@nocobase/plugin-acl 0.11.1-alpha.5 → 0.12.0-alpha.2

package/lib/server/middlewares/setCurrentRole.js

@@ -1,45 +0,0 @@
-"use strict";
-
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.setCurrentRole = setCurrentRole;
-function asyncGeneratorStep(gen, resolve, reject, _next, _throw, key, arg) { try { var info = gen[key](arg); var value = info.value; } catch (error) { reject(error); return; } if (info.done) { resolve(value); } else { Promise.resolve(value).then(_next, _throw); } }
-function _asyncToGenerator(fn) { return function () { var self = this, args = arguments; return new Promise(function (resolve, reject) { var gen = fn.apply(self, args); function _next(value) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "next", value); } function _throw(err) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "throw", err); } _next(undefined); }); }; }
-function setCurrentRole(_x, _x2) {
-  return _setCurrentRole.apply(this, arguments);
-}
-function _setCurrentRole() {
-  _setCurrentRole = _asyncToGenerator(function* (ctx, next) {
-    const currentRole = ctx.get('X-Role');
-    if (currentRole === 'anonymous') {
-      ctx.state.currentRole = currentRole;
-      return next();
-    }
-    if (!ctx.state.currentUser) {
-      return next();
-    }
-    const repository = ctx.db.getRepository('users.roles', ctx.state.currentUser.id);
-    const roles = yield repository.find();
-    ctx.state.currentUser.setDataValue('roles', roles);
-    // 1. If the X-Role is set, use the specified role
-    if (currentRole) {
-      var _roles$find;
-      ctx.state.currentRole = (_roles$find = roles.find(role => role.name === currentRole)) === null || _roles$find === void 0 ? void 0 : _roles$find.name;
-    }
-    // 2. If the X-Role is not set, use the default role
-    else {
-      var _ref;
-      const defaultRole = roles.find(item => {
-        var _item$rolesUsers;
-        return item === null || item === void 0 ? void 0 : (_item$rolesUsers = item.rolesUsers) === null || _item$rolesUsers === void 0 ? void 0 : _item$rolesUsers.default;
-      });
-      ctx.state.currentRole = (_ref = defaultRole || roles[0]) === null || _ref === void 0 ? void 0 : _ref.name;
-    }
-    if (!ctx.state.currentRole) {
-      return ctx.throw(401, 'User role not found');
-    }
-    yield next();
-  });
-  return _setCurrentRole.apply(this, arguments);
-}

package/lib/server/migrations/20221214072638-set-role-snippets.js

@@ -1,43 +0,0 @@
-"use strict";
-
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.default = void 0;
-function _server() {
-  const data = require("@nocobase/server");
-  _server = function _server() {
-    return data;
-  };
-  return data;
-}
-function asyncGeneratorStep(gen, resolve, reject, _next, _throw, key, arg) { try { var info = gen[key](arg); var value = info.value; } catch (error) { reject(error); return; } if (info.done) { resolve(value); } else { Promise.resolve(value).then(_next, _throw); } }
-function _asyncToGenerator(fn) { return function () { var self = this, args = arguments; return new Promise(function (resolve, reject) { var gen = fn.apply(self, args); function _next(value) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "next", value); } function _throw(err) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "throw", err); } _next(undefined); }); }; }
-class _default extends _server().Migration {
-  up() {
-    var _this = this;
-    return _asyncToGenerator(function* () {
-      const result = yield _this.app.version.satisfies('<0.9.3-alpha.1');
-      if (!result) {
-        return;
-      }
-      yield _this.app.db.getRepository('roles').update({
-        filter: {
-          $or: [{
-            allowConfigure: true
-          }, {
-            name: 'root'
-          }]
-        },
-        values: {
-          snippets: ['ui.*', 'pm', 'pm.*'],
-          allowConfigure: false
-        }
-      });
-    })();
-  }
-  down() {
-    return _asyncToGenerator(function* () {})();
-  }
-}
-exports.default = _default;

package/lib/server/model/RoleModel.js

@@ -1,35 +0,0 @@
-"use strict";
-
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.RoleModel = void 0;
-function _database() {
-  const data = require("@nocobase/database");
-  _database = function _database() {
-    return data;
-  };
-  return data;
-}
-function ownKeys(object, enumerableOnly) { var keys = Object.keys(object); if (Object.getOwnPropertySymbols) { var symbols = Object.getOwnPropertySymbols(object); enumerableOnly && (symbols = symbols.filter(function (sym) { return Object.getOwnPropertyDescriptor(object, sym).enumerable; })), keys.push.apply(keys, symbols); } return keys; }
-function _objectSpread(target) { for (var i = 1; i < arguments.length; i++) { var source = null != arguments[i] ? arguments[i] : {}; i % 2 ? ownKeys(Object(source), !0).forEach(function (key) { _defineProperty(target, key, source[key]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(target, Object.getOwnPropertyDescriptors(source)) : ownKeys(Object(source)).forEach(function (key) { Object.defineProperty(target, key, Object.getOwnPropertyDescriptor(source, key)); }); } return target; }
-function _defineProperty(obj, key, value) { key = _toPropertyKey(key); if (key in obj) { Object.defineProperty(obj, key, { value: value, enumerable: true, configurable: true, writable: true }); } else { obj[key] = value; } return obj; }
-function _toPropertyKey(arg) { var key = _toPrimitive(arg, "string"); return typeof key === "symbol" ? key : String(key); }
-function _toPrimitive(input, hint) { if (typeof input !== "object" || input === null) return input; var prim = input[Symbol.toPrimitive]; if (prim !== undefined) { var res = prim.call(input, hint || "default"); if (typeof res !== "object") return res; throw new TypeError("@@toPrimitive must return a primitive value."); } return (hint === "string" ? String : Number)(input); }
-class RoleModel extends _database().Model {
-  writeToAcl(options) {
-    const acl = options.acl;
-    const roleName = this.get('name');
-    let role = acl.getRole(roleName);
-    if (!role) {
-      role = acl.define({
-        role: roleName
-      });
-    }
-    role.setStrategy(_objectSpread(_objectSpread({}, this.get('strategy') || {}), {}, {
-      allowConfigure: this.get('allowConfigure')
-    }));
-    role.snippets = new Set(this.get('snippets'));
-  }
-}
-exports.RoleModel = RoleModel;

package/lib/server/model/RoleResourceActionModel.js

@@ -1,91 +0,0 @@
-"use strict";
-
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.RoleResourceActionModel = void 0;
-function _database() {
-  const data = require("@nocobase/database");
-  _database = function _database() {
-    return data;
-  };
-  return data;
-}
-function _createForOfIteratorHelper(o, allowArrayLike) { var it = typeof Symbol !== "undefined" && o[Symbol.iterator] || o["@@iterator"]; if (!it) { if (Array.isArray(o) || (it = _unsupportedIterableToArray(o)) || allowArrayLike && o && typeof o.length === "number") { if (it) o = it; var i = 0; var F = function F() {}; return { s: F, n: function n() { if (i >= o.length) return { done: true }; return { done: false, value: o[i++] }; }, e: function e(_e) { throw _e; }, f: F }; } throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method."); } var normalCompletion = true, didErr = false, err; return { s: function s() { it = it.call(o); }, n: function n() { var step = it.next(); normalCompletion = step.done; return step; }, e: function e(_e2) { didErr = true; err = _e2; }, f: function f() { try { if (!normalCompletion && it.return != null) it.return(); } finally { if (didErr) throw err; } } }; }
-function _unsupportedIterableToArray(o, minLen) { if (!o) return; if (typeof o === "string") return _arrayLikeToArray(o, minLen); var n = Object.prototype.toString.call(o).slice(8, -1); if (n === "Object" && o.constructor) n = o.constructor.name; if (n === "Map" || n === "Set") return Array.from(o); if (n === "Arguments" || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)) return _arrayLikeToArray(o, minLen); }
-function _arrayLikeToArray(arr, len) { if (len == null || len > arr.length) len = arr.length; for (var i = 0, arr2 = new Array(len); i < len; i++) arr2[i] = arr[i]; return arr2; }
-function asyncGeneratorStep(gen, resolve, reject, _next, _throw, key, arg) { try { var info = gen[key](arg); var value = info.value; } catch (error) { reject(error); return; } if (info.done) { resolve(value); } else { Promise.resolve(value).then(_next, _throw); } }
-function _asyncToGenerator(fn) { return function () { var self = this, args = arguments; return new Promise(function (resolve, reject) { var gen = fn.apply(self, args); function _next(value) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "next", value); } function _throw(err) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "throw", err); } _next(undefined); }); }; }
-class RoleResourceActionModel extends _database().Model {
-  writeToACL(options) {
-    var _this = this;
-    return _asyncToGenerator(function* () {
-      // @ts-ignore
-      const db = _this.constructor.database;
-      const resourceName = options.resourceName,
-        role = options.role,
-        acl = options.acl,
-        associationFieldsActions = options.associationFieldsActions,
-        grantHelper = options.grantHelper;
-      const actionName = _this.get('name');
-      const fields = _this.get('fields');
-      const actionPath = `${resourceName}:${actionName}`;
-      const actionParams = {
-        fields
-      };
-      // @ts-ignore
-      const scope = yield _this.getScope();
-      if (scope) {
-        actionParams['own'] = scope.get('key') === 'own';
-        actionParams['filter'] = scope.get('scope');
-      }
-      role.grantAction(actionPath, actionParams);
-      const collection = db.getCollection(resourceName);
-      if (!collection) {
-        return;
-      }
-      const availableAction = acl.resolveActionAlias(actionName);
-      var _iterator = _createForOfIteratorHelper(fields),
-        _step;
-      try {
-        for (_iterator.s(); !(_step = _iterator.n()).done;) {
-          var _associationFieldsAct;
-          const field = _step.value;
-          const collectionField = collection.getField(field);
-          if (!collectionField) {
-            console.log(`field ${field} does not exist at ${collection.name}`);
-            continue;
-          }
-          const fieldType = collectionField.get('type');
-          const fieldActions = associationFieldsActions === null || associationFieldsActions === void 0 ? void 0 : (_associationFieldsAct = associationFieldsActions[fieldType]) === null || _associationFieldsAct === void 0 ? void 0 : _associationFieldsAct[availableAction];
-          const fieldTarget = collectionField.get('target');
-          if (fieldActions) {
-            // grant association actions to role
-            const associationActions = fieldActions.associationActions || [];
-            associationActions.forEach(associationAction => {
-              const actionName = `${resourceName}.${collectionField.get('name')}:${associationAction}`;
-              role.grantAction(actionName);
-            });
-            const targetActions = fieldActions.targetActions || [];
-            targetActions.forEach(targetAction => {
-              const targetActionPath = `${fieldTarget}:${targetAction}`;
-              const existsAction = role.getActionParams(targetActionPath);
-              if (existsAction) {
-                return;
-              }
-              // set resource target action with current resourceName
-              grantHelper.resourceTargetActionMap.set(`${role.name}.${resourceName}`, [...(grantHelper.resourceTargetActionMap.get(resourceName) || []), targetActionPath]);
-              grantHelper.targetActionResourceMap.set(targetActionPath, [...(grantHelper.targetActionResourceMap.get(targetActionPath) || []), `${role.name}.${resourceName}`]);
-              role.grantAction(targetActionPath);
-            });
-          }
-        }
-      } catch (err) {
-        _iterator.e(err);
-      } finally {
-        _iterator.f();
-      }
-    })();
-  }
-}
-exports.RoleResourceActionModel = RoleResourceActionModel;

package/lib/server/model/RoleResourceModel.js

@@ -1,106 +0,0 @@
-"use strict";
-
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.RoleResourceModel = void 0;
-function _acl() {
-  const data = require("@nocobase/acl");
-  _acl = function _acl() {
-    return data;
-  };
-  return data;
-}
-function _database() {
-  const data = require("@nocobase/database");
-  _database = function _database() {
-    return data;
-  };
-  return data;
-}
-function _createForOfIteratorHelper(o, allowArrayLike) { var it = typeof Symbol !== "undefined" && o[Symbol.iterator] || o["@@iterator"]; if (!it) { if (Array.isArray(o) || (it = _unsupportedIterableToArray(o)) || allowArrayLike && o && typeof o.length === "number") { if (it) o = it; var i = 0; var F = function F() {}; return { s: F, n: function n() { if (i >= o.length) return { done: true }; return { done: false, value: o[i++] }; }, e: function e(_e) { throw _e; }, f: F }; } throw new TypeError("Invalid attempt to iterate non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method."); } var normalCompletion = true, didErr = false, err; return { s: function s() { it = it.call(o); }, n: function n() { var step = it.next(); normalCompletion = step.done; return step; }, e: function e(_e2) { didErr = true; err = _e2; }, f: function f() { try { if (!normalCompletion && it.return != null) it.return(); } finally { if (didErr) throw err; } } }; }
-function _unsupportedIterableToArray(o, minLen) { if (!o) return; if (typeof o === "string") return _arrayLikeToArray(o, minLen); var n = Object.prototype.toString.call(o).slice(8, -1); if (n === "Object" && o.constructor) n = o.constructor.name; if (n === "Map" || n === "Set") return Array.from(o); if (n === "Arguments" || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)) return _arrayLikeToArray(o, minLen); }
-function _arrayLikeToArray(arr, len) { if (len == null || len > arr.length) len = arr.length; for (var i = 0, arr2 = new Array(len); i < len; i++) arr2[i] = arr[i]; return arr2; }
-function asyncGeneratorStep(gen, resolve, reject, _next, _throw, key, arg) { try { var info = gen[key](arg); var value = info.value; } catch (error) { reject(error); return; } if (info.done) { resolve(value); } else { Promise.resolve(value).then(_next, _throw); } }
-function _asyncToGenerator(fn) { return function () { var self = this, args = arguments; return new Promise(function (resolve, reject) { var gen = fn.apply(self, args); function _next(value) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "next", value); } function _throw(err) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "throw", err); } _next(undefined); }); }; }
-class RoleResourceModel extends _database().Model {
-  revoke(options) {
-    return _asyncToGenerator(function* () {
-      const role = options.role,
-        resourceName = options.resourceName,
-        grantHelper = options.grantHelper;
-      role.revokeResource(resourceName);
-      const targetActions = grantHelper.resourceTargetActionMap.get(`${role.name}.${resourceName}`) || [];
-      var _iterator = _createForOfIteratorHelper(targetActions),
-        _step;
-      try {
-        for (_iterator.s(); !(_step = _iterator.n()).done;) {
-          const targetAction = _step.value;
-          const targetActionResource = (grantHelper.targetActionResourceMap.get(targetAction) || []).filter(item => `${role.name}.${resourceName}` !== item);
-          grantHelper.targetActionResourceMap.set(targetAction, targetActionResource);
-          if (targetActionResource.length == 0) {
-            role.revokeAction(targetAction);
-          }
-        }
-      } catch (err) {
-        _iterator.e(err);
-      } finally {
-        _iterator.f();
-      }
-      grantHelper.resourceTargetActionMap.set(`${role.name}.${resourceName}`, []);
-    })();
-  }
-  writeToACL(options) {
-    var _this = this;
-    return _asyncToGenerator(function* () {
-      const acl = options.acl,
-        associationFieldsActions = options.associationFieldsActions,
-        grantHelper = options.grantHelper;
-      const resourceName = _this.get('name');
-      const roleName = _this.get('roleName');
-      const role = acl.getRole(roleName);
-      if (!role) {
-        console.log(`${roleName} role does not exist`);
-        return;
-      }
-      // revoke resource of role
-      yield _this.revoke({
-        role,
-        resourceName,
-        grantHelper
-      });
-      // @ts-ignore
-      if (_this.usingActionsConfig === false) {
-        return;
-      }
-      const resource = new (_acl().ACLResource)({
-        role,
-        name: resourceName
-      });
-      role.resources.set(resourceName, resource);
-      // @ts-ignore
-      const actions = yield _this.getActions({
-        transaction: options.transaction
-      });
-      var _iterator2 = _createForOfIteratorHelper(actions),
-        _step2;
-      try {
-        for (_iterator2.s(); !(_step2 = _iterator2.n()).done;) {
-          const action = _step2.value;
-          yield action.writeToACL({
-            acl,
-            role,
-            resourceName,
-            associationFieldsActions,
-            grantHelper: options.grantHelper
-          });
-        }
-      } catch (err) {
-        _iterator2.e(err);
-      } finally {
-        _iterator2.f();
-      }
-    })();
-  }
-}
-exports.RoleResourceModel = RoleResourceModel;