@autofleet/zehut 3.1.2-beta.12 → 3.1.2-beta.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/user/ApiUser.js +6 -22
- package/lib/user/api-user-flows.test.js +1 -2
- package/lib/utils.d.ts +1 -0
- package/lib/utils.js +12 -1
- package/package.json +1 -1
package/lib/user/ApiUser.js
CHANGED
|
@@ -10,6 +10,7 @@ const object_hash_1 = __importDefault(require("object-hash"));
|
|
|
10
10
|
const uuid_1 = require("uuid");
|
|
11
11
|
const outbreak_1 = require("@autofleet/outbreak");
|
|
12
12
|
const services_1 = require("../services");
|
|
13
|
+
const utils_1 = require("../utils");
|
|
13
14
|
exports.ELEVATED_PERMISSIONS_HEADER = 'x-af-elevated-permissions';
|
|
14
15
|
exports.CONTEXTS_IDS_HEADER = 'x-af-context-ids';
|
|
15
16
|
const userCache = new node_cache_1.default({ stdTTL: 10 });
|
|
@@ -81,21 +82,13 @@ class ApiUser {
|
|
|
81
82
|
return Object.keys(this.privatePermissions[key] || {});
|
|
82
83
|
}
|
|
83
84
|
get elevatedPermissions() {
|
|
84
|
-
|
|
85
|
+
let permissions = {
|
|
85
86
|
fleets: {},
|
|
86
87
|
businessModels: {},
|
|
87
88
|
demandSources: {},
|
|
88
89
|
};
|
|
89
|
-
[...this.privateElevatedPermissionsHash.values()].forEach((
|
|
90
|
-
|
|
91
|
-
if (!permissions[topLevelKey]) {
|
|
92
|
-
permissions[topLevelKey] = {};
|
|
93
|
-
}
|
|
94
|
-
// Merge each [entityId => string[]]
|
|
95
|
-
Object.entries(p[topLevelKey]).forEach(([entityId, perms]) => {
|
|
96
|
-
permissions[topLevelKey][entityId] = (permissions[topLevelKey][entityId] || []).concat(perms);
|
|
97
|
-
});
|
|
98
|
-
});
|
|
90
|
+
[...this.privateElevatedPermissionsHash.values()].forEach((elevatedPermissions) => {
|
|
91
|
+
permissions = (0, utils_1.mergePermissions)(permissions, elevatedPermissions);
|
|
99
92
|
});
|
|
100
93
|
return permissions;
|
|
101
94
|
}
|
|
@@ -103,17 +96,8 @@ class ApiUser {
|
|
|
103
96
|
if (!this.privatePermissions) {
|
|
104
97
|
throw new Error('Cannot get permissions without calling (async) getUserPermissions before');
|
|
105
98
|
}
|
|
106
|
-
const
|
|
107
|
-
|
|
108
|
-
if (!base[topLevelKey]) {
|
|
109
|
-
base[topLevelKey] = {};
|
|
110
|
-
}
|
|
111
|
-
// Merge each [entityId => string[]]
|
|
112
|
-
Object.entries(this.elevatedPermissions[topLevelKey]).forEach(([entityId, perms]) => {
|
|
113
|
-
base[topLevelKey][entityId] = (base[topLevelKey][entityId] || []).concat(perms);
|
|
114
|
-
});
|
|
115
|
-
});
|
|
116
|
-
return base;
|
|
99
|
+
const permissions = (0, utils_1.mergePermissions)(this.privatePermissions, this.elevatedPermissions);
|
|
100
|
+
return permissions;
|
|
117
101
|
}
|
|
118
102
|
elevatePermissions(addedPermissions) {
|
|
119
103
|
const elevationId = (0, uuid_1.v4)();
|
|
@@ -136,7 +136,7 @@ describe('E2E', () => {
|
|
|
136
136
|
closeServer1();
|
|
137
137
|
expect(error.message).toEqual('Entity id on elevatePermissions is not a valid UUID, provided: nnn');
|
|
138
138
|
});
|
|
139
|
-
it('should correctly handle elevation of permissions and their reversion', async () => {
|
|
139
|
+
it.only('should correctly handle elevation of permissions and their reversion', async () => {
|
|
140
140
|
let capturedError = null;
|
|
141
141
|
// Snapshots to capture state after each step
|
|
142
142
|
let afterFirstElevationElevated = {
|
|
@@ -257,7 +257,6 @@ describe('E2E', () => {
|
|
|
257
257
|
// Basic assertions
|
|
258
258
|
expect(response.status).toEqual(200);
|
|
259
259
|
expect(capturedError).toBeNull();
|
|
260
|
-
console.log('afterFirstElevationElevated', afterFirstElevationElevated);
|
|
261
260
|
// ---------------------
|
|
262
261
|
// Assertions After First Elevation
|
|
263
262
|
// ---------------------
|
package/lib/utils.d.ts
CHANGED
|
@@ -3,3 +3,4 @@ export declare const decodeBearer: (bearer: string, appSecret?: string) => any;
|
|
|
3
3
|
export declare const parsePermissions: (contextId: any, decodedToken: any) => any;
|
|
4
4
|
export declare const getEntitiesFromContext: (contextId: string, decodedToken: any) => any;
|
|
5
5
|
export declare const getContextAttributes: (contextId: string, decodedToken: any) => any;
|
|
6
|
+
export declare const mergePermissions: (target: any, sources: any) => any;
|
package/lib/utils.js
CHANGED
|
@@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
|
|
|
23
23
|
return result;
|
|
24
24
|
};
|
|
25
25
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
26
|
-
exports.getContextAttributes = exports.getEntitiesFromContext = exports.parsePermissions = exports.decodeBearer = exports.getAuthFromBearer = void 0;
|
|
26
|
+
exports.mergePermissions = exports.getContextAttributes = exports.getEntitiesFromContext = exports.parsePermissions = exports.decodeBearer = exports.getAuthFromBearer = void 0;
|
|
27
27
|
/* eslint-disable prefer-destructuring */
|
|
28
28
|
const jwt = __importStar(require("jsonwebtoken"));
|
|
29
29
|
const secret_getter_1 = require("./secret-getter");
|
|
@@ -97,3 +97,14 @@ const getContextAttributes = (contextId, decodedToken) => {
|
|
|
97
97
|
return attributes;
|
|
98
98
|
};
|
|
99
99
|
exports.getContextAttributes = getContextAttributes;
|
|
100
|
+
const mergePermissions = (target, sources) => {
|
|
101
|
+
const base = JSON.parse(JSON.stringify(target));
|
|
102
|
+
Object.keys(sources).forEach((topLevelKey) => {
|
|
103
|
+
base[topLevelKey] ?? (base[topLevelKey] = {});
|
|
104
|
+
Object.entries(sources[topLevelKey]).forEach(([entityId, perms]) => {
|
|
105
|
+
base[topLevelKey][entityId] = (base[topLevelKey][entityId] || []).concat(perms);
|
|
106
|
+
});
|
|
107
|
+
});
|
|
108
|
+
return base;
|
|
109
|
+
};
|
|
110
|
+
exports.mergePermissions = mergePermissions;
|