mirror of
https://gitee.com/nocobase/nocobase.git
synced 2025-05-05 05:29:26 +08:00
fix(acl): incorrect data records when using m2m fields in collection permission data scope (#6304)
* fix(acl): incorrect data records when using m2m fields in collection permission data scope * fix: duplicate
This commit is contained in:
YANG QIA
GitHub
parent
55b70335cf
commit
414ec3c817
@ -216,6 +216,78 @@ describe('list action with acl', () => {
|
|||||||
expect(data.meta.allowedActions.destroy).toEqual([]);
|
expect(data.meta.allowedActions.destroy).toEqual([]);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it('should list items meta permissions by m2m association field', async () => {
|
||||||
|
const userRole = app.acl.define({
|
||||||
|
role: 'user',
|
||||||
|
});
|
||||||
|
|
||||||
|
const Tag = app.db.collection({
|
||||||
|
name: 'tags',
|
||||||
|
fields: [{ type: 'string', name: 'name' }],
|
||||||
|
});
|
||||||
|
|
||||||
|
app.db.extendCollection({
|
||||||
|
name: 'posts',
|
||||||
|
fields: [
|
||||||
|
{
|
||||||
|
type: 'belongsToMany',
|
||||||
|
name: 'tags',
|
||||||
|
through: 'posts_tags',
|
||||||
|
},
|
||||||
|
],
|
||||||
|
});
|
||||||
|
await app.db.sync();
|
||||||
|
|
||||||
|
await Tag.repository.create({
|
||||||
|
values: [{ name: 'a' }, { name: 'b' }, { name: 'c' }],
|
||||||
|
});
|
||||||
|
await Post.repository.create({
|
||||||
|
values: [
|
||||||
|
{ title: 'p1', tags: [1, 2] },
|
||||||
|
{ title: 'p2', tags: [1, 3] },
|
||||||
|
{ title: 'p3', tags: [2, 3] },
|
||||||
|
],
|
||||||
|
});
|
||||||
|
|
||||||
|
userRole.grantAction('posts:view', {});
|
||||||
|
|
||||||
|
userRole.grantAction('posts:update', {
|
||||||
|
filter: {
|
||||||
|
$and: [
|
||||||
|
{
|
||||||
|
tags: {
|
||||||
|
name: {
|
||||||
|
$includes: 'c',
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
],
|
||||||
|
},
|
||||||
|
});
|
||||||
|
|
||||||
|
app.resourcer.use(
|
||||||
|
(ctx, next) => {
|
||||||
|
ctx.state.currentRole = 'user';
|
||||||
|
ctx.state.currentUser = {
|
||||||
|
id: 1,
|
||||||
|
tag: 'c',
|
||||||
|
};
|
||||||
|
|
||||||
|
return next();
|
||||||
|
},
|
||||||
|
{
|
||||||
|
before: 'acl',
|
||||||
|
after: 'auth',
|
||||||
|
},
|
||||||
|
);
|
||||||
|
|
||||||
|
const response = await (app as any).agent().set('X-With-ACL-Meta', true).resource('posts').list();
|
||||||
|
const data = response.body;
|
||||||
|
expect(data.meta.allowedActions.view).toEqual([1, 2, 3]);
|
||||||
|
expect(data.meta.allowedActions.update).toEqual([2, 3]);
|
||||||
|
expect(data.meta.allowedActions.destroy).toEqual([]);
|
||||||
|
});
|
||||||
|
|
||||||
it('should list items with meta permission', async () => {
|
it('should list items with meta permission', async () => {
|
||||||
const userRole = app.acl.define({
|
const userRole = app.acl.define({
|
||||||
role: 'user',
|
role: 'user',
|
||||||
|
|||||||
@ -265,6 +265,7 @@ function createWithACLMetaMiddleware() {
|
|||||||
}),
|
}),
|
||||||
],
|
],
|
||||||
include: conditions.map((condition) => condition.include).flat(),
|
include: conditions.map((condition) => condition.include).flat(),
|
||||||
|
raw: true,
|
||||||
});
|
});
|
||||||
|
|
||||||
const allowedActions = inspectActions
|
const allowedActions = inspectActions
|
||||||
@ -273,7 +274,9 @@ function createWithACLMetaMiddleware() {
|
|||||||
return [action, ids];
|
return [action, ids];
|
||||||
}
|
}
|
||||||
|
|
||||||
return [action, results.filter((item) => Boolean(item.get(action))).map((item) => item.get(primaryKeyField))];
|
let actionIds = results.filter((item) => Boolean(item[action])).map((item) => item[primaryKeyField]);
|
||||||
|
actionIds = Array.from(new Set(actionIds));
|
||||||
|
return [action, actionIds];
|
||||||
})
|
})
|
||||||
.reduce((acc, [action, ids]) => {
|
.reduce((acc, [action, ids]) => {
|
||||||
acc[action] = ids;
|
acc[action] = ids;
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user