@tachybase/module-acl 0.23.8

package/dist/server/index.js

@@ -0,0 +1,50 @@
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default"));
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var server_exports = {};
+__export(server_exports, {
+  RoleModel: () => import_RoleModel.RoleModel,
+  RoleResourceActionModel: () => import_RoleResourceActionModel.RoleResourceActionModel,
+  RoleResourceModel: () => import_RoleResourceModel.RoleResourceModel,
+  default: () => import_server.default
+});
+module.exports = __toCommonJS(server_exports);
+__reExport(server_exports, require("./middlewares/setCurrentRole"), module.exports);
+__reExport(server_exports, require("./middlewares/with-acl-meta"), module.exports);
+var import_RoleResourceActionModel = require("./model/RoleResourceActionModel");
+var import_RoleResourceModel = require("./model/RoleResourceModel");
+var import_server = __toESM(require("./server"));
+var import_RoleModel = require("./model/RoleModel");
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  RoleModel,
+  RoleResourceActionModel,
+  RoleResourceModel,
+  ...require("./middlewares/setCurrentRole"),
+  ...require("./middlewares/with-acl-meta")
+});

package/dist/server/middlewares/setCurrentRole.d.ts

@@ -0,0 +1,2 @@
+import { Context } from '@tachybase/actions';
+export declare function setCurrentRole(ctx: Context, next: any): Promise<any>;

package/dist/server/middlewares/setCurrentRole.js

@@ -0,0 +1,74 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var setCurrentRole_exports = {};
+__export(setCurrentRole_exports, {
+  setCurrentRole: () => setCurrentRole
+});
+module.exports = __toCommonJS(setCurrentRole_exports);
+async function setCurrentRole(ctx, next) {
+  var _a, _b;
+  const currentRole = ctx.get("X-Role");
+  if (currentRole === "anonymous") {
+    ctx.state.currentRole = currentRole;
+    return next();
+  }
+  if (!ctx.state.currentUser) {
+    return next();
+  }
+  const attachRoles = ctx.state.attachRoles || [];
+  const cache = ctx.cache;
+  const repository = ctx.db.getRepository("users.roles", ctx.state.currentUser.id);
+  const roles = await cache.wrap(
+    `roles:${ctx.state.currentUser.id}`,
+    () => repository.find({
+      raw: true
+    })
+  );
+  if (!roles.length && !attachRoles.length) {
+    ctx.state.currentRole = void 0;
+    return ctx.throw(401, {
+      code: "USER_HAS_NO_ROLES_ERR",
+      message: ctx.t("The current user has no roles. Please try another account.", { ns: "acl" })
+    });
+  }
+  const rolesMap = /* @__PURE__ */ new Map();
+  attachRoles.forEach((role) => rolesMap.set(role.name, role));
+  roles.forEach((role) => rolesMap.set(role.name, role));
+  const userRoles = Array.from(rolesMap.values());
+  ctx.state.currentUser.roles = userRoles;
+  if (currentRole) {
+    ctx.state.currentRole = (_a = userRoles.find((role) => role.name === currentRole)) == null ? void 0 : _a.name;
+  } else {
+    const defaultRole = userRoles.find((role) => {
+      var _a2;
+      return (_a2 = role == null ? void 0 : role.rolesUsers) == null ? void 0 : _a2.default;
+    });
+    ctx.state.currentRole = (_b = defaultRole || userRoles[0]) == null ? void 0 : _b.name;
+  }
+  if (!ctx.state.currentRole) {
+    return ctx.throw(401, {
+      code: "ROLE_NOT_FOUND_ERR",
+      message: ctx.t("The user role does not exist. Please try signing in again", { ns: "acl" })
+    });
+  }
+  await next();
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  setCurrentRole
+});

package/dist/server/middlewares/with-acl-meta.d.ts

@@ -0,0 +1,2 @@
+declare function createWithACLMetaMiddleware(): (ctx: any, next: any) => Promise<void>;
+export { createWithACLMetaMiddleware };

package/dist/server/middlewares/with-acl-meta.js

@@ -0,0 +1,242 @@
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var with_acl_meta_exports = {};
+__export(with_acl_meta_exports, {
+  createWithACLMetaMiddleware: () => createWithACLMetaMiddleware
+});
+module.exports = __toCommonJS(with_acl_meta_exports);
+var import_acl = require("@tachybase/acl");
+var import_database = require("@tachybase/database");
+var import_lodash = __toESM(require("lodash"));
+function createWithACLMetaMiddleware() {
+  return async (ctx, next) => {
+    var _a, _b, _c;
+    await next();
+    const dataSourceKey = ctx.get("x-data-source");
+    const dataSource = ctx.app.dataSourceManager.dataSources.get(dataSourceKey);
+    const db = dataSource ? dataSource.collectionManager.db : ctx.db;
+    if (!db) {
+      return;
+    }
+    const acl = dataSource ? dataSource.acl : ctx.app.acl;
+    if (!ctx.action || !ctx.get("X-With-ACL-Meta") || ctx.status !== 200) {
+      return;
+    }
+    const { resourceName, actionName } = ctx.action;
+    if (!["list", "get"].includes(actionName)) {
+      return;
+    }
+    const collection = db.getCollection(resourceName);
+    if (!collection) {
+      return;
+    }
+    const Model = collection.model;
+    const primaryKeyField = Model.primaryKeyField || Model.primaryKeyAttribute;
+    const dataPath = ((_a = ctx.body) == null ? void 0 : _a.rows) ? "body.rows" : "body";
+    let listData = import_lodash.default.get(ctx, dataPath);
+    if (actionName === "get") {
+      listData = import_lodash.default.castArray(listData);
+    }
+    const inspectActions = ["view", "update", "destroy"];
+    const actionsParams = [];
+    for (const action of inspectActions) {
+      const actionCtx = {
+        db,
+        get: () => {
+          return void 0;
+        },
+        app: {
+          getDb() {
+            return db;
+          }
+        },
+        action: {
+          actionName: action,
+          name: action,
+          params: {},
+          resourceName: ctx.action.resourceName,
+          resourceOf: ctx.action.resourceOf,
+          mergeParams() {
+          }
+        },
+        state: {
+          currentRole: ctx.state.currentRole,
+          currentUser: (() => {
+            var _a2;
+            if (!ctx.state.currentUser) {
+              return null;
+            }
+            if (ctx.state.currentUser.toJSON) {
+              return (_a2 = ctx.state.currentUser) == null ? void 0 : _a2.toJSON();
+            }
+            return ctx.state.currentUser;
+          })()
+        },
+        permission: {},
+        throw(...args) {
+          throw new import_acl.NoPermissionError(...args);
+        }
+      };
+      try {
+        await acl.getActionParams(actionCtx);
+      } catch (e) {
+        if (e instanceof import_acl.NoPermissionError) {
+          continue;
+        }
+        throw e;
+      }
+      actionsParams.push([
+        action,
+        ((_b = actionCtx.permission) == null ? void 0 : _b.can) === null && !actionCtx.permission.skip ? null : ((_c = actionCtx.permission) == null ? void 0 : _c.parsedParams) || {},
+        actionCtx
+      ]);
+    }
+    const ids = (() => {
+      if (collection.options.tree) {
+        if (listData.length === 0) return [];
+        const getAllNodeIds = (data) => [data[primaryKeyField], ...(data.children || []).flatMap(getAllNodeIds)];
+        return listData.map((tree) => getAllNodeIds(tree.toJSON())).flat();
+      }
+      return listData.filter(Boolean).map((item) => item[primaryKeyField]);
+    })();
+    const conditions = [];
+    const allAllowed = [];
+    for (const [action, params, actionCtx] of actionsParams) {
+      if (!params) {
+        continue;
+      }
+      if (import_lodash.default.isEmpty(params) || import_lodash.default.isEmpty(params.filter)) {
+        allAllowed.push(action);
+        continue;
+      }
+      const queryParams = collection.repository.buildQueryOptions({
+        ...params,
+        context: actionCtx
+      });
+      const actionSql = ctx.db.sequelize.queryInterface.queryGenerator.selectQuery(
+        Model.getTableName(),
+        {
+          where: (() => {
+            const filterObj = queryParams.where;
+            if (!db.options.underscored) {
+              return filterObj;
+            }
+            const isAssociationKey = (key) => {
+              return key.startsWith("$") && key.endsWith("$");
+            };
+            const iterate = (rootObj, path = []) => {
+              const obj = path.length === 0 ? rootObj : import_lodash.default.get(rootObj, path);
+              if (Array.isArray(obj)) {
+                for (let i = 0; i < obj.length; i++) {
+                  if (obj[i] === null) {
+                    continue;
+                  }
+                  if (typeof obj[i] === "object") {
+                    iterate(rootObj, [...path, i]);
+                  }
+                }
+                return;
+              }
+              Reflect.ownKeys(obj).forEach((key) => {
+                if (Array.isArray(obj) && key === "length") {
+                  return;
+                }
+                if (typeof obj[key] === "object" && obj[key] !== null || typeof obj[key] === "symbol") {
+                  iterate(rootObj, [...path, key]);
+                }
+                if (typeof key === "string" && key !== (0, import_database.snakeCase)(key)) {
+                  const setKey = isAssociationKey(key) ? (() => {
+                    const parts = key.split(".");
+                    parts[parts.length - 1] = import_lodash.default.snakeCase(parts[parts.length - 1]);
+                    const result = parts.join(".");
+                    return result.endsWith("$") ? result : `${result}$`;
+                  })() : (0, import_database.snakeCase)(key);
+                  const setValue = import_lodash.default.cloneDeep(obj[key]);
+                  import_lodash.default.unset(rootObj, [...path, key]);
+                  import_lodash.default.set(rootObj, [...path, setKey], setValue);
+                }
+              });
+            };
+            iterate(filterObj);
+            return filterObj;
+          })(),
+          attributes: [primaryKeyField],
+          includeIgnoreAttributes: false
+        },
+        Model
+      );
+      const whereCase = actionSql.match(/WHERE (.*?);/)[1];
+      conditions.push({
+        whereCase,
+        action,
+        include: queryParams.include
+      });
+    }
+    let include = conditions.map((condition) => condition.include).flat();
+    const whereCases = conditions.map((condition) => condition.whereCase);
+    include = include.filter((inc) => {
+      return conditions.some((condition) => {
+        return whereCases.some((whereCase) => whereCase.includes(inc.association));
+      });
+    });
+    const results = await collection.model.findAll({
+      where: {
+        [primaryKeyField]: ids
+      },
+      attributes: [
+        primaryKeyField,
+        ...conditions.map((condition) => {
+          return [ctx.db.sequelize.literal(`CASE WHEN ${condition.whereCase} THEN 1 ELSE 0 END`), condition.action];
+        })
+      ],
+      include
+    });
+    const allowedActions = inspectActions.map((action) => {
+      if (allAllowed.includes(action)) {
+        return [action, ids];
+      }
+      return [action, results.filter((item) => Boolean(item.get(action))).map((item) => item.get(primaryKeyField))];
+    }).reduce((acc, [action, ids2]) => {
+      acc[action] = ids2;
+      return acc;
+    }, {});
+    if (actionName === "get") {
+      ctx.bodyMeta = {
+        ...ctx.bodyMeta,
+        allowedActions
+      };
+    }
+    if (actionName === "list") {
+      ctx.body.allowedActions = allowedActions;
+    }
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createWithACLMetaMiddleware
+});

package/dist/server/migrations/20221214072638-set-role-snippets.d.ts

@@ -0,0 +1,6 @@
+import { Migration } from '@tachybase/server';
+export default class extends Migration {
+    appVersion: string;
+    up(): Promise<void>;
+    down(): Promise<void>;
+}

package/dist/server/migrations/20221214072638-set-role-snippets.js

@@ -0,0 +1,43 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var set_role_snippets_exports = {};
+__export(set_role_snippets_exports, {
+  default: () => set_role_snippets_default
+});
+module.exports = __toCommonJS(set_role_snippets_exports);
+var import_server = require("@tachybase/server");
+class set_role_snippets_default extends import_server.Migration {
+  appVersion = "<0.9.0-alpha.1";
+  async up() {
+    const result = await this.app.version.satisfies("<0.9.0-alpha.1");
+    if (!result) {
+      return;
+    }
+    await this.app.db.getRepository("roles").update({
+      filter: {
+        $or: [{ allowConfigure: true }, { name: "root" }]
+      },
+      values: {
+        snippets: ["ui.*", "pm", "pm.*"],
+        allowConfigure: false
+      }
+    });
+  }
+  async down() {
+  }
+}

package/dist/server/model/RoleModel.d.ts

@@ -0,0 +1,8 @@
+import { ACL } from '@tachybase/acl';
+import { Model } from '@tachybase/database';
+export declare class RoleModel extends Model {
+    writeToAcl(options: {
+        acl: ACL;
+        withOutStrategy?: boolean;
+    }): void;
+}

package/dist/server/model/RoleModel.js

@@ -0,0 +1,46 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var RoleModel_exports = {};
+__export(RoleModel_exports, {
+  RoleModel: () => RoleModel
+});
+module.exports = __toCommonJS(RoleModel_exports);
+var import_database = require("@tachybase/database");
+class RoleModel extends import_database.Model {
+  writeToAcl(options) {
+    const { acl } = options;
+    const roleName = this.get("name");
+    let role = acl.getRole(roleName);
+    if (!role) {
+      role = acl.define({
+        role: roleName
+      });
+    }
+    if (options.withOutStrategy !== true) {
+      role.setStrategy({
+        ...this.get("strategy") || {},
+        allowConfigure: this.get("allowConfigure")
+      });
+    }
+    role.snippets = new Set(this.get("snippets"));
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  RoleModel
+});

package/dist/server/model/RoleResourceActionModel.d.ts

@@ -0,0 +1,12 @@
+import { ACL, ACLRole } from '@tachybase/acl';
+import { Model } from '@tachybase/database';
+import { AssociationFieldsActions, GrantHelper } from '../server';
+export declare class RoleResourceActionModel extends Model {
+    writeToACL(options: {
+        acl: ACL;
+        role: ACLRole;
+        resourceName: string;
+        associationFieldsActions: AssociationFieldsActions;
+        grantHelper: GrantHelper;
+    }): Promise<void>;
+}

package/dist/server/model/RoleResourceActionModel.js

@@ -0,0 +1,85 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var RoleResourceActionModel_exports = {};
+__export(RoleResourceActionModel_exports, {
+  RoleResourceActionModel: () => RoleResourceActionModel
+});
+module.exports = __toCommonJS(RoleResourceActionModel_exports);
+var import_database = require("@tachybase/database");
+class RoleResourceActionModel extends import_database.Model {
+  async writeToACL(options) {
+    var _a;
+    const db = this.constructor.database;
+    const { resourceName, role, acl, associationFieldsActions, grantHelper } = options;
+    const actionName = this.get("name");
+    const fields = this.get("fields");
+    const actionPath = `${resourceName}:${actionName}`;
+    const actionParams = {
+      fields
+    };
+    const scope = await this.getScope();
+    if (scope) {
+      actionParams["own"] = scope.get("key") === "own";
+      actionParams["filter"] = scope.get("scope");
+    }
+    role.grantAction(actionPath, actionParams);
+    const collection = db.getCollection(resourceName);
+    if (!collection) {
+      return;
+    }
+    const availableAction = acl.resolveActionAlias(actionName);
+    for (const field of fields) {
+      const collectionField = collection.getField(field);
+      if (!collectionField) {
+        console.log(`field ${field} does not exist at ${collection.name}`);
+        continue;
+      }
+      const fieldType = collectionField.get("type");
+      const fieldActions = (_a = associationFieldsActions == null ? void 0 : associationFieldsActions[fieldType]) == null ? void 0 : _a[availableAction];
+      const fieldTarget = collectionField.get("target");
+      if (fieldActions) {
+        const associationActions = fieldActions.associationActions || [];
+        associationActions.forEach((associationAction) => {
+          const actionName2 = `${resourceName}.${collectionField.get("name")}:${associationAction}`;
+          role.grantAction(actionName2);
+        });
+        const targetActions = fieldActions.targetActions || [];
+        targetActions.forEach((targetAction) => {
+          const targetActionPath = `${fieldTarget}:${targetAction}`;
+          const existsAction = role.getActionParams(targetActionPath);
+          if (existsAction) {
+            return;
+          }
+          grantHelper.resourceTargetActionMap.set(`${role.name}.${resourceName}`, [
+            ...grantHelper.resourceTargetActionMap.get(resourceName) || [],
+            targetActionPath
+          ]);
+          grantHelper.targetActionResourceMap.set(targetActionPath, [
+            ...grantHelper.targetActionResourceMap.get(targetActionPath) || [],
+            `${role.name}.${resourceName}`
+          ]);
+          role.grantAction(targetActionPath);
+        });
+      }
+    }
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  RoleResourceActionModel
+});

package/dist/server/model/RoleResourceModel.d.ts

@@ -0,0 +1,18 @@
+import { ACL, ACLRole } from '@tachybase/acl';
+import { Model } from '@tachybase/database';
+import Application from '@tachybase/server';
+import { AssociationFieldsActions, GrantHelper } from '../server';
+export declare class RoleResourceModel extends Model {
+    revoke(options: {
+        role: ACLRole;
+        resourceName: string;
+        grantHelper: GrantHelper;
+    }): Promise<void>;
+    writeToACL(options: {
+        acl: ACL;
+        associationFieldsActions: AssociationFieldsActions;
+        grantHelper: GrantHelper;
+        transaction: any;
+        app?: Application;
+    }): Promise<void>;
+}

package/dist/server/model/RoleResourceModel.js

@@ -0,0 +1,79 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var RoleResourceModel_exports = {};
+__export(RoleResourceModel_exports, {
+  RoleResourceModel: () => RoleResourceModel
+});
+module.exports = __toCommonJS(RoleResourceModel_exports);
+var import_acl = require("@tachybase/acl");
+var import_database = require("@tachybase/database");
+class RoleResourceModel extends import_database.Model {
+  async revoke(options) {
+    const { role, resourceName, grantHelper } = options;
+    role.revokeResource(resourceName);
+    const targetActions = grantHelper.resourceTargetActionMap.get(`${role.name}.${resourceName}`) || [];
+    for (const targetAction of targetActions) {
+      const targetActionResource = (grantHelper.targetActionResourceMap.get(targetAction) || []).filter(
+        (item) => `${role.name}.${resourceName}` !== item
+      );
+      grantHelper.targetActionResourceMap.set(targetAction, targetActionResource);
+      if (targetActionResource.length === 0) {
+        role.revokeAction(targetAction);
+      }
+    }
+    grantHelper.resourceTargetActionMap.set(`${role.name}.${resourceName}`, []);
+  }
+  async writeToACL(options) {
+    const { acl, associationFieldsActions, grantHelper } = options;
+    const resourceName = this.get("name");
+    const roleName = this.get("roleName");
+    const role = acl.getRole(roleName);
+    if (!role) {
+      console.log(`${roleName} role does not exist`);
+      return;
+    }
+    await this.revoke({ role, resourceName, grantHelper });
+    if (this.usingActionsConfig === false) {
+      return;
+    }
+    const resource = new import_acl.ACLResource({
+      role,
+      name: resourceName
+    });
+    role.resources.set(resourceName, resource);
+    const actions = await this.getActions({
+      transaction: options.transaction
+    });
+    for (const action of actions) {
+      await action.writeToACL({
+        acl,
+        role,
+        resourceName,
+        associationFieldsActions,
+        grantHelper: options.grantHelper
+      });
+    }
+    if (options.app) {
+      await options.app.emitAsync("dataSource:writeToAcl", { roleName, transaction: options.transaction });
+    }
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  RoleResourceModel
+});