@opengis/gis 0.2.89 → 0.2.90

package/module/permissions/form/permissions.users.form.json

@@ -0,0 +1,152 @@
+{
+    "schema": {
+        "d1": {
+            "type": "HTML",
+            "title": false,
+            "text": "<h4 class='text-center'>Акаунт</h4><br>",
+            "col": 12
+        },
+        "user_name": {
+            "type": "Text",
+            "validators": [
+                "required"
+            ],
+            "ua": "Ім'я",
+            "i": "Вноситься ім'я користувача, що буде відображатися у системі",
+            "ru": "Имя"
+        },
+        "sur_name": {
+            "type": "Text",
+            "validators": [
+                "required"
+            ],
+            "ua": "Прізвище",
+            "i": "Вноситься прізвище користувача, що буде відображатися у системі",
+            "ru": "Фамилия"
+        },
+        "father_name": {
+            "ua": "По-батькові",
+            "type": "text"
+        },
+        "phone": {
+            "type": "MarkedText",
+            "mask": "+389999999999",
+            "id": "1",
+            "ua": "Телефон",
+            "i": "Вноситься телефон користувача",
+            "ru": "Телефон"
+        },
+        "email": {
+            "type": "Email",
+            "ua": "E-mail",
+            "i": "Вноситься електронна адреса користувача",
+            "ru": "E-mail",
+            "validators": [
+                "email"
+            ]
+        },
+        "d2": {
+            "type": "HTML",
+            "title": false,
+            "text": "<h4 class='text-center'>Логін / Пароль</h4><br>",
+            "hidden": true,
+            "col": 12
+        },
+        "login": {
+            "type": "Text",
+            "ua": "Логін",
+            "i": "Вноситься довільний логін користувача латинськими літерами, що буде використовуватися для входу в систему",
+            "ru": "Логин",
+            "validators": [
+                "required"
+            ]
+        },
+        "password": {
+            "type": "Password",
+            "validators": [
+                "required",
+                {
+                    "type": "regexp",
+                    "regexp": "^.{8,}$",
+                    "flags": "gm",
+                    "message": "Пароль повинен бути більше 8 символів"
+                }
+            ],
+            "ua": "Пароль",
+            "i": "Вноситься пароль, що буде використовуватися для входу в систему (рекомендоване використання складних паролів)",
+            "ru": "Пароль"
+        },
+        "d3": {
+            "type": "HTML",
+            "title": false,
+            "text": "<h4 class='text-center'>Доступ</h4><br>",
+            "col": 12
+        },
+        "user_type": {
+            "type": "Autocomplete",
+            "data": "users.user_type",
+            "default": "regular",
+            "ua": "Тип користувача"
+        },
+        "enabled": {
+            "type": "Switcher",
+            "ua": "Off/On",
+            "help": "Off - користувач вимкнутий; On - Користувач увімкнутий"
+        },
+        "readonly": {
+            "type": "Switcher",
+            "ua": "Read Only",
+            "help": "On - У користувача усі інтерфейси в режимі перегляду, без редагування"
+        },
+        "d4": {
+            "type": "HTML",
+            "title": false,
+            "text": "<h4 class='text-center'>Профіль</h4><br>",
+            "col": 12
+        },
+        "user_rnokpp": {
+            "type": "MarkedText",
+            "mask": "9999999999",
+            "ua": "РНОКПП",
+            "col": 6,
+            "validators": [
+                {
+                    "type": "regexp",
+                    "regexp": "^([0-9]{10,10})$",
+                    "flags": "g",
+                    "message": "Лише цифри, 10 символів"
+                }
+            ]
+        },
+        "organ_edrpou": {
+            "type": "MarkedText",
+            "mask": "99999999",
+            "ua": "Код ЄДРПОУ",
+            "col": 6,
+            "validators": [
+                {
+                    "type": "regexp",
+                    "regexp": "^([0-9]{8,8})$",
+                    "flags": "g",
+                    "message": "Лише цифри, 8 символів"
+                }
+            ]
+        },
+        "unzr": {
+            "type": "MarkedText",
+            "mask": "99999999-9999",
+            "ua": "УНЗР",
+            "col": 6,
+            "i": "Унікальний номер запису в Єдиному державному демографічному реєстрі"
+        },
+        "avatar": {
+            "type": "File",
+            "ua": "Аватар",
+            "i": "Додається зображення, що буде відображено в системі у якості аватара цього користувача",
+            "ru": "Аватар",
+            "dir": "avatar"
+        }
+    },
+    "label_style": "vertical",
+    "width": 900
+}

package/module/permissions/table/gis.permissions.table.json

@@ -0,0 +1,99 @@
+{
+    "key": "uid",
+    "table": "admin.users",
+    "actions": [
+        "add",
+        "edit"
+    ],
+    "controls": [
+        "search",
+        "list",
+        "add"
+    ],
+    "access": "user",
+    "order": "cdate desc",
+    "form": "admin.users.form",
+    "meta": {
+        "title": "full_name",
+        "search": "user_name,sur_name,father_name,login,email,phone"
+    },
+    "title": "Доступи до шарів",
+    "sql": [
+        {
+            "sql": "select count(*) as count_layers from gis.services_users_rel where user_id=t.uid",
+            "name": "count_layers_sql"
+        },
+        {
+            "sql": "select concat(user_name, ' ', sur_name, ' ', father_name, ' ') as full_name",
+            "name": "full_name_sql"
+        }
+    ],
+    "columns": [
+        {
+            "ua": "ПІБ",
+            "name": "full_name",
+            "format": "text",
+            "link": "gis.permissions/{id}"
+        },
+        {
+            "ua": "Логін",
+            "name": "login",
+            "hidden": true,
+            "format": "text"
+        },
+        {
+            "ua": "Email",
+            "name": "email",
+            "format": "text"
+        },
+        {
+            "ua": "РНОКПП",
+            "name": "user_rnokpp",
+            "format": "text"
+        },
+        {
+            "ua": "Кількість шарів в доступі",
+            "name": "count_layers",
+            "format": "text"
+        },
+        {
+            "name": "cdate",
+            "ua": "Створено",
+            "format": "date"
+        },
+        {
+            "name": "enabled",
+            "ua": "On / Off",
+            "data": "yes_no",
+            "format": "date"
+        }
+    ],
+    "filters": [
+        {
+            "ua": "РНОКПП",
+            "name": "user_rnokpp",
+            "type": "Text"
+        },
+        {
+            "ua": "Email",
+            "name": "email",
+            "type": "Text"
+        },
+        {
+            "ua": "Кількість шарів в доступі",
+            "name": "count_layers",
+            "type": "Range"
+        },
+        {
+            "name": "enabled",
+            "type": "Check",
+            "data": "yes_no",
+            "ua": "On / Off"
+        },
+        {
+            "ua": "Дата створення",
+            "name": "cdate",
+            "type": "Date"
+        }
+    ]
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@opengis/gis",
-  "version": "0.2.89",
+  "version": "0.2.90",
   "type": "module",
   "author": "Softpro",
   "main": "./dist/index.js",
@@ -53,7 +53,7 @@
   },
   "devDependencies": {
     "@opengis/core": "^0.0.23",
-    "@opengis/fastify-table": "^2.0.135",
+    "@opengis/fastify-table": "^2.0.142",
     "@opengis/filter": "0.1.31",
     "@opengis/form": "^0.0.103",
     "@opengis/table": "^0.0.27",

package/plugin.js

@@ -29,6 +29,7 @@ async function plugin(app, opts = config) {
   app.register(import('./server/routes/map/index.mjs'), opts);
   app.register(import('./server/plugins/crons.js'), opts);
   app.register(import('./server/routes/gis/index.mjs'), opts);
+  app.register(import('./server/routes/permissions/index.mjs'), opts);
   app.register(import('./server/routes/mapnik/index.js'), opts);
   app.get('/logger-gis/stat', adminParams, mapnikStat);
   app.get('/logger-gis/*', adminParams, mapnikLogger);

package/server/migrations/services_users_rel.sql

@@ -0,0 +1,23 @@
+CREATE TABLE if not exists gis.services_users_rel
+(
+  services_rel_id text NOT NULL DEFAULT admin.next_id(),
+  service_id text NOT NULL,
+  user_id text NOT NULL,
+  actions text[],
+  created_at timestamp without time zone DEFAULT date_trunc('minutes'::text, (now())::timestamp without time zone),
+  updated_at timestamp without time zone,
+  updated_by text,
+  created_by text,
+  CONSTRAINT services_rel_pkey PRIMARY KEY (services_rel_id),
+  CONSTRAINT user_id_fkey FOREIGN KEY (user_id)
+      REFERENCES admin.users (uid) MATCH SIMPLE
+      ON UPDATE NO ACTION ON DELETE NO ACTION,
+  CONSTRAINT services_user_id_unique UNIQUE (service_id, user_id)
+);
+
+CREATE INDEX if not exists services_users_rel_service_id_btree_idx
+  ON gis.services_users_rel
+  USING btree
+  (service_id);
+
+ALTER TABLE admin.users ADD COLUMN IF NOT EXISTS all_layers boolean NOT NULL DEFAULT false;

package/server/routes/map/controllers/layerList.js

@@ -1,6 +1,7 @@
 import {
   config, pgClients, yml2json, getTemplates, getTemplate,
 } from '@opengis/fastify-table/utils.js';
+import getPermissions from '../../permissions/controllers/utils/get.permissions.js';
 
 export default async function layerList({
   pg = pgClients.client, query = {}, user = {},
@@ -12,19 +13,41 @@ export default async function layerList({
     return layer;
   }));
 
-  if (!pg.pk?.['gis.services']) {
+  if (!pg.pk?.['gis.services'] && !pg.pk?.['gis.ogc_service'] && !pg.pk?.['gis.rasters'] && !pg.pk?.['gis.cartocss']) {
     return files;
     // return reply.status(404).send('services table not found');
   }
 
+  const { all_layers, layer_list } = (user.uid) ? await getPermissions({ pg, uid: user.uid }) : { all_layers: false, layer_list: [] };
+
+  const whereServices = (all_layers === true) ? '1=1'
+    : (user.uid && !all_layers) ? '( s.is_public or ( not s.is_public and ( s.service_id = any($1) or not exists ( select 1 from gis.services_users_rel r where r.service_id = s.service_id and r.actions is not null ) ) ) )'
+      : 'is_public';
+
+  const whereOgcServices = (all_layers === true) ? '1=1'
+    : (user.uid && !all_layers) ? '( s.ispublic or ( not s.ispublic and ( s.ogc_service_id = any($1) or not exists ( select 1 from gis.services_users_rel r where r.service_id = s.ogc_service_id and r.actions is not null ) ) ) )'
+      : 'ispublic';
+
+  const whereRasters = (all_layers === true) ? '1=1'
+    : (user.uid && !all_layers) ? '(s.is_public or (s.raster_id = any($1) and not s.is_public and s.raster_id not in (select service_id from gis.services_users_rel where actions is not null)))'
+      : 'is_public';
+
+  const whereCartocss = (all_layers === true) ? '1=1'
+    : (user.uid && !all_layers) ? '(s.is_public or (s.cartocss_id = any($1) and not s.is_public and s.cartocss_id not in (select service_id from gis.services_users_rel where actions is not null)))'
+      : 'is_public';
+
   const q = `
+   select * from 
+   (
     select service_id as id, name, category, style, bbox::box2d as extent, st_asgeojson(bbox)::json as geom, coalesce('/api/vtile/'||service_id||'/ua/{z}/{x}/{y}.vmt',null) as url, coalesce(service_type, 'vtile') as service, group_id,
         popup, card, filters, source_path
-    from gis.services where is_active and ${!user.uid ? 'is_public' : '1=1'}
+    from gis.services s where is_active and
+    ${whereServices}
     union all 
     select ogc_service_id as id, name, category, null as style, geom::box2d as extent, st_asgeojson(geom)::json as geom, url, 'ogc' as service, group_id,
         null as popup, null as card, null as filters, table_name as source_path
-    from gis.ogc_service where enabled and ${!user.uid ? 'ispublic' : '1=1'}
+    from gis.ogc_service s where enabled and
+    ${whereOgcServices}
     union all 
     select raster_id as id, name, null as category, null as style, geom::box2d as extent, st_asgeojson(geom)::json as geom, 
     coalesce('/api/gis-rtile/'||rtrim(
@@ -38,17 +61,20 @@ export default async function layerList({
                             '='
                         )||'/{z}/{x}/{y}.png',null) as url, 'raster' as service, group_id,
         null as popup, null as card, null as filters, source_path
-    from gis.rasters s where is_active and ${!user.uid ? 'is_public' : '1=1'}
+    from gis.rasters s where is_active and
+    ${whereRasters}
     union all 
     select cartocss_id as id, name, null as category, style, geom::box2d as bbox, st_asgeojson(geom)::json as geom,
-     coalesce('/api/gis-rtile/'||cartocss_id||'/{z}/{x}/{y}.png',null) as url, 'cartocss' as service, group_id,
-        null as popup, null as card, null as filters, source_path
-    from gis.cartocss where enabled and ${!user.uid ? 'is_public' : '1=1'}
+    coalesce('/api/gis-rtile/'||cartocss_id||'/{z}/{x}/{y}.png',null) as url, 'cartocss' as service, group_id,
+        null as popup, null as card, null as filters, null as source_path
+    from gis.cartocss s where enabled and
+    ${whereCartocss}
+     )q order by q.name
     `;
 
   if (user.uid && sql) return q;
 
-  const rows = await pg.query(q).then(el => el.rows || []);
+  const rows = await pg.query(q, (user.uid && !all_layers) ? [layer_list] : []).then(el => el.rows || []);
 
   const totals = pg.queryCache ? await pg.queryCache('select json_object_agg(oid::regclass, reltuples) from pg_class')
     .then(el => el.rows?.[0]?.json_object_agg || {}) : {};

package/server/routes/map/controllers/mapFormat.js

@@ -12,7 +12,7 @@ function getLayerTableQuery({
     gcol: geom = 'geom', table, pk = pg.pk[el.table], query: tableQuery, srid, columns,
   } = el;
   const step = srids.length && srids.includes(srid - 0) && srid !== 4326 ? 10 : 0.001;
-  return `SELECT
+  const q = `SELECT
   ${pk} as "id"
   ,'${el.key}' as "key"
   ${nogeom ? '' : `,st_asgeojson(${srid !== 4326 ? `st_transform(${geom}, 4326)` : geom})::json as geom`}, ${srid !== 4326 ? `st_transform(${geom}, 4326)` : geom}::box2d as box2d, ${columns ? `row_to_json(t)` : 'null'} as "data" 
@@ -26,6 +26,7 @@ and ${point ? `case
     then st_distance(${srid !== 4326 ? `st_transform(${geom}, 4326)` : geom},'${point}') < ${step}
   else false end` : `${id ? `${pk}='${id.replace(/'/g, "")}'` : '2=2'}`
     } ${point ? 'order by distance' : ''} limit 1`;
+  return q;
 }
 
 async function getLayersData({

package/server/routes/permissions/controllers/catalog.permissions.edit.js

@@ -0,0 +1,22 @@
+export default async function catalogPermissionsEdit(req, reply) {
+    const { pg, params, body } = req;
+    const { uid } = params;
+    if (!uid) return reply.status(403).send({ status: 403, message: 'access restricted' });
+    if (!body?.length) return reply.status(400).send({ status: 400, message: 'body is empty' });
+
+    try {
+        await pg.one(`delete from gis.services_users_rel where user_id = $1`, [uid]);
+
+        const sql = [];
+        body.map(el => {
+            const insertSql = `('${el?.service_id}','${uid}','${uid}',${(el?.actions?.length) ? `'{${el?.actions?.map(action => `"${action}"`)}}'::text[]` : 'null'})`;
+            sql.push(insertSql);
+        });
+
+        await pg.query(`insert into gis.services_users_rel (service_id,user_id,created_by,actions) values ${sql?.join(',')}`);
+        return reply.status(201).send({ status: 201, message: `Inserted ${body?.length} permissions` });
+    }
+ catch (err) {
+        return reply.status(500).send({ status: 500, message: err.toString() });
+    }
+}

package/server/routes/permissions/controllers/catalog.permissions.js

@@ -0,0 +1,8 @@
+export default async function catalogPermissions(req, reply) {
+    const { pg, params } = req;
+    const { uid } = params;
+    if (!uid) return reply.status(403).send({ status: 403, message: 'access restricted' });
+    const { total, layer_list } = await pg.one(
+        `select count(*)::int as total,array_agg(json_build_object('service_id',service_id,'actions',actions)) as layer_list from gis.services_users_rel where user_id=$1`, [uid]);
+    return reply.status(200).send({ status: 200, total, layer_list })
+}

package/server/routes/permissions/controllers/gis.catalog.js

@@ -0,0 +1,80 @@
+import getPermissions from './utils/get.permissions.js';
+
+export default async function gisCatalog(req, reply) {
+  const { pg, user } = req;
+
+  if (!user?.uid) return reply.status(403).send({ status: 403, message: 'access restricted' });
+
+  // permissions
+  const { all_layers, group_list, layer_list } = await getPermissions({ pg, uid: user.uid });
+  if (!all_layers && !group_list?.length && !layer_list?.length) {
+    return reply.status(200).send({
+      status: 204, categoriesCount: 0, layersCount: 0, servicesCount: 0, rastersCount: 0, categories: [], layers: [],
+    });
+  }
+
+  // groups
+  const selectCategories = `select group_id as category_id, group_name as name, icon from gis.group_list where enabled and ${all_layers ? '$1' : 'group_id = any($1)'}`;
+  const { rows: categories } = await pg.query(selectCategories, [all_layers ? true : group_list]);
+  const categoriesCount = categories?.length || 0;
+
+  // services
+  const selectLayers = `
+    select
+    service_id as layer_id,
+    group_id as category_id,
+    name,
+    service_type,
+    source_path,
+    geom_type /*,
+   style,
+    popup,
+    card,
+    bi,
+    legend,
+    attributes,
+    popup*/
+    from gis.services
+    where is_active and 
+    ${all_layers ? '$1' : 'service_id = any($1)'}`;
+  const { rows: services } = await pg.query(selectLayers, [all_layers ? true : layer_list]);
+  const servicesCount = services?.length || 0;
+
+  // ogc services
+  const selectOgcServices = `select ogc_service_id as layer_id,group_id as category_id,name,service as service_type,url,html from gis.ogc_service where enabled and ${all_layers ? '$1' : 'ogc_service_id = any($1)'}`;
+  const { rows: ogcServices } = await pg.query(selectOgcServices, [all_layers ? true : layer_list]);
+  const ogcServicesCount = ogcServices?.length || 0;
+
+  // rasters
+  const selectRasters = `select raster_id as layer_id, group_id as category_id,name,'raster' as service_type,source_path from gis.rasters where enabled and ${all_layers ? '$1' : 'raster_id = any($1)'}`;
+  const { rows: rasters } = await pg.query(selectRasters, [all_layers ? true : layer_list]);
+  const rastersCount = rasters?.length || 0;
+
+  // cartocss
+  const selectCartocss = `select cartocss_id as layer_id, group_id as category_id,name,'cartocss' as service_type,config from gis.cartocss where enabled and ${all_layers ? '$1' : 'cartocss_id = any($1)'}`;
+  const { rows: cartocss } = await pg.query(selectCartocss, [all_layers ? true : layer_list]);
+  const cartocssCount = cartocss?.length || 0;
+
+  const layers = [
+    ...services,
+    ...ogcServices,
+    ...rasters,
+    ...cartocss,
+  ];
+  const layersCount = layers?.length || 0;
+
+  const res = {
+    categoriesCount,
+    layersCount,
+    servicesCount,
+    ogcServicesCount,
+    rastersCount,
+    cartocssCount,
+    categories,
+    layers,
+
+  };
+  const statusCode = (!layersCount && !categoriesCount) ? 204 : 200;
+
+  return reply.status(statusCode).send(res);
+}

package/server/routes/permissions/controllers/utils/get.permissions.js

@@ -0,0 +1,43 @@
+export default async function getPermissions({ pg, uid }) {
+  if (!uid) return { all_layers: false, group_list: [] };
+  const selectPermissions = `
+            select
+            case when a.user_type='admin' then true else a.all_layers end as all_layers,
+            b.layer_list,
+            c.group_list
+            from admin.users a
+            left join lateral (
+                select array_agg(service_id) as layer_list
+                from gis.services_users_rel
+                where user_id = a.uid
+            ) b on true
+            left join lateral (
+                select
+                array_agg(distinct group_id) as group_list
+                from
+                (
+                    select 
+                    group_id
+                    from gis.services
+                    where is_public and is_active
+                    and service_id = any(b.layer_list)
+                    union all
+                    select
+                    group_id
+                    from gis.ogc_service
+                    where enabled and 
+                    ogc_service_id = any(b.layer_list)
+                )q
+                where group_id in (
+                    select group_id
+                    from gis.group_list
+                    where enabled
+                ) 
+            ) c on true
+            where a.uid = $1
+            limit 1
+        `;
+  const { all_layers, group_list, layer_list } = await pg.query(selectPermissions, [uid]).then(el => el?.rows?.[0] || {});
+
+  return { all_layers, group_list, layer_list };
+}

package/server/routes/permissions/index.mjs

@@ -0,0 +1,18 @@
+import catalogPermissions from './controllers/catalog.permissions.js';
+import catalogPermissionsEdit from './controllers/catalog.permissions.edit.js';
+import gisCatalog from './controllers/gis.catalog.js';
+
+export default async function route(fastify) {
+  if (!fastify.hasRoute({ method: 'GET', url: '/api/catalog' })) {
+    console.log('\x1b[34m%s\x1b[0m', 'add catalog from gis');
+    fastify.get('/catalog', { policy: 'L2' }, gisCatalog);
+  }
+  if (!fastify.hasRoute({ method: 'GET', url: '/api/catalog-permissions/:uid' })) {
+    console.log('\x1b[34m%s\x1b[0m', 'add catalog-permissions from gis');
+    fastify.get('/catalog-permissions/:uid', { policy: 'L2' }, catalogPermissions);
+  }
+  if (!fastify.hasRoute({ method: 'POST', url: '/api/catalog-permissions/:uid' })) {
+    console.log('\x1b[34m%s\x1b[0m', 'add catalog-permissions-edit from gis');
+    fastify.post('/catalog-permissions/:uid', { policy: 'L2' }, catalogPermissionsEdit);
+  }
+}