@ruiapp/rapid-core 0.5.11 → 0.5.13

package/src/plugins/entityAccessControl/EntityAccessControlPlugin.ts

@@ -1,146 +1,146 @@
-import type { RpdApplicationConfig, RpdDataModelProperty } from "~/types";
-
-import {
-  IRpdServer,
-  RapidPlugin,
-  RpdConfigurationItemOptions,
-  RpdServerPluginConfigurableTargetOptions,
-  RpdServerPluginExtendingAbilities,
-} from "~/core/server";
-import { find, set } from "lodash";
-import { ActionHandlerContext } from "~/core/actionHandler";
-import { isAccessAllowed } from "~/utilities/accessControlUtility";
-import { RouteContext } from "~/core/routeContext";
-
-class EntityAccessControlPlugin implements RapidPlugin {
-  constructor() {}
-
-  get code(): string {
-    return "entityAccessControl";
-  }
-
-  get description(): string {
-    return "";
-  }
-
-  get extendingAbilities(): RpdServerPluginExtendingAbilities[] {
-    return [];
-  }
-
-  get configurableTargets(): RpdServerPluginConfigurableTargetOptions[] {
-    return [];
-  }
-
-  get configurations(): RpdConfigurationItemOptions[] {
-    return [];
-  }
-
-  async onLoadingApplication(server: IRpdServer, applicationConfig: RpdApplicationConfig): Promise<any> {
-    const properties: RpdDataModelProperty[] = [
-      {
-        name: "permissionPolicies",
-        code: "permissionPolicies",
-        columnName: "permission_policies",
-        type: "json",
-      },
-    ];
-    server.appendModelProperties("model", properties);
-  }
-
-  async configureRoutes(server: IRpdServer, applicationConfig: RpdApplicationConfig): Promise<any> {
-    const logger = server.getLogger();
-    logger.info("Configuring entity access checking policies...");
-
-    const routes = applicationConfig.routes;
-    for (const route of routes) {
-      const { actions } = route;
-      if (!actions) {
-        continue;
-      }
-
-      for (const action of route.actions) {
-        if (action.code === "findCollectionEntityById" || action.code === "findCollectionEntities" || action.code === "countCollectionEntities") {
-          const model = find(applicationConfig.models, (item) => item.singularCode === action.config.singularCode);
-          if (!model) {
-            continue;
-          }
-          const { permissionPolicies } = model;
-          if (!permissionPolicies) {
-            continue;
-          }
-          if (permissionPolicies.find) {
-            set(action, "config.permissionCheck", permissionPolicies.find);
-          }
-        } else if (action.code === "createCollectionEntity" || action.code === "createCollectionEntitiesBatch") {
-          const model = find(applicationConfig.models, (item) => item.singularCode === action.config.singularCode);
-          if (!model) {
-            continue;
-          }
-          const { permissionPolicies } = model;
-          if (!permissionPolicies) {
-            continue;
-          }
-          if (permissionPolicies.create) {
-            set(action, "config.permissionCheck", permissionPolicies.create);
-          }
-        } else if (action.code === "updateCollectionEntityById" || action.code === "addEntityRelations" || action.code === "removeEntityRelations") {
-          const model = find(applicationConfig.models, (item) => item.singularCode === action.config.singularCode);
-          if (!model) {
-            continue;
-          }
-          const { permissionPolicies } = model;
-          if (!permissionPolicies) {
-            continue;
-          }
-          if (permissionPolicies.update) {
-            set(action, "config.permissionCheck", permissionPolicies.update);
-          }
-        } else if (action.code === "deleteCollectionEntityById" || action.code === "deleteCollectionEntities") {
-          const model = find(applicationConfig.models, (item) => item.singularCode === action.config.singularCode);
-          if (!model) {
-            continue;
-          }
-          const { permissionPolicies } = model;
-          if (!permissionPolicies) {
-            continue;
-          }
-          if (permissionPolicies.delete) {
-            set(action, "config.permissionCheck", permissionPolicies.delete);
-          }
-        }
-      }
-    }
-  }
-
-  async onPrepareRouteContext(server: IRpdServer, routeContext: RouteContext) {
-    const userId = routeContext.state.userId;
-    if (!userId) {
-      return;
-    }
-
-    const actions = await server.queryDatabaseObject(
-      `select distinct a.* from sys_actions a
-      inner join oc_role_sys_action_links ra on a.id = ra.action_id
-      inner join oc_role_user_links ru on ru.role_id = ra.role_id
-      where ru.user_id = $1;`,
-      [userId],
-    );
-    routeContext.state.allowedActions = actions.map((item) => item.code);
-  }
-
-  async beforeRunRouteActions(server: IRpdServer, handlerContext: ActionHandlerContext): Promise<any> {
-    // Check permission
-    const { routerContext } = handlerContext;
-    const { routeConfig } = routerContext;
-    for (const actionConfig of routeConfig.actions) {
-      const permissionCheck = actionConfig.config?.permissionCheck;
-      if (permissionCheck) {
-        if (!isAccessAllowed(permissionCheck, routerContext.state.allowedActions || [])) {
-          throw new Error(`Your action of '${actionConfig.code}' is not permitted.`);
-        }
-      }
-    }
-  }
-}
-
-export default EntityAccessControlPlugin;
+import type { RpdApplicationConfig, RpdDataModelProperty } from "~/types";
+
+import {
+  IRpdServer,
+  RapidPlugin,
+  RpdConfigurationItemOptions,
+  RpdServerPluginConfigurableTargetOptions,
+  RpdServerPluginExtendingAbilities,
+} from "~/core/server";
+import { find, set } from "lodash";
+import { ActionHandlerContext } from "~/core/actionHandler";
+import { isAccessAllowed } from "~/utilities/accessControlUtility";
+import { RouteContext } from "~/core/routeContext";
+
+class EntityAccessControlPlugin implements RapidPlugin {
+  constructor() {}
+
+  get code(): string {
+    return "entityAccessControl";
+  }
+
+  get description(): string {
+    return "";
+  }
+
+  get extendingAbilities(): RpdServerPluginExtendingAbilities[] {
+    return [];
+  }
+
+  get configurableTargets(): RpdServerPluginConfigurableTargetOptions[] {
+    return [];
+  }
+
+  get configurations(): RpdConfigurationItemOptions[] {
+    return [];
+  }
+
+  async onLoadingApplication(server: IRpdServer, applicationConfig: RpdApplicationConfig): Promise<any> {
+    const properties: RpdDataModelProperty[] = [
+      {
+        name: "permissionPolicies",
+        code: "permissionPolicies",
+        columnName: "permission_policies",
+        type: "json",
+      },
+    ];
+    server.appendModelProperties("model", properties);
+  }
+
+  async configureRoutes(server: IRpdServer, applicationConfig: RpdApplicationConfig): Promise<any> {
+    const logger = server.getLogger();
+    logger.info("Configuring entity access checking policies...");
+
+    const routes = applicationConfig.routes;
+    for (const route of routes) {
+      const { actions } = route;
+      if (!actions) {
+        continue;
+      }
+
+      for (const action of route.actions) {
+        if (action.code === "findCollectionEntityById" || action.code === "findCollectionEntities" || action.code === "countCollectionEntities") {
+          const model = find(applicationConfig.models, (item) => item.singularCode === action.config.singularCode);
+          if (!model) {
+            continue;
+          }
+          const { permissionPolicies } = model;
+          if (!permissionPolicies) {
+            continue;
+          }
+          if (permissionPolicies.find) {
+            set(action, "config.permissionCheck", permissionPolicies.find);
+          }
+        } else if (action.code === "createCollectionEntity" || action.code === "createCollectionEntitiesBatch") {
+          const model = find(applicationConfig.models, (item) => item.singularCode === action.config.singularCode);
+          if (!model) {
+            continue;
+          }
+          const { permissionPolicies } = model;
+          if (!permissionPolicies) {
+            continue;
+          }
+          if (permissionPolicies.create) {
+            set(action, "config.permissionCheck", permissionPolicies.create);
+          }
+        } else if (action.code === "updateCollectionEntityById" || action.code === "addEntityRelations" || action.code === "removeEntityRelations") {
+          const model = find(applicationConfig.models, (item) => item.singularCode === action.config.singularCode);
+          if (!model) {
+            continue;
+          }
+          const { permissionPolicies } = model;
+          if (!permissionPolicies) {
+            continue;
+          }
+          if (permissionPolicies.update) {
+            set(action, "config.permissionCheck", permissionPolicies.update);
+          }
+        } else if (action.code === "deleteCollectionEntityById" || action.code === "deleteCollectionEntities") {
+          const model = find(applicationConfig.models, (item) => item.singularCode === action.config.singularCode);
+          if (!model) {
+            continue;
+          }
+          const { permissionPolicies } = model;
+          if (!permissionPolicies) {
+            continue;
+          }
+          if (permissionPolicies.delete) {
+            set(action, "config.permissionCheck", permissionPolicies.delete);
+          }
+        }
+      }
+    }
+  }
+
+  async onPrepareRouteContext(server: IRpdServer, routeContext: RouteContext) {
+    const userId = routeContext.state.userId;
+    if (!userId) {
+      return;
+    }
+
+    const actions = await server.queryDatabaseObject(
+      `select distinct a.* from sys_actions a
+      inner join oc_role_sys_action_links ra on a.id = ra.action_id
+      inner join oc_role_user_links ru on ru.role_id = ra.role_id
+      where ru.user_id = $1;`,
+      [userId],
+    );
+    routeContext.state.allowedActions = actions.map((item) => item.code);
+  }
+
+  async beforeRunRouteActions(server: IRpdServer, handlerContext: ActionHandlerContext): Promise<any> {
+    // Check permission
+    const { routerContext } = handlerContext;
+    const { routeConfig } = routerContext;
+    for (const actionConfig of routeConfig.actions) {
+      const permissionCheck = actionConfig.config?.permissionCheck;
+      if (permissionCheck) {
+        if (!isAccessAllowed(permissionCheck, routerContext.state.allowedActions || [])) {
+          throw new Error(`Your action of '${actionConfig.code}' is not permitted.`);
+        }
+      }
+    }
+  }
+}
+
+export default EntityAccessControlPlugin;

package/src/plugins/fileManage/FileManagePlugin.ts

@@ -1,52 +1,52 @@
-/**
- * File manager plugin
- */
-
-import { RpdApplicationConfig } from "~/types";
-
-import * as downloadDocumentActionHandler from "./actionHandlers/downloadDocument";
-import * as downloadFileActionHandler from "./actionHandlers/downloadFile";
-import * as uploadFileActionHandler from "./actionHandlers/uploadFile";
-import {
-  IRpdServer,
-  RapidPlugin,
-  RpdConfigurationItemOptions,
-  RpdServerPluginConfigurableTargetOptions,
-  RpdServerPluginExtendingAbilities,
-} from "~/core/server";
-
-import pluginRoutes from "./routes";
-
-class FileManager implements RapidPlugin {
-  get code(): string {
-    return "fileManager";
-  }
-
-  get description(): string {
-    return null;
-  }
-
-  get extendingAbilities(): RpdServerPluginExtendingAbilities[] {
-    return [];
-  }
-
-  get configurableTargets(): RpdServerPluginConfigurableTargetOptions[] {
-    return [];
-  }
-
-  get configurations(): RpdConfigurationItemOptions[] {
-    return [];
-  }
-
-  async registerActionHandlers(server: IRpdServer): Promise<any> {
-    server.registerActionHandler(this, downloadDocumentActionHandler);
-    server.registerActionHandler(this, downloadFileActionHandler);
-    server.registerActionHandler(this, uploadFileActionHandler);
-  }
-
-  async configureRoutes(server: IRpdServer, applicationConfig: RpdApplicationConfig): Promise<any> {
-    server.appendApplicationConfig({ routes: pluginRoutes });
-  }
-}
-
-export default FileManager;
+/**
+ * File manager plugin
+ */
+
+import { RpdApplicationConfig } from "~/types";
+
+import * as downloadDocumentActionHandler from "./actionHandlers/downloadDocument";
+import * as downloadFileActionHandler from "./actionHandlers/downloadFile";
+import * as uploadFileActionHandler from "./actionHandlers/uploadFile";
+import {
+  IRpdServer,
+  RapidPlugin,
+  RpdConfigurationItemOptions,
+  RpdServerPluginConfigurableTargetOptions,
+  RpdServerPluginExtendingAbilities,
+} from "~/core/server";
+
+import pluginRoutes from "./routes";
+
+class FileManager implements RapidPlugin {
+  get code(): string {
+    return "fileManager";
+  }
+
+  get description(): string {
+    return null;
+  }
+
+  get extendingAbilities(): RpdServerPluginExtendingAbilities[] {
+    return [];
+  }
+
+  get configurableTargets(): RpdServerPluginConfigurableTargetOptions[] {
+    return [];
+  }
+
+  get configurations(): RpdConfigurationItemOptions[] {
+    return [];
+  }
+
+  async registerActionHandlers(server: IRpdServer): Promise<any> {
+    server.registerActionHandler(this, downloadDocumentActionHandler);
+    server.registerActionHandler(this, downloadFileActionHandler);
+    server.registerActionHandler(this, uploadFileActionHandler);
+  }
+
+  async configureRoutes(server: IRpdServer, applicationConfig: RpdApplicationConfig): Promise<any> {
+    server.appendApplicationConfig({ routes: pluginRoutes });
+  }
+}
+
+export default FileManager;

package/src/plugins/fileManage/actionHandlers/downloadDocument.ts

@@ -1,65 +1,65 @@
-import path from "path";
-import { ActionHandlerContext } from "~/core/actionHandler";
-import { RapidPlugin } from "~/core/server";
-import { readFile } from "~/utilities/fsUtility";
-import { getFileBaseName } from "~/utilities/pathUtility";
-
-export const code = "downloadDocument";
-
-export async function handler(plugin: RapidPlugin, ctx: ActionHandlerContext, options: any) {
-  const { server, applicationConfig, routerContext: routeContext, input } = ctx;
-  const { request, response } = routeContext;
-
-  const documentDataAccessor = ctx.server.getDataAccessor({
-    singularCode: "ecm_document",
-  });
-  const revisionDataAccessor = ctx.server.getDataAccessor({
-    singularCode: "ecm_revision",
-  });
-  const storageDataAccessor = ctx.server.getDataAccessor({
-    singularCode: "ecm_storage_object",
-  });
-
-  let storageObjectId = 0;
-  let fileName: string;
-  let { revisionId, documentId } = input;
-  if (revisionId) {
-    const revision = await revisionDataAccessor.findById(revisionId, routeContext?.getDbTransactionClient());
-    if (!revision) {
-      ctx.output = { error: new Error(`Revision with id "${revisionId}" was not found.`) };
-      return;
-    }
-    storageObjectId = revision.storage_object_id;
-
-    documentId = revision.document_id;
-    const document = await documentDataAccessor.findById(documentId, routeContext?.getDbTransactionClient());
-    if (!document) {
-      ctx.output = { error: new Error(`Document with id "${documentId}" was not found.`) };
-      return;
-    }
-    fileName = `${getFileBaseName(document.name!)}${revision.ext_name}`;
-  } else if (documentId) {
-    const document = await documentDataAccessor.findById(documentId, routeContext?.getDbTransactionClient());
-    if (!document) {
-      ctx.output = { error: new Error(`Document with id "${documentId}" was not found.`) };
-      return;
-    }
-    storageObjectId = document.storage_object_id;
-    fileName = document.name;
-  } else {
-    ctx.output = { error: new Error(`Parameter "revisionId" or "documentId" must be provided.`) };
-    return;
-  }
-
-  const storageObject = await storageDataAccessor.findById(storageObjectId, routeContext?.getDbTransactionClient());
-  if (!storageObject) {
-    ctx.output = { error: new Error(`Storage object with id "${storageObjectId}" was not found.`) };
-    return;
-  }
-
-  const fileKey = storageObject.key;
-  const filePathName = path.join(server.config.localFileStoragePath, fileKey);
-
-  response.body = await readFile(filePathName);
-  response.headers.set("Content-Disposition", `attachment; filename="${encodeURIComponent(fileName)}"`);
-}
+import path from "path";
+import { ActionHandlerContext } from "~/core/actionHandler";
+import { RapidPlugin } from "~/core/server";
+import { readFile } from "~/utilities/fsUtility";
+import { getFileBaseName } from "~/utilities/pathUtility";
+
+export const code = "downloadDocument";
+
+export async function handler(plugin: RapidPlugin, ctx: ActionHandlerContext, options: any) {
+  const { server, applicationConfig, routerContext: routeContext, input } = ctx;
+  const { request, response } = routeContext;
+
+  const documentDataAccessor = ctx.server.getDataAccessor({
+    singularCode: "ecm_document",
+  });
+  const revisionDataAccessor = ctx.server.getDataAccessor({
+    singularCode: "ecm_revision",
+  });
+  const storageDataAccessor = ctx.server.getDataAccessor({
+    singularCode: "ecm_storage_object",
+  });
+
+  let storageObjectId = 0;
+  let fileName: string;
+  let { revisionId, documentId } = input;
+  if (revisionId) {
+    const revision = await revisionDataAccessor.findById(revisionId, routeContext?.getDbTransactionClient());
+    if (!revision) {
+      ctx.output = { error: new Error(`Revision with id "${revisionId}" was not found.`) };
+      return;
+    }
+    storageObjectId = revision.storage_object_id;
+
+    documentId = revision.document_id;
+    const document = await documentDataAccessor.findById(documentId, routeContext?.getDbTransactionClient());
+    if (!document) {
+      ctx.output = { error: new Error(`Document with id "${documentId}" was not found.`) };
+      return;
+    }
+    fileName = `${getFileBaseName(document.name!)}${revision.ext_name}`;
+  } else if (documentId) {
+    const document = await documentDataAccessor.findById(documentId, routeContext?.getDbTransactionClient());
+    if (!document) {
+      ctx.output = { error: new Error(`Document with id "${documentId}" was not found.`) };
+      return;
+    }
+    storageObjectId = document.storage_object_id;
+    fileName = document.name;
+  } else {
+    ctx.output = { error: new Error(`Parameter "revisionId" or "documentId" must be provided.`) };
+    return;
+  }
+
+  const storageObject = await storageDataAccessor.findById(storageObjectId, routeContext?.getDbTransactionClient());
+  if (!storageObject) {
+    ctx.output = { error: new Error(`Storage object with id "${storageObjectId}" was not found.`) };
+    return;
+  }
+
+  const fileKey = storageObject.key;
+  const filePathName = path.join(server.config.localFileStoragePath, fileKey);
+
+  response.body = await readFile(filePathName);
+  response.headers.set("Content-Disposition", `attachment; filename="${encodeURIComponent(fileName)}"`);
+}

package/src/plugins/fileManage/actionHandlers/downloadFile.ts

@@ -1,44 +1,44 @@
-import path from "path";
-import { readFile } from "~/utilities/fsUtility";
-import { ActionHandlerContext } from "~/core/actionHandler";
-import { RapidPlugin } from "~/core/server";
-
-export type DownloadFileInput = {
-  fileId?: string;
-  fileKey?: string;
-  fileName?: string;
-  inline?: boolean;
-};
-
-export const code = "downloadFile";
-
-export async function handler(plugin: RapidPlugin, ctx: ActionHandlerContext, options: any) {
-  const { server, applicationConfig, routerContext: routeContext } = ctx;
-  const { request, response } = routeContext;
-  //TODO: only public files can download by this handler
-
-  const input: DownloadFileInput = ctx.input;
-
-  let fileKey: string = input.fileKey;
-
-  if (!fileKey && input.fileId) {
-    const dataAccessor = ctx.server.getDataAccessor({
-      singularCode: "ecm_storage_object",
-    });
-
-    const storageObject = await dataAccessor.findById(input.fileId, routeContext?.getDbTransactionClient());
-    if (!storageObject) {
-      ctx.output = { error: new Error("Storage object not found.") };
-      return;
-    }
-
-    fileKey = storageObject.key;
-  }
-  const filePathName = path.join(server.config.localFileStoragePath, fileKey);
-  const attachmentFileName = input.fileName || path.basename(fileKey);
-
-  response.body = await readFile(filePathName);
-
-  const dispositionType = input.inline ? "inline" : "attachment";
-  response.headers.set("Content-Disposition", `${dispositionType}; filename="${encodeURIComponent(attachmentFileName)}"`);
-}
+import path from "path";
+import { readFile } from "~/utilities/fsUtility";
+import { ActionHandlerContext } from "~/core/actionHandler";
+import { RapidPlugin } from "~/core/server";
+
+export type DownloadFileInput = {
+  fileId?: string;
+  fileKey?: string;
+  fileName?: string;
+  inline?: boolean;
+};
+
+export const code = "downloadFile";
+
+export async function handler(plugin: RapidPlugin, ctx: ActionHandlerContext, options: any) {
+  const { server, applicationConfig, routerContext: routeContext } = ctx;
+  const { request, response } = routeContext;
+  //TODO: only public files can download by this handler
+
+  const input: DownloadFileInput = ctx.input;
+
+  let fileKey: string = input.fileKey;
+
+  if (!fileKey && input.fileId) {
+    const dataAccessor = ctx.server.getDataAccessor({
+      singularCode: "ecm_storage_object",
+    });
+
+    const storageObject = await dataAccessor.findById(input.fileId, routeContext?.getDbTransactionClient());
+    if (!storageObject) {
+      ctx.output = { error: new Error("Storage object not found.") };
+      return;
+    }
+
+    fileKey = storageObject.key;
+  }
+  const filePathName = path.join(server.config.localFileStoragePath, fileKey);
+  const attachmentFileName = input.fileName || path.basename(fileKey);
+
+  response.body = await readFile(filePathName);
+
+  const dispositionType = input.inline ? "inline" : "attachment";
+  response.headers.set("Content-Disposition", `${dispositionType}; filename="${encodeURIComponent(attachmentFileName)}"`);
+}