@steedos/objectql 2.1.54 → 2.1.58

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (93) hide show
  1. package/lib/dynamic-load/preload_data.d.ts +3 -0
  2. package/lib/dynamic-load/preload_data.js +158 -1
  3. package/lib/dynamic-load/preload_data.js.map +1 -1
  4. package/lib/dynamic-load/restrictionRules.d.ts +1 -0
  5. package/lib/dynamic-load/restrictionRules.js +42 -0
  6. package/lib/dynamic-load/restrictionRules.js.map +1 -0
  7. package/lib/dynamic-load/shareRules.d.ts +1 -0
  8. package/lib/dynamic-load/shareRules.js +42 -0
  9. package/lib/dynamic-load/shareRules.js.map +1 -0
  10. package/lib/dynamic-load/trigger.d.ts +1 -3
  11. package/lib/dynamic-load/trigger.js +24 -14
  12. package/lib/dynamic-load/trigger.js.map +1 -1
  13. package/lib/formula/core.js +22 -5
  14. package/lib/formula/core.js.map +1 -1
  15. package/lib/formula/index.d.ts +2 -0
  16. package/lib/formula/index.js +28 -1
  17. package/lib/formula/index.js.map +1 -1
  18. package/lib/formula/simple_params.d.ts +2 -0
  19. package/lib/formula/simple_params.js +91 -0
  20. package/lib/formula/simple_params.js.map +1 -0
  21. package/lib/formula/type.d.ts +3 -2
  22. package/lib/formula/type.js.map +1 -1
  23. package/lib/index.d.ts +3 -0
  24. package/lib/index.js +3 -0
  25. package/lib/index.js.map +1 -1
  26. package/lib/metadata-register/_base.d.ts +3 -1
  27. package/lib/metadata-register/_base.js +16 -5
  28. package/lib/metadata-register/_base.js.map +1 -1
  29. package/lib/metadata-register/permissionFields.d.ts +7 -0
  30. package/lib/metadata-register/permissionFields.js +18 -0
  31. package/lib/metadata-register/permissionFields.js.map +1 -0
  32. package/lib/metadata-register/restrictionRules.d.ts +7 -0
  33. package/lib/metadata-register/restrictionRules.js +18 -0
  34. package/lib/metadata-register/restrictionRules.js.map +1 -0
  35. package/lib/metadata-register/shareRules.d.ts +7 -0
  36. package/lib/metadata-register/shareRules.js +18 -0
  37. package/lib/metadata-register/shareRules.js.map +1 -0
  38. package/lib/ts-types/triggerActionParams.d.ts +1 -0
  39. package/lib/types/field_permission.d.ts +4 -0
  40. package/lib/types/field_permission.js +50 -0
  41. package/lib/types/field_permission.js.map +1 -0
  42. package/lib/types/object.d.ts +1 -0
  43. package/lib/types/object.js +333 -163
  44. package/lib/types/object.js.map +1 -1
  45. package/lib/types/object_dynamic_load.js +13 -4
  46. package/lib/types/object_dynamic_load.js.map +1 -1
  47. package/lib/types/object_permission.d.ts +1 -0
  48. package/lib/types/object_permission.js +31 -0
  49. package/lib/types/object_permission.js.map +1 -1
  50. package/lib/types/restrictionRule.d.ts +13 -0
  51. package/lib/types/restrictionRule.js +75 -0
  52. package/lib/types/restrictionRule.js.map +1 -0
  53. package/lib/types/shareRule.d.ts +13 -0
  54. package/lib/types/shareRule.js +75 -0
  55. package/lib/types/shareRule.js.map +1 -0
  56. package/lib/types/trigger.d.ts +1 -0
  57. package/lib/types/trigger.js.map +1 -1
  58. package/lib/util/field.js +4 -4
  59. package/lib/util/field.js.map +1 -1
  60. package/lib/util/function_expression.d.ts +2 -0
  61. package/lib/util/function_expression.js +66 -0
  62. package/lib/util/function_expression.js.map +1 -0
  63. package/lib/util/index.d.ts +1 -0
  64. package/lib/util/index.js +1 -0
  65. package/lib/util/index.js.map +1 -1
  66. package/lib/util/transform.js +1 -1
  67. package/lib/util/transform.js.map +1 -1
  68. package/package.json +8 -8
  69. package/src/dynamic-load/preload_data.ts +44 -0
  70. package/src/dynamic-load/restrictionRules.ts +19 -0
  71. package/src/dynamic-load/shareRules.ts +19 -0
  72. package/src/dynamic-load/trigger.ts +22 -15
  73. package/src/formula/core.ts +19 -2
  74. package/src/formula/index.ts +21 -1
  75. package/src/formula/simple_params.ts +92 -0
  76. package/src/formula/type.ts +4 -3
  77. package/src/index.ts +4 -1
  78. package/src/metadata-register/_base.ts +14 -3
  79. package/src/metadata-register/permissionFields.ts +13 -0
  80. package/src/metadata-register/restrictionRules.ts +12 -0
  81. package/src/metadata-register/shareRules.ts +13 -0
  82. package/src/ts-types/triggerActionParams.ts +1 -0
  83. package/src/types/field_permission.ts +26 -0
  84. package/src/types/object.ts +207 -28
  85. package/src/types/object_dynamic_load.ts +4 -1
  86. package/src/types/object_permission.ts +32 -0
  87. package/src/types/restrictionRule.ts +57 -0
  88. package/src/types/shareRule.ts +57 -0
  89. package/src/types/trigger.ts +1 -0
  90. package/src/util/field.ts +4 -4
  91. package/src/util/function_expression.ts +63 -0
  92. package/src/util/index.ts +1 -0
  93. package/src/util/transform.ts +1 -1
@@ -16,6 +16,9 @@ var object_events_1 = require("./object_events");
16
16
  var i18n_1 = require("@steedos/i18n");
17
17
  var object_layouts_1 = require("./object_layouts");
18
18
  var lodash_1 = require("lodash");
19
+ var shareRule_1 = require("./shareRule");
20
+ var restrictionRule_1 = require("./restrictionRule");
21
+ var field_permission_1 = require("./field_permission");
19
22
  var clone = require('clone');
20
23
  // 主子表有层级限制,超过3层就报错,该函数判断当前对象作为主表对象往下的层级最多不越过3层,
21
24
  // 其3层指的是A-B-C-D,它们都有父子关系,A作为最顶层,该对象上不可以再创建主表子表关系字段,但是B、C、D上可以;
@@ -356,7 +359,7 @@ var SteedosObjectType = /** @class */ (function (_super) {
356
359
  };
357
360
  SteedosObjectType.prototype.runTriggerActions = function (when, context) {
358
361
  return tslib_1.__awaiter(this, void 0, void 0, function () {
359
- var triggers, triggers_1, triggers_1_1, trigger, params, error_1, e_2_1;
362
+ var triggers, triggers_1, triggers_1_1, trigger, params, e_2_1;
360
363
  var e_2, _a;
361
364
  return tslib_1.__generator(this, function (_b) {
362
365
  switch (_b.label) {
@@ -368,39 +371,40 @@ var SteedosObjectType = /** @class */ (function (_super) {
368
371
  }
369
372
  _b.label = 2;
370
373
  case 2:
371
- _b.trys.push([2, 9, 10, 11]);
374
+ _b.trys.push([2, 7, 8, 9]);
372
375
  triggers_1 = tslib_1.__values(triggers), triggers_1_1 = triggers_1.next();
373
376
  _b.label = 3;
374
377
  case 3:
375
- if (!!triggers_1_1.done) return [3 /*break*/, 8];
378
+ if (!!triggers_1_1.done) return [3 /*break*/, 6];
376
379
  trigger = triggers_1_1.value;
377
380
  params = util_1.generateActionParams(when, context);
378
- _b.label = 4;
381
+ return [4 /*yield*/, this._schema.metadataBroker.call(trigger.service.name + "." + trigger.metadata.action, params).catch(function (error) {
382
+ //如果action trigger 下线,则只打印error
383
+ if (error && _.isObject(error) && error.type === 'SERVICE_NOT_AVAILABLE') {
384
+ console.error("runTriggerActions error", error);
385
+ }
386
+ else {
387
+ throw error;
388
+ }
389
+ })];
379
390
  case 4:
380
- _b.trys.push([4, 6, , 7]);
381
- return [4 /*yield*/, this._schema.metadataBroker.call(trigger.service.name + "." + trigger.metadata.action, params)];
382
- case 5:
383
391
  _b.sent();
384
- return [3 /*break*/, 7];
385
- case 6:
386
- error_1 = _b.sent();
387
- console.error(error_1);
388
- return [3 /*break*/, 7];
389
- case 7:
392
+ _b.label = 5;
393
+ case 5:
390
394
  triggers_1_1 = triggers_1.next();
391
395
  return [3 /*break*/, 3];
392
- case 8: return [3 /*break*/, 11];
393
- case 9:
396
+ case 6: return [3 /*break*/, 9];
397
+ case 7:
394
398
  e_2_1 = _b.sent();
395
399
  e_2 = { error: e_2_1 };
396
- return [3 /*break*/, 11];
397
- case 10:
400
+ return [3 /*break*/, 9];
401
+ case 8:
398
402
  try {
399
403
  if (triggers_1_1 && !triggers_1_1.done && (_a = triggers_1.return)) _a.call(triggers_1);
400
404
  }
401
405
  finally { if (e_2) throw e_2.error; }
402
406
  return [7 /*endfinally*/];
403
- case 11: return [2 /*return*/];
407
+ case 9: return [2 /*return*/];
404
408
  }
405
409
  });
406
410
  });
@@ -555,7 +559,7 @@ var SteedosObjectType = /** @class */ (function (_super) {
555
559
  SteedosObjectType.prototype.refreshIndexes = function () {
556
560
  var e_3, _a, e_4, _b;
557
561
  return tslib_1.__awaiter(this, void 0, void 0, function () {
558
- var adapter, collection, indexesInfo, dropIndexNames, key, field, info, indexesInfo_1, indexesInfo_1_1, indexInfo, key, error_2, e_3_1, error_3, dropIndexNames_1, dropIndexNames_1_1, indexName, error_4, e_4_1, error_5;
562
+ var adapter, collection, indexesInfo, dropIndexNames, key, field, info, indexesInfo_1, indexesInfo_1_1, indexInfo, key, error_1, e_3_1, error_2, dropIndexNames_1, dropIndexNames_1_1, indexName, error_3, e_4_1, error_4;
559
563
  return tslib_1.__generator(this, function (_c) {
560
564
  switch (_c.label) {
561
565
  case 0:
@@ -600,8 +604,8 @@ var SteedosObjectType = /** @class */ (function (_super) {
600
604
  _c.sent();
601
605
  return [3 /*break*/, 9];
602
606
  case 8:
603
- error_2 = _c.sent();
604
- console.error(error_2);
607
+ error_1 = _c.sent();
608
+ console.error(error_1);
605
609
  return [3 /*break*/, 9];
606
610
  case 9: return [3 /*break*/, 4];
607
611
  case 10: return [3 /*break*/, 17];
@@ -623,8 +627,8 @@ var SteedosObjectType = /** @class */ (function (_super) {
623
627
  case 16: return [7 /*endfinally*/];
624
628
  case 17: return [3 /*break*/, 19];
625
629
  case 18:
626
- error_3 = _c.sent();
627
- console.error(error_3);
630
+ error_2 = _c.sent();
631
+ console.error(error_2);
628
632
  return [3 /*break*/, 19];
629
633
  case 19:
630
634
  if (!(dropIndexNames && dropIndexNames.length > 0)) return [3 /*break*/, 37];
@@ -648,7 +652,7 @@ var SteedosObjectType = /** @class */ (function (_super) {
648
652
  _c.sent();
649
653
  return [3 /*break*/, 27];
650
654
  case 26:
651
- error_4 = _c.sent();
655
+ error_3 = _c.sent();
652
656
  return [3 /*break*/, 27];
653
657
  case 27: return [3 /*break*/, 22];
654
658
  case 28: return [3 /*break*/, 35];
@@ -670,8 +674,8 @@ var SteedosObjectType = /** @class */ (function (_super) {
670
674
  case 34: return [7 /*endfinally*/];
671
675
  case 35: return [3 /*break*/, 37];
672
676
  case 36:
673
- error_5 = _c.sent();
674
- console.error(error_5);
677
+ error_4 = _c.sent();
678
+ console.error(error_4);
675
679
  return [3 /*break*/, 37];
676
680
  case 37: return [2 /*return*/];
677
681
  }
@@ -712,77 +716,125 @@ var SteedosObjectType = /** @class */ (function (_super) {
712
716
  };
713
717
  SteedosObjectType.prototype.getUserObjectPermission = function (userSession) {
714
718
  return tslib_1.__awaiter(this, void 0, void 0, function () {
715
- var roles, objectRolesPermission, userObjectPermission, spaceId;
719
+ var roles, objectRolesPermission, userObjectPermission, rolesFieldsPermission, field_permissions, spaceId;
716
720
  return tslib_1.__generator(this, function (_a) {
717
- if (!userSession) {
718
- throw new Error('userSession is required');
719
- }
720
- roles = userSession.roles;
721
- objectRolesPermission = this.getObjectRolesPermission(userSession.spaceId);
722
- userObjectPermission = {
723
- allowRead: false,
724
- allowCreate: false,
725
- allowEdit: false,
726
- allowDelete: false,
727
- viewAllRecords: false,
728
- modifyAllRecords: false,
729
- viewCompanyRecords: false,
730
- modifyCompanyRecords: false,
731
- allowReadFiles: null,
732
- viewAllFiles: null,
733
- allowCreateFiles: null,
734
- allowEditFiles: null,
735
- allowDeleteFiles: null,
736
- modifyAllFiles: null,
737
- disabled_list_views: null,
738
- disabled_actions: null,
739
- unreadable_fields: null,
740
- uneditable_fields: null,
741
- unrelated_objects: null
742
- };
743
- if (_.isEmpty(roles)) {
744
- throw new Error('not find user permission');
745
- }
746
- roles.forEach(function (role) {
747
- var rolePermission = objectRolesPermission[role];
748
- if (rolePermission) {
749
- _.each(userObjectPermission, function (v, k) {
750
- var _v = rolePermission[k];
751
- if (_.isBoolean(v)) {
752
- if (v === false && _v === true) {
753
- userObjectPermission[k] = _v;
754
- }
755
- }
756
- else if (['allowReadFiles', 'viewAllFiles', 'allowCreateFiles', 'allowEditFiles', 'allowDeleteFiles', 'modifyAllFiles'].indexOf(k) > -1) {
757
- if (_.isBoolean(_v)) {
758
- userObjectPermission[k] = _v;
759
- }
721
+ switch (_a.label) {
722
+ case 0:
723
+ if (!userSession) {
724
+ throw new Error('userSession is required');
725
+ }
726
+ roles = userSession.roles;
727
+ objectRolesPermission = this.getObjectRolesPermission(userSession.spaceId);
728
+ userObjectPermission = {
729
+ allowRead: false,
730
+ allowCreate: false,
731
+ allowEdit: false,
732
+ allowDelete: false,
733
+ viewAllRecords: false,
734
+ modifyAllRecords: false,
735
+ viewCompanyRecords: false,
736
+ modifyCompanyRecords: false,
737
+ allowReadFiles: null,
738
+ viewAllFiles: null,
739
+ allowCreateFiles: null,
740
+ allowEditFiles: null,
741
+ allowDeleteFiles: null,
742
+ modifyAllFiles: null,
743
+ disabled_list_views: null,
744
+ disabled_actions: null,
745
+ unreadable_fields: null,
746
+ uneditable_fields: null,
747
+ unrelated_objects: null,
748
+ field_permissions: null,
749
+ };
750
+ if (_.isEmpty(roles)) {
751
+ throw new Error('not find user permission');
752
+ }
753
+ return [4 /*yield*/, field_permission_1.FieldPermission.getObjectFieldsPermissionGroupRole(this.name)];
754
+ case 1:
755
+ rolesFieldsPermission = _a.sent();
756
+ roles.forEach(function (role) {
757
+ var rolePermission = objectRolesPermission[role];
758
+ if (rolePermission) {
759
+ var roleFieldsPermission_1 = rolesFieldsPermission[role];
760
+ _.each(userObjectPermission, function (v, k) {
761
+ var _v = rolePermission[k];
762
+ if (k === 'field_permissions') {
763
+ _v = roleFieldsPermission_1;
764
+ }
765
+ if (_.isBoolean(v)) {
766
+ if (v === false && _v === true) {
767
+ userObjectPermission[k] = _v;
768
+ }
769
+ }
770
+ else if (['allowReadFiles', 'viewAllFiles', 'allowCreateFiles', 'allowEditFiles', 'allowDeleteFiles', 'modifyAllFiles'].indexOf(k) > -1) {
771
+ if (_.isBoolean(_v)) {
772
+ userObjectPermission[k] = _v;
773
+ }
774
+ }
775
+ else if (['read_filters', 'edit_filters'].indexOf(k) > -1) {
776
+ if ('edit_filters' === k) {
777
+ if (!_.isEmpty(_v)) {
778
+ userObjectPermission['read_filters'].push(_v);
779
+ }
780
+ }
781
+ if (!_.isEmpty(_v)) {
782
+ userObjectPermission[k].push(_v);
783
+ }
784
+ }
785
+ else if ((_.isArray(v) || _.isNull(v))) {
786
+ if (!_.isArray(_v)) {
787
+ _v = [];
788
+ }
789
+ if (_.isNull(v)) {
790
+ userObjectPermission[k] = _v;
791
+ }
792
+ else {
793
+ if (k === 'field_permissions') {
794
+ userObjectPermission[k] = _.union(v, _v);
795
+ }
796
+ else {
797
+ userObjectPermission[k] = _.intersection(v, _v);
798
+ }
799
+ }
800
+ }
801
+ });
760
802
  }
761
- else if ((_.isArray(v) || _.isNull(v))) {
762
- if (!_.isArray(_v)) {
763
- _v = [];
764
- }
765
- if (_.isNull(v)) {
766
- userObjectPermission[k] = _v;
803
+ });
804
+ field_permissions = {};
805
+ if (userObjectPermission.field_permissions) {
806
+ _.each(userObjectPermission.field_permissions, function (field_permission) {
807
+ var field = field_permission.field, read = field_permission.read, edit = field_permission.edit;
808
+ if (field_permissions[field]) {
809
+ field_permissions[field].edit = field_permissions[field].edit || edit;
810
+ if (field_permissions[field].edit) {
811
+ field_permissions[field].read = true;
812
+ }
813
+ else {
814
+ field_permissions[field].read = field_permissions[field].read || read;
815
+ }
767
816
  }
768
817
  else {
769
- userObjectPermission[k] = _.intersection(v, _v);
818
+ field_permissions[field] = {
819
+ field: field,
820
+ read: edit || read,
821
+ edit: edit
822
+ };
770
823
  }
771
- }
772
- });
773
- }
774
- });
775
- userObjectPermission.disabled_list_views = userObjectPermission.disabled_list_views || [];
776
- userObjectPermission.disabled_actions = userObjectPermission.disabled_actions || [];
777
- userObjectPermission.unreadable_fields = userObjectPermission.unreadable_fields || [];
778
- userObjectPermission.uneditable_fields = userObjectPermission.uneditable_fields || [];
779
- userObjectPermission.unrelated_objects = userObjectPermission.unrelated_objects || [];
780
- spaceId = userSession.spaceId;
781
- if (util_1.isTemplateSpace(spaceId)) {
782
- return [2 /*return*/, Object.assign({}, userObjectPermission, { allowRead: true, viewAllRecords: true, viewCompanyRecords: true })];
824
+ });
825
+ }
826
+ userObjectPermission.field_permissions = field_permissions;
827
+ userObjectPermission.disabled_list_views = userObjectPermission.disabled_list_views || [];
828
+ userObjectPermission.disabled_actions = userObjectPermission.disabled_actions || [];
829
+ userObjectPermission.unreadable_fields = userObjectPermission.unreadable_fields || [];
830
+ userObjectPermission.uneditable_fields = userObjectPermission.uneditable_fields || [];
831
+ userObjectPermission.unrelated_objects = userObjectPermission.unrelated_objects || [];
832
+ spaceId = userSession.spaceId;
833
+ if (util_1.isTemplateSpace(spaceId)) {
834
+ return [2 /*return*/, Object.assign({}, userObjectPermission, { allowRead: true, viewAllRecords: true, viewCompanyRecords: true })];
835
+ }
836
+ return [2 /*return*/, userObjectPermission];
783
837
  }
784
- Creator.processPermissions(userObjectPermission);
785
- return [2 /*return*/, userObjectPermission];
786
838
  });
787
839
  });
788
840
  };
@@ -1283,7 +1335,7 @@ var SteedosObjectType = /** @class */ (function (_super) {
1283
1335
  };
1284
1336
  SteedosObjectType.prototype.getRecordView = function (userSession) {
1285
1337
  return tslib_1.__awaiter(this, void 0, void 0, function () {
1286
- var lng, objectMetadataConfig, objectConfig, _a, _b, _c, _d, layouts, layout, _fields_1, sort_no_1, layoutFieldKeys, objectFieldKeys, difference, layoutButtonsName_1, spaceProcessDefinition, dbListViews;
1338
+ var lng, objectMetadataConfig, objectConfig, _a, _b, _c, _d, layouts, layout, _fields_1, sort_no_1, layoutFieldKeys, objectFieldKeys, difference, layoutButtonsName_1, userObjectFields, spaceProcessDefinition, dbListViews;
1287
1339
  return tslib_1.__generator(this, function (_e) {
1288
1340
  switch (_e.label) {
1289
1341
  case 0:
@@ -1383,6 +1435,23 @@ var SteedosObjectType = /** @class */ (function (_super) {
1383
1435
  }
1384
1436
  });
1385
1437
  }
1438
+ userObjectFields = objectConfig.fields;
1439
+ _.each(objectConfig.permissions.field_permissions, function (field_permission, field) {
1440
+ var read = field_permission.read, edit = field_permission.edit;
1441
+ if (read) {
1442
+ userObjectFields[field].omit = true;
1443
+ }
1444
+ if (edit) {
1445
+ userObjectFields[field].omit = false;
1446
+ userObjectFields[field].hidden = false;
1447
+ userObjectFields[field].readonly = false;
1448
+ userObjectFields[field].disabled = false;
1449
+ }
1450
+ if (!read && !edit) {
1451
+ delete userObjectFields[field];
1452
+ }
1453
+ });
1454
+ objectConfig.fields = userObjectFields;
1386
1455
  return [4 /*yield*/, getObject("process_definition").directFind({ filters: [['space', '=', userSession.spaceId], ['object_name', '=', this.name], ['active', '=', true]] })];
1387
1456
  case 7:
1388
1457
  spaceProcessDefinition = _e.sent();
@@ -1551,7 +1620,7 @@ var SteedosObjectType = /** @class */ (function (_super) {
1551
1620
  };
1552
1621
  SteedosObjectType.prototype.createDefaulRecordView = function (userSession) {
1553
1622
  return tslib_1.__awaiter(this, void 0, void 0, function () {
1554
- var name, label, profiles, defaultRecordView, error_6;
1623
+ var name, label, profiles, defaultRecordView, error_5;
1555
1624
  return tslib_1.__generator(this, function (_a) {
1556
1625
  switch (_a.label) {
1557
1626
  case 0:
@@ -1567,8 +1636,8 @@ var SteedosObjectType = /** @class */ (function (_super) {
1567
1636
  return [4 /*yield*/, getObject('object_layouts').insert(Object.assign({}, defaultRecordView, { name: name, label: label, profiles: profiles }), userSession)];
1568
1637
  case 3: return [2 /*return*/, _a.sent()];
1569
1638
  case 4:
1570
- error_6 = _a.sent();
1571
- return [2 /*return*/, { error: error_6.message }];
1639
+ error_5 = _a.sent();
1640
+ return [2 /*return*/, { error: error_5.message }];
1572
1641
  case 5: return [2 /*return*/];
1573
1642
  }
1574
1643
  });
@@ -1737,6 +1806,29 @@ var SteedosObjectType = /** @class */ (function (_super) {
1737
1806
  });
1738
1807
  });
1739
1808
  };
1809
+ // private async appendRecordPermission(records, userSession) {
1810
+ // const _ids = _.pluck(records, '_id');
1811
+ // const objPm = await this.getUserObjectPermission(userSession);
1812
+ // const permissionFilters = this.getObjectPermissionFilters(objPm, userSession, true);
1813
+ // if (_.isEmpty(permissionFilters)) {
1814
+ // return;
1815
+ // }
1816
+ // const filters = formatFiltersToODataQuery(['_id', 'in', _ids])
1817
+ // const results = await this.directFind({
1818
+ // fields: ['_id'],
1819
+ // filters: `(${filters}) and (${permissionFilters.join(' or ')})`
1820
+ // });
1821
+ // const allowEditIds = _.pluck(results, '_id');
1822
+ // _.each(records, (record) => {
1823
+ // if (_.include(allowEditIds, record._id)) {
1824
+ // record.record_permissions = {
1825
+ // allowRead: true,
1826
+ // allowEdit: true,
1827
+ // allowDelete: true,
1828
+ // }
1829
+ // }
1830
+ // })
1831
+ // }
1740
1832
  SteedosObjectType.prototype.getTriggerContext = function (when, method, args, recordId) {
1741
1833
  return tslib_1.__awaiter(this, void 0, void 0, function () {
1742
1834
  var userSession, context, _a;
@@ -1744,7 +1836,7 @@ var SteedosObjectType = /** @class */ (function (_super) {
1744
1836
  switch (_b.label) {
1745
1837
  case 0:
1746
1838
  userSession = args[args.length - 1];
1747
- context = { userId: userSession ? userSession.userId : undefined, spaceId: userSession ? userSession.spaceId : undefined };
1839
+ context = { objectName: this.name, userId: userSession ? userSession.userId : undefined, spaceId: userSession ? userSession.spaceId : undefined };
1748
1840
  if (method === 'find' || method === 'findOne' || method === 'count') {
1749
1841
  context.query = args[args.length - 2];
1750
1842
  }
@@ -1900,6 +1992,15 @@ var SteedosObjectType = /** @class */ (function (_super) {
1900
1992
  if (method === 'count') {
1901
1993
  values = returnValue || 0;
1902
1994
  }
1995
+ // else{
1996
+ // if (userSession) {
1997
+ // let _records = returnValue
1998
+ // if (method == 'findOne' && returnValue) {
1999
+ // _records = [_records]
2000
+ // }
2001
+ // await this.appendRecordPermission(_records, userSession);
2002
+ // }
2003
+ // }
1903
2004
  Object.assign(afterTriggerContext, { data: { values: values } });
1904
2005
  }
1905
2006
  // console.log("==returnValue==", returnValue);
@@ -2011,6 +2112,28 @@ var SteedosObjectType = /** @class */ (function (_super) {
2011
2112
  });
2012
2113
  });
2013
2114
  };
2115
+ // private getObjectPermissionFilters(objectPermission, userSession, isEdit) {
2116
+ // const objectPermissionFilters = [];
2117
+ // let permissionFiltersKey = 'read_filters';
2118
+ // if (isEdit) {
2119
+ // permissionFiltersKey = 'edit_filters';
2120
+ // }
2121
+ // const globalData = Object.assign({}, userSession, { now: new Date() });
2122
+ // let permissionFilters = objectPermission[permissionFiltersKey];
2123
+ // _.each(permissionFilters, (permissionFilter) => {
2124
+ // if (_.isString(permissionFilter) && isExpression(permissionFilter.trim())) {
2125
+ // try {
2126
+ // const filters = parseSingleExpression(permissionFilter, {}, "#", globalData);
2127
+ // if (filters && !_.isString(filters)) {
2128
+ // objectPermissionFilters.push(`(${formatFiltersToODataQuery(filters, userSession)})`)
2129
+ // }
2130
+ // } catch (error) {
2131
+ // console.error(`getObjectPermissionFilters error`, permissionFilter, error.message);
2132
+ // }
2133
+ // }
2134
+ // })
2135
+ // return objectPermissionFilters;
2136
+ // }
2014
2137
  /**
2015
2138
  * 把query.filters用formatFiltersToODataQuery转为odata query
2016
2139
  * 主要是为了把userSession中的utcOffset逻辑传入formatFiltersToODataQuery函数处理
@@ -2031,82 +2154,102 @@ var SteedosObjectType = /** @class */ (function (_super) {
2031
2154
  };
2032
2155
  SteedosObjectType.prototype.dealWithMethodPermission = function (method, args) {
2033
2156
  return tslib_1.__awaiter(this, void 0, void 0, function () {
2034
- var userSession, spaceId, userId, objPm, query, spaceFilter, companyFilter, ownerFilter, sharesFilter, clientFilter, filters, permissionFilters, userFilters, id, companyFilters, queryFilters, companyFilters, id, companyFilters;
2157
+ var userSession, spaceId, userId, objPm, query, spaceFilter, companyFilter, ownerFilter, sharesFilter, shareRuleFilters, restrictionRuleFilters, clientFilter, filters, permissionFilters, userFilters, permissionFilters, objectPermissionEditFilters, id, companyFilters, queryFilters, companyFilters, permissionFilters, objectPermissionEditFilters, id, companyFilters;
2035
2158
  return tslib_1.__generator(this, function (_a) {
2036
2159
  switch (_a.label) {
2037
2160
  case 0:
2038
2161
  userSession = args[args.length - 1];
2039
- if (!userSession) return [3 /*break*/, 2];
2162
+ if (!userSession) return [3 /*break*/, 5];
2040
2163
  spaceId = userSession.spaceId;
2041
2164
  userId = userSession.userId;
2042
2165
  return [4 /*yield*/, this.getUserObjectPermission(userSession)];
2043
2166
  case 1:
2044
2167
  objPm = _a.sent();
2045
- if (method === 'find' || method === 'count' || method === 'findOne' || method === 'aggregate' || method === 'aggregatePrefixalPipeline') {
2046
- query = args[args.length - 2];
2047
- if (method === 'aggregate' || method === 'aggregatePrefixalPipeline') {
2048
- query = args[args.length - 3];
2049
- }
2050
- if (query.filters && !_.isString(query.filters)) {
2051
- query.filters = filters_1.formatFiltersToODataQuery(query.filters);
2052
- }
2053
- if (this.table_name == 'cfs.files.filerecord' || this.table_name == 'cfs.instances.filerecord') {
2054
- return [2 /*return*/];
2055
- }
2056
- if (util_1.isCloudAdminSpace(spaceId)) {
2057
- return [2 /*return*/];
2058
- }
2059
- spaceFilter = void 0, companyFilter = void 0, ownerFilter = void 0, sharesFilter = void 0, clientFilter = query.filters, filters = void 0, permissionFilters = [], userFilters = [];
2060
- if (spaceId) {
2061
- spaceFilter = "(space eq '" + spaceId + "')";
2062
- }
2063
- if (spaceId && !objPm.viewAllRecords && objPm.viewCompanyRecords) { // 公司级
2064
- if (_.isEmpty(userSession.companies)) {
2065
- console.log('objPm', objPm);
2066
- throw new Error("user not belong any company!");
2067
- }
2068
- companyFilter = _.map(userSession.companies, function (comp) {
2069
- return "(company_id eq '" + comp._id + "') or (company_ids eq '" + comp._id + "')";
2070
- });
2071
- }
2072
- if (!objPm.viewAllRecords && !objPm.viewCompanyRecords && objPm.allowRead) { // owner
2073
- ownerFilter = "(owner eq '" + userId + "')";
2074
- }
2075
- if (!objPm.viewAllRecords) {
2076
- sharesFilter = util_1.getUserObjectSharesFilters(this.name, userSession);
2077
- }
2078
- if (!_.isEmpty(companyFilter)) {
2079
- permissionFilters.push("(" + companyFilter.join(' or ') + ")");
2080
- }
2081
- if (ownerFilter) {
2082
- permissionFilters.push(ownerFilter);
2083
- }
2084
- if (!_.isEmpty(sharesFilter)) {
2085
- permissionFilters.push("(" + sharesFilter.join(' or ') + ")");
2086
- }
2087
- if (clientFilter) {
2088
- userFilters.push(clientFilter);
2089
- }
2090
- if (spaceFilter) {
2091
- userFilters.push(spaceFilter);
2092
- }
2093
- if (!userSession.is_space_admin && !_.isEmpty(permissionFilters)) {
2094
- filters = permissionFilters.join(' or ');
2095
- }
2096
- if (!_.isEmpty(userFilters)) {
2097
- filters = filters ? "(" + filters + ") and (" + userFilters.join(' and ') + ")" : userFilters.join(' and ');
2168
+ if (!(method === 'find' || method === 'count' || method === 'findOne' || method === 'aggregate' || method === 'aggregatePrefixalPipeline')) return [3 /*break*/, 4];
2169
+ query = args[args.length - 2];
2170
+ if (method === 'aggregate' || method === 'aggregatePrefixalPipeline') {
2171
+ query = args[args.length - 3];
2172
+ }
2173
+ if (query.filters && !_.isString(query.filters)) {
2174
+ query.filters = filters_1.formatFiltersToODataQuery(query.filters);
2175
+ }
2176
+ if (this.table_name == 'cfs.files.filerecord' || this.table_name == 'cfs.instances.filerecord') {
2177
+ return [2 /*return*/];
2178
+ }
2179
+ if (util_1.isCloudAdminSpace(spaceId)) {
2180
+ return [2 /*return*/];
2181
+ }
2182
+ spaceFilter = void 0, companyFilter = void 0, ownerFilter = void 0, sharesFilter = void 0, shareRuleFilters = void 0, restrictionRuleFilters = void 0, clientFilter = query.filters, filters = void 0, permissionFilters = [], userFilters = [];
2183
+ if (spaceId) {
2184
+ spaceFilter = "(space eq '" + spaceId + "')";
2185
+ }
2186
+ if (spaceId && !objPm.viewAllRecords && objPm.viewCompanyRecords) { // 公司级
2187
+ if (_.isEmpty(userSession.companies)) {
2188
+ console.log('objPm', objPm);
2189
+ throw new Error("user not belong any company!");
2098
2190
  }
2099
- query.filters = filters;
2191
+ companyFilter = _.map(userSession.companies, function (comp) {
2192
+ return "(company_id eq '" + comp._id + "') or (company_ids eq '" + comp._id + "')";
2193
+ });
2194
+ }
2195
+ if (!objPm.viewAllRecords && !objPm.viewCompanyRecords && objPm.allowRead) { // owner
2196
+ ownerFilter = "(owner eq '" + userId + "')";
2197
+ }
2198
+ return [4 /*yield*/, shareRule_1.ShareRules.getUserObjectFilters(this.name, userSession)];
2199
+ case 2:
2200
+ shareRuleFilters = _a.sent();
2201
+ if (!_.isEmpty(shareRuleFilters)) {
2202
+ permissionFilters.push("(" + shareRuleFilters.join(' or ') + ")");
2100
2203
  }
2101
- else if (method === 'insert') {
2204
+ return [4 /*yield*/, restrictionRule_1.RestrictionRule.getUserObjectFilters(this.name, userSession)];
2205
+ case 3:
2206
+ restrictionRuleFilters = _a.sent();
2207
+ if (!_.isEmpty(restrictionRuleFilters)) {
2208
+ userFilters.push("(" + restrictionRuleFilters.join(' or ') + ")");
2209
+ }
2210
+ // objectPermissionFilters = this.getObjectPermissionFilters(objPm, userSession, false);
2211
+ // if (!_.isEmpty(objectPermissionFilters)) {
2212
+ // permissionFilters.push(`(${objectPermissionFilters.join(' or ')})`);
2213
+ // }
2214
+ sharesFilter = util_1.getUserObjectSharesFilters(this.name, userSession);
2215
+ if (!_.isEmpty(companyFilter)) {
2216
+ permissionFilters.push("(" + companyFilter.join(' and ') + ")");
2217
+ }
2218
+ if (ownerFilter) {
2219
+ permissionFilters.push(ownerFilter);
2220
+ }
2221
+ if (!_.isEmpty(sharesFilter)) {
2222
+ permissionFilters.push("(" + sharesFilter.join(' or ') + ")");
2223
+ }
2224
+ if (clientFilter) {
2225
+ userFilters.push(clientFilter);
2226
+ }
2227
+ if (spaceFilter) {
2228
+ userFilters.push(spaceFilter);
2229
+ }
2230
+ if (!userSession.is_space_admin && !_.isEmpty(permissionFilters)) {
2231
+ filters = permissionFilters.join(' or ');
2232
+ }
2233
+ if (!_.isEmpty(userFilters)) {
2234
+ filters = filters ? "(" + filters + ") and (" + userFilters.join(' and ') + ")" : userFilters.join(' and ');
2235
+ }
2236
+ query.filters = filters;
2237
+ return [3 /*break*/, 5];
2238
+ case 4:
2239
+ if (method === 'insert') {
2102
2240
  if (!objPm.allowCreate) {
2103
2241
  throw new Error("no " + method + " permission!");
2104
2242
  }
2105
2243
  }
2106
2244
  else if (method === 'update' || method === 'updateOne') {
2107
- if (!objPm.allowEdit) {
2245
+ permissionFilters = null;
2246
+ if (!objPm.allowEdit && _.isEmpty(permissionFilters)) {
2108
2247
  throw new Error("no " + method + " permission!");
2109
2248
  }
2249
+ objectPermissionEditFilters = '';
2250
+ if (!_.isEmpty(permissionFilters)) {
2251
+ objectPermissionEditFilters = " or (" + permissionFilters.join(' or ') + ")";
2252
+ }
2110
2253
  id = args[args.length - 3];
2111
2254
  if (!objPm.modifyAllRecords && objPm.modifyCompanyRecords) {
2112
2255
  companyFilters = _.map(userSession.companies, function (comp) {
@@ -2114,25 +2257,36 @@ var SteedosObjectType = /** @class */ (function (_super) {
2114
2257
  }).join(' or ');
2115
2258
  if (companyFilters) {
2116
2259
  if (_.isString(id)) {
2117
- id = { filters: "(_id eq '" + id + "') and (" + companyFilters + ")" };
2260
+ id = { filters: "(_id eq '" + id + "') and (" + companyFilters + objectPermissionEditFilters + ")" };
2118
2261
  }
2119
2262
  else if (_.isObject(id)) {
2120
2263
  if (id.filters && !_.isString(id.filters)) {
2121
2264
  id.filters = filters_1.formatFiltersToODataQuery(id.filters);
2122
2265
  }
2123
- id.filters = id.filters ? "(" + id.filters + ") and (" + companyFilters + ")" : "(" + companyFilters + ")";
2266
+ id.filters = id.filters ? "(" + id.filters + ") and (" + companyFilters + objectPermissionEditFilters + ")" : "(" + companyFilters + objectPermissionEditFilters + ")";
2124
2267
  }
2125
2268
  }
2126
2269
  }
2127
2270
  else if (!objPm.modifyAllRecords && !objPm.modifyCompanyRecords && objPm.allowEdit) {
2128
2271
  if (_.isString(id)) {
2129
- id = { filters: "(_id eq '" + id + "') and (owner eq '" + userId + "')" };
2272
+ id = { filters: "(_id eq '" + id + "') and (owner eq '" + userId + "' " + objectPermissionEditFilters + ")" };
2130
2273
  }
2131
2274
  else if (_.isObject(id)) {
2132
2275
  if (id.filters && !_.isString(id.filters)) {
2133
2276
  id.filters = filters_1.formatFiltersToODataQuery(id.filters);
2134
2277
  }
2135
- id.filters = id.filters ? "(" + id.filters + ") and (owner eq '" + userId + "')" : "(owner eq '" + userId + "')";
2278
+ id.filters = id.filters ? "(" + id.filters + ") and (owner eq '" + userId + "' " + objectPermissionEditFilters + ")" : "(owner eq '" + userId + "' " + objectPermissionEditFilters + ")";
2279
+ }
2280
+ }
2281
+ else if (objectPermissionEditFilters) {
2282
+ if (_.isString(id)) {
2283
+ id = { filters: "(_id eq '" + id + "') and (" + objectPermissionEditFilters + ")" };
2284
+ }
2285
+ else if (_.isObject(id)) {
2286
+ if (id.filters && !_.isString(id.filters)) {
2287
+ id.filters = filters_1.formatFiltersToODataQuery(id.filters);
2288
+ }
2289
+ id.filters = id.filters ? "(" + id.filters + ") and (" + objectPermissionEditFilters + ")" : "(" + objectPermissionEditFilters + ")";
2136
2290
  }
2137
2291
  }
2138
2292
  args[args.length - 3] = id;
@@ -2156,25 +2310,41 @@ var SteedosObjectType = /** @class */ (function (_super) {
2156
2310
  }
2157
2311
  }
2158
2312
  else if (method === 'delete') {
2159
- if (!objPm.allowDelete) {
2313
+ permissionFilters = null;
2314
+ if (!objPm.allowDelete && _.isEmpty(permissionFilters)) {
2160
2315
  throw new Error("no " + method + " permission!");
2161
2316
  }
2317
+ objectPermissionEditFilters = '';
2318
+ if (!_.isEmpty(permissionFilters)) {
2319
+ objectPermissionEditFilters = " or (" + permissionFilters.join(' or ') + ")";
2320
+ }
2162
2321
  id = args[args.length - 2];
2163
2322
  if (!objPm.modifyAllRecords && objPm.modifyCompanyRecords) {
2164
2323
  companyFilters = _.map(userSession.companies, function (comp) {
2165
2324
  return "(company_id eq '" + comp._id + "') or (company_ids eq '" + comp._id + "')";
2166
2325
  }).join(' or ');
2167
2326
  if (companyFilters) {
2168
- id = { filters: "(_id eq '" + id + "') and (" + companyFilters + ")" };
2327
+ id = { filters: "(_id eq '" + id + "') and (" + companyFilters + objectPermissionEditFilters + ")" };
2169
2328
  }
2170
2329
  }
2171
2330
  else if (!objPm.modifyAllRecords && !objPm.modifyCompanyRecords) {
2172
- id = { filters: "(_id eq '" + id + "') and (owner eq '" + userId + "')" };
2331
+ id = { filters: "(_id eq '" + id + "') and (owner eq '" + userId + "'" + objectPermissionEditFilters + ")" };
2332
+ }
2333
+ else if (objectPermissionEditFilters) {
2334
+ if (_.isString(id)) {
2335
+ id = { filters: "(_id eq '" + id + "') and (" + objectPermissionEditFilters + ")" };
2336
+ }
2337
+ else if (_.isObject(id)) {
2338
+ if (id.filters && !_.isString(id.filters)) {
2339
+ id.filters = filters_1.formatFiltersToODataQuery(id.filters);
2340
+ }
2341
+ id.filters = id.filters ? "(" + id.filters + ") and (" + objectPermissionEditFilters + ")" : "(" + objectPermissionEditFilters + ")";
2342
+ }
2173
2343
  }
2174
2344
  args[args.length - 2] = id;
2175
2345
  }
2176
- _a.label = 2;
2177
- case 2: return [2 /*return*/];
2346
+ _a.label = 5;
2347
+ case 5: return [2 /*return*/];
2178
2348
  }
2179
2349
  });
2180
2350
  });