@nocobase/plugin-acl 0.9.4-alpha.2 → 0.10.0-alpha.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/actions/role-check.js +31 -25
- package/lib/server.d.ts +2 -0
- package/lib/server.js +172 -168
- package/package.json +7 -7
|
@@ -42,32 +42,38 @@ function checkAction(_x2, _x3) {
|
|
|
42
42
|
function _checkAction() {
|
|
43
43
|
_checkAction = _asyncToGenerator(function* (ctx, next) {
|
|
44
44
|
const currentRole = ctx.state.currentRole;
|
|
45
|
-
if (currentRole) {
|
|
46
|
-
|
|
47
|
-
filter: {
|
|
48
|
-
name: currentRole
|
|
49
|
-
},
|
|
50
|
-
appends: ['menuUiSchemas']
|
|
51
|
-
});
|
|
52
|
-
const anonymous = yield ctx.db.getRepository('roles').findOne({
|
|
53
|
-
filter: {
|
|
54
|
-
name: 'anonymous'
|
|
55
|
-
}
|
|
56
|
-
});
|
|
57
|
-
const role = ctx.app.acl.getRole(currentRole);
|
|
58
|
-
const availableActions = ctx.app.acl.getAvailableActions();
|
|
59
|
-
ctx.body = _objectSpread(_objectSpread({}, role.toJSON()), {}, {
|
|
60
|
-
availableActions: [...availableActions.keys()],
|
|
61
|
-
resources: [...role.resources.keys()],
|
|
62
|
-
actionAlias: map2obj(ctx.app.acl.actionAlias),
|
|
63
|
-
allowAll: currentRole === 'root',
|
|
64
|
-
allowConfigure: roleInstance.get('allowConfigure'),
|
|
65
|
-
allowMenuItemIds: roleInstance.get('menuUiSchemas').map(uiSchema => uiSchema.get('x-uid')),
|
|
66
|
-
allowAnonymous: !!anonymous
|
|
67
|
-
});
|
|
68
|
-
} else {
|
|
69
|
-
throw new Error('Role not found');
|
|
45
|
+
if (!currentRole) {
|
|
46
|
+
throw new Error('User role not found');
|
|
70
47
|
}
|
|
48
|
+
const roleInstance = yield ctx.db.getRepository('roles').findOne({
|
|
49
|
+
filter: {
|
|
50
|
+
name: currentRole
|
|
51
|
+
},
|
|
52
|
+
appends: ['menuUiSchemas']
|
|
53
|
+
});
|
|
54
|
+
if (!roleInstance) {
|
|
55
|
+
throw new Error(`Role ${currentRole} not exists`);
|
|
56
|
+
}
|
|
57
|
+
const anonymous = yield ctx.db.getRepository('roles').findOne({
|
|
58
|
+
filter: {
|
|
59
|
+
name: 'anonymous'
|
|
60
|
+
}
|
|
61
|
+
});
|
|
62
|
+
let role = ctx.app.acl.getRole(currentRole);
|
|
63
|
+
if (!role) {
|
|
64
|
+
yield ctx.app.emitAsync('acl:writeRoleToACL', roleInstance);
|
|
65
|
+
role = ctx.app.acl.getRole(currentRole);
|
|
66
|
+
}
|
|
67
|
+
const availableActions = ctx.app.acl.getAvailableActions();
|
|
68
|
+
ctx.body = _objectSpread(_objectSpread({}, role.toJSON()), {}, {
|
|
69
|
+
availableActions: [...availableActions.keys()],
|
|
70
|
+
resources: [...role.resources.keys()],
|
|
71
|
+
actionAlias: map2obj(ctx.app.acl.actionAlias),
|
|
72
|
+
allowAll: currentRole === 'root',
|
|
73
|
+
allowConfigure: roleInstance.get('allowConfigure'),
|
|
74
|
+
allowMenuItemIds: roleInstance.get('menuUiSchemas').map(uiSchema => uiSchema.get('x-uid')),
|
|
75
|
+
allowAnonymous: !!anonymous
|
|
76
|
+
});
|
|
71
77
|
yield next();
|
|
72
78
|
});
|
|
73
79
|
return _checkAction.apply(this, arguments);
|
package/lib/server.d.ts
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { Plugin } from '@nocobase/server';
|
|
2
|
+
import { RoleModel } from './model/RoleModel';
|
|
2
3
|
import { RoleResourceActionModel } from './model/RoleResourceActionModel';
|
|
3
4
|
import { RoleResourceModel } from './model/RoleResourceModel';
|
|
4
5
|
export interface AssociationFieldAction {
|
|
@@ -25,6 +26,7 @@ export declare class PluginACL extends Plugin {
|
|
|
25
26
|
writeResourceToACL(resourceModel: RoleResourceModel, transaction: any): Promise<void>;
|
|
26
27
|
writeActionToACL(actionModel: RoleResourceActionModel, transaction: any): Promise<void>;
|
|
27
28
|
writeRolesToACL(): Promise<void>;
|
|
29
|
+
writeRoleToACL(role: RoleModel, transaction?: any): Promise<void>;
|
|
28
30
|
beforeLoad(): Promise<void>;
|
|
29
31
|
install(): Promise<void>;
|
|
30
32
|
load(): Promise<void>;
|
package/lib/server.js
CHANGED
|
@@ -173,21 +173,7 @@ class PluginACL extends _server().Plugin {
|
|
|
173
173
|
try {
|
|
174
174
|
for (_iterator.s(); !(_step = _iterator.n()).done;) {
|
|
175
175
|
const role = _step.value;
|
|
176
|
-
|
|
177
|
-
acl: _this3.acl
|
|
178
|
-
});
|
|
179
|
-
var _iterator2 = _createForOfIteratorHelper(role.get('resources')),
|
|
180
|
-
_step2;
|
|
181
|
-
try {
|
|
182
|
-
for (_iterator2.s(); !(_step2 = _iterator2.n()).done;) {
|
|
183
|
-
const resource = _step2.value;
|
|
184
|
-
yield _this3.writeResourceToACL(resource, null);
|
|
185
|
-
}
|
|
186
|
-
} catch (err) {
|
|
187
|
-
_iterator2.e(err);
|
|
188
|
-
} finally {
|
|
189
|
-
_iterator2.f();
|
|
190
|
-
}
|
|
176
|
+
yield _this3.writeRoleToACL(role);
|
|
191
177
|
}
|
|
192
178
|
} catch (err) {
|
|
193
179
|
_iterator.e(err);
|
|
@@ -196,29 +182,55 @@ class PluginACL extends _server().Plugin {
|
|
|
196
182
|
}
|
|
197
183
|
})();
|
|
198
184
|
}
|
|
199
|
-
|
|
185
|
+
writeRoleToACL(role, transaction = null) {
|
|
200
186
|
var _this4 = this;
|
|
201
187
|
return _asyncToGenerator(function* () {
|
|
202
|
-
|
|
203
|
-
|
|
188
|
+
role.writeToAcl({
|
|
189
|
+
acl: _this4.acl
|
|
190
|
+
});
|
|
191
|
+
let resources = role.get('resources');
|
|
192
|
+
if (!resources) {
|
|
193
|
+
resources = yield role.getResources({
|
|
194
|
+
transaction
|
|
195
|
+
});
|
|
196
|
+
}
|
|
197
|
+
var _iterator2 = _createForOfIteratorHelper(resources),
|
|
198
|
+
_step2;
|
|
199
|
+
try {
|
|
200
|
+
for (_iterator2.s(); !(_step2 = _iterator2.n()).done;) {
|
|
201
|
+
const resource = _step2.value;
|
|
202
|
+
yield _this4.writeResourceToACL(resource, transaction);
|
|
203
|
+
}
|
|
204
|
+
} catch (err) {
|
|
205
|
+
_iterator2.e(err);
|
|
206
|
+
} finally {
|
|
207
|
+
_iterator2.f();
|
|
208
|
+
}
|
|
209
|
+
})();
|
|
210
|
+
}
|
|
211
|
+
beforeLoad() {
|
|
212
|
+
var _this5 = this;
|
|
213
|
+
return _asyncToGenerator(function* () {
|
|
214
|
+
_this5.db.addMigrations({
|
|
215
|
+
namespace: _this5.name,
|
|
204
216
|
directory: (0, _path().resolve)(__dirname, './migrations'),
|
|
205
217
|
context: {
|
|
206
|
-
plugin:
|
|
218
|
+
plugin: _this5
|
|
207
219
|
}
|
|
208
220
|
});
|
|
209
|
-
|
|
221
|
+
_this5.app.db.registerModels({
|
|
210
222
|
RoleResourceActionModel: _RoleResourceActionModel.RoleResourceActionModel,
|
|
211
223
|
RoleResourceModel: _RoleResourceModel.RoleResourceModel,
|
|
212
224
|
RoleModel: _RoleModel.RoleModel
|
|
213
225
|
});
|
|
214
|
-
|
|
215
|
-
name: `pm.${
|
|
226
|
+
_this5.app.acl.registerSnippet({
|
|
227
|
+
name: `pm.${_this5.name}.roles`,
|
|
216
228
|
actions: ['roles:*', 'roles.snippets:*', 'availableActions:list', 'roles.collections:list', 'roles.resources:*', 'uiSchemas:getProperties', 'roles.menuUiSchemas:*']
|
|
217
229
|
});
|
|
218
230
|
// change resource fields to association fields
|
|
219
|
-
|
|
220
|
-
const actionName =
|
|
221
|
-
const collection =
|
|
231
|
+
_this5.app.acl.beforeGrantAction(ctx => {
|
|
232
|
+
const actionName = _this5.app.acl.resolveActionAlias(ctx.actionName);
|
|
233
|
+
const collection = _this5.app.db.getCollection(ctx.resourceName);
|
|
222
234
|
if (!collection) {
|
|
223
235
|
return;
|
|
224
236
|
}
|
|
@@ -237,15 +249,15 @@ class PluginACL extends _server().Plugin {
|
|
|
237
249
|
});
|
|
238
250
|
}
|
|
239
251
|
});
|
|
240
|
-
|
|
241
|
-
|
|
242
|
-
|
|
243
|
-
|
|
244
|
-
|
|
245
|
-
|
|
252
|
+
_this5.registerAssociationFieldsActions();
|
|
253
|
+
_this5.app.resourcer.define(_availableActions.availableActionResource);
|
|
254
|
+
_this5.app.resourcer.define(_roleCollections.roleCollectionsResource);
|
|
255
|
+
_this5.app.resourcer.registerActionHandler('roles:check', _roleCheck.checkAction);
|
|
256
|
+
_this5.app.resourcer.registerActionHandler(`users:setDefaultRole`, _userSetDefaultRole.setDefaultRole);
|
|
257
|
+
_this5.db.on('users.afterCreateWithAssociations', /*#__PURE__*/function () {
|
|
246
258
|
var _ref = _asyncToGenerator(function* (model, options) {
|
|
247
259
|
const transaction = options.transaction;
|
|
248
|
-
const repository =
|
|
260
|
+
const repository = _this5.app.db.getRepository('roles');
|
|
249
261
|
const defaultRole = yield repository.findOne({
|
|
250
262
|
filter: {
|
|
251
263
|
default: true
|
|
@@ -264,29 +276,21 @@ class PluginACL extends _server().Plugin {
|
|
|
264
276
|
return _ref.apply(this, arguments);
|
|
265
277
|
};
|
|
266
278
|
}());
|
|
267
|
-
|
|
268
|
-
var _ref2 = _asyncToGenerator(function* (
|
|
279
|
+
_this5.app.on('acl:writeRoleToACL', /*#__PURE__*/function () {
|
|
280
|
+
var _ref2 = _asyncToGenerator(function* (roleModel) {
|
|
281
|
+
yield _this5.writeRoleToACL(roleModel);
|
|
282
|
+
});
|
|
283
|
+
return function (_x3) {
|
|
284
|
+
return _ref2.apply(this, arguments);
|
|
285
|
+
};
|
|
286
|
+
}());
|
|
287
|
+
_this5.app.db.on('roles.afterSaveWithAssociations', /*#__PURE__*/function () {
|
|
288
|
+
var _ref3 = _asyncToGenerator(function* (model, options) {
|
|
269
289
|
const transaction = options.transaction;
|
|
270
|
-
|
|
271
|
-
|
|
272
|
-
});
|
|
273
|
-
var _iterator3 = _createForOfIteratorHelper(yield model.getResources({
|
|
274
|
-
transaction
|
|
275
|
-
})),
|
|
276
|
-
_step3;
|
|
277
|
-
try {
|
|
278
|
-
for (_iterator3.s(); !(_step3 = _iterator3.n()).done;) {
|
|
279
|
-
const resource = _step3.value;
|
|
280
|
-
yield _this4.writeResourceToACL(resource, transaction);
|
|
281
|
-
}
|
|
282
|
-
// model is default
|
|
283
|
-
} catch (err) {
|
|
284
|
-
_iterator3.e(err);
|
|
285
|
-
} finally {
|
|
286
|
-
_iterator3.f();
|
|
287
|
-
}
|
|
290
|
+
yield _this5.writeRoleToACL(model, transaction);
|
|
291
|
+
// model is default
|
|
288
292
|
if (model.get('default')) {
|
|
289
|
-
yield
|
|
293
|
+
yield _this5.app.db.getRepository('roles').update({
|
|
290
294
|
values: {
|
|
291
295
|
default: false
|
|
292
296
|
},
|
|
@@ -298,79 +302,79 @@ class PluginACL extends _server().Plugin {
|
|
|
298
302
|
});
|
|
299
303
|
}
|
|
300
304
|
});
|
|
301
|
-
return function (
|
|
302
|
-
return
|
|
305
|
+
return function (_x4, _x5) {
|
|
306
|
+
return _ref3.apply(this, arguments);
|
|
303
307
|
};
|
|
304
308
|
}());
|
|
305
|
-
|
|
309
|
+
_this5.app.db.on('roles.afterDestroy', model => {
|
|
306
310
|
const roleName = model.get('name');
|
|
307
|
-
|
|
311
|
+
_this5.acl.removeRole(roleName);
|
|
308
312
|
});
|
|
309
|
-
|
|
310
|
-
var
|
|
311
|
-
yield
|
|
313
|
+
_this5.app.db.on('rolesResources.afterSaveWithAssociations', /*#__PURE__*/function () {
|
|
314
|
+
var _ref4 = _asyncToGenerator(function* (model, options) {
|
|
315
|
+
yield _this5.writeResourceToACL(model, options.transaction);
|
|
312
316
|
});
|
|
313
|
-
return function (
|
|
314
|
-
return
|
|
317
|
+
return function (_x6, _x7) {
|
|
318
|
+
return _ref4.apply(this, arguments);
|
|
315
319
|
};
|
|
316
320
|
}());
|
|
317
|
-
|
|
318
|
-
var
|
|
321
|
+
_this5.app.db.on('rolesResourcesActions.afterUpdateWithAssociations', /*#__PURE__*/function () {
|
|
322
|
+
var _ref5 = _asyncToGenerator(function* (model, options) {
|
|
319
323
|
const transaction = options.transaction;
|
|
320
324
|
const resource = yield model.getResource({
|
|
321
325
|
transaction
|
|
322
326
|
});
|
|
323
|
-
yield
|
|
327
|
+
yield _this5.writeResourceToACL(resource, transaction);
|
|
324
328
|
});
|
|
325
|
-
return function (
|
|
326
|
-
return
|
|
329
|
+
return function (_x8, _x9) {
|
|
330
|
+
return _ref5.apply(this, arguments);
|
|
327
331
|
};
|
|
328
332
|
}());
|
|
329
|
-
|
|
330
|
-
var
|
|
331
|
-
const role =
|
|
333
|
+
_this5.app.db.on('rolesResources.afterDestroy', /*#__PURE__*/function () {
|
|
334
|
+
var _ref6 = _asyncToGenerator(function* (model, options) {
|
|
335
|
+
const role = _this5.acl.getRole(model.get('roleName'));
|
|
332
336
|
if (role) {
|
|
333
337
|
role.revokeResource(model.get('name'));
|
|
334
338
|
}
|
|
335
339
|
});
|
|
336
|
-
return function (
|
|
337
|
-
return
|
|
340
|
+
return function (_x10, _x11) {
|
|
341
|
+
return _ref6.apply(this, arguments);
|
|
338
342
|
};
|
|
339
343
|
}());
|
|
340
|
-
|
|
341
|
-
var
|
|
344
|
+
_this5.app.db.on('collections.afterDestroy', /*#__PURE__*/function () {
|
|
345
|
+
var _ref7 = _asyncToGenerator(function* (model, options) {
|
|
342
346
|
const transaction = options.transaction;
|
|
343
|
-
yield
|
|
347
|
+
yield _this5.app.db.getRepository('rolesResources').destroy({
|
|
344
348
|
filter: {
|
|
345
349
|
name: model.get('name')
|
|
346
350
|
},
|
|
347
351
|
transaction
|
|
348
352
|
});
|
|
349
353
|
});
|
|
350
|
-
return function (
|
|
351
|
-
return
|
|
354
|
+
return function (_x12, _x13) {
|
|
355
|
+
return _ref7.apply(this, arguments);
|
|
352
356
|
};
|
|
353
357
|
}());
|
|
354
|
-
|
|
355
|
-
var
|
|
358
|
+
_this5.app.db.on('fields.afterCreate', /*#__PURE__*/function () {
|
|
359
|
+
var _ref8 = _asyncToGenerator(function* (model, options) {
|
|
356
360
|
const transaction = options.transaction;
|
|
357
361
|
const collectionName = model.get('collectionName');
|
|
358
362
|
const fieldName = model.get('name');
|
|
359
|
-
const resourceActions = yield
|
|
363
|
+
const resourceActions = yield _this5.app.db.getRepository('rolesResourcesActions').find({
|
|
360
364
|
filter: {
|
|
361
365
|
'resource.name': collectionName
|
|
362
366
|
},
|
|
363
367
|
transaction,
|
|
364
368
|
appends: ['resource']
|
|
365
369
|
});
|
|
366
|
-
var
|
|
367
|
-
|
|
370
|
+
var _iterator3 = _createForOfIteratorHelper(resourceActions),
|
|
371
|
+
_step3;
|
|
368
372
|
try {
|
|
369
|
-
for (
|
|
370
|
-
const resourceAction =
|
|
373
|
+
for (_iterator3.s(); !(_step3 = _iterator3.n()).done;) {
|
|
374
|
+
const resourceAction = _step3.value;
|
|
371
375
|
const fields = resourceAction.get('fields');
|
|
372
376
|
const newFields = [...fields, fieldName];
|
|
373
|
-
yield
|
|
377
|
+
yield _this5.app.db.getRepository('rolesResourcesActions').update({
|
|
374
378
|
filterByTk: resourceAction.get('id'),
|
|
375
379
|
values: {
|
|
376
380
|
fields: newFields
|
|
@@ -379,34 +383,34 @@ class PluginACL extends _server().Plugin {
|
|
|
379
383
|
});
|
|
380
384
|
}
|
|
381
385
|
} catch (err) {
|
|
382
|
-
|
|
386
|
+
_iterator3.e(err);
|
|
383
387
|
} finally {
|
|
384
|
-
|
|
388
|
+
_iterator3.f();
|
|
385
389
|
}
|
|
386
390
|
});
|
|
387
|
-
return function (
|
|
388
|
-
return
|
|
391
|
+
return function (_x14, _x15) {
|
|
392
|
+
return _ref8.apply(this, arguments);
|
|
389
393
|
};
|
|
390
394
|
}());
|
|
391
|
-
|
|
392
|
-
var
|
|
395
|
+
_this5.app.db.on('fields.afterDestroy', /*#__PURE__*/function () {
|
|
396
|
+
var _ref9 = _asyncToGenerator(function* (model, options) {
|
|
393
397
|
const collectionName = model.get('collectionName');
|
|
394
398
|
const fieldName = model.get('name');
|
|
395
|
-
const resourceActions = yield
|
|
399
|
+
const resourceActions = yield _this5.app.db.getRepository('rolesResourcesActions').find({
|
|
396
400
|
filter: {
|
|
397
401
|
'resource.name': collectionName,
|
|
398
402
|
'fields.$anyOf': [fieldName]
|
|
399
403
|
},
|
|
400
404
|
transaction: options.transaction
|
|
401
405
|
});
|
|
402
|
-
var
|
|
403
|
-
|
|
406
|
+
var _iterator4 = _createForOfIteratorHelper(resourceActions),
|
|
407
|
+
_step4;
|
|
404
408
|
try {
|
|
405
|
-
for (
|
|
406
|
-
const resourceAction =
|
|
409
|
+
for (_iterator4.s(); !(_step4 = _iterator4.n()).done;) {
|
|
410
|
+
const resourceAction = _step4.value;
|
|
407
411
|
const fields = resourceAction.get('fields');
|
|
408
412
|
const newFields = fields.filter(field => field != fieldName);
|
|
409
|
-
yield
|
|
413
|
+
yield _this5.app.db.getRepository('rolesResourcesActions').update({
|
|
410
414
|
filterByTk: resourceAction.get('id'),
|
|
411
415
|
values: {
|
|
412
416
|
fields: newFields
|
|
@@ -415,54 +419,54 @@ class PluginACL extends _server().Plugin {
|
|
|
415
419
|
});
|
|
416
420
|
}
|
|
417
421
|
} catch (err) {
|
|
418
|
-
|
|
422
|
+
_iterator4.e(err);
|
|
419
423
|
} finally {
|
|
420
|
-
|
|
424
|
+
_iterator4.f();
|
|
421
425
|
}
|
|
422
426
|
});
|
|
423
|
-
return function (
|
|
424
|
-
return
|
|
427
|
+
return function (_x16, _x17) {
|
|
428
|
+
return _ref9.apply(this, arguments);
|
|
425
429
|
};
|
|
426
430
|
}());
|
|
427
431
|
// sync database role data to acl
|
|
428
|
-
|
|
429
|
-
var
|
|
432
|
+
_this5.app.on('afterLoad', /*#__PURE__*/function () {
|
|
433
|
+
var _ref10 = _asyncToGenerator(function* (app, options) {
|
|
430
434
|
if ((options === null || options === void 0 ? void 0 : options.method) === 'install' || (options === null || options === void 0 ? void 0 : options.method) === 'upgrade') {
|
|
431
435
|
return;
|
|
432
436
|
}
|
|
433
|
-
const exists = yield
|
|
437
|
+
const exists = yield _this5.app.db.collectionExistsInDb('roles');
|
|
434
438
|
if (exists) {
|
|
435
|
-
yield
|
|
439
|
+
yield _this5.writeRolesToACL();
|
|
436
440
|
}
|
|
437
441
|
});
|
|
438
|
-
return function (
|
|
439
|
-
return
|
|
442
|
+
return function (_x18, _x19) {
|
|
443
|
+
return _ref10.apply(this, arguments);
|
|
440
444
|
};
|
|
441
445
|
}());
|
|
442
|
-
|
|
443
|
-
var
|
|
444
|
-
const exists = yield
|
|
446
|
+
_this5.app.on('afterInstall', /*#__PURE__*/function () {
|
|
447
|
+
var _ref11 = _asyncToGenerator(function* (app, options) {
|
|
448
|
+
const exists = yield _this5.app.db.collectionExistsInDb('roles');
|
|
445
449
|
if (exists) {
|
|
446
|
-
yield
|
|
450
|
+
yield _this5.writeRolesToACL();
|
|
447
451
|
}
|
|
448
452
|
});
|
|
449
|
-
return function (
|
|
450
|
-
return
|
|
453
|
+
return function (_x20, _x21) {
|
|
454
|
+
return _ref11.apply(this, arguments);
|
|
451
455
|
};
|
|
452
456
|
}());
|
|
453
|
-
|
|
454
|
-
var
|
|
457
|
+
_this5.app.on('afterInstallPlugin', /*#__PURE__*/function () {
|
|
458
|
+
var _ref12 = _asyncToGenerator(function* (plugin) {
|
|
455
459
|
if (plugin.getName() !== 'users') {
|
|
456
460
|
return;
|
|
457
461
|
}
|
|
458
|
-
const User =
|
|
462
|
+
const User = _this5.db.getCollection('users');
|
|
459
463
|
yield User.repository.update({
|
|
460
464
|
values: {
|
|
461
465
|
roles: ['root', 'admin', 'member']
|
|
462
466
|
},
|
|
463
467
|
forceUpdate: true
|
|
464
468
|
});
|
|
465
|
-
const RolesUsers =
|
|
469
|
+
const RolesUsers = _this5.db.getCollection('rolesUsers');
|
|
466
470
|
yield RolesUsers.repository.update({
|
|
467
471
|
filter: {
|
|
468
472
|
userId: 1,
|
|
@@ -473,16 +477,16 @@ class PluginACL extends _server().Plugin {
|
|
|
473
477
|
}
|
|
474
478
|
});
|
|
475
479
|
});
|
|
476
|
-
return function (
|
|
477
|
-
return
|
|
480
|
+
return function (_x22) {
|
|
481
|
+
return _ref12.apply(this, arguments);
|
|
478
482
|
};
|
|
479
483
|
}());
|
|
480
|
-
|
|
481
|
-
var
|
|
484
|
+
_this5.app.on('beforeInstallPlugin', /*#__PURE__*/function () {
|
|
485
|
+
var _ref13 = _asyncToGenerator(function* (plugin) {
|
|
482
486
|
if (plugin.getName() !== 'users') {
|
|
483
487
|
return;
|
|
484
488
|
}
|
|
485
|
-
const roles =
|
|
489
|
+
const roles = _this5.app.db.getRepository('roles');
|
|
486
490
|
yield roles.createMany({
|
|
487
491
|
records: [{
|
|
488
492
|
name: 'root',
|
|
@@ -509,7 +513,7 @@ class PluginACL extends _server().Plugin {
|
|
|
509
513
|
snippets: ['!ui.*', '!pm', '!pm.*']
|
|
510
514
|
}]
|
|
511
515
|
});
|
|
512
|
-
const rolesResourcesScopes =
|
|
516
|
+
const rolesResourcesScopes = _this5.app.db.getRepository('rolesResourcesScopes');
|
|
513
517
|
yield rolesResourcesScopes.createMany({
|
|
514
518
|
records: [{
|
|
515
519
|
key: 'all',
|
|
@@ -524,21 +528,21 @@ class PluginACL extends _server().Plugin {
|
|
|
524
528
|
}]
|
|
525
529
|
});
|
|
526
530
|
});
|
|
527
|
-
return function (
|
|
528
|
-
return
|
|
531
|
+
return function (_x23) {
|
|
532
|
+
return _ref13.apply(this, arguments);
|
|
529
533
|
};
|
|
530
534
|
}());
|
|
531
|
-
|
|
535
|
+
_this5.app.resourcer.use(_setCurrentRole.setCurrentRole, {
|
|
532
536
|
tag: 'setCurrentRole',
|
|
533
537
|
before: 'acl',
|
|
534
|
-
after: '
|
|
538
|
+
after: 'auth'
|
|
535
539
|
});
|
|
536
|
-
|
|
537
|
-
|
|
538
|
-
|
|
540
|
+
_this5.app.acl.allow('users', 'setDefaultRole', 'loggedIn');
|
|
541
|
+
_this5.app.acl.allow('roles', 'check', 'loggedIn');
|
|
542
|
+
_this5.app.acl.allow('*', '*', ctx => {
|
|
539
543
|
return ctx.state.currentRole === 'root';
|
|
540
544
|
});
|
|
541
|
-
|
|
545
|
+
_this5.app.acl.addFixedParams('collections', 'destroy', () => {
|
|
542
546
|
return {
|
|
543
547
|
filter: {
|
|
544
548
|
$and: [{
|
|
@@ -549,7 +553,7 @@ class PluginACL extends _server().Plugin {
|
|
|
549
553
|
}
|
|
550
554
|
};
|
|
551
555
|
});
|
|
552
|
-
|
|
556
|
+
_this5.app.acl.addFixedParams('rolesResourcesScopes', 'destroy', () => {
|
|
553
557
|
return {
|
|
554
558
|
filter: {
|
|
555
559
|
$and: [{
|
|
@@ -560,7 +564,7 @@ class PluginACL extends _server().Plugin {
|
|
|
560
564
|
}
|
|
561
565
|
};
|
|
562
566
|
});
|
|
563
|
-
|
|
567
|
+
_this5.app.acl.addFixedParams('rolesResourcesScopes', 'update', () => {
|
|
564
568
|
return {
|
|
565
569
|
filter: {
|
|
566
570
|
$and: [{
|
|
@@ -571,7 +575,7 @@ class PluginACL extends _server().Plugin {
|
|
|
571
575
|
}
|
|
572
576
|
};
|
|
573
577
|
});
|
|
574
|
-
|
|
578
|
+
_this5.app.acl.addFixedParams('roles', 'destroy', () => {
|
|
575
579
|
return {
|
|
576
580
|
filter: {
|
|
577
581
|
$and: [{
|
|
@@ -584,14 +588,14 @@ class PluginACL extends _server().Plugin {
|
|
|
584
588
|
}
|
|
585
589
|
};
|
|
586
590
|
});
|
|
587
|
-
|
|
588
|
-
var
|
|
591
|
+
_this5.app.resourcer.use( /*#__PURE__*/function () {
|
|
592
|
+
var _ref14 = _asyncToGenerator(function* (ctx, next) {
|
|
589
593
|
const _ctx$action = ctx.action,
|
|
590
594
|
actionName = _ctx$action.actionName,
|
|
591
595
|
resourceName = _ctx$action.resourceName,
|
|
592
596
|
params = _ctx$action.params;
|
|
593
|
-
const
|
|
594
|
-
showAnonymous =
|
|
597
|
+
const _ref15 = params || {},
|
|
598
|
+
showAnonymous = _ref15.showAnonymous;
|
|
595
599
|
if (actionName === 'list' && resourceName === 'roles') {
|
|
596
600
|
if (!showAnonymous) {
|
|
597
601
|
ctx.action.mergeParams({
|
|
@@ -608,12 +612,12 @@ class PluginACL extends _server().Plugin {
|
|
|
608
612
|
}
|
|
609
613
|
yield next();
|
|
610
614
|
});
|
|
611
|
-
return function (
|
|
612
|
-
return
|
|
615
|
+
return function (_x24, _x25) {
|
|
616
|
+
return _ref14.apply(this, arguments);
|
|
613
617
|
};
|
|
614
618
|
}());
|
|
615
|
-
|
|
616
|
-
var
|
|
619
|
+
_this5.app.acl.use( /*#__PURE__*/function () {
|
|
620
|
+
var _ref16 = _asyncToGenerator(function* (ctx, next) {
|
|
617
621
|
const _ctx$action2 = ctx.action,
|
|
618
622
|
actionName = _ctx$action2.actionName,
|
|
619
623
|
resourceName = _ctx$action2.resourceName;
|
|
@@ -642,13 +646,13 @@ class PluginACL extends _server().Plugin {
|
|
|
642
646
|
}
|
|
643
647
|
return next();
|
|
644
648
|
});
|
|
645
|
-
return function (
|
|
646
|
-
return
|
|
649
|
+
return function (_x26, _x27) {
|
|
650
|
+
return _ref16.apply(this, arguments);
|
|
647
651
|
};
|
|
648
652
|
}());
|
|
649
|
-
const parseJsonTemplate =
|
|
650
|
-
|
|
651
|
-
var
|
|
653
|
+
const parseJsonTemplate = _this5.app.acl.parseJsonTemplate;
|
|
654
|
+
_this5.app.acl.use( /*#__PURE__*/function () {
|
|
655
|
+
var _ref17 = _asyncToGenerator(function* (ctx, next) {
|
|
652
656
|
const _ctx$action3 = ctx.action,
|
|
653
657
|
actionName = _ctx$action3.actionName,
|
|
654
658
|
resourceName = _ctx$action3.resourceName,
|
|
@@ -669,7 +673,7 @@ class PluginACL extends _server().Plugin {
|
|
|
669
673
|
resource: collectionName,
|
|
670
674
|
action: actionName
|
|
671
675
|
});
|
|
672
|
-
const availableAction =
|
|
676
|
+
const availableAction = _this5.app.acl.getAvailableAction(actionName);
|
|
673
677
|
if (availableAction === null || availableAction === void 0 ? void 0 : (_availableAction$opti = availableAction.options) === null || _availableAction$opti === void 0 ? void 0 : _availableAction$opti.onNewRecord) {
|
|
674
678
|
if (action) {
|
|
675
679
|
ctx.permission.skip = true;
|
|
@@ -690,15 +694,15 @@ class PluginACL extends _server().Plugin {
|
|
|
690
694
|
}
|
|
691
695
|
yield next();
|
|
692
696
|
});
|
|
693
|
-
return function (
|
|
694
|
-
return
|
|
697
|
+
return function (_x28, _x29) {
|
|
698
|
+
return _ref17.apply(this, arguments);
|
|
695
699
|
};
|
|
696
700
|
}(), {
|
|
697
701
|
before: 'core'
|
|
698
702
|
});
|
|
699
703
|
// throw error when user has no fixed params permissions
|
|
700
|
-
|
|
701
|
-
var
|
|
704
|
+
_this5.app.acl.use( /*#__PURE__*/function () {
|
|
705
|
+
var _ref18 = _asyncToGenerator(function* (ctx, next) {
|
|
702
706
|
var _ctx$permission3, _ctx$permission3$can;
|
|
703
707
|
const action = (_ctx$permission3 = ctx.permission) === null || _ctx$permission3 === void 0 ? void 0 : (_ctx$permission3$can = _ctx$permission3.can) === null || _ctx$permission3$can === void 0 ? void 0 : _ctx$permission3$can.action;
|
|
704
708
|
if (action == 'destroy' && !ctx.action.resourceName.includes('.')) {
|
|
@@ -714,15 +718,15 @@ class PluginACL extends _server().Plugin {
|
|
|
714
718
|
}
|
|
715
719
|
yield next();
|
|
716
720
|
});
|
|
717
|
-
return function (
|
|
718
|
-
return
|
|
721
|
+
return function (_x30, _x31) {
|
|
722
|
+
return _ref18.apply(this, arguments);
|
|
719
723
|
};
|
|
720
724
|
}(), {
|
|
721
725
|
after: 'core',
|
|
722
726
|
group: 'after'
|
|
723
727
|
});
|
|
724
728
|
const withACLMeta = /*#__PURE__*/function () {
|
|
725
|
-
var
|
|
729
|
+
var _ref19 = _asyncToGenerator(function* (ctx, next) {
|
|
726
730
|
var _ctx$body;
|
|
727
731
|
yield next();
|
|
728
732
|
if (!ctx.action || !ctx.get('X-With-ACL-Meta') || ctx.status !== 200) {
|
|
@@ -779,7 +783,7 @@ class PluginACL extends _server().Plugin {
|
|
|
779
783
|
}
|
|
780
784
|
};
|
|
781
785
|
try {
|
|
782
|
-
yield
|
|
786
|
+
yield _this5.app.acl.getActionParams(actionCtx);
|
|
783
787
|
} catch (e) {
|
|
784
788
|
if (e instanceof _acl().NoPermissionError) {
|
|
785
789
|
continue;
|
|
@@ -816,7 +820,7 @@ class PluginACL extends _server().Plugin {
|
|
|
816
820
|
const actionSql = ctx.db.sequelize.queryInterface.queryGenerator.selectQuery(Model.getTableName(), {
|
|
817
821
|
where: (() => {
|
|
818
822
|
const filterObj = queryParams.where;
|
|
819
|
-
if (!
|
|
823
|
+
if (!_this5.db.options.underscored) {
|
|
820
824
|
return filterObj;
|
|
821
825
|
}
|
|
822
826
|
const isAssociationKey = key => {
|
|
@@ -896,21 +900,21 @@ class PluginACL extends _server().Plugin {
|
|
|
896
900
|
ctx.body.allowedActions = allowedActions;
|
|
897
901
|
}
|
|
898
902
|
});
|
|
899
|
-
return function withACLMeta(
|
|
900
|
-
return
|
|
903
|
+
return function withACLMeta(_x32, _x33) {
|
|
904
|
+
return _ref19.apply(this, arguments);
|
|
901
905
|
};
|
|
902
906
|
}();
|
|
903
907
|
// append allowedActions to list & get response
|
|
904
|
-
|
|
905
|
-
var
|
|
908
|
+
_this5.app.use( /*#__PURE__*/function () {
|
|
909
|
+
var _ref20 = _asyncToGenerator(function* (ctx, next) {
|
|
906
910
|
try {
|
|
907
911
|
yield withACLMeta(ctx, next);
|
|
908
912
|
} catch (error) {
|
|
909
913
|
ctx.logger.error(error);
|
|
910
914
|
}
|
|
911
915
|
});
|
|
912
|
-
return function (
|
|
913
|
-
return
|
|
916
|
+
return function (_x34, _x35) {
|
|
917
|
+
return _ref20.apply(this, arguments);
|
|
914
918
|
};
|
|
915
919
|
}(), {
|
|
916
920
|
after: 'restApi',
|
|
@@ -919,19 +923,19 @@ class PluginACL extends _server().Plugin {
|
|
|
919
923
|
})();
|
|
920
924
|
}
|
|
921
925
|
install() {
|
|
922
|
-
var
|
|
926
|
+
var _this6 = this;
|
|
923
927
|
return _asyncToGenerator(function* () {
|
|
924
|
-
const repo =
|
|
928
|
+
const repo = _this6.db.getRepository('collections');
|
|
925
929
|
if (repo) {
|
|
926
930
|
yield repo.db2cm('roles');
|
|
927
931
|
}
|
|
928
932
|
})();
|
|
929
933
|
}
|
|
930
934
|
load() {
|
|
931
|
-
var
|
|
935
|
+
var _this7 = this;
|
|
932
936
|
return _asyncToGenerator(function* () {
|
|
933
|
-
yield
|
|
934
|
-
|
|
937
|
+
yield _this7.importCollections((0, _path().resolve)(__dirname, 'collections'));
|
|
938
|
+
_this7.db.extendCollection({
|
|
935
939
|
name: 'rolesUischemas',
|
|
936
940
|
namespace: 'acl.acl',
|
|
937
941
|
duplicator: 'required'
|
package/package.json
CHANGED
|
@@ -3,21 +3,21 @@
|
|
|
3
3
|
"displayName": "ACL",
|
|
4
4
|
"displayName.zh-CN": "权限控制",
|
|
5
5
|
"description": "A simple access control based on roles, resources and actions",
|
|
6
|
-
"description.zh-CN": "
|
|
7
|
-
"version": "0.
|
|
6
|
+
"description.zh-CN": "基于角色、资源和操作的权限控制。",
|
|
7
|
+
"version": "0.10.0-alpha.2",
|
|
8
8
|
"license": "AGPL-3.0",
|
|
9
9
|
"main": "./lib/index.js",
|
|
10
10
|
"types": "./lib/index.d.ts",
|
|
11
11
|
"dependencies": {
|
|
12
|
-
"@nocobase/acl": "0.
|
|
13
|
-
"@nocobase/database": "0.
|
|
14
|
-
"@nocobase/plugin-users": "0.
|
|
15
|
-
"@nocobase/server": "0.
|
|
12
|
+
"@nocobase/acl": "0.10.0-alpha.2",
|
|
13
|
+
"@nocobase/database": "0.10.0-alpha.2",
|
|
14
|
+
"@nocobase/plugin-users": "0.10.0-alpha.2",
|
|
15
|
+
"@nocobase/server": "0.10.0-alpha.2"
|
|
16
16
|
},
|
|
17
17
|
"repository": {
|
|
18
18
|
"type": "git",
|
|
19
19
|
"url": "git+https://github.com/nocobase/nocobase.git",
|
|
20
20
|
"directory": "packages/plugins/acl"
|
|
21
21
|
},
|
|
22
|
-
"gitHead": "
|
|
22
|
+
"gitHead": "85028ae1733fcbd46ecd5d291dacbdc175f7f073"
|
|
23
23
|
}
|