@appsemble/utils 0.29.11 → 0.30.2

package/authorization.js

@@ -0,0 +1,171 @@
+import { appOrganizationPermissionMapping, AppPermission, PredefinedAppRole, predefinedAppRolePermissions, predefinedOrganizationRolePermissions, } from '@appsemble/types';
+function checkAppPermissions(acquiredPermissions, requiredPermissions) {
+    const customAppResourcePermissionPattern = /^\$resource:[^:]+:(get|query|create|delete|patch|update)$/;
+    const customAppOwnResourcePermissionPattern = /^\$resource:[^:]+:own:(get|query|delete|patch|update)$/;
+    const customAppResourceViewPermissionPattern = /^\$resource:[^:]+:(get|query):[^:]+$/;
+    return requiredPermissions.every((p) => {
+        if (acquiredPermissions.includes(p)) {
+            return true;
+        }
+        if (customAppResourcePermissionPattern.test(p)) {
+            const [, , resourceAction] = p.split(':');
+            return acquiredPermissions.includes(`$resource:all:${resourceAction}`);
+        }
+        if (customAppOwnResourcePermissionPattern.test(p)) {
+            const [, resourceName, , resourceAction] = p.split(':');
+            return (acquiredPermissions.includes(`$resource:all:${resourceAction}`) ||
+                acquiredPermissions.includes(`$resource:all:own:${resourceAction}`) ||
+                acquiredPermissions.includes(`$resource:${resourceName}:${resourceAction}`));
+        }
+        if (customAppResourceViewPermissionPattern.test(p)) {
+            const [, resourceName, resourceAction, view] = p.split(':');
+            return (acquiredPermissions.includes(`$resource:${resourceName}:${resourceAction}`) ||
+                acquiredPermissions.includes(`$resource:all:${resourceAction}`) ||
+                acquiredPermissions.includes(`$resource:all:${resourceAction}:${view}`));
+        }
+    });
+}
+export function getAppInheritedRoles(appSecurityDefinition, roles, accumulatedRoles = []) {
+    var _a;
+    if (!appSecurityDefinition || !roles) {
+        return [];
+    }
+    for (const role of roles) {
+        if (!accumulatedRoles.includes(role)) {
+            accumulatedRoles.push(role);
+            const roleDefinition = (_a = appSecurityDefinition.roles) === null || _a === void 0 ? void 0 : _a[role];
+            if (roleDefinition && roleDefinition.inherits) {
+                accumulatedRoles.push(...getAppInheritedRoles(appSecurityDefinition, roleDefinition.inherits, accumulatedRoles));
+            }
+        }
+    }
+    return Array.from(new Set(accumulatedRoles));
+}
+export function getAppRolePermissions(appSecurityDefinition, roles) {
+    var _a;
+    const accumulatedPermissions = [];
+    const inheritedRoles = getAppInheritedRoles(appSecurityDefinition, roles);
+    for (const role of inheritedRoles) {
+        const roleDefinition = (_a = appSecurityDefinition.roles) === null || _a === void 0 ? void 0 : _a[role];
+        if (roleDefinition) {
+            const rolePermissions = roleDefinition.permissions;
+            if (rolePermissions) {
+                accumulatedPermissions.push(...rolePermissions);
+            }
+        }
+        else {
+            const predefinedRolePermissions = predefinedAppRolePermissions[role];
+            if (predefinedRolePermissions) {
+                accumulatedPermissions.push(...predefinedRolePermissions);
+            }
+        }
+    }
+    return Array.from(new Set(accumulatedPermissions));
+}
+export function getGuestAppPermissions(appSecurityDefinition) {
+    if (!appSecurityDefinition || !appSecurityDefinition.guest) {
+        return [];
+    }
+    return [
+        ...(appSecurityDefinition.guest.permissions || []),
+        ...getAppRolePermissions(appSecurityDefinition, appSecurityDefinition.guest.inherits),
+    ];
+}
+export function checkGuestAppPermissions(appSecurityDefinition, requiredPermissions) {
+    const guestPermissions = getGuestAppPermissions(appSecurityDefinition);
+    return checkAppPermissions(guestPermissions, requiredPermissions);
+}
+export function getAppRoles(appSecurityDefinition) {
+    return Array.from(new Set([
+        ...Object.keys((appSecurityDefinition === null || appSecurityDefinition === void 0 ? void 0 : appSecurityDefinition.roles) || {}),
+        ...Object.keys(PredefinedAppRole),
+    ]));
+}
+export function getAppPossibleGuestPermissions(appDefinition) {
+    const possibleAllViews = {};
+    const resourceDefinitions = Object.values(appDefinition.resources || {});
+    for (const resourceDefinition of resourceDefinitions) {
+        for (const view of Object.keys(resourceDefinition.views || {})) {
+            possibleAllViews[view] = true;
+        }
+    }
+    for (const view of Object.keys(possibleAllViews)) {
+        if (resourceDefinitions.some((resourceDefinition) => { var _a; return !((_a = resourceDefinition.views) === null || _a === void 0 ? void 0 : _a[view]); })) {
+            possibleAllViews[view] = false;
+        }
+    }
+    for (const view in possibleAllViews) {
+        if (!possibleAllViews[view]) {
+            delete possibleAllViews[view];
+        }
+    }
+    return [
+        ...Object.values(AppPermission),
+        ...Object.entries(appDefinition.resources || {}).flatMap(([resourceName, resourceDefinition]) => [
+            `$resource:${resourceName}:create`,
+            `$resource:${resourceName}:query`,
+            `$resource:${resourceName}:get`,
+            `$resource:${resourceName}:update`,
+            `$resource:${resourceName}:patch`,
+            `$resource:${resourceName}:delete`,
+            ...Object.keys(resourceDefinition.views || {}).flatMap((resourceView) => [
+                `$resource:${resourceName}:query:${resourceView}`,
+                `$resource:${resourceName}:get:${resourceView}`,
+            ]),
+            ...Object.keys(possibleAllViews).flatMap((view) => [
+                `$resource:all:query:${view}`,
+                `$resource:all:get:${view}`,
+            ]),
+        ]),
+    ];
+}
+export function getAppPossiblePermissions(appDefinition) {
+    return [
+        ...getAppPossibleGuestPermissions(appDefinition),
+        ...Object.keys(appDefinition.resources || {}).flatMap((resourceName) => [
+            `$resource:${resourceName}:own:query`,
+            `$resource:${resourceName}:own:get`,
+            `$resource:${resourceName}:own:update`,
+            `$resource:${resourceName}:own:patch`,
+            `$resource:${resourceName}:own:delete`,
+        ]),
+    ];
+}
+export function getAppRolesByPermissions(appSecurityDefinition, requiredPermissions) {
+    const roles = getAppRoles(appSecurityDefinition);
+    const compliantRoles = [];
+    for (const role of roles) {
+        if (checkAppPermissions(getAppRolePermissions(appSecurityDefinition, [role]), requiredPermissions)) {
+            compliantRoles.push(role);
+        }
+    }
+    if (checkAppPermissions(getGuestAppPermissions(appSecurityDefinition), requiredPermissions)) {
+        compliantRoles.push('Guest');
+    }
+    return compliantRoles;
+}
+export function checkAppRoleAppPermissions(appSecurityDefinition, appRole, requiredPermissions) {
+    const appRolePermissions = getAppRolePermissions(appSecurityDefinition, [appRole]);
+    return checkAppPermissions(appRolePermissions, requiredPermissions);
+}
+export function checkOrganizationRoleAppPermissions(organizationRole, requiredPermissions) {
+    if (!organizationRole) {
+        return false;
+    }
+    const organizationRolePermissions = predefinedOrganizationRolePermissions[organizationRole];
+    return requiredPermissions.every((p) => {
+        let mappedPermission = appOrganizationPermissionMapping[p];
+        if (!mappedPermission) {
+            const customAppPermission = p;
+            if (customAppPermission.startsWith('$resource')) {
+                mappedPermission =
+                    appOrganizationPermissionMapping[p.replace(/:[^:]*:/, ':all:')];
+            }
+        }
+        return organizationRolePermissions.includes(mappedPermission);
+    });
+}
+export function checkOrganizationRoleOrganizationPermissions(organizationRole, requiredPermissions) {
+    return requiredPermissions.every((p) => predefinedOrganizationRolePermissions[organizationRole].includes(p));
+}
+//# sourceMappingURL=authorization.js.map

package/constants/index.d.ts

@@ -5,5 +5,3 @@ export * from './fonts.js';
 export * from './locale.js';
 export * from './scopes.js';
 export * from './patterns.js';
-export * from './roles.js';
-export * from './Permission.js';

package/constants/index.js

@@ -5,6 +5,4 @@ export * from './fonts.js';
 export * from './locale.js';
 export * from './scopes.js';
 export * from './patterns.js';
-export * from './roles.js';
-export * from './Permission.js';
 //# sourceMappingURL=index.js.map

package/constants/scopes.d.ts

@@ -1,4 +1,4 @@
 /**
  * All known OAuth2 scopes for client credentials.
  */
-export declare const scopes: readonly ["apps:export", "apps:write", "apps:delete", "blocks:write", "blocks:delete", "organizations:write", "resources:read", "resources:write", "assets:write", "teams:read", "teams:write"];
+export declare const scopes: readonly ["apps:export", "apps:write", "apps:delete", "blocks:write", "blocks:delete", "organizations:write", "resources:read", "resources:write", "assets:write", "groups:read", "groups:write"];

package/constants/scopes.js

@@ -11,7 +11,7 @@ export const scopes = [
     'resources:read',
     'resources:write',
     'assets:write',
-    'teams:read',
-    'teams:write',
+    'groups:read',
+    'groups:write',
 ];
 //# sourceMappingURL=scopes.js.map

package/examples.js

@@ -27,12 +27,17 @@ export const examples = {
         },
         result: 'https://example-app.example-organization.example.com',
     },
-    appMember: {
+    'app.member': {
         input: null,
         remapper: {},
         result: {},
         skip: true,
     },
+    type: {
+        input: [1, 2, 3],
+        remapper: { type: null },
+        result: 'array',
+    },
     array: {
         input: ['a', 'b', 'c'],
         remapper: {
@@ -112,6 +117,30 @@ export const examples = {
             },
         ],
     },
+    'array.filter': {
+        input: [
+            {
+                name: 'Peter',
+            },
+            {
+                name: 'Louis',
+            },
+            {
+                name: 'Brian',
+            },
+        ],
+        remapper: {
+            'array.filter': {
+                equals: [
+                    {
+                        prop: 'name',
+                    },
+                    'Louis',
+                ],
+            },
+        },
+        result: [{ name: 'Louis' }],
+    },
     'array.find': {
         input: [
             {
@@ -649,12 +678,6 @@ export const examples = {
         result: {},
         skip: true,
     },
-    user: {
-        input: null,
-        remapper: {},
-        result: {},
-        skip: true,
-    },
     container: {
         input: null,
         remapper: {},
@@ -689,18 +712,23 @@ export function createExampleContext(url, lang, userInfo, history) {
         getVariable: (name) => (name === 'MY_VARIABLE' ? 'variable value' : null),
         url: String(url),
         appUrl: `${url.protocol}//example-app.example-organization.${url.host}`,
-        userInfo: userInfo !== null && userInfo !== void 0 ? userInfo : {
-            sub: 'default-example-sub',
-            name: 'default-example-name',
-            email: 'default@example.com',
-            email_verified: false,
-        },
         context: {},
         history: history !== null && history !== void 0 ? history : ['Default example value'],
         appId: 0,
         locale: 'en',
         pageData: { default: 'Page data' },
-        appMember: userInfo === null || userInfo === void 0 ? void 0 : userInfo.appMember,
+        appMemberInfo: {
+            sub: 'default-example-id',
+            email: 'default-app-member@example.com',
+            email_verified: true,
+            name: 'default-example-name',
+            demo: false,
+            role: 'Member',
+            zoneinfo: 'Europe/Amsterdam',
+            properties: {
+                completedExamples: [],
+            },
+        },
     };
 }
 //# sourceMappingURL=examples.js.map

package/index.d.ts

@@ -1,7 +1,6 @@
 import './types.js';
 export * from './api/index.js';
 export * from './appMessages.js';
-export * from './appSecurity.js';
 export * from './blockUtils.js';
 export * from './compare.js';
 export * from './constants/index.js';
@@ -11,7 +10,6 @@ export * from './noop.js';
 export * from './normalize.js';
 export * from './validateStyle.js';
 export * from './prefix.js';
-export * from './checkAppRole.js';
 export * from './formatRequestAction.js';
 export * from './iterApp.js';
 export * from './jsonschema.js';
@@ -29,6 +27,8 @@ export * from './serverActions.js';
 export * from './validation.js';
 export * from './serializeResource.js';
 export * from './convertToCsv.js';
+export * from './authorization.js';
+export * from './appMembers.js';
 export * from './assets.js';
 export * from './validateAppMessages.js';
 export * from './findPageByName.js';

package/index.js

@@ -1,7 +1,6 @@
 import './types.js';
 export * from './api/index.js';
 export * from './appMessages.js';
-export * from './appSecurity.js';
 export * from './blockUtils.js';
 export * from './compare.js';
 export * from './constants/index.js';
@@ -11,7 +10,6 @@ export * from './noop.js';
 export * from './normalize.js';
 export * from './validateStyle.js';
 export * from './prefix.js';
-export * from './checkAppRole.js';
 export * from './formatRequestAction.js';
 export * from './iterApp.js';
 export * from './jsonschema.js';
@@ -29,6 +27,8 @@ export * from './serverActions.js';
 export * from './validation.js';
 export * from './serializeResource.js';
 export * from './convertToCsv.js';
+export * from './authorization.js';
+export * from './appMembers.js';
 export * from './assets.js';
 export * from './validateAppMessages.js';
 export * from './findPageByName.js';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@appsemble/utils",
-  "version": "0.29.11",
+  "version": "0.30.2",
   "description": "Utility functions used in Appsemble internally",
   "keywords": [
     "app",
@@ -37,7 +37,7 @@
     "test": "vitest"
   },
   "dependencies": {
-    "@appsemble/types": "0.29.11",
+    "@appsemble/types": "0.30.2",
     "axios": "^1.0.0",
     "cron-parser": "^4.0.0",
     "date-fns": "^2.0.0",

package/reference-schemas/remappers/arrays.js

@@ -100,6 +100,37 @@ remapper is a filtered list:
     "age": 20
   }
 ]
+\`\`\`
+    `,
+    },
+    'array.filter': {
+        $ref: '#/components/schemas/RemapperDefinition',
+        description: `
+Filters out values based on the input conditions provided.
+
+For example:
+
+${schemaExample('array.filter')}
+
+Example of how it can be used to filter a number array.
+
+Input:
+
+\`\`\`json
+[1,2,1,3,4,1,5]
+\`\`\`
+
+\`\`\`yaml
+array.filter:
+  equals:
+    - array: item
+    - 1
+\`\`\`
+
+Result:
+
+\`\`\`json
+[1,1,1]
 \`\`\`
     `,
     },

package/reference-schemas/remappers/data.js

@@ -304,22 +304,34 @@ parameters:
 
 `,
     },
-    user: {
-        enum: ['sub', 'name', 'email', 'email_verified', 'picture', 'profile', 'locale', 'properties'],
+    'app.member': {
+        enum: [
+            'sub',
+            'name',
+            'email',
+            'email_verified',
+            'picture',
+            'locale',
+            'zoneinfo',
+            'role',
+            'properties',
+        ],
         description: `
-> **Note:** For this remapper to work, the user that activated the remapper has to be logged in to
+> **Note:** For this remapper to work, the app member that activated the remapper has to be logged in to
 > the app
 
-Provides some fields of user information taken from the OpenID user info. These fields are:
+Provides some fields of app member information taken from the OpenID user info. These fields are:
 
-- \`email\`: User’s **primary** email address
-- \`email_verified\`: Whether the user’s primary email address is verified or not (\`boolean\`)
-- \`locale\`: The user’s default language [\`BCP47\`](https://en.wikipedia.org/wiki/IETF_language_tag)
+- \`sub\`: The app member’s identifier
+- \`name\`: The app member’s name
+- \`email\`: The app member’s **primary** email address
+- \`email_verified\`: Whether the app member’s primary email address is verified or not (\`boolean\`)
+- \`picture\`: Full URL to the app member’s profile picture web address
+- \`locale\`: The app member’s default language [\`BCP47\`](https://en.wikipedia.org/wiki/IETF_language_tag)
   language tag (ex. \`en\`) (Broken)
-- \`name\`: The user’s name
-- \`picture\`: Full URL to the user’s profile picture web address
-- \`sub\`: The user’s identifier
-- \`properties\`: Custom properties defined on the user
+- \`zoneinfo\`: The app member’s timezone
+- \`role\`: The role of the app member in the app
+- \`properties\`: Custom properties defined on the app member
 
 Example:
 
@@ -333,33 +345,6 @@ Example:
   "sub": "5c6270e2-ad31-414f-bcab-6752a2c4dcfd",
   "properties": {}
 }
-\`\`\`
-    `,
-    },
-    appMember: {
-        enum: ['userId', 'memberId', 'name', 'primary_email', 'role'],
-        description: `
-> **Note:** For this remapper to work, the user that activated the remapper has to be logged in to
-> the app
-
-Provides some fields of the appMember object.
-
-- \`userId\`: The id of the user to which the appMember object belongs.
-- \`memberId\`: The id of the appMember object itself. This value should be used when fetching resources created by the current user.
-- \`primary_email\`: User’s **primary** email address.
-- \`name\`: The user’s name.
-- \`role\`: User's role in the context of the app.
-
-Example:
-
-\`\`\`json
-{
-  "memberId": "1f433c7a-54ea-466e-89f7-5dbb8f324b12",
-  "name": "Test User"
-  "primaryEmail": "example@hotmail.nl",
-  "role": "Medewerker",
-  "userId": "5c6270e2-ad31-414f-bcab-6752a2c4dcfd"
-}
 \`\`\`
     `,
     },

package/reference-schemas/remappers/unsorted.js

@@ -145,6 +145,24 @@ object will be checked. The result looks like this:
             },
         ],
     },
+    type: {
+        enum: [null],
+        description: `Returns the type of the input object
+
+For example, with the following input value:
+\`\`\`json
+[0, 5, 7, 8]
+\`\`\`
+\`\`\`yaml
+type: null
+\`\`\`
+
+The result will be:
+\`\`\`json
+"array"
+\`\`\`
+    `,
+    },
     log: {
         enum: ['info', 'warn', 'error'],
         description: `Logs in the browser's console and returns the incoming data and the remapper function's context.

package/remap.d.ts

@@ -1,4 +1,4 @@
-import { type AppMember, type Remapper, type UserInfo, type ValueFromProcess } from '@appsemble/types';
+import { type AppMemberInfo, type Remapper, type ValueFromProcess } from '@appsemble/types';
 import { type IntlMessageFormat } from 'intl-messageformat';
 export interface IntlMessage {
     id?: string;
@@ -46,17 +46,13 @@ export interface RemapperContext {
      */
     pageData?: unknown;
     /**
-     * The OpenID compatible userinfo object for the current user.
+     * The OpenID compatible userinfo object for the current app member.
      */
-    userInfo: UserInfo;
+    appMemberInfo: AppMemberInfo;
     /**
      * A custom context passed to the remap function.
      */
     context: Record<string, any>;
-    /**
-     * The appMember object for the current user in the app.
-     */
-    appMember: AppMember;
 }
 interface InternalContext extends RemapperContext {
     root?: unknown;

package/remap.js

@@ -194,6 +194,16 @@ const mapperImplementations = {
         }
         return result;
     },
+    type(args, input) {
+        // eslint-disable-next-line eqeqeq
+        if (input === null) {
+            return null;
+        }
+        if (Array.isArray(input)) {
+            return 'array';
+        }
+        return typeof input;
+    },
     'array.map': (mapper, input, context) => {
         var _a;
         return (_a = input === null || input === void 0 ? void 0 : input.map((item, index) => remap(mapper, item, {
@@ -221,6 +231,19 @@ const mapperImplementations = {
         });
     },
     array: (prop, input, context) => { var _a; return (_a = context.array) === null || _a === void 0 ? void 0 : _a[prop]; },
+    'array.filter'(mapper, input, context) {
+        if (!Array.isArray(input)) {
+            console.error(`${input} is not an array!`);
+            return null;
+        }
+        return input === null || input === void 0 ? void 0 : input.filter((item, index) => {
+            const remapped = remap(mapper, item, {
+                ...context,
+                array: { index, length: input.length, item },
+            });
+            return remapped;
+        });
+    },
     'array.find'(mapper, input, context) {
         var _a;
         if (!Array.isArray(input)) {
@@ -413,8 +436,7 @@ const mapperImplementations = {
         const message = context.getMessage({ id: messageId });
         return message.format() || `{${messageId}}`;
     },
-    user: (property, input, context) => { var _a; return (_a = context.userInfo) === null || _a === void 0 ? void 0 : _a[property]; },
-    appMember: (property, input, context) => { var _a, _b; return (_b = (_a = context.userInfo) === null || _a === void 0 ? void 0 : _a.appMember) === null || _b === void 0 ? void 0 : _b[property]; },
+    'app.member': (property, input, context) => { var _a; return (_a = context.appMemberInfo) === null || _a === void 0 ? void 0 : _a[property]; },
     container(property, input, context) {
         // This value is replaced when the request is made
         // By using the value of the release name