@ruiapp/rapid-core 0.1.59 → 0.1.61

package/dist/index.js

@@ -6,9 +6,9 @@ var lodash = require('lodash');
 var events = require('events');
 var Router = require('koa-tree-router');
 var qs = require('qs');
+var dayjs = require('dayjs');
 var jsonwebtoken = require('jsonwebtoken');
 var crypto = require('crypto');
-var dayjs = require('dayjs');
 var bcrypt = require('bcrypt');
 var path = require('path');
 var fs = require('fs');
@@ -38,8 +38,8 @@ function _interopNamespace(e) {
 
 var Router__default = /*#__PURE__*/_interopDefaultLegacy(Router);
 var qs__default = /*#__PURE__*/_interopDefaultLegacy(qs);
-var crypto__default = /*#__PURE__*/_interopDefaultLegacy(crypto);
 var dayjs__default = /*#__PURE__*/_interopDefaultLegacy(dayjs);
+var crypto__default = /*#__PURE__*/_interopDefaultLegacy(crypto);
 var bcrypt__default = /*#__PURE__*/_interopDefaultLegacy(bcrypt);
 var path__default = /*#__PURE__*/_interopDefaultLegacy(path);
 var fs__default = /*#__PURE__*/_interopDefaultLegacy(fs);
@@ -1965,6 +1965,10 @@ function getEntityPartChanges(before, after) {
     return changed;
 }
 
+function getNowStringWithTimezone() {
+    return dayjs__default["default"]().format("YYYY-MM-DD HH:mm:ss.SSSZ");
+}
+
 function convertEntityOrderByToRowOrderBy(server, model, baseModel, orderByList) {
     if (!orderByList) {
         return null;
@@ -2413,6 +2417,17 @@ async function createEntity(server, dataAccessor, options, plugin) {
         throw newEntityOperationError("Create base entity directly is not allowed.");
     }
     const { entity, routeContext } = options;
+    const userId = options.routeContext.state?.userId;
+    if (userId) {
+        const createdByProperty = getEntityPropertyByCode(server, model, "createdBy");
+        if (createdByProperty) {
+            entity.createdBy = userId;
+        }
+    }
+    const createdAtProperty = getEntityPropertyByCode(server, model, "createdAt");
+    if (createdAtProperty) {
+        entity.createdAt = getNowStringWithTimezone();
+    }
     await server.beforeCreateEntity(model, options);
     await server.emitEvent({
         eventName: "entity.beforeCreate",
@@ -2580,7 +2595,7 @@ async function createEntity(server, dataAccessor, options, plugin) {
 }
 async function updateEntityById(server, dataAccessor, options, plugin) {
     const model = dataAccessor.getModel();
-    const { id, entityToSave, routeContext } = options;
+    const { id, routeContext } = options;
     if (!id) {
         throw new Error("Id is required when updating an entity.");
     }
@@ -2591,11 +2606,23 @@ async function updateEntityById(server, dataAccessor, options, plugin) {
     if (!entity) {
         throw new Error(`${model.namespace}.${model.singularCode}  with id "${id}" was not found.`);
     }
+    let { entityToSave } = options;
     let changes = getEntityPartChanges(entity, entityToSave);
     if (!changes && !options.operation) {
         return entity;
     }
-    options.entityToSave = changes || {};
+    entityToSave = changes || {};
+    const userId = options.routeContext.state?.userId;
+    if (userId) {
+        const updatedByProperty = getEntityPropertyByCode(server, model, "updatedBy");
+        if (updatedByProperty) {
+            entityToSave.updatedBy = userId;
+        }
+    }
+    const updatedAtProperty = getEntityPropertyByCode(server, model, "updatedAt");
+    if (updatedAtProperty) {
+        entityToSave.updatedAt = getNowStringWithTimezone();
+    }
     await server.beforeUpdateEntity(model, options, entity);
     await server.emitEvent({
         eventName: "entity.beforeUpdate",
@@ -2603,14 +2630,14 @@ async function updateEntityById(server, dataAccessor, options, plugin) {
             namespace: model.namespace,
             modelSingularCode: model.singularCode,
             before: entity,
-            changes: options.entityToSave,
+            changes: entityToSave,
             operation: options.operation,
             stateProperties: options.stateProperties,
         },
         sender: plugin,
         routeContext: options.routeContext,
     });
-    changes = getEntityPartChanges(entity, options.entityToSave);
+    changes = getEntityPartChanges(entity, entityToSave);
     const oneRelationPropertiesToUpdate = [];
     const manyRelationPropertiesToUpdate = [];
     lodash.keys(changes).forEach((propertyCode) => {
@@ -3934,10 +3961,6 @@ async function handler$j(plugin, ctx, options) {
     const { defaultInput, fixedInput } = options;
     const mergedInput = mergeInput(defaultInput, input, fixedInput);
     logger.debug(`Running ${code$j} handler...`, { defaultInput, fixedInput, mergedInput });
-    const userId = ctx.routerContext.state?.userId;
-    if (userId) {
-        input.createdBy = userId;
-    }
     const entityManager = server.getEntityManager(options.singularCode);
     const output = await entityManager.createEntity({
         entity: input,
@@ -5530,6 +5553,7 @@ class ServerOperationPlugin {
                         code: "runServerOperation",
                         config: {
                             operation: operation.handler,
+                            permissionCheck: operation.permissionCheck,
                         },
                     },
                 ],
@@ -5980,14 +6004,6 @@ class EntityAccessControlPlugin {
     async configureRoutes(server, applicationConfig) {
         const logger = server.getLogger();
         logger.info("Configuring entity access checking policies...");
-        const model = lodash.find(applicationConfig.models, (item) => item.singularCode === "model");
-        if (!model) {
-            return;
-        }
-        const { permissionPolicies } = model;
-        if (!permissionPolicies) {
-            return;
-        }
         const routes = applicationConfig.routes;
         for (const route of routes) {
             const { actions } = route;
@@ -5995,9 +6011,56 @@ class EntityAccessControlPlugin {
                 continue;
             }
             for (const action of route.actions) {
-                if (action.code === "findCollectionEntityById") {
+                if (action.code === "findCollectionEntityById" || action.code === "findCollectionEntities" || action.code === "countCollectionEntities") {
+                    const model = lodash.find(applicationConfig.models, (item) => item.singularCode === action.config.singularCode);
+                    if (!model) {
+                        continue;
+                    }
+                    const { permissionPolicies } = model;
+                    if (!permissionPolicies) {
+                        continue;
+                    }
                     if (permissionPolicies.find) {
-                        lodash.set(action, "config.permissionPolicy", permissionPolicies.find);
+                        lodash.set(action, "config.permissionCheck", permissionPolicies.find);
+                    }
+                }
+                else if (action.code === "createCollectionEntity" || action.code === "createCollectionEntitiesBatch") {
+                    const model = lodash.find(applicationConfig.models, (item) => item.singularCode === action.config.singularCode);
+                    if (!model) {
+                        continue;
+                    }
+                    const { permissionPolicies } = model;
+                    if (!permissionPolicies) {
+                        continue;
+                    }
+                    if (permissionPolicies.create) {
+                        lodash.set(action, "config.permissionCheck", permissionPolicies.create);
+                    }
+                }
+                else if (action.code === "updateCollectionEntityById" || action.code === "addEntityRelations" || action.code === "removeEntityRelations") {
+                    const model = lodash.find(applicationConfig.models, (item) => item.singularCode === action.config.singularCode);
+                    if (!model) {
+                        continue;
+                    }
+                    const { permissionPolicies } = model;
+                    if (!permissionPolicies) {
+                        continue;
+                    }
+                    if (permissionPolicies.update) {
+                        lodash.set(action, "config.permissionCheck", permissionPolicies.update);
+                    }
+                }
+                else if (action.code === "deleteCollectionEntityById") {
+                    const model = lodash.find(applicationConfig.models, (item) => item.singularCode === action.config.singularCode);
+                    if (!model) {
+                        continue;
+                    }
+                    const { permissionPolicies } = model;
+                    if (!permissionPolicies) {
+                        continue;
+                    }
+                    if (permissionPolicies.delete) {
+                        lodash.set(action, "config.permissionCheck", permissionPolicies.delete);
                     }
                 }
             }
@@ -6019,9 +6082,9 @@ class EntityAccessControlPlugin {
         const { routerContext } = handlerContext;
         const { routeConfig } = routerContext;
         for (const actionConfig of routeConfig.actions) {
-            const permissionPolicy = actionConfig.config?.permissionPolicy;
-            if (permissionPolicy) {
-                if (!isAccessAllowed(permissionPolicy, routerContext.state.allowedActions || [])) {
+            const permissionCheck = actionConfig.config?.permissionCheck;
+            if (permissionCheck) {
+                if (!isAccessAllowed(permissionCheck, routerContext.state.allowedActions || [])) {
                     throw new Error(`Your action of '${actionConfig.code}' is not permitted.`);
                 }
             }

package/dist/plugins/serverOperation/ServerOperationPluginTypes.d.ts

@@ -1,9 +1,11 @@
 import { ActionHandlerContext } from "../../core/actionHandler";
 import { RpdHttpMethod } from "../../types";
+import { PermissionCheckPolicy } from "../../utilities/accessControlUtility";
 export interface ServerOperation {
     code: string;
     description?: string;
     method: RpdHttpMethod;
+    permissionCheck?: PermissionCheckPolicy;
     handler: (ctx: ActionHandlerContext) => Promise<void>;
 }
 export interface ServerOperationPluginInitOptions {

package/dist/utilities/timeUtility.d.ts

@@ -0,0 +1,2 @@
+export declare function getNowString(): string;
+export declare function getNowStringWithTimezone(): string;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ruiapp/rapid-core",
-  "version": "0.1.59",
+  "version": "0.1.61",
   "description": "",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/dataAccess/entityManager.ts

@@ -26,7 +26,7 @@ import { filter, find, first, forEach, isArray, isObject, keys, map, reject, uni
 import { getEntityPropertiesIncludingBase, getEntityProperty, getEntityPropertyByCode } from "./metaHelper";
 import { ColumnQueryOptions, CountRowOptions, FindRowOptions, FindRowOrderByOptions, RowFilterOptions } from "./dataAccessTypes";
 import { newEntityOperationError } from "~/utilities/errorUtility";
-import { RouteContext } from "~/core/routeContext";
+import { getNowStringWithTimezone } from "~/utilities/timeUtility";
 
 function convertEntityOrderByToRowOrderBy(server: IRpdServer, model: RpdDataModel, baseModel?: RpdDataModel, orderByList?: FindEntityOrderByOptions[]) {
   if (!orderByList) {
@@ -514,6 +514,18 @@ async function createEntity(server: IRpdServer, dataAccessor: IRpdDataAccessor,
 
   const { entity, routeContext } = options;
 
+  const userId = options.routeContext.state?.userId;
+  if (userId) {
+    const createdByProperty = getEntityPropertyByCode(server, model, "createdBy");
+    if (createdByProperty) {
+      entity.createdBy = userId;
+    }
+  }
+  const createdAtProperty = getEntityPropertyByCode(server, model, "createdAt");
+  if (createdAtProperty) {
+    entity.createdAt = getNowStringWithTimezone();
+  }
+
   await server.beforeCreateEntity(model, options);
 
   await server.emitEvent({
@@ -693,7 +705,7 @@ async function createEntity(server: IRpdServer, dataAccessor: IRpdDataAccessor,
 
 async function updateEntityById(server: IRpdServer, dataAccessor: IRpdDataAccessor, options: UpdateEntityByIdOptions, plugin?: RapidPlugin) {
   const model = dataAccessor.getModel();
-  const { id, entityToSave, routeContext } = options;
+  const { id, routeContext } = options;
   if (!id) {
     throw new Error("Id is required when updating an entity.");
   }
@@ -706,12 +718,26 @@ async function updateEntityById(server: IRpdServer, dataAccessor: IRpdDataAccess
     throw new Error(`${model.namespace}.${model.singularCode}  with id "${id}" was not found.`);
   }
 
+  let { entityToSave } = options;
   let changes = getEntityPartChanges(entity, entityToSave);
   if (!changes && !options.operation) {
     return entity;
   }
 
-  options.entityToSave = changes || {};
+  entityToSave = changes || {};
+
+  const userId = options.routeContext.state?.userId;
+  if (userId) {
+    const updatedByProperty = getEntityPropertyByCode(server, model, "updatedBy");
+    if (updatedByProperty) {
+      entityToSave.updatedBy = userId;
+    }
+  }
+  const updatedAtProperty = getEntityPropertyByCode(server, model, "updatedAt");
+  if (updatedAtProperty) {
+    entityToSave.updatedAt = getNowStringWithTimezone();
+  }
+
   await server.beforeUpdateEntity(model, options, entity);
 
   await server.emitEvent({
@@ -720,7 +746,7 @@ async function updateEntityById(server: IRpdServer, dataAccessor: IRpdDataAccess
       namespace: model.namespace,
       modelSingularCode: model.singularCode,
       before: entity,
-      changes: options.entityToSave,
+      changes: entityToSave,
       operation: options.operation,
       stateProperties: options.stateProperties,
     },
@@ -728,7 +754,7 @@ async function updateEntityById(server: IRpdServer, dataAccessor: IRpdDataAccess
     routeContext: options.routeContext,
   });
 
-  changes = getEntityPartChanges(entity, options.entityToSave);
+  changes = getEntityPartChanges(entity, entityToSave);
 
   const oneRelationPropertiesToUpdate: RpdDataModelProperty[] = [];
   const manyRelationPropertiesToUpdate: RpdDataModelProperty[] = [];

package/src/plugins/dataManage/actionHandlers/createCollectionEntity.ts

@@ -12,11 +12,6 @@ export async function handler(plugin: RapidPlugin, ctx: ActionHandlerContext, op
   const mergedInput = mergeInput(defaultInput, input, fixedInput);
   logger.debug(`Running ${code} handler...`, { defaultInput, fixedInput, mergedInput });
 
-  const userId = ctx.routerContext.state?.userId;
-  if (userId) {
-    input.createdBy = userId;
-  }
-
   const entityManager = server.getEntityManager(options.singularCode);
   const output = await entityManager.createEntity(
     {

package/src/plugins/entityAccessControl/EntityAccessControlPlugin.ts

@@ -1,6 +1,12 @@
 import type { RpdApplicationConfig, RpdDataModelProperty } from "~/types";
 
-import { IRpdServer, RapidPlugin, RpdConfigurationItemOptions, RpdServerPluginConfigurableTargetOptions, RpdServerPluginExtendingAbilities } from "~/core/server";
+import {
+  IRpdServer,
+  RapidPlugin,
+  RpdConfigurationItemOptions,
+  RpdServerPluginConfigurableTargetOptions,
+  RpdServerPluginExtendingAbilities,
+} from "~/core/server";
 import { find, set } from "lodash";
 import { ActionHandlerContext } from "~/core/actionHandler";
 import { isAccessAllowed } from "~/utilities/accessControlUtility";
@@ -45,16 +51,6 @@ class EntityAccessControlPlugin implements RapidPlugin {
     const logger = server.getLogger();
     logger.info("Configuring entity access checking policies...");
 
-    const model = find(applicationConfig.models, (item) => item.singularCode === "model");
-    if (!model) {
-      return;
-    }
-
-    const { permissionPolicies } = model;
-    if (!permissionPolicies) {
-      return;
-    }
-
     const routes = applicationConfig.routes;
     for (const route of routes) {
       const { actions } = route;
@@ -63,9 +59,53 @@ class EntityAccessControlPlugin implements RapidPlugin {
       }
 
       for (const action of route.actions) {
-        if (action.code === "findCollectionEntityById") {
+        if (action.code === "findCollectionEntityById" || action.code === "findCollectionEntities" || action.code === "countCollectionEntities") {
+          const model = find(applicationConfig.models, (item) => item.singularCode === action.config.singularCode);
+          if (!model) {
+            continue;
+          }
+          const { permissionPolicies } = model;
+          if (!permissionPolicies) {
+            continue;
+          }
           if (permissionPolicies.find) {
-            set(action, "config.permissionPolicy", permissionPolicies.find);
+            set(action, "config.permissionCheck", permissionPolicies.find);
+          }
+        } else if (action.code === "createCollectionEntity" || action.code === "createCollectionEntitiesBatch") {
+          const model = find(applicationConfig.models, (item) => item.singularCode === action.config.singularCode);
+          if (!model) {
+            continue;
+          }
+          const { permissionPolicies } = model;
+          if (!permissionPolicies) {
+            continue;
+          }
+          if (permissionPolicies.create) {
+            set(action, "config.permissionCheck", permissionPolicies.create);
+          }
+        } else if (action.code === "updateCollectionEntityById" || action.code === "addEntityRelations" || action.code === "removeEntityRelations") {
+          const model = find(applicationConfig.models, (item) => item.singularCode === action.config.singularCode);
+          if (!model) {
+            continue;
+          }
+          const { permissionPolicies } = model;
+          if (!permissionPolicies) {
+            continue;
+          }
+          if (permissionPolicies.update) {
+            set(action, "config.permissionCheck", permissionPolicies.update);
+          }
+        } else if (action.code === "deleteCollectionEntityById") {
+          const model = find(applicationConfig.models, (item) => item.singularCode === action.config.singularCode);
+          if (!model) {
+            continue;
+          }
+          const { permissionPolicies } = model;
+          if (!permissionPolicies) {
+            continue;
+          }
+          if (permissionPolicies.delete) {
+            set(action, "config.permissionCheck", permissionPolicies.delete);
           }
         }
       }
@@ -93,9 +133,9 @@ class EntityAccessControlPlugin implements RapidPlugin {
     const { routerContext } = handlerContext;
     const { routeConfig } = routerContext;
     for (const actionConfig of routeConfig.actions) {
-      const permissionPolicy = actionConfig.config?.permissionPolicy;
-      if (permissionPolicy) {
-        if (!isAccessAllowed(permissionPolicy, routerContext.state.allowedActions || [])) {
+      const permissionCheck = actionConfig.config?.permissionCheck;
+      if (permissionCheck) {
+        if (!isAccessAllowed(permissionCheck, routerContext.state.allowedActions || [])) {
           throw new Error(`Your action of '${actionConfig.code}' is not permitted.`);
         }
       }

package/src/plugins/serverOperation/ServerOperationPlugin.ts

@@ -2,7 +2,13 @@ import type { RpdApplicationConfig, RpdRoute } from "~/types";
 
 import pluginActionHandlers from "./actionHandlers";
 import { ServerOperation, ServerOperationPluginInitOptions } from "./ServerOperationPluginTypes";
-import { IRpdServer, RapidPlugin, RpdConfigurationItemOptions, RpdServerPluginConfigurableTargetOptions, RpdServerPluginExtendingAbilities } from "~/core/server";
+import {
+  IRpdServer,
+  RapidPlugin,
+  RpdConfigurationItemOptions,
+  RpdServerPluginConfigurableTargetOptions,
+  RpdServerPluginExtendingAbilities,
+} from "~/core/server";
 
 class ServerOperationPlugin implements RapidPlugin {
   #operations: ServerOperation[];
@@ -68,6 +74,7 @@ class ServerOperationPlugin implements RapidPlugin {
             code: "runServerOperation",
             config: {
               operation: operation.handler,
+              permissionCheck: operation.permissionCheck,
             },
           },
         ],

package/src/plugins/serverOperation/ServerOperationPluginTypes.ts

@@ -1,10 +1,12 @@
 import { ActionHandlerContext } from "~/core/actionHandler";
 import { RpdHttpMethod } from "~/types";
+import { PermissionCheckPolicy } from "~/utilities/accessControlUtility";
 
 export interface ServerOperation {
   code: string;
   description?: string;
   method: RpdHttpMethod;
+  permissionCheck?: PermissionCheckPolicy;
   handler: (ctx: ActionHandlerContext) => Promise<void>;
 }
 

package/src/utilities/timeUtility.ts

@@ -0,0 +1,9 @@
+import dayjs from "dayjs";
+
+export function getNowString() {
+  return dayjs().format("YYYY-MM-DD HH:mm:ss.SSS");
+}
+
+export function getNowStringWithTimezone() {
+  return dayjs().format("YYYY-MM-DD HH:mm:ss.SSSZ");
+}