@nocobase/plugin-acl 2.1.0-beta.8 → 2.2.0-alpha.1

package/dist/client-v2/pages/RolesManagementPage.d.ts

@@ -0,0 +1,10 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+import React from 'react';
+export default function RolesManagementPage(): React.JSX.Element;

package/dist/client-v2/pages/permissions/DesktopRoutesPermissionsTab.d.ts

@@ -0,0 +1,11 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+import React from 'react';
+import type { PermissionTabProps } from '../../registries';
+export default function DesktopRoutesPermissionsTab(props: PermissionTabProps): React.JSX.Element;

package/dist/client-v2/pages/permissions/PluginPermissionsTable.d.ts

@@ -0,0 +1,16 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+import React from 'react';
+import type { Role } from '../../registries';
+interface PluginPermissionsTableProps {
+    active: boolean;
+    role: Role;
+}
+export default function PluginPermissionsTable(props: PluginPermissionsTableProps): React.JSX.Element;
+export {};

package/dist/client-v2/pages/permissions/SystemPermissionsTab.d.ts

@@ -0,0 +1,11 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+import React from 'react';
+import type { PermissionTabProps } from '../../registries';
+export default function SystemPermissionsTab(props: PermissionTabProps): React.JSX.Element;

package/dist/client-v2/pages/permissions/utils.d.ts

@@ -0,0 +1,18 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+import type { PluginSettingsPageType } from '@nocobase/client-v2';
+import type { Role } from '../../registries';
+export type TFunction = (key: string, options?: Record<string, unknown>) => string;
+export interface RoleSnippetsPayload {
+    data?: string[];
+}
+export declare function toRoleSnippetsPayload(responseData: unknown): RoleSnippetsPayload;
+export declare function translateTitle(title: unknown, t: TFunction): unknown;
+export declare function mergeRoleSnippets(role: Role, snippets: string[]): Role;
+export declare function getSettingsChildren(item: PluginSettingsPageType): PluginSettingsPageType[];

package/dist/client-v2/plugin.d.ts

@@ -0,0 +1,16 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+import { Application, Plugin } from '@nocobase/client-v2';
+import { ACLSettingsUI, RolesManager } from './registries';
+export declare class PluginAclClientV2 extends Plugin<any, Application> {
+    rolesManager: RolesManager;
+    settingsUI: ACLSettingsUI;
+    load(): Promise<void>;
+}
+export default PluginAclClientV2;

package/dist/client-v2/registries.d.ts

@@ -0,0 +1,60 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+import type { ComponentType, ReactNode } from 'react';
+export interface Role {
+    createdAt?: string;
+    updatedAt?: string;
+    name: string;
+    title: string;
+    description?: string;
+    strategy?: {
+        actions?: string[];
+    };
+    default?: boolean;
+    hidden?: boolean;
+    allowConfigure?: boolean;
+    allowNewMenu?: boolean;
+    snippets?: string[];
+}
+export interface RoleTabProps {
+    active: boolean;
+    role: Role | null;
+    onRoleChange: (role: Role | null) => void;
+}
+export interface PermissionTabProps {
+    activeKey: string;
+    activeRole: Role | null;
+    currentUserRole: Role | null;
+    onRoleChange: (role: Role | null) => void;
+}
+export type ComponentLoader<Props> = () => Promise<{
+    default: ComponentType<Props>;
+}>;
+export interface RoleTabOptions {
+    title: ReactNode;
+    componentLoader: ComponentLoader<RoleTabProps>;
+    sort?: number;
+}
+export interface PermissionTabOptions {
+    key: string;
+    label: ReactNode;
+    componentLoader: ComponentLoader<PermissionTabProps>;
+    sort?: number;
+}
+export type PermissionTabOptionResolver = PermissionTabOptions | ((props: PermissionTabProps) => PermissionTabOptions | null | undefined);
+export declare class RolesManager {
+    private readonly items;
+    add(name: string, options: RoleTabOptions): void;
+    list(): [string, RoleTabOptions][];
+}
+export declare class ACLSettingsUI {
+    private readonly permissionTabs;
+    addPermissionsTab(options: PermissionTabOptionResolver): void;
+    getPermissionsTabs(props: PermissionTabProps): PermissionTabOptions[];
+}

package/dist/externalVersion.js

@@ -8,7 +8,7 @@
  */
 
 module.exports = {
-  "@nocobase/client": "2.1.0-beta.8",
+  "@nocobase/client": "2.2.0-alpha.1",
   "antd": "5.24.2",
   "react": "18.2.0",
   "react-i18next": "11.18.6",
@@ -16,15 +16,18 @@ module.exports = {
   "ahooks": "3.7.8",
   "@formily/react": "2.3.7",
   "@ant-design/icons": "5.6.1",
-  "lodash": "4.17.21",
-  "@nocobase/utils": "2.1.0-beta.8",
-  "@nocobase/actions": "2.1.0-beta.8",
-  "@nocobase/cache": "2.1.0-beta.8",
-  "@nocobase/database": "2.1.0-beta.8",
-  "@nocobase/server": "2.1.0-beta.8",
-  "@nocobase/acl": "2.1.0-beta.8",
-  "@nocobase/test": "2.1.0-beta.8",
+  "lodash": "4.18.1",
+  "@nocobase/utils": "2.2.0-alpha.1",
+  "@nocobase/flow-engine": "2.2.0-alpha.1",
+  "@nocobase/client-v2": "2.2.0-alpha.1",
+  "@nocobase/actions": "2.2.0-alpha.1",
+  "@nocobase/cache": "2.2.0-alpha.1",
+  "@nocobase/database": "2.2.0-alpha.1",
+  "@nocobase/server": "2.2.0-alpha.1",
+  "@nocobase/acl": "2.2.0-alpha.1",
+  "@nocobase/test": "2.2.0-alpha.1",
   "@formily/core": "2.3.7",
   "@formily/antd-v5": "1.2.3",
-  "antd-style": "3.7.1"
+  "antd-style": "3.7.1",
+  "@emotion/css": "11.13.0"
 };

package/dist/locale/en-US.json

@@ -1,6 +1,14 @@
 {
+  "Accessible": "Accessible",
+  "Allow access": "Allow access",
   "Allow roles union": "Allow roles union",
+  "Allows to clear cache, reboot application": "Allows to clear cache, reboot application",
+  "Allows to configure interface": "Allows to configure interface",
+  "Allows to configure plugins": "Allows to configure plugins",
+  "Allows to install, activate, disable plugins": "Allows to install, activate, disable plugins",
   "Allow users to use role union, which means they can use permissions from all their roles simultaneously, or switch between individual roles.": "Allow users to use role union, which means they can use permissions from all their roles simultaneously, or switch between individual roles.",
+  "Desktop routes": "Desktop routes",
+  "Configure permissions": "Configure permissions",
   "Data sources": "Data sources",
   "Desktop menu": "Desktop menu",
   "Do not use role union. Users need to switch between their roles individually.": "Do not use role union. Users need to switch between their roles individually.",
@@ -9,14 +17,21 @@
   "General": "General",
   "Independent roles": "Independent roles",
   "New role": "New role",
+  "New routes are allowed to be accessed by default": "New routes are allowed to be accessed by default",
   "Permissions": "Permissions",
   "Please select role mode": "Please select role mode",
   "Plugin settings": "Plugin settings",
+  "Plugin name": "Plugin name",
+  "Route name": "Route name",
+  "Route permissions": "Route permissions",
   "Role mode": "Role mode",
   "Role mode doc": "https://docs.nocobase.com/handbook/acl/manual",
   "Roles & Permissions": "Roles & Permissions",
   "Roles union only": "Roles union only",
   "Saved successfully": "Saved successfully",
+  "Select a role to configure permissions": "Select a role to configure permissions",
+  "System": "System",
   "The current user has no roles. Please try another account.": "The current user has no roles. Please try another account.",
-  "The user role does not exist. Please try signing in again": "The user role does not exist. Please try signing in again"
-}
+  "The user role does not exist. Please try signing in again": "The user role does not exist. Please try signing in again",
+  "Users & Permissions": "Users & Permissions"
+}

package/dist/locale/zh-CN.json

@@ -1,6 +1,14 @@
 {
+  "Accessible": "可访问",
+  "Allow access": "允许访问",
   "Allow roles union": "允许角色并集",
+  "Allows to clear cache, reboot application": "允许清除缓存、重启应用",
+  "Allows to configure interface": "允许配置界面",
+  "Allows to configure plugins": "允许配置插件",
+  "Allows to install, activate, disable plugins": "允许安装、激活、禁用插件",
   "Allow users to use role union, which means they can use permissions from all their roles simultaneously, or switch between individual roles.": "允许用户使用角色并集，即可以同时使用自己拥有的所有角色的权限，也允许用户逐个切换自己的角色。",
+  "Desktop routes": "桌面端路由",
+  "Configure permissions": "配置权限",
   "Data sources": "数据源",
   "Desktop menu": "桌面端菜单",
   "Do not use role union. Users need to switch between their roles individually.": "不使用角色并集，用户需要逐个切换自己拥有的角色。",
@@ -9,14 +17,21 @@
   "General": "通用",
   "Independent roles": "独立角色",
   "New role": "新建角色",
+  "New routes are allowed to be accessed by default": "默认允许访问新路由",
   "Permissions": "权限",
   "Please select role mode": "请选择角色模式",
   "Plugin settings": "插件设置",
+  "Plugin name": "插件名称",
+  "Route name": "路由名称",
+  "Route permissions": "路由权限",
   "Role mode": "角色模式",
   "Role mode doc": "https://docs-cn.nocobase.com/handbook/acl/manual",
   "Roles & Permissions": "角色和权限",
   "Roles union only": "仅角色并集",
   "Saved successfully": "保存成功",
+  "Select a role to configure permissions": "选择一个角色以配置权限",
+  "System": "系统",
   "The current user has no roles. Please try another account.": "当前用户没有角色，请使用其他账号。",
-  "The user role does not exist. Please try signing in again": "用户角色不存在，请尝试重新登录。"
-}
+  "The user role does not exist. Please try signing in again": "用户角色不存在，请尝试重新登录。",
+  "Users & Permissions": "用户和权限"
+}

package/dist/server/actions/apply-data-permissions.d.ts

@@ -0,0 +1,10 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+import type { Context, Next } from '@nocobase/actions';
+export declare function applyDataPermissions(ctx: Context, next: Next): Promise<void>;

package/dist/server/actions/apply-data-permissions.js

@@ -0,0 +1,208 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var apply_data_permissions_exports = {};
+__export(apply_data_permissions_exports, {
+  applyDataPermissions: () => applyDataPermissions
+});
+module.exports = __toCommonJS(apply_data_permissions_exports);
+function ensureString(value, fieldName) {
+  if (typeof value !== "string" || !value.trim()) {
+    throw new Error(`Invalid ${fieldName}`);
+  }
+  return value.trim();
+}
+function normalizeFields(fields) {
+  if (!Array.isArray(fields)) {
+    return void 0;
+  }
+  const normalized = [
+    ...new Set(fields.filter((field) => typeof field === "string" && !!field.trim()))
+  ];
+  return normalized.length ? normalized : [];
+}
+function normalizeScopeId(scopeId) {
+  if (scopeId === null) {
+    return null;
+  }
+  if (scopeId === void 0) {
+    return void 0;
+  }
+  const parsed = Number(scopeId);
+  if (!Number.isInteger(parsed) || parsed <= 0) {
+    throw new Error(`Invalid scopeId: ${scopeId}`);
+  }
+  return parsed;
+}
+async function resolveScopeIdByKey(options) {
+  const scope = await options.ctx.db.getRepository("dataSourcesRolesResourcesScopes").findOne({
+    filter: {
+      dataSourceKey: options.dataSourceKey,
+      key: options.scopeKey
+    },
+    transaction: options.transaction
+  });
+  if (!scope) {
+    throw new Error(`Scope key "${options.scopeKey}" not found in data source "${options.dataSourceKey}"`);
+  }
+  return scope.get("id");
+}
+async function normalizeAction(options) {
+  const name = ensureString(options.action.name, "action.name");
+  let scopeId = normalizeScopeId(options.action.scopeId);
+  if (scopeId === void 0 && options.action.scope && typeof options.action.scope.id === "number") {
+    scopeId = normalizeScopeId(options.action.scope.id);
+  }
+  let scopeKey;
+  if (typeof options.action.scopeKey === "string" && options.action.scopeKey.trim()) {
+    scopeKey = options.action.scopeKey.trim();
+  } else if (options.action.scope && typeof options.action.scope.key === "string" && options.action.scope.key.trim()) {
+    scopeKey = options.action.scope.key.trim();
+  }
+  if (scopeId === void 0 && scopeKey) {
+    scopeId = await resolveScopeIdByKey({
+      ctx: options.ctx,
+      dataSourceKey: options.dataSourceKey,
+      scopeKey,
+      transaction: options.transaction
+    });
+  }
+  if (scopeId === void 0) {
+    scopeId = null;
+  }
+  const normalized = {
+    name,
+    fields: normalizeFields(options.action.fields),
+    scopeId
+  };
+  const output = {
+    name: normalized.name
+  };
+  if (normalized.fields !== void 0) {
+    output.fields = normalized.fields;
+  }
+  if (normalized.scopeId !== void 0) {
+    output.scopeId = normalized.scopeId;
+  }
+  return output;
+}
+async function applyDataPermissions(ctx, next) {
+  const roleName = ensureString(ctx.action.params.filterByTk, "filterByTk");
+  const values = ctx.action.params.values || {};
+  const dataSourceKey = ensureString(values.dataSourceKey || "main", "dataSourceKey");
+  const resources = values.resources;
+  if (!Array.isArray(resources) || resources.length === 0) {
+    throw new Error("`resources` must be a non-empty array");
+  }
+  const role = await ctx.db.getRepository("roles").findOne({
+    filterByTk: roleName
+  });
+  if (!role) {
+    throw new Error(`Role "${roleName}" not found`);
+  }
+  const roleResourceRepository = ctx.db.getRepository("roles.resources", roleName);
+  const appliedResources = [];
+  await ctx.db.sequelize.transaction(async (transaction) => {
+    for (const resourceInput of resources) {
+      const resourceName = ensureString(resourceInput == null ? void 0 : resourceInput.name, "resource.name");
+      const usingActionsConfig = (resourceInput == null ? void 0 : resourceInput.usingActionsConfig) ?? true;
+      const actionsInput = Array.isArray(resourceInput == null ? void 0 : resourceInput.actions) ? resourceInput.actions : [];
+      const normalizedActions = [];
+      for (const action of actionsInput) {
+        normalizedActions.push(
+          await normalizeAction({
+            ctx,
+            dataSourceKey,
+            action,
+            transaction
+          })
+        );
+      }
+      const existingResource = await roleResourceRepository.findOne({
+        filter: {
+          name: resourceName,
+          dataSourceKey
+        },
+        appends: ["actions"],
+        transaction
+      });
+      const writeValues = {
+        name: resourceName,
+        dataSourceKey,
+        usingActionsConfig,
+        actions: normalizedActions
+      };
+      let savedResource;
+      if (existingResource) {
+        await roleResourceRepository.update({
+          filterByTk: existingResource.get("id"),
+          values: writeValues,
+          updateAssociationValues: ["actions"],
+          transaction
+        });
+        savedResource = await roleResourceRepository.findOne({
+          filterByTk: existingResource.get("id"),
+          appends: ["actions"],
+          transaction
+        });
+      } else {
+        const created = await roleResourceRepository.create({
+          values: writeValues,
+          transaction
+        });
+        savedResource = await roleResourceRepository.findOne({
+          filterByTk: created.get("id"),
+          appends: ["actions"],
+          transaction
+        });
+      }
+      const actionModels = savedResource.get("actions") || [];
+      appliedResources.push({
+        id: savedResource.get("id"),
+        name: savedResource.get("name"),
+        dataSourceKey: savedResource.get("dataSourceKey"),
+        usingActionsConfig: !!savedResource.get("usingActionsConfig"),
+        actions: actionModels.map((actionModel) => ({
+          id: actionModel.get("id"),
+          name: actionModel.get("name"),
+          fields: actionModel.get("fields") || [],
+          scopeId: actionModel.get("scopeId") ?? null
+        }))
+      });
+    }
+  });
+  ctx.body = {
+    roleName,
+    dataSourceKey,
+    resources: appliedResources,
+    count: appliedResources.length
+  };
+  await next();
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  applyDataPermissions
+});

package/dist/server/actions/data-source-compat.d.ts

@@ -0,0 +1,13 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+import type { Context, Next } from '@nocobase/actions';
+export declare function guardRolesDataSourcesCollectionsList(ctx: Context, next: Next): Promise<void>;
+export declare function guardRolesDataSourceResourcesCreate(ctx: Context, next: Next): Promise<void>;
+export declare function guardRolesDataSourceResourcesGet(ctx: Context, next: Next): Promise<void>;
+export declare function guardRolesDataSourceResourcesUpdate(ctx: Context, next: Next): Promise<void>;