@nocobase/plugin-acl 0.11.1-alpha.5 → 0.12.0-alpha.2

package/src/server/middlewares/setCurrentRole.ts

@@ -1,35 +0,0 @@
-import { Context } from '@nocobase/actions';
-import { Repository } from '@nocobase/database';
-
-export async function setCurrentRole(ctx: Context, next) {
-  const currentRole = ctx.get('X-Role');
-
-  if (currentRole === 'anonymous') {
-    ctx.state.currentRole = currentRole;
-    return next();
-  }
-
-  if (!ctx.state.currentUser) {
-    return next();
-  }
-
-  const repository = ctx.db.getRepository('users.roles', ctx.state.currentUser.id) as unknown as Repository;
-  const roles = await repository.find();
-  ctx.state.currentUser.setDataValue('roles', roles);
-
-  // 1. If the X-Role is set, use the specified role
-  if (currentRole) {
-    ctx.state.currentRole = roles.find((role) => role.name === currentRole)?.name;
-  }
-  // 2. If the X-Role is not set, use the default role
-  else {
-    const defaultRole = roles.find((item) => item?.rolesUsers?.default);
-    ctx.state.currentRole = (defaultRole || roles[0])?.name;
-  }
-
-  if (!ctx.state.currentRole) {
-    return ctx.throw(401, 'User role not found');
-  }
-
-  await next();
-}

package/src/server/migrations/20221214072638-set-role-snippets.ts

@@ -1,23 +0,0 @@
-import { Migration } from '@nocobase/server';
-
-export default class extends Migration {
-  async up() {
-    const result = await this.app.version.satisfies('<0.9.3-alpha.1');
-
-    if (!result) {
-      return;
-    }
-
-    await this.app.db.getRepository('roles').update({
-      filter: {
-        $or: [{ allowConfigure: true }, { name: 'root' }],
-      },
-      values: {
-        snippets: ['ui.*', 'pm', 'pm.*'],
-        allowConfigure: false,
-      },
-    });
-  }
-
-  async down() {}
-}

package/src/server/model/RoleModel.ts

@@ -1,23 +0,0 @@
-import { Model } from '@nocobase/database';
-import { ACL } from '@nocobase/acl';
-
-export class RoleModel extends Model {
-  writeToAcl(options: { acl: ACL }) {
-    const { acl } = options;
-    const roleName = this.get('name') as string;
-    let role = acl.getRole(roleName);
-
-    if (!role) {
-      role = acl.define({
-        role: roleName,
-      });
-    }
-
-    role.setStrategy({
-      ...((this.get('strategy') as object) || {}),
-      allowConfigure: this.get('allowConfigure') as boolean,
-    });
-
-    role.snippets = new Set(this.get('snippets'));
-  }
-}

package/src/server/model/RoleResourceActionModel.ts

@@ -1,95 +0,0 @@
-import { ACL, ACLRole } from '@nocobase/acl';
-import { Database, Model } from '@nocobase/database';
-import { AssociationFieldAction, AssociationFieldsActions, GrantHelper } from '../server';
-
-export class RoleResourceActionModel extends Model {
-  async writeToACL(options: {
-    acl: ACL;
-    role: ACLRole;
-    resourceName: string;
-    associationFieldsActions: AssociationFieldsActions;
-    grantHelper: GrantHelper;
-  }) {
-    // @ts-ignore
-    const db: Database = this.constructor.database;
-
-    const { resourceName, role, acl, associationFieldsActions, grantHelper } = options;
-
-    const actionName = this.get('name') as string;
-
-    const fields = this.get('fields') as any;
-
-    const actionPath = `${resourceName}:${actionName}`;
-    const actionParams = {
-      fields,
-    };
-
-    // @ts-ignore
-    const scope = await this.getScope();
-
-    if (scope) {
-      actionParams['own'] = scope.get('key') === 'own';
-      actionParams['filter'] = scope.get('scope');
-    }
-
-    role.grantAction(actionPath, actionParams);
-
-    const collection = db.getCollection(resourceName);
-
-    if (!collection) {
-      return;
-    }
-
-    const availableAction = acl.resolveActionAlias(actionName);
-
-    for (const field of fields) {
-      const collectionField = collection.getField(field);
-
-      if (!collectionField) {
-        console.log(`field ${field} does not exist at ${collection.name}`);
-        continue;
-      }
-
-      const fieldType = collectionField.get('type') as string;
-
-      const fieldActions: AssociationFieldAction = associationFieldsActions?.[fieldType]?.[availableAction];
-
-      const fieldTarget = collectionField.get('target');
-
-      if (fieldActions) {
-        // grant association actions to role
-        const associationActions = fieldActions.associationActions || [];
-
-        associationActions.forEach((associationAction) => {
-          const actionName = `${resourceName}.${collectionField.get('name')}:${associationAction}`;
-          role.grantAction(actionName);
-        });
-
-        const targetActions = fieldActions.targetActions || [];
-
-        targetActions.forEach((targetAction) => {
-          const targetActionPath = `${fieldTarget}:${targetAction}`;
-
-          const existsAction = role.getActionParams(targetActionPath);
-
-          if (existsAction) {
-            return;
-          }
-
-          // set resource target action with current resourceName
-          grantHelper.resourceTargetActionMap.set(`${role.name}.${resourceName}`, [
-            ...(grantHelper.resourceTargetActionMap.get(resourceName) || []),
-            targetActionPath,
-          ]);
-
-          grantHelper.targetActionResourceMap.set(targetActionPath, [
-            ...(grantHelper.targetActionResourceMap.get(targetActionPath) || []),
-            `${role.name}.${resourceName}`,
-          ]);
-
-          role.grantAction(targetActionPath);
-        });
-      }
-    }
-  }
-}

package/src/server/model/RoleResourceModel.ts

@@ -1,74 +0,0 @@
-import { ACL, ACLResource, ACLRole } from '@nocobase/acl';
-import { Model } from '@nocobase/database';
-import { AssociationFieldsActions, GrantHelper } from '../server';
-import { RoleResourceActionModel } from './RoleResourceActionModel';
-
-export class RoleResourceModel extends Model {
-  async revoke(options: { role: ACLRole; resourceName: string; grantHelper: GrantHelper }) {
-    const { role, resourceName, grantHelper } = options;
-    role.revokeResource(resourceName);
-
-    const targetActions = grantHelper.resourceTargetActionMap.get(`${role.name}.${resourceName}`) || [];
-
-    for (const targetAction of targetActions) {
-      const targetActionResource = (grantHelper.targetActionResourceMap.get(targetAction) || []).filter(
-        (item) => `${role.name}.${resourceName}` !== item,
-      );
-
-      grantHelper.targetActionResourceMap.set(targetAction, targetActionResource);
-
-      if (targetActionResource.length == 0) {
-        role.revokeAction(targetAction);
-      }
-    }
-
-    grantHelper.resourceTargetActionMap.set(`${role.name}.${resourceName}`, []);
-  }
-
-  async writeToACL(options: {
-    acl: ACL;
-    associationFieldsActions: AssociationFieldsActions;
-    grantHelper: GrantHelper;
-    transaction: any;
-  }) {
-    const { acl, associationFieldsActions, grantHelper } = options;
-    const resourceName = this.get('name') as string;
-    const roleName = this.get('roleName') as string;
-    const role = acl.getRole(roleName);
-
-    if (!role) {
-      console.log(`${roleName} role does not exist`);
-      return;
-    }
-
-    // revoke resource of role
-    await this.revoke({ role, resourceName, grantHelper });
-
-    // @ts-ignore
-    if (this.usingActionsConfig === false) {
-      return;
-    }
-
-    const resource = new ACLResource({
-      role,
-      name: resourceName,
-    });
-
-    role.resources.set(resourceName, resource);
-
-    // @ts-ignore
-    const actions: RoleResourceActionModel[] = await this.getActions({
-      transaction: options.transaction,
-    });
-
-    for (const action of actions) {
-      await action.writeToACL({
-        acl,
-        role,
-        resourceName,
-        associationFieldsActions,
-        grantHelper: options.grantHelper,
-      });
-    }
-  }
-}