@nocobase/plugin-acl 2.0.22 → 2.1.0-alpha.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/dist/client/067d5a47cb09b2c3.js +10 -0
  2. package/dist/client/49582e5dbe5da0d7.js +10 -0
  3. package/dist/client/index.js +1 -1
  4. package/dist/externalVersion.js +8 -8
  5. package/dist/swagger/index.d.ts +795 -149
  6. package/dist/swagger/index.js +678 -183
  7. package/package.json +2 -2
  8. package/dist/client/0655d5ded9f45bb1.js +0 -10
  9. package/dist/client/50204a14518b3a0d.js +0 -10
package/dist/swagger/index.js CHANGED
@@ -32,23 +32,23 @@ module.exports = __toCommonJS(swagger_exports);
32
32
  var swagger_default = {
33
33
  openapi: "3.0.2",
34
34
  info: {
35
- title: "NocoBase API - ACL plugin"
35
+ title: "NocoBase API - ACL plugin",
36
+ version: "1.0.0"
36
37
  },
37
38
  paths: {
38
39
  "/roles:list": {
39
40
  get: {
40
41
  tags: ["roles"],
41
- description: "",
42
- parameters: [],
42
+ summary: "List roles",
43
43
  responses: {
44
44
  200: {
45
- description: "ok",
45
+ description: "OK",
46
46
  content: {
47
47
  "application/json": {
48
48
  schema: {
49
49
  type: "array",
50
50
  items: {
51
- $ref: "#/components/schemas/role"
51
+ $ref: "#/components/schemas/Role"
52
52
  }
53
53
  }
54
54
  }
@@ -60,25 +60,15 @@ var swagger_default = {
60
60
  "/roles:get": {
61
61
  get: {
62
62
  tags: ["roles"],
63
- description: "",
64
- parameters: [
65
- {
66
- name: "filterByTk",
67
- in: "query",
68
- description: "role name",
69
- required: true,
70
- schema: {
71
- type: "string"
72
- }
73
- }
74
- ],
63
+ summary: "Get a role",
64
+ parameters: [{ $ref: "#/components/parameters/RoleNameQuery" }],
75
65
  responses: {
76
66
  200: {
77
- description: "ok",
67
+ description: "OK",
78
68
  content: {
79
69
  "application/json": {
80
70
  schema: {
81
- $ref: "#/components/schemas/role"
71
+ $ref: "#/components/schemas/Role"
82
72
  }
83
73
  }
84
74
  }
@@ -89,23 +79,25 @@ var swagger_default = {
89
79
  "/roles:create": {
90
80
  post: {
91
81
  tags: ["roles"],
92
- description: "",
82
+ summary: "Create a role",
83
+ description: "Create a role. Request body uses direct role values.",
93
84
  requestBody: {
85
+ required: true,
94
86
  content: {
95
87
  "application/json": {
96
88
  schema: {
97
- $ref: "#/components/schemas/role"
89
+ $ref: "#/components/schemas/RoleWrite"
98
90
  }
99
91
  }
100
92
  }
101
93
  },
102
94
  responses: {
103
- "200": {
95
+ 200: {
104
96
  description: "OK",
105
97
  content: {
106
98
  "application/json": {
107
99
  schema: {
108
- $ref: "#/components/schemas/role"
100
+ $ref: "#/components/schemas/Role"
109
101
  }
110
102
  }
111
103
  }
@@ -116,34 +108,26 @@ var swagger_default = {
116
108
  "/roles:update": {
117
109
  post: {
118
110
  tags: ["roles"],
119
- description: "",
120
- parameters: [
121
- {
122
- name: "filterByTk",
123
- in: "query",
124
- description: "role name",
125
- required: true,
126
- schema: {
127
- type: "string"
128
- }
129
- }
130
- ],
111
+ summary: "Update a role",
112
+ description: "Update a role by role name (`filterByTk`). Commonly used for role metadata and system permission snippets.",
113
+ parameters: [{ $ref: "#/components/parameters/RoleNameQuery" }],
131
114
  requestBody: {
115
+ required: true,
132
116
  content: {
133
117
  "application/json": {
134
118
  schema: {
135
- $ref: "#/components/schemas/role"
119
+ $ref: "#/components/schemas/RoleWrite"
136
120
  }
137
121
  }
138
122
  }
139
123
  },
140
124
  responses: {
141
125
  200: {
142
- description: "ok",
126
+ description: "OK",
143
127
  content: {
144
128
  "application/json": {
145
129
  schema: {
146
- $ref: "#/components/schemas/role"
130
+ $ref: "#/components/schemas/Role"
147
131
  }
148
132
  }
149
133
  }
@@ -154,20 +138,10 @@ var swagger_default = {
154
138
  "/roles:destroy": {
155
139
  post: {
156
140
  tags: ["roles"],
157
- description: "",
158
- parameters: [
159
- {
160
- name: "filterByTk",
161
- in: "query",
162
- description: "role name",
163
- required: true,
164
- schema: {
165
- type: "string"
166
- }
167
- }
168
- ],
141
+ summary: "Destroy a role",
142
+ parameters: [{ $ref: "#/components/parameters/RoleNameQuery" }],
169
143
  responses: {
170
- "200": {
144
+ 200: {
171
145
  description: "OK"
172
146
  }
173
147
  }
@@ -176,14 +150,15 @@ var swagger_default = {
176
150
  "/roles:check": {
177
151
  get: {
178
152
  tags: ["roles"],
179
- description: "return current user role",
153
+ summary: "Check current role context",
154
+ description: "Return the current effective role context, including role mode and resolved ACL action map for the current user.",
180
155
  responses: {
181
156
  200: {
182
- description: "ok",
157
+ description: "OK",
183
158
  content: {
184
159
  "application/json": {
185
160
  schema: {
186
- $ref: "#/components/schemas/role"
161
+ $ref: "#/components/schemas/RoleCheck"
187
162
  }
188
163
  }
189
164
  }
@@ -194,82 +169,306 @@ var swagger_default = {
194
169
  "/roles:setDefaultRole": {
195
170
  post: {
196
171
  tags: ["roles"],
197
- description: "set default role for new user",
172
+ summary: "Set default role for new users",
198
173
  requestBody: {
174
+ required: true,
199
175
  content: {
200
176
  "application/json": {
201
177
  schema: {
202
178
  type: "object",
203
179
  properties: {
204
- roleName: {
205
- type: "string"
180
+ roleName: { type: "string" }
181
+ },
182
+ required: ["roleName"]
183
+ }
184
+ }
185
+ }
186
+ },
187
+ responses: {
188
+ 200: {
189
+ description: "OK"
190
+ }
191
+ }
192
+ }
193
+ },
194
+ "/roles:setSystemRoleMode": {
195
+ post: {
196
+ tags: ["roles"],
197
+ summary: "Set system role mode",
198
+ description: "Set the system role mode. Valid values are `default`, `allow-use-union`, and `only-use-union`.",
199
+ requestBody: {
200
+ required: true,
201
+ content: {
202
+ "application/json": {
203
+ schema: {
204
+ $ref: "#/components/schemas/RoleModeWrite"
205
+ }
206
+ }
207
+ }
208
+ },
209
+ responses: {
210
+ 200: {
211
+ description: "OK"
212
+ }
213
+ }
214
+ }
215
+ },
216
+ "/dataSources/{dataSourceKey}/roles:update": {
217
+ post: {
218
+ tags: ["dataSources.roles"],
219
+ summary: "Update global ACL strategy for a role in a data source",
220
+ description: "Configure global table permissions for a role inside a data source. Request body typically includes `roleName`, `dataSourceKey`, and `strategy.actions`.",
221
+ parameters: [
222
+ { $ref: "#/components/parameters/DataSourceKeyPath" },
223
+ { $ref: "#/components/parameters/RoleNameQuery" }
224
+ ],
225
+ requestBody: {
226
+ required: true,
227
+ content: {
228
+ "application/json": {
229
+ schema: {
230
+ $ref: "#/components/schemas/DataSourceRole"
231
+ }
232
+ }
233
+ }
234
+ },
235
+ responses: {
236
+ 200: {
237
+ description: "OK",
238
+ content: {
239
+ "application/json": {
240
+ schema: {
241
+ $ref: "#/components/schemas/DataSourceRole"
242
+ }
243
+ }
244
+ }
245
+ }
246
+ }
247
+ }
248
+ },
249
+ "/dataSources/{dataSourceKey}/roles:get": {
250
+ get: {
251
+ tags: ["dataSources.roles"],
252
+ summary: "Get global ACL strategy for a role in a data source",
253
+ parameters: [
254
+ { $ref: "#/components/parameters/DataSourceKeyPath" },
255
+ { $ref: "#/components/parameters/RoleNameQuery" }
256
+ ],
257
+ responses: {
258
+ 200: {
259
+ description: "OK",
260
+ content: {
261
+ "application/json": {
262
+ schema: {
263
+ $ref: "#/components/schemas/DataSourceRole"
264
+ }
265
+ }
266
+ }
267
+ }
268
+ }
269
+ }
270
+ },
271
+ "/roles/{roleName}/dataSourcesCollections:list": {
272
+ get: {
273
+ tags: ["roles.dataSourcesCollections"],
274
+ summary: "List data-source collections in role permission configuration",
275
+ description: "List collections in the target data source for the given role and indicate whether they use global permissions or collection-level independent permissions.",
276
+ parameters: [
277
+ { $ref: "#/components/parameters/RoleNamePath" },
278
+ { $ref: "#/components/parameters/PageQuery" },
279
+ { $ref: "#/components/parameters/PageSizeQuery" },
280
+ { $ref: "#/components/parameters/SortQuery" },
281
+ { $ref: "#/components/parameters/AppendsQuery" },
282
+ { $ref: "#/components/parameters/FilterQuery" }
283
+ ],
284
+ responses: {
285
+ 200: {
286
+ description: "OK",
287
+ content: {
288
+ "application/json": {
289
+ schema: {
290
+ type: "object",
291
+ properties: {
292
+ count: { type: "integer" },
293
+ rows: {
294
+ type: "array",
295
+ items: { $ref: "#/components/schemas/RoleCollectionPermissionRow" }
296
+ },
297
+ page: { type: "integer" },
298
+ pageSize: { type: "integer" },
299
+ totalPage: { type: "integer" }
206
300
  }
207
301
  }
208
302
  }
209
303
  }
210
304
  }
305
+ }
306
+ }
307
+ },
308
+ "/roles/{roleName}/dataSourceResources:create": {
309
+ post: {
310
+ tags: ["roles.dataSourceResources"],
311
+ summary: "Create collection-level independent ACL permissions for a role",
312
+ description: [
313
+ "Create collection-level independent permission config for a role in a data source.",
314
+ "Request body usually includes `name`, `dataSourceKey`, `usingActionsConfig`, and `actions`."
315
+ ].join("\n"),
316
+ parameters: [
317
+ { $ref: "#/components/parameters/RoleNamePath" },
318
+ { $ref: "#/components/parameters/ResourceNameQuery" },
319
+ { $ref: "#/components/parameters/FilterQuery" }
320
+ ],
321
+ requestBody: {
322
+ required: true,
323
+ content: {
324
+ "application/json": {
325
+ schema: {
326
+ $ref: "#/components/schemas/RoleDataSourceResourceWrite"
327
+ }
328
+ }
329
+ }
211
330
  },
212
331
  responses: {
213
- "200": {
214
- description: "OK"
332
+ 200: {
333
+ description: "OK",
334
+ content: {
335
+ "application/json": {
336
+ schema: {
337
+ $ref: "#/components/schemas/RoleDataSourceResource"
338
+ }
339
+ }
340
+ }
215
341
  }
216
342
  }
217
343
  }
218
344
  },
219
- "/roles/{roleName}/collections:list": {
345
+ "/roles/{roleName}/dataSourceResources:get": {
220
346
  get: {
221
- tags: ["roles.collections"],
222
- description: "list permissions of collections for role by roleName",
347
+ tags: ["roles.dataSourceResources"],
348
+ summary: "Get one collection-level independent ACL permission for a role",
349
+ description: "Get one collection-level independent permission config. Target it with a `filter` such as `{ name, dataSourceKey }`.",
223
350
  parameters: [
224
- {
225
- name: "filterByTk",
226
- in: "query",
227
- description: "role name",
228
- required: true,
229
- schema: {
230
- type: "string"
351
+ { $ref: "#/components/parameters/RoleNamePath" },
352
+ { $ref: "#/components/parameters/ResourcePermissionTkQuery" },
353
+ { $ref: "#/components/parameters/FilterQuery" },
354
+ { $ref: "#/components/parameters/AppendsQuery" }
355
+ ],
356
+ responses: {
357
+ 200: {
358
+ description: "OK",
359
+ content: {
360
+ "application/json": {
361
+ schema: {
362
+ $ref: "#/components/schemas/RoleDataSourceResource"
363
+ }
364
+ }
231
365
  }
232
366
  }
367
+ }
368
+ }
369
+ },
370
+ "/roles/{roleName}/dataSourceResources:update": {
371
+ post: {
372
+ tags: ["roles.dataSourceResources"],
373
+ summary: "Update collection-level independent ACL permissions for a role",
374
+ description: "Update one collection-level independent permission config. You can target the record by `filterByTk` or by a `filter` such as `{ name, dataSourceKey }`.",
375
+ parameters: [
376
+ { $ref: "#/components/parameters/RoleNamePath" },
377
+ { $ref: "#/components/parameters/ResourcePermissionTkQuery" },
378
+ { $ref: "#/components/parameters/FilterQuery" }
379
+ ],
380
+ requestBody: {
381
+ required: true,
382
+ content: {
383
+ "application/json": {
384
+ schema: {
385
+ $ref: "#/components/schemas/RoleDataSourceResourceWrite"
386
+ }
387
+ }
388
+ }
389
+ },
390
+ responses: {
391
+ 200: {
392
+ description: "OK",
393
+ content: {
394
+ "application/json": {
395
+ schema: {
396
+ $ref: "#/components/schemas/RoleDataSourceResource"
397
+ }
398
+ }
399
+ }
400
+ }
401
+ }
402
+ }
403
+ },
404
+ "/rolesResourcesScopes:list": {
405
+ get: {
406
+ tags: ["rolesResourcesScopes"],
407
+ summary: "List reusable ACL scopes",
408
+ parameters: [
409
+ { $ref: "#/components/parameters/PageQuery" },
410
+ { $ref: "#/components/parameters/PageSizeQuery" },
411
+ { $ref: "#/components/parameters/FilterQuery" }
233
412
  ],
234
413
  responses: {
235
- "200": {
414
+ 200: {
236
415
  description: "OK",
237
416
  content: {
238
417
  "application/json": {
239
418
  schema: {
240
419
  type: "array",
241
- items: {
242
- type: "object",
243
- properties: {
244
- type: {
245
- type: "string",
246
- description: "collection"
247
- },
248
- name: {
249
- type: "string",
250
- description: "collection name"
251
- },
252
- collectionName: {
253
- type: "string",
254
- description: "collection name"
255
- },
256
- title: {
257
- type: "string",
258
- description: "collection title"
259
- },
260
- roleName: {
261
- type: "string",
262
- description: "role name"
263
- },
264
- usingConfig: {
265
- type: "string",
266
- enum: ["resourceAction", "strategy"],
267
- description: "resourceAction: \u5355\u72EC\u914D\u7F6E, strategy: \u5168\u5C40\u7B56\u7565"
268
- },
269
- exists: {
270
- type: "boolean",
271
- description: "\u662F\u5426\u5B58\u5728\u5355\u72EC\u914D\u7F6E\u7684\u6743\u9650"
272
- }
420
+ items: { $ref: "#/components/schemas/RoleResourceScope" }
421
+ }
422
+ }
423
+ }
424
+ }
425
+ }
426
+ }
427
+ },
428
+ "/rolesResourcesScopes:get": {
429
+ get: {
430
+ tags: ["rolesResourcesScopes"],
431
+ summary: "Get a reusable ACL scope",
432
+ parameters: [{ $ref: "#/components/parameters/ScopePkQuery" }, { $ref: "#/components/parameters/FilterQuery" }],
433
+ responses: {
434
+ 200: {
435
+ description: "OK",
436
+ content: {
437
+ "application/json": {
438
+ schema: {
439
+ $ref: "#/components/schemas/RoleResourceScope"
440
+ }
441
+ }
442
+ }
443
+ }
444
+ }
445
+ }
446
+ },
447
+ "/dataSources/{dataSourceKey}/rolesResourcesScopes:list": {
448
+ get: {
449
+ tags: ["dataSources.rolesResourcesScopes"],
450
+ summary: "List reusable ACL scopes in a data source",
451
+ parameters: [
452
+ { $ref: "#/components/parameters/DataSourceKeyPath" },
453
+ { $ref: "#/components/parameters/PageQuery" },
454
+ { $ref: "#/components/parameters/PageSizeQuery" },
455
+ { $ref: "#/components/parameters/FilterQuery" }
456
+ ],
457
+ responses: {
458
+ 200: {
459
+ description: "OK",
460
+ content: {
461
+ "application/json": {
462
+ schema: {
463
+ type: "object",
464
+ properties: {
465
+ data: {
466
+ type: "array",
467
+ items: { $ref: "#/components/schemas/RoleResourceScope" }
468
+ },
469
+ meta: {
470
+ type: "object",
471
+ additionalProperties: true
273
472
  }
274
473
  }
275
474
  }
@@ -279,50 +478,121 @@ var swagger_default = {
279
478
  }
280
479
  }
281
480
  },
481
+ "/dataSources/{dataSourceKey}/rolesResourcesScopes:get": {
482
+ get: {
483
+ tags: ["dataSources.rolesResourcesScopes"],
484
+ summary: "Get a reusable ACL scope in a data source",
485
+ parameters: [
486
+ { $ref: "#/components/parameters/DataSourceKeyPath" },
487
+ { $ref: "#/components/parameters/ScopePkQuery" },
488
+ { $ref: "#/components/parameters/FilterQuery" }
489
+ ],
490
+ responses: {
491
+ 200: {
492
+ description: "OK",
493
+ content: {
494
+ "application/json": {
495
+ schema: {
496
+ $ref: "#/components/schemas/RoleResourceScope"
497
+ }
498
+ }
499
+ }
500
+ }
501
+ }
502
+ }
503
+ },
504
+ "/dataSources/{dataSourceKey}/rolesResourcesScopes:create": {
505
+ post: {
506
+ tags: ["dataSources.rolesResourcesScopes"],
507
+ summary: "Create a reusable ACL scope in a data source",
508
+ description: "Create a reusable scope definition under the target data source.",
509
+ parameters: [{ $ref: "#/components/parameters/DataSourceKeyPath" }],
510
+ requestBody: {
511
+ required: true,
512
+ content: {
513
+ "application/json": {
514
+ schema: {
515
+ $ref: "#/components/schemas/RoleResourceScopeWrite"
516
+ }
517
+ }
518
+ }
519
+ },
520
+ responses: {
521
+ 200: {
522
+ description: "OK",
523
+ content: {
524
+ "application/json": {
525
+ schema: {
526
+ $ref: "#/components/schemas/RoleResourceScope"
527
+ }
528
+ }
529
+ }
530
+ }
531
+ }
532
+ }
533
+ },
534
+ "/dataSources/{dataSourceKey}/rolesResourcesScopes:update": {
535
+ post: {
536
+ tags: ["dataSources.rolesResourcesScopes"],
537
+ summary: "Update a reusable ACL scope in a data source",
538
+ parameters: [
539
+ { $ref: "#/components/parameters/DataSourceKeyPath" },
540
+ { $ref: "#/components/parameters/ScopePkQuery" },
541
+ { $ref: "#/components/parameters/FilterQuery" }
542
+ ],
543
+ requestBody: {
544
+ required: true,
545
+ content: {
546
+ "application/json": {
547
+ schema: {
548
+ $ref: "#/components/schemas/RoleResourceScopeWrite"
549
+ }
550
+ }
551
+ }
552
+ },
553
+ responses: {
554
+ 200: {
555
+ description: "OK",
556
+ content: {
557
+ "application/json": {
558
+ schema: {
559
+ $ref: "#/components/schemas/RoleResourceScope"
560
+ }
561
+ }
562
+ }
563
+ }
564
+ }
565
+ }
566
+ },
567
+ "/dataSources/{dataSourceKey}/rolesResourcesScopes:destroy": {
568
+ post: {
569
+ tags: ["dataSources.rolesResourcesScopes"],
570
+ summary: "Destroy a reusable ACL scope in a data source",
571
+ parameters: [
572
+ { $ref: "#/components/parameters/DataSourceKeyPath" },
573
+ { $ref: "#/components/parameters/ScopePkQuery" },
574
+ { $ref: "#/components/parameters/FilterQuery" }
575
+ ],
576
+ responses: {
577
+ 200: {
578
+ description: "OK"
579
+ }
580
+ }
581
+ }
582
+ },
282
583
  "/availableActions:list": {
283
584
  get: {
284
585
  tags: ["availableActions"],
285
- description: "available actions of resource in current system",
286
- parameters: [],
586
+ summary: "List configurable ACL actions",
587
+ description: "List ACL actions available in the current system. Use this before configuring resource-level action or field permissions.",
287
588
  responses: {
288
- "200": {
589
+ 200: {
289
590
  description: "OK",
290
591
  content: {
291
592
  "application/json": {
292
593
  schema: {
293
594
  type: "array",
294
- items: {
295
- type: "object",
296
- properties: {
297
- name: {
298
- type: "string",
299
- description: "Action\u540D\u79F0"
300
- },
301
- displayName: {
302
- type: "string",
303
- description: "Action\u663E\u793A\u540D\u79F0"
304
- },
305
- allowConfigureFields: {
306
- type: "boolean",
307
- description: "\u662F\u5426\u5141\u8BB8\u914D\u7F6E\u5B57\u6BB5"
308
- },
309
- onNewRecord: {
310
- type: "string",
311
- description: "\u662F\u5426\u662F\u65B0\u8BB0\u5F55\u7684Action"
312
- },
313
- type: {
314
- type: "string",
315
- description: "new-data \u6216\u8005 old-data"
316
- },
317
- aliases: {
318
- type: "array",
319
- items: {
320
- type: "string"
321
- },
322
- description: "\u522B\u540D"
323
- }
324
- }
325
- }
595
+ items: { $ref: "#/components/schemas/AvailableAction" }
326
596
  }
327
597
  }
328
598
  }
@@ -332,72 +602,297 @@ var swagger_default = {
332
602
  }
333
603
  },
334
604
  components: {
605
+ parameters: {
606
+ RoleNameQuery: {
607
+ name: "filterByTk",
608
+ in: "query",
609
+ description: "Role name.",
610
+ required: true,
611
+ schema: { type: "string" }
612
+ },
613
+ RoleNamePath: {
614
+ name: "roleName",
615
+ in: "path",
616
+ description: "Role name.",
617
+ required: true,
618
+ schema: { type: "string" }
619
+ },
620
+ DataSourceKeyPath: {
621
+ name: "dataSourceKey",
622
+ in: "path",
623
+ description: "Data source key, for example `main`.",
624
+ required: true,
625
+ schema: { type: "string" }
626
+ },
627
+ ResourceNameQuery: {
628
+ name: "filterByTk",
629
+ in: "query",
630
+ description: "Resource name, typically the collection name.",
631
+ required: true,
632
+ schema: { type: "string" }
633
+ },
634
+ ScopePkQuery: {
635
+ name: "filterByTk",
636
+ in: "query",
637
+ description: "Scope primary key.",
638
+ schema: { type: "integer" }
639
+ },
640
+ ResourcePermissionTkQuery: {
641
+ name: "filterByTk",
642
+ in: "query",
643
+ description: "Resource permission record primary key.",
644
+ schema: { type: "integer" }
645
+ },
646
+ PageQuery: {
647
+ name: "page",
648
+ in: "query",
649
+ schema: { type: "integer" }
650
+ },
651
+ PageSizeQuery: {
652
+ name: "pageSize",
653
+ in: "query",
654
+ schema: { type: "integer" }
655
+ },
656
+ FilterQuery: {
657
+ name: "filter",
658
+ in: "query",
659
+ schema: {
660
+ type: "object",
661
+ additionalProperties: true
662
+ }
663
+ },
664
+ AppendsQuery: {
665
+ name: "appends",
666
+ in: "query",
667
+ schema: {
668
+ type: "array",
669
+ items: { type: "string" }
670
+ }
671
+ }
672
+ },
335
673
  schemas: {
336
- role: {
674
+ RoleStrategy: {
675
+ type: "object",
676
+ description: "Global action strategy for a role.",
677
+ properties: {
678
+ actions: {
679
+ type: "array",
680
+ items: { type: "string" },
681
+ description: "Action names such as `create`, `view`, `update`, `destroy`, or scoped variants like `view:own`."
682
+ }
683
+ },
684
+ additionalProperties: true
685
+ },
686
+ RoleWrite: {
337
687
  type: "object",
338
688
  properties: {
339
- title: {
689
+ title: { type: "string", description: "Role title." },
690
+ name: { type: "string", description: "Role identifier." },
691
+ description: { type: "string", description: "Role description." },
692
+ hidden: { type: "boolean", description: "Whether the role is hidden." },
693
+ default: { type: "boolean", description: "Whether the role is default for new users." },
694
+ allowConfigure: { type: "boolean", description: "Whether the role can be configured." },
695
+ allowNewMenu: { type: "boolean", description: "Whether the role can create menus." },
696
+ snippets: {
697
+ type: "array",
698
+ items: { type: "string" },
699
+ description: "System permission snippets, for example `ui.*`, `!pm`, or `!app`."
700
+ },
701
+ strategy: {
702
+ allOf: [{ $ref: "#/components/schemas/RoleStrategy" }],
703
+ description: "Role-level ACL strategy."
704
+ }
705
+ },
706
+ additionalProperties: true
707
+ },
708
+ Role: {
709
+ allOf: [{ $ref: "#/components/schemas/RoleWrite" }],
710
+ properties: {
711
+ createdAt: { type: "string", format: "date-time" },
712
+ updatedAt: { type: "string", format: "date-time" }
713
+ }
714
+ },
715
+ RoleCheck: {
716
+ type: "object",
717
+ properties: {
718
+ role: { type: "string", description: "Current effective role name." },
719
+ roleMode: {
340
720
  type: "string",
341
- description: "\u89D2\u8272\u540D\u79F0"
721
+ enum: ["default", "allow-use-union", "only-use-union"],
722
+ description: "System role mode."
342
723
  },
343
- name: {
724
+ availableActions: {
725
+ type: "array",
726
+ items: { type: "string" }
727
+ },
728
+ actions: {
729
+ type: "object",
730
+ additionalProperties: true,
731
+ description: "Resolved ACL action map for the current role context."
732
+ }
733
+ },
734
+ additionalProperties: true
735
+ },
736
+ RoleModeWrite: {
737
+ type: "object",
738
+ properties: {
739
+ roleMode: {
344
740
  type: "string",
345
- description: "\u89D2\u8272\u6807\u8BC6"
741
+ enum: ["default", "allow-use-union", "only-use-union"]
742
+ }
743
+ },
744
+ required: ["roleMode"]
745
+ },
746
+ DataSourceRole: {
747
+ type: "object",
748
+ properties: {
749
+ id: { type: "string", description: "Optional existing role-data-source permission record id." },
750
+ roleName: { type: "string", description: "Role name." },
751
+ dataSourceKey: { type: "string", description: "Data source key, usually `main`." },
752
+ strategy: {
753
+ allOf: [{ $ref: "#/components/schemas/RoleStrategy" }],
754
+ description: "Global table actions for this role in the data source."
755
+ }
756
+ },
757
+ additionalProperties: true
758
+ },
759
+ RoleCollectionPermissionRow: {
760
+ type: "object",
761
+ properties: {
762
+ type: { type: "string", description: "Resource type, usually `collection`." },
763
+ name: { type: "string", description: "Collection name." },
764
+ collectionName: { type: "string", description: "Collection name." },
765
+ title: { type: "string", description: "Collection title." },
766
+ roleName: { type: "string", description: "Role name." },
767
+ usingConfig: {
768
+ type: "string",
769
+ enum: ["resourceAction", "strategy"],
770
+ description: "`strategy` means the collection uses global permissions. `resourceAction` means it has collection-level independent permissions."
346
771
  },
347
- description: {
772
+ exists: { type: "boolean", description: "Whether a dedicated resource config exists." }
773
+ }
774
+ },
775
+ RoleResourceScope: {
776
+ type: "object",
777
+ properties: {
778
+ id: { type: "integer", description: "Scope primary key." },
779
+ key: { type: "string", description: "Scope key such as `all` or `own`." },
780
+ dataSourceKey: {
348
781
  type: "string",
349
- description: "\u89D2\u8272\u63CF\u8FF0"
782
+ nullable: true,
783
+ description: "Optional data source key, for example `main`."
350
784
  },
351
- hidden: {
352
- type: "boolean",
353
- description: "\u662F\u5426\u9690\u85CF"
785
+ name: { type: "string", description: "Scope display name." },
786
+ resourceName: { type: "string", nullable: true, description: "Optional resource binding." },
787
+ scope: {
788
+ type: "object",
789
+ additionalProperties: true,
790
+ description: "JSON filter object used as the ACL scope condition."
791
+ }
792
+ },
793
+ additionalProperties: true
794
+ },
795
+ RoleResourceScopeWrite: {
796
+ type: "object",
797
+ properties: {
798
+ id: { type: "integer", description: "Optional scope primary key, commonly present in update payloads." },
799
+ dataSourceKey: { type: "string", nullable: true, description: "Optional data source key." },
800
+ resourceName: { type: "string", nullable: true, description: "Optional bound resource name." },
801
+ name: { type: "string", description: "Scope display name." },
802
+ scope: {
803
+ type: "object",
804
+ additionalProperties: true,
805
+ description: "Row filter JSON."
806
+ }
807
+ },
808
+ required: ["name", "scope"],
809
+ additionalProperties: true
810
+ },
811
+ RoleResourceAction: {
812
+ type: "object",
813
+ properties: {
814
+ id: {
815
+ type: "integer",
816
+ description: "Optional action record id, commonly present in update payloads."
354
817
  },
355
- default: {
356
- type: "boolean",
357
- description: "\u662F\u5426\u9ED8\u8BA4"
818
+ name: {
819
+ type: "string",
820
+ description: "ACL action name, for example `view`, `create`, `update`, `destroy`, or a scoped variant."
358
821
  },
359
- allowConfigure: {
360
- type: "boolean",
361
- description: "\u662F\u5426\u5141\u8BB8\u914D\u7F6E"
822
+ fields: {
823
+ type: "array",
824
+ items: { type: "string" },
825
+ description: "Allowed field names for this action when field-level configuration is supported."
826
+ },
827
+ scopeId: {
828
+ type: "integer",
829
+ nullable: true,
830
+ description: "Optional bound scope id. Use `null` to clear the scope."
831
+ },
832
+ scope: {
833
+ allOf: [{ $ref: "#/components/schemas/RoleResourceScope" }],
834
+ nullable: true,
835
+ description: "Optional row-permission scope for this action."
836
+ }
837
+ },
838
+ required: ["name"],
839
+ additionalProperties: true
840
+ },
841
+ RoleDataSourceResourceWrite: {
842
+ type: "object",
843
+ description: "Collection-level independent permission config inside a data source.",
844
+ properties: {
845
+ id: {
846
+ type: "integer",
847
+ description: "Optional resource permission record id, commonly present in update payloads."
362
848
  },
363
- allowNewMenu: {
849
+ name: { type: "string", description: "Resource name, typically the collection name." },
850
+ dataSourceKey: { type: "string", description: "Data source key, usually `main`." },
851
+ roleName: { type: "string", description: "Optional role name echoed by the client in update payloads." },
852
+ usingActionsConfig: {
364
853
  type: "boolean",
365
- description: "\u662F\u5426\u5141\u8BB8\u65B0\u5EFA\u83DC\u5355"
854
+ description: "Whether this collection uses independent actions instead of only the global strategy."
366
855
  },
367
- snippets: {
856
+ actions: {
368
857
  type: "array",
369
- items: {
370
- type: "string"
371
- },
372
- description: "\u63A5\u53E3\u6743\u9650"
858
+ items: { $ref: "#/components/schemas/RoleResourceAction" },
859
+ description: "Independent action configs for this collection."
860
+ }
861
+ },
862
+ required: ["name", "dataSourceKey"],
863
+ additionalProperties: true
864
+ },
865
+ RoleDataSourceResource: {
866
+ allOf: [{ $ref: "#/components/schemas/RoleDataSourceResourceWrite" }],
867
+ properties: {
868
+ id: { type: "integer" },
869
+ roleName: { type: "string" }
870
+ }
871
+ },
872
+ AvailableAction: {
873
+ type: "object",
874
+ properties: {
875
+ name: { type: "string", description: "Action name." },
876
+ displayName: { type: "string", description: "Localized display name." },
877
+ allowConfigureFields: {
878
+ type: "boolean",
879
+ description: "Whether field-level permission config is supported for this action."
373
880
  },
374
- strategy: {
375
- type: "array",
376
- description: "\u6570\u636E\u8868\u6743\u9650\u7B56\u7565",
377
- items: {
378
- type: "object",
379
- properties: {
380
- actions: {
381
- type: "array",
382
- items: {
383
- type: "string"
384
- },
385
- description: "\u64CD\u4F5C"
386
- }
387
- }
388
- }
881
+ onNewRecord: {
882
+ type: "boolean",
883
+ description: "Whether the action applies to new records instead of existing records."
389
884
  },
390
- createdAt: {
885
+ type: {
391
886
  type: "string",
392
- format: "date-time",
393
- description: "\u521B\u5EFA\u65F6\u95F4"
887
+ description: "Action category such as `new-data` or `old-data`."
394
888
  },
395
- updatedAt: {
396
- type: "string",
397
- format: "date-time",
398
- description: "\u66F4\u65B0\u65F6\u95F4"
889
+ aliases: {
890
+ type: "array",
891
+ items: { type: "string" },
892
+ description: "Action aliases resolved by ACL."
399
893
  }
400
- }
894
+ },
895
+ additionalProperties: true
401
896
  }
402
897
  }
403
898
  }