@nocobase/plugin-acl 0.7.0-alpha.28 → 0.7.0-alpha.29

package/esm/model/RoleResourceModel.js

@@ -8,6 +8,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
     });
 };
 import { Model } from '@nocobase/database';
+import { ACLResource } from '@nocobase/acl';
 export class RoleResourceModel extends Model {
     revoke(options) {
         return __awaiter(this, void 0, void 0, function* () {
@@ -36,6 +37,11 @@ export class RoleResourceModel extends Model {
             if (this.usingActionsConfig === false) {
                 return;
             }
+            const resource = new ACLResource({
+                role,
+                name: resourceName,
+            });
+            role.resources.set(resourceName, resource);
             // @ts-ignore
             const actions = yield this.getActions({
                 transaction: options.transaction,

package/esm/model/RoleResourceModel.js.map

@@ -1 +1 @@
-{"version":3,"file":"RoleResourceModel.js","sourceRoot":"","sources":["../../src/model/RoleResourceModel.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAAY,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAKrD,MAAM,OAAO,iBAAkB,SAAQ,KAAK;IACpC,MAAM,CAAC,OAA0E;;YACrF,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC;YACpD,IAAI,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;YAElC,MAAM,aAAa,GAAG,WAAW,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;YAElF,KAAK,MAAM,YAAY,IAAI,aAAa,EAAE;gBACxC,MAAM,oBAAoB,GAAG,CAAC,WAAW,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAC/F,CAAC,IAAI,EAAE,EAAE,CAAC,YAAY,KAAK,IAAI,CAChC,CAAC;gBAEF,WAAW,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,EAAE,oBAAoB,CAAC,CAAC;gBAC5E,IAAI,oBAAoB,CAAC,MAAM,IAAI,CAAC,EAAE;oBACpC,IAAI,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;iBACjC;aACF;YAED,WAAW,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;QAC5D,CAAC;KAAA;IAEK,UAAU,CAAC,OAKhB;;YACC,MAAM,EAAE,GAAG,EAAE,wBAAwB,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC;YAC/D,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAW,CAAC;YAChD,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,CAAW,CAAC;YAChD,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAEnC,0BAA0B;YAC1B,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC,CAAC;YAEvD,aAAa;YACb,IAAI,IAAI,CAAC,kBAAkB,KAAK,KAAK,EAAE;gBACrC,OAAO;aACR;YAED,aAAa;YACb,MAAM,OAAO,GAA8B,MAAM,IAAI,CAAC,UAAU,CAAC;gBAC/D,WAAW,EAAE,OAAO,CAAC,WAAW;aACjC,CAAC,CAAC;YAEH,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE;gBAC5B,MAAM,MAAM,CAAC,UAAU,CAAC;oBACtB,GAAG;oBACH,IAAI;oBACJ,YAAY;oBACZ,wBAAwB;oBACxB,WAAW,EAAE,OAAO,CAAC,WAAW;iBACjC,CAAC,CAAC;aACJ;QACH,CAAC;KAAA;CACF","sourcesContent":["import { Database, Model } from '@nocobase/database';\nimport { ACL, ACLRole } from '@nocobase/acl';\nimport { RoleResourceActionModel } from './RoleResourceActionModel';\nimport { AssociationFieldsActions, GrantHelper } from '../server';\n\nexport class RoleResourceModel extends Model {\n  async revoke(options: { role: ACLRole; resourceName: string; grantHelper: GrantHelper }) {\n    const { role, resourceName, grantHelper } = options;\n    role.revokeResource(resourceName);\n\n    const targetActions = grantHelper.resourceTargetActionMap.get(resourceName) || [];\n\n    for (const targetAction of targetActions) {\n      const targetActionResource = (grantHelper.targetActionResourceMap.get(targetAction) || []).filter(\n        (item) => resourceName !== item,\n      );\n\n      grantHelper.targetActionResourceMap.set(targetAction, targetActionResource);\n      if (targetActionResource.length == 0) {\n        role.revokeAction(targetAction);\n      }\n    }\n\n    grantHelper.resourceTargetActionMap.set(resourceName, []);\n  }\n\n  async writeToACL(options: {\n    acl: ACL;\n    associationFieldsActions: AssociationFieldsActions;\n    grantHelper: GrantHelper;\n    transaction: any;\n  }) {\n    const { acl, associationFieldsActions, grantHelper } = options;\n    const resourceName = this.get('name') as string;\n    const roleName = this.get('roleName') as string;\n    const role = acl.getRole(roleName);\n\n    // revoke resource of role\n    await this.revoke({ role, resourceName, grantHelper });\n\n    // @ts-ignore\n    if (this.usingActionsConfig === false) {\n      return;\n    }\n\n    // @ts-ignore\n    const actions: RoleResourceActionModel[] = await this.getActions({\n      transaction: options.transaction,\n    });\n\n    for (const action of actions) {\n      await action.writeToACL({\n        acl,\n        role,\n        resourceName,\n        associationFieldsActions,\n        grantHelper: options.grantHelper,\n      });\n    }\n  }\n}\n"]}
+{"version":3,"file":"RoleResourceModel.js","sourceRoot":"","sources":["../../src/model/RoleResourceModel.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAAY,KAAK,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAO,WAAW,EAAW,MAAM,eAAe,CAAC;AAI1D,MAAM,OAAO,iBAAkB,SAAQ,KAAK;IACpC,MAAM,CAAC,OAA0E;;YACrF,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC;YACpD,IAAI,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;YAElC,MAAM,aAAa,GAAG,WAAW,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;YAElF,KAAK,MAAM,YAAY,IAAI,aAAa,EAAE;gBACxC,MAAM,oBAAoB,GAAG,CAAC,WAAW,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAC/F,CAAC,IAAI,EAAE,EAAE,CAAC,YAAY,KAAK,IAAI,CAChC,CAAC;gBAEF,WAAW,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,EAAE,oBAAoB,CAAC,CAAC;gBAC5E,IAAI,oBAAoB,CAAC,MAAM,IAAI,CAAC,EAAE;oBACpC,IAAI,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;iBACjC;aACF;YAED,WAAW,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;QAC5D,CAAC;KAAA;IAEK,UAAU,CAAC,OAKhB;;YACC,MAAM,EAAE,GAAG,EAAE,wBAAwB,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC;YAC/D,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAW,CAAC;YAChD,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,CAAW,CAAC;YAChD,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAEnC,0BAA0B;YAC1B,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC,CAAC;YAEvD,aAAa;YACb,IAAI,IAAI,CAAC,kBAAkB,KAAK,KAAK,EAAE;gBACrC,OAAO;aACR;YAED,MAAM,QAAQ,GAAG,IAAI,WAAW,CAAC;gBAC/B,IAAI;gBACJ,IAAI,EAAE,YAAY;aACnB,CAAC,CAAC;YAEH,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;YAE3C,aAAa;YACb,MAAM,OAAO,GAA8B,MAAM,IAAI,CAAC,UAAU,CAAC;gBAC/D,WAAW,EAAE,OAAO,CAAC,WAAW;aACjC,CAAC,CAAC;YAEH,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE;gBAC5B,MAAM,MAAM,CAAC,UAAU,CAAC;oBACtB,GAAG;oBACH,IAAI;oBACJ,YAAY;oBACZ,wBAAwB;oBACxB,WAAW,EAAE,OAAO,CAAC,WAAW;iBACjC,CAAC,CAAC;aACJ;QACH,CAAC;KAAA;CACF","sourcesContent":["import { Database, Model } from '@nocobase/database';\nimport { ACL, ACLResource, ACLRole } from '@nocobase/acl';\nimport { RoleResourceActionModel } from './RoleResourceActionModel';\nimport { AssociationFieldsActions, GrantHelper } from '../server';\n\nexport class RoleResourceModel extends Model {\n  async revoke(options: { role: ACLRole; resourceName: string; grantHelper: GrantHelper }) {\n    const { role, resourceName, grantHelper } = options;\n    role.revokeResource(resourceName);\n\n    const targetActions = grantHelper.resourceTargetActionMap.get(resourceName) || [];\n\n    for (const targetAction of targetActions) {\n      const targetActionResource = (grantHelper.targetActionResourceMap.get(targetAction) || []).filter(\n        (item) => resourceName !== item,\n      );\n\n      grantHelper.targetActionResourceMap.set(targetAction, targetActionResource);\n      if (targetActionResource.length == 0) {\n        role.revokeAction(targetAction);\n      }\n    }\n\n    grantHelper.resourceTargetActionMap.set(resourceName, []);\n  }\n\n  async writeToACL(options: {\n    acl: ACL;\n    associationFieldsActions: AssociationFieldsActions;\n    grantHelper: GrantHelper;\n    transaction: any;\n  }) {\n    const { acl, associationFieldsActions, grantHelper } = options;\n    const resourceName = this.get('name') as string;\n    const roleName = this.get('roleName') as string;\n    const role = acl.getRole(roleName);\n\n    // revoke resource of role\n    await this.revoke({ role, resourceName, grantHelper });\n\n    // @ts-ignore\n    if (this.usingActionsConfig === false) {\n      return;\n    }\n\n    const resource = new ACLResource({\n      role,\n      name: resourceName,\n    });\n\n    role.resources.set(resourceName, resource);\n\n    // @ts-ignore\n    const actions: RoleResourceActionModel[] = await this.getActions({\n      transaction: options.transaction,\n    });\n\n    for (const action of actions) {\n      await action.writeToACL({\n        acl,\n        role,\n        resourceName,\n        associationFieldsActions,\n        grantHelper: options.grantHelper,\n      });\n    }\n  }\n}\n"]}

package/lib/model/RoleResourceModel.js

@@ -11,6 +11,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.RoleResourceModel = void 0;
 const database_1 = require("@nocobase/database");
+const acl_1 = require("@nocobase/acl");
 class RoleResourceModel extends database_1.Model {
     revoke(options) {
         return __awaiter(this, void 0, void 0, function* () {
@@ -39,6 +40,11 @@ class RoleResourceModel extends database_1.Model {
             if (this.usingActionsConfig === false) {
                 return;
             }
+            const resource = new acl_1.ACLResource({
+                role,
+                name: resourceName,
+            });
+            role.resources.set(resourceName, resource);
             // @ts-ignore
             const actions = yield this.getActions({
                 transaction: options.transaction,

package/lib/model/RoleResourceModel.js.map

@@ -1 +1 @@
-{"version":3,"file":"RoleResourceModel.js","sourceRoot":"","sources":["../../src/model/RoleResourceModel.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,iDAAqD;AAKrD,MAAa,iBAAkB,SAAQ,gBAAK;IACpC,MAAM,CAAC,OAA0E;;YACrF,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC;YACpD,IAAI,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;YAElC,MAAM,aAAa,GAAG,WAAW,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;YAElF,KAAK,MAAM,YAAY,IAAI,aAAa,EAAE;gBACxC,MAAM,oBAAoB,GAAG,CAAC,WAAW,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAC/F,CAAC,IAAI,EAAE,EAAE,CAAC,YAAY,KAAK,IAAI,CAChC,CAAC;gBAEF,WAAW,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,EAAE,oBAAoB,CAAC,CAAC;gBAC5E,IAAI,oBAAoB,CAAC,MAAM,IAAI,CAAC,EAAE;oBACpC,IAAI,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;iBACjC;aACF;YAED,WAAW,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;QAC5D,CAAC;KAAA;IAEK,UAAU,CAAC,OAKhB;;YACC,MAAM,EAAE,GAAG,EAAE,wBAAwB,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC;YAC/D,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAW,CAAC;YAChD,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,CAAW,CAAC;YAChD,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAEnC,0BAA0B;YAC1B,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC,CAAC;YAEvD,aAAa;YACb,IAAI,IAAI,CAAC,kBAAkB,KAAK,KAAK,EAAE;gBACrC,OAAO;aACR;YAED,aAAa;YACb,MAAM,OAAO,GAA8B,MAAM,IAAI,CAAC,UAAU,CAAC;gBAC/D,WAAW,EAAE,OAAO,CAAC,WAAW;aACjC,CAAC,CAAC;YAEH,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE;gBAC5B,MAAM,MAAM,CAAC,UAAU,CAAC;oBACtB,GAAG;oBACH,IAAI;oBACJ,YAAY;oBACZ,wBAAwB;oBACxB,WAAW,EAAE,OAAO,CAAC,WAAW;iBACjC,CAAC,CAAC;aACJ;QACH,CAAC;KAAA;CACF;AAvDD,8CAuDC","sourcesContent":["import { Database, Model } from '@nocobase/database';\nimport { ACL, ACLRole } from '@nocobase/acl';\nimport { RoleResourceActionModel } from './RoleResourceActionModel';\nimport { AssociationFieldsActions, GrantHelper } from '../server';\n\nexport class RoleResourceModel extends Model {\n  async revoke(options: { role: ACLRole; resourceName: string; grantHelper: GrantHelper }) {\n    const { role, resourceName, grantHelper } = options;\n    role.revokeResource(resourceName);\n\n    const targetActions = grantHelper.resourceTargetActionMap.get(resourceName) || [];\n\n    for (const targetAction of targetActions) {\n      const targetActionResource = (grantHelper.targetActionResourceMap.get(targetAction) || []).filter(\n        (item) => resourceName !== item,\n      );\n\n      grantHelper.targetActionResourceMap.set(targetAction, targetActionResource);\n      if (targetActionResource.length == 0) {\n        role.revokeAction(targetAction);\n      }\n    }\n\n    grantHelper.resourceTargetActionMap.set(resourceName, []);\n  }\n\n  async writeToACL(options: {\n    acl: ACL;\n    associationFieldsActions: AssociationFieldsActions;\n    grantHelper: GrantHelper;\n    transaction: any;\n  }) {\n    const { acl, associationFieldsActions, grantHelper } = options;\n    const resourceName = this.get('name') as string;\n    const roleName = this.get('roleName') as string;\n    const role = acl.getRole(roleName);\n\n    // revoke resource of role\n    await this.revoke({ role, resourceName, grantHelper });\n\n    // @ts-ignore\n    if (this.usingActionsConfig === false) {\n      return;\n    }\n\n    // @ts-ignore\n    const actions: RoleResourceActionModel[] = await this.getActions({\n      transaction: options.transaction,\n    });\n\n    for (const action of actions) {\n      await action.writeToACL({\n        acl,\n        role,\n        resourceName,\n        associationFieldsActions,\n        grantHelper: options.grantHelper,\n      });\n    }\n  }\n}\n"]}
+{"version":3,"file":"RoleResourceModel.js","sourceRoot":"","sources":["../../src/model/RoleResourceModel.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,iDAAqD;AACrD,uCAA0D;AAI1D,MAAa,iBAAkB,SAAQ,gBAAK;IACpC,MAAM,CAAC,OAA0E;;YACrF,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC;YACpD,IAAI,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;YAElC,MAAM,aAAa,GAAG,WAAW,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;YAElF,KAAK,MAAM,YAAY,IAAI,aAAa,EAAE;gBACxC,MAAM,oBAAoB,GAAG,CAAC,WAAW,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAC/F,CAAC,IAAI,EAAE,EAAE,CAAC,YAAY,KAAK,IAAI,CAChC,CAAC;gBAEF,WAAW,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,EAAE,oBAAoB,CAAC,CAAC;gBAC5E,IAAI,oBAAoB,CAAC,MAAM,IAAI,CAAC,EAAE;oBACpC,IAAI,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;iBACjC;aACF;YAED,WAAW,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;QAC5D,CAAC;KAAA;IAEK,UAAU,CAAC,OAKhB;;YACC,MAAM,EAAE,GAAG,EAAE,wBAAwB,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC;YAC/D,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAW,CAAC;YAChD,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,CAAW,CAAC;YAChD,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAEnC,0BAA0B;YAC1B,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC,CAAC;YAEvD,aAAa;YACb,IAAI,IAAI,CAAC,kBAAkB,KAAK,KAAK,EAAE;gBACrC,OAAO;aACR;YAED,MAAM,QAAQ,GAAG,IAAI,iBAAW,CAAC;gBAC/B,IAAI;gBACJ,IAAI,EAAE,YAAY;aACnB,CAAC,CAAC;YAEH,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;YAE3C,aAAa;YACb,MAAM,OAAO,GAA8B,MAAM,IAAI,CAAC,UAAU,CAAC;gBAC/D,WAAW,EAAE,OAAO,CAAC,WAAW;aACjC,CAAC,CAAC;YAEH,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE;gBAC5B,MAAM,MAAM,CAAC,UAAU,CAAC;oBACtB,GAAG;oBACH,IAAI;oBACJ,YAAY;oBACZ,wBAAwB;oBACxB,WAAW,EAAE,OAAO,CAAC,WAAW;iBACjC,CAAC,CAAC;aACJ;QACH,CAAC;KAAA;CACF;AA9DD,8CA8DC","sourcesContent":["import { Database, Model } from '@nocobase/database';\nimport { ACL, ACLResource, ACLRole } from '@nocobase/acl';\nimport { RoleResourceActionModel } from './RoleResourceActionModel';\nimport { AssociationFieldsActions, GrantHelper } from '../server';\n\nexport class RoleResourceModel extends Model {\n  async revoke(options: { role: ACLRole; resourceName: string; grantHelper: GrantHelper }) {\n    const { role, resourceName, grantHelper } = options;\n    role.revokeResource(resourceName);\n\n    const targetActions = grantHelper.resourceTargetActionMap.get(resourceName) || [];\n\n    for (const targetAction of targetActions) {\n      const targetActionResource = (grantHelper.targetActionResourceMap.get(targetAction) || []).filter(\n        (item) => resourceName !== item,\n      );\n\n      grantHelper.targetActionResourceMap.set(targetAction, targetActionResource);\n      if (targetActionResource.length == 0) {\n        role.revokeAction(targetAction);\n      }\n    }\n\n    grantHelper.resourceTargetActionMap.set(resourceName, []);\n  }\n\n  async writeToACL(options: {\n    acl: ACL;\n    associationFieldsActions: AssociationFieldsActions;\n    grantHelper: GrantHelper;\n    transaction: any;\n  }) {\n    const { acl, associationFieldsActions, grantHelper } = options;\n    const resourceName = this.get('name') as string;\n    const roleName = this.get('roleName') as string;\n    const role = acl.getRole(roleName);\n\n    // revoke resource of role\n    await this.revoke({ role, resourceName, grantHelper });\n\n    // @ts-ignore\n    if (this.usingActionsConfig === false) {\n      return;\n    }\n\n    const resource = new ACLResource({\n      role,\n      name: resourceName,\n    });\n\n    role.resources.set(resourceName, resource);\n\n    // @ts-ignore\n    const actions: RoleResourceActionModel[] = await this.getActions({\n      transaction: options.transaction,\n    });\n\n    for (const action of actions) {\n      await action.writeToACL({\n        acl,\n        role,\n        resourceName,\n        associationFieldsActions,\n        grantHelper: options.grantHelper,\n      });\n    }\n  }\n}\n"]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nocobase/plugin-acl",
-  "version": "0.7.0-alpha.28",
+  "version": "0.7.0-alpha.29",
   "description": "",
   "license": "Apache-2.0",
   "licenses": [
@@ -17,14 +17,14 @@
     "build:esm": "tsc --project tsconfig.build.json --module es2015 --outDir esm"
   },
   "dependencies": {
-    "@nocobase/acl": "0.7.0-alpha.28",
-    "@nocobase/database": "0.7.0-alpha.28",
-    "@nocobase/server": "0.7.0-alpha.28"
+    "@nocobase/acl": "0.7.0-alpha.29",
+    "@nocobase/database": "0.7.0-alpha.29",
+    "@nocobase/server": "0.7.0-alpha.29"
   },
   "repository": {
     "type": "git",
     "url": "git+https://github.com/nocobase/nocobase.git",
     "directory": "packages/plugins/acl"
   },
-  "gitHead": "a48d00492ebc34c66c63d9644530c5b8a7c9914a"
+  "gitHead": "46e660b10d1cf94ecb808a9a45edb5e8d40398dc"
 }

package/src/__tests__/acl.test.ts

@@ -72,6 +72,56 @@ describe('acl', () => {
     });
   });
 
+  it('should deny when resource action has no resource', async () => {
+    const role = await db.getRepository('roles').create({
+      values: {
+        name: 'admin',
+        title: 'Admin User',
+        allowConfigure: true,
+        strategy: {
+          actions: ['update:own', 'destroy:own', 'create', 'view'],
+        },
+      },
+    });
+
+    changeMockRole('admin');
+
+    // create c1 collection
+    await db.getRepository('collections').create({
+      values: {
+        name: 'c1',
+        title: 'table1',
+      },
+    });
+
+    // create c2 collection
+    await db.getRepository('collections').create({
+      values: {
+        name: 'c2',
+        title: 'table2',
+      },
+    });
+
+    await app
+      .agent()
+      .resource('roles.resources', 'admin')
+      .create({
+        values: {
+          name: 'c1',
+          usingActionsConfig: true,
+          actions: [],
+        },
+      });
+
+    expect(
+      acl.can({
+        role: 'admin',
+        resource: 'c1',
+        action: 'list',
+      }),
+    ).toBeNull();
+  });
+
   it('should works with resources actions', async () => {
     const role = await db.getRepository('roles').create({
       values: {

package/src/model/RoleResourceModel.ts

@@ -1,5 +1,5 @@
 import { Database, Model } from '@nocobase/database';
-import { ACL, ACLRole } from '@nocobase/acl';
+import { ACL, ACLResource, ACLRole } from '@nocobase/acl';
 import { RoleResourceActionModel } from './RoleResourceActionModel';
 import { AssociationFieldsActions, GrantHelper } from '../server';
 
@@ -43,6 +43,13 @@ export class RoleResourceModel extends Model {
       return;
     }
 
+    const resource = new ACLResource({
+      role,
+      name: resourceName,
+    });
+
+    role.resources.set(resourceName, resource);
+
     // @ts-ignore
     const actions: RoleResourceActionModel[] = await this.getActions({
       transaction: options.transaction,