@autofleet/zehut 3.1.2-beta.9 → 3.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/lib/user/ApiUser.js +23 -12
  2. package/lib/user/api-user-flows.test.js +177 -0
  3. package/lib/utils.d.ts +0 -8
  4. package/lib/utils.js +1 -32
  5. package/package.json +9 -1
package/lib/user/ApiUser.js CHANGED
@@ -10,10 +10,30 @@ const object_hash_1 = __importDefault(require("object-hash"));
10
10
  const uuid_1 = require("uuid");
11
11
  const outbreak_1 = require("@autofleet/outbreak");
12
12
  const services_1 = require("../services");
13
- const utils_1 = require("../utils");
14
13
  exports.ELEVATED_PERMISSIONS_HEADER = 'x-af-elevated-permissions';
15
14
  exports.CONTEXTS_IDS_HEADER = 'x-af-context-ids';
16
15
  const userCache = new node_cache_1.default({ stdTTL: 10 });
16
+ const mergePermissions = (target, sources) => {
17
+ const permissions = {
18
+ ...(target || {}),
19
+ fleets: { ...target?.fleets },
20
+ businessModels: { ...target?.businessModels },
21
+ demandSources: { ...target?.demandSources },
22
+ // Clone other nested objects as needed
23
+ };
24
+ // eslint-disable-next-line no-restricted-syntax
25
+ for (const source of sources) {
26
+ Object.keys(source).forEach((entityType) => {
27
+ // eslint-disable-next-line no-param-reassign
28
+ permissions[entityType] ?? (permissions[entityType] = {});
29
+ Object.entries(source[entityType]).forEach(([entityId, perms]) => {
30
+ // eslint-disable-next-line no-param-reassign
31
+ permissions[entityType][entityId] = (permissions[entityType][entityId] || []).concat(perms);
32
+ });
33
+ });
34
+ }
35
+ return permissions;
36
+ };
17
37
  class ApiUser {
18
38
  constructor(id, accountType, elevatedPermissions, contextIds) {
19
39
  this.id = id;
@@ -82,22 +102,13 @@ class ApiUser {
82
102
  return Object.keys(this.privatePermissions[key] || {});
83
103
  }
84
104
  get elevatedPermissions() {
85
- let permissions = {
86
- fleets: {},
87
- businessModels: {},
88
- demandSources: {},
89
- };
90
- [...this.privateElevatedPermissionsHash.values()].forEach((p) => {
91
- permissions = (0, utils_1.mergeDeep)(permissions, p);
92
- });
93
- return permissions;
105
+ return mergePermissions(undefined, this.privateElevatedPermissionsHash.values());
94
106
  }
95
107
  get permissions() {
96
108
  if (!this.privatePermissions) {
97
109
  throw new Error('Cannot get permissions without calling (async) getUserPermissions before');
98
110
  }
99
- const permissions = (0, utils_1.mergeDeep)(this.privatePermissions, this.elevatedPermissions);
100
- return permissions;
111
+ return mergePermissions(this.privatePermissions, this.privateElevatedPermissionsHash.values());
101
112
  }
102
113
  elevatePermissions(addedPermissions) {
103
114
  const elevationId = (0, uuid_1.v4)();
package/lib/user/api-user-flows.test.js CHANGED
@@ -8,6 +8,20 @@ const express_1 = __importDefault(require("express"));
8
8
  const axios_1 = __importDefault(require("axios"));
9
9
  const index_1 = require("../index");
10
10
  const index_2 = require("./index");
11
+ const services_1 = require("../services");
12
+ jest.spyOn(services_1.IdentityNetwork, 'get').mockImplementation(async (url) => {
13
+ if (url.includes('/api/v1/users/')) {
14
+ return {
15
+ data: {
16
+ accountType: 'user',
17
+ fleets: {},
18
+ businessModels: {},
19
+ demandSources: {},
20
+ },
21
+ };
22
+ }
23
+ return { data: {} };
24
+ });
11
25
  const generateApp = async (addEndpoints, port) => {
12
26
  const app = (0, express_1.default)();
13
27
  addEndpoints(app);
@@ -122,4 +136,167 @@ describe('E2E', () => {
122
136
  closeServer1();
123
137
  expect(error.message).toEqual('Entity id on elevatePermissions is not a valid UUID, provided: nnn');
124
138
  });
139
+ it('should correctly handle elevation of permissions and their reversion', async () => {
140
+ let capturedError = null;
141
+ // Snapshots to capture state after each step
142
+ let afterFirstElevationElevated = {
143
+ fleets: {},
144
+ businessModels: {},
145
+ demandSources: {},
146
+ };
147
+ let afterFirstElevationCombined = {
148
+ fleets: {},
149
+ businessModels: {},
150
+ demandSources: {},
151
+ };
152
+ let afterSecondElevationElevated = {
153
+ fleets: {},
154
+ businessModels: {},
155
+ demandSources: {},
156
+ };
157
+ let afterSecondElevationCombined = {
158
+ fleets: {},
159
+ businessModels: {},
160
+ demandSources: {},
161
+ };
162
+ let afterCloseSecondElevated = {
163
+ fleets: {},
164
+ businessModels: {},
165
+ demandSources: {},
166
+ };
167
+ let afterCloseSecondCombined = {
168
+ fleets: {},
169
+ businessModels: {},
170
+ demandSources: {},
171
+ };
172
+ let afterCloseFirstElevated = {
173
+ fleets: {},
174
+ businessModels: {},
175
+ demandSources: {},
176
+ };
177
+ let afterCloseFirstCombined = {
178
+ fleets: {},
179
+ businessModels: {},
180
+ demandSources: {},
181
+ };
182
+ (0, index_1.enableTracing)({
183
+ outbreakOptions: {
184
+ headersPrefix: 'x-af-',
185
+ },
186
+ });
187
+ const userId = (0, uuid_1.v4)();
188
+ // Generate UUIDs for test entities
189
+ const fleetUUID1 = (0, uuid_1.v4)();
190
+ const fleetUUID2 = (0, uuid_1.v4)();
191
+ const bmUUID1 = (0, uuid_1.v4)();
192
+ const dsUUID1 = (0, uuid_1.v4)();
193
+ const dsUUID2 = (0, uuid_1.v4)();
194
+ // Spin up a test server
195
+ const closeServer = await generateApp((app) => {
196
+ app.use((0, index_2.middleware)());
197
+ app.get('/', async (req, res) => {
198
+ try {
199
+ const user = (0, index_1.getUser)();
200
+ // Load base permissions (mocked)
201
+ await user.getUserPermissions();
202
+ // Now user.privatePermissions is set
203
+ // 1. First Elevation
204
+ const closeElevation1 = user.elevatePermissions({
205
+ fleets: {
206
+ [fleetUUID1]: ['readF1'],
207
+ },
208
+ businessModels: {
209
+ [bmUUID1]: ['writeBM1'],
210
+ },
211
+ demandSources: {
212
+ [dsUUID1]: ['readDS1'],
213
+ },
214
+ });
215
+ // Capture elevated and combined permissions after first elevation
216
+ afterFirstElevationElevated = user.elevatedPermissions;
217
+ afterFirstElevationCombined = user.permissions; // Non-null assertion since privatePermissions is set
218
+ // 2. Second Elevation
219
+ const closeElevation2 = user.elevatePermissions({
220
+ fleets: {
221
+ [fleetUUID1]: ['manageF1'],
222
+ [fleetUUID2]: ['createF2'], // New fleet
223
+ },
224
+ businessModels: {
225
+ [bmUUID1]: ['writeBM2'], // Additional permission to existing business model
226
+ },
227
+ demandSources: {
228
+ [dsUUID2]: ['readDS2', 'readDS2'], // New demand source with duplicate permissions
229
+ },
230
+ });
231
+ // Capture elevated and combined permissions after second elevation
232
+ afterSecondElevationElevated = user.elevatedPermissions;
233
+ afterSecondElevationCombined = user.permissions;
234
+ // 3. Close Second Elevation
235
+ closeElevation2();
236
+ afterCloseSecondElevated = user.elevatedPermissions;
237
+ afterCloseSecondCombined = user.permissions;
238
+ // 4. Close First Elevation
239
+ closeElevation1();
240
+ afterCloseFirstElevated = user.elevatedPermissions;
241
+ afterCloseFirstCombined = user.permissions;
242
+ }
243
+ catch (e) {
244
+ capturedError = e;
245
+ }
246
+ res.json({ status: 'ok' });
247
+ });
248
+ }, 8089);
249
+ // Trigger the test route
250
+ const response = await axios_1.default.get('http://localhost:8089', {
251
+ headers: {
252
+ 'x-af-user-id': userId,
253
+ },
254
+ });
255
+ closeServer();
256
+ // Basic assertions
257
+ expect(response.status).toEqual(200);
258
+ expect(capturedError).toBeNull();
259
+ // ---------------------
260
+ // Assertions After First Elevation
261
+ // ---------------------
262
+ expect(afterFirstElevationElevated.fleets?.[fleetUUID1]).toEqual(expect.arrayContaining(['readF1']));
263
+ expect(afterFirstElevationElevated.businessModels?.[bmUUID1]).toEqual(expect.arrayContaining(['writeBM1']));
264
+ expect(afterFirstElevationElevated.demandSources?.[dsUUID1]).toEqual(expect.arrayContaining(['readDS1']));
265
+ expect(afterFirstElevationCombined.fleets?.[fleetUUID1]).toEqual(expect.arrayContaining(['readF1']));
266
+ expect(afterFirstElevationCombined.businessModels?.[bmUUID1]).toEqual(expect.arrayContaining(['writeBM1']));
267
+ expect(afterFirstElevationCombined.demandSources?.[dsUUID1]).toEqual(expect.arrayContaining(['readDS1']));
268
+ // ---------------------
269
+ // Assertions After Second Elevation
270
+ // ---------------------
271
+ expect(afterSecondElevationElevated.fleets?.[fleetUUID1]).toEqual(expect.arrayContaining(['readF1', 'manageF1']));
272
+ expect(afterSecondElevationElevated.fleets?.[fleetUUID2]).toEqual(expect.arrayContaining(['createF2']));
273
+ expect(afterSecondElevationElevated.businessModels?.[bmUUID1]).toEqual(expect.arrayContaining(['writeBM1', 'writeBM2']));
274
+ expect(afterSecondElevationElevated.demandSources?.[dsUUID2]).toEqual(expect.arrayContaining(['readDS2', 'readDS2']));
275
+ expect(afterSecondElevationCombined.fleets?.[fleetUUID1]).toEqual(expect.arrayContaining(['readF1', 'manageF1']));
276
+ expect(afterSecondElevationCombined.fleets?.[fleetUUID2]).toEqual(expect.arrayContaining(['createF2']));
277
+ expect(afterSecondElevationCombined.businessModels?.[bmUUID1]).toEqual(expect.arrayContaining(['writeBM1', 'writeBM2']));
278
+ expect(afterSecondElevationCombined.demandSources?.[dsUUID2]).toEqual(expect.arrayContaining(['readDS2', 'readDS2']));
279
+ // ---------------------
280
+ // Assertions After Closing Second Elevation
281
+ // ---------------------
282
+ expect(afterCloseSecondElevated.fleets?.[fleetUUID1]).toEqual(expect.arrayContaining(['readF1']));
283
+ expect(afterCloseSecondElevated.fleets?.[fleetUUID2]).toBeUndefined();
284
+ expect(afterCloseSecondElevated.businessModels?.[bmUUID1]).toEqual(expect.arrayContaining(['writeBM1']));
285
+ expect(afterCloseSecondElevated.demandSources?.[dsUUID1]).toEqual(expect.arrayContaining(['readDS1']));
286
+ expect(afterCloseSecondElevated.demandSources?.[dsUUID2]).toBeUndefined();
287
+ expect(afterCloseSecondCombined.fleets?.[fleetUUID1]).toEqual(expect.arrayContaining(['readF1']));
288
+ expect(afterCloseSecondCombined.fleets?.[fleetUUID2]).toBeUndefined();
289
+ expect(afterCloseSecondCombined.businessModels?.[bmUUID1]).toEqual(expect.arrayContaining(['writeBM1']));
290
+ expect(afterCloseSecondCombined.demandSources?.[dsUUID1]).toEqual(expect.arrayContaining(['readDS1']));
291
+ expect(afterCloseSecondCombined.demandSources?.[dsUUID2]).toBeUndefined();
292
+ // ---------------------
293
+ // Assertions After Closing First Elevation
294
+ // ---------------------
295
+ expect(afterCloseFirstElevated.fleets).toEqual({});
296
+ expect(afterCloseFirstElevated.businessModels).toEqual({});
297
+ expect(afterCloseFirstElevated.demandSources).toEqual({});
298
+ expect(afterCloseFirstCombined.fleets).toEqual({});
299
+ expect(afterCloseFirstCombined.businessModels).toEqual({});
300
+ expect(afterCloseFirstCombined.demandSources).toEqual({});
301
+ });
125
302
  });
package/lib/utils.d.ts CHANGED
@@ -3,11 +3,3 @@ export declare const decodeBearer: (bearer: string, appSecret?: string) => any;
3
3
  export declare const parsePermissions: (contextId: any, decodedToken: any) => any;
4
4
  export declare const getEntitiesFromContext: (contextId: string, decodedToken: any) => any;
5
5
  export declare const getContextAttributes: (contextId: string, decodedToken: any) => any;
6
- /**
7
- * Custom deep merge function that merges `source` into `target`.
8
- *
9
- * @param target - The object to receive merged properties.
10
- * @param source - The object whose properties are merged into the target.
11
- * @returns The modified `target` object.
12
- */
13
- export declare const mergeDeep: <T extends object>(target: T, source: Partial<T>) => T;
package/lib/utils.js CHANGED
@@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
23
23
  return result;
24
24
  };
25
25
  Object.defineProperty(exports, "__esModule", { value: true });
26
- exports.mergeDeep = exports.getContextAttributes = exports.getEntitiesFromContext = exports.parsePermissions = exports.decodeBearer = exports.getAuthFromBearer = void 0;
26
+ exports.getContextAttributes = exports.getEntitiesFromContext = exports.parsePermissions = exports.decodeBearer = exports.getAuthFromBearer = void 0;
27
27
  /* eslint-disable prefer-destructuring */
28
28
  const jwt = __importStar(require("jsonwebtoken"));
29
29
  const secret_getter_1 = require("./secret-getter");
@@ -97,34 +97,3 @@ const getContextAttributes = (contextId, decodedToken) => {
97
97
  return attributes;
98
98
  };
99
99
  exports.getContextAttributes = getContextAttributes;
100
- /**
101
- * A simple helper to check if a value is a plain object.
102
- */
103
- const isObject = (value) => (typeof value === 'object'
104
- && value !== null
105
- && !Array.isArray(value));
106
- /**
107
- * Custom deep merge function that merges `source` into `target`.
108
- *
109
- * @param target - The object to receive merged properties.
110
- * @param source - The object whose properties are merged into the target.
111
- * @returns The modified `target` object.
112
- */
113
- const mergeDeep = (target, source) => {
114
- if (!isObject(target) || !isObject(source)) {
115
- throw new Error('Both arguments must be objects to merge');
116
- }
117
- Object.keys(source).forEach((key) => {
118
- const sourceValue = source[key];
119
- const targetValue = target[key];
120
- if (isObject(sourceValue) && isObject(targetValue)) {
121
- (0, exports.mergeDeep)(targetValue, sourceValue);
122
- }
123
- else {
124
- // eslint-disable-next-line no-param-reassign
125
- target[key] = sourceValue;
126
- }
127
- });
128
- return target;
129
- };
130
- exports.mergeDeep = mergeDeep;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@autofleet/zehut",
3
- "version": "3.1.2-beta.9",
3
+ "version": "3.1.2",
4
4
  "description": "manage user's identity",
5
5
  "main": "lib/index.js",
6
6
  "types": "lib/index.d.ts",
@@ -48,6 +48,14 @@
48
48
  "ts-jest": "^29.1.1",
49
49
  "typescript": "^4.9.5"
50
50
  },
51
+ "peerDependencies": {
52
+ "@autofleet/shtinker": "^1.2.0"
53
+ },
54
+ "peerDependenciesMeta": {
55
+ "@autofleet/shtinker": {
56
+ "optional": true
57
+ }
58
+ },
51
59
  "files": [
52
60
  "lib/**/*"
53
61
  ]