mirror of
https://gitee.com/nocobase/nocobase.git
synced 2024-12-04 05:08:42 +08:00
fix: sub-table field permissions
This commit is contained in:
parent
981f86dc68
commit
c812d97527
@ -212,6 +212,17 @@ export default class AccessController<T extends typeof AccessController = typeof
|
|||||||
return existed ? any : null;
|
return existed ? any : null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
async getPermissions(): Promise<any> {
|
||||||
|
const [Collection, Permission] = this.context.db.getModels(['collections', 'permissions']);
|
||||||
|
const roles = await this.getRoles();
|
||||||
|
const permissions = await Permission.findAll({
|
||||||
|
where: {
|
||||||
|
role_id: roles.map(role => role.id),
|
||||||
|
}
|
||||||
|
});
|
||||||
|
return permissions;
|
||||||
|
}
|
||||||
|
|
||||||
async getCollections(): Promise<any> {
|
async getCollections(): Promise<any> {
|
||||||
const [Collection, Permission] = this.context.db.getModels(['collections', 'permissions']);
|
const [Collection, Permission] = this.context.db.getModels(['collections', 'permissions']);
|
||||||
const isRoot = await this.isRoot();
|
const isRoot = await this.isRoot();
|
||||||
|
@ -109,6 +109,30 @@ export class Permissions {
|
|||||||
|
|
||||||
// 关系数据的权限
|
// 关系数据的权限
|
||||||
if (associatedName && resourceField) {
|
if (associatedName && resourceField) {
|
||||||
|
if (resourceField.options.id && resourceField.options.interface === 'subTable') {
|
||||||
|
if (await ctx.ac.isRoot()) {
|
||||||
|
return next();
|
||||||
|
}
|
||||||
|
const permissions = await ctx.ac.getPermissions();
|
||||||
|
const FieldPermission = ctx.db.getModel('fields_permissions');
|
||||||
|
const fps = await FieldPermission.findAll({
|
||||||
|
where: {
|
||||||
|
field_id: resourceField.options.id,
|
||||||
|
permission_id: {
|
||||||
|
[Op.in]: permissions.map(p => p.id),
|
||||||
|
}
|
||||||
|
},
|
||||||
|
});
|
||||||
|
if (fps.length) {
|
||||||
|
for (const fp of fps) {
|
||||||
|
console.log('fp.actions', fp.actions);
|
||||||
|
if (Array.isArray(fp.actions) && fp.actions.includes(`${resourceField.options.collection_name}:${actionName}`)) {
|
||||||
|
return next();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return this.reject(ctx);
|
||||||
|
}
|
||||||
|
}
|
||||||
result = await ctx.ac.can(resourceField.options.target).act(actionName).any();
|
result = await ctx.ac.can(resourceField.options.target).act(actionName).any();
|
||||||
} else {
|
} else {
|
||||||
result = await ctx.ac.can(resourceName).act(actionName).any();
|
result = await ctx.ac.can(resourceName).act(actionName).any();
|
||||||
|
Loading…
Reference in New Issue
Block a user