@ruiapp/rapid-core 0.1.60 → 0.1.61
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +53 -13
- package/dist/plugins/serverOperation/ServerOperationPluginTypes.d.ts +2 -0
- package/package.json +1 -1
- package/src/plugins/entityAccessControl/EntityAccessControlPlugin.ts +56 -16
- package/src/plugins/serverOperation/ServerOperationPlugin.ts +8 -1
- package/src/plugins/serverOperation/ServerOperationPluginTypes.ts +2 -0
package/dist/index.js
CHANGED
|
@@ -5553,6 +5553,7 @@ class ServerOperationPlugin {
|
|
|
5553
5553
|
code: "runServerOperation",
|
|
5554
5554
|
config: {
|
|
5555
5555
|
operation: operation.handler,
|
|
5556
|
+
permissionCheck: operation.permissionCheck,
|
|
5556
5557
|
},
|
|
5557
5558
|
},
|
|
5558
5559
|
],
|
|
@@ -6003,14 +6004,6 @@ class EntityAccessControlPlugin {
|
|
|
6003
6004
|
async configureRoutes(server, applicationConfig) {
|
|
6004
6005
|
const logger = server.getLogger();
|
|
6005
6006
|
logger.info("Configuring entity access checking policies...");
|
|
6006
|
-
const model = lodash.find(applicationConfig.models, (item) => item.singularCode === "model");
|
|
6007
|
-
if (!model) {
|
|
6008
|
-
return;
|
|
6009
|
-
}
|
|
6010
|
-
const { permissionPolicies } = model;
|
|
6011
|
-
if (!permissionPolicies) {
|
|
6012
|
-
return;
|
|
6013
|
-
}
|
|
6014
6007
|
const routes = applicationConfig.routes;
|
|
6015
6008
|
for (const route of routes) {
|
|
6016
6009
|
const { actions } = route;
|
|
@@ -6018,9 +6011,56 @@ class EntityAccessControlPlugin {
|
|
|
6018
6011
|
continue;
|
|
6019
6012
|
}
|
|
6020
6013
|
for (const action of route.actions) {
|
|
6021
|
-
if (action.code === "findCollectionEntityById") {
|
|
6014
|
+
if (action.code === "findCollectionEntityById" || action.code === "findCollectionEntities" || action.code === "countCollectionEntities") {
|
|
6015
|
+
const model = lodash.find(applicationConfig.models, (item) => item.singularCode === action.config.singularCode);
|
|
6016
|
+
if (!model) {
|
|
6017
|
+
continue;
|
|
6018
|
+
}
|
|
6019
|
+
const { permissionPolicies } = model;
|
|
6020
|
+
if (!permissionPolicies) {
|
|
6021
|
+
continue;
|
|
6022
|
+
}
|
|
6022
6023
|
if (permissionPolicies.find) {
|
|
6023
|
-
lodash.set(action, "config.
|
|
6024
|
+
lodash.set(action, "config.permissionCheck", permissionPolicies.find);
|
|
6025
|
+
}
|
|
6026
|
+
}
|
|
6027
|
+
else if (action.code === "createCollectionEntity" || action.code === "createCollectionEntitiesBatch") {
|
|
6028
|
+
const model = lodash.find(applicationConfig.models, (item) => item.singularCode === action.config.singularCode);
|
|
6029
|
+
if (!model) {
|
|
6030
|
+
continue;
|
|
6031
|
+
}
|
|
6032
|
+
const { permissionPolicies } = model;
|
|
6033
|
+
if (!permissionPolicies) {
|
|
6034
|
+
continue;
|
|
6035
|
+
}
|
|
6036
|
+
if (permissionPolicies.create) {
|
|
6037
|
+
lodash.set(action, "config.permissionCheck", permissionPolicies.create);
|
|
6038
|
+
}
|
|
6039
|
+
}
|
|
6040
|
+
else if (action.code === "updateCollectionEntityById" || action.code === "addEntityRelations" || action.code === "removeEntityRelations") {
|
|
6041
|
+
const model = lodash.find(applicationConfig.models, (item) => item.singularCode === action.config.singularCode);
|
|
6042
|
+
if (!model) {
|
|
6043
|
+
continue;
|
|
6044
|
+
}
|
|
6045
|
+
const { permissionPolicies } = model;
|
|
6046
|
+
if (!permissionPolicies) {
|
|
6047
|
+
continue;
|
|
6048
|
+
}
|
|
6049
|
+
if (permissionPolicies.update) {
|
|
6050
|
+
lodash.set(action, "config.permissionCheck", permissionPolicies.update);
|
|
6051
|
+
}
|
|
6052
|
+
}
|
|
6053
|
+
else if (action.code === "deleteCollectionEntityById") {
|
|
6054
|
+
const model = lodash.find(applicationConfig.models, (item) => item.singularCode === action.config.singularCode);
|
|
6055
|
+
if (!model) {
|
|
6056
|
+
continue;
|
|
6057
|
+
}
|
|
6058
|
+
const { permissionPolicies } = model;
|
|
6059
|
+
if (!permissionPolicies) {
|
|
6060
|
+
continue;
|
|
6061
|
+
}
|
|
6062
|
+
if (permissionPolicies.delete) {
|
|
6063
|
+
lodash.set(action, "config.permissionCheck", permissionPolicies.delete);
|
|
6024
6064
|
}
|
|
6025
6065
|
}
|
|
6026
6066
|
}
|
|
@@ -6042,9 +6082,9 @@ class EntityAccessControlPlugin {
|
|
|
6042
6082
|
const { routerContext } = handlerContext;
|
|
6043
6083
|
const { routeConfig } = routerContext;
|
|
6044
6084
|
for (const actionConfig of routeConfig.actions) {
|
|
6045
|
-
const
|
|
6046
|
-
if (
|
|
6047
|
-
if (!isAccessAllowed(
|
|
6085
|
+
const permissionCheck = actionConfig.config?.permissionCheck;
|
|
6086
|
+
if (permissionCheck) {
|
|
6087
|
+
if (!isAccessAllowed(permissionCheck, routerContext.state.allowedActions || [])) {
|
|
6048
6088
|
throw new Error(`Your action of '${actionConfig.code}' is not permitted.`);
|
|
6049
6089
|
}
|
|
6050
6090
|
}
|
|
@@ -1,9 +1,11 @@
|
|
|
1
1
|
import { ActionHandlerContext } from "../../core/actionHandler";
|
|
2
2
|
import { RpdHttpMethod } from "../../types";
|
|
3
|
+
import { PermissionCheckPolicy } from "../../utilities/accessControlUtility";
|
|
3
4
|
export interface ServerOperation {
|
|
4
5
|
code: string;
|
|
5
6
|
description?: string;
|
|
6
7
|
method: RpdHttpMethod;
|
|
8
|
+
permissionCheck?: PermissionCheckPolicy;
|
|
7
9
|
handler: (ctx: ActionHandlerContext) => Promise<void>;
|
|
8
10
|
}
|
|
9
11
|
export interface ServerOperationPluginInitOptions {
|
package/package.json
CHANGED
|
@@ -1,6 +1,12 @@
|
|
|
1
1
|
import type { RpdApplicationConfig, RpdDataModelProperty } from "~/types";
|
|
2
2
|
|
|
3
|
-
import {
|
|
3
|
+
import {
|
|
4
|
+
IRpdServer,
|
|
5
|
+
RapidPlugin,
|
|
6
|
+
RpdConfigurationItemOptions,
|
|
7
|
+
RpdServerPluginConfigurableTargetOptions,
|
|
8
|
+
RpdServerPluginExtendingAbilities,
|
|
9
|
+
} from "~/core/server";
|
|
4
10
|
import { find, set } from "lodash";
|
|
5
11
|
import { ActionHandlerContext } from "~/core/actionHandler";
|
|
6
12
|
import { isAccessAllowed } from "~/utilities/accessControlUtility";
|
|
@@ -45,16 +51,6 @@ class EntityAccessControlPlugin implements RapidPlugin {
|
|
|
45
51
|
const logger = server.getLogger();
|
|
46
52
|
logger.info("Configuring entity access checking policies...");
|
|
47
53
|
|
|
48
|
-
const model = find(applicationConfig.models, (item) => item.singularCode === "model");
|
|
49
|
-
if (!model) {
|
|
50
|
-
return;
|
|
51
|
-
}
|
|
52
|
-
|
|
53
|
-
const { permissionPolicies } = model;
|
|
54
|
-
if (!permissionPolicies) {
|
|
55
|
-
return;
|
|
56
|
-
}
|
|
57
|
-
|
|
58
54
|
const routes = applicationConfig.routes;
|
|
59
55
|
for (const route of routes) {
|
|
60
56
|
const { actions } = route;
|
|
@@ -63,9 +59,53 @@ class EntityAccessControlPlugin implements RapidPlugin {
|
|
|
63
59
|
}
|
|
64
60
|
|
|
65
61
|
for (const action of route.actions) {
|
|
66
|
-
if (action.code === "findCollectionEntityById") {
|
|
62
|
+
if (action.code === "findCollectionEntityById" || action.code === "findCollectionEntities" || action.code === "countCollectionEntities") {
|
|
63
|
+
const model = find(applicationConfig.models, (item) => item.singularCode === action.config.singularCode);
|
|
64
|
+
if (!model) {
|
|
65
|
+
continue;
|
|
66
|
+
}
|
|
67
|
+
const { permissionPolicies } = model;
|
|
68
|
+
if (!permissionPolicies) {
|
|
69
|
+
continue;
|
|
70
|
+
}
|
|
67
71
|
if (permissionPolicies.find) {
|
|
68
|
-
set(action, "config.
|
|
72
|
+
set(action, "config.permissionCheck", permissionPolicies.find);
|
|
73
|
+
}
|
|
74
|
+
} else if (action.code === "createCollectionEntity" || action.code === "createCollectionEntitiesBatch") {
|
|
75
|
+
const model = find(applicationConfig.models, (item) => item.singularCode === action.config.singularCode);
|
|
76
|
+
if (!model) {
|
|
77
|
+
continue;
|
|
78
|
+
}
|
|
79
|
+
const { permissionPolicies } = model;
|
|
80
|
+
if (!permissionPolicies) {
|
|
81
|
+
continue;
|
|
82
|
+
}
|
|
83
|
+
if (permissionPolicies.create) {
|
|
84
|
+
set(action, "config.permissionCheck", permissionPolicies.create);
|
|
85
|
+
}
|
|
86
|
+
} else if (action.code === "updateCollectionEntityById" || action.code === "addEntityRelations" || action.code === "removeEntityRelations") {
|
|
87
|
+
const model = find(applicationConfig.models, (item) => item.singularCode === action.config.singularCode);
|
|
88
|
+
if (!model) {
|
|
89
|
+
continue;
|
|
90
|
+
}
|
|
91
|
+
const { permissionPolicies } = model;
|
|
92
|
+
if (!permissionPolicies) {
|
|
93
|
+
continue;
|
|
94
|
+
}
|
|
95
|
+
if (permissionPolicies.update) {
|
|
96
|
+
set(action, "config.permissionCheck", permissionPolicies.update);
|
|
97
|
+
}
|
|
98
|
+
} else if (action.code === "deleteCollectionEntityById") {
|
|
99
|
+
const model = find(applicationConfig.models, (item) => item.singularCode === action.config.singularCode);
|
|
100
|
+
if (!model) {
|
|
101
|
+
continue;
|
|
102
|
+
}
|
|
103
|
+
const { permissionPolicies } = model;
|
|
104
|
+
if (!permissionPolicies) {
|
|
105
|
+
continue;
|
|
106
|
+
}
|
|
107
|
+
if (permissionPolicies.delete) {
|
|
108
|
+
set(action, "config.permissionCheck", permissionPolicies.delete);
|
|
69
109
|
}
|
|
70
110
|
}
|
|
71
111
|
}
|
|
@@ -93,9 +133,9 @@ class EntityAccessControlPlugin implements RapidPlugin {
|
|
|
93
133
|
const { routerContext } = handlerContext;
|
|
94
134
|
const { routeConfig } = routerContext;
|
|
95
135
|
for (const actionConfig of routeConfig.actions) {
|
|
96
|
-
const
|
|
97
|
-
if (
|
|
98
|
-
if (!isAccessAllowed(
|
|
136
|
+
const permissionCheck = actionConfig.config?.permissionCheck;
|
|
137
|
+
if (permissionCheck) {
|
|
138
|
+
if (!isAccessAllowed(permissionCheck, routerContext.state.allowedActions || [])) {
|
|
99
139
|
throw new Error(`Your action of '${actionConfig.code}' is not permitted.`);
|
|
100
140
|
}
|
|
101
141
|
}
|
|
@@ -2,7 +2,13 @@ import type { RpdApplicationConfig, RpdRoute } from "~/types";
|
|
|
2
2
|
|
|
3
3
|
import pluginActionHandlers from "./actionHandlers";
|
|
4
4
|
import { ServerOperation, ServerOperationPluginInitOptions } from "./ServerOperationPluginTypes";
|
|
5
|
-
import {
|
|
5
|
+
import {
|
|
6
|
+
IRpdServer,
|
|
7
|
+
RapidPlugin,
|
|
8
|
+
RpdConfigurationItemOptions,
|
|
9
|
+
RpdServerPluginConfigurableTargetOptions,
|
|
10
|
+
RpdServerPluginExtendingAbilities,
|
|
11
|
+
} from "~/core/server";
|
|
6
12
|
|
|
7
13
|
class ServerOperationPlugin implements RapidPlugin {
|
|
8
14
|
#operations: ServerOperation[];
|
|
@@ -68,6 +74,7 @@ class ServerOperationPlugin implements RapidPlugin {
|
|
|
68
74
|
code: "runServerOperation",
|
|
69
75
|
config: {
|
|
70
76
|
operation: operation.handler,
|
|
77
|
+
permissionCheck: operation.permissionCheck,
|
|
71
78
|
},
|
|
72
79
|
},
|
|
73
80
|
],
|
|
@@ -1,10 +1,12 @@
|
|
|
1
1
|
import { ActionHandlerContext } from "~/core/actionHandler";
|
|
2
2
|
import { RpdHttpMethod } from "~/types";
|
|
3
|
+
import { PermissionCheckPolicy } from "~/utilities/accessControlUtility";
|
|
3
4
|
|
|
4
5
|
export interface ServerOperation {
|
|
5
6
|
code: string;
|
|
6
7
|
description?: string;
|
|
7
8
|
method: RpdHttpMethod;
|
|
9
|
+
permissionCheck?: PermissionCheckPolicy;
|
|
8
10
|
handler: (ctx: ActionHandlerContext) => Promise<void>;
|
|
9
11
|
}
|
|
10
12
|
|