mirror of
https://gitee.com/nocobase/nocobase.git
synced 2024-12-03 12:47:44 +08:00
fix: sub-table field permissions
This commit is contained in:
parent
981f86dc68
commit
c812d97527
@ -212,6 +212,17 @@ export default class AccessController<T extends typeof AccessController = typeof
|
||||
return existed ? any : null;
|
||||
}
|
||||
|
||||
async getPermissions(): Promise<any> {
|
||||
const [Collection, Permission] = this.context.db.getModels(['collections', 'permissions']);
|
||||
const roles = await this.getRoles();
|
||||
const permissions = await Permission.findAll({
|
||||
where: {
|
||||
role_id: roles.map(role => role.id),
|
||||
}
|
||||
});
|
||||
return permissions;
|
||||
}
|
||||
|
||||
async getCollections(): Promise<any> {
|
||||
const [Collection, Permission] = this.context.db.getModels(['collections', 'permissions']);
|
||||
const isRoot = await this.isRoot();
|
||||
|
@ -109,6 +109,30 @@ export class Permissions {
|
||||
|
||||
// 关系数据的权限
|
||||
if (associatedName && resourceField) {
|
||||
if (resourceField.options.id && resourceField.options.interface === 'subTable') {
|
||||
if (await ctx.ac.isRoot()) {
|
||||
return next();
|
||||
}
|
||||
const permissions = await ctx.ac.getPermissions();
|
||||
const FieldPermission = ctx.db.getModel('fields_permissions');
|
||||
const fps = await FieldPermission.findAll({
|
||||
where: {
|
||||
field_id: resourceField.options.id,
|
||||
permission_id: {
|
||||
[Op.in]: permissions.map(p => p.id),
|
||||
}
|
||||
},
|
||||
});
|
||||
if (fps.length) {
|
||||
for (const fp of fps) {
|
||||
console.log('fp.actions', fp.actions);
|
||||
if (Array.isArray(fp.actions) && fp.actions.includes(`${resourceField.options.collection_name}:${actionName}`)) {
|
||||
return next();
|
||||
}
|
||||
}
|
||||
return this.reject(ctx);
|
||||
}
|
||||
}
|
||||
result = await ctx.ac.can(resourceField.options.target).act(actionName).any();
|
||||
} else {
|
||||
result = await ctx.ac.can(resourceName).act(actionName).any();
|
||||
|
Loading…
Reference in New Issue
Block a user