@steedos/objectql 2.1.63 → 2.1.67
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/dynamic-load/permission.js +72 -29
- package/lib/dynamic-load/permission.js.map +1 -1
- package/lib/dynamic-load/shareRules.d.ts +1 -1
- package/lib/dynamic-load/shareRules.js +4 -4
- package/lib/dynamic-load/shareRules.js.map +1 -1
- package/lib/metadata-register/_base.d.ts +1 -1
- package/lib/metadata-register/_base.js +12 -2
- package/lib/metadata-register/_base.js.map +1 -1
- package/lib/types/config.js +10 -2
- package/lib/types/config.js.map +1 -1
- package/lib/types/object.d.ts +4 -0
- package/lib/types/object.js +112 -84
- package/lib/types/object.js.map +1 -1
- package/lib/types/object_permission.d.ts +2 -0
- package/lib/types/object_permission.js +7 -0
- package/lib/types/object_permission.js.map +1 -1
- package/package.json +8 -8
- package/src/dynamic-load/permission.ts +17 -0
- package/src/dynamic-load/shareRules.ts +3 -3
- package/src/metadata-register/_base.ts +12 -2
- package/src/types/config.ts +6 -1
- package/src/types/object.ts +71 -63
- package/src/types/object_permission.ts +11 -0
package/lib/types/object.js
CHANGED
|
@@ -746,6 +746,8 @@ var SteedosObjectType = /** @class */ (function (_super) {
|
|
|
746
746
|
uneditable_fields: null,
|
|
747
747
|
unrelated_objects: null,
|
|
748
748
|
field_permissions: null,
|
|
749
|
+
viewAssignCompanysRecords: [],
|
|
750
|
+
modifyAssignCompanysRecords: [],
|
|
749
751
|
};
|
|
750
752
|
if (_.isEmpty(roles)) {
|
|
751
753
|
throw new Error('not find user permission');
|
|
@@ -758,6 +760,7 @@ var SteedosObjectType = /** @class */ (function (_super) {
|
|
|
758
760
|
if (rolePermission) {
|
|
759
761
|
var roleFieldsPermission_1 = rolesFieldsPermission[role];
|
|
760
762
|
_.each(userObjectPermission, function (v, k) {
|
|
763
|
+
var _a, _b;
|
|
761
764
|
var _v = rolePermission[k];
|
|
762
765
|
if (k === 'field_permissions') {
|
|
763
766
|
_v = roleFieldsPermission_1;
|
|
@@ -782,6 +785,16 @@ var SteedosObjectType = /** @class */ (function (_super) {
|
|
|
782
785
|
userObjectPermission[k].push(_v);
|
|
783
786
|
}
|
|
784
787
|
}
|
|
788
|
+
else if (['viewAssignCompanysRecords', 'modifyAssignCompanysRecords'].indexOf(k) > -1) {
|
|
789
|
+
if ('modifyAssignCompanysRecords' === k) {
|
|
790
|
+
if (!_.isEmpty(_v) && _.isArray(_v)) {
|
|
791
|
+
(_a = userObjectPermission['viewAssignCompanysRecords']).push.apply(_a, tslib_1.__spread(_v));
|
|
792
|
+
}
|
|
793
|
+
}
|
|
794
|
+
if (!_.isEmpty(_v) && _.isArray(_v)) {
|
|
795
|
+
(_b = userObjectPermission[k]).push.apply(_b, tslib_1.__spread(_v));
|
|
796
|
+
}
|
|
797
|
+
}
|
|
785
798
|
else if ((_.isArray(v) || _.isNull(v))) {
|
|
786
799
|
if (!_.isArray(_v)) {
|
|
787
800
|
_v = [];
|
|
@@ -1806,29 +1819,42 @@ var SteedosObjectType = /** @class */ (function (_super) {
|
|
|
1806
1819
|
});
|
|
1807
1820
|
});
|
|
1808
1821
|
};
|
|
1809
|
-
|
|
1810
|
-
|
|
1811
|
-
|
|
1812
|
-
|
|
1813
|
-
|
|
1814
|
-
|
|
1815
|
-
|
|
1816
|
-
|
|
1817
|
-
|
|
1818
|
-
|
|
1819
|
-
|
|
1820
|
-
|
|
1821
|
-
|
|
1822
|
-
|
|
1823
|
-
|
|
1824
|
-
|
|
1825
|
-
|
|
1826
|
-
|
|
1827
|
-
|
|
1828
|
-
|
|
1829
|
-
|
|
1830
|
-
|
|
1831
|
-
|
|
1822
|
+
SteedosObjectType.prototype.appendRecordPermission = function (records, userSession) {
|
|
1823
|
+
return tslib_1.__awaiter(this, void 0, void 0, function () {
|
|
1824
|
+
var _ids, objPm, permissionFilters, filters, results, allowEditIds;
|
|
1825
|
+
return tslib_1.__generator(this, function (_a) {
|
|
1826
|
+
switch (_a.label) {
|
|
1827
|
+
case 0:
|
|
1828
|
+
_ids = _.pluck(records, '_id');
|
|
1829
|
+
return [4 /*yield*/, this.getUserObjectPermission(userSession)];
|
|
1830
|
+
case 1:
|
|
1831
|
+
objPm = _a.sent();
|
|
1832
|
+
permissionFilters = this.getObjectEditPermissionFilters(objPm, userSession);
|
|
1833
|
+
if (_.isEmpty(permissionFilters)) {
|
|
1834
|
+
return [2 /*return*/];
|
|
1835
|
+
}
|
|
1836
|
+
filters = filters_1.formatFiltersToODataQuery(['_id', 'in', _ids]);
|
|
1837
|
+
return [4 /*yield*/, this.directFind({
|
|
1838
|
+
fields: ['_id'],
|
|
1839
|
+
filters: "(" + filters + ") and (" + permissionFilters.join(' or ') + ")"
|
|
1840
|
+
})];
|
|
1841
|
+
case 2:
|
|
1842
|
+
results = _a.sent();
|
|
1843
|
+
allowEditIds = _.pluck(results, '_id');
|
|
1844
|
+
_.each(records, function (record) {
|
|
1845
|
+
if (_.include(allowEditIds, record._id)) {
|
|
1846
|
+
record.record_permissions = {
|
|
1847
|
+
allowRead: true,
|
|
1848
|
+
allowEdit: true,
|
|
1849
|
+
allowDelete: true,
|
|
1850
|
+
};
|
|
1851
|
+
}
|
|
1852
|
+
});
|
|
1853
|
+
return [2 /*return*/];
|
|
1854
|
+
}
|
|
1855
|
+
});
|
|
1856
|
+
});
|
|
1857
|
+
};
|
|
1832
1858
|
SteedosObjectType.prototype.getTriggerContext = function (when, method, args, recordId) {
|
|
1833
1859
|
return tslib_1.__awaiter(this, void 0, void 0, function () {
|
|
1834
1860
|
var userSession, context, _a;
|
|
@@ -1918,7 +1944,7 @@ var SteedosObjectType = /** @class */ (function (_super) {
|
|
|
1918
1944
|
args[_i - 1] = arguments[_i];
|
|
1919
1945
|
}
|
|
1920
1946
|
return tslib_1.__awaiter(this, void 0, void 0, function () {
|
|
1921
|
-
var adapterMethod, allow, objectName, recordId, doc, paramRecordId, returnValue, userSession, beforeTriggerContext, afterTriggerContext, previousDoc, values;
|
|
1947
|
+
var adapterMethod, allow, objectName, recordId, doc, paramRecordId, returnValue, userSession, beforeTriggerContext, afterTriggerContext, previousDoc, values, _records;
|
|
1922
1948
|
return tslib_1.__generator(this, function (_a) {
|
|
1923
1949
|
switch (_a.label) {
|
|
1924
1950
|
case 0:
|
|
@@ -1961,7 +1987,7 @@ var SteedosObjectType = /** @class */ (function (_super) {
|
|
|
1961
1987
|
return [4 /*yield*/, adapterMethod.apply(this._datasource, args)];
|
|
1962
1988
|
case 4:
|
|
1963
1989
|
returnValue = _a.sent();
|
|
1964
|
-
return [3 /*break*/,
|
|
1990
|
+
return [3 /*break*/, 25];
|
|
1965
1991
|
case 5:
|
|
1966
1992
|
userSession = args[args.length - 1];
|
|
1967
1993
|
return [4 /*yield*/, this.getTriggerContext('before', method, args)];
|
|
@@ -1987,40 +2013,43 @@ var SteedosObjectType = /** @class */ (function (_super) {
|
|
|
1987
2013
|
return [4 /*yield*/, adapterMethod.apply(this._datasource, args)];
|
|
1988
2014
|
case 10:
|
|
1989
2015
|
returnValue = _a.sent();
|
|
1990
|
-
if (method === 'find' || method == 'findOne' || method == 'count' || method == 'aggregate' || method == 'aggregatePrefixalPipeline')
|
|
1991
|
-
|
|
1992
|
-
|
|
1993
|
-
|
|
1994
|
-
|
|
1995
|
-
|
|
1996
|
-
|
|
1997
|
-
|
|
1998
|
-
|
|
1999
|
-
|
|
2000
|
-
// }
|
|
2001
|
-
// await this.appendRecordPermission(_records, userSession);
|
|
2002
|
-
// }
|
|
2003
|
-
// }
|
|
2004
|
-
Object.assign(afterTriggerContext, { data: { values: values } });
|
|
2016
|
+
if (!(method === 'find' || method == 'findOne' || method == 'count' || method == 'aggregate' || method == 'aggregatePrefixalPipeline')) return [3 /*break*/, 14];
|
|
2017
|
+
values = returnValue || {};
|
|
2018
|
+
if (!(method === 'count')) return [3 /*break*/, 11];
|
|
2019
|
+
values = returnValue || 0;
|
|
2020
|
+
return [3 /*break*/, 13];
|
|
2021
|
+
case 11:
|
|
2022
|
+
if (!userSession) return [3 /*break*/, 13];
|
|
2023
|
+
_records = returnValue;
|
|
2024
|
+
if (method == 'findOne' && returnValue) {
|
|
2025
|
+
_records = [_records];
|
|
2005
2026
|
}
|
|
2027
|
+
return [4 /*yield*/, this.appendRecordPermission(_records, userSession)];
|
|
2028
|
+
case 12:
|
|
2029
|
+
_a.sent();
|
|
2030
|
+
_a.label = 13;
|
|
2031
|
+
case 13:
|
|
2032
|
+
Object.assign(afterTriggerContext, { data: { values: values } });
|
|
2033
|
+
_a.label = 14;
|
|
2034
|
+
case 14:
|
|
2006
2035
|
// console.log("==returnValue==", returnValue);
|
|
2007
2036
|
if (method == 'insert' && _.has(returnValue, '_id')) {
|
|
2008
2037
|
afterTriggerContext.doc = returnValue;
|
|
2009
2038
|
afterTriggerContext = Object.assign({}, afterTriggerContext, { id: returnValue._id });
|
|
2010
2039
|
}
|
|
2011
|
-
if (!(method == "update")) return [3 /*break*/,
|
|
2012
|
-
if (!returnValue) return [3 /*break*/,
|
|
2040
|
+
if (!(method == "update")) return [3 /*break*/, 17];
|
|
2041
|
+
if (!returnValue) return [3 /*break*/, 16];
|
|
2013
2042
|
afterTriggerContext.doc = returnValue;
|
|
2014
2043
|
return [4 /*yield*/, this.runAfterTriggers(method, afterTriggerContext)];
|
|
2015
|
-
case
|
|
2044
|
+
case 15:
|
|
2016
2045
|
_a.sent();
|
|
2017
|
-
_a.label =
|
|
2018
|
-
case
|
|
2019
|
-
case
|
|
2020
|
-
case
|
|
2046
|
+
_a.label = 16;
|
|
2047
|
+
case 16: return [3 /*break*/, 19];
|
|
2048
|
+
case 17: return [4 /*yield*/, this.runAfterTriggers(method, afterTriggerContext)];
|
|
2049
|
+
case 18:
|
|
2021
2050
|
_a.sent();
|
|
2022
|
-
_a.label =
|
|
2023
|
-
case
|
|
2051
|
+
_a.label = 19;
|
|
2052
|
+
case 19:
|
|
2024
2053
|
if (method === 'find' || method == 'findOne' || method == 'count' || method == 'aggregate' || method == 'aggregatePrefixalPipeline') {
|
|
2025
2054
|
if (_.isEmpty(afterTriggerContext.data) || (_.isEmpty(afterTriggerContext.data.values) && !_.isNumber(afterTriggerContext.data.values))) {
|
|
2026
2055
|
return [2 /*return*/, returnValue];
|
|
@@ -2036,9 +2065,9 @@ var SteedosObjectType = /** @class */ (function (_super) {
|
|
|
2036
2065
|
user_session: userSession,
|
|
2037
2066
|
previous_record: afterTriggerContext.previousDoc
|
|
2038
2067
|
}).run()];
|
|
2039
|
-
case
|
|
2068
|
+
case 20:
|
|
2040
2069
|
_a.sent();
|
|
2041
|
-
if (!returnValue) return [3 /*break*/,
|
|
2070
|
+
if (!returnValue) return [3 /*break*/, 23];
|
|
2042
2071
|
if (method === "insert") {
|
|
2043
2072
|
// 当为insert时,上面代码执行后的doc不带_id,只能从returnValue中取
|
|
2044
2073
|
doc = returnValue;
|
|
@@ -2046,18 +2075,18 @@ var SteedosObjectType = /** @class */ (function (_super) {
|
|
|
2046
2075
|
}
|
|
2047
2076
|
// 一定要先运行公式再运行汇总,以下两个函数顺序不能反
|
|
2048
2077
|
return [4 /*yield*/, this.runRecordFormula(method, objectName, recordId, doc, userSession)];
|
|
2049
|
-
case
|
|
2078
|
+
case 21:
|
|
2050
2079
|
// 一定要先运行公式再运行汇总,以下两个函数顺序不能反
|
|
2051
2080
|
_a.sent();
|
|
2052
2081
|
return [4 /*yield*/, this.runRecordSummaries(method, objectName, recordId, doc, previousDoc, userSession)];
|
|
2053
|
-
case
|
|
2082
|
+
case 22:
|
|
2054
2083
|
_a.sent();
|
|
2055
|
-
_a.label =
|
|
2056
|
-
case
|
|
2057
|
-
case
|
|
2084
|
+
_a.label = 23;
|
|
2085
|
+
case 23: return [4 /*yield*/, object_events_1.brokeEmitEvents(objectName, method, afterTriggerContext)];
|
|
2086
|
+
case 24:
|
|
2058
2087
|
_a.sent();
|
|
2059
|
-
_a.label =
|
|
2060
|
-
case
|
|
2088
|
+
_a.label = 25;
|
|
2089
|
+
case 25: return [2 /*return*/, returnValue];
|
|
2061
2090
|
}
|
|
2062
2091
|
});
|
|
2063
2092
|
});
|
|
@@ -2112,28 +2141,13 @@ var SteedosObjectType = /** @class */ (function (_super) {
|
|
|
2112
2141
|
});
|
|
2113
2142
|
});
|
|
2114
2143
|
};
|
|
2115
|
-
|
|
2116
|
-
|
|
2117
|
-
|
|
2118
|
-
|
|
2119
|
-
|
|
2120
|
-
|
|
2121
|
-
|
|
2122
|
-
// let permissionFilters = objectPermission[permissionFiltersKey];
|
|
2123
|
-
// _.each(permissionFilters, (permissionFilter) => {
|
|
2124
|
-
// if (_.isString(permissionFilter) && isExpression(permissionFilter.trim())) {
|
|
2125
|
-
// try {
|
|
2126
|
-
// const filters = parseSingleExpression(permissionFilter, {}, "#", globalData);
|
|
2127
|
-
// if (filters && !_.isString(filters)) {
|
|
2128
|
-
// objectPermissionFilters.push(`(${formatFiltersToODataQuery(filters, userSession)})`)
|
|
2129
|
-
// }
|
|
2130
|
-
// } catch (error) {
|
|
2131
|
-
// console.error(`getObjectPermissionFilters error`, permissionFilter, error.message);
|
|
2132
|
-
// }
|
|
2133
|
-
// }
|
|
2134
|
-
// })
|
|
2135
|
-
// return objectPermissionFilters;
|
|
2136
|
-
// }
|
|
2144
|
+
SteedosObjectType.prototype.getObjectEditPermissionFilters = function (objectPermission, userSession) {
|
|
2145
|
+
var objectPermissionFilters = [];
|
|
2146
|
+
if (!_.isEmpty(objectPermission.modifyAssignCompanysRecords)) {
|
|
2147
|
+
objectPermissionFilters.push("(" + filters_1.formatFiltersToODataQuery([['company_id', 'in', objectPermission.modifyAssignCompanysRecords], 'or', ['company_ids', 'in', objectPermission.modifyAssignCompanysRecords]], userSession) + ")");
|
|
2148
|
+
}
|
|
2149
|
+
return objectPermissionFilters;
|
|
2150
|
+
};
|
|
2137
2151
|
/**
|
|
2138
2152
|
* 把query.filters用formatFiltersToODataQuery转为odata query
|
|
2139
2153
|
* 主要是为了把userSession中的utcOffset逻辑传入formatFiltersToODataQuery函数处理
|
|
@@ -2154,7 +2168,7 @@ var SteedosObjectType = /** @class */ (function (_super) {
|
|
|
2154
2168
|
};
|
|
2155
2169
|
SteedosObjectType.prototype.dealWithMethodPermission = function (method, args) {
|
|
2156
2170
|
return tslib_1.__awaiter(this, void 0, void 0, function () {
|
|
2157
|
-
var userSession, spaceId, userId, objPm, query, spaceFilter, companyFilter, ownerFilter, sharesFilter, shareRuleFilters, restrictionRuleFilters, clientFilter, filters, permissionFilters, userFilters, permissionFilters, objectPermissionEditFilters, id, companyFilters, queryFilters, companyFilters, permissionFilters, objectPermissionEditFilters, id, companyFilters;
|
|
2171
|
+
var userSession, spaceId, userId, objPm, query, spaceFilter, companyFilter, ownerFilter, sharesFilter, shareRuleFilters, restrictionRuleFilters, clientFilter, filters, permissionFilters, userFilters, viewAssignCompanysRecordsFilter_1, permissionFilters, objectPermissionEditFilters, id, companyFilters, queryFilters, companyFilters, permissionFilters, objectPermissionEditFilters, id, companyFilters;
|
|
2158
2172
|
return tslib_1.__generator(this, function (_a) {
|
|
2159
2173
|
switch (_a.label) {
|
|
2160
2174
|
case 0:
|
|
@@ -2180,10 +2194,12 @@ var SteedosObjectType = /** @class */ (function (_super) {
|
|
|
2180
2194
|
return [2 /*return*/];
|
|
2181
2195
|
}
|
|
2182
2196
|
spaceFilter = void 0, companyFilter = void 0, ownerFilter = void 0, sharesFilter = void 0, shareRuleFilters = void 0, restrictionRuleFilters = void 0, clientFilter = query.filters, filters = void 0, permissionFilters = [], userFilters = [];
|
|
2197
|
+
//space 权限
|
|
2183
2198
|
if (spaceId) {
|
|
2184
2199
|
spaceFilter = "(space eq '" + spaceId + "')";
|
|
2185
2200
|
}
|
|
2186
|
-
|
|
2201
|
+
// 本公司权限
|
|
2202
|
+
if (spaceId && !objPm.viewAllRecords && objPm.viewCompanyRecords) {
|
|
2187
2203
|
if (_.isEmpty(userSession.companies)) {
|
|
2188
2204
|
console.log('objPm', objPm);
|
|
2189
2205
|
throw new Error("user not belong any company!");
|
|
@@ -2195,14 +2211,25 @@ var SteedosObjectType = /** @class */ (function (_super) {
|
|
|
2195
2211
|
if (!objPm.viewAllRecords && !objPm.viewCompanyRecords && objPm.allowRead) { // owner
|
|
2196
2212
|
ownerFilter = "(owner eq '" + userId + "')";
|
|
2197
2213
|
}
|
|
2214
|
+
viewAssignCompanysRecordsFilter_1 = [];
|
|
2215
|
+
if (objPm.viewAssignCompanysRecords) {
|
|
2216
|
+
_.each(objPm.viewAssignCompanysRecords, function (assignCompanyId) {
|
|
2217
|
+
viewAssignCompanysRecordsFilter_1.push("((company_id eq '" + assignCompanyId + "') or (company_ids eq '" + assignCompanyId + "'))");
|
|
2218
|
+
});
|
|
2219
|
+
}
|
|
2220
|
+
if (!_.isEmpty(viewAssignCompanysRecordsFilter_1)) {
|
|
2221
|
+
permissionFilters.push("(" + viewAssignCompanysRecordsFilter_1.join(' or ') + ")");
|
|
2222
|
+
}
|
|
2198
2223
|
return [4 /*yield*/, shareRule_1.ShareRules.getUserObjectFilters(this.name, userSession)];
|
|
2199
2224
|
case 2:
|
|
2225
|
+
//共享规则
|
|
2200
2226
|
shareRuleFilters = _a.sent();
|
|
2201
2227
|
if (!_.isEmpty(shareRuleFilters)) {
|
|
2202
2228
|
permissionFilters.push("(" + shareRuleFilters.join(' or ') + ")");
|
|
2203
2229
|
}
|
|
2204
2230
|
return [4 /*yield*/, restrictionRule_1.RestrictionRule.getUserObjectFilters(this.name, userSession)];
|
|
2205
2231
|
case 3:
|
|
2232
|
+
// 限制规则
|
|
2206
2233
|
restrictionRuleFilters = _a.sent();
|
|
2207
2234
|
if (!_.isEmpty(restrictionRuleFilters)) {
|
|
2208
2235
|
userFilters.push("(" + restrictionRuleFilters.join(' or ') + ")");
|
|
@@ -2211,6 +2238,7 @@ var SteedosObjectType = /** @class */ (function (_super) {
|
|
|
2211
2238
|
// if (!_.isEmpty(objectPermissionFilters)) {
|
|
2212
2239
|
// permissionFilters.push(`(${objectPermissionFilters.join(' or ')})`);
|
|
2213
2240
|
// }
|
|
2241
|
+
//共享规则(旧)
|
|
2214
2242
|
sharesFilter = util_1.getUserObjectSharesFilters(this.name, userSession);
|
|
2215
2243
|
if (!_.isEmpty(companyFilter)) {
|
|
2216
2244
|
permissionFilters.push("(" + companyFilter.join(' and ') + ")");
|
|
@@ -2242,7 +2270,7 @@ var SteedosObjectType = /** @class */ (function (_super) {
|
|
|
2242
2270
|
}
|
|
2243
2271
|
}
|
|
2244
2272
|
else if (method === 'update' || method === 'updateOne') {
|
|
2245
|
-
permissionFilters =
|
|
2273
|
+
permissionFilters = this.getObjectEditPermissionFilters(objPm, userSession);
|
|
2246
2274
|
if (!objPm.allowEdit && _.isEmpty(permissionFilters)) {
|
|
2247
2275
|
throw new Error("no " + method + " permission!");
|
|
2248
2276
|
}
|
|
@@ -2310,7 +2338,7 @@ var SteedosObjectType = /** @class */ (function (_super) {
|
|
|
2310
2338
|
}
|
|
2311
2339
|
}
|
|
2312
2340
|
else if (method === 'delete') {
|
|
2313
|
-
permissionFilters =
|
|
2341
|
+
permissionFilters = this.getObjectEditPermissionFilters(objPm, userSession);
|
|
2314
2342
|
if (!objPm.allowDelete && _.isEmpty(permissionFilters)) {
|
|
2315
2343
|
throw new Error("no " + method + " permission!");
|
|
2316
2344
|
}
|