@nocobase/plugin-workflow-custom-action-trigger 2.1.0-alpha.20 → 2.1.0-alpha.21

package/dist/node_modules/joi/package.json

@@ -1 +1 @@
-{"name":"joi","description":"Object schema validation","version":"17.13.3","repository":"git://github.com/hapijs/joi","main":"lib/index.js","types":"lib/index.d.ts","browser":"dist/joi-browser.min.js","files":["lib/**/*","dist/*"],"keywords":["schema","validation"],"dependencies":{"@hapi/hoek":"^9.3.0","@hapi/topo":"^5.1.0","@sideway/address":"^4.1.5","@sideway/formula":"^3.0.1","@sideway/pinpoint":"^2.0.0"},"devDependencies":{"@hapi/bourne":"2.x.x","@hapi/code":"8.x.x","@hapi/joi-legacy-test":"npm:@hapi/joi@15.x.x","@hapi/lab":"^25.1.3","@types/node":"^14.18.63","typescript":"4.3.x"},"scripts":{"prepublishOnly":"cd browser && npm install && npm run build","test":"lab -t 100 -a @hapi/code -L -Y","test-cov-html":"lab -r html -o coverage.html -a @hapi/code"},"license":"BSD-3-Clause","_lastModified":"2026-04-20T10:43:59.578Z"}
+{"name":"joi","description":"Object schema validation","version":"17.13.3","repository":"git://github.com/hapijs/joi","main":"lib/index.js","types":"lib/index.d.ts","browser":"dist/joi-browser.min.js","files":["lib/**/*","dist/*"],"keywords":["schema","validation"],"dependencies":{"@hapi/hoek":"^9.3.0","@hapi/topo":"^5.1.0","@sideway/address":"^4.1.5","@sideway/formula":"^3.0.1","@sideway/pinpoint":"^2.0.0"},"devDependencies":{"@hapi/bourne":"2.x.x","@hapi/code":"8.x.x","@hapi/joi-legacy-test":"npm:@hapi/joi@15.x.x","@hapi/lab":"^25.1.3","@types/node":"^14.18.63","typescript":"4.3.x"},"scripts":{"prepublishOnly":"cd browser && npm install && npm run build","test":"lab -t 100 -a @hapi/code -L -Y","test-cov-html":"lab -r html -o coverage.html -a @hapi/code"},"license":"BSD-3-Clause","_lastModified":"2026-04-23T22:20:51.290Z"}

package/dist/server/CustomActionTrigger.d.ts

@@ -16,13 +16,14 @@
  */
 import Joi from 'joi';
 import WorkflowPluginServer, { EventOptions, Trigger, WorkflowModel } from '@nocobase/plugin-workflow';
-import { Context, Next } from '@nocobase/actions';
+import { Next } from '@nocobase/actions';
+import { ResourcerContext } from '@nocobase/resourcer';
 export default class CustomActionTrigger extends Trigger {
     static TYPE: string;
     configSchema: Joi.ObjectSchema<any>;
     validateConfig(config: Record<string, any>): Record<string, string>;
-    globalTriggerAction(context: Context, next: Next): Promise<void>;
-    triggerAction: (context: Context, next: Next) => Promise<void>;
+    globalTriggerAction(context: ResourcerContext, next: Next): Promise<void>;
+    triggerAction: (context: ResourcerContext, next: Next) => Promise<any>;
     constructor(workflow: WorkflowPluginServer);
     private processEvents;
     validateContext(values: any, workflow: WorkflowModel): {
@@ -32,5 +33,5 @@ export default class CustomActionTrigger extends Trigger {
         filterByTk: string;
         data?: undefined;
     };
-    execute(workflow: WorkflowModel, values: any, options: EventOptions): Promise<void | import("@nocobase/plugin-workflow").Processor>;
+    execute(workflow: WorkflowModel, values: Record<string, any>, options: EventOptions): Promise<void | import("@nocobase/plugin-workflow").Processor>;
 }

package/dist/server/CustomActionTrigger.js

@@ -104,8 +104,7 @@ class CustomActionTrigger extends import_plugin_workflow.Trigger {
     const syncGroup = [];
     const asyncGroup = [];
     for (const workflow of workflows) {
-      const event = [workflow];
-      event.push({ data: values, ...userInfo });
+      const event = [workflow, { data: values, ...userInfo }];
       (workflow.sync ? syncGroup : asyncGroup).push(event);
     }
     await this.processEvents({
@@ -115,7 +114,7 @@ class CustomActionTrigger extends import_plugin_workflow.Trigger {
     });
   }
   triggerAction = async (context, next) => {
-    var _a;
+    var _a, _b, _c;
     const {
       resourceName,
       params: { filterByTk, values, triggerWorkflows = "", associatedIndex }
@@ -157,22 +156,26 @@ class CustomActionTrigger extends import_plugin_workflow.Trigger {
         workflows.push(workflow);
       }
     }
+    const scopeFilter = (_c = (_b = context.permission) == null ? void 0 : _b.parsedParams) == null ? void 0 : _c.filter;
     const syncGroup = [];
     const asyncGroup = [];
     for (const workflow of workflows) {
-      const event = [workflow];
+      const event = [workflow, {}];
       const { appends = [] } = workflow.config;
       const dataPath = triggerWorkflowsMap.get(workflow.key);
       const formData = dataPath ? (0, import_lodash.get)(values, dataPath) : values;
       let data = formData;
       if (filterByTk != null) {
         if (Array.isArray(filterByTk)) {
-          data = (await repository.find({ filterByTk, appends, context })).map(
+          data = (await repository.find({ filterByTk, appends, context, filter: scopeFilter })).map(
             (item) => Object.assign(item.toJSON(), formData)
           );
         } else {
-          data = await repository.findOne({ filterByTk, appends, context });
+          data = await repository.findOne({ filterByTk, appends, context, filter: scopeFilter });
           if (!data) {
+            if (scopeFilter) {
+              return context.throw(403, "No permissions");
+            }
             continue;
           }
           if (typeof data.toJSON === "function") {
@@ -181,7 +184,7 @@ class CustomActionTrigger extends import_plugin_workflow.Trigger {
           }
         }
       }
-      event.push({ data, ...userInfo });
+      event[1] = { data, ...userInfo };
       (workflow.sync ? syncGroup : asyncGroup).push(event);
     }
     await this.processEvents({
@@ -194,7 +197,34 @@ class CustomActionTrigger extends import_plugin_workflow.Trigger {
     super(workflow);
     this.workflow.app.dataSourceManager.afterAddDataSource((dataSource) => {
       dataSource.resourceManager.registerActionHandler("trigger", this.triggerAction);
-      dataSource.acl.allow("*", ["trigger"], "loggedIn");
+      dataSource.acl.setAvailableAction("trigger", {
+        displayName: `{{t("Trigger workflow", { ns: "${import_constants.NAMESPACE}" })}}`
+      });
+      dataSource.acl.setAvailableAction("triggerNew", {
+        displayName: `{{t("Trigger workflow", { ns: "${import_constants.NAMESPACE}" })}}`,
+        onNewRecord: true
+      });
+      dataSource.resourceManager.use(
+        async (ctx, next) => {
+          const { resourceName, actionName, params } = ctx.action ?? {};
+          if (actionName === "trigger" && resourceName !== "workflows" && (params == null ? void 0 : params.filterByTk) == null) {
+            ctx.action.actionName = "triggerNew";
+            ctx.state.__customActionTriggerRenamed = true;
+          }
+          await next();
+        },
+        { tag: "customActionTriggerRename", before: "acl", after: "auth" }
+      );
+      dataSource.resourceManager.use(
+        async (ctx, next) => {
+          if (ctx.state.__customActionTriggerRenamed) {
+            ctx.action.actionName = "trigger";
+          }
+          await next();
+        },
+        { tag: "customActionTriggerRestore", after: "acl" }
+      );
+      dataSource.acl.allow("workflows", ["trigger"], "loggedIn");
     });
     workflow.app.pm.get(import_plugin_error_handler.default).errorHandler.register(
       (err) => err.name === "CustomActionInterceptionError",

package/dist/server/migrations/20260416000000-grant-trigger-action-to-roles.d.ts

@@ -0,0 +1,40 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+import { Migration } from '@nocobase/server';
+/**
+ * Grant `trigger` / `triggerNew` action permissions for every role, mirroring the role's
+ * existing `view` / `create` permissions.
+ *
+ * Background: The `trigger` action on collection resources was previously allowed for all
+ * logged-in users via `acl.allow('*', ['trigger'], 'loggedIn')`. After that global bypass
+ * was removed, `trigger` goes through normal ACL checks. Custom-action trigger is now
+ * modelled as two ACL actions:
+ *   - `trigger` — invoked on an existing record; follows `view` (with data scope).
+ *   - `triggerNew` — invoked on a form that hasn't been persisted yet; follows `create`.
+ *
+ * 1. Per-data-source strategy (`dataSourcesRoles.strategy.actions`, an array):
+ *    - `trigger` mirrors `view` (including scope suffix like `:own`). No `view` → no trigger.
+ *    - `triggerNew` is added (unrestricted) if the strategy contains any `create*` entry.
+ *      No `create` → no triggerNew. Scope suffixes on `create` are ignored because new-data
+ *      actions have no data scope.
+ *
+ * 2. Specific resource configs (`dataSourcesRolesResources` with `usingActionsConfig: true`):
+ *    - If the resource has a `view` action, create a matching `trigger` action that reuses
+ *      the same `scopeId`. Skip if `trigger` already exists.
+ *    - If the resource has a `create` action, create a matching `triggerNew` action
+ *      (scopeId: null — new-data actions carry no scope). Skip if `triggerNew` already
+ *      exists.
+ *
+ * This migration runs only during upgrades (appVersion < 2.0.40), not on fresh installs.
+ */
+export default class extends Migration {
+    appVersion: string;
+    on: string;
+    up(): Promise<void>;
+}

package/dist/server/migrations/20260416000000-grant-trigger-action-to-roles.js

@@ -0,0 +1,120 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var grant_trigger_action_to_roles_exports = {};
+__export(grant_trigger_action_to_roles_exports, {
+  default: () => grant_trigger_action_to_roles_default
+});
+module.exports = __toCommonJS(grant_trigger_action_to_roles_exports);
+var import_server = require("@nocobase/server");
+class grant_trigger_action_to_roles_default extends import_server.Migration {
+  appVersion = "<2.1.0-alpha.21";
+  on = "afterSync";
+  async up() {
+    const { db } = this.context;
+    await db.sequelize.transaction(async (transaction) => {
+      const dsRoles = await db.getRepository("dataSourcesRoles").find({ transaction });
+      for (const dsRole of dsRoles) {
+        const strategy = dsRole.get("strategy") || {};
+        const actions = strategy.actions;
+        if (!Array.isArray(actions)) {
+          continue;
+        }
+        let nextActions = null;
+        const ensureNextActions = () => {
+          if (!nextActions) nextActions = [...actions];
+          return nextActions;
+        };
+        const viewEntry = actions.find((a) => a === "view" || a.startsWith("view:"));
+        if (viewEntry) {
+          const targetTrigger = viewEntry === "view" ? "trigger" : `trigger:${viewEntry.slice("view:".length)}`;
+          const existingIndex = actions.findIndex((a) => a === "trigger" || a.startsWith("trigger:"));
+          if (existingIndex === -1) {
+            ensureNextActions().push(targetTrigger);
+          } else if (actions[existingIndex] !== targetTrigger) {
+            ensureNextActions()[existingIndex] = targetTrigger;
+          }
+        }
+        const hasCreate = actions.some((a) => a === "create" || a.startsWith("create:"));
+        if (hasCreate) {
+          const existingIndex = actions.findIndex((a) => a === "triggerNew" || a.startsWith("triggerNew:"));
+          if (existingIndex === -1) {
+            ensureNextActions().push("triggerNew");
+          } else if (actions[existingIndex] !== "triggerNew") {
+            ensureNextActions()[existingIndex] = "triggerNew";
+          }
+        }
+        if (nextActions) {
+          await db.getRepository("dataSourcesRoles").update({
+            filter: {
+              roleName: dsRole.get("roleName"),
+              dataSourceKey: dsRole.get("dataSourceKey")
+            },
+            values: {
+              strategy: { ...strategy, actions: nextActions }
+            },
+            hooks: false,
+            transaction
+          });
+        }
+      }
+      const resources = await db.getRepository("dataSourcesRolesResources").find({
+        filter: { usingActionsConfig: true },
+        appends: ["actions"],
+        transaction
+      });
+      for (const resource of resources) {
+        const actions = resource.get("actions") || [];
+        const viewAction = actions.find((a) => a.get("name") === "view");
+        const hasTrigger = actions.some((a) => a.get("name") === "trigger");
+        if (viewAction && !hasTrigger) {
+          await db.getRepository("dataSourcesRolesResourcesActions").create({
+            values: {
+              rolesResourceId: resource.get("id"),
+              name: "trigger",
+              scopeId: viewAction.get("scopeId") ?? null,
+              fields: []
+            },
+            transaction
+          });
+        }
+        const createAction = actions.find((a) => a.get("name") === "create");
+        const hasTriggerNew = actions.some((a) => a.get("name") === "triggerNew");
+        if (createAction && !hasTriggerNew) {
+          await db.getRepository("dataSourcesRolesResourcesActions").create({
+            values: {
+              rolesResourceId: resource.get("id"),
+              name: "triggerNew",
+              scopeId: null,
+              fields: []
+            },
+            transaction
+          });
+        }
+      }
+    });
+  }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nocobase/plugin-workflow-custom-action-trigger",
-  "version": "2.1.0-alpha.20",
+  "version": "2.1.0-alpha.21",
   "displayName": "Workflow: Custom action event",
   "displayName.zh-CN": "工作流：自定义操作事件",
   "description": "Triggers after click a custom action button.",
@@ -30,6 +30,6 @@
     ],
     "editionLevel": 0
   },
-  "gitHead": "3d1535db6bf93ca23257faf474afee0d565f54c6",
+  "gitHead": "b4c2b469f321ecaec7863a8ae371a02fe6a35aa2",
   "license": "Apache-2.0"
 }