mirrors/nocobase
1
0
Fork 0
mirror of https://github.com/nocobase/nocobase synced 2024-11-15 09:29:16 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix acl error (#358)

Browse Source 
* fix: empty resource acl error

* fix: removeAction error
This commit is contained in:
ChengLei Shao 2022-05-04 20:44:59 +08:00 committed by GitHub
parent 46e660b10d
commit 0b7f96dab3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 13 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
packages/plugins/acl/src/model/RoleResourceActionModel.ts
View File

@ -51,6 +51,7 @@ export class RoleResourceActionModel extends Model {
const fieldTarget = collectionField.get('target');
if (fieldActions) {
// grant association actions to role
const associationActions = fieldActions.associationActions || [];
associationActions.forEach((associationAction) => {
const actionName = `${resourceName}.${fieldTarget}:${associationAction}`;
@ -62,14 +63,15 @@ export class RoleResourceActionModel extends Model {
targetActions.forEach((targetAction) => {
const targetActionPath = `${fieldTarget}:${targetAction}`;
grantHelper.resourceTargetActionMap.set(resourceName, [
// set resource target action with current resourceName
grantHelper.resourceTargetActionMap.set(`${role.name}.${resourceName}`, [
...(grantHelper.resourceTargetActionMap.get(resourceName) || []),
targetActionPath,
]);
grantHelper.targetActionResourceMap.set(targetActionPath, [
...(grantHelper.targetActionResourceMap.get(targetActionPath) || []),
resourceName,
`${role.name}.${resourceName}`,
]);
role.grantAction(targetActionPath);

7
packages/plugins/acl/src/model/RoleResourceModel.ts
View File

@ -8,20 +8,21 @@ export class RoleResourceModel extends Model {
const { role, resourceName, grantHelper } = options;
role.revokeResource(resourceName);
const targetActions = grantHelper.resourceTargetActionMap.get(resourceName) || [];
const targetActions = grantHelper.resourceTargetActionMap.get(`${role.name}.${resourceName}`) || [];
for (const targetAction of targetActions) {
const targetActionResource = (grantHelper.targetActionResourceMap.get(targetAction) || []).filter(
(item) => resourceName !== item,
(item) => `${role.name}.${resourceName}` !== item,
);
grantHelper.targetActionResourceMap.set(targetAction, targetActionResource);
if (targetActionResource.length == 0) {
role.revokeAction(targetAction);
}
}
grantHelper.resourceTargetActionMap.set(resourceName, []);
grantHelper.resourceTargetActionMap.set(`${role.name}.${resourceName}`, []);
}
async writeToACL(options: {

5
packages/plugins/acl/src/server.ts
View File

@ -30,6 +30,8 @@ export class GrantHelper {
}
export class PluginACL extends Plugin {
// association field actions config
associationFieldsActions: AssociationFieldsActions = {};
grantHelper = new GrantHelper();
@ -43,6 +45,8 @@ export class PluginACL extends Plugin {
}
registerAssociationFieldsActions() {
// if grant create action to role, it should
// also grant add action and association target's view action
this.registerAssociationFieldAction('linkTo', {
view: {
associationActions: ['list', 'get'],
@ -107,6 +111,7 @@ export class PluginACL extends Plugin {
const roles = (await this.app.db.getRepository('roles').find({
appends: ['resources', 'resources.actions'],
})) as RoleModel[];
for (const role of roles) {
role.writeToAcl({ acl: this.acl });
for (const resource of role.get('resources') as RoleResourceModel[]) {