fm453/nocobase
1
0
Fork 0
mirror of https://gitee.com/nocobase/nocobase.git synced 2025-05-05 21:49:25 +08:00
Code Issues Packages Projects Releases Wiki Activity
nocobase/packages/core/client/src/acl/ACLProvider.tsx
ChengLei Shao a614bc7de8
feat: acl optimization (#1136) 
* fix: sort field with table dose not have primary key

* feat: fixed params merger

* chore(plugins/acl): fixed params

* chore(plugins/acl): allowConfigure of collections

* chore(plugins/china-region): disable actions other than list

* chore(plugins/collection-manager): allowConfigure permission

* chore(plugins/file-manager): acl fixed params

* chore: acl fixed params

* chore: rolesResourcesScopes onDelete cascade

* fix: install error

* chore: test

* fix: root user fixed params

* fix: role resource scope onDelete

* chore: test

* chore: test

* fix: acl

* chore: disable index.html cache

* chore: disable index.html cache

* test: destory user role

* test: destory throught table

* fix: test

* fix: test

* chore: add rolesUsers to fixed params

* feat: permission logging

* feat: permission logging

* fix: test

* fix: test

* chore: disable grant target action

* fix: appends with fields

* fix: get action params

* fix: associationActions

* chore: change AssociationField using relation type

* chore: typo

* refactor: allow to skip

* fix: prettier

* chore: attachments association action

* fix: allowConfigure condition

* fix: deprecated allow

* fix: please use skip instead

* feat: table column aclcheck

* chore: test

* feat: throw error when detory no permission record

* chore: test

* chore: acl test

* feat: field acl

* chore: after action middleware

* fix: destory permission check

* chore: middleware use

* fix: test

* feat: filter match

* feat: subform/subtable field acl check

* feat: action permision by scope

* feat: action permision by scope

* feat: list action with allowedActions

* chore: all allowed action

* fix: pk error

* fix: merge error

* fix: create query sql

* fix: skip permission

* fix: scope with association field

* feat: action acl fix

* feat: action acl fix

* fix: update submodule

* Feat: setting center permission (#1214)

* feat: add setting center permissions

* feat: setting center permissions backlist

* feat: setting center permissions BLACKLIST

* feat: setting center permissions blacklist

* feat: setting center permissions blacklist

* feat: setting center permission

* feat: configure plugin tab expand

Co-authored-by: chenos <chenlinxh@gmail.com>

* Feat :field acl (#1211)

Co-authored-by: chenos <chenlinxh@gmail.com>

* fix: build error

* test: acl snippet

* feat: set field

* fix: test

* fix: build error

* fix: utils Dependency cycles

* feat: general permissions

* feat: delete pluginTabBlacklist

* fix: test

* feat: snippetManager allow method

* feat: acl role snippetAllowed method

* feat: array field repository

* feat:  ArrayFieldRepository

* fix: test

* fix: ci

* fix: ci error

* fix: add set parse

* test: array field repository

* chore: addSnippetPatten

* fix: start

* feat: sync role snippets

* feat: snippets check

* feat: snippets check

* chore: acl role snippet api

* fix: test

* fix: test

* refactor: acl role snippets

* chore: registerACLSettingSnippet

* chore: default snippets

* feat: snippets match

* feat: snippets check

* feat: snippets check

* feat: pm permision check

* feat: pm permision check

* feat: snippet pattern match

* feat: pluginManagerToolbar check

* feat: pluginManagerToolbar check

* chore: snippets default value

* feat: set role snippets migration

* chore: snippets

* feat: acl local

* feat: acl local

* feat: bookmask fix

* feat: plugin-manger & ui-editor snippet

* feat: set allowConfigure to false when upgrade to snippets

* feat: destory action acl fix

* feat: destory action acl fix

* fix: association resource params merge

* fix: ui editor snippet

* feat:  action acl fix

* chore: move list meta middleware into plugins/acl

* fix: test

* feat:  action acl fix

* feat: action acl check fix

* feat: plugins toolbar fix

* feat: gitmodules

* fix: subproject

* chore: add avaiableActions to snippet

* chore: change plugin-manager snippet

* feat: configure action acl fix

* feat: plugin tab acl check fix

* chore: roles snippets

* fix: add actions to snippet

* feat: allowconfigure fix

* fix: count with filterBy

* fix: build error

* feat: get action with allowedActions

* feat: acl route check fix

* feat:  aclActionProvider fix

* feat: actionscpe fix

* feat: actionname alias

* feat: setting center fix

* feat: acl provider fix

* fix: role collection

* feat: associate resource  acl

* feat: associate resource  acl

* feat: redirect to 403

* feat: route redirct

* feat:  acl scope check by record

* fix: fields  appends fix

* fix: fields  appends fix

* fix: fields  appends fix

* fix: allowedActions  fix

* fix:  menu items

* fix: rename

* fix: improve code

* fix: improve code

* fix: improve code

* fix: ctx?.data?.data

* fix: styling

* fix: allowAll after ignore scope

* chore: allowConfigure condition

* fix: collections.fields:*

* fix: acl test

* fix: update submodule

* fix: acl test

* fix: acl snippet

* fix: updates

* fix: only load history for logged-in users

* fix: this.app.acl.registerSnippet

* fix: downloadXlsxTemplate

* fix: 404

* feat: allowedAction in association list response

* fix: listData get

* fix: test

* fix: x-collection-field

* fix: update record error

* fix: calendar template

* test: allow manager

* fix: fetch action step

* fix: update submodule

* fix: refresh

* fix: refresh

* fix: rolesResourcesScopes

* test: snippets

* fix: snippets

* fix: test

* fix: omit filter.createdById

* fix: improve code

* fix: collections path

* fix: test error

* fix: upgrade error

* fix: errors

* fix: read allowed actions error

* fix: kanban error

* fix: error

Co-authored-by: chenos <chenlinxh@gmail.com>
Co-authored-by: katherinehhh <katherine_15995@163.com>
2023-01-09 07:35:48 +08:00

285 lines
8.5 KiB
TypeScript
Raw Blame History

import { Schema, useFieldSchema } from '@formily/react';
import { Spin } from 'antd';
import React, { createContext, useContext } from 'react';
import { Redirect } from 'react-router-dom';
import { useAPIClient, useRequest } from '../api-client';
import { useBlockRequestContext } from '../block-provider/BlockProvider';
import { useCollection } from '../collection-manager';
import { useResourceActionContext } from '../collection-manager/ResourceActionProvider';
import { useRecord } from '../record-provider';
import { SchemaComponentOptions, useDesignable } from '../schema-component';
export const ACLContext = createContext<any>({});
export const ACLProvider = (props) => {
return (
<SchemaComponentOptions
components={{ ACLCollectionFieldProvider, ACLActionProvider, ACLMenuItemProvider, ACLCollectionProvider }}
>
{props.children}
</SchemaComponentOptions>
);
};
const getRouteUrl = (props) => {
if (props?.match) {
return props.match;
}
return props && getRouteUrl(props?.children?.props);
};
const getRouteAclCheck = (match, snippets) => {
const { url, params } = match;
if (url === '/admin/pm/list' || params?.pluginName || params?.name?.includes('settings')) {
const pmAclCheck = url === '/admin/pm/list' && snippets.includes('pm');
const pluginTabByName = params?.name.split('/');
pluginTabByName.shift();
const pluginName = params.pluginName || pluginTabByName[0];
const tabName = params.tabName || pluginTabByName[1];
const pluginTabSnippet = pluginName && tabName && `!pm.${pluginName}.${tabName}`;
const pluginTabAclCheck = pluginTabSnippet && !snippets.includes(pluginTabSnippet);
return pmAclCheck || pluginTabAclCheck;
}
return true;
};
export const ACLRolesCheckProvider = (props) => {
const route = getRouteUrl(props.children.props);
const { setDesignable } = useDesignable();
const api = useAPIClient();
const result = useRequest(
{
url: 'roles:check',
},
{
onSuccess(data) {
if (!data?.data?.snippets.includes('ui.*')) {
setDesignable(false);
}
if (data?.data?.role !== api.auth.role) {
api.auth.setRole(data?.data?.role);
}
},
},
);
if (result.loading) {
return <Spin />;
}
if (result.error) {
return <Redirect to={'/signin'} />;
}
return <ACLContext.Provider value={result}>{props.children}</ACLContext.Provider>;
};
export const useRoleRecheck = () => {
const ctx = useContext(ACLContext);
const { allowAll } = useACLRoleContext();
return () => {
if (allowAll) {
return;
}
ctx.refresh();
};
};
export const useACLContext = () => {
return useContext(ACLContext);
};
export const ACLActionParamsContext = createContext<any>({});
export const useACLRolesCheck = () => {
const ctx = useContext(ACLContext);
const data = ctx?.data?.data;
const getActionAlias = (actionPath: string) => {
const actionName = actionPath.split(':').pop();
return data?.actionAlias?.[actionName] || actionName;
};
return {
data,
getActionAlias,
inResources: (resourceName: string) => {
return data?.resources?.includes?.(resourceName);
},
getResourceActionParams: (actionPath: string) => {
const [resourceName] = actionPath.split(':');
const actionAlias = getActionAlias(actionPath);
return data?.actions?.[`${resourceName}:${actionAlias}`] || data?.actions?.[actionPath];
},
getStrategyActionParams: (actionPath: string) => {
const actionAlias = getActionAlias(actionPath);
const strategyAction = data?.strategy?.actions.find((action) => {
const [value] = action.split(':');
return value === actionAlias;
});
return strategyAction ? {} : null;
},
};
};
const getIgnoreScope = (options: any = {}) => {
const { schema, recordPkValue } = options;
let ignoreScope = false;
if (options.ignoreScope) {
ignoreScope = true;
}
if (schema?.['x-acl-ignore-scope']) {
ignoreScope = true;
}
if (schema?.['x-acl-action-props']?.['skipScopeCheck']) {
ignoreScope = true;
}
if (!recordPkValue) {
ignoreScope = true;
}
return ignoreScope;
};
const useAllowedActions = () => {
const result = useBlockRequestContext() || { service: useResourceActionContext() };
return result?.service?.data?.meta?.allowedActions;
};
const useResourceName = () => {
const result = useBlockRequestContext() || { service: useResourceActionContext() };
return result?.props?.resource || result?.service?.defaultRequest?.resource;
};
export function useACLRoleContext() {
const { data, getActionAlias, inResources, getResourceActionParams, getStrategyActionParams } = useACLRolesCheck();
const allowedActions = useAllowedActions();
const verifyScope = (actionName: string, recordPkValue: any) => {
const actionAlias = getActionAlias(actionName);
if (!Array.isArray(allowedActions?.[actionAlias])) {
return null;
}
return allowedActions[actionAlias].includes(recordPkValue);
};
return {
...data,
parseAction: (actionPath: string, options: any = {}) => {
const [resourceName, actionName] = actionPath.split(':');
if (!getIgnoreScope(options)) {
const r = verifyScope(actionName, options.recordPkValue);
if (r !== null) {
return r ? {} : null;
}
}
if (data?.allowAll) {
return {};
}
if (inResources(resourceName)) {
return getResourceActionParams(actionPath);
}
return getStrategyActionParams(actionPath);
},
};
}
export const ACLCollectionProvider = (props) => {
const { allowAll, parseAction } = useACLRoleContext();
const schema = useFieldSchema();
if (allowAll) {
return <>{props.children}</>;
}
const actionPath = schema['x-acl-action'];
if (!actionPath) {
return <>{props.children}</>;
}
const params = parseAction(actionPath, { schema });
if (!params) {
return null;
}
return <ACLActionParamsContext.Provider value={params}>{props.children}</ACLActionParamsContext.Provider>;
};
export const useACLActionParamsContext = () => {
return useContext(ACLActionParamsContext);
};
export const useRecordPkValue = () => {
const { getPrimaryKey } = useCollection();
const record = useRecord();
const primaryKey = getPrimaryKey();
return record?.[primaryKey];
};
export const ACLActionProvider = (props) => {
const recordPkValue = useRecordPkValue();
const resource = useResourceName();
const { parseAction } = useACLRoleContext();
const schema = useFieldSchema();
let actionPath = schema['x-acl-action'];
if (!actionPath && resource && schema['x-action']) {
actionPath = `${resource}:${schema['x-action']}`;
}
if (!actionPath.includes(':')) {
actionPath = `${resource}:${actionPath}`;
}
if (!actionPath) {
return <>{props.children}</>;
}
const params = parseAction(actionPath, { schema, recordPkValue });
if (!params) {
return null;
}
return <ACLActionParamsContext.Provider value={params}>{props.children}</ACLActionParamsContext.Provider>;
};
export const useACLFieldWhitelist = () => {
const params = useContext(ACLActionParamsContext);
const whitelist = []
.concat(params?.whitelist || [])
.concat(params?.fields || [])
.concat(params?.appends || []);
return {
whitelist,
schemaInWhitelist(fieldSchema: Schema) {
if (whitelist.length === 0) {
return true;
}
if (!fieldSchema) {
return true;
}
if (!fieldSchema['x-collection-field']) {
return true;
}
const [, ...keys] = fieldSchema['x-collection-field'].split('.');
return whitelist?.includes(keys.join('.'));
},
};
};
export const ACLCollectionFieldProvider = (props) => {
const fieldSchema = useFieldSchema();
const { allowAll } = useACLRoleContext();
if (allowAll) {
return <>{props.children}</>;
}
if (!fieldSchema['x-collection-field']) {
return <>{props.children}</>;
}
const { whitelist } = useACLFieldWhitelist();
const allowed = whitelist.length > 0 ? whitelist.includes(fieldSchema.name) : true;
if (!allowed) {
return null;
}
return <>{props.children}</>;
};
export const ACLMenuItemProvider = (props) => {
const { allowAll, allowMenuItemIds = [], snippets } = useACLRoleContext();
const fieldSchema = useFieldSchema();
if (allowAll || snippets.includes('ui.*')) {
return <>{props.children}</>;
}
if (!fieldSchema['x-uid']) {
return <>{props.children}</>;
}
if (allowMenuItemIds.includes(fieldSchema['x-uid'])) {
return <>{props.children}</>;
}
return null;
};
export default ACLProvider;
Reference in New Issue View Git Blame Copy Permalink