mirrors/nocobase
1
0
Fork 0
mirror of https://github.com/nocobase/nocobase synced 2024-11-18 09:18:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
de25f56a79
nocobase/packages/plugin-acl/src/server.ts
ChengLei Shao 7a7ab2ef41
feat: add acl plugin (#169) 
* feat: getRepository

* getRepository return type

* export action

* add: acl

* feat: setResourceAction

* feat: action alias

* chore: code struct

* feat: removeResourceAction

* chore: file name

* ignorecase

* remove ACL

* feat: ACL

* feat: role toJSON

* using emit

* chore: test

* feat: plugin-acl

* feat: acl with predicate

* grant universal action test

* grant action test

* update resource action test

* revoke resource action

* usingActionsConfig switch

* plugin-ui-schema-storage

* remove global acl instance

* fix: collection manager with sqlite

* add own action listener

* add acl middleware

* add acl allowConfigure strategy option

* add plugin-acl allowConfigure

* change acl resourceName

* add acl middleware merge params

* bugfix

* append fields on acl action params

* acl middleware parse template

* fix: collection-manager migrate

* add acl association field test

* feat(plugin-acl): grant association field actions

* chore(plugin-acl): type name

* feat(plugin-acl): regrant actions on resource action update

* feat(plugin-acl): regrant action on field destroy

* fix(plugin-acl): test

* fix(plugin-acl): test run

* feat(plugin-acl): set default role

* feat(plugin-users): set user default role

* test(plugin-users): create user with role

* feat(plugin-users): create user with role

Co-authored-by: chenos <chenlinxh@gmail.com>
2022-01-30 10:37:27 +08:00

191 lines
5.1 KiB
TypeScript
Raw Blame History

import { Plugin } from '@nocobase/server';
import { ACL } from '@nocobase/acl';
import path from 'path';
import { availableActionResource } from './actions/available-actions';
import { roleCollectionsResource } from './actions/role-collections';
import { createACL } from './acl';
import { RoleResourceActionModel } from './model/RoleResourceActionModel';
import { RoleResourceModel } from './model/RoleResourceModel';
export interface AssociationFieldAction {
associationActions: string[];
targetActions?: string[];
}
interface AssociationFieldActions {
[availableActionName: string]: AssociationFieldAction;
}
export interface AssociationFieldsActions {
[associationType: string]: AssociationFieldActions;
}
export class GrantHelper {
resourceTargetActionMap = new Map<string, string[]>();
targetActionResourceMap = new Map<string, string[]>();
constructor() {}
}
export default class PluginACL extends Plugin {
acl: ACL;
associationFieldsActions: AssociationFieldsActions = {};
grantHelper = new GrantHelper();
registerAssociationFieldAction(associationType: string, value: AssociationFieldActions) {
this.associationFieldsActions[associationType] = value;
}
getACL() {
return this.acl;
}
registerAssociationFieldsActions() {
this.registerAssociationFieldAction('linkTo', {
view: {
associationActions: ['list', 'get'],
},
create: {
associationActions: ['add'],
targetActions: ['view'],
},
update: {
associationActions: ['add', 'remove', 'toggle'],
targetActions: ['view'],
},
});
this.registerAssociationFieldAction('attachments', {
view: {
associationActions: ['list', 'get'],
},
add: {
associationActions: ['upload', 'add'],
},
update: {
associationActions: ['update', 'add', 'remove', 'toggle'],
},
});
this.registerAssociationFieldAction('subTable', {
view: {
associationActions: ['list', 'get'],
},
create: {
associationActions: ['create'],
},
update: {
associationActions: ['update', 'destroy'],
},
});
}
async load() {
this.app.db.registerModels({
RoleResourceActionModel,
RoleResourceModel,
});
const acl = createACL();
this.acl = acl;
await this.app.db.import({
directory: path.resolve(__dirname, 'collections'),
});
this.registerAssociationFieldsActions();
this.app.resourcer.define(availableActionResource);
this.app.resourcer.define(roleCollectionsResource);
this.app.resourcer.use(this.acl.middleware());
this.app.db.on('roles.afterSave', async (model, options) => {
const { transaction } = options;
const roleName = model.get('name');
let role = acl.getRole(roleName);
if (!role) {
role = acl.define({
role: model.get('name'),
});
}
role.setStrategy({
...(model.get('strategy') || {}),
allowConfigure: model.get('allowConfigure'),
});
// model is default
if (model.get('default')) {
await this.app.db.getRepository('roles').update({
values: {
default: false,
},
filter: {
'name.$ne': model.get('name'),
},
hooks: false,
transaction,
});
}
});
this.app.db.on('roles.afterDestroy', (model) => {
const roleName = model.get('name');
acl.removeRole(roleName);
});
this.app.db.on('rolesResources.afterSaveWithAssociations', async (model: RoleResourceModel, options) => {
await model.writeToACL({
acl: this.acl,
associationFieldsActions: this.associationFieldsActions,
transaction: options.transaction,
grantHelper: this.grantHelper,
});
});
this.app.db.on('rolesResourcesActions.afterUpdateWithAssociations', async (model, options) => {
const { transaction } = options;
const resource = await model.getResource({
transaction,
});
await resource.writeToACL({
acl: this.acl,
associationFieldsActions: this.associationFieldsActions,
transaction: options.transaction,
grantHelper: this.grantHelper,
});
});
this.app.db.on('fields.afterDestroy', async (model, options) => {
const collectionName = model.get('collectionName');
const fieldName = model.get('name');
const resourceActions = await this.app.db.getRepository('rolesResourcesActions').find({
filter: {
'resource.name': collectionName,
'fields.$anyOf': [fieldName],
},
transaction: options.transaction,
});
for (const resourceAction of resourceActions) {
const fields = resourceAction.get('fields') as string[];
const newFields = fields.filter((field) => field != fieldName);
await this.app.db.getRepository('rolesResourcesActions').update({
filterByTk: resourceAction.get('id') as number,
values: {
fields: newFields,
},
transaction: options.transaction,
});
}
});
}
}
Reference in New Issue View Git Blame Copy Permalink