@nocobase/plugin-acl 0.11.1-alpha.5 → 0.12.0-alpha.1

package/client.d.ts

@@ -1,3 +1,2 @@
-export * from './src/client';
-export { default } from './src/client';
-
+export * from './dist/client';
+export { default } from './dist/client';

package/client.js

@@ -1 +1 @@
-module.exports = require('./lib/client/index.js');
+module.exports = require('./dist/client/index.js');

package/dist/client/index.js

@@ -0,0 +1,11 @@
+(function(global, factory) {
+  typeof exports === "object" && typeof module !== "undefined" ? factory(exports, require("@nocobase/client")) : typeof define === "function" && define.amd ? define(["exports", "@nocobase/client"], factory) : (global = typeof globalThis !== "undefined" ? globalThis : global || self, factory(global["@nocobase/plugin-acl"] = {}, global["@nocobase/client"]));
+})(this, function(exports2, client) {
+  "use strict";
+  class AclPlugin extends client.Plugin {
+    async load() {
+    }
+  }
+  exports2.default = AclPlugin;
+  Object.defineProperties(exports2, { __esModule: { value: true }, [Symbol.toStringTag]: { value: "Module" } });
+});

package/{lib/server → dist}/index.d.ts

@@ -1 +1,2 @@
+export * from './server';
 export { default } from './server';

package/dist/index.js

@@ -0,0 +1,18 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', { value: true });
+
+var server = require('./server');
+
+
+
+Object.defineProperty(exports, 'default', {
+  enumerable: true,
+  get: function () { return server__namespace.default; }
+});
+Object.keys(server).forEach(function (k) {
+  if (k !== 'default' && !Object.prototype.hasOwnProperty.call(exports, k)) Object.defineProperty(exports, k, {
+    enumerable: true,
+    get: function () { return server[k]; }
+  });
+});

package/{src/server/actions/available-actions.ts → dist/server/actions/available-actions.js}

@@ -1,5 +1,7 @@
+'use strict';
+
 const availableActionResource = {
-  name: 'availableActions',
+  name: "availableActions",
   actions: {
     async list(ctx, next) {
       const acl = ctx.app.acl;
@@ -7,12 +9,12 @@ const availableActionResource = {
       ctx.body = Array.from(availableActions.entries()).map(([, { name, options }]) => {
         return {
           ...options,
-          name,
+          name
         };
       });
       await next();
-    },
-  },
+    }
+  }
 };
 
-export { availableActionResource };
+exports.availableActionResource = availableActionResource;

package/{src/server/actions/role-check.ts → dist/server/actions/role-check.js}

@@ -1,50 +1,45 @@
-const map2obj = (map: Map<string, string>) => {
+'use strict';
+
+const map2obj = (map) => {
   const obj = {};
   for (const [key, value] of map) {
     obj[key] = value;
   }
   return obj;
 };
-
-export async function checkAction(ctx, next) {
+async function checkAction(ctx, next) {
   const currentRole = ctx.state.currentRole;
-
-  const roleInstance = await ctx.db.getRepository('roles').findOne({
+  const roleInstance = await ctx.db.getRepository("roles").findOne({
     filter: {
-      name: currentRole,
+      name: currentRole
     },
-    appends: ['menuUiSchemas'],
+    appends: ["menuUiSchemas"]
   });
-
   if (!roleInstance) {
     throw new Error(`Role ${currentRole} not exists`);
   }
-
-  const anonymous = await ctx.db.getRepository('roles').findOne({
+  const anonymous = await ctx.db.getRepository("roles").findOne({
     filter: {
-      name: 'anonymous',
-    },
+      name: "anonymous"
+    }
   });
-
   let role = ctx.app.acl.getRole(currentRole);
-
   if (!role) {
-    await ctx.app.emitAsync('acl:writeRoleToACL', roleInstance);
+    await ctx.app.emitAsync("acl:writeRoleToACL", roleInstance);
     role = ctx.app.acl.getRole(currentRole);
   }
-
   const availableActions = ctx.app.acl.getAvailableActions();
-
   ctx.body = {
     ...role.toJSON(),
     availableActions: [...availableActions.keys()],
     resources: [...role.resources.keys()],
     actionAlias: map2obj(ctx.app.acl.actionAlias),
-    allowAll: currentRole === 'root',
-    allowConfigure: roleInstance.get('allowConfigure'),
-    allowMenuItemIds: roleInstance.get('menuUiSchemas').map((uiSchema) => uiSchema.get('x-uid')),
-    allowAnonymous: !!anonymous,
+    allowAll: currentRole === "root",
+    allowConfigure: roleInstance.get("allowConfigure"),
+    allowMenuItemIds: roleInstance.get("menuUiSchemas").map((uiSchema) => uiSchema.get("x-uid")),
+    allowAnonymous: !!anonymous
   };
-
   await next();
 }
+
+exports.checkAction = checkAction;

package/dist/server/actions/role-collections.js

@@ -0,0 +1,53 @@
+'use strict';
+
+function totalPage(total, pageSize) {
+  return Math.ceil(total / pageSize);
+}
+const roleCollectionsResource = {
+  name: "roles.collections",
+  actions: {
+    async list(ctx, next) {
+      const role = ctx.action.params.associatedIndex;
+      const { page = 1, pageSize = 20 } = ctx.action.params;
+      const db = ctx.db;
+      const collectionRepository = db.getRepository("collections");
+      db.getRepository("fields");
+      const [collections, count] = await collectionRepository.findAndCount({
+        filter: ctx.action.params.filter,
+        sort: "sort"
+      });
+      const roleResources = await db.getRepository("rolesResources").find({
+        filter: {
+          roleName: role
+        }
+      });
+      const roleResourcesNames = roleResources.map((roleResource) => roleResource.get("name"));
+      const roleResourceActionResourceNames = roleResources.filter((roleResources2) => roleResources2.get("usingActionsConfig")).map((roleResources2) => roleResources2.get("name"));
+      const items = collections.map((collection, i) => {
+        const exists = roleResourcesNames.includes(collection.get("name"));
+        const usingConfig = roleResourceActionResourceNames.includes(collection.get("name")) ? "resourceAction" : "strategy";
+        db.getCollection(collection.get("name"));
+        return {
+          type: "collection",
+          name: collection.get("name"),
+          collectionName: collection.get("name"),
+          title: collection.get("title"),
+          roleName: role,
+          usingConfig,
+          exists
+          // children: children.length > 0 ? children : null,
+        };
+      });
+      ctx.body = {
+        count,
+        rows: items,
+        page: Number(page),
+        pageSize: Number(pageSize),
+        totalPage: totalPage(count, pageSize)
+      };
+      await next();
+    }
+  }
+};
+
+exports.roleCollectionsResource = roleCollectionsResource;

package/dist/server/actions/user-setDefaultRole.js

@@ -0,0 +1,43 @@
+'use strict';
+
+async function setDefaultRole(ctx, next) {
+  const {
+    values: { roleName }
+  } = ctx.action.params;
+  const {
+    db,
+    state: { currentUser },
+    action: {
+      params: { values }
+    }
+  } = ctx;
+  if (values.roleName == "anonymous") {
+    return next();
+  }
+  const repository = db.getRepository("rolesUsers");
+  await db.sequelize.transaction(async (transaction) => {
+    await repository.update({
+      filter: {
+        userId: currentUser.get("id")
+      },
+      values: {
+        default: false
+      },
+      transaction
+    });
+    await repository.update({
+      filter: {
+        userId: currentUser.get("id"),
+        roleName
+      },
+      values: {
+        default: true
+      },
+      transaction
+    });
+  });
+  ctx.body = "ok";
+  await next();
+}
+
+exports.setDefaultRole = setDefaultRole;

package/dist/server/collections/roles-users.js

@@ -0,0 +1,10 @@
+'use strict';
+
+var roles_users_default = {
+  name: "rolesUsers",
+  duplicator: "optional",
+  namespace: "acl.acl",
+  fields: [{ type: "boolean", name: "default" }]
+};
+
+module.exports = roles_users_default;

package/dist/server/collections/roles.js

@@ -0,0 +1,103 @@
+'use strict';
+
+var roles_default = {
+  namespace: "acl.acl",
+  duplicator: {
+    dumpable: "required",
+    with: "uiSchemas"
+  },
+  name: "roles",
+  title: '{{t("Roles")}}',
+  autoGenId: false,
+  model: "RoleModel",
+  filterTargetKey: "name",
+  // targetKey: 'name',
+  sortable: true,
+  fields: [
+    {
+      type: "uid",
+      name: "name",
+      prefix: "r_",
+      primaryKey: true,
+      interface: "input",
+      uiSchema: {
+        type: "string",
+        title: '{{t("Role UID")}}',
+        "x-component": "Input"
+      }
+    },
+    {
+      type: "string",
+      name: "title",
+      unique: true,
+      interface: "input",
+      uiSchema: {
+        type: "string",
+        title: '{{t("Role name")}}',
+        "x-component": "Input"
+      },
+      translation: true
+    },
+    {
+      type: "boolean",
+      name: "default"
+    },
+    {
+      type: "string",
+      name: "description"
+    },
+    {
+      type: "json",
+      name: "strategy"
+    },
+    {
+      type: "boolean",
+      name: "default",
+      defaultValue: false
+    },
+    {
+      type: "boolean",
+      name: "hidden",
+      defaultValue: false
+    },
+    {
+      type: "boolean",
+      name: "allowConfigure"
+    },
+    {
+      type: "boolean",
+      name: "allowNewMenu"
+    },
+    {
+      type: "belongsToMany",
+      name: "menuUiSchemas",
+      target: "uiSchemas",
+      targetKey: "x-uid"
+    },
+    {
+      type: "hasMany",
+      name: "resources",
+      target: "rolesResources",
+      sourceKey: "name",
+      targetKey: "name"
+    },
+    {
+      type: "set",
+      name: "snippets",
+      defaultValue: ["!ui.*", "!pm", "!pm.*"]
+    },
+    {
+      type: "belongsToMany",
+      name: "users",
+      target: "users",
+      foreignKey: "roleName",
+      otherKey: "userId",
+      onDelete: "CASCADE",
+      sourceKey: "name",
+      targetKey: "id",
+      through: "rolesUsers"
+    }
+  ]
+};
+
+module.exports = roles_default;

package/dist/server/collections/rolesResources.js

@@ -0,0 +1,35 @@
+'use strict';
+
+var rolesResources_default = {
+  namespace: "acl.acl",
+  duplicator: "required",
+  name: "rolesResources",
+  model: "RoleResourceModel",
+  indexes: [
+    {
+      unique: true,
+      fields: ["roleName", "name"]
+    }
+  ],
+  fields: [
+    {
+      type: "belongsTo",
+      name: "role"
+    },
+    {
+      type: "string",
+      name: "name"
+    },
+    {
+      type: "boolean",
+      name: "usingActionsConfig"
+    },
+    {
+      type: "hasMany",
+      name: "actions",
+      target: "rolesResourcesActions"
+    }
+  ]
+};
+
+module.exports = rolesResources_default;

package/dist/server/collections/rolesResourcesActions.js

@@ -0,0 +1,33 @@
+'use strict';
+
+var rolesResourcesActions_default = {
+  namespace: "acl.acl",
+  duplicator: "required",
+  name: "rolesResourcesActions",
+  model: "RoleResourceActionModel",
+  fields: [
+    {
+      type: "belongsTo",
+      name: "resource",
+      foreignKey: "rolesResourceId",
+      target: "rolesResources"
+    },
+    {
+      type: "string",
+      name: "name"
+    },
+    {
+      type: "array",
+      name: "fields",
+      defaultValue: []
+    },
+    {
+      type: "belongsTo",
+      name: "scope",
+      target: "rolesResourcesScopes",
+      onDelete: "RESTRICT"
+    }
+  ]
+};
+
+module.exports = rolesResourcesActions_default;

package/dist/server/collections/rolesResourcesScopes.js

@@ -0,0 +1,27 @@
+'use strict';
+
+var rolesResourcesScopes_default = {
+  namespace: "acl.acl",
+  duplicator: "required",
+  name: "rolesResourcesScopes",
+  fields: [
+    {
+      type: "uid",
+      name: "key"
+    },
+    {
+      type: "string",
+      name: "name"
+    },
+    {
+      type: "string",
+      name: "resourceName"
+    },
+    {
+      type: "json",
+      name: "scope"
+    }
+  ]
+};
+
+module.exports = rolesResourcesScopes_default;

package/dist/server/collections/users.js

@@ -0,0 +1,35 @@
+'use strict';
+
+var database = require('@nocobase/database');
+
+var users_default = database.extend({
+  name: "users",
+  fields: [
+    {
+      interface: "m2m",
+      type: "belongsToMany",
+      name: "roles",
+      target: "roles",
+      foreignKey: "userId",
+      otherKey: "roleName",
+      onDelete: "CASCADE",
+      sourceKey: "id",
+      targetKey: "name",
+      through: "rolesUsers",
+      uiSchema: {
+        type: "array",
+        title: '{{t("Roles")}}',
+        "x-component": "AssociationField",
+        "x-component-props": {
+          multiple: true,
+          fieldNames: {
+            label: "title",
+            value: "name"
+          }
+        }
+      }
+    }
+  ]
+});
+
+module.exports = users_default;

package/dist/server/index.js

@@ -0,0 +1,11 @@
+'use strict';
+
+var server = require('./server');
+
+function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
+
+var server__default = /*#__PURE__*/_interopDefault(server);
+
+
+
+module.exports = server__default.default;

package/dist/server/middlewares/setCurrentRole.js

@@ -0,0 +1,31 @@
+'use strict';
+
+async function setCurrentRole(ctx, next) {
+  var _a, _b;
+  const currentRole = ctx.get("X-Role");
+  if (currentRole === "anonymous") {
+    ctx.state.currentRole = currentRole;
+    return next();
+  }
+  if (!ctx.state.currentUser) {
+    return next();
+  }
+  const repository = ctx.db.getRepository("users.roles", ctx.state.currentUser.id);
+  const roles = await repository.find();
+  ctx.state.currentUser.setDataValue("roles", roles);
+  if (currentRole) {
+    ctx.state.currentRole = (_a = roles.find((role) => role.name === currentRole)) == null ? void 0 : _a.name;
+  } else {
+    const defaultRole = roles.find((item) => {
+      var _a2;
+      return (_a2 = item == null ? void 0 : item.rolesUsers) == null ? void 0 : _a2.default;
+    });
+    ctx.state.currentRole = (_b = defaultRole || roles[0]) == null ? void 0 : _b.name;
+  }
+  if (!ctx.state.currentRole) {
+    return ctx.throw(401, "User role not found");
+  }
+  await next();
+}
+
+exports.setCurrentRole = setCurrentRole;

package/dist/server/migrations/20221214072638-set-role-snippets.js

@@ -0,0 +1,25 @@
+'use strict';
+
+var server = require('@nocobase/server');
+
+class set_role_snippets_default extends server.Migration {
+  async up() {
+    const result = await this.app.version.satisfies("<0.9.3-alpha.1");
+    if (!result) {
+      return;
+    }
+    await this.app.db.getRepository("roles").update({
+      filter: {
+        $or: [{ allowConfigure: true }, { name: "root" }]
+      },
+      values: {
+        snippets: ["ui.*", "pm", "pm.*"],
+        allowConfigure: false
+      }
+    });
+  }
+  async down() {
+  }
+}
+
+module.exports = set_role_snippets_default;

package/dist/server/model/RoleModel.js

@@ -0,0 +1,23 @@
+'use strict';
+
+var database = require('@nocobase/database');
+
+class RoleModel extends database.Model {
+  writeToAcl(options) {
+    const { acl } = options;
+    const roleName = this.get("name");
+    let role = acl.getRole(roleName);
+    if (!role) {
+      role = acl.define({
+        role: roleName
+      });
+    }
+    role.setStrategy({
+      ...this.get("strategy") || {},
+      allowConfigure: this.get("allowConfigure")
+    });
+    role.snippets = new Set(this.get("snippets"));
+  }
+}
+
+exports.RoleModel = RoleModel;

package/dist/server/model/RoleResourceActionModel.js

@@ -0,0 +1,64 @@
+'use strict';
+
+var database = require('@nocobase/database');
+
+class RoleResourceActionModel extends database.Model {
+  async writeToACL(options) {
+    var _a;
+    const db = this.constructor.database;
+    const { resourceName, role, acl, associationFieldsActions, grantHelper } = options;
+    const actionName = this.get("name");
+    const fields = this.get("fields");
+    const actionPath = `${resourceName}:${actionName}`;
+    const actionParams = {
+      fields
+    };
+    const scope = await this.getScope();
+    if (scope) {
+      actionParams["own"] = scope.get("key") === "own";
+      actionParams["filter"] = scope.get("scope");
+    }
+    role.grantAction(actionPath, actionParams);
+    const collection = db.getCollection(resourceName);
+    if (!collection) {
+      return;
+    }
+    const availableAction = acl.resolveActionAlias(actionName);
+    for (const field of fields) {
+      const collectionField = collection.getField(field);
+      if (!collectionField) {
+        console.log(`field ${field} does not exist at ${collection.name}`);
+        continue;
+      }
+      const fieldType = collectionField.get("type");
+      const fieldActions = (_a = associationFieldsActions == null ? void 0 : associationFieldsActions[fieldType]) == null ? void 0 : _a[availableAction];
+      const fieldTarget = collectionField.get("target");
+      if (fieldActions) {
+        const associationActions = fieldActions.associationActions || [];
+        associationActions.forEach((associationAction) => {
+          const actionName2 = `${resourceName}.${collectionField.get("name")}:${associationAction}`;
+          role.grantAction(actionName2);
+        });
+        const targetActions = fieldActions.targetActions || [];
+        targetActions.forEach((targetAction) => {
+          const targetActionPath = `${fieldTarget}:${targetAction}`;
+          const existsAction = role.getActionParams(targetActionPath);
+          if (existsAction) {
+            return;
+          }
+          grantHelper.resourceTargetActionMap.set(`${role.name}.${resourceName}`, [
+            ...grantHelper.resourceTargetActionMap.get(resourceName) || [],
+            targetActionPath
+          ]);
+          grantHelper.targetActionResourceMap.set(targetActionPath, [
+            ...grantHelper.targetActionResourceMap.get(targetActionPath) || [],
+            `${role.name}.${resourceName}`
+          ]);
+          role.grantAction(targetActionPath);
+        });
+      }
+    }
+  }
+}
+
+exports.RoleResourceActionModel = RoleResourceActionModel;