@nocobase/plugin-acl 2.0.0-alpha.36 → 2.0.0-alpha.38
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/externalVersion.js
CHANGED
|
@@ -8,7 +8,7 @@
|
|
|
8
8
|
*/
|
|
9
9
|
|
|
10
10
|
module.exports = {
|
|
11
|
-
"@nocobase/client": "2.0.0-alpha.
|
|
11
|
+
"@nocobase/client": "2.0.0-alpha.38",
|
|
12
12
|
"antd": "5.24.2",
|
|
13
13
|
"react": "18.2.0",
|
|
14
14
|
"react-i18next": "11.18.6",
|
|
@@ -17,14 +17,14 @@ module.exports = {
|
|
|
17
17
|
"@formily/react": "2.3.7",
|
|
18
18
|
"@ant-design/icons": "5.6.1",
|
|
19
19
|
"lodash": "4.17.21",
|
|
20
|
-
"@nocobase/utils": "2.0.0-alpha.
|
|
21
|
-
"@nocobase/actions": "2.0.0-alpha.
|
|
22
|
-
"@nocobase/cache": "2.0.0-alpha.
|
|
23
|
-
"@nocobase/database": "2.0.0-alpha.
|
|
24
|
-
"@nocobase/server": "2.0.0-alpha.
|
|
25
|
-
"@nocobase/test": "2.0.0-alpha.
|
|
20
|
+
"@nocobase/utils": "2.0.0-alpha.38",
|
|
21
|
+
"@nocobase/actions": "2.0.0-alpha.38",
|
|
22
|
+
"@nocobase/cache": "2.0.0-alpha.38",
|
|
23
|
+
"@nocobase/database": "2.0.0-alpha.38",
|
|
24
|
+
"@nocobase/server": "2.0.0-alpha.38",
|
|
25
|
+
"@nocobase/test": "2.0.0-alpha.38",
|
|
26
26
|
"@formily/core": "2.3.7",
|
|
27
27
|
"@formily/antd-v5": "1.2.3",
|
|
28
28
|
"antd-style": "3.7.1",
|
|
29
|
-
"@nocobase/acl": "2.0.0-alpha.
|
|
29
|
+
"@nocobase/acl": "2.0.0-alpha.38"
|
|
30
30
|
};
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* This file is part of the NocoBase (R) project.
|
|
3
|
+
* Copyright (c) 2020-2024 NocoBase Co., Ltd.
|
|
4
|
+
* Authors: NocoBase Team.
|
|
5
|
+
*
|
|
6
|
+
* This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
|
|
7
|
+
* For more information, please refer to: https://www.nocobase.com/agreement.
|
|
8
|
+
*/
|
|
9
|
+
import { Context, Next } from '@nocobase/actions';
|
|
10
|
+
export declare function checkAssociationOperate(ctx: Context, next: Next): Promise<any>;
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* This file is part of the NocoBase (R) project.
|
|
3
|
+
* Copyright (c) 2020-2024 NocoBase Co., Ltd.
|
|
4
|
+
* Authors: NocoBase Team.
|
|
5
|
+
*
|
|
6
|
+
* This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
|
|
7
|
+
* For more information, please refer to: https://www.nocobase.com/agreement.
|
|
8
|
+
*/
|
|
9
|
+
|
|
10
|
+
var __defProp = Object.defineProperty;
|
|
11
|
+
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
12
|
+
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
13
|
+
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
14
|
+
var __export = (target, all) => {
|
|
15
|
+
for (var name in all)
|
|
16
|
+
__defProp(target, name, { get: all[name], enumerable: true });
|
|
17
|
+
};
|
|
18
|
+
var __copyProps = (to, from, except, desc) => {
|
|
19
|
+
if (from && typeof from === "object" || typeof from === "function") {
|
|
20
|
+
for (let key of __getOwnPropNames(from))
|
|
21
|
+
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
22
|
+
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
23
|
+
}
|
|
24
|
+
return to;
|
|
25
|
+
};
|
|
26
|
+
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
27
|
+
var check_association_operate_exports = {};
|
|
28
|
+
__export(check_association_operate_exports, {
|
|
29
|
+
checkAssociationOperate: () => checkAssociationOperate
|
|
30
|
+
});
|
|
31
|
+
module.exports = __toCommonJS(check_association_operate_exports);
|
|
32
|
+
async function checkAssociationOperate(ctx, next) {
|
|
33
|
+
var _a;
|
|
34
|
+
const { actionName, resourceName } = ctx.action;
|
|
35
|
+
if (!(resourceName.includes(".") && ["add", "set", "remove", "toggle"].includes(actionName))) {
|
|
36
|
+
return next();
|
|
37
|
+
}
|
|
38
|
+
const [resource, association] = resourceName.split(".");
|
|
39
|
+
const result = ctx.can({
|
|
40
|
+
roles: ctx.state.currentRoles,
|
|
41
|
+
resource,
|
|
42
|
+
action: "update",
|
|
43
|
+
rawResourceName: resourceName
|
|
44
|
+
});
|
|
45
|
+
if (!result) {
|
|
46
|
+
ctx.throw(403, "No permissions");
|
|
47
|
+
}
|
|
48
|
+
const params = result.params || ctx.acl.fixedParamsManager.getParams(resourceName, actionName);
|
|
49
|
+
if (params.whitelist && !((_a = params.whitelist) == null ? void 0 : _a.includes(association))) {
|
|
50
|
+
ctx.throw(403, "No permissions");
|
|
51
|
+
}
|
|
52
|
+
ctx.permission = {
|
|
53
|
+
...ctx.permission,
|
|
54
|
+
skip: true
|
|
55
|
+
};
|
|
56
|
+
await next();
|
|
57
|
+
}
|
|
58
|
+
// Annotate the CommonJS export names for ESM import in node:
|
|
59
|
+
0 && (module.exports = {
|
|
60
|
+
checkAssociationOperate
|
|
61
|
+
});
|
package/dist/server/server.js
CHANGED
|
@@ -55,6 +55,7 @@ var import_RoleModel = require("./model/RoleModel");
|
|
|
55
55
|
var import_RoleResourceActionModel = require("./model/RoleResourceActionModel");
|
|
56
56
|
var import_RoleResourceModel = require("./model/RoleResourceModel");
|
|
57
57
|
var import_union_role = require("./actions/union-role");
|
|
58
|
+
var import_check_association_operate = require("./middlewares/check-association-operate");
|
|
58
59
|
class PluginACLServer extends import_server.Plugin {
|
|
59
60
|
get acl() {
|
|
60
61
|
return this.app.acl;
|
|
@@ -485,8 +486,9 @@ class PluginACLServer extends import_server.Plugin {
|
|
|
485
486
|
} else {
|
|
486
487
|
collection = ctx.db.getCollection(resourceName);
|
|
487
488
|
}
|
|
488
|
-
|
|
489
|
-
|
|
489
|
+
const fields = ctx.permission.can.params.fields;
|
|
490
|
+
if (collection && collection.hasField("createdById") && !fields.includes("createdById")) {
|
|
491
|
+
fields.push("createdById");
|
|
490
492
|
}
|
|
491
493
|
}
|
|
492
494
|
return next();
|
|
@@ -559,6 +561,9 @@ class PluginACLServer extends import_server.Plugin {
|
|
|
559
561
|
},
|
|
560
562
|
{ after: "dataSource", group: "with-acl-meta" }
|
|
561
563
|
);
|
|
564
|
+
this.app.acl.use(import_check_association_operate.checkAssociationOperate, {
|
|
565
|
+
before: "core"
|
|
566
|
+
});
|
|
562
567
|
this.db.on("afterUpdateCollection", async (collection) => {
|
|
563
568
|
if (collection.options.loadedFromCollectionManager || collection.options.asStrategyResource) {
|
|
564
569
|
this.app.acl.appendStrategyResource(collection.name);
|
package/package.json
CHANGED
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
"displayName.zh-CN": "权限控制",
|
|
5
5
|
"description": "Based on roles, resources, and actions, access control can precisely manage interface configuration permissions, data operation permissions, menu access permissions, and plugin permissions.",
|
|
6
6
|
"description.zh-CN": "基于角色、资源和操作的权限控制,可以精确控制界面配置权限、数据操作权限、菜单访问权限、插件权限。",
|
|
7
|
-
"version": "2.0.0-alpha.
|
|
7
|
+
"version": "2.0.0-alpha.38",
|
|
8
8
|
"license": "AGPL-3.0",
|
|
9
9
|
"main": "./dist/server/index.js",
|
|
10
10
|
"homepage": "https://docs.nocobase.com/handbook/acl",
|
|
@@ -36,5 +36,5 @@
|
|
|
36
36
|
"url": "git+https://github.com/nocobase/nocobase.git",
|
|
37
37
|
"directory": "packages/plugins/acl"
|
|
38
38
|
},
|
|
39
|
-
"gitHead": "
|
|
39
|
+
"gitHead": "30b1723601099007f7641c6ffa4111c880cb44e4"
|
|
40
40
|
}
|