@steedos/standard-ui 2.2.55-beta.16

package/main/default/objects/apps.object.js

@@ -0,0 +1,94 @@
+const core = require('@steedos/core');
+db.apps = Creator.Collections.apps ? Creator.Collections.apps : core.newCollection('apps')
+
+db.apps.isInternalApp = function (url) {
+    var app_url, i, len, ref;
+    if (url && db.apps.INTERNAL_APPS) {
+        ref = db.apps.INTERNAL_APPS;
+        for (i = 0, len = ref.length; i < len; i++) {
+            app_url = ref[i];
+            if (url.startsWith(app_url)) {
+                return true;
+            }
+        }
+    }
+    return false;
+};
+
+if (Meteor.isServer) {
+    db.apps.allow({
+        insert: function (userId, doc) {
+            if (!Steedos.isSpaceAdmin(doc.space, userId)) {
+                return false;
+            } else {
+                return true;
+            }
+        },
+        update: function (userId, doc) {
+            if (!Steedos.isSpaceAdmin(doc.space, userId)) {
+                return false;
+            } else {
+                return true;
+            }
+        },
+        remove: function (userId, doc) {
+            if (!Steedos.isSpaceAdmin(doc.space, userId)) {
+                return false;
+            } else {
+                return true;
+            }
+        }
+    });
+}
+
+if (Meteor.isServer) {
+    // db.apps.before.insert (userId, doc) ->
+    // 	doc.internal = db.apps.isInternalApp(doc.url)
+    // 	return
+    db.apps.before.update(function (userId, doc, fieldNames, modifier, options) {
+        return modifier.$set = modifier.$set || {};
+    });
+}
+
+Fiber = require('fibers')
+
+var getUserOrganizations = function(userId, spaceId){
+    var space_user = db.space_users.findOne({user:userId,space:spaceId}, {fields:{organizations:1}})
+    if(!space_user){
+        return []
+    }
+    var organizations = space_user.organizations
+    if(!organizations){
+        return []
+    }
+    var userOrgs = db.organizations.find({_id:{$in:organizations}}).fetch()
+    var parents = _.flatten(_.pluck(userOrgs, 'parents'))
+	return _.union(organizations,parents)
+}
+
+var getUserApps = function (userId, spaceId) {
+    var userOrgs = getUserOrganizations(userId, spaceId);
+    var selector = {
+        $or: [
+            {$or: [{space: {$exists: false}}, {space: spaceId}]},
+            { 'members.organizations': {$in: userOrgs} },
+            { 'members.users': {$in: [ userId ]} }
+        ]
+    }
+    return db.apps.find(selector, {sort: {sort: 1}}).fetch();
+};
+
+// Creator.Objects['apps'].methods = {
+//     safe_apps: function (req, res) {
+//         return Fiber(function () {
+//             var userSession = req.user
+//             var userId = userSession.userId
+//             var spaceId = userSession.spaceId
+//             var apps = getUserApps(userId, spaceId);
+//             return res.send({
+//                 "@odata.count": apps.length,
+//                 value: apps
+//             });
+//         }).run();
+//     }
+// }

package/main/default/objects/apps.object.yml

@@ -0,0 +1,328 @@
+name: apps
+label: App
+icon: apps
+hidden: true
+version: 2
+fields:
+  name:
+    label: Name
+    type: text
+    defaultValue: ''
+    description: ''
+    inlineHelpText: ''
+    required: true
+    searchable: true
+    index: true
+  code:
+    label: API Name
+    type: text
+    required: true
+    searchable: true
+  icon_slds:
+    label: SLDS Icon
+    type: lookup
+    required: true
+    optionsFunction: !!js/function |
+      function () {
+        var options;
+        options = [];
+
+        _.forEach(Creator.resources.sldsIcons.standard, function (svg) {
+          return options.push({
+            value: svg,
+            label: svg,
+            icon: svg
+          });
+        });
+
+        return options;
+      }
+    filterable: true
+  visible:
+    label: Visible
+    type: boolean
+    defaultValue: true
+  description:
+    label: Description
+    type: textarea
+    is_wide: true
+  tabs:
+    label: Tabs
+    type: lookup
+    multiple: true
+    group: Business object
+    is_wide: true
+    reference_to: tabs
+    reference_to_field: name
+  objects:
+    label: Objects
+    type: lookup
+    multiple: true
+    group: Business object
+    optionsFunction: !!js/function |
+      function () {
+        return Steedos.getObjectsOptions()
+      }
+    filterable: true
+  mobile_objects:
+    label: Mobile Objects
+    type: lookup
+    multiple: true
+    group: Business object
+    optionsFunction: !!js/function |
+      function () {
+        return Steedos.getObjectsOptions()
+      }
+    filterable: true
+  is_creator:
+    type: boolean
+    label: Item of Menu  
+    defaultValue: true
+    group: Business object
+  mobile:
+    type: boolean
+    label: Mobile App
+    defaultValue: true
+    group: Business object
+  icon:
+    label: Icon
+    type: text
+    hidden: true
+  sort:
+    label: Sort Number
+    type: number
+    defaultValue: 9100
+    sortable: true
+
+  # members:
+  #   type: object
+  #   label: Members
+  #   is_wide: true
+  # members.users:
+  #   type: lookup
+  #   label: User Members
+  #   reference_to: users
+  #   multiple: true
+  #   filterable: true
+  # members.organizations:
+  #   type: lookup
+  #   label: Department Members
+  #   reference_to: organizations
+  #   multiple: true
+  #   filterable: true
+
+  url:
+    label: URL
+    type: url
+    group: External Application
+  is_use_ie:
+    type: boolean
+    label: Open in IE (Using Steedos Desktop)
+    defaultValue: false
+    group: External Application
+  is_use_iframe:
+    type: boolean
+    label: Open with iframe
+    defaultValue: false
+    group: External Application
+  is_new_window:
+    type: boolean
+    label: Open in New Window
+    defaultValue: false
+    group: External Application
+  on_click:
+    type: textarea
+    label: onClick
+    rows: 2
+    is_wide: true
+    group: External Application
+
+  auth_name:
+    label: Auth Name
+    type: text
+    group: External Application
+  secret:
+    label: API Secret Key
+    type: text
+    max: 16
+    min: 16
+    group: External Application
+
+  oauth2_enabled:
+    group: OAuth2 
+    label: OAuth2 Enabled
+    type: boolean
+    hidden: true
+  oauth2_callback_url:
+    group: OAuth2
+    label: Callback URL
+    type: text
+    required: "{{formData.oauth2_enabled}}"
+    hidden: true
+  oauth2_scopes:
+    group: OAuth2
+    label: Scopes
+    type: select
+    hidden: true
+    multiple: true
+    required: "{{formData.oauth2_enabled}}"
+    options:
+      - label: Access to Your Unique Identifier (openid)
+        value: openid
+      - label: Access Basic Information (id, email, address, phone, locale)
+        value: profile
+      - label: Access Fully (full)
+        value: full
+  oauth2_logout_enabled: 
+    group: OAuth2
+    label: OAuth2 Logout Enabled
+    type: boolean
+    hidden: true
+  oauth2_logout_url:
+    group: OAuth2
+    label: OAuth2 Logout URL
+    type: url
+    hidden: true
+  oauth2_home_url:
+    group: OAuth2
+    label: Homepage URL
+    type: url
+    required: "{{formData.oauth2_enabled}}"
+    hidden: true
+  oauth2_logo:
+    group: OAuth2
+    label: OAuth2 Logo
+    type: image
+    required: "{{formData.oauth2_enabled}}"
+    hidden: true
+  oauth2_client_secret:
+    group: OAuth2
+    label: OAuth2 Client secret
+    type: text
+    omit: true
+    hidden: true
+  saml_enabled:
+    hidden: true
+    group: SAML
+    label: SAML Enabled
+    type: boolean
+  saml_entity_id:
+    hidden: true
+    group: SAML
+    label: Entity Id
+    type: text
+  saml_issuer:
+    hidden: true
+    group: SAML
+    label: Issuer
+    type: text
+  saml_idp_cert:
+    hidden: true
+    group: SAML
+    label: IDP Cert
+    type: text
+  saml_acs_url:
+    hidden: true
+    group: SAML
+    label: ACS URL
+    type: url
+  saml_name_id_format:
+    hidden: true
+    group: SAML
+    label: Name
+    type: text
+  saml_logout_enabled: 
+    hidden: true
+    group: SAML
+    label: SAML Logout Enabled
+    type: boolean
+  saml_logout_url:
+    hidden: true
+    group: SAML
+    label: SAML Logout URL
+    type: url
+  saml_logout_block:
+    hidden: true
+    group: SAML
+    label: SAML Logout Block
+    type: select
+    options: 
+      - label: HTTP Redirect
+        value: redirect
+      - label: HTTP Post
+        value: post
+  is_system:
+    type: boolean
+    label: System
+    # omit: true
+    readonly: true
+    visible_on: "{{global.mode ==='read' ? true : false}}"
+    disabled: true
+  from_code_id:
+    type: text
+    visible_on: "{{false}}"
+    disabled: true
+paging:
+  enabled: false
+actions:
+  customize:
+    label: Customize
+    on: record_only
+  reset:
+    label: Reset
+    on: record_only
+  createOAuth2App:
+    label: 创建 OAuth 应用
+    on: list
+    sort: 180
+list_views:
+  all:
+    label: All Apps
+    filter_scope: space
+    columns:
+      - name
+      - code
+      - description
+      - visible
+      - sort
+      - is_system
+permission_set:
+  user:
+    allowCreate: false
+    allowDelete: false
+    allowEdit: false
+    allowRead: true
+    modifyAllRecords: false
+    viewAllRecords: true
+  admin:
+    allowCreate: true
+    allowDelete: true
+    allowEdit: true
+    allowRead: true
+    modifyAllRecords: true
+    viewAllRecords: true
+# triggers:
+#   before.insert.server.apps:
+#     'on': server
+#     when: before.insert
+#     todo: !!js/function |
+#       function (userId, doc) {
+#               return doc.icon = doc.icon_slds;
+#             }
+#   after.update.server.apps:
+#     'on': server
+#     when: after.update
+#     todo: !!js/function |
+#       function (userId, doc, fieldNames, modifier, options) {
+#               var ref;
+
+#               if (modifier != null ? (ref = modifier.$set) != null ? ref.icon_slds : void 0 : void 0) {
+#                 return Creator.getCollection("apps").direct.update({
+#                   _id: doc._id
+#                 }, {
+#                   $set: {
+#                     icon: modifier.$set.icon_slds
+#                   }
+#                 });
+#               }
+#             }

package/main/default/objects/tabs.object.yml

@@ -0,0 +1,149 @@
+name: tabs
+label: Tabs
+icon: apps
+hidden: true
+version: 2.0
+fields:
+  label:
+    inlineHelpText: This is the label of the tab, for web tabs only.
+    type: text
+    is_name: true
+    required: true
+  name:
+    label: Api Name
+    type: text
+    required: true
+  icon:
+    label: Icon
+    type: lookup
+    required: true
+    optionsFunction: !<tag:yaml.org,2002:js/function> |-
+      function () {
+              var options;
+              options = [];
+
+              _.forEach(Creator.resources.sldsIcons.standard, function (svg) {
+                return options.push({
+                  value: svg,
+                  label: svg,
+                  icon: svg
+                });
+              });
+
+              return options;
+            }
+  parent:
+    label: Parent
+    type: lookup
+    reference_to: tabs
+    omit: true
+    hidden: true
+  type: 
+    type: select
+    options:
+    - label: Object
+      value: object
+    - label: Url
+      value: url
+    - label: Page
+      value: page
+  mobile: 
+    label: Display on the Mobile
+    type: boolean
+    defaultValue: true
+  desktop:
+    label: Display on the Desktop
+    type: boolean
+    defaultValue: true
+  frame_height:
+    hidden: true
+    inlineHelpText: The height, in pixels of the tab frame. Required for frame and page tabs.
+    label: Height
+    type: number
+  has_sidebar:
+    hidden: true
+    inlineHelpText: Indicates if the tab displays the sidebar panel.
+    type: boolean
+  object:
+    label: Object
+    type: lookup
+    reference_to: objects
+    reference_to_field: name
+    optionsFunction: !!js/function |
+      function () {
+        return Steedos.getObjectsOptions()
+      }
+    filterable: true
+    required: "{{'object' === formData.type ? true: false}}"
+    visible_on: "{{'object' === formData.type ? true: false}}"
+  url:
+    type: url
+    label: Url
+    required: "{{'url' === formData.type ? true: false}}"
+    visible_on: "{{'url' === formData.type ? true: false}}"
+  is_new_window:
+    type: boolean
+    visible_on: "{{'url' === formData.type ? true: false}}"
+  page:
+    type: lookup
+    label: 页面
+    required: "{{'page' === formData.type ? true: false}}"
+    visible_on: "{{'page' === formData.type ? true: false}}"
+    reference_to: pages
+    reference_to_field: name
+    filters: 
+      - ['type','notin', ['record','list','form']]
+  action_overrides:
+    type: text
+    hidden: true
+    inlineHelpText: A list of the action overrides that are assigned to the tab. Only one override is allowed per formFactor for a given tab.
+  description:
+    type: textarea
+    is_wide: true
+  is_system:
+    type: boolean
+    label: System
+    # omit: true
+    readonly: true
+    visible_on: "{{global.mode ==='read' ? true : false}}"
+    disabled: true
+list_views:
+  all:
+    label: All Apps
+    filter_scope: space
+    columns:
+      - label
+      - name
+      # - parent
+      - desktop
+      - mobile
+      - type
+      - is_system
+permission_set:
+  user:
+    allowCreate: false
+    allowDelete: false
+    allowEdit: false
+    allowRead: true
+    modifyAllRecords: false
+    viewAllRecords: true
+  admin:
+    allowCreate: true
+    allowDelete: true
+    allowEdit: true
+    allowRead: true
+    modifyAllRecords: true
+    viewAllRecords: true
+# form:
+#   beforeEdit: !!js/function |
+#     function(){
+#       return Steedos.TabsManager.changeSchema(this.doc, this.schema, 'edit');
+#     }
+#   afterEdit: !!js/function |
+#     function(){
+#       return Steedos.TabsManager.changeSchema(this.doc, this.schema, 'edit');
+#     }
+#   beforeView: !!js/function |
+#     function(){
+#       Steedos.TabsManager.changeSchema(this.doc, this.schema, 'view');
+#     }

package/main/default/triggers/apps.oauth.trigger.remove.js

@@ -0,0 +1,134 @@
+const _ = require('underscore');
+const randomString = require("crypto-random-string");
+const accounts = require('@steedos/accounts');
+const objectql = require('@steedos/objectql')
+
+const GrantTypes = ['authorization_code', 'refresh_token']
+
+const getOAuth2ClientBody = (clientId, clientName, clientSecret, clientUri, logoUri, responseTypes, scope, callbacks) => {
+    return {
+        client_id: clientId,
+        client_name: clientName,
+        client_secret: clientSecret,
+        client_uri: clientUri,
+        logo_uri: logoUri,
+        response_types: responseTypes,
+        scope: scope,
+        callbacks: callbacks,
+        redirect_uris: [callbacks],
+        grant_types: GrantTypes,
+        token_endpoint_auth_method: 'client_secret_post'
+    }
+}
+
+//grant-types authorization_code,refresh_token
+//token-endpoint-auth-method client_secret_post
+const createOAuth2Client = async (clientId, clientName, clientSecret, clientUri, logoUri, responseTypes, scope, callbacks) => {
+    console.log(`createOAuth2Client`, clientId);
+    return await accounts.hydraAdmin.createOAuth2Client(getOAuth2ClientBody(clientId, clientName, clientSecret, clientUri, logoUri, responseTypes, scope, callbacks))
+};
+
+const deleteOAuth2Client = async (clientId) => {
+    console.log(`deleteOAuth2Client`, clientId);
+    return await accounts.hydraAdmin.deleteOAuth2Client(clientId);
+}
+
+const updateOAuth2Client = async (clientId, clientName, clientSecret, clientUri, logoUri, responseTypes, scope, callbacks) => {
+    return await accounts.hydraAdmin.updateOAuth2Client(clientId, getOAuth2ClientBody(clientId, clientName, clientSecret, clientUri, logoUri, responseTypes, scope, callbacks))
+};
+
+const upsetOAuth2Client = async (clientId, clientName, clientSecret, clientUri, logoUri, responseTypes, scope, callbacks) => {
+    const client = await accounts.hydraAdmin.getOAuth2Client(clientId);
+    if (client) {
+        return await updateOAuth2Client(clientId, clientName, clientSecret, clientUri, logoUri, responseTypes, scope, callbacks)
+    } else {
+        return await createOAuth2Client(clientId, clientName, clientSecret, clientUri, logoUri, responseTypes, scope, callbacks)
+    }
+}
+
+const getResponseTypes = (oauth2_scopes) => {
+    const scopes = ['code', 'id_token'];
+    _.each(oauth2_scopes, (oauth2_scope) => {
+        if (oauth2_scope === 'profile') {
+            scopes.push('steedos_id')
+            scopes.push('name')
+            scopes.push('username')
+            scopes.push('mobile')
+            scopes.push('email')
+            // scopes.push('job_number')
+            scopes.push('locale')
+            scopes.push('space')
+            // scopes.push('profile')
+            scopes.push('userId')
+            scopes.push('mobile_verified')
+            scopes.push('email_verified')
+            scopes.push('utcOffset')
+        }
+    })
+    return scopes;
+}
+
+module.exports = {
+    listenTo: 'apps',
+    beforeInsert: async function () {
+        const { doc } = this;
+        if (doc.oauth2_enabled) {
+            doc.oauth2_client_secret = randomString(40);
+        };
+    },
+    afterInsert: async function () {
+        const { doc } = this;
+
+        if (doc.oauth2_enabled) {
+            const responseTypes = getResponseTypes(doc.oauth2_scopes)
+            const result = await createOAuth2Client(
+                doc.code,
+                doc.name,
+                doc.oauth2_client_secret,
+                doc.oauth2_home_url,
+                Meteor.absoluteUrl(`/api/files/images/${doc.oauth2_logo}`),
+                responseTypes,
+                doc.oauth2_scopes.join(','),
+                doc.oauth2_callback_url
+            )
+            console.log(`result`, result);
+        };
+
+    },
+    beforeUpdate: async function () {
+        const { doc, id } = this
+        if (doc.oauth2_enabled) {
+            const record = await objectql.getObject('apps').findOne(id);
+            if (!record.oauth2_client_secret) {
+                doc.oauth2_client_secret = randomString(40);
+            }
+        }
+    },
+    afterUpdate: async function () {
+        const { previousDoc, id, doc } = this;
+        const newDoc = await objectql.getObject('apps').findOne(id)
+
+        if ((_.has(doc, 'oauth2_enabled') && previousDoc.oauth2_enabled && newDoc.oauth2_enabled != true) || (_.has(doc, 'code') && previousDoc.code != newDoc.code)) {
+            await deleteOAuth2Client(newDoc.code)
+        }
+
+        if (newDoc.oauth2_enabled) {
+            const responseTypes = getResponseTypes(newDoc.oauth2_scopes)
+            await upsetOAuth2Client(
+                newDoc.code,
+                newDoc.name,
+                newDoc.oauth2_client_secret,
+                newDoc.oauth2_home_url,
+                Meteor.absoluteUrl(`/api/files/images/${newDoc.oauth2_logo}`),
+                responseTypes,
+                newDoc.oauth2_scopes.join(','),
+                newDoc.oauth2_callback_url)
+        }
+    },
+    afterDelete: async function () {
+        const { previousDoc } = this;
+        if (previousDoc.oauth2_enabled) {
+            await deleteOAuth2Client(doc.code)
+        }
+    }
+}