@nocobase/plugin-acl 2.0.0-alpha.4 → 2.0.0-alpha.41

package/dist/externalVersion.js

@@ -8,7 +8,7 @@
  */
 
 module.exports = {
-  "@nocobase/client": "2.0.0-alpha.4",
+  "@nocobase/client": "2.0.0-alpha.41",
   "antd": "5.24.2",
   "react": "18.2.0",
   "react-i18next": "11.18.6",
@@ -17,14 +17,14 @@ module.exports = {
   "@formily/react": "2.3.7",
   "@ant-design/icons": "5.6.1",
   "lodash": "4.17.21",
-  "@nocobase/utils": "2.0.0-alpha.4",
-  "@nocobase/actions": "2.0.0-alpha.4",
-  "@nocobase/cache": "2.0.0-alpha.4",
-  "@nocobase/database": "2.0.0-alpha.4",
-  "@nocobase/server": "2.0.0-alpha.4",
-  "@nocobase/test": "2.0.0-alpha.4",
+  "@nocobase/utils": "2.0.0-alpha.41",
+  "@nocobase/actions": "2.0.0-alpha.41",
+  "@nocobase/cache": "2.0.0-alpha.41",
+  "@nocobase/database": "2.0.0-alpha.41",
+  "@nocobase/server": "2.0.0-alpha.41",
+  "@nocobase/test": "2.0.0-alpha.41",
   "@formily/core": "2.3.7",
   "@formily/antd-v5": "1.2.3",
   "antd-style": "3.7.1",
-  "@nocobase/acl": "2.0.0-alpha.4"
+  "@nocobase/acl": "2.0.0-alpha.41"
 };

package/dist/server/actions/user-setDefaultRole.js

@@ -29,6 +29,7 @@ __export(user_setDefaultRole_exports, {
   setDefaultRole: () => setDefaultRole
 });
 module.exports = __toCommonJS(user_setDefaultRole_exports);
+var import_constants = require("../constants");
 async function setDefaultRole(ctx, next) {
   const {
     values: { roleName }
@@ -72,7 +73,7 @@ async function setDefaultRole(ctx, next) {
     if (targetUserRole) {
       await repository.model.update({ default: true }, { where: { userId: currentUser.id, roleName }, transaction });
       model = targetUserRole.set("default", true);
-    } else {
+    } else if (roleName === import_constants.UNION_ROLE_KEY) {
       model = await repository.create({
         values: {
           userId: currentUser.id,
@@ -82,7 +83,9 @@ async function setDefaultRole(ctx, next) {
         transaction
       });
     }
-    db.emitAsync("rolesUsers.afterSave", model);
+    if (model) {
+      db.emitAsync("rolesUsers.afterSave", model);
+    }
   });
   ctx.body = "ok";
   await next();

package/dist/server/middlewares/check-association-operate.d.ts

@@ -0,0 +1,10 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+import { Context, Next } from '@nocobase/actions';
+export declare function checkAssociationOperate(ctx: Context, next: Next): Promise<any>;

package/dist/server/middlewares/check-association-operate.js

@@ -0,0 +1,68 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var check_association_operate_exports = {};
+__export(check_association_operate_exports, {
+  checkAssociationOperate: () => checkAssociationOperate
+});
+module.exports = __toCommonJS(check_association_operate_exports);
+async function checkAssociationOperate(ctx, next) {
+  var _a;
+  const { actionName, resourceName } = ctx.action;
+  if (!(resourceName.includes(".") && ["add", "set", "remove", "toggle"].includes(actionName))) {
+    return next();
+  }
+  const acl = ctx.acl;
+  const roles = ctx.state.currentRoles;
+  for (const role of roles) {
+    const aclRole = acl.getRole(role);
+    if (aclRole.snippetAllowed(`${resourceName}:${actionName}`)) {
+      return next();
+    }
+  }
+  const [resource, association] = resourceName.split(".");
+  const result = ctx.can({
+    roles,
+    resource,
+    action: "update"
+  });
+  if (!result) {
+    ctx.throw(403, "No permissions");
+  }
+  const params = result.params || ctx.acl.fixedParamsManager.getParams(resourceName, actionName);
+  if (params.whitelist && !((_a = params.whitelist) == null ? void 0 : _a.includes(association))) {
+    ctx.throw(403, "No permissions");
+  }
+  ctx.permission = {
+    ...ctx.permission,
+    skip: true
+  };
+  await next();
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  checkAssociationOperate
+});

package/dist/server/server.js

@@ -55,6 +55,7 @@ var import_RoleModel = require("./model/RoleModel");
 var import_RoleResourceActionModel = require("./model/RoleResourceActionModel");
 var import_RoleResourceModel = require("./model/RoleResourceModel");
 var import_union_role = require("./actions/union-role");
+var import_check_association_operate = require("./middlewares/check-association-operate");
 class PluginACLServer extends import_server.Plugin {
   get acl() {
     return this.app.acl;
@@ -485,8 +486,9 @@ class PluginACLServer extends import_server.Plugin {
         } else {
           collection = ctx.db.getCollection(resourceName);
         }
-        if (collection && collection.hasField("createdById")) {
-          ctx.permission.can.params.fields.push("createdById");
+        const fields = ctx.permission.can.params.fields;
+        if (collection && collection.hasField("createdById") && !fields.includes("createdById")) {
+          fields.push("createdById");
         }
       }
       return next();
@@ -559,6 +561,9 @@ class PluginACLServer extends import_server.Plugin {
       },
       { after: "dataSource", group: "with-acl-meta" }
     );
+    this.app.acl.use(import_check_association_operate.checkAssociationOperate, {
+      before: "core"
+    });
     this.db.on("afterUpdateCollection", async (collection) => {
       if (collection.options.loadedFromCollectionManager || collection.options.asStrategyResource) {
         this.app.acl.appendStrategyResource(collection.name);

package/package.json

@@ -4,7 +4,7 @@
   "displayName.zh-CN": "权限控制",
   "description": "Based on roles, resources, and actions, access control can precisely manage interface configuration permissions, data operation permissions, menu access permissions, and plugin permissions.",
   "description.zh-CN": "基于角色、资源和操作的权限控制，可以精确控制界面配置权限、数据操作权限、菜单访问权限、插件权限。",
-  "version": "2.0.0-alpha.4",
+  "version": "2.0.0-alpha.41",
   "license": "AGPL-3.0",
   "main": "./dist/server/index.js",
   "homepage": "https://docs.nocobase.com/handbook/acl",
@@ -12,6 +12,9 @@
   "keywords": [
     "Users & permissions"
   ],
+  "nocobase": {
+    "defaultEnabled": true
+  },
   "devDependencies": {
     "@types/jsonwebtoken": "^9.0.9",
     "jsonwebtoken": "^9.0.2",
@@ -33,5 +36,5 @@
     "url": "git+https://github.com/nocobase/nocobase.git",
     "directory": "packages/plugins/acl"
   },
-  "gitHead": "54f3cab47e7efbdc73377014d05f5fc66a4affbb"
+  "gitHead": "889e81eef0280c2e45571bd0a4b2db6aa004f8c1"
 }