@ruiapp/rapid-core 0.9.10 → 0.9.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/dist/index.js +18 -7
  2. package/dist/types.d.ts +1 -0
  3. package/package.json +1 -1
  4. package/src/dataAccess/entityManager.ts +5 -2
  5. package/src/plugins/entityAccessControl/EntityAccessControlPlugin.ts +14 -5
  6. package/src/types.ts +1 -0
package/dist/index.js CHANGED
@@ -2879,6 +2879,7 @@ async function findManyRelationLinksViaLinkTable(options) {
2879
2879
  singularCode: relationModel.singularCode,
2880
2880
  });
2881
2881
  const findEntityOptions = {
2882
+ routeContext,
2882
2883
  filters: [
2883
2884
  {
2884
2885
  field: "id",
@@ -2917,11 +2918,12 @@ async function findManyRelationLinksViaLinkTable(options) {
2917
2918
  return { relationLinks, targetEntities };
2918
2919
  }
2919
2920
  async function findManyRelatedEntitiesViaIdPropertyCode(options) {
2920
- const { server, relationProperty, mainEntityIds, selectRelationOptions } = options;
2921
+ const { server, routeContext, relationProperty, mainEntityIds, selectRelationOptions } = options;
2921
2922
  const dataAccessor = server.getDataAccessor({
2922
2923
  singularCode: relationProperty.targetSingularCode,
2923
2924
  });
2924
2925
  const findEntityOptions = {
2926
+ routeContext,
2925
2927
  filters: [
2926
2928
  {
2927
2929
  field: relationProperty.selfIdColumnName,
@@ -2962,11 +2964,12 @@ async function findManyRelatedEntitiesViaIdPropertyCode(options) {
2962
2964
  return await findEntities(server, dataAccessor, findEntityOptions);
2963
2965
  }
2964
2966
  async function findOneRelatedEntitiesViaIdPropertyCode(options) {
2965
- const { server, relationProperty, relationEntityIds, selectRelationOptions } = options;
2967
+ const { server, routeContext, relationProperty, relationEntityIds, selectRelationOptions } = options;
2966
2968
  const dataAccessor = server.getDataAccessor({
2967
2969
  singularCode: relationProperty.targetSingularCode,
2968
2970
  });
2969
2971
  const findEntityOptions = {
2972
+ routeContext,
2970
2973
  filters: [
2971
2974
  {
2972
2975
  field: "id",
@@ -9773,11 +9776,19 @@ class EntityAccessControlPlugin {
9773
9776
  // Check permission
9774
9777
  const { routerContext } = handlerContext;
9775
9778
  const { routeConfig } = routerContext;
9776
- for (const actionConfig of routeConfig.actions) {
9777
- const permissionCheck = actionConfig.config?.permissionCheck;
9778
- if (permissionCheck) {
9779
- if (!isAccessAllowed(permissionCheck, routerContext.state.allowedActions || [])) {
9780
- throw new Error(`Your action of '${actionConfig.code}' is not permitted.`);
9779
+ if (routeConfig.permissionCheck) {
9780
+ if (!isAccessAllowed(routeConfig.permissionCheck, routerContext.state.allowedActions || [])) {
9781
+ throw new Error(`Your request to route '${routeConfig.code}' is not permitted.`);
9782
+ }
9783
+ }
9784
+ const actions = routeConfig.actions;
9785
+ if (actions) {
9786
+ for (const actionConfig of routeConfig.actions) {
9787
+ const permissionCheck = actionConfig.config?.permissionCheck;
9788
+ if (permissionCheck) {
9789
+ if (!isAccessAllowed(permissionCheck, routerContext.state.allowedActions || [])) {
9790
+ throw new Error(`Your action of '${actionConfig.code}' is not permitted.`);
9791
+ }
9781
9792
  }
9782
9793
  }
9783
9794
  }
package/dist/types.d.ts CHANGED
@@ -483,6 +483,7 @@ export interface RpdRoute {
483
483
  type: "RESTful";
484
484
  method: RpdHttpMethod;
485
485
  endpoint: string;
486
+ permissionCheck?: PermissionPolicy;
486
487
  actions?: RpdRouteActionConfig[];
487
488
  handler?: string | ((ctx: ActionHandlerContext) => Promise<void>);
488
489
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@ruiapp/rapid-core",
3
- "version": "0.9.10",
3
+ "version": "0.9.12",
4
4
  "description": "",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",
package/src/dataAccess/entityManager.ts CHANGED
@@ -649,6 +649,7 @@ async function findManyRelationLinksViaLinkTable(options: FindManyRelationEntiti
649
649
  });
650
650
 
651
651
  const findEntityOptions: FindEntityOptions = {
652
+ routeContext,
652
653
  filters: [
653
654
  {
654
655
  field: "id",
@@ -692,12 +693,13 @@ async function findManyRelationLinksViaLinkTable(options: FindManyRelationEntiti
692
693
  }
693
694
 
694
695
  async function findManyRelatedEntitiesViaIdPropertyCode(options: FindManyRelationEntitiesOptions) {
695
- const { server, relationProperty, mainEntityIds, selectRelationOptions } = options;
696
+ const { server, routeContext, relationProperty, mainEntityIds, selectRelationOptions } = options;
696
697
  const dataAccessor = server.getDataAccessor({
697
698
  singularCode: relationProperty.targetSingularCode as string,
698
699
  });
699
700
 
700
701
  const findEntityOptions: FindEntityOptions = {
702
+ routeContext,
701
703
  filters: [
702
704
  {
703
705
  field: relationProperty.selfIdColumnName,
@@ -741,13 +743,14 @@ async function findManyRelatedEntitiesViaIdPropertyCode(options: FindManyRelatio
741
743
  }
742
744
 
743
745
  async function findOneRelatedEntitiesViaIdPropertyCode(options: FindOneRelationEntitiesOptions) {
744
- const { server, relationProperty, relationEntityIds, selectRelationOptions } = options;
746
+ const { server, routeContext, relationProperty, relationEntityIds, selectRelationOptions } = options;
745
747
 
746
748
  const dataAccessor = server.getDataAccessor({
747
749
  singularCode: relationProperty.targetSingularCode as string,
748
750
  });
749
751
 
750
752
  const findEntityOptions: FindEntityOptions = {
753
+ routeContext,
751
754
  filters: [
752
755
  {
753
756
  field: "id",
package/src/plugins/entityAccessControl/EntityAccessControlPlugin.ts CHANGED
@@ -132,11 +132,20 @@ class EntityAccessControlPlugin implements RapidPlugin {
132
132
  // Check permission
133
133
  const { routerContext } = handlerContext;
134
134
  const { routeConfig } = routerContext;
135
- for (const actionConfig of routeConfig.actions) {
136
- const permissionCheck = actionConfig.config?.permissionCheck;
137
- if (permissionCheck) {
138
- if (!isAccessAllowed(permissionCheck, routerContext.state.allowedActions || [])) {
139
- throw new Error(`Your action of '${actionConfig.code}' is not permitted.`);
135
+ if (routeConfig.permissionCheck) {
136
+ if (!isAccessAllowed(routeConfig.permissionCheck, routerContext.state.allowedActions || [])) {
137
+ throw new Error(`Your request to route '${routeConfig.code}' is not permitted.`);
138
+ }
139
+ }
140
+
141
+ const actions = routeConfig.actions;
142
+ if (actions) {
143
+ for (const actionConfig of routeConfig.actions) {
144
+ const permissionCheck = actionConfig.config?.permissionCheck;
145
+ if (permissionCheck) {
146
+ if (!isAccessAllowed(permissionCheck, routerContext.state.allowedActions || [])) {
147
+ throw new Error(`Your action of '${actionConfig.code}' is not permitted.`);
148
+ }
140
149
  }
141
150
  }
142
151
  }
package/src/types.ts CHANGED
@@ -586,6 +586,7 @@ export interface RpdRoute {
586
586
  type: "RESTful";
587
587
  method: RpdHttpMethod;
588
588
  endpoint: string;
589
+ permissionCheck?: PermissionPolicy;
589
590
  actions?: RpdRouteActionConfig[];
590
591
  handler?: string | ((ctx: ActionHandlerContext) => Promise<void>);
591
592
  }