@steedos/standard-permission 2.7.27-beta.6 → 3.0.0-beta.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/main/default/objects/permission_fields.object.yml +1 -0
- package/main/default/objects/permission_objects.action.js +4 -4
- package/main/default/objects/permission_objects.object.yml +1 -0
- package/main/default/objects/permission_set/buttons/copy.button.yml +3 -1
- package/main/default/objects/permission_set/buttons/permission_set.action.js +1 -1
- package/main/default/objects/permission_set/permission_set.object.yml +1 -1
- package/main/default/objects/permission_tabs/buttons/customize.button.js +1 -1
- package/main/default/objects/permission_tabs/permission_tabs.object.yml +1 -0
- package/main/default/objects/restriction_rules.action.js +1 -1
- package/main/default/objects/restriction_rules.object.yml +5 -1
- package/main/default/objects/share_rules.action.js +1 -1
- package/main/default/objects/share_rules.object.yml +3 -5
- package/main/default/routes/batchSavePermissionTabs.router.js +4 -3
- package/main/default/routes/copyProfile.router.js +45 -17
- package/main/default/triggers/permission_objects.trigger.js +12 -8
- package/main/default/triggers/restriction_rules_api_name.trigger.js +2 -3
- package/main/default/triggers/share_rules_api_name.trigger.js +2 -3
- package/package.json +2 -2
- package/package.service.js +3 -3
- package/main/default/applications/.gitkeep +0 -0
- package/main/default/client/permission_set.client.js +0 -38
- package/main/default/objects/permission_objects.object.js +0 -20
- package/main/default/objects/permission_shares.object.yml +0 -61
- package/main/default/triggers/restriction_rules.trigger.js +0 -75
- package/main/default/triggers/share_rules.trigger.js +0 -76
- package/public/.md +0 -3
- package/src/.md +0 -3
- package/webapp/.md +0 -1
|
@@ -37,13 +37,13 @@ module.exports = {
|
|
|
37
37
|
if(!record){
|
|
38
38
|
record = {}
|
|
39
39
|
}
|
|
40
|
-
return
|
|
40
|
+
return Steedos.Object.base.actions.standard_new.visible() && record.is_system;
|
|
41
41
|
},
|
|
42
42
|
resetFieldPermissions: function (object_name, record_id) {
|
|
43
43
|
var doc = Creator.odata.get(object_name, record_id);
|
|
44
44
|
var result = Steedos.authRequest(`/api/v4/${object_name}/${record_id}/resetFieldPermissions`, { type: 'get', async: false });
|
|
45
45
|
if (result.error) {
|
|
46
|
-
toastr.error(
|
|
46
|
+
toastr.error(t(result.error));
|
|
47
47
|
} else {
|
|
48
48
|
toastr.success('初始化成功', '字段权限');
|
|
49
49
|
FlowRouter.reload();
|
|
@@ -54,7 +54,7 @@ module.exports = {
|
|
|
54
54
|
if (!record) {
|
|
55
55
|
record = {}
|
|
56
56
|
}
|
|
57
|
-
return
|
|
58
|
-
// return !(
|
|
57
|
+
return Steedos.Object.base.actions.standard_new.visible() && !record.is_system;
|
|
58
|
+
// return !(Steedos.Object.base.actions.standard_new.visible() && record.is_system);
|
|
59
59
|
}
|
|
60
60
|
}
|
|
@@ -40,7 +40,9 @@ amis_schema: |-
|
|
|
40
40
|
"api": {
|
|
41
41
|
"url": "${context.rootUrl}/api/permission/permission_set/copy",
|
|
42
42
|
"method": "post",
|
|
43
|
-
"messages": {
|
|
43
|
+
"messages": {
|
|
44
|
+
"success": "复制成功"
|
|
45
|
+
},
|
|
44
46
|
"requestAdaptor": "delete api.body.label_input;\ndelete api.body.name_input;",
|
|
45
47
|
"data": {
|
|
46
48
|
"&": "$$",
|
|
@@ -94,7 +94,7 @@ fields:
|
|
|
94
94
|
var options = [];
|
|
95
95
|
//TODO 支持value = 0
|
|
96
96
|
for(var i= 1; i < 25; i++){
|
|
97
|
-
options.push({label:
|
|
97
|
+
options.push({label: t('permission_set_field_password_history_options', i), value: `${i}`})
|
|
98
98
|
}
|
|
99
99
|
return options;
|
|
100
100
|
}
|
|
@@ -26,6 +26,6 @@ module.exports = {
|
|
|
26
26
|
},
|
|
27
27
|
customizeVisible: function (object_name, record_id, record_permissions, data) {
|
|
28
28
|
var record = data && data.record;
|
|
29
|
-
return record &&
|
|
29
|
+
return record && Steedos.Object.base.actions.standard_new.visible() && record.is_system;
|
|
30
30
|
}
|
|
31
31
|
}
|
|
@@ -4,6 +4,9 @@ icon: filter_criteria
|
|
|
4
4
|
version: 2
|
|
5
5
|
enable_dataloader: false
|
|
6
6
|
hidden: true
|
|
7
|
+
isMetadata: true
|
|
8
|
+
paging:
|
|
9
|
+
enabled: false
|
|
7
10
|
fields:
|
|
8
11
|
name:
|
|
9
12
|
label: Api 名称
|
|
@@ -24,13 +27,14 @@ fields:
|
|
|
24
27
|
sort_no: 130
|
|
25
28
|
entry_criteria:
|
|
26
29
|
label: 指定条目条件
|
|
27
|
-
inlineHelpText: "
|
|
30
|
+
inlineHelpText: "满足此条件时,使用该记录过滤器。语法为 Amis <a href = 'https://aisuda.bce.baidu.com/amis/zh-CN/docs/concepts/data-mapping' target='_blank'>数据映射</a> 或 <a href = 'https://aisuda.bce.baidu.com/amis/zh-CN/docs/concepts/expression' target='_blank'>表达式</a>, 例如: \\${global.user.profile =='user'}"
|
|
28
31
|
type: textarea
|
|
29
32
|
is_wide: true
|
|
30
33
|
sort_no: 140
|
|
31
34
|
required: true
|
|
32
35
|
record_filter:
|
|
33
36
|
label: 记录过滤器
|
|
37
|
+
inlineHelpText: "满足指定条目条件时,使用该记录过滤器限制指定的数据。语法为 Amis <a href = 'https://aisuda.bce.baidu.com/amis/zh-CN/docs/concepts/data-mapping' target='_blank'>数据映射</a> 或 <a href = 'https://aisuda.bce.baidu.com/amis/zh-CN/docs/concepts/expression' target='_blank'>表达式</a>, 例如: \\${[[\"owner\", \"=\", global.userId]]},更多详情请参考 <a href='https://docs.steedos.com/zh-CN/admin/permissions/restriction-rules' target='_blank'>此文档</a>。"
|
|
34
38
|
type: textarea
|
|
35
39
|
is_wide: true
|
|
36
40
|
sort_no: 150
|
|
@@ -4,6 +4,7 @@ icon: assigned_resource
|
|
|
4
4
|
version: 2
|
|
5
5
|
enable_dataloader: false
|
|
6
6
|
hidden: true
|
|
7
|
+
isMetadata: true
|
|
7
8
|
fields:
|
|
8
9
|
name:
|
|
9
10
|
label: Api 名称
|
|
@@ -17,10 +18,6 @@ fields:
|
|
|
17
18
|
write_requires_master_read: true
|
|
18
19
|
reference_to_field: name
|
|
19
20
|
required: true
|
|
20
|
-
optionsFunction: !<tag:yaml.org,2002:js/function> |-
|
|
21
|
-
function () {
|
|
22
|
-
return Steedos.getObjectsOptions();
|
|
23
|
-
}
|
|
24
21
|
sort_no: 120
|
|
25
22
|
active:
|
|
26
23
|
label: 启用
|
|
@@ -32,13 +29,14 @@ fields:
|
|
|
32
29
|
sort_no: 135
|
|
33
30
|
entry_criteria:
|
|
34
31
|
label: 指定条目条件
|
|
35
|
-
inlineHelpText: "
|
|
32
|
+
inlineHelpText: "满足此条件时,使用该记录过滤器。语法为 Amis <a href = 'https://aisuda.bce.baidu.com/amis/zh-CN/docs/concepts/data-mapping' target='_blank'>数据映射</a> 或 <a href = 'https://aisuda.bce.baidu.com/amis/zh-CN/docs/concepts/expression' target='_blank'>表达式</a>, 例如: \\${global.user.profile =='user'}"
|
|
36
33
|
type: textarea
|
|
37
34
|
is_wide: true
|
|
38
35
|
sort_no: 140
|
|
39
36
|
required: true
|
|
40
37
|
record_filter:
|
|
41
38
|
label: 记录过滤器
|
|
39
|
+
inlineHelpText: "满足指定条目条件时,使用该记录过滤器共享指定的数据。语法为 Amis <a href = 'https://aisuda.bce.baidu.com/amis/zh-CN/docs/concepts/data-mapping' target='_blank'>数据映射</a> 或 <a href = 'https://aisuda.bce.baidu.com/amis/zh-CN/docs/concepts/expression' target='_blank'>表达式</a>, 例如: \\${[[\"owner\", \"=\", global.userId]]},更多详情请参考 <a href='https://docs.steedos.com/zh-CN/admin/permissions/sharing-rules' target='_blank'>此文档</a>。"
|
|
42
40
|
type: textarea
|
|
43
41
|
is_wide: true
|
|
44
42
|
sort_no: 150
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
* @Author: sunhaolin@hotoa.com
|
|
3
3
|
* @Date: 2022-10-29 16:49:49
|
|
4
4
|
* @LastEditors: 孙浩林 sunhaolin@steedos.com
|
|
5
|
-
* @LastEditTime:
|
|
5
|
+
* @LastEditTime: 2025-03-03 14:36:11
|
|
6
6
|
* @Description: 权限集详情页中的设置选项卡权限按钮保存接口,批量保存选项卡权限
|
|
7
7
|
*/
|
|
8
8
|
'use strict';
|
|
@@ -10,8 +10,9 @@
|
|
|
10
10
|
|
|
11
11
|
const express = require("express");
|
|
12
12
|
const router = express.Router();
|
|
13
|
-
const
|
|
13
|
+
const auth = require('@steedos/auth');
|
|
14
14
|
const objectql = require('@steedos/objectql');
|
|
15
|
+
const _ = require('lodash');
|
|
15
16
|
|
|
16
17
|
/**
|
|
17
18
|
* body {
|
|
@@ -29,7 +30,7 @@ const objectql = require('@steedos/objectql');
|
|
|
29
30
|
* ]
|
|
30
31
|
* }
|
|
31
32
|
*/
|
|
32
|
-
router.post('/api/permission/permission_set/batchSavePermissionTabs',
|
|
33
|
+
router.post('/api/permission/permission_set/batchSavePermissionTabs', auth.requireAuthentication, async function (req, res) {
|
|
33
34
|
try {
|
|
34
35
|
const userSession = req.user;
|
|
35
36
|
const { spaceId } = userSession;
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
/*
|
|
2
2
|
* @Author: sunhaolin@hotoa.com
|
|
3
3
|
* @Date: 2022-05-26 16:56:54
|
|
4
|
-
* @LastEditors:
|
|
5
|
-
* @LastEditTime:
|
|
4
|
+
* @LastEditors: baozhoutao@steedos.com
|
|
5
|
+
* @LastEditTime: 2025-03-05 16:14:24
|
|
6
6
|
* @Description: 复制已有简档来创建新简档
|
|
7
7
|
* 使用mongodb的事务处理,保证数据的一致性
|
|
8
8
|
* 复制对象包括:简档、对象权限、字段权限、选项卡权限
|
|
@@ -12,9 +12,9 @@
|
|
|
12
12
|
|
|
13
13
|
const express = require("express");
|
|
14
14
|
const router = express.Router();
|
|
15
|
-
const
|
|
15
|
+
const auth = require('@steedos/auth');
|
|
16
16
|
const objectql = require('@steedos/objectql');
|
|
17
|
-
const
|
|
17
|
+
const { hiddenObjects } = require('@steedos/utils');
|
|
18
18
|
const _ = require('underscore');
|
|
19
19
|
const { MongoClient } = require('mongodb');
|
|
20
20
|
|
|
@@ -25,7 +25,7 @@ const { MongoClient } = require('mongodb');
|
|
|
25
25
|
* label: "", // 新简档的标签
|
|
26
26
|
* }
|
|
27
27
|
*/
|
|
28
|
-
router.post('/api/permission/permission_set/copy',
|
|
28
|
+
router.post('/api/permission/permission_set/copy', auth.requireAuthentication, async function (req, res) {
|
|
29
29
|
try {
|
|
30
30
|
const userSession = req.user;
|
|
31
31
|
const { userId, spaceId, company_id } = userSession;
|
|
@@ -75,6 +75,21 @@ router.post('/api/permission/permission_set/copy', core.requireAuthentication, a
|
|
|
75
75
|
await client.connect();
|
|
76
76
|
const db = client.db();
|
|
77
77
|
|
|
78
|
+
// 检查collection是否存在,不存在则创建
|
|
79
|
+
const objectNames = ['permission_objects', 'permission_fields', 'permission_tabs', 'permission_set'];
|
|
80
|
+
const collectionInfos = await db.listCollections({}, { nameOnly: true }).toArray()
|
|
81
|
+
const collectionsMap = _.indexBy(collectionInfos, 'name')
|
|
82
|
+
for (const objectName of objectNames) {
|
|
83
|
+
if (!collectionsMap[objectName]) {
|
|
84
|
+
try {
|
|
85
|
+
await db.createCollection(objectName)
|
|
86
|
+
} catch (error) {
|
|
87
|
+
console.error(error)
|
|
88
|
+
throw new Error(`create collection ${objectName} failed: ${error.message}`)
|
|
89
|
+
}
|
|
90
|
+
}
|
|
91
|
+
}
|
|
92
|
+
|
|
78
93
|
// Start a session.
|
|
79
94
|
const session = client.startSession();
|
|
80
95
|
|
|
@@ -179,19 +194,27 @@ router.post('/api/permission/permission_set/copy', core.requireAuthentication, a
|
|
|
179
194
|
}
|
|
180
195
|
|
|
181
196
|
// 批量创建对象权限
|
|
182
|
-
|
|
197
|
+
if (newPermissionTabs.length > 0) {
|
|
198
|
+
await permissionObjectsColl.insertMany(newPermissionObjects, { session });
|
|
199
|
+
}
|
|
183
200
|
|
|
184
201
|
// 批量创建字段权限
|
|
185
|
-
|
|
202
|
+
if (newPermissionFields.length > 0) {
|
|
203
|
+
await permissionFieldsColl.insertMany(newPermissionFields, { session });
|
|
204
|
+
}
|
|
186
205
|
|
|
187
206
|
// 批量创建选项卡权限
|
|
188
|
-
|
|
207
|
+
if (newPermissionTabs.length > 0) {
|
|
208
|
+
await permissionTabsColl.insertMany(newPermissionTabs, { session });
|
|
209
|
+
}
|
|
189
210
|
|
|
190
211
|
// 批量注册字段权限
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
212
|
+
if (newPermissionFields.length > 0) {
|
|
213
|
+
const schema = objectql.getSteedosSchema();
|
|
214
|
+
const objectName = "permission_fields";
|
|
215
|
+
const SERVICE_NAME = `~database-${objectName}`;
|
|
216
|
+
await objectql.registerPermissionFields.mregister(schema.broker, SERVICE_NAME, newPermissionFields)
|
|
217
|
+
}
|
|
195
218
|
}
|
|
196
219
|
|
|
197
220
|
} catch (error) {
|
|
@@ -210,13 +233,18 @@ router.post('/api/permission/permission_set/copy', core.requireAuthentication, a
|
|
|
210
233
|
}
|
|
211
234
|
|
|
212
235
|
res.status(200).send({
|
|
213
|
-
|
|
214
|
-
|
|
236
|
+
status: 0,
|
|
237
|
+
msg: "",
|
|
238
|
+
data: {
|
|
239
|
+
recordId: newPermissionSet._id
|
|
240
|
+
},
|
|
215
241
|
});
|
|
216
|
-
|
|
217
242
|
} catch (error) {
|
|
218
243
|
console.error(error);
|
|
219
|
-
res.status(500).send({
|
|
244
|
+
res.status(500).send({
|
|
245
|
+
status: -1,
|
|
246
|
+
msg: error.message
|
|
247
|
+
});
|
|
220
248
|
}
|
|
221
249
|
|
|
222
250
|
});
|
|
@@ -241,7 +269,7 @@ async function getInternalPermissionObjects(permissionSetId) {
|
|
|
241
269
|
_.each(datasourceObjects, function (object) {
|
|
242
270
|
const objectJSON = object.metadata;
|
|
243
271
|
const objectName = objectJSON.name;
|
|
244
|
-
if (!objectJSON._id && !_.include(
|
|
272
|
+
if (!objectJSON._id && !_.include(hiddenObjects, objectName)) {
|
|
245
273
|
let permission_set = objectJSON.permission_set
|
|
246
274
|
_.each(permission_set, function (v, code) {
|
|
247
275
|
if (code === permissionSetName) {
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
const _ = require('underscore');
|
|
2
2
|
const objectql = require("@steedos/objectql");
|
|
3
|
-
const
|
|
3
|
+
const { hiddenObjects, processPermissions } = require('@steedos/utils');
|
|
4
4
|
const auth = require("@steedos/auth");
|
|
5
5
|
const clone = require('clone');
|
|
6
6
|
|
|
@@ -25,7 +25,7 @@ const getInternalPermissionObjects = async function(){
|
|
|
25
25
|
_.each(datasourceObjects, function(object) {
|
|
26
26
|
const objectJSON = object.metadata;
|
|
27
27
|
const objectName = objectJSON.name;
|
|
28
|
-
if((!objectJSON._id || (objectJSON._id && !!objectJSON.extend)) && !objectJSON.hidden && !_.include(
|
|
28
|
+
if((!objectJSON._id || (objectJSON._id && !!objectJSON.extend)) && !objectJSON.hidden && !_.include(hiddenObjects, objectName)){
|
|
29
29
|
let permission_set = objectJSON.permission_set
|
|
30
30
|
_.each(permission_set, function(v, code){
|
|
31
31
|
objectsPermissions.push(Object.assign({}, v, {
|
|
@@ -151,13 +151,13 @@ module.exports = {
|
|
|
151
151
|
|
|
152
152
|
let permissionSetId = doc.permission_set_id
|
|
153
153
|
if(_.includes(['admin','user','supplier','customer'], doc.permission_set_id)){
|
|
154
|
-
let dbPst =
|
|
154
|
+
let dbPst = objectql.getObject("permission_set").directFind({name: doc.permission_set_id});
|
|
155
155
|
if(dbPst && dbPst.length > 0){
|
|
156
156
|
permissionSetId = dbPst[0]._id;
|
|
157
157
|
const dbDoc = dbPst[0]
|
|
158
158
|
if(_.includes(['admin','user','supplier','customer'], permissionSetId)){
|
|
159
|
-
permissionSetId =
|
|
160
|
-
|
|
159
|
+
permissionSetId = objectql.getObject("permission_set")._makeNewID()
|
|
160
|
+
objectql.getObject("permission_set").insert({
|
|
161
161
|
_id: permissionSetId,
|
|
162
162
|
name: dbDoc.name, label: dbDoc.label, type: dbDoc.type,
|
|
163
163
|
license: dbDoc.license, lockout_interval: dbDoc.lockout_interval,
|
|
@@ -171,7 +171,7 @@ module.exports = {
|
|
|
171
171
|
|
|
172
172
|
doc.permission_set_id = permissionSetId;
|
|
173
173
|
|
|
174
|
-
let existedCount =
|
|
174
|
+
let existedCount = objectql.getObject("permission_set").directFind({permission_set_id: doc.permission_set_id, object_name: doc.object_name, space: doc.space}).length
|
|
175
175
|
if(existedCount > 0){
|
|
176
176
|
throw new Error("此对象已有权限对象记录")
|
|
177
177
|
}
|
|
@@ -182,18 +182,22 @@ module.exports = {
|
|
|
182
182
|
if(_.isEmpty(doc.name)){
|
|
183
183
|
doc.name = `${doc.object_name}.${permissionSet.name}`
|
|
184
184
|
}
|
|
185
|
+
|
|
186
|
+
return processPermissions(doc)
|
|
185
187
|
},
|
|
186
188
|
beforeUpdate: async function () {
|
|
187
|
-
let oldDoc =
|
|
189
|
+
let oldDoc = objectql.getObject("permission_set").directFindOne({_id: this.id})
|
|
188
190
|
let doc = this.doc;
|
|
189
191
|
let permission_set_id = doc.permission_set_id || oldDoc.permission_set_id
|
|
190
192
|
let object_name = doc.object_name || oldDoc.object_name
|
|
191
193
|
let space = oldDoc.space
|
|
192
|
-
let existedCount =
|
|
194
|
+
let existedCount = objectql.getObject("permission_set").directFind({permission_set_id: permission_set_id, object_name: object_name, space: space, _id: {$ne: this.id}}).length;
|
|
193
195
|
if(existedCount > 0){
|
|
194
196
|
throw new Error("此对象已有权限对象记录")
|
|
195
197
|
}
|
|
196
198
|
|
|
197
199
|
await initPermissionSet(Object.assign({permission_set_id: permission_set_id}, doc), this.userId, this.spaceId);
|
|
200
|
+
|
|
201
|
+
return processPermissions(doc)
|
|
198
202
|
}
|
|
199
203
|
}
|
|
@@ -5,7 +5,6 @@
|
|
|
5
5
|
* @LastEditTime: 2022-07-30 13:22:03
|
|
6
6
|
* @Description:
|
|
7
7
|
*/
|
|
8
|
-
const util = require('@steedos/standard-objects').util;
|
|
9
8
|
const _ = require('lodash');
|
|
10
9
|
const objectql = require('@steedos/objectql');
|
|
11
10
|
module.exports = {
|
|
@@ -13,7 +12,7 @@ module.exports = {
|
|
|
13
12
|
|
|
14
13
|
beforeInsert: async function () {
|
|
15
14
|
const { object_name, doc } = this;
|
|
16
|
-
await
|
|
15
|
+
await objectql.checkAPIName(object_name, 'name', doc.name, undefined, [['is_system', '!=', true], ['object_name', '=', doc.object_name]]);
|
|
17
16
|
},
|
|
18
17
|
|
|
19
18
|
beforeUpdate: async function () {
|
|
@@ -25,6 +24,6 @@ module.exports = {
|
|
|
25
24
|
if (_.has(this.doc, 'object_name')) {
|
|
26
25
|
object_name = this.doc.object_name
|
|
27
26
|
}
|
|
28
|
-
await
|
|
27
|
+
await objectql.checkAPIName(this.object_name, 'name', name, this.id, [['is_system', '!=', true], ['object_name', '=', object_name]]);
|
|
29
28
|
}
|
|
30
29
|
}
|
|
@@ -5,7 +5,6 @@
|
|
|
5
5
|
* @LastEditTime: 2023-05-30 17:07:59
|
|
6
6
|
* @Description:
|
|
7
7
|
*/
|
|
8
|
-
const util = require('@steedos/standard-objects').util;
|
|
9
8
|
const _ = require('lodash');
|
|
10
9
|
const objectql = require('@steedos/objectql');
|
|
11
10
|
module.exports = {
|
|
@@ -13,7 +12,7 @@ module.exports = {
|
|
|
13
12
|
|
|
14
13
|
beforeInsert: async function () {
|
|
15
14
|
const { object_name, doc } = this;
|
|
16
|
-
await
|
|
15
|
+
await objectql.checkAPIName(object_name, 'name', doc.name, undefined, [['is_system', '!=', true], ['object_name', '=', doc.object_name]]);
|
|
17
16
|
},
|
|
18
17
|
|
|
19
18
|
beforeUpdate: async function () {
|
|
@@ -25,6 +24,6 @@ module.exports = {
|
|
|
25
24
|
if (_.has(this.doc, 'object_name')) {
|
|
26
25
|
object_name = this.doc.object_name
|
|
27
26
|
}
|
|
28
|
-
await
|
|
27
|
+
await objectql.checkAPIName(this.object_name, 'name', name, this.id, [['is_system', '!=', true], ['object_name', '=', object_name]]);
|
|
29
28
|
}
|
|
30
29
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@steedos/standard-permission",
|
|
3
|
-
"version": "
|
|
3
|
+
"version": "3.0.0-beta.7",
|
|
4
4
|
"main": "package.service.js",
|
|
5
5
|
"private": false,
|
|
6
6
|
"publishConfig": {
|
|
@@ -12,7 +12,7 @@
|
|
|
12
12
|
"description": "steedos package",
|
|
13
13
|
"repository": {},
|
|
14
14
|
"license": "MIT",
|
|
15
|
-
"gitHead": "
|
|
15
|
+
"gitHead": "b68a33d2fa33b380aa7ec401b63315886f7de861",
|
|
16
16
|
"dependencies": {
|
|
17
17
|
"clone": "^2.1.2"
|
|
18
18
|
}
|
package/package.service.js
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
/*
|
|
2
2
|
* @Author: sunhaolin@hotoa.com
|
|
3
3
|
* @Date: 2022-07-29 09:40:31
|
|
4
|
-
* @LastEditors:
|
|
5
|
-
* @LastEditTime:
|
|
4
|
+
* @LastEditors: baozhoutao@steedos.com
|
|
5
|
+
* @LastEditTime: 2025-02-15 17:35:47
|
|
6
6
|
* @Description:
|
|
7
7
|
*/
|
|
8
8
|
"use strict";
|
|
9
9
|
const project = require('./package.json');
|
|
10
10
|
const packageName = project.name;
|
|
11
|
-
const packageLoader = require('@steedos/service-
|
|
11
|
+
const packageLoader = require('@steedos/service-package-loader');
|
|
12
12
|
/**
|
|
13
13
|
* @typedef {import('moleculer').Context} Context Moleculer's Context
|
|
14
14
|
*/
|
|
File without changes
|
|
@@ -1,38 +0,0 @@
|
|
|
1
|
-
Steedos.PermissionSetManager = {};
|
|
2
|
-
|
|
3
|
-
Steedos.PermissionSetManager.changeSchema = function(doc, schema){
|
|
4
|
-
var objectSchema = Creator.getObjectSchema(Creator.getObject("permission_set"));
|
|
5
|
-
|
|
6
|
-
var hiddenField = function(fieldName){
|
|
7
|
-
schema._schema[fieldName].autoform.omit = true;
|
|
8
|
-
schema._schema[fieldName].autoform.type = 'hidden';
|
|
9
|
-
schema._schema[fieldName].optional = true;
|
|
10
|
-
}
|
|
11
|
-
|
|
12
|
-
if(doc.type == 'profile'){
|
|
13
|
-
hiddenField('users');
|
|
14
|
-
schema._schema.license = objectSchema.license;
|
|
15
|
-
schema._schema.license.optional = false;
|
|
16
|
-
schema._schema.password_history = objectSchema.password_history;
|
|
17
|
-
schema._schema.max_login_attempts = objectSchema.max_login_attempts;
|
|
18
|
-
schema._schema.lockout_interval = objectSchema.lockout_interval;
|
|
19
|
-
schema._schema.enable_MFA = objectSchema.enable_MFA;
|
|
20
|
-
schema._schema.logout_other_clients = objectSchema.logout_other_clients;
|
|
21
|
-
schema._schema.login_expiration_in_days = objectSchema.login_expiration_in_days;
|
|
22
|
-
schema._schema.phone_logout_other_clients = objectSchema.phone_logout_other_clients;
|
|
23
|
-
schema._schema.phone_login_expiration_in_days = objectSchema.phone_login_expiration_in_days;
|
|
24
|
-
}else{
|
|
25
|
-
hiddenField('password_history');
|
|
26
|
-
hiddenField('max_login_attempts');
|
|
27
|
-
hiddenField('lockout_interval');
|
|
28
|
-
hiddenField('enable_MFA');
|
|
29
|
-
hiddenField('logout_other_clients');
|
|
30
|
-
hiddenField('login_expiration_in_days');
|
|
31
|
-
hiddenField('phone_logout_other_clients');
|
|
32
|
-
hiddenField('phone_login_expiration_in_days');
|
|
33
|
-
schema._schema.license.optional = true;
|
|
34
|
-
schema._schema.license.defaultValue = null;
|
|
35
|
-
schema._schema.license.autoform.defaultValue = null;
|
|
36
|
-
schema._schema.users = objectSchema.users;
|
|
37
|
-
}
|
|
38
|
-
}
|
|
@@ -1,20 +0,0 @@
|
|
|
1
|
-
if(!Creator.Objects['permission_objects'].triggers){
|
|
2
|
-
Creator.Objects['permission_objects'].triggers = {}
|
|
3
|
-
}
|
|
4
|
-
|
|
5
|
-
Creator.Objects['permission_objects'].triggers = Object.assign({}, Creator.Objects['permission_objects'].triggers,{
|
|
6
|
-
"before.insert.server.process":{
|
|
7
|
-
on: "server",
|
|
8
|
-
when: "before.insert",
|
|
9
|
-
todo: function (userId, doc) {
|
|
10
|
-
return Creator.processPermissions(doc);
|
|
11
|
-
}
|
|
12
|
-
},
|
|
13
|
-
"before.update.server.process":{
|
|
14
|
-
on: "server",
|
|
15
|
-
when: "before.update",
|
|
16
|
-
todo: function (userId, doc, fieldNames, modifier, options) {
|
|
17
|
-
return Creator.processPermissions(modifier.$set);
|
|
18
|
-
}
|
|
19
|
-
}
|
|
20
|
-
})
|
|
@@ -1,61 +0,0 @@
|
|
|
1
|
-
name: permission_shares
|
|
2
|
-
label: Permission Share
|
|
3
|
-
icon: assigned_resource
|
|
4
|
-
hidden: true
|
|
5
|
-
enable_dataloader: false
|
|
6
|
-
fields:
|
|
7
|
-
name:
|
|
8
|
-
label: Name
|
|
9
|
-
type: text
|
|
10
|
-
required: true
|
|
11
|
-
searchable: true
|
|
12
|
-
index: true
|
|
13
|
-
object_name:
|
|
14
|
-
label: Object
|
|
15
|
-
type: lookup
|
|
16
|
-
multiple: true
|
|
17
|
-
reference_to: objects
|
|
18
|
-
reference_to_field: name
|
|
19
|
-
filters: ["enable_share", "=", true]
|
|
20
|
-
required: true
|
|
21
|
-
filterable: true
|
|
22
|
-
filters:
|
|
23
|
-
label: Filters
|
|
24
|
-
type: textarea
|
|
25
|
-
inlineHelpText: Format of OData Filters Required.
|
|
26
|
-
is_wide: true
|
|
27
|
-
organizations:
|
|
28
|
-
label: Departments
|
|
29
|
-
type: lookup
|
|
30
|
-
reference_to: organizations
|
|
31
|
-
multiple: true
|
|
32
|
-
defaultValue: []
|
|
33
|
-
filterable: true
|
|
34
|
-
users:
|
|
35
|
-
label: Users
|
|
36
|
-
type: lookup
|
|
37
|
-
reference_to: users
|
|
38
|
-
multiple: true
|
|
39
|
-
defaultValue: []
|
|
40
|
-
filterable: true
|
|
41
|
-
list_views:
|
|
42
|
-
all:
|
|
43
|
-
label: All
|
|
44
|
-
filter_scope: space
|
|
45
|
-
columns:
|
|
46
|
-
- name
|
|
47
|
-
permission_set:
|
|
48
|
-
user:
|
|
49
|
-
allowCreate: true
|
|
50
|
-
allowDelete: true
|
|
51
|
-
allowEdit: true
|
|
52
|
-
allowRead: true
|
|
53
|
-
modifyAllRecords: false
|
|
54
|
-
viewAllRecords: false
|
|
55
|
-
admin:
|
|
56
|
-
allowCreate: true
|
|
57
|
-
allowDelete: true
|
|
58
|
-
allowEdit: true
|
|
59
|
-
allowRead: true
|
|
60
|
-
modifyAllRecords: true
|
|
61
|
-
viewAllRecords: true
|
|
@@ -1,75 +0,0 @@
|
|
|
1
|
-
/*
|
|
2
|
-
* @Author: baozhoutao@steedos.com
|
|
3
|
-
* @Date: 2022-08-05 14:17:44
|
|
4
|
-
* @LastEditors: baozhoutao@steedos.com
|
|
5
|
-
* @LastEditTime: 2023-05-30 17:06:59
|
|
6
|
-
* @Description:
|
|
7
|
-
*/
|
|
8
|
-
const objectql = require('@steedos/objectql');
|
|
9
|
-
const register = require('@steedos/metadata-registrar');
|
|
10
|
-
const auth = require('@steedos/auth');
|
|
11
|
-
const _ = require('underscore');
|
|
12
|
-
const clone = require('clone');
|
|
13
|
-
async function getAll() {
|
|
14
|
-
const schema = objectql.getSteedosSchema();
|
|
15
|
-
const configs = await register.registerRestrictionRules.getAll(schema.broker)
|
|
16
|
-
const dataList = _.pluck(configs, 'metadata');
|
|
17
|
-
|
|
18
|
-
_.each(dataList, function (item) {
|
|
19
|
-
if (!item._id) {
|
|
20
|
-
item._id = `${item.object_name}.${item.name}`
|
|
21
|
-
}
|
|
22
|
-
})
|
|
23
|
-
return dataList;
|
|
24
|
-
}
|
|
25
|
-
|
|
26
|
-
async function get(apiName) {
|
|
27
|
-
const schema = objectql.getSteedosSchema();
|
|
28
|
-
const config = await register.registerRestrictionRules.get(schema.broker, apiName)
|
|
29
|
-
return config ? Object.assign(config.metadata, { _id: config.metadata._id || `${config.metadata.object_name}.${config.metadata.name}` }) : null;
|
|
30
|
-
}
|
|
31
|
-
|
|
32
|
-
module.exports = {
|
|
33
|
-
listenTo: 'restriction_rules',
|
|
34
|
-
|
|
35
|
-
afterFind: async function () {
|
|
36
|
-
let spaceId = this.spaceId;
|
|
37
|
-
let dataList = await getAll();
|
|
38
|
-
const values = clone(this.data.values);
|
|
39
|
-
_.each(dataList, (item) => {
|
|
40
|
-
if (!_.find(this.data.values, (value) => {
|
|
41
|
-
return value._id === item._id
|
|
42
|
-
})) {
|
|
43
|
-
values.push(item)
|
|
44
|
-
}
|
|
45
|
-
})
|
|
46
|
-
this.data.values = objectql.getSteedosSchema().metadataDriver.find(values, this.query, spaceId);
|
|
47
|
-
},
|
|
48
|
-
afterAggregate: async function () {
|
|
49
|
-
let spaceId = this.spaceId;
|
|
50
|
-
let dataList = await getAll();
|
|
51
|
-
const values = clone(this.data.values);
|
|
52
|
-
_.each(dataList, (item) => {
|
|
53
|
-
if (!_.find(this.data.values, (value) => {
|
|
54
|
-
return value._id === item._id
|
|
55
|
-
})) {
|
|
56
|
-
values.push(item)
|
|
57
|
-
}
|
|
58
|
-
})
|
|
59
|
-
this.data.values = objectql.getSteedosSchema().metadataDriver.find(values, this.query, spaceId);
|
|
60
|
-
|
|
61
|
-
},
|
|
62
|
-
afterCount: async function () {
|
|
63
|
-
let result = await objectql.getObject(this.object_name).find(this.query, await auth.getSessionByUserId(this.userId, this.spaceId))
|
|
64
|
-
this.data.values = result.length;
|
|
65
|
-
},
|
|
66
|
-
afterFindOne: async function () {
|
|
67
|
-
if (_.isEmpty(this.data.values)) {
|
|
68
|
-
let id = this.id
|
|
69
|
-
let data = await get(id);
|
|
70
|
-
if (data) {
|
|
71
|
-
this.data.values = data;
|
|
72
|
-
}
|
|
73
|
-
}
|
|
74
|
-
}
|
|
75
|
-
}
|
|
@@ -1,76 +0,0 @@
|
|
|
1
|
-
/*
|
|
2
|
-
* @Author: baozhoutao@steedos.com
|
|
3
|
-
* @Date: 2022-08-05 14:17:44
|
|
4
|
-
* @LastEditors: baozhoutao@steedos.com
|
|
5
|
-
* @LastEditTime: 2023-05-30 17:07:49
|
|
6
|
-
* @Description:
|
|
7
|
-
*/
|
|
8
|
-
const objectql = require('@steedos/objectql');
|
|
9
|
-
const auth = require('@steedos/auth');
|
|
10
|
-
const register = require('@steedos/metadata-registrar');
|
|
11
|
-
const _ = require('underscore');
|
|
12
|
-
const clone = require('clone');
|
|
13
|
-
async function getAll() {
|
|
14
|
-
const schema = objectql.getSteedosSchema();
|
|
15
|
-
const configs = await register.registerShareRules.getAll(schema.broker)
|
|
16
|
-
const dataList = _.pluck(configs, 'metadata');
|
|
17
|
-
|
|
18
|
-
_.each(dataList, function (item) {
|
|
19
|
-
if (!item._id) {
|
|
20
|
-
item._id = `${item.object_name}.${item.name}`
|
|
21
|
-
}
|
|
22
|
-
})
|
|
23
|
-
return dataList;
|
|
24
|
-
}
|
|
25
|
-
|
|
26
|
-
async function get(apiName) {
|
|
27
|
-
const schema = objectql.getSteedosSchema();
|
|
28
|
-
const config = await register.registerShareRules.get(schema.broker, apiName)
|
|
29
|
-
return config ? Object.assign(config.metadata, { _id: config.metadata._id || `${config.metadata.object_name}.${config.metadata.name}` }) : null;
|
|
30
|
-
}
|
|
31
|
-
|
|
32
|
-
module.exports = {
|
|
33
|
-
listenTo: 'share_rules',
|
|
34
|
-
|
|
35
|
-
afterFind: async function () {
|
|
36
|
-
let spaceId = this.spaceId;
|
|
37
|
-
let dataList = await getAll();
|
|
38
|
-
const values = clone(this.data.values);
|
|
39
|
-
_.each(dataList, (item) => {
|
|
40
|
-
if (!_.find(this.data.values, (value) => {
|
|
41
|
-
return value._id === item._id
|
|
42
|
-
})) {
|
|
43
|
-
values.push(item)
|
|
44
|
-
}
|
|
45
|
-
})
|
|
46
|
-
this.data.values = objectql.getSteedosSchema().metadataDriver.find(values, this.query, spaceId);
|
|
47
|
-
|
|
48
|
-
},
|
|
49
|
-
afterAggregate: async function () {
|
|
50
|
-
let spaceId = this.spaceId;
|
|
51
|
-
let dataList = await getAll();
|
|
52
|
-
const values = clone(this.data.values);
|
|
53
|
-
_.each(dataList, (item) => {
|
|
54
|
-
if (!_.find(this.data.values, (value) => {
|
|
55
|
-
return value._id === item._id
|
|
56
|
-
})) {
|
|
57
|
-
values.push(item)
|
|
58
|
-
}
|
|
59
|
-
})
|
|
60
|
-
this.data.values = objectql.getSteedosSchema().metadataDriver.find(values, this.query, spaceId);
|
|
61
|
-
|
|
62
|
-
},
|
|
63
|
-
afterCount: async function () {
|
|
64
|
-
let result = await objectql.getObject(this.object_name).find(this.query, await auth.getSessionByUserId(this.userId, this.spaceId))
|
|
65
|
-
this.data.values = result.length;
|
|
66
|
-
},
|
|
67
|
-
afterFindOne: async function () {
|
|
68
|
-
if (_.isEmpty(this.data.values)) {
|
|
69
|
-
let id = this.id
|
|
70
|
-
let data = await get(id);
|
|
71
|
-
if (data) {
|
|
72
|
-
this.data.values = data;
|
|
73
|
-
}
|
|
74
|
-
}
|
|
75
|
-
}
|
|
76
|
-
}
|
package/public/.md
DELETED
package/src/.md
DELETED
package/webapp/.md
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
- 存放web项目
|