@nocobase/plugin-workflow-custom-action-trigger 2.1.0-beta.15 → 2.1.0-beta.17

package/dist/server/CustomActionTrigger.js

@@ -39,6 +39,7 @@ __export(CustomActionTrigger_exports, {
   default: () => CustomActionTrigger
 });
 module.exports = __toCommonJS(CustomActionTrigger_exports);
+var import_joi = __toESM(require("joi"));
 var import_plugin_error_handler = __toESM(require("@nocobase/plugin-error-handler"));
 var import_plugin_workflow = require("@nocobase/plugin-workflow");
 var import_data_source_manager = require("@nocobase/data-source-manager");
@@ -54,6 +55,25 @@ class CustomActionInterceptionError extends Error {
 }
 class CustomActionTrigger extends import_plugin_workflow.Trigger {
   static TYPE = import_constants.EVENT_TYPE;
+  configSchema = import_joi.default.object({
+    type: import_joi.default.number().valid(import_constants.CONTEXT_TYPE.SINGLE_RECORD, import_constants.CONTEXT_TYPE.MULTIPLE_RECORDS, import_constants.CONTEXT_TYPE.GLOBAL).required(),
+    collection: import_joi.default.when("type", {
+      is: import_joi.default.valid(import_constants.CONTEXT_TYPE.SINGLE_RECORD, import_constants.CONTEXT_TYPE.MULTIPLE_RECORDS),
+      then: import_joi.default.string().required().messages({ "any.required": "Collection is required for record-based context" }),
+      otherwise: import_joi.default.string().allow(null, "")
+    }),
+    appends: import_joi.default.array().items(import_joi.default.string()).optional()
+  });
+  validateConfig(config) {
+    const errors = super.validateConfig(config);
+    if (errors) {
+      return errors;
+    }
+    if (config.collection) {
+      return (0, import_plugin_workflow.validateCollectionField)(config.collection, this.workflow.app.dataSourceManager);
+    }
+    return null;
+  }
   async globalTriggerAction(context, next) {
     var _a, _b;
     const { triggerWorkflows, values = {} } = context.action.params;
@@ -84,8 +104,7 @@ class CustomActionTrigger extends import_plugin_workflow.Trigger {
     const syncGroup = [];
     const asyncGroup = [];
     for (const workflow of workflows) {
-      const event = [workflow];
-      event.push({ data: values, ...userInfo });
+      const event = [workflow, { data: values, ...userInfo }];
       (workflow.sync ? syncGroup : asyncGroup).push(event);
     }
     await this.processEvents({
@@ -95,7 +114,7 @@ class CustomActionTrigger extends import_plugin_workflow.Trigger {
     });
   }
   triggerAction = async (context, next) => {
-    var _a;
+    var _a, _b, _c;
     const {
       resourceName,
       params: { filterByTk, values, triggerWorkflows = "", associatedIndex }
@@ -137,22 +156,26 @@ class CustomActionTrigger extends import_plugin_workflow.Trigger {
         workflows.push(workflow);
       }
     }
+    const scopeFilter = (_c = (_b = context.permission) == null ? void 0 : _b.parsedParams) == null ? void 0 : _c.filter;
     const syncGroup = [];
     const asyncGroup = [];
     for (const workflow of workflows) {
-      const event = [workflow];
+      const event = [workflow, {}];
       const { appends = [] } = workflow.config;
       const dataPath = triggerWorkflowsMap.get(workflow.key);
       const formData = dataPath ? (0, import_lodash.get)(values, dataPath) : values;
       let data = formData;
       if (filterByTk != null) {
         if (Array.isArray(filterByTk)) {
-          data = (await repository.find({ filterByTk, appends, context })).map(
+          data = (await repository.find({ filterByTk, appends, context, filter: scopeFilter })).map(
             (item) => Object.assign(item.toJSON(), formData)
           );
         } else {
-          data = await repository.findOne({ filterByTk, appends, context });
+          data = await repository.findOne({ filterByTk, appends, context, filter: scopeFilter });
           if (!data) {
+            if (scopeFilter) {
+              return context.throw(403, "No permissions");
+            }
             continue;
           }
           if (typeof data.toJSON === "function") {
@@ -161,7 +184,7 @@ class CustomActionTrigger extends import_plugin_workflow.Trigger {
           }
         }
       }
-      event.push({ data, ...userInfo });
+      event[1] = { data, ...userInfo };
       (workflow.sync ? syncGroup : asyncGroup).push(event);
     }
     await this.processEvents({
@@ -174,7 +197,34 @@ class CustomActionTrigger extends import_plugin_workflow.Trigger {
     super(workflow);
     this.workflow.app.dataSourceManager.afterAddDataSource((dataSource) => {
       dataSource.resourceManager.registerActionHandler("trigger", this.triggerAction);
-      dataSource.acl.allow("*", ["trigger"], "loggedIn");
+      dataSource.acl.setAvailableAction("trigger", {
+        displayName: `{{t("Trigger workflow", { ns: "${import_constants.NAMESPACE}" })}}`
+      });
+      dataSource.acl.setAvailableAction("triggerNew", {
+        displayName: `{{t("Trigger workflow", { ns: "${import_constants.NAMESPACE}" })}}`,
+        onNewRecord: true
+      });
+      dataSource.resourceManager.use(
+        async (ctx, next) => {
+          const { resourceName, actionName, params } = ctx.action ?? {};
+          if (actionName === "trigger" && resourceName !== "workflows" && (params == null ? void 0 : params.filterByTk) == null) {
+            ctx.action.actionName = "triggerNew";
+            ctx.state.__customActionTriggerRenamed = true;
+          }
+          await next();
+        },
+        { tag: "customActionTriggerRename", before: "acl", after: "auth" }
+      );
+      dataSource.resourceManager.use(
+        async (ctx, next) => {
+          if (ctx.state.__customActionTriggerRenamed) {
+            ctx.action.actionName = "trigger";
+          }
+          await next();
+        },
+        { tag: "customActionTriggerRestore", after: "acl" }
+      );
+      dataSource.acl.allow("workflows", ["trigger"], "loggedIn");
     });
     workflow.app.pm.get(import_plugin_error_handler.default).errorHandler.register(
       (err) => err.name === "CustomActionInterceptionError",

package/dist/server/migrations/20260416000000-grant-trigger-action-to-roles.d.ts

@@ -0,0 +1,40 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+import { Migration } from '@nocobase/server';
+/**
+ * Grant `trigger` / `triggerNew` action permissions for every role, mirroring the role's
+ * existing `view` / `create` permissions.
+ *
+ * Background: The `trigger` action on collection resources was previously allowed for all
+ * logged-in users via `acl.allow('*', ['trigger'], 'loggedIn')`. After that global bypass
+ * was removed, `trigger` goes through normal ACL checks. Custom-action trigger is now
+ * modelled as two ACL actions:
+ *   - `trigger` — invoked on an existing record; follows `view` (with data scope).
+ *   - `triggerNew` — invoked on a form that hasn't been persisted yet; follows `create`.
+ *
+ * 1. Per-data-source strategy (`dataSourcesRoles.strategy.actions`, an array):
+ *    - `trigger` mirrors `view` (including scope suffix like `:own`). No `view` → no trigger.
+ *    - `triggerNew` is added (unrestricted) if the strategy contains any `create*` entry.
+ *      No `create` → no triggerNew. Scope suffixes on `create` are ignored because new-data
+ *      actions have no data scope.
+ *
+ * 2. Specific resource configs (`dataSourcesRolesResources` with `usingActionsConfig: true`):
+ *    - If the resource has a `view` action, create a matching `trigger` action that reuses
+ *      the same `scopeId`. Skip if `trigger` already exists.
+ *    - If the resource has a `create` action, create a matching `triggerNew` action
+ *      (scopeId: null — new-data actions carry no scope). Skip if `triggerNew` already
+ *      exists.
+ *
+ * This migration runs only during upgrades (appVersion < 2.0.40), not on fresh installs.
+ */
+export default class extends Migration {
+    appVersion: string;
+    on: string;
+    up(): Promise<void>;
+}

package/dist/server/migrations/20260416000000-grant-trigger-action-to-roles.js

@@ -0,0 +1,120 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var grant_trigger_action_to_roles_exports = {};
+__export(grant_trigger_action_to_roles_exports, {
+  default: () => grant_trigger_action_to_roles_default
+});
+module.exports = __toCommonJS(grant_trigger_action_to_roles_exports);
+var import_server = require("@nocobase/server");
+class grant_trigger_action_to_roles_default extends import_server.Migration {
+  appVersion = "<2.1.0-alpha.21";
+  on = "afterSync";
+  async up() {
+    const { db } = this.context;
+    await db.sequelize.transaction(async (transaction) => {
+      const dsRoles = await db.getRepository("dataSourcesRoles").find({ transaction });
+      for (const dsRole of dsRoles) {
+        const strategy = dsRole.get("strategy") || {};
+        const actions = strategy.actions;
+        if (!Array.isArray(actions)) {
+          continue;
+        }
+        let nextActions = null;
+        const ensureNextActions = () => {
+          if (!nextActions) nextActions = [...actions];
+          return nextActions;
+        };
+        const viewEntry = actions.find((a) => a === "view" || a.startsWith("view:"));
+        if (viewEntry) {
+          const targetTrigger = viewEntry === "view" ? "trigger" : `trigger:${viewEntry.slice("view:".length)}`;
+          const existingIndex = actions.findIndex((a) => a === "trigger" || a.startsWith("trigger:"));
+          if (existingIndex === -1) {
+            ensureNextActions().push(targetTrigger);
+          } else if (actions[existingIndex] !== targetTrigger) {
+            ensureNextActions()[existingIndex] = targetTrigger;
+          }
+        }
+        const hasCreate = actions.some((a) => a === "create" || a.startsWith("create:"));
+        if (hasCreate) {
+          const existingIndex = actions.findIndex((a) => a === "triggerNew" || a.startsWith("triggerNew:"));
+          if (existingIndex === -1) {
+            ensureNextActions().push("triggerNew");
+          } else if (actions[existingIndex] !== "triggerNew") {
+            ensureNextActions()[existingIndex] = "triggerNew";
+          }
+        }
+        if (nextActions) {
+          await db.getRepository("dataSourcesRoles").update({
+            filter: {
+              roleName: dsRole.get("roleName"),
+              dataSourceKey: dsRole.get("dataSourceKey")
+            },
+            values: {
+              strategy: { ...strategy, actions: nextActions }
+            },
+            hooks: false,
+            transaction
+          });
+        }
+      }
+      const resources = await db.getRepository("dataSourcesRolesResources").find({
+        filter: { usingActionsConfig: true },
+        appends: ["actions"],
+        transaction
+      });
+      for (const resource of resources) {
+        const actions = resource.get("actions") || [];
+        const viewAction = actions.find((a) => a.get("name") === "view");
+        const hasTrigger = actions.some((a) => a.get("name") === "trigger");
+        if (viewAction && !hasTrigger) {
+          await db.getRepository("dataSourcesRolesResourcesActions").create({
+            values: {
+              rolesResourceId: resource.get("id"),
+              name: "trigger",
+              scopeId: viewAction.get("scopeId") ?? null,
+              fields: []
+            },
+            transaction
+          });
+        }
+        const createAction = actions.find((a) => a.get("name") === "create");
+        const hasTriggerNew = actions.some((a) => a.get("name") === "triggerNew");
+        if (createAction && !hasTriggerNew) {
+          await db.getRepository("dataSourcesRolesResourcesActions").create({
+            values: {
+              rolesResourceId: resource.get("id"),
+              name: "triggerNew",
+              scopeId: null,
+              fields: []
+            },
+            transaction
+          });
+        }
+      }
+    });
+  }
+}

package/package.json

@@ -1,11 +1,14 @@
 {
   "name": "@nocobase/plugin-workflow-custom-action-trigger",
-  "version": "2.1.0-beta.15",
+  "version": "2.1.0-beta.17",
   "displayName": "Workflow: Custom action event",
   "displayName.zh-CN": "工作流：自定义操作事件",
   "description": "Triggers after click a custom action button.",
   "description.zh-CN": "在点击绑定了自定义事件的按钮后触发。适用于对数据行的自定义操作编排。",
   "main": "./dist/server/index.js",
+  "devDependencies": {
+    "joi": "^17.13.3"
+  },
   "homepage": "https://docs.nocobase.com/handbook/workflow-custom-action-trigger",
   "homepage.zh-CN": "https://docs-cn.nocobase.com/handbook/workflow-custom-action-trigger",
   "peerDependencies": {
@@ -27,6 +30,6 @@
     ],
     "editionLevel": 0
   },
-  "gitHead": "dc1aceea6357e6ab149976c2a236fc4b6bee1370",
+  "gitHead": "227d625e47174ab7b3a90170e7c6c67bbdf36e23",
   "license": "Apache-2.0"
 }