@nocobase/plugin-acl 0.7.2-alpha.7 → 0.7.4-alpha.4

package/src/__tests__/own.test.ts

@@ -1,11 +1,9 @@
 import { ACL } from '@nocobase/acl';
 import { Database } from '@nocobase/database';
-import PluginACL from '@nocobase/plugin-acl';
-import PluginCollectionManager from '@nocobase/plugin-collection-manager';
-import PluginUiSchema from '@nocobase/plugin-ui-schema-storage';
 import PluginUser from '@nocobase/plugin-users';
-import { mockServer, MockServer } from '@nocobase/test';
-import supertest from 'supertest';
+import { MockServer } from '@nocobase/test';
+
+import { prepareApp } from './prepare';
 
 describe('own test', () => {
   let app: MockServer;
@@ -21,28 +19,15 @@ describe('own test', () => {
 
   let role;
   let agent;
+  let adminAgent;
+  let userAgent;
 
   afterEach(async () => {
     await app.destroy();
   });
 
   beforeEach(async () => {
-    app = mockServer({
-      registerActions: true,
-    });
-
-    await app.cleanDb();
-
-    app.plugin(PluginUiSchema);
-    app.plugin(PluginCollectionManager);
-    app.plugin(PluginUser, {
-      jwt: {
-        secret: process.env.APP_KEY || 'test-key',
-      },
-    });
-
-    app.plugin(PluginACL);
-    await app.loadAndInstall();
+    app = await prepareApp();
     db = app.db;
 
     const PostCollection = db.collection({
@@ -68,9 +53,9 @@ describe('own test', () => {
       fields: [{ type: 'string', name: 'name' }],
     });
 
-    await app.db.sync();
+    await db.sync();
 
-    agent = supertest.agent(app.callback());
+    agent = app.agent();
 
     acl = app.acl;
 
@@ -86,6 +71,8 @@ describe('own test', () => {
 
     adminToken = pluginUser.jwtService.sign({ userId: admin.get('id') });
 
+    adminAgent = app.agent().auth(adminToken, { type: 'bearer' });
+
     user = await db.getRepository('users').create({
       values: {
         nickname: 'test',
@@ -94,10 +81,12 @@ describe('own test', () => {
     });
 
     userToken = pluginUser.jwtService.sign({ userId: user.get('id') });
+
+    userAgent = app.agent().auth(userToken, { type: 'bearer' });
   });
 
   it('should list without createBy', async () => {
-    let response = await agent
+    await adminAgent
       .patch('/roles/admin')
       .send({
         strategy: {
@@ -106,33 +95,38 @@ describe('own test', () => {
       })
       .set({ Authorization: 'Bearer ' + adminToken });
 
-    response = await agent.get('/tests:list').set({ Authorization: 'Bearer ' + userToken });
+    const response = await userAgent.get('/tests:list');
     expect(response.statusCode).toEqual(200);
   });
 
   it('should delete with createdBy', async () => {
-    let response = await agent
-      .patch('/roles/admin')
-      .send({
-        strategy: {
-          actions: ['view:own', 'create', 'destroy:own'],
-        },
-      })
-      .set({ Authorization: 'Bearer ' + adminToken });
-
-    response = await agent
-      .get('/posts:create')
-      .send({
-        title: 't1',
-      })
-      .set({ Authorization: 'Bearer ' + userToken });
+    await adminAgent
+      .resource('roles')
+      .update({
+        filterByTk: 'admin',
+        values: {
+          strategy: {
+            actions: ['view:own', 'create', 'destroy:own'],
+          },
+        }
+      });
+
+    let response = await userAgent
+      .resource('posts')
+      .create({
+        values: {
+          title: 't1',
+        }
+      });
 
     expect(response.statusCode).toEqual(200);
 
     const data = response.body;
     const id = data.data['id'];
 
-    response = await agent.delete(`/posts/${id}`).set({ Authorization: 'Bearer ' + userToken });
+    response = await userAgent.resource('posts').destroy({
+      filterByTk: id
+    });
     expect(response.statusCode).toEqual(200);
     expect(await db.getRepository('posts').count()).toEqual(0);
   });

package/src/__tests__/prepare.ts

@@ -1,18 +1,10 @@
+import PluginUsers from '@nocobase/plugin-users';
 import PluginCollectionManager from '@nocobase/plugin-collection-manager';
 import PluginUiSchema from '@nocobase/plugin-ui-schema-storage';
 import { mockServer } from '@nocobase/test';
 import PluginACL from '../server';
 
-let mockRole: string = 'admin';
-let mockUser = {};
 
-export function changeMockRole(role: string) {
-  mockRole = role;
-}
-
-export function changeMockUser(user: any) {
-  mockUser = user;
-}
 
 export async function prepareApp() {
   const app = mockServer({
@@ -21,15 +13,10 @@ export async function prepareApp() {
 
   await app.cleanDb();
 
+  app.plugin(PluginUsers);
   app.plugin(PluginUiSchema);
   app.plugin(PluginCollectionManager);
 
-  app.resourcer.use(async (ctx, next) => {
-    ctx.state.currentRole = mockRole;
-    ctx.state.currentUser = mockUser;
-    await next();
-  });
-
   app.plugin(PluginACL);
   await app.loadAndInstall();
 

package/src/__tests__/role-check.test.ts

@@ -1,6 +1,8 @@
 import { MockServer } from '@nocobase/test';
-import { changeMockRole, changeMockUser, prepareApp } from './prepare';
 import { Database } from '@nocobase/database';
+import UsersPlugin from '@nocobase/plugin-users';
+
+import { prepareApp } from './prepare';
 
 describe('role check action', () => {
   let app: MockServer;
@@ -21,14 +23,18 @@ describe('role check action', () => {
         name: 'test',
       },
     });
-
-    changeMockUser({
-      id: 2,
+    const user = await db.getRepository('users').create({
+      values: {
+        roles: ['test']
+      }
     });
+    const userPlugin = app.getPlugin('@nocobase/plugin-users') as UsersPlugin;
+    const agent = app.agent().auth(userPlugin.jwtService.sign({
+      userId: user.get('id'),
+    }), { type: 'bearer' });
 
-    changeMockRole('test');
-
-    const response = await app.agent().get('/roles:check');
+    // @ts-ignore
+    const response = await agent.resource('roles').check();
 
     expect(response.statusCode).toEqual(200);
   });

package/src/__tests__/role-resource.test.ts

@@ -1,4 +1,5 @@
 import { Database, Model } from '@nocobase/database';
+import UsersPlugin from '@nocobase/plugin-users';
 import { CollectionRepository } from '@nocobase/plugin-collection-manager';
 import { MockServer } from '@nocobase/test';
 import { prepareApp } from './prepare';
@@ -7,6 +8,8 @@ describe('role resource api', () => {
   let app: MockServer;
   let db: Database;
   let role: Model;
+  let admin;
+  let adminAgent;
 
   afterEach(async () => {
     await app.destroy();
@@ -16,19 +19,23 @@ describe('role resource api', () => {
     app = await prepareApp();
     db = app.db;
 
-    await db.getRepository('roles').create({
-      values: {
-        name: 'admin',
-        title: 'Admin User',
-        allowConfigure: true,
-      },
-    });
-
     role = await db.getRepository('roles').findOne({
       filter: {
         name: 'admin',
       },
     });
+
+    const UserRepo = db.getCollection('users').repository;
+    admin = await UserRepo.create({
+      values: {
+        roles: ['admin']
+      }
+    });
+
+    const userPlugin = app.getPlugin('@nocobase/plugin-users') as UsersPlugin;
+    adminAgent = app.agent().auth(userPlugin.jwtService.sign({
+      userId: admin.get('id'),
+    }), { type: 'bearer' });
   });
 
   it('should grant resource by createRepository', async () => {
@@ -91,8 +98,7 @@ describe('role resource api', () => {
     });
 
     // get collections list
-    let response = await app
-      .agent()
+    let response = await adminAgent
       .resource('roles.collections', 'admin')
       .list({
         filter: {
@@ -119,8 +125,7 @@ describe('role resource api', () => {
     ]);
 
     // set resource actions
-    response = await app
-      .agent()
+    response = await adminAgent
       .resource('roles.resources', 'admin')
       .create({
         values: {
@@ -137,8 +142,7 @@ describe('role resource api', () => {
     expect(response.statusCode).toEqual(200);
 
     // get collections list
-    response = await app
-      .agent()
+    response = await adminAgent
       .resource('roles.collections')
       .list({
         associatedIndex: role.get('name') as string,
@@ -149,8 +153,7 @@ describe('role resource api', () => {
 
     expect(response.body.data[0]['usingConfig']).toEqual('resourceAction');
 
-    response = await app
-      .agent()
+    response = await adminAgent
       .resource('roles.resources')
       .list({
         associatedIndex: role.get('name') as string,
@@ -164,8 +167,7 @@ describe('role resource api', () => {
     expect(resourceAction['name']).toEqual('create');
 
     // update resource actions
-    response = await app
-      .agent()
+    response = await adminAgent
       .resource('roles.resources')
       .update({
         associatedIndex: role.get('name') as string,

package/src/__tests__/role-user.test.ts

@@ -0,0 +1,123 @@
+import Database, { BelongsToManyRepository } from '@nocobase/database';
+import PluginACL from '@nocobase/plugin-acl';
+import UsersPlugin from '@nocobase/plugin-users';
+import { MockServer, mockServer } from '@nocobase/test';
+
+describe('role', () => {
+  let api: MockServer;
+  let db: Database;
+
+  let usersPlugin: UsersPlugin;
+
+  beforeEach(async () => {
+    api = mockServer();
+    await api.cleanDb();
+    api.plugin(UsersPlugin);
+    api.plugin(PluginACL);
+    await api.loadAndInstall();
+
+    db = api.db;
+    usersPlugin = api.getPlugin('@nocobase/plugin-users');
+  });
+
+  afterEach(async () => {
+    await api.destroy();
+  });
+
+  it('should set default role', async () => {
+    await db.getRepository('roles').create({
+      values: {
+        name: 'test1',
+        title: 'Admin User',
+        allowConfigure: true,
+        default: true,
+      },
+    });
+
+    const user = await db.getRepository('users').create({});
+
+    // @ts-ignore
+    const roles = await user.getRoles();
+
+    expect(roles.length).toEqual(1);
+    expect(roles[0].get('name')).toEqual('test1');
+  });
+
+  it('should not add role when user has role', async () => {
+    await db.getRepository('roles').create({
+      values: {
+        name: 'test1',
+        default: true,
+      },
+    });
+
+    await db.getRepository('roles').create({
+      values: {
+        name: 'test2',
+      },
+    });
+
+    const user = await db.getRepository('users').create({
+      values: {
+        roles: [
+          {
+            name: 'test2',
+          },
+        ],
+      },
+    });
+
+    // @ts-ignore
+    const roles = await user.getRoles();
+
+    expect(roles.length).toEqual(1);
+    expect(roles[0].get('name')).toEqual('test2');
+  });
+
+  it('should set users default role', async () => {
+    await db.getRepository('roles').create({
+      values: {
+        name: 'test1',
+        title: 'Admin User',
+        allowConfigure: true,
+        default: true,
+      },
+    });
+
+    await db.getRepository('roles').create({
+      values: {
+        name: 'test2',
+        title: 'test2 user',
+        allowConfigure: true,
+      },
+    });
+
+    const user = await db.getRepository('users').create({
+      values: {
+        token: '123',
+      },
+    });
+
+    const userRolesRepo = db.getRepository<BelongsToManyRepository>('users.roles', user.get('id') as string);
+    await userRolesRepo.add('test1');
+    await userRolesRepo.add('test2');
+
+    const userToken = usersPlugin.jwtService.sign({ userId: user.get('id') });
+    const response = await api
+      .agent()
+      .post('/users:setDefaultRole')
+      .send({
+        roleName: 'test2',
+      })
+      .set({
+        Authorization: `Bearer ${userToken}`,
+      });
+
+    expect(response.statusCode).toEqual(200);
+
+    const userRoles = await userRolesRepo.find();
+    const defaultRole = userRoles.find((userRole) => userRole.get('rolesUsers').default);
+
+    expect(defaultRole['name']).toEqual('test2');
+  });
+});

package/src/__tests__/role.test.ts

@@ -1,6 +1,6 @@
 import { MockServer } from '@nocobase/test';
-import { CollectionRepository } from '@nocobase/plugin-collection-manager';
 import { Database, Model } from '@nocobase/database';
+import UsersPlugin from '@nocobase/plugin-users';
 
 import { prepareApp } from './prepare';
 
@@ -19,32 +19,37 @@ describe('role api', () => {
 
   describe('grant', () => {
     let role: Model;
+    let admin: Model;
+    let adminAgent;
 
     beforeEach(async () => {
-      await db.getRepository('roles').create({
-        values: {
-          name: 'admin',
-          title: 'Admin User',
-          allowConfigure: true,
-        },
-      });
-
       role = await db.getRepository('roles').findOne({
         filter: {
           name: 'admin',
         },
       });
+
+      const UserRepo = db.getCollection('users').repository;
+      admin = await UserRepo.create({
+        values: {
+          roles: ['admin']
+        }
+      });
+
+      const userPlugin = app.getPlugin('@nocobase/plugin-users') as UsersPlugin;
+      adminAgent = app.agent().auth(userPlugin.jwtService.sign({
+        userId: admin.get('id'),
+      }), { type: 'bearer' });
     });
 
     it('should list actions', async () => {
-      const response = await app.agent().resource('availableActions').list();
+      const response = await adminAgent.resource('availableActions').list();
       expect(response.statusCode).toEqual(200);
     });
 
     it('should grant universal role actions', async () => {
       // grant role actions
-      const response = await app
-        .agent()
+      const response = await adminAgent
         .resource('roles')
         .update({
           values: {

package/src/__tests__/scope.test.ts

@@ -1,11 +1,15 @@
 import { prepareApp } from './prepare';
 import { MockServer } from '@nocobase/test';
 import { Database } from '@nocobase/database';
+import UsersPlugin from '@nocobase/plugin-users';
 
 describe('scope api', () => {
   let app: MockServer;
   let db: Database;
 
+  let admin;
+  let adminAgent;
+
   afterEach(async () => {
     await app.destroy();
   });
@@ -13,18 +17,22 @@ describe('scope api', () => {
   beforeEach(async () => {
     app = await prepareApp();
     db = app.db;
-    await db.getRepository('roles').create({
+
+    const UserRepo = db.getCollection('users').repository;
+    admin = await UserRepo.create({
       values: {
-        name: 'admin',
-        title: 'Admin User',
-        allowConfigure: true,
-      },
+        roles: ['admin']
+      }
     });
+
+    const userPlugin = app.getPlugin('@nocobase/plugin-users') as UsersPlugin;
+    adminAgent = app.agent().auth(userPlugin.jwtService.sign({
+      userId: admin.get('id'),
+    }), { type: 'bearer' });
   });
 
   it('should create scope of resource', async () => {
-    const response = await app
-      .agent()
+    const response = await adminAgent
       .resource('rolesResourcesScopes')
       .create({
         values: {

package/src/__tests__/setCurrentRole.test.ts

@@ -0,0 +1,83 @@
+import Database from '@nocobase/database';
+import UsersPlugin from '@nocobase/plugin-users';
+import { MockServer } from '@nocobase/test';
+import { setCurrentRole } from '../middlewares/setCurrentRole';
+import { prepareApp } from './prepare';
+
+describe('role', () => {
+  let api: MockServer;
+  let db: Database;
+
+  let usersPlugin: UsersPlugin;
+  let ctx;
+
+  beforeEach(async () => {
+    api = await prepareApp();
+
+    db = api.db;
+    usersPlugin = api.getPlugin('@nocobase/plugin-users');
+
+    ctx = {
+      db,
+      state: {
+        currentRole: '',
+      }
+    }
+  });
+
+  afterEach(async () => {
+    await api.destroy();
+  });
+
+  it('should set role with X-Role when exists', async () => {
+    ctx.state.currentUser = await db.getRepository('users').findOne({
+      appends: ['roles'],
+    });
+    ctx.get = function(name) {
+      if (name === 'X-Role') {
+        return 'admin';
+      }
+    };
+    await setCurrentRole(ctx, () => {});
+    expect(ctx.state.currentRole).toBe('admin');
+  });
+
+  it('should set role with default', async () => {
+    ctx.state.currentUser = await db.getRepository('users').findOne({
+      appends: ['roles'],
+    });
+    ctx.get = function (name) {
+      if (name === 'X-Role') {
+        return '';
+      }
+    };
+    await setCurrentRole(ctx, () => {});
+    expect(ctx.state.currentRole).toBe('root');
+  });
+
+  it('should set role with default when x-role does not exist', async () => {
+    ctx.state.currentUser = await db.getRepository('users').findOne({
+      appends: ['roles'],
+    });
+    ctx.get = function (name) {
+      if (name === 'X-Role') {
+        return 'abc';
+      }
+    };
+    await setCurrentRole(ctx, () => {});
+    expect(ctx.state.currentRole).toBe('root');
+  });
+
+  it('should set role with anonymous', async () => {
+    ctx.state.currentUser = await db.getRepository('users').findOne({
+      appends: ['roles'],
+    });
+    ctx.get = function (name) {
+      if (name === 'X-Role') {
+        return 'anonymous';
+      }
+    };
+    await setCurrentRole(ctx, () => {});
+    expect(ctx.state.currentRole).toBe('anonymous');
+  });
+});

package/src/actions/user-setDefaultRole.ts

@@ -0,0 +1,45 @@
+import { Context, Next } from '@nocobase/actions';
+
+export async function setDefaultRole(ctx: Context, next: Next) {
+  const {
+    values: { roleName },
+  } = ctx.action.params;
+
+  const {
+    db,
+    state: { currentUser },
+    action: { params: { values } }
+  } = ctx;
+
+  if (values.roleName == 'anonymous') {
+    return next();
+  }
+
+  const repository = db.getRepository('rolesUsers');
+
+  await db.sequelize.transaction(async transaction => {
+    await repository.update({
+      filter: {
+        userId: currentUser.get('id'),
+      },
+      values: {
+        default: false,
+      },
+      transaction,
+    });
+    await repository.update({
+      filter: {
+        userId: currentUser.get('id'),
+        roleName,
+      },
+      values: {
+        default: true,
+      },
+      transaction,
+    });
+  });
+
+  ctx.body = 'ok';
+
+  await next();
+}

package/src/collections/roles-users.ts

@@ -0,0 +1,6 @@
+import { CollectionOptions } from '@nocobase/database';
+
+export default {
+  name: 'rolesUsers',
+  fields: [{ type: 'boolean', name: 'default' }],
+} as CollectionOptions;

package/src/collections/users.ts

@@ -0,0 +1,30 @@
+import { extend } from '@nocobase/database';
+
+export default extend({
+  name: 'users',
+  fields: [
+    {
+      interface: 'm2m',
+      type: 'belongsToMany',
+      name: 'roles',
+      target: 'roles',
+      foreignKey: 'userId',
+      otherKey: 'roleName',
+      sourceKey: 'id',
+      targetKey: 'name',
+      through: 'rolesUsers',
+      uiSchema: {
+        type: 'array',
+        title: '{{t("Roles")}}',
+        'x-component': 'RecordPicker',
+        'x-component-props': {
+          multiple: true,
+          fieldNames: {
+            label: 'title',
+            value: 'name',
+          },
+        },
+      },
+    }
+  ],
+});