@adobe/helix-config 4.1.1 → 4.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +14 -0
- package/package.json +1 -1
- package/src/config-view.js +26 -43
package/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,17 @@
|
|
|
1
|
+
# [4.3.0](https://github.com/adobe/helix-config/compare/v4.2.0...v4.3.0) (2024-08-20)
|
|
2
|
+
|
|
3
|
+
|
|
4
|
+
### Features
|
|
5
|
+
|
|
6
|
+
* include org users in admin access config ([#173](https://github.com/adobe/helix-config/issues/173)) ([427d254](https://github.com/adobe/helix-config/commit/427d254e39b701529cdcd915469cbaa414e0afa7)), closes [#167](https://github.com/adobe/helix-config/issues/167)
|
|
7
|
+
|
|
8
|
+
# [4.2.0](https://github.com/adobe/helix-config/compare/v4.1.1...v4.2.0) (2024-08-19)
|
|
9
|
+
|
|
10
|
+
|
|
11
|
+
### Features
|
|
12
|
+
|
|
13
|
+
* remove original-site check (move to admin) ([#172](https://github.com/adobe/helix-config/issues/172)) ([ac915b7](https://github.com/adobe/helix-config/commit/ac915b714d4fc33163d1860a90263f5ff5962e1d))
|
|
14
|
+
|
|
1
15
|
## [4.1.1](https://github.com/adobe/helix-config/compare/v4.1.0...v4.1.1) (2024-08-17)
|
|
2
16
|
|
|
3
17
|
|
package/package.json
CHANGED
package/src/config-view.js
CHANGED
|
@@ -185,27 +185,6 @@ async function loadMetadata(ctx, config, partition) {
|
|
|
185
185
|
};
|
|
186
186
|
}
|
|
187
187
|
|
|
188
|
-
/**
|
|
189
|
-
* loads the original site information from the `.hlx.json` file
|
|
190
|
-
* @param ctx the context
|
|
191
|
-
* @param contentBusId the content bus id
|
|
192
|
-
* @param legacy if true, the original-repository is returned, otherwise the original-site.
|
|
193
|
-
* @returns {Promise<string>} the original site.
|
|
194
|
-
*/
|
|
195
|
-
async function fetchOriginalSite(ctx, contentBusId, legacy) {
|
|
196
|
-
const key = `${contentBusId}/.hlx.json`;
|
|
197
|
-
const res = await ctx.loader.getObject(HELIX_CONTENT_BUS, key);
|
|
198
|
-
if (res.body) {
|
|
199
|
-
const json = res.json();
|
|
200
|
-
if (legacy) {
|
|
201
|
-
return json['original-repository'];
|
|
202
|
-
}
|
|
203
|
-
return json['original-site'];
|
|
204
|
-
}
|
|
205
|
-
ctx.log.error(`failed to load ${key}: ${res.status}`);
|
|
206
|
-
return '';
|
|
207
|
-
}
|
|
208
|
-
|
|
209
188
|
async function loadHeadHtml(ctx, config, ref) {
|
|
210
189
|
const key = `${config.code.owner}/${config.code.repo}/${ref}/head.html`;
|
|
211
190
|
const res = await ctx.loader.getObject(HELIX_CODE_BUS, key);
|
|
@@ -352,13 +331,11 @@ function resolveGroup(groups, name) {
|
|
|
352
331
|
* @param admin
|
|
353
332
|
* @param configGroups
|
|
354
333
|
* @param orgGroups
|
|
334
|
+
* @param orgUsers
|
|
355
335
|
*/
|
|
356
|
-
function computeSiteAdminRoles(admin, configGroups = {}, orgGroups = {}) {
|
|
357
|
-
if (!admin.role) {
|
|
358
|
-
return admin;
|
|
359
|
-
}
|
|
336
|
+
function computeSiteAdminRoles(admin, configGroups = {}, orgGroups = {}, orgUsers = []) {
|
|
360
337
|
const roles = {};
|
|
361
|
-
for (const [roleName, role] of Object.entries(admin.role)) {
|
|
338
|
+
for (const [roleName, role] of Object.entries(admin.role ?? {})) {
|
|
362
339
|
const users = new Set();
|
|
363
340
|
for (const /* @type string */ entry of role) {
|
|
364
341
|
if (entry.indexOf('@') > 0) {
|
|
@@ -375,10 +352,30 @@ function computeSiteAdminRoles(admin, configGroups = {}, orgGroups = {}) {
|
|
|
375
352
|
}
|
|
376
353
|
roles[roleName] = Array.from(users);
|
|
377
354
|
}
|
|
378
|
-
|
|
355
|
+
// add org users
|
|
356
|
+
const hasRoles = Object.keys(roles).length > 0;
|
|
357
|
+
let hasOrgUsers = false;
|
|
358
|
+
for (const user of orgUsers) {
|
|
359
|
+
for (const role of user.roles) {
|
|
360
|
+
if (!(role in roles)) {
|
|
361
|
+
roles[role] = [];
|
|
362
|
+
}
|
|
363
|
+
if (!roles[role].includes(user.email)) {
|
|
364
|
+
roles[role].push(user.email);
|
|
365
|
+
hasOrgUsers = true;
|
|
366
|
+
}
|
|
367
|
+
}
|
|
368
|
+
}
|
|
369
|
+
|
|
370
|
+
const ret = {
|
|
379
371
|
...admin,
|
|
380
372
|
role: roles,
|
|
381
373
|
};
|
|
374
|
+
// if there are only roles from the org, ensure that they don't enforce auth
|
|
375
|
+
if (hasOrgUsers && !hasRoles && (!admin.requireAuth || admin.requireAuth === 'auto')) {
|
|
376
|
+
ret.requireAuth = false;
|
|
377
|
+
}
|
|
378
|
+
return ret;
|
|
382
379
|
}
|
|
383
380
|
|
|
384
381
|
export async function getConfigResponse(ctx, opts) {
|
|
@@ -408,21 +405,6 @@ export async function getConfigResponse(ctx, opts) {
|
|
|
408
405
|
},
|
|
409
406
|
});
|
|
410
407
|
}
|
|
411
|
-
// validate original-site
|
|
412
|
-
const originalSite = await fetchOriginalSite(ctx, config.content.contentBusId, config.legacy);
|
|
413
|
-
if (originalSite && originalSite !== `${org}/${site}`) {
|
|
414
|
-
ctx.log.error(`original site ${originalSite} does not match requested ${org}/${site}.`);
|
|
415
|
-
if (scope === SCOPE_ADMIN) {
|
|
416
|
-
return new PipelineResponse('', {
|
|
417
|
-
status: 403,
|
|
418
|
-
headers: {
|
|
419
|
-
'x-error': 'original site mismatch',
|
|
420
|
-
...surrogateHeaders,
|
|
421
|
-
},
|
|
422
|
-
});
|
|
423
|
-
}
|
|
424
|
-
// todo: also send 403 for all scopes....but first observe only
|
|
425
|
-
}
|
|
426
408
|
|
|
427
409
|
if (config.extends && scope !== SCOPE_RAW) {
|
|
428
410
|
delete config.extends;
|
|
@@ -438,7 +420,8 @@ export async function getConfigResponse(ctx, opts) {
|
|
|
438
420
|
// access.require.repository ?
|
|
439
421
|
};
|
|
440
422
|
if (opts.scope === SCOPE_ADMIN || opts.scope === SCOPE_RAW) {
|
|
441
|
-
|
|
423
|
+
// eslint-disable-next-line max-len
|
|
424
|
+
config.access.admin = computeSiteAdminRoles(admin, config.groups, orgConfig?.groups, orgConfig?.users);
|
|
442
425
|
}
|
|
443
426
|
}
|
|
444
427
|
|