Oak-Team
/
oak-domain
13
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 33 Wiki Activity

先封掉了removeRelation的checker

This commit is contained in:
Xu Chang 2023-02-20 02:42:50 +08:00
parent 59a0fd082e
commit bc4600536f
4 changed files with 122 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
lib/store/CascadeStore.js
View File

@ -583,28 +583,31 @@ var CascadeStore = /** @class */ (function (_super) {
else {
// 这里优化一下如果filter上有id直接更新成根据entityId来过滤
// 除了性能原因之外还因为会制造出user: { id: xxx }这样的查询general中不允许这样查询的出现
if (filter) {
if (filter.id && Object.keys(filter).length === 1) {
Object.assign(otm, {
filter: (0, filter_1.addFilterSegment)({
entity: entity,
entityId: filter.id,
}, filterOtm),
// 暂时先封掉user上的相关更新条件会制造出连接表上的update
if (entity !== 'user') {
if (filter) {
if (filter.id && Object.keys(filter).length === 1) {
Object.assign(otm, {
filter: (0, filter_1.addFilterSegment)({
entity: entity,
entityId: filter.id,
}, filterOtm),
});
}
else {
Object.assign(otm, {
filter: (0, filter_1.addFilterSegment)((_a = {},
_a[entity] = filter,
_a), filterOtm),
});
}
}
if (action === 'remove' && actionOtm === 'update') {
Object.assign(dataOtm, {
entity: null,
entityId: null,
});
}
else {
Object.assign(otm, {
filter: (0, filter_1.addFilterSegment)((_a = {},
_a[entity] = filter,
_a), filterOtm),
});
}
}
if (action === 'remove' && actionOtm === 'update') {
Object.assign(dataOtm, {
entity: null,
entityId: null,
});
}
}
}
@ -649,20 +652,23 @@ var CascadeStore = /** @class */ (function (_super) {
// 这里优化一下如果filter上有id直接更新成根据entityId来过滤
// 除了性能原因之外还因为会制造出user: { id: xxx }这样的查询general中不允许这样查询的出现
// 绝大多数情况都是id但也有可能update可能出现上层filter不是根据id的userEntityGrant的过期触发的wechatQrCode的过期见general中的userEntityGrant的trigger
if (filter) {
if (filter.id && Object.keys(filter).length === 1) {
Object.assign(otm, {
filter: (0, filter_1.addFilterSegment)((_d = {},
_d[foreignKey_2] = filter.id,
_d), filterOtm),
});
}
else {
Object.assign(otm, {
filter: (0, filter_1.addFilterSegment)((_e = {},
_e[foreignKey_2.slice(0, foreignKey_2.length - 2)] = filter,
_e), filterOtm),
});
// 暂时先封掉user上的连接以避免生成连接表更新
if (entity !== 'user') {
if (filter) {
if (filter.id && Object.keys(filter).length === 1) {
Object.assign(otm, {
filter: (0, filter_1.addFilterSegment)((_d = {},
_d[foreignKey_2] = filter.id,
_d), filterOtm),
});
}
else {
Object.assign(otm, {
filter: (0, filter_1.addFilterSegment)((_e = {},
_e[foreignKey_2.slice(0, foreignKey_2.length - 2)] = filter,
_e), filterOtm),
});
}
}
}
if (action === 'remove' && actionOtm === 'update') {

72
lib/store/checker.js
View File

@ -609,15 +609,15 @@ function createAuthCheckers(schema, authDict) {
var _b = authDict[entity], relationAuth = _b.relationAuth, actionAuth = _b.actionAuth;
if (relationAuth) {
var raFilterMakerDict_1 = {};
var userEntityName_1 = "user".concat((0, string_1.firstLetterUpperCase)(entity));
var userEntityName = "user".concat((0, string_1.firstLetterUpperCase)(entity));
for (var r in relationAuth) {
Object.assign(raFilterMakerDict_1, (_a = {},
_a[r] = translateActionAuthFilterMaker(schema, relationAuth[r], userEntityName_1, entity),
_a[r] = translateActionAuthFilterMaker(schema, relationAuth[r], userEntityName, entity),
_a));
}
var entityIdAttr_1 = "".concat(entity, "Id");
checkers.push({
entity: userEntityName_1,
entity: userEntityName,
action: 'create',
type: 'relation',
relationFilter: function (operation, context) {
@ -633,48 +633,60 @@ function createAuthCheckers(schema, authDict) {
errMsg: '越权操作',
});
checkers.push({
entity: userEntityName_1,
entity: userEntityName,
action: 'remove',
type: 'relation',
relationFilter: function (operation, context) {
var _a;
var userId = context.getCurrentUserId();
var filter = operation.filter;
var makeFilterFromRows = function (rows) {
var relations = (0, lodash_1.uniq)(rows.map(function (ele) { return ele.relation; }));
var entityIds = (0, lodash_1.uniq)(rows.map(function (ele) { return ele[entityIdAttr_1]; }));
(0, assert_1.default)(entityIds.length === 1, "\u5728\u56DE\u6536".concat(userEntityName_1, "\u4E0A\u6743\u9650\u65F6\uFF0C\u5355\u6B21\u56DE\u6536\u6D89\u53CA\u5230\u4E86\u4E0D\u540C\u7684\u5BF9\u8C61\uFF0C\u6B64\u64CD\u4F5C\u4E0D\u88AB\u5141\u8BB8"));
// 目前过不去
return undefined;
/* const userId = context.getCurrentUserId();
const { filter } = operation as ED[keyof ED]['Remove'];
const makeFilterFromRows = (rows: Partial<ED[keyof ED]['Schema']>[]): SyncOrAsync<ED[keyof ED]['Selection']['filter']> => {
const relations = uniq(rows.map(ele => ele.relation));
const entityIds = uniq(rows.map(ele => ele[entityIdAttr]));
assert(entityIds.length === 1, `在回收${userEntityName}上权限时,单次回收涉及到了不同的对象,此操作不被允许`);
// const entityId = entityIds[0]!;
// 所有的relation条件要同时满足and关系注意这里的filter翻译出来是在entity对象上不是在userEntity对象上
var filtersAnd = relations.map(function (relation) { return raFilterMakerDict_1[relation]; }).filter(function (ele) { return !!ele; }).map(function (ele) { return makePotentialFilter(operation, context, ele); });
if (filtersAnd.find(function (ele) { return ele instanceof Promise; })) {
return Promise.all(filtersAnd).then(function (fa) {
if (fa.length > 0) {
return {
$and: fa,
};
const filtersAnd = relations.map(
(relation) => raFilterMakerDict[relation!]
).filter(
ele => !!ele
).map(
ele => makePotentialFilter(operation, context, ele)
);
if (filtersAnd.find(ele => ele instanceof Promise)) {
return Promise.all(filtersAnd).then(
(fa) => {
if (fa.length > 0) {
return {
$and: fa,
} as ED[keyof ED]['Selection']['filter'];
}
}
});
);
}
if (filtersAnd.length > 0) {
return {
$and: filtersAnd
};
} as ED[keyof ED]['Selection']['filter'];
}
};
var toBeRemoved = context.select(userEntityName_1, {
data: (_a = {
id: 1,
relation: 1
},
_a[entityIdAttr_1] = 1,
_a),
filter: filter,
const toBeRemoved = context.select(userEntityName, {
data: {
id: 1,
relation: 1,
[entityIdAttr]: 1,
},
filter,
}, { dontCollect: true });
if (toBeRemoved instanceof Promise) {
return toBeRemoved.then(function (rows) { return makeFilterFromRows(rows); });
return toBeRemoved.then(
(rows) => makeFilterFromRows(rows)
);
}
return makeFilterFromRows(toBeRemoved);
return makeFilterFromRows(toBeRemoved); */
},
errMsg: '越权操作',
});

66
src/store/CascadeStore.ts
View File

@ -728,28 +728,31 @@ export abstract class CascadeStore<ED extends EntityDict & BaseEntityDict> exten
else {
// 这里优化一下如果filter上有id直接更新成根据entityId来过滤
// 除了性能原因之外还因为会制造出user: { id: xxx }这样的查询general中不允许这样查询的出现
if (filter) {
if (filter.id && Object.keys(filter).length === 1) {
Object.assign(otm, {
filter: addFilterSegment({
entity,
entityId: filter.id,
}, filterOtm),
// 暂时先封掉user上的相关更新条件会制造出连接表上的update
if (entity !== 'user') {
if (filter) {
if (filter.id && Object.keys(filter).length === 1) {
Object.assign(otm, {
filter: addFilterSegment({
entity,
entityId: filter.id,
}, filterOtm),
});
}
else {
Object.assign(otm, {
filter: addFilterSegment({
[entity]: filter,
}, filterOtm),
});
}
}
if (action === 'remove' && actionOtm === 'update') {
Object.assign(dataOtm, {
entity: null,
entityId: null,
});
}
else {
Object.assign(otm, {
filter: addFilterSegment({
[entity]: filter,
}, filterOtm),
});
}
}
if (action === 'remove' && actionOtm === 'update') {
Object.assign(dataOtm, {
entity: null,
entityId: null,
});
}
}
}
@ -792,20 +795,23 @@ export abstract class CascadeStore<ED extends EntityDict & BaseEntityDict> exten
// 这里优化一下如果filter上有id直接更新成根据entityId来过滤
// 除了性能原因之外还因为会制造出user: { id: xxx }这样的查询general中不允许这样查询的出现
// 绝大多数情况都是id但也有可能update可能出现上层filter不是根据id的userEntityGrant的过期触发的wechatQrCode的过期见general中的userEntityGrant的trigger
if (filter) {
if (filter.id && Object.keys(filter).length === 1) {
// 暂时先封掉user上的连接以避免生成连接表更新
if (entity !== 'user') {
if (filter) {
if (filter.id && Object.keys(filter).length === 1) {
Object.assign(otm, {
filter: addFilterSegment({
[foreignKey]: filter.id,
}, filterOtm),
});
}
else {
Object.assign(otm, {
filter: addFilterSegment({
[foreignKey]: filter.id,
[foreignKey.slice(0, foreignKey.length - 2)]: filter,
}, filterOtm),
});
}
else {
Object.assign(otm, {
filter: addFilterSegment({
[foreignKey.slice(0, foreignKey.length - 2)]: filter,
}, filterOtm),
});
}
}
}
if (action === 'remove' && actionOtm === 'update') {

6
src/store/checker.ts
View File

@ -613,7 +613,9 @@ export function createAuthCheckers<ED extends EntityDict & BaseEntityDict, Cxt e
action: 'remove' as ED[keyof ED]['Action'],
type: 'relation',
relationFilter: (operation: any, context: Cxt) => {
const userId = context.getCurrentUserId();
// 目前过不去
return undefined;
/* const userId = context.getCurrentUserId();
const { filter } = operation as ED[keyof ED]['Remove'];
const makeFilterFromRows = (rows: Partial<ED[keyof ED]['Schema']>[]): SyncOrAsync<ED[keyof ED]['Selection']['filter']> => {
const relations = uniq(rows.map(ele => ele.relation));
@ -660,7 +662,7 @@ export function createAuthCheckers<ED extends EntityDict & BaseEntityDict, Cxt e
(rows) => makeFilterFromRows(rows)
);
}
return makeFilterFromRows(toBeRemoved);
return makeFilterFromRows(toBeRemoved); */
},
errMsg: '越权操作',
});