cabloy 5.1.104 → 5.1.106
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.cabloy-version +1 -1
- package/.claude/skills/cabloy-backend-scaffold/references/follow-up-checklist.md +1 -1
- package/CHANGELOG.md +15 -0
- package/CLAUDE.md +1 -0
- package/cabloy-docs/backend/controller-aop-guide.md +2 -2
- package/cabloy-docs/backend/field-indexes.md +10 -1
- package/cabloy-docs/backend/menu-guide.md +30 -0
- package/cabloy-docs/frontend/model-state-guide.md +2 -0
- package/cabloy-docs/frontend/use-state-data-best-practices.md +23 -0
- package/package.json +1 -1
- package/vona/packages-vona/vona/package.json +1 -1
- package/vona/patches/{zova-core@5.1.77.patch → zova-core@5.1.78.patch} +2 -2
- package/vona/pnpm-lock.yaml +53 -53
- package/vona/pnpm-workspace.yaml +1 -1
- package/vona/src/suite/a-home/modules/home-user/src/bean/eventListener.activate.ts +5 -4
- package/vona/src/suite/a-home/modules/home-user/src/bean/meta.version.ts +10 -6
- package/vona/src/suite/a-home/modules/home-user/src/config/config.ts +1 -1
- package/vona/src/suite/a-home/modules/home-user/src/entity/role.ts +4 -0
- package/vona/src/suite/a-home/modules/home-user/src/service/passportAdapter.ts +2 -2
- package/vona/src/suite/a-home/modules/home-user/src/service/roleAdapter.ts +5 -5
- package/vona/src/suite/a-training/modules/training-record/src/bean/ssrMenu.record.ts +1 -0
- package/vona/src/suite/a-training/modules/training-student/src/bean/ssrMenu.student.ts +1 -0
- package/vona/src/suite/cabloy-basic/modules/basic-siteadmin/src/bean/ssrMenu.home.ts +1 -0
- package/vona/src/suite/cabloy-basic/modules/basic-siteadmin/src/bean/ssrSite.admin.ts +5 -1
- package/vona/src/suite/cabloy-basic/modules/basic-siteweb/src/bean/ssrSite.web.ts +5 -1
- package/vona/src/suite-vendor/a-auth/modules/a-auth/package.json +1 -1
- package/vona/src/suite-vendor/a-auth/modules/a-auth/src/service/auth.ts +5 -1
- package/vona/src/suite-vendor/a-auth/package.json +1 -1
- package/vona/src/suite-vendor/a-cabloy/modules/a-ssr/cli/ssrSite/boilerplate/{{sceneName}}.{{beanName}}.ts_ +5 -3
- package/vona/src/suite-vendor/a-cabloy/modules/a-ssr/package.json +1 -1
- package/vona/src/suite-vendor/a-cabloy/modules/a-ssr/src/bean/event.retrieveMenusSite.ts +2 -2
- package/vona/src/suite-vendor/a-cabloy/modules/a-ssr/src/lib/beanSsrSiteBase.ts +33 -8
- package/vona/src/suite-vendor/a-cabloy/modules/a-ssr/src/service/ssr.ts +46 -16
- package/vona/src/suite-vendor/a-cabloy/modules/a-ssr/src/service/ssrHandler.ts +2 -4
- package/vona/src/suite-vendor/a-cabloy/modules/a-ssr/src/types/env.ts +1 -0
- package/vona/src/suite-vendor/a-cabloy/modules/a-ssr/src/types/ssrMenu.ts +10 -1
- package/vona/src/suite-vendor/a-cabloy/modules/a-ssr/src/types/ssrSite.ts +3 -1
- package/vona/src/suite-vendor/a-cabloy/package.json +1 -1
- package/vona/src/suite-vendor/a-vona/modules/a-permission/package.json +1 -1
- package/vona/src/suite-vendor/a-vona/modules/a-permission/src/.metadata/index.ts +18 -2
- package/vona/src/suite-vendor/a-vona/modules/a-permission/src/bean/bean.permission.ts +6 -1
- package/vona/src/suite-vendor/a-vona/modules/a-permission/src/bean/event.retrievePermissionAction.ts +16 -0
- package/vona/src/suite-vendor/a-vona/modules/a-user/package.json +1 -1
- package/vona/src/suite-vendor/a-vona/modules/a-user/src/bean/bean.passport.ts +2 -2
- package/vona/src/suite-vendor/a-vona/modules/a-user/src/lib/passport.ts +7 -4
- package/vona/src/suite-vendor/a-vona/modules/a-user/src/types/passport.ts +1 -1
- package/vona/src/suite-vendor/a-vona/modules/a-user/src/types/role.ts +3 -1
- package/vona/src/suite-vendor/a-vona/package.json +1 -1
- package/zova/env/.env.cabloyBasicAdmin +2 -0
- package/zova/env/.env.cabloyBasicWeb +2 -0
- package/zova/packages-utils/zova-jsx/package.json +2 -2
- package/zova/packages-zova/zova/package.json +3 -3
- package/zova/packages-zova/zova-core/package.json +1 -1
- package/zova/packages-zova/zova-core/src/core/sys/sys.ts +3 -0
- package/zova/packages-zova/zova-core/src/types/utils/env.ts +1 -0
- package/zova/pnpm-lock.yaml +9 -9
- package/zova/src/suite/a-home/modules/home-api/src/api/homeUserPassport.ts +19 -19
- package/zova/src/suite/a-home/modules/home-api/src/api/openapi/types.ts +11 -10
- package/zova/src/suite/a-home/modules/home-api/src/apiSchema/homeUserPassport.ts +5 -5
- package/zova/src/suite/a-home/modules/home-base/src/.metadata/page/errorAccessDenied.ts +9 -0
- package/zova/src/suite/a-home/modules/home-base/src/page/errorAccessDenied/controller.tsx +40 -0
- package/zova/src/suite/a-home/modules/home-base/src/routes.ts +9 -0
- package/zova/src/suite/a-home/modules/home-base/src/service/routerGuards.ts +21 -12
- package/zova/src/suite/a-home/modules/home-passport/src/model/passport.ts +2 -2
- package/zova/src/suite-vendor/a-zova/modules/a-router/package.json +1 -1
- package/zova/src/suite-vendor/a-zova/modules/a-router/src/monkeySys.ts +10 -1
- package/zova/src/suite-vendor/a-zova/modules/a-router/src/types/router.ts +1 -0
- package/zova/src/suite-vendor/a-zova/modules/a-zova/package.json +2 -2
- package/zova/src/suite-vendor/a-zova/package.json +3 -3
package/.cabloy-version
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
5.1.
|
|
1
|
+
5.1.106
|
|
@@ -24,7 +24,7 @@ After generating or extending a backend thread, check which follow-up layers app
|
|
|
24
24
|
|
|
25
25
|
- migration/version changes
|
|
26
26
|
- `meta.version`
|
|
27
|
-
- field indexes
|
|
27
|
+
- field indexes; in shared-database multitenancy, preserve ordinary lookup indexes and enforce business uniqueness in tenant-aware business logic rather than with `table.unique(...)`
|
|
28
28
|
- relations
|
|
29
29
|
- datasource choice
|
|
30
30
|
- cache behavior
|
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,20 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 5.1.106
|
|
4
|
+
|
|
5
|
+
### Improvements
|
|
6
|
+
|
|
7
|
+
- Refresh the Zova lockfile and update the Vona Zova Core patch.
|
|
8
|
+
|
|
9
|
+
## 5.1.105
|
|
10
|
+
|
|
11
|
+
### Features
|
|
12
|
+
|
|
13
|
+
- Filter SSR menus based on user roles.
|
|
14
|
+
- Add SSR site access policies.
|
|
15
|
+
- Add an event for retrieving action permissions.
|
|
16
|
+
- Update `monkeySys.ts` functionality.
|
|
17
|
+
|
|
3
18
|
## 5.1.104
|
|
4
19
|
|
|
5
20
|
### Features
|
package/CLAUDE.md
CHANGED
|
@@ -67,6 +67,7 @@ Before inventing a custom implementation path:
|
|
|
67
67
|
- `src/bean` defines the global shorthand surface; classes that should not appear in `IBeanRecordGlobal` should move to `src/lib` or `src/service` rather than being filtered by `@Virtual()`.
|
|
68
68
|
- When backend code references `this.bean.xxx`, `ctx.bean.xxx`, or `app.bean.xxx`, use `IBeanRecordGlobal` and module `src/.metadata/index.ts` as the first static lookup surface; use `IBeanRecordGeneral` or `src/service` only when the target is not a global shorthand.
|
|
69
69
|
- When adding a persisted field to an existing backend resource, ask the user whether `vonaModule.fileVersion` should be incremented before changing `meta.version.ts` or the module schema path. If yes, add a new migration version and bump `fileVersion`. If no, keep the current `fileVersion` and fold the schema change into the current version path. Do not assume the versioning strategy without confirmation.
|
|
70
|
+
- In shared-database multitenancy, do not use `table.unique(...)` for business uniqueness. Keep ordinary indexes for lookup performance and enforce tenant-scoped uniqueness in the business layer.
|
|
70
71
|
- For `@Api.field(...)` and related schemaLike composition, framework guards now preserve previously attached OpenAPI metadata across schema rebuilds, but structure-shaping schemaLike is still order-sensitive. Treat `v.object(...)`, `v.array(...)`, `v.optional()`, `v.nullable()`, `v.default(...)`, and preprocess/transform wrappers as structure-shaping; keep the final structure-defining schemaLike last and verify emitted schema/OpenAPI output after such edits.
|
|
71
72
|
|
|
72
73
|
## Verification expectations
|
|
@@ -93,8 +93,8 @@ Typical jobs include:
|
|
|
93
93
|
```typescript
|
|
94
94
|
@Passport.public()
|
|
95
95
|
@Passport.activated(false)
|
|
96
|
-
@Passport.roleName({ name: '
|
|
97
|
-
@Passport.
|
|
96
|
+
@Passport.roleName({ name: 'systemAdmin' })
|
|
97
|
+
@Passport.systemAdmin()
|
|
98
98
|
```
|
|
99
99
|
|
|
100
100
|
These shorthands still map back to the generic aspect model.
|
|
@@ -66,6 +66,14 @@ Field indexes can also be configured through app config.
|
|
|
66
66
|
|
|
67
67
|
That means index behavior participates in the broader configuration system rather than being locked into one metadata file only.
|
|
68
68
|
|
|
69
|
+
## Shared-database multitenancy and business uniqueness
|
|
70
|
+
|
|
71
|
+
Ordinary indexes in `meta.index` improve lookup and query performance. They do not define a business uniqueness rule.
|
|
72
|
+
|
|
73
|
+
In shared-database multitenancy, do not use `table.unique(...)` for tenant-scoped business uniqueness. A database-wide unique constraint can reject the same business value when it belongs to a different tenant.
|
|
74
|
+
|
|
75
|
+
Keep the ordinary indexes needed by the access pattern, and enforce the tenant-scoped uniqueness rule in tenant-aware business logic.
|
|
76
|
+
|
|
69
77
|
## Implementation checks for persistence changes
|
|
70
78
|
|
|
71
79
|
When changing persistence design, do not stop at entity fields and model methods.
|
|
@@ -74,7 +82,8 @@ Also ask:
|
|
|
74
82
|
|
|
75
83
|
1. does this access pattern need an index?
|
|
76
84
|
2. should the index belong in `meta.index`?
|
|
77
|
-
3.
|
|
85
|
+
3. does a business key need tenant-scoped uniqueness, to be enforced in tenant-aware business logic rather than with `table.unique(...)`?
|
|
86
|
+
4. is the typed style a better fit than raw string declarations?
|
|
78
87
|
|
|
79
88
|
That leads to backend changes that are more production-aware and more aligned with Vona’s module metadata model.
|
|
80
89
|
|
|
@@ -55,6 +55,36 @@ This makes menu retrieval part of the broader backend contract surface.
|
|
|
55
55
|
|
|
56
56
|
In the current repo implementation, the out-of-the-box menu controller is public and delegates directly to `this.scope.service.menu.retrieveMenus(publicPath)`.
|
|
57
57
|
|
|
58
|
+
## Static menu visibility
|
|
59
|
+
|
|
60
|
+
`@SsrMenu(...)` items can declare static role visibility without changing the public menu DTO:
|
|
61
|
+
|
|
62
|
+
```typescript
|
|
63
|
+
@SsrMenu({
|
|
64
|
+
item: {
|
|
65
|
+
title: $locale('Operations'),
|
|
66
|
+
link: 'presetResource',
|
|
67
|
+
roles: ['systemAdmin'],
|
|
68
|
+
},
|
|
69
|
+
site: 'basic-siteadmin:admin',
|
|
70
|
+
})
|
|
71
|
+
```
|
|
72
|
+
|
|
73
|
+
- Omit `roles`, or use `roles: []`, to make an item visible to anonymous and authenticated callers.
|
|
74
|
+
- A nonempty `roles` array is visible when the current Passport has at least one matching role name.
|
|
75
|
+
- `roles` is server-only declaration metadata. It is filtered out before the API response and is not part of `IMenuItem`, OpenAPI, or generated frontend clients.
|
|
76
|
+
- This controls navigation disclosure only. It never grants access to a page, controller action, API, or resource; those boundaries retain their own route and Passport/permission guards.
|
|
77
|
+
|
|
78
|
+
SSR Site menu definitions are cached structurally by Site and locale. The framework keeps static role policy in that prepared cache, then creates a filtered response for each request without mutating the cached definition.
|
|
79
|
+
|
|
80
|
+
### Frontend query lifecycle
|
|
81
|
+
|
|
82
|
+
Passport filtering does not add user or role identity to the frontend menu query key. The menu resource remains keyed by stable inputs: Site/public path and locale.
|
|
83
|
+
|
|
84
|
+
On login, `ModelPassport.afterLogin()` stores the Passport/JWT before returning to the destination layout. The layout's ordinary `$useStateData(...)` lifecycle refreshes stale menu data using the newly authenticated request context. On logout, the Passport model navigates to login and then clears query data.
|
|
85
|
+
|
|
86
|
+
A dynamic role or menu-policy change while the user remains signed in is different: the mutation owner must explicitly refresh authoritative Passport state when needed and invalidate or refetch the affected menu query. This is UI freshness behavior only; route, controller, API, and resource authorization remain enforced independently by their existing guards.
|
|
87
|
+
|
|
58
88
|
## Relationship to frontend integration
|
|
59
89
|
|
|
60
90
|
Menu retrieval is especially relevant in SSR-sensitive frontend flows.
|
|
@@ -336,6 +336,8 @@ that logical key is prefixed internally with model identity, and with selector w
|
|
|
336
336
|
|
|
337
337
|
That means model code can use short business-facing keys while still getting namespace isolation.
|
|
338
338
|
|
|
339
|
+
Automatic model namespacing does not make every varying runtime value part of the logical key. Logical keys still describe stable resource inputs. Do not add a user or role fingerprint solely because a backend response is evaluated through the current Passport; use the normal authentication lifecycle for login/logout and explicitly invalidate or refetch affected stable keys for an in-session policy change. See [use-state-data-best-practices.md](./use-state-data-best-practices.md) for the full rule.
|
|
340
|
+
|
|
339
341
|
## Persistence and restore behavior
|
|
340
342
|
|
|
341
343
|
Current source treats persistence as part of the model-state runtime.
|
|
@@ -325,6 +325,29 @@ Readable keys improve:
|
|
|
325
325
|
- tracing cache behavior
|
|
326
326
|
- future refactors when similar query families grow
|
|
327
327
|
|
|
328
|
+
## Practical rule 9: key stable resource inputs, not ambient caller identity
|
|
329
|
+
|
|
330
|
+
A `$useStateData(...)` query key identifies the stable variant of a resource. Include inputs that change that variant, such as an operation or resource identifier, filters, pagination, Site/public path, or locale.
|
|
331
|
+
|
|
332
|
+
Do not append the current username, authenticated flag, Passport role names or IDs, or another authorization fingerprint merely because the server evaluates the current Passport while producing the response. Those values are ambient request context, not automatically part of the frontend resource identity.
|
|
333
|
+
|
|
334
|
+
Normal authentication transitions already provide lifecycle boundaries: login stores the new Passport before navigating into the destination model, and that model's ordinary query lifecycle refreshes stale data under the new request context. Logout clears query data after leaving protected UI.
|
|
335
|
+
|
|
336
|
+
Use explicit invalidation or refetch when authorization policy changes during an otherwise continuing authenticated session, such as an administrator changing role membership, Site policy, or menu policy. Refresh authoritative Passport state when necessary, then synchronize the affected stable resource key; do not turn a policy fingerprint into the key by default.
|
|
337
|
+
|
|
338
|
+
For example, the menu resource is keyed by its stable Site/public path and locale:
|
|
339
|
+
|
|
340
|
+
```ts
|
|
341
|
+
queryKey: ['retrieveMenus', publicPath, locale];
|
|
342
|
+
```
|
|
343
|
+
|
|
344
|
+
Do not key it by the current roles:
|
|
345
|
+
|
|
346
|
+
```ts
|
|
347
|
+
// Avoid: roles are ambient request policy, not menu resource identity.
|
|
348
|
+
queryKey: ['retrieveMenus', publicPath, locale, roleNames];
|
|
349
|
+
```
|
|
350
|
+
|
|
328
351
|
## Anti-pattern: command-first controller state
|
|
329
352
|
|
|
330
353
|
A common anti-pattern looks like this:
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "vona",
|
|
3
|
-
"version": "5.1.
|
|
3
|
+
"version": "5.1.74",
|
|
4
4
|
"gitHead": "a79189b882c17af5911573896a781bbb0046d37d",
|
|
5
5
|
"description": "Vona is an intuitive, elegant and powerful Node.js framework for rapidly developing enterprise applications of any size",
|
|
6
6
|
"keywords": [
|
|
@@ -32,10 +32,10 @@ index 838e299407218b7bfac469d42a12d6ab59820380..e8b61cc231e39ee3a270ee513ab43ff5
|
|
|
32
32
|
//# sourceMappingURL=module.d.ts.map
|
|
33
33
|
|
|
34
34
|
diff --git a/dist/types/utils/env.d.ts b/dist/types/utils/env.d.ts
|
|
35
|
-
index
|
|
35
|
+
index 7eb5fa0c4d5c23e046b1cebb64cf8ce85c0302fa..5f6aa470d4a88262e2108ff086923c673fdfbf67 100644
|
|
36
36
|
--- a/dist/types/utils/env.d.ts
|
|
37
37
|
+++ b/dist/types/utils/env.d.ts
|
|
38
|
-
@@ -
|
|
38
|
+
@@ -35,19 +35,4 @@ export interface ZovaConfigEnv {
|
|
39
39
|
MOCK_BUILD: string | undefined;
|
|
40
40
|
MOCK_BUILD_PORT: string | undefined;
|
|
41
41
|
}
|
package/vona/pnpm-lock.yaml
CHANGED
|
@@ -16,7 +16,7 @@ overrides:
|
|
|
16
16
|
zod: npm:@cabloy/zod@4.3.8
|
|
17
17
|
|
|
18
18
|
patchedDependencies:
|
|
19
|
-
zova-core@5.1.
|
|
19
|
+
zova-core@5.1.78: ff659aa5f659be32501f56841b72f148c24acf1546f79cce551586e27fcde2ce
|
|
20
20
|
|
|
21
21
|
importers:
|
|
22
22
|
|
|
@@ -501,11 +501,11 @@ importers:
|
|
|
501
501
|
specifier: npm:@cabloy/zod@4.3.8
|
|
502
502
|
version: '@cabloy/zod@4.3.8'
|
|
503
503
|
zova:
|
|
504
|
-
specifier: ^5.1.
|
|
505
|
-
version: 5.1.
|
|
504
|
+
specifier: ^5.1.135
|
|
505
|
+
version: 5.1.135(typescript@5.9.3)(vue@3.5.39(typescript@5.9.3))
|
|
506
506
|
zova-jsx:
|
|
507
|
-
specifier: ^1.1.
|
|
508
|
-
version: 1.1.
|
|
507
|
+
specifier: ^1.1.78
|
|
508
|
+
version: 1.1.78(typescript@5.9.3)
|
|
509
509
|
zova-module-a-api:
|
|
510
510
|
specifier: ^5.1.21
|
|
511
511
|
version: 5.1.21
|
|
@@ -528,17 +528,17 @@ importers:
|
|
|
528
528
|
specifier: ^5.1.29
|
|
529
529
|
version: 5.1.29
|
|
530
530
|
zova-module-a-model:
|
|
531
|
-
specifier: ^5.1.
|
|
532
|
-
version: 5.1.
|
|
531
|
+
specifier: ^5.1.33
|
|
532
|
+
version: 5.1.33(vue@3.5.39(typescript@5.9.3))
|
|
533
533
|
zova-module-a-openapi:
|
|
534
534
|
specifier: ^5.1.43
|
|
535
535
|
version: 5.1.43
|
|
536
536
|
zova-module-a-router:
|
|
537
|
-
specifier: ^5.1.
|
|
538
|
-
version: 5.1.
|
|
537
|
+
specifier: ^5.1.30
|
|
538
|
+
version: 5.1.30
|
|
539
539
|
zova-module-a-routertabs:
|
|
540
|
-
specifier: ^5.1.
|
|
541
|
-
version: 5.1.
|
|
540
|
+
specifier: ^5.1.33
|
|
541
|
+
version: 5.1.33
|
|
542
542
|
zova-module-a-ssr:
|
|
543
543
|
specifier: ^5.1.29
|
|
544
544
|
version: 5.1.29
|
|
@@ -573,11 +573,11 @@ importers:
|
|
|
573
573
|
specifier: npm:@cabloy/zod@4.3.8
|
|
574
574
|
version: '@cabloy/zod@4.3.8'
|
|
575
575
|
zova:
|
|
576
|
-
specifier: ^5.1.
|
|
577
|
-
version: 5.1.
|
|
576
|
+
specifier: ^5.1.135
|
|
577
|
+
version: 5.1.135(typescript@5.9.3)(vue@3.5.39(typescript@5.9.3))
|
|
578
578
|
zova-jsx:
|
|
579
|
-
specifier: ^1.1.
|
|
580
|
-
version: 1.1.
|
|
579
|
+
specifier: ^1.1.78
|
|
580
|
+
version: 1.1.78(typescript@5.9.3)
|
|
581
581
|
zova-module-a-api:
|
|
582
582
|
specifier: ^5.1.21
|
|
583
583
|
version: 5.1.21
|
|
@@ -600,17 +600,17 @@ importers:
|
|
|
600
600
|
specifier: ^5.1.29
|
|
601
601
|
version: 5.1.29
|
|
602
602
|
zova-module-a-model:
|
|
603
|
-
specifier: ^5.1.
|
|
604
|
-
version: 5.1.
|
|
603
|
+
specifier: ^5.1.33
|
|
604
|
+
version: 5.1.33(vue@3.5.39(typescript@5.9.3))
|
|
605
605
|
zova-module-a-openapi:
|
|
606
606
|
specifier: ^5.1.43
|
|
607
607
|
version: 5.1.43
|
|
608
608
|
zova-module-a-router:
|
|
609
|
-
specifier: ^5.1.
|
|
610
|
-
version: 5.1.
|
|
609
|
+
specifier: ^5.1.30
|
|
610
|
+
version: 5.1.30
|
|
611
611
|
zova-module-a-routertabs:
|
|
612
|
-
specifier: ^5.1.
|
|
613
|
-
version: 5.1.
|
|
612
|
+
specifier: ^5.1.33
|
|
613
|
+
version: 5.1.33
|
|
614
614
|
zova-module-a-ssr:
|
|
615
615
|
specifier: ^5.1.29
|
|
616
616
|
version: 5.1.29
|
|
@@ -7948,11 +7948,11 @@ packages:
|
|
|
7948
7948
|
peerDependencies:
|
|
7949
7949
|
zod: ^3.25.28 || ^4
|
|
7950
7950
|
|
|
7951
|
-
zova-core@5.1.
|
|
7952
|
-
resolution: {integrity: sha512-
|
|
7951
|
+
zova-core@5.1.78:
|
|
7952
|
+
resolution: {integrity: sha512-PWvgOujRI1k7TpsJy1G8/Wf7W+/Rm6QbGHPNwcRjgDz4PhTg9z8UN1hfIO1Gg37IAI2hIrK8kqHhFRayROQHgQ==}
|
|
7953
7953
|
|
|
7954
|
-
zova-jsx@1.1.
|
|
7955
|
-
resolution: {integrity: sha512-
|
|
7954
|
+
zova-jsx@1.1.78:
|
|
7955
|
+
resolution: {integrity: sha512-KToLi7h2uElT4ULd5QSXfLNqSA3PaeRKJ4IHNMEJU1xiH02j2u0KCd7iVYK54mQC1QYphan3Z/YXFuW0odPx8w==}
|
|
7956
7956
|
|
|
7957
7957
|
zova-module-a-api@5.1.21:
|
|
7958
7958
|
resolution: {integrity: sha512-qjm/hfjC4/+7Ap/uzJfBzV0PwRlp2idEmEKwCZYxquaXq6QtJBbTWTznw1iukT4lkJZip2KFkjOvXTzdvZA2UA==}
|
|
@@ -7993,20 +7993,20 @@ packages:
|
|
|
7993
7993
|
zova-module-a-meta@5.1.21:
|
|
7994
7994
|
resolution: {integrity: sha512-7vsLOMw1UQEZ+8qbBaiz9t4n3N7AU1jxpaiSIIky7hBvKO9nuHq+e7FONpj9poa8WeHkYoflBg/8imKBy/IlNw==}
|
|
7995
7995
|
|
|
7996
|
-
zova-module-a-model@5.1.
|
|
7997
|
-
resolution: {integrity: sha512-
|
|
7996
|
+
zova-module-a-model@5.1.33:
|
|
7997
|
+
resolution: {integrity: sha512-NwxCguvESPLUSA2zo5vVH3Qx29o5znmUL2qU9khwjXUmDPbOTeYTkgPCI33fTsy8VnkguoWBLMgUdOsaJF+7OA==}
|
|
7998
7998
|
|
|
7999
7999
|
zova-module-a-openapi@5.1.43:
|
|
8000
8000
|
resolution: {integrity: sha512-xJKvSPl1AZnH7EpgEd9a3u3IEpJfnou19DKre/7TL1KdiTdfNThLrmmkdP1UNYlUHUgCczcGUwZDdMiE9gdxwA==}
|
|
8001
8001
|
|
|
8002
|
-
zova-module-a-router@5.1.
|
|
8003
|
-
resolution: {integrity: sha512-
|
|
8002
|
+
zova-module-a-router@5.1.30:
|
|
8003
|
+
resolution: {integrity: sha512-pfKeZdZUMTfkjEVZfLHj21UKjKBhTd79rfF4Mr+OLwV4avK8sDPAudseaAInVvh+T/0Ayq5w9fLhzFYeU1If8A==}
|
|
8004
8004
|
|
|
8005
8005
|
zova-module-a-routerstack@5.1.26:
|
|
8006
8006
|
resolution: {integrity: sha512-uu4tFw2DUruanPR7cojM5p6rvyCIh+tnwPmq7s0jZdg+5XBr+YMy1RGjnE8vPFSLHW8C71hlNbps6VpKvKMiiQ==}
|
|
8007
8007
|
|
|
8008
|
-
zova-module-a-routertabs@5.1.
|
|
8009
|
-
resolution: {integrity: sha512-
|
|
8008
|
+
zova-module-a-routertabs@5.1.33:
|
|
8009
|
+
resolution: {integrity: sha512-u5YIFc7OfUsxruIG8QP4sH1+TCps2vAYUpAMNfT1XPkJLHdFGkjEc6++KMCpv4jGpNDoQ42/LefEQGg7vqnQuw==}
|
|
8010
8010
|
|
|
8011
8011
|
zova-module-a-ssr@5.1.29:
|
|
8012
8012
|
resolution: {integrity: sha512-wlxLSy+Wjh/UFEVqsKQ105bvXceXPdIDmJQPKF0hSwiNY1R8HUottADfXPwYOatzZAayZ4AU4vQIpG92F2GJiA==}
|
|
@@ -8026,17 +8026,17 @@ packages:
|
|
|
8026
8026
|
zova-module-a-zod@5.1.36:
|
|
8027
8027
|
resolution: {integrity: sha512-4gEjxJBelVOA84aP2XWSNSmzQr+AYh14Ha5QCj9yZIpSnEajSgYLoyLw4dwiVcscuEw7xAAOOnWbZS9uXSpJzg==}
|
|
8028
8028
|
|
|
8029
|
-
zova-module-a-zova@5.1.
|
|
8030
|
-
resolution: {integrity: sha512-
|
|
8029
|
+
zova-module-a-zova@5.1.93:
|
|
8030
|
+
resolution: {integrity: sha512-pZ7JGNvDoSLdgbQZLj/LtppDWinpd6W+u0WYQvXLuJH3Hnf0Satcpz5fQS+zseJLxm5jhXjmG3ngoYoOfv72RQ==}
|
|
8031
8031
|
|
|
8032
8032
|
zova-module-rest-resource@5.1.41:
|
|
8033
8033
|
resolution: {integrity: sha512-7Y8rLmHdw0pynlWqsyHPWuCWFLwr/0HsNvfef64cPw91LRujf/7OlulVWqH8ZoFNioZZUpfumB+t/+mICoYfFg==}
|
|
8034
8034
|
|
|
8035
|
-
zova-suite-a-zova@5.1.
|
|
8036
|
-
resolution: {integrity: sha512-
|
|
8035
|
+
zova-suite-a-zova@5.1.134:
|
|
8036
|
+
resolution: {integrity: sha512-XwmEGAM6po9GjzGLryGVCKhkVjtI3MXNY85AhQVxxMUOU6S+3dBtF399LzzDdhlKYXbvfwuHB/yDQiS1PbfS5w==}
|
|
8037
8037
|
|
|
8038
|
-
zova@5.1.
|
|
8039
|
-
resolution: {integrity: sha512-
|
|
8038
|
+
zova@5.1.135:
|
|
8039
|
+
resolution: {integrity: sha512-Avk0YcjocSYpdRUO4A58/yQmeGUoo+bgzbtKZNLCNDit7PSEGMBJZi9p47ct7SNc6LDybhBm7xPf/xioL0Ozdg==}
|
|
8040
8040
|
|
|
8041
8041
|
zwitch@1.0.5:
|
|
8042
8042
|
resolution: {integrity: sha512-V50KMwwzqJV0NpZIZFwfOD5/lyny3WlSzRiXgA0G7VUnRlqttta1L6UQIHzd6EuBY/cHGfwTIck7w1yH6Q5zUw==}
|
|
@@ -13855,7 +13855,7 @@ snapshots:
|
|
|
13855
13855
|
dependencies:
|
|
13856
13856
|
zod: '@cabloy/zod@4.3.8'
|
|
13857
13857
|
|
|
13858
|
-
zova-core@5.1.
|
|
13858
|
+
zova-core@5.1.78(patch_hash=ff659aa5f659be32501f56841b72f148c24acf1546f79cce551586e27fcde2ce)(typescript@5.9.3):
|
|
13859
13859
|
dependencies:
|
|
13860
13860
|
'@cabloy/compose': link:packages-utils/compose
|
|
13861
13861
|
'@cabloy/extend': link:packages-utils/extend
|
|
@@ -13884,14 +13884,14 @@ snapshots:
|
|
|
13884
13884
|
transitivePeerDependencies:
|
|
13885
13885
|
- typescript
|
|
13886
13886
|
|
|
13887
|
-
zova-jsx@1.1.
|
|
13887
|
+
zova-jsx@1.1.78(typescript@5.9.3):
|
|
13888
13888
|
dependencies:
|
|
13889
13889
|
'@cabloy/compose': link:packages-utils/compose
|
|
13890
13890
|
'@cabloy/utils': link:packages-utils/utils
|
|
13891
13891
|
'@cabloy/word-utils': 2.1.14
|
|
13892
13892
|
typestyle: 2.4.0
|
|
13893
13893
|
vue: 3.5.39(typescript@5.9.3)
|
|
13894
|
-
zova-core: 5.1.
|
|
13894
|
+
zova-core: 5.1.78(patch_hash=ff659aa5f659be32501f56841b72f148c24acf1546f79cce551586e27fcde2ce)(typescript@5.9.3)
|
|
13895
13895
|
transitivePeerDependencies:
|
|
13896
13896
|
- typescript
|
|
13897
13897
|
|
|
@@ -13935,7 +13935,7 @@ snapshots:
|
|
|
13935
13935
|
|
|
13936
13936
|
zova-module-a-meta@5.1.21: {}
|
|
13937
13937
|
|
|
13938
|
-
zova-module-a-model@5.1.
|
|
13938
|
+
zova-module-a-model@5.1.33(vue@3.5.39(typescript@5.9.3)):
|
|
13939
13939
|
dependencies:
|
|
13940
13940
|
'@tanstack/query-core': 5.101.2
|
|
13941
13941
|
'@tanstack/query-persist-client-core': 5.101.2
|
|
@@ -13953,11 +13953,11 @@ snapshots:
|
|
|
13953
13953
|
openapi3-ts: 4.6.0
|
|
13954
13954
|
typestyle: 2.4.0
|
|
13955
13955
|
|
|
13956
|
-
zova-module-a-router@5.1.
|
|
13956
|
+
zova-module-a-router@5.1.30: {}
|
|
13957
13957
|
|
|
13958
13958
|
zova-module-a-routerstack@5.1.26: {}
|
|
13959
13959
|
|
|
13960
|
-
zova-module-a-routertabs@5.1.
|
|
13960
|
+
zova-module-a-routertabs@5.1.33: {}
|
|
13961
13961
|
|
|
13962
13962
|
zova-module-a-ssr@5.1.29:
|
|
13963
13963
|
dependencies:
|
|
@@ -13992,7 +13992,7 @@ snapshots:
|
|
|
13992
13992
|
'@cabloy/zod-query': link:packages-utils/zod-query
|
|
13993
13993
|
zod: '@cabloy/zod@4.3.8'
|
|
13994
13994
|
|
|
13995
|
-
zova-module-a-zova@5.1.
|
|
13995
|
+
zova-module-a-zova@5.1.93(typescript@5.9.3)(vue@3.5.39(typescript@5.9.3)):
|
|
13996
13996
|
dependencies:
|
|
13997
13997
|
'@cabloy/compose': link:packages-utils/compose
|
|
13998
13998
|
'@cabloy/deps': link:packages-utils/deps
|
|
@@ -14003,14 +14003,14 @@ snapshots:
|
|
|
14003
14003
|
'@cabloy/word-utils': 2.1.14
|
|
14004
14004
|
defu: 6.1.7
|
|
14005
14005
|
luxon: 3.7.2
|
|
14006
|
-
zova-jsx: 1.1.
|
|
14006
|
+
zova-jsx: 1.1.78(typescript@5.9.3)
|
|
14007
14007
|
transitivePeerDependencies:
|
|
14008
14008
|
- typescript
|
|
14009
14009
|
- vue
|
|
14010
14010
|
|
|
14011
14011
|
zova-module-rest-resource@5.1.41: {}
|
|
14012
14012
|
|
|
14013
|
-
zova-suite-a-zova@5.1.
|
|
14013
|
+
zova-suite-a-zova@5.1.134(typescript@5.9.3)(vue@3.5.39(typescript@5.9.3)):
|
|
14014
14014
|
dependencies:
|
|
14015
14015
|
zova-module-a-api: 5.1.21
|
|
14016
14016
|
zova-module-a-app: 5.1.24
|
|
@@ -14025,18 +14025,18 @@ snapshots:
|
|
|
14025
14025
|
zova-module-a-interceptor: 5.1.29
|
|
14026
14026
|
zova-module-a-logger: 5.1.26
|
|
14027
14027
|
zova-module-a-meta: 5.1.21
|
|
14028
|
-
zova-module-a-model: 5.1.
|
|
14028
|
+
zova-module-a-model: 5.1.33(vue@3.5.39(typescript@5.9.3))
|
|
14029
14029
|
zova-module-a-openapi: 5.1.43
|
|
14030
|
-
zova-module-a-router: 5.1.
|
|
14030
|
+
zova-module-a-router: 5.1.30
|
|
14031
14031
|
zova-module-a-routerstack: 5.1.26
|
|
14032
|
-
zova-module-a-routertabs: 5.1.
|
|
14032
|
+
zova-module-a-routertabs: 5.1.33
|
|
14033
14033
|
zova-module-a-ssr: 5.1.29
|
|
14034
14034
|
zova-module-a-ssrhmr: 5.1.22
|
|
14035
14035
|
zova-module-a-ssrserver: 5.1.22
|
|
14036
14036
|
zova-module-a-style: 5.1.32
|
|
14037
14037
|
zova-module-a-table: 5.1.37(vue@3.5.39(typescript@5.9.3))
|
|
14038
14038
|
zova-module-a-zod: 5.1.36
|
|
14039
|
-
zova-module-a-zova: 5.1.
|
|
14039
|
+
zova-module-a-zova: 5.1.93(typescript@5.9.3)(vue@3.5.39(typescript@5.9.3))
|
|
14040
14040
|
transitivePeerDependencies:
|
|
14041
14041
|
- '@vue/composition-api'
|
|
14042
14042
|
- debug
|
|
@@ -14044,10 +14044,10 @@ snapshots:
|
|
|
14044
14044
|
- typescript
|
|
14045
14045
|
- vue
|
|
14046
14046
|
|
|
14047
|
-
zova@5.1.
|
|
14047
|
+
zova@5.1.135(typescript@5.9.3)(vue@3.5.39(typescript@5.9.3)):
|
|
14048
14048
|
dependencies:
|
|
14049
|
-
zova-core: 5.1.
|
|
14050
|
-
zova-suite-a-zova: 5.1.
|
|
14049
|
+
zova-core: 5.1.78(patch_hash=ff659aa5f659be32501f56841b72f148c24acf1546f79cce551586e27fcde2ce)(typescript@5.9.3)
|
|
14050
|
+
zova-suite-a-zova: 5.1.134(typescript@5.9.3)(vue@3.5.39(typescript@5.9.3))
|
|
14051
14051
|
transitivePeerDependencies:
|
|
14052
14052
|
- '@vue/composition-api'
|
|
14053
14053
|
- debug
|
package/vona/pnpm-workspace.yaml
CHANGED
|
@@ -17,10 +17,11 @@ export class EventListenerActivate
|
|
|
17
17
|
next: NextEvent<TypeEventData, TypeEventResult>,
|
|
18
18
|
): Promise<TypeEventResult> {
|
|
19
19
|
const user = data as IUser;
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
await this.
|
|
20
|
+
const roleRegisteredUser = await this.scope.model.role.get({ name: 'registeredUser' });
|
|
21
|
+
await this.bean.role.addUserId(roleRegisteredUser!.id, user.id);
|
|
22
|
+
if (user.name === 'admin' && !this.scope.config.disableBootstrapSystemAdmin) {
|
|
23
|
+
const roleSystemAdmin = await this.scope.model.role.get({ name: 'systemAdmin' });
|
|
24
|
+
await this.bean.role.addUserId(roleSystemAdmin!.id, user.id);
|
|
24
25
|
}
|
|
25
26
|
// next
|
|
26
27
|
return next();
|
|
@@ -18,6 +18,7 @@ export class MetaVersion extends BeanBase implements IMetaVersionUpdate, IMetaVe
|
|
|
18
18
|
table.comment(entityRole.$comment.$table);
|
|
19
19
|
table.basicFields();
|
|
20
20
|
table.string(entityRole.name, 255).comment(entityRole.$comment.name);
|
|
21
|
+
table.json(entityRole.siteIds).comment(entityRole.$comment.siteIds);
|
|
21
22
|
});
|
|
22
23
|
// homeUser
|
|
23
24
|
const entityUser = this.scope.entity.user;
|
|
@@ -47,12 +48,15 @@ export class MetaVersion extends BeanBase implements IMetaVersionUpdate, IMetaVe
|
|
|
47
48
|
|
|
48
49
|
async init(options: IMetaVersionInitOptions) {
|
|
49
50
|
if (options.version === 1) {
|
|
50
|
-
//
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
51
|
+
// roles
|
|
52
|
+
await this.scope.model.role.insert({
|
|
53
|
+
name: 'registeredUser',
|
|
54
|
+
siteIds: ['web'],
|
|
55
|
+
});
|
|
56
|
+
await this.scope.model.role.insert({
|
|
57
|
+
name: 'systemAdmin',
|
|
58
|
+
siteIds: ['web', 'admin'],
|
|
59
|
+
});
|
|
56
60
|
// user: admin
|
|
57
61
|
if (!this.scope.config.disableUserAdmin) {
|
|
58
62
|
await this.bean.auth.authenticate('auth-simple:simple', {
|
|
@@ -3,6 +3,7 @@ import type { IRole } from 'vona-module-a-user';
|
|
|
3
3
|
|
|
4
4
|
import { Api, v } from 'vona-module-a-openapiutils';
|
|
5
5
|
import { Entity, EntityBase } from 'vona-module-a-orm';
|
|
6
|
+
import z from 'zod';
|
|
6
7
|
|
|
7
8
|
import { $locale } from '../.metadata/locales.ts';
|
|
8
9
|
|
|
@@ -12,4 +13,7 @@ export interface IEntityOptionsRole extends IDecoratorEntityOptions {}
|
|
|
12
13
|
export class EntityRole extends EntityBase implements IRole {
|
|
13
14
|
@Api.field(v.title($locale('RoleName')))
|
|
14
15
|
name: string;
|
|
16
|
+
|
|
17
|
+
@Api.field(v.array(z.string()))
|
|
18
|
+
siteIds: string[];
|
|
15
19
|
}
|
|
@@ -7,9 +7,9 @@ import type { IPayloadDataOfPassport } from '../types/jwt.ts';
|
|
|
7
7
|
|
|
8
8
|
@Service()
|
|
9
9
|
export class ServicePassportAdapter extends BeanBase implements IPassportAdapter {
|
|
10
|
-
async
|
|
10
|
+
async isSystemAdmin(passport: IPassport | undefined): Promise<boolean> {
|
|
11
11
|
if (!passport) return false;
|
|
12
|
-
if (passport.roles?.some(role => role.name === '
|
|
12
|
+
if (passport.roles?.some(role => role.name === 'systemAdmin')) return true;
|
|
13
13
|
return false;
|
|
14
14
|
}
|
|
15
15
|
|
|
@@ -20,10 +20,10 @@ export class ServiceRoleAdapter extends BeanBase implements IRoleAdapter {
|
|
|
20
20
|
}
|
|
21
21
|
|
|
22
22
|
async addUserId(id: TableIdentity, userId: TableIdentity): Promise<TableIdentity> {
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
roleId: id
|
|
26
|
-
}
|
|
27
|
-
return
|
|
23
|
+
let roleUser = await this.scope.model.roleUser.get({ userId, roleId: id });
|
|
24
|
+
if (!roleUser) {
|
|
25
|
+
roleUser = await this.scope.model.roleUser.insert({ userId, roleId: id });
|
|
26
|
+
}
|
|
27
|
+
return roleUser.id;
|
|
28
28
|
}
|
|
29
29
|
}
|
|
@@ -4,6 +4,10 @@ import type { IIconRecord, IPagePathRecord } from 'zova-rest-cabloy-basic-admin'
|
|
|
4
4
|
import { BeanSsrSiteBase, SsrSite } from 'vona-module-a-ssr';
|
|
5
5
|
|
|
6
6
|
declare module 'vona-module-a-ssr' {
|
|
7
|
+
export interface ISsrSiteIdRecord {
|
|
8
|
+
admin: never;
|
|
9
|
+
}
|
|
10
|
+
|
|
7
11
|
export interface ISsrSitePublicPathRecord {
|
|
8
12
|
admin: never;
|
|
9
13
|
}
|
|
@@ -20,10 +24,10 @@ export interface ISsrSiteOptionsAdmin extends IDecoratorSsrSiteOptions<
|
|
|
20
24
|
> {}
|
|
21
25
|
|
|
22
26
|
@SsrSite<ISsrSiteOptionsAdmin>({
|
|
27
|
+
siteId: 'admin',
|
|
23
28
|
publicPath: 'admin',
|
|
24
29
|
bundlePath: 'ssr-cabloyBasicAdmin-5.0.0',
|
|
25
30
|
diagnostics: {
|
|
26
|
-
siteName: 'admin',
|
|
27
31
|
buildCommand: 'npm run build:zova:admin',
|
|
28
32
|
},
|
|
29
33
|
})
|
|
@@ -4,6 +4,10 @@ import type { IIconRecord, IPagePathRecord } from 'zova-rest-cabloy-basic-web';
|
|
|
4
4
|
import { BeanSsrSiteBase, SsrSite } from 'vona-module-a-ssr';
|
|
5
5
|
|
|
6
6
|
declare module 'vona-module-a-ssr' {
|
|
7
|
+
export interface ISsrSiteIdRecord {
|
|
8
|
+
web: never;
|
|
9
|
+
}
|
|
10
|
+
|
|
7
11
|
export interface ISsrSitePublicPathRecord {
|
|
8
12
|
'': never;
|
|
9
13
|
}
|
|
@@ -20,10 +24,10 @@ export interface ISsrSiteOptionsWeb extends IDecoratorSsrSiteOptions<
|
|
|
20
24
|
> {}
|
|
21
25
|
|
|
22
26
|
@SsrSite<ISsrSiteOptionsWeb>({
|
|
27
|
+
siteId: 'web',
|
|
23
28
|
publicPath: '',
|
|
24
29
|
bundlePath: 'ssr-cabloyBasicWeb-5.0.0',
|
|
25
30
|
diagnostics: {
|
|
26
|
-
siteName: 'web',
|
|
27
31
|
buildCommand: 'npm run build:zova:web',
|
|
28
32
|
},
|
|
29
33
|
})
|