npm - @nocobase/plugin-acl - Versions diffs - 0.11.1-alpha.5 → 0.12.0-alpha.2 - Mend

@nocobase/plugin-acl 0.11.1-alpha.5 → 0.12.0-alpha.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (96) hide show

package/client.d.ts +2 -3
package/client.js +1 -1
package/dist/client/index.js +11 -0
package/{lib/server → dist}/index.d.ts +1 -0
package/dist/index.js +18 -0
package/{src/server/actions/available-actions.ts → dist/server/actions/available-actions.js} +7 -5
package/{src/server/actions/role-check.ts → dist/server/actions/role-check.js} +17 -22
package/dist/server/actions/role-collections.js +53 -0
package/dist/server/actions/user-setDefaultRole.js +43 -0
package/dist/server/collections/roles-users.js +10 -0
package/dist/server/collections/roles.js +103 -0
package/dist/server/collections/rolesResources.js +35 -0
package/dist/server/collections/rolesResourcesActions.js +33 -0
package/dist/server/collections/rolesResourcesScopes.js +27 -0
package/dist/server/collections/users.js +35 -0
package/dist/server/index.js +11 -0
package/dist/server/middlewares/setCurrentRole.js +31 -0
package/dist/server/migrations/20221214072638-set-role-snippets.js +25 -0
package/dist/server/model/RoleModel.js +23 -0
package/dist/server/model/RoleResourceActionModel.js +64 -0
package/dist/server/model/RoleResourceModel.js +55 -0
package/dist/server/server.js +709 -0
package/package.json +12 -21
package/server.d.ts +3 -3
package/server.js +1 -1
package/lib/client/index.js +0 -22
package/lib/index.js +0 -13
package/lib/server/actions/available-actions.js +0 -34
package/lib/server/actions/role-check.js +0 -77
package/lib/server/actions/role-collections.js +0 -98
package/lib/server/actions/user-setDefaultRole.js +0 -52
package/lib/server/collections/roles-users.js +0 -16
package/lib/server/collections/roles.js +0 -92
package/lib/server/collections/rolesResources.js +0 -31
package/lib/server/collections/rolesResourcesActions.js +0 -31
package/lib/server/collections/rolesResourcesScopes.js +0 -25
package/lib/server/collections/users.js +0 -41
package/lib/server/index.js +0 -13
package/lib/server/middlewares/setCurrentRole.js +0 -45
package/lib/server/migrations/20221214072638-set-role-snippets.js +0 -43
package/lib/server/model/RoleModel.js +0 -35
package/lib/server/model/RoleResourceActionModel.js +0 -91
package/lib/server/model/RoleResourceModel.js +0 -106
package/lib/server/server.js +0 -947
package/src/client/index.ts +0 -8
package/src/index.ts +0 -1
package/src/server/__tests__/acl.test.ts +0 -835
package/src/server/__tests__/actions.test.ts +0 -141
package/src/server/__tests__/association-field.test.ts +0 -413
package/src/server/__tests__/configuration.test.ts +0 -70
package/src/server/__tests__/list-action.test.ts +0 -446
package/src/server/__tests__/middleware.test.ts +0 -210
package/src/server/__tests__/own.test.ts +0 -124
package/src/server/__tests__/prepare.ts +0 -20
package/src/server/__tests__/role-check.test.ts +0 -46
package/src/server/__tests__/role-resource.test.ts +0 -177
package/src/server/__tests__/role-user.test.ts +0 -127
package/src/server/__tests__/role.test.ts +0 -118
package/src/server/__tests__/scope.test.ts +0 -55
package/src/server/__tests__/setCurrentRole.test.ts +0 -86
package/src/server/__tests__/snippets.test.ts +0 -35
package/src/server/__tests__/users.test.ts +0 -136
package/src/server/__tests__/write-role-to-acl.test.ts +0 -41
package/src/server/actions/role-collections.ts +0 -95
package/src/server/actions/user-setDefaultRole.ts +0 -47
package/src/server/collections/roles-users.ts +0 -8
package/src/server/collections/roles.ts +0 -101
package/src/server/collections/rolesResources.ts +0 -33
package/src/server/collections/rolesResourcesActions.ts +0 -31
package/src/server/collections/rolesResourcesScopes.ts +0 -25
package/src/server/collections/users.ts +0 -31
package/src/server/index.ts +0 -1
package/src/server/middlewares/setCurrentRole.ts +0 -35
package/src/server/migrations/20221214072638-set-role-snippets.ts +0 -23
package/src/server/model/RoleModel.ts +0 -23
package/src/server/model/RoleResourceActionModel.ts +0 -95
package/src/server/model/RoleResourceModel.ts +0 -74
package/src/server/server.ts +0 -854
/package/{lib → dist}/client/index.d.ts +0 -0
/package/{lib → dist}/server/actions/available-actions.d.ts +0 -0
/package/{lib → dist}/server/actions/role-check.d.ts +0 -0
/package/{lib → dist}/server/actions/role-collections.d.ts +0 -0
/package/{lib → dist}/server/actions/user-setDefaultRole.d.ts +0 -0
/package/{lib → dist}/server/collections/roles-users.d.ts +0 -0
/package/{lib → dist}/server/collections/roles.d.ts +0 -0
/package/{lib → dist}/server/collections/rolesResources.d.ts +0 -0
/package/{lib → dist}/server/collections/rolesResourcesActions.d.ts +0 -0
/package/{lib → dist}/server/collections/rolesResourcesScopes.d.ts +0 -0
/package/{lib → dist}/server/collections/users.d.ts +0 -0
/package/{lib → dist/server}/index.d.ts +0 -0
/package/{lib → dist}/server/middlewares/setCurrentRole.d.ts +0 -0
/package/{lib → dist}/server/migrations/20221214072638-set-role-snippets.d.ts +0 -0
/package/{lib → dist}/server/model/RoleModel.d.ts +0 -0
/package/{lib → dist}/server/model/RoleResourceActionModel.d.ts +0 -0
/package/{lib → dist}/server/model/RoleResourceModel.d.ts +0 -0
/package/{lib → dist}/server/server.d.ts +0 -0

package/src/server/__tests__/actions.test.ts DELETED Viewed

@@ -1,141 +0,0 @@
-import { MockServer } from '@nocobase/test';
-import { prepareApp } from './prepare';
-describe('destroy action with acl', () => {
-  let app: MockServer;
-  let Post;
-  beforeEach(async () => {
-    app = await prepareApp();
-    Post = app.collection({
-      name: 'posts',
-      fields: [
-        { type: 'string', name: 'title' },
-        {
-          type: 'bigInt',
-          name: 'createdById',
-        },
-      ],
-    });
-    await app.db.sync();
-  });
-  afterEach(async () => {
-    await app.destroy();
-  });
-  it('should throw error when user has no permission to destroy record', async () => {
-    const userRole = app.acl.define({
-      role: 'user',
-    });
-    // user can destroy post which created by himself
-    userRole.grantAction('posts:destroy', {
-      own: true,
-    });
-    const p1 = await Post.repository.create({
-      values: {
-        title: 'p1',
-        createById: 2,
-      },
-    });
-    app.resourcer.use(
-      (ctx, next) => {
-        ctx.state.currentRole = 'user';
-        ctx.state.currentUser = {
-          id: 1,
-        };
-        return next();
-      },
-      {
-        before: 'acl',
-      },
-    );
-    const response = await app
-      .agent()
-      .resource('posts')
-      .destroy({
-        filterByTk: p1.get('id'),
-      });
-    // should throw errors
-    expect(response.statusCode).toEqual(403);
-  });
-  it('should throw error when user has no permissions with array query', async () => {
-    const userRole = app.acl.define({
-      role: 'user',
-    });
-    userRole.grantAction('posts:destroy', {
-      filter: {
-        'title.$in': ['p1', 'p2', 'p3'],
-      },
-    });
-    await Post.repository.create({
-      values: [
-        {
-          title: 'p1',
-        },
-        {
-          title: 'p2',
-        },
-        {
-          title: 'p3',
-        },
-        {
-          title: 'p4',
-        },
-        {
-          title: 'p5',
-        },
-        {
-          title: 'p6',
-        },
-      ],
-    });
-    app.resourcer.use(
-      (ctx, next) => {
-        ctx.state.currentRole = 'user';
-        ctx.state.currentUser = {
-          id: 1,
-        };
-        return next();
-      },
-      {
-        before: 'acl',
-      },
-    );
-    const response = await app
-      .agent()
-      .resource('posts')
-      .destroy({
-        filter: {
-          'title.$in': ['p4', 'p5', 'p6'],
-        },
-      });
-    // should throw error
-    expect(response.statusCode).toEqual(403);
-    const response2 = await app
-      .agent()
-      .resource('posts')
-      .destroy({
-        filter: {
-          'title.$in': ['p1'],
-        },
-      });
-    // should throw error
-    expect(response2.statusCode).toEqual(200);
-  });
-});

package/src/server/__tests__/association-field.test.ts DELETED Viewed

@@ -1,413 +0,0 @@
-import { ACL } from '@nocobase/acl';
-import { Database, HasManyRepository } from '@nocobase/database';
-import UsersPlugin from '@nocobase/plugin-users';
-import { MockServer } from '@nocobase/test';
-import { prepareApp } from './prepare';
-describe('association test', () => {
-  let app: MockServer;
-  let db: Database;
-  let acl: ACL;
-  let user;
-  let userAgent;
-  let admin;
-  let adminAgent;
-  afterEach(async () => {
-    await app.destroy();
-  });
-  beforeEach(async () => {
-    app = await prepareApp();
-    db = app.db;
-    acl = app.acl;
-  });
-  it('should set association actions', async () => {
-    await db.getRepository('collections').create({
-      values: {
-        name: 'posts',
-        fields: [
-          { name: 'title', type: 'string' },
-          { name: 'userComments', type: 'hasMany', target: 'comments', interface: 'linkTo' },
-        ],
-      },
-      context: {},
-    });
-    await db.getRepository('collections').create({
-      values: {
-        name: 'comments',
-        fields: [{ name: 'content', type: 'string' }],
-      },
-      context: {},
-    });
-    await db.getRepository('roles').create({
-      values: {
-        name: 'test-role',
-      },
-      context: {},
-    });
-    await db.getRepository('roles.resources', 'test-role').create({
-      values: {
-        name: 'posts',
-        usingActionsConfig: true,
-        actions: [
-          {
-            name: 'view',
-            fields: ['userComments'],
-          },
-        ],
-      },
-      context: {},
-    });
-    const role = acl.getRole('test-role');
-    expect(
-      acl.can({
-        role: 'test-role',
-        action: 'list',
-        resource: 'posts.userComments',
-      }),
-    ).not.toBeNull();
-    const post = await db.getRepository('posts').create({
-      values: {
-        title: 'hello world',
-        userComments: [{ content: 'comment 1' }],
-      },
-    });
-    const UserRepo = db.getCollection('users').repository;
-    const user = await UserRepo.create({
-      values: {
-        roles: ['test-role'],
-      },
-    });
-    const userAgent = app.agent().login(user);
-    //@ts-ignore
-    const response = await userAgent.resource('posts').list({});
-    expect(response.statusCode).toEqual(200);
-    const post1 = response.body.data[0];
-    expect(post1.userComments).not.toBeDefined();
-  });
-});
-describe('association field acl', () => {
-  let app: MockServer;
-  let db: Database;
-  let acl: ACL;
-  let user;
-  let userAgent;
-  let admin;
-  let adminAgent;
-  afterEach(async () => {
-    await app.destroy();
-  });
-  beforeEach(async () => {
-    app = await prepareApp();
-    db = app.db;
-    acl = app.acl;
-    await db.getRepository('roles').create({
-      values: {
-        name: 'new',
-      },
-    });
-    await db.getRepository('roles').create({
-      values: {
-        name: 'testAdmin',
-        snippets: ['pm.*'],
-      },
-    });
-    const UserRepo = db.getCollection('users').repository;
-    user = await UserRepo.create({
-      values: {
-        roles: ['new'],
-      },
-    });
-    admin = await UserRepo.create({
-      values: {
-        roles: ['testAdmin'],
-      },
-    });
-    const userPlugin = app.getPlugin('users') as UsersPlugin;
-    userAgent = app.agent().login(user);
-    adminAgent = app.agent().login(admin);
-    await db.getRepository('collections').create({
-      values: {
-        name: 'orders',
-      },
-      context: {},
-    });
-    await db.getRepository('collections.fields', 'users').create({
-      values: {
-        name: 'name',
-        type: 'string',
-      },
-      context: {},
-    });
-    await db.getRepository('collections.fields', 'users').create({
-      values: {
-        name: 'age',
-        type: 'integer',
-      },
-      context: {},
-    });
-    await db.getRepository('collections.fields', 'users').create({
-      values: {
-        interface: 'linkTo',
-        name: 'orders',
-        type: 'hasMany',
-        target: 'orders',
-      },
-      context: {},
-    });
-    await db.getRepository('collections.fields', 'orders').create({
-      values: {
-        name: 'content',
-        type: 'string',
-      },
-      context: {},
-    });
-    await adminAgent.resource('roles.resources', 'new').create({
-      values: {
-        name: 'users',
-        usingActionsConfig: true,
-        actions: [
-          {
-            name: 'create',
-            fields: ['orders'],
-          },
-          {
-            name: 'view',
-            fields: ['orders'],
-          },
-        ],
-      },
-    });
-    await adminAgent.resource('roles.resources', 'new').create({
-      values: {
-        name: 'orders',
-        usingActionsConfig: true,
-        actions: [
-          {
-            name: 'view',
-          },
-        ],
-      },
-    });
-  });
-  // skip because of disable grant associations target action
-  it.skip('should revoke target action on association action revoke', async () => {
-    expect(
-      acl.can({
-        role: 'new',
-        resource: 'orders',
-        action: 'list',
-      }),
-    ).toMatchObject({
-      role: 'new',
-      resource: 'orders',
-      action: 'list',
-    });
-    await adminAgent.resource('roles.resources', 'new').update({
-      values: {
-        name: 'users',
-        usingActionsConfig: true,
-        actions: [],
-      },
-    });
-    expect(
-      acl.can({
-        role: 'new',
-        resource: 'orders',
-        action: 'list',
-      }),
-    ).toBeNull();
-  });
-  it('should revoke association action on action revoke', async () => {
-    expect(
-      acl.can({
-        role: 'new',
-        resource: 'users.orders',
-        action: 'add',
-      }),
-    ).toMatchObject({
-      role: 'new',
-      resource: 'users.orders',
-      action: 'add',
-    });
-    const viewAction = await db.getRepository('rolesResourcesActions').findOne({
-      filter: {
-        name: 'view',
-      },
-    });
-    const actionId = viewAction.get('id') as number;
-    const response = await adminAgent.resource('roles.resources', 'new').update({
-      filterByTk: 'users',
-      values: {
-        name: 'users',
-        usingActionsConfig: true,
-        actions: [
-          {
-            id: actionId,
-          },
-        ],
-      },
-    });
-    expect(response.statusCode).toEqual(200);
-    expect(
-      acl.can({
-        role: 'new',
-        resource: 'users.orders',
-        action: 'add',
-      }),
-    ).toBeNull();
-  });
-  it('should revoke association action on field deleted', async () => {
-    await adminAgent.resource('roles.resources', 'new').update({
-      filterByTk: 'users',
-      values: {
-        name: 'users',
-        usingActionsConfig: true,
-        actions: [
-          {
-            name: 'create',
-            fields: ['name', 'age'],
-          },
-        ],
-      },
-    });
-    expect(
-      acl.can({
-        role: 'new',
-        resource: 'users',
-        action: 'create',
-      }),
-    ).toMatchObject({
-      role: 'new',
-      resource: 'users',
-      action: 'create',
-      params: {
-        whitelist: ['age', 'name'],
-      },
-    });
-    const roleResource = await db.getRepository('rolesResources').findOne({
-      filter: {
-        name: 'users',
-      },
-    });
-    const action = await db
-      .getRepository<HasManyRepository>('rolesResources.actions', roleResource.get('id') as string)
-      .findOne({
-        filter: {
-          name: 'create',
-        },
-      });
-    expect(action.get('fields').includes('name')).toBeTruthy();
-    // remove field
-    await db.getRepository<HasManyRepository>('collections.fields', 'users').destroy({
-      filter: {
-        name: 'name',
-      },
-      context: {},
-    });
-    expect(
-      acl.can({
-        role: 'new',
-        resource: 'users',
-        action: 'create',
-      }),
-    ).toMatchObject({
-      role: 'new',
-      resource: 'users',
-      action: 'create',
-      params: {
-        whitelist: ['age'],
-      },
-    });
-  });
-  it('should allow association fields access', async () => {
-    const createResponse = await userAgent.resource('users').create({
-      values: {
-        orders: [
-          {
-            content: 'apple',
-          },
-        ],
-      },
-    });
-    expect(createResponse.statusCode).toEqual(200);
-    const user = await db.getRepository('users').findOne({
-      filterByTk: createResponse.body.data.id,
-    });
-    // @ts-ignore
-    expect(await user.countOrders()).toEqual(1);
-    expect(
-      acl.can({
-        role: 'new',
-        resource: 'users.orders',
-        action: 'list',
-      }),
-    ).toMatchObject({
-      role: 'new',
-      resource: 'users.orders',
-      action: 'list',
-    });
-    expect(
-      acl.can({
-        role: 'new',
-        resource: 'orders',
-        action: 'list',
-      }),
-    ).toMatchObject({
-      role: 'new',
-      resource: 'orders',
-      action: 'list',
-    });
-  });
-});

package/src/server/__tests__/configuration.test.ts DELETED Viewed

@@ -1,70 +0,0 @@
-import { Database } from '@nocobase/database';
-import UsersPlugin from '@nocobase/plugin-users';
-import { MockServer } from '@nocobase/test';
-import { prepareApp } from './prepare';
-describe('configuration', () => {
-  let app: MockServer;
-  let db: Database;
-  let admin;
-  let adminAgent;
-  let user;
-  let userAgent;
-  let guestAgent;
-  afterEach(async () => {
-    await app.destroy();
-  });
-  beforeEach(async () => {
-    app = await prepareApp();
-    db = app.db;
-    await db.getRepository('roles').create({
-      values: {
-        name: 'test1',
-        snippets: ['pm.*'],
-      },
-    });
-    await db.getRepository('roles').create({
-      values: {
-        name: 'test2',
-      },
-    });
-    const UserRepo = db.getCollection('users').repository;
-    admin = await UserRepo.create({
-      values: {
-        roles: ['test1'],
-      },
-    });
-    user = await UserRepo.create({
-      values: {
-        roles: ['test2'],
-      },
-    });
-    const userPlugin = app.getPlugin('users') as UsersPlugin;
-    adminAgent = app.agent().login(admin);
-    userAgent = app.agent().login(user);
-    guestAgent = app.agent();
-  });
-  it('should list collections', async () => {
-    expect((await userAgent.resource('collections').create()).statusCode).toEqual(403);
-    expect((await userAgent.resource('collections').list()).statusCode).toEqual(200);
-  });
-  it('should not create/list collections', async () => {
-    expect((await guestAgent.resource('collections').create()).statusCode).toEqual(403);
-    expect((await guestAgent.resource('collections').list()).statusCode).toEqual(403);
-  });
-  it('should allow when role has allowConfigure with true value', async () => {
-    expect((await adminAgent.resource('collections').create()).statusCode).toEqual(200);
-    expect((await adminAgent.resource('collections').list()).statusCode).toEqual(200);
-  });
-});