@tachybase/acl 0.23.8

package/lib/allow-manager.js

@@ -0,0 +1,108 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var allow_manager_exports = {};
+__export(allow_manager_exports, {
+  AllowManager: () => AllowManager
+});
+module.exports = __toCommonJS(allow_manager_exports);
+const _AllowManager = class _AllowManager {
+  constructor(acl) {
+    this.acl = acl;
+    this.registerAllowCondition("loggedIn", (ctx) => {
+      return ctx.state.currentUser;
+    });
+    this.registerAllowCondition("public", (ctx) => {
+      return true;
+    });
+    this.registerAllowCondition("allowConfigure", async (ctx) => {
+      var _a;
+      const roleName = ctx.state.currentRole;
+      if (!roleName) {
+        return false;
+      }
+      const role = acl.getRole(roleName);
+      if (!role) {
+        return false;
+      }
+      return (_a = role.getStrategy()) == null ? void 0 : _a.allowConfigure;
+    });
+  }
+  skipActions = /* @__PURE__ */ new Map();
+  registeredCondition = /* @__PURE__ */ new Map();
+  allow(resourceName, actionName, condition) {
+    const actionMap = this.skipActions.get(resourceName) || /* @__PURE__ */ new Map();
+    actionMap.set(actionName, condition || true);
+    this.skipActions.set(resourceName, actionMap);
+  }
+  getAllowedConditions(resourceName, actionName) {
+    const fetchActionSteps = ["*", resourceName];
+    const results = [];
+    for (const fetchActionStep of fetchActionSteps) {
+      const resource = this.skipActions.get(fetchActionStep);
+      if (resource) {
+        for (const fetchActionStep2 of ["*", actionName]) {
+          const condition = resource.get(fetchActionStep2);
+          if (condition) {
+            results.push(typeof condition === "string" ? this.registeredCondition.get(condition) : condition);
+          }
+        }
+      }
+    }
+    return results;
+  }
+  registerAllowCondition(name, condition) {
+    this.registeredCondition.set(name, condition);
+  }
+  async isAllowed(resourceName, actionName, ctx) {
+    const skippedConditions = this.getAllowedConditions(resourceName, actionName);
+    for (const skippedCondition of skippedConditions) {
+      if (skippedCondition) {
+        let skipResult = false;
+        if (typeof skippedCondition === "function") {
+          skipResult = await skippedCondition(ctx);
+        } else if (skippedCondition) {
+          skipResult = true;
+        }
+        if (skipResult) {
+          return true;
+        }
+      }
+    }
+    return false;
+  }
+  aclMiddleware() {
+    return async (ctx, next) => {
+      const { resourceName, actionName } = ctx.action;
+      const skip = await this.acl.allowManager.isAllowed(resourceName, actionName, ctx);
+      if (skip) {
+        ctx.permission = {
+          ...ctx.permission || {},
+          skip: true
+        };
+      }
+      await next();
+    };
+  }
+};
+__name(_AllowManager, "AllowManager");
+let AllowManager = _AllowManager;
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  AllowManager
+});

package/lib/fixed-params-manager.d.ts

@@ -0,0 +1,10 @@
+export type Merger = () => object;
+export type ActionPath = string;
+export default class FixedParamsManager {
+    merger: Map<string, Merger[]>;
+    addParams(resource: string, action: string, merger: Merger): void;
+    getParamsMerger(resource: string, action: string): Merger[];
+    protected getActionPath(resource: string, action: string): string;
+    getParams(resource: string, action: string, extraParams?: any): {};
+    static mergeParams(a: any, b: any): void;
+}

package/lib/fixed-params-manager.js

@@ -0,0 +1,62 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var fixed_params_manager_exports = {};
+__export(fixed_params_manager_exports, {
+  default: () => FixedParamsManager
+});
+module.exports = __toCommonJS(fixed_params_manager_exports);
+var import_utils = require("@tachybase/utils");
+const SPLIT = ":";
+const _FixedParamsManager = class _FixedParamsManager {
+  merger = /* @__PURE__ */ new Map();
+  addParams(resource, action, merger) {
+    const path = this.getActionPath(resource, action);
+    this.merger.set(path, [...this.getParamsMerger(resource, action), merger]);
+  }
+  getParamsMerger(resource, action) {
+    const path = this.getActionPath(resource, action);
+    return this.merger.get(path) || [];
+  }
+  getActionPath(resource, action) {
+    return `${resource}${SPLIT}${action}`;
+  }
+  getParams(resource, action, extraParams = {}) {
+    const results = {};
+    for (const merger of this.getParamsMerger(resource, action)) {
+      _FixedParamsManager.mergeParams(results, merger());
+    }
+    if (extraParams) {
+      _FixedParamsManager.mergeParams(results, extraParams);
+    }
+    return results;
+  }
+  static mergeParams(a, b) {
+    (0, import_utils.assign)(a, b, {
+      filter: "andMerge",
+      fields: "intersect",
+      appends: "union",
+      except: "union",
+      whitelist: "intersect",
+      blacklist: "intersect",
+      sort: "overwrite"
+    });
+  }
+};
+__name(_FixedParamsManager, "FixedParamsManager");
+let FixedParamsManager = _FixedParamsManager;

package/lib/index.d.ts

@@ -0,0 +1,7 @@
+export * from './acl';
+export * from './acl-available-action';
+export * from './acl-available-strategy';
+export * from './acl-resource';
+export * from './acl-role';
+export * from './no-permission-error';
+export * from './skip-middleware';

package/lib/index.js

@@ -0,0 +1,33 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default"));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var src_exports = {};
+module.exports = __toCommonJS(src_exports);
+__reExport(src_exports, require("./acl"), module.exports);
+__reExport(src_exports, require("./acl-available-action"), module.exports);
+__reExport(src_exports, require("./acl-available-strategy"), module.exports);
+__reExport(src_exports, require("./acl-resource"), module.exports);
+__reExport(src_exports, require("./acl-role"), module.exports);
+__reExport(src_exports, require("./no-permission-error"), module.exports);
+__reExport(src_exports, require("./skip-middleware"), module.exports);
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  ...require("./acl"),
+  ...require("./acl-available-action"),
+  ...require("./acl-available-strategy"),
+  ...require("./acl-resource"),
+  ...require("./acl-role"),
+  ...require("./no-permission-error"),
+  ...require("./skip-middleware")
+});

package/lib/no-permission-error.d.ts

@@ -0,0 +1,4 @@
+declare class NoPermissionError extends Error {
+    constructor(...args: any[]);
+}
+export { NoPermissionError };

package/lib/no-permission-error.js

@@ -0,0 +1,34 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var no_permission_error_exports = {};
+__export(no_permission_error_exports, {
+  NoPermissionError: () => NoPermissionError
+});
+module.exports = __toCommonJS(no_permission_error_exports);
+const _NoPermissionError = class _NoPermissionError extends Error {
+  constructor(...args) {
+    super(...args);
+  }
+};
+__name(_NoPermissionError, "NoPermissionError");
+let NoPermissionError = _NoPermissionError;
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  NoPermissionError
+});

package/lib/skip-middleware.d.ts

@@ -0,0 +1,6 @@
+export declare const skip: (options: ACLSkipOptions) => (ctx: any, next: any) => Promise<void>;
+interface ACLSkipOptions {
+    resourceName: string;
+    actionName: string;
+}
+export {};

package/lib/skip-middleware.js

@@ -0,0 +1,38 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var skip_middleware_exports = {};
+__export(skip_middleware_exports, {
+  skip: () => skip
+});
+module.exports = __toCommonJS(skip_middleware_exports);
+const skip = /* @__PURE__ */ __name((options) => {
+  return /* @__PURE__ */ __name(async function ACLSkipMiddleware(ctx, next) {
+    const { resourceName, actionName } = ctx.action;
+    if (resourceName === options.resourceName && actionName === options.actionName) {
+      ctx.permission = {
+        skip: true
+      };
+    }
+    await next();
+  }, "ACLSkipMiddleware");
+}, "skip");
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  skip
+});

package/lib/snippet-manager.d.ts

@@ -0,0 +1,19 @@
+export type SnippetOptions = {
+    name: string;
+    actions: Array<string>;
+};
+declare class Snippet {
+    name: string;
+    actions: Array<string>;
+    constructor(name: string, actions: Array<string>);
+}
+export type SnippetGroup = {
+    name: string;
+    snippets: SnippetOptions[];
+};
+declare class SnippetManager {
+    snippets: Map<string, Snippet>;
+    register(snippet: SnippetOptions): void;
+    allow(actionPath: string, snippetName: string): boolean;
+}
+export default SnippetManager;

package/lib/snippet-manager.js

@@ -0,0 +1,64 @@
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var snippet_manager_exports = {};
+__export(snippet_manager_exports, {
+  default: () => snippet_manager_default
+});
+module.exports = __toCommonJS(snippet_manager_exports);
+var import_minimatch = __toESM(require("minimatch"));
+const _Snippet = class _Snippet {
+  constructor(name, actions) {
+    this.name = name;
+    this.actions = actions;
+  }
+};
+__name(_Snippet, "Snippet");
+let Snippet = _Snippet;
+const _SnippetManager = class _SnippetManager {
+  snippets = /* @__PURE__ */ new Map();
+  register(snippet) {
+    this.snippets.set(snippet.name, snippet);
+  }
+  allow(actionPath, snippetName) {
+    const negated = snippetName.startsWith("!");
+    snippetName = negated ? snippetName.slice(1) : snippetName;
+    const snippet = this.snippets.get(snippetName);
+    if (!snippet) {
+      return null;
+    }
+    const matched = snippet.actions.some((action) => (0, import_minimatch.default)(actionPath, action));
+    if (matched) {
+      return negated ? false : true;
+    }
+    return null;
+  }
+};
+__name(_SnippetManager, "SnippetManager");
+let SnippetManager = _SnippetManager;
+var snippet_manager_default = SnippetManager;

package/package.json

@@ -0,0 +1,22 @@
+{
+  "name": "@tachybase/acl",
+  "version": "0.23.8",
+  "description": "",
+  "license": "Apache-2.0",
+  "main": "./lib/index.js",
+  "types": "./lib/index.d.ts",
+  "dependencies": {
+    "koa-compose": "^4.1.0",
+    "lodash": "4.17.21",
+    "minimatch": "^5.1.6",
+    "@tachybase/resourcer": "0.23.8",
+    "@tachybase/utils": "0.23.8"
+  },
+  "devDependencies": {
+    "@types/lodash": "4.17.13",
+    "@types/node": "20.17.10"
+  },
+  "scripts": {
+    "build": "tachybase-build --no-dts @tachybase/acl"
+  }
+}