@nocobase/plugin-acl 2.0.0-alpha.9 → 2.0.0-beta.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/client/index.js +1 -1
- package/dist/externalVersion.js +8 -8
- package/dist/locale/de-DE.json +18 -7
- package/dist/locale/en-US.json +17 -13
- package/dist/locale/es-ES.json +22 -0
- package/dist/locale/fr-FR.json +22 -0
- package/dist/locale/hu-HU.json +22 -0
- package/dist/locale/id-ID.json +22 -0
- package/dist/locale/it-IT.json +18 -7
- package/dist/locale/ja-JP.json +18 -6
- package/dist/locale/ko-KR.json +21 -4
- package/dist/locale/nl-NL.json +20 -9
- package/dist/locale/pt-BR.json +22 -0
- package/dist/locale/ru-RU.json +22 -0
- package/dist/locale/tr-TR.json +22 -0
- package/dist/locale/uk-UA.json +22 -0
- package/dist/locale/vi-VN.json +22 -0
- package/dist/locale/zh-CN.json +15 -15
- package/dist/locale/zh-TW.json +22 -0
- package/dist/server/actions/user-setDefaultRole.js +5 -2
- package/dist/server/collections/roles.js +1 -0
- package/dist/server/middlewares/check-association-operate.d.ts +10 -0
- package/dist/server/middlewares/check-association-operate.js +88 -0
- package/dist/server/middlewares/check-change-with-association.d.ts +10 -0
- package/dist/server/middlewares/check-change-with-association.js +390 -0
- package/dist/server/middlewares/with-acl-meta.js +3 -0
- package/dist/server/migrations/20251119225252-update-member-default-permission.d.ts +14 -0
- package/dist/server/migrations/20251119225252-update-member-default-permission.js +59 -0
- package/dist/server/server.js +28 -3
- package/package.json +8 -2
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* This file is part of the NocoBase (R) project.
|
|
3
|
+
* Copyright (c) 2020-2024 NocoBase Co., Ltd.
|
|
4
|
+
* Authors: NocoBase Team.
|
|
5
|
+
*
|
|
6
|
+
* This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
|
|
7
|
+
* For more information, please refer to: https://www.nocobase.com/agreement.
|
|
8
|
+
*/
|
|
9
|
+
|
|
10
|
+
var __defProp = Object.defineProperty;
|
|
11
|
+
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
12
|
+
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
13
|
+
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
14
|
+
var __export = (target, all) => {
|
|
15
|
+
for (var name in all)
|
|
16
|
+
__defProp(target, name, { get: all[name], enumerable: true });
|
|
17
|
+
};
|
|
18
|
+
var __copyProps = (to, from, except, desc) => {
|
|
19
|
+
if (from && typeof from === "object" || typeof from === "function") {
|
|
20
|
+
for (let key of __getOwnPropNames(from))
|
|
21
|
+
if (!__hasOwnProp.call(to, key) && key !== except)
|
|
22
|
+
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
|
|
23
|
+
}
|
|
24
|
+
return to;
|
|
25
|
+
};
|
|
26
|
+
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
27
|
+
var update_member_default_permission_exports = {};
|
|
28
|
+
__export(update_member_default_permission_exports, {
|
|
29
|
+
default: () => update_member_default_permission_default
|
|
30
|
+
});
|
|
31
|
+
module.exports = __toCommonJS(update_member_default_permission_exports);
|
|
32
|
+
var import_server = require("@nocobase/server");
|
|
33
|
+
class update_member_default_permission_default extends import_server.Migration {
|
|
34
|
+
on = "afterLoad";
|
|
35
|
+
// 'beforeLoad' or 'afterLoad'
|
|
36
|
+
appVersion = "<2.0.0";
|
|
37
|
+
async up() {
|
|
38
|
+
const repo = this.db.getRepository("roles");
|
|
39
|
+
const role = await repo.findOne({
|
|
40
|
+
filter: {
|
|
41
|
+
name: "member"
|
|
42
|
+
}
|
|
43
|
+
});
|
|
44
|
+
if (!role) {
|
|
45
|
+
return;
|
|
46
|
+
}
|
|
47
|
+
await repo.update({
|
|
48
|
+
filter: {
|
|
49
|
+
name: role.name
|
|
50
|
+
},
|
|
51
|
+
values: {
|
|
52
|
+
strategy: {
|
|
53
|
+
...role.strategy,
|
|
54
|
+
actions: ["view:own"]
|
|
55
|
+
}
|
|
56
|
+
}
|
|
57
|
+
});
|
|
58
|
+
}
|
|
59
|
+
}
|
package/dist/server/server.js
CHANGED
|
@@ -55,6 +55,8 @@ var import_RoleModel = require("./model/RoleModel");
|
|
|
55
55
|
var import_RoleResourceActionModel = require("./model/RoleResourceActionModel");
|
|
56
56
|
var import_RoleResourceModel = require("./model/RoleResourceModel");
|
|
57
57
|
var import_union_role = require("./actions/union-role");
|
|
58
|
+
var import_check_association_operate = require("./middlewares/check-association-operate");
|
|
59
|
+
var import_check_change_with_association = require("./middlewares/check-change-with-association");
|
|
58
60
|
class PluginACLServer extends import_server.Plugin {
|
|
59
61
|
get acl() {
|
|
60
62
|
return this.app.acl;
|
|
@@ -143,6 +145,7 @@ class PluginACLServer extends import_server.Plugin {
|
|
|
143
145
|
"roles.dataSourcesCollections:*",
|
|
144
146
|
"roles.dataSourceResources:*",
|
|
145
147
|
"dataSourcesRolesResourcesScopes:*",
|
|
148
|
+
"dataSourcesRolesResourcesActions:*",
|
|
146
149
|
"rolesResourcesScopes:*"
|
|
147
150
|
]
|
|
148
151
|
});
|
|
@@ -387,7 +390,7 @@ class PluginACLServer extends import_server.Plugin {
|
|
|
387
390
|
name: "member",
|
|
388
391
|
title: '{{t("Member")}}',
|
|
389
392
|
allowNewMenu: true,
|
|
390
|
-
strategy: { actions: ["view
|
|
393
|
+
strategy: { actions: ["view:own"] },
|
|
391
394
|
default: true,
|
|
392
395
|
snippets: ["!ui.*", "!pm", "!pm.*"]
|
|
393
396
|
}
|
|
@@ -411,6 +414,16 @@ class PluginACLServer extends import_server.Plugin {
|
|
|
411
414
|
]
|
|
412
415
|
});
|
|
413
416
|
});
|
|
417
|
+
this.app.on("afterStart", async (app) => {
|
|
418
|
+
app.db.on("rolesUsers.beforeSave", async (model) => {
|
|
419
|
+
if (!model._changed.has("roleName")) {
|
|
420
|
+
return;
|
|
421
|
+
}
|
|
422
|
+
if (model.roleName === "root") {
|
|
423
|
+
throw new Error("No permissions");
|
|
424
|
+
}
|
|
425
|
+
});
|
|
426
|
+
});
|
|
414
427
|
this.app.on("cache:del:roles", ({ userId }) => {
|
|
415
428
|
this.app.cache.del(`roles:${userId}`);
|
|
416
429
|
});
|
|
@@ -485,8 +498,9 @@ class PluginACLServer extends import_server.Plugin {
|
|
|
485
498
|
} else {
|
|
486
499
|
collection = ctx.db.getCollection(resourceName);
|
|
487
500
|
}
|
|
488
|
-
|
|
489
|
-
|
|
501
|
+
const fields = ctx.permission.can.params.fields;
|
|
502
|
+
if (collection && collection.hasField("createdById") && !fields.includes("createdById")) {
|
|
503
|
+
fields.push("createdById");
|
|
490
504
|
}
|
|
491
505
|
}
|
|
492
506
|
return next();
|
|
@@ -559,6 +573,17 @@ class PluginACLServer extends import_server.Plugin {
|
|
|
559
573
|
},
|
|
560
574
|
{ after: "dataSource", group: "with-acl-meta" }
|
|
561
575
|
);
|
|
576
|
+
this.app.dataSourceManager.afterAddDataSource((dataSource) => {
|
|
577
|
+
dataSource.acl.use(import_check_association_operate.checkAssociationOperate, {
|
|
578
|
+
before: "core"
|
|
579
|
+
});
|
|
580
|
+
if (dataSource.options.acl !== false && dataSource.options.useACL !== false) {
|
|
581
|
+
dataSource.resourceManager.registerPreActionHandler("create", import_check_change_with_association.checkChangesWithAssociation);
|
|
582
|
+
dataSource.resourceManager.registerPreActionHandler("firstOrCreate", import_check_change_with_association.checkChangesWithAssociation);
|
|
583
|
+
dataSource.resourceManager.registerPreActionHandler("updateOrCreate", import_check_change_with_association.checkChangesWithAssociation);
|
|
584
|
+
dataSource.resourceManager.registerPreActionHandler("update", import_check_change_with_association.checkChangesWithAssociation);
|
|
585
|
+
}
|
|
586
|
+
});
|
|
562
587
|
this.db.on("afterUpdateCollection", async (collection) => {
|
|
563
588
|
if (collection.options.loadedFromCollectionManager || collection.options.asStrategyResource) {
|
|
564
589
|
this.app.acl.appendStrategyResource(collection.name);
|
package/package.json
CHANGED
|
@@ -1,17 +1,23 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@nocobase/plugin-acl",
|
|
3
3
|
"displayName": "Access control",
|
|
4
|
+
"displayName.ru-RU": "Контроль доступа",
|
|
4
5
|
"displayName.zh-CN": "权限控制",
|
|
5
6
|
"description": "Based on roles, resources, and actions, access control can precisely manage interface configuration permissions, data operation permissions, menu access permissions, and plugin permissions.",
|
|
7
|
+
"description.ru-RU": "На основе ролей, ресурсов и действий система контроля доступа может точно управлять разрешениями на изменение интерфейса, работу с данными, доступ к меню и разрешениями для подключаемых модулей.",
|
|
6
8
|
"description.zh-CN": "基于角色、资源和操作的权限控制,可以精确控制界面配置权限、数据操作权限、菜单访问权限、插件权限。",
|
|
7
|
-
"version": "2.0.0-
|
|
9
|
+
"version": "2.0.0-beta.10",
|
|
8
10
|
"license": "AGPL-3.0",
|
|
9
11
|
"main": "./dist/server/index.js",
|
|
10
12
|
"homepage": "https://docs.nocobase.com/handbook/acl",
|
|
13
|
+
"homepage.ru-RU": "https://docs-ru.nocobase.com/handbook/acl",
|
|
11
14
|
"homepage.zh-CN": "https://docs-cn.nocobase.com/handbook/acl",
|
|
12
15
|
"keywords": [
|
|
13
16
|
"Users & permissions"
|
|
14
17
|
],
|
|
18
|
+
"nocobase": {
|
|
19
|
+
"defaultEnabled": true
|
|
20
|
+
},
|
|
15
21
|
"devDependencies": {
|
|
16
22
|
"@types/jsonwebtoken": "^9.0.9",
|
|
17
23
|
"jsonwebtoken": "^9.0.2",
|
|
@@ -33,5 +39,5 @@
|
|
|
33
39
|
"url": "git+https://github.com/nocobase/nocobase.git",
|
|
34
40
|
"directory": "packages/plugins/acl"
|
|
35
41
|
},
|
|
36
|
-
"gitHead": "
|
|
42
|
+
"gitHead": "9943dc4b0fdedcac3f304714b58635ae441e2560"
|
|
37
43
|
}
|