@nocobase/plugin-acl 0.7.0-alpha.3 → 0.7.0-alpha.30
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/esm/model/RoleResourceModel.js +6 -0
- package/esm/model/RoleResourceModel.js.map +1 -1
- package/lib/model/RoleResourceModel.js +6 -0
- package/lib/model/RoleResourceModel.js.map +1 -1
- package/package.json +5 -5
- package/src/__tests__/acl.test.ts +50 -0
- package/src/model/RoleResourceActionModel.ts +4 -2
- package/src/model/RoleResourceModel.ts +12 -4
- package/src/server.ts +5 -0
|
@@ -8,6 +8,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
8
8
|
});
|
|
9
9
|
};
|
|
10
10
|
import { Model } from '@nocobase/database';
|
|
11
|
+
import { ACLResource } from '@nocobase/acl';
|
|
11
12
|
export class RoleResourceModel extends Model {
|
|
12
13
|
revoke(options) {
|
|
13
14
|
return __awaiter(this, void 0, void 0, function* () {
|
|
@@ -36,6 +37,11 @@ export class RoleResourceModel extends Model {
|
|
|
36
37
|
if (this.usingActionsConfig === false) {
|
|
37
38
|
return;
|
|
38
39
|
}
|
|
40
|
+
const resource = new ACLResource({
|
|
41
|
+
role,
|
|
42
|
+
name: resourceName,
|
|
43
|
+
});
|
|
44
|
+
role.resources.set(resourceName, resource);
|
|
39
45
|
// @ts-ignore
|
|
40
46
|
const actions = yield this.getActions({
|
|
41
47
|
transaction: options.transaction,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"RoleResourceModel.js","sourceRoot":"","sources":["../../src/model/RoleResourceModel.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAAY,KAAK,EAAE,MAAM,oBAAoB,CAAC;
|
|
1
|
+
{"version":3,"file":"RoleResourceModel.js","sourceRoot":"","sources":["../../src/model/RoleResourceModel.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,EAAY,KAAK,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAO,WAAW,EAAW,MAAM,eAAe,CAAC;AAI1D,MAAM,OAAO,iBAAkB,SAAQ,KAAK;IACpC,MAAM,CAAC,OAA0E;;YACrF,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC;YACpD,IAAI,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;YAElC,MAAM,aAAa,GAAG,WAAW,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;YAElF,KAAK,MAAM,YAAY,IAAI,aAAa,EAAE;gBACxC,MAAM,oBAAoB,GAAG,CAAC,WAAW,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAC/F,CAAC,IAAI,EAAE,EAAE,CAAC,YAAY,KAAK,IAAI,CAChC,CAAC;gBAEF,WAAW,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,EAAE,oBAAoB,CAAC,CAAC;gBAC5E,IAAI,oBAAoB,CAAC,MAAM,IAAI,CAAC,EAAE;oBACpC,IAAI,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;iBACjC;aACF;YAED,WAAW,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;QAC5D,CAAC;KAAA;IAEK,UAAU,CAAC,OAKhB;;YACC,MAAM,EAAE,GAAG,EAAE,wBAAwB,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC;YAC/D,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAW,CAAC;YAChD,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,CAAW,CAAC;YAChD,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAEnC,0BAA0B;YAC1B,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC,CAAC;YAEvD,aAAa;YACb,IAAI,IAAI,CAAC,kBAAkB,KAAK,KAAK,EAAE;gBACrC,OAAO;aACR;YAED,MAAM,QAAQ,GAAG,IAAI,WAAW,CAAC;gBAC/B,IAAI;gBACJ,IAAI,EAAE,YAAY;aACnB,CAAC,CAAC;YAEH,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;YAE3C,aAAa;YACb,MAAM,OAAO,GAA8B,MAAM,IAAI,CAAC,UAAU,CAAC;gBAC/D,WAAW,EAAE,OAAO,CAAC,WAAW;aACjC,CAAC,CAAC;YAEH,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE;gBAC5B,MAAM,MAAM,CAAC,UAAU,CAAC;oBACtB,GAAG;oBACH,IAAI;oBACJ,YAAY;oBACZ,wBAAwB;oBACxB,WAAW,EAAE,OAAO,CAAC,WAAW;iBACjC,CAAC,CAAC;aACJ;QACH,CAAC;KAAA;CACF","sourcesContent":["import { Database, Model } from '@nocobase/database';\nimport { ACL, ACLResource, ACLRole } from '@nocobase/acl';\nimport { RoleResourceActionModel } from './RoleResourceActionModel';\nimport { AssociationFieldsActions, GrantHelper } from '../server';\n\nexport class RoleResourceModel extends Model {\n async revoke(options: { role: ACLRole; resourceName: string; grantHelper: GrantHelper }) {\n const { role, resourceName, grantHelper } = options;\n role.revokeResource(resourceName);\n\n const targetActions = grantHelper.resourceTargetActionMap.get(resourceName) || [];\n\n for (const targetAction of targetActions) {\n const targetActionResource = (grantHelper.targetActionResourceMap.get(targetAction) || []).filter(\n (item) => resourceName !== item,\n );\n\n grantHelper.targetActionResourceMap.set(targetAction, targetActionResource);\n if (targetActionResource.length == 0) {\n role.revokeAction(targetAction);\n }\n }\n\n grantHelper.resourceTargetActionMap.set(resourceName, []);\n }\n\n async writeToACL(options: {\n acl: ACL;\n associationFieldsActions: AssociationFieldsActions;\n grantHelper: GrantHelper;\n transaction: any;\n }) {\n const { acl, associationFieldsActions, grantHelper } = options;\n const resourceName = this.get('name') as string;\n const roleName = this.get('roleName') as string;\n const role = acl.getRole(roleName);\n\n // revoke resource of role\n await this.revoke({ role, resourceName, grantHelper });\n\n // @ts-ignore\n if (this.usingActionsConfig === false) {\n return;\n }\n\n const resource = new ACLResource({\n role,\n name: resourceName,\n });\n\n role.resources.set(resourceName, resource);\n\n // @ts-ignore\n const actions: RoleResourceActionModel[] = await this.getActions({\n transaction: options.transaction,\n });\n\n for (const action of actions) {\n await action.writeToACL({\n acl,\n role,\n resourceName,\n associationFieldsActions,\n grantHelper: options.grantHelper,\n });\n }\n }\n}\n"]}
|
|
@@ -11,6 +11,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
11
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
12
|
exports.RoleResourceModel = void 0;
|
|
13
13
|
const database_1 = require("@nocobase/database");
|
|
14
|
+
const acl_1 = require("@nocobase/acl");
|
|
14
15
|
class RoleResourceModel extends database_1.Model {
|
|
15
16
|
revoke(options) {
|
|
16
17
|
return __awaiter(this, void 0, void 0, function* () {
|
|
@@ -39,6 +40,11 @@ class RoleResourceModel extends database_1.Model {
|
|
|
39
40
|
if (this.usingActionsConfig === false) {
|
|
40
41
|
return;
|
|
41
42
|
}
|
|
43
|
+
const resource = new acl_1.ACLResource({
|
|
44
|
+
role,
|
|
45
|
+
name: resourceName,
|
|
46
|
+
});
|
|
47
|
+
role.resources.set(resourceName, resource);
|
|
42
48
|
// @ts-ignore
|
|
43
49
|
const actions = yield this.getActions({
|
|
44
50
|
transaction: options.transaction,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"RoleResourceModel.js","sourceRoot":"","sources":["../../src/model/RoleResourceModel.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,iDAAqD;
|
|
1
|
+
{"version":3,"file":"RoleResourceModel.js","sourceRoot":"","sources":["../../src/model/RoleResourceModel.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,iDAAqD;AACrD,uCAA0D;AAI1D,MAAa,iBAAkB,SAAQ,gBAAK;IACpC,MAAM,CAAC,OAA0E;;YACrF,MAAM,EAAE,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC;YACpD,IAAI,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;YAElC,MAAM,aAAa,GAAG,WAAW,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;YAElF,KAAK,MAAM,YAAY,IAAI,aAAa,EAAE;gBACxC,MAAM,oBAAoB,GAAG,CAAC,WAAW,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAC/F,CAAC,IAAI,EAAE,EAAE,CAAC,YAAY,KAAK,IAAI,CAChC,CAAC;gBAEF,WAAW,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,EAAE,oBAAoB,CAAC,CAAC;gBAC5E,IAAI,oBAAoB,CAAC,MAAM,IAAI,CAAC,EAAE;oBACpC,IAAI,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;iBACjC;aACF;YAED,WAAW,CAAC,uBAAuB,CAAC,GAAG,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;QAC5D,CAAC;KAAA;IAEK,UAAU,CAAC,OAKhB;;YACC,MAAM,EAAE,GAAG,EAAE,wBAAwB,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC;YAC/D,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAW,CAAC;YAChD,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,CAAW,CAAC;YAChD,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YAEnC,0BAA0B;YAC1B,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,CAAC,CAAC;YAEvD,aAAa;YACb,IAAI,IAAI,CAAC,kBAAkB,KAAK,KAAK,EAAE;gBACrC,OAAO;aACR;YAED,MAAM,QAAQ,GAAG,IAAI,iBAAW,CAAC;gBAC/B,IAAI;gBACJ,IAAI,EAAE,YAAY;aACnB,CAAC,CAAC;YAEH,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;YAE3C,aAAa;YACb,MAAM,OAAO,GAA8B,MAAM,IAAI,CAAC,UAAU,CAAC;gBAC/D,WAAW,EAAE,OAAO,CAAC,WAAW;aACjC,CAAC,CAAC;YAEH,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE;gBAC5B,MAAM,MAAM,CAAC,UAAU,CAAC;oBACtB,GAAG;oBACH,IAAI;oBACJ,YAAY;oBACZ,wBAAwB;oBACxB,WAAW,EAAE,OAAO,CAAC,WAAW;iBACjC,CAAC,CAAC;aACJ;QACH,CAAC;KAAA;CACF;AA9DD,8CA8DC","sourcesContent":["import { Database, Model } from '@nocobase/database';\nimport { ACL, ACLResource, ACLRole } from '@nocobase/acl';\nimport { RoleResourceActionModel } from './RoleResourceActionModel';\nimport { AssociationFieldsActions, GrantHelper } from '../server';\n\nexport class RoleResourceModel extends Model {\n async revoke(options: { role: ACLRole; resourceName: string; grantHelper: GrantHelper }) {\n const { role, resourceName, grantHelper } = options;\n role.revokeResource(resourceName);\n\n const targetActions = grantHelper.resourceTargetActionMap.get(resourceName) || [];\n\n for (const targetAction of targetActions) {\n const targetActionResource = (grantHelper.targetActionResourceMap.get(targetAction) || []).filter(\n (item) => resourceName !== item,\n );\n\n grantHelper.targetActionResourceMap.set(targetAction, targetActionResource);\n if (targetActionResource.length == 0) {\n role.revokeAction(targetAction);\n }\n }\n\n grantHelper.resourceTargetActionMap.set(resourceName, []);\n }\n\n async writeToACL(options: {\n acl: ACL;\n associationFieldsActions: AssociationFieldsActions;\n grantHelper: GrantHelper;\n transaction: any;\n }) {\n const { acl, associationFieldsActions, grantHelper } = options;\n const resourceName = this.get('name') as string;\n const roleName = this.get('roleName') as string;\n const role = acl.getRole(roleName);\n\n // revoke resource of role\n await this.revoke({ role, resourceName, grantHelper });\n\n // @ts-ignore\n if (this.usingActionsConfig === false) {\n return;\n }\n\n const resource = new ACLResource({\n role,\n name: resourceName,\n });\n\n role.resources.set(resourceName, resource);\n\n // @ts-ignore\n const actions: RoleResourceActionModel[] = await this.getActions({\n transaction: options.transaction,\n });\n\n for (const action of actions) {\n await action.writeToACL({\n acl,\n role,\n resourceName,\n associationFieldsActions,\n grantHelper: options.grantHelper,\n });\n }\n }\n}\n"]}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@nocobase/plugin-acl",
|
|
3
|
-
"version": "0.7.0-alpha.
|
|
3
|
+
"version": "0.7.0-alpha.30",
|
|
4
4
|
"description": "",
|
|
5
5
|
"license": "Apache-2.0",
|
|
6
6
|
"licenses": [
|
|
@@ -17,14 +17,14 @@
|
|
|
17
17
|
"build:esm": "tsc --project tsconfig.build.json --module es2015 --outDir esm"
|
|
18
18
|
},
|
|
19
19
|
"dependencies": {
|
|
20
|
-
"@nocobase/acl": "0.7.0-alpha.
|
|
21
|
-
"@nocobase/database": "0.7.0-alpha.
|
|
22
|
-
"@nocobase/server": "0.7.0-alpha.
|
|
20
|
+
"@nocobase/acl": "0.7.0-alpha.30",
|
|
21
|
+
"@nocobase/database": "0.7.0-alpha.30",
|
|
22
|
+
"@nocobase/server": "0.7.0-alpha.30"
|
|
23
23
|
},
|
|
24
24
|
"repository": {
|
|
25
25
|
"type": "git",
|
|
26
26
|
"url": "git+https://github.com/nocobase/nocobase.git",
|
|
27
27
|
"directory": "packages/plugins/acl"
|
|
28
28
|
},
|
|
29
|
-
"gitHead": "
|
|
29
|
+
"gitHead": "781fb0a999854341cd8c353d31ae5a11ecbbe775"
|
|
30
30
|
}
|
|
@@ -72,6 +72,56 @@ describe('acl', () => {
|
|
|
72
72
|
});
|
|
73
73
|
});
|
|
74
74
|
|
|
75
|
+
it('should deny when resource action has no resource', async () => {
|
|
76
|
+
const role = await db.getRepository('roles').create({
|
|
77
|
+
values: {
|
|
78
|
+
name: 'admin',
|
|
79
|
+
title: 'Admin User',
|
|
80
|
+
allowConfigure: true,
|
|
81
|
+
strategy: {
|
|
82
|
+
actions: ['update:own', 'destroy:own', 'create', 'view'],
|
|
83
|
+
},
|
|
84
|
+
},
|
|
85
|
+
});
|
|
86
|
+
|
|
87
|
+
changeMockRole('admin');
|
|
88
|
+
|
|
89
|
+
// create c1 collection
|
|
90
|
+
await db.getRepository('collections').create({
|
|
91
|
+
values: {
|
|
92
|
+
name: 'c1',
|
|
93
|
+
title: 'table1',
|
|
94
|
+
},
|
|
95
|
+
});
|
|
96
|
+
|
|
97
|
+
// create c2 collection
|
|
98
|
+
await db.getRepository('collections').create({
|
|
99
|
+
values: {
|
|
100
|
+
name: 'c2',
|
|
101
|
+
title: 'table2',
|
|
102
|
+
},
|
|
103
|
+
});
|
|
104
|
+
|
|
105
|
+
await app
|
|
106
|
+
.agent()
|
|
107
|
+
.resource('roles.resources', 'admin')
|
|
108
|
+
.create({
|
|
109
|
+
values: {
|
|
110
|
+
name: 'c1',
|
|
111
|
+
usingActionsConfig: true,
|
|
112
|
+
actions: [],
|
|
113
|
+
},
|
|
114
|
+
});
|
|
115
|
+
|
|
116
|
+
expect(
|
|
117
|
+
acl.can({
|
|
118
|
+
role: 'admin',
|
|
119
|
+
resource: 'c1',
|
|
120
|
+
action: 'list',
|
|
121
|
+
}),
|
|
122
|
+
).toBeNull();
|
|
123
|
+
});
|
|
124
|
+
|
|
75
125
|
it('should works with resources actions', async () => {
|
|
76
126
|
const role = await db.getRepository('roles').create({
|
|
77
127
|
values: {
|
|
@@ -51,6 +51,7 @@ export class RoleResourceActionModel extends Model {
|
|
|
51
51
|
const fieldTarget = collectionField.get('target');
|
|
52
52
|
|
|
53
53
|
if (fieldActions) {
|
|
54
|
+
// grant association actions to role
|
|
54
55
|
const associationActions = fieldActions.associationActions || [];
|
|
55
56
|
associationActions.forEach((associationAction) => {
|
|
56
57
|
const actionName = `${resourceName}.${fieldTarget}:${associationAction}`;
|
|
@@ -62,14 +63,15 @@ export class RoleResourceActionModel extends Model {
|
|
|
62
63
|
targetActions.forEach((targetAction) => {
|
|
63
64
|
const targetActionPath = `${fieldTarget}:${targetAction}`;
|
|
64
65
|
|
|
65
|
-
|
|
66
|
+
// set resource target action with current resourceName
|
|
67
|
+
grantHelper.resourceTargetActionMap.set(`${role.name}.${resourceName}`, [
|
|
66
68
|
...(grantHelper.resourceTargetActionMap.get(resourceName) || []),
|
|
67
69
|
targetActionPath,
|
|
68
70
|
]);
|
|
69
71
|
|
|
70
72
|
grantHelper.targetActionResourceMap.set(targetActionPath, [
|
|
71
73
|
...(grantHelper.targetActionResourceMap.get(targetActionPath) || []),
|
|
72
|
-
resourceName
|
|
74
|
+
`${role.name}.${resourceName}`,
|
|
73
75
|
]);
|
|
74
76
|
|
|
75
77
|
role.grantAction(targetActionPath);
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { Database, Model } from '@nocobase/database';
|
|
2
|
-
import { ACL, ACLRole } from '@nocobase/acl';
|
|
2
|
+
import { ACL, ACLResource, ACLRole } from '@nocobase/acl';
|
|
3
3
|
import { RoleResourceActionModel } from './RoleResourceActionModel';
|
|
4
4
|
import { AssociationFieldsActions, GrantHelper } from '../server';
|
|
5
5
|
|
|
@@ -8,20 +8,21 @@ export class RoleResourceModel extends Model {
|
|
|
8
8
|
const { role, resourceName, grantHelper } = options;
|
|
9
9
|
role.revokeResource(resourceName);
|
|
10
10
|
|
|
11
|
-
const targetActions = grantHelper.resourceTargetActionMap.get(resourceName) || [];
|
|
11
|
+
const targetActions = grantHelper.resourceTargetActionMap.get(`${role.name}.${resourceName}`) || [];
|
|
12
12
|
|
|
13
13
|
for (const targetAction of targetActions) {
|
|
14
14
|
const targetActionResource = (grantHelper.targetActionResourceMap.get(targetAction) || []).filter(
|
|
15
|
-
(item) => resourceName !== item,
|
|
15
|
+
(item) => `${role.name}.${resourceName}` !== item,
|
|
16
16
|
);
|
|
17
17
|
|
|
18
18
|
grantHelper.targetActionResourceMap.set(targetAction, targetActionResource);
|
|
19
|
+
|
|
19
20
|
if (targetActionResource.length == 0) {
|
|
20
21
|
role.revokeAction(targetAction);
|
|
21
22
|
}
|
|
22
23
|
}
|
|
23
24
|
|
|
24
|
-
grantHelper.resourceTargetActionMap.set(resourceName
|
|
25
|
+
grantHelper.resourceTargetActionMap.set(`${role.name}.${resourceName}`, []);
|
|
25
26
|
}
|
|
26
27
|
|
|
27
28
|
async writeToACL(options: {
|
|
@@ -43,6 +44,13 @@ export class RoleResourceModel extends Model {
|
|
|
43
44
|
return;
|
|
44
45
|
}
|
|
45
46
|
|
|
47
|
+
const resource = new ACLResource({
|
|
48
|
+
role,
|
|
49
|
+
name: resourceName,
|
|
50
|
+
});
|
|
51
|
+
|
|
52
|
+
role.resources.set(resourceName, resource);
|
|
53
|
+
|
|
46
54
|
// @ts-ignore
|
|
47
55
|
const actions: RoleResourceActionModel[] = await this.getActions({
|
|
48
56
|
transaction: options.transaction,
|
package/src/server.ts
CHANGED
|
@@ -30,6 +30,8 @@ export class GrantHelper {
|
|
|
30
30
|
}
|
|
31
31
|
|
|
32
32
|
export class PluginACL extends Plugin {
|
|
33
|
+
// association field actions config
|
|
34
|
+
|
|
33
35
|
associationFieldsActions: AssociationFieldsActions = {};
|
|
34
36
|
|
|
35
37
|
grantHelper = new GrantHelper();
|
|
@@ -43,6 +45,8 @@ export class PluginACL extends Plugin {
|
|
|
43
45
|
}
|
|
44
46
|
|
|
45
47
|
registerAssociationFieldsActions() {
|
|
48
|
+
// if grant create action to role, it should
|
|
49
|
+
// also grant add action and association target's view action
|
|
46
50
|
this.registerAssociationFieldAction('linkTo', {
|
|
47
51
|
view: {
|
|
48
52
|
associationActions: ['list', 'get'],
|
|
@@ -107,6 +111,7 @@ export class PluginACL extends Plugin {
|
|
|
107
111
|
const roles = (await this.app.db.getRepository('roles').find({
|
|
108
112
|
appends: ['resources', 'resources.actions'],
|
|
109
113
|
})) as RoleModel[];
|
|
114
|
+
|
|
110
115
|
for (const role of roles) {
|
|
111
116
|
role.writeToAcl({ acl: this.acl });
|
|
112
117
|
for (const resource of role.get('resources') as RoleResourceModel[]) {
|