sumba 2.29.0 → 2.31.0

package/extend/waibuMpa/extend/waibuAdmin/route/{x/model-guard → anonymous-guard}/@action.js

@@ -1,11 +1,10 @@
 const action = {
   method: ['GET', 'POST'],
-  title: 'xModelGuard',
-  xSite: true,
+  title: 'anonymousGuard',
   handler: async function (req, reply) {
     const { importModule } = this.app.bajo
     const crudSkel = await importModule('waibuAdmin:/lib/crud-skel.js')
-    return await crudSkel.call(this, 'SumbaXModelGuard', req, reply)
+    return await crudSkel.call(this, 'SumbaAnonymousGuard', req, reply)
   }
 }
 

package/extend/waibuMpa/extend/waibuAdmin/route/{route-guard → secure-guard}/@action.js

@@ -1,10 +1,10 @@
 const action = {
   method: ['GET', 'POST'],
-  title: 'routeGuard',
+  title: 'secureGuard',
   handler: async function (req, reply) {
     const { importModule } = this.app.bajo
     const crudSkel = await importModule('waibuAdmin:/lib/crud-skel.js')
-    return await crudSkel.call(this, 'SumbaRouteGuard', req, reply)
+    return await crudSkel.call(this, 'SumbaSecureGuard', req, reply)
   }
 }
 

package/extend/waibuMpa/route/access-token.js

@@ -1,7 +1,9 @@
 const apiToken = {
   method: 'POST',
   handler: async function (req, reply) {
-    if (!req.user) return ''
+    const { get } = this.app.lib._
+    const uid = get(req, 'user.id')
+    if (!uid) return ''
     const rec = await this.app.dobo.getModel('SumbaUser').getRecord(req.user.id, { forceNoHidden: true, noCache: true })
     return (await this.createJwtFromUserRecord(rec)).token
   }

package/extend/waibuRestApi/route/manage/anonymous-guard/model-builder.json

@@ -0,0 +1,4 @@
+{
+  "model": "SumbaAnonymousGuard",
+  "disabled": ["create", "update", "remove"]
+}

package/extend/waibuRestApi/route/manage/{route-guard → secure-guard}/model-builder.json

@@ -1,4 +1,4 @@
 {
-  "model": "SumbaRouteGuard",
+  "model": "SumbaSecureGuard",
   "disabled": ["create", "update", "remove"]
 }

package/index.js

@@ -20,7 +20,7 @@ const defMultiSite = {
 async function factory (pkgName) {
   const me = this
   const { getModel } = this.app.dobo
-  const { cloneDeep, uniq, isEmpty } = this.app.lib._
+  const { cloneDeep, isEmpty } = this.app.lib._
 
   /**
    * Sumba class
@@ -52,6 +52,14 @@ async function factory (pkgName) {
             '/help': 'sumba:/help/contact-form',
             '/help/trouble-tickets': 'sumba:/help/trouble-tickets/list'
           },
+          redirectSubRoute: {
+            waibuAdmin: {
+              '/': 'waibuAdmin:/site/site',
+              '/x': 'waibuAdmin:/site/x/site/list',
+              '/x/*': 'waibuAdmin:/site/x/{2}/list',
+              '/*': 'waibuAdmin:/site/{1}/list'
+            }
+          },
           menuHandler: [{
             title: 'account',
             icon: 'person',
@@ -155,9 +163,11 @@ async function factory (pkgName) {
           getUserByTokenDur: '1m'
         }
       }
-      this.routeGuards = { local: [], global: [] }
-      this.modelGuards = { local: [], global: [] }
-      this.attribGuards = { local: [], global: [] }
+      this.secureGuards = []
+      this.modelGuards = []
+      this.attribGuards = []
+      this.secureGuards = []
+      this.anonymousGuards = []
 
       this.unsafeUserFields = ['password']
       this.selfBind(['createNewSite', 'removeSite', 'getSite', 'getUserById', 'getUserByToken', 'getUserByUsernamePassword'])
@@ -174,7 +184,11 @@ async function factory (pkgName) {
     }
 
     start = async () => {
-      const { getModel } = this.app.dobo
+      await this.populateRouteGuards()
+      if (!this.config.multiSite.enabled) {
+        this.config.xSiteAdmins = []
+        return
+      }
       if (this.config.xSiteAdmins.length === 0) {
         const site = await getModel('SumbaSite').findOneRecord({ query: { alias: 'default' } }, { noMagic: true })
         const user = await getModel('SumbaUser').findOneRecord({ query: { username: 'admin', siteId: site.id } }, { noMagic: true })
@@ -182,6 +196,84 @@ async function factory (pkgName) {
       }
     }
 
+    populateRouteGuards = async () => {
+      const { isString, get, difference } = this.app.lib._
+      const { pascalCase } = this.app.lib.aneka
+      const { eachPlugins, readConfig, breakNsPath } = this.app.bajo
+      const { getModel } = this.app.dobo
+
+      const allNs = this.app.getAllNs()
+      const sites = await getModel('SumbaSite').findAllRecord({ query: { status: 'ACTIVE' } }, { noMagic: true, dataOnly: true, fields: ['id', 'hostname'] })
+
+      const sanitize = (item, ns) => {
+        if (isString(item)) item = { path: item }
+        let [prefix, ...args] = item.path.split(':')
+        const neg = prefix[0] === '!'
+        if (neg) prefix = prefix.slice(1)
+        if (isEmpty(args)) {
+          args = prefix
+          prefix = null
+        } else args = args.join(':')
+        if (isEmpty(prefix)) prefix = ns
+        else {
+          const [_ns, subNs] = prefix.split('.')
+          if (subNs) prefix = `${ns}.${subNs}`
+          else if (!allNs.includes(_ns)) prefix = `${ns}.${_ns}`
+          else prefix = _ns
+        }
+        item.path = `${neg ? '!' : ''}${prefix}:${args}`
+        item._immutable = item._immutable ?? ['path']
+        if (neg) {
+          item.allTeams = true
+          item.teamIds = []
+          item._immutable = ['path', 'teamIds', 'allTeams']
+        }
+        return item
+      }
+
+      const filterFn = item => {
+        let [ns] = (item.path.split(':')[0] ?? '').split('.')
+        if (ns[0] === '!') ns = ns.slice(1)
+        return allNs.includes(ns)
+      }
+
+      for (const type of ['secure', 'anonymous']) {
+        const routes = []
+        // get it from <pluginDir>/extend/sumba/route/*
+        await eachPlugins(async function ({ file }) {
+          const { ns } = this
+          const items = (await readConfig(file)).map(item => sanitize(item, ns)).filter(filterFn)
+          routes.push(...items)
+        }, { glob: `route/${type}.*`, prefix: this.ns })
+        // get it from config
+        const items = get(this, `config.route.${type}`, []).map(item => {
+          if (isString(item)) item = { path: item }
+          const neg = item.path[0] === '!'
+          if (neg) item.path.slice(1)
+          const { fullNs } = breakNsPath(item.path)
+          if (neg) item.path = '!' + item.path
+          return sanitize(item, fullNs)
+        }).filter(filterFn)
+        routes.push(...items)
+        const paths = routes.map(item => item.path)
+        const model = getModel(pascalCase(`Sumba ${type} Guard`))
+        for (const site of sites) {
+          const query = { path: { $in: paths }, siteId: site.id }
+          const recs = await model.findAllRecord({ query }, { noMagic: true, dataOnly: true, fields: ['path', 'status'] })
+          const spaths = difference(paths, recs.map(rec => rec.path))
+          for (const path of spaths) {
+            const body = cloneDeep(routes.find(r => r.path === path))
+            body.status = 'ACTIVE'
+            body.siteId = site.id
+            await model.sanitizeFixture({ body, lookupValue: body })
+            try {
+              await model.createRecord(body, { noMagic: true, noReturn: true })
+            } catch (err) {}
+          }
+        }
+      }
+    }
+
     _getSetting = async (type, source) => {
       const { defaultsDeep } = this.app.lib.aneka
       const { get } = this.app.lib._
@@ -208,18 +300,10 @@ async function factory (pkgName) {
     adminMenu = async (locals, req) => {
       if (!this.app.waibuAdmin) return
       const { getPluginPrefix } = this.app.waibu
+      const { findIndex } = this.app.lib._
       const prefix = getPluginPrefix(this.ns)
       const params = { action: 'list' }
       const items = [{
-        title: 'xSite',
-        children: [
-          { title: 'allSites', href: `waibuAdmin:/${prefix}/x/site/:action`, params },
-          { title: 'xRouteGuard', href: `waibuAdmin:/${prefix}/x/route-guard/:action`, params },
-          { title: 'xModelGuard', href: `waibuAdmin:/${prefix}/x/model-guard/:action`, params },
-          { title: 'xAttribGuard', href: `waibuAdmin:/${prefix}/x/attrib-guard/:action`, params },
-          { title: 'userSession', href: `waibuAdmin:/${prefix}/x/session/:action`, params }
-        ]
-      }, {
         title: 'manageSite',
         children: [
           { title: 'siteProfile', href: `waibuAdmin:/${prefix}/site` },
@@ -242,7 +326,8 @@ async function factory (pkgName) {
       }, {
         title: 'permission',
         children: [
-          { title: 'routeGuard', href: `waibuAdmin:/${prefix}/route-guard/:action`, params },
+          { title: 'secureGuard', href: `waibuAdmin:/${prefix}/secure-guard/:action`, params },
+          { title: 'anonymousGuard', href: `waibuAdmin:/${prefix}/anonymous-guard/:action`, params },
           { title: 'modelGuard', href: `waibuAdmin:/${prefix}/model-guard/:action`, params },
           { title: 'attribGuard', href: `waibuAdmin:/${prefix}/attrib-guard/:action`, params }
         ]
@@ -260,9 +345,23 @@ async function factory (pkgName) {
           { title: 'manageDownload', href: `waibuAdmin:/${prefix}/download/:action`, params }
         ]
       }]
+      const sessionMenu = { title: 'userSession', href: `waibuAdmin:/${prefix}/x/session/:action`, params }
+      const cacheMenu = { title: 'cacheStorage', href: `waibuAdmin:/${prefix}/x/cache/:action`, params }
+      if (this.config.multiSite.enabled) {
+        items.unshift({
+          title: 'xSite',
+          children: [
+            { title: 'allSites', href: `waibuAdmin:/${prefix}/x/site/:action`, params },
+            sessionMenu
+          ]
+        })
+      } else {
+        const idx = findIndex(items, i => i.title === 'misc')
+        if (idx > -1) items[idx].children.push(sessionMenu)
+      }
       if (this.app.bajoCache) {
-        const item = items.find(i => i.title === 'xSite')
-        item.children.push({ title: 'cacheStorage', href: `waibuAdmin:/${prefix}/x/cache/:action`, params })
+        const idx = findIndex(items, i => i.title === this.config.multiSite.enabled ? 'xSite' : 'misc')
+        if (idx > -1)items[idx].children.push(cacheMenu)
       }
       return items
     }
@@ -377,31 +476,11 @@ async function factory (pkgName) {
       return true
     }
 
-    checkPathsByRoute = ({ req, paths = [], teamIds = [], guards = [] }) => {
-      const { includes } = this.app.lib.aneka
+    checkRouteGuard = (guards, paths) => {
       const { outmatch } = this.app.lib
-
-      for (const item of guards) {
-        const matchPath = outmatch(item.path)
-        for (const path of paths) {
-          if (matchPath(path)) {
-            if (item.methods.includes(req.method)) {
-              if (includes(teamIds, item.teamIds)) return item
-              if (teamIds.length === 0) return item
-            }
-          }
-        }
-      }
-    }
-
-    checkPathsByGuard = ({ guards, paths }) => {
-      const { outmatch } = this.app.lib
-      const matcher = outmatch(guards)
-      let guarded
-      for (const path of paths) {
-        if (!guarded) guarded = matcher(path)
-      }
-      return guarded
+      const all = guards.map(item => item.path)
+      const isMatch = outmatch(all)
+      return paths.find(isMatch)
     }
 
     signout = async ({ req, reply, reason }) => {
@@ -545,81 +624,56 @@ async function factory (pkgName) {
       return await hash(item, this.config.auth.common.apiKey.algo)
     }
 
-    _fetchGuards = async (type = 'Route') => {
+    _fetchGuards = async (type) => {
       const { getModel } = this.app.dobo
       const options = { noMagic: true, noCache: true, noDriverHook: true, dataOnly: true }
       const filter = { query: { status: 'ACTIVE' } }
-      return {
-        global: await getModel(`SumbaX${type}Guard`).findAllRecord(filter, options),
-        local: await getModel(`Sumba${type}Guard`).findAllRecord(filter, options),
-        siteIds: (await getModel('SumbaSite').findAllRecord(filter.options)).map(item => item.id + '')
-      }
+      const results = await getModel(`Sumba${type}Guard`).findAllRecord(filter, options)
+      return results.map(result => {
+        result.teamIds = result.teamIds.map(item => item + '')
+        return result
+      })
     }
 
-    getRouteGuards = async (reread) => {
+    _getGuards = (inputs = []) => {
       const { routePath } = this.app.waibu
       const { orderBy } = this.app.lib._
-      const { isSet } = this.app.lib.aneka
-      if (!reread) return this.routeGuards
-
-      const result = await this._fetchGuards('Route')
-      for (const type of ['global', 'local']) {
-        result[type] = result[type].map(item => {
-          item.siteIds = item.siteIds ?? []
-          if (item.siteIds.length === 0) item.siteIds = [...result.siteIds]
-          if (item.siteId) item.siteIds = uniq([...item.siteIds, item.siteId].filter(i => isSet(i)).map(i => i + ''))
-          item.teamIds = (item.teamIds ?? []).filter(i => isSet(i)).map(i => i + '')
-          item.methods = item.methods ?? []
-          delete item.siteId
-          return item
-        })
-        this.routeGuards[type] = orderBy(result[type].filter(item => {
-          try {
-            item.path = routePath(item.path)
-            return true
-          } catch (err) {
-            return false
-          }
-        }), ['weight', 'path'], ['desc', 'asc'])
-      }
-      return this.routeGuards
+      const normal = orderBy(inputs.filter(input => input.path[0] !== '!').map(result => {
+        result.path = routePath(result.path)
+        return result
+      }), ['weight', 'path'], ['desc', 'asc'])
+      const inverse = orderBy(inputs.filter(input => input.path[0] === '!').map(result => {
+        result.path = routePath(result.path)
+        return result
+      }), ['weight', 'path'], ['desc', 'asc'])
+      return [...normal, ...inverse]
+    }
+
+    getAnonymousGuards = async (reread) => {
+      if (!reread) return this.anonymousGuards
+      const guards = await this._fetchGuards('Anonymous')
+      this.anonymousGuards = this._getGuards(guards)
+      return this.anonymousGuards
+    }
+
+    getSecureGuards = async (reread) => {
+      if (!reread) return this.secureGuards
+      const guards = await this._fetchGuards('Secure')
+      this.secureGuards = this._getGuards(guards)
+      return this.secureGuards
     }
 
     getModelGuards = async (reread) => {
-      const { isSet } = this.app.lib.aneka
       if (!reread) return this.modelGuards
 
-      const result = await this._fetchGuards('Model')
-      for (const type of ['global', 'local']) {
-        this.modelGuards[type] = result[type].filter(item => (!isEmpty(item.value)) && (!isEmpty(item.models))).map(item => {
-          item.siteIds = item.siteIds ?? []
-          if (item.siteIds.length === 0) item.siteIds = [...result.siteIds]
-          if (item.siteId) item.siteIds = uniq([...item.siteIds, item.siteId].filter(i => isSet(i)).map(i => i + ''))
-          item.teamIds = (item.teamIds ?? []).filter(i => isSet(i)).map(i => i + '')
-          delete item.siteId
-          return item
-        })
-      }
+      this.modelGuards = await this._fetchGuards('Model')
       return this.modelGuards
     }
 
     getAttribGuards = async (reread) => {
-      const { isSet } = this.app.lib.aneka
       if (!reread) return this.attribGuards
 
-      const result = await this._fetchGuards('Attrib')
-      for (const type of ['global', 'local']) {
-        this.attribGuards[type] = result[type].map(item => {
-          item.siteIds = item.siteIds ?? []
-          if (item.siteIds.length === 0) item.siteIds = [...result.siteIds]
-          if (item.siteId) item.siteIds = uniq([...item.siteIds, item.siteId].filter(i => isSet(i)).map(i => i + ''))
-          item.teamIds = (item.teamIds ?? []).filter(i => isSet(i)).map(i => i + '')
-          item.models = item.models ?? []
-          item.hiddenCols = item.hiddenCols ?? []
-          delete item.siteId
-          return item
-        })
-      }
+      this.attribGuards = await this._fetchGuards('Model')
       return this.attribGuards
     }
 
@@ -628,10 +682,160 @@ async function factory (pkgName) {
       return asValue ? values.map(item => ({ value: item, text: item })) : values
     }
 
+    pathsToCheck = (req) => {
+      const { uniq, without } = this.app.lib._
+      const items = [req.routeOptions.url, req.url].map(url => url.split('?')[0].split('#')[0])
+      return uniq(without(items, undefined, null))
+    }
+
+    checkIconset = async (req, reply) => {
+      const { get, isString } = this.app.lib._
+      const mpa = this.app.waibuMpa
+
+      if (!req.site) return
+      const siteIconset = get(req, 'site.setting.waibuMpa.iconset')
+      req.iconset = siteIconset ?? get(mpa, 'config.iconset.set', 'default')
+      const hiconset = req.headers['x-iconset']
+      if (isString(hiconset) && mpa.getIconset(hiconset)) req.iconset = hiconset
+      req.iconset = req.iconset ?? 'default'
+    }
+
+    checkTheme = async (req, reply) => {
+      const { get, isString } = this.app.lib._
+      const mpa = this.app.waibuMpa
+
+      if (!req.site) return
+      const siteTheme = get(req, 'site.setting.waibuMpa.theme')
+      req.theme = siteTheme ?? get(mpa, 'config.theme.set', 'default')
+      const htheme = req.headers['x-theme']
+      if (isString(htheme) && mpa.getTheme(htheme)) req.theme = htheme
+      req.theme = req.theme ?? 'default'
+    }
+
+    checkTeam = async (req, reply) => {
+      const { includes } = this.app.lib.aneka
+      const { outmatch } = this.app.lib
+
+      if (req.user.isAdmin) return
+      if (req.routeOptions.config.xSite && req.user.isXSiteAdmin) return
+
+      const teamIds = req.user.teams.map(item => item.id + '')
+      if (req.user.teams.map(item => item.alias).length === 0) throw this.error('accessDenied', { statusCode: 403 })
+
+      const paths = this.pathsToCheck(req)
+      const results = (await this.getSecureGuards()).filter(item => {
+        if (item.siteId !== req.site.id + '' || item.path[0] === '!') return false
+        return paths.some(outmatch([item.path]))
+      })
+      for (const result of results) {
+        if (result.allTeams) continue
+        if (!includes(teamIds, result.teamIds)) throw this.error('accessDenied', { statusCode: 403 })
+      }
+      // passed
+    }
+
+    checkUser = async (req, reply, source) => {
+      const { merge, isEmpty, camelCase, get } = this.app.lib._
+      const { routePath } = this.app.waibu
+      const userId = get(req, 'session.userId')
+
+      const setUser = async () => {
+        if (!userId) return
+        try {
+          const user = await this.getUserById(userId, req)
+          if (user) req.user = user
+          else req.session.userId = null
+        } catch (err) {
+          console.log(err)
+          req.session.userId = null
+        }
+      }
+
+      if (req.session) req.session.siteId = req.site.id
+
+      const webApp = get(req, 'routeOptions.config.webApp', 'waibu')
+      if (!req.routeOptions.url) {
+        if (!req.session) return
+        await setUser()
+        return
+      }
+
+      const paths = this.pathsToCheck(req)
+      let guards = (await this.getAnonymousGuards()).filter(item => item.siteId === req.site.id + '')
+      const anonymous = this.checkRouteGuard(guards, paths)
+      if (anonymous) {
+        if (!userId) return false
+        req.session.ref = req.url
+        return reply.redirectTo(routePath(this.config.redirect.signout))
+      }
+      guards = (await this.getSecureGuards()).filter(item => item.siteId === req.site.id + '')
+      const secure = this.checkRouteGuard(guards, paths)
+      if (!secure) {
+        if (userId) await setUser()
+        return false // regular, unguarded path. Not secure & not anonymous path
+      }
+      if (userId) {
+        await setUser()
+        return secure
+      }
+      const silentOnError = this.config.auth[webApp].silentOnError ?? this.config.auth.common.silentOnError
+      const payload = silentOnError ? { noContent: true } : undefined
+      const authMethods = this.config.auth[webApp].methods ?? []
+      if (isEmpty(authMethods)) throw this.error('noAuthMethod', merge({ statusCode: 500 }, payload))
+      let success
+      for (const m of authMethods) {
+        const handler = this[camelCase(`verify ${m}`)]
+        if (!handler) throw this.error('invalidAuthMethod%s', m, merge({ statusCode: 500 }, payload))
+        const check = await handler(req, reply, source, payload)
+        if (check) {
+          success = check
+          break
+        }
+      }
+      if (!success) throw this.error('accessDeniedNoAuth', merge({ statusCode: 403 }, payload))
+      return secure
+    }
+
+    checkXSite = async (req, reply) => {
+      const { get } = this.app.lib._
+      if (!this.config.multiSite.enabled) return
+      if (!get(req, 'routeOptions.config.xSite')) return
+      if (!get(req, 'user.isXSiteAdmin')) throw this.error('accessDenied', { statusCode: 403 })
+    }
+
+    parseNsSettings = (ns, setting, items) => {
+      const { trim, set, isPlainObject, isArray, isEmpty, find } = this.app.lib._
+      const { parseObject, dayjs } = this.app.lib
+
+      for (const item of items) {
+        if (item.ns === '_var' || ns === '_var') continue
+        let value = trim([item.value] ?? '')
+        if (value[0] === '#' && value[value.length - 1] === '#') {
+          const val = value.slice(1, -1)
+          const newValue = find(items, { ns: '_var', key: val })
+          if (newValue) value = newValue.value
+        }
+        if (['[', '{'].includes(value[0]) && [']', '}'].includes(value[value.length - 1])) {
+          try {
+            value = parseObject(JSON.parse(value))
+          } catch (err) {}
+        } else if (Number(value)) value = Number(value)
+        else if (['true', 'false'].includes(value)) value = value === 'true'
+        else if (item.key.endsWith('$in')) value = value.split('\n').map(v => v.trim())
+        else {
+          const dt = dayjs(value)
+          if (dt.isValid()) value = dt.toDate()
+        }
+        if ((isPlainObject(value) || isArray(value)) && isEmpty(value)) continue
+        set(setting, `${ns}.${item.key}`, value)
+      }
+    }
+
     createNewSite = createNewSite
     removeSite = removeSite
     getSite = getSite
     getUserById = getUserById
+
     getUserByToken = getUserByToken
     getUserByUsernamePassword = getUserByUsernamePassword
   }

package/lib/get-site.js

@@ -1,5 +1,3 @@
-import { parseNsSettings } from './util.js'
-
 async function getSite (input, byId = false) {
   const { omit } = this.app.lib._
   const { set: setCache, get: getCache } = this.app.bajoCache ?? {}
@@ -21,7 +19,7 @@ async function getSite (input, byId = false) {
       const item = get(this, `app.${ns}.config.siteSetting`)
       if (isSet(item)) defSetting[ns] = item
       const items = filter(all, { ns })
-      parseNsSettings.call(this, ns, nsSetting, items)
+      this.parseNsSettings(ns, nsSetting, items)
     }
     site.setting = defaultsDeep({}, nsSetting, defSetting)
     // additional fields

package/lib/get-user.js

@@ -1,22 +1,18 @@
-import { parseNsSettings } from './util.js'
-
 export async function mergeTeam (user, req) {
   const { map, pick } = this.app.lib._
   const { getModel } = this.app.dobo
   user.teams = []
-  const query = { userId: user.id, siteId: user.siteId }
+  const query = { userId: user.id, siteId: user.siteId, status: 'ACTIVE' }
   let mdl = getModel('SumbaTeamUser')
   const userTeam = await mdl.findAllRecord({ query })
   if (userTeam.length === 0) return
   delete query.userId
   query.id = { $in: map(userTeam, 'teamId') }
-  query.status = 'ENABLED'
   mdl = getModel('SumbaTeam')
   const teams = await mdl.findAllRecord({ query })
   if (teams.length > 0) {
     delete query.id
     delete query.status
-    query.siteId = user.siteId
     query.teamId = { $in: teams.map(t => t.id + '') }
     mdl = getModel('SumbaTeamSetting')
     const items = await mdl.findAllRecord({ query })
@@ -25,7 +21,7 @@ export async function mergeTeam (user, req) {
       const item = pick(team, ['id', 'alias'])
       item.setting = {}
       for (const ns of names) {
-        parseNsSettings.call(this, ns, item.setting, items.filter(s => s.teamId === (team.id + '')))
+        this.parseNsSettings(ns, item.setting, items.filter(s => s.teamId === (team.id + '')))
       }
       user.teams.push(item)
     }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "sumba",
-  "version": "2.29.0",
+  "version": "2.31.0",
   "description": "Biz Suite for Bajo Framework",
   "main": "index.js",
   "scripts": {

package/wiki/CHANGES.md

@@ -1,5 +1,18 @@
 # Changes
 
+## 2026-06-11
+
+- [2.31.0] Add ```status``` field on ```SumbaTeamUser```
+- [2.31.0] Remove ```util.js``` as all functions now moved to base class
+
+## 2026-06-10
+
+- [2.30.0] Refactoring all guards
+- [2.30.0] Feature ```sumba:status``` now by default using ```ACTIVE``` and ```INACTIVE``` states
+- [2.30.0] Bug in ```multiSite``` handling
+- [2.30.0] Add ```populateRouteGuards()```
+- [2.30.0] Bug fix in ```hook.js```
+
 ## 2026-06-03
 
 - [2.29.0] Some models with property ```values``` now use the newly introduced function values

package/extend/dobo/fixture/x-route-guard.js

@@ -1,24 +0,0 @@
-const routes = [
-  'sumba:/your-stuff/**/*',
-  'sumba:/signout',
-  'sumba:/help/trouble-tickets/**/*',
-  'sumba.restapi:/user/api-key',
-  'sumba.restapi:/your-stuff/**/*',
-  'sumba.restapi:/manage/**/*',
-  '~sumba:/user/**/*',
-  '~sumba:/signin',
-  '~sumba.restapi:/user/access-token/**/*'
-]
-
-async function routeGuard () {
-  return routes.map(r => {
-    const anonymous = r[0] === '~'
-    return {
-      path: anonymous ? r.slice(1) : r,
-      anonymous,
-      status: 'ACTIVE'
-    }
-  })
-}
-
-export default routeGuard

package/extend/waibuDb/schema/x-attrib-guard.js

@@ -1,15 +0,0 @@
-async function xAttribGuard () {
-  return {
-    common: {
-      widget: {
-        siteIds: {
-          attr: {
-            refUrl: 'waibuAdmin:/{prefix}/site/details?id={id}'
-          }
-        }
-      }
-    }
-  }
-}
-
-export default xAttribGuard