@nocobase/plugin-acl 0.7.2-alpha.7 → 0.7.4-alpha.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (27) hide show
  1. package/lib/actions/user-setDefaultRole.d.ts +2 -0
  2. package/lib/actions/user-setDefaultRole.js +59 -0
  3. package/lib/collections/roles-users.d.ts +3 -0
  4. package/lib/collections/roles-users.js +14 -0
  5. package/lib/collections/users.d.ts +6 -0
  6. package/lib/collections/users.js +45 -0
  7. package/lib/middlewares/setCurrentRole.d.ts +1 -0
  8. package/lib/middlewares/setCurrentRole.js +57 -0
  9. package/lib/server.js +95 -36
  10. package/package.json +6 -5
  11. package/src/__tests__/acl.test.ts +87 -110
  12. package/src/__tests__/association-field.test.ts +108 -97
  13. package/src/__tests__/configuration.test.ts +51 -22
  14. package/src/__tests__/middleware.test.ts +28 -33
  15. package/src/__tests__/own.test.ts +35 -41
  16. package/src/__tests__/prepare.ts +2 -15
  17. package/src/__tests__/role-check.test.ts +13 -7
  18. package/src/__tests__/role-resource.test.ts +20 -18
  19. package/src/__tests__/role-user.test.ts +123 -0
  20. package/src/__tests__/role.test.ts +17 -12
  21. package/src/__tests__/scope.test.ts +15 -7
  22. package/src/__tests__/setCurrentRole.test.ts +83 -0
  23. package/src/actions/user-setDefaultRole.ts +45 -0
  24. package/src/collections/roles-users.ts +6 -0
  25. package/src/collections/users.ts +30 -0
  26. package/src/middlewares/setCurrentRole.ts +32 -0
  27. package/src/server.ts +43 -1
package/src/__tests__/association-field.test.ts CHANGED
@@ -1,5 +1,6 @@
1
1
  import { ACL } from '@nocobase/acl';
2
- import { Database, HasManyRepository, Model } from '@nocobase/database';
2
+ import { Database, HasManyRepository } from '@nocobase/database';
3
+ import UsersPlugin from '@nocobase/plugin-users';
3
4
  import { MockServer } from '@nocobase/test';
4
5
  import { prepareApp } from './prepare';
5
6
 
@@ -8,7 +9,10 @@ describe('association field acl', () => {
8
9
  let db: Database;
9
10
  let acl: ACL;
10
11
 
11
- let role: Model;
12
+ let user;
13
+ let userAgent;
14
+ let admin;
15
+ let adminAgent;
12
16
 
13
17
  afterEach(async () => {
14
18
  await app.destroy();
@@ -19,20 +23,44 @@ describe('association field acl', () => {
19
23
  db = app.db;
20
24
  acl = app.acl;
21
25
 
22
- role = await db.getRepository('roles').create({
26
+ await db.getRepository('roles').create({
23
27
  values: {
24
- name: 'admin',
25
- title: 'Admin User',
28
+ name: 'new',
26
29
  allowConfigure: true,
27
30
  },
28
31
  });
29
32
 
30
- await db.getRepository('collections').create({
33
+ await db.getRepository('roles').create({
31
34
  values: {
32
- name: 'users',
35
+ name: 'testAdmin',
36
+ allowConfigure: true,
33
37
  },
34
- context: {},
35
38
  });
39
+ const UserRepo = db.getCollection('users').repository;
40
+ user = await UserRepo.create({
41
+ values: {
42
+ roles: ['new'],
43
+ },
44
+ });
45
+ admin = await UserRepo.create({
46
+ values: {
47
+ roles: ['testAdmin'],
48
+ },
49
+ });
50
+
51
+ const userPlugin = app.getPlugin('@nocobase/plugin-users') as UsersPlugin;
52
+ userAgent = app.agent().auth(
53
+ userPlugin.jwtService.sign({
54
+ userId: user.get('id'),
55
+ }),
56
+ { type: 'bearer' },
57
+ );
58
+ adminAgent = app.agent().auth(
59
+ userPlugin.jwtService.sign({
60
+ userId: admin.get('id'),
61
+ }),
62
+ { type: 'bearer' },
63
+ );
36
64
 
37
65
  await db.getRepository('collections').create({
38
66
  values: {
@@ -75,56 +103,48 @@ describe('association field acl', () => {
75
103
  context: {},
76
104
  });
77
105
 
78
- await app
79
- .agent()
80
- .resource('roles.resources')
81
- .create({
82
- associatedIndex: 'admin',
83
- values: {
84
- name: 'users',
85
- usingActionsConfig: true,
86
- actions: [
87
- {
88
- name: 'create',
89
- fields: ['orders'],
90
- },
91
- {
92
- name: 'view',
93
- fields: ['orders'],
94
- },
95
- ],
96
- },
97
- });
106
+ await adminAgent.resource('roles.resources', 'new').create({
107
+ values: {
108
+ name: 'users',
109
+ usingActionsConfig: true,
110
+ actions: [
111
+ {
112
+ name: 'create',
113
+ fields: ['orders'],
114
+ },
115
+ {
116
+ name: 'view',
117
+ fields: ['orders'],
118
+ },
119
+ ],
120
+ },
121
+ });
98
122
  });
99
123
 
100
124
  it('should revoke target action on association action revoke', async () => {
101
125
  expect(
102
126
  acl.can({
103
- role: 'admin',
127
+ role: 'new',
104
128
  resource: 'orders',
105
129
  action: 'list',
106
130
  }),
107
131
  ).toMatchObject({
108
- role: 'admin',
132
+ role: 'new',
109
133
  resource: 'orders',
110
134
  action: 'list',
111
135
  });
112
136
 
113
- await app
114
- .agent()
115
- .resource('roles.resources')
116
- .update({
117
- associatedIndex: 'admin',
118
- values: {
119
- name: 'users',
120
- usingActionsConfig: true,
121
- actions: [],
122
- },
123
- });
137
+ await adminAgent.resource('roles.resources', 'new').update({
138
+ values: {
139
+ name: 'users',
140
+ usingActionsConfig: true,
141
+ actions: [],
142
+ },
143
+ });
124
144
 
125
145
  expect(
126
146
  acl.can({
127
- role: 'admin',
147
+ role: 'new',
128
148
  resource: 'orders',
129
149
  action: 'list',
130
150
  }),
@@ -134,12 +154,12 @@ describe('association field acl', () => {
134
154
  it('should revoke association action on action revoke', async () => {
135
155
  expect(
136
156
  acl.can({
137
- role: 'admin',
157
+ role: 'new',
138
158
  resource: 'users.orders',
139
159
  action: 'add',
140
160
  }),
141
161
  ).toMatchObject({
142
- role: 'admin',
162
+ role: 'new',
143
163
  resource: 'users.orders',
144
164
  action: 'add',
145
165
  });
@@ -152,27 +172,23 @@ describe('association field acl', () => {
152
172
 
153
173
  const actionId = viewAction.get('id') as number;
154
174
 
155
- const response = await app
156
- .agent()
157
- .resource('roles.resources')
158
- .update({
159
- associatedIndex: 'admin',
160
- values: {
161
- name: 'users',
162
- usingActionsConfig: true,
163
- actions: [
164
- {
165
- id: actionId,
166
- },
167
- ],
168
- },
169
- });
175
+ const response = await adminAgent.resource('roles.resources', 'new').update({
176
+ values: {
177
+ name: 'users',
178
+ usingActionsConfig: true,
179
+ actions: [
180
+ {
181
+ id: actionId,
182
+ },
183
+ ],
184
+ },
185
+ });
170
186
 
171
187
  expect(response.statusCode).toEqual(200);
172
188
 
173
189
  expect(
174
190
  acl.can({
175
- role: 'admin',
191
+ role: 'new',
176
192
  resource: 'users.orders',
177
193
  action: 'add',
178
194
  }),
@@ -180,30 +196,26 @@ describe('association field acl', () => {
180
196
  });
181
197
 
182
198
  it('should revoke association action on field deleted', async () => {
183
- await app
184
- .agent()
185
- .resource('roles.resources')
186
- .update({
187
- associatedIndex: 'admin',
188
- values: {
189
- name: 'users',
190
- usingActionsConfig: true,
191
- actions: [
192
- {
193
- name: 'create',
194
- fields: ['name', 'age'],
195
- },
196
- ],
197
- },
198
- });
199
+ await adminAgent.resource('roles.resources', 'new').update({
200
+ values: {
201
+ name: 'users',
202
+ usingActionsConfig: true,
203
+ actions: [
204
+ {
205
+ name: 'create',
206
+ fields: ['name', 'age'],
207
+ },
208
+ ],
209
+ },
210
+ });
199
211
  expect(
200
212
  acl.can({
201
- role: 'admin',
213
+ role: 'new',
202
214
  resource: 'users',
203
215
  action: 'create',
204
216
  }),
205
217
  ).toMatchObject({
206
- role: 'admin',
218
+ role: 'new',
207
219
  resource: 'users',
208
220
  action: 'create',
209
221
  params: {
@@ -236,12 +248,12 @@ describe('association field acl', () => {
236
248
 
237
249
  expect(
238
250
  acl.can({
239
- role: 'admin',
251
+ role: 'new',
240
252
  resource: 'users',
241
253
  action: 'create',
242
254
  }),
243
255
  ).toMatchObject({
244
- role: 'admin',
256
+ role: 'new',
245
257
  resource: 'users',
246
258
  action: 'create',
247
259
  params: {
@@ -251,45 +263,44 @@ describe('association field acl', () => {
251
263
  });
252
264
 
253
265
  it('should allow association fields access', async () => {
254
- const createResponse = await app
255
- .agent()
256
- .resource('users')
257
- .create({
258
- values: {
259
- orders: [
260
- {
261
- content: 'apple',
262
- },
263
- ],
264
- },
265
- });
266
+ const createResponse = await userAgent.resource('users').create({
267
+ values: {
268
+ orders: [
269
+ {
270
+ content: 'apple',
271
+ },
272
+ ],
273
+ },
274
+ });
266
275
 
267
276
  expect(createResponse.statusCode).toEqual(200);
268
277
 
269
- const user = await db.getRepository('users').findOne();
278
+ const user = await db.getRepository('users').findOne({
279
+ filterByTk: createResponse.body.data.id,
280
+ });
270
281
  // @ts-ignore
271
282
  expect(await user.countOrders()).toEqual(1);
272
283
 
273
284
  expect(
274
285
  acl.can({
275
- role: 'admin',
286
+ role: 'new',
276
287
  resource: 'users.orders',
277
288
  action: 'list',
278
289
  }),
279
290
  ).toMatchObject({
280
- role: 'admin',
291
+ role: 'new',
281
292
  resource: 'users.orders',
282
293
  action: 'list',
283
294
  });
284
295
 
285
296
  expect(
286
297
  acl.can({
287
- role: 'admin',
298
+ role: 'new',
288
299
  resource: 'orders',
289
300
  action: 'list',
290
301
  }),
291
302
  ).toMatchObject({
292
- role: 'admin',
303
+ role: 'new',
293
304
  resource: 'orders',
294
305
  action: 'list',
295
306
  });
package/src/__tests__/configuration.test.ts CHANGED
@@ -1,15 +1,16 @@
1
- import { MockServer } from '@nocobase/test';
2
1
  import { Database } from '@nocobase/database';
3
- import { ACL } from '@nocobase/acl';
4
- import { UiSchemaRepository } from '@nocobase/plugin-ui-schema-storage';
5
- import { changeMockRole, prepareApp } from './prepare';
2
+ import UsersPlugin from '@nocobase/plugin-users';
3
+ import { MockServer } from '@nocobase/test';
4
+ import { prepareApp } from './prepare';
6
5
 
7
6
  describe('configuration', () => {
8
7
  let app: MockServer;
9
8
  let db: Database;
10
- let acl: ACL;
11
-
12
- let uiSchemaRepository: UiSchemaRepository;
9
+ let admin;
10
+ let adminAgent;
11
+ let user;
12
+ let userAgent;
13
+ let guestAgent;
13
14
 
14
15
  afterEach(async () => {
15
16
  await app.destroy();
@@ -18,28 +19,56 @@ describe('configuration', () => {
18
19
  beforeEach(async () => {
19
20
  app = await prepareApp();
20
21
  db = app.db;
21
- acl = app.acl;
22
-
23
- uiSchemaRepository = db.getRepository('uiSchemas');
24
- });
25
-
26
- it('should list collections', async () => {
27
- expect((await app.agent().resource('collections').create()).statusCode).toEqual(403);
28
- expect((await app.agent().resource('collections').list()).statusCode).toEqual(200);
29
- });
30
22
 
31
- it('should allow when role has allowConfigure with true value', async () => {
32
23
  await db.getRepository('roles').create({
33
24
  values: {
34
- name: 'admin1',
35
- title: 'admin allowConfigure',
25
+ name: 'test1',
36
26
  allowConfigure: true,
37
27
  },
38
28
  });
39
29
 
40
- changeMockRole('admin1');
30
+ await db.getRepository('roles').create({
31
+ values: {
32
+ name: 'test2',
33
+ },
34
+ });
35
+
36
+ const UserRepo = db.getCollection('users').repository;
37
+ admin = await UserRepo.create({
38
+ values: {
39
+ roles: ['test1']
40
+ }
41
+ });
42
+ user = await UserRepo.create({
43
+ values: {
44
+ roles: ['test2']
45
+ }
46
+ });
47
+
48
+ const userPlugin = app.getPlugin('@nocobase/plugin-users') as UsersPlugin;
49
+ adminAgent = app.agent().auth(userPlugin.jwtService.sign({
50
+ userId: admin.get('id'),
51
+ }), { type: 'bearer' });
52
+
53
+ userAgent = app.agent().auth(userPlugin.jwtService.sign({
54
+ userId: user.get('id'),
55
+ }), { type: 'bearer' });
56
+
57
+ guestAgent = app.agent();
58
+ });
59
+
60
+ it('should list collections', async () => {
61
+ expect((await userAgent.resource('collections').create()).statusCode).toEqual(403);
62
+ expect((await userAgent.resource('collections').list()).statusCode).toEqual(200);
63
+ });
41
64
 
42
- expect((await app.agent().resource('collections').create()).statusCode).toEqual(200);
43
- expect((await app.agent().resource('collections').list()).statusCode).toEqual(200);
65
+ it('should not create/list collections', async () => {
66
+ expect((await guestAgent.resource('collections').create()).statusCode).toEqual(403);
67
+ expect((await guestAgent.resource('collections').list()).statusCode).toEqual(403);
68
+ });
69
+
70
+ it('should allow when role has allowConfigure with true value', async () => {
71
+ expect((await adminAgent.resource('collections').create()).statusCode).toEqual(200);
72
+ expect((await adminAgent.resource('collections').list()).statusCode).toEqual(200);
44
73
  });
45
74
  });
package/src/__tests__/middleware.test.ts CHANGED
@@ -1,33 +1,40 @@
1
1
  import { ACL } from '@nocobase/acl';
2
2
  import { Database, Model } from '@nocobase/database';
3
3
  import { MockServer } from '@nocobase/test';
4
- import { changeMockUser, prepareApp } from './prepare';
4
+ import UsersPlugin from '@nocobase/plugin-users';
5
+ import { prepareApp } from './prepare';
5
6
 
6
7
  describe('middleware', () => {
7
8
  let app: MockServer;
8
9
  let role: Model;
9
10
  let db: Database;
10
11
  let acl: ACL;
12
+ let admin;
13
+ let adminAgent;
11
14
 
12
15
  beforeEach(async () => {
13
16
  app = await prepareApp();
14
17
  db = app.db;
15
18
  acl = app.acl;
16
19
 
17
- await db.getRepository('roles').create({
18
- values: {
19
- name: 'admin',
20
- title: 'Admin User',
21
- allowConfigure: true,
22
- },
23
- });
24
-
25
20
  role = await db.getRepository('roles').findOne({
26
21
  filter: {
27
22
  name: 'admin',
28
23
  },
29
24
  });
30
25
 
26
+ const UserRepo = db.getCollection('users').repository;
27
+ admin = await UserRepo.create({
28
+ values: {
29
+ roles: ['admin']
30
+ }
31
+ });
32
+
33
+ const userPlugin = app.getPlugin('@nocobase/plugin-users') as UsersPlugin;
34
+ adminAgent = app.agent().auth(userPlugin.jwtService.sign({
35
+ userId: admin.get('id'),
36
+ }), { type: 'bearer' });
37
+
31
38
  await db.getRepository('collections').create({
32
39
  values: {
33
40
  name: 'posts',
@@ -82,7 +89,7 @@ describe('middleware', () => {
82
89
  },
83
90
  });
84
91
 
85
- const response = await app.agent().resource('posts').create({
92
+ const response = await adminAgent.resource('posts').create({
86
93
  values: {},
87
94
  });
88
95
 
@@ -90,8 +97,7 @@ describe('middleware', () => {
90
97
  });
91
98
 
92
99
  it('should limit fields on view actions', async () => {
93
- await app
94
- .agent()
100
+ await adminAgent
95
101
  .resource('roles.resources', role.get('name'))
96
102
  .create({
97
103
  values: {
@@ -110,8 +116,7 @@ describe('middleware', () => {
110
116
  },
111
117
  });
112
118
 
113
- await app
114
- .agent()
119
+ await adminAgent
115
120
  .resource('posts')
116
121
  .create({
117
122
  values: {
@@ -124,10 +129,10 @@ describe('middleware', () => {
124
129
  expect(post.get('title')).toEqual('post-title');
125
130
  expect(post.get('description')).toEqual('post-description');
126
131
 
127
- const response = await app.agent().resource('posts').list({});
132
+ const response = await adminAgent.resource('posts').list({});
128
133
  expect(response.statusCode).toEqual(200);
129
134
 
130
- const data = response.body.data[0];
135
+ const [data] = response.body.data;
131
136
 
132
137
  expect(data['id']).not.toBeUndefined();
133
138
  expect(data['title']).toEqual('post-title');
@@ -135,12 +140,7 @@ describe('middleware', () => {
135
140
  });
136
141
 
137
142
  it('should parse template value on action params', async () => {
138
- changeMockUser({
139
- id: 2,
140
- });
141
-
142
- const res = await app
143
- .agent()
143
+ const res = await adminAgent
144
144
  .resource('rolesResourcesScopes')
145
145
  .create({
146
146
  values: {
@@ -151,8 +151,7 @@ describe('middleware', () => {
151
151
  },
152
152
  });
153
153
 
154
- await app
155
- .agent()
154
+ await adminAgent
156
155
  .resource('roles.resources', role.get('name'))
157
156
  .create({
158
157
  values: {
@@ -172,8 +171,7 @@ describe('middleware', () => {
172
171
  },
173
172
  });
174
173
 
175
- await app
176
- .agent()
174
+ await adminAgent
177
175
  .resource('posts')
178
176
  .create({
179
177
  values: {
@@ -183,8 +181,7 @@ describe('middleware', () => {
183
181
  },
184
182
  });
185
183
 
186
- await app
187
- .agent()
184
+ await adminAgent
188
185
  .resource('posts')
189
186
  .create({
190
187
  values: {
@@ -194,14 +191,13 @@ describe('middleware', () => {
194
191
  },
195
192
  });
196
193
 
197
- const response = await app.agent().resource('posts').list();
194
+ const response = await adminAgent.resource('posts').list();
198
195
  const data = response.body.data;
199
196
  expect(data.length).toEqual(1);
200
197
  });
201
198
 
202
199
  it('should change fields params to whitelist in create action', async () => {
203
- await app
204
- .agent()
200
+ await adminAgent
205
201
  .resource('roles.resources', role.get('name'))
206
202
  .create({
207
203
  values: {
@@ -216,8 +212,7 @@ describe('middleware', () => {
216
212
  },
217
213
  });
218
214
 
219
- await app
220
- .agent()
215
+ await adminAgent
221
216
  .resource('posts')
222
217
  .create({
223
218
  values: {