hola-server 0.6.8 → 0.6.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/core/meta.js +15 -2
- package/core/role.js +69 -0
- package/http/session.js +2 -47
- package/index.js +2 -1
- package/package.json +1 -1
- package/router/clone.js +6 -7
- package/router/create.js +6 -7
- package/router/delete.js +5 -7
- package/router/read.js +27 -38
- package/setting.js +1 -23
package/core/meta.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
const { is_undefined } = require('./validate');
|
|
2
2
|
const { get_type } = require('./type');
|
|
3
|
-
const {
|
|
3
|
+
const { validate_meta_role } = require('./role');
|
|
4
4
|
|
|
5
5
|
const meta_manager = {};
|
|
6
6
|
/**
|
|
@@ -191,6 +191,7 @@ const get_all_metas = () => {
|
|
|
191
191
|
return Object.keys(meta_manager);
|
|
192
192
|
}
|
|
193
193
|
|
|
194
|
+
|
|
194
195
|
/**
|
|
195
196
|
* Wrap the meta info from user side:
|
|
196
197
|
* 1) validate the meta structure and keep it is valid
|
|
@@ -212,6 +213,17 @@ class EntityMeta {
|
|
|
212
213
|
this.exportable = is_undefined(meta.exportable) ? false : meta.exportable;
|
|
213
214
|
this.editable = this.creatable || this.updatable;
|
|
214
215
|
|
|
216
|
+
//b:batch mode, c:create, d:delete, e:export, i:import, o:clone, p:page, r: refresh, s:search, u:update
|
|
217
|
+
const modes = [];
|
|
218
|
+
this.creatable && (modes.push("c"));
|
|
219
|
+
this.readable && (modes.push("rps"));
|
|
220
|
+
this.updatable && (modes.push("u"));
|
|
221
|
+
this.deleteable && (modes.push("db"));
|
|
222
|
+
this.cloneable && (modes.push("o"));
|
|
223
|
+
this.importable && (modes.push("i"));
|
|
224
|
+
this.exportable && (modes.push("e"));
|
|
225
|
+
this.mode = modes.join("");
|
|
226
|
+
|
|
215
227
|
this.ref_label = this.meta.ref_label;
|
|
216
228
|
this.ref_filter = this.meta.ref_filter;
|
|
217
229
|
this.ref_fields = this.meta.fields.filter(field => field.ref);
|
|
@@ -287,10 +299,11 @@ class EntityMeta {
|
|
|
287
299
|
if (!Array.isArray(this.roles)) {
|
|
288
300
|
throw new Error("roles of meta [" + this.collection + "] should be array");
|
|
289
301
|
}
|
|
302
|
+
|
|
290
303
|
this.roles.forEach(role => {
|
|
291
304
|
const role_config = role.split(":");
|
|
292
305
|
const role_name = role_config[0];
|
|
293
|
-
if (!
|
|
306
|
+
if (!validate_meta_role(role_name)) {
|
|
294
307
|
throw new Error("role [" + role_name + "] not defined in setting");
|
|
295
308
|
}
|
|
296
309
|
});
|
package/core/role.js
ADDED
|
@@ -0,0 +1,69 @@
|
|
|
1
|
+
const { get_settings } = require("../setting");
|
|
2
|
+
|
|
3
|
+
const validate_meta_role = (role_name) => {
|
|
4
|
+
const settings = get_settings();
|
|
5
|
+
if (!settings.roles) {
|
|
6
|
+
return false;
|
|
7
|
+
}
|
|
8
|
+
return is_valid_role(role_name);
|
|
9
|
+
}
|
|
10
|
+
|
|
11
|
+
const is_valid_role = (role_name) => {
|
|
12
|
+
const settings = get_settings();
|
|
13
|
+
const roles = settings.roles.filter(role => role.name == role_name);
|
|
14
|
+
return roles.length == 1;
|
|
15
|
+
}
|
|
16
|
+
|
|
17
|
+
const is_root_role = (role_name) => {
|
|
18
|
+
const settings = get_settings();
|
|
19
|
+
//no role defined, then every one is root
|
|
20
|
+
if (!settings.roles) {
|
|
21
|
+
return true;
|
|
22
|
+
}
|
|
23
|
+
|
|
24
|
+
if (is_valid_role(role_name)) {
|
|
25
|
+
return settings.roles.filter(role => role.name == role_name)[0].root == true;
|
|
26
|
+
} else {
|
|
27
|
+
return false;
|
|
28
|
+
}
|
|
29
|
+
}
|
|
30
|
+
|
|
31
|
+
const get_session_user_role = (req) => {
|
|
32
|
+
const user = req && req.session ? req.session.user : null;
|
|
33
|
+
return user ? user.role : null;
|
|
34
|
+
}
|
|
35
|
+
|
|
36
|
+
const get_user_role_mode = (req, meta) => {
|
|
37
|
+
const settings = get_settings();
|
|
38
|
+
//no role defined in settings or no roles defined in meta, use meta mode
|
|
39
|
+
if (!settings.roles || !meta.roles) {
|
|
40
|
+
return meta.mode;
|
|
41
|
+
}
|
|
42
|
+
|
|
43
|
+
const user_role = get_session_user_role(req);
|
|
44
|
+
if (!user_role) {
|
|
45
|
+
return "";
|
|
46
|
+
}
|
|
47
|
+
|
|
48
|
+
if (is_valid_role(user_role)) {
|
|
49
|
+
const roles = meta.roles;
|
|
50
|
+
for (let i = 0; i < roles.length; i++) {
|
|
51
|
+
const role = roles[i];
|
|
52
|
+
const role_settings = role.split(":");
|
|
53
|
+
const role_name = role_settings[0];
|
|
54
|
+
const role_mode = role_settings[1];
|
|
55
|
+
if (user_role == role_name) {
|
|
56
|
+
return role_mode;
|
|
57
|
+
}
|
|
58
|
+
}
|
|
59
|
+
}
|
|
60
|
+
|
|
61
|
+
return "";
|
|
62
|
+
}
|
|
63
|
+
|
|
64
|
+
const check_user_role = (req, meta, mode) => {
|
|
65
|
+
const role_mode = get_user_role_mode(req, meta);
|
|
66
|
+
return role_mode.includes(mode);
|
|
67
|
+
}
|
|
68
|
+
|
|
69
|
+
module.exports = { is_root_role, validate_meta_role, check_user_role, get_user_role_mode };
|
package/http/session.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
const express_session = require('express-session');
|
|
2
2
|
const MongoStore = require('connect-mongo');
|
|
3
|
-
const { get_settings
|
|
3
|
+
const { get_settings } = require('../setting');
|
|
4
4
|
|
|
5
5
|
const init_session = (app) => {
|
|
6
6
|
const server = get_settings().server;
|
|
@@ -24,54 +24,9 @@ const get_session_userid = (req) => {
|
|
|
24
24
|
return user ? user.id : null;
|
|
25
25
|
}
|
|
26
26
|
|
|
27
|
-
const get_session_user_role = (req) => {
|
|
28
|
-
const user = req && req.session ? req.session.user : null;
|
|
29
|
-
return user ? user.role : null;
|
|
30
|
-
}
|
|
31
|
-
|
|
32
|
-
//b:batch mode, c:create, d:delete, e:export, i:import, o:clone, p:page, r: refresh, s:search, u:update
|
|
33
|
-
const mode_all = "bcdeiorsu";
|
|
34
|
-
|
|
35
|
-
const get_user_role_mode = (req, roles) => {
|
|
36
|
-
const server = get_settings().server;
|
|
37
|
-
if (server.check_user == false) {
|
|
38
|
-
return mode_all;
|
|
39
|
-
}
|
|
40
|
-
|
|
41
|
-
const user_role = get_session_user_role(req);
|
|
42
|
-
if (!user_role) {
|
|
43
|
-
return "";
|
|
44
|
-
}
|
|
45
|
-
|
|
46
|
-
if (is_root_role(user_role)) {
|
|
47
|
-
return mode_all;
|
|
48
|
-
} else if (is_valid_role(user_role)) {
|
|
49
|
-
for (let i = 0; i < roles.length; i++) {
|
|
50
|
-
const role = roles[i];
|
|
51
|
-
const role_settings = role.split(":");
|
|
52
|
-
const role_name = role_settings[0];
|
|
53
|
-
const role_mode = role_settings[1];
|
|
54
|
-
if (user_role == role_name) {
|
|
55
|
-
if (role_mode == "*") {
|
|
56
|
-
return mode_all;
|
|
57
|
-
} else {
|
|
58
|
-
return role_mode;
|
|
59
|
-
}
|
|
60
|
-
}
|
|
61
|
-
}
|
|
62
|
-
}
|
|
63
|
-
|
|
64
|
-
return "";
|
|
65
|
-
}
|
|
66
|
-
|
|
67
|
-
const check_user_role = (req, roles, mode) => {
|
|
68
|
-
const role_mode = get_user_role_mode(req, roles);
|
|
69
|
-
return role_mode.includes(mode);
|
|
70
|
-
}
|
|
71
|
-
|
|
72
27
|
const get_session_user_groups = (req) => {
|
|
73
28
|
const group = req && req.session ? req.session.group : null;
|
|
74
29
|
return group && Array.isArray(group) ? group : null;
|
|
75
30
|
}
|
|
76
31
|
|
|
77
|
-
module.exports = { init_session, get_session_userid,
|
|
32
|
+
module.exports = { init_session, get_session_userid, get_session_user_groups };
|
package/index.js
CHANGED
|
@@ -5,6 +5,7 @@ const { init_router } = require('./http/router');
|
|
|
5
5
|
const { init_express_server } = require('./http/express');
|
|
6
6
|
const { register_type, get_type } = require('./core/type');
|
|
7
7
|
const { EntityMeta, get_entity_meta } = require('./core/meta');
|
|
8
|
+
const { is_root_role } = require('./core/role');
|
|
8
9
|
|
|
9
10
|
|
|
10
11
|
const array = require('./core/array');
|
|
@@ -30,7 +31,7 @@ const { gen_i18n } = require('./tool/gen_i18n');
|
|
|
30
31
|
const { log_debug, log_info, log_warn, log_error, is_log_debug, is_log_info, is_log_warn, is_log_error, get_session_userid, oid_queries, oid_query } = require('./db/db');
|
|
31
32
|
|
|
32
33
|
module.exports = {
|
|
33
|
-
init_settings, init_express_server, init_router, register_type, get_type, get_db,
|
|
34
|
+
init_settings, is_root_role, init_express_server, init_router, register_type, get_type, get_db,
|
|
34
35
|
Entity, EntityMeta, get_entity_meta, array, bash, chart, cron, date, file, lhs, msg, number, obj, random, thread, validate, code, err, params, context, gridfs, gen_i18n,
|
|
35
36
|
log_debug, log_info, log_warn, log_error, is_log_debug, is_log_info, is_log_warn, is_log_error, get_session_userid, oid_queries, oid_query
|
|
36
37
|
};
|
package/package.json
CHANGED
package/router/clone.js
CHANGED
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
const { set_file_fields, save_file_fields_to_db } = require('../db/gridfs');
|
|
2
2
|
const { SUCCESS, NO_PARAMS, NO_RIGHTS } = require('../http/code');
|
|
3
|
-
const { get_session_userid
|
|
3
|
+
const { get_session_userid } = require('../http/session');
|
|
4
4
|
const { wrap_http } = require('../http/error');
|
|
5
5
|
const { post_params, required_post_params } = require('../http/params');
|
|
6
6
|
const { has_value } = require('../core/validate');
|
|
7
|
+
const { check_user_role } = require('../core/role');
|
|
7
8
|
const { Entity } = require('../db/entity');
|
|
8
9
|
|
|
9
10
|
const multer = require('multer');
|
|
@@ -19,12 +20,10 @@ const init_clone_router = function (router, meta) {
|
|
|
19
20
|
const cp_upload = meta.upload_fields.length > 0 ? upload_file.fields(meta.upload_fields) : upload_file.none();
|
|
20
21
|
|
|
21
22
|
router.post('/clone', cp_upload, wrap_http(async function (req, res) {
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
return;
|
|
27
|
-
}
|
|
23
|
+
const has_right = check_user_role(req, meta, "o");
|
|
24
|
+
if (!has_right) {
|
|
25
|
+
res.json({ code: NO_RIGHTS, err: "no rights error" });
|
|
26
|
+
return;
|
|
28
27
|
}
|
|
29
28
|
|
|
30
29
|
let params = required_post_params(req, ["_id"]);
|
package/router/create.js
CHANGED
|
@@ -1,9 +1,10 @@
|
|
|
1
1
|
const { set_file_fields, save_file_fields_to_db } = require('../db/gridfs');
|
|
2
2
|
const { SUCCESS, NO_RIGHTS } = require('../http/code');
|
|
3
|
-
const { get_session_userid
|
|
3
|
+
const { get_session_userid } = require('../http/session');
|
|
4
4
|
const { wrap_http } = require('../http/error');
|
|
5
5
|
const { post_params } = require('../http/params');
|
|
6
6
|
const { has_value } = require('../core/validate');
|
|
7
|
+
const { check_user_role } = require('../core/role');
|
|
7
8
|
const { Entity } = require('../db/entity');
|
|
8
9
|
|
|
9
10
|
const multer = require('multer');
|
|
@@ -19,12 +20,10 @@ const init_create_router = function (router, meta) {
|
|
|
19
20
|
const cp_upload = meta.upload_fields.length > 0 ? upload_file.fields(meta.upload_fields) : upload_file.none();
|
|
20
21
|
|
|
21
22
|
router.post('/create', cp_upload, wrap_http(async function (req, res) {
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
return;
|
|
27
|
-
}
|
|
23
|
+
const has_right = check_user_role(req, meta, "c");
|
|
24
|
+
if (!has_right) {
|
|
25
|
+
res.json({ code: NO_RIGHTS, err: "no rights error" });
|
|
26
|
+
return;
|
|
28
27
|
}
|
|
29
28
|
|
|
30
29
|
const param_obj = post_params(req, meta.field_names);
|
package/router/delete.js
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
const { required_post_params } = require('../http/params');
|
|
2
2
|
const { has_value } = require('../core/validate');
|
|
3
3
|
const { NO_PARAMS, NO_RIGHTS } = require('../http/code');
|
|
4
|
-
const { check_user_role } = require('../
|
|
4
|
+
const { check_user_role } = require('../core/role');
|
|
5
5
|
const { wrap_http } = require('../http/error');
|
|
6
6
|
const { Entity } = require('../db/entity');
|
|
7
7
|
|
|
@@ -14,12 +14,10 @@ const init_delete_router = function (router, meta) {
|
|
|
14
14
|
const entity = new Entity(meta);
|
|
15
15
|
|
|
16
16
|
router.post('/delete', wrap_http(async function (req, res) {
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
return;
|
|
22
|
-
}
|
|
17
|
+
const has_right = check_user_role(req, meta, "d");
|
|
18
|
+
if (!has_right) {
|
|
19
|
+
res.json({ code: NO_RIGHTS, err: "no rights error" });
|
|
20
|
+
return;
|
|
23
21
|
}
|
|
24
22
|
|
|
25
23
|
const params = required_post_params(req, ["ids"]);
|
package/router/read.js
CHANGED
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
const { required_post_params, get_params } = require('../http/params');
|
|
2
2
|
const { has_value } = require('../core/validate');
|
|
3
3
|
const { NO_PARAMS, SUCCESS, NO_RIGHTS } = require('../http/code');
|
|
4
|
-
const {
|
|
4
|
+
const { check_user_role, get_user_role_mode } = require('../core/role');
|
|
5
|
+
const { get_session_userid, get_session_user_groups } = require('../http/session');
|
|
5
6
|
const { wrap_http } = require('../http/error');
|
|
6
7
|
const { Entity } = require('../db/entity');
|
|
7
8
|
|
|
@@ -14,12 +15,10 @@ const init_read_router = function (router, meta) {
|
|
|
14
15
|
const entity = new Entity(meta);
|
|
15
16
|
|
|
16
17
|
router.get('/meta', wrap_http(async function (req, res) {
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
return;
|
|
22
|
-
}
|
|
18
|
+
const has_right = check_user_role(req, meta, "r");
|
|
19
|
+
if (!has_right) {
|
|
20
|
+
res.json({ code: NO_RIGHTS, err: "no rights error" });
|
|
21
|
+
return;
|
|
23
22
|
}
|
|
24
23
|
|
|
25
24
|
const entity_meta = {
|
|
@@ -38,24 +37,20 @@ const init_read_router = function (router, meta) {
|
|
|
38
37
|
}));
|
|
39
38
|
|
|
40
39
|
router.get('/mode', wrap_http(async function (req, res) {
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
return;
|
|
46
|
-
}
|
|
40
|
+
const has_right = check_user_role(req, meta, "r");
|
|
41
|
+
if (!has_right) {
|
|
42
|
+
res.json({ code: NO_RIGHTS, err: "no rights error" });
|
|
43
|
+
return;
|
|
47
44
|
}
|
|
48
45
|
|
|
49
|
-
res.json({ code: SUCCESS, data: get_user_role_mode(req, meta
|
|
46
|
+
res.json({ code: SUCCESS, data: get_user_role_mode(req, meta) });
|
|
50
47
|
}));
|
|
51
48
|
|
|
52
49
|
router.get('/ref', wrap_http(async function (req, res) {
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
return;
|
|
58
|
-
}
|
|
50
|
+
const has_right = check_user_role(req, meta, "r");
|
|
51
|
+
if (!has_right) {
|
|
52
|
+
res.json({ code: NO_RIGHTS, err: "no rights error" });
|
|
53
|
+
return;
|
|
59
54
|
}
|
|
60
55
|
|
|
61
56
|
const { ref_by_entity } = get_params(req, ["ref_by_entity"]);
|
|
@@ -65,12 +60,10 @@ const init_read_router = function (router, meta) {
|
|
|
65
60
|
}));
|
|
66
61
|
|
|
67
62
|
router.post('/list', wrap_http(async function (req, res) {
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
return;
|
|
73
|
-
}
|
|
63
|
+
const has_right = check_user_role(req, meta, "r");
|
|
64
|
+
if (!has_right) {
|
|
65
|
+
res.json({ code: NO_RIGHTS, err: "no rights error" });
|
|
66
|
+
return;
|
|
74
67
|
}
|
|
75
68
|
|
|
76
69
|
const query_params = required_post_params(req, ["_query"]);
|
|
@@ -107,12 +100,10 @@ const init_read_router = function (router, meta) {
|
|
|
107
100
|
}));
|
|
108
101
|
|
|
109
102
|
router.post('/read_entity', wrap_http(async function (req, res) {
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
return;
|
|
115
|
-
}
|
|
103
|
+
const has_right = check_user_role(req, meta, "r");
|
|
104
|
+
if (!has_right) {
|
|
105
|
+
res.json({ code: NO_RIGHTS, err: "no rights error" });
|
|
106
|
+
return;
|
|
116
107
|
}
|
|
117
108
|
|
|
118
109
|
let params = required_post_params(req, ["_id", "attr_names"]);
|
|
@@ -130,12 +121,10 @@ const init_read_router = function (router, meta) {
|
|
|
130
121
|
}));
|
|
131
122
|
|
|
132
123
|
router.post('/read_property', wrap_http(async function (req, res) {
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
return;
|
|
138
|
-
}
|
|
124
|
+
const has_right = check_user_role(req, meta, "r");
|
|
125
|
+
if (!has_right) {
|
|
126
|
+
res.json({ code: NO_RIGHTS, err: "no rights error" });
|
|
127
|
+
return;
|
|
139
128
|
}
|
|
140
129
|
|
|
141
130
|
let params = required_post_params(req, ["_id", "attr_names"]);
|
package/setting.js
CHANGED
|
@@ -43,26 +43,4 @@ const get_settings = () => {
|
|
|
43
43
|
return settings;
|
|
44
44
|
}
|
|
45
45
|
|
|
46
|
-
|
|
47
|
-
//no role defined, then no role check
|
|
48
|
-
if (!settings.roles) {
|
|
49
|
-
return true;
|
|
50
|
-
}
|
|
51
|
-
const roles = settings.roles.filter(role => role.name == role_name);
|
|
52
|
-
return roles.length == 1;
|
|
53
|
-
}
|
|
54
|
-
|
|
55
|
-
const is_root_role = (role_name) => {
|
|
56
|
-
//no role defined, then every one is root
|
|
57
|
-
if (!settings.roles) {
|
|
58
|
-
return true;
|
|
59
|
-
}
|
|
60
|
-
|
|
61
|
-
if (!is_valid_role(role_name)) {
|
|
62
|
-
return false;
|
|
63
|
-
}
|
|
64
|
-
|
|
65
|
-
return settings.roles.filter(role => role.name == role_name)[0].root == true;
|
|
66
|
-
}
|
|
67
|
-
|
|
68
|
-
module.exports = { init_settings, get_settings, is_root_role, is_valid_role };
|
|
46
|
+
module.exports = { init_settings, get_settings };
|