sumba 2.22.1 → 2.24.0

package/extend/bajo/hook/bajo.extend@after-read-config.js

@@ -0,0 +1,13 @@
+import path from 'path'
+
+async function afterReadConfig (file, result, options) {
+  const base = path.basename(file, path.extname(file))
+  // rewrite fixtures
+  if (!(base === 'route-guard' && Array.isArray(result) && file.includes('/fixture/'))) return
+  for (const res of result) {
+    if (res.path.slice(0, 2) === ':/') res.path = options.sourceNs + res.path
+    res.path = res.path.replaceAll('{ns}', options.sourceNs)
+  }
+}
+
+export default afterReadConfig

package/extend/bajo/hook/dobo.sumba-route-guard@after-transaction.js

@@ -0,0 +1,6 @@
+async function afterTransaction (action, ...args) {
+  if (!['createRecord', 'updateRecord', 'removeRecord'].includes(action)) return
+  await this.getRouteGuards(true)
+}
+
+export default afterTransaction

package/extend/bajo/hook/dobo@before-count-record.js

@@ -1,8 +1,8 @@
-import { handler } from './dobo@before-find-record.js'
+import { handler } from './dobo@before-driver-find-record.js'
 
-const doboBeforeCountRecord = {
+const doboBeforeDriverCountRecord = {
   level: 1000,
   handler
 }
 
-export default doboBeforeCountRecord
+export default doboBeforeDriverCountRecord

package/extend/bajo/hook/dobo@before-driver-create-record.js

@@ -0,0 +1,17 @@
+const doboBeforeDriverCreateRecord = {
+  level: 1000,
+  handler: async function (model, body, options = {}) {
+    const { get } = this.app.lib._
+    const { isSet } = this.app.lib.aneka
+    const { req } = options
+    if (options.noAutoFilter || !req || get(req, 'routeOptions.config.crossSite')) return
+    const item = { siteId: 'site.id', userId: 'user.id' }
+    for (const i in item) {
+      const rec = get(req, item[i])
+      const field = model.getProperty(i)
+      if (rec && field && !isSet(body[i])) body[i] = field.type === 'string' ? (rec + '') : rec
+    }
+  }
+}
+
+export default doboBeforeDriverCreateRecord

package/extend/bajo/hook/dobo@before-driver-find-all-record.js

@@ -0,0 +1,13 @@
+import { rebuildFilter } from './dobo@before-driver-find-record.js'
+
+const doboBeforeDriverFindAllRecord = {
+  level: 1000,
+  handler: async function (model, filter, options) {
+    const { req } = options
+    const { isEmpty } = this.app.lib._
+    if (options.noAutoFilter || !req || isEmpty(req.site)) return
+    await rebuildFilter.call(this, model, filter, options)
+  }
+}
+
+export default doboBeforeDriverFindAllRecord

package/extend/bajo/hook/dobo@before-driver-find-record.js

@@ -0,0 +1,96 @@
+async function applyModelGuard ({ model, q, teamIds, options }) {
+  const { isEmpty, get, set, uniq } = this.app.lib._
+  const { req } = options
+  const { getModel } = this.app.dobo
+
+  const guards = []
+  const query = { status: 'ACTIVE', siteId: req.site.id + '' }
+  const results = await getModel('SumbaModelGuard').findAllRecord({ query }, { noMagic: true, dataOnly: true, noDriverHook: true })
+  const item = {}
+
+  function add (res) {
+    item[res.column].push(...res.value)
+  }
+
+  for (const res of results) {
+    res.teamIds = res.teamIds ?? []
+    if (!(res.models ?? []).includes(model.name) || isEmpty(res.value)) continue
+    item[res.column] = item[res.column] ?? []
+    if (teamIds.length > 0) {
+      for (const id of res.teamIds) {
+        if (teamIds.includes(id)) add(res)
+      }
+    }
+  }
+  for (const key in item) {
+    item[key] = uniq(item[key])
+    if (item[key].length === 0) continue
+    guards.push(set({}, key, { $in: item[key] }))
+  }
+
+  const allowEmpty = get(this, `config.dobo.model.${model.name}.allowEmptyQuery`, true)
+  if (guards.length === 0 && !allowEmpty) throw this.error('_emptyColumnQuery') // signal driver to about with no result immediately
+  q.$and.push(...guards)
+}
+
+export async function applyAttribGuard ({ model, teamIds, options }) {
+  const { getModel } = this.app.dobo
+  const { uniq } = this.app.lib._
+  const { req } = options
+
+  const query = { status: 'ACTIVE', siteId: req.site.id + '' }
+  const results = await getModel('SumbaAttribGuard').findAllRecord({ query }, { noMagic: true, dataOnly: true, noDriverHook: true })
+  const result = results.find(item => (item.models ?? []).includes(model.name))
+  if (!result) return
+  options.hidden = options.hidden ?? []
+  for (const id of result.teamIds ?? []) {
+    if (teamIds.includes(id)) options.hidden.push(...(result.hiddenCols ?? []))
+  }
+  options.hidden = uniq(options.hidden)
+}
+
+export async function rebuildFilter (model, filter = {}, options = {}) {
+  const { isEmpty, get } = this.app.lib._
+  const { req } = options
+  const hasSiteId = model.hasProperty('siteId')
+  const hasUserId = model.hasProperty('userId')
+  const hasTeamId = model.hasProperty('teamId')
+  const teams = get(req, 'user.teams', [])
+  const teamIds = teams.map(team => team.id + '')
+  const aliases = teams.map(team => team.alias)
+  const q = { $and: [] }
+
+  filter.query = filter.query ?? {}
+  if (!isEmpty(filter.query)) {
+    if (filter.query.$and) q.$and.push(...filter.query.$and)
+    else q.$and.push(filter.query)
+  }
+  if (req.routeOptions.config.crossSite) return
+  if (hasSiteId) q.$and.push({ siteId: req.site.id + '' })
+  if (aliases.includes('administrator')) {
+    filter.query = q
+    return
+  }
+
+  if (hasTeamId) {
+    if (hasUserId) q.$and.push({ $or: [{ teamId: { $in: teamIds } }, { userId: req.user.id + '' }] })
+    else q.$and.push({ teamId: { $in: teamIds } })
+  } else if (hasUserId) q.$and.push({ userId: req.user.id + '' })
+
+  await applyModelGuard.call(this, { model, q, teamIds, options })
+  await applyAttribGuard.call(this, { model, teamIds, options })
+  filter.query = q
+}
+
+export async function handler (model, filter, options = {}) {
+  const { isEmpty } = this.app.lib._
+  if (options.noAutoFilter || !options.req || isEmpty((options.req ?? {}).site)) return
+  await rebuildFilter.call(this, model, filter, options)
+}
+
+const doboBeforeDriverFindRecord = {
+  level: 1000,
+  handler
+}
+
+export default doboBeforeDriverFindRecord

package/extend/bajo/hook/dobo@before-driver-get-record.js

@@ -0,0 +1,22 @@
+import { rebuildFilter } from './dobo@before-driver-find-record.js'
+
+export async function checker (model, id, options = {}) {
+  const { req } = options
+
+  if (options.noAutoFilter || !req) return
+  const filter = {}
+  await rebuildFilter.call(this, model, filter, options)
+  if (filter.query.$and) filter.query.$and.push({ id })
+  else filter.query.id = id
+  const row = await model.findOneRecord(filter, { count: false })
+  if (!row) throw this.app.dobo.error('recordNotFound%s%s', id, this.name, { statusCode: 404 })
+}
+
+const doboBeforeDriverGetRecord = {
+  level: 1000,
+  handler: async function (model, id, options) {
+    await checker.call(this, model, id, options)
+  }
+}
+
+export default doboBeforeDriverGetRecord

package/extend/bajo/hook/dobo@before-driver-remove-record.js

@@ -0,0 +1,10 @@
+import { checker } from './dobo@before-driver-get-record.js'
+
+const doboBeforeDriverRemoveRecord = {
+  level: 1000,
+  handler: async function (model, id, options = {}) {
+    await checker.call(this, model, id, options.req)
+  }
+}
+
+export default doboBeforeDriverRemoveRecord

package/extend/bajo/hook/dobo@before-driver-update-record.js

@@ -0,0 +1,10 @@
+import { checker } from './dobo@before-driver-get-record.js'
+
+const doboBeforeDriverUpdateRecord = {
+  level: 1000,
+  handler: async function (model, id, body, options = {}) {
+    await checker.call(this, model, id, options)
+  }
+}
+
+export default doboBeforeDriverUpdateRecord

package/extend/bajo/hook/waibu-mpa@pre-parsing.js

@@ -1,13 +1,14 @@
-import { checkUserId, checkTeam, checkTheme, checkIconset, checkinterSite } from '../../../lib/util.js'
+import { checkUserId, checkTeam, checkTheme, checkIconset, checkCrossSite } from '../../../lib/util.js'
 
 const preParsing = {
   level: 10,
   handler: async function (req, reply) {
     await checkTheme.call(this, req, reply)
     await checkIconset.call(this, req, reply)
-    await checkUserId.call(this, req, reply, 'waibuMpa')
-    await checkTeam.call(this, req, reply, 'waibuMpa')
-    await checkinterSite.call(this, req, reply)
+    const secure = await checkUserId.call(this, req, reply, 'waibuMpa')
+    if (!secure) return
+    await checkTeam.call(this, req, reply, secure)
+    await checkCrossSite.call(this, req, reply)
   }
 }
 

package/extend/bajo/hook/waibu-rest-api@pre-parsing.js

@@ -1,11 +1,12 @@
-import { checkUserId, checkTeam, checkinterSite } from '../../../lib/util.js'
+import { checkUserId, checkTeam, checkCrossSite } from '../../../lib/util.js'
 
 const preParsing = {
   level: 10,
   handler: async function (req, reply) {
-    await checkUserId.call(this, req, reply, 'waibuRestApi')
-    await checkTeam.call(this, req, reply, 'waibuRestApi')
-    await checkinterSite.call(this, req, reply)
+    const secure = await checkUserId.call(this, req, reply, 'waibuRestApi')
+    if (!secure) return
+    await checkTeam.call(this, req, reply, secure)
+    await checkCrossSite.call(this, req, reply)
   }
 }
 

package/extend/bajo/hook/waibu-static@pre-parsing.js

@@ -1,11 +1,12 @@
-import { checkUserId, checkTeam, checkinterSite } from '../../../lib/util.js'
+import { checkUserId, checkTeam, checkCrossSite } from '../../../lib/util.js'
 
 const preParsing = {
   level: 10,
   handler: async function (req, reply) {
-    await checkUserId.call(this, req, reply, 'waibuStatic')
-    await checkTeam.call(this, req, reply, 'waibuStatic')
-    await checkinterSite.call(this, req, reply)
+    const secure = await checkUserId.call(this, req, reply, 'waibuStatic')
+    if (!secure) return
+    await checkTeam.call(this, req, reply, secure)
+    await checkCrossSite.call(this, req, reply)
   }
 }
 

package/extend/bajo/hook/waibu@after-app-boot.js

@@ -1,23 +1,5 @@
-import { collectRoutes, collectTeam } from '../../../lib/collect.js'
-
-async function afterAppBoot () {
-  const { runHook } = this.app.bajo
-  await runHook(`${this.ns}:beforeBoot`)
-  this.log.trace('collectingRouteGuards')
-  await collectRoutes.call(this, 'secure')
-  await runHook(`${this.ns}:afterCollectSecureRoutes`, this.secureRoutes, this.secureNegRoutes)
-  this.log.trace('secureRoutes%d', this.secureRoutes.length)
-  this.log.trace('secureNegRoutes%d', this.secureNegRoutes.length)
-  await collectRoutes.call(this, 'anonymous')
-  await runHook(`${this.ns}:afterCollectAnonymousRoutes`, this.anonymousRoutes, this.anonymousNegRoutes)
-  this.log.trace('anonRoutes%d', this.anonymousRoutes.length)
-  this.log.trace('anonNegRoutes%d', this.anonymousNegRoutes.length)
-  this.log.trace('collectingTeamGuards')
-  await collectTeam.call(this)
-  await runHook(`${this.ns}:afterCollectTeamRoutes`, this.teamRoutes, this.teamNegRoutes)
-  this.log.trace('teamRoutes%d', this.teamRoutes.length)
-  this.log.trace('teamNegRoutes%d', this.teamNegRoutes.length)
-  await runHook(`${this.ns}:afterBoot`)
-}
-
-export default afterAppBoot
+async function afterAppBoot () {
+  await this.getRouteGuards(true)
+}
+
+export default afterAppBoot

package/extend/bajo/hook/waibu@pre-parsing.js

@@ -1,13 +1,8 @@
-import { checkNoRouteSetting, checkNoRouteSettingKey } from '../../../lib/util.js'
-
 const preParsing = {
   level: 10,
   handler: async function (req, reply) {
-    const { get } = this.app.lib._
     const { getHostname } = this.app.waibu
     req.site = await this.getSite(getHostname(req))
-    const routes = get(req.site, checkNoRouteSettingKey)
-    checkNoRouteSetting.call(this, req, routes)
   }
 }
 

package/extend/bajo/intl/en-US.json

@@ -61,11 +61,6 @@
   "troubleTickets": "Trouble Tickets",
   "guest": "Guest",
   "warningMemberOnly%s": "Please authenticate yourself first, because the <a href=\"%s\">page<a> your're trying to access is a member only page",
-  "collectingRouteGuards": "Collecting route guards:",
-  "secureRoutes%d": "- Secure routes: %d",
-  "secureNegRoutes%d": "- Secure, negated routes: %d",
-  "anonRoutes%d": "- Anonymous routes: %d",
-  "anonNegRoutes%d": "- Anonymous, negated routes: %d",
   "replies": "Replies",
   "compose": "Compose",
   "yourReply": "Your Reply",
@@ -136,6 +131,10 @@
   "statusOpen": "Open",
   "statusClosed": "Closed",
   "allSites": "All Sites",
+  "permission": "Permission",
+  "routeGuard": "Route",
+  "modelGuard": "Model",
+  "attribGuard": "Attribute",
   "field": {
     "currentPassword": "Current Password",
     "newPassword": "New Password",
@@ -159,7 +158,15 @@
     "team": "Team",
     "ns": "Module's Namespace",
     "value": "Value",
-    "notes": "Notes"
+    "notes": "Notes",
+    "path": "Path",
+    "inverse": "Inverse?",
+    "anonymous": "Anonymous?",
+    "methods": "Methods",
+    "teamIds": "Teams",
+    "column": "Column",
+    "hiddenCols": "Hidden Columns",
+    "models": "Models"
   },
   "validation": {
     "password": {

package/extend/bajo/intl/id.json

@@ -137,6 +137,10 @@
   "statusOpen": "Terbuka",
   "statusClosed": "Tertutup",
   "allSites": "Semua Situs",
+  "permission": "Permisi",
+  "routeGuard": "Rute",
+  "modelGuard": "Model",
+  "attribGuard": "Atribut",
   "field": {
     "currentPassword": "Kata Sandi Saat Ini",
     "newPassword": "Kata Sandi Baru",
@@ -159,8 +163,16 @@
     "user": "Pengguna",
     "team": "Tim",
     "ns": "Ruang Nama Modul",
-    "value": "Value",
-    "notes": "Catatan"
+    "value": "Nilai",
+    "notes": "Catatan",
+    "path": "Jejak",
+    "inverse": "Inverse?",
+    "anonymous": "Anonim?",
+    "methods": "Metode",
+    "teamIds": "Tim",
+    "column": "Kolom",
+    "hideCols": "Sembunyikan Kolom",
+    "models": "Model"
   },
   "validation": {
     "password": {

package/extend/dobo/feature/team-ids.js

@@ -0,0 +1,20 @@
+async function teamIds (opts = {}) {
+  return {
+    properties: [{
+      name: 'teamIds',
+      type: 'array',
+      default: [],
+      ref: {
+        teamIds: {
+          model: 'SumbaTeam',
+          field: 'id',
+          searchField: 'name',
+          fields: ['id', 'alias', 'name']
+        }
+      },
+      index: true
+    }]
+  }
+}
+
+export default teamIds

package/extend/dobo/fixture/route-guard.js

@@ -0,0 +1,26 @@
+const routes = [
+  'sumba:/your-stuff/**/*',
+  'sumba:/signout',
+  'sumba:/help/trouble-tickets/**/*',
+  'sumba.restapi:/user/api-key',
+  'sumba.restapi:/your-stuff/**/*',
+  'sumba.restapi:/manage/**/*',
+  '~sumba:/user/**/*',
+  '~sumba:/signin',
+  '~sumba.restapi:/user/access-token/**/*'
+]
+
+async function routeGuard () {
+  return routes.map(r => {
+    const anonymous = r[0] === '~'
+    return {
+      path: anonymous ? r.slice(1) : r,
+      anonymous,
+      _immutable: true,
+      siteId: '?:SumbaSite::alias:default',
+      status: 'ACTIVE'
+    }
+  })
+}
+
+export default routeGuard

package/extend/dobo/model/attrib-guard.js

@@ -0,0 +1,36 @@
+async function routeGuard () {
+  return {
+    properties: [
+      {
+        name: 'models',
+        type: 'array',
+        required: true
+      },
+      'hiddenCols,array',
+      'teamIds,sumba:teamIds'
+    ],
+    indexes: [{
+      type: 'unique',
+      fields: ['models', 'siteId']
+    }],
+    features: [
+      {
+        name: 'sumba:status',
+        values: ['ACTIVE', 'INACTIVE'],
+        default: 'ACTIVE'
+      },
+      'dobo:immutable',
+      'dobo:updatedAt',
+      'sumba:siteId'
+    ],
+    options: {
+      attachment: false
+    },
+    buildEnd: async function (model) {
+      const prop = model.properties.find(prop => prop.name === 'models')
+      prop.values = this.app.dobo.models.map(model => model.name).sort().map(item => ({ value: item, text: item }))
+    }
+  }
+}
+
+export default routeGuard

package/extend/dobo/model/model-guard.js

@@ -0,0 +1,37 @@
+async function routeGuard () {
+  return {
+    properties: [
+      {
+        name: 'models',
+        type: 'array',
+        required: true
+      },
+      'column,,50,true,true',
+      'value,array',
+      'teamIds,sumba:teamIds'
+    ],
+    indexes: [{
+      type: 'unique',
+      fields: ['models', 'column', 'siteId']
+    }],
+    features: [
+      {
+        name: 'sumba:status',
+        values: ['ACTIVE', 'INACTIVE'],
+        default: 'ACTIVE'
+      },
+      'dobo:immutable',
+      'dobo:updatedAt',
+      'sumba:siteId'
+    ],
+    options: {
+      attachment: false
+    },
+    buildEnd: async function (model) {
+      const prop = model.properties.find(prop => prop.name === 'models')
+      prop.values = this.app.dobo.models.map(model => model.name).sort().map(item => ({ value: item, text: item }))
+    }
+  }
+}
+
+export default routeGuard

package/extend/dobo/model/route-guard.js

@@ -0,0 +1,45 @@
+async function routeGuard () {
+  return {
+    properties: [
+      'path,,255,true,true',
+      {
+        name: 'methods',
+        type: 'array',
+        required: true,
+        default: ['GET', 'POST', 'UPDATE', 'DELETE'],
+        values: ['GET', 'POST', 'UPDATE', 'DELETE']
+      },
+      'teamIds,sumba:teamIds',
+      {
+        name: 'weight',
+        type: 'smallint',
+        default: 0
+      }, {
+        name: 'inverse',
+        type: 'boolean',
+        required: true,
+        default: false
+      }, {
+        name: 'anonymous',
+        type: 'boolean',
+        required: true,
+        default: false
+      }
+    ],
+    features: [
+      {
+        name: 'sumba:status',
+        values: ['ACTIVE', 'INACTIVE'],
+        default: 'ACTIVE'
+      },
+      'dobo:immutable',
+      'dobo:updatedAt',
+      'sumba:siteId'
+    ],
+    options: {
+      attachment: false
+    }
+  }
+}
+
+export default routeGuard

package/extend/waibuDb/schema/attrib-guard.js

@@ -0,0 +1,15 @@
+async function attribGuard () {
+  return {
+    common: {
+      widget: {
+        teamIds: {
+          attr: {
+            refUrl: 'waibuAdmin:/{prefix}/team/details?id={id}'
+          }
+        }
+      }
+    }
+  }
+}
+
+export default attribGuard

package/extend/waibuDb/schema/model-guard.js

@@ -0,0 +1,15 @@
+async function modelGuard () {
+  return {
+    common: {
+      widget: {
+        teamIds: {
+          attr: {
+            refUrl: 'waibuAdmin:/{prefix}/team/details?id={id}'
+          }
+        }
+      }
+    }
+  }
+}
+
+export default modelGuard

package/extend/waibuDb/schema/route-guard.js

@@ -0,0 +1,15 @@
+async function routeGuard () {
+  return {
+    common: {
+      widget: {
+        teamIds: {
+          attr: {
+            refUrl: 'waibuAdmin:/{prefix}/team/details?id={id}'
+          }
+        }
+      }
+    }
+  }
+}
+
+export default routeGuard