sumba 2.22.1 → 2.24.0

package/extend/waibuDb/schema/user.js

@@ -1,9 +1,23 @@
 async function user ({ req } = {}) {
+  const { merge } = this.app.lib._
+  const details = {
+    forceVisible: ['password', 'token'],
+    format: {
+      password: function (val, rec) {
+        return `<a href="waibuAdmin:/site/reset-user-password?username=${rec.username}">${req.t('resetPassword')}</a>`
+      }
+    },
+    widget: {
+      password: {
+        component: 'form-plaintext'
+      }
+    }
+  }
   return {
     common: {
       layout: [
         { name: 'meta', fields: ['id:3', 'createdAt:3', 'updatedAt:3', 'status:3'] },
-        { name: 'account', fields: ['username:3', 'email:3', 'provider:3', 'password:3', 'firstName:3', 'lastName:3', 'apiKey:6'] },
+        { name: 'account', fields: ['username:3', 'email:3', 'provider:3', 'password:3', 'firstName:3', 'lastName:3'] },
         { name: 'address', fields: ['address1:12', 'address2:12', 'city:6-md 8-sm', 'zipCode:2-md 4-sm', 'provinceState:4-md', 'country:6-md', 'phone:6-md', 'website:12'] },
         { name: 'socialMedia', fields: ['socX:3-md 6-sm', 'socInstagram:3-md 6-sm', 'socFacebook:3-md 6-sm', 'socLinkedIn:3-md 6-sm'] }
       ],
@@ -19,7 +33,7 @@ async function user ({ req } = {}) {
           sort: 'username:1',
           limit: 10
         },
-        fields: ['createdAt', 'status', 'username', 'provider', 'email', 'firstName', 'lastName', 'city', 'zipCode', 'provinceState', 'country', 'phone', 'apiKey'],
+        fields: ['createdAt', 'status', 'username', 'provider', 'email', 'firstName', 'lastName', 'city', 'zipCode', 'provinceState', 'country', 'phone'],
         stat: {
           aggregate: [
             { fields: ['status'], group: 'status', aggregate: ['count'] },
@@ -28,35 +42,14 @@ async function user ({ req } = {}) {
           ]
         }
       },
-      details: {
-        forceVisible: ['password', 'token'],
-        widget: {
-          password: {
-            component: 'form-plaintext',
-            attr: {
-              href: 'waibuAdmin:/site/reset-user-password?username={username}',
-              value: req.t('resetPassword')
-            }
-          }
-        }
-      },
+      details,
       add: {
         forceVisible: ['password'],
         hidden: ['id', 'createdAt', 'updatedAt', 'provider']
       },
-      edit: {
-        forceVisible: ['password', 'token'],
-        widget: {
-          password: {
-            component: 'form-plaintext',
-            attr: {
-              href: 'waibuAdmin:/site/reset-user-password?username={username}',
-              value: req.t('resetPassword')
-            }
-          }
-        },
+      edit: merge({}, details, {
         readonly: ['id', 'createdAt', 'updatedAt', 'username', 'provider']
-      }
+      })
     }
   }
 }

package/extend/waibuMpa/extend/waibuAdmin/route/all-sites/@action.js

@@ -1,7 +1,7 @@
 const action = {
   method: ['GET', 'POST'],
   title: 'manageAllSite',
-  interSite: true,
+  crossSite: true,
   handler: async function (req, reply) {
     const { importModule } = this.app.bajo
     const crudSkel = await importModule('waibuAdmin:/lib/crud-skel.js')

package/extend/waibuMpa/extend/waibuAdmin/route/attrib-guard/@action.js

@@ -0,0 +1,11 @@
+const action = {
+  method: ['GET', 'POST'],
+  title: 'attribGuard',
+  handler: async function (req, reply) {
+    const { importModule } = this.app.bajo
+    const crudSkel = await importModule('waibuAdmin:/lib/crud-skel.js')
+    return await crudSkel.call(this, 'SumbaAttribGuard', req, reply)
+  }
+}
+
+export default action

package/extend/waibuMpa/extend/waibuAdmin/route/cache/@action.js

@@ -1,7 +1,7 @@
 const action = {
   method: ['GET', 'POST'],
   title: 'cacheStorage',
-  interSite: true,
+  crossSite: true,
   handler: async function (req, reply) {
     if (!this.app.bajoCache) throw this.error('_notFound')
     const { importModule } = this.app.bajo

package/extend/waibuMpa/extend/waibuAdmin/route/model-guard/@action.js

@@ -0,0 +1,11 @@
+const action = {
+  method: ['GET', 'POST'],
+  title: 'modelGuard',
+  handler: async function (req, reply) {
+    const { importModule } = this.app.bajo
+    const crudSkel = await importModule('waibuAdmin:/lib/crud-skel.js')
+    return await crudSkel.call(this, 'SumbaModelGuard', req, reply)
+  }
+}
+
+export default action

package/extend/waibuMpa/extend/waibuAdmin/route/reset-user-password.js

@@ -4,13 +4,14 @@ const resetUserPassword = {
   handler: async function (req, reply) {
     const { importPkg } = this.app.bajo
     const { defaultsDeep } = this.app.lib.aneka
+    const { passwordRule } = this.app.sumba
     const Joi = await importPkg('dobo:joi')
     const model = this.app.dobo.getModel('SumbaUser')
     const form = defaultsDeep(req.body, { username: req.query.username })
     let error
     if (req.method === 'POST') {
       try {
-        const password = await this.passwordRule(req)
+        const password = await passwordRule(req)
         const schema = Joi.object({
           username: Joi.string().max(50).required(),
           password,

package/extend/waibuMpa/extend/waibuAdmin/route/route-guard/@action.js

@@ -0,0 +1,11 @@
+const action = {
+  method: ['GET', 'POST'],
+  title: 'routeGuard',
+  handler: async function (req, reply) {
+    const { importModule } = this.app.bajo
+    const crudSkel = await importModule('waibuAdmin:/lib/crud-skel.js')
+    return await crudSkel.call(this, 'SumbaRouteGuard', req, reply)
+  }
+}
+
+export default action

package/extend/waibuMpa/extend/waibuAdmin/route/session/@action.js

@@ -1,7 +1,7 @@
 const action = {
   method: ['GET', 'POST'],
   title: 'userSession',
-  interSite: true,
+  crossSite: true,
   handler: async function (req, reply) {
     const { importModule } = this.app.bajo
     const crudSkel = await importModule('waibuAdmin:/lib/crud-skel.js')

package/extend/waibuRestApi/route/manage/route-guard/model-builder.json

@@ -0,0 +1,4 @@
+{
+  "model": "SumbaRouteGuard",
+  "disabled": ["create", "update", "remove"]
+}

package/index.js

@@ -32,11 +32,14 @@ async function factory (pkgName) {
       super(pkgName, me.app)
       this.config = {
         multiSite: cloneDeep(defMultiSite),
-        interSiteAdmins: [],
+        crossSiteAdmins: [],
         waibu: {
           title: 'site',
           prefix: 'site'
         },
+        dobo: {
+          model: {}
+        },
         waibuMpa: {
           home: 'sumba:/your-stuff/profile',
           icon: 'globe',
@@ -160,10 +163,6 @@ async function factory (pkgName) {
       const { getPluginDataDir } = this.app.bajo
       this.downloadDir = `${getPluginDataDir(this.ns)}/download`
       this.app.lib.fs.ensureDirSync(this.downloadDir)
-      for (const type of ['secure', 'anonymous', 'team']) {
-        this[`${type}Routes`] = this[`${type}Routes`] ?? []
-        this[`${type}NegRoutes`] = this[`${type}NegRoutes`] ?? []
-      }
       if (this.config.multiSite === true) {
         this.config.multiSite = cloneDeep(defMultiSite)
         this.config.multiSite.enabled = true
@@ -172,10 +171,10 @@ async function factory (pkgName) {
 
     start = async () => {
       const { getModel } = this.app.dobo
-      if (this.config.interSiteAdmins.length === 0) {
+      if (this.config.crossSiteAdmins.length === 0) {
         const site = await getModel('SumbaSite').findOneRecord({ query: { alias: 'default' } }, { noMagic: true })
         const user = await getModel('SumbaUser').findOneRecord({ query: { username: 'admin', siteId: site.id } }, { noMagic: true })
-        this.config.interSiteAdmins.push(user.id)
+        this.config.crossSiteAdmins.push(user.id)
       }
     }
 
@@ -227,6 +226,13 @@ async function factory (pkgName) {
           { title: 'teamUser', href: `waibuAdmin:/${prefix}/team-user/list` },
           { title: 'teamSetting', href: `waibuAdmin:/${prefix}/team-setting/list` }
         ]
+      }, {
+        title: 'permission',
+        children: [
+          { title: 'routeGuard', href: `waibuAdmin:/${prefix}/route-guard/list` },
+          { title: 'modelGuard', href: `waibuAdmin:/${prefix}/model-guard/list` },
+          { title: 'attribGuard', href: `waibuAdmin:/${prefix}/attrib-guard/list` }
+        ]
       }, {
         title: 'supportSystem',
         children: [
@@ -269,13 +275,14 @@ async function factory (pkgName) {
 
     verifySession = async (req, reply, source, payload) => {
       const { routePath } = this.app.waibu
+      const { query, params } = req
 
       if (!req.session) return false
       if (req.session.userId) {
         req.user = await this.getUserById(req.session.userId, req)
         return true
       }
-      const redir = routePath(this.config.redirect.signin, req)
+      const redir = routePath(this.config.redirect.signin, { query, params })
       req.session.ref = req.url
       throw this.error('_redirect', { redirect: redir })
     }
@@ -358,7 +365,7 @@ async function factory (pkgName) {
       return true
     }
 
-    checkPathsByTeam = ({ paths = [], method = 'GET', teams = [], guards = [] }) => {
+    checkPathsByRoute = ({ paths = [], teamIds = [], guards = [] }) => {
       const { includes } = this.app.lib.aneka
       const { outmatch } = this.app.lib
 
@@ -366,24 +373,8 @@ async function factory (pkgName) {
         const matchPath = outmatch(item.path)
         for (const path of paths) {
           if (matchPath(path)) {
-            const matchMethods = outmatch(item.methods, { separator: false })
-            if (matchMethods(method)) {
-              if (item.teams.length === 0) return item
-              if (includes(teams, item.teams)) return item
-            }
-          }
-        }
-      }
-    }
-
-    checkPathsByRoute = ({ paths = [], method = 'GET', guards = [] }) => {
-      const { outmatch } = this.app.lib
-      for (const item of guards) {
-        const matchPath = outmatch(item.path)
-        for (const path of paths) {
-          if (matchPath(path)) {
-            const matchMethods = outmatch(item.methods, { separator: false })
-            if (matchMethods(method)) return item
+            if (includes(teamIds, item.teamIds)) return item
+            if (teamIds.length === 0) return item
           }
         }
       }
@@ -535,31 +526,30 @@ async function factory (pkgName) {
       return password
     }
 
-    parseRouteGuard = item => {
-      const { routePath, routePathHandlers } = this.app.waibu
-      const { isString, isEmpty } = this.app.lib._
-      if (isString(item)) {
-        let [path, methods] = item.split('|').map(i => i.trim())
-        methods = isEmpty(methods) ? ['*'] : methods.split(',').map(i => i.trim())
-        item = { path, methods }
-      }
-      item.methods = item.methods ?? ['*']
-      if (item.methods.includes('*')) item.methods = ['*']
-      const [, routeHandler] = item.path.split(':')[0].split('.')
-      if (!isEmpty(routeHandler) && !routePathHandlers[routeHandler]) return
-      const rns = isEmpty(routeHandler) ? 'waibuMpa' : routePathHandlers[routeHandler].ns
-      if (!this.app[rns]) return
-      item.inverse = item.path[0] === '!'
-      if (item.inverse) item.path = item.path.slice(1)
-      item.path = routePath(item.path, { defFormat: false })
-      return item
-    }
-
     hash = async (item) => {
       const { hash } = this.app.bajoExtra
       return await hash(item, this.config.auth.common.apiKey.algo)
     }
 
+    getRouteGuards = async (reread) => {
+      const { getModel } = this.app.dobo
+      const { routePath } = this.app.waibu
+      const { map, orderBy } = this.app.lib._
+      if (!reread) return this.routeGuards
+      const model = getModel('SumbaRouteGuard')
+      let results = await model.findAllRecord({ query: { status: 'ACTIVE' } }, { noMagic: true, noCache: true, noDriverHook: true, dataOnly: true })
+      results = results.map(item => {
+        item.teamIds = item.teamIds ?? []
+        item.methods = item.methods ?? []
+        return item
+      })
+      this.routeGuards = orderBy(map(results, item => {
+        item.path = routePath(item.path)
+        return item
+      }), ['weight', 'path'])
+      return this.routeGuards
+    }
+
     createNewSite = createNewSite
     removeSite = removeSite
     getSite = getSite

package/lib/get-user.js

@@ -3,7 +3,7 @@ import { parseNsSettings } from './util.js'
 export async function mergeTeam (user) {
   const { map, pick } = this.app.lib._
   const { getModel } = this.app.dobo
-  user.interSiteAdmin = this.config.interSiteAdmins.includes(user.id)
+  user.crossSiteAdmin = this.config.crossSiteAdmins.includes(user.id)
   user.teams = []
   const query = { userId: user.id, siteId: user.siteId }
   let mdl = getModel('SumbaTeamUser')
@@ -45,7 +45,7 @@ export async function getUserById (id, req) {
     user = await getCache({ key })
     if (user) return JSON.parse(user)
   }
-  user = await getModel('SumbaUser').getRecord(id, { noHook: true, throwNotFound: false, req })
+  user = await getModel('SumbaUser').getRecord(id, { noHook: true, noDriverHook: true, throwNotFound: false, req })
   if (!user) return
   await mergeTeam.call(this, user)
   if (setCache) {
@@ -63,7 +63,7 @@ export async function getUserByToken (token, req) {
     user = await getCache({ key })
     if (user) return JSON.parse(user)
   }
-  user = await getModel('SumbaUser').findOneRecord({ query: { token } }, { noHook: true, throwNotFound: false, req })
+  user = await getModel('SumbaUser').findOneRecord({ query: { token } }, { noHook: true, noDriverHook: true, throwNotFound: false, req })
   if (!user) return
   await mergeTeam.call(this, user)
   if (setCache) {
@@ -80,7 +80,7 @@ export async function getUserByUsernamePassword (username = '', password = '', r
   const bcrypt = await importPkg('bajoExtra:bcrypt')
 
   const query = { username, provider: 'local', siteId: req.site.id }
-  const user = await model.findOneRecord({ query }, { req, forceNoHidden: true, noHook: true })
+  const user = await model.findOneRecord({ query }, { req, forceNoHidden: true, noHook: true, noDriverHook: true })
   if (!user) throw this.error('validationError', { details: [{ field: 'username', error: 'Unknown username' }], statusCode: 401 })
   if (user.status !== 'ACTIVE') throw this.error('validationError', { details: ['User is inactive or temporarily disabled'], statusCode: 401 })
   const verified = await bcrypt.compare(password, user.password)

package/lib/util.js

@@ -1,9 +1,6 @@
-export const checkNoRouteSettingKey = 'setting.waibu.noRoutes.$in'
-
 export function parseNsSettings (ns, setting, items) {
-  const { trim, set, isPlainObject, isArray, isEmpty, find, get, isString } = this.app.lib._
+  const { trim, set, isPlainObject, isArray, isEmpty, find } = this.app.lib._
   const { parseObject, dayjs } = this.app.lib
-  const { routePath } = this.app.waibu
 
   for (const item of items) {
     if (item.ns === '_var' || ns === '_var') continue
@@ -27,30 +24,6 @@ export function parseNsSettings (ns, setting, items) {
     if ((isPlainObject(value) || isArray(value)) && isEmpty(value)) continue
     set(setting, `${ns}.${item.key}`, value)
   }
-  const key = checkNoRouteSettingKey.slice(checkNoRouteSettingKey.indexOf('.') + 1)
-  let noRoutes = get(setting, key, [])
-  if (noRoutes.length > 0) {
-    noRoutes = noRoutes.map(item => {
-      if (!isString(item)) return item
-      let [url, methods] = item.split('|')
-      if (methods === '*' || !methods) methods = 'GET,POST,PUT,DELETE'
-      methods = methods.split(',').map(m => m.trim().toUpperCase())
-      return { url: routePath(url), methods }
-    })
-    set(setting, key, noRoutes)
-  }
-}
-
-export function checkNoRouteSetting (req, routes) {
-  const { isEmpty } = this.app.lib._
-  const { outmatch } = this.app.lib
-  if (isEmpty(routes)) return
-  for (const route of routes) {
-    const isMatchUrl = outmatch(route.url)
-    if (isMatchUrl(req.url) || isMatchUrl(req.routeOptions.url)) {
-      if (route.methods.includes(req.method)) throw this.error('accessDenied', { statusCode: 403 })
-    }
-  }
 }
 
 export function pathsToCheck (req, withHome) {
@@ -83,26 +56,25 @@ export async function checkTheme (req, reply) {
   req.theme = req.theme ?? 'default'
 }
 
-export async function checkTeam (req, reply, source) {
-  const { get, isEmpty } = this.app.lib._
-  if (!req.user) return
+export async function checkTeam (req, reply, route) {
   const { map } = this.app.lib._
-  const paths = pathsToCheck.call(this, req, true)
+  route.teams = route.teams ?? []
+  if (route.teams.length === 0) return
+
   const teams = map(req.user.teams, 'alias')
-  let match = this.checkPathsByTeam({ paths, method: req.method, teams, guards: this.teamRoutes })
-  if (!match) match = this.checkPathsByTeam({ paths, method: req.method, teams, guards: this.teamNegRoutes })
-  if (!match) {
-    const guards = map(this.teamRoutes, 'path')
-    match = !this.checkPathsByGuard({ paths, guards })
+  if (teams.includes('administrator')) return
+  if (teams.length === 0) throw this.error('accessDenied', { statusCode: 403 })
+
+  const paths = pathsToCheck.call(this, req, true)
+  const allGuards = (await this.getRouteGuards()).filter(item => item.siteId === req.site.id + '' && item.teams.length > 0)
+  if (allGuards.length === 0) return // no route to be team guarded
+  let match = this.checkPathsByRoute({ paths, teams, guards: allGuards.filter(item => !item.inverse) })
+  if (match) {
+    const neg = this.checkPathsByRoute({ paths, teams, guards: allGuards.filter(item => item.inverse) })
+    if (neg) match = undefined
   }
   if (!match) throw this.error('accessDenied', { statusCode: 403 })
-  const routes = []
-  for (const team of (req.user.teams ?? [])) {
-    const items = get(team, checkNoRouteSettingKey, [])
-    if (isEmpty(items)) continue
-    routes.push(...items)
-  }
-  checkNoRouteSetting.call(this, req, routes)
+  // passed
 }
 
 export async function checkUserId (req, reply, source) {
@@ -132,46 +104,48 @@ export async function checkUserId (req, reply, source) {
   }
 
   const paths = pathsToCheck.call(this, req)
-  let securePath = await this.checkPathsByRoute({ paths, method: req.method, guards: this.secureRoutes })
+  const allGuards = (await this.getRouteGuards()).filter(item => item.siteId === req.site.id + '')
+  if (allGuards.length === 0) return false // no routes protected
+  let securePath = await this.checkPathsByRoute({ paths, guards: allGuards.filter(item => !item.anonymous && !item.inverse) })
   if (securePath) {
-    const neg = await this.checkPathsByRoute({ paths, method: req.method, guards: this.secureNegRoutes })
+    const neg = await this.checkPathsByRoute({ paths, guards: allGuards.filter(item => !item.anonymous && item.inverse) })
     if (neg) securePath = undefined
   }
-  let anonymousPath = await this.checkPathsByRoute({ paths, method: req.method, guards: this.anonymousRoutes })
+  let anonymousPath = await this.checkPathsByRoute({ paths, guards: allGuards.filter(item => item.anonymous && !item.inverse) })
   if (anonymousPath) {
-    const neg = await this.checkPathsByRoute({ paths, method: req.method, guards: this.anonymousNegRoutes })
+    const neg = await this.checkPathsByRoute({ paths, guards: allGuards.filter(item => item.anonymous && item.inverse) })
     if (neg) anonymousPath = undefined
   }
   if (!securePath && !anonymousPath) {
     if (userId) await setUser()
-    return
+    return false // regular, unguarded path. Not secure & not anonymous path
   }
   if (anonymousPath) {
-    if (!userId) return
+    if (!userId) return false
     req.session.ref = req.url
     return reply.redirectTo(routePath(this.config.redirect.signout))
   }
-  if (securePath) {
-    if (userId) {
-      await setUser()
-      return
-    }
-    const silentOnError = this.config.auth[webApp].silentOnError ?? this.config.auth.common.silentOnError
-    const payload = silentOnError ? { noContent: true } : undefined
-    const authMethods = this.config.auth[webApp].methods ?? []
-    if (isEmpty(authMethods)) throw this.error('noAuthMethod', merge({ statusCode: 500 }, payload))
-    let success
-    for (const m of authMethods) {
-      const handler = this[camelCase(`verify ${m}`)]
-      if (!handler) throw this.error('invalidAuthMethod%s', m, merge({ statusCode: 500 }, payload))
-      const check = await handler(req, reply, source, payload)
-      if (check) {
-        success = check
-        break
-      }
+  if (!(securePath.methods ?? []).includes(req.method)) throw this.error('accessDenied', { statusCode: 403 })
+  if (userId) {
+    await setUser()
+    return securePath
+  }
+  const silentOnError = this.config.auth[webApp].silentOnError ?? this.config.auth.common.silentOnError
+  const payload = silentOnError ? { noContent: true } : undefined
+  const authMethods = this.config.auth[webApp].methods ?? []
+  if (isEmpty(authMethods)) throw this.error('noAuthMethod', merge({ statusCode: 500 }, payload))
+  let success
+  for (const m of authMethods) {
+    const handler = this[camelCase(`verify ${m}`)]
+    if (!handler) throw this.error('invalidAuthMethod%s', m, merge({ statusCode: 500 }, payload))
+    const check = await handler(req, reply, source, payload)
+    if (check) {
+      success = check
+      break
     }
-    if (!success) throw this.error('accessDeniedNoAuth', merge({ statusCode: 403 }, payload))
   }
+  if (!success) throw this.error('accessDeniedNoAuth', merge({ statusCode: 403 }, payload))
+  return securePath
 }
 
 export async function latLngHook (body, options) {
@@ -181,10 +155,15 @@ export async function latLngHook (body, options) {
   body[options.field] = round(body[options.field], options.scale)
 }
 
-export async function checkinterSite (req, reply) {
+/**
+ * If current route is an inter site route user is an inter site admin, then let it passed
+ *
+ * @param {Object} req - Request object
+ * @param {Object} reply - Reply object
+ * @returns
+ */
+export async function checkCrossSite (req, reply) {
   const { get } = this.app.lib._
-  const isinterSite = get(req, 'routeOptions.config.interSite')
-  const isInterSiteAdmin = get(req, 'user.interSiteAdmin')
-  if (!isinterSite) return
-  if (!isInterSiteAdmin) throw this.error('accessDenied', { statusCode: 403 })
+  if (!get(req, 'routeOptions.config.crossSite')) return
+  if (!get(req, 'user.crossSiteAdmin')) throw this.error('accessDenied', { statusCode: 403 })
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "sumba",
-  "version": "2.22.1",
+  "version": "2.24.0",
   "description": "Biz Suite for Bajo Framework",
   "main": "index.js",
   "scripts": {

package/wiki/CHANGES.md

@@ -1,5 +1,16 @@
 # Changes
 
+## 2026-05-11
+
+- [2.24.0] Complete rewrite of route guards
+- [2.24.0] Add model guards
+- [2.24.0] Add attribute guards
+
+## 2026-05-11
+
+- [2.23.0] Unify route guards and put it in ```SumbaRouteGuard``` database
+- [2.23.0] Phased out ```setting.noRoutes```
+
 ## 2026-04-25
 
 - [2.21.1] Bug fix on team routes collections

package/extend/bajo/hook/dobo@before-create-record.js

@@ -1,17 +0,0 @@
-const doboBeforeCreateRecord = {
-  level: 1000,
-  handler: async function (modelName, body, options = {}) {
-    const { get } = this.app.lib._
-    const { req } = options
-    if (options.noAutoFilter || !req || get(req, 'routeOptions.config.interSite')) return
-    const item = { siteId: 'site.id', userId: 'user.id' }
-    const model = this.app.dobo.getModel(modelName)
-    for (const i in item) {
-      const rec = get(req, item[i])
-      const field = model.getProperty(i)
-      if (rec && field) body[i] = field.type === 'string' ? (rec + '') : rec
-    }
-  }
-}
-
-export default doboBeforeCreateRecord

package/extend/bajo/hook/dobo@before-find-record.js

@@ -1,63 +0,0 @@
-const useAdmin = ['waibuAdmin']
-
-export async function rebuildFilter (modelName, filter, req) {
-  const { isEmpty, isPlainObject, map, find, get } = this.app.lib._
-  filter.query = filter.query ?? {}
-  if (req.routeOptions.config.interSite) {
-    filter.query = { $and: [filter.query] }
-    return
-  }
-
-  const queryBySiteSetting = (query) => {
-    if (!req.site) return
-    const setting = get(req, `site.setting.dobo.query.${modelName}`)
-    if (isPlainObject(setting) && !isEmpty(setting)) query.$and.push(setting)
-  }
-
-  const queryByTeamSetting = (query) => {
-    if (!req.user) return
-    const q = []
-    for (const team of req.user.teams) {
-      const item = get(team, `setting.dobo.query.${modelName}`)
-      if (item) q.push(item)
-    }
-    if (isEmpty(q)) return
-    if (q.length === 1) query.$and.push(q[0])
-    else query.$and.push({ $or: q })
-  }
-
-  const model = this.app.dobo.getModel(modelName)
-  const hasSiteId = model.hasProperty('siteId')
-  const hasUserId = model.hasProperty('userId')
-  const hasTeamId = model.hasProperty('teamId')
-  const isAdmin = find(get(req, 'user.teams', []), { alias: 'administrator' }) && useAdmin.includes(get(req, 'routeOptions.config.ns'))
-  const q = { $and: [] }
-  queryBySiteSetting(q)
-  queryByTeamSetting(q)
-  if (!isEmpty(filter.query)) {
-    if (filter.query.$and) q.$and.push(...filter.query.$and)
-    else q.$and.push(filter.query)
-  }
-  if (hasSiteId) q.$and.push({ siteId: req.site.id })
-  if (hasTeamId && !isAdmin) {
-    const teamIds = map(req.user.teams, 'id')
-    if (hasUserId) q.$and.push({ $or: [{ teamId: { $in: teamIds } }, { userId: req.user.id }] })
-    else q.$and.push({ teamId: { $in: teamIds } })
-  } else if (!isAdmin) {
-    if (hasUserId) q.$and.push({ userId: req.user.id })
-  }
-  filter.query = q
-}
-
-export async function handler (modelName, filter, options = {}) {
-  const { req } = options
-  if (options.noAutoFilter || !req) return
-  await rebuildFilter.call(this, modelName, filter, req)
-}
-
-const doboBeforeFindRecord = {
-  level: 1000,
-  handler
-}
-
-export default doboBeforeFindRecord

package/extend/bajo/hook/dobo@before-get-record.js

@@ -1,23 +0,0 @@
-import { rebuildFilter } from './dobo@before-find-record.js'
-
-export async function checker (modelName, id, options = {}) {
-  const { req } = options
-
-  const model = this.app.dobo.getModel(modelName)
-  if (options.noAutoFilter || !req) return
-  const filter = {}
-  await rebuildFilter.call(this, modelName, filter, req)
-  if (filter.query.$and) filter.query.$and.push({ id })
-  else filter.query.id = id
-  const row = await model.findOneRecord(filter, { count: false })
-  if (!row) throw this.app.dobo.error('recordNotFound%s%s', id, this.name, { statusCode: 404 })
-}
-
-const doboBeforeGetRecord = {
-  level: 1000,
-  handler: async function (modelName, id, options) {
-    await checker.call(this, modelName, id, options)
-  }
-}
-
-export default doboBeforeGetRecord