owl-cli 7.17.0 → 7.19.0

package/docs/obj_id_rules.md

@@ -0,0 +1,33 @@
+# id 生成
+
+## 默认规则
+默认无需任何配置，id会自动生成，格式为：`owl_{obj_type}_{seq}`，其中：
+- `obj_type` 为对象类型，例如：`user`、`group`、`policy` 等
+- `seq` 为序列号，从 50000 开始递增
+
+## 自定义规则
+```
+ "#meta":{
+    "id": "<%=#shop_id + orgId%>",
+    ...
+ }
+```
+
+在#meta中配置id规则时，支持使用变量，变量格式为：`<%=#var_name%>`，其中：
+- `var_name` 为变量名，例如：`shop_id`、`orgId` 等,这些变量就是对象中的字段
+  
+
+## 主要用法
+
+### 实现对象的上下级关系
+
+比如在org_user对象中，一个org_user代表了一个组织下的用户，用户的org_user的Id为：`<%=#orgId + userId%>`,
+其中：
+- `orgId` 为组织id
+- `userId` 为用户id
+
+
+
+
+
+

package/docs/permissions.md

@@ -0,0 +1,42 @@
+# 权限管理
+# 插件权限
+在 Owl 平台中，可以通过为插件分配权限来控制哪些用户或用户组可以访问和使用特定的插件功能。这有助于确保系统的安全性和数据的完整性。
+```
+//#import @owl:utils/PermissionUtil.jsx
+
+checkBackendPluginPermission(pluginId);
+
+如果用户没有权限执行此操作，会抛出异常。
+
+```
+
+我们用一个例子说明：
+
+```
+
+//#import $owl_mall_u:services/modelService.jsx
+//#import $org_user:services/modelService.jsx
+//#import @owl:utils/PermissionUtil.jsx
+
+function main(){
+    var params = JSON.parse($body);
+    var data = params.data;
+    var id = params.id;
+    
+    
+    try{
+        checkBackendPluginPermission("addUserToGroupPlugin");
+    }catch(errmsg){
+        var ret = {
+            state:"err",
+            msg:errmsg
+        }
+        out.print(JSON.stringify(ret));
+        return;
+    }
+    ......
+}
+        
+```
+
+

package/examples/models/owlsys/user/org_user/api/src/plugins/addToOrgUser.jsx

@@ -0,0 +1,76 @@
+//#import $owl_mall_u:services/modelService.jsx
+//#import $org_user:services/modelService.jsx
+//#import @handlers/include/checklogin.jsx
+//#import @owl:utils/PermissionUtil.jsx
+
+function main(){
+    var params = JSON.parse($body);
+    var data = params.data;
+    var id = params.id;
+    
+    
+    try{
+        checkBackendPluginPermission("addUserToGroupPlugin");
+    }catch(errmsg){
+        var ret = {
+            state:"err",
+            msg:errmsg
+        }
+        out.print(JSON.stringify(ret));
+        return;
+    }
+        
+    
+
+   
+    
+
+    var mobile = data.mobile;
+    var admin = owl_mall_uService.getUniqueObj('mobile',mobile);
+    if(!admin){
+        admin = owl_mall_uService.getUniqueObj('loginId',mobile);
+    }
+    if(!admin){
+        admin = owl_mall_uService.getUniqueObj('email',mobile);
+    }
+    if(!admin){
+        var ret = {
+            state:"err",
+            msg:"手机号不存在"
+        }
+        out.print(JSON.stringify(ret));
+        return;
+    }
+    
+    // 检查用户是否已存在于org_user中
+    var existingOrgUser = org_userService.getUniqueObj('userId',admin.id);
+    if(existingOrgUser){
+        var ret = {
+            state:"err",
+            msg:"用户已经存在,请勿重复添加"
+        }
+        out.print(JSON.stringify(ret));
+        return;
+    }
+
+    // 创建org_user记录
+    var orgUser = {
+        userId: admin.id,
+        name: admin.name || admin.loginId,
+        loginId: admin.loginId,
+        realName: admin.realName,
+        nickName: admin.nickName,
+        mobile: admin.mobile,
+        email: admin.email,
+        isEnable: 1
+    };
+
+    org_userService.add(orgUser);
+    
+    var ret = {
+        state:"ok",
+        msg:"操作成功,请过几秒后刷新。"
+    }
+    out.print(JSON.stringify(ret));
+}
+main();

package/examples/models/owlsys/user/org_user.json

@@ -0,0 +1,51 @@
+{
+  "id": "string(12),formSize:2,disabled:true,searchable:true;客户Id",
+  "userId": "string(12),isId:true;用户Id",
+  "orgId": "string(16),formSize:2,searchable:true;所属商家Id",
+  "orgName": "string(16),formSize:2,searchable:true;所属商家",
+  "isEnable": "choice,formSize:2,listSize:4,values:1_正常/0_冻结_#be0027,defaultValue:1,searchable:true,hidden:false;状态",
+  "name": "string(12),listSize:5,formSize:2,searchable:true;名称",
+  "loginId": "string(12),listSize:5,formSize:2,searchable:true,unique:true;登录Id",
+  "realName": "string(12),listSize:5,formSize:2,searchable:true;真实姓名",
+  "nickName": "string(12),listSize:5,formSize:2,searchable:true;昵称",
+  "mobile": "string(16),listSize:5,inputType:mobile,formSize:2,searchable:true,unique:true;手机",
+  "email": "string(64),formSize:2,searchable:true,unique:true;邮箱",
+  "_t": "org_user",
+  "#meta": {
+    "rem": "客户管理",
+    "id": "<%=#orgId + '_' + userId%>",
+    "projectName": "电商",
+    "changeLogEnabled": true,
+
+    "parent": [
+      "platform"
+    ],
+    "visitType": [
+      "platform"
+    ],
+
+    "pos": 1,
+    "group": {
+      "id": "mall_user",
+      "name": "会员管理",
+      "icon": "user",
+      "pos": 6
+    },
+
+    "formPlugins": [
+      {
+        "label": "添加客户",
+        "id": "addUserToGroupPlugin",
+        "action": "/owl_org_user/plugins/addUserToGroup.jsx",
+        "responseAction": "showMessage",
+        "inputForm": {
+          "label":"添加客户",
+          "fields": {
+            "mobile": "string(16),isMobile:true,formSize:8;手机或邮箱或loginId"
+          }
+        },
+        "position": "listItem,form"
+      }
+    ]
+  }
+}

package/examples/owlsysApps/owlShell/src/utils/PermissionUtil.jsx

@@ -1,5 +1,5 @@
 //#import $owl_permission:services/modelService.jsx
-
+//#import $owlPermission:services/RolesService.jsx
 
 function getPermissions(roleId){
     var searchArgs = {
@@ -44,4 +44,137 @@ function checkPluginPermission(pluginId, permissions) {
         }
     }
     return false;
-}
+}
+
+function checkPluginPermissionByRoleId(pluginId, roleId) {
+    var permissions = getPermissions(roleId);
+    return checkPluginPermission(pluginId, permissions);
+}
+
+function checkUserHasRole(userId, roleId,orgId){
+   // 检查用户时候拥有某个角色
+    var roles = getRoles(orgId,userId);
+    if(isRoleOk(roles,roleId)){
+        return true;
+    }
+    return false;
+}
+
+function checklogin() {
+    var magic = $.getSystemProperty("magic");
+    var magicParams = $.params.ma;
+    var m = '0';//默认是 平台
+    if (magic === magicParams) {
+        //代表是内部操作
+        var user = {
+            uid: 'internal',
+            loginId: "internal",
+            name: "系统内部访问",
+            allowed_appIds: ["*"]
+        }
+
+        var env = {
+            now: new Date().getTime(),
+            loginUserId: 'internal',
+            loginId: 'internal',
+            // loginUser:user,
+            shopId: m,
+            warehouseId: "",
+            roleId: 'internal',
+            orgId: 'internal',
+            orgIds: 'internal',
+            m: m
+        }
+        return env;
+
+    } else {
+        var params = JSON.parse($body);
+        var token = params._req_token
+        if(token){
+            var token_user = getUserByToken(token);
+            if(token_user){
+                var env = {
+                    now: new Date().getTime(),
+                    loginUserId: token_user.id,
+                    loginId: token_user.id,
+                    // loginUser:loginUser,
+                    shopId: m,
+                    warehouseId: "",
+                    roleId:  params.rroleId,
+                    orgId: params.rorgId,
+                    orgIds: null,
+                    m: m
+                }
+                return env;
+            }
+            else{
+                var ret = {
+                    state: 'err',
+                    code: 'not valid token',
+                    msg: "not valid token"
+                }
+                out.print(JSON.stringify(ret));
+                return null;
+            }
+        }
+        var isid = SessionService.getSessionId(request);
+        var now = new Date().getTime();
+        var sessionId = 'owl_backend_session_' + isid;
+        var session = owl_backend_sessionService.get(sessionId);
+        if (session && session.lastModified > now - 7 * 24 * 3600 * 1000) {
+            var loginUserId = session.userId
+            var roleId = params.rroleId || session.roleId;
+            var orgId = params.rorgId || session.orgId;
+            var orgIds = [orgId].concat(getParentOrgIds(orgId));
+            if (loginUserId) {
+                // var loginUser = owl_mall_uService.get(loginUserId);
+                var env = {
+                    now: new Date().getTime(),
+                    loginUserId: loginUserId,
+                    loginId: loginUserId,
+                    // loginUser:loginUser,
+                    shopId: m,
+                    warehouseId: "",
+                    roleId: roleId,
+                    orgId: orgId,
+                    orgIds: orgIds,
+                    m: m
+                }
+                return env;
+            } else {
+                var ret = {
+                    state: 'err',
+                    code: 'no login',
+                    msg: "not login!"
+                }
+                out.print(JSON.stringify(ret));
+                return null;
+            }
+        } else {
+            var ret = {
+                state: 'err',
+                code: 'no login',
+                msg: "not login!"
+            }
+            out.print(JSON.stringify(ret));
+            return null;
+        }
+    }
+}
+
+function checkBackendPluginPermission(pluginId){
+    var env = checklogin();
+    var roleId = env.roleId
+    var orgId = env.orgId;
+    var loginUserId = env.loginUserId;
+
+    if(!checkUserHasRole(loginUserId, roleId, orgId)){
+        throw "用户角色异常";
+    }
+
+    if(!checkPluginPermissionByRoleId( pluginId,rroleId)){
+        throw "没有权限执行此操作";
+    }
+
+
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "owl-cli",
-  "version": "7.17.0",
+  "version": "7.19.0",
   "main": "index.js",
   "preferGlobal": true,
   "bin": {