@nocobase/acl 1.0.0-alpha.8 → 1.0.1-alpha.1

package/lib/acl.d.ts

@@ -75,7 +75,12 @@ export declare class ACL extends EventEmitter {
     protected availableActions: Map<string, ACLAvailableAction>;
     protected fixedParamsManager: FixedParamsManager;
     protected middlewares: Toposort<any>;
+    protected strategyResources: Set<string> | null;
     constructor();
+    setStrategyResources(resources: Array<string> | null): void;
+    getStrategyResources(): string[];
+    appendStrategyResource(resource: string): void;
+    removeStrategyResource(resource: string): void;
     define(options: DefineOptions): ACLRole;
     getRole(name: string): ACLRole;
     removeRole(name: string): boolean;

package/lib/acl.js

@@ -50,6 +50,7 @@ var import_acl_role = require("./acl-role");
 var import_allow_manager = require("./allow-manager");
 var import_fixed_params_manager = __toESM(require("./fixed-params-manager"));
 var import_snippet_manager = __toESM(require("./snippet-manager"));
+var import_no_permission_error = require("./errors/no-permission-error");
 const _ACL = class _ACL extends import_events.default {
   /**
    * @internal
@@ -74,6 +75,7 @@ const _ACL = class _ACL extends import_events.default {
   availableActions = /* @__PURE__ */ new Map();
   fixedParamsManager = new import_fixed_params_manager.default();
   middlewares;
+  strategyResources = null;
   constructor() {
     super();
     this.middlewares = new import_utils.Toposort();
@@ -99,6 +101,21 @@ const _ACL = class _ACL extends import_events.default {
     });
     this.addCoreMiddleware();
   }
+  setStrategyResources(resources) {
+    this.strategyResources = new Set(resources);
+  }
+  getStrategyResources() {
+    return this.strategyResources ? [...this.strategyResources] : null;
+  }
+  appendStrategyResource(resource) {
+    if (!this.strategyResources) {
+      this.strategyResources = /* @__PURE__ */ new Set();
+    }
+    this.strategyResources.add(resource);
+  }
+  removeStrategyResource(resource) {
+    this.strategyResources.delete(resource);
+  }
   define(options) {
     const roleName = options.role;
     const role = new import_acl_role.ACLRole(this, roleName);
@@ -177,7 +194,10 @@ const _ACL = class _ACL extends import_events.default {
     if (!roleStrategy && !snippetAllowed) {
       return null;
     }
-    let roleStrategyParams = roleStrategy == null ? void 0 : roleStrategy.allow(resource, this.resolveActionAlias(action));
+    let roleStrategyParams;
+    if (this.strategyResources === null || this.strategyResources.has(resource)) {
+      roleStrategyParams = roleStrategy == null ? void 0 : roleStrategy.allow(resource, this.resolveActionAlias(action));
+    }
     if (!roleStrategyParams && snippetAllowed) {
       roleStrategyParams = {};
     }
@@ -313,7 +333,7 @@ const _ACL = class _ACL extends import_events.default {
     if ((_a = params == null ? void 0 : params.filter) == null ? void 0 : _a.createdById) {
       const collection = ctx.db.getCollection(resourceName);
       if (!collection || !collection.getField("createdById")) {
-        return import_lodash.default.omit(params, "filter.createdById");
+        throw new import_no_permission_error.NoPermissionError("createdById field not found");
       }
     }
     return params;
@@ -333,24 +353,32 @@ const _ACL = class _ACL extends import_events.default {
         }
         const params = ((_b = permission.can) == null ? void 0 : _b.params) || acl.fixedParamsManager.getParams(resourceName, actionName);
         ((_c = ctx.log) == null ? void 0 : _c.debug) && ctx.log.debug("acl params", params);
-        if (params && resourcerAction.mergeParams) {
-          const filteredParams = acl.filterParams(ctx, resourceName, params);
-          const parsedParams = await acl.parseJsonTemplate(filteredParams, ctx);
-          ctx.permission.parsedParams = parsedParams;
-          ((_d = ctx.log) == null ? void 0 : _d.debug) && ctx.log.debug("acl parsedParams", parsedParams);
-          ctx.permission.rawParams = import_lodash.default.cloneDeep(resourcerAction.params);
-          resourcerAction.mergeParams(parsedParams, {
-            appends: (x, y) => {
-              if (!x) {
-                return [];
-              }
-              if (!y) {
-                return x;
+        try {
+          if (params && resourcerAction.mergeParams) {
+            const filteredParams = acl.filterParams(ctx, resourceName, params);
+            const parsedParams = await acl.parseJsonTemplate(filteredParams, ctx);
+            ctx.permission.parsedParams = parsedParams;
+            ((_d = ctx.log) == null ? void 0 : _d.debug) && ctx.log.debug("acl parsedParams", parsedParams);
+            ctx.permission.rawParams = import_lodash.default.cloneDeep(resourcerAction.params);
+            resourcerAction.mergeParams(parsedParams, {
+              appends: (x, y) => {
+                if (!x) {
+                  return [];
+                }
+                if (!y) {
+                  return x;
+                }
+                return x.filter((i) => y.includes(i.split(".").shift()));
               }
-              return x.filter((i) => y.includes(i.split(".").shift()));
-            }
-          });
-          ctx.permission.mergedParams = import_lodash.default.cloneDeep(resourcerAction.params);
+            });
+            ctx.permission.mergedParams = import_lodash.default.cloneDeep(resourcerAction.params);
+          }
+        } catch (e) {
+          if (e instanceof import_no_permission_error.NoPermissionError) {
+            ctx.throw(403, "No permissions");
+            return;
+          }
+          throw e;
         }
         await next();
       },

package/lib/errors/index.d.ts

@@ -0,0 +1,9 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+export * from './no-permission-error';

package/lib/errors/index.js

@@ -0,0 +1,30 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default"));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var errors_exports = {};
+module.exports = __toCommonJS(errors_exports);
+__reExport(errors_exports, require("./no-permission-error"), module.exports);
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  ...require("./no-permission-error")
+});

package/lib/errors/no-permission-error.d.ts

@@ -0,0 +1,10 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+export declare class NoPermissionError extends Error {
+}

package/lib/errors/no-permission-error.js

@@ -0,0 +1,40 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var no_permission_error_exports = {};
+__export(no_permission_error_exports, {
+  NoPermissionError: () => NoPermissionError
+});
+module.exports = __toCommonJS(no_permission_error_exports);
+const _NoPermissionError = class _NoPermissionError extends Error {
+};
+__name(_NoPermissionError, "NoPermissionError");
+let NoPermissionError = _NoPermissionError;
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  NoPermissionError
+});

package/lib/index.d.ts

@@ -12,3 +12,4 @@ export * from './acl-available-strategy';
 export * from './acl-resource';
 export * from './acl-role';
 export * from './skip-middleware';
+export * from './errors';

package/lib/index.js

@@ -29,6 +29,7 @@ __reExport(src_exports, require("./acl-available-strategy"), module.exports);
 __reExport(src_exports, require("./acl-resource"), module.exports);
 __reExport(src_exports, require("./acl-role"), module.exports);
 __reExport(src_exports, require("./skip-middleware"), module.exports);
+__reExport(src_exports, require("./errors"), module.exports);
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   ...require("./acl"),
@@ -36,5 +37,6 @@ __reExport(src_exports, require("./skip-middleware"), module.exports);
   ...require("./acl-available-strategy"),
   ...require("./acl-resource"),
   ...require("./acl-role"),
-  ...require("./skip-middleware")
+  ...require("./skip-middleware"),
+  ...require("./errors")
 });

package/lib/snippet-manager.js

@@ -52,6 +52,10 @@ let Snippet = _Snippet;
 const _SnippetManager = class _SnippetManager {
   snippets = /* @__PURE__ */ new Map();
   register(snippet) {
+    snippet.name = snippet.name.replace(".*", "");
+    if (snippet.name.includes("*") || snippet.name.endsWith(".")) {
+      throw new Error(`Invalid snippet name: ${snippet.name}, name should not include * or end with dot.`);
+    }
     this.snippets.set(snippet.name, snippet);
   }
   allow(actionPath, snippetName) {

package/package.json

@@ -1,13 +1,13 @@
 {
   "name": "@nocobase/acl",
-  "version": "1.0.0-alpha.8",
+  "version": "1.0.1-alpha.1",
   "description": "",
   "license": "AGPL-3.0",
   "main": "./lib/index.js",
   "types": "./lib/index.d.ts",
   "dependencies": {
-    "@nocobase/resourcer": "1.0.0-alpha.8",
-    "@nocobase/utils": "1.0.0-alpha.8",
+    "@nocobase/resourcer": "1.0.1-alpha.1",
+    "@nocobase/utils": "1.0.1-alpha.1",
     "minimatch": "^5.1.1"
   },
   "repository": {
@@ -15,5 +15,5 @@
     "url": "git+https://github.com/nocobase/nocobase.git",
     "directory": "packages/acl"
   },
-  "gitHead": "3c4e978f6fc366c01621c9d625678e91f53f8662"
+  "gitHead": "d24aa16987a4068f857ae073fcce18f3cb490660"
 }