@nocobase/acl 2.1.0-alpha.1 → 2.1.0-alpha.10

package/README.md

@@ -1,17 +1,24 @@
 # NocoBase
 
 <video width="100%" controls>
-      <source src="https://static-docs.nocobase.com/NocoBase0510.mp4" type="video/mp4">
+  <source src="https://github.com/user-attachments/assets/4d11a87b-00e2-48f3-9bf7-389d21072d13" type="video/mp4">
 </video>
 
+<p align="center">
+<a href="https://trendshift.io/repositories/4112" target="_blank"><img src="https://trendshift.io/api/badge/repositories/4112" alt="nocobase%2Fnocobase | Trendshift" style="width: 250px; height: 55px;" width="250" height="55"/></a>
+<a href="https://www.producthunt.com/posts/nocobase?embed=true&utm_source=badge-top-post-topic-badge&utm_medium=badge&utm_souce=badge-nocobase" target="_blank"><img src="https://api.producthunt.com/widgets/embed-image/v1/top-post-topic-badge.svg?post_id=456520&theme=light&period=weekly&topic_id=267" alt="NocoBase - Scalability&#0045;first&#0044;&#0032;open&#0045;source&#0032;no&#0045;code&#0032;platform | Product Hunt" style="width: 250px; height: 54px;" width="250" height="54" /></a>
+</p>
 
 ## What is NocoBase
 
-NocoBase is a scalability-first, open-source no-code development platform.  
-Instead of investing years of time and millions of dollars in research and development, deploy NocoBase in a few minutes and you'll have a private, controllable, and extremely scalable no-code development platform!
+NocoBase is the most extensible AI-powered no-code platform.   
+Total control. Infinite extensibility. AI collaboration.  
+Enable your team to adapt quickly and cut costs dramatically.  
+No years of development. No millions wasted.  
+Deploy NocoBase in minutes — and take control of everything.
 
 Homepage:  
-https://www.nocobase.com/
+https://www.nocobase.com/  
 
 Online Demo:  
 https://demo.nocobase.com/new
@@ -19,12 +26,74 @@ https://demo.nocobase.com/new
 Documents:  
 https://docs.nocobase.com/
 
-Commericial license & plugins:  
-https://www.nocobase.com/en/commercial
+Forum:  
+https://forum.nocobase.com/
 
-License agreement:   
-https://www.nocobase.com/en/agreement
+Use Cases:  
+https://www.nocobase.com/en/blog/tags/customer-stories
 
+## Release Notes
 
-## Contact Us:  
-hello@nocobase.com
+Our [blog](https://www.nocobase.com/en/blog/timeline) is regularly updated with release notes and provides a weekly summary.
+
+## Distinctive features
+
+### 1. Data model-driven, not form/table–driven
+
+Instead of being constrained by forms or tables, NocoBase adopts a data model–driven approach, separating data structure from user interface to unlock unlimited possibilities.
+
+- UI and data structure are fully decoupled
+- Multiple blocks and actions can be created for the same table or record in any quantity or form
+- Supports the main database, external databases, and third-party APIs as data sources
+
+![model](https://static-docs.nocobase.com/model.png)
+
+### 2. AI employees, integrated into your business systems
+Unlike standalone AI demos, NocoBase allows you to embed AI capabilities seamlessly into your interfaces, workflows, and data context, making AI truly useful in real business scenarios.
+
+- Define AI employees for roles such as translator, analyst, researcher, or assistant
+- Seamless AI–human collaboration in interfaces and workflows
+- Ensure AI usage is secure, transparent, and customizable for your business needs
+
+![AI-employee](https://static-docs.nocobase.com/ai-employee-home.png)
+
+### 3. What you see is what you get, incredibly easy to use
+
+While enabling the development of complex business systems, NocoBase keeps the experience simple and intuitive.
+
+- One-click switch between usage mode and configuration mode
+- Pages serve as a canvas to arrange blocks and actions, similar to Notion
+- Configuration mode is designed for ordinary users, not just programmers
+
+![wysiwyg](https://static-docs.nocobase.com/wysiwyg.gif)
+
+### 4. Everything is a plugin, designed for extension
+Adding more no-code features will never cover every business case. NocoBase is built for extension through its plugin-based microkernel architecture.
+
+- All functionalities are plugins, similar to WordPress
+- Plugins are ready to use upon installation
+- Pages, blocks, actions, APIs, and data sources can all be extended through custom plugins
+
+![plugins](https://static-docs.nocobase.com/plugins.png)
+
+## Installation
+
+NocoBase supports three installation methods:
+
+- <a target="_blank" href="https://docs.nocobase.com/welcome/getting-started/installation/docker-compose">Installing With Docker (👍Recommended)</a>
+
+  Suitable for no-code scenarios, no code to write. When upgrading, just download the latest image and reboot.
+
+- <a target="_blank" href="https://docs.nocobase.com/welcome/getting-started/installation/create-nocobase-app">Installing from create-nocobase-app CLI</a>
+
+  The business code of the project is completely independent and supports low-code development.
+
+- <a target="_blank" href="https://docs.nocobase.com/welcome/getting-started/installation/git-clone">Installing from Git source code</a>
+
+  If you want to experience the latest unreleased version, or want to participate in the contribution, you need to make changes and debug on the source code, it is recommended to choose this installation method, which requires a high level of development skills, and if the code has been updated, you can git pull the latest code.
+
+## How NocoBase works
+
+<video width="100%" controls>
+  <source src="https://github.com/user-attachments/assets/8d183b44-9bb5-4792-b08f-bc08fe8dfaaf" type="video/mp4">
+</video>

package/lib/acl.d.ts

@@ -13,9 +13,10 @@ import { ACLAvailableAction, AvailableActionOptions } from './acl-available-acti
 import { ACLAvailableStrategy, AvailableStrategyOptions } from './acl-available-strategy';
 import { ACLRole, ResourceActionsOptions, RoleActionParams } from './acl-role';
 import { AllowManager, ConditionFunc } from './allow-manager';
-import FixedParamsManager, { Merger } from './fixed-params-manager';
+import FixedParamsManager, { Merger, GeneralMerger } from './fixed-params-manager';
 import SnippetManager, { SnippetOptions } from './snippet-manager';
-interface CanResult {
+import Database from '@nocobase/database';
+export interface CanResult {
     role: string;
     resource: string;
     action: string;
@@ -44,6 +45,14 @@ export interface ListenerContext {
     params: RoleActionParams;
 }
 type Listener = (ctx: ListenerContext) => void;
+export type UserProvider = (args: {
+    fields: string[];
+}) => Promise<any>;
+export interface ParseJsonTemplateOptions {
+    timezone?: string;
+    state?: any;
+    userProvider?: UserProvider;
+}
 interface CanArgs {
     role?: string;
     resource: string;
@@ -104,22 +113,28 @@ export declare class ACL extends EventEmitter {
      * @deprecated
      */
     skip(resourceName: string, actionNames: string[] | string, condition?: string | ConditionFunc): void;
-    /**
-     * @internal
-     */
-    parseJsonTemplate(json: any, ctx: any): Promise<any>;
     middleware(): (ctx: any, next: any) => Promise<void>;
     /**
      * @internal
      */
     getActionParams(ctx: any): Promise<void>;
+    addGeneralFixedParams(merger: GeneralMerger): void;
     addFixedParams(resource: string, action: string, merger: Merger): void;
     registerSnippet(snippet: SnippetOptions): void;
-    /**
-     * @internal
-     */
-    filterParams(ctx: any, resourceName: any, params: any): any;
     protected addCoreMiddleware(): void;
     protected isAvailableAction(actionName: string): boolean;
 }
+export declare function createUserProvider(options: {
+    db?: Database;
+    dataSourceManager?: any;
+    currentUser?: any;
+}): UserProvider;
+/**
+ * @internal
+ */
+export declare function parseJsonTemplate(filter: any, options: ParseJsonTemplateOptions): Promise<any>;
+/**
+ * @internal
+ */
+export declare function checkFilterParams(collection: any, filter: any): void;
 export {};

package/lib/acl.js

@@ -37,7 +37,10 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 var acl_exports = {};
 __export(acl_exports, {
-  ACL: () => ACL
+  ACL: () => ACL,
+  checkFilterParams: () => checkFilterParams,
+  createUserProvider: () => createUserProvider,
+  parseJsonTemplate: () => parseJsonTemplate
 });
 module.exports = __toCommonJS(acl_exports);
 var import_utils = require("@nocobase/utils");
@@ -279,31 +282,6 @@ const _ACL = class _ACL extends import_events.default {
       this.allowManager.allow(resourceName, actionName, condition);
     }
   }
-  /**
-   * @internal
-   */
-  async parseJsonTemplate(json, ctx) {
-    var _a, _b, _c, _d, _e;
-    if (json.filter) {
-      (_b = (_a = ctx.logger) == null ? void 0 : _a.info) == null ? void 0 : _b.call(_a, "parseJsonTemplate.raw", JSON.parse(JSON.stringify(json.filter)));
-      const timezone = (_c = ctx == null ? void 0 : ctx.get) == null ? void 0 : _c.call(ctx, "x-timezone");
-      const state = JSON.parse(JSON.stringify(ctx.state));
-      const filter = await (0, import_utils.parseFilter)(json.filter, {
-        timezone,
-        now: (/* @__PURE__ */ new Date()).toISOString(),
-        vars: {
-          ctx: {
-            state
-          },
-          $user: getUser(ctx),
-          $nRole: /* @__PURE__ */ __name(() => state.currentRole, "$nRole")
-        }
-      });
-      json.filter = filter;
-      (_e = (_d = ctx.logger) == null ? void 0 : _d.info) == null ? void 0 : _e.call(_d, "parseJsonTemplate.parsed", filter);
-    }
-    return json;
-  }
   middleware() {
     const acl = this;
     return /* @__PURE__ */ __name(async function ACLMiddleware(ctx, next) {
@@ -368,46 +346,20 @@ const _ACL = class _ACL extends import_events.default {
     await (0, import_koa_compose.default)(this.middlewares.nodes)(ctx, async () => {
     });
   }
+  addGeneralFixedParams(merger) {
+    this.fixedParamsManager.addGeneralParams(merger);
+  }
   addFixedParams(resource, action, merger) {
     this.fixedParamsManager.addParams(resource, action, merger);
   }
   registerSnippet(snippet) {
     this.snippetManager.register(snippet);
   }
-  /**
-   * @internal
-   */
-  filterParams(ctx, resourceName, params) {
-    var _a, _b, _c;
-    if ((_a = params == null ? void 0 : params.filter) == null ? void 0 : _a.createdById) {
-      const collection = ctx.db.getCollection(resourceName);
-      if (!collection || !collection.getField("createdById")) {
-        throw new import_no_permission_error.NoPermissionError("createdById field not found");
-      }
-    }
-    if ((_c = (_b = params == null ? void 0 : params.filter) == null ? void 0 : _b.$or) == null ? void 0 : _c.length) {
-      const checkCreatedById = /* @__PURE__ */ __name((items) => {
-        return items.some(
-          (x) => {
-            var _a2, _b2;
-            return "createdById" in x || ((_a2 = x.$or) == null ? void 0 : _a2.some((y) => "createdById" in y)) || ((_b2 = x.$and) == null ? void 0 : _b2.some((y) => "createdById" in y));
-          }
-        );
-      }, "checkCreatedById");
-      if (checkCreatedById(params.filter.$or)) {
-        const collection = ctx.db.getCollection(resourceName);
-        if (!collection || !collection.getField("createdById")) {
-          throw new import_no_permission_error.NoPermissionError("createdById field not found");
-        }
-      }
-    }
-    return params;
-  }
   addCoreMiddleware() {
     const acl = this;
     this.middlewares.add(
       async (ctx, next) => {
-        var _a, _b, _c, _d;
+        var _a, _b, _c, _d, _e, _f;
         const resourcerAction = ctx.action;
         const { resourceName, actionName } = ctx.permission;
         const permission = ctx.permission;
@@ -420,10 +372,20 @@ const _ACL = class _ACL extends import_events.default {
         ((_c = ctx.log) == null ? void 0 : _c.debug) && ctx.log.debug("acl params", params);
         try {
           if (params && resourcerAction.mergeParams) {
-            const filteredParams = acl.filterParams(ctx, resourceName, params);
-            const parsedParams = await acl.parseJsonTemplate(filteredParams, ctx);
+            const db = ctx.database ?? ctx.db;
+            const collection = (_d = db == null ? void 0 : db.getCollection) == null ? void 0 : _d.call(db, resourceName);
+            checkFilterParams(collection, params == null ? void 0 : params.filter);
+            const parsedFilter = await parseJsonTemplate(params.filter, {
+              state: ctx.state,
+              timezone: getTimezone(ctx),
+              userProvider: createUserProvider({
+                db: ctx.db,
+                currentUser: (_e = ctx.state) == null ? void 0 : _e.currentUser
+              })
+            });
+            const parsedParams = params.filter ? { ...params, filter: parsedFilter ?? params.filter } : params;
             ctx.permission.parsedParams = parsedParams;
-            ((_d = ctx.log) == null ? void 0 : _d.debug) && ctx.log.debug("acl parsedParams", parsedParams);
+            ((_f = ctx.log) == null ? void 0 : _f.debug) && ctx.log.debug("acl parsedParams", parsedParams);
             ctx.permission.rawParams = import_lodash.default.cloneDeep(resourcerAction.params);
             if (parsedParams.appends && resourcerAction.params.fields) {
               for (const queryField of resourcerAction.params.fields) {
@@ -474,31 +436,99 @@ const _ACL = class _ACL extends import_events.default {
 };
 __name(_ACL, "ACL");
 let ACL = _ACL;
-function getUser(ctx) {
-  const dataSource = ctx.app.dataSourceManager.dataSources.get("main");
-  const db = dataSource.collectionManager.db;
+function getTimezone(ctx) {
+  var _a, _b, _c, _d, _e, _f;
+  return ((_b = (_a = ctx == null ? void 0 : ctx.request) == null ? void 0 : _a.get) == null ? void 0 : _b.call(_a, "x-timezone")) ?? ((_d = (_c = ctx == null ? void 0 : ctx.request) == null ? void 0 : _c.header) == null ? void 0 : _d["x-timezone"]) ?? ((_f = (_e = ctx == null ? void 0 : ctx.req) == null ? void 0 : _e.headers) == null ? void 0 : _f["x-timezone"]);
+}
+__name(getTimezone, "getTimezone");
+function createUserProvider(options) {
+  var _a, _b, _c, _d, _e;
+  const db = options.db ?? ((_e = (_d = (_c = (_b = (_a = options.dataSourceManager) == null ? void 0 : _a.dataSources) == null ? void 0 : _b.get) == null ? void 0 : _c.call(_b, "main")) == null ? void 0 : _d.collectionManager) == null ? void 0 : _e.db);
+  const currentUser = options.currentUser;
   return async ({ fields }) => {
-    var _a, _b;
-    const userFields = fields.filter((f) => f && db.getFieldByPath("users." + f));
-    (_a = ctx.logger) == null ? void 0 : _a.info("filter-parse: ", { userFields });
-    if (!ctx.state.currentUser) {
+    if (!db) {
       return;
     }
+    if (!currentUser) {
+      return;
+    }
+    const userFields = fields.filter((f) => f && db.getFieldByPath("users." + f));
     if (!userFields.length) {
       return;
     }
     const user = await db.getRepository("users").findOne({
-      filterByTk: ctx.state.currentUser.id,
+      filterByTk: currentUser.id,
       fields: userFields
     });
-    (_b = ctx.logger) == null ? void 0 : _b.info("filter-parse: ", {
-      $user: user == null ? void 0 : user.toJSON()
-    });
     return user;
   };
 }
-__name(getUser, "getUser");
+__name(createUserProvider, "createUserProvider");
+function containsCreatedByIdFilter(input, seen = /* @__PURE__ */ new Set()) {
+  if (!input) {
+    return false;
+  }
+  if (Array.isArray(input)) {
+    return input.some((item) => containsCreatedByIdFilter(item, seen));
+  }
+  if (!import_lodash.default.isPlainObject(input)) {
+    return false;
+  }
+  if (seen.has(input)) {
+    return false;
+  }
+  seen.add(input);
+  for (const [key, value] of Object.entries(input)) {
+    if (isCreatedByIdKey(key)) {
+      return true;
+    }
+    if (containsCreatedByIdFilter(value, seen)) {
+      return true;
+    }
+  }
+  return false;
+}
+__name(containsCreatedByIdFilter, "containsCreatedByIdFilter");
+function isCreatedByIdKey(key) {
+  return key === "createdById" || key.startsWith("createdById.") || key.startsWith("createdById$");
+}
+__name(isCreatedByIdKey, "isCreatedByIdKey");
+async function parseJsonTemplate(filter, options) {
+  if (!filter) {
+    return filter;
+  }
+  const timezone = options == null ? void 0 : options.timezone;
+  const state = JSON.parse(JSON.stringify((options == null ? void 0 : options.state) || {}));
+  const parsedFilter = await (0, import_utils.parseFilter)(filter, {
+    timezone,
+    now: (/* @__PURE__ */ new Date()).toISOString(),
+    vars: {
+      ctx: {
+        state
+      },
+      $user: (options == null ? void 0 : options.userProvider) || (async () => void 0),
+      $nRole: /* @__PURE__ */ __name(() => state.currentRole, "$nRole")
+    }
+  });
+  return parsedFilter;
+}
+__name(parseJsonTemplate, "parseJsonTemplate");
+function checkFilterParams(collection, filter) {
+  if (!filter) {
+    return;
+  }
+  if (!containsCreatedByIdFilter(filter)) {
+    return;
+  }
+  if (!collection || !collection.getField("createdById")) {
+    throw new import_no_permission_error.NoPermissionError("createdById field not found");
+  }
+}
+__name(checkFilterParams, "checkFilterParams");
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
-  ACL
+  ACL,
+  checkFilterParams,
+  createUserProvider,
+  parseJsonTemplate
 });

package/lib/fixed-params-manager.d.ts

@@ -7,10 +7,13 @@
  * For more information, please refer to: https://www.nocobase.com/agreement.
  */
 export type Merger = () => object;
+export type GeneralMerger = (resource: string, action: string) => object;
 export type ActionPath = string;
 export default class FixedParamsManager {
     merger: Map<string, Merger[]>;
+    generalMergers: Array<GeneralMerger>;
     addParams(resource: string, action: string, merger: Merger): void;
+    addGeneralParams(merger: GeneralMerger): void;
     getParamsMerger(resource: string, action: string): Merger[];
     protected getActionPath(resource: string, action: string): string;
     getParams(resource: string, action: string, extraParams?: any): {};

package/lib/fixed-params-manager.js

@@ -34,10 +34,14 @@ var import_utils = require("@nocobase/utils");
 const SPLIT = ":";
 const _FixedParamsManager = class _FixedParamsManager {
   merger = /* @__PURE__ */ new Map();
+  generalMergers = [];
   addParams(resource, action, merger) {
     const path = this.getActionPath(resource, action);
     this.merger.set(path, [...this.getParamsMerger(resource, action), merger]);
   }
+  addGeneralParams(merger) {
+    this.generalMergers.push(merger);
+  }
   getParamsMerger(resource, action) {
     const path = this.getActionPath(resource, action);
     return this.merger.get(path) || [];
@@ -47,6 +51,9 @@ const _FixedParamsManager = class _FixedParamsManager {
   }
   getParams(resource, action, extraParams = {}) {
     const results = {};
+    for (const merger of this.generalMergers) {
+      _FixedParamsManager.mergeParams(results, merger(resource, action));
+    }
     for (const merger of this.getParamsMerger(resource, action)) {
       _FixedParamsManager.mergeParams(results, merger());
     }

package/package.json

@@ -1,19 +1,22 @@
 {
   "name": "@nocobase/acl",
-  "version": "2.1.0-alpha.1",
+  "version": "2.1.0-alpha.10",
   "description": "",
-  "license": "AGPL-3.0",
+  "license": "Apache-2.0",
   "main": "./lib/index.js",
   "types": "./lib/index.d.ts",
   "dependencies": {
-    "@nocobase/resourcer": "2.1.0-alpha.1",
-    "@nocobase/utils": "2.1.0-alpha.1",
     "minimatch": "^5.1.1"
   },
+  "peerDependencies": {
+    "@nocobase/database": "2.x",
+    "@nocobase/resourcer": "2.x",
+    "@nocobase/utils": "2.x"
+  },
   "repository": {
     "type": "git",
     "url": "git+https://github.com/nocobase/nocobase.git",
     "directory": "packages/acl"
   },
-  "gitHead": "d27baf21569643d6fa83f882233f4e90eb5b89f1"
+  "gitHead": "ce790d46c0a5768ca9618c7d0d77ab8300de75c8"
 }