更新userRelation的权限判定
This commit is contained in:
parent
e32e51d769
commit
43d1e38e12
|
|
@ -48,18 +48,12 @@ class RelationAuth {
|
||||||
*/
|
*/
|
||||||
checkUserRelation(context, action, filter) {
|
checkUserRelation(context, action, filter) {
|
||||||
const userId = context.getCurrentUserId();
|
const userId = context.getCurrentUserId();
|
||||||
let filter2 = {};
|
|
||||||
const { entity, entityId, relationId } = filter;
|
|
||||||
(0, assert_1.default)(entity);
|
|
||||||
/**
|
/**
|
||||||
* 检查对某一个relationId是否有创建资格
|
* 检查对某一个relationId是否有操作资格
|
||||||
* @param destRelationId
|
* @param destRelationId
|
||||||
* @returns
|
* @returns
|
||||||
*/
|
*/
|
||||||
const checkOnRelationId = (destRelationId) => {
|
const checkOnRelationId = (destRelationId, entity, filter) => {
|
||||||
const filter2 = {
|
|
||||||
destRelationId: relationId,
|
|
||||||
};
|
|
||||||
/**
|
/**
|
||||||
* 找到能创建此relation的所有父级relation,只要user和其中一个有关联即可以通过
|
* 找到能创建此relation的所有父级relation,只要user和其中一个有关联即可以通过
|
||||||
*/
|
*/
|
||||||
|
|
@ -86,27 +80,21 @@ class RelationAuth {
|
||||||
entityId: 1,
|
entityId: 1,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
filter: filter2,
|
filter: {
|
||||||
|
destRelationId,
|
||||||
|
},
|
||||||
}, { dontCollect: true });
|
}, { dontCollect: true });
|
||||||
const checkRelationAuth = (relationAuth) => {
|
const checkRelationAuth = (relationAuth) => {
|
||||||
const { destRelation, sourceRelationId, path } = relationAuth;
|
const { destRelation, sourceRelationId, path } = relationAuth;
|
||||||
let destEntityFilter = this.makePathFilter(destRelation.entity, path, this.schema, {
|
(0, assert_1.default)(entity === destRelation.entity);
|
||||||
|
let destEntityFilter = this.makePathFilter(entity, path, this.schema, {
|
||||||
userRelation$entity: {
|
userRelation$entity: {
|
||||||
userId,
|
userId,
|
||||||
relationId: sourceRelationId,
|
relationId: sourceRelationId,
|
||||||
},
|
},
|
||||||
});
|
});
|
||||||
(0, assert_1.default)(entity && typeof entity === 'string');
|
if (filter) {
|
||||||
if (entityId) {
|
destEntityFilter = (0, filter_1.combineFilters)(entity, this.schema, [destEntityFilter, filter]);
|
||||||
Object.assign(destEntityFilter, {
|
|
||||||
id: entityId,
|
|
||||||
});
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
// userEntityGrant会有这种情况,限定某个对象的范围进行授权
|
|
||||||
const { [entity]: entityFilter } = filter;
|
|
||||||
(0, assert_1.default)(entityFilter);
|
|
||||||
destEntityFilter = (0, filter_1.combineFilters)(entity, this.schema, [destEntityFilter, entityFilter]);
|
|
||||||
}
|
}
|
||||||
return context.count(destRelation.entity, {
|
return context.count(destRelation.entity, {
|
||||||
filter: destEntityFilter,
|
filter: destEntityFilter,
|
||||||
|
|
@ -122,7 +110,7 @@ class RelationAuth {
|
||||||
return !!result.find(ele => ele > 0);
|
return !!result.find(ele => ele > 0);
|
||||||
};
|
};
|
||||||
/**
|
/**
|
||||||
* 检查对超过一个的relationId是否有创建资格
|
* 检查对超过一个的relationId是否有操作资格
|
||||||
* @param relationFilter 限定relationId的条件
|
* @param relationFilter 限定relationId的条件
|
||||||
* @param intersection 是否交集(对每个relationId都得有权限)
|
* @param intersection 是否交集(对每个relationId都得有权限)
|
||||||
* @returns
|
* @returns
|
||||||
|
|
@ -131,13 +119,16 @@ class RelationAuth {
|
||||||
const relations = context.select('relation', {
|
const relations = context.select('relation', {
|
||||||
data: {
|
data: {
|
||||||
id: 1,
|
id: 1,
|
||||||
|
entity: 1,
|
||||||
|
entityId: 1,
|
||||||
},
|
},
|
||||||
filter: relationFilter
|
filter: relationFilter
|
||||||
}, { dontCollect: true });
|
}, { dontCollect: true });
|
||||||
if (relations instanceof Promise) {
|
if (relations instanceof Promise) {
|
||||||
return relations.then((rs) => {
|
return relations.then((rs) => {
|
||||||
const relationIds = rs.map(ele => ele.id);
|
return Promise.all(rs.map(ele => checkOnRelationId(ele.id, ele.entity, {
|
||||||
return Promise.all(relationIds.map(ele => checkOnRelationId(ele))).then((value) => {
|
id: ele.entityId
|
||||||
|
}))).then((value) => {
|
||||||
if (intersection) {
|
if (intersection) {
|
||||||
return !(value.includes(false));
|
return !(value.includes(false));
|
||||||
}
|
}
|
||||||
|
|
@ -145,18 +136,31 @@ class RelationAuth {
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
const relationIds = relations.map(ele => ele.id);
|
const value = relations.map(ele => checkOnRelationId(ele.id, ele.entity, {
|
||||||
const value = relationIds.map(ele => checkOnRelationId(ele));
|
id: ele.entityId
|
||||||
|
}));
|
||||||
if (intersection) {
|
if (intersection) {
|
||||||
return !(value.includes(false));
|
return !(value.includes(false));
|
||||||
}
|
}
|
||||||
return value.includes(true);
|
return value.includes(true);
|
||||||
};
|
};
|
||||||
if (action === 'create') {
|
if (action === 'create') {
|
||||||
|
const { entity, entityId, relationId } = filter;
|
||||||
|
(0, assert_1.default)(typeof entity === 'string');
|
||||||
if (relationId) {
|
if (relationId) {
|
||||||
// 如果指定relation,则测试该relation上是否可行
|
// 如果指定relation,则测试该relation上是否可行
|
||||||
(0, assert_1.default)(typeof relationId === 'string');
|
(0, assert_1.default)(typeof relationId === 'string');
|
||||||
return checkOnRelationId(relationId);
|
let entityFilter;
|
||||||
|
if (entityId) {
|
||||||
|
entityFilter = {
|
||||||
|
id: entityId,
|
||||||
|
};
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
// userEntityGrant会有这种情况,限定某个对象的范围进行授权
|
||||||
|
entityFilter = filter[entity];
|
||||||
|
}
|
||||||
|
return checkOnRelationId(relationId, entity, entityFilter);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
// 否则为测试“能否”有权限管理的资格,此时只要有一个就可以
|
// 否则为测试“能否”有权限管理的资格,此时只要有一个就可以
|
||||||
|
|
|
||||||
|
|
@ -91,21 +91,13 @@ export class RelationAuth<ED extends EntityDict & BaseEntityDict> {
|
||||||
*/
|
*/
|
||||||
private checkUserRelation<Cxt extends AsyncContext<ED> | SyncContext<ED>>(context: Cxt, action: ED[keyof ED]['Action'], filter: NonNullable<ED['userRelation']['Selection']['filter']>) {
|
private checkUserRelation<Cxt extends AsyncContext<ED> | SyncContext<ED>>(context: Cxt, action: ED[keyof ED]['Action'], filter: NonNullable<ED['userRelation']['Selection']['filter']>) {
|
||||||
const userId = context.getCurrentUserId();
|
const userId = context.getCurrentUserId();
|
||||||
let filter2: ED['relationAuth']['Selection']['filter'] = {
|
|
||||||
};
|
|
||||||
|
|
||||||
const { entity, entityId, relationId } = filter;
|
|
||||||
assert(entity);
|
|
||||||
/**
|
/**
|
||||||
* 检查对某一个relationId是否有操作资格
|
* 检查对某一个relationId是否有操作资格
|
||||||
* @param destRelationId
|
* @param destRelationId
|
||||||
* @returns
|
* @returns
|
||||||
*/
|
*/
|
||||||
const checkOnRelationId = (destRelationId: string) => {
|
const checkOnRelationId = <T extends keyof ED>(destRelationId: string, entity: T, filter: ED[T]['Selection']['filter']) => {
|
||||||
const filter2: ED['relationAuth']['Selection']['filter'] = {
|
|
||||||
destRelationId: relationId,
|
|
||||||
};
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 找到能创建此relation的所有父级relation,只要user和其中一个有关联即可以通过
|
* 找到能创建此relation的所有父级relation,只要user和其中一个有关联即可以通过
|
||||||
*/
|
*/
|
||||||
|
|
@ -132,31 +124,24 @@ export class RelationAuth<ED extends EntityDict & BaseEntityDict> {
|
||||||
entityId: 1,
|
entityId: 1,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
filter: filter2,
|
filter: {
|
||||||
|
destRelationId,
|
||||||
|
},
|
||||||
}, { dontCollect: true });
|
}, { dontCollect: true });
|
||||||
|
|
||||||
|
|
||||||
const checkRelationAuth = (relationAuth: ED['relationAuth']['Schema']) => {
|
const checkRelationAuth = (relationAuth: ED['relationAuth']['Schema']) => {
|
||||||
const { destRelation, sourceRelationId, path } = relationAuth;
|
const { destRelation, sourceRelationId, path } = relationAuth;
|
||||||
let destEntityFilter = this.makePathFilter(destRelation.entity!, path, this.schema, {
|
assert(entity === destRelation.entity);
|
||||||
|
let destEntityFilter = this.makePathFilter(entity, path, this.schema, {
|
||||||
userRelation$entity: {
|
userRelation$entity: {
|
||||||
userId,
|
userId,
|
||||||
relationId: sourceRelationId,
|
relationId: sourceRelationId,
|
||||||
},
|
},
|
||||||
})!;
|
})!;
|
||||||
|
|
||||||
assert(entity && typeof entity === 'string');
|
if (filter) {
|
||||||
|
destEntityFilter = combineFilters(entity, this.schema, [destEntityFilter, filter])!;
|
||||||
if (entityId) {
|
|
||||||
Object.assign(destEntityFilter, {
|
|
||||||
id: entityId,
|
|
||||||
});
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
// userEntityGrant会有这种情况,限定某个对象的范围进行授权
|
|
||||||
const { [entity]: entityFilter } = filter as any;
|
|
||||||
assert(entityFilter);
|
|
||||||
destEntityFilter = combineFilters(entity, this.schema, [destEntityFilter, entityFilter])!;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return context.count(destRelation.entity, {
|
return context.count(destRelation.entity, {
|
||||||
|
|
@ -193,16 +178,19 @@ export class RelationAuth<ED extends EntityDict & BaseEntityDict> {
|
||||||
const relations = context.select('relation', {
|
const relations = context.select('relation', {
|
||||||
data: {
|
data: {
|
||||||
id: 1,
|
id: 1,
|
||||||
|
entity: 1,
|
||||||
|
entityId: 1,
|
||||||
},
|
},
|
||||||
filter: relationFilter
|
filter: relationFilter
|
||||||
}, { dontCollect: true });
|
}, { dontCollect: true });
|
||||||
if (relations instanceof Promise) {
|
if (relations instanceof Promise) {
|
||||||
return relations.then(
|
return relations.then(
|
||||||
(rs) => {
|
(rs) => {
|
||||||
const relationIds = rs.map(ele => ele.id!);
|
|
||||||
return Promise.all(
|
return Promise.all(
|
||||||
relationIds.map(
|
rs.map(
|
||||||
ele => checkOnRelationId(ele)
|
ele => checkOnRelationId(ele.id!, ele.entity!, {
|
||||||
|
id: ele.entityId
|
||||||
|
})
|
||||||
)
|
)
|
||||||
).then(
|
).then(
|
||||||
(value) => {
|
(value) => {
|
||||||
|
|
@ -215,20 +203,32 @@ export class RelationAuth<ED extends EntityDict & BaseEntityDict> {
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
const relationIds = relations.map(
|
const value = relations.map(ele => checkOnRelationId(ele.id!, ele.entity!, {
|
||||||
ele => ele.id!
|
id: ele.entityId
|
||||||
);
|
})) as boolean[];
|
||||||
const value = relationIds.map(ele => checkOnRelationId(ele)) as boolean[];
|
|
||||||
if (intersection) {
|
if (intersection) {
|
||||||
return !(value.includes(false));
|
return !(value.includes(false));
|
||||||
}
|
}
|
||||||
return value.includes(true);
|
return value.includes(true);
|
||||||
};
|
};
|
||||||
if (action === 'create') {
|
if (action === 'create') {
|
||||||
|
const { entity, entityId, relationId } = filter;
|
||||||
|
assert(typeof entity === 'string');
|
||||||
if (relationId) {
|
if (relationId) {
|
||||||
// 如果指定relation,则测试该relation上是否可行
|
// 如果指定relation,则测试该relation上是否可行
|
||||||
assert(typeof relationId === 'string');
|
assert(typeof relationId === 'string');
|
||||||
return checkOnRelationId(relationId);
|
|
||||||
|
let entityFilter: ED[keyof ED]['Selection']['filter'];
|
||||||
|
if (entityId) {
|
||||||
|
entityFilter = {
|
||||||
|
id: entityId,
|
||||||
|
};
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
// userEntityGrant会有这种情况,限定某个对象的范围进行授权
|
||||||
|
entityFilter = (filter as any)[entity];
|
||||||
|
}
|
||||||
|
return checkOnRelationId(relationId, entity, entityFilter);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
// 否则为测试“能否”有权限管理的资格,此时只要有一个就可以
|
// 否则为测试“能否”有权限管理的资格,此时只要有一个就可以
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue