@nu-art/permissions
Advanced tools
Comparing version 0.20.5 to 0.20.6
@@ -1,6 +0,28 @@ | ||
import { Module } from "@nu-art/ts-common"; | ||
import { Module, StringMap } from "@nu-art/ts-common"; | ||
import { DB_PermissionAccessLevel } from "../.."; | ||
declare type GroupPair = { | ||
accessLevelIds: string[]; | ||
customFields: StringMap[]; | ||
}; | ||
declare type RequestPair = { | ||
accessLevelIds: string[]; | ||
customField: StringMap; | ||
}; | ||
declare type GroupPairWithLevelsObj = { | ||
accessLevels: DB_PermissionAccessLevel[]; | ||
customFields: StringMap[]; | ||
}; | ||
declare type RequestPairWithLevelsObj = { | ||
accessLevels: DB_PermissionAccessLevel[]; | ||
customField: StringMap; | ||
}; | ||
export declare class PermissionsAssert_Class extends Module { | ||
assertUserPermissions(userId: string, path: string, projectId: string): Promise<void>; | ||
private resolveUserPermissions; | ||
assertUserPermissions(projectId: string, path: string, userId: string, requestCustomField: StringMap): Promise<void>; | ||
isMatch(groupPair: GroupPair, requestPair: RequestPair): Promise<boolean>; | ||
isMatchWithLevelsObj(groupPair: GroupPairWithLevelsObj, requestPair: RequestPairWithLevelsObj): Promise<boolean>; | ||
private getDomainLevelMap; | ||
private doesCustomFieldsSatisfies; | ||
private doesCustomFieldSatisfies; | ||
} | ||
export declare const PermissionsAssert: PermissionsAssert_Class; | ||
export {}; |
@@ -61,10 +61,11 @@ "use strict"; | ||
} | ||
PermissionsAssert_Class.prototype.assertUserPermissions = function (userId, path, projectId) { | ||
PermissionsAssert_Class.prototype.assertUserPermissions = function (projectId, path, userId, requestCustomField) { | ||
return __awaiter(this, void 0, void 0, function () { | ||
var apiDb, levelsPromise, userPermissionsPromise, _a, requiredLevels, userPermissions; | ||
return __generator(this, function (_b) { | ||
switch (_b.label) { | ||
var apiDb, user, groups, requestPair, userPair, groupMatch; | ||
var _this = this; | ||
return __generator(this, function (_a) { | ||
switch (_a.label) { | ||
case 0: return [4, managment_1.ApiPermissionsDB.queryUnique({ path: path, projectId: projectId })]; | ||
case 1: | ||
apiDb = _b.sent(); | ||
apiDb = _a.sent(); | ||
if (!apiDb.accessLevelIds) { | ||
@@ -75,13 +76,22 @@ if (backend_1.ServerApi.isDebug) | ||
} | ||
levelsPromise = Promise.all(apiDb.accessLevelIds.map(function (levelId) { return managment_1.AccessLevelPermissionsDB.queryUnique({ _id: levelId }); })); | ||
userPermissionsPromise = this.resolveUserPermissions(userId); | ||
return [4, Promise.all([levelsPromise, | ||
userPermissionsPromise])]; | ||
return [4, assign_1.UserPermissionsDB.queryUnique({ uuid: userId })]; | ||
case 2: | ||
_a = _b.sent(), requiredLevels = _a[0], userPermissions = _a[1]; | ||
requiredLevels.forEach(function (requiredLevel) { | ||
var userAccessLevel = userPermissions[requiredLevel.domainId]; | ||
if (userAccessLevel === undefined || userAccessLevel < requiredLevel.value) | ||
throw new backend_1.ApiException(403, "Action Forbidden"); | ||
user = _a.sent(); | ||
return [4, Promise.all((user.groupIds || []).map(function (groupId) { return assign_1.GroupPermissionsDB.queryUnique({ _id: groupId }); }))]; | ||
case 3: | ||
groups = _a.sent(); | ||
requestPair = { accessLevelIds: apiDb.accessLevelIds, customField: requestCustomField }; | ||
userPair = { accessLevelIds: user.accessLevelIds || [], customFields: user.customFields || [] }; | ||
groupMatch = false; | ||
groups.forEach(function (group) { | ||
var groupPair = { accessLevelIds: group.accessLevelIds || [], customFields: group.customFields || [] }; | ||
if (_this.isMatch(groupPair, requestPair)) { | ||
groupMatch = true; | ||
} | ||
}); | ||
if (this.isMatch(userPair, requestPair)) | ||
groupMatch = true; | ||
if (!groupMatch) { | ||
throw new backend_1.ApiException(403, "Action Forbidden"); | ||
} | ||
return [2]; | ||
@@ -92,31 +102,22 @@ } | ||
}; | ||
PermissionsAssert_Class.prototype.resolveUserPermissions = function (userId) { | ||
PermissionsAssert_Class.prototype.isMatch = function (groupPair, requestPair) { | ||
return __awaiter(this, void 0, void 0, function () { | ||
var user, accessLevelsIds, groups, accessLevels; | ||
return __generator(this, function (_a) { | ||
switch (_a.label) { | ||
case 0: return [4, assign_1.UserPermissionsDB.queryUnique({ _id: userId })]; | ||
var levelsPromise, groupPermissionsPromise, _a, requiredLevels, groupPermissions, groupPairWithLevelsObj, requestPairWithLevelsObj; | ||
return __generator(this, function (_b) { | ||
switch (_b.label) { | ||
case 0: | ||
if (!this.doesCustomFieldsSatisfies(groupPair.customFields, requestPair.customField)) { | ||
return [2, false]; | ||
} | ||
levelsPromise = Promise.all(requestPair.accessLevelIds.map(function (levelId) { return managment_1.AccessLevelPermissionsDB.queryUnique({ _id: levelId }); })); | ||
return [4, Promise.all(groupPair.accessLevelIds.map(function (accesslevelId) { return managment_1.AccessLevelPermissionsDB.queryUnique({ _id: accesslevelId }); }))]; | ||
case 1: | ||
user = _a.sent(); | ||
accessLevelsIds = user.accessLevelIds || []; | ||
if (!user.groupIds) return [3, 3]; | ||
return [4, Promise.all(user.groupIds.map(function (groupId) { return assign_1.GroupPermissionsDB.queryUnique({ _id: groupId }); }))]; | ||
groupPermissionsPromise = _b.sent(); | ||
return [4, Promise.all([levelsPromise, | ||
groupPermissionsPromise])]; | ||
case 2: | ||
groups = _a.sent(); | ||
accessLevelsIds = groups.reduce(function (toRet, group) { | ||
if (group.accessLevelIds) | ||
ts_common_1.addAllItemToArray(toRet, group.accessLevelIds); | ||
return toRet; | ||
}, accessLevelsIds); | ||
accessLevelsIds = ts_common_1.filterDuplicates(accessLevelsIds); | ||
_a.label = 3; | ||
case 3: return [4, Promise.all(accessLevelsIds.map(function (accesslevelId) { return managment_1.AccessLevelPermissionsDB.queryUnique({ _id: accesslevelId }); }))]; | ||
case 4: | ||
accessLevels = _a.sent(); | ||
return [2, accessLevels.reduce(function (toRet, accessLevel) { | ||
var levelForDomain = toRet[accessLevel.domainId]; | ||
if (levelForDomain || levelForDomain < accessLevel.value) | ||
toRet[accessLevel.domainId] = accessLevel.value; | ||
return toRet; | ||
}, {})]; | ||
_a = _b.sent(), requiredLevels = _a[0], groupPermissions = _a[1]; | ||
groupPairWithLevelsObj = { accessLevels: groupPermissions, customFields: groupPair.customFields || [] }; | ||
requestPairWithLevelsObj = { accessLevels: requiredLevels, customField: requestPair.customField }; | ||
return [2, this.isMatchWithLevelsObj(groupPairWithLevelsObj, requestPairWithLevelsObj)]; | ||
} | ||
@@ -126,2 +127,41 @@ }); | ||
}; | ||
PermissionsAssert_Class.prototype.isMatchWithLevelsObj = function (groupPair, requestPair) { | ||
return __awaiter(this, void 0, void 0, function () { | ||
var match, groupDomainLevelMap; | ||
return __generator(this, function (_a) { | ||
match = true; | ||
if (!this.doesCustomFieldsSatisfies(groupPair.customFields, requestPair.customField)) { | ||
return [2, false]; | ||
} | ||
groupDomainLevelMap = this.getDomainLevelMap(groupPair.accessLevels); | ||
requestPair.accessLevels.forEach(function (requiredLevel) { | ||
var userAccessLevel = groupDomainLevelMap[requiredLevel.domainId]; | ||
if (userAccessLevel === undefined || userAccessLevel < requiredLevel.value) | ||
match = false; | ||
}); | ||
return [2, match]; | ||
}); | ||
}); | ||
}; | ||
PermissionsAssert_Class.prototype.getDomainLevelMap = function (accessLevels) { | ||
return accessLevels.reduce(function (toRet, accessLevel) { | ||
var levelForDomain = toRet[accessLevel.domainId]; | ||
if (levelForDomain || levelForDomain < accessLevel.value) | ||
toRet[accessLevel.domainId] = accessLevel.value; | ||
return toRet; | ||
}, {}); | ||
}; | ||
PermissionsAssert_Class.prototype.doesCustomFieldsSatisfies = function (groupCustomFields, requestCustomField) { | ||
var _this = this; | ||
if (groupCustomFields === void 0) { groupCustomFields = []; } | ||
return groupCustomFields.reduce(function (doesSatisfies, customField) { | ||
return doesSatisfies || _this.doesCustomFieldSatisfies(customField, requestCustomField); | ||
}, true); | ||
}; | ||
PermissionsAssert_Class.prototype.doesCustomFieldSatisfies = function (existCustomField, requestCustomField) { | ||
return Object.keys(requestCustomField).reduce(function (doesSatisfies, requestCustomFieldKey) { | ||
var customFieldRegEx = new RegExp(existCustomField[requestCustomFieldKey], "g"); | ||
return doesSatisfies && customFieldRegEx.test(requestCustomField[requestCustomFieldKey]); | ||
}, true); | ||
}; | ||
return PermissionsAssert_Class; | ||
@@ -128,0 +168,0 @@ }(ts_common_1.Module)); |
{ | ||
"name": "@nu-art/permissions", | ||
"version": "0.20.5", | ||
"version": "0.20.6", | ||
"description": "Permissions", | ||
@@ -5,0 +5,0 @@ "keywords": [ |
Sorry, the diff of this file is not supported yet
119570
1800