@steedos/objectql 2.1.56 → 2.1.60

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (67) hide show
  1. package/lib/dynamic-load/preload_data.d.ts +3 -0
  2. package/lib/dynamic-load/preload_data.js +158 -1
  3. package/lib/dynamic-load/preload_data.js.map +1 -1
  4. package/lib/dynamic-load/restrictionRules.d.ts +1 -0
  5. package/lib/dynamic-load/restrictionRules.js +42 -0
  6. package/lib/dynamic-load/restrictionRules.js.map +1 -0
  7. package/lib/dynamic-load/shareRules.d.ts +1 -0
  8. package/lib/dynamic-load/shareRules.js +42 -0
  9. package/lib/dynamic-load/shareRules.js.map +1 -0
  10. package/lib/index.d.ts +3 -0
  11. package/lib/index.js +3 -0
  12. package/lib/index.js.map +1 -1
  13. package/lib/metadata-register/_base.d.ts +3 -1
  14. package/lib/metadata-register/_base.js +16 -5
  15. package/lib/metadata-register/_base.js.map +1 -1
  16. package/lib/metadata-register/permissionFields.d.ts +7 -0
  17. package/lib/metadata-register/permissionFields.js +18 -0
  18. package/lib/metadata-register/permissionFields.js.map +1 -0
  19. package/lib/metadata-register/restrictionRules.d.ts +7 -0
  20. package/lib/metadata-register/restrictionRules.js +18 -0
  21. package/lib/metadata-register/restrictionRules.js.map +1 -0
  22. package/lib/metadata-register/shareRules.d.ts +7 -0
  23. package/lib/metadata-register/shareRules.js +18 -0
  24. package/lib/metadata-register/shareRules.js.map +1 -0
  25. package/lib/types/field_permission.d.ts +4 -0
  26. package/lib/types/field_permission.js +50 -0
  27. package/lib/types/field_permission.js.map +1 -0
  28. package/lib/types/object.d.ts +1 -0
  29. package/lib/types/object.js +302 -133
  30. package/lib/types/object.js.map +1 -1
  31. package/lib/types/object_dynamic_load.js +13 -4
  32. package/lib/types/object_dynamic_load.js.map +1 -1
  33. package/lib/types/object_permission.d.ts +1 -0
  34. package/lib/types/object_permission.js +31 -0
  35. package/lib/types/object_permission.js.map +1 -1
  36. package/lib/types/restrictionRule.d.ts +13 -0
  37. package/lib/types/restrictionRule.js +75 -0
  38. package/lib/types/restrictionRule.js.map +1 -0
  39. package/lib/types/shareRule.d.ts +13 -0
  40. package/lib/types/shareRule.js +75 -0
  41. package/lib/types/shareRule.js.map +1 -0
  42. package/lib/util/field.js +4 -4
  43. package/lib/util/field.js.map +1 -1
  44. package/lib/util/function_expression.d.ts +2 -0
  45. package/lib/util/function_expression.js +66 -0
  46. package/lib/util/function_expression.js.map +1 -0
  47. package/lib/util/index.d.ts +1 -0
  48. package/lib/util/index.js +1 -0
  49. package/lib/util/index.js.map +1 -1
  50. package/package.json +8 -8
  51. package/src/dynamic-load/preload_data.ts +44 -0
  52. package/src/dynamic-load/restrictionRules.ts +19 -0
  53. package/src/dynamic-load/shareRules.ts +19 -0
  54. package/src/index.ts +4 -1
  55. package/src/metadata-register/_base.ts +14 -3
  56. package/src/metadata-register/permissionFields.ts +13 -0
  57. package/src/metadata-register/restrictionRules.ts +12 -0
  58. package/src/metadata-register/shareRules.ts +13 -0
  59. package/src/types/field_permission.ts +26 -0
  60. package/src/types/object.ts +198 -22
  61. package/src/types/object_dynamic_load.ts +4 -1
  62. package/src/types/object_permission.ts +32 -0
  63. package/src/types/restrictionRule.ts +57 -0
  64. package/src/types/shareRule.ts +57 -0
  65. package/src/util/field.ts +4 -4
  66. package/src/util/function_expression.ts +63 -0
  67. package/src/util/index.ts +1 -0
@@ -16,6 +16,9 @@ var object_events_1 = require("./object_events");
16
16
  var i18n_1 = require("@steedos/i18n");
17
17
  var object_layouts_1 = require("./object_layouts");
18
18
  var lodash_1 = require("lodash");
19
+ var shareRule_1 = require("./shareRule");
20
+ var restrictionRule_1 = require("./restrictionRule");
21
+ var field_permission_1 = require("./field_permission");
19
22
  var clone = require('clone');
20
23
  // 主子表有层级限制,超过3层就报错,该函数判断当前对象作为主表对象往下的层级最多不越过3层,
21
24
  // 其3层指的是A-B-C-D,它们都有父子关系,A作为最顶层,该对象上不可以再创建主表子表关系字段,但是B、C、D上可以;
@@ -713,77 +716,125 @@ var SteedosObjectType = /** @class */ (function (_super) {
713
716
  };
714
717
  SteedosObjectType.prototype.getUserObjectPermission = function (userSession) {
715
718
  return tslib_1.__awaiter(this, void 0, void 0, function () {
716
- var roles, objectRolesPermission, userObjectPermission, spaceId;
719
+ var roles, objectRolesPermission, userObjectPermission, rolesFieldsPermission, field_permissions, spaceId;
717
720
  return tslib_1.__generator(this, function (_a) {
718
- if (!userSession) {
719
- throw new Error('userSession is required');
720
- }
721
- roles = userSession.roles;
722
- objectRolesPermission = this.getObjectRolesPermission(userSession.spaceId);
723
- userObjectPermission = {
724
- allowRead: false,
725
- allowCreate: false,
726
- allowEdit: false,
727
- allowDelete: false,
728
- viewAllRecords: false,
729
- modifyAllRecords: false,
730
- viewCompanyRecords: false,
731
- modifyCompanyRecords: false,
732
- allowReadFiles: null,
733
- viewAllFiles: null,
734
- allowCreateFiles: null,
735
- allowEditFiles: null,
736
- allowDeleteFiles: null,
737
- modifyAllFiles: null,
738
- disabled_list_views: null,
739
- disabled_actions: null,
740
- unreadable_fields: null,
741
- uneditable_fields: null,
742
- unrelated_objects: null
743
- };
744
- if (_.isEmpty(roles)) {
745
- throw new Error('not find user permission');
746
- }
747
- roles.forEach(function (role) {
748
- var rolePermission = objectRolesPermission[role];
749
- if (rolePermission) {
750
- _.each(userObjectPermission, function (v, k) {
751
- var _v = rolePermission[k];
752
- if (_.isBoolean(v)) {
753
- if (v === false && _v === true) {
754
- userObjectPermission[k] = _v;
755
- }
756
- }
757
- else if (['allowReadFiles', 'viewAllFiles', 'allowCreateFiles', 'allowEditFiles', 'allowDeleteFiles', 'modifyAllFiles'].indexOf(k) > -1) {
758
- if (_.isBoolean(_v)) {
759
- userObjectPermission[k] = _v;
760
- }
721
+ switch (_a.label) {
722
+ case 0:
723
+ if (!userSession) {
724
+ throw new Error('userSession is required');
725
+ }
726
+ roles = userSession.roles;
727
+ objectRolesPermission = this.getObjectRolesPermission(userSession.spaceId);
728
+ userObjectPermission = {
729
+ allowRead: false,
730
+ allowCreate: false,
731
+ allowEdit: false,
732
+ allowDelete: false,
733
+ viewAllRecords: false,
734
+ modifyAllRecords: false,
735
+ viewCompanyRecords: false,
736
+ modifyCompanyRecords: false,
737
+ allowReadFiles: null,
738
+ viewAllFiles: null,
739
+ allowCreateFiles: null,
740
+ allowEditFiles: null,
741
+ allowDeleteFiles: null,
742
+ modifyAllFiles: null,
743
+ disabled_list_views: null,
744
+ disabled_actions: null,
745
+ unreadable_fields: null,
746
+ uneditable_fields: null,
747
+ unrelated_objects: null,
748
+ field_permissions: null,
749
+ };
750
+ if (_.isEmpty(roles)) {
751
+ throw new Error('not find user permission');
752
+ }
753
+ return [4 /*yield*/, field_permission_1.FieldPermission.getObjectFieldsPermissionGroupRole(this.name)];
754
+ case 1:
755
+ rolesFieldsPermission = _a.sent();
756
+ roles.forEach(function (role) {
757
+ var rolePermission = objectRolesPermission[role];
758
+ if (rolePermission) {
759
+ var roleFieldsPermission_1 = rolesFieldsPermission[role];
760
+ _.each(userObjectPermission, function (v, k) {
761
+ var _v = rolePermission[k];
762
+ if (k === 'field_permissions') {
763
+ _v = roleFieldsPermission_1;
764
+ }
765
+ if (_.isBoolean(v)) {
766
+ if (v === false && _v === true) {
767
+ userObjectPermission[k] = _v;
768
+ }
769
+ }
770
+ else if (['allowReadFiles', 'viewAllFiles', 'allowCreateFiles', 'allowEditFiles', 'allowDeleteFiles', 'modifyAllFiles'].indexOf(k) > -1) {
771
+ if (_.isBoolean(_v)) {
772
+ userObjectPermission[k] = _v;
773
+ }
774
+ }
775
+ else if (['read_filters', 'edit_filters'].indexOf(k) > -1) {
776
+ if ('edit_filters' === k) {
777
+ if (!_.isEmpty(_v)) {
778
+ userObjectPermission['read_filters'].push(_v);
779
+ }
780
+ }
781
+ if (!_.isEmpty(_v)) {
782
+ userObjectPermission[k].push(_v);
783
+ }
784
+ }
785
+ else if ((_.isArray(v) || _.isNull(v))) {
786
+ if (!_.isArray(_v)) {
787
+ _v = [];
788
+ }
789
+ if (_.isNull(v)) {
790
+ userObjectPermission[k] = _v;
791
+ }
792
+ else {
793
+ if (k === 'field_permissions') {
794
+ userObjectPermission[k] = _.union(v, _v);
795
+ }
796
+ else {
797
+ userObjectPermission[k] = _.intersection(v, _v);
798
+ }
799
+ }
800
+ }
801
+ });
761
802
  }
762
- else if ((_.isArray(v) || _.isNull(v))) {
763
- if (!_.isArray(_v)) {
764
- _v = [];
765
- }
766
- if (_.isNull(v)) {
767
- userObjectPermission[k] = _v;
803
+ });
804
+ field_permissions = {};
805
+ if (userObjectPermission.field_permissions) {
806
+ _.each(userObjectPermission.field_permissions, function (field_permission) {
807
+ var field = field_permission.field, read = field_permission.read, edit = field_permission.edit;
808
+ if (field_permissions[field]) {
809
+ field_permissions[field].edit = field_permissions[field].edit || edit;
810
+ if (field_permissions[field].edit) {
811
+ field_permissions[field].read = true;
812
+ }
813
+ else {
814
+ field_permissions[field].read = field_permissions[field].read || read;
815
+ }
768
816
  }
769
817
  else {
770
- userObjectPermission[k] = _.intersection(v, _v);
818
+ field_permissions[field] = {
819
+ field: field,
820
+ read: edit || read,
821
+ edit: edit
822
+ };
771
823
  }
772
- }
773
- });
774
- }
775
- });
776
- userObjectPermission.disabled_list_views = userObjectPermission.disabled_list_views || [];
777
- userObjectPermission.disabled_actions = userObjectPermission.disabled_actions || [];
778
- userObjectPermission.unreadable_fields = userObjectPermission.unreadable_fields || [];
779
- userObjectPermission.uneditable_fields = userObjectPermission.uneditable_fields || [];
780
- userObjectPermission.unrelated_objects = userObjectPermission.unrelated_objects || [];
781
- spaceId = userSession.spaceId;
782
- if (util_1.isTemplateSpace(spaceId)) {
783
- return [2 /*return*/, Object.assign({}, userObjectPermission, { allowRead: true, viewAllRecords: true, viewCompanyRecords: true })];
824
+ });
825
+ }
826
+ userObjectPermission.field_permissions = field_permissions;
827
+ userObjectPermission.disabled_list_views = userObjectPermission.disabled_list_views || [];
828
+ userObjectPermission.disabled_actions = userObjectPermission.disabled_actions || [];
829
+ userObjectPermission.unreadable_fields = userObjectPermission.unreadable_fields || [];
830
+ userObjectPermission.uneditable_fields = userObjectPermission.uneditable_fields || [];
831
+ userObjectPermission.unrelated_objects = userObjectPermission.unrelated_objects || [];
832
+ spaceId = userSession.spaceId;
833
+ if (util_1.isTemplateSpace(spaceId)) {
834
+ return [2 /*return*/, Object.assign({}, userObjectPermission, { allowRead: true, viewAllRecords: true, viewCompanyRecords: true })];
835
+ }
836
+ return [2 /*return*/, userObjectPermission];
784
837
  }
785
- Creator.processPermissions(userObjectPermission);
786
- return [2 /*return*/, userObjectPermission];
787
838
  });
788
839
  });
789
840
  };
@@ -1284,7 +1335,7 @@ var SteedosObjectType = /** @class */ (function (_super) {
1284
1335
  };
1285
1336
  SteedosObjectType.prototype.getRecordView = function (userSession) {
1286
1337
  return tslib_1.__awaiter(this, void 0, void 0, function () {
1287
- var lng, objectMetadataConfig, objectConfig, _a, _b, _c, _d, layouts, layout, _fields_1, sort_no_1, layoutFieldKeys, objectFieldKeys, difference, layoutButtonsName_1, spaceProcessDefinition, dbListViews;
1338
+ var lng, objectMetadataConfig, objectConfig, _a, _b, _c, _d, layouts, layout, _fields_1, sort_no_1, layoutFieldKeys, objectFieldKeys, difference, layoutButtonsName_1, userObjectFields, spaceProcessDefinition, dbListViews;
1288
1339
  return tslib_1.__generator(this, function (_e) {
1289
1340
  switch (_e.label) {
1290
1341
  case 0:
@@ -1384,6 +1435,23 @@ var SteedosObjectType = /** @class */ (function (_super) {
1384
1435
  }
1385
1436
  });
1386
1437
  }
1438
+ userObjectFields = objectConfig.fields;
1439
+ _.each(objectConfig.permissions.field_permissions, function (field_permission, field) {
1440
+ var read = field_permission.read, edit = field_permission.edit;
1441
+ if (read) {
1442
+ userObjectFields[field].omit = true;
1443
+ }
1444
+ if (edit) {
1445
+ userObjectFields[field].omit = false;
1446
+ userObjectFields[field].hidden = false;
1447
+ userObjectFields[field].readonly = false;
1448
+ userObjectFields[field].disabled = false;
1449
+ }
1450
+ if (!read && !edit) {
1451
+ delete userObjectFields[field];
1452
+ }
1453
+ });
1454
+ objectConfig.fields = userObjectFields;
1387
1455
  return [4 /*yield*/, getObject("process_definition").directFind({ filters: [['space', '=', userSession.spaceId], ['object_name', '=', this.name], ['active', '=', true]] })];
1388
1456
  case 7:
1389
1457
  spaceProcessDefinition = _e.sent();
@@ -1738,6 +1806,29 @@ var SteedosObjectType = /** @class */ (function (_super) {
1738
1806
  });
1739
1807
  });
1740
1808
  };
1809
+ // private async appendRecordPermission(records, userSession) {
1810
+ // const _ids = _.pluck(records, '_id');
1811
+ // const objPm = await this.getUserObjectPermission(userSession);
1812
+ // const permissionFilters = this.getObjectPermissionFilters(objPm, userSession, true);
1813
+ // if (_.isEmpty(permissionFilters)) {
1814
+ // return;
1815
+ // }
1816
+ // const filters = formatFiltersToODataQuery(['_id', 'in', _ids])
1817
+ // const results = await this.directFind({
1818
+ // fields: ['_id'],
1819
+ // filters: `(${filters}) and (${permissionFilters.join(' or ')})`
1820
+ // });
1821
+ // const allowEditIds = _.pluck(results, '_id');
1822
+ // _.each(records, (record) => {
1823
+ // if (_.include(allowEditIds, record._id)) {
1824
+ // record.record_permissions = {
1825
+ // allowRead: true,
1826
+ // allowEdit: true,
1827
+ // allowDelete: true,
1828
+ // }
1829
+ // }
1830
+ // })
1831
+ // }
1741
1832
  SteedosObjectType.prototype.getTriggerContext = function (when, method, args, recordId) {
1742
1833
  return tslib_1.__awaiter(this, void 0, void 0, function () {
1743
1834
  var userSession, context, _a;
@@ -1901,6 +1992,15 @@ var SteedosObjectType = /** @class */ (function (_super) {
1901
1992
  if (method === 'count') {
1902
1993
  values = returnValue || 0;
1903
1994
  }
1995
+ // else{
1996
+ // if (userSession) {
1997
+ // let _records = returnValue
1998
+ // if (method == 'findOne' && returnValue) {
1999
+ // _records = [_records]
2000
+ // }
2001
+ // await this.appendRecordPermission(_records, userSession);
2002
+ // }
2003
+ // }
1904
2004
  Object.assign(afterTriggerContext, { data: { values: values } });
1905
2005
  }
1906
2006
  // console.log("==returnValue==", returnValue);
@@ -2012,6 +2112,28 @@ var SteedosObjectType = /** @class */ (function (_super) {
2012
2112
  });
2013
2113
  });
2014
2114
  };
2115
+ // private getObjectPermissionFilters(objectPermission, userSession, isEdit) {
2116
+ // const objectPermissionFilters = [];
2117
+ // let permissionFiltersKey = 'read_filters';
2118
+ // if (isEdit) {
2119
+ // permissionFiltersKey = 'edit_filters';
2120
+ // }
2121
+ // const globalData = Object.assign({}, userSession, { now: new Date() });
2122
+ // let permissionFilters = objectPermission[permissionFiltersKey];
2123
+ // _.each(permissionFilters, (permissionFilter) => {
2124
+ // if (_.isString(permissionFilter) && isExpression(permissionFilter.trim())) {
2125
+ // try {
2126
+ // const filters = parseSingleExpression(permissionFilter, {}, "#", globalData);
2127
+ // if (filters && !_.isString(filters)) {
2128
+ // objectPermissionFilters.push(`(${formatFiltersToODataQuery(filters, userSession)})`)
2129
+ // }
2130
+ // } catch (error) {
2131
+ // console.error(`getObjectPermissionFilters error`, permissionFilter, error.message);
2132
+ // }
2133
+ // }
2134
+ // })
2135
+ // return objectPermissionFilters;
2136
+ // }
2015
2137
  /**
2016
2138
  * 把query.filters用formatFiltersToODataQuery转为odata query
2017
2139
  * 主要是为了把userSession中的utcOffset逻辑传入formatFiltersToODataQuery函数处理
@@ -2032,82 +2154,102 @@ var SteedosObjectType = /** @class */ (function (_super) {
2032
2154
  };
2033
2155
  SteedosObjectType.prototype.dealWithMethodPermission = function (method, args) {
2034
2156
  return tslib_1.__awaiter(this, void 0, void 0, function () {
2035
- var userSession, spaceId, userId, objPm, query, spaceFilter, companyFilter, ownerFilter, sharesFilter, clientFilter, filters, permissionFilters, userFilters, id, companyFilters, queryFilters, companyFilters, id, companyFilters;
2157
+ var userSession, spaceId, userId, objPm, query, spaceFilter, companyFilter, ownerFilter, sharesFilter, shareRuleFilters, restrictionRuleFilters, clientFilter, filters, permissionFilters, userFilters, permissionFilters, objectPermissionEditFilters, id, companyFilters, queryFilters, companyFilters, permissionFilters, objectPermissionEditFilters, id, companyFilters;
2036
2158
  return tslib_1.__generator(this, function (_a) {
2037
2159
  switch (_a.label) {
2038
2160
  case 0:
2039
2161
  userSession = args[args.length - 1];
2040
- if (!userSession) return [3 /*break*/, 2];
2162
+ if (!userSession) return [3 /*break*/, 5];
2041
2163
  spaceId = userSession.spaceId;
2042
2164
  userId = userSession.userId;
2043
2165
  return [4 /*yield*/, this.getUserObjectPermission(userSession)];
2044
2166
  case 1:
2045
2167
  objPm = _a.sent();
2046
- if (method === 'find' || method === 'count' || method === 'findOne' || method === 'aggregate' || method === 'aggregatePrefixalPipeline') {
2047
- query = args[args.length - 2];
2048
- if (method === 'aggregate' || method === 'aggregatePrefixalPipeline') {
2049
- query = args[args.length - 3];
2050
- }
2051
- if (query.filters && !_.isString(query.filters)) {
2052
- query.filters = filters_1.formatFiltersToODataQuery(query.filters);
2053
- }
2054
- if (this.table_name == 'cfs.files.filerecord' || this.table_name == 'cfs.instances.filerecord') {
2055
- return [2 /*return*/];
2056
- }
2057
- if (util_1.isCloudAdminSpace(spaceId)) {
2058
- return [2 /*return*/];
2059
- }
2060
- spaceFilter = void 0, companyFilter = void 0, ownerFilter = void 0, sharesFilter = void 0, clientFilter = query.filters, filters = void 0, permissionFilters = [], userFilters = [];
2061
- if (spaceId) {
2062
- spaceFilter = "(space eq '" + spaceId + "')";
2063
- }
2064
- if (spaceId && !objPm.viewAllRecords && objPm.viewCompanyRecords) { // 公司级
2065
- if (_.isEmpty(userSession.companies)) {
2066
- console.log('objPm', objPm);
2067
- throw new Error("user not belong any company!");
2068
- }
2069
- companyFilter = _.map(userSession.companies, function (comp) {
2070
- return "(company_id eq '" + comp._id + "') or (company_ids eq '" + comp._id + "')";
2071
- });
2072
- }
2073
- if (!objPm.viewAllRecords && !objPm.viewCompanyRecords && objPm.allowRead) { // owner
2074
- ownerFilter = "(owner eq '" + userId + "')";
2075
- }
2076
- if (!objPm.viewAllRecords) {
2077
- sharesFilter = util_1.getUserObjectSharesFilters(this.name, userSession);
2078
- }
2079
- if (!_.isEmpty(companyFilter)) {
2080
- permissionFilters.push("(" + companyFilter.join(' or ') + ")");
2081
- }
2082
- if (ownerFilter) {
2083
- permissionFilters.push(ownerFilter);
2084
- }
2085
- if (!_.isEmpty(sharesFilter)) {
2086
- permissionFilters.push("(" + sharesFilter.join(' or ') + ")");
2087
- }
2088
- if (clientFilter) {
2089
- userFilters.push(clientFilter);
2090
- }
2091
- if (spaceFilter) {
2092
- userFilters.push(spaceFilter);
2093
- }
2094
- if (!userSession.is_space_admin && !_.isEmpty(permissionFilters)) {
2095
- filters = permissionFilters.join(' or ');
2096
- }
2097
- if (!_.isEmpty(userFilters)) {
2098
- filters = filters ? "(" + filters + ") and (" + userFilters.join(' and ') + ")" : userFilters.join(' and ');
2168
+ if (!(method === 'find' || method === 'count' || method === 'findOne' || method === 'aggregate' || method === 'aggregatePrefixalPipeline')) return [3 /*break*/, 4];
2169
+ query = args[args.length - 2];
2170
+ if (method === 'aggregate' || method === 'aggregatePrefixalPipeline') {
2171
+ query = args[args.length - 3];
2172
+ }
2173
+ if (query.filters && !_.isString(query.filters)) {
2174
+ query.filters = filters_1.formatFiltersToODataQuery(query.filters);
2175
+ }
2176
+ if (this.table_name == 'cfs.files.filerecord' || this.table_name == 'cfs.instances.filerecord') {
2177
+ return [2 /*return*/];
2178
+ }
2179
+ if (util_1.isCloudAdminSpace(spaceId)) {
2180
+ return [2 /*return*/];
2181
+ }
2182
+ spaceFilter = void 0, companyFilter = void 0, ownerFilter = void 0, sharesFilter = void 0, shareRuleFilters = void 0, restrictionRuleFilters = void 0, clientFilter = query.filters, filters = void 0, permissionFilters = [], userFilters = [];
2183
+ if (spaceId) {
2184
+ spaceFilter = "(space eq '" + spaceId + "')";
2185
+ }
2186
+ if (spaceId && !objPm.viewAllRecords && objPm.viewCompanyRecords) { // 公司级
2187
+ if (_.isEmpty(userSession.companies)) {
2188
+ console.log('objPm', objPm);
2189
+ throw new Error("user not belong any company!");
2099
2190
  }
2100
- query.filters = filters;
2191
+ companyFilter = _.map(userSession.companies, function (comp) {
2192
+ return "(company_id eq '" + comp._id + "') or (company_ids eq '" + comp._id + "')";
2193
+ });
2194
+ }
2195
+ if (!objPm.viewAllRecords && !objPm.viewCompanyRecords && objPm.allowRead) { // owner
2196
+ ownerFilter = "(owner eq '" + userId + "')";
2197
+ }
2198
+ return [4 /*yield*/, shareRule_1.ShareRules.getUserObjectFilters(this.name, userSession)];
2199
+ case 2:
2200
+ shareRuleFilters = _a.sent();
2201
+ if (!_.isEmpty(shareRuleFilters)) {
2202
+ permissionFilters.push("(" + shareRuleFilters.join(' or ') + ")");
2203
+ }
2204
+ return [4 /*yield*/, restrictionRule_1.RestrictionRule.getUserObjectFilters(this.name, userSession)];
2205
+ case 3:
2206
+ restrictionRuleFilters = _a.sent();
2207
+ if (!_.isEmpty(restrictionRuleFilters)) {
2208
+ userFilters.push("(" + restrictionRuleFilters.join(' or ') + ")");
2209
+ }
2210
+ // objectPermissionFilters = this.getObjectPermissionFilters(objPm, userSession, false);
2211
+ // if (!_.isEmpty(objectPermissionFilters)) {
2212
+ // permissionFilters.push(`(${objectPermissionFilters.join(' or ')})`);
2213
+ // }
2214
+ sharesFilter = util_1.getUserObjectSharesFilters(this.name, userSession);
2215
+ if (!_.isEmpty(companyFilter)) {
2216
+ permissionFilters.push("(" + companyFilter.join(' and ') + ")");
2217
+ }
2218
+ if (ownerFilter) {
2219
+ permissionFilters.push(ownerFilter);
2220
+ }
2221
+ if (!_.isEmpty(sharesFilter)) {
2222
+ permissionFilters.push("(" + sharesFilter.join(' or ') + ")");
2223
+ }
2224
+ if (clientFilter) {
2225
+ userFilters.push(clientFilter);
2101
2226
  }
2102
- else if (method === 'insert') {
2227
+ if (spaceFilter) {
2228
+ userFilters.push(spaceFilter);
2229
+ }
2230
+ if (!userSession.is_space_admin && !_.isEmpty(permissionFilters)) {
2231
+ filters = permissionFilters.join(' or ');
2232
+ }
2233
+ if (!_.isEmpty(userFilters)) {
2234
+ filters = filters ? "(" + filters + ") and (" + userFilters.join(' and ') + ")" : userFilters.join(' and ');
2235
+ }
2236
+ query.filters = filters;
2237
+ return [3 /*break*/, 5];
2238
+ case 4:
2239
+ if (method === 'insert') {
2103
2240
  if (!objPm.allowCreate) {
2104
2241
  throw new Error("no " + method + " permission!");
2105
2242
  }
2106
2243
  }
2107
2244
  else if (method === 'update' || method === 'updateOne') {
2108
- if (!objPm.allowEdit) {
2245
+ permissionFilters = null;
2246
+ if (!objPm.allowEdit && _.isEmpty(permissionFilters)) {
2109
2247
  throw new Error("no " + method + " permission!");
2110
2248
  }
2249
+ objectPermissionEditFilters = '';
2250
+ if (!_.isEmpty(permissionFilters)) {
2251
+ objectPermissionEditFilters = " or (" + permissionFilters.join(' or ') + ")";
2252
+ }
2111
2253
  id = args[args.length - 3];
2112
2254
  if (!objPm.modifyAllRecords && objPm.modifyCompanyRecords) {
2113
2255
  companyFilters = _.map(userSession.companies, function (comp) {
@@ -2115,25 +2257,36 @@ var SteedosObjectType = /** @class */ (function (_super) {
2115
2257
  }).join(' or ');
2116
2258
  if (companyFilters) {
2117
2259
  if (_.isString(id)) {
2118
- id = { filters: "(_id eq '" + id + "') and (" + companyFilters + ")" };
2260
+ id = { filters: "(_id eq '" + id + "') and (" + companyFilters + objectPermissionEditFilters + ")" };
2119
2261
  }
2120
2262
  else if (_.isObject(id)) {
2121
2263
  if (id.filters && !_.isString(id.filters)) {
2122
2264
  id.filters = filters_1.formatFiltersToODataQuery(id.filters);
2123
2265
  }
2124
- id.filters = id.filters ? "(" + id.filters + ") and (" + companyFilters + ")" : "(" + companyFilters + ")";
2266
+ id.filters = id.filters ? "(" + id.filters + ") and (" + companyFilters + objectPermissionEditFilters + ")" : "(" + companyFilters + objectPermissionEditFilters + ")";
2125
2267
  }
2126
2268
  }
2127
2269
  }
2128
2270
  else if (!objPm.modifyAllRecords && !objPm.modifyCompanyRecords && objPm.allowEdit) {
2129
2271
  if (_.isString(id)) {
2130
- id = { filters: "(_id eq '" + id + "') and (owner eq '" + userId + "')" };
2272
+ id = { filters: "(_id eq '" + id + "') and (owner eq '" + userId + "' " + objectPermissionEditFilters + ")" };
2131
2273
  }
2132
2274
  else if (_.isObject(id)) {
2133
2275
  if (id.filters && !_.isString(id.filters)) {
2134
2276
  id.filters = filters_1.formatFiltersToODataQuery(id.filters);
2135
2277
  }
2136
- id.filters = id.filters ? "(" + id.filters + ") and (owner eq '" + userId + "')" : "(owner eq '" + userId + "')";
2278
+ id.filters = id.filters ? "(" + id.filters + ") and (owner eq '" + userId + "' " + objectPermissionEditFilters + ")" : "(owner eq '" + userId + "' " + objectPermissionEditFilters + ")";
2279
+ }
2280
+ }
2281
+ else if (objectPermissionEditFilters) {
2282
+ if (_.isString(id)) {
2283
+ id = { filters: "(_id eq '" + id + "') and (" + objectPermissionEditFilters + ")" };
2284
+ }
2285
+ else if (_.isObject(id)) {
2286
+ if (id.filters && !_.isString(id.filters)) {
2287
+ id.filters = filters_1.formatFiltersToODataQuery(id.filters);
2288
+ }
2289
+ id.filters = id.filters ? "(" + id.filters + ") and (" + objectPermissionEditFilters + ")" : "(" + objectPermissionEditFilters + ")";
2137
2290
  }
2138
2291
  }
2139
2292
  args[args.length - 3] = id;
@@ -2157,25 +2310,41 @@ var SteedosObjectType = /** @class */ (function (_super) {
2157
2310
  }
2158
2311
  }
2159
2312
  else if (method === 'delete') {
2160
- if (!objPm.allowDelete) {
2313
+ permissionFilters = null;
2314
+ if (!objPm.allowDelete && _.isEmpty(permissionFilters)) {
2161
2315
  throw new Error("no " + method + " permission!");
2162
2316
  }
2317
+ objectPermissionEditFilters = '';
2318
+ if (!_.isEmpty(permissionFilters)) {
2319
+ objectPermissionEditFilters = " or (" + permissionFilters.join(' or ') + ")";
2320
+ }
2163
2321
  id = args[args.length - 2];
2164
2322
  if (!objPm.modifyAllRecords && objPm.modifyCompanyRecords) {
2165
2323
  companyFilters = _.map(userSession.companies, function (comp) {
2166
2324
  return "(company_id eq '" + comp._id + "') or (company_ids eq '" + comp._id + "')";
2167
2325
  }).join(' or ');
2168
2326
  if (companyFilters) {
2169
- id = { filters: "(_id eq '" + id + "') and (" + companyFilters + ")" };
2327
+ id = { filters: "(_id eq '" + id + "') and (" + companyFilters + objectPermissionEditFilters + ")" };
2170
2328
  }
2171
2329
  }
2172
2330
  else if (!objPm.modifyAllRecords && !objPm.modifyCompanyRecords) {
2173
- id = { filters: "(_id eq '" + id + "') and (owner eq '" + userId + "')" };
2331
+ id = { filters: "(_id eq '" + id + "') and (owner eq '" + userId + "'" + objectPermissionEditFilters + ")" };
2332
+ }
2333
+ else if (objectPermissionEditFilters) {
2334
+ if (_.isString(id)) {
2335
+ id = { filters: "(_id eq '" + id + "') and (" + objectPermissionEditFilters + ")" };
2336
+ }
2337
+ else if (_.isObject(id)) {
2338
+ if (id.filters && !_.isString(id.filters)) {
2339
+ id.filters = filters_1.formatFiltersToODataQuery(id.filters);
2340
+ }
2341
+ id.filters = id.filters ? "(" + id.filters + ") and (" + objectPermissionEditFilters + ")" : "(" + objectPermissionEditFilters + ")";
2342
+ }
2174
2343
  }
2175
2344
  args[args.length - 2] = id;
2176
2345
  }
2177
- _a.label = 2;
2178
- case 2: return [2 /*return*/];
2346
+ _a.label = 5;
2347
+ case 5: return [2 /*return*/];
2179
2348
  }
2180
2349
  });
2181
2350
  });