nocobase/packages/core/acl/src/allow-manager.ts

import { ACL } from './acl';

export type ConditionFunc = (ctx: any) => Promise<boolean> | boolean;

export class AllowManager {
  protected skipActions = new Map<string, Map<string, string | ConditionFunc | true>>();

  protected registeredCondition = new Map<string, ConditionFunc>();

  constructor(public acl: ACL) {
    this.registerAllowCondition('loggedIn', (ctx) => {
      return ctx.state.currentUser;
    });

    this.registerAllowCondition('allowConfigure', async (ctx) => {
      const roleName = ctx.state.currentRole;
      if (!roleName) {
        return false;
      }

      const roleInstance = await ctx.db.getRepository('roles').findOne({
        filter: {
          name: roleName,
        },
      });

      return roleInstance?.get('allowConfigure');
    });
  }

  allow(resourceName: string, actionName: string, condition?: string | ConditionFunc) {
    const actionMap = this.skipActions.get(resourceName) || new Map<string, string | ConditionFunc>();
    actionMap.set(actionName, condition || true);

    this.skipActions.set(resourceName, actionMap);
  }

  getAllowedConditions(resourceName: string, actionName: string): Array<ConditionFunc | true> {
    const fetchActionSteps: string[] = ['*', resourceName];

    const results = [];

    for (const fetchActionStep of fetchActionSteps) {
      const resource = this.skipActions.get(fetchActionStep);
      if (resource) {
        const condition = resource.get('*') || resource.get(actionName);
        if (condition) {
          results.push(typeof condition === 'string' ? this.registeredCondition.get(condition) : condition);
        }
      }
    }

    return results;
  }

  registerAllowCondition(name: string, condition: ConditionFunc) {
    this.registeredCondition.set(name, condition);
  }

  aclMiddleware() {
    return async (ctx, next) => {
      const { resourceName, actionName } = ctx.action;
      const skippedConditions = ctx.app.acl.allowManager.getAllowedConditions(resourceName, actionName);
      let skip = false;

      for (const skippedCondition of skippedConditions) {
        if (skippedCondition) {
          let skipResult = false;

          if (typeof skippedCondition === 'function') {
            skipResult = await skippedCondition(ctx);
          } else if (skippedCondition) {
            skipResult = true;
          }

          if (skipResult) {
            skip = true;
            break;
          }
        }
      }

      if (skip) {
        ctx.permission = {
          skip: true,
        };
      }
      await next();
    };
  }
}
featEnable permission (#229) * feat: acl skip * feat: skip-manager * feat: root user permission skip * fix: test * feat: set user role * fix: code review * feat: setDefaultRole for users 2022-03-11 02:10:57 +00:00			`import { ACL } from './acl';`

fix: types error 2022-10-06 09:21:20 +00:00			`export type ConditionFunc = (ctx: any) => Promise<boolean> \| boolean;`
featEnable permission (#229) * feat: acl skip * feat: skip-manager * feat: root user permission skip * fix: test * feat: set user role * fix: code review * feat: setDefaultRole for users 2022-03-11 02:10:57 +00:00
Fix acl target action error (#311) * fix: field association resource name * chore: resourceCollection fields unique index * fix: test * feat: allowConfigure permission skip * feat: skip with array type actionNames * chore: rename acl skip to allow * fix: type * chore: rename SkipManager to AllowManager 2022-04-24 02:14:46 +00:00			`export class AllowManager {`
featEnable permission (#229) * feat: acl skip * feat: skip-manager * feat: root user permission skip * fix: test * feat: set user role * fix: code review * feat: setDefaultRole for users 2022-03-11 02:10:57 +00:00			`protected skipActions = new Map<string, Map<string, string \| ConditionFunc \| true>>();`

			`protected registeredCondition = new Map<string, ConditionFunc>();`

			`constructor(public acl: ACL) {`
Fix acl target action error (#311) * fix: field association resource name * chore: resourceCollection fields unique index * fix: test * feat: allowConfigure permission skip * feat: skip with array type actionNames * chore: rename acl skip to allow * fix: type * chore: rename SkipManager to AllowManager 2022-04-24 02:14:46 +00:00			`this.registerAllowCondition('loggedIn', (ctx) => {`
featEnable permission (#229) * feat: acl skip * feat: skip-manager * feat: root user permission skip * fix: test * feat: set user role * fix: code review * feat: setDefaultRole for users 2022-03-11 02:10:57 +00:00			`return ctx.state.currentUser;`
			`});`
Fix acl target action error (#311) * fix: field association resource name * chore: resourceCollection fields unique index * fix: test * feat: allowConfigure permission skip * feat: skip with array type actionNames * chore: rename acl skip to allow * fix: type * chore: rename SkipManager to AllowManager 2022-04-24 02:14:46 +00:00
			`this.registerAllowCondition('allowConfigure', async (ctx) => {`
			`const roleName = ctx.state.currentRole;`
			`if (!roleName) {`
			`return false;`
			`}`

			`const roleInstance = await ctx.db.getRepository('roles').findOne({`
refactor(plugin-users): improve extendibility of middlewares (#677) * refactor(plugin-users): improve extendibility of middlewares * fix(plugin-users): fix typo * fix: test error * fix: allowConfigure condition Co-authored-by: chenos <chenlinxh@gmail.com> 2022-07-25 11:33:23 +00:00			`filter: {`
docs: relation repository & acl (#848) * docs: relation-repository * docs: has many repository * docs: acl * docs: acl * docs: acl * docs: acl * docs: acl/AllowManager * docs: acl/ACLAvailableAction * docs: acl * docs: clean up * feat: doc menus Co-authored-by: chenos <chenlinxh@gmail.com> 2022-10-06 02:29:53 +00:00			`name: roleName,`
refactor(plugin-users): improve extendibility of middlewares (#677) * refactor(plugin-users): improve extendibility of middlewares * fix(plugin-users): fix typo * fix: test error * fix: allowConfigure condition Co-authored-by: chenos <chenlinxh@gmail.com> 2022-07-25 11:33:23 +00:00			`},`
Fix acl target action error (#311) * fix: field association resource name * chore: resourceCollection fields unique index * fix: test * feat: allowConfigure permission skip * feat: skip with array type actionNames * chore: rename acl skip to allow * fix: type * chore: rename SkipManager to AllowManager 2022-04-24 02:14:46 +00:00			`});`

			`return roleInstance?.get('allowConfigure');`
			`});`
featEnable permission (#229) * feat: acl skip * feat: skip-manager * feat: root user permission skip * fix: test * feat: set user role * fix: code review * feat: setDefaultRole for users 2022-03-11 02:10:57 +00:00			`}`

Fix acl target action error (#311) * fix: field association resource name * chore: resourceCollection fields unique index * fix: test * feat: allowConfigure permission skip * feat: skip with array type actionNames * chore: rename acl skip to allow * fix: type * chore: rename SkipManager to AllowManager 2022-04-24 02:14:46 +00:00			`allow(resourceName: string, actionName: string, condition?: string \| ConditionFunc) {`
featEnable permission (#229) * feat: acl skip * feat: skip-manager * feat: root user permission skip * fix: test * feat: set user role * fix: code review * feat: setDefaultRole for users 2022-03-11 02:10:57 +00:00			`const actionMap = this.skipActions.get(resourceName) \|\| new Map<string, string \| ConditionFunc>();`
			`actionMap.set(actionName, condition \|\| true);`

			`this.skipActions.set(resourceName, actionMap);`
			`}`

Fix acl target action error (#311) * fix: field association resource name * chore: resourceCollection fields unique index * fix: test * feat: allowConfigure permission skip * feat: skip with array type actionNames * chore: rename acl skip to allow * fix: type * chore: rename SkipManager to AllowManager 2022-04-24 02:14:46 +00:00			`getAllowedConditions(resourceName: string, actionName: string): Array<ConditionFunc \| true> {`
featEnable permission (#229) * feat: acl skip * feat: skip-manager * feat: root user permission skip * fix: test * feat: set user role * fix: code review * feat: setDefaultRole for users 2022-03-11 02:10:57 +00:00			`const fetchActionSteps: string[] = ['*', resourceName];`

			`const results = [];`

			`for (const fetchActionStep of fetchActionSteps) {`
			`const resource = this.skipActions.get(fetchActionStep);`
			`if (resource) {`
			`const condition = resource.get('*') \|\| resource.get(actionName);`
			`if (condition) {`
			`results.push(typeof condition === 'string' ? this.registeredCondition.get(condition) : condition);`
			`}`
			`}`
			`}`

			`return results;`
			`}`

Fix acl target action error (#311) * fix: field association resource name * chore: resourceCollection fields unique index * fix: test * feat: allowConfigure permission skip * feat: skip with array type actionNames * chore: rename acl skip to allow * fix: type * chore: rename SkipManager to AllowManager 2022-04-24 02:14:46 +00:00			`registerAllowCondition(name: string, condition: ConditionFunc) {`
featEnable permission (#229) * feat: acl skip * feat: skip-manager * feat: root user permission skip * fix: test * feat: set user role * fix: code review * feat: setDefaultRole for users 2022-03-11 02:10:57 +00:00			`this.registeredCondition.set(name, condition);`
			`}`

			`aclMiddleware() {`
			`return async (ctx, next) => {`
			`const { resourceName, actionName } = ctx.action;`
Fix acl target action error (#311) * fix: field association resource name * chore: resourceCollection fields unique index * fix: test * feat: allowConfigure permission skip * feat: skip with array type actionNames * chore: rename acl skip to allow * fix: type * chore: rename SkipManager to AllowManager 2022-04-24 02:14:46 +00:00			`const skippedConditions = ctx.app.acl.allowManager.getAllowedConditions(resourceName, actionName);`
featEnable permission (#229) * feat: acl skip * feat: skip-manager * feat: root user permission skip * fix: test * feat: set user role * fix: code review * feat: setDefaultRole for users 2022-03-11 02:10:57 +00:00			`let skip = false;`

			`for (const skippedCondition of skippedConditions) {`
			`if (skippedCondition) {`
			`let skipResult = false;`

			`if (typeof skippedCondition === 'function') {`
Fix acl target action error (#311) * fix: field association resource name * chore: resourceCollection fields unique index * fix: test * feat: allowConfigure permission skip * feat: skip with array type actionNames * chore: rename acl skip to allow * fix: type * chore: rename SkipManager to AllowManager 2022-04-24 02:14:46 +00:00			`skipResult = await skippedCondition(ctx);`
featEnable permission (#229) * feat: acl skip * feat: skip-manager * feat: root user permission skip * fix: test * feat: set user role * fix: code review * feat: setDefaultRole for users 2022-03-11 02:10:57 +00:00			`} else if (skippedCondition) {`
			`skipResult = true;`
			`}`

			`if (skipResult) {`
			`skip = true;`
			`break;`
			`}`
			`}`
			`}`

			`if (skip) {`
			`ctx.permission = {`
			`skip: true,`
			`};`
			`}`
			`await next();`
			`};`
			`}`
			`}`