@nocobase/plugin-acl 0.8.1-alpha.3 → 0.9.0-alpha.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +661 -201
- package/lib/actions/role-check.js +2 -0
- package/lib/actions/role-collections.js +39 -12
- package/lib/collections/roles.js +4 -0
- package/lib/collections/rolesResourcesActions.js +2 -1
- package/lib/collections/users.js +1 -0
- package/lib/migrations/20221214072638-set-role-snippets.d.ts +5 -0
- package/lib/migrations/20221214072638-set-role-snippets.js +49 -0
- package/lib/model/RoleModel.js +1 -0
- package/lib/model/RoleResourceActionModel.js +9 -3
- package/lib/server.js +393 -28
- package/package.json +7 -13
- package/src/__tests__/acl.test.ts +0 -548
- package/src/__tests__/association-field.test.ts +0 -308
- package/src/__tests__/configuration.test.ts +0 -74
- package/src/__tests__/middleware.test.ts +0 -228
- package/src/__tests__/own.test.ts +0 -133
- package/src/__tests__/prepare.ts +0 -20
- package/src/__tests__/role-check.test.ts +0 -41
- package/src/__tests__/role-resource.test.ts +0 -189
- package/src/__tests__/role-user.test.ts +0 -123
- package/src/__tests__/role.test.ts +0 -99
- package/src/__tests__/scope.test.ts +0 -59
- package/src/__tests__/setCurrentRole.test.ts +0 -83
- package/src/__tests__/users.test.ts +0 -52
- package/src/actions/available-actions.ts +0 -18
- package/src/actions/role-check.ts +0 -41
- package/src/actions/role-collections.ts +0 -65
- package/src/actions/user-setDefaultRole.ts +0 -45
- package/src/collections/roles-users.ts +0 -6
- package/src/collections/roles.ts +0 -79
- package/src/collections/rolesResources.ts +0 -31
- package/src/collections/rolesResourcesActions.ts +0 -28
- package/src/collections/rolesResourcesScopes.ts +0 -23
- package/src/collections/users.ts +0 -30
- package/src/index.ts +0 -2
- package/src/middlewares/setCurrentRole.ts +0 -32
- package/src/model/RoleModel.ts +0 -21
- package/src/model/RoleResourceActionModel.ts +0 -88
- package/src/model/RoleResourceModel.ts +0 -74
- package/src/server.ts +0 -463
|
@@ -73,7 +73,9 @@ function _checkAction() {
|
|
|
73
73
|
}
|
|
74
74
|
});
|
|
75
75
|
const role = ctx.app.acl.getRole(currentRole);
|
|
76
|
+
const availableActions = ctx.app.acl.getAvailableActions();
|
|
76
77
|
ctx.body = _objectSpread(_objectSpread({}, role.toJSON()), {}, {
|
|
78
|
+
availableActions: [...availableActions.keys()],
|
|
77
79
|
resources: [...role.resources.keys()],
|
|
78
80
|
actionAlias: map2obj(ctx.app.acl.actionAlias),
|
|
79
81
|
allowAll: currentRole === 'root',
|
|
@@ -37,7 +37,8 @@ const roleCollectionsResource = {
|
|
|
37
37
|
_ctx$action$params$pa2 = _ctx$action$params.pageSize,
|
|
38
38
|
pageSize = _ctx$action$params$pa2 === void 0 ? 20 : _ctx$action$params$pa2;
|
|
39
39
|
const db = ctx.db;
|
|
40
|
-
const collectionRepository = db.getRepository('collections');
|
|
40
|
+
const collectionRepository = db.getRepository('collections');
|
|
41
|
+
const fieldRepository = db.getRepository('fields'); // all collections
|
|
41
42
|
|
|
42
43
|
const _yield$collectionRepo = yield collectionRepository.findAndCount({
|
|
43
44
|
filter: ctx.action.params.filter,
|
|
@@ -56,19 +57,45 @@ const roleCollectionsResource = {
|
|
|
56
57
|
|
|
57
58
|
const roleResourcesNames = roleResources.map(roleResource => roleResource.get('name'));
|
|
58
59
|
const roleResourceActionResourceNames = roleResources.filter(roleResources => roleResources.get('usingActionsConfig')).map(roleResources => roleResources.get('name'));
|
|
60
|
+
const items = collections.map((collection, i) => {
|
|
61
|
+
const exists = roleResourcesNames.includes(collection.get('name'));
|
|
62
|
+
const usingConfig = roleResourceActionResourceNames.includes(collection.get('name')) ? 'resourceAction' : 'strategy';
|
|
63
|
+
const c = db.getCollection(collection.get('name')); // const children = [...c.fields.values()]
|
|
64
|
+
// .filter(
|
|
65
|
+
// (f) => f.options.interface && ['hasOne', 'hasMany', 'belongsTo', 'belongsToMany'].includes(f.options.type),
|
|
66
|
+
// )
|
|
67
|
+
// .map((f, j) => {
|
|
68
|
+
// const name = `${collection.get('name')}.${f.options.name}`;
|
|
69
|
+
// const usingConfig: UsingConfigType = roleResourceActionResourceNames.includes(name)
|
|
70
|
+
// ? 'resourceAction'
|
|
71
|
+
// : 'strategy';
|
|
72
|
+
// const exists = roleResourcesNames.includes(name);
|
|
73
|
+
// return {
|
|
74
|
+
// type: 'association',
|
|
75
|
+
// __index: `${i}.children.${j}`,
|
|
76
|
+
// name,
|
|
77
|
+
// collectionName: f.options.target,
|
|
78
|
+
// title: f.options?.uiSchema?.title,
|
|
79
|
+
// roleName: role,
|
|
80
|
+
// usingConfig,
|
|
81
|
+
// exists,
|
|
82
|
+
// };
|
|
83
|
+
// });
|
|
84
|
+
|
|
85
|
+
return {
|
|
86
|
+
type: 'collection',
|
|
87
|
+
name: collection.get('name'),
|
|
88
|
+
collectionName: collection.get('name'),
|
|
89
|
+
title: collection.get('title'),
|
|
90
|
+
roleName: role,
|
|
91
|
+
usingConfig,
|
|
92
|
+
exists // children: children.length > 0 ? children : null,
|
|
93
|
+
|
|
94
|
+
};
|
|
95
|
+
});
|
|
59
96
|
ctx.body = {
|
|
60
97
|
count,
|
|
61
|
-
rows:
|
|
62
|
-
const exists = roleResourcesNames.includes(collection.get('name'));
|
|
63
|
-
const usingConfig = roleResourceActionResourceNames.includes(collection.get('name')) ? 'resourceAction' : 'strategy';
|
|
64
|
-
return {
|
|
65
|
-
name: collection.get('name'),
|
|
66
|
-
title: collection.get('title'),
|
|
67
|
-
roleName: role,
|
|
68
|
-
usingConfig,
|
|
69
|
-
exists
|
|
70
|
-
};
|
|
71
|
-
}),
|
|
98
|
+
rows: items,
|
|
72
99
|
page: Number(page),
|
|
73
100
|
pageSize: Number(pageSize),
|
|
74
101
|
totalPage: totalPage(count, pageSize)
|
package/lib/collections/roles.js
CHANGED
package/lib/collections/users.js
CHANGED
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
|
|
3
|
+
Object.defineProperty(exports, "__esModule", {
|
|
4
|
+
value: true
|
|
5
|
+
});
|
|
6
|
+
exports.default = void 0;
|
|
7
|
+
|
|
8
|
+
function _server() {
|
|
9
|
+
const data = require("@nocobase/server");
|
|
10
|
+
|
|
11
|
+
_server = function _server() {
|
|
12
|
+
return data;
|
|
13
|
+
};
|
|
14
|
+
|
|
15
|
+
return data;
|
|
16
|
+
}
|
|
17
|
+
|
|
18
|
+
function asyncGeneratorStep(gen, resolve, reject, _next, _throw, key, arg) { try { var info = gen[key](arg); var value = info.value; } catch (error) { reject(error); return; } if (info.done) { resolve(value); } else { Promise.resolve(value).then(_next, _throw); } }
|
|
19
|
+
|
|
20
|
+
function _asyncToGenerator(fn) { return function () { var self = this, args = arguments; return new Promise(function (resolve, reject) { var gen = fn.apply(self, args); function _next(value) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "next", value); } function _throw(err) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "throw", err); } _next(undefined); }); }; }
|
|
21
|
+
|
|
22
|
+
class _default extends _server().Migration {
|
|
23
|
+
up() {
|
|
24
|
+
var _this = this;
|
|
25
|
+
|
|
26
|
+
return _asyncToGenerator(function* () {
|
|
27
|
+
yield _this.app.db.getRepository('roles').update({
|
|
28
|
+
filter: {
|
|
29
|
+
$or: [{
|
|
30
|
+
allowConfigure: true
|
|
31
|
+
}, {
|
|
32
|
+
name: 'root'
|
|
33
|
+
}]
|
|
34
|
+
},
|
|
35
|
+
values: {
|
|
36
|
+
snippets: ['ui.*', 'pm', 'pm.*'],
|
|
37
|
+
allowConfigure: false
|
|
38
|
+
}
|
|
39
|
+
});
|
|
40
|
+
})();
|
|
41
|
+
}
|
|
42
|
+
|
|
43
|
+
down() {
|
|
44
|
+
return _asyncToGenerator(function* () {})();
|
|
45
|
+
}
|
|
46
|
+
|
|
47
|
+
}
|
|
48
|
+
|
|
49
|
+
exports.default = _default;
|
package/lib/model/RoleModel.js
CHANGED
|
@@ -78,7 +78,7 @@ class RoleResourceActionModel extends _database().Model {
|
|
|
78
78
|
continue;
|
|
79
79
|
}
|
|
80
80
|
|
|
81
|
-
const fieldType = collectionField.get('
|
|
81
|
+
const fieldType = collectionField.get('type');
|
|
82
82
|
const fieldActions = associationFieldsActions === null || associationFieldsActions === void 0 ? void 0 : (_associationFieldsAct = associationFieldsActions[fieldType]) === null || _associationFieldsAct === void 0 ? void 0 : _associationFieldsAct[availableAction];
|
|
83
83
|
const fieldTarget = collectionField.get('target');
|
|
84
84
|
|
|
@@ -86,12 +86,18 @@ class RoleResourceActionModel extends _database().Model {
|
|
|
86
86
|
// grant association actions to role
|
|
87
87
|
const associationActions = fieldActions.associationActions || [];
|
|
88
88
|
associationActions.forEach(associationAction => {
|
|
89
|
-
const actionName = `${resourceName}.${
|
|
89
|
+
const actionName = `${resourceName}.${collectionField.get('name')}:${associationAction}`;
|
|
90
90
|
role.grantAction(actionName);
|
|
91
91
|
});
|
|
92
92
|
const targetActions = fieldActions.targetActions || [];
|
|
93
93
|
targetActions.forEach(targetAction => {
|
|
94
|
-
const targetActionPath = `${fieldTarget}:${targetAction}`;
|
|
94
|
+
const targetActionPath = `${fieldTarget}:${targetAction}`;
|
|
95
|
+
const existsAction = role.getActionParams(targetActionPath);
|
|
96
|
+
|
|
97
|
+
if (existsAction) {
|
|
98
|
+
return;
|
|
99
|
+
} // set resource target action with current resourceName
|
|
100
|
+
|
|
95
101
|
|
|
96
102
|
grantHelper.resourceTargetActionMap.set(`${role.name}.${resourceName}`, [...(grantHelper.resourceTargetActionMap.get(resourceName) || []), targetActionPath]);
|
|
97
103
|
grantHelper.targetActionResourceMap.set(targetActionPath, [...(grantHelper.targetActionResourceMap.get(targetActionPath) || []), `${role.name}.${resourceName}`]);
|