@nocobase/plugin-acl 0.7.0-alpha.1

package/lib/actions/available-actions.js

@@ -0,0 +1,29 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.availableActionResource = void 0;
+const availableActionResource = {
+    name: 'availableActions',
+    actions: {
+        list(ctx, next) {
+            return __awaiter(this, void 0, void 0, function* () {
+                const acl = ctx.app.acl;
+                const availableActions = acl.getAvailableActions();
+                ctx.body = Array.from(availableActions.entries()).map(([, { name, options }]) => {
+                    return Object.assign(Object.assign({}, options), { name });
+                });
+                yield next();
+            });
+        },
+    },
+};
+exports.availableActionResource = availableActionResource;
+//# sourceMappingURL=available-actions.js.map

package/lib/actions/available-actions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"available-actions.js","sourceRoot":"","sources":["../../src/actions/available-actions.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,MAAM,uBAAuB,GAAG;IAC9B,IAAI,EAAE,kBAAkB;IACxB,OAAO,EAAE;QACD,IAAI,CAAC,GAAG,EAAE,IAAI;;gBAClB,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC;gBACxB,MAAM,gBAAgB,GAAG,GAAG,CAAC,mBAAmB,EAAE,CAAC;gBACnD,GAAG,CAAC,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,EAAE;oBAC9E,uCACK,OAAO,KACV,IAAI,IACJ;gBACJ,CAAC,CAAC,CAAC;gBACH,MAAM,IAAI,EAAE,CAAC;YACf,CAAC;SAAA;KACF;CACF,CAAC;AAEO,0DAAuB","sourcesContent":["const availableActionResource = {\n  name: 'availableActions',\n  actions: {\n    async list(ctx, next) {\n      const acl = ctx.app.acl;\n      const availableActions = acl.getAvailableActions();\n      ctx.body = Array.from(availableActions.entries()).map(([, { name, options }]) => {\n        return {\n          ...options,\n          name,\n        };\n      });\n      await next();\n    },\n  },\n};\n\nexport { availableActionResource };\n"]}

package/lib/actions/role-check.d.ts

@@ -0,0 +1 @@
+export declare function checkAction(ctx: any, next: any): Promise<void>;

package/lib/actions/role-check.js

@@ -0,0 +1,42 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.checkAction = void 0;
+const map2obj = (map) => {
+    const obj = {};
+    for (let [key, value] of map) {
+        obj[key] = value;
+    }
+    return obj;
+};
+function checkAction(ctx, next) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const currentRole = ctx.state.currentRole;
+        if (currentRole) {
+            const roleInstance = yield ctx.db.getRepository('roles').findOne({
+                filter: {
+                    name: currentRole,
+                },
+                appends: ['menuUiSchemas'],
+            });
+            const anonymous = yield ctx.db.getRepository('roles').findOne({
+                filter: {
+                    name: 'anonymous',
+                },
+            });
+            const role = ctx.app.acl.getRole(currentRole);
+            ctx.body = Object.assign(Object.assign({}, role.toJSON()), { resources: [...role.resources.keys()], actionAlias: map2obj(ctx.app.acl.actionAlias), allowAll: currentRole === 'root', allowConfigure: roleInstance.get('allowConfigure'), allowMenuItemIds: roleInstance.get('menuUiSchemas').map((uiSchema) => uiSchema.get('x-uid')), allowAnonymous: !!anonymous });
+        }
+        yield next();
+    });
+}
+exports.checkAction = checkAction;
+//# sourceMappingURL=role-check.js.map

package/lib/actions/role-check.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"role-check.js","sourceRoot":"","sources":["../../src/actions/role-check.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,MAAM,OAAO,GAAG,CAAC,GAAwB,EAAE,EAAE;IAC3C,MAAM,GAAG,GAAG,EAAE,CAAC;IACf,KAAI,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,GAAG,EAAC;QAC1B,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;KAClB;IACF,OAAO,GAAG,CAAC;AACZ,CAAC,CAAA;AAED,SAAsB,WAAW,CAAC,GAAG,EAAE,IAAI;;QACzC,MAAM,WAAW,GAAG,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC;QAC1C,IAAI,WAAW,EAAE;YACf,MAAM,YAAY,GAAG,MAAM,GAAG,CAAC,EAAE,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC;gBAC/D,MAAM,EAAE;oBACN,IAAI,EAAE,WAAW;iBAClB;gBACD,OAAO,EAAE,CAAC,eAAe,CAAC;aAC3B,CAAC,CAAC;YAEH,MAAM,SAAS,GAAG,MAAM,GAAG,CAAC,EAAE,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC;gBAC5D,MAAM,EAAE;oBACN,IAAI,EAAE,WAAW;iBAClB;aACF,CAAC,CAAC;YAEH,MAAM,IAAI,GAAG,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;YAE9C,GAAG,CAAC,IAAI,mCACH,IAAI,CAAC,MAAM,EAAE,KAChB,SAAS,EAAE,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,EACrC,WAAW,EAAE,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,EAC7C,QAAQ,EAAE,WAAW,KAAK,MAAM,EAChC,cAAc,EAAE,YAAY,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAClD,gBAAgB,EAAE,YAAY,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,EAC5F,cAAc,EAAE,CAAC,CAAC,SAAS,GAC5B,CAAC;SACH;QAED,MAAM,IAAI,EAAE,CAAC;IACf,CAAC;CAAA;AA9BD,kCA8BC","sourcesContent":["const map2obj = (map: Map<string, string>) => {\n  const obj = {};\n  for(let [key, value] of map){\n    obj[key] = value;\n  }\n return obj;\n}\n\nexport async function checkAction(ctx, next) {\n  const currentRole = ctx.state.currentRole;\n  if (currentRole) {\n    const roleInstance = await ctx.db.getRepository('roles').findOne({\n      filter: {\n        name: currentRole,\n      },\n      appends: ['menuUiSchemas'],\n    });\n\n    const anonymous = await ctx.db.getRepository('roles').findOne({\n      filter: {\n        name: 'anonymous',\n      },\n    });\n\n    const role = ctx.app.acl.getRole(currentRole);\n\n    ctx.body = {\n      ...role.toJSON(),\n      resources: [...role.resources.keys()],\n      actionAlias: map2obj(ctx.app.acl.actionAlias),\n      allowAll: currentRole === 'root',\n      allowConfigure: roleInstance.get('allowConfigure'),\n      allowMenuItemIds: roleInstance.get('menuUiSchemas').map((uiSchema) => uiSchema.get('x-uid')),\n      allowAnonymous: !!anonymous,\n    };\n  }\n\n  await next();\n}\n"]}

package/lib/actions/role-collections.d.ts

@@ -0,0 +1,7 @@
+declare const roleCollectionsResource: {
+    name: string;
+    actions: {
+        list(ctx: any, next: any): Promise<void>;
+    };
+};
+export { roleCollectionsResource };

package/lib/actions/role-collections.js

@@ -0,0 +1,57 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.roleCollectionsResource = void 0;
+const roleCollectionsResource = {
+    name: 'roles.collections',
+    actions: {
+        list(ctx, next) {
+            return __awaiter(this, void 0, void 0, function* () {
+                const role = ctx.action.params.associatedIndex;
+                const db = ctx.db;
+                const collectionRepository = db.getRepository('collections');
+                // all collections
+                const collections = yield collectionRepository.find({
+                    filter: ctx.action.params.filter,
+                });
+                // role collections
+                const roleResources = yield db.getRepository('rolesResources').find({
+                    filter: {
+                        roleName: role,
+                    },
+                });
+                // role collections
+                const roleResourcesNames = roleResources.map((roleResource) => roleResource.get('name'));
+                const roleResourceActionResourceNames = roleResources
+                    .filter((roleResources) => roleResources.get('usingActionsConfig'))
+                    .map((roleResources) => roleResources.get('name'));
+                ctx.body = collections
+                    .map((collection) => {
+                    const exists = roleResourcesNames.includes(collection.get('name'));
+                    const usingConfig = roleResourceActionResourceNames.includes(collection.get('name'))
+                        ? 'resourceAction'
+                        : 'strategy';
+                    return {
+                        name: collection.get('name'),
+                        title: collection.get('title'),
+                        roleName: role,
+                        usingConfig,
+                        exists,
+                    };
+                })
+                    .sort((a, b) => (a.name > b.name ? 1 : -1));
+                yield next();
+            });
+        },
+    },
+};
+exports.roleCollectionsResource = roleCollectionsResource;
+//# sourceMappingURL=role-collections.js.map

package/lib/actions/role-collections.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"role-collections.js","sourceRoot":"","sources":["../../src/actions/role-collections.ts"],"names":[],"mappings":";;;;;;;;;;;;AAIA,MAAM,uBAAuB,GAAG;IAC9B,IAAI,EAAE,mBAAmB;IACzB,OAAO,EAAE;QACD,IAAI,CAAC,GAAG,EAAE,IAAI;;gBAClB,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC;gBAE/C,MAAM,EAAE,GAAa,GAAG,CAAC,EAAE,CAAC;gBAC5B,MAAM,oBAAoB,GAAG,EAAE,CAAC,aAAa,CAAC,aAAa,CAAC,CAAC;gBAE7D,kBAAkB;gBAClB,MAAM,WAAW,GAAG,MAAM,oBAAoB,CAAC,IAAI,CAAC;oBAClD,MAAM,EAAE,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM;iBACjC,CAAC,CAAC;gBAEH,mBAAmB;gBACnB,MAAM,aAAa,GAAG,MAAM,EAAE,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC;oBAClE,MAAM,EAAE;wBACN,QAAQ,EAAE,IAAI;qBACf;iBACF,CAAC,CAAC;gBAEH,mBAAmB;gBACnB,MAAM,kBAAkB,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,YAAY,EAAE,EAAE,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;gBACzF,MAAM,+BAA+B,GAAG,aAAa;qBAClD,MAAM,CAAC,CAAC,aAAa,EAAE,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;qBAClE,GAAG,CAAC,CAAC,aAAa,EAAE,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;gBAErD,GAAG,CAAC,IAAI,GAAG,WAAW;qBACnB,GAAG,CAAC,CAAC,UAAU,EAAE,EAAE;oBAClB,MAAM,MAAM,GAAG,kBAAkB,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC;oBAEnE,MAAM,WAAW,GAAoB,+BAA+B,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;wBACnG,CAAC,CAAC,gBAAgB;wBAClB,CAAC,CAAC,UAAU,CAAC;oBAEf,OAAO;wBACL,IAAI,EAAE,UAAU,CAAC,GAAG,CAAC,MAAM,CAAW;wBACtC,KAAK,EAAE,UAAU,CAAC,GAAG,CAAC,OAAO,CAAW;wBACxC,QAAQ,EAAE,IAAI;wBACd,WAAW;wBACX,MAAM;qBACP,CAAC;gBACJ,CAAC,CAAC;qBACD,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAE9C,MAAM,IAAI,EAAE,CAAC;YACf,CAAC;SAAA;KACF;CACF,CAAC;AAEO,0DAAuB","sourcesContent":["import { Database } from '@nocobase/database';\n\ntype UsingConfigType = 'strategy' | 'resourceAction';\n\nconst roleCollectionsResource = {\n  name: 'roles.collections',\n  actions: {\n    async list(ctx, next) {\n      const role = ctx.action.params.associatedIndex;\n\n      const db: Database = ctx.db;\n      const collectionRepository = db.getRepository('collections');\n\n      // all collections\n      const collections = await collectionRepository.find({\n        filter: ctx.action.params.filter,\n      });\n\n      // role collections\n      const roleResources = await db.getRepository('rolesResources').find({\n        filter: {\n          roleName: role,\n        },\n      });\n\n      // role collections\n      const roleResourcesNames = roleResources.map((roleResource) => roleResource.get('name'));\n      const roleResourceActionResourceNames = roleResources\n        .filter((roleResources) => roleResources.get('usingActionsConfig'))\n        .map((roleResources) => roleResources.get('name'));\n\n      ctx.body = collections\n        .map((collection) => {\n          const exists = roleResourcesNames.includes(collection.get('name'));\n\n          const usingConfig: UsingConfigType = roleResourceActionResourceNames.includes(collection.get('name'))\n            ? 'resourceAction'\n            : 'strategy';\n\n          return {\n            name: collection.get('name') as string,\n            title: collection.get('title') as string,\n            roleName: role,\n            usingConfig,\n            exists,\n          };\n        })\n        .sort((a, b) => (a.name > b.name ? 1 : -1));\n\n      await next();\n    },\n  },\n};\n\nexport { roleCollectionsResource };\n"]}

package/lib/collections/roles.d.ts

@@ -0,0 +1,3 @@
+import { CollectionOptions } from '@nocobase/database';
+declare const _default: CollectionOptions;
+export default _default;

package/lib/collections/roles.js

@@ -0,0 +1,80 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.default = {
+    name: 'roles',
+    title: '{{t("Roles")}}',
+    autoGenId: false,
+    model: 'RoleModel',
+    filterTargetKey: 'name',
+    // targetKey: 'name',
+    sortable: true,
+    fields: [
+        {
+            type: 'uid',
+            name: 'name',
+            prefix: 'r_',
+            primaryKey: true,
+            interface: 'input',
+            uiSchema: {
+                type: 'string',
+                title: '{{t("Role UID")}}',
+                'x-component': 'Input',
+            },
+        },
+        {
+            type: 'string',
+            name: 'title',
+            unique: true,
+            interface: 'input',
+            uiSchema: {
+                type: 'string',
+                title: '{{t("Role name")}}',
+                'x-component': 'Input',
+            },
+        },
+        {
+            type: 'boolean',
+            name: 'default',
+        },
+        {
+            type: 'string',
+            name: 'description',
+        },
+        {
+            type: 'json',
+            name: 'strategy',
+        },
+        {
+            type: 'boolean',
+            name: 'default',
+            defaultValue: false,
+        },
+        {
+            type: 'boolean',
+            name: 'hidden',
+            defaultValue: false,
+        },
+        {
+            type: 'boolean',
+            name: 'allowConfigure',
+        },
+        {
+            type: 'boolean',
+            name: 'allowNewMenu',
+        },
+        {
+            type: 'belongsToMany',
+            name: 'menuUiSchemas',
+            target: 'uiSchemas',
+            targetKey: 'x-uid',
+        },
+        {
+            type: 'hasMany',
+            name: 'resources',
+            target: 'rolesResources',
+            sourceKey: 'name',
+            targetKey: 'name',
+        },
+    ],
+};
+//# sourceMappingURL=roles.js.map

package/lib/collections/roles.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"roles.js","sourceRoot":"","sources":["../../src/collections/roles.ts"],"names":[],"mappings":";;AAEA,kBAAe;IACb,IAAI,EAAE,OAAO;IACb,KAAK,EAAE,gBAAgB;IACvB,SAAS,EAAE,KAAK;IAChB,KAAK,EAAE,WAAW;IAClB,eAAe,EAAE,MAAM;IACvB,qBAAqB;IACrB,QAAQ,EAAE,IAAI;IACd,MAAM,EAAE;QACN;YACE,IAAI,EAAE,KAAK;YACX,IAAI,EAAE,MAAM;YACZ,MAAM,EAAE,IAAI;YACZ,UAAU,EAAE,IAAI;YAChB,SAAS,EAAE,OAAO;YAClB,QAAQ,EAAE;gBACR,IAAI,EAAE,QAAQ;gBACd,KAAK,EAAE,mBAAmB;gBAC1B,aAAa,EAAE,OAAO;aACvB;SACF;QACD;YACE,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,OAAO;YACb,MAAM,EAAE,IAAI;YACZ,SAAS,EAAE,OAAO;YAClB,QAAQ,EAAE;gBACR,IAAI,EAAE,QAAQ;gBACd,KAAK,EAAE,oBAAoB;gBAC3B,aAAa,EAAE,OAAO;aACvB;SACF;QACD;YACE,IAAI,EAAE,SAAS;YACf,IAAI,EAAE,SAAS;SAChB;QACD;YACE,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,aAAa;SACpB;QACD;YACE,IAAI,EAAE,MAAM;YACZ,IAAI,EAAE,UAAU;SACjB;QACD;YACE,IAAI,EAAE,SAAS;YACf,IAAI,EAAE,SAAS;YACf,YAAY,EAAE,KAAK;SACpB;QACD;YACE,IAAI,EAAE,SAAS;YACf,IAAI,EAAE,QAAQ;YACd,YAAY,EAAE,KAAK;SACpB;QACD;YACE,IAAI,EAAE,SAAS;YACf,IAAI,EAAE,gBAAgB;SACvB;QACD;YACE,IAAI,EAAE,SAAS;YACf,IAAI,EAAE,cAAc;SACrB;QACD;YACE,IAAI,EAAE,eAAe;YACrB,IAAI,EAAE,eAAe;YACrB,MAAM,EAAE,WAAW;YACnB,SAAS,EAAE,OAAO;SACnB;QACD;YACE,IAAI,EAAE,SAAS;YACf,IAAI,EAAE,WAAW;YACjB,MAAM,EAAE,gBAAgB;YACxB,SAAS,EAAE,MAAM;YACjB,SAAS,EAAE,MAAM;SAClB;KACF;CACmB,CAAC","sourcesContent":["import { CollectionOptions } from '@nocobase/database';\n\nexport default {\n  name: 'roles',\n  title: '{{t(\"Roles\")}}',\n  autoGenId: false,\n  model: 'RoleModel',\n  filterTargetKey: 'name',\n  // targetKey: 'name',\n  sortable: true,\n  fields: [\n    {\n      type: 'uid',\n      name: 'name',\n      prefix: 'r_',\n      primaryKey: true,\n      interface: 'input',\n      uiSchema: {\n        type: 'string',\n        title: '{{t(\"Role UID\")}}',\n        'x-component': 'Input',\n      },\n    },\n    {\n      type: 'string',\n      name: 'title',\n      unique: true,\n      interface: 'input',\n      uiSchema: {\n        type: 'string',\n        title: '{{t(\"Role name\")}}',\n        'x-component': 'Input',\n      },\n    },\n    {\n      type: 'boolean',\n      name: 'default',\n    },\n    {\n      type: 'string',\n      name: 'description',\n    },\n    {\n      type: 'json',\n      name: 'strategy',\n    },\n    {\n      type: 'boolean',\n      name: 'default',\n      defaultValue: false,\n    },\n    {\n      type: 'boolean',\n      name: 'hidden',\n      defaultValue: false,\n    },\n    {\n      type: 'boolean',\n      name: 'allowConfigure',\n    },\n    {\n      type: 'boolean',\n      name: 'allowNewMenu',\n    },\n    {\n      type: 'belongsToMany',\n      name: 'menuUiSchemas',\n      target: 'uiSchemas',\n      targetKey: 'x-uid',\n    },\n    {\n      type: 'hasMany',\n      name: 'resources',\n      target: 'rolesResources',\n      sourceKey: 'name',\n      targetKey: 'name',\n    },\n  ],\n} as CollectionOptions;\n"]}

package/lib/collections/rolesResources.d.ts

@@ -0,0 +1,3 @@
+import { CollectionOptions } from '@nocobase/database';
+declare const _default: CollectionOptions;
+export default _default;

package/lib/collections/rolesResources.js

@@ -0,0 +1,32 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.default = {
+    name: 'rolesResources',
+    model: 'RoleResourceModel',
+    indexes: [
+        {
+            unique: true,
+            fields: ['roleName', 'name'],
+        },
+    ],
+    fields: [
+        {
+            type: 'belongsTo',
+            name: 'role',
+        },
+        {
+            type: 'string',
+            name: 'name',
+        },
+        {
+            type: 'boolean',
+            name: 'usingActionsConfig',
+        },
+        {
+            type: 'hasMany',
+            name: 'actions',
+            target: 'rolesResourcesActions',
+        },
+    ],
+};
+//# sourceMappingURL=rolesResources.js.map

package/lib/collections/rolesResources.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rolesResources.js","sourceRoot":"","sources":["../../src/collections/rolesResources.ts"],"names":[],"mappings":";;AAEA,kBAAe;IACb,IAAI,EAAE,gBAAgB;IACtB,KAAK,EAAE,mBAAmB;IAC1B,OAAO,EAAE;QACP;YACE,MAAM,EAAE,IAAI;YACZ,MAAM,EAAE,CAAC,UAAU,EAAE,MAAM,CAAC;SAC7B;KACF;IACD,MAAM,EAAE;QACN;YACE,IAAI,EAAE,WAAW;YACjB,IAAI,EAAE,MAAM;SACb;QACD;YACE,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,MAAM;SACb;QACD;YACE,IAAI,EAAE,SAAS;YACf,IAAI,EAAE,oBAAoB;SAC3B;QACD;YACE,IAAI,EAAE,SAAS;YACf,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,uBAAuB;SAChC;KACF;CACmB,CAAC","sourcesContent":["import { CollectionOptions } from '@nocobase/database';\n\nexport default {\n  name: 'rolesResources',\n  model: 'RoleResourceModel',\n  indexes: [\n    {\n      unique: true,\n      fields: ['roleName', 'name'],\n    },\n  ],\n  fields: [\n    {\n      type: 'belongsTo',\n      name: 'role',\n    },\n    {\n      type: 'string',\n      name: 'name',\n    },\n    {\n      type: 'boolean',\n      name: 'usingActionsConfig',\n    },\n    {\n      type: 'hasMany',\n      name: 'actions',\n      target: 'rolesResourcesActions',\n    },\n  ],\n} as CollectionOptions;\n"]}

package/lib/collections/rolesResourcesActions.d.ts

@@ -0,0 +1,3 @@
+import { CollectionOptions } from '@nocobase/database';
+declare const _default: CollectionOptions;
+export default _default;

package/lib/collections/rolesResourcesActions.js

@@ -0,0 +1,29 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.default = {
+    name: 'rolesResourcesActions',
+    model: 'RoleResourceActionModel',
+    fields: [
+        {
+            type: 'belongsTo',
+            name: 'resource',
+            foreignKey: 'rolesResourceId',
+            target: 'rolesResources',
+        },
+        {
+            type: 'string',
+            name: 'name',
+        },
+        {
+            type: 'array',
+            name: 'fields',
+            defaultValue: [],
+        },
+        {
+            type: 'belongsTo',
+            name: 'scope',
+            target: 'rolesResourcesScopes',
+        },
+    ],
+};
+//# sourceMappingURL=rolesResourcesActions.js.map

package/lib/collections/rolesResourcesActions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rolesResourcesActions.js","sourceRoot":"","sources":["../../src/collections/rolesResourcesActions.ts"],"names":[],"mappings":";;AAEA,kBAAe;IACb,IAAI,EAAE,uBAAuB;IAC7B,KAAK,EAAE,yBAAyB;IAChC,MAAM,EAAE;QACN;YACE,IAAI,EAAE,WAAW;YACjB,IAAI,EAAE,UAAU;YAChB,UAAU,EAAE,iBAAiB;YAC7B,MAAM,EAAE,gBAAgB;SACzB;QACD;YACE,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,MAAM;SACb;QACD;YACE,IAAI,EAAE,OAAO;YACb,IAAI,EAAE,QAAQ;YACd,YAAY,EAAE,EAAE;SACjB;QACD;YACE,IAAI,EAAE,WAAW;YACjB,IAAI,EAAE,OAAO;YACb,MAAM,EAAE,sBAAsB;SAC/B;KACF;CACmB,CAAC","sourcesContent":["import { CollectionOptions } from '@nocobase/database';\n\nexport default {\n  name: 'rolesResourcesActions',\n  model: 'RoleResourceActionModel',\n  fields: [\n    {\n      type: 'belongsTo',\n      name: 'resource',\n      foreignKey: 'rolesResourceId',\n      target: 'rolesResources',\n    },\n    {\n      type: 'string',\n      name: 'name',\n    },\n    {\n      type: 'array',\n      name: 'fields',\n      defaultValue: [],\n    },\n    {\n      type: 'belongsTo',\n      name: 'scope',\n      target: 'rolesResourcesScopes',\n    },\n  ],\n} as CollectionOptions;\n"]}

package/lib/collections/rolesResourcesScopes.d.ts

@@ -0,0 +1,3 @@
+import { CollectionOptions } from '@nocobase/database';
+declare const _default: CollectionOptions;
+export default _default;

package/lib/collections/rolesResourcesScopes.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.default = {
+    name: 'rolesResourcesScopes',
+    fields: [
+        {
+            type: 'uid',
+            name: 'key',
+        },
+        {
+            type: 'string',
+            name: 'name',
+        },
+        {
+            type: 'string',
+            name: 'resourceName',
+        },
+        {
+            type: 'json',
+            name: 'scope',
+        },
+    ],
+};
+//# sourceMappingURL=rolesResourcesScopes.js.map

package/lib/collections/rolesResourcesScopes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rolesResourcesScopes.js","sourceRoot":"","sources":["../../src/collections/rolesResourcesScopes.ts"],"names":[],"mappings":";;AAEA,kBAAe;IACb,IAAI,EAAE,sBAAsB;IAC5B,MAAM,EAAE;QACN;YACE,IAAI,EAAE,KAAK;YACX,IAAI,EAAE,KAAK;SACZ;QACD;YACE,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,MAAM;SACb;QACD;YACE,IAAI,EAAE,QAAQ;YACd,IAAI,EAAE,cAAc;SACrB;QACD;YACE,IAAI,EAAE,MAAM;YACZ,IAAI,EAAE,OAAO;SACd;KACF;CACmB,CAAC","sourcesContent":["import { CollectionOptions } from '@nocobase/database';\n\nexport default {\n  name: 'rolesResourcesScopes',\n  fields: [\n    {\n      type: 'uid',\n      name: 'key',\n    },\n    {\n      type: 'string',\n      name: 'name',\n    },\n    {\n      type: 'string',\n      name: 'resourceName',\n    },\n    {\n      type: 'json',\n      name: 'scope',\n    },\n  ],\n} as CollectionOptions;\n"]}

package/lib/index.d.ts

@@ -0,0 +1 @@
+export { default } from './server';

package/lib/index.js

@@ -0,0 +1,9 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.default = void 0;
+var server_1 = require("./server");
+Object.defineProperty(exports, "default", { enumerable: true, get: function () { return __importDefault(server_1).default; } });
+//# sourceMappingURL=index.js.map

package/lib/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;AAAA,mCAAmC;AAA1B,kHAAA,OAAO,OAAA","sourcesContent":["export { default } from './server';\n\n"]}

package/lib/model/RoleModel.d.ts

@@ -0,0 +1,7 @@
+import { Model } from '@nocobase/database';
+import { ACL } from '@nocobase/acl';
+export declare class RoleModel extends Model {
+    writeToAcl(options: {
+        acl: ACL;
+    }): void;
+}

package/lib/model/RoleModel.js

@@ -0,0 +1,19 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RoleModel = void 0;
+const database_1 = require("@nocobase/database");
+class RoleModel extends database_1.Model {
+    writeToAcl(options) {
+        const { acl } = options;
+        const roleName = this.get('name');
+        let role = acl.getRole(roleName);
+        if (!role) {
+            role = acl.define({
+                role: roleName,
+            });
+        }
+        role.setStrategy(Object.assign(Object.assign({}, (this.get('strategy') || {})), { allowConfigure: this.get('allowConfigure') }));
+    }
+}
+exports.RoleModel = RoleModel;
+//# sourceMappingURL=RoleModel.js.map

package/lib/model/RoleModel.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"RoleModel.js","sourceRoot":"","sources":["../../src/model/RoleModel.ts"],"names":[],"mappings":";;;AAAA,iDAA2C;AAG3C,MAAa,SAAU,SAAQ,gBAAK;IAClC,UAAU,CAAC,OAAqB;QAC9B,MAAM,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;QACxB,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAW,CAAC;QAC5C,IAAI,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAEjC,IAAI,CAAC,IAAI,EAAE;YACT,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC;gBAChB,IAAI,EAAE,QAAQ;aACf,CAAC,CAAC;SACJ;QAED,IAAI,CAAC,WAAW,iCACX,CAAE,IAAI,CAAC,GAAG,CAAC,UAAU,CAAY,IAAI,EAAE,CAAC,KAC3C,cAAc,EAAE,IAAI,CAAC,GAAG,CAAC,gBAAgB,CAAY,IACrD,CAAC;IACL,CAAC;CACF;AAjBD,8BAiBC","sourcesContent":["import { Model } from '@nocobase/database';\nimport { ACL } from '@nocobase/acl';\n\nexport class RoleModel extends Model {\n  writeToAcl(options: { acl: ACL }) {\n    const { acl } = options;\n    const roleName = this.get('name') as string;\n    let role = acl.getRole(roleName);\n\n    if (!role) {\n      role = acl.define({\n        role: roleName,\n      });\n    }\n\n    role.setStrategy({\n      ...((this.get('strategy') as object) || {}),\n      allowConfigure: this.get('allowConfigure') as boolean,\n    });\n  }\n}\n"]}

package/lib/model/RoleResourceActionModel.d.ts

@@ -0,0 +1,12 @@
+import { ACL, ACLRole } from '@nocobase/acl';
+import { Model } from '@nocobase/database';
+import { AssociationFieldsActions, GrantHelper } from '../server';
+export declare class RoleResourceActionModel extends Model {
+    writeToACL(options: {
+        acl: ACL;
+        role: ACLRole;
+        resourceName: string;
+        associationFieldsActions: AssociationFieldsActions;
+        grantHelper: GrantHelper;
+    }): Promise<void>;
+}

package/lib/model/RoleResourceActionModel.js

@@ -0,0 +1,69 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RoleResourceActionModel = void 0;
+const database_1 = require("@nocobase/database");
+class RoleResourceActionModel extends database_1.Model {
+    writeToACL(options) {
+        var _a;
+        return __awaiter(this, void 0, void 0, function* () {
+            // @ts-ignore
+            const db = this.constructor.database;
+            const { resourceName, role, acl, associationFieldsActions, grantHelper } = options;
+            const actionName = this.get('name');
+            const fields = this.get('fields');
+            const actionPath = `${resourceName}:${actionName}`;
+            const actionParams = {
+                fields,
+            };
+            // @ts-ignore
+            const scope = yield this.getScope();
+            if (scope) {
+                actionParams['own'] = scope.get('key') === 'own';
+                actionParams['filter'] = scope.get('scope');
+            }
+            role.grantAction(actionPath, actionParams);
+            const collection = db.getCollection(resourceName);
+            if (!collection) {
+                return;
+            }
+            const availableAction = acl.resolveActionAlias(actionName);
+            for (const field of fields) {
+                const collectionField = collection.getField(field);
+                const fieldType = collectionField.get('interface');
+                const fieldActions = (_a = associationFieldsActions === null || associationFieldsActions === void 0 ? void 0 : associationFieldsActions[fieldType]) === null || _a === void 0 ? void 0 : _a[availableAction];
+                const fieldTarget = collectionField.get('target');
+                if (fieldActions) {
+                    const associationActions = fieldActions.associationActions || [];
+                    associationActions.forEach((associationAction) => {
+                        const actionName = `${resourceName}.${fieldTarget}:${associationAction}`;
+                        role.grantAction(actionName);
+                    });
+                    const targetActions = fieldActions.targetActions || [];
+                    targetActions.forEach((targetAction) => {
+                        const targetActionPath = `${fieldTarget}:${targetAction}`;
+                        grantHelper.resourceTargetActionMap.set(resourceName, [
+                            ...(grantHelper.resourceTargetActionMap.get(resourceName) || []),
+                            targetActionPath,
+                        ]);
+                        grantHelper.targetActionResourceMap.set(targetActionPath, [
+                            ...(grantHelper.targetActionResourceMap.get(targetActionPath) || []),
+                            resourceName,
+                        ]);
+                        role.grantAction(targetActionPath);
+                    });
+                }
+            }
+        });
+    }
+}
+exports.RoleResourceActionModel = RoleResourceActionModel;
+//# sourceMappingURL=RoleResourceActionModel.js.map

package/lib/model/RoleResourceActionModel.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"RoleResourceActionModel.js","sourceRoot":"","sources":["../../src/model/RoleResourceActionModel.ts"],"names":[],"mappings":";;;;;;;;;;;;AACA,iDAAqD;AAGrD,MAAa,uBAAwB,SAAQ,gBAAK;IAC1C,UAAU,CAAC,OAMhB;;;YACC,aAAa;YACb,MAAM,EAAE,GAAa,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC;YAE/C,MAAM,EAAE,YAAY,EAAE,IAAI,EAAE,GAAG,EAAE,wBAAwB,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC;YAEnF,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAW,CAAC;YAE9C,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAQ,CAAC;YAEzC,MAAM,UAAU,GAAG,GAAG,YAAY,IAAI,UAAU,EAAE,CAAC;YACnD,MAAM,YAAY,GAAG;gBACnB,MAAM;aACP,CAAC;YAEF,aAAa;YACb,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;YAEpC,IAAI,KAAK,EAAE;gBACT,YAAY,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,KAAK,CAAC;gBACjD,YAAY,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;aAC7C;YAED,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;YAE3C,MAAM,UAAU,GAAG,EAAE,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;YAElD,IAAI,CAAC,UAAU,EAAE;gBACf,OAAO;aACR;YAED,MAAM,eAAe,GAAG,GAAG,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YAE3D,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE;gBAC1B,MAAM,eAAe,GAAG,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;gBACnD,MAAM,SAAS,GAAG,eAAe,CAAC,GAAG,CAAC,WAAW,CAAW,CAAC;gBAE7D,MAAM,YAAY,GAA2B,MAAA,wBAAwB,aAAxB,wBAAwB,uBAAxB,wBAAwB,CAAG,SAAS,CAAC,0CAAG,eAAe,CAAC,CAAC;gBAEtG,MAAM,WAAW,GAAG,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;gBAElD,IAAI,YAAY,EAAE;oBAChB,MAAM,kBAAkB,GAAG,YAAY,CAAC,kBAAkB,IAAI,EAAE,CAAC;oBACjE,kBAAkB,CAAC,OAAO,CAAC,CAAC,iBAAiB,EAAE,EAAE;wBAC/C,MAAM,UAAU,GAAG,GAAG,YAAY,IAAI,WAAW,IAAI,iBAAiB,EAAE,CAAC;wBACzE,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;oBAC/B,CAAC,CAAC,CAAC;oBAEH,MAAM,aAAa,GAAG,YAAY,CAAC,aAAa,IAAI,EAAE,CAAC;oBAEvD,aAAa,CAAC,OAAO,CAAC,CAAC,YAAY,EAAE,EAAE;wBACrC,MAAM,gBAAgB,GAAG,GAAG,WAAW,IAAI,YAAY,EAAE,CAAC;wBAE1D,WAAW,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,EAAE;4BACpD,GAAG,CAAC,WAAW,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;4BAChE,gBAAgB;yBACjB,CAAC,CAAC;wBAEH,WAAW,CAAC,uBAAuB,CAAC,GAAG,CAAC,gBAAgB,EAAE;4BACxD,GAAG,CAAC,WAAW,CAAC,uBAAuB,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC;4BACpE,YAAY;yBACb,CAAC,CAAC;wBAEH,IAAI,CAAC,WAAW,CAAC,gBAAgB,CAAC,CAAC;oBACrC,CAAC,CAAC,CAAC;iBACJ;aACF;;KACF;CACF;AA3ED,0DA2EC","sourcesContent":["import { ACL, ACLRole } from '@nocobase/acl';\nimport { Database, Model } from '@nocobase/database';\nimport { AssociationFieldAction, AssociationFieldsActions, GrantHelper } from '../server';\n\nexport class RoleResourceActionModel extends Model {\n  async writeToACL(options: {\n    acl: ACL;\n    role: ACLRole;\n    resourceName: string;\n    associationFieldsActions: AssociationFieldsActions;\n    grantHelper: GrantHelper;\n  }) {\n    // @ts-ignore\n    const db: Database = this.constructor.database;\n\n    const { resourceName, role, acl, associationFieldsActions, grantHelper } = options;\n\n    const actionName = this.get('name') as string;\n\n    const fields = this.get('fields') as any;\n\n    const actionPath = `${resourceName}:${actionName}`;\n    const actionParams = {\n      fields,\n    };\n\n    // @ts-ignore\n    const scope = await this.getScope();\n\n    if (scope) {\n      actionParams['own'] = scope.get('key') === 'own';\n      actionParams['filter'] = scope.get('scope');\n    }\n\n    role.grantAction(actionPath, actionParams);\n\n    const collection = db.getCollection(resourceName);\n\n    if (!collection) {\n      return;\n    }\n\n    const availableAction = acl.resolveActionAlias(actionName);\n\n    for (const field of fields) {\n      const collectionField = collection.getField(field);\n      const fieldType = collectionField.get('interface') as string;\n\n      const fieldActions: AssociationFieldAction = associationFieldsActions?.[fieldType]?.[availableAction];\n\n      const fieldTarget = collectionField.get('target');\n\n      if (fieldActions) {\n        const associationActions = fieldActions.associationActions || [];\n        associationActions.forEach((associationAction) => {\n          const actionName = `${resourceName}.${fieldTarget}:${associationAction}`;\n          role.grantAction(actionName);\n        });\n\n        const targetActions = fieldActions.targetActions || [];\n\n        targetActions.forEach((targetAction) => {\n          const targetActionPath = `${fieldTarget}:${targetAction}`;\n\n          grantHelper.resourceTargetActionMap.set(resourceName, [\n            ...(grantHelper.resourceTargetActionMap.get(resourceName) || []),\n            targetActionPath,\n          ]);\n\n          grantHelper.targetActionResourceMap.set(targetActionPath, [\n            ...(grantHelper.targetActionResourceMap.get(targetActionPath) || []),\n            resourceName,\n          ]);\n\n          role.grantAction(targetActionPath);\n        });\n      }\n    }\n  }\n}\n"]}

package/lib/model/RoleResourceModel.d.ts

@@ -0,0 +1,16 @@
+import { Model } from '@nocobase/database';
+import { ACL, ACLRole } from '@nocobase/acl';
+import { AssociationFieldsActions, GrantHelper } from '../server';
+export declare class RoleResourceModel extends Model {
+    revoke(options: {
+        role: ACLRole;
+        resourceName: string;
+        grantHelper: GrantHelper;
+    }): Promise<void>;
+    writeToACL(options: {
+        acl: ACL;
+        associationFieldsActions: AssociationFieldsActions;
+        grantHelper: GrantHelper;
+        transaction: any;
+    }): Promise<void>;
+}

package/lib/model/RoleResourceModel.js

@@ -0,0 +1,59 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RoleResourceModel = void 0;
+const database_1 = require("@nocobase/database");
+class RoleResourceModel extends database_1.Model {
+    revoke(options) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { role, resourceName, grantHelper } = options;
+            role.revokeResource(resourceName);
+            const targetActions = grantHelper.resourceTargetActionMap.get(resourceName) || [];
+            for (const targetAction of targetActions) {
+                const targetActionResource = (grantHelper.targetActionResourceMap.get(targetAction) || []).filter((item) => resourceName !== item);
+                grantHelper.targetActionResourceMap.set(targetAction, targetActionResource);
+                if (targetActionResource.length == 0) {
+                    role.revokeAction(targetAction);
+                }
+            }
+            grantHelper.resourceTargetActionMap.set(resourceName, []);
+        });
+    }
+    writeToACL(options) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { acl, associationFieldsActions, grantHelper } = options;
+            const resourceName = this.get('name');
+            const roleName = this.get('roleName');
+            const role = acl.getRole(roleName);
+            // revoke resource of role
+            yield this.revoke({ role, resourceName, grantHelper });
+            // @ts-ignore
+            if (this.usingActionsConfig === false) {
+                return;
+            }
+            // @ts-ignore
+            const actions = yield this.getActions({
+                transaction: options.transaction,
+            });
+            for (const action of actions) {
+                yield action.writeToACL({
+                    acl,
+                    role,
+                    resourceName,
+                    associationFieldsActions,
+                    grantHelper: options.grantHelper,
+                });
+            }
+        });
+    }
+}
+exports.RoleResourceModel = RoleResourceModel;
+//# sourceMappingURL=RoleResourceModel.js.map

package/lib/model/RoleResourceModel.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"RoleResourceModel.js","sourceRoot":"","sources":["../../src/model/RoleResourceModel.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,iDAAqD;AAKrD,MAAa,iBAAkB,SAAQ,gBAAK;IACpC,MAAM,CAAC,OAA0E;;YACrF,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC;YACpD,IAAI,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;YAElC,MAAM,aAAa,GAAG,WAAW,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;YAElF,KAAK,MAAM,YAAY,IAAI,aAAa,EAAE;gBACxC,MAAM,oBAAoB,GAAG,CAAC,WAAW,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAC/F,CAAC,IAAI,EAAE,EAAE,CAAC,YAAY,KAAK,IAAI,CAChC,CAAC;gBAEF,WAAW,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,EAAE,oBAAoB,CAAC,CAAC;gBAC5E,IAAI,oBAAoB,CAAC,MAAM,IAAI,CAAC,EAAE;oBACpC,IAAI,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;iBACjC;aACF;YAED,WAAW,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;QAC5D,CAAC;KAAA;IAEK,UAAU,CAAC,OAKhB;;YACC,MAAM,EAAE,GAAG,EAAE,wBAAwB,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC;YAC/D,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAW,CAAC;YAChD,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,CAAW,CAAC;YAChD,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAEnC,0BAA0B;YAC1B,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC,CAAC;YAEvD,aAAa;YACb,IAAI,IAAI,CAAC,kBAAkB,KAAK,KAAK,EAAE;gBACrC,OAAO;aACR;YAED,aAAa;YACb,MAAM,OAAO,GAA8B,MAAM,IAAI,CAAC,UAAU,CAAC;gBAC/D,WAAW,EAAE,OAAO,CAAC,WAAW;aACjC,CAAC,CAAC;YAEH,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE;gBAC5B,MAAM,MAAM,CAAC,UAAU,CAAC;oBACtB,GAAG;oBACH,IAAI;oBACJ,YAAY;oBACZ,wBAAwB;oBACxB,WAAW,EAAE,OAAO,CAAC,WAAW;iBACjC,CAAC,CAAC;aACJ;QACH,CAAC;KAAA;CACF;AAvDD,8CAuDC","sourcesContent":["import { Database, Model } from '@nocobase/database';\nimport { ACL, ACLRole } from '@nocobase/acl';\nimport { RoleResourceActionModel } from './RoleResourceActionModel';\nimport { AssociationFieldsActions, GrantHelper } from '../server';\n\nexport class RoleResourceModel extends Model {\n  async revoke(options: { role: ACLRole; resourceName: string; grantHelper: GrantHelper }) {\n    const { role, resourceName, grantHelper } = options;\n    role.revokeResource(resourceName);\n\n    const targetActions = grantHelper.resourceTargetActionMap.get(resourceName) || [];\n\n    for (const targetAction of targetActions) {\n      const targetActionResource = (grantHelper.targetActionResourceMap.get(targetAction) || []).filter(\n        (item) => resourceName !== item,\n      );\n\n      grantHelper.targetActionResourceMap.set(targetAction, targetActionResource);\n      if (targetActionResource.length == 0) {\n        role.revokeAction(targetAction);\n      }\n    }\n\n    grantHelper.resourceTargetActionMap.set(resourceName, []);\n  }\n\n  async writeToACL(options: {\n    acl: ACL;\n    associationFieldsActions: AssociationFieldsActions;\n    grantHelper: GrantHelper;\n    transaction: any;\n  }) {\n    const { acl, associationFieldsActions, grantHelper } = options;\n    const resourceName = this.get('name') as string;\n    const roleName = this.get('roleName') as string;\n    const role = acl.getRole(roleName);\n\n    // revoke resource of role\n    await this.revoke({ role, resourceName, grantHelper });\n\n    // @ts-ignore\n    if (this.usingActionsConfig === false) {\n      return;\n    }\n\n    // @ts-ignore\n    const actions: RoleResourceActionModel[] = await this.getActions({\n      transaction: options.transaction,\n    });\n\n    for (const action of actions) {\n      await action.writeToACL({\n        acl,\n        role,\n        resourceName,\n        associationFieldsActions,\n        grantHelper: options.grantHelper,\n      });\n    }\n  }\n}\n"]}