole) {\n return null;\n }\n\n const aclResource = aclRole.getResource(resource);\n\n if (aclResource) {\n const actionParams = aclResource.getAction(action);\n\n if (actionParams) {\n // handle single action config\n return {\n role,\n resource,\n action,\n params: actionParams,\n };\n } else {\n return null;\n }\n }\n\n if (!aclRole.strategy) {\n return null;\n }\n\n const roleStrategy = lodash.isString(aclRole.strategy)\n ? this.availableStrategy.get(aclRole.strategy)\n : new ACLAvailableStrategy(this, aclRole.strategy);\n\n if (!roleStrategy) {\n return null;\n }\n\n const roleStrategyParams = roleStrategy.allow(resource, this.resolveActionAlias(action));\n\n if (roleStrategyParams) {\n const result = { role, resource, action };\n\n if (lodash.isPlainObject(roleStrategyParams)) {\n result['params'] = roleStrategyParams;\n }\n\n return result;\n }\n\n return null;\n }\n\n protected isAvailableAction(actionName: string) {\n return this.availableActions.has(this.resolveActionAlias(actionName));\n }\n\n public resolveActionAlias(action: string) {\n return this.actionAlias.get(action) ? this.actionAlias.get(action) : action;\n }\n\n use(fn: any) {\n this.middlewares.push(fn);\n }\n\n allow(resourceName: string, actionNames: string[] | string, condition?: any) {\n if (!Array.isArray(actionNames)) {\n actionNames = [actionNames];\n }\n\n for (const actionName of actionNames) {\n this.allowManager.allow(resourceName, actionName, condition);\n }\n }\n\n parseJsonTemplate(json: any, ctx: any) {\n return parse(json)({\n ctx: {\n state: JSON.parse(JSON.stringify(ctx.state)),\n },\n });\n }\n\n middleware() {\n const acl = this;\n\n const filterParams = (ctx, resourceName, params) => {\n if (params?.filter?.createdById) {\n const collection = ctx.db.getCollection(resourceName);\n if (collection && !collection.getField('createdById')) {\n return lodash.omit(params, 'filter.createdById');\n }\n }\n\n return params;\n };\n\n return async function ACLMiddleware(ctx, next) {\n const roleName = ctx.state.currentRole || 'anonymous';\n const { resourceName, actionName } = ctx.action;\n\n const resourcerAction: Action = ctx.action;\n\n ctx.can = (options: Omit<CanArgs, 'role'>) => {\n return acl.can({ role: roleName, ...options });\n };\n\n ctx.permission = {\n can: ctx.can({ resource: resourceName, action: actionName }),\n };\n\n return compose(acl.middlewares)(ctx, async () => {\n const permission = ctx.permission;\n\n if (permission.skip) {\n return next();\n }\n\n if (!permission.can || typeof permission.can !== 'object') {\n ctx.throw(403, 'No permissions');\n return;\n }\n\n const { params } = permission.can;\n\n if (params) {\n const filteredParams = filterParams(ctx, resourceName, params);\n const parsedParams = acl.parseJsonTemplate(filteredParams, ctx);\n resourcerAction.mergeParams(parsedParams);\n }\n\n await next();\n });\n };\n }\n}\n"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@nocobase/acl",
3
- "version": "0.7.0-alpha.3",
3
+ "version": "0.7.0-alpha.32",
4
4
  "description": "",
5
5
  "license": "Apache-2.0",
6
6
  "licenses": [
@@ -17,7 +17,7 @@
17
17
  "build:esm": "tsc --project tsconfig.build.json --module es2015 --outDir esm"
18
18
  },
19
19
  "dependencies": {
20
- "@nocobase/resourcer": "0.7.0-alpha.3",
20
+ "@nocobase/resourcer": "0.7.0-alpha.32",
21
21
  "json-templates": "^4.2.0"
22
22
  },
23
23
  "repository": {
@@ -25,5 +25,5 @@
25
25
  "url": "git+https://github.com/nocobase/nocobase.git",
26
26
  "directory": "packages/acl"
27
27
  },
28
- "gitHead": "b12507f6e4bcb5f1fd8285670a43fb3807d90ea0"
28
+ "gitHead": "fbe14de5c02aeaa460d143245abf317c4ff2e3a9"
29
29
  }