@steedos/objectql 2.1.56 → 2.1.60
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/dynamic-load/preload_data.d.ts +3 -0
- package/lib/dynamic-load/preload_data.js +158 -1
- package/lib/dynamic-load/preload_data.js.map +1 -1
- package/lib/dynamic-load/restrictionRules.d.ts +1 -0
- package/lib/dynamic-load/restrictionRules.js +42 -0
- package/lib/dynamic-load/restrictionRules.js.map +1 -0
- package/lib/dynamic-load/shareRules.d.ts +1 -0
- package/lib/dynamic-load/shareRules.js +42 -0
- package/lib/dynamic-load/shareRules.js.map +1 -0
- package/lib/index.d.ts +3 -0
- package/lib/index.js +3 -0
- package/lib/index.js.map +1 -1
- package/lib/metadata-register/_base.d.ts +3 -1
- package/lib/metadata-register/_base.js +16 -5
- package/lib/metadata-register/_base.js.map +1 -1
- package/lib/metadata-register/permissionFields.d.ts +7 -0
- package/lib/metadata-register/permissionFields.js +18 -0
- package/lib/metadata-register/permissionFields.js.map +1 -0
- package/lib/metadata-register/restrictionRules.d.ts +7 -0
- package/lib/metadata-register/restrictionRules.js +18 -0
- package/lib/metadata-register/restrictionRules.js.map +1 -0
- package/lib/metadata-register/shareRules.d.ts +7 -0
- package/lib/metadata-register/shareRules.js +18 -0
- package/lib/metadata-register/shareRules.js.map +1 -0
- package/lib/types/field_permission.d.ts +4 -0
- package/lib/types/field_permission.js +50 -0
- package/lib/types/field_permission.js.map +1 -0
- package/lib/types/object.d.ts +1 -0
- package/lib/types/object.js +302 -133
- package/lib/types/object.js.map +1 -1
- package/lib/types/object_dynamic_load.js +13 -4
- package/lib/types/object_dynamic_load.js.map +1 -1
- package/lib/types/object_permission.d.ts +1 -0
- package/lib/types/object_permission.js +31 -0
- package/lib/types/object_permission.js.map +1 -1
- package/lib/types/restrictionRule.d.ts +13 -0
- package/lib/types/restrictionRule.js +75 -0
- package/lib/types/restrictionRule.js.map +1 -0
- package/lib/types/shareRule.d.ts +13 -0
- package/lib/types/shareRule.js +75 -0
- package/lib/types/shareRule.js.map +1 -0
- package/lib/util/field.js +4 -4
- package/lib/util/field.js.map +1 -1
- package/lib/util/function_expression.d.ts +2 -0
- package/lib/util/function_expression.js +66 -0
- package/lib/util/function_expression.js.map +1 -0
- package/lib/util/index.d.ts +1 -0
- package/lib/util/index.js +1 -0
- package/lib/util/index.js.map +1 -1
- package/package.json +8 -8
- package/src/dynamic-load/preload_data.ts +44 -0
- package/src/dynamic-load/restrictionRules.ts +19 -0
- package/src/dynamic-load/shareRules.ts +19 -0
- package/src/index.ts +4 -1
- package/src/metadata-register/_base.ts +14 -3
- package/src/metadata-register/permissionFields.ts +13 -0
- package/src/metadata-register/restrictionRules.ts +12 -0
- package/src/metadata-register/shareRules.ts +13 -0
- package/src/types/field_permission.ts +26 -0
- package/src/types/object.ts +198 -22
- package/src/types/object_dynamic_load.ts +4 -1
- package/src/types/object_permission.ts +32 -0
- package/src/types/restrictionRule.ts +57 -0
- package/src/types/shareRule.ts +57 -0
- package/src/util/field.ts +4 -4
- package/src/util/function_expression.ts +63 -0
- package/src/util/index.ts +1 -0
package/lib/types/object.js
CHANGED
|
@@ -16,6 +16,9 @@ var object_events_1 = require("./object_events");
|
|
|
16
16
|
var i18n_1 = require("@steedos/i18n");
|
|
17
17
|
var object_layouts_1 = require("./object_layouts");
|
|
18
18
|
var lodash_1 = require("lodash");
|
|
19
|
+
var shareRule_1 = require("./shareRule");
|
|
20
|
+
var restrictionRule_1 = require("./restrictionRule");
|
|
21
|
+
var field_permission_1 = require("./field_permission");
|
|
19
22
|
var clone = require('clone');
|
|
20
23
|
// 主子表有层级限制,超过3层就报错,该函数判断当前对象作为主表对象往下的层级最多不越过3层,
|
|
21
24
|
// 其3层指的是A-B-C-D,它们都有父子关系,A作为最顶层,该对象上不可以再创建主表子表关系字段,但是B、C、D上可以;
|
|
@@ -713,77 +716,125 @@ var SteedosObjectType = /** @class */ (function (_super) {
|
|
|
713
716
|
};
|
|
714
717
|
SteedosObjectType.prototype.getUserObjectPermission = function (userSession) {
|
|
715
718
|
return tslib_1.__awaiter(this, void 0, void 0, function () {
|
|
716
|
-
var roles, objectRolesPermission, userObjectPermission, spaceId;
|
|
719
|
+
var roles, objectRolesPermission, userObjectPermission, rolesFieldsPermission, field_permissions, spaceId;
|
|
717
720
|
return tslib_1.__generator(this, function (_a) {
|
|
718
|
-
|
|
719
|
-
|
|
720
|
-
|
|
721
|
-
|
|
722
|
-
|
|
723
|
-
|
|
724
|
-
|
|
725
|
-
|
|
726
|
-
|
|
727
|
-
|
|
728
|
-
|
|
729
|
-
|
|
730
|
-
|
|
731
|
-
|
|
732
|
-
|
|
733
|
-
|
|
734
|
-
|
|
735
|
-
|
|
736
|
-
|
|
737
|
-
|
|
738
|
-
|
|
739
|
-
|
|
740
|
-
|
|
741
|
-
|
|
742
|
-
|
|
743
|
-
|
|
744
|
-
|
|
745
|
-
|
|
746
|
-
|
|
747
|
-
|
|
748
|
-
|
|
749
|
-
|
|
750
|
-
|
|
751
|
-
|
|
752
|
-
|
|
753
|
-
|
|
754
|
-
|
|
755
|
-
|
|
756
|
-
|
|
757
|
-
|
|
758
|
-
|
|
759
|
-
|
|
760
|
-
|
|
721
|
+
switch (_a.label) {
|
|
722
|
+
case 0:
|
|
723
|
+
if (!userSession) {
|
|
724
|
+
throw new Error('userSession is required');
|
|
725
|
+
}
|
|
726
|
+
roles = userSession.roles;
|
|
727
|
+
objectRolesPermission = this.getObjectRolesPermission(userSession.spaceId);
|
|
728
|
+
userObjectPermission = {
|
|
729
|
+
allowRead: false,
|
|
730
|
+
allowCreate: false,
|
|
731
|
+
allowEdit: false,
|
|
732
|
+
allowDelete: false,
|
|
733
|
+
viewAllRecords: false,
|
|
734
|
+
modifyAllRecords: false,
|
|
735
|
+
viewCompanyRecords: false,
|
|
736
|
+
modifyCompanyRecords: false,
|
|
737
|
+
allowReadFiles: null,
|
|
738
|
+
viewAllFiles: null,
|
|
739
|
+
allowCreateFiles: null,
|
|
740
|
+
allowEditFiles: null,
|
|
741
|
+
allowDeleteFiles: null,
|
|
742
|
+
modifyAllFiles: null,
|
|
743
|
+
disabled_list_views: null,
|
|
744
|
+
disabled_actions: null,
|
|
745
|
+
unreadable_fields: null,
|
|
746
|
+
uneditable_fields: null,
|
|
747
|
+
unrelated_objects: null,
|
|
748
|
+
field_permissions: null,
|
|
749
|
+
};
|
|
750
|
+
if (_.isEmpty(roles)) {
|
|
751
|
+
throw new Error('not find user permission');
|
|
752
|
+
}
|
|
753
|
+
return [4 /*yield*/, field_permission_1.FieldPermission.getObjectFieldsPermissionGroupRole(this.name)];
|
|
754
|
+
case 1:
|
|
755
|
+
rolesFieldsPermission = _a.sent();
|
|
756
|
+
roles.forEach(function (role) {
|
|
757
|
+
var rolePermission = objectRolesPermission[role];
|
|
758
|
+
if (rolePermission) {
|
|
759
|
+
var roleFieldsPermission_1 = rolesFieldsPermission[role];
|
|
760
|
+
_.each(userObjectPermission, function (v, k) {
|
|
761
|
+
var _v = rolePermission[k];
|
|
762
|
+
if (k === 'field_permissions') {
|
|
763
|
+
_v = roleFieldsPermission_1;
|
|
764
|
+
}
|
|
765
|
+
if (_.isBoolean(v)) {
|
|
766
|
+
if (v === false && _v === true) {
|
|
767
|
+
userObjectPermission[k] = _v;
|
|
768
|
+
}
|
|
769
|
+
}
|
|
770
|
+
else if (['allowReadFiles', 'viewAllFiles', 'allowCreateFiles', 'allowEditFiles', 'allowDeleteFiles', 'modifyAllFiles'].indexOf(k) > -1) {
|
|
771
|
+
if (_.isBoolean(_v)) {
|
|
772
|
+
userObjectPermission[k] = _v;
|
|
773
|
+
}
|
|
774
|
+
}
|
|
775
|
+
else if (['read_filters', 'edit_filters'].indexOf(k) > -1) {
|
|
776
|
+
if ('edit_filters' === k) {
|
|
777
|
+
if (!_.isEmpty(_v)) {
|
|
778
|
+
userObjectPermission['read_filters'].push(_v);
|
|
779
|
+
}
|
|
780
|
+
}
|
|
781
|
+
if (!_.isEmpty(_v)) {
|
|
782
|
+
userObjectPermission[k].push(_v);
|
|
783
|
+
}
|
|
784
|
+
}
|
|
785
|
+
else if ((_.isArray(v) || _.isNull(v))) {
|
|
786
|
+
if (!_.isArray(_v)) {
|
|
787
|
+
_v = [];
|
|
788
|
+
}
|
|
789
|
+
if (_.isNull(v)) {
|
|
790
|
+
userObjectPermission[k] = _v;
|
|
791
|
+
}
|
|
792
|
+
else {
|
|
793
|
+
if (k === 'field_permissions') {
|
|
794
|
+
userObjectPermission[k] = _.union(v, _v);
|
|
795
|
+
}
|
|
796
|
+
else {
|
|
797
|
+
userObjectPermission[k] = _.intersection(v, _v);
|
|
798
|
+
}
|
|
799
|
+
}
|
|
800
|
+
}
|
|
801
|
+
});
|
|
761
802
|
}
|
|
762
|
-
|
|
763
|
-
|
|
764
|
-
|
|
765
|
-
|
|
766
|
-
|
|
767
|
-
|
|
803
|
+
});
|
|
804
|
+
field_permissions = {};
|
|
805
|
+
if (userObjectPermission.field_permissions) {
|
|
806
|
+
_.each(userObjectPermission.field_permissions, function (field_permission) {
|
|
807
|
+
var field = field_permission.field, read = field_permission.read, edit = field_permission.edit;
|
|
808
|
+
if (field_permissions[field]) {
|
|
809
|
+
field_permissions[field].edit = field_permissions[field].edit || edit;
|
|
810
|
+
if (field_permissions[field].edit) {
|
|
811
|
+
field_permissions[field].read = true;
|
|
812
|
+
}
|
|
813
|
+
else {
|
|
814
|
+
field_permissions[field].read = field_permissions[field].read || read;
|
|
815
|
+
}
|
|
768
816
|
}
|
|
769
817
|
else {
|
|
770
|
-
|
|
818
|
+
field_permissions[field] = {
|
|
819
|
+
field: field,
|
|
820
|
+
read: edit || read,
|
|
821
|
+
edit: edit
|
|
822
|
+
};
|
|
771
823
|
}
|
|
772
|
-
}
|
|
773
|
-
}
|
|
774
|
-
|
|
775
|
-
|
|
776
|
-
|
|
777
|
-
|
|
778
|
-
|
|
779
|
-
|
|
780
|
-
|
|
781
|
-
|
|
782
|
-
|
|
783
|
-
|
|
824
|
+
});
|
|
825
|
+
}
|
|
826
|
+
userObjectPermission.field_permissions = field_permissions;
|
|
827
|
+
userObjectPermission.disabled_list_views = userObjectPermission.disabled_list_views || [];
|
|
828
|
+
userObjectPermission.disabled_actions = userObjectPermission.disabled_actions || [];
|
|
829
|
+
userObjectPermission.unreadable_fields = userObjectPermission.unreadable_fields || [];
|
|
830
|
+
userObjectPermission.uneditable_fields = userObjectPermission.uneditable_fields || [];
|
|
831
|
+
userObjectPermission.unrelated_objects = userObjectPermission.unrelated_objects || [];
|
|
832
|
+
spaceId = userSession.spaceId;
|
|
833
|
+
if (util_1.isTemplateSpace(spaceId)) {
|
|
834
|
+
return [2 /*return*/, Object.assign({}, userObjectPermission, { allowRead: true, viewAllRecords: true, viewCompanyRecords: true })];
|
|
835
|
+
}
|
|
836
|
+
return [2 /*return*/, userObjectPermission];
|
|
784
837
|
}
|
|
785
|
-
Creator.processPermissions(userObjectPermission);
|
|
786
|
-
return [2 /*return*/, userObjectPermission];
|
|
787
838
|
});
|
|
788
839
|
});
|
|
789
840
|
};
|
|
@@ -1284,7 +1335,7 @@ var SteedosObjectType = /** @class */ (function (_super) {
|
|
|
1284
1335
|
};
|
|
1285
1336
|
SteedosObjectType.prototype.getRecordView = function (userSession) {
|
|
1286
1337
|
return tslib_1.__awaiter(this, void 0, void 0, function () {
|
|
1287
|
-
var lng, objectMetadataConfig, objectConfig, _a, _b, _c, _d, layouts, layout, _fields_1, sort_no_1, layoutFieldKeys, objectFieldKeys, difference, layoutButtonsName_1, spaceProcessDefinition, dbListViews;
|
|
1338
|
+
var lng, objectMetadataConfig, objectConfig, _a, _b, _c, _d, layouts, layout, _fields_1, sort_no_1, layoutFieldKeys, objectFieldKeys, difference, layoutButtonsName_1, userObjectFields, spaceProcessDefinition, dbListViews;
|
|
1288
1339
|
return tslib_1.__generator(this, function (_e) {
|
|
1289
1340
|
switch (_e.label) {
|
|
1290
1341
|
case 0:
|
|
@@ -1384,6 +1435,23 @@ var SteedosObjectType = /** @class */ (function (_super) {
|
|
|
1384
1435
|
}
|
|
1385
1436
|
});
|
|
1386
1437
|
}
|
|
1438
|
+
userObjectFields = objectConfig.fields;
|
|
1439
|
+
_.each(objectConfig.permissions.field_permissions, function (field_permission, field) {
|
|
1440
|
+
var read = field_permission.read, edit = field_permission.edit;
|
|
1441
|
+
if (read) {
|
|
1442
|
+
userObjectFields[field].omit = true;
|
|
1443
|
+
}
|
|
1444
|
+
if (edit) {
|
|
1445
|
+
userObjectFields[field].omit = false;
|
|
1446
|
+
userObjectFields[field].hidden = false;
|
|
1447
|
+
userObjectFields[field].readonly = false;
|
|
1448
|
+
userObjectFields[field].disabled = false;
|
|
1449
|
+
}
|
|
1450
|
+
if (!read && !edit) {
|
|
1451
|
+
delete userObjectFields[field];
|
|
1452
|
+
}
|
|
1453
|
+
});
|
|
1454
|
+
objectConfig.fields = userObjectFields;
|
|
1387
1455
|
return [4 /*yield*/, getObject("process_definition").directFind({ filters: [['space', '=', userSession.spaceId], ['object_name', '=', this.name], ['active', '=', true]] })];
|
|
1388
1456
|
case 7:
|
|
1389
1457
|
spaceProcessDefinition = _e.sent();
|
|
@@ -1738,6 +1806,29 @@ var SteedosObjectType = /** @class */ (function (_super) {
|
|
|
1738
1806
|
});
|
|
1739
1807
|
});
|
|
1740
1808
|
};
|
|
1809
|
+
// private async appendRecordPermission(records, userSession) {
|
|
1810
|
+
// const _ids = _.pluck(records, '_id');
|
|
1811
|
+
// const objPm = await this.getUserObjectPermission(userSession);
|
|
1812
|
+
// const permissionFilters = this.getObjectPermissionFilters(objPm, userSession, true);
|
|
1813
|
+
// if (_.isEmpty(permissionFilters)) {
|
|
1814
|
+
// return;
|
|
1815
|
+
// }
|
|
1816
|
+
// const filters = formatFiltersToODataQuery(['_id', 'in', _ids])
|
|
1817
|
+
// const results = await this.directFind({
|
|
1818
|
+
// fields: ['_id'],
|
|
1819
|
+
// filters: `(${filters}) and (${permissionFilters.join(' or ')})`
|
|
1820
|
+
// });
|
|
1821
|
+
// const allowEditIds = _.pluck(results, '_id');
|
|
1822
|
+
// _.each(records, (record) => {
|
|
1823
|
+
// if (_.include(allowEditIds, record._id)) {
|
|
1824
|
+
// record.record_permissions = {
|
|
1825
|
+
// allowRead: true,
|
|
1826
|
+
// allowEdit: true,
|
|
1827
|
+
// allowDelete: true,
|
|
1828
|
+
// }
|
|
1829
|
+
// }
|
|
1830
|
+
// })
|
|
1831
|
+
// }
|
|
1741
1832
|
SteedosObjectType.prototype.getTriggerContext = function (when, method, args, recordId) {
|
|
1742
1833
|
return tslib_1.__awaiter(this, void 0, void 0, function () {
|
|
1743
1834
|
var userSession, context, _a;
|
|
@@ -1901,6 +1992,15 @@ var SteedosObjectType = /** @class */ (function (_super) {
|
|
|
1901
1992
|
if (method === 'count') {
|
|
1902
1993
|
values = returnValue || 0;
|
|
1903
1994
|
}
|
|
1995
|
+
// else{
|
|
1996
|
+
// if (userSession) {
|
|
1997
|
+
// let _records = returnValue
|
|
1998
|
+
// if (method == 'findOne' && returnValue) {
|
|
1999
|
+
// _records = [_records]
|
|
2000
|
+
// }
|
|
2001
|
+
// await this.appendRecordPermission(_records, userSession);
|
|
2002
|
+
// }
|
|
2003
|
+
// }
|
|
1904
2004
|
Object.assign(afterTriggerContext, { data: { values: values } });
|
|
1905
2005
|
}
|
|
1906
2006
|
// console.log("==returnValue==", returnValue);
|
|
@@ -2012,6 +2112,28 @@ var SteedosObjectType = /** @class */ (function (_super) {
|
|
|
2012
2112
|
});
|
|
2013
2113
|
});
|
|
2014
2114
|
};
|
|
2115
|
+
// private getObjectPermissionFilters(objectPermission, userSession, isEdit) {
|
|
2116
|
+
// const objectPermissionFilters = [];
|
|
2117
|
+
// let permissionFiltersKey = 'read_filters';
|
|
2118
|
+
// if (isEdit) {
|
|
2119
|
+
// permissionFiltersKey = 'edit_filters';
|
|
2120
|
+
// }
|
|
2121
|
+
// const globalData = Object.assign({}, userSession, { now: new Date() });
|
|
2122
|
+
// let permissionFilters = objectPermission[permissionFiltersKey];
|
|
2123
|
+
// _.each(permissionFilters, (permissionFilter) => {
|
|
2124
|
+
// if (_.isString(permissionFilter) && isExpression(permissionFilter.trim())) {
|
|
2125
|
+
// try {
|
|
2126
|
+
// const filters = parseSingleExpression(permissionFilter, {}, "#", globalData);
|
|
2127
|
+
// if (filters && !_.isString(filters)) {
|
|
2128
|
+
// objectPermissionFilters.push(`(${formatFiltersToODataQuery(filters, userSession)})`)
|
|
2129
|
+
// }
|
|
2130
|
+
// } catch (error) {
|
|
2131
|
+
// console.error(`getObjectPermissionFilters error`, permissionFilter, error.message);
|
|
2132
|
+
// }
|
|
2133
|
+
// }
|
|
2134
|
+
// })
|
|
2135
|
+
// return objectPermissionFilters;
|
|
2136
|
+
// }
|
|
2015
2137
|
/**
|
|
2016
2138
|
* 把query.filters用formatFiltersToODataQuery转为odata query
|
|
2017
2139
|
* 主要是为了把userSession中的utcOffset逻辑传入formatFiltersToODataQuery函数处理
|
|
@@ -2032,82 +2154,102 @@ var SteedosObjectType = /** @class */ (function (_super) {
|
|
|
2032
2154
|
};
|
|
2033
2155
|
SteedosObjectType.prototype.dealWithMethodPermission = function (method, args) {
|
|
2034
2156
|
return tslib_1.__awaiter(this, void 0, void 0, function () {
|
|
2035
|
-
var userSession, spaceId, userId, objPm, query, spaceFilter, companyFilter, ownerFilter, sharesFilter, clientFilter, filters, permissionFilters, userFilters, id, companyFilters, queryFilters, companyFilters, id, companyFilters;
|
|
2157
|
+
var userSession, spaceId, userId, objPm, query, spaceFilter, companyFilter, ownerFilter, sharesFilter, shareRuleFilters, restrictionRuleFilters, clientFilter, filters, permissionFilters, userFilters, permissionFilters, objectPermissionEditFilters, id, companyFilters, queryFilters, companyFilters, permissionFilters, objectPermissionEditFilters, id, companyFilters;
|
|
2036
2158
|
return tslib_1.__generator(this, function (_a) {
|
|
2037
2159
|
switch (_a.label) {
|
|
2038
2160
|
case 0:
|
|
2039
2161
|
userSession = args[args.length - 1];
|
|
2040
|
-
if (!userSession) return [3 /*break*/,
|
|
2162
|
+
if (!userSession) return [3 /*break*/, 5];
|
|
2041
2163
|
spaceId = userSession.spaceId;
|
|
2042
2164
|
userId = userSession.userId;
|
|
2043
2165
|
return [4 /*yield*/, this.getUserObjectPermission(userSession)];
|
|
2044
2166
|
case 1:
|
|
2045
2167
|
objPm = _a.sent();
|
|
2046
|
-
if (method === 'find' || method === 'count' || method === 'findOne' || method === 'aggregate' || method === 'aggregatePrefixalPipeline')
|
|
2047
|
-
|
|
2048
|
-
|
|
2049
|
-
|
|
2050
|
-
|
|
2051
|
-
|
|
2052
|
-
|
|
2053
|
-
|
|
2054
|
-
|
|
2055
|
-
|
|
2056
|
-
|
|
2057
|
-
|
|
2058
|
-
|
|
2059
|
-
|
|
2060
|
-
|
|
2061
|
-
|
|
2062
|
-
|
|
2063
|
-
|
|
2064
|
-
|
|
2065
|
-
|
|
2066
|
-
|
|
2067
|
-
|
|
2068
|
-
}
|
|
2069
|
-
companyFilter = _.map(userSession.companies, function (comp) {
|
|
2070
|
-
return "(company_id eq '" + comp._id + "') or (company_ids eq '" + comp._id + "')";
|
|
2071
|
-
});
|
|
2072
|
-
}
|
|
2073
|
-
if (!objPm.viewAllRecords && !objPm.viewCompanyRecords && objPm.allowRead) { // owner
|
|
2074
|
-
ownerFilter = "(owner eq '" + userId + "')";
|
|
2075
|
-
}
|
|
2076
|
-
if (!objPm.viewAllRecords) {
|
|
2077
|
-
sharesFilter = util_1.getUserObjectSharesFilters(this.name, userSession);
|
|
2078
|
-
}
|
|
2079
|
-
if (!_.isEmpty(companyFilter)) {
|
|
2080
|
-
permissionFilters.push("(" + companyFilter.join(' or ') + ")");
|
|
2081
|
-
}
|
|
2082
|
-
if (ownerFilter) {
|
|
2083
|
-
permissionFilters.push(ownerFilter);
|
|
2084
|
-
}
|
|
2085
|
-
if (!_.isEmpty(sharesFilter)) {
|
|
2086
|
-
permissionFilters.push("(" + sharesFilter.join(' or ') + ")");
|
|
2087
|
-
}
|
|
2088
|
-
if (clientFilter) {
|
|
2089
|
-
userFilters.push(clientFilter);
|
|
2090
|
-
}
|
|
2091
|
-
if (spaceFilter) {
|
|
2092
|
-
userFilters.push(spaceFilter);
|
|
2093
|
-
}
|
|
2094
|
-
if (!userSession.is_space_admin && !_.isEmpty(permissionFilters)) {
|
|
2095
|
-
filters = permissionFilters.join(' or ');
|
|
2096
|
-
}
|
|
2097
|
-
if (!_.isEmpty(userFilters)) {
|
|
2098
|
-
filters = filters ? "(" + filters + ") and (" + userFilters.join(' and ') + ")" : userFilters.join(' and ');
|
|
2168
|
+
if (!(method === 'find' || method === 'count' || method === 'findOne' || method === 'aggregate' || method === 'aggregatePrefixalPipeline')) return [3 /*break*/, 4];
|
|
2169
|
+
query = args[args.length - 2];
|
|
2170
|
+
if (method === 'aggregate' || method === 'aggregatePrefixalPipeline') {
|
|
2171
|
+
query = args[args.length - 3];
|
|
2172
|
+
}
|
|
2173
|
+
if (query.filters && !_.isString(query.filters)) {
|
|
2174
|
+
query.filters = filters_1.formatFiltersToODataQuery(query.filters);
|
|
2175
|
+
}
|
|
2176
|
+
if (this.table_name == 'cfs.files.filerecord' || this.table_name == 'cfs.instances.filerecord') {
|
|
2177
|
+
return [2 /*return*/];
|
|
2178
|
+
}
|
|
2179
|
+
if (util_1.isCloudAdminSpace(spaceId)) {
|
|
2180
|
+
return [2 /*return*/];
|
|
2181
|
+
}
|
|
2182
|
+
spaceFilter = void 0, companyFilter = void 0, ownerFilter = void 0, sharesFilter = void 0, shareRuleFilters = void 0, restrictionRuleFilters = void 0, clientFilter = query.filters, filters = void 0, permissionFilters = [], userFilters = [];
|
|
2183
|
+
if (spaceId) {
|
|
2184
|
+
spaceFilter = "(space eq '" + spaceId + "')";
|
|
2185
|
+
}
|
|
2186
|
+
if (spaceId && !objPm.viewAllRecords && objPm.viewCompanyRecords) { // 公司级
|
|
2187
|
+
if (_.isEmpty(userSession.companies)) {
|
|
2188
|
+
console.log('objPm', objPm);
|
|
2189
|
+
throw new Error("user not belong any company!");
|
|
2099
2190
|
}
|
|
2100
|
-
|
|
2191
|
+
companyFilter = _.map(userSession.companies, function (comp) {
|
|
2192
|
+
return "(company_id eq '" + comp._id + "') or (company_ids eq '" + comp._id + "')";
|
|
2193
|
+
});
|
|
2194
|
+
}
|
|
2195
|
+
if (!objPm.viewAllRecords && !objPm.viewCompanyRecords && objPm.allowRead) { // owner
|
|
2196
|
+
ownerFilter = "(owner eq '" + userId + "')";
|
|
2197
|
+
}
|
|
2198
|
+
return [4 /*yield*/, shareRule_1.ShareRules.getUserObjectFilters(this.name, userSession)];
|
|
2199
|
+
case 2:
|
|
2200
|
+
shareRuleFilters = _a.sent();
|
|
2201
|
+
if (!_.isEmpty(shareRuleFilters)) {
|
|
2202
|
+
permissionFilters.push("(" + shareRuleFilters.join(' or ') + ")");
|
|
2203
|
+
}
|
|
2204
|
+
return [4 /*yield*/, restrictionRule_1.RestrictionRule.getUserObjectFilters(this.name, userSession)];
|
|
2205
|
+
case 3:
|
|
2206
|
+
restrictionRuleFilters = _a.sent();
|
|
2207
|
+
if (!_.isEmpty(restrictionRuleFilters)) {
|
|
2208
|
+
userFilters.push("(" + restrictionRuleFilters.join(' or ') + ")");
|
|
2209
|
+
}
|
|
2210
|
+
// objectPermissionFilters = this.getObjectPermissionFilters(objPm, userSession, false);
|
|
2211
|
+
// if (!_.isEmpty(objectPermissionFilters)) {
|
|
2212
|
+
// permissionFilters.push(`(${objectPermissionFilters.join(' or ')})`);
|
|
2213
|
+
// }
|
|
2214
|
+
sharesFilter = util_1.getUserObjectSharesFilters(this.name, userSession);
|
|
2215
|
+
if (!_.isEmpty(companyFilter)) {
|
|
2216
|
+
permissionFilters.push("(" + companyFilter.join(' and ') + ")");
|
|
2217
|
+
}
|
|
2218
|
+
if (ownerFilter) {
|
|
2219
|
+
permissionFilters.push(ownerFilter);
|
|
2220
|
+
}
|
|
2221
|
+
if (!_.isEmpty(sharesFilter)) {
|
|
2222
|
+
permissionFilters.push("(" + sharesFilter.join(' or ') + ")");
|
|
2223
|
+
}
|
|
2224
|
+
if (clientFilter) {
|
|
2225
|
+
userFilters.push(clientFilter);
|
|
2101
2226
|
}
|
|
2102
|
-
|
|
2227
|
+
if (spaceFilter) {
|
|
2228
|
+
userFilters.push(spaceFilter);
|
|
2229
|
+
}
|
|
2230
|
+
if (!userSession.is_space_admin && !_.isEmpty(permissionFilters)) {
|
|
2231
|
+
filters = permissionFilters.join(' or ');
|
|
2232
|
+
}
|
|
2233
|
+
if (!_.isEmpty(userFilters)) {
|
|
2234
|
+
filters = filters ? "(" + filters + ") and (" + userFilters.join(' and ') + ")" : userFilters.join(' and ');
|
|
2235
|
+
}
|
|
2236
|
+
query.filters = filters;
|
|
2237
|
+
return [3 /*break*/, 5];
|
|
2238
|
+
case 4:
|
|
2239
|
+
if (method === 'insert') {
|
|
2103
2240
|
if (!objPm.allowCreate) {
|
|
2104
2241
|
throw new Error("no " + method + " permission!");
|
|
2105
2242
|
}
|
|
2106
2243
|
}
|
|
2107
2244
|
else if (method === 'update' || method === 'updateOne') {
|
|
2108
|
-
|
|
2245
|
+
permissionFilters = null;
|
|
2246
|
+
if (!objPm.allowEdit && _.isEmpty(permissionFilters)) {
|
|
2109
2247
|
throw new Error("no " + method + " permission!");
|
|
2110
2248
|
}
|
|
2249
|
+
objectPermissionEditFilters = '';
|
|
2250
|
+
if (!_.isEmpty(permissionFilters)) {
|
|
2251
|
+
objectPermissionEditFilters = " or (" + permissionFilters.join(' or ') + ")";
|
|
2252
|
+
}
|
|
2111
2253
|
id = args[args.length - 3];
|
|
2112
2254
|
if (!objPm.modifyAllRecords && objPm.modifyCompanyRecords) {
|
|
2113
2255
|
companyFilters = _.map(userSession.companies, function (comp) {
|
|
@@ -2115,25 +2257,36 @@ var SteedosObjectType = /** @class */ (function (_super) {
|
|
|
2115
2257
|
}).join(' or ');
|
|
2116
2258
|
if (companyFilters) {
|
|
2117
2259
|
if (_.isString(id)) {
|
|
2118
|
-
id = { filters: "(_id eq '" + id + "') and (" + companyFilters + ")" };
|
|
2260
|
+
id = { filters: "(_id eq '" + id + "') and (" + companyFilters + objectPermissionEditFilters + ")" };
|
|
2119
2261
|
}
|
|
2120
2262
|
else if (_.isObject(id)) {
|
|
2121
2263
|
if (id.filters && !_.isString(id.filters)) {
|
|
2122
2264
|
id.filters = filters_1.formatFiltersToODataQuery(id.filters);
|
|
2123
2265
|
}
|
|
2124
|
-
id.filters = id.filters ? "(" + id.filters + ") and (" + companyFilters + ")" : "(" + companyFilters + ")";
|
|
2266
|
+
id.filters = id.filters ? "(" + id.filters + ") and (" + companyFilters + objectPermissionEditFilters + ")" : "(" + companyFilters + objectPermissionEditFilters + ")";
|
|
2125
2267
|
}
|
|
2126
2268
|
}
|
|
2127
2269
|
}
|
|
2128
2270
|
else if (!objPm.modifyAllRecords && !objPm.modifyCompanyRecords && objPm.allowEdit) {
|
|
2129
2271
|
if (_.isString(id)) {
|
|
2130
|
-
id = { filters: "(_id eq '" + id + "') and (owner eq '" + userId + "')" };
|
|
2272
|
+
id = { filters: "(_id eq '" + id + "') and (owner eq '" + userId + "' " + objectPermissionEditFilters + ")" };
|
|
2131
2273
|
}
|
|
2132
2274
|
else if (_.isObject(id)) {
|
|
2133
2275
|
if (id.filters && !_.isString(id.filters)) {
|
|
2134
2276
|
id.filters = filters_1.formatFiltersToODataQuery(id.filters);
|
|
2135
2277
|
}
|
|
2136
|
-
id.filters = id.filters ? "(" + id.filters + ") and (owner eq '" + userId + "')" : "(owner eq '" + userId + "')";
|
|
2278
|
+
id.filters = id.filters ? "(" + id.filters + ") and (owner eq '" + userId + "' " + objectPermissionEditFilters + ")" : "(owner eq '" + userId + "' " + objectPermissionEditFilters + ")";
|
|
2279
|
+
}
|
|
2280
|
+
}
|
|
2281
|
+
else if (objectPermissionEditFilters) {
|
|
2282
|
+
if (_.isString(id)) {
|
|
2283
|
+
id = { filters: "(_id eq '" + id + "') and (" + objectPermissionEditFilters + ")" };
|
|
2284
|
+
}
|
|
2285
|
+
else if (_.isObject(id)) {
|
|
2286
|
+
if (id.filters && !_.isString(id.filters)) {
|
|
2287
|
+
id.filters = filters_1.formatFiltersToODataQuery(id.filters);
|
|
2288
|
+
}
|
|
2289
|
+
id.filters = id.filters ? "(" + id.filters + ") and (" + objectPermissionEditFilters + ")" : "(" + objectPermissionEditFilters + ")";
|
|
2137
2290
|
}
|
|
2138
2291
|
}
|
|
2139
2292
|
args[args.length - 3] = id;
|
|
@@ -2157,25 +2310,41 @@ var SteedosObjectType = /** @class */ (function (_super) {
|
|
|
2157
2310
|
}
|
|
2158
2311
|
}
|
|
2159
2312
|
else if (method === 'delete') {
|
|
2160
|
-
|
|
2313
|
+
permissionFilters = null;
|
|
2314
|
+
if (!objPm.allowDelete && _.isEmpty(permissionFilters)) {
|
|
2161
2315
|
throw new Error("no " + method + " permission!");
|
|
2162
2316
|
}
|
|
2317
|
+
objectPermissionEditFilters = '';
|
|
2318
|
+
if (!_.isEmpty(permissionFilters)) {
|
|
2319
|
+
objectPermissionEditFilters = " or (" + permissionFilters.join(' or ') + ")";
|
|
2320
|
+
}
|
|
2163
2321
|
id = args[args.length - 2];
|
|
2164
2322
|
if (!objPm.modifyAllRecords && objPm.modifyCompanyRecords) {
|
|
2165
2323
|
companyFilters = _.map(userSession.companies, function (comp) {
|
|
2166
2324
|
return "(company_id eq '" + comp._id + "') or (company_ids eq '" + comp._id + "')";
|
|
2167
2325
|
}).join(' or ');
|
|
2168
2326
|
if (companyFilters) {
|
|
2169
|
-
id = { filters: "(_id eq '" + id + "') and (" + companyFilters + ")" };
|
|
2327
|
+
id = { filters: "(_id eq '" + id + "') and (" + companyFilters + objectPermissionEditFilters + ")" };
|
|
2170
2328
|
}
|
|
2171
2329
|
}
|
|
2172
2330
|
else if (!objPm.modifyAllRecords && !objPm.modifyCompanyRecords) {
|
|
2173
|
-
id = { filters: "(_id eq '" + id + "') and (owner eq '" + userId + "')" };
|
|
2331
|
+
id = { filters: "(_id eq '" + id + "') and (owner eq '" + userId + "'" + objectPermissionEditFilters + ")" };
|
|
2332
|
+
}
|
|
2333
|
+
else if (objectPermissionEditFilters) {
|
|
2334
|
+
if (_.isString(id)) {
|
|
2335
|
+
id = { filters: "(_id eq '" + id + "') and (" + objectPermissionEditFilters + ")" };
|
|
2336
|
+
}
|
|
2337
|
+
else if (_.isObject(id)) {
|
|
2338
|
+
if (id.filters && !_.isString(id.filters)) {
|
|
2339
|
+
id.filters = filters_1.formatFiltersToODataQuery(id.filters);
|
|
2340
|
+
}
|
|
2341
|
+
id.filters = id.filters ? "(" + id.filters + ") and (" + objectPermissionEditFilters + ")" : "(" + objectPermissionEditFilters + ")";
|
|
2342
|
+
}
|
|
2174
2343
|
}
|
|
2175
2344
|
args[args.length - 2] = id;
|
|
2176
2345
|
}
|
|
2177
|
-
_a.label =
|
|
2178
|
-
case
|
|
2346
|
+
_a.label = 5;
|
|
2347
|
+
case 5: return [2 /*return*/];
|
|
2179
2348
|
}
|
|
2180
2349
|
});
|
|
2181
2350
|
});
|