npm - @nocobase/plugin-acl - Versions diffs - 0.11.1-alpha.4 → 0.12.0-alpha.1 - Mend

@nocobase/plugin-acl 0.11.1-alpha.4 → 0.12.0-alpha.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (96) hide show

package/client.d.ts +2 -3
package/client.js +1 -1
package/dist/client/index.js +11 -0
package/{lib/server → dist}/index.d.ts +1 -0
package/dist/index.js +18 -0
package/{src/server/actions/available-actions.ts → dist/server/actions/available-actions.js} +7 -5
package/{src/server/actions/role-check.ts → dist/server/actions/role-check.js} +17 -22
package/dist/server/actions/role-collections.js +53 -0
package/dist/server/actions/user-setDefaultRole.js +43 -0
package/dist/server/collections/roles-users.js +10 -0
package/dist/server/collections/roles.js +103 -0
package/dist/server/collections/rolesResources.js +35 -0
package/dist/server/collections/rolesResourcesActions.js +33 -0
package/dist/server/collections/rolesResourcesScopes.js +27 -0
package/dist/server/collections/users.js +35 -0
package/dist/server/index.js +11 -0
package/dist/server/middlewares/setCurrentRole.js +31 -0
package/dist/server/migrations/20221214072638-set-role-snippets.js +25 -0
package/dist/server/model/RoleModel.js +23 -0
package/dist/server/model/RoleResourceActionModel.js +64 -0
package/dist/server/model/RoleResourceModel.js +55 -0
package/dist/server/server.js +709 -0
package/package.json +12 -21
package/server.d.ts +3 -3
package/server.js +1 -1
package/lib/client/index.js +0 -22
package/lib/index.js +0 -13
package/lib/server/actions/available-actions.js +0 -34
package/lib/server/actions/role-check.js +0 -77
package/lib/server/actions/role-collections.js +0 -98
package/lib/server/actions/user-setDefaultRole.js +0 -52
package/lib/server/collections/roles-users.js +0 -16
package/lib/server/collections/roles.js +0 -92
package/lib/server/collections/rolesResources.js +0 -31
package/lib/server/collections/rolesResourcesActions.js +0 -31
package/lib/server/collections/rolesResourcesScopes.js +0 -25
package/lib/server/collections/users.js +0 -41
package/lib/server/index.js +0 -13
package/lib/server/middlewares/setCurrentRole.js +0 -45
package/lib/server/migrations/20221214072638-set-role-snippets.js +0 -43
package/lib/server/model/RoleModel.js +0 -35
package/lib/server/model/RoleResourceActionModel.js +0 -91
package/lib/server/model/RoleResourceModel.js +0 -106
package/lib/server/server.js +0 -947
package/src/client/index.ts +0 -8
package/src/index.ts +0 -1
package/src/server/__tests__/acl.test.ts +0 -835
package/src/server/__tests__/actions.test.ts +0 -141
package/src/server/__tests__/association-field.test.ts +0 -413
package/src/server/__tests__/configuration.test.ts +0 -70
package/src/server/__tests__/list-action.test.ts +0 -446
package/src/server/__tests__/middleware.test.ts +0 -210
package/src/server/__tests__/own.test.ts +0 -124
package/src/server/__tests__/prepare.ts +0 -20
package/src/server/__tests__/role-check.test.ts +0 -46
package/src/server/__tests__/role-resource.test.ts +0 -177
package/src/server/__tests__/role-user.test.ts +0 -127
package/src/server/__tests__/role.test.ts +0 -118
package/src/server/__tests__/scope.test.ts +0 -55
package/src/server/__tests__/setCurrentRole.test.ts +0 -86
package/src/server/__tests__/snippets.test.ts +0 -35
package/src/server/__tests__/users.test.ts +0 -136
package/src/server/__tests__/write-role-to-acl.test.ts +0 -41
package/src/server/actions/role-collections.ts +0 -95
package/src/server/actions/user-setDefaultRole.ts +0 -47
package/src/server/collections/roles-users.ts +0 -8
package/src/server/collections/roles.ts +0 -101
package/src/server/collections/rolesResources.ts +0 -33
package/src/server/collections/rolesResourcesActions.ts +0 -31
package/src/server/collections/rolesResourcesScopes.ts +0 -25
package/src/server/collections/users.ts +0 -31
package/src/server/index.ts +0 -1
package/src/server/middlewares/setCurrentRole.ts +0 -35
package/src/server/migrations/20221214072638-set-role-snippets.ts +0 -23
package/src/server/model/RoleModel.ts +0 -23
package/src/server/model/RoleResourceActionModel.ts +0 -95
package/src/server/model/RoleResourceModel.ts +0 -74
package/src/server/server.ts +0 -854
/package/{lib → dist}/client/index.d.ts +0 -0
/package/{lib → dist}/server/actions/available-actions.d.ts +0 -0
/package/{lib → dist}/server/actions/role-check.d.ts +0 -0
/package/{lib → dist}/server/actions/role-collections.d.ts +0 -0
/package/{lib → dist}/server/actions/user-setDefaultRole.d.ts +0 -0
/package/{lib → dist}/server/collections/roles-users.d.ts +0 -0
/package/{lib → dist}/server/collections/roles.d.ts +0 -0
/package/{lib → dist}/server/collections/rolesResources.d.ts +0 -0
/package/{lib → dist}/server/collections/rolesResourcesActions.d.ts +0 -0
/package/{lib → dist}/server/collections/rolesResourcesScopes.d.ts +0 -0
/package/{lib → dist}/server/collections/users.d.ts +0 -0
/package/{lib → dist/server}/index.d.ts +0 -0
/package/{lib → dist}/server/middlewares/setCurrentRole.d.ts +0 -0
/package/{lib → dist}/server/migrations/20221214072638-set-role-snippets.d.ts +0 -0
/package/{lib → dist}/server/model/RoleModel.d.ts +0 -0
/package/{lib → dist}/server/model/RoleResourceActionModel.d.ts +0 -0
/package/{lib → dist}/server/model/RoleResourceModel.d.ts +0 -0
/package/{lib → dist}/server/server.d.ts +0 -0

package/src/server/__tests__/list-action.test.ts DELETED Viewed

@@ -1,446 +0,0 @@
-import { Database } from '@nocobase/database';
-import { MockServer } from '@nocobase/test';
-import { prepareApp } from './prepare';
-describe('list action with acl', () => {
-  let app: MockServer;
-  let Post;
-  beforeEach(async () => {
-    app = await prepareApp();
-    Post = app.db.collection({
-      name: 'posts',
-      fields: [
-        { type: 'string', name: 'title' },
-        {
-          type: 'bigInt',
-          name: 'createdById',
-        },
-        {
-          type: 'belongsTo',
-          name: 'createdBy',
-          target: 'users',
-        },
-      ],
-    });
-    await app.db.sync();
-  });
-  afterEach(async () => {
-    await app.destroy();
-  });
-  it('should list with meta permission that has difference primary key', async () => {
-    const userRole = app.acl.define({
-      role: 'user',
-    });
-    app.acl.addFixedParams('tests', 'destroy', () => {
-      return {
-        filter: {
-          $and: [{ 'name.$ne': 't1' }, { 'name.$ne': 't2' }],
-        },
-      };
-    });
-    userRole.grantAction('tests:view', {});
-    userRole.grantAction('tests:update', {
-      own: true,
-    });
-    userRole.grantAction('tests:destroy', {});
-    const Test = app.db.collection({
-      name: 'tests',
-      fields: [
-        { type: 'string', name: 'name', primaryKey: true },
-        {
-          type: 'bigInt',
-          name: 'createdById',
-        },
-      ],
-      autoGenId: false,
-      filterTargetKey: 'name',
-    });
-    await app.db.sync();
-    await Test.repository.create({
-      values: [
-        { name: 't1', createdById: 1 },
-        { name: 't2', createdById: 1 },
-        { name: 't3', createdById: 2 },
-      ],
-    });
-    app.resourcer.use(
-      (ctx, next) => {
-        ctx.state.currentRole = 'user';
-        ctx.state.currentUser = {
-          id: 1,
-        };
-        return next();
-      },
-      {
-        before: 'acl',
-      },
-    );
-    //@ts-ignore
-    const response = await app.agent().set('X-With-ACL-Meta', true).resource('tests').list({});
-    const data = response.body;
-    expect(data.meta.allowedActions.view).toEqual(['t1', 't2', 't3']);
-    expect(data.meta.allowedActions.update).toEqual(['t1', 't2']);
-    expect(data.meta.allowedActions.destroy).toEqual(['t3']);
-  });
-  it('should list items meta permissions by association field', async () => {
-    const userRole = app.acl.define({
-      role: 'user',
-    });
-    userRole.grantAction('posts:view', {});
-    userRole.grantAction('posts:update', {
-      filter: {
-        'createdBy.id': '{{ ctx.state.currentUser.id }}',
-      },
-    });
-    await Post.repository.create({
-      values: [
-        { title: 'p1', createdById: 1 },
-        { title: 'p2', createdById: 1 },
-        { title: 'p3', createdById: 2 },
-      ],
-    });
-    app.resourcer.use(
-      (ctx, next) => {
-        ctx.state.currentRole = 'user';
-        ctx.state.currentUser = {
-          id: 1,
-        };
-        return next();
-      },
-      {
-        before: 'acl',
-      },
-    );
-    const response = await (app as any).agent().set('X-With-ACL-Meta', true).resource('posts').list();
-    const data = response.body;
-    expect(data.meta.allowedActions.view).toEqual([1, 2, 3]);
-    expect(data.meta.allowedActions.update).toEqual([1, 2]);
-    expect(data.meta.allowedActions.destroy).toEqual([]);
-  });
-  it('should list items with meta permission', async () => {
-    const userRole = app.acl.define({
-      role: 'user',
-    });
-    userRole.grantAction('posts:view', {});
-    userRole.grantAction('posts:update', {
-      own: true,
-    });
-    await Post.repository.create({
-      values: [
-        { title: 'p1', createdById: 1 },
-        { title: 'p2', createdById: 1 },
-        { title: 'p3', createdById: 2 },
-      ],
-    });
-    app.resourcer.use(
-      (ctx, next) => {
-        ctx.state.currentRole = 'user';
-        ctx.state.currentUser = {
-          id: 1,
-        };
-        return next();
-      },
-      {
-        before: 'acl',
-      },
-    );
-    // @ts-ignore
-    const response = await app.agent().set('X-With-ACL-Meta', true).resource('posts').list({});
-    const data = response.body;
-    expect(data.meta.allowedActions.view).toEqual([1, 2, 3]);
-    expect(data.meta.allowedActions.update).toEqual([1, 2]);
-    expect(data.meta.allowedActions.destroy).toEqual([]);
-  });
-  it('should response item permission when request get action', async () => {
-    const userRole = app.acl.define({
-      role: 'user',
-    });
-    userRole.grantAction('posts:view', {});
-    userRole.grantAction('posts:update', {
-      own: true,
-    });
-    await Post.repository.create({
-      values: [
-        { title: 'p1', createdById: 1 },
-        { title: 'p2', createdById: 1 },
-        { title: 'p3', createdById: 2 },
-      ],
-    });
-    app.resourcer.use(
-      (ctx, next) => {
-        ctx.state.currentRole = 'user';
-        ctx.state.currentUser = {
-          id: 1,
-        };
-        return next();
-      },
-      {
-        before: 'acl',
-      },
-    );
-    // @ts-ignore
-    const getResponse = await app.agent().set('X-With-ACL-Meta', true).resource('posts').get({
-      filterByTk: 1,
-    });
-    const getBody = getResponse.body;
-    expect(getBody.meta.allowedActions).toBeDefined();
-  });
-});
-describe('list association action with acl', () => {
-  let app;
-  let db: Database;
-  afterEach(async () => {
-    await app.destroy();
-  });
-  beforeEach(async () => {
-    app = await prepareApp();
-    db = app.db;
-    app.db.collection({
-      name: 'posts',
-      fields: [
-        {
-          type: 'string',
-          name: 'title',
-        },
-        {
-          type: 'hasMany',
-          name: 'comments',
-        },
-      ],
-    });
-    app.db.collection({
-      name: 'comments',
-      fields: [
-        {
-          type: 'string',
-          name: 'content',
-        },
-        {
-          type: 'belongsTo',
-          name: 'post',
-        },
-      ],
-    });
-    await app.db.sync();
-  });
-  it('should list allowedActions', async () => {
-    await db.getRepository('roles').create({
-      values: {
-        name: 'newRole',
-      },
-    });
-    const user = await db.getRepository('users').create({
-      values: {
-        roles: ['newRole'],
-      },
-    });
-    await db.getRepository('roles.resources', 'newRole').create({
-      values: {
-        name: 'posts',
-        usingActionConfig: true,
-        actions: [
-          {
-            name: 'view',
-            fields: ['title', 'comments'],
-          },
-          {
-            name: 'create',
-            fields: ['title', 'comments'],
-          },
-        ],
-      },
-    });
-    const userPlugin = app.getPlugin('users');
-    const userAgent = app.agent().login(user).set('X-With-ACL-Meta', true);
-    await userAgent.resource('posts').create({
-      values: {
-        title: 'post1',
-        comments: [{ content: 'comment1' }, { content: 'comment2' }],
-      },
-    });
-    const response = await userAgent.resource('posts').list({});
-    expect(response.statusCode).toEqual(200);
-    const commentsResponse = await userAgent.resource('posts.comments', 1).list({});
-    const data = commentsResponse.body;
-    /**
-     * allowedActions.view == [1]
-     * allowedActions.update = []
-     * allowedActions.destroy = []
-     */
-    expect(data['meta']['allowedActions']).toBeDefined();
-    expect(data['meta']['allowedActions'].view).toContain(1);
-    expect(data['meta']['allowedActions'].view).toContain(2);
-  });
-  it('tree list action allowActions', async () => {
-    await db.getRepository('roles').create({
-      values: {
-        name: 'newRole',
-      },
-    });
-    const user = await db.getRepository('users').create({
-      values: {
-        roles: ['newRole'],
-      },
-    });
-    const userPlugin = app.getPlugin('users');
-    const agent = app.agent().login(user).set('X-With-ACL-Meta', true);
-    app.acl.allow('table_a', ['*']);
-    app.acl.allow('collections', ['*']);
-    await agent.resource('collections').create({
-      values: {
-        autoGenId: true,
-        createdBy: false,
-        updatedBy: false,
-        createdAt: false,
-        updatedAt: false,
-        sortable: false,
-        name: 'table_a',
-        template: 'tree',
-        tree: 'adjacency-list',
-        fields: [
-          {
-            interface: 'integer',
-            name: 'parentId',
-            type: 'bigInt',
-            isForeignKey: true,
-            uiSchema: {
-              type: 'number',
-              title: '{{t("Parent ID")}}',
-              'x-component': 'InputNumber',
-              'x-read-pretty': true,
-            },
-            target: 'table_a',
-          },
-          {
-            interface: 'm2o',
-            type: 'belongsTo',
-            name: 'parent',
-            treeParent: true,
-            foreignKey: 'parentId',
-            uiSchema: {
-              title: '{{t("Parent")}}',
-              'x-component': 'AssociationField',
-              'x-component-props': { multiple: false, fieldNames: { label: 'id', value: 'id' } },
-            },
-            target: 'table_a',
-          },
-          {
-            interface: 'o2m',
-            type: 'hasMany',
-            name: 'children',
-            foreignKey: 'parentId',
-            uiSchema: {
-              title: '{{t("Children")}}',
-              'x-component': 'RecordPicker',
-              'x-component-props': { multiple: true, fieldNames: { label: 'id', value: 'id' } },
-            },
-            treeChildren: true,
-            target: 'table_a',
-          },
-          {
-            name: 'id',
-            type: 'bigInt',
-            autoIncrement: true,
-            primaryKey: true,
-            allowNull: false,
-            uiSchema: { type: 'number', title: '{{t("ID")}}', 'x-component': 'InputNumber', 'x-read-pretty': true },
-            interface: 'id',
-          },
-        ],
-        title: 'table_a',
-      },
-    });
-    await agent.resource('table_a').create({
-      values: {},
-    });
-    await agent.resource('table_a').create({
-      values: {
-        parent: {
-          id: 1,
-        },
-      },
-    });
-    await agent.resource('table_a').create({
-      values: {},
-    });
-    await agent.resource('table_a').create({
-      values: {
-        parent: {
-          id: 3,
-        },
-      },
-    });
-    const res = await agent.resource('table_a').list({
-      filter: JSON.stringify({
-        parentId: null,
-      }),
-      tree: true,
-    });
-    expect(res.body.meta.allowedActions.view.sort()).toMatchObject([1, 2, 3, 4]);
-  });
-});

package/src/server/__tests__/middleware.test.ts DELETED Viewed

@@ -1,210 +0,0 @@
-import { ACL } from '@nocobase/acl';
-import { Database, Model } from '@nocobase/database';
-import UsersPlugin from '@nocobase/plugin-users';
-import { MockServer } from '@nocobase/test';
-import { prepareApp } from './prepare';
-describe('middleware', () => {
-  let app: MockServer;
-  let role: Model;
-  let db: Database;
-  let acl: ACL;
-  let admin;
-  let adminAgent;
-  beforeEach(async () => {
-    app = await prepareApp();
-    db = app.db;
-    acl = app.acl;
-    role = await db.getRepository('roles').findOne({
-      filter: {
-        name: 'admin',
-      },
-    });
-    const UserRepo = db.getCollection('users').repository;
-    admin = await UserRepo.create({
-      values: {
-        roles: ['admin'],
-      },
-    });
-    const userPlugin = app.getPlugin('users') as UsersPlugin;
-    adminAgent = app.agent().login(admin);
-    await db.getRepository('collections').create({
-      values: {
-        name: 'posts',
-      },
-      context: {},
-    });
-    await db.getRepository('collections.fields', 'posts').create({
-      values: {
-        name: 'title',
-        type: 'string',
-      },
-      context: {},
-    });
-    await db.getRepository('collections.fields', 'posts').create({
-      values: {
-        name: 'description',
-        type: 'string',
-      },
-      context: {},
-    });
-    await db.getRepository('collections.fields', 'posts').create({
-      values: {
-        name: 'createdById',
-        type: 'integer',
-      },
-      context: {},
-    });
-  });
-  afterEach(async () => {
-    await app.destroy();
-  });
-  it('should throw 403 when no permission', async () => {
-    const response = await app.agent().resource('posts').create({
-      values: {},
-    });
-    expect(response.statusCode).toEqual(403);
-  });
-  it('should return 200 when role has permission', async () => {
-    await db.getRepository('roles').update({
-      filterByTk: 'admin',
-      values: {
-        strategy: {
-          actions: ['create:all'],
-        },
-      },
-    });
-    const response = await adminAgent.resource('posts').create({
-      values: {},
-    });
-    expect(response.statusCode).toEqual(200);
-  });
-  it('should limit fields on view actions', async () => {
-    await adminAgent.resource('roles.resources', role.get('name')).create({
-      values: {
-        name: 'posts',
-        usingActionsConfig: true,
-        actions: [
-          {
-            name: 'create',
-            fields: ['title', 'description'],
-          },
-          {
-            name: 'view',
-            fields: ['title'],
-          },
-        ],
-      },
-    });
-    await adminAgent.resource('posts').create({
-      values: {
-        title: 'post-title',
-        description: 'post-description',
-      },
-    });
-    const post = await db.getRepository('posts').findOne();
-    expect(post.get('title')).toEqual('post-title');
-    expect(post.get('description')).toEqual('post-description');
-    const response = await adminAgent.resource('posts').list({});
-    expect(response.statusCode).toEqual(200);
-    const [data] = response.body.data;
-    expect(data['id']).not.toBeUndefined();
-    expect(data['title']).toEqual('post-title');
-    expect(data['description']).toBeUndefined();
-  });
-  it('should parse template value on action params', async () => {
-    const res = await adminAgent.resource('rolesResourcesScopes').create({
-      values: {
-        name: 'own',
-        scope: {
-          createdById: '{{ ctx.state.currentUser.id }}',
-        },
-      },
-    });
-    await adminAgent.resource('roles.resources', role.get('name')).create({
-      values: {
-        name: 'posts',
-        usingActionsConfig: true,
-        actions: [
-          {
-            name: 'create',
-            fields: ['title', 'description', 'createdById'],
-          },
-          {
-            name: 'view',
-            fields: ['title'],
-            scope: res.body.data.id,
-          },
-        ],
-      },
-    });
-    await adminAgent.resource('posts').create({
-      values: {
-        title: 't1',
-        description: 'd1',
-        createdById: 1,
-      },
-    });
-    await adminAgent.resource('posts').create({
-      values: {
-        title: 't2',
-        description: 'p2',
-        createdById: 2,
-      },
-    });
-    const response = await adminAgent.resource('posts').list();
-    const data = response.body.data;
-    expect(data.length).toEqual(1);
-  });
-  it('should change fields params to whitelist in create action', async () => {
-    await adminAgent.resource('roles.resources', role.get('name')).create({
-      values: {
-        name: 'posts',
-        usingActionsConfig: true,
-        actions: [
-          {
-            name: 'create',
-            fields: ['title'],
-          },
-        ],
-      },
-    });
-    await adminAgent.resource('posts').create({
-      values: {
-        title: 'post-title',
-        description: 'post-description',
-      },
-    });
-    const post = await db.getRepository('posts').findOne();
-    expect(post.get('title')).toEqual('post-title');
-    expect(post.get('description')).toBeNull();
-  });
-});