@steedos/objectql 2.1.55 → 2.1.59

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (81) hide show
  1. package/lib/dynamic-load/preload_data.d.ts +3 -0
  2. package/lib/dynamic-load/preload_data.js +158 -1
  3. package/lib/dynamic-load/preload_data.js.map +1 -1
  4. package/lib/dynamic-load/restrictionRules.d.ts +1 -0
  5. package/lib/dynamic-load/restrictionRules.js +42 -0
  6. package/lib/dynamic-load/restrictionRules.js.map +1 -0
  7. package/lib/dynamic-load/shareRules.d.ts +1 -0
  8. package/lib/dynamic-load/shareRules.js +42 -0
  9. package/lib/dynamic-load/shareRules.js.map +1 -0
  10. package/lib/formula/core.js +22 -5
  11. package/lib/formula/core.js.map +1 -1
  12. package/lib/formula/index.d.ts +2 -0
  13. package/lib/formula/index.js +28 -1
  14. package/lib/formula/index.js.map +1 -1
  15. package/lib/formula/simple_params.d.ts +2 -0
  16. package/lib/formula/simple_params.js +91 -0
  17. package/lib/formula/simple_params.js.map +1 -0
  18. package/lib/formula/type.d.ts +3 -2
  19. package/lib/formula/type.js.map +1 -1
  20. package/lib/index.d.ts +3 -0
  21. package/lib/index.js +3 -0
  22. package/lib/index.js.map +1 -1
  23. package/lib/metadata-register/_base.d.ts +3 -1
  24. package/lib/metadata-register/_base.js +16 -5
  25. package/lib/metadata-register/_base.js.map +1 -1
  26. package/lib/metadata-register/permissionFields.d.ts +7 -0
  27. package/lib/metadata-register/permissionFields.js +18 -0
  28. package/lib/metadata-register/permissionFields.js.map +1 -0
  29. package/lib/metadata-register/restrictionRules.d.ts +7 -0
  30. package/lib/metadata-register/restrictionRules.js +18 -0
  31. package/lib/metadata-register/restrictionRules.js.map +1 -0
  32. package/lib/metadata-register/shareRules.d.ts +7 -0
  33. package/lib/metadata-register/shareRules.js +18 -0
  34. package/lib/metadata-register/shareRules.js.map +1 -0
  35. package/lib/types/field_permission.d.ts +4 -0
  36. package/lib/types/field_permission.js +50 -0
  37. package/lib/types/field_permission.js.map +1 -0
  38. package/lib/types/object.d.ts +1 -0
  39. package/lib/types/object.js +302 -133
  40. package/lib/types/object.js.map +1 -1
  41. package/lib/types/object_dynamic_load.js +13 -4
  42. package/lib/types/object_dynamic_load.js.map +1 -1
  43. package/lib/types/object_permission.d.ts +1 -0
  44. package/lib/types/object_permission.js +31 -0
  45. package/lib/types/object_permission.js.map +1 -1
  46. package/lib/types/restrictionRule.d.ts +13 -0
  47. package/lib/types/restrictionRule.js +75 -0
  48. package/lib/types/restrictionRule.js.map +1 -0
  49. package/lib/types/shareRule.d.ts +13 -0
  50. package/lib/types/shareRule.js +75 -0
  51. package/lib/types/shareRule.js.map +1 -0
  52. package/lib/util/field.js +4 -4
  53. package/lib/util/field.js.map +1 -1
  54. package/lib/util/function_expression.d.ts +2 -0
  55. package/lib/util/function_expression.js +66 -0
  56. package/lib/util/function_expression.js.map +1 -0
  57. package/lib/util/index.d.ts +1 -0
  58. package/lib/util/index.js +1 -0
  59. package/lib/util/index.js.map +1 -1
  60. package/package.json +8 -8
  61. package/src/dynamic-load/preload_data.ts +44 -0
  62. package/src/dynamic-load/restrictionRules.ts +19 -0
  63. package/src/dynamic-load/shareRules.ts +19 -0
  64. package/src/formula/core.ts +19 -2
  65. package/src/formula/index.ts +21 -1
  66. package/src/formula/simple_params.ts +92 -0
  67. package/src/formula/type.ts +4 -3
  68. package/src/index.ts +4 -1
  69. package/src/metadata-register/_base.ts +14 -3
  70. package/src/metadata-register/permissionFields.ts +13 -0
  71. package/src/metadata-register/restrictionRules.ts +12 -0
  72. package/src/metadata-register/shareRules.ts +13 -0
  73. package/src/types/field_permission.ts +26 -0
  74. package/src/types/object.ts +198 -22
  75. package/src/types/object_dynamic_load.ts +4 -1
  76. package/src/types/object_permission.ts +32 -0
  77. package/src/types/restrictionRule.ts +57 -0
  78. package/src/types/shareRule.ts +57 -0
  79. package/src/util/field.ts +4 -4
  80. package/src/util/function_expression.ts +63 -0
  81. package/src/util/index.ts +1 -0
@@ -0,0 +1,92 @@
1
+ import { SteedosFormulaBlankValue } from './type';
2
+ import { FormulonDataType } from './params';
3
+
4
+ const VALUE_TYPES_NOT_SUPPORTED = ["function"];
5
+
6
+ function getSubstitutionDataType(value: any){
7
+ const valueType = typeof value;
8
+ let dateType: FormulonDataType;
9
+ if(VALUE_TYPES_NOT_SUPPORTED.indexOf(dateType) > -1){
10
+ throw new Error(`runFormula:Catch an error the param type "${valueType}" is not supported while eval formula with the params value: "${value}"`);
11
+ }
12
+ switch (valueType) {
13
+ case 'string':
14
+ dateType = FormulonDataType.Text;
15
+ break;
16
+ case 'number':
17
+ dateType = FormulonDataType.Number;
18
+ break;
19
+ case 'boolean':
20
+ dateType = FormulonDataType.Checkbox;
21
+ break;
22
+ case 'object':
23
+ if(value === null){
24
+ dateType = FormulonDataType.Null;
25
+ }
26
+ else if (value instanceof Date){
27
+ dateType = FormulonDataType.Datetime;
28
+ }
29
+ else{
30
+ throw new Error(`runFormula:Catch an error the param type "${valueType}" is not supported while eval formula with the params value: "${value}"`);
31
+ }
32
+ break;
33
+ case 'undefined':
34
+ dateType = FormulonDataType.Null;
35
+ break;
36
+ default:
37
+ break;
38
+ }
39
+ return dateType;
40
+ }
41
+
42
+ function getSubstitutionOptions(dataType: string, value: any){
43
+ switch (dataType) {
44
+ case FormulonDataType.Number:
45
+ let scale = 0;
46
+ let str = value.toString();
47
+ let dotStr = str.toString().split(".")[1];
48
+ let dotCount = dotStr && dotStr.length;
49
+ if(dotCount > 0){
50
+ scale = dotCount;
51
+ }
52
+ return { scale };
53
+ case FormulonDataType.Text:
54
+ return {length: Number.MAX_VALUE};
55
+ default:
56
+ return ;
57
+ }
58
+ }
59
+
60
+ function getSubstitutionValue(dataType: string, value: any, blankValue: SteedosFormulaBlankValue){
61
+ switch (dataType) {
62
+ case FormulonDataType.Text:
63
+ if(value === null || value === undefined){
64
+ return '';
65
+ }
66
+ break;
67
+ case FormulonDataType.Number:
68
+ if(value === null || value === undefined){
69
+ if(blankValue === SteedosFormulaBlankValue.blanks){
70
+ return null;
71
+ }
72
+ else{
73
+ return 0;
74
+ }
75
+ }
76
+ break;
77
+ default:
78
+ break;
79
+ }
80
+ return value;
81
+ }
82
+
83
+ export function getSimpleParamSubstitution(value: any, blankValue: SteedosFormulaBlankValue){
84
+ let fieldSubstitution: any = {
85
+ type: 'literal',
86
+ value: value
87
+ }
88
+ fieldSubstitution.dataType = getSubstitutionDataType(value);
89
+ fieldSubstitution.options = getSubstitutionOptions(fieldSubstitution.dataType, value);
90
+ fieldSubstitution.value = getSubstitutionValue(fieldSubstitution.dataType, value, blankValue);
91
+ return fieldSubstitution;
92
+ }
@@ -44,7 +44,7 @@ export type SteedosFormulaVarPathTypeConfig = {
44
44
  */
45
45
  export type SteedosFormulaParamTypeConfig = {
46
46
  key: string,
47
- path: any,
47
+ path?: any,
48
48
  value: any
49
49
  }
50
50
 
@@ -62,8 +62,9 @@ export type SteedosFormulaParamTypeConfig = {
62
62
  */
63
63
  export type SteedosFormulaVarTypeConfig = {
64
64
  key: string,
65
- paths: Array<SteedosFormulaVarPathTypeConfig>,
66
- is_user_var?: boolean
65
+ paths?: Array<SteedosFormulaVarPathTypeConfig>,
66
+ is_user_var?: boolean,
67
+ is_simple_var?: boolean //当不传入objectApiName时变量上设置该属性表示一个普通的变量,此时paths为空
67
68
  }
68
69
 
69
70
  export type SteedosFieldFormulaTypeConfig = {
package/src/index.ts CHANGED
@@ -10,4 +10,7 @@ export * from "./dynamic-load"
10
10
  export * from './metadata-register/query'
11
11
  export * from './metadata-register/chart'
12
12
  export * from './metadata-register/page'
13
- export * from './metadata-register/tab'
13
+ export * from './metadata-register/tab'
14
+ export * from './metadata-register/shareRules'
15
+ export * from './metadata-register/restrictionRules'
16
+ export * from './metadata-register/permissionFields'
@@ -1,3 +1,5 @@
1
+ import { JsonMap } from "@salesforce/ts-types"
2
+ import * as _ from 'lodash';
1
3
  const clone = require('clone');
2
4
  export class RegisterBase{
3
5
  serviceName;
@@ -5,9 +7,14 @@ export class RegisterBase{
5
7
  this.serviceName = serviceName;
6
8
  }
7
9
 
10
+ getApiName(metadata) {
11
+ return metadata._id || metadata.name;
12
+ }
13
+
8
14
  async register(broker, packageServiceName, config){
9
15
  const metadata = clone(config);
10
- const res = await broker.call(`${this.serviceName}.add`, {apiName: metadata._id || metadata.name ,data: metadata}, {meta: {
16
+ const res = await broker.call(`${this.serviceName}.add`, { apiName: this.getApiName(metadata), data: metadata }, {
17
+ meta: {
11
18
  metadataServiceName: packageServiceName,
12
19
  caller: {
13
20
  nodeID: broker.nodeID,
@@ -19,8 +26,12 @@ export class RegisterBase{
19
26
  return res;
20
27
  }
21
28
 
22
- async remove(broker, metadataApiName){
23
- const res = await broker.call(`${this.serviceName}.delete`, {fullName: metadataApiName});
29
+ async remove(broker, metadataApiNameOrConfig: string | JsonMap) {
30
+ let metadataApiName = metadataApiNameOrConfig;
31
+ if (_.isObject(metadataApiName)) {
32
+ metadataApiName = this.getApiName(metadataApiNameOrConfig);
33
+ }
34
+ const res = await broker.call(`${this.serviceName}.delete`, { fullName: metadataApiName, metadataApiName: metadataApiName });
24
35
  return res;
25
36
  }
26
37
 
@@ -0,0 +1,13 @@
1
+ import { RegisterBase } from "./_base";
2
+ const SERVICE_NAME = 'permission_fields';
3
+ class RegisterPermissionFields extends RegisterBase {
4
+ constructor() {
5
+ super(SERVICE_NAME);
6
+ }
7
+
8
+ getApiName(config) {
9
+ return `${config.name}`
10
+ }
11
+ }
12
+
13
+ export const registerPermissionFields = new RegisterPermissionFields();
@@ -0,0 +1,12 @@
1
+ import { RegisterBase } from "./_base";
2
+ const SERVICE_NAME = 'restriction_rules';
3
+ class RegisterRestrictionRules extends RegisterBase {
4
+ constructor() {
5
+ super(SERVICE_NAME);
6
+ }
7
+
8
+ getApiName(config) {
9
+ return `${config.object_name}.${config.name}`
10
+ }
11
+ }
12
+ export const registerRestrictionRules = new RegisterRestrictionRules();
@@ -0,0 +1,13 @@
1
+ import { RegisterBase } from "./_base";
2
+ const SERVICE_NAME = 'share_rules';
3
+ class RegisterShareRules extends RegisterBase {
4
+ constructor() {
5
+ super(SERVICE_NAME);
6
+ }
7
+
8
+ getApiName(config) {
9
+ return `${config.object_name}.${config.name}`
10
+ }
11
+ }
12
+
13
+ export const registerShareRules = new RegisterShareRules();
@@ -0,0 +1,26 @@
1
+ import { registerPermissionFields } from '../metadata-register/permissionFields';
2
+ import { getSteedosSchema } from '../types'
3
+ import * as _ from 'lodash'
4
+
5
+ export class FieldPermission {
6
+
7
+ static async getObjectFieldsPermission(objectApiName, permissionSetApiName) {
8
+ const schema = getSteedosSchema();
9
+ return await registerPermissionFields.find(schema.broker, {
10
+ pattern: `${permissionSetApiName}.${objectApiName}.*`
11
+ })
12
+ }
13
+
14
+ static async getObjectFieldsPermissionGroupRole(objectApiName) {
15
+ const permissions = await this.getObjectFieldsPermission(objectApiName, '*');
16
+ const result = {};
17
+ _.each(permissions, (permission) => {
18
+ const { permission_set_id, field, editable, readable } = permission.metadata;
19
+ if (!result[permission_set_id]) {
20
+ result[permission_set_id] = [];
21
+ }
22
+ result[permission_set_id].push({ field: field, read: readable, edit: editable })
23
+ })
24
+ return result;
25
+ }
26
+ }
@@ -15,7 +15,10 @@ import { brokeEmitEvents } from "./object_events";
15
15
  import { translationObject } from "@steedos/i18n";
16
16
  import { getObjectLayouts } from "./object_layouts";
17
17
  import { sortBy, forEach } from 'lodash';
18
- declare var Creator: any;
18
+ import { ShareRules } from './shareRule';
19
+ import { RestrictionRule } from './restrictionRule';
20
+ import { FieldPermission } from './field_permission';
21
+
19
22
  const clone = require('clone')
20
23
 
21
24
  // 主子表有层级限制,超过3层就报错,该函数判断当前对象作为主表对象往下的层级最多不越过3层,
@@ -634,18 +637,27 @@ export class SteedosObjectType extends SteedosObjectProperties {
634
637
  disabled_actions: null,
635
638
  unreadable_fields: null,
636
639
  uneditable_fields: null,
637
- unrelated_objects: null
640
+ unrelated_objects: null,
641
+ field_permissions: null,
642
+ // read_filters: [],
643
+ // edit_filters: []
638
644
  }
639
645
 
640
646
  if (_.isEmpty(roles)) {
641
647
  throw new Error('not find user permission');
642
648
  }
643
649
 
650
+ const rolesFieldsPermission = await FieldPermission.getObjectFieldsPermissionGroupRole(this.name);
651
+
644
652
  roles.forEach((role) => {
645
- let rolePermission = objectRolesPermission[role]
653
+ let rolePermission = objectRolesPermission[role];
646
654
  if (rolePermission) {
655
+ let roleFieldsPermission = rolesFieldsPermission[role];
647
656
  _.each(userObjectPermission, (v, k) => {
648
- let _v = rolePermission[k]
657
+ let _v = rolePermission[k];
658
+ if (k === 'field_permissions') {
659
+ _v = roleFieldsPermission
660
+ }
649
661
  if (_.isBoolean(v)) {
650
662
  if (v === false && _v === true) {
651
663
  userObjectPermission[k] = _v
@@ -654,20 +666,56 @@ export class SteedosObjectType extends SteedosObjectProperties {
654
666
  if(_.isBoolean(_v)){
655
667
  userObjectPermission[k] = _v
656
668
  }
657
- } else if ((_.isArray(v) || _.isNull(v))) {
669
+ } else if (['read_filters', 'edit_filters'].indexOf(k) > -1) {
670
+ if ('edit_filters' === k) {
671
+ if (!_.isEmpty(_v)) {
672
+ userObjectPermission['read_filters'].push(_v);
673
+ }
674
+ }
675
+ if (!_.isEmpty(_v)) {
676
+ userObjectPermission[k].push(_v);
677
+ }
678
+ }
679
+ else if ((_.isArray(v) || _.isNull(v))) {
658
680
  if (!_.isArray(_v)) {
659
681
  _v = []
660
682
  }
661
683
  if (_.isNull(v)) {
662
684
  userObjectPermission[k] = _v
663
685
  } else {
664
- userObjectPermission[k] = _.intersection(v, _v)
686
+ if (k === 'field_permissions') {
687
+ userObjectPermission[k] = _.union(v, _v)
688
+ } else {
689
+ userObjectPermission[k] = _.intersection(v, _v)
690
+ }
665
691
  }
666
692
  }
667
693
  })
668
694
  }
669
- })
695
+ });
696
+
697
+ const field_permissions = {};
698
+ if (userObjectPermission.field_permissions) {
699
+ _.each(userObjectPermission.field_permissions, (field_permission) => {
700
+ const { field, read, edit } = field_permission;
701
+ if (field_permissions[field]) {
702
+ field_permissions[field].edit = field_permissions[field].edit || edit;
703
+ if (field_permissions[field].edit) {
704
+ field_permissions[field].read = true
705
+ } else {
706
+ field_permissions[field].read = field_permissions[field].read || read;
707
+ }
708
+ } else {
709
+ field_permissions[field] = {
710
+ field: field,
711
+ read: edit || read,
712
+ edit: edit
713
+ }
714
+ }
715
+ })
716
+ }
670
717
 
718
+ userObjectPermission.field_permissions = field_permissions;
671
719
 
672
720
  userObjectPermission.disabled_list_views = userObjectPermission.disabled_list_views || []
673
721
  userObjectPermission.disabled_actions = userObjectPermission.disabled_actions || []
@@ -680,7 +728,6 @@ export class SteedosObjectType extends SteedosObjectProperties {
680
728
  return Object.assign({}, userObjectPermission, { allowRead: true, viewAllRecords: true, viewCompanyRecords: true })
681
729
  }
682
730
 
683
- Creator.processPermissions(userObjectPermission)
684
731
  return userObjectPermission;
685
732
  }
686
733
 
@@ -1021,6 +1068,27 @@ export class SteedosObjectType extends SteedosObjectProperties {
1021
1068
  })
1022
1069
  }
1023
1070
 
1071
+ // 使用字段级安全性作为限制用户对字段的访问权限的手段;然后使用页面布局主要在选项卡中组织详细信息和编辑页面。这可以减少需要维护的页面布局数量。
1072
+ // 例如,如果字段在页面布局中是必需的,并且在字段级安全性设置中是只读的,则字段级安全性将覆盖页面布局,并且该字段将对用户是只读的。
1073
+ const userObjectFields = objectConfig.fields;
1074
+ _.each(objectConfig.permissions.field_permissions, (field_permission, field) => {
1075
+ const { read, edit } = field_permission;
1076
+ if (read) {
1077
+ userObjectFields[field].omit = true;
1078
+ }
1079
+ if (edit) {
1080
+ userObjectFields[field].omit = false;
1081
+ userObjectFields[field].hidden = false;
1082
+ userObjectFields[field].readonly = false;
1083
+ userObjectFields[field].disabled = false;
1084
+ }
1085
+ if (!read && !edit) {
1086
+ delete userObjectFields[field]
1087
+ }
1088
+ })
1089
+
1090
+ objectConfig.fields = userObjectFields
1091
+
1024
1092
  // TODO object layout 是否需要控制审批记录显示?
1025
1093
  let spaceProcessDefinition = await getObject("process_definition").directFind({ filters: [['space', '=', userSession.spaceId], ['object_name', '=', this.name], ['active', '=', true]] })
1026
1094
  if (spaceProcessDefinition.length > 0) {
@@ -1256,6 +1324,32 @@ export class SteedosObjectType extends SteedosObjectProperties {
1256
1324
  return await this.runTriggerActions(when, context)
1257
1325
  }
1258
1326
 
1327
+ // private async appendRecordPermission(records, userSession) {
1328
+ // const _ids = _.pluck(records, '_id');
1329
+ // const objPm = await this.getUserObjectPermission(userSession);
1330
+ // const permissionFilters = this.getObjectPermissionFilters(objPm, userSession, true);
1331
+ // if (_.isEmpty(permissionFilters)) {
1332
+ // return;
1333
+ // }
1334
+ // const filters = formatFiltersToODataQuery(['_id', 'in', _ids])
1335
+
1336
+ // const results = await this.directFind({
1337
+ // fields: ['_id'],
1338
+ // filters: `(${filters}) and (${permissionFilters.join(' or ')})`
1339
+ // });
1340
+ // const allowEditIds = _.pluck(results, '_id');
1341
+ // _.each(records, (record) => {
1342
+ // if (_.include(allowEditIds, record._id)) {
1343
+ // record.record_permissions = {
1344
+ // allowRead: true,
1345
+ // allowEdit: true,
1346
+ // allowDelete: true,
1347
+ // }
1348
+ // }
1349
+ // })
1350
+
1351
+ // }
1352
+
1259
1353
  private async getTriggerContext(when: string, method: string, args: any[], recordId?: string) {
1260
1354
 
1261
1355
  let userSession = args[args.length - 1]
@@ -1406,7 +1500,16 @@ export class SteedosObjectType extends SteedosObjectProperties {
1406
1500
  let values = returnValue || {}
1407
1501
  if (method === 'count') {
1408
1502
  values = returnValue || 0
1409
- }
1503
+ }
1504
+ // else{
1505
+ // if (userSession) {
1506
+ // let _records = returnValue
1507
+ // if (method == 'findOne' && returnValue) {
1508
+ // _records = [_records]
1509
+ // }
1510
+ // await this.appendRecordPermission(_records, userSession);
1511
+ // }
1512
+ // }
1410
1513
  Object.assign(afterTriggerContext, { data: { values: values } })
1411
1514
  }
1412
1515
  // console.log("==returnValue==", returnValue);
@@ -1484,6 +1587,33 @@ export class SteedosObjectType extends SteedosObjectProperties {
1484
1587
  }
1485
1588
  }
1486
1589
 
1590
+ // private getObjectPermissionFilters(objectPermission, userSession, isEdit) {
1591
+ // const objectPermissionFilters = [];
1592
+
1593
+ // let permissionFiltersKey = 'read_filters';
1594
+ // if (isEdit) {
1595
+ // permissionFiltersKey = 'edit_filters';
1596
+ // }
1597
+
1598
+ // const globalData = Object.assign({}, userSession, { now: new Date() });
1599
+
1600
+ // let permissionFilters = objectPermission[permissionFiltersKey];
1601
+
1602
+ // _.each(permissionFilters, (permissionFilter) => {
1603
+ // if (_.isString(permissionFilter) && isExpression(permissionFilter.trim())) {
1604
+ // try {
1605
+ // const filters = parseSingleExpression(permissionFilter, {}, "#", globalData);
1606
+ // if (filters && !_.isString(filters)) {
1607
+ // objectPermissionFilters.push(`(${formatFiltersToODataQuery(filters, userSession)})`)
1608
+ // }
1609
+ // } catch (error) {
1610
+ // console.error(`getObjectPermissionFilters error`, permissionFilter, error.message);
1611
+ // }
1612
+ // }
1613
+ // })
1614
+ // return objectPermissionFilters;
1615
+ // }
1616
+
1487
1617
  /**
1488
1618
  * 把query.filters用formatFiltersToODataQuery转为odata query
1489
1619
  * 主要是为了把userSession中的utcOffset逻辑传入formatFiltersToODataQuery函数处理
@@ -1514,7 +1644,6 @@ export class SteedosObjectType extends SteedosObjectProperties {
1514
1644
  if (method === 'aggregate' || method === 'aggregatePrefixalPipeline') {
1515
1645
  query = args[args.length - 3];
1516
1646
  }
1517
-
1518
1647
  if (query.filters && !_.isString(query.filters)) {
1519
1648
  query.filters = formatFiltersToODataQuery(query.filters);
1520
1649
  }
@@ -1527,7 +1656,7 @@ export class SteedosObjectType extends SteedosObjectProperties {
1527
1656
  return
1528
1657
  }
1529
1658
 
1530
- let spaceFilter, companyFilter, ownerFilter, sharesFilter, clientFilter = query.filters, filters, permissionFilters = [], userFilters = [];
1659
+ let spaceFilter, companyFilter, ownerFilter, sharesFilter, shareRuleFilters, restrictionRuleFilters, clientFilter = query.filters, filters, permissionFilters = [], userFilters = [];
1531
1660
 
1532
1661
  if (spaceId) {
1533
1662
  spaceFilter = `(space eq '${spaceId}')`;
@@ -1547,12 +1676,27 @@ export class SteedosObjectType extends SteedosObjectProperties {
1547
1676
  ownerFilter = `(owner eq '${userId}')`;
1548
1677
  }
1549
1678
 
1550
- if (!objPm.viewAllRecords) {
1551
- sharesFilter = getUserObjectSharesFilters(this.name, userSession);
1679
+ shareRuleFilters = await ShareRules.getUserObjectFilters(this.name, userSession);
1680
+
1681
+ if (!_.isEmpty(shareRuleFilters)) {
1682
+ permissionFilters.push(`(${shareRuleFilters.join(' or ')})`);
1683
+ }
1684
+
1685
+ restrictionRuleFilters = await RestrictionRule.getUserObjectFilters(this.name, userSession);
1686
+
1687
+ if (!_.isEmpty(restrictionRuleFilters)) {
1688
+ userFilters.push(`(${restrictionRuleFilters.join(' or ')})`);
1552
1689
  }
1690
+ // objectPermissionFilters = this.getObjectPermissionFilters(objPm, userSession, false);
1691
+
1692
+ // if (!_.isEmpty(objectPermissionFilters)) {
1693
+ // permissionFilters.push(`(${objectPermissionFilters.join(' or ')})`);
1694
+ // }
1695
+
1696
+ sharesFilter = getUserObjectSharesFilters(this.name, userSession);
1553
1697
 
1554
1698
  if (!_.isEmpty(companyFilter)) {
1555
- permissionFilters.push(`(${companyFilter.join(' or ')})`);
1699
+ permissionFilters.push(`(${companyFilter.join(' and ')})`);
1556
1700
  }
1557
1701
 
1558
1702
  if (ownerFilter) {
@@ -1587,9 +1731,14 @@ export class SteedosObjectType extends SteedosObjectProperties {
1587
1731
  }
1588
1732
  }
1589
1733
  else if (method === 'update' || method === 'updateOne') {
1590
- if (!objPm.allowEdit) {
1734
+ const permissionFilters = null; //this.getObjectPermissionFilters(objPm, userSession, true);
1735
+ if (!objPm.allowEdit && _.isEmpty(permissionFilters)) {
1591
1736
  throw new Error(`no ${method} permission!`);
1592
1737
  }
1738
+ let objectPermissionEditFilters = '';
1739
+ if (!_.isEmpty(permissionFilters)) {
1740
+ objectPermissionEditFilters = ` or (${permissionFilters.join(' or ')})`
1741
+ }
1593
1742
  let id = args[args.length - 3];
1594
1743
  if (!objPm.modifyAllRecords && objPm.modifyCompanyRecords) {
1595
1744
  let companyFilters = _.map(userSession.companies, function (comp: any) {
@@ -1597,25 +1746,35 @@ export class SteedosObjectType extends SteedosObjectProperties {
1597
1746
  }).join(' or ')
1598
1747
  if (companyFilters) {
1599
1748
  if (_.isString(id)) {
1600
- id = { filters: `(_id eq \'${id}\') and (${companyFilters})` }
1749
+ id = { filters: `(_id eq \'${id}\') and (${companyFilters}${objectPermissionEditFilters})` }
1601
1750
  }
1602
1751
  else if (_.isObject(id)) {
1603
1752
  if (id.filters && !_.isString(id.filters)) {
1604
1753
  id.filters = formatFiltersToODataQuery(id.filters);
1605
1754
  }
1606
- id.filters = id.filters ? `(${id.filters}) and (${companyFilters})` : `(${companyFilters})`;
1755
+ id.filters = id.filters ? `(${id.filters}) and (${companyFilters}${objectPermissionEditFilters})` : `(${companyFilters}${objectPermissionEditFilters})`;
1607
1756
  }
1608
1757
  }
1609
1758
  }
1610
1759
  else if (!objPm.modifyAllRecords && !objPm.modifyCompanyRecords && objPm.allowEdit) {
1611
1760
  if (_.isString(id)) {
1612
- id = { filters: `(_id eq \'${id}\') and (owner eq \'${userId}\')` }
1761
+ id = { filters: `(_id eq \'${id}\') and (owner eq \'${userId}\' ${objectPermissionEditFilters})` }
1613
1762
  }
1614
1763
  else if (_.isObject(id)) {
1615
1764
  if (id.filters && !_.isString(id.filters)) {
1616
1765
  id.filters = formatFiltersToODataQuery(id.filters);
1617
1766
  }
1618
- id.filters = id.filters ? `(${id.filters}) and (owner eq \'${userId}\')` : `(owner eq \'${userId}\')`;
1767
+ id.filters = id.filters ? `(${id.filters}) and (owner eq \'${userId}\' ${objectPermissionEditFilters})` : `(owner eq \'${userId}\' ${objectPermissionEditFilters})`;
1768
+ }
1769
+ } else if (objectPermissionEditFilters) {
1770
+ if (_.isString(id)) {
1771
+ id = { filters: `(_id eq \'${id}\') and (${objectPermissionEditFilters})` }
1772
+ }
1773
+ else if (_.isObject(id)) {
1774
+ if (id.filters && !_.isString(id.filters)) {
1775
+ id.filters = formatFiltersToODataQuery(id.filters);
1776
+ }
1777
+ id.filters = id.filters ? `(${id.filters}) and (${objectPermissionEditFilters})` : `(${objectPermissionEditFilters})`;
1619
1778
  }
1620
1779
  }
1621
1780
  args[args.length - 3] = id;
@@ -1639,20 +1798,37 @@ export class SteedosObjectType extends SteedosObjectProperties {
1639
1798
  }
1640
1799
  }
1641
1800
  else if (method === 'delete') {
1642
- if (!objPm.allowDelete) {
1801
+ const permissionFilters = null; //this.getObjectPermissionFilters(objPm, userSession, true);
1802
+ if (!objPm.allowDelete && _.isEmpty(permissionFilters)) {
1643
1803
  throw new Error(`no ${method} permission!`);
1644
1804
  }
1805
+
1806
+ let objectPermissionEditFilters = '';
1807
+ if (!_.isEmpty(permissionFilters)) {
1808
+ objectPermissionEditFilters = ` or (${permissionFilters.join(' or ')})`
1809
+ }
1810
+
1645
1811
  let id = args[args.length - 2];
1646
1812
  if (!objPm.modifyAllRecords && objPm.modifyCompanyRecords) {
1647
1813
  let companyFilters = _.map(userSession.companies, function (comp: any) {
1648
1814
  return `(company_id eq '${comp._id}') or (company_ids eq '${comp._id}')`
1649
1815
  }).join(' or ')
1650
1816
  if (companyFilters) {
1651
- id = { filters: `(_id eq \'${id}\') and (${companyFilters})` };
1817
+ id = { filters: `(_id eq \'${id}\') and (${companyFilters}${objectPermissionEditFilters})` };
1652
1818
  }
1653
1819
  }
1654
1820
  else if (!objPm.modifyAllRecords && !objPm.modifyCompanyRecords) {
1655
- id = { filters: `(_id eq \'${id}\') and (owner eq \'${userId}\')` };
1821
+ id = { filters: `(_id eq \'${id}\') and (owner eq \'${userId}\'${objectPermissionEditFilters})` };
1822
+ } else if (objectPermissionEditFilters) {
1823
+ if (_.isString(id)) {
1824
+ id = { filters: `(_id eq \'${id}\') and (${objectPermissionEditFilters})` }
1825
+ }
1826
+ else if (_.isObject(id)) {
1827
+ if (id.filters && !_.isString(id.filters)) {
1828
+ id.filters = formatFiltersToODataQuery(id.filters);
1829
+ }
1830
+ id.filters = id.filters ? `(${id.filters}) and (${objectPermissionEditFilters})` : `(${objectPermissionEditFilters})`;
1831
+ }
1656
1832
  }
1657
1833
  args[args.length - 2] = id;
1658
1834
  }
@@ -3,7 +3,7 @@ import path = require('path')
3
3
  import { SteedosObjectTypeConfig, SteedosObjectPermissionTypeConfig, SteedosActionTypeConfig, getDataSource } from '.'
4
4
  // import { isMeteor } from '../util'
5
5
  import { Dictionary } from '@salesforce/ts-types';
6
- import { loadObjectFields, loadObjectListViews, loadObjectButtons, loadObjectMethods, loadObjectActions, loadObjectTriggers, addObjectListenerConfig, loadObjectLayouts, getLazyLoadFields, getLazyLoadButtons, loadObjectPermissions, loadSourceProfiles, loadSourcePermissionset, loadObjectValidationRules, loadSourceRoles, loadSourceFlowRoles, loadSourceApprovalProcesses, loadSourceWorkflows, loadStandardProfiles, loadStandardPermissionsets, preloadDBObjectFields, preloadDBObjectButtons, preloadDBApps, preloadDBObjectLayouts, preloadDBTabs } from '../dynamic-load'
6
+ import { loadObjectFields, loadObjectListViews, loadObjectButtons, loadObjectMethods, loadObjectActions, loadObjectTriggers, addObjectListenerConfig, loadObjectLayouts, getLazyLoadFields, getLazyLoadButtons, loadObjectPermissions, loadSourceProfiles, loadSourcePermissionset, loadObjectValidationRules, loadSourceRoles, loadSourceFlowRoles, loadSourceApprovalProcesses, loadSourceWorkflows, loadStandardProfiles, loadStandardPermissionsets, preloadDBObjectFields, preloadDBObjectButtons, preloadDBApps, preloadDBObjectLayouts, preloadDBTabs, preloadDBShareRules, preloadDBRestrictionRules, preloadDBPermissionFields } from '../dynamic-load'
7
7
  import { transformListenersToTriggers } from '..';
8
8
  import { getSteedosSchema } from './schema';
9
9
 
@@ -338,6 +338,9 @@ export const loadStandardMetadata = async (serviceName: string, datasourceApiNam
338
338
  await preloadDBObjectLayouts(datasource);
339
339
  await preloadDBObjectFields(datasource);
340
340
  await preloadDBObjectButtons(datasource);
341
+ await preloadDBShareRules(datasource);
342
+ await preloadDBRestrictionRules(datasource);
343
+ await preloadDBPermissionFields(datasource);
341
344
  }
342
345
  }
343
346
  }
@@ -22,6 +22,7 @@ abstract class SteedosObjectPermissionTypeProperties {
22
22
  unreadable_fields?: string[]
23
23
  uneditable_fields?: string[]
24
24
  unrelated_objects?: string[]
25
+ field_permissions?: any
25
26
  }
26
27
 
27
28
  export interface SteedosObjectPermissionTypeConfig extends SteedosObjectPermissionTypeProperties { }
@@ -71,6 +72,37 @@ export class SteedosObjectPermissionType extends SteedosObjectPermissionTypeProp
71
72
  this.allowRead = true;
72
73
  }
73
74
 
75
+ if (this.allowRead) {
76
+ typeof this.allowReadFiles !== "boolean" && (this.allowReadFiles = true);
77
+ typeof this.viewAllFiles !== "boolean" && (this.viewAllFiles = true);
78
+ }
79
+ if (this.allowEdit) {
80
+ typeof this.allowCreateFiles !== "boolean" && (this.allowCreateFiles = true);
81
+ typeof this.allowEditFiles !== "boolean" && (this.allowEditFiles = true);
82
+ typeof this.allowDeleteFiles !== "boolean" && (this.allowDeleteFiles = true);
83
+ }
84
+ if (this.modifyAllRecords) {
85
+ typeof this.modifyAllFiles !== "boolean" && (this.modifyAllFiles = true);
86
+ }
87
+ if (this.allowCreateFiles) {
88
+ this.allowReadFiles = true;
89
+ }
90
+ if (this.allowEditFiles) {
91
+ this.allowReadFiles = true;
92
+ }
93
+ if (this.allowDeleteFiles) {
94
+ this.allowEditFiles = true;
95
+ this.allowReadFiles = true;
96
+ }
97
+ if (this.viewAllFiles) {
98
+ this.allowReadFiles = true;
99
+ }
100
+ if (this.modifyAllFiles) {
101
+ this.allowReadFiles = true;
102
+ this.allowEditFiles = true;
103
+ this.allowDeleteFiles = true;
104
+ this.viewAllFiles = true;
105
+ }
74
106
  this.object_name = object_name
75
107
  }
76
108