From ae1dd976bae796ef3a36e627b240f91104328828 Mon Sep 17 00:00:00 2001 From: Ivan S Glazunov Date: Mon, 9 Sep 2024 21:24:39 +0300 Subject: [PATCH] 0.0.480 --- imports/client_types.ts | 4 +- index.ts | 4 +- migrations/1622421760256-types.ts | 12 +-- migrations/1622421760260-permissions.ts | 96 +++++++++++------------ migrations/1642827746040-demo.ts | 12 +-- migrations/1655979260869-sync-handlers.ts | 7 +- package.json | 2 +- 7 files changed, 69 insertions(+), 68 deletions(-) diff --git a/imports/client_types.ts b/imports/client_types.ts index 557bf90f..3a2857c3 100644 --- a/imports/client_types.ts +++ b/imports/client_types.ts @@ -90,13 +90,13 @@ export interface BoolExpValue extends BoolExp> { export interface BoolExpCan extends BoolExp { /** Link of current rule. */ rule_id?: ComparasionType; - /** Id of link symbolizing action, as AllowSelect/AllowInsertType/AllowUpdat e/AllowDelete...*/ + /** Id of link symbolizing action, as AllowSelect/AllowUpdate/AllowDelete...*/ action_id?: ComparasionType; /** Id of link symbolizing object to which the rule applies. */ object_id?: ComparasionType; /** Id of link for which, as an authorized link, the rule to action on the object i s granted.*/ subject_id?: ComparasionType; - /** Relation to link symbolizing action, as AllowSelect/AllowInsertType/AllowUpdat e/AllowDelete...*/ + /** Relation to link symbolizing action, as AllowSelect/AllowUpdate/AllowDelete...*/ rule?: BoolExpLink | Id; /** Relation to link symbolizing object to which the rule applies. */ action?: BoolExpLink | Id; diff --git a/index.ts b/index.ts index 8c42a072..1b0518b0 100644 --- a/index.ts +++ b/index.ts @@ -172,8 +172,8 @@ app.post('/file', async (req, res, next) => { console.log('/file post proxy','error: ', JSON.stringify(serializedError, null, 2)); } if (!userId) res.status(403).send('Update CAN NOT be processes'); - const canResult = await deep.can(linkId, userId, deep.idLocal('@deep-foundation/core', 'AllowUpdateType')) || await deep.can(null, userId, deep.idLocal('@deep-foundation/core', 'AllowAdmin')); - console.log('/file post proxy','can', await deep.can(linkId, userId, deep.idLocal('@deep-foundation/core', 'AllowUpdateType')), 'isAdmin', await deep.can(null, userId, deep.idLocal('@deep-foundation/core', 'AllowAdmin'))); + const canResult = await deep.can(linkId, userId, deep.idLocal('@deep-foundation/core', 'AllowUpdate')) || await deep.can(null, userId, deep.idLocal('@deep-foundation/core', 'AllowAdmin')); + console.log('/file post proxy','can', await deep.can(linkId, userId, deep.idLocal('@deep-foundation/core', 'AllowUpdate')), 'isAdmin', await deep.can(null, userId, deep.idLocal('@deep-foundation/core', 'AllowAdmin'))); console.log('/file post proxy','userId', userId, typeof(userId)); console.log('/file post proxy','canResult', canResult); if (!canResult) return res.status(403).send(`You cant update link ##${linkId} as user ##${userId}, and user ##${userId} is not admin.`); diff --git a/migrations/1622421760256-types.ts b/migrations/1622421760256-types.ts index 9a98ad49..d984e51d 100644 --- a/migrations/1622421760256-types.ts +++ b/migrations/1622421760256-types.ts @@ -213,7 +213,7 @@ export const up = async () => { out: { data: { type_id: await root.id('@deep-foundation/core', 'SelectorTree'), - to_id: await root.id('@deep-foundation/core', 'containTree'), + to_id: await root.id('@deep-foundation/core', 'typesTree'), }, }, }, @@ -223,7 +223,7 @@ export const up = async () => { out: { data: { type_id: await root.id('@deep-foundation/core', 'SelectorTree'), - to_id: await root.id('@deep-foundation/core', 'containTree'), + to_id: await root.id('@deep-foundation/core', 'typesTree'), }, }, }, @@ -233,7 +233,7 @@ export const up = async () => { out: { data: { type_id: await root.id('@deep-foundation/core', 'SelectorTree'), - to_id: await root.id('@deep-foundation/core', 'containTree'), + to_id: await root.id('@deep-foundation/core', 'typesTree'), }, }, }, @@ -243,7 +243,7 @@ export const up = async () => { out: { data: { type_id: await root.id('@deep-foundation/core', 'SelectorTree'), - to_id: await root.id('@deep-foundation/core', 'containTree'), + to_id: await root.id('@deep-foundation/core', 'typesTree'), }, }, }, @@ -253,7 +253,7 @@ export const up = async () => { out: { data: { type_id: await root.id('@deep-foundation/core', 'SelectorTree'), - to_id: await root.id('@deep-foundation/core', 'containTree'), + to_id: await root.id('@deep-foundation/core', 'typesTree'), }, }, }, @@ -271,7 +271,7 @@ export const up = async () => { data: [ { type_id: await root.id('@deep-foundation/core', 'SelectorInclude'), - to_id: await root.id('@deep-foundation/core', 'AllowSelectType'), + to_id: await root.id('@deep-foundation/core', 'AllowSelect'), out: { data: { type_id: await root.id('@deep-foundation/core', 'SelectorTree'), diff --git a/migrations/1622421760260-permissions.ts b/migrations/1622421760260-permissions.ts index 6da25991..da26549b 100644 --- a/migrations/1622421760260-permissions.ts +++ b/migrations/1622421760260-permissions.ts @@ -40,71 +40,71 @@ export const isAdminBoolExp = async (subjectId = 'X-Hasura-User-Id') => ({ export const linksPermissions = async (self, subjectId: any = 'X-Hasura-User-Id', role: string) => ({ role, select: { - _or: [ - { - type: { - can_object: { - action_id: { _eq: deep.idLocal('@deep-foundation/core', 'AllowSelectType') }, - subject_id: { _eq: subjectId }, - }, - } - }, - { + // _or: [ + // { + // type: { + // can_object: { + // action_id: { _eq: deep.idLocal('@deep-foundation/core', 'AllowSelectType') }, + // subject_id: { _eq: subjectId }, + // }, + // } + // }, + // { can_object: { action_id: { _eq: deep.idLocal('@deep-foundation/core', 'AllowSelect') }, subject_id: { _eq: subjectId }, }, - }, - ], + // }, + // ], }, insert: { - type: {}, - _or: [ - { - type: { + // type: {}, + // _or: [ + // { + // type: { can_object: { - action_id: { _eq: deep.idLocal('@deep-foundation/core', 'AllowInsertType') }, + action_id: { _eq: deep.idLocal('@deep-foundation/core', 'AllowInsert') }, subject_id: { _eq: subjectId }, }, - }, - }, - ] + // }, + // }, + // ] }, update: { - _or: [ - { + // _or: [ + // { can_object: { action_id: { _eq: deep.idLocal('@deep-foundation/core', 'AllowUpdate') }, subject_id: { _eq: subjectId }, }, - }, - { - type: { - can_object: { - action_id: { _eq: deep.idLocal('@deep-foundation/core', 'AllowUpdateType') }, - subject_id: { _eq: subjectId }, - }, - }, - }, - ] + // }, + // { + // type: { + // can_object: { + // action_id: { _eq: deep.idLocal('@deep-foundation/core', 'AllowUpdateType') }, + // subject_id: { _eq: subjectId }, + // }, + // }, + // }, + // ] }, delete: { - _or: [ - { + // _or: [ + // { can_object: { action_id: { _eq: deep.idLocal('@deep-foundation/core', 'AllowDelete') }, subject_id: { _eq: subjectId }, }, - }, - { - type: { - can_object: { - action_id: { _eq: deep.idLocal('@deep-foundation/core', 'AllowDeleteType') }, - subject_id: { _eq: subjectId }, - }, - }, - }, - ] + // }, + // { + // type: { + // can_object: { + // action_id: { _eq: deep.idLocal('@deep-foundation/core', 'AllowDeleteType') }, + // subject_id: { _eq: subjectId }, + // }, + // }, + // }, + // ] }, columns: ['id','from_id','to_id','type_id'], @@ -416,9 +416,9 @@ export const up = async () => { "${TABLE_NAME}" as ro, "${SELECTORS_TABLE_NAME}" as sr WHERE - can."object_id" = NEW."type_id" AND + can."object_id" = NEW."id" AND can."subject_id" = user_id AND - can."action_id" = ${deep.idLocal('@deep-foundation/core', 'AllowInsertType')} AND + can."action_id" = ${deep.idLocal('@deep-foundation/core', 'AllowInsert')} AND ro."type_id" = ${deep.idLocal('@deep-foundation/core', 'RuleObject')} AND ro."from_id" = can."rule_id" AND sr."selector_id" = ro."to_id" AND @@ -480,9 +480,9 @@ export const up = async () => { "${TABLE_NAME}" as ro, "${SELECTORS_TABLE_NAME}" as sr WHERE - can."object_id" = OLD."type_id" AND + can."object_id" = OLD."id" AND can."subject_id" = user_id AND - can."action_id" = ${deep.idLocal('@deep-foundation/core', 'AllowDeleteType')} AND + can."action_id" = ${deep.idLocal('@deep-foundation/core', 'AllowDelete')} AND ro."type_id" = ${deep.idLocal('@deep-foundation/core', 'RuleObject')} AND ro."from_id" = can."rule_id" AND sr."selector_id" = ro."to_id" AND diff --git a/migrations/1642827746040-demo.ts b/migrations/1642827746040-demo.ts index 7f3ef261..03833559 100644 --- a/migrations/1642827746040-demo.ts +++ b/migrations/1642827746040-demo.ts @@ -271,10 +271,10 @@ export const up = async () => { action: [ { type_id: deep.idLocal('@deep-foundation/core', 'SelectorInclude'), - to_id: deep.idLocal('@deep-foundation/core', 'AllowInsertType'), + to_id: deep.idLocal('@deep-foundation/core', 'AllowInsert'), out: { data: { type_id: deep.idLocal('@deep-foundation/core', 'SelectorTree'), - to_id: deep.idLocal('@deep-foundation/core', 'containTree'), + to_id: deep.idLocal('@deep-foundation/core', 'typesTree'), } }, }, ], @@ -299,10 +299,10 @@ export const up = async () => { action: [ { type_id: deep.idLocal('@deep-foundation/core', 'SelectorInclude'), - to_id: deep.idLocal('@deep-foundation/core', 'AllowUpdateType'), + to_id: deep.idLocal('@deep-foundation/core', 'AllowUpdate'), out: { data: { type_id: deep.idLocal('@deep-foundation/core', 'SelectorTree'), - to_id: deep.idLocal('@deep-foundation/core', 'containTree'), + to_id: deep.idLocal('@deep-foundation/core', 'typesTree'), } }, }, ], @@ -327,10 +327,10 @@ export const up = async () => { action: [ { type_id: deep.idLocal('@deep-foundation/core', 'SelectorInclude'), - to_id: deep.idLocal('@deep-foundation/core', 'AllowDeleteType'), + to_id: deep.idLocal('@deep-foundation/core', 'AllowDelete'), out: { data: { type_id: deep.idLocal('@deep-foundation/core', 'SelectorTree'), - to_id: deep.idLocal('@deep-foundation/core', 'containTree'), + to_id: deep.idLocal('@deep-foundation/core', 'typesTree'), } }, }, ], diff --git a/migrations/1655979260869-sync-handlers.ts b/migrations/1655979260869-sync-handlers.ts index c19f7e59..3962aa1d 100644 --- a/migrations/1655979260869-sync-handlers.ts +++ b/migrations/1655979260869-sync-handlers.ts @@ -42,6 +42,7 @@ const AllowAdminId = _ids?.['@deep-foundation/core']?.AllowAdmin // deep.idLocal const AllowInsertTypeId = _ids?.['@deep-foundation/core']?.AllowInsertType // deep.idLocal('@deep-foundation/core', 'AllowInsertType') const AllowUpdateTypeId = _ids?.['@deep-foundation/core']?.AllowUpdateType // deep.idLocal('@deep-foundation/core', 'AllowUpdateType') const AllowDeleteTypeId = _ids?.['@deep-foundation/core']?.AllowDeleteType // deep.idLocal('@deep-foundation/core', 'AllowDeleteType') +const AllowInsertId = _ids?.['@deep-foundation/core']?.AllowInsert // deep.idLocal('@deep-foundation/core', 'AllowDelete'); const AllowDeleteId = _ids?.['@deep-foundation/core']?.AllowDelete // deep.idLocal('@deep-foundation/core', 'AllowDelete'); const AllowUpdateId = _ids?.['@deep-foundation/core']?.AllowUpdate // deep.idLocal('@deep-foundation/core', 'AllowUpdate'); const decodeBase64urlCode = `select decode(rpad(translate($1, '-_', '+/'),4*((length($1)+3)/4),'='),'base64');`; @@ -256,11 +257,11 @@ const mpMeCode = '`'.concat(sql` const checkAdmin = sql`\`SELECT exists(SELECT 1 FROM "public"."can" WHERE "action_id" = ${AllowAdminId}::bigint AND "subject_id" = $1::bigint )\``; -const checkInsert = sql`\`SELECT exists(SELECT "linkForCheck"."id" FROM "public"."can" AS "can", "public"."links" AS "linkForCheck", "public"."links" AS "typeLink" WHERE ("can"."action_id") = (${AllowInsertTypeId} :: bigint) AND ("can"."subject_id") = ($2 :: bigint) AND ("can"."object_id") = ("typeLink"."id") AND ("typeLink"."id") = ("linkForCheck"."type_id") AND ("linkForCheck"."id") = ($1 :: bigint))\`` +const checkInsert = sql`\`SELECT exists(SELECT "linkForCheck"."id" FROM "public"."can" AS "can", "public"."links" AS "linkForCheck", "public"."links" AS "typeLink" WHERE ("can"."action_id") = (${AllowInsertId} :: bigint) AND ("can"."subject_id") = ($2 :: bigint) AND ("can"."object_id") = ("typeLink"."id") AND ("typeLink"."id") = ("linkForCheck"."type_id") AND ("linkForCheck"."id") = ($1 :: bigint))\`` -const checkUpdate = sql`\`SELECT exists( SELECT "linkForCheck"."id" FROM "public"."can" AS "can", "public"."links" AS "linkForCheck", "public"."links" AS "typeLink" WHERE ( ("can"."action_id") = (${AllowUpdateTypeId} :: bigint) OR ("can"."action_id") = (${AllowUpdateId} :: bigint) ) AND ("can"."subject_id") = ($2 :: bigint) AND ("can"."object_id") = ("typeLink"."id") AND ("typeLink"."id") = ("linkForCheck"."type_id") AND ("linkForCheck"."id") = ($1 :: bigint))\`` +const checkUpdate = sql`\`SELECT exists( SELECT "linkForCheck"."id" FROM "public"."can" AS "can", "public"."links" AS "linkForCheck", "public"."links" AS "typeLink" WHERE ( ("can"."action_id") = (${AllowUpdateId} :: bigint) ) AND ("can"."subject_id") = ($2 :: bigint) AND ("can"."object_id") = ("typeLink"."id") AND ("typeLink"."id") = ("linkForCheck"."type_id") AND ("linkForCheck"."id") = ($1 :: bigint))\`` -const checkDelete = sql`\`SELECT exists( SELECT "linkForCheck"."id" FROM "public"."can" AS "can", "public"."links" AS "linkForCheck", "public"."links" AS "typeLink" WHERE ( ("can"."action_id") = (${AllowDeleteTypeId} :: bigint) OR ("can"."action_id") = (${AllowDeleteId} :: bigint) ) AND ("can"."subject_id") = ($2 :: bigint) AND ("can"."object_id") = ("typeLink"."id") AND ("typeLink"."id") = ("linkForCheck"."type_id") AND ("linkForCheck"."id") = ($1 :: bigint))\`` +const checkDelete = sql`\`SELECT exists( SELECT "linkForCheck"."id" FROM "public"."can" AS "can", "public"."links" AS "linkForCheck", "public"."links" AS "typeLink" WHERE ( ("can"."action_id") = (${AllowDeleteId} :: bigint) ) AND ("can"."subject_id") = ($2 :: bigint) AND ("can"."object_id") = ("typeLink"."id") AND ("typeLink"."id") = ("linkForCheck"."type_id") AND ("linkForCheck"."id") = ($1 :: bigint))\`` const checkInserted = `\`SELECT id from links where id = \${linkid}\`` diff --git a/package.json b/package.json index 05925e87..5c1056e1 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@deep-foundation/deeplinks", - "version": "0.0.479", + "version": "0.0.480", "license": "Unlicense", "type": "module", "scripts": {