@adobe/helix-config 3.4.4 → 3.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +14 -0
- package/package.json +1 -1
- package/src/config-view.js +4 -3
- package/src/schemas/access-admin.schema.json +13 -1
- package/src/schemas/access.schema.json +3 -0
- package/src/schemas/user.schema.json +3 -0
- package/types/org-config.d.ts +1 -1
- package/types/profile-config.d.ts +11 -1
- package/types/site-config.d.ts +11 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,17 @@
|
|
|
1
|
+
# [3.6.0](https://github.com/adobe/helix-config/compare/v3.5.0...v3.6.0) (2024-07-11)
|
|
2
|
+
|
|
3
|
+
|
|
4
|
+
### Features
|
|
5
|
+
|
|
6
|
+
* allow to specify access.site ([#129](https://github.com/adobe/helix-config/issues/129)) ([83f7142](https://github.com/adobe/helix-config/commit/83f714215903315158ccacbf3ecfdb14d9d97c31)), closes [#62](https://github.com/adobe/helix-config/issues/62)
|
|
7
|
+
|
|
8
|
+
# [3.5.0](https://github.com/adobe/helix-config/compare/v3.4.4...v3.5.0) (2024-07-10)
|
|
9
|
+
|
|
10
|
+
|
|
11
|
+
### Features
|
|
12
|
+
|
|
13
|
+
* refine roles ([#128](https://github.com/adobe/helix-config/issues/128)) ([4550be1](https://github.com/adobe/helix-config/commit/4550be179e6b0fe6bcc65742500bae6bb3c82486))
|
|
14
|
+
|
|
1
15
|
## [3.4.4](https://github.com/adobe/helix-config/compare/v3.4.3...v3.4.4) (2024-07-09)
|
|
2
16
|
|
|
3
17
|
|
package/package.json
CHANGED
package/src/config-view.js
CHANGED
|
@@ -111,8 +111,9 @@ async function getGlobalTokenHash(ctx, rso) {
|
|
|
111
111
|
*/
|
|
112
112
|
export async function getAccessConfig(ctx, config, partition, rso) {
|
|
113
113
|
const { access, tokens = {} } = config;
|
|
114
|
-
const
|
|
115
|
-
const
|
|
114
|
+
const pAccess = access[partition] ?? {};
|
|
115
|
+
const apiKeyId = toArray(pAccess.apiKeyId ?? access.site?.apiKeyId ?? access.apiKeyId);
|
|
116
|
+
const allow = toArray(pAccess.allow ?? access.allow);
|
|
116
117
|
const cfg = {
|
|
117
118
|
apiKeyId,
|
|
118
119
|
tokenHash: apiKeyId
|
|
@@ -120,7 +121,7 @@ export async function getAccessConfig(ctx, config, partition, rso) {
|
|
|
120
121
|
.map((jti) => jti.replaceAll('/', '_').replaceAll('+', '-'))
|
|
121
122
|
.map((id) => tokens[id]?.hash)
|
|
122
123
|
.filter((hash) => !!hash),
|
|
123
|
-
clientCertDN: toArray(access
|
|
124
|
+
clientCertDN: toArray(pAccess.clientCertDN ?? access.site?.clientCertDN ?? access.clientCertDN),
|
|
124
125
|
};
|
|
125
126
|
// if an allow is defined but no apiKeyId, create a fake one so that auth is still enforced.
|
|
126
127
|
if (allow.length && !cfg.apiKeyId.length) {
|
|
@@ -43,7 +43,19 @@
|
|
|
43
43
|
"defaultRole": {
|
|
44
44
|
"description": "the default roles assigned to the users. defaults to `basic_publish` for unauthenticated setups.",
|
|
45
45
|
"type": "array",
|
|
46
|
-
"items": {
|
|
46
|
+
"items": {
|
|
47
|
+
"type": "string",
|
|
48
|
+
"enum": [
|
|
49
|
+
"admin",
|
|
50
|
+
"author",
|
|
51
|
+
"publish",
|
|
52
|
+
"develop",
|
|
53
|
+
"basic_author",
|
|
54
|
+
"basic_publish",
|
|
55
|
+
"config",
|
|
56
|
+
"config_admin"
|
|
57
|
+
]
|
|
58
|
+
}
|
|
47
59
|
},
|
|
48
60
|
"apiKeyId": {
|
|
49
61
|
"description": "the id of the API key(s). this is used to validate the API KEYS and allows to invalidate them.",
|
package/types/org-config.d.ts
CHANGED
|
@@ -43,7 +43,7 @@ export interface HttpsNsAdobeComHelixConfigUser {
|
|
|
43
43
|
id: string;
|
|
44
44
|
email: string;
|
|
45
45
|
name?: string;
|
|
46
|
-
roles: ('admin' | 'author' | 'publish' | 'config' | 'config_admin')[];
|
|
46
|
+
roles: ('admin' | 'author' | 'publish' | 'develop' | 'basic_author' | 'basic_publish' | 'config' | 'config_admin')[];
|
|
47
47
|
}
|
|
48
48
|
export interface Groups {
|
|
49
49
|
[k: string]: Group;
|
|
@@ -208,6 +208,7 @@ export interface EmptyConfig {
|
|
|
208
208
|
}
|
|
209
209
|
export interface Access {
|
|
210
210
|
admin?: AdminAccessConfig;
|
|
211
|
+
site?: SiteAccessConfig;
|
|
211
212
|
preview?: SiteAccessConfig;
|
|
212
213
|
live?: SiteAccessConfig;
|
|
213
214
|
}
|
|
@@ -220,7 +221,16 @@ export interface AdminAccessConfig {
|
|
|
220
221
|
/**
|
|
221
222
|
* the default roles assigned to the users. defaults to `basic_publish` for unauthenticated setups.
|
|
222
223
|
*/
|
|
223
|
-
defaultRole?:
|
|
224
|
+
defaultRole?: (
|
|
225
|
+
| 'admin'
|
|
226
|
+
| 'author'
|
|
227
|
+
| 'publish'
|
|
228
|
+
| 'develop'
|
|
229
|
+
| 'basic_author'
|
|
230
|
+
| 'basic_publish'
|
|
231
|
+
| 'config'
|
|
232
|
+
| 'config_admin'
|
|
233
|
+
)[];
|
|
224
234
|
/**
|
|
225
235
|
* the id of the API key(s). this is used to validate the API KEYS and allows to invalidate them.
|
|
226
236
|
*/
|
package/types/site-config.d.ts
CHANGED
|
@@ -216,6 +216,7 @@ export interface EmptyConfig {
|
|
|
216
216
|
}
|
|
217
217
|
export interface Access {
|
|
218
218
|
admin?: AdminAccessConfig;
|
|
219
|
+
site?: SiteAccessConfig;
|
|
219
220
|
preview?: SiteAccessConfig;
|
|
220
221
|
live?: SiteAccessConfig;
|
|
221
222
|
}
|
|
@@ -228,7 +229,16 @@ export interface AdminAccessConfig {
|
|
|
228
229
|
/**
|
|
229
230
|
* the default roles assigned to the users. defaults to `basic_publish` for unauthenticated setups.
|
|
230
231
|
*/
|
|
231
|
-
defaultRole?:
|
|
232
|
+
defaultRole?: (
|
|
233
|
+
| 'admin'
|
|
234
|
+
| 'author'
|
|
235
|
+
| 'publish'
|
|
236
|
+
| 'develop'
|
|
237
|
+
| 'basic_author'
|
|
238
|
+
| 'basic_publish'
|
|
239
|
+
| 'config'
|
|
240
|
+
| 'config_admin'
|
|
241
|
+
)[];
|
|
232
242
|
/**
|
|
233
243
|
* the id of the API key(s). this is used to validate the API KEYS and allows to invalidate them.
|
|
234
244
|
*/
|