Merge branch 'widgets' into demo

Author: markusweblance

.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+    "commentTranslate.source": "Google"
+}

Readme.md

@@ -2,7 +2,6 @@
 
 <span class="badge-npmversion"><a href="https://npmjs.org/package/adminizer" title="View this project on NPM"><img src="https://img.shields.io/npm/v/adminizer.svg" alt="NPM version" /></a></span>
 
-
 Adminizer is a modern admin panel built as an independent module for Node.js.  
 The backend is written in TypeScript, and the frontend uses React, providing high modularity and flexibility.  
 The system is specifically designed to be **framework- and ORM-agnostic**, running directly inside the Node.js Runtime.  
@@ -11,6 +10,17 @@ Thanks to this approach, Adminizer can be integrated into any server-side applic
 The project is **open-source**, **free to use**, and focused on building an **open community**.  
 We would like to express special thanks to **Konstantin Zolotarev**, who laid the foundation with the **sails-adminpanel** project, which we later reworked and generalized.
 
+---
+
+Follow us for updates, tutorials, and community discussions:
+
+[![Telegram](https://img.shields.io/badge/Telegram-Join%20Chat-blue?logo=telegram)](https://t.me/talks_adminizer)
+[![X / Twitter](https://img.shields.io/badge/X-%40admnzr-000000?logo=twitter)](https://x.com/admnzr)
+[![Facebook](https://img.shields.io/badge/Facebook-Adminizer-blue?logo=facebook)](https://www.facebook.com/profile.php?id=61575683442665)
+
+---
+
+
 The core principle of Adminizer is **maximum extensibility**.  
 The admin panel can be configured and expanded **at runtime** without requiring rebuilds or server restarts.  
 We aimed to make the system as easy to integrate as possible: just install the package and immediately gain access to a powerful admin interface.  

docs/AccessRightsModelFields.md

@@ -0,0 +1,115 @@
+### `DataAccessor` — Data Layer Mediator with Access Control
+
+The `DataAccessor` class is a central utility for handling the interaction between users and the system's data models, while enforcing access control and configuration constraints.
+
+---
+
+#### **Purpose**
+
+This class:
+
+* Retrieves and merges model field configurations based on the action type (e.g., `add`, `edit`, `list`, `view`, `remove`)
+* Applies user permission checks at both the model and field level
+* Filters records according to configured access rules
+* Dynamically includes associated models and their configurations
+* Automatically applies or restricts data access based on user roles and group membership
+* Helps populate or restrict relation fields (e.g., `UserAP`, `GroupAP`) depending on ownership and configuration
+* Provides unified methods for reading (`process`, `processMany`), sanitizing (`sanitizeUserRelationAccess`), and updating (`setUserRelationAccess`) data records with permission logic baked in
+
+---
+
+#### **Key Features**
+
+* **Access-aware field resolution**: Only exposes fields the current user is allowed to see or edit.
+* **Dynamic config merging**: Combines global and action-specific model field configs, ensuring the right context is applied.
+* **Association support**: Handles both `BelongsTo` and `HasMany` style associations with optional population and recursive field filtering.
+* **Multi-level access logic**: Enforces both direct and intermediate relation-based access restrictions using the `userAccessRelation` model config key.
+* **CRUD-agnostic**: Designed to be used with various actions (`add`, `edit`, `view`, `list`) with unified processing logic.
+
+---
+
+#### **Typical Use Cases**
+
+* Building an admin panel or API layer where user-specific permissions restrict what data can be read, written, or modified
+* Ensuring consistent permission logic across different parts of the system (e.g., listing vs viewing a single item)
+* Populating complex forms or detail views that include nested associations with restricted fields
+
+---
+
+#### **Permission Logic and Configuration**
+
+The `DataAccessor` supports fine-grained access control at the field level using a combination of global configuration, action-specific overrides, and user role/group validation.
+
+**How Permissions Are Checked**
+
+Each field passes through the `checkFieldAccess()` method, which evaluates:
+
+1. **Explicit Disabling**
+   If a field is set to `false` in the config, it will be excluded:
+
+   ```ts
+   fields: { secretField: false }
+   ```
+
+2. **Always Allowed:**
+
+   * Primary key field (`id`)
+   * All fields for admin users (`isAdministrator === true`)
+   * Fields without any config object
+
+3. **Group-Based Restrictions**
+   If a field defines `groupsAccessRights`, access is granted only if the user's group is listed:
+
+   ```ts
+   fields: {
+     internalNotes: {
+       type: "string",
+       groupsAccessRights: ["manager", "admin"]
+     }
+   }
+   ```
+
+4. **Default Denial for Default Group**
+   If no access rights are defined, the field is denied **only** to users from the `defaultUserGroup` (defined in config):
+
+   ```ts
+   config: {
+     registration: {
+       defaultUserGroup: "users"
+     }
+   }
+   ```
+
+**Where Permissions Are Applied**
+
+* During field config loading (`getFieldsConfig`)
+* When preparing the output for individual records (`process`)
+* When preparing associated models (`getAssociatedFieldsConfig`)
+* During write-time operations that assign ownership/access (`sanitizeUserRelationAccess`, `setUserRelationAccess`)
+
+---
+
+#### **Config Example**
+
+```ts
+models: {
+  Task: {
+    fields: {
+      title: { type: "string" },
+      internalStatus: {
+        type: "string",
+        groupsAccessRights: ["admin", "qa"]
+      },
+      createdAt: false // completely hidden
+    },
+    userAccessRelation: "owner"
+  }
+}
+```
+
+In this example:
+
+* The `title` field is visible to everyone.
+* `internalStatus` is only shown to admins and QA team members.
+* `createdAt` is hidden entirely.
+* Only records where the current user is the `owner` are accessible to non-admins.

docs/AccessRights.md docs/AccessRightsTokens.mddocs/AccessRights.md renamed to docs/AccessRightsTokens.md

@@ -1,9 +1,30 @@
-# Adminizer Documentation
+# 📘 Adminizer Documentation
 
-1. [Installation](Install.md)
-2. [Configuration](Configuration.md)
+## 1. Getting Started
 
+* [Installation](Install.md)
 
-2. [Form Error Management](FormError.md)
-3. [Inertia Adapter & Flash](InertiaAdapter.md)
-4. [Admin Controls](Controls.md)
+## 2. Configuration
+
+* [General Settings](Configuration/General.md)
+* [Model Definitions](Configuration/Models.md)
+* [Field Options](Configuration/Fields.md)
+* [Custom Components](Configuration/CustomComponents.md)
+
+## Other
+
+* [Localization](Configuration/Localization.md)
+## 3. Frontend Integration
+
+* [Inertia Adapter & Flash](InertiaAdapter.md)
+* [Form Error Management](FormError.md)
+
+## 4. Admin Panel Features
+
+* [Admin Controls](Controls.md)
+
+## 5. Access Control
+
+* [Model-Level Permissions](AccessControl/ModelPermissions.md)
+* [Field-Level Restrictions](AccessControl/FieldRestrictions.md)
+* [Role & Group Management](AccessControl/RoleGroups.md)

docs/Configuration/General.md

@@ -1,24 +1,38 @@
 import {AdminpanelConfig} from "../dist/interfaces/adminpanelConfig";
+import Example from "./models/Example";
 
 const routePrefix = "/adminizer";
 
 const models: AdminpanelConfig["models"] = {
     test: {
         title: 'Test model',
         model: 'test',
+        // userAccessRelation: 'owner',
         fields: {
             createdAt: false,
             updatedAt: false,
             title: {
                 title: 'Title',
                 type: 'string',
                 required: true
-            },
-            owner: false
+            }
         },
         list: {
             fields: {
-                owner: false
+                owner: false,
+                example: {
+                    // displayModifier(d) {
+                    //     console.log("________________________________")
+                    //     console.dir(d)
+                    //     return d
+                    // }
+                }
+            }
+        },
+        add: {
+            fields: {
+                ownerId: false,
+                exampleId: false
             }
         },
         icon: 'receipt'
@@ -362,17 +376,19 @@ const models: AdminpanelConfig["models"] = {
 const config: AdminpanelConfig = {
     routePrefix: routePrefix,
     // routePrefix: "/admin",
-    // auth: true,
-    // registration: {
-    //     enable: true,
-    //     defaultUserGroup: "test",
-    //     confirmationRequired: false
+    // auth: {
+    //     enable: true
     // },
-    auth: {
+    registration: {
         enable: true,
-        description: "Login `demo`, password `demo`"
+        defaultUserGroup: "guest",
+        confirmationRequired: false
     },
-    dashboard: false,
+    // auth: {
+    //     enable: true,
+    //     description: "Login `demo`, password `demo`"
+    // },
+    dashboard: true,
     forms: {
         data: {
             global: {
@@ -502,7 +518,7 @@ const config: AdminpanelConfig = {
     translation: {
         locales: ['en', 'ru', 'de', 'ua'],
         path: 'config/locales', // relative path to translations directory
-        defaultLocale: 'en'
+        defaultLocale: 'ru'
     },
     models: models,
     //@ts-ignore