Merge branch 'next' into develop

2025-05-06 14:09:25 +08:00 · 2024-12-08 10:24:53 +00:00 · 2024-12-08 10:24:53 +00:00 · f1a9d9fd74
commit f1a9d9fd74
parent d2de2f0c42 ab38e954c1
2 changed files with 77 additions and 0 deletions
--- a/packages/core/acl/src/acl.ts
+++ b/packages/core/acl/src/acl.ts
@ -453,6 +453,20 @@ export class ACL extends EventEmitter {
            ctx.permission.parsedParams = parsedParams;
            ctx.log?.debug && ctx.log.debug('acl parsedParams', parsedParams);
            ctx.permission.rawParams = lodash.cloneDeep(resourcerAction.params);
            if (parsedParams.appends && resourcerAction.params.fields) {
              for (const queryField of resourcerAction.params.fields) {
                if (parsedParams.appends.indexOf(queryField) !== -1) {
                  // move field to appends
                  if (!resourcerAction.params.appends) {
                    resourcerAction.params.appends = [];
                  }
                  resourcerAction.params.appends.push(queryField);
                  resourcerAction.params.fields = resourcerAction.params.fields.filter((f) => f !== queryField);
                }
              }
            }
            resourcerAction.mergeParams(parsedParams, {
              appends: (x, y) => {
                if (!x) {
--- a/packages/plugins/@nocobase/plugin-acl/src/server/tests/list-action.test.ts
+++ b/packages/plugins/@nocobase/plugin-acl/src/server/tests/list-action.test.ts
@ -16,6 +16,8 @@ describe('list action with acl', () => {
  let Post;
  let Comment;
  beforeEach(async () => {
    app = await prepareApp();
@ -32,6 +34,21 @@ describe('list action with acl', () => {
          name: 'createdBy',
          target: 'users',
        },
        {
          type: 'hasMany',
          name: 'comments',
          target: 'comments',
        },
      ],
    });
    Comment = app.db.collection({
      name: 'comments',
      fields: [
        {
          type: 'string',
          name: 'content',
        },
      ],
    });
@ -42,6 +59,52 @@ describe('list action with acl', () => {
    await app.destroy();
  });
  it('should list associations with fields filter', async () => {
    const userRole = app.acl.define({
      role: 'user',
    });
    userRole.grantAction('posts:view', {
      fields: ['title', 'comments'],
    });
    userRole.grantAction('comments:view', {
      fields: ['content'],
    });
    await Post.repository.create({
      values: [
        {
          title: 'p1',
          comments: [{ content: 'c1' }, { content: 'c2' }],
        },
      ],
    });
    app.resourceManager.use(
      (ctx, next) => {
        ctx.state.currentRole = 'user';
        return next();
      },
      {
        before: 'acl',
      },
    );
    const response = await (app as any)
      .agent()
      .set('X-With-ACL-Meta', true)
      .resource('posts')
      .list({
        fields: ['title', 'comments'],
      });
    expect(response.status).toBe(200);
    const { data } = response.body;
    expect(data[0].title).toBeDefined();
    expect(data[0].comments[0].content).toBeDefined();
  });
  it('should list with meta permission that has difference primary key', async () => {
    const userRole = app.acl.define({
      role: 'user',