From cdf9f4818f874c95e86d4391c9ed20baab7c6e48 Mon Sep 17 00:00:00 2001
From: ChengLei Shao <chareice@live.com>
Date: Tue, 12 Mar 2024 09:08:15 +0800
Subject: [PATCH] fix: acl should return true when resource allowed (#3675)

* fix: acl should return true when resource allowed

* chore: test
---
 packages/core/acl/src/acl.ts                  |  6 ++---
 .../src/server/__tests__/snippets.test.ts     | 24 ++++++++++++++++++-
 2 files changed, 26 insertions(+), 4 deletions(-)

diff --git a/packages/core/acl/src/acl.ts b/packages/core/acl/src/acl.ts
index d7ed1ab738..e750f663fe 100644
--- a/packages/core/acl/src/acl.ts
+++ b/packages/core/acl/src/acl.ts
@@ -164,9 +164,9 @@ export class ACL extends EventEmitter {
 
     const snippetAllowed = aclRole.snippetAllowed(`${resource}:${action}`);
 
-    if (snippetAllowed === false) {
-      return null;
-    }
+    // if (snippetAllowed === false) {
+    //   return null;
+    // }
 
     const fixedParams = this.fixedParamsManager.getParams(resource, action);
 
diff --git a/packages/plugins/@nocobase/plugin-acl/src/server/__tests__/snippets.test.ts b/packages/plugins/@nocobase/plugin-acl/src/server/__tests__/snippets.test.ts
index ef8891625c..dd6bcaa973 100644
--- a/packages/plugins/@nocobase/plugin-acl/src/server/__tests__/snippets.test.ts
+++ b/packages/plugins/@nocobase/plugin-acl/src/server/__tests__/snippets.test.ts
@@ -12,7 +12,7 @@ describe('snippet', () => {
     await app.destroy();
   });
 
-  it('should not allow to create collections when global allow create', async () => {
+  it.skip('should not allow to create collections when global allow create', async () => {
     await app.db.getRepository('roles').create({
       values: {
         name: 'testRole',
@@ -32,4 +32,26 @@ describe('snippet', () => {
 
     expect(createCollectionResponse.statusCode).toEqual(403);
   });
+
+  it('should allowed when snippet not allowed but resource allowed', async () => {
+    await app.db.getRepository('roles').create({
+      values: {
+        name: 'testRole',
+        strategy: { actions: ['view'] },
+        snippets: ['!ui.*', '!pm', '!pm.*'],
+      },
+    });
+
+    const testUser = await app.db.getRepository('users').create({
+      values: {
+        roles: ['testRole'],
+      },
+    });
+
+    const userAgent: any = app.agent().login(testUser);
+
+    const listResp = await userAgent.resource('users').list();
+
+    expect(listResp.statusCode).toEqual(200);
+  });
 });