@nu-art/permissions
Advanced tools
Comparing version 0.20.5 to 0.20.6
@@ -1,6 +0,28 @@ | ||
| import { Module } from "@nu-art/ts-common"; | ||
| import { Module, StringMap } from "@nu-art/ts-common"; | ||
| import { DB_PermissionAccessLevel } from "../.."; | ||
| declare type GroupPair = { | ||
| accessLevelIds: string[]; | ||
| customFields: StringMap[]; | ||
| }; | ||
| declare type RequestPair = { | ||
| accessLevelIds: string[]; | ||
| customField: StringMap; | ||
| }; | ||
| declare type GroupPairWithLevelsObj = { | ||
| accessLevels: DB_PermissionAccessLevel[]; | ||
| customFields: StringMap[]; | ||
| }; | ||
| declare type RequestPairWithLevelsObj = { | ||
| accessLevels: DB_PermissionAccessLevel[]; | ||
| customField: StringMap; | ||
| }; | ||
| export declare class PermissionsAssert_Class extends Module { | ||
| assertUserPermissions(userId: string, path: string, projectId: string): Promise<void>; | ||
| private resolveUserPermissions; | ||
| assertUserPermissions(projectId: string, path: string, userId: string, requestCustomField: StringMap): Promise<void>; | ||
| isMatch(groupPair: GroupPair, requestPair: RequestPair): Promise<boolean>; | ||
| isMatchWithLevelsObj(groupPair: GroupPairWithLevelsObj, requestPair: RequestPairWithLevelsObj): Promise<boolean>; | ||
| private getDomainLevelMap; | ||
| private doesCustomFieldsSatisfies; | ||
| private doesCustomFieldSatisfies; | ||
| } | ||
| export declare const PermissionsAssert: PermissionsAssert_Class; | ||
| export {}; |
@@ -61,10 +61,11 @@ "use strict"; | ||
| } | ||
| PermissionsAssert_Class.prototype.assertUserPermissions = function (userId, path, projectId) { | ||
| PermissionsAssert_Class.prototype.assertUserPermissions = function (projectId, path, userId, requestCustomField) { | ||
| return __awaiter(this, void 0, void 0, function () { | ||
| var apiDb, levelsPromise, userPermissionsPromise, _a, requiredLevels, userPermissions; | ||
| return __generator(this, function (_b) { | ||
| switch (_b.label) { | ||
| var apiDb, user, groups, requestPair, userPair, groupMatch; | ||
| var _this = this; | ||
| return __generator(this, function (_a) { | ||
| switch (_a.label) { | ||
| case 0: return [4, managment_1.ApiPermissionsDB.queryUnique({ path: path, projectId: projectId })]; | ||
| case 1: | ||
| apiDb = _b.sent(); | ||
| apiDb = _a.sent(); | ||
| if (!apiDb.accessLevelIds) { | ||
@@ -75,13 +76,22 @@ if (backend_1.ServerApi.isDebug) | ||
| } | ||
| levelsPromise = Promise.all(apiDb.accessLevelIds.map(function (levelId) { return managment_1.AccessLevelPermissionsDB.queryUnique({ _id: levelId }); })); | ||
| userPermissionsPromise = this.resolveUserPermissions(userId); | ||
| return [4, Promise.all([levelsPromise, | ||
| userPermissionsPromise])]; | ||
| return [4, assign_1.UserPermissionsDB.queryUnique({ uuid: userId })]; | ||
| case 2: | ||
| _a = _b.sent(), requiredLevels = _a[0], userPermissions = _a[1]; | ||
| requiredLevels.forEach(function (requiredLevel) { | ||
| var userAccessLevel = userPermissions[requiredLevel.domainId]; | ||
| if (userAccessLevel === undefined || userAccessLevel < requiredLevel.value) | ||
| throw new backend_1.ApiException(403, "Action Forbidden"); | ||
| user = _a.sent(); | ||
| return [4, Promise.all((user.groupIds || []).map(function (groupId) { return assign_1.GroupPermissionsDB.queryUnique({ _id: groupId }); }))]; | ||
| case 3: | ||
| groups = _a.sent(); | ||
| requestPair = { accessLevelIds: apiDb.accessLevelIds, customField: requestCustomField }; | ||
| userPair = { accessLevelIds: user.accessLevelIds || [], customFields: user.customFields || [] }; | ||
| groupMatch = false; | ||
| groups.forEach(function (group) { | ||
| var groupPair = { accessLevelIds: group.accessLevelIds || [], customFields: group.customFields || [] }; | ||
| if (_this.isMatch(groupPair, requestPair)) { | ||
| groupMatch = true; | ||
| } | ||
| }); | ||
| if (this.isMatch(userPair, requestPair)) | ||
| groupMatch = true; | ||
| if (!groupMatch) { | ||
| throw new backend_1.ApiException(403, "Action Forbidden"); | ||
| } | ||
| return [2]; | ||
@@ -92,31 +102,22 @@ } | ||
| }; | ||
| PermissionsAssert_Class.prototype.resolveUserPermissions = function (userId) { | ||
| PermissionsAssert_Class.prototype.isMatch = function (groupPair, requestPair) { | ||
| return __awaiter(this, void 0, void 0, function () { | ||
| var user, accessLevelsIds, groups, accessLevels; | ||
| return __generator(this, function (_a) { | ||
| switch (_a.label) { | ||
| case 0: return [4, assign_1.UserPermissionsDB.queryUnique({ _id: userId })]; | ||
| var levelsPromise, groupPermissionsPromise, _a, requiredLevels, groupPermissions, groupPairWithLevelsObj, requestPairWithLevelsObj; | ||
| return __generator(this, function (_b) { | ||
| switch (_b.label) { | ||
| case 0: | ||
| if (!this.doesCustomFieldsSatisfies(groupPair.customFields, requestPair.customField)) { | ||
| return [2, false]; | ||
| } | ||
| levelsPromise = Promise.all(requestPair.accessLevelIds.map(function (levelId) { return managment_1.AccessLevelPermissionsDB.queryUnique({ _id: levelId }); })); | ||
| return [4, Promise.all(groupPair.accessLevelIds.map(function (accesslevelId) { return managment_1.AccessLevelPermissionsDB.queryUnique({ _id: accesslevelId }); }))]; | ||
| case 1: | ||
| user = _a.sent(); | ||
| accessLevelsIds = user.accessLevelIds || []; | ||
| if (!user.groupIds) return [3, 3]; | ||
| return [4, Promise.all(user.groupIds.map(function (groupId) { return assign_1.GroupPermissionsDB.queryUnique({ _id: groupId }); }))]; | ||
| groupPermissionsPromise = _b.sent(); | ||
| return [4, Promise.all([levelsPromise, | ||
| groupPermissionsPromise])]; | ||
| case 2: | ||
| groups = _a.sent(); | ||
| accessLevelsIds = groups.reduce(function (toRet, group) { | ||
| if (group.accessLevelIds) | ||
| ts_common_1.addAllItemToArray(toRet, group.accessLevelIds); | ||
| return toRet; | ||
| }, accessLevelsIds); | ||
| accessLevelsIds = ts_common_1.filterDuplicates(accessLevelsIds); | ||
| _a.label = 3; | ||
| case 3: return [4, Promise.all(accessLevelsIds.map(function (accesslevelId) { return managment_1.AccessLevelPermissionsDB.queryUnique({ _id: accesslevelId }); }))]; | ||
| case 4: | ||
| accessLevels = _a.sent(); | ||
| return [2, accessLevels.reduce(function (toRet, accessLevel) { | ||
| var levelForDomain = toRet[accessLevel.domainId]; | ||
| if (levelForDomain || levelForDomain < accessLevel.value) | ||
| toRet[accessLevel.domainId] = accessLevel.value; | ||
| return toRet; | ||
| }, {})]; | ||
| _a = _b.sent(), requiredLevels = _a[0], groupPermissions = _a[1]; | ||
| groupPairWithLevelsObj = { accessLevels: groupPermissions, customFields: groupPair.customFields || [] }; | ||
| requestPairWithLevelsObj = { accessLevels: requiredLevels, customField: requestPair.customField }; | ||
| return [2, this.isMatchWithLevelsObj(groupPairWithLevelsObj, requestPairWithLevelsObj)]; | ||
| } | ||
@@ -126,2 +127,41 @@ }); | ||
| }; | ||
| PermissionsAssert_Class.prototype.isMatchWithLevelsObj = function (groupPair, requestPair) { | ||
| return __awaiter(this, void 0, void 0, function () { | ||
| var match, groupDomainLevelMap; | ||
| return __generator(this, function (_a) { | ||
| match = true; | ||
| if (!this.doesCustomFieldsSatisfies(groupPair.customFields, requestPair.customField)) { | ||
| return [2, false]; | ||
| } | ||
| groupDomainLevelMap = this.getDomainLevelMap(groupPair.accessLevels); | ||
| requestPair.accessLevels.forEach(function (requiredLevel) { | ||
| var userAccessLevel = groupDomainLevelMap[requiredLevel.domainId]; | ||
| if (userAccessLevel === undefined || userAccessLevel < requiredLevel.value) | ||
| match = false; | ||
| }); | ||
| return [2, match]; | ||
| }); | ||
| }); | ||
| }; | ||
| PermissionsAssert_Class.prototype.getDomainLevelMap = function (accessLevels) { | ||
| return accessLevels.reduce(function (toRet, accessLevel) { | ||
| var levelForDomain = toRet[accessLevel.domainId]; | ||
| if (levelForDomain || levelForDomain < accessLevel.value) | ||
| toRet[accessLevel.domainId] = accessLevel.value; | ||
| return toRet; | ||
| }, {}); | ||
| }; | ||
| PermissionsAssert_Class.prototype.doesCustomFieldsSatisfies = function (groupCustomFields, requestCustomField) { | ||
| var _this = this; | ||
| if (groupCustomFields === void 0) { groupCustomFields = []; } | ||
| return groupCustomFields.reduce(function (doesSatisfies, customField) { | ||
| return doesSatisfies || _this.doesCustomFieldSatisfies(customField, requestCustomField); | ||
| }, true); | ||
| }; | ||
| PermissionsAssert_Class.prototype.doesCustomFieldSatisfies = function (existCustomField, requestCustomField) { | ||
| return Object.keys(requestCustomField).reduce(function (doesSatisfies, requestCustomFieldKey) { | ||
| var customFieldRegEx = new RegExp(existCustomField[requestCustomFieldKey], "g"); | ||
| return doesSatisfies && customFieldRegEx.test(requestCustomField[requestCustomFieldKey]); | ||
| }, true); | ||
| }; | ||
| return PermissionsAssert_Class; | ||
@@ -128,0 +168,0 @@ }(ts_common_1.Module)); |
| { | ||
| "name": "@nu-art/permissions", | ||
| "version": "0.20.5", | ||
| "version": "0.20.6", | ||
| "description": "Permissions", | ||
@@ -5,0 +5,0 @@ "keywords": [ |
Sorry, the diff of this file is not supported yet
No alert changes
Improved metrics
- Total package byte prevSize
- increased by4.06%
119570
- Lines of code
- increased by3.57%
1800
No dependency changes