@nocobase/acl 2.0.0-alpha.7 → 2.0.0-alpha.71

package/lib/acl.d.ts

@@ -13,9 +13,9 @@ import { ACLAvailableAction, AvailableActionOptions } from './acl-available-acti
 import { ACLAvailableStrategy, AvailableStrategyOptions } from './acl-available-strategy';
 import { ACLRole, ResourceActionsOptions, RoleActionParams } from './acl-role';
 import { AllowManager, ConditionFunc } from './allow-manager';
-import FixedParamsManager, { Merger } from './fixed-params-manager';
+import FixedParamsManager, { Merger, GeneralMerger } from './fixed-params-manager';
 import SnippetManager, { SnippetOptions } from './snippet-manager';
-interface CanResult {
+export interface CanResult {
     role: string;
     resource: string;
     action: string;
@@ -113,6 +113,7 @@ export declare class ACL extends EventEmitter {
      * @internal
      */
     getActionParams(ctx: any): Promise<void>;
+    addGeneralFixedParams(merger: GeneralMerger): void;
     addFixedParams(resource: string, action: string, merger: Merger): void;
     registerSnippet(snippet: SnippetOptions): void;
     /**

package/lib/acl.js

@@ -48,9 +48,9 @@ var import_acl_available_action = require("./acl-available-action");
 var import_acl_available_strategy = require("./acl-available-strategy");
 var import_acl_role = require("./acl-role");
 var import_allow_manager = require("./allow-manager");
+var import_no_permission_error = require("./errors/no-permission-error");
 var import_fixed_params_manager = __toESM(require("./fixed-params-manager"));
 var import_snippet_manager = __toESM(require("./snippet-manager"));
-var import_no_permission_error = require("./errors/no-permission-error");
 var import_utils2 = require("./utils");
 const _ACL = class _ACL extends import_events.default {
   /**
@@ -196,6 +196,13 @@ const _ACL = class _ACL extends import_events.default {
     if (!aclRole) {
       return null;
     }
+    if (role === "root") {
+      return {
+        resource,
+        action,
+        role
+      };
+    }
     const actionPath = `${rawResourceName ? rawResourceName : resource}:${action}`;
     const snippetAllowed = aclRole.snippetAllowed(actionPath);
     const fixedParams = this.fixedParamsManager.getParams(rawResourceName ? rawResourceName : resource, action);
@@ -262,6 +269,9 @@ const _ACL = class _ACL extends import_events.default {
    * @deprecated
    */
   skip(resourceName, actionNames, condition) {
+    if (!condition) {
+      condition = "public";
+    }
     if (!Array.isArray(actionNames)) {
       actionNames = [actionNames];
     }
@@ -297,6 +307,7 @@ const _ACL = class _ACL extends import_events.default {
   middleware() {
     const acl = this;
     return /* @__PURE__ */ __name(async function ACLMiddleware(ctx, next) {
+      ctx.acl = acl;
       const roleName = ctx.state.currentRole || "anonymous";
       const { resourceName: rawResourceName, actionName } = ctx.action;
       let resourceName = rawResourceName;
@@ -357,6 +368,9 @@ const _ACL = class _ACL extends import_events.default {
     await (0, import_koa_compose.default)(this.middlewares.nodes)(ctx, async () => {
     });
   }
+  addGeneralFixedParams(merger) {
+    this.fixedParamsManager.addGeneralParams(merger);
+  }
   addFixedParams(resource, action, merger) {
     this.fixedParamsManager.addParams(resource, action, merger);
   }
@@ -464,9 +478,11 @@ const _ACL = class _ACL extends import_events.default {
 __name(_ACL, "ACL");
 let ACL = _ACL;
 function getUser(ctx) {
+  const dataSource = ctx.app.dataSourceManager.dataSources.get("main");
+  const db = dataSource.collectionManager.db;
   return async ({ fields }) => {
     var _a, _b;
-    const userFields = fields.filter((f) => f && ctx.db.getFieldByPath("users." + f));
+    const userFields = fields.filter((f) => f && db.getFieldByPath("users." + f));
     (_a = ctx.logger) == null ? void 0 : _a.info("filter-parse: ", { userFields });
     if (!ctx.state.currentUser) {
       return;
@@ -474,7 +490,7 @@ function getUser(ctx) {
     if (!userFields.length) {
       return;
     }
-    const user = await ctx.db.getRepository("users").findOne({
+    const user = await db.getRepository("users").findOne({
       filterByTk: ctx.state.currentUser.id,
       fields: userFields
     });

package/lib/allow-manager.d.ts

@@ -12,10 +12,12 @@ export declare class AllowManager {
     acl: ACL;
     protected skipActions: Map<string, Map<string, string | true | ConditionFunc>>;
     protected registeredCondition: Map<string, ConditionFunc>;
+    isPublicCondition: () => boolean;
     constructor(acl: ACL);
     allow(resourceName: string, actionName: string, condition?: string | ConditionFunc): void;
     getAllowedConditions(resourceName: string, actionName: string): Array<ConditionFunc | true>;
     registerAllowCondition(name: string, condition: ConditionFunc): void;
+    isPublic(resourceName: string, actionName: string, ctx: any): Promise<boolean>;
     isAllowed(resourceName: string, actionName: string, ctx: any): Promise<boolean>;
     aclMiddleware(): (ctx: any, next: any) => Promise<void>;
 }

package/lib/allow-manager.js

@@ -36,9 +36,7 @@ const _AllowManager = class _AllowManager {
     this.registerAllowCondition("loggedIn", (ctx) => {
       return ctx.state.currentUser;
     });
-    this.registerAllowCondition("public", (ctx) => {
-      return true;
-    });
+    this.registerAllowCondition("public", this.isPublicCondition);
     this.registerAllowCondition("allowConfigure", async (ctx) => {
       var _a;
       const roleName = ctx.state.currentRole;
@@ -54,6 +52,9 @@ const _AllowManager = class _AllowManager {
   }
   skipActions = /* @__PURE__ */ new Map();
   registeredCondition = /* @__PURE__ */ new Map();
+  isPublicCondition = /* @__PURE__ */ __name(() => {
+    return true;
+  }, "isPublicCondition");
   allow(resourceName, actionName, condition) {
     const actionMap = this.skipActions.get(resourceName) || /* @__PURE__ */ new Map();
     actionMap.set(actionName, condition || true);
@@ -78,6 +79,15 @@ const _AllowManager = class _AllowManager {
   registerAllowCondition(name, condition) {
     this.registeredCondition.set(name, condition);
   }
+  async isPublic(resourceName, actionName, ctx) {
+    const skippedConditions = this.getAllowedConditions(resourceName, actionName);
+    for (const skippedCondition of skippedConditions) {
+      if (skippedCondition === this.isPublicCondition) {
+        return true;
+      }
+    }
+    return false;
+  }
   async isAllowed(resourceName, actionName, ctx) {
     const skippedConditions = this.getAllowedConditions(resourceName, actionName);
     for (const skippedCondition of skippedConditions) {

package/lib/fixed-params-manager.d.ts

@@ -7,10 +7,13 @@
  * For more information, please refer to: https://www.nocobase.com/agreement.
  */
 export type Merger = () => object;
+export type GeneralMerger = (resource: string, action: string) => object;
 export type ActionPath = string;
 export default class FixedParamsManager {
     merger: Map<string, Merger[]>;
+    generalMergers: Array<GeneralMerger>;
     addParams(resource: string, action: string, merger: Merger): void;
+    addGeneralParams(merger: GeneralMerger): void;
     getParamsMerger(resource: string, action: string): Merger[];
     protected getActionPath(resource: string, action: string): string;
     getParams(resource: string, action: string, extraParams?: any): {};

package/lib/fixed-params-manager.js

@@ -34,10 +34,14 @@ var import_utils = require("@nocobase/utils");
 const SPLIT = ":";
 const _FixedParamsManager = class _FixedParamsManager {
   merger = /* @__PURE__ */ new Map();
+  generalMergers = [];
   addParams(resource, action, merger) {
     const path = this.getActionPath(resource, action);
     this.merger.set(path, [...this.getParamsMerger(resource, action), merger]);
   }
+  addGeneralParams(merger) {
+    this.generalMergers.push(merger);
+  }
   getParamsMerger(resource, action) {
     const path = this.getActionPath(resource, action);
     return this.merger.get(path) || [];
@@ -47,6 +51,9 @@ const _FixedParamsManager = class _FixedParamsManager {
   }
   getParams(resource, action, extraParams = {}) {
     const results = {};
+    for (const merger of this.generalMergers) {
+      _FixedParamsManager.mergeParams(results, merger(resource, action));
+    }
     for (const merger of this.getParamsMerger(resource, action)) {
       _FixedParamsManager.mergeParams(results, merger());
     }

package/lib/snippet-manager.js

@@ -56,7 +56,12 @@ const _SnippetManager = class _SnippetManager {
     if (snippet.name.includes("*") || snippet.name.endsWith(".")) {
       throw new Error(`Invalid snippet name: ${snippet.name}, name should not include * or end with dot.`);
     }
-    this.snippets.set(snippet.name, snippet);
+    const existed = this.snippets.get(snippet.name);
+    if (existed) {
+      existed.actions = Array.from(/* @__PURE__ */ new Set([...existed.actions, ...snippet.actions]));
+    } else {
+      this.snippets.set(snippet.name, snippet);
+    }
   }
   allow(actionPath, snippetName) {
     const negated = snippetName.startsWith("!");

package/package.json

@@ -1,13 +1,13 @@
 {
   "name": "@nocobase/acl",
-  "version": "2.0.0-alpha.7",
+  "version": "2.0.0-alpha.71",
   "description": "",
   "license": "AGPL-3.0",
   "main": "./lib/index.js",
   "types": "./lib/index.d.ts",
   "dependencies": {
-    "@nocobase/resourcer": "2.0.0-alpha.7",
-    "@nocobase/utils": "2.0.0-alpha.7",
+    "@nocobase/resourcer": "2.0.0-alpha.71",
+    "@nocobase/utils": "2.0.0-alpha.71",
     "minimatch": "^5.1.1"
   },
   "repository": {
@@ -15,5 +15,5 @@
     "url": "git+https://github.com/nocobase/nocobase.git",
     "directory": "packages/acl"
   },
-  "gitHead": "cb012f93256f534472d3ae56e075839ca1675779"
+  "gitHead": "b6fc484eb698fa12fba02dd468a04e39079b1e79"
 }