@ruiapp/rapid-core 0.9.9 → 0.9.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/index.js +14 -6
  2. package/dist/types.d.ts +1 -0
  3. package/package.json +1 -1
  4. package/src/core/http/formDataParser.ts +0 -2
  5. package/src/core/request.ts +1 -1
  6. package/src/plugins/entityAccessControl/EntityAccessControlPlugin.ts +14 -5
  7. package/src/types.ts +1 -0
package/dist/index.js CHANGED
@@ -4881,7 +4881,7 @@ class RapidRequest {
4881
4881
  else if (contentType.startsWith("multipart/form-data")) {
4882
4882
  this.#body = {
4883
4883
  type: "form-data",
4884
- value: await parseFormDataBody(req),
4884
+ value: await parseFormDataBody(req, { all: true }),
4885
4885
  };
4886
4886
  }
4887
4887
  this.#bodyParsed = true;
@@ -9773,11 +9773,19 @@ class EntityAccessControlPlugin {
9773
9773
  // Check permission
9774
9774
  const { routerContext } = handlerContext;
9775
9775
  const { routeConfig } = routerContext;
9776
- for (const actionConfig of routeConfig.actions) {
9777
- const permissionCheck = actionConfig.config?.permissionCheck;
9778
- if (permissionCheck) {
9779
- if (!isAccessAllowed(permissionCheck, routerContext.state.allowedActions || [])) {
9780
- throw new Error(`Your action of '${actionConfig.code}' is not permitted.`);
9776
+ if (routeConfig.permissionCheck) {
9777
+ if (!isAccessAllowed(routeConfig.permissionCheck, routerContext.state.allowedActions || [])) {
9778
+ throw new Error(`Your request to route '${routeConfig.code}' is not permitted.`);
9779
+ }
9780
+ }
9781
+ const actions = routeConfig.actions;
9782
+ if (actions) {
9783
+ for (const actionConfig of routeConfig.actions) {
9784
+ const permissionCheck = actionConfig.config?.permissionCheck;
9785
+ if (permissionCheck) {
9786
+ if (!isAccessAllowed(permissionCheck, routerContext.state.allowedActions || [])) {
9787
+ throw new Error(`Your action of '${actionConfig.code}' is not permitted.`);
9788
+ }
9781
9789
  }
9782
9790
  }
9783
9791
  }
package/dist/types.d.ts CHANGED
@@ -483,6 +483,7 @@ export interface RpdRoute {
483
483
  type: "RESTful";
484
484
  method: RpdHttpMethod;
485
485
  endpoint: string;
486
+ permissionCheck?: PermissionPolicy;
486
487
  actions?: RpdRouteActionConfig[];
487
488
  handler?: string | ((ctx: ActionHandlerContext) => Promise<void>);
488
489
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@ruiapp/rapid-core",
3
- "version": "0.9.9",
3
+ "version": "0.9.11",
4
4
  "description": "",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",
package/src/core/http/formDataParser.ts CHANGED
@@ -1,5 +1,3 @@
1
- import type { RapidRequest } from "../request";
2
-
3
1
  export type BodyData = Record<string, string | File | (string | File)[]>;
4
2
  export type ParseBodyOptions = {
5
3
  /**
package/src/core/request.ts CHANGED
@@ -66,7 +66,7 @@ export class RapidRequest {
66
66
  } else if (contentType.startsWith("multipart/form-data")) {
67
67
  this.#body = {
68
68
  type: "form-data",
69
- value: await parseFormDataBody(req),
69
+ value: await parseFormDataBody(req, { all: true }),
70
70
  };
71
71
  }
72
72
  this.#bodyParsed = true;
package/src/plugins/entityAccessControl/EntityAccessControlPlugin.ts CHANGED
@@ -132,11 +132,20 @@ class EntityAccessControlPlugin implements RapidPlugin {
132
132
  // Check permission
133
133
  const { routerContext } = handlerContext;
134
134
  const { routeConfig } = routerContext;
135
- for (const actionConfig of routeConfig.actions) {
136
- const permissionCheck = actionConfig.config?.permissionCheck;
137
- if (permissionCheck) {
138
- if (!isAccessAllowed(permissionCheck, routerContext.state.allowedActions || [])) {
139
- throw new Error(`Your action of '${actionConfig.code}' is not permitted.`);
135
+ if (routeConfig.permissionCheck) {
136
+ if (!isAccessAllowed(routeConfig.permissionCheck, routerContext.state.allowedActions || [])) {
137
+ throw new Error(`Your request to route '${routeConfig.code}' is not permitted.`);
138
+ }
139
+ }
140
+
141
+ const actions = routeConfig.actions;
142
+ if (actions) {
143
+ for (const actionConfig of routeConfig.actions) {
144
+ const permissionCheck = actionConfig.config?.permissionCheck;
145
+ if (permissionCheck) {
146
+ if (!isAccessAllowed(permissionCheck, routerContext.state.allowedActions || [])) {
147
+ throw new Error(`Your action of '${actionConfig.code}' is not permitted.`);
148
+ }
140
149
  }
141
150
  }
142
151
  }
package/src/types.ts CHANGED
@@ -586,6 +586,7 @@ export interface RpdRoute {
586
586
  type: "RESTful";
587
587
  method: RpdHttpMethod;
588
588
  endpoint: string;
589
+ permissionCheck?: PermissionPolicy;
589
590
  actions?: RpdRouteActionConfig[];
590
591
  handler?: string | ((ctx: ActionHandlerContext) => Promise<void>);
591
592
  }