oak-domain 2.3.2 → 2.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (38) hide show
  1. package/lib/actions/relation.d.ts +4 -0
  2. package/lib/actions/relation.js +36 -0
  3. package/lib/base-app-domain/Modi/Schema.d.ts +2 -4
  4. package/lib/base-app-domain/ModiEntity/Schema.d.ts +2 -4
  5. package/lib/base-app-domain/Oper/Schema.d.ts +2 -4
  6. package/lib/base-app-domain/OperEntity/Schema.d.ts +2 -4
  7. package/lib/base-app-domain/User/Schema.d.ts +2 -4
  8. package/lib/checkers/index.d.ts +2 -2
  9. package/lib/checkers/index.js +4 -2
  10. package/lib/compiler/schemalBuilder.js +87 -31
  11. package/lib/store/CascadeStore.d.ts +4 -4
  12. package/lib/store/TriggerExecutor.js +45 -26
  13. package/lib/store/checker.d.ts +10 -4
  14. package/lib/store/checker.js +342 -235
  15. package/lib/store/filter.d.ts +11 -2
  16. package/lib/store/filter.js +40 -25
  17. package/lib/store/modi.js +0 -8
  18. package/lib/store/relation.d.ts +1 -1
  19. package/lib/store/relation.js +1 -1
  20. package/lib/types/Action.d.ts +5 -1
  21. package/lib/types/Auth.d.ts +26 -26
  22. package/lib/types/Endpoint.d.ts +10 -0
  23. package/lib/types/Endpoint.js +3 -0
  24. package/lib/types/Entity.d.ts +55 -69
  25. package/lib/types/Entity.js +0 -1
  26. package/lib/types/Exception.d.ts +5 -0
  27. package/lib/types/Exception.js +16 -1
  28. package/lib/types/Expression.d.ts +24 -2
  29. package/lib/types/Expression.js +27 -2
  30. package/lib/types/Port.d.ts +17 -0
  31. package/lib/types/Port.js +2 -0
  32. package/lib/types/Storage.d.ts +4 -4
  33. package/lib/types/Trigger.d.ts +2 -2
  34. package/lib/types/index.d.ts +2 -0
  35. package/lib/types/index.js +2 -0
  36. package/lib/utils/date.d.ts +1 -0
  37. package/lib/utils/date.js +18 -0
  38. package/package.json +2 -2
package/lib/store/checker.js CHANGED
@@ -1,58 +1,79 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.createRelationHierarchyCheckers = exports.translateCheckerInSyncContext = exports.translateCheckerInAsyncContext = void 0;
3
+ exports.createAuthCheckers = exports.translateCheckerInSyncContext = exports.translateCheckerInAsyncContext = void 0;
4
4
  var tslib_1 = require("tslib");
5
5
  var assert_1 = tslib_1.__importDefault(require("assert"));
6
6
  var filter_1 = require("../store/filter");
7
7
  var Exception_1 = require("../types/Exception");
8
8
  var actionDef_1 = require("./actionDef");
9
9
  var string_1 = require("../utils/string");
10
+ var lodash_1 = require("../utils/lodash");
11
+ var relation_1 = require("./relation");
10
12
  function translateCheckerInAsyncContext(checker) {
11
13
  var _this = this;
12
- var entity = checker.entity, type = checker.type;
14
+ var entity = checker.entity, type = checker.type, action = checker.action;
15
+ var when = ((action === 'create' || action instanceof Array && action.includes('create')) && ['relation'].includes(type)) ? 'after' : 'before';
13
16
  switch (type) {
14
17
  case 'data': {
15
18
  var checkerFn_1 = checker.checker;
16
- return (function (_a, context) {
19
+ var fn = (function (_a, context) {
17
20
  var operation = _a.operation;
18
21
  return tslib_1.__awaiter(_this, void 0, void 0, function () {
19
22
  var data;
20
23
  return tslib_1.__generator(this, function (_b) {
21
- data = operation.data;
22
- checkerFn_1(data, context);
23
- return [2 /*return*/, 0];
24
+ switch (_b.label) {
25
+ case 0:
26
+ data = operation.data;
27
+ return [4 /*yield*/, checkerFn_1(data, context)];
28
+ case 1:
29
+ _b.sent();
30
+ return [2 /*return*/, 0];
31
+ }
24
32
  });
25
33
  });
26
34
  });
35
+ return {
36
+ fn: fn,
37
+ when: when,
38
+ };
27
39
  }
28
40
  case 'row': {
29
41
  var filter_2 = checker.filter, errMsg_1 = checker.errMsg, inconsistentRows_1 = checker.inconsistentRows;
30
- return (function (_a, context, option) {
42
+ var fn = (function (_a, context, option) {
31
43
  var operation = _a.operation;
32
44
  return tslib_1.__awaiter(_this, void 0, void 0, function () {
33
- var operationFilter, action, filter2, entity2, selection2, rows2, data_1, rows2, data_2;
34
- var _b, _c;
35
- return tslib_1.__generator(this, function (_d) {
36
- switch (_d.label) {
45
+ var operationFilter, action, filter2, _b, entity2, selection2, rows2, data_1, rows2, data_2;
46
+ var _c, _d;
47
+ return tslib_1.__generator(this, function (_e) {
48
+ switch (_e.label) {
37
49
  case 0:
38
50
  operationFilter = operation.filter, action = operation.action;
39
- filter2 = typeof filter_2 === 'function' ? filter_2(operation, context, option) : filter_2;
40
- if (!['select', 'count', 'stat'].includes(action)) return [3 /*break*/, 1];
51
+ if (!(typeof filter_2 === 'function')) return [3 /*break*/, 2];
52
+ return [4 /*yield*/, filter_2(operation, context, option)];
53
+ case 1:
54
+ _b = _e.sent();
55
+ return [3 /*break*/, 3];
56
+ case 2:
57
+ _b = filter_2;
58
+ _e.label = 3;
59
+ case 3:
60
+ filter2 = _b;
61
+ if (!['select', 'count', 'stat'].includes(action)) return [3 /*break*/, 4];
41
62
  operation.filter = (0, filter_1.addFilterSegment)(operationFilter || {}, filter2);
42
63
  return [2 /*return*/, 0];
43
- case 1: return [4 /*yield*/, (0, filter_1.checkFilterContains)(entity, context, filter2, operationFilter || {})];
44
- case 2:
45
- if (_d.sent()) {
64
+ case 4: return [4 /*yield*/, (0, filter_1.checkFilterContains)(entity, context, filter2, operationFilter || {}, true)];
65
+ case 5:
66
+ if (_e.sent()) {
46
67
  return [2 /*return*/, 0];
47
68
  }
48
- if (!inconsistentRows_1) return [3 /*break*/, 4];
69
+ if (!inconsistentRows_1) return [3 /*break*/, 7];
49
70
  entity2 = inconsistentRows_1.entity, selection2 = inconsistentRows_1.selection;
50
71
  return [4 /*yield*/, context.select(entity2, selection2(operationFilter), {
51
72
  dontCollect: true,
52
73
  blockTrigger: true,
53
74
  })];
54
- case 3:
55
- rows2 = _d.sent();
75
+ case 6:
76
+ rows2 = _e.sent();
56
77
  data_1 = {};
57
78
  rows2.forEach(function (ele) {
58
79
  var _a;
@@ -62,11 +83,11 @@ function translateCheckerInAsyncContext(checker) {
62
83
  });
63
84
  throw new Exception_1.OakRowInconsistencyException({
64
85
  a: 's',
65
- d: (_b = {},
66
- _b[entity2] = data_1,
67
- _b)
86
+ d: (_c = {},
87
+ _c[entity2] = data_1,
88
+ _c)
68
89
  }, errMsg_1);
69
- case 4: return [4 /*yield*/, context.select(entity, {
90
+ case 7: return [4 /*yield*/, context.select(entity, {
70
91
  data: (0, actionDef_1.getFullProjection)(entity, context.getSchema()),
71
92
  filter: Object.assign({}, operationFilter, {
72
93
  $not: filter2,
@@ -75,8 +96,8 @@ function translateCheckerInAsyncContext(checker) {
75
96
  dontCollect: true,
76
97
  blockTrigger: true,
77
98
  })];
78
- case 5:
79
- rows2 = _d.sent();
99
+ case 8:
100
+ rows2 = _e.sent();
80
101
  data_2 = {};
81
102
  rows2.forEach(function (ele) {
82
103
  var _a;
@@ -86,70 +107,91 @@ function translateCheckerInAsyncContext(checker) {
86
107
  });
87
108
  throw new Exception_1.OakRowInconsistencyException({
88
109
  a: 's',
89
- d: (_c = {},
90
- _c[entity] = data_2,
91
- _c)
110
+ d: (_d = {},
111
+ _d[entity] = data_2,
112
+ _d)
92
113
  }, errMsg_1);
93
114
  }
94
115
  });
95
116
  });
96
117
  });
118
+ return {
119
+ fn: fn,
120
+ when: when,
121
+ };
97
122
  }
98
123
  case 'relation': {
99
- var relationFilter_1 = checker.relationFilter;
100
- return (function (_a, context, option) {
124
+ var relationFilter_1 = checker.relationFilter, errMsg_2 = checker.errMsg;
125
+ var fn = (function (_a, context, option) {
101
126
  var operation = _a.operation;
102
127
  return tslib_1.__awaiter(_this, void 0, void 0, function () {
103
- return tslib_1.__generator(this, function (_b) {
104
- if (context.isRoot()) {
105
- return [2 /*return*/, 0];
128
+ var filter2, data, filter, _b, _c, _d;
129
+ return tslib_1.__generator(this, function (_e) {
130
+ switch (_e.label) {
131
+ case 0:
132
+ if (context.isRoot()) {
133
+ return [2 /*return*/, 0];
134
+ }
135
+ if (!(operation.action === 'create')) return [3 /*break*/, 3];
136
+ return [4 /*yield*/, relationFilter_1(operation, context, option)];
137
+ case 1:
138
+ filter2 = _e.sent();
139
+ data = operation.data;
140
+ filter = data instanceof Array ? {
141
+ id: {
142
+ $in: data.map(function (ele) { return ele.id; }),
143
+ },
144
+ } : {
145
+ id: data.id,
146
+ };
147
+ return [4 /*yield*/, (0, filter_1.checkFilterContains)(entity, context, filter2, filter, true)];
148
+ case 2:
149
+ if (_e.sent()) {
150
+ return [2 /*return*/, 0];
151
+ }
152
+ throw new Exception_1.OakUserUnpermittedException(errMsg_2);
153
+ case 3:
154
+ _b = operation;
155
+ _c = filter_1.combineFilters;
156
+ _d = [operation.filter];
157
+ return [4 /*yield*/, relationFilter_1(operation, context, option)];
158
+ case 4:
159
+ _b.filter = _c.apply(void 0, [_d.concat([_e.sent()])]);
160
+ _e.label = 5;
161
+ case 5: return [2 /*return*/, 0];
106
162
  }
107
- // 对后台而言,将生成的relationFilter加到filter之上(select可以在此加以权限的过滤)
108
- operation.filter = (0, filter_1.combineFilters)([operation.filter, relationFilter_1(operation, context, option)]);
109
- return [2 /*return*/, 0];
110
163
  });
111
164
  });
112
165
  });
166
+ return {
167
+ fn: fn,
168
+ when: when,
169
+ };
113
170
  }
114
- case 'expression':
115
- case 'expressionRelation': {
116
- var expression_1 = checker.expression, errMsg_2 = checker.errMsg;
117
- return (function (_a, context, option) {
171
+ case 'logical':
172
+ case 'logicalRelation': {
173
+ var checkerFn_2 = checker.checker;
174
+ var fn = (function (_a, context, option) {
118
175
  var operation = _a.operation;
119
176
  return tslib_1.__awaiter(_this, void 0, void 0, function () {
120
- var exprResult, expressionEntity, expr, expressionFilter, _b, result;
121
- return tslib_1.__generator(this, function (_c) {
122
- switch (_c.label) {
177
+ return tslib_1.__generator(this, function (_b) {
178
+ switch (_b.label) {
123
179
  case 0:
124
- if (context.isRoot() && type === 'expressionRelation') {
180
+ if (context.isRoot() && type === 'logicalRelation') {
125
181
  return [2 /*return*/, 0];
126
182
  }
127
- exprResult = expression_1(operation, context, option);
128
- if (!(typeof exprResult === 'string')) return [3 /*break*/, 1];
129
- throw new Exception_1.OakUserUnpermittedException(exprResult || errMsg_2);
183
+ return [4 /*yield*/, checkerFn_2(operation, context, option)];
130
184
  case 1:
131
- if (!(exprResult === undefined)) return [3 /*break*/, 2];
185
+ _b.sent();
132
186
  return [2 /*return*/, 0];
133
- case 2:
134
- expressionEntity = exprResult.entity, expr = exprResult.expr, expressionFilter = exprResult.filter;
135
- return [4 /*yield*/, context.select(expressionEntity, {
136
- data: {
137
- $expr: expr,
138
- },
139
- filter: expressionFilter,
140
- }, Object.assign({}, option, { dontCollect: true }))];
141
- case 3:
142
- _b = tslib_1.__read.apply(void 0, [_c.sent(), 1]), result = _b[0];
143
- if (!result) {
144
- // 条件判定为假,抛异常
145
- throw new Exception_1.OakUserUnpermittedException(errMsg_2);
146
- }
147
- _c.label = 4;
148
- case 4: return [2 /*return*/, 0];
149
187
  }
150
188
  });
151
189
  });
152
190
  });
191
+ return {
192
+ fn: fn,
193
+ when: when,
194
+ };
153
195
  }
154
196
  default: {
155
197
  (0, assert_1.default)(false);
@@ -158,15 +200,20 @@ function translateCheckerInAsyncContext(checker) {
158
200
  }
159
201
  exports.translateCheckerInAsyncContext = translateCheckerInAsyncContext;
160
202
  function translateCheckerInSyncContext(checker) {
161
- var entity = checker.entity, type = checker.type;
203
+ var entity = checker.entity, type = checker.type, action = checker.action;
204
+ var when = ((action === 'create' || action instanceof Array && action.includes('create')) && ['relation'].includes(type)) ? 'after' : 'before';
162
205
  switch (type) {
163
206
  case 'data': {
164
- var checkerFn_2 = checker.checker;
165
- return function (operation, context) { return checkerFn_2(operation.data, context); };
207
+ var checkerFn_3 = checker.checker;
208
+ var fn = function (operation, context) { return checkerFn_3(operation.data, context); };
209
+ return {
210
+ fn: fn,
211
+ when: when,
212
+ };
166
213
  }
167
214
  case 'row': {
168
215
  var filter_3 = checker.filter, errMsg_3 = checker.errMsg;
169
- return function (operation, context, option) {
216
+ var fn = function (operation, context, option) {
170
217
  var operationFilter = operation.filter, action = operation.action;
171
218
  var filter2 = typeof filter_3 === 'function' ? filter_3(operation, context, option) : filter_3;
172
219
  (0, assert_1.default)(operationFilter);
@@ -175,56 +222,59 @@ function translateCheckerInSyncContext(checker) {
175
222
  return 0;
176
223
  }
177
224
  else {
178
- if ((0, filter_1.checkFilterContains)(entity, context, filter2, operationFilter)) {
225
+ (0, assert_1.default)(!(filter2 instanceof Promise));
226
+ if ((0, filter_1.checkFilterContains)(entity, context, filter2, operationFilter, true)) {
179
227
  return;
180
228
  }
181
229
  throw new Exception_1.OakRowInconsistencyException(undefined, errMsg_3);
182
230
  }
183
231
  };
232
+ return {
233
+ fn: fn,
234
+ when: when,
235
+ };
184
236
  }
185
237
  case 'relation': {
186
- var filter_4 = checker.relationFilter, errMsg_4 = checker.errMsg;
187
- return function (operation, context, option) {
238
+ var relationFilter_2 = checker.relationFilter, errMsg_4 = checker.errMsg;
239
+ var fn = function (operation, context, option) {
188
240
  if (context.isRoot()) {
189
241
  return;
190
242
  }
191
- var filter2 = typeof filter_4 === 'function' ? filter_4(operation, context, option) : filter_4;
192
- var operationFilter = operation.filter;
193
- (0, assert_1.default)(operationFilter);
194
- if ((0, filter_1.checkFilterContains)(entity, context, filter2, operationFilter)) {
243
+ var filter2 = typeof relationFilter_2 === 'function' ? relationFilter_2(operation, context, option) : relationFilter_2;
244
+ var filter = operation.filter, action = operation.action;
245
+ var filter3 = filter;
246
+ if (action === 'create') {
247
+ var data = operation.data;
248
+ filter3 = data instanceof Array ? {
249
+ id: {
250
+ $in: data.map(function (ele) { return ele.id; }),
251
+ },
252
+ } : { id: data.id };
253
+ }
254
+ (0, assert_1.default)(filter3);
255
+ (0, assert_1.default)(!(filter2 instanceof Promise));
256
+ if ((0, filter_1.checkFilterContains)(entity, context, filter2, filter3, true)) {
195
257
  return;
196
258
  }
197
259
  throw new Exception_1.OakUserUnpermittedException(errMsg_4);
198
260
  };
261
+ return {
262
+ fn: fn,
263
+ when: when,
264
+ };
199
265
  }
200
- case 'expression':
201
- case 'expressionRelation': {
202
- var expression_2 = checker.expression, errMsg_5 = checker.errMsg;
203
- return function (operation, context, option) {
204
- if (context.isRoot() && type === 'expressionRelation') {
205
- return;
206
- }
207
- var exprResult = expression_2(operation, context, option);
208
- if (typeof exprResult === 'string') {
209
- throw new Exception_1.OakUserUnpermittedException(exprResult || errMsg_5);
210
- }
211
- else if (exprResult === undefined) {
212
- return 0;
213
- }
214
- else {
215
- var expressionEntity = exprResult.entity, expr = exprResult.expr, expressionFilter = exprResult.filter;
216
- var _a = tslib_1.__read(context.select(expressionEntity, {
217
- data: {
218
- $expr: expr,
219
- },
220
- filter: expressionFilter,
221
- }, Object.assign({}, option, { dontCollect: true })), 1), result = _a[0];
222
- if (!result.$expr) {
223
- // 条件判定为假,抛异常
224
- throw new Exception_1.OakRowInconsistencyException(undefined, errMsg_5);
225
- }
266
+ case 'logical':
267
+ case 'logicalRelation': {
268
+ var checkerFn_4 = checker.checker;
269
+ var fn = function (operation, context, option) {
270
+ if (context.isRoot() && type === 'logicalRelation') {
226
271
  return;
227
272
  }
273
+ checkerFn_4(operation, context, option);
274
+ };
275
+ return {
276
+ fn: fn,
277
+ when: when,
228
278
  };
229
279
  }
230
280
  default: {
@@ -233,154 +283,211 @@ function translateCheckerInSyncContext(checker) {
233
283
  }
234
284
  }
235
285
  exports.translateCheckerInSyncContext = translateCheckerInSyncContext;
236
- function createRelationHierarchyCheckers(schema) {
237
- var checkers = [];
238
- var _loop_1 = function (entity) {
239
- var e_1, _a;
240
- var relationHierarchy = schema[entity].relationHierarchy;
241
- if (relationHierarchy) {
242
- // 先build反向hierarchy的map
243
- var reverseHierarchy_1 = {};
244
- for (var r in relationHierarchy) {
245
- try {
246
- for (var _b = (e_1 = void 0, tslib_1.__values(relationHierarchy[r])), _c = _b.next(); !_c.done; _c = _b.next()) {
247
- var r2 = _c.value;
248
- if (!reverseHierarchy_1[r2]) {
249
- reverseHierarchy_1[r2] = [r];
250
- }
251
- else {
252
- reverseHierarchy_1[r2].push(r);
253
- }
254
- }
255
- }
256
- catch (e_1_1) { e_1 = { error: e_1_1 }; }
257
- finally {
258
- try {
259
- if (_c && !_c.done && (_a = _b.return)) _a.call(_b);
286
+ function translateCascadeRelationFilterMaker(schema, lch, entity2) {
287
+ var cascadePath = lch.cascadePath, relations = lch.relations;
288
+ var paths = cascadePath.split('.');
289
+ var translateRelationFilter = function (entity) {
290
+ // 有两种情况,此entity和user有Relation定义,或是此entity上有userId
291
+ if (schema[entity].relation) {
292
+ var relationEntityName_1 = "user".concat((0, string_1.firstLetterUpperCase)(entity));
293
+ return function (userId) {
294
+ var _a;
295
+ var filter = relations ? {
296
+ userId: userId,
297
+ relation: {
298
+ $in: relations,
299
+ },
300
+ } : {
301
+ userId: userId,
302
+ };
303
+ return {
304
+ id: {
305
+ $in: {
306
+ entity: relationEntityName_1,
307
+ data: (_a = {},
308
+ _a["".concat(entity, "Id")] = 1,
309
+ _a),
310
+ filter: filter,
311
+ },
312
+ },
313
+ };
314
+ };
315
+ }
316
+ var attributes = schema[entity].attributes;
317
+ (0, assert_1.default)(attributes.hasOwnProperty('userId') && attributes.userId.type === 'ref' && attributes.userId.ref === 'user', "\u5728".concat(entity, "\u4E0A\u65E2\u627E\u4E0D\u5230userId\uFF0C\u4E5F\u6CA1\u6709relation\u5B9A\u4E49"));
318
+ return function (userId) { return ({
319
+ userId: userId,
320
+ }); };
321
+ };
322
+ var translateFilterMakerIter = function (entity, iter) {
323
+ var relation = (0, relation_1.judgeRelation)(schema, entity, paths[iter]);
324
+ if (iter === paths.length - 1) {
325
+ if (relation === 2) {
326
+ var filterMaker_1 = translateRelationFilter(paths[iter]);
327
+ return function (userId) {
328
+ var _a;
329
+ var filter = filterMaker_1(userId);
330
+ if (filter.$in) {
331
+ return {
332
+ entity: paths[iter],
333
+ entityId: filter,
334
+ };
260
335
  }
261
- finally { if (e_1) throw e_1.error; }
262
- }
336
+ return _a = {},
337
+ _a[paths[iter]] = filter,
338
+ _a;
339
+ };
263
340
  }
264
- // 对userEntity对象的授权和回收建立checker
265
- var userEntityName_1 = "user".concat((0, string_1.firstLetterUpperCase)(entity));
266
- var entityIdAttr_1 = "".concat(entity, "Id");
267
- checkers.push({
268
- entity: userEntityName_1,
269
- action: 'create',
270
- type: 'expressionRelation',
271
- expression: function (operation, context) {
341
+ (0, assert_1.default)(typeof relation === 'string');
342
+ var filterMaker_2 = translateRelationFilter(relation);
343
+ return function (userId) {
344
+ var _a, _b;
345
+ var filter = filterMaker_2(userId);
346
+ if (filter.$in) {
347
+ return _a = {},
348
+ _a["".concat(paths[iter], "Id")] = filter,
349
+ _a;
350
+ }
351
+ return _b = {},
352
+ _b[paths[iter]] = filter,
353
+ _b;
354
+ };
355
+ }
356
+ else {
357
+ var subFilterMaker_1 = translateFilterMakerIter(paths[iter], iter + 1);
358
+ if (iter === 0) {
359
+ return function (userId) {
272
360
  var _a;
273
- var data = operation.data;
274
- var _b = data, relation = _b.relation, _c = entityIdAttr_1, entityId = _b[_c];
275
- var legalRelations = reverseHierarchy_1[relation];
276
- if (!legalRelations) {
277
- return undefined;
278
- }
279
- if (legalRelations.length === 0) {
280
- return '这是不应该跑出来的情况,请杀程序员祭天';
281
- }
282
- var userId = context.getCurrentUserId();
283
- return {
284
- entity: userEntityName_1,
285
- expr: {
286
- $gt: [{
287
- '#attr': '$$createAt$$',
288
- }, 0]
289
- },
290
- filter: (_a = {
291
- userId: userId
292
- },
293
- _a[entityIdAttr_1] = entityId,
294
- _a.relation = {
295
- $in: legalRelations,
296
- },
297
- _a)
298
- };
299
- },
300
- errMsg: '越权操作',
301
- });
302
- var _loop_2 = function (r) {
361
+ var subFilter = subFilterMaker_1(userId);
362
+ return _a = {},
363
+ _a[paths[iter]] = subFilter,
364
+ _a;
365
+ };
366
+ }
367
+ return function (userId) {
368
+ var _a;
369
+ return (_a = {},
370
+ _a[paths[iter]] = subFilterMaker_1(userId),
371
+ _a);
372
+ };
373
+ }
374
+ };
375
+ var filter = cascadePath ? translateFilterMakerIter(entity2, 0) : translateRelationFilter(entity2);
376
+ return filter;
377
+ }
378
+ function translateActionAuthFilterMaker(schema, relationItem, entity) {
379
+ if (relationItem instanceof Array) {
380
+ var maker_1 = relationItem.map(function (ele) {
381
+ if (ele instanceof Array) {
382
+ return ele.map(function (ele2) { return translateCascadeRelationFilterMaker(schema, ele2, entity); });
383
+ }
384
+ return [translateCascadeRelationFilterMaker(schema, ele, entity)];
385
+ });
386
+ return function (userId) { return ({
387
+ $or: maker_1.map(function (ele) { return ({
388
+ $and: ele.map(function (ele2) { return ele2(userId); })
389
+ }); })
390
+ }); };
391
+ }
392
+ var filterMaker = translateCascadeRelationFilterMaker(schema, relationItem, entity);
393
+ return function (userId) { return filterMaker(userId); };
394
+ }
395
+ function createAuthCheckers(schema, authDict) {
396
+ var checkers = [];
397
+ var _loop_1 = function (entity) {
398
+ var _a;
399
+ if (authDict[entity]) {
400
+ var _b = authDict[entity], relationAuth = _b.relationAuth, actionAuth = _b.actionAuth;
401
+ if (relationAuth) {
402
+ var raFilterMakerDict_1 = {};
403
+ for (var r in relationAuth) {
404
+ Object.assign(raFilterMakerDict_1, (_a = {},
405
+ _a[r] = translateActionAuthFilterMaker(schema, relationAuth[r], entity),
406
+ _a));
407
+ }
408
+ var userEntityName_1 = "user".concat((0, string_1.firstLetterUpperCase)(entity));
409
+ var entityIdAttr_1 = "".concat(entity, "Id");
303
410
  checkers.push({
304
411
  entity: userEntityName_1,
305
- action: 'remove',
306
- type: 'expressionRelation',
307
- conditionalFilter: {
308
- relation: r,
412
+ action: 'create',
413
+ type: 'relation',
414
+ relationFilter: function (operation, context) {
415
+ var _a;
416
+ var data = operation.data;
417
+ (0, assert_1.default)(!(data instanceof Array));
418
+ var _b = data, relation = _b.relation, _c = entityIdAttr_1, entityId = _b[_c];
419
+ var userId = context.getCurrentUserId();
420
+ if (!raFilterMakerDict_1[relation]) {
421
+ return;
422
+ }
423
+ var filter = raFilterMakerDict_1[relation](userId);
424
+ return _a = {},
425
+ _a[entity] = filter,
426
+ _a;
309
427
  },
310
- expression: function (operation, context) {
311
- var _a, _b;
428
+ errMsg: '越权操作',
429
+ });
430
+ checkers.push({
431
+ entity: userEntityName_1,
432
+ action: 'remove',
433
+ type: 'relation',
434
+ relationFilter: function (operation, context) {
435
+ var _a;
312
436
  var userId = context.getCurrentUserId();
313
437
  var filter = operation.filter;
314
- var legalRelations = reverseHierarchy_1[r];
315
- if (legalRelations.length === 0) {
316
- return '这是不应该跑出来的情况,请杀程序员祭天';
317
- }
318
- return {
319
- entity: userEntityName_1,
320
- expr: {
321
- $gt: [{
322
- '#attr': '$$createAt$$',
323
- }, 0]
324
- },
325
- filter: (_a = {
326
- userId: userId
327
- },
328
- _a[entityIdAttr_1] = {
329
- $in: {
330
- entity: userEntityName_1,
331
- data: (_b = {},
332
- _b[entityIdAttr_1] = 1,
333
- _b),
334
- filter: filter,
335
- }
336
- },
337
- _a.relation = {
338
- $in: legalRelations,
438
+ var makeFilterFromRows = function (rows) {
439
+ var relations = (0, lodash_1.uniq)(rows.map(function (ele) { return ele.relation; }));
440
+ var entityIds = (0, lodash_1.uniq)(rows.map(function (ele) { return ele[entityIdAttr_1]; }));
441
+ (0, assert_1.default)(entityIds.length === 1, "\u5728\u56DE\u6536".concat(userEntityName_1, "\u4E0A\u6743\u9650\u65F6\uFF0C\u5355\u6B21\u56DE\u6536\u6D89\u53CA\u5230\u4E86\u4E0D\u540C\u7684\u5BF9\u8C61\uFF0C\u6B64\u64CD\u4F5C\u4E0D\u88AB\u5141\u8BB8"));
442
+ // const entityId = entityIds[0]!;
443
+ // 所有的relation条件要同时满足and关系(注意这里的filter翻译出来是在entity对象上,不是在userEntity对象上)
444
+ return {
445
+ $and: relations.map(function (relation) { return raFilterMakerDict_1[relation]; }).filter(function (ele) { return !!ele; }).map(function (ele) {
446
+ var _a;
447
+ return (_a = {},
448
+ _a[entity] = ele(userId),
449
+ _a);
450
+ })
451
+ };
452
+ };
453
+ var toBeRemoved = context.select(userEntityName_1, {
454
+ data: (_a = {
455
+ id: 1,
456
+ relation: 1
339
457
  },
458
+ _a[entityIdAttr_1] = 1,
340
459
  _a),
341
- };
460
+ filter: filter,
461
+ }, { dontCollect: true });
462
+ if (toBeRemoved instanceof Promise) {
463
+ return toBeRemoved.then(function (rows) { return makeFilterFromRows(rows); });
464
+ }
465
+ return makeFilterFromRows(toBeRemoved);
342
466
  },
343
467
  errMsg: '越权操作',
344
468
  });
345
- };
346
- for (var r in reverseHierarchy_1) {
347
- _loop_2(r);
469
+ // 转让权限现在用update动作,只允许update userId给其它人
470
+ // todo 等实现的时候再写
348
471
  }
349
- /* // 一个人不能授权给自己,也不能删除自己的授权
350
- checkers.push({
351
- entity: userEntityName as keyof ED,
352
- action: 'create' as ED[keyof ED]['Action'],
353
- type: 'data',
354
- checker: (data, context) => {
355
- assert(!(data instanceof Array));
356
- const { userId } = data as ED[keyof ED]['CreateSingle']['data'];
357
- const userId2 = context.getCurrentUserId(true);
358
- if (userId === userId2) {
359
- throw new OakDataException('不允许授权给自己');
360
- }
472
+ if (actionAuth) {
473
+ var _loop_2 = function (a) {
474
+ var filterMaker = translateActionAuthFilterMaker(schema, actionAuth[a], entity);
475
+ checkers.push({
476
+ entity: entity,
477
+ action: a,
478
+ type: 'relation',
479
+ relationFilter: function (operation, context) {
480
+ // const { filter } = operation;
481
+ var filter = filterMaker(context.getCurrentUserId());
482
+ return filter;
483
+ },
484
+ errMsg: '定义的actionAuth中检查出来越权操作',
485
+ });
486
+ };
487
+ for (var a in actionAuth) {
488
+ _loop_2(a);
361
489
  }
362
- });
363
-
364
- checkers.push({
365
- entity: userEntityName as keyof ED,
366
- action: 'remove' as ED[keyof ED]['Action'],
367
- type: 'row',
368
- filter: (operation, context) => {
369
- const userId = context.getCurrentUserId(true);
370
- if (userId) {
371
- return {
372
- userId: {
373
- $ne: userId,
374
- },
375
- };
376
- }
377
- console.warn(`没有当前用户但在删除权限,请检查。对象是${entity}`);
378
- return {};
379
- },
380
- errMsg: '不允许回收自己的授权',
381
- }); */
382
- // 转让权限现在用update动作,只允许update userId给其它人
383
- // todo 等实现的时候再写
490
+ }
384
491
  }
385
492
  };
386
493
  for (var entity in schema) {
@@ -388,4 +495,4 @@ function createRelationHierarchyCheckers(schema) {
388
495
  }
389
496
  return checkers;
390
497
  }
391
- exports.createRelationHierarchyCheckers = createRelationHierarchyCheckers;
498
+ exports.createAuthCheckers = createAuthCheckers;