补充了deduceAuth的case

lib/store/RelationAuth.js

@@ -665,7 +665,7 @@ var RelationAuth = /** @class */ (function () {
         this.checkActions(entity, operation, context);
     };
     RelationAuth.prototype.getDeducedCheckOperation = function (entity, operation) {
-        var e_2, _a;
+        var e_2, _a, e_3, _b;
         // 如果是deduce的对象，将之转化为所deduce的对象上的权限检查            
         var deduceAttr = this.authDeduceRelationMap[entity];
         (0, assert_1.default)(deduceAttr === 'entity', "\u5F53\u524D\u53EA\u652F\u6301entity\u4F5C\u4E3Adeduce\u5916\u952E\uFF0Centity\u662F\u300C".concat(entity, "\u300D"));
@@ -729,22 +729,48 @@ var RelationAuth = /** @class */ (function () {
         }
         else {
             // 目前应该都有这两个属性，包括select
-            var _b = filter, deduceEntity = _b.entity, deduceEntityId = _b.entityId;
+            var _c = filter, deduceEntity = _c.entity, deduceEntityId = _c.entityId;
             // assert(deduceEntity, `${entity as string}对象上的${action}行为，必须带上${deduceAttr as string}的外键条件`);
             // assert(deduceEntityId, `${entity as string}对象上的${action}行为，必须带上${deduceAttr as string}Id的外键条件`);
+            var deduceFilter = {};
             if (deduceEntity && deduceEntityId) {
+                deduceFilter = { id: deduceEntityId };
+            }
+            else {
+                // 也可能是用cascade方式进行查找，这里有时候filter上会带有两个不同的entity目标，尚未处理（todo!）
+                var ref = this.schema[entity].attributes.entity.ref;
+                (0, assert_1.default)(ref instanceof Array);
+                try {
+                    for (var ref_1 = tslib_1.__values(ref), ref_1_1 = ref_1.next(); !ref_1_1.done; ref_1_1 = ref_1.next()) {
+                        var refEntity = ref_1_1.value;
+                        if (filter[refEntity]) {
+                            deduceEntity = refEntity;
+                            deduceFilter = filter[refEntity];
+                            break;
+                        }
+                    }
+                }
+                catch (e_3_1) { e_3 = { error: e_3_1 }; }
+                finally {
+                    try {
+                        if (ref_1_1 && !ref_1_1.done && (_b = ref_1.return)) _b.call(ref_1);
+                    }
+                    finally { if (e_3) throw e_3.error; }
+                }
+            }
+            if (deduceEntity && deduceFilter) {
                 if (action === 'select') {
                     return {
                         entity: deduceEntity,
                         operation: {
                             action: 'select',
                             data: { id: 1 },
-                            filter: { id: deduceEntityId },
+                            filter: deduceFilter,
                         }
                     };
                 }
                 else {
-                    // 目前对于非select和create的action，只要有其父对象的update/remove属性即可以
+                    // 目前对于非select和create的action，只要有其父对象的某一update/remove属性即可以（这样设计可能不严谨）
                     var excludeActions_2 = action_1.readOnlyActions.concat(['create']);
                     var updateActions = this.schema[deduceEntity].actions.filter(function (a) { return !excludeActions_2.includes(a); });
                     return {
@@ -752,9 +778,7 @@ var RelationAuth = /** @class */ (function () {
                         operation: {
                             action: 'update',
                             data: {},
-                            filter: {
+                            filter: deduceFilter,
-                                id: deduceEntityId,
-                            },
                         },
                         actions: updateActions,
                     };
@@ -982,9 +1006,9 @@ var RelationAuth = /** @class */ (function () {
             // 算法是先将整个update的根结点对象找到，并找到为其赋权的relation，再用此relation去查找所有子对象上的actionAuth
             var result = [];
             var _a = this.destructCascadeOperation(entity, operation), root = _a.root, children_1 = _a.children, userRelations = _a.userRelations;
-            var e_3 = root.entity, d = root.data, f = root.filter, a = root.action;
+            var e_4 = root.entity, d = root.data, f = root.filter, a = root.action;
             if (userRelations.length > 0) {
-                (0, assert_1.default)(e_3 !== 'user');
+                (0, assert_1.default)(e_4 !== 'user');
                 (0, assert_1.default)(a === 'create' && !(d instanceof Array));
                 var createIds_1 = userRelations.map(function (ele) { return ele.relationId; });
                 // 这里处理的是创建对象时顺带创建相关权限，要检查该权限是不是有create动作授权
@@ -994,7 +1018,7 @@ var RelationAuth = /** @class */ (function () {
                         relationId: 1,
                     },
                     filter: {
-                        destEntity: e_3,
+                        destEntity: e_4,
                         deActions: {
                             $contains: 'create',
                         },
@@ -1006,7 +1030,7 @@ var RelationAuth = /** @class */ (function () {
                         var relationIds = aas2.map(function (ele) { return ele.relationId; });
                         var diff = (0, lodash_1.difference)(createIds_1, relationIds);
                         if (diff.length > 0) {
-                            return "\u60A8\u65E0\u6743\u521B\u5EFA\u300C".concat(e_3, "\u300D\u5BF9\u8C61\u4E0Aid\u4E3A\u300C").concat(diff.join(','), "\u300D\u7684\u7528\u6237\u6743\u9650");
+                            return "\u60A8\u65E0\u6743\u521B\u5EFA\u300C".concat(e_4, "\u300D\u5BF9\u8C61\u4E0Aid\u4E3A\u300C").concat(diff.join(','), "\u300D\u7684\u7528\u6237\u6743\u9650");
                         }
                         return '';
                     }));
@@ -1015,14 +1039,14 @@ var RelationAuth = /** @class */ (function () {
                     var relationIds = aas.map(function (ele) { return ele.relationId; });
                     var diff = (0, lodash_1.difference)(createIds_1, relationIds);
                     if (diff.length > 0) {
-                        return "\u60A8\u65E0\u6743\u521B\u5EFA\u300C".concat(e_3, "\u300D\u5BF9\u8C61\u4E0Aid\u4E3A\u300C").concat(diff.join(','), "\u300D\u7684\u7528\u6237\u6743\u9650");
+                        return "\u60A8\u65E0\u6743\u521B\u5EFA\u300C".concat(e_4, "\u300D\u5BF9\u8C61\u4E0Aid\u4E3A\u300C").concat(diff.join(','), "\u300D\u7684\u7528\u6237\u6743\u9650");
                     }
                 }
             }
             if (['user', 'relation', 'oper', 'operEntity', 'modi', 'modiEntity', 'userRelation', 'actionAuth',
-                'freeActionAuth', 'relationAuth', 'userEntityGrant', 'relation'].includes(e_3)) {
+                'freeActionAuth', 'relationAuth', 'userEntityGrant', 'relation'].includes(e_4)) {
                 // 只要根对象能检查通过就算通过（暂定这个策略）                
-                var r = this.checkSpecialEntity(e_3, {
+                var r = this.checkSpecialEntity(e_4, {
                     action: a,
                     data: d,
                     filter: f,
@@ -1032,7 +1056,7 @@ var RelationAuth = /** @class */ (function () {
                 }
             }
             else {
-                if (!this.relationalChecker[e_3]) {
+                if (!this.relationalChecker[e_4]) {
                     throw new types_1.OakUserUnpermittedException("".concat(root.entity, "\u4E0A\u4E0D\u5B58\u5728\u6709\u6548\u7684actionPath"));
                 }
                 var checker = this.relationalChecker[root.entity](userId, actions || [root.action], root.data, root.filter, userRelations);

src/store/RelationAuth.ts

@@ -893,22 +893,39 @@ export class RelationAuth<ED extends EntityDict & BaseEntityDict>{
         }
         else {
             // 目前应该都有这两个属性，包括select
-            const { entity: deduceEntity, entityId: deduceEntityId } = filter!;
+            let { entity: deduceEntity, entityId: deduceEntityId } = filter!;
             // assert(deduceEntity, `${entity as string}对象上的${action}行为，必须带上${deduceAttr as string}的外键条件`);
             // assert(deduceEntityId, `${entity as string}对象上的${action}行为，必须带上${deduceAttr as string}Id的外键条件`);
+            let deduceFilter: ED[keyof ED]['Selection']['filter'] = {};
             if (deduceEntity && deduceEntityId) {
+                deduceFilter = { id: deduceEntityId };
+            }
+            else {
+                // 也可能是用cascade方式进行查找，这里有时候filter上会带有两个不同的entity目标，尚未处理（todo!）
+                const { ref } = this.schema[entity].attributes.entity;
+                assert (ref instanceof Array);
+                for (const refEntity of ref) {
+                    if (filter![refEntity]) {
+                        deduceEntity = refEntity;
+                        deduceFilter = filter![refEntity];
+                        break;
+                    }
+                }
+            }
+            
+            if (deduceEntity && deduceFilter) {
                 if (action === 'select') {
                     return {
                         entity: deduceEntity,
                         operation: {
                             action: 'select',
                             data: { id: 1 },
-                            filter: { id: deduceEntityId },
+                            filter: deduceFilter,
                         }
                     };
                 }
                 else {
-                    // 目前对于非select和create的action，只要有其父对象的update/remove属性即可以
+                    // 目前对于非select和create的action，只要有其父对象的某一update/remove属性即可以（这样设计可能不严谨）
                     const excludeActions = readOnlyActions.concat(['create']);
                     const updateActions = this.schema[deduceEntity].actions.filter(
                         (a) => !excludeActions.includes(a)
@@ -919,9 +936,7 @@ export class RelationAuth<ED extends EntityDict & BaseEntityDict>{
                         operation: {
                             action: 'update',
                             data: {},
-                            filter: {
+                            filter: deduceFilter,
-                                id: deduceEntityId,
-                            },
                         },
                         actions: updateActions,
                     };