@nocobase/plugin-acl 0.8.1-alpha.4 → 0.9.0-alpha.1

package/src/__tests__/setCurrentRole.test.ts

@@ -1,83 +0,0 @@
-import Database from '@nocobase/database';
-import UsersPlugin from '@nocobase/plugin-users';
-import { MockServer } from '@nocobase/test';
-import { setCurrentRole } from '../middlewares/setCurrentRole';
-import { prepareApp } from './prepare';
-
-describe('role', () => {
-  let api: MockServer;
-  let db: Database;
-
-  let usersPlugin: UsersPlugin;
-  let ctx;
-
-  beforeEach(async () => {
-    api = await prepareApp();
-
-    db = api.db;
-    usersPlugin = api.getPlugin('users');
-
-    ctx = {
-      db,
-      state: {
-        currentRole: '',
-      }
-    }
-  });
-
-  afterEach(async () => {
-    await api.destroy();
-  });
-
-  it('should set role with X-Role when exists', async () => {
-    ctx.state.currentUser = await db.getRepository('users').findOne({
-      appends: ['roles'],
-    });
-    ctx.get = function(name) {
-      if (name === 'X-Role') {
-        return 'admin';
-      }
-    };
-    await setCurrentRole(ctx, () => {});
-    expect(ctx.state.currentRole).toBe('admin');
-  });
-
-  it('should set role with default', async () => {
-    ctx.state.currentUser = await db.getRepository('users').findOne({
-      appends: ['roles'],
-    });
-    ctx.get = function (name) {
-      if (name === 'X-Role') {
-        return '';
-      }
-    };
-    await setCurrentRole(ctx, () => {});
-    expect(ctx.state.currentRole).toBe('root');
-  });
-
-  it('should set role with default when x-role does not exist', async () => {
-    ctx.state.currentUser = await db.getRepository('users').findOne({
-      appends: ['roles'],
-    });
-    ctx.get = function (name) {
-      if (name === 'X-Role') {
-        return 'abc';
-      }
-    };
-    await setCurrentRole(ctx, () => {});
-    expect(ctx.state.currentRole).toBe('root');
-  });
-
-  it('should set role with anonymous', async () => {
-    ctx.state.currentUser = await db.getRepository('users').findOne({
-      appends: ['roles'],
-    });
-    ctx.get = function (name) {
-      if (name === 'X-Role') {
-        return 'anonymous';
-      }
-    };
-    await setCurrentRole(ctx, () => {});
-    expect(ctx.state.currentRole).toBe('anonymous');
-  });
-});

package/src/__tests__/users.test.ts

@@ -1,52 +0,0 @@
-import Database from '@nocobase/database';
-import { MockServer } from '@nocobase/test';
-import { prepareApp } from './prepare';
-
-describe('actions', () => {
-  let app: MockServer;
-  let db: Database;
-  let adminUser;
-  let agent;
-  let adminAgent;
-  let pluginUser;
-
-  beforeEach(async () => {
-    process.env.INIT_ROOT_EMAIL = 'test@nocobase.com';
-    process.env.INIT_ROOT_PASSWORD = '123456';
-    process.env.INIT_ROOT_NICKNAME = 'Test';
-
-    app = await prepareApp();
-    db = app.db;
-
-    pluginUser = app.getPlugin('users');
-    adminUser = await db.getRepository('users').findOne({
-      filter: {
-        email: process.env.INIT_ROOT_EMAIL
-      },
-      appends: ['roles']
-    });
-
-    agent = app.agent();
-    adminAgent = app.agent().auth(
-      pluginUser.jwtService.sign({
-        userId: adminUser.get('id'),
-      }),
-      { type: 'bearer' },
-    );
-  });
-
-  afterEach(async () => {
-    await db.close();
-  });
-
-  it('update profile with roles', async () => {
-    const res2 = await adminAgent.resource('users').updateProfile({
-      filterByTk: adminUser.id,
-      values: {
-        nickname: 'a',
-        roles: adminUser.roles
-      }
-    });
-    expect(res2.status).toBe(200);
-  });
-});

package/src/actions/available-actions.ts

@@ -1,18 +0,0 @@
-const availableActionResource = {
-  name: 'availableActions',
-  actions: {
-    async list(ctx, next) {
-      const acl = ctx.app.acl;
-      const availableActions = acl.getAvailableActions();
-      ctx.body = Array.from(availableActions.entries()).map(([, { name, options }]) => {
-        return {
-          ...options,
-          name,
-        };
-      });
-      await next();
-    },
-  },
-};
-
-export { availableActionResource };

package/src/actions/role-check.ts

@@ -1,41 +0,0 @@
-const map2obj = (map: Map<string, string>) => {
-  const obj = {};
-  for(let [key, value] of map){
-    obj[key] = value;
-  }
- return obj;
-}
-
-export async function checkAction(ctx, next) {
-  const currentRole = ctx.state.currentRole;
-  if (currentRole) {
-    const roleInstance = await ctx.db.getRepository('roles').findOne({
-      filter: {
-        name: currentRole,
-      },
-      appends: ['menuUiSchemas'],
-    });
-
-    const anonymous = await ctx.db.getRepository('roles').findOne({
-      filter: {
-        name: 'anonymous',
-      },
-    });
-
-    const role = ctx.app.acl.getRole(currentRole);
-
-    ctx.body = {
-      ...role.toJSON(),
-      resources: [...role.resources.keys()],
-      actionAlias: map2obj(ctx.app.acl.actionAlias),
-      allowAll: currentRole === 'root',
-      allowConfigure: roleInstance.get('allowConfigure'),
-      allowMenuItemIds: roleInstance.get('menuUiSchemas').map((uiSchema) => uiSchema.get('x-uid')),
-      allowAnonymous: !!anonymous,
-    };
-  } else {
-    throw new Error('Role not found');
-  }
-
-  await next();
-}

package/src/actions/role-collections.ts

@@ -1,65 +0,0 @@
-import { Database } from '@nocobase/database';
-
-type UsingConfigType = 'strategy' | 'resourceAction';
-
-function totalPage(total, pageSize): number {
-  return Math.ceil(total / pageSize);
-}
-
-const roleCollectionsResource = {
-  name: 'roles.collections',
-  actions: {
-    async list(ctx, next) {
-      const role = ctx.action.params.associatedIndex;
-      const { page = 1, pageSize = 20 } = ctx.action.params;
-
-      const db: Database = ctx.db;
-      const collectionRepository = db.getRepository('collections');
-
-      // all collections
-      const [collections, count] = await collectionRepository.findAndCount({
-        filter: ctx.action.params.filter,
-        sort: 'sort',
-      });
-
-      // role collections
-      const roleResources = await db.getRepository('rolesResources').find({
-        filter: {
-          roleName: role,
-        },
-      });
-
-      // role collections
-      const roleResourcesNames = roleResources.map((roleResource) => roleResource.get('name'));
-      const roleResourceActionResourceNames = roleResources
-        .filter((roleResources) => roleResources.get('usingActionsConfig'))
-        .map((roleResources) => roleResources.get('name'));
-
-      ctx.body = {
-        count,
-        rows: collections.map((collection) => {
-          const exists = roleResourcesNames.includes(collection.get('name'));
-
-          const usingConfig: UsingConfigType = roleResourceActionResourceNames.includes(collection.get('name'))
-            ? 'resourceAction'
-            : 'strategy';
-
-          return {
-            name: collection.get('name') as string,
-            title: collection.get('title') as string,
-            roleName: role,
-            usingConfig,
-            exists,
-          };
-        }),
-        page: Number(page),
-        pageSize: Number(pageSize),
-        totalPage: totalPage(count, pageSize),
-      };
-
-      await next();
-    },
-  },
-};
-
-export { roleCollectionsResource };

package/src/actions/user-setDefaultRole.ts

@@ -1,45 +0,0 @@
-import { Context, Next } from '@nocobase/actions';
-
-export async function setDefaultRole(ctx: Context, next: Next) {
-  const {
-    values: { roleName },
-  } = ctx.action.params;
-
-  const {
-    db,
-    state: { currentUser },
-    action: { params: { values } }
-  } = ctx;
-
-  if (values.roleName == 'anonymous') {
-    return next();
-  }
-
-  const repository = db.getRepository('rolesUsers');
-
-  await db.sequelize.transaction(async transaction => {
-    await repository.update({
-      filter: {
-        userId: currentUser.get('id'),
-      },
-      values: {
-        default: false,
-      },
-      transaction,
-    });
-    await repository.update({
-      filter: {
-        userId: currentUser.get('id'),
-        roleName,
-      },
-      values: {
-        default: true,
-      },
-      transaction,
-    });
-  });
-
-  ctx.body = 'ok';
-
-  await next();
-}

package/src/collections/roles-users.ts

@@ -1,6 +0,0 @@
-import { CollectionOptions } from '@nocobase/database';
-
-export default {
-  name: 'rolesUsers',
-  fields: [{ type: 'boolean', name: 'default' }],
-} as CollectionOptions;

package/src/collections/roles.ts

@@ -1,79 +0,0 @@
-import { CollectionOptions } from '@nocobase/database';
-
-export default {
-  name: 'roles',
-  title: '{{t("Roles")}}',
-  autoGenId: false,
-  model: 'RoleModel',
-  filterTargetKey: 'name',
-  // targetKey: 'name',
-  sortable: true,
-  fields: [
-    {
-      type: 'uid',
-      name: 'name',
-      prefix: 'r_',
-      primaryKey: true,
-      interface: 'input',
-      uiSchema: {
-        type: 'string',
-        title: '{{t("Role UID")}}',
-        'x-component': 'Input',
-      },
-    },
-    {
-      type: 'string',
-      name: 'title',
-      unique: true,
-      interface: 'input',
-      uiSchema: {
-        type: 'string',
-        title: '{{t("Role name")}}',
-        'x-component': 'Input',
-      },
-    },
-    {
-      type: 'boolean',
-      name: 'default',
-    },
-    {
-      type: 'string',
-      name: 'description',
-    },
-    {
-      type: 'json',
-      name: 'strategy',
-    },
-    {
-      type: 'boolean',
-      name: 'default',
-      defaultValue: false,
-    },
-    {
-      type: 'boolean',
-      name: 'hidden',
-      defaultValue: false,
-    },
-    {
-      type: 'boolean',
-      name: 'allowConfigure',
-    },
-    {
-      type: 'boolean',
-      name: 'allowNewMenu',
-    },
-    {
-      type: 'belongsToMany',
-      name: 'menuUiSchemas',
-      target: 'uiSchemas',
-      targetKey: 'x-uid',
-    },
-    {
-      type: 'hasMany',
-      name: 'resources',
-      target: 'rolesResources',
-      sourceKey: 'name',
-      targetKey: 'name',
-    },
-  ],
-} as CollectionOptions;

package/src/collections/rolesResources.ts

@@ -1,31 +0,0 @@
-import { CollectionOptions } from '@nocobase/database';
-
-export default {
-  name: 'rolesResources',
-  model: 'RoleResourceModel',
-  indexes: [
-    {
-      unique: true,
-      fields: ['roleName', 'name'],
-    },
-  ],
-  fields: [
-    {
-      type: 'belongsTo',
-      name: 'role',
-    },
-    {
-      type: 'string',
-      name: 'name',
-    },
-    {
-      type: 'boolean',
-      name: 'usingActionsConfig',
-    },
-    {
-      type: 'hasMany',
-      name: 'actions',
-      target: 'rolesResourcesActions',
-    },
-  ],
-} as CollectionOptions;

package/src/collections/rolesResourcesActions.ts

@@ -1,28 +0,0 @@
-import { CollectionOptions } from '@nocobase/database';
-
-export default {
-  name: 'rolesResourcesActions',
-  model: 'RoleResourceActionModel',
-  fields: [
-    {
-      type: 'belongsTo',
-      name: 'resource',
-      foreignKey: 'rolesResourceId',
-      target: 'rolesResources',
-    },
-    {
-      type: 'string',
-      name: 'name',
-    },
-    {
-      type: 'array',
-      name: 'fields',
-      defaultValue: [],
-    },
-    {
-      type: 'belongsTo',
-      name: 'scope',
-      target: 'rolesResourcesScopes',
-    },
-  ],
-} as CollectionOptions;

package/src/collections/rolesResourcesScopes.ts

@@ -1,23 +0,0 @@
-import { CollectionOptions } from '@nocobase/database';
-
-export default {
-  name: 'rolesResourcesScopes',
-  fields: [
-    {
-      type: 'uid',
-      name: 'key',
-    },
-    {
-      type: 'string',
-      name: 'name',
-    },
-    {
-      type: 'string',
-      name: 'resourceName',
-    },
-    {
-      type: 'json',
-      name: 'scope',
-    },
-  ],
-} as CollectionOptions;

package/src/collections/users.ts

@@ -1,30 +0,0 @@
-import { extend } from '@nocobase/database';
-
-export default extend({
-  name: 'users',
-  fields: [
-    {
-      interface: 'm2m',
-      type: 'belongsToMany',
-      name: 'roles',
-      target: 'roles',
-      foreignKey: 'userId',
-      otherKey: 'roleName',
-      sourceKey: 'id',
-      targetKey: 'name',
-      through: 'rolesUsers',
-      uiSchema: {
-        type: 'array',
-        title: '{{t("Roles")}}',
-        'x-component': 'RecordPicker',
-        'x-component-props': {
-          multiple: true,
-          fieldNames: {
-            label: 'title',
-            value: 'name',
-          },
-        },
-      },
-    }
-  ],
-});

package/src/index.ts

@@ -1,2 +0,0 @@
-export { default } from './server';
-

package/src/middlewares/setCurrentRole.ts

@@ -1,32 +0,0 @@
-export async function setCurrentRole(ctx, next) {
-  let currentRole = ctx.get('X-Role');
-
-  if (currentRole === 'anonymous') {
-    ctx.state.currentRole = currentRole;
-    return next();
-  }
-
-  if (!ctx.state.currentUser) {
-    return next();
-  }
-
-  const repository = ctx.db.getRepository('users.roles', ctx.state.currentUser.id);
-  const roles = await repository.find();
-  ctx.state.currentUser.setDataValue('roles', roles);
-
-  if (roles.length == 1) {
-    currentRole = roles[0].name;
-  } else if (roles.length > 1) {
-    const role = roles.find((item) => item.name === currentRole);
-    if (!role) {
-      const defaultRole = roles.find((item) => item?.rolesUsers?.default);
-      currentRole = (defaultRole || roles[0])?.name;
-    }
-  }
-
-  if (currentRole) {
-    ctx.state.currentRole = currentRole;
-  }
-
-  await next();
-}

package/src/model/RoleModel.ts

@@ -1,21 +0,0 @@
-import { Model } from '@nocobase/database';
-import { ACL } from '@nocobase/acl';
-
-export class RoleModel extends Model {
-  writeToAcl(options: { acl: ACL }) {
-    const { acl } = options;
-    const roleName = this.get('name') as string;
-    let role = acl.getRole(roleName);
-
-    if (!role) {
-      role = acl.define({
-        role: roleName,
-      });
-    }
-
-    role.setStrategy({
-      ...((this.get('strategy') as object) || {}),
-      allowConfigure: this.get('allowConfigure') as boolean,
-    });
-  }
-}

package/src/model/RoleResourceActionModel.ts

@@ -1,88 +0,0 @@
-import { ACL, ACLRole } from '@nocobase/acl';
-import { Database, Model } from '@nocobase/database';
-import { AssociationFieldAction, AssociationFieldsActions, GrantHelper } from '../server';
-
-export class RoleResourceActionModel extends Model {
-  async writeToACL(options: {
-    acl: ACL;
-    role: ACLRole;
-    resourceName: string;
-    associationFieldsActions: AssociationFieldsActions;
-    grantHelper: GrantHelper;
-  }) {
-    // @ts-ignore
-    const db: Database = this.constructor.database;
-
-    const { resourceName, role, acl, associationFieldsActions, grantHelper } = options;
-
-    const actionName = this.get('name') as string;
-
-    const fields = this.get('fields') as any;
-
-    const actionPath = `${resourceName}:${actionName}`;
-    const actionParams = {
-      fields,
-    };
-
-    // @ts-ignore
-    const scope = await this.getScope();
-
-    if (scope) {
-      actionParams['own'] = scope.get('key') === 'own';
-      actionParams['filter'] = scope.get('scope');
-    }
-
-    role.grantAction(actionPath, actionParams);
-
-    const collection = db.getCollection(resourceName);
-
-    if (!collection) {
-      return;
-    }
-
-    const availableAction = acl.resolveActionAlias(actionName);
-
-    for (const field of fields) {
-      const collectionField = collection.getField(field);
-
-      if (!collectionField) {
-        console.log(`${field} does not exist`);
-        continue;
-      }
-
-      const fieldType = collectionField.get('interface') as string;
-
-      const fieldActions: AssociationFieldAction = associationFieldsActions?.[fieldType]?.[availableAction];
-
-      const fieldTarget = collectionField.get('target');
-
-      if (fieldActions) {
-        // grant association actions to role
-        const associationActions = fieldActions.associationActions || [];
-        associationActions.forEach((associationAction) => {
-          const actionName = `${resourceName}.${fieldTarget}:${associationAction}`;
-          role.grantAction(actionName);
-        });
-
-        const targetActions = fieldActions.targetActions || [];
-
-        targetActions.forEach((targetAction) => {
-          const targetActionPath = `${fieldTarget}:${targetAction}`;
-
-          // set resource target action with current resourceName
-          grantHelper.resourceTargetActionMap.set(`${role.name}.${resourceName}`, [
-            ...(grantHelper.resourceTargetActionMap.get(resourceName) || []),
-            targetActionPath,
-          ]);
-
-          grantHelper.targetActionResourceMap.set(targetActionPath, [
-            ...(grantHelper.targetActionResourceMap.get(targetActionPath) || []),
-            `${role.name}.${resourceName}`,
-          ]);
-
-          role.grantAction(targetActionPath);
-        });
-      }
-    }
-  }
-}