Merge branch 'next' into AdminForth/757

Author: yaroslav8765

adminforth/commands/createApp/templates/index.ts.hbs

@@ -3,6 +3,7 @@ import AdminForth from 'adminforth';
 import usersResource from "./resources/adminuser.js";
 import { fileURLToPath } from 'url';
 import path from 'path';
+import { Filters } from 'adminforth';
 
 const ADMIN_BASE_URL = '';
 
@@ -16,7 +17,7 @@ export const admin = new AdminForth({
     loginBackgroundImage: 'https://images.unsplash.com/photo-1534239697798-120952b76f2b?q=80&w=3389&auto=format&fit=crop&ixlib=rb-4.0.3&ixid=M3wxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHx8fA%3D%3D',
     loginBackgroundPosition: '1/2',
     loginPromptHTML: async () => { 
-      const adminforthUserExists = await admin.resource("users").count(Filters.EQ('email', 'adminforth')) > 0;
+      const adminforthUserExists = await admin.resource("adminuser").count(Filters.EQ('email', 'adminforth')) > 0;
       if (adminforthUserExists) {
         return "Please use <b>adminforth</b> as username and <b>adminforth</b> as password"
       }

adminforth/documentation/docs/tutorial/03-Customization/06-customPages.md

@@ -306,6 +306,9 @@ Open `index.ts` file and add the following code *BEFORE* `admin.express.serve(`
 
 ```ts title="/index.ts"
 
+import type { IAdminUserExpressRequest } from 'adminforth';
+import express from 'express';
+
 ....
 
 app.get(`${ADMIN_BASE_URL}/api/dashboard/`,

adminforth/documentation/docs/tutorial/03-Customization/08-pageInjections.md

@@ -98,6 +98,11 @@ Now create file `ApartsPie.vue` in the `custom` folder of your project:
 Also we have to add an Api to get percentages:
 
 ```ts title="./index.ts"
+import type { IAdminUserExpressRequest } from 'adminforth';
+import express from 'express';
+
+....
+
   app.get(`${ADMIN_BASE_URL}/api/aparts-by-room-percentages/`,
     admin.express.authorize(
       async (req: IAdminUserExpressRequest, res: express.Response) => {

adminforth/documentation/docs/tutorial/07-Plugins/01-AuditLog.md

@@ -160,6 +160,10 @@ Audit log is able to catch only standard actions like `create`, `update`, `delet
 If you have a custom, self coded actions in your API, you can log them by calling `logCustomAction` method of `AuditLogPlugin` instance:
 
 ```ts title="./resources/index.ts"
+import type { IAdminUserExpressRequest, ITranslateExpressRequest } from 'adminforth';
+import express from 'express';
+
+....
 
 app.get(`${ADMIN_BASE_URL}/api/dashboard/`,
   admin.express.authorize(

adminforth/documentation/docs/tutorial/07-Plugins/10-i18n.md

@@ -425,6 +425,11 @@ onMounted(async () => {
 And on the backend side you can use tr function to translate the string:
 
 ```ts title="./index.ts"
+import type { IAdminUserExpressRequest, ITranslateExpressRequest } from 'adminforth';
+import express from 'express';
+
+....
+
   app.get(`${ADMIN_BASE_URL}/api/greeting`, 
     admin.express.authorize(
       admin.express.translatable(

adminforth/modules/configValidator.ts

@@ -227,7 +227,6 @@ export default class ConfigValidator implements IConfigValidator {
 
     bulkActions.push({
       label: `Delete checked`,
-      state: 'danger',
       icon: 'flowbite:trash-bin-outline',
       confirm: 'Are you sure you want to delete selected items?',
       allowed: async ({ resource, adminUser, allowedActions }) => { return allowedActions.delete },

adminforth/modules/restApi.ts

@@ -11,6 +11,7 @@ import {
   IAdminForthSort,
   HttpExtra,
   IAdminForthAndOrFilter,
+  BackendOnlyInput,
 } from "../types/Back.js";
 
 import { ADMINFORTH_VERSION, listify, md5hash, getLoginPromptHTML } from './utils.js';
@@ -23,6 +24,46 @@ import { ActionCheckSource, AdminForthConfigMenuItem, AdminForthDataTypes, Admin
    ShowInResolved} from "../types/Common.js";
 import { filtersTools } from "../modules/filtersTools.js";
 
+async function resolveBoolOrFn(
+  val: BackendOnlyInput | undefined,
+  ctx: {
+    adminUser: AdminUser;
+    resource: AdminForthResource;
+    meta: any;
+    source: ActionCheckSource;
+    adminforth: IAdminForth;
+  }
+): Promise<boolean> {
+  if (typeof val === 'function') {
+    return !!(await (val)(ctx));
+  }
+  return !!val;
+}
+
+async function isBackendOnly(
+  col: AdminForthResource['columns'][number],
+  ctx: {
+    adminUser: AdminUser;
+    resource: AdminForthResource;
+    meta: any;
+    source: ActionCheckSource;
+    adminforth: IAdminForth;
+  }
+): Promise<boolean> {
+  return await resolveBoolOrFn(col.backendOnly, ctx);
+}
+
+async function isShown(
+  col: AdminForthResource['columns'][number],
+  page: 'list' | 'show' | 'edit' | 'create' | 'filter',
+  ctx: Parameters<typeof isBackendOnly>[1]
+): Promise<boolean> {
+  const s = (col.showIn as any) || {};
+  if (s[page] !== undefined) return await resolveBoolOrFn(s[page], ctx);
+  if (s.all !== undefined) return await resolveBoolOrFn(s.all, ctx);
+  return true;
+}
+
 export async function interpretResource(
   adminUser: AdminUser, 
   resource: AdminForthResource, 
@@ -194,6 +235,18 @@ export default class AdminForthRestAPI implements IAdminForthRestAPI {
         },
     })
 
+    server.endpoint({
+      noAuth: true,
+      method: 'GET',
+      path: '/get_login_form_config',
+      handler: async ({ tr }) => {
+        const loginPromptHTML = await getLoginPromptHTML(this.adminforth.config.auth.loginPromptHTML);
+        return {
+          loginPromptHTML: await tr(loginPromptHTML, 'system.loginPromptHTML'),
+        }
+      }
+    })
+
     server.endpoint({
       noAuth: true,
       method: 'GET',
@@ -210,8 +263,6 @@ export default class AdminForthRestAPI implements IAdminForthRestAPI {
         const resource = this.adminforth.config.resources.find((res) => res.resourceId === this.adminforth.config.auth.usersResourceId);
         const usernameColumn = resource.columns.find((col) => col.name === usernameField);
 
-        const loginPromptHTML = await getLoginPromptHTML(this.adminforth.config.auth.loginPromptHTML);
-
         return {
           brandName: this.adminforth.config.customization.brandName,
           usernameFieldName: usernameColumn.label,
@@ -220,7 +271,6 @@ export default class AdminForthRestAPI implements IAdminForthRestAPI {
           removeBackgroundBlendMode: this.adminforth.config.auth.removeBackgroundBlendMode,
           title: this.adminforth.config.customization?.title,
           demoCredentials: this.adminforth.config.auth.demoCredentials,
-          loginPromptHTML: await tr(loginPromptHTML, 'system.loginPromptHTML'),
           loginPageInjections: this.adminforth.config.customization.loginPageInjections,
           globalInjections: {
             everyPageBottom: this.adminforth.config.customization.globalInjections.everyPageBottom,
@@ -295,7 +345,6 @@ export default class AdminForthRestAPI implements IAdminForthRestAPI {
 
         const announcementBadge: AnnouncementBadgeResponse = this.adminforth.config.customization.announcementBadge?.(adminUser);
 
-        const loginPromptHTML = await getLoginPromptHTML(this.adminforth.config.auth.loginPromptHTML);
 
 
         const publicPart = {
@@ -306,7 +355,6 @@ export default class AdminForthRestAPI implements IAdminForthRestAPI {
           removeBackgroundBlendMode: this.adminforth.config.auth.removeBackgroundBlendMode,
           title: this.adminforth.config.customization?.title,
           demoCredentials: this.adminforth.config.auth.demoCredentials,
-          loginPromptHTML: await tr(loginPromptHTML, 'system.loginPromptHTML'),
           loginPageInjections: this.adminforth.config.customization.loginPageInjections,
           rememberMeDays: this.adminforth.config.auth.rememberMeDays,
           singleTheme: this.adminforth.config.customization.singleTheme,
@@ -356,12 +404,20 @@ export default class AdminForthRestAPI implements IAdminForthRestAPI {
 
         // strip all backendOnly fields or not described in adminForth fields from dbUser
         // (when user defines column and does not set backendOnly, we assume it is not backendOnly)
-        Object.keys(adminUser.dbUser).forEach((key) => {
-          const col = userResource.columns.find((col) => col.name === key);
-          if (!col || col.backendOnly) {
+        const ctx = {
+          adminUser,
+          resource: userResource,
+          meta: {},
+          source: ActionCheckSource.ShowRequest,
+          adminforth: this.adminforth,
+        };
+        for (const key of Object.keys(adminUser.dbUser)) {
+          const col = userResource.columns.find((c) => c.name === key);
+          const bo = col ? await isBackendOnly(col, ctx) : true;
+          if (!col || bo) {
             delete adminUser.dbUser[key];
           }
-        })
+        }
 
         return {
           user: userData,
@@ -794,15 +850,32 @@ export default class AdminForthRestAPI implements IAdminForthRestAPI {
           })
         );
 
+        const pkField = resource.columns.find((col) => col.primaryKey)?.name;
         // remove all columns which are not defined in resources, or defined but backendOnly
-        data.data.forEach((item) => {
-          Object.keys(item).forEach((key) => {
-            if (!resource.columns.find((col) => col.name === key) || resource.columns.find((col) => col.name === key && col.backendOnly)) {
-              delete item[key];
+        {
+          const ctx = {
+            adminUser,
+            resource,
+            meta,
+            source: {
+              show: ActionCheckSource.ShowRequest,
+              list: ActionCheckSource.ListRequest,
+              edit: ActionCheckSource.EditLoadRequest,
+            }[source],
+            adminforth: this.adminforth,
+          };
+        
+          for (const item of data.data) {
+            for (const key of Object.keys(item)) {
+              const col = resource.columns.find((c) => c.name === key);
+              const bo = col ? await isBackendOnly(col, ctx) : true;
+              if (!col || bo) {
+                delete item[key];
+              }
             }
-          })
-          item._label = resource.recordLabel(item);
-        });
+            item._label = resource.recordLabel(item);
+          }
+        }
         if (source === 'list' && resource.options.listTableClickUrl) {
           await Promise.all(
             data.data.map(async (item) => {
@@ -1068,11 +1141,30 @@ export default class AdminForthRestAPI implements IAdminForthRestAPI {
               }
             }
 
+            const ctxCreate = {
+              adminUser,
+              resource,
+              meta: { requestBody: body },
+              source: ActionCheckSource.CreateRequest,
+              adminforth: this.adminforth,
+            };
+
+            for (const column of resource.columns) {
+              if ((column.required as { create?: boolean })?.create) {
+                const shown = await isShown(column, 'create', ctxCreate);
+                if (shown && record[column.name] === undefined) {
+                  return { error: `Column '${column.name}' is required`, ok: false };
+                }
+              }
+            }
+
             for (const column of resource.columns) {
               const fieldName = column.name;
               if (fieldName in record) {
-                if (!column.showIn?.create || column.backendOnly) {
-                  return { error: `Field "${fieldName}" cannot be modified as it is restricted from creation (showIn.create is false, please set it to true)`, ok: false };
+                const shown = await isShown(column, 'create', ctxCreate);
+                const bo = await isBackendOnly(column, ctxCreate);
+                if (!shown || bo) {
+                  return { error: `Field "${fieldName}" cannot be modified as it is restricted from creation (backendOnly or showIn.create is false, please set it to true)`, ok: false };
                 }
               }
             }
@@ -1164,15 +1256,24 @@ export default class AdminForthRestAPI implements IAdminForthRestAPI {
               return { error: allowedError };
             }
 
+            const ctxEdit = {
+              adminUser,
+              resource,
+              meta: { requestBody: body, newRecord: record, oldRecord, pk: recordId },
+              source: ActionCheckSource.EditRequest,
+              adminforth: this.adminforth,
+            };
+            
             for (const column of resource.columns) {
               const fieldName = column.name;
               if (fieldName in record) {
-                if (!column.showIn?.edit || column.editReadonly || column.backendOnly) {
-                  return { error: `Field "${fieldName}" cannot be modified as it is restricted from editing (showIn.edit is false, please set it to true)`, ok: false };
+                const shown = await isShown(column, 'edit', ctxEdit);
+                const bo = await isBackendOnly(column, ctxEdit);
+                if (!shown || column.editReadonly || bo) {
+                  return { error: `Field "${fieldName}" cannot be modified as it is restricted from editing (backendOnly or showIn.edit is false, please set it to true)`, ok: false };
                 }
               }
             }
-
             // for polymorphic foreign resources, we need to find out the value for polymorphicOn column
             for (const column of resource.columns) {
               if (column.foreignResource?.polymorphicOn && record[column.name] === null) {