npm - @nocobase/plugin-acl - Versions diffs - 0.10.0-alpha.5 → 0.11.0-alpha.1 - Mend

@nocobase/plugin-acl 0.10.0-alpha.5 → 0.11.0-alpha.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (78) hide show

package/src/server/__tests__/setCurrentRole.test.ts ADDED Viewed

@@ -0,0 +1,86 @@
+import Database from '@nocobase/database';
+import UsersPlugin from '@nocobase/plugin-users';
+import { MockServer } from '@nocobase/test';
+import { setCurrentRole } from '../middlewares/setCurrentRole';
+import { prepareApp } from './prepare';
+describe('role', () => {
+  let api: MockServer;
+  let db: Database;
+  let usersPlugin: UsersPlugin;
+  let ctx;
+  beforeEach(async () => {
+    api = await prepareApp();
+    db = api.db;
+    usersPlugin = api.getPlugin('users');
+    ctx = {
+      db,
+      state: {
+        currentRole: '',
+      },
+    };
+  });
+  afterEach(async () => {
+    await api.destroy();
+  });
+  it('should set role with X-Role when exists', async () => {
+    ctx.state.currentUser = await db.getRepository('users').findOne({
+      appends: ['roles'],
+    });
+    ctx.get = function (name) {
+      if (name === 'X-Role') {
+        return 'admin';
+      }
+    };
+    await setCurrentRole(ctx, () => {});
+    expect(ctx.state.currentRole).toBe('admin');
+  });
+  it('should set role with default', async () => {
+    ctx.state.currentUser = await db.getRepository('users').findOne({
+      appends: ['roles'],
+    });
+    ctx.get = function (name) {
+      if (name === 'X-Role') {
+        return '';
+      }
+    };
+    await setCurrentRole(ctx, () => {});
+    expect(ctx.state.currentRole).toBe('root');
+  });
+  it('should throw 401', async () => {
+    ctx.state.currentUser = await db.getRepository('users').findOne({
+      appends: ['roles'],
+    });
+    ctx.get = function (name) {
+      if (name === 'X-Role') {
+        return 'abc';
+      }
+    };
+    const throwFn = jest.fn();
+    ctx.throw = throwFn;
+    await setCurrentRole(ctx, () => {});
+    expect(throwFn).lastCalledWith(401, 'User role not found');
+    expect(ctx.state.currentRole).not.toBeDefined();
+  });
+  it('should set role with anonymous', async () => {
+    ctx.state.currentUser = await db.getRepository('users').findOne({
+      appends: ['roles'],
+    });
+    ctx.get = function (name) {
+      if (name === 'X-Role') {
+        return 'anonymous';
+      }
+    };
+    await setCurrentRole(ctx, () => {});
+    expect(ctx.state.currentRole).toBe('anonymous');
+  });
+});

package/src/server/__tests__/snippets.test.ts ADDED Viewed

@@ -0,0 +1,35 @@
+import { MockServer } from '@nocobase/test';
+import { prepareApp } from './prepare';
+describe('snippet', () => {
+  let app: MockServer;
+  beforeEach(async () => {
+    app = await prepareApp();
+  });
+  afterEach(async () => {
+    await app.destroy();
+  });
+  it('should not allow to create collections when global allow create', async () => {
+    await app.db.getRepository('roles').create({
+      values: {
+        name: 'testRole',
+        strategy: { actions: ['view', 'update:own', 'destroy:own', 'create'] },
+        snippets: ['!ui.*', '!pm', '!pm.*'],
+      },
+    });
+    const user = await app.db.getRepository('users').create({
+      values: {
+        roles: ['testRole'],
+      },
+    });
+    const userPlugin: any = app.getPlugin('users');
+    const userAgent: any = app.agent().login(user);
+    const createCollectionResponse = await userAgent.resource('collections').create({});
+    expect(createCollectionResponse.statusCode).toEqual(403);
+  });
+});

package/src/server/__tests__/users.test.ts ADDED Viewed

@@ -0,0 +1,136 @@
+import Database from '@nocobase/database';
+import { MockServer } from '@nocobase/test';
+import { prepareApp } from './prepare';
+describe('actions', () => {
+  let app: MockServer;
+  let db: Database;
+  let adminUser;
+  let agent;
+  let adminAgent;
+  let pluginUser;
+  beforeEach(async () => {
+    process.env.INIT_ROOT_EMAIL = 'test@nocobase.com';
+    process.env.INIT_ROOT_PASSWORD = '123456';
+    process.env.INIT_ROOT_NICKNAME = 'Test';
+    app = await prepareApp();
+    db = app.db;
+    pluginUser = app.getPlugin('users');
+    adminUser = await db.getRepository('users').findOne({
+      filter: {
+        email: process.env.INIT_ROOT_EMAIL,
+      },
+      appends: ['roles'],
+    });
+    agent = app.agent();
+    adminAgent = app.agent().login(adminUser);
+  });
+  afterEach(async () => {
+    await db.close();
+  });
+  it('update profile with roles', async () => {
+    const res2 = await adminAgent.resource('users').updateProfile({
+      filterByTk: adminUser.id,
+      values: {
+        nickname: 'a',
+        roles: adminUser.roles,
+      },
+    });
+    expect(res2.status).toBe(200);
+  });
+  it('can destroy users role', async () => {
+    const role2 = await db.getRepository('roles').create({
+      values: {
+        name: 'test',
+      },
+    });
+    const users2 = await db.getRepository('users').create({
+      values: {
+        email: 'test2@nocobase.com',
+        name: 'test2',
+        password: '123456',
+        roles: [
+          {
+            name: 'test',
+          },
+        ],
+      },
+    });
+    let response = await agent.post('/auth:signIn').send({
+      email: 'test2@nocobase.com',
+      password: '123456',
+    });
+    expect(response.statusCode).toEqual(200);
+    const token = response.body.data.token;
+    const loggedAgent = app.agent().auth(token, { type: 'bearer' });
+    const rolesCheckResponse = (await loggedAgent.set('Accept', 'application/json').get('/roles:check')) as any;
+    expect(rolesCheckResponse.statusCode).toEqual(200);
+    await db.getRepository('roles').destroy({
+      filterByTk: 'test',
+    });
+    response = await agent.post('/auth:signIn').send({
+      email: 'test2@nocobase.com',
+      password: '123456',
+    });
+    expect(response.statusCode).toEqual(200);
+    const rolesCheckResponse2 = (await loggedAgent.set('Accept', 'application/json').get('/roles:check')) as any;
+    expect(rolesCheckResponse2.status).toEqual(401);
+    expect(rolesCheckResponse2.body.errors[0].message).toEqual('User role not found');
+  });
+  it('should destroy through table record when destroy role', async () => {
+    await db.getRepository('roles').create({
+      values: {
+        name: 'test',
+      },
+    });
+    const users2 = await db.getRepository('users').create({
+      values: {
+        email: 'test2@nocobase.com',
+        name: 'test2',
+        password: '123456',
+        roles: [
+          {
+            name: 'test',
+          },
+        ],
+      },
+    });
+    expect(await users2.countRoles()).toEqual(1);
+    await db.getRepository('roles').destroy({
+      filterByTk: 'test',
+    });
+    expect(await users2.countRoles()).toEqual(0);
+    await db.getRepository('roles').create({
+      values: {
+        name: 'test',
+      },
+    });
+    expect(await users2.countRoles()).toEqual(0);
+  });
+});

package/src/server/__tests__/write-role-to-acl.test.ts ADDED Viewed

@@ -0,0 +1,41 @@
+import { MockServer } from '@nocobase/test';
+import { Database } from '@nocobase/database';
+import { prepareApp } from './prepare';
+describe('write role to acl', () => {
+  let app: MockServer;
+  let db: Database;
+  beforeEach(async () => {
+    app = await prepareApp();
+    db = app.db;
+  });
+  afterEach(async () => {
+    await app.destroy();
+  });
+  it('should write role to acl if role instance exists in db', async () => {
+    const role = await db.getRepository('roles').create({
+      values: {
+        name: 'test',
+      },
+    });
+    // remove role from acl
+    app.acl.removeRole('test');
+    const user = await db.getRepository('users').create({
+      values: {
+        roles: ['test'],
+      },
+    });
+    const agent = app.agent().login(user);
+    // @ts-ignore
+    const response = await agent.resource('roles').check();
+    expect(response.statusCode).toEqual(200);
+  });
+});

package/src/server/actions/available-actions.ts ADDED Viewed

@@ -0,0 +1,18 @@
+const availableActionResource = {
+  name: 'availableActions',
+  actions: {
+    async list(ctx, next) {
+      const acl = ctx.app.acl;
+      const availableActions = acl.getAvailableActions();
+      ctx.body = Array.from(availableActions.entries()).map(([, { name, options }]) => {
+        return {
+          ...options,
+          name,
+        };
+      });
+      await next();
+    },
+  },
+};
+export { availableActionResource };

package/src/server/actions/role-check.ts ADDED Viewed

@@ -0,0 +1,50 @@
+const map2obj = (map: Map<string, string>) => {
+  const obj = {};
+  for (const [key, value] of map) {
+    obj[key] = value;
+  }
+  return obj;
+};
+export async function checkAction(ctx, next) {
+  const currentRole = ctx.state.currentRole;
+  const roleInstance = await ctx.db.getRepository('roles').findOne({
+    filter: {
+      name: currentRole,
+    },
+    appends: ['menuUiSchemas'],
+  });
+  if (!roleInstance) {
+    throw new Error(`Role ${currentRole} not exists`);
+  }
+  const anonymous = await ctx.db.getRepository('roles').findOne({
+    filter: {
+      name: 'anonymous',
+    },
+  });
+  let role = ctx.app.acl.getRole(currentRole);
+  if (!role) {
+    await ctx.app.emitAsync('acl:writeRoleToACL', roleInstance);
+    role = ctx.app.acl.getRole(currentRole);
+  }
+  const availableActions = ctx.app.acl.getAvailableActions();
+  ctx.body = {
+    ...role.toJSON(),
+    availableActions: [...availableActions.keys()],
+    resources: [...role.resources.keys()],
+    actionAlias: map2obj(ctx.app.acl.actionAlias),
+    allowAll: currentRole === 'root',
+    allowConfigure: roleInstance.get('allowConfigure'),
+    allowMenuItemIds: roleInstance.get('menuUiSchemas').map((uiSchema) => uiSchema.get('x-uid')),
+    allowAnonymous: !!anonymous,
+  };
+  await next();
+}

package/src/server/actions/role-collections.ts ADDED Viewed

@@ -0,0 +1,95 @@
+import { Database } from '@nocobase/database';
+type UsingConfigType = 'strategy' | 'resourceAction';
+function totalPage(total, pageSize): number {
+  return Math.ceil(total / pageSize);
+}
+const roleCollectionsResource = {
+  name: 'roles.collections',
+  actions: {
+    async list(ctx, next) {
+      const role = ctx.action.params.associatedIndex;
+      const { page = 1, pageSize = 20 } = ctx.action.params;
+      const db: Database = ctx.db;
+      const collectionRepository = db.getRepository('collections');
+      const fieldRepository = db.getRepository('fields');
+      // all collections
+      const [collections, count] = await collectionRepository.findAndCount({
+        filter: ctx.action.params.filter,
+        sort: 'sort',
+      });
+      // role collections
+      const roleResources = await db.getRepository('rolesResources').find({
+        filter: {
+          roleName: role,
+        },
+      });
+      // role collections
+      const roleResourcesNames = roleResources.map((roleResource) => roleResource.get('name'));
+      const roleResourceActionResourceNames = roleResources
+        .filter((roleResources) => roleResources.get('usingActionsConfig'))
+        .map((roleResources) => roleResources.get('name'));
+      const items = collections.map((collection, i) => {
+        const exists = roleResourcesNames.includes(collection.get('name'));
+        const usingConfig: UsingConfigType = roleResourceActionResourceNames.includes(collection.get('name'))
+          ? 'resourceAction'
+          : 'strategy';
+        const c = db.getCollection(collection.get('name'));
+        // const children = [...c.fields.values()]
+        //   .filter(
+        //     (f) => f.options.interface && ['hasOne', 'hasMany', 'belongsTo', 'belongsToMany'].includes(f.options.type),
+        //   )
+        //   .map((f, j) => {
+        //     const name = `${collection.get('name')}.${f.options.name}`;
+        //     const usingConfig: UsingConfigType = roleResourceActionResourceNames.includes(name)
+        //       ? 'resourceAction'
+        //       : 'strategy';
+        //     const exists = roleResourcesNames.includes(name);
+        //     return {
+        //       type: 'association',
+        //       __index: `${i}.children.${j}`,
+        //       name,
+        //       collectionName: f.options.target,
+        //       title: f.options?.uiSchema?.title,
+        //       roleName: role,
+        //       usingConfig,
+        //       exists,
+        //     };
+        //   });
+        return {
+          type: 'collection',
+          name: collection.get('name') as string,
+          collectionName: collection.get('name'),
+          title: collection.get('title') as string,
+          roleName: role,
+          usingConfig,
+          exists,
+          // children: children.length > 0 ? children : null,
+        };
+      });
+      ctx.body = {
+        count,
+        rows: items,
+        page: Number(page),
+        pageSize: Number(pageSize),
+        totalPage: totalPage(count, pageSize),
+      };
+      await next();
+    },
+  },
+};
+export { roleCollectionsResource };

package/src/server/actions/user-setDefaultRole.ts ADDED Viewed

@@ -0,0 +1,47 @@
+import { Context, Next } from '@nocobase/actions';
+export async function setDefaultRole(ctx: Context, next: Next) {
+  const {
+    values: { roleName },
+  } = ctx.action.params;
+  const {
+    db,
+    state: { currentUser },
+    action: {
+      params: { values },
+    },
+  } = ctx;
+  if (values.roleName == 'anonymous') {
+    return next();
+  }
+  const repository = db.getRepository('rolesUsers');
+  await db.sequelize.transaction(async (transaction) => {
+    await repository.update({
+      filter: {
+        userId: currentUser.get('id'),
+      },
+      values: {
+        default: false,
+      },
+      transaction,
+    });
+    await repository.update({
+      filter: {
+        userId: currentUser.get('id'),
+        roleName,
+      },
+      values: {
+        default: true,
+      },
+      transaction,
+    });
+  });
+  ctx.body = 'ok';
+  await next();
+}

package/src/server/collections/roles-users.ts ADDED Viewed

@@ -0,0 +1,8 @@
+import { CollectionOptions } from '@nocobase/database';
+export default {
+  name: 'rolesUsers',
+  duplicator: 'optional',
+  namespace: 'acl.acl',
+  fields: [{ type: 'boolean', name: 'default' }],
+} as CollectionOptions;

package/src/server/collections/roles.ts ADDED Viewed

@@ -0,0 +1,89 @@
+import { CollectionOptions } from '@nocobase/database';
+export default {
+  namespace: 'acl.acl',
+  duplicator: {
+    dumpable: 'required',
+    with: 'uiSchemas',
+  },
+  name: 'roles',
+  title: '{{t("Roles")}}',
+  autoGenId: false,
+  model: 'RoleModel',
+  filterTargetKey: 'name',
+  // targetKey: 'name',
+  sortable: true,
+  fields: [
+    {
+      type: 'uid',
+      name: 'name',
+      prefix: 'r_',
+      primaryKey: true,
+      interface: 'input',
+      uiSchema: {
+        type: 'string',
+        title: '{{t("Role UID")}}',
+        'x-component': 'Input',
+      },
+    },
+    {
+      type: 'string',
+      name: 'title',
+      unique: true,
+      interface: 'input',
+      uiSchema: {
+        type: 'string',
+        title: '{{t("Role name")}}',
+        'x-component': 'Input',
+      },
+    },
+    {
+      type: 'boolean',
+      name: 'default',
+    },
+    {
+      type: 'string',
+      name: 'description',
+    },
+    {
+      type: 'json',
+      name: 'strategy',
+    },
+    {
+      type: 'boolean',
+      name: 'default',
+      defaultValue: false,
+    },
+    {
+      type: 'boolean',
+      name: 'hidden',
+      defaultValue: false,
+    },
+    {
+      type: 'boolean',
+      name: 'allowConfigure',
+    },
+    {
+      type: 'boolean',
+      name: 'allowNewMenu',
+    },
+    {
+      type: 'belongsToMany',
+      name: 'menuUiSchemas',
+      target: 'uiSchemas',
+      targetKey: 'x-uid',
+    },
+    {
+      type: 'hasMany',
+      name: 'resources',
+      target: 'rolesResources',
+      sourceKey: 'name',
+      targetKey: 'name',
+    },
+    {
+      type: 'set',
+      name: 'snippets',
+      defaultValue: ['!ui.*', '!pm', '!pm.*'],
+    },
+  ],
+} as CollectionOptions;

package/src/server/collections/rolesResources.ts ADDED Viewed

@@ -0,0 +1,33 @@
+import { CollectionOptions } from '@nocobase/database';
+export default {
+  namespace: 'acl.acl',
+  duplicator: 'required',
+  name: 'rolesResources',
+  model: 'RoleResourceModel',
+  indexes: [
+    {
+      unique: true,
+      fields: ['roleName', 'name'],
+    },
+  ],
+  fields: [
+    {
+      type: 'belongsTo',
+      name: 'role',
+    },
+    {
+      type: 'string',
+      name: 'name',
+    },
+    {
+      type: 'boolean',
+      name: 'usingActionsConfig',
+    },
+    {
+      type: 'hasMany',
+      name: 'actions',
+      target: 'rolesResourcesActions',
+    },
+  ],
+} as CollectionOptions;

package/src/server/collections/rolesResourcesActions.ts ADDED Viewed

@@ -0,0 +1,31 @@
+import { CollectionOptions } from '@nocobase/database';
+export default {
+  namespace: 'acl.acl',
+  duplicator: 'required',
+  name: 'rolesResourcesActions',
+  model: 'RoleResourceActionModel',
+  fields: [
+    {
+      type: 'belongsTo',
+      name: 'resource',
+      foreignKey: 'rolesResourceId',
+      target: 'rolesResources',
+    },
+    {
+      type: 'string',
+      name: 'name',
+    },
+    {
+      type: 'array',
+      name: 'fields',
+      defaultValue: [],
+    },
+    {
+      type: 'belongsTo',
+      name: 'scope',
+      target: 'rolesResourcesScopes',
+      onDelete: 'RESTRICT',
+    },
+  ],
+} as CollectionOptions;

package/src/server/collections/rolesResourcesScopes.ts ADDED Viewed

@@ -0,0 +1,25 @@
+import { CollectionOptions } from '@nocobase/database';
+export default {
+  namespace: 'acl.acl',
+  duplicator: 'required',
+  name: 'rolesResourcesScopes',
+  fields: [
+    {
+      type: 'uid',
+      name: 'key',
+    },
+    {
+      type: 'string',
+      name: 'name',
+    },
+    {
+      type: 'string',
+      name: 'resourceName',
+    },
+    {
+      type: 'json',
+      name: 'scope',
+    },
+  ],
+} as CollectionOptions;