nuxt-auto-crud 1.20.0 → 1.21.0

package/README.md

@@ -321,6 +321,31 @@ export default defineNuxtConfig({
 })
 ```
 
+
+## 👤 Owner-based Permissions (RBAC)
+
+In addition to standard `create`, `read`, `update`, and `delete` permissions, you can assign **Ownership Permissions**:
+
+- `list`: Allows a user to view a list of active records (status='active').
+- `list_all`: Allows a user to view **all** records, including inactive ones (e.g., status='inactive', 'draft').
+- `update_own`: Allows a user to update a record **only if they created it**.
+- `delete_own`: Allows a user to delete a record **only if they created it**.
+
+**How it works:**
+The module checks for ownership using the following logic:
+1.  **Standard Tables:** Checks if the record has a `createdBy` (or `userId`) column that matches the logged-in user's ID.
+2.  **Users Table:** Checks if the record being accessed is the user's own profile (`id` matches).
+
+**Prerequisites:**
+Ensure your schema includes a `createdBy` field for resources where you want this behavior:
+
+```typescript
+export const posts = sqliteTable('posts', {
+  // ...
+  createdBy: integer('created_by'), // Recommended
+})
+```
+
 ## ⚠️ Known Issues
 
 - **Automatic Relation Expansion:** The module tries to automatically expand foreign keys (e.g., `user_id` -> `user: { name: ... }`). However, this relies on the foreign key column name matching the target table name (e.g., `user_id` for `users`).

package/dist/module.json

@@ -1,7 +1,7 @@
 {
   "name": "nuxt-auto-crud",
   "configKey": "autoCrud",
-  "version": "1.20.0",
+  "version": "1.21.0",
   "builder": {
     "@nuxt/module-builder": "1.0.2",
     "unbuild": "3.6.1"

package/dist/runtime/composables/useRelationDisplay.d.ts

@@ -9,4 +9,5 @@ export declare const useRelationDisplay: (schema: {
     fetchRelations: () => Promise<void>;
     getDisplayValue: (key: string, value: unknown) => unknown;
     relationsMap: import("vue").Ref<Record<string, Record<string, string>>, Record<string, Record<string, string>>>;
+    forbiddenRelations: import("vue").Ref<Set<string> & Omit<Set<string>, keyof Set<any>>, Set<string> | (Set<string> & Omit<Set<string>, keyof Set<any>>)>;
 };

package/dist/runtime/composables/useRelationDisplay.js

@@ -4,6 +4,7 @@ export const useRelationDisplay = (schema) => {
   const relationsMap = ref({});
   const displayValues = ref({});
   const headers = useRequestHeaders(["cookie"]);
+  const forbiddenRelations = ref(/* @__PURE__ */ new Set());
   const fetchRelations = async () => {
     const { data: relations } = await useFetch("/api/_relations");
     if (relations.value) {
@@ -30,6 +31,10 @@ export const useRelationDisplay = (schema) => {
           }
         } catch (error) {
           console.error(`Failed to fetch relation data for ${targetTable}:`, error);
+          const err = error;
+          if (err?.statusCode === 403) {
+            forbiddenRelations.value.add(fieldName);
+          }
         }
       })
     );
@@ -43,6 +48,7 @@ export const useRelationDisplay = (schema) => {
   return {
     fetchRelations,
     getDisplayValue,
-    relationsMap
+    relationsMap,
+    forbiddenRelations
   };
 };

package/dist/runtime/server/api/_schema/[table].get.d.ts

@@ -1,10 +1,5 @@
 declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<{
     resource: string;
-    fields: {
-        name: string;
-        type: string;
-        required: any;
-        selectOptions: string[] | undefined;
-    }[];
+    fields: import("../../utils/schema.js").Field[];
 }>>;
 export default _default;

package/dist/runtime/server/utils/schema.d.ts

@@ -1,20 +1,17 @@
+export interface Field {
+    name: string;
+    type: string;
+    required: boolean;
+    selectOptions?: string[];
+    references?: string;
+}
 export declare function drizzleTableToFields(table: any, resourceName: string): {
     resource: string;
-    fields: {
-        name: string;
-        type: string;
-        required: any;
-        selectOptions: string[] | undefined;
-    }[];
+    fields: Field[];
 };
 export declare function getRelations(): Promise<Record<string, Record<string, string>>>;
 export declare function getAllSchemas(): Promise<Record<string, any>>;
 export declare function getSchema(tableName: string): Promise<{
     resource: string;
-    fields: {
-        name: string;
-        type: string;
-        required: any;
-        selectOptions: string[] | undefined;
-    }[];
+    fields: Field[];
 } | undefined>;

package/dist/runtime/server/utils/schema.js

@@ -15,6 +15,20 @@ export function drizzleTableToFields(table, resourceName) {
       selectOptions
     });
   }
+  try {
+    const config = getTableConfig(table);
+    config.foreignKeys.forEach((fk) => {
+      const sourceColumnName = fk.reference().columns[0].name;
+      const field = fields.find((f) => {
+        return f.name === sourceColumnName;
+      });
+      if (field) {
+        const targetTable = fk.reference().foreignTable[Symbol.for("drizzle:Name")];
+        field.references = targetTable;
+      }
+    });
+  } catch {
+  }
   return {
     resource: resourceName,
     fields
@@ -44,14 +58,18 @@ export async function getRelations() {
   for (const [tableName, table] of Object.entries(modelTableMap)) {
     try {
       const config = getTableConfig(table);
-      if (config.foreignKeys.length > 0) {
-        const tableRelations = {};
-        relations[tableName] = tableRelations;
-        const columns = getTableColumns(table);
-        const columnToProperty = {};
-        for (const [key, col] of Object.entries(columns)) {
-          columnToProperty[col.name] = key;
+      const tableRelations = {};
+      relations[tableName] = tableRelations;
+      const columns = getTableColumns(table);
+      const columnToProperty = {};
+      for (const [key, col] of Object.entries(columns)) {
+        const columnName = col.name;
+        columnToProperty[columnName] = key;
+        if (["createdBy", "created_by", "updatedBy", "updated_by", "deletedBy", "deleted_by"].includes(key)) {
+          tableRelations[key] = "users";
         }
+      }
+      if (config.foreignKeys.length > 0) {
         config.foreignKeys.forEach((fk) => {
           const sourceColumnName = fk.reference().columns[0].name;
           const sourceProperty = columnToProperty[sourceColumnName] || sourceColumnName;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nuxt-auto-crud",
-  "version": "1.20.0",
+  "version": "1.21.0",
   "description": "Exposes RESTful CRUD APIs for your Nuxt app based solely on your database migrations.",
   "author": "Cliford Pereira",
   "license": "MIT",
@@ -78,8 +78,6 @@
     "drizzle-orm": "^0.38.3",
     "eslint": "^9.39.1",
     "nuxt": "^4.2.1",
-    "nuxt-auth-utils": "^0.5.25",
-    "nuxt-authorization": "^0.3.5",
     "typescript": "~5.9.3",
     "vitest": "^4.0.13",
     "vue-tsc": "^3.1.5",

package/src/runtime/composables/useRelationDisplay.ts

@@ -11,6 +11,8 @@ export const useRelationDisplay = (
   const displayValues = ref<Record<string, Record<string, string>>>({})
   const headers = useRequestHeaders(['cookie'])
 
+  const forbiddenRelations = ref<Set<string>>(new Set())
+
   const fetchRelations = async () => {
     // 1. Fetch relations metadata
     const { data: relations } = await useFetch<Record<string, Record<string, string>>>('/api/_relations')
@@ -45,8 +47,12 @@ export const useRelationDisplay = (
             )
           }
         }
-        catch (error) {
+        catch (error: unknown) {
           console.error(`Failed to fetch relation data for ${targetTable}:`, error)
+          const err = error as { statusCode?: number }
+          if (err?.statusCode === 403) {
+            forbiddenRelations.value.add(fieldName)
+          }
         }
       }),
     )
@@ -63,5 +69,6 @@ export const useRelationDisplay = (
     fetchRelations,
     getDisplayValue,
     relationsMap,
+    forbiddenRelations,
   }
 }

package/src/runtime/server/utils/schema.ts

@@ -2,10 +2,18 @@ import { getTableColumns } from 'drizzle-orm'
 import { getTableConfig } from 'drizzle-orm/sqlite-core'
 import { modelTableMap } from './modelMapper'
 
+export interface Field {
+  name: string
+  type: string
+  required: boolean
+  selectOptions?: string[]
+  references?: string
+}
+
 // eslint-disable-next-line @typescript-eslint/no-explicit-any
 export function drizzleTableToFields(table: any, resourceName: string) {
   const columns = getTableColumns(table)
-  const fields = []
+  const fields: Field[] = []
 
   for (const [key, col] of Object.entries(columns)) {
     // eslint-disable-next-line @typescript-eslint/no-explicit-any
@@ -22,6 +30,31 @@ export function drizzleTableToFields(table: any, resourceName: string) {
     })
   }
 
+  try {
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    const config = getTableConfig(table as any)
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    config.foreignKeys.forEach((fk: any) => {
+      const sourceColumnName = fk.reference().columns[0].name
+      // Find the field that matches this column
+      const field = fields.find((f) => {
+        // In simple cases, field.name matches column name.
+        // If camelCase mapping handles it differently, we might need adjustments,
+        // but typically Drizzle key = field name.
+        return f.name === sourceColumnName
+      })
+
+      if (field) {
+        // Get target table name
+        const targetTable = fk.reference().foreignTable[Symbol.for('drizzle:Name')] as string
+        field.references = targetTable
+      }
+    })
+  }
+  catch {
+    // Ignore error if getTableConfig fails (e.g. not a Drizzle table)
+  }
+
   return {
     resource: resourceName,
     fields,
@@ -63,19 +96,25 @@ export async function getRelations() {
     try {
       // eslint-disable-next-line @typescript-eslint/no-explicit-any
       const config = getTableConfig(table as any)
-      if (config.foreignKeys.length > 0) {
-        const tableRelations: Record<string, string> = {}
-        relations[tableName] = tableRelations
+      const tableRelations: Record<string, string> = {}
+      relations[tableName] = tableRelations
 
-        // Map column names to property names
+      // Map column names to property names
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      const columns = getTableColumns(table as any)
+      const columnToProperty: Record<string, string> = {}
+      for (const [key, col] of Object.entries(columns)) {
         // eslint-disable-next-line @typescript-eslint/no-explicit-any
-        const columns = getTableColumns(table as any)
-        const columnToProperty: Record<string, string> = {}
-        for (const [key, col] of Object.entries(columns)) {
-          // eslint-disable-next-line @typescript-eslint/no-explicit-any
-          columnToProperty[(col as any).name] = key
+        const columnName = (col as any).name
+        columnToProperty[columnName] = key
+
+        // Auto-link createdBy/updatedBy to users table
+        if (['createdBy', 'created_by', 'updatedBy', 'updated_by', 'deletedBy', 'deleted_by'].includes(key)) {
+          tableRelations[key] = 'users'
         }
+      }
 
+      if (config.foreignKeys.length > 0) {
         // eslint-disable-next-line @typescript-eslint/no-explicit-any
         config.foreignKeys.forEach((fk: any) => {
           const sourceColumnName = fk.reference().columns[0].name