@nocobase/plugin-acl 0.7.0-alpha.1

package/src/__tests__/prepare.ts

@@ -0,0 +1,39 @@
+import PluginCollectionManager from '@nocobase/plugin-collection-manager';
+import PluginUiSchema from '@nocobase/plugin-ui-schema-storage';
+import { mockServer } from '@nocobase/test';
+import PluginACL from '../server';
+
+let mockRole: string = 'admin';
+let mockUser = {};
+
+export function changeMockRole(role: string) {
+  mockRole = role;
+}
+
+export function changeMockUser(user: any) {
+  mockUser = user;
+}
+
+export async function prepareApp() {
+  const app = mockServer({
+    registerActions: true,
+  });
+
+  await app.cleanDb();
+
+  app.plugin(PluginUiSchema);
+  app.plugin(PluginCollectionManager);
+
+  app.resourcer.use(async (ctx, next) => {
+    ctx.state.currentRole = mockRole;
+    ctx.state.currentUser = mockUser;
+    await next();
+  });
+
+  app.plugin(PluginACL);
+  await app.loadAndInstall();
+
+  await app.db.sync();
+
+  return app;
+}

package/src/__tests__/role-check.test.ts

@@ -0,0 +1,35 @@
+import { MockServer } from '@nocobase/test';
+import { changeMockRole, changeMockUser, prepareApp } from './prepare';
+import { Database } from '@nocobase/database';
+
+describe('role check action', () => {
+  let app: MockServer;
+  let db: Database;
+
+  beforeEach(async () => {
+    app = await prepareApp();
+    db = app.db;
+  });
+
+  afterEach(async () => {
+    await app.destroy();
+  });
+
+  it('should return role info', async () => {
+    const role = await db.getRepository('roles').create({
+      values: {
+        name: 'test',
+      },
+    });
+
+    changeMockUser({
+      id: 2,
+    });
+
+    changeMockRole('test');
+
+    const response = await app.agent().get('/roles:check');
+
+    expect(response.statusCode).toEqual(200);
+  });
+});

package/src/__tests__/role-resource.test.ts

@@ -0,0 +1,187 @@
+import { Database, Model } from '@nocobase/database';
+import { CollectionRepository } from '@nocobase/plugin-collection-manager';
+import { MockServer } from '@nocobase/test';
+import { prepareApp } from './prepare';
+
+describe('role resource api', () => {
+  let app: MockServer;
+  let db: Database;
+  let role: Model;
+
+  afterEach(async () => {
+    await app.destroy();
+  });
+
+  beforeEach(async () => {
+    app = await prepareApp();
+    db = app.db;
+
+    await db.getRepository('roles').create({
+      values: {
+        name: 'admin',
+        title: 'Admin User',
+        allowConfigure: true,
+      },
+    });
+
+    role = await db.getRepository('roles').findOne({
+      filter: {
+        name: 'admin',
+      },
+    });
+  });
+
+  it('should grant resource by createRepository', async () => {
+    const collectionManager = db.getRepository('collections') as CollectionRepository;
+    await collectionManager.create({
+      values: {
+        name: 'c1',
+        title: 'table1',
+      },
+      context: {},
+    });
+
+    await collectionManager.create({
+      values: {
+        name: 'c2',
+        title: 'table2',
+      },
+      context: {},
+    });
+
+    await db.getRepository('roles').create({
+      values: {
+        name: 'testRole',
+        resources: [
+          {
+            name: 'c1',
+            actions: [
+              {
+                name: 'create',
+              },
+            ],
+          },
+        ],
+      },
+    });
+
+    const acl = app.acl;
+    const testRole = acl.getRole('testRole');
+    const resource = testRole.getResource('c1');
+    expect(resource).toBeDefined();
+  });
+
+  it('should grant resource action', async () => {
+    const collectionManager = db.getRepository('collections') as CollectionRepository;
+
+    await collectionManager.create({
+      values: {
+        name: 'c1',
+        title: 'table1',
+      },
+      context: {},
+    });
+
+    await collectionManager.create({
+      values: {
+        name: 'c2',
+        title: 'table2',
+      },
+      context: {},
+    });
+
+    // get collections list
+    let response = await app
+      .agent()
+      .resource('roles.collections', 'admin')
+      .list({
+        filter: {
+          $or: [{ name: 'c1' }, { name: 'c2' }],
+        },
+        sort: ['sort'],
+      });
+
+    expect(response.statusCode).toEqual(200);
+
+    expect(response.body.data).toMatchObject([
+      {
+        name: 'c1',
+        title: 'table1',
+        usingConfig: 'strategy',
+        exists: false,
+      },
+      {
+        name: 'c2',
+        title: 'table2',
+        usingConfig: 'strategy',
+        exists: false,
+      },
+    ]);
+
+    // set resource actions
+    response = await app
+      .agent()
+      .resource('roles.resources', 'admin')
+      .create({
+        values: {
+          name: 'c1',
+          usingActionsConfig: true,
+          actions: [
+            {
+              name: 'create',
+            },
+          ],
+        },
+      });
+
+    expect(response.statusCode).toEqual(200);
+
+    // get collections list
+    response = await app
+      .agent()
+      .resource('roles.collections')
+      .list({
+        associatedIndex: role.get('name') as string,
+        filter: {
+          name: 'c1',
+        },
+      });
+
+    expect(response.body.data[0]['usingConfig']).toEqual('resourceAction');
+
+    response = await app
+      .agent()
+      .resource('roles.resources')
+      .list({
+        associatedIndex: role.get('name') as string,
+        appends: 'actions',
+      });
+
+    expect(response.statusCode).toEqual(200);
+    const resources = response.body.data;
+    const resourceAction = resources[0]['actions'][0];
+
+    expect(resourceAction['name']).toEqual('create');
+
+    // update resource actions
+    response = await app
+      .agent()
+      .resource('roles.resources')
+      .update({
+        associatedIndex: role.get('name') as string,
+        values: {
+          name: 'c1',
+          usingActionsConfig: true,
+          actions: [
+            {
+              name: 'view',
+            },
+          ],
+        },
+      });
+
+    expect(response.statusCode).toEqual(200);
+    expect(response.body.data[0]['actions'].length).toEqual(1);
+    expect(response.body.data[0]['actions'][0]['name']).toEqual('view');
+  });
+});

package/src/__tests__/role.test.ts

@@ -0,0 +1,92 @@
+import { MockServer } from '@nocobase/test';
+import { CollectionRepository } from '@nocobase/plugin-collection-manager';
+import { Database, Model } from '@nocobase/database';
+
+import { prepareApp } from './prepare';
+
+describe('role api', () => {
+  let app: MockServer;
+  let db: Database;
+
+  afterEach(async () => {
+    await app.destroy();
+  });
+
+  beforeEach(async () => {
+    app = await prepareApp();
+    db = app.db;
+  });
+
+  describe('grant', () => {
+    let role: Model;
+
+    beforeEach(async () => {
+      await db.getRepository('roles').create({
+        values: {
+          name: 'admin',
+          title: 'Admin User',
+          allowConfigure: true,
+        },
+      });
+
+      role = await db.getRepository('roles').findOne({
+        filter: {
+          name: 'admin',
+        },
+      });
+    });
+
+    it('should list actions', async () => {
+      const response = await app.agent().resource('availableActions').list();
+      expect(response.statusCode).toEqual(200);
+    });
+
+    it('should grant universal role actions', async () => {
+      // grant role actions
+      const response = await app
+        .agent()
+        .resource('roles')
+        .update({
+          values: {
+            strategy: {
+              actions: ['create:all', 'view:own'],
+            },
+          },
+        });
+
+      expect(response.statusCode).toEqual(200);
+
+      await role.reload();
+
+      expect(role.get('strategy')).toMatchObject({
+        actions: ['create:all', 'view:own'],
+      });
+    });
+  });
+
+  it('should works with default option', async () => {
+    await db.getRepository('roles').create({
+      values: {
+        name: 'role1',
+        title: 'admin 1',
+        default: true,
+      },
+    });
+
+    await db.getRepository('roles').create({
+      values: {
+        name: 'role2',
+        default: true,
+      },
+    });
+
+    const defaultRole = await db.getRepository('roles').find({
+      filter: {
+        default: true,
+      },
+    });
+
+    expect(defaultRole.length).toEqual(1);
+    expect(defaultRole[0].get('name')).toEqual('role2');
+  });
+});

package/src/__tests__/scope.test.ts

@@ -0,0 +1,51 @@
+import { prepareApp } from './prepare';
+import { MockServer } from '@nocobase/test';
+import { Database } from '@nocobase/database';
+
+describe('scope api', () => {
+  let app: MockServer;
+  let db: Database;
+
+  afterEach(async () => {
+    await app.destroy();
+  });
+
+  beforeEach(async () => {
+    app = await prepareApp();
+    db = app.db;
+    await db.getRepository('roles').create({
+      values: {
+        name: 'admin',
+        title: 'Admin User',
+        allowConfigure: true,
+      },
+    });
+  });
+
+  it('should create scope of resource', async () => {
+    const response = await app
+      .agent()
+      .resource('rolesResourcesScopes')
+      .create({
+        values: {
+          resourceName: 'posts',
+          name: 'published posts',
+          scope: {
+            published: true,
+          },
+        },
+      });
+
+    expect(response.statusCode).toEqual(200);
+
+    const scope = await db.getRepository('rolesResourcesScopes').findOne({
+      filter: {
+        name: 'published posts',
+      },
+    });
+
+    expect(scope.get('scope')).toMatchObject({
+      published: true,
+    });
+  });
+});

package/src/actions/available-actions.ts

@@ -0,0 +1,18 @@
+const availableActionResource = {
+  name: 'availableActions',
+  actions: {
+    async list(ctx, next) {
+      const acl = ctx.app.acl;
+      const availableActions = acl.getAvailableActions();
+      ctx.body = Array.from(availableActions.entries()).map(([, { name, options }]) => {
+        return {
+          ...options,
+          name,
+        };
+      });
+      await next();
+    },
+  },
+};
+
+export { availableActionResource };

package/src/actions/role-check.ts

@@ -0,0 +1,39 @@
+const map2obj = (map: Map<string, string>) => {
+  const obj = {};
+  for(let [key, value] of map){
+    obj[key] = value;
+  }
+ return obj;
+}
+
+export async function checkAction(ctx, next) {
+  const currentRole = ctx.state.currentRole;
+  if (currentRole) {
+    const roleInstance = await ctx.db.getRepository('roles').findOne({
+      filter: {
+        name: currentRole,
+      },
+      appends: ['menuUiSchemas'],
+    });
+
+    const anonymous = await ctx.db.getRepository('roles').findOne({
+      filter: {
+        name: 'anonymous',
+      },
+    });
+
+    const role = ctx.app.acl.getRole(currentRole);
+
+    ctx.body = {
+      ...role.toJSON(),
+      resources: [...role.resources.keys()],
+      actionAlias: map2obj(ctx.app.acl.actionAlias),
+      allowAll: currentRole === 'root',
+      allowConfigure: roleInstance.get('allowConfigure'),
+      allowMenuItemIds: roleInstance.get('menuUiSchemas').map((uiSchema) => uiSchema.get('x-uid')),
+      allowAnonymous: !!anonymous,
+    };
+  }
+
+  await next();
+}

package/src/actions/role-collections.ts

@@ -0,0 +1,55 @@
+import { Database } from '@nocobase/database';
+
+type UsingConfigType = 'strategy' | 'resourceAction';
+
+const roleCollectionsResource = {
+  name: 'roles.collections',
+  actions: {
+    async list(ctx, next) {
+      const role = ctx.action.params.associatedIndex;
+
+      const db: Database = ctx.db;
+      const collectionRepository = db.getRepository('collections');
+
+      // all collections
+      const collections = await collectionRepository.find({
+        filter: ctx.action.params.filter,
+      });
+
+      // role collections
+      const roleResources = await db.getRepository('rolesResources').find({
+        filter: {
+          roleName: role,
+        },
+      });
+
+      // role collections
+      const roleResourcesNames = roleResources.map((roleResource) => roleResource.get('name'));
+      const roleResourceActionResourceNames = roleResources
+        .filter((roleResources) => roleResources.get('usingActionsConfig'))
+        .map((roleResources) => roleResources.get('name'));
+
+      ctx.body = collections
+        .map((collection) => {
+          const exists = roleResourcesNames.includes(collection.get('name'));
+
+          const usingConfig: UsingConfigType = roleResourceActionResourceNames.includes(collection.get('name'))
+            ? 'resourceAction'
+            : 'strategy';
+
+          return {
+            name: collection.get('name') as string,
+            title: collection.get('title') as string,
+            roleName: role,
+            usingConfig,
+            exists,
+          };
+        })
+        .sort((a, b) => (a.name > b.name ? 1 : -1));
+
+      await next();
+    },
+  },
+};
+
+export { roleCollectionsResource };

package/src/collections/roles.ts

@@ -0,0 +1,79 @@
+import { CollectionOptions } from '@nocobase/database';
+
+export default {
+  name: 'roles',
+  title: '{{t("Roles")}}',
+  autoGenId: false,
+  model: 'RoleModel',
+  filterTargetKey: 'name',
+  // targetKey: 'name',
+  sortable: true,
+  fields: [
+    {
+      type: 'uid',
+      name: 'name',
+      prefix: 'r_',
+      primaryKey: true,
+      interface: 'input',
+      uiSchema: {
+        type: 'string',
+        title: '{{t("Role UID")}}',
+        'x-component': 'Input',
+      },
+    },
+    {
+      type: 'string',
+      name: 'title',
+      unique: true,
+      interface: 'input',
+      uiSchema: {
+        type: 'string',
+        title: '{{t("Role name")}}',
+        'x-component': 'Input',
+      },
+    },
+    {
+      type: 'boolean',
+      name: 'default',
+    },
+    {
+      type: 'string',
+      name: 'description',
+    },
+    {
+      type: 'json',
+      name: 'strategy',
+    },
+    {
+      type: 'boolean',
+      name: 'default',
+      defaultValue: false,
+    },
+    {
+      type: 'boolean',
+      name: 'hidden',
+      defaultValue: false,
+    },
+    {
+      type: 'boolean',
+      name: 'allowConfigure',
+    },
+    {
+      type: 'boolean',
+      name: 'allowNewMenu',
+    },
+    {
+      type: 'belongsToMany',
+      name: 'menuUiSchemas',
+      target: 'uiSchemas',
+      targetKey: 'x-uid',
+    },
+    {
+      type: 'hasMany',
+      name: 'resources',
+      target: 'rolesResources',
+      sourceKey: 'name',
+      targetKey: 'name',
+    },
+  ],
+} as CollectionOptions;

package/src/collections/rolesResources.ts

@@ -0,0 +1,31 @@
+import { CollectionOptions } from '@nocobase/database';
+
+export default {
+  name: 'rolesResources',
+  model: 'RoleResourceModel',
+  indexes: [
+    {
+      unique: true,
+      fields: ['roleName', 'name'],
+    },
+  ],
+  fields: [
+    {
+      type: 'belongsTo',
+      name: 'role',
+    },
+    {
+      type: 'string',
+      name: 'name',
+    },
+    {
+      type: 'boolean',
+      name: 'usingActionsConfig',
+    },
+    {
+      type: 'hasMany',
+      name: 'actions',
+      target: 'rolesResourcesActions',
+    },
+  ],
+} as CollectionOptions;

package/src/collections/rolesResourcesActions.ts

@@ -0,0 +1,28 @@
+import { CollectionOptions } from '@nocobase/database';
+
+export default {
+  name: 'rolesResourcesActions',
+  model: 'RoleResourceActionModel',
+  fields: [
+    {
+      type: 'belongsTo',
+      name: 'resource',
+      foreignKey: 'rolesResourceId',
+      target: 'rolesResources',
+    },
+    {
+      type: 'string',
+      name: 'name',
+    },
+    {
+      type: 'array',
+      name: 'fields',
+      defaultValue: [],
+    },
+    {
+      type: 'belongsTo',
+      name: 'scope',
+      target: 'rolesResourcesScopes',
+    },
+  ],
+} as CollectionOptions;

package/src/collections/rolesResourcesScopes.ts

@@ -0,0 +1,23 @@
+import { CollectionOptions } from '@nocobase/database';
+
+export default {
+  name: 'rolesResourcesScopes',
+  fields: [
+    {
+      type: 'uid',
+      name: 'key',
+    },
+    {
+      type: 'string',
+      name: 'name',
+    },
+    {
+      type: 'string',
+      name: 'resourceName',
+    },
+    {
+      type: 'json',
+      name: 'scope',
+    },
+  ],
+} as CollectionOptions;

package/src/index.ts

@@ -0,0 +1,2 @@
+export { default } from './server';
+