npm - @backstage-community/plugin-rbac-backend - Versions diffs - 5.2.3 - Mend

@backstage-community/plugin-rbac-backend 5.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (70) hide show

package/CHANGELOG.md +671 -0
package/README.md +220 -0
package/config.d.ts +68 -0
package/dist/admin-permissions/admin-creation.cjs.js +117 -0
package/dist/admin-permissions/admin-creation.cjs.js.map +1 -0
package/dist/audit-log/audit-logger.cjs.js +108 -0
package/dist/audit-log/audit-logger.cjs.js.map +1 -0
package/dist/audit-log/rest-errors-interceptor.cjs.js +100 -0
package/dist/audit-log/rest-errors-interceptor.cjs.js.map +1 -0
package/dist/conditional-aliases/alias-resolver.cjs.js +76 -0
package/dist/conditional-aliases/alias-resolver.cjs.js.map +1 -0
package/dist/database/casbin-adapter-factory.cjs.js +87 -0
package/dist/database/casbin-adapter-factory.cjs.js.map +1 -0
package/dist/database/conditional-storage.cjs.js +172 -0
package/dist/database/conditional-storage.cjs.js.map +1 -0
package/dist/database/migration.cjs.js +21 -0
package/dist/database/migration.cjs.js.map +1 -0
package/dist/database/role-metadata.cjs.js +89 -0
package/dist/database/role-metadata.cjs.js.map +1 -0
package/dist/file-permissions/csv-file-watcher.cjs.js +407 -0
package/dist/file-permissions/csv-file-watcher.cjs.js.map +1 -0
package/dist/file-permissions/file-watcher.cjs.js +46 -0
package/dist/file-permissions/file-watcher.cjs.js.map +1 -0
package/dist/file-permissions/yaml-conditional-file-watcher.cjs.js +208 -0
package/dist/file-permissions/yaml-conditional-file-watcher.cjs.js.map +1 -0
package/dist/helper.cjs.js +171 -0
package/dist/helper.cjs.js.map +1 -0
package/dist/index.cjs.js +14 -0
package/dist/index.cjs.js.map +1 -0
package/dist/index.d.ts +45 -0
package/dist/plugin.cjs.js +79 -0
package/dist/plugin.cjs.js.map +1 -0
package/dist/policies/allow-all-policy.cjs.js +12 -0
package/dist/policies/allow-all-policy.cjs.js.map +1 -0
package/dist/policies/permission-policy.cjs.js +243 -0
package/dist/policies/permission-policy.cjs.js.map +1 -0
package/dist/providers/connect-providers.cjs.js +211 -0
package/dist/providers/connect-providers.cjs.js.map +1 -0
package/dist/role-manager/ancestor-search-memo.cjs.js +159 -0
package/dist/role-manager/ancestor-search-memo.cjs.js.map +1 -0
package/dist/role-manager/member-list.cjs.js +101 -0
package/dist/role-manager/member-list.cjs.js.map +1 -0
package/dist/role-manager/role-manager.cjs.js +281 -0
package/dist/role-manager/role-manager.cjs.js.map +1 -0
package/dist/service/enforcer-delegate.cjs.js +353 -0
package/dist/service/enforcer-delegate.cjs.js.map +1 -0
package/dist/service/permission-model.cjs.js +21 -0
package/dist/service/permission-model.cjs.js.map +1 -0
package/dist/service/plugin-endpoints.cjs.js +121 -0
package/dist/service/plugin-endpoints.cjs.js.map +1 -0
package/dist/service/policies-rest-api.cjs.js +949 -0
package/dist/service/policies-rest-api.cjs.js.map +1 -0
package/dist/service/policy-builder.cjs.js +134 -0
package/dist/service/policy-builder.cjs.js.map +1 -0
package/dist/service/router.cjs.js +24 -0
package/dist/service/router.cjs.js.map +1 -0
package/dist/validation/condition-validation.cjs.js +107 -0
package/dist/validation/condition-validation.cjs.js.map +1 -0
package/dist/validation/policies-validation.cjs.js +194 -0
package/dist/validation/policies-validation.cjs.js.map +1 -0
package/migrations/20231015161232_migrations.js +41 -0
package/migrations/20231212224526_migrations.js +84 -0
package/migrations/20231221113214_migrations.js +60 -0
package/migrations/20240201144429_migrations.js +37 -0
package/migrations/20240215154456_migrations.js +143 -0
package/migrations/20240308134410_migrations.js +31 -0
package/migrations/20240308134941_migrations.js +43 -0
package/migrations/20240404111242_migrations.js +53 -0
package/migrations/20240611092136_migrations.js +29 -0
package/package.json +98 -0

package/dist/file-permissions/yaml-conditional-file-watcher.cjs.js ADDED Viewed

@@ -0,0 +1,208 @@
+'use strict';
+var yaml = require('js-yaml');
+var lodash = require('lodash');
+var fs = require('fs');
+var auditLogger = require('../audit-log/audit-logger.cjs.js');
+var helper = require('../helper.cjs.js');
+var conditionValidation = require('../validation/condition-validation.cjs.js');
+var fileWatcher = require('./file-watcher.cjs.js');
+function _interopDefaultCompat (e) { return e && typeof e === 'object' && 'default' in e ? e : { default: e }; }
+var yaml__default = /*#__PURE__*/_interopDefaultCompat(yaml);
+var fs__default = /*#__PURE__*/_interopDefaultCompat(fs);
+class YamlConditinalPoliciesFileWatcher extends fileWatcher.AbstractFileWatcher {
+  constructor(filePath, allowReload, logger, conditionalStorage, auditLogger, auth, pluginMetadataCollector, roleMetadataStorage, roleEventEmitter) {
+    super(filePath, allowReload, logger);
+    this.conditionalStorage = conditionalStorage;
+    this.auditLogger = auditLogger;
+    this.auth = auth;
+    this.pluginMetadataCollector = pluginMetadataCollector;
+    this.roleMetadataStorage = roleMetadataStorage;
+    this.roleEventEmitter = roleEventEmitter;
+    this.conditionsDiff = {
+      addedConditions: [],
+      removedConditions: []
+    };
+  }
+  conditionsDiff;
+  async initialize() {
+    if (!this.filePath) {
+      return;
+    }
+    const fileExists = fs__default.default.existsSync(this.filePath);
+    if (!fileExists) {
+      const err = new Error(`File '${this.filePath}' was not found`);
+      this.handleError(
+        err.message,
+        err,
+        auditLogger.ConditionEvents.CONDITIONAL_POLICIES_FILE_NOT_FOUND
+      );
+      return;
+    }
+    this.roleEventEmitter.on("roleAdded", this.onChange.bind(this));
+    await this.onChange();
+    if (this.allowReload) {
+      this.watchFile();
+    }
+  }
+  async onChange() {
+    try {
+      const newConds = this.parse().filter((c) => c);
+      const addedConds = [];
+      const removedConds = [];
+      const csvFileRoles = await this.roleMetadataStorage.filterRoleMetadata(
+        "csv-file"
+      );
+      const existedFileConds = (await this.conditionalStorage.filterConditions(
+        csvFileRoles.map((role) => role.roleEntityRef)
+      )).map((condition) => {
+        return {
+          ...condition,
+          permissionMapping: condition.permissionMapping.map((pm) => pm.action)
+        };
+      });
+      for (const condition of newConds) {
+        const roleMetadata = csvFileRoles.find(
+          (role) => condition.roleEntityRef === role.roleEntityRef
+        );
+        if (!roleMetadata) {
+          this.logger.warn(
+            `skip to add condition for role '${condition.roleEntityRef}'. The role either does not exist or was not created from a CSV file.`
+          );
+          continue;
+        }
+        if (roleMetadata.source !== "csv-file") {
+          this.logger.warn(
+            `skip to add condition for role '${condition.roleEntityRef}'. Role is not from csv-file`
+          );
+          continue;
+        }
+        const existingCondition = existedFileConds.find(
+          (c) => helper.deepSortEqual(lodash.omit(c, ["id"]), lodash.omit(condition, ["id"]))
+        );
+        if (!existingCondition) {
+          addedConds.push(condition);
+        }
+      }
+      for (const condition of existedFileConds) {
+        if (!newConds.find(
+          (c) => helper.deepSortEqual(lodash.omit(c, ["id"]), lodash.omit(condition, ["id"]))
+        )) {
+          removedConds.push(condition);
+        }
+      }
+      this.conditionsDiff = {
+        addedConditions: addedConds,
+        removedConditions: removedConds
+      };
+      await this.handleFileChanges();
+    } catch (error) {
+      await this.handleError(
+        `Error handling changes from conditional policies file ${this.filePath}`,
+        error,
+        auditLogger.ConditionEvents.CHANGE_CONDITIONAL_POLICIES_FILE_ERROR
+      );
+    }
+  }
+  /**
+   * Reads the current contents of the file and parses it.
+   * @returns parsed data.
+   */
+  parse() {
+    const fileContents = this.getCurrentContents();
+    const data = yaml__default.default.loadAll(
+      fileContents
+    );
+    for (const condition of data) {
+      conditionValidation.validateRoleCondition(condition);
+    }
+    return data;
+  }
+  async handleFileChanges() {
+    await this.removeConditions();
+    await this.addConditions();
+  }
+  async addConditions() {
+    try {
+      for (const condition of this.conditionsDiff.addedConditions) {
+        const conditionToCreate = await helper.processConditionMapping(
+          condition,
+          this.pluginMetadataCollector,
+          this.auth
+        );
+        await this.conditionalStorage.createCondition(conditionToCreate);
+        await this.auditLogger.auditLog({
+          message: `Created conditional permission policy`,
+          eventName: auditLogger.ConditionEvents.CREATE_CONDITION,
+          metadata: { condition },
+          stage: auditLogger.HANDLE_RBAC_DATA_STAGE,
+          status: "succeeded"
+        });
+      }
+    } catch (error) {
+      await this.handleError(
+        "Failed to create condition",
+        error,
+        auditLogger.ConditionEvents.CREATE_CONDITION_ERROR
+      );
+    }
+    this.conditionsDiff.addedConditions = [];
+  }
+  async removeConditions() {
+    try {
+      for (const condition of this.conditionsDiff.removedConditions) {
+        const conditionToDelete = (await this.conditionalStorage.filterConditions(
+          condition.roleEntityRef,
+          condition.pluginId,
+          condition.resourceType,
+          condition.permissionMapping
+        ))[0];
+        await this.conditionalStorage.deleteCondition(conditionToDelete.id);
+        await this.auditLogger.auditLog({
+          message: `Deleted conditional permission policy`,
+          eventName: auditLogger.ConditionEvents.DELETE_CONDITION,
+          metadata: { condition },
+          stage: auditLogger.HANDLE_RBAC_DATA_STAGE,
+          status: "succeeded"
+        });
+      }
+    } catch (error) {
+      await this.handleError(
+        "Failed to delete condition by id",
+        error,
+        auditLogger.ConditionEvents.DELETE_CONDITION_ERROR
+      );
+    }
+    this.conditionsDiff.removedConditions = [];
+  }
+  async handleError(message, error, event) {
+    await this.auditLogger.auditLog({
+      message,
+      eventName: event,
+      stage: auditLogger.HANDLE_RBAC_DATA_STAGE,
+      status: "failed",
+      errors: [error]
+    });
+  }
+  async cleanUpConditionalPolicies() {
+    const csvFileRoles = await this.roleMetadataStorage.filterRoleMetadata(
+      "csv-file"
+    );
+    const existedFileConds = (await this.conditionalStorage.filterConditions(
+      csvFileRoles.map((role) => role.roleEntityRef)
+    )).map((condition) => {
+      return {
+        ...condition,
+        permissionMapping: condition.permissionMapping.map((pm) => pm.action)
+      };
+    });
+    this.conditionsDiff.removedConditions = existedFileConds;
+    await this.removeConditions();
+  }
+}
+exports.YamlConditinalPoliciesFileWatcher = YamlConditinalPoliciesFileWatcher;
+//# sourceMappingURL=yaml-conditional-file-watcher.cjs.js.map

package/dist/file-permissions/yaml-conditional-file-watcher.cjs.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"yaml-conditional-file-watcher.cjs.js","sources":["../../src/file-permissions/yaml-conditional-file-watcher.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport type { AuthService, LoggerService } from '@backstage/backend-plugin-api';\n\nimport type { AuditLogger } from '@janus-idp/backstage-plugin-audit-log-node';\nimport yaml from 'js-yaml';\nimport { omit } from 'lodash';\n\nimport type {\n PermissionAction,\n RoleConditionalPolicyDecision,\n} from '@backstage-community/plugin-rbac-common';\n\nimport fs from 'fs';\n\nimport {\n ConditionAuditInfo,\n ConditionEvents,\n HANDLE_RBAC_DATA_STAGE,\n} from '../audit-log/audit-logger';\nimport { ConditionalStorage } from '../database/conditional-storage';\nimport { RoleMetadataStorage } from '../database/role-metadata';\nimport { deepSortEqual, processConditionMapping } from '../helper';\nimport { RoleEventEmitter, RoleEvents } from '../service/enforcer-delegate';\nimport { PluginPermissionMetadataCollector } from '../service/plugin-endpoints';\nimport { validateRoleCondition } from '../validation/condition-validation';\nimport { AbstractFileWatcher } from './file-watcher';\n\ntype ConditionalPoliciesDiff = {\n addedConditions: RoleConditionalPolicyDecision<PermissionAction>[];\n removedConditions: RoleConditionalPolicyDecision<PermissionAction>[];\n};\n\nexport class YamlConditinalPoliciesFileWatcher extends AbstractFileWatcher<\n RoleConditionalPolicyDecision<PermissionAction>[]\n> {\n private conditionsDiff: ConditionalPoliciesDiff;\n\n constructor(\n filePath: string | undefined,\n allowReload: boolean,\n logger: LoggerService,\n private readonly conditionalStorage: ConditionalStorage,\n private readonly auditLogger: AuditLogger,\n private readonly auth: AuthService,\n private readonly pluginMetadataCollector: PluginPermissionMetadataCollector,\n private readonly roleMetadataStorage: RoleMetadataStorage,\n private readonly roleEventEmitter: RoleEventEmitter<RoleEvents>,\n ) {\n super(filePath, allowReload, logger);\n\n this.conditionsDiff = {\n addedConditions: [],\n removedConditions: [],\n };\n }\n\n async initialize(): Promise<void> {\n if (!this.filePath) {\n return;\n }\n const fileExists = fs.existsSync(this.filePath);\n if (!fileExists) {\n const err = new Error(`File '${this.filePath}' was not found`);\n this.handleError(\n err.message,\n err,\n ConditionEvents.CONDITIONAL_POLICIES_FILE_NOT_FOUND,\n );\n return;\n }\n\n this.roleEventEmitter.on('roleAdded', this.onChange.bind(this));\n await this.onChange();\n\n if (this.allowReload) {\n this.watchFile();\n }\n }\n\n async onChange(): Promise<void> {\n try {\n const newConds = this.parse().filter(c => c);\n\n const addedConds: RoleConditionalPolicyDecision<PermissionAction>[] = [];\n const removedConds: RoleConditionalPolicyDecision<PermissionAction>[] =\n [];\n\n const csvFileRoles = await this.roleMetadataStorage.filterRoleMetadata(\n 'csv-file',\n );\n const existedFileConds = (\n await this.conditionalStorage.filterConditions(\n csvFileRoles.map(role => role.roleEntityRef),\n )\n ).map(condition => {\n return {\n ...condition,\n permissionMapping: condition.permissionMapping.map(pm => pm.action),\n };\n });\n\n // Find added conditions\n for (const condition of newConds) {\n const roleMetadata = csvFileRoles.find(\n role => condition.roleEntityRef === role.roleEntityRef,\n );\n if (!roleMetadata) {\n this.logger.warn(\n `skip to add condition for role '${condition.roleEntityRef}'. The role either does not exist or was not created from a CSV file.`,\n );\n continue;\n }\n if (roleMetadata.source !== 'csv-file') {\n this.logger.warn(\n `skip to add condition for role '${condition.roleEntityRef}'. Role is not from csv-file`,\n );\n continue;\n }\n\n const existingCondition = existedFileConds.find(c =>\n deepSortEqual(omit(c, ['id']), omit(condition, ['id'])),\n );\n\n if (!existingCondition) {\n addedConds.push(condition);\n }\n }\n\n // Find removed conditions\n for (const condition of existedFileConds) {\n if (\n !newConds.find(c =>\n deepSortEqual(omit(c, ['id']), omit(condition, ['id'])),\n )\n ) {\n removedConds.push(condition);\n }\n }\n\n this.conditionsDiff = {\n addedConditions: addedConds,\n removedConditions: removedConds,\n };\n\n await this.handleFileChanges();\n } catch (error) {\n await this.handleError(\n `Error handling changes from conditional policies file ${this.filePath}`,\n error,\n ConditionEvents.CHANGE_CONDITIONAL_POLICIES_FILE_ERROR,\n );\n }\n }\n\n /**\n * Reads the current contents of the file and parses it.\n * @returns parsed data.\n */\n parse(): RoleConditionalPolicyDecision<PermissionAction>[] {\n const fileContents = this.getCurrentContents();\n const data = yaml.loadAll(\n fileContents,\n ) as RoleConditionalPolicyDecision<PermissionAction>[];\n\n for (const condition of data) {\n validateRoleCondition(condition);\n }\n\n return data;\n }\n\n private async handleFileChanges(): Promise<void> {\n await this.removeConditions();\n await this.addConditions();\n }\n\n private async addConditions(): Promise<void> {\n try {\n for (const condition of this.conditionsDiff.addedConditions) {\n const conditionToCreate = await processConditionMapping(\n condition,\n this.pluginMetadataCollector,\n this.auth,\n );\n\n await this.conditionalStorage.createCondition(conditionToCreate);\n\n await this.auditLogger.auditLog<ConditionAuditInfo>({\n message: `Created conditional permission policy`,\n eventName: ConditionEvents.CREATE_CONDITION,\n metadata: { condition },\n stage: HANDLE_RBAC_DATA_STAGE,\n status: 'succeeded',\n });\n }\n } catch (error) {\n await this.handleError(\n 'Failed to create condition',\n error,\n ConditionEvents.CREATE_CONDITION_ERROR,\n );\n }\n this.conditionsDiff.addedConditions = [];\n }\n\n private async removeConditions(): Promise<void> {\n try {\n for (const condition of this.conditionsDiff.removedConditions) {\n const conditionToDelete = (\n await this.conditionalStorage.filterConditions(\n condition.roleEntityRef,\n condition.pluginId,\n condition.resourceType,\n condition.permissionMapping,\n )\n )[0];\n await this.conditionalStorage.deleteCondition(conditionToDelete.id!);\n\n await this.auditLogger.auditLog<ConditionAuditInfo>({\n message: `Deleted conditional permission policy`,\n eventName: ConditionEvents.DELETE_CONDITION,\n metadata: { condition },\n stage: HANDLE_RBAC_DATA_STAGE,\n status: 'succeeded',\n });\n }\n } catch (error) {\n await this.handleError(\n 'Failed to delete condition by id',\n error,\n ConditionEvents.DELETE_CONDITION_ERROR,\n );\n }\n\n this.conditionsDiff.removedConditions = [];\n }\n\n private async handleError(\n message: string,\n error: unknown,\n event: string,\n ): Promise<void> {\n await this.auditLogger.auditLog({\n message,\n eventName: event,\n stage: HANDLE_RBAC_DATA_STAGE,\n status: 'failed',\n errors: [error],\n });\n }\n\n async cleanUpConditionalPolicies(): Promise<void> {\n const csvFileRoles = await this.roleMetadataStorage.filterRoleMetadata(\n 'csv-file',\n );\n const existedFileConds = (\n await this.conditionalStorage.filterConditions(\n csvFileRoles.map(role => role.roleEntityRef),\n )\n ).map(condition => {\n return {\n ...condition,\n permissionMapping: condition.permissionMapping.map(pm => pm.action),\n };\n });\n this.conditionsDiff.removedConditions = existedFileConds;\n await this.removeConditions();\n }\n}\n"],"names":["AbstractFileWatcher","fs","ConditionEvents","deepSortEqual","omit","yaml","validateRoleCondition","processConditionMapping","HANDLE_RBAC_DATA_STAGE"],"mappings":";;;;;;;;;;;;;;;AA8CO,MAAM,0CAA0CA,+BAErD,CAAA;AAAA,EAGA,WAAA,CACE,UACA,WACA,EAAA,MAAA,EACiB,oBACA,WACA,EAAA,IAAA,EACA,uBACA,EAAA,mBAAA,EACA,gBACjB,EAAA;AACA,IAAM,KAAA,CAAA,QAAA,EAAU,aAAa,MAAM,CAAA,CAAA;AAPlB,IAAA,IAAA,CAAA,kBAAA,GAAA,kBAAA,CAAA;AACA,IAAA,IAAA,CAAA,WAAA,GAAA,WAAA,CAAA;AACA,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA,CAAA;AACA,IAAA,IAAA,CAAA,uBAAA,GAAA,uBAAA,CAAA;AACA,IAAA,IAAA,CAAA,mBAAA,GAAA,mBAAA,CAAA;AACA,IAAA,IAAA,CAAA,gBAAA,GAAA,gBAAA,CAAA;AAIjB,IAAA,IAAA,CAAK,cAAiB,GAAA;AAAA,MACpB,iBAAiB,EAAC;AAAA,MAClB,mBAAmB,EAAC;AAAA,KACtB,CAAA;AAAA,GACF;AAAA,EAnBQ,cAAA,CAAA;AAAA,EAqBR,MAAM,UAA4B,GAAA;AAChC,IAAI,IAAA,CAAC,KAAK,QAAU,EAAA;AAClB,MAAA,OAAA;AAAA,KACF;AACA,IAAA,MAAM,UAAa,GAAAC,mBAAA,CAAG,UAAW,CAAA,IAAA,CAAK,QAAQ,CAAA,CAAA;AAC9C,IAAA,IAAI,CAAC,UAAY,EAAA;AACf,MAAA,MAAM,MAAM,IAAI,KAAA,CAAM,CAAS,MAAA,EAAA,IAAA,CAAK,QAAQ,CAAiB,eAAA,CAAA,CAAA,CAAA;AAC7D,MAAK,IAAA,CAAA,WAAA;AAAA,QACH,GAAI,CAAA,OAAA;AAAA,QACJ,GAAA;AAAA,QACAC,2BAAgB,CAAA,mCAAA;AAAA,OAClB,CAAA;AACA,MAAA,OAAA;AAAA,KACF;AAEA,IAAA,IAAA,CAAK,iBAAiB,EAAG,CAAA,WAAA,EAAa,KAAK,QAAS,CAAA,IAAA,CAAK,IAAI,CAAC,CAAA,CAAA;AAC9D,IAAA,MAAM,KAAK,QAAS,EAAA,CAAA;AAEpB,IAAA,IAAI,KAAK,WAAa,EAAA;AACpB,MAAA,IAAA,CAAK,SAAU,EAAA,CAAA;AAAA,KACjB;AAAA,GACF;AAAA,EAEA,MAAM,QAA0B,GAAA;AAC9B,IAAI,IAAA;AACF,MAAA,MAAM,WAAW,IAAK,CAAA,KAAA,EAAQ,CAAA,MAAA,CAAO,OAAK,CAAC,CAAA,CAAA;AAE3C,MAAA,MAAM,aAAgE,EAAC,CAAA;AACvE,MAAA,MAAM,eACJ,EAAC,CAAA;AAEH,MAAM,MAAA,YAAA,GAAe,MAAM,IAAA,CAAK,mBAAoB,CAAA,kBAAA;AAAA,QAClD,UAAA;AAAA,OACF,CAAA;AACA,MAAM,MAAA,gBAAA,GAAA,CACJ,MAAM,IAAA,CAAK,kBAAmB,CAAA,gBAAA;AAAA,QAC5B,YAAa,CAAA,GAAA,CAAI,CAAQ,IAAA,KAAA,IAAA,CAAK,aAAa,CAAA;AAAA,OAC7C,EACA,IAAI,CAAa,SAAA,KAAA;AACjB,QAAO,OAAA;AAAA,UACL,GAAG,SAAA;AAAA,UACH,mBAAmB,SAAU,CAAA,iBAAA,CAAkB,GAAI,CAAA,CAAA,EAAA,KAAM,GAAG,MAAM,CAAA;AAAA,SACpE,CAAA;AAAA,OACD,CAAA,CAAA;AAGD,MAAA,KAAA,MAAW,aAAa,QAAU,EAAA;AAChC,QAAA,MAAM,eAAe,YAAa,CAAA,IAAA;AAAA,UAChC,CAAA,IAAA,KAAQ,SAAU,CAAA,aAAA,KAAkB,IAAK,CAAA,aAAA;AAAA,SAC3C,CAAA;AACA,QAAA,IAAI,CAAC,YAAc,EAAA;AACjB,UAAA,IAAA,CAAK,MAAO,CAAA,IAAA;AAAA,YACV,CAAA,gCAAA,EAAmC,UAAU,aAAa,CAAA,qEAAA,CAAA;AAAA,WAC5D,CAAA;AACA,UAAA,SAAA;AAAA,SACF;AACA,QAAI,IAAA,YAAA,CAAa,WAAW,UAAY,EAAA;AACtC,UAAA,IAAA,CAAK,MAAO,CAAA,IAAA;AAAA,YACV,CAAA,gCAAA,EAAmC,UAAU,aAAa,CAAA,4BAAA,CAAA;AAAA,WAC5D,CAAA;AACA,UAAA,SAAA;AAAA,SACF;AAEA,QAAA,MAAM,oBAAoB,gBAAiB,CAAA,IAAA;AAAA,UAAK,CAC9C,CAAA,KAAAC,oBAAA,CAAcC,WAAK,CAAA,CAAA,EAAG,CAAC,IAAI,CAAC,CAAA,EAAGA,WAAK,CAAA,SAAA,EAAW,CAAC,IAAI,CAAC,CAAC,CAAA;AAAA,SACxD,CAAA;AAEA,QAAA,IAAI,CAAC,iBAAmB,EAAA;AACtB,UAAA,UAAA,CAAW,KAAK,SAAS,CAAA,CAAA;AAAA,SAC3B;AAAA,OACF;AAGA,MAAA,KAAA,MAAW,aAAa,gBAAkB,EAAA;AACxC,QAAA,IACE,CAAC,QAAS,CAAA,IAAA;AAAA,UAAK,CACb,CAAA,KAAAD,oBAAA,CAAcC,WAAK,CAAA,CAAA,EAAG,CAAC,IAAI,CAAC,CAAA,EAAGA,WAAK,CAAA,SAAA,EAAW,CAAC,IAAI,CAAC,CAAC,CAAA;AAAA,SAExD,EAAA;AACA,UAAA,YAAA,CAAa,KAAK,SAAS,CAAA,CAAA;AAAA,SAC7B;AAAA,OACF;AAEA,MAAA,IAAA,CAAK,cAAiB,GAAA;AAAA,QACpB,eAAiB,EAAA,UAAA;AAAA,QACjB,iBAAmB,EAAA,YAAA;AAAA,OACrB,CAAA;AAEA,MAAA,MAAM,KAAK,iBAAkB,EAAA,CAAA;AAAA,aACtB,KAAO,EAAA;AACd,MAAA,MAAM,IAAK,CAAA,WAAA;AAAA,QACT,CAAA,sDAAA,EAAyD,KAAK,QAAQ,CAAA,CAAA;AAAA,QACtE,KAAA;AAAA,QACAF,2BAAgB,CAAA,sCAAA;AAAA,OAClB,CAAA;AAAA,KACF;AAAA,GACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,KAA2D,GAAA;AACzD,IAAM,MAAA,YAAA,GAAe,KAAK,kBAAmB,EAAA,CAAA;AAC7C,IAAA,MAAM,OAAOG,qBAAK,CAAA,OAAA;AAAA,MAChB,YAAA;AAAA,KACF,CAAA;AAEA,IAAA,KAAA,MAAW,aAAa,IAAM,EAAA;AAC5B,MAAAC,yCAAA,CAAsB,SAAS,CAAA,CAAA;AAAA,KACjC;AAEA,IAAO,OAAA,IAAA,CAAA;AAAA,GACT;AAAA,EAEA,MAAc,iBAAmC,GAAA;AAC/C,IAAA,MAAM,KAAK,gBAAiB,EAAA,CAAA;AAC5B,IAAA,MAAM,KAAK,aAAc,EAAA,CAAA;AAAA,GAC3B;AAAA,EAEA,MAAc,aAA+B,GAAA;AAC3C,IAAI,IAAA;AACF,MAAW,KAAA,MAAA,SAAA,IAAa,IAAK,CAAA,cAAA,CAAe,eAAiB,EAAA;AAC3D,QAAA,MAAM,oBAAoB,MAAMC,8BAAA;AAAA,UAC9B,SAAA;AAAA,UACA,IAAK,CAAA,uBAAA;AAAA,UACL,IAAK,CAAA,IAAA;AAAA,SACP,CAAA;AAEA,QAAM,MAAA,IAAA,CAAK,kBAAmB,CAAA,eAAA,CAAgB,iBAAiB,CAAA,CAAA;AAE/D,QAAM,MAAA,IAAA,CAAK,YAAY,QAA6B,CAAA;AAAA,UAClD,OAAS,EAAA,CAAA,qCAAA,CAAA;AAAA,UACT,WAAWL,2BAAgB,CAAA,gBAAA;AAAA,UAC3B,QAAA,EAAU,EAAE,SAAU,EAAA;AAAA,UACtB,KAAO,EAAAM,kCAAA;AAAA,UACP,MAAQ,EAAA,WAAA;AAAA,SACT,CAAA,CAAA;AAAA,OACH;AAAA,aACO,KAAO,EAAA;AACd,MAAA,MAAM,IAAK,CAAA,WAAA;AAAA,QACT,4BAAA;AAAA,QACA,KAAA;AAAA,QACAN,2BAAgB,CAAA,sBAAA;AAAA,OAClB,CAAA;AAAA,KACF;AACA,IAAK,IAAA,CAAA,cAAA,CAAe,kBAAkB,EAAC,CAAA;AAAA,GACzC;AAAA,EAEA,MAAc,gBAAkC,GAAA;AAC9C,IAAI,IAAA;AACF,MAAW,KAAA,MAAA,SAAA,IAAa,IAAK,CAAA,cAAA,CAAe,iBAAmB,EAAA;AAC7D,QAAM,MAAA,iBAAA,GAAA,CACJ,MAAM,IAAA,CAAK,kBAAmB,CAAA,gBAAA;AAAA,UAC5B,SAAU,CAAA,aAAA;AAAA,UACV,SAAU,CAAA,QAAA;AAAA,UACV,SAAU,CAAA,YAAA;AAAA,UACV,SAAU,CAAA,iBAAA;AAAA,WAEZ,CAAC,CAAA,CAAA;AACH,QAAA,MAAM,IAAK,CAAA,kBAAA,CAAmB,eAAgB,CAAA,iBAAA,CAAkB,EAAG,CAAA,CAAA;AAEnE,QAAM,MAAA,IAAA,CAAK,YAAY,QAA6B,CAAA;AAAA,UAClD,OAAS,EAAA,CAAA,qCAAA,CAAA;AAAA,UACT,WAAWA,2BAAgB,CAAA,gBAAA;AAAA,UAC3B,QAAA,EAAU,EAAE,SAAU,EAAA;AAAA,UACtB,KAAO,EAAAM,kCAAA;AAAA,UACP,MAAQ,EAAA,WAAA;AAAA,SACT,CAAA,CAAA;AAAA,OACH;AAAA,aACO,KAAO,EAAA;AACd,MAAA,MAAM,IAAK,CAAA,WAAA;AAAA,QACT,kCAAA;AAAA,QACA,KAAA;AAAA,QACAN,2BAAgB,CAAA,sBAAA;AAAA,OAClB,CAAA;AAAA,KACF;AAEA,IAAK,IAAA,CAAA,cAAA,CAAe,oBAAoB,EAAC,CAAA;AAAA,GAC3C;AAAA,EAEA,MAAc,WAAA,CACZ,OACA,EAAA,KAAA,EACA,KACe,EAAA;AACf,IAAM,MAAA,IAAA,CAAK,YAAY,QAAS,CAAA;AAAA,MAC9B,OAAA;AAAA,MACA,SAAW,EAAA,KAAA;AAAA,MACX,KAAO,EAAAM,kCAAA;AAAA,MACP,MAAQ,EAAA,QAAA;AAAA,MACR,MAAA,EAAQ,CAAC,KAAK,CAAA;AAAA,KACf,CAAA,CAAA;AAAA,GACH;AAAA,EAEA,MAAM,0BAA4C,GAAA;AAChD,IAAM,MAAA,YAAA,GAAe,MAAM,IAAA,CAAK,mBAAoB,CAAA,kBAAA;AAAA,MAClD,UAAA;AAAA,KACF,CAAA;AACA,IAAM,MAAA,gBAAA,GAAA,CACJ,MAAM,IAAA,CAAK,kBAAmB,CAAA,gBAAA;AAAA,MAC5B,YAAa,CAAA,GAAA,CAAI,CAAQ,IAAA,KAAA,IAAA,CAAK,aAAa,CAAA;AAAA,KAC7C,EACA,IAAI,CAAa,SAAA,KAAA;AACjB,MAAO,OAAA;AAAA,QACL,GAAG,SAAA;AAAA,QACH,mBAAmB,SAAU,CAAA,iBAAA,CAAkB,GAAI,CAAA,CAAA,EAAA,KAAM,GAAG,MAAM,CAAA;AAAA,OACpE,CAAA;AAAA,KACD,CAAA,CAAA;AACD,IAAA,IAAA,CAAK,eAAe,iBAAoB,GAAA,gBAAA,CAAA;AACxC,IAAA,MAAM,KAAK,gBAAiB,EAAA,CAAA;AAAA,GAC9B;AACF;;;;"}

package/dist/helper.cjs.js ADDED Viewed

@@ -0,0 +1,171 @@
+'use strict';
+var lodash = require('lodash');
+var auditLogger = require('./audit-log/audit-logger.cjs.js');
+function policyToString(policy) {
+  return `[${policy.join(", ")}]`;
+}
+function typedPolicyToString(policy, type) {
+  return `${type}, ${policy.join(", ")}`;
+}
+function policiesToString(policies) {
+  const policiesString = policies.map((policy) => policyToString(policy)).join(",");
+  return `[${policiesString}]`;
+}
+function typedPoliciesToString(policies, type) {
+  const policiesString = policies.map((policy) => {
+    return policy.length !== 0 ? typedPolicyToString(policy, type) : "";
+  }).join("\n");
+  return `
+    ${policiesString}
+  `;
+}
+function metadataStringToPolicy(policy) {
+  return policy.replace("[", "").replace("]", "").split(", ");
+}
+async function removeTheDifference(originalGroup, addedGroup, source, roleEntityRef, enf, auditLogger$1, modifiedBy) {
+  originalGroup.sort((a, b) => a.localeCompare(b));
+  addedGroup.sort((a, b) => a.localeCompare(b));
+  const missing = lodash.difference(originalGroup, addedGroup);
+  const groupPolicies = [];
+  for (const missingRole of missing) {
+    groupPolicies.push([missingRole, roleEntityRef]);
+  }
+  if (groupPolicies.length === 0) {
+    return;
+  }
+  const roleMetadata = { source, modifiedBy, roleEntityRef };
+  await enf.removeGroupingPolicies(groupPolicies, roleMetadata, false);
+  const remainingMembers = await enf.getFilteredGroupingPolicy(
+    1,
+    roleEntityRef
+  );
+  const message = remainingMembers.length > 0 ? "Updated role: deleted members" : "Deleted role";
+  const eventName = remainingMembers.length > 0 ? auditLogger.RoleEvents.UPDATE_ROLE : auditLogger.RoleEvents.DELETE_ROLE;
+  await auditLogger$1.auditLog({
+    actorId: auditLogger.RBAC_BACKEND,
+    message,
+    eventName,
+    metadata: {
+      ...roleMetadata,
+      members: groupPolicies.map((gp) => gp[0])
+    },
+    stage: auditLogger.HANDLE_RBAC_DATA_STAGE,
+    status: "succeeded"
+  });
+}
+function transformArrayToPolicy(policyArray) {
+  const [entityReference, permission, policy, effect] = policyArray;
+  return { entityReference, permission, policy, effect };
+}
+function deepSortedEqual(obj1, obj2, excludeFields) {
+  let copyObj1;
+  let copyObj2;
+  if (excludeFields) {
+    const excludeFieldsPredicate = (_value, key) => {
+      for (const field of excludeFields) {
+        if (key === field) {
+          return true;
+        }
+      }
+      return false;
+    };
+    copyObj1 = lodash.omitBy(obj1, excludeFieldsPredicate);
+    copyObj2 = lodash.omitBy(obj2, excludeFieldsPredicate);
+  }
+  const sortedObj1 = lodash.sortBy(lodash.toPairs(copyObj1 || obj1), ([key]) => key);
+  const sortedObj2 = lodash.sortBy(lodash.toPairs(copyObj2 || obj2), ([key]) => key);
+  return lodash.isEqual(sortedObj1, sortedObj2);
+}
+function isPermissionAction(action) {
+  return ["create", "read", "update", "delete", "use"].includes(
+    action
+  );
+}
+async function buildRoleSourceMap(policies, roleMetadata) {
+  return await policies.reduce(
+    async (acc, policy) => {
+      const roleEntityRef = policy[0];
+      const acummulator = await acc;
+      if (!acummulator.has(roleEntityRef)) {
+        const metadata = await roleMetadata.findRoleMetadata(roleEntityRef);
+        acummulator.set(roleEntityRef, metadata?.source);
+      }
+      return acummulator;
+    },
+    Promise.resolve(/* @__PURE__ */ new Map())
+  );
+}
+function mergeRoleMetadata(currentMetadata, newMetadata) {
+  const mergedMetaData = { ...currentMetadata };
+  mergedMetaData.lastModified = newMetadata.lastModified ?? (/* @__PURE__ */ new Date()).toUTCString();
+  mergedMetaData.modifiedBy = newMetadata.modifiedBy;
+  mergedMetaData.description = newMetadata.description ?? currentMetadata.description;
+  mergedMetaData.roleEntityRef = newMetadata.roleEntityRef;
+  mergedMetaData.source = newMetadata.source;
+  return mergedMetaData;
+}
+async function processConditionMapping(roleConditionPolicy, pluginPermMetaData, auth) {
+  const { token } = await auth.getPluginRequestToken({
+    onBehalfOf: await auth.getOwnServiceCredentials(),
+    targetPluginId: roleConditionPolicy.pluginId
+  });
+  const rule = await pluginPermMetaData.getMetadataByPluginId(
+    roleConditionPolicy.pluginId,
+    token
+  );
+  if (!rule?.permissions) {
+    throw new Error(
+      `Unable to get permission list for plugin ${roleConditionPolicy.pluginId}`
+    );
+  }
+  const permInfo = [];
+  for (const action of roleConditionPolicy.permissionMapping) {
+    const perm = rule.permissions.find(
+      (permission) => permission.type === "resource" && (action === permission.attributes.action || action === "use" && permission.attributes.action === void 0)
+    );
+    if (!perm) {
+      throw new Error(
+        `Unable to find permission to get permission name for resource type '${roleConditionPolicy.resourceType}' and action ${JSON.stringify(action)}`
+      );
+    }
+    permInfo.push({ name: perm.name, action });
+  }
+  return {
+    ...roleConditionPolicy,
+    permissionMapping: permInfo
+  };
+}
+function deepSort(value) {
+  if (lodash.isArray(value)) {
+    return lodash.sortBy(value.map(deepSort));
+  } else if (lodash.isPlainObject(value)) {
+    return lodash.fromPairs(
+      lodash.sortBy(
+        lodash.toPairs(value).map(([k, v]) => [k, deepSort(v)]),
+        0
+      )
+    );
+  }
+  return value;
+}
+function deepSortEqual(obj1, obj2) {
+  return lodash.isEqual(deepSort(obj1), deepSort(obj2));
+}
+exports.buildRoleSourceMap = buildRoleSourceMap;
+exports.deepSort = deepSort;
+exports.deepSortEqual = deepSortEqual;
+exports.deepSortedEqual = deepSortedEqual;
+exports.isPermissionAction = isPermissionAction;
+exports.mergeRoleMetadata = mergeRoleMetadata;
+exports.metadataStringToPolicy = metadataStringToPolicy;
+exports.policiesToString = policiesToString;
+exports.policyToString = policyToString;
+exports.processConditionMapping = processConditionMapping;
+exports.removeTheDifference = removeTheDifference;
+exports.transformArrayToPolicy = transformArrayToPolicy;
+exports.typedPoliciesToString = typedPoliciesToString;
+exports.typedPolicyToString = typedPolicyToString;
+//# sourceMappingURL=helper.cjs.js.map

package/dist/helper.cjs.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"helper.cjs.js","sources":["../src/helper.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { AuthService } from '@backstage/backend-plugin-api';\nimport type { MetadataResponse } from '@backstage/plugin-permission-node';\n\nimport { AuditLogger } from '@janus-idp/backstage-plugin-audit-log-node';\nimport {\n difference,\n fromPairs,\n isArray,\n isEqual,\n isPlainObject,\n omitBy,\n sortBy,\n toPairs,\n ValueKeyIteratee,\n} from 'lodash';\n\nimport {\n PermissionAction,\n PermissionInfo,\n RoleBasedPolicy,\n RoleConditionalPolicyDecision,\n Source,\n} from '@backstage-community/plugin-rbac-common';\n\nimport {\n HANDLE_RBAC_DATA_STAGE,\n RBAC_BACKEND,\n RoleAuditInfo,\n RoleEvents,\n} from './audit-log/audit-logger';\nimport { RoleMetadataDao, RoleMetadataStorage } from './database/role-metadata';\nimport { EnforcerDelegate } from './service/enforcer-delegate';\nimport { PluginPermissionMetadataCollector } from './service/plugin-endpoints';\n\nexport function policyToString(policy: string[]): string {\n return `[${policy.join(', ')}]`;\n}\n\nexport function typedPolicyToString(policy: string[], type: string): string {\n return `${type}, ${policy.join(', ')}`;\n}\n\nexport function policiesToString(policies: string[][]): string {\n const policiesString = policies\n .map(policy => policyToString(policy))\n .join(',');\n return `[${policiesString}]`;\n}\n\nexport function typedPoliciesToString(\n policies: string[][],\n type: string,\n): string {\n const policiesString = policies\n .map(policy => {\n return policy.length !== 0 ? typedPolicyToString(policy, type) : '';\n })\n .join('\\n');\n return `\n ${policiesString}\n `;\n}\n\nexport function metadataStringToPolicy(policy: string): string[] {\n return policy.replace('[', '').replace(']', '').split(', ');\n}\n\nexport async function removeTheDifference(\n originalGroup: string[],\n addedGroup: string[],\n source: Source,\n roleEntityRef: string,\n enf: EnforcerDelegate,\n auditLogger: AuditLogger,\n modifiedBy: string,\n): Promise<void> {\n originalGroup.sort((a, b) => a.localeCompare(b));\n addedGroup.sort((a, b) => a.localeCompare(b));\n const missing = difference(originalGroup, addedGroup);\n\n const groupPolicies: string[][] = [];\n for (const missingRole of missing) {\n groupPolicies.push([missingRole, roleEntityRef]);\n }\n\n if (groupPolicies.length === 0) {\n return;\n }\n\n const roleMetadata = { source, modifiedBy, roleEntityRef };\n await enf.removeGroupingPolicies(groupPolicies, roleMetadata, false);\n\n const remainingMembers = await enf.getFilteredGroupingPolicy(\n 1,\n roleEntityRef,\n );\n const message =\n remainingMembers.length > 0\n ? 'Updated role: deleted members'\n : 'Deleted role';\n const eventName =\n remainingMembers.length > 0\n ? RoleEvents.UPDATE_ROLE\n : RoleEvents.DELETE_ROLE;\n await auditLogger.auditLog<RoleAuditInfo>({\n actorId: RBAC_BACKEND,\n message,\n eventName,\n metadata: {\n ...roleMetadata,\n members: groupPolicies.map(gp => gp[0]),\n },\n stage: HANDLE_RBAC_DATA_STAGE,\n status: 'succeeded',\n });\n}\n\nexport function transformArrayToPolicy(policyArray: string[]): RoleBasedPolicy {\n const [entityReference, permission, policy, effect] = policyArray;\n return { entityReference, permission, policy, effect };\n}\n\nexport function deepSortedEqual(\n obj1: Record<string, any>,\n obj2: Record<string, any>,\n excludeFields?: string[],\n): boolean {\n let copyObj1;\n let copyObj2;\n if (excludeFields) {\n const excludeFieldsPredicate: ValueKeyIteratee<any> = (_value, key) => {\n for (const field of excludeFields) {\n if (key === field) {\n return true;\n }\n }\n return false;\n };\n copyObj1 = omitBy(obj1, excludeFieldsPredicate);\n copyObj2 = omitBy(obj2, excludeFieldsPredicate);\n }\n\n const sortedObj1 = sortBy(toPairs(copyObj1 || obj1), ([key]) => key);\n const sortedObj2 = sortBy(toPairs(copyObj2 || obj2), ([key]) => key);\n\n return isEqual(sortedObj1, sortedObj2);\n}\n\nexport function isPermissionAction(action: string): action is PermissionAction {\n return ['create', 'read', 'update', 'delete', 'use'].includes(\n action as PermissionAction,\n );\n}\n\nexport async function buildRoleSourceMap(\n policies: string[][],\n roleMetadata: RoleMetadataStorage,\n): Promise<Map<string, Source | undefined>> {\n return await policies.reduce(\n async (\n acc: Promise<Map<string, Source | undefined>>,\n policy: string[],\n ): Promise<Map<string, Source | undefined>> => {\n const roleEntityRef = policy[0];\n const acummulator = await acc;\n if (!acummulator.has(roleEntityRef)) {\n const metadata = await roleMetadata.findRoleMetadata(roleEntityRef);\n acummulator.set(roleEntityRef, metadata?.source);\n }\n return acummulator;\n },\n Promise.resolve(new Map<string, Source | undefined>()),\n );\n}\n\nexport function mergeRoleMetadata(\n currentMetadata: RoleMetadataDao,\n newMetadata: RoleMetadataDao,\n): RoleMetadataDao {\n const mergedMetaData: RoleMetadataDao = { ...currentMetadata };\n mergedMetaData.lastModified =\n newMetadata.lastModified ?? new Date().toUTCString();\n mergedMetaData.modifiedBy = newMetadata.modifiedBy;\n mergedMetaData.description =\n newMetadata.description ?? currentMetadata.description;\n mergedMetaData.roleEntityRef = newMetadata.roleEntityRef;\n mergedMetaData.source = newMetadata.source;\n return mergedMetaData;\n}\n\nexport async function processConditionMapping(\n roleConditionPolicy: RoleConditionalPolicyDecision<PermissionAction>,\n pluginPermMetaData: PluginPermissionMetadataCollector,\n auth: AuthService,\n): Promise<RoleConditionalPolicyDecision<PermissionInfo>> {\n const { token } = await auth.getPluginRequestToken({\n onBehalfOf: await auth.getOwnServiceCredentials(),\n targetPluginId: roleConditionPolicy.pluginId,\n });\n\n const rule: MetadataResponse | undefined =\n await pluginPermMetaData.getMetadataByPluginId(\n roleConditionPolicy.pluginId,\n token,\n );\n if (!rule?.permissions) {\n throw new Error(\n `Unable to get permission list for plugin ${roleConditionPolicy.pluginId}`,\n );\n }\n\n const permInfo: PermissionInfo[] = [];\n for (const action of roleConditionPolicy.permissionMapping) {\n const perm = rule.permissions.find(\n permission =>\n permission.type === 'resource' &&\n (action === permission.attributes.action ||\n (action === 'use' && permission.attributes.action === undefined)),\n );\n if (!perm) {\n throw new Error(\n `Unable to find permission to get permission name for resource type '${\n roleConditionPolicy.resourceType\n }' and action ${JSON.stringify(action)}`,\n );\n }\n permInfo.push({ name: perm.name, action });\n }\n\n return {\n ...roleConditionPolicy,\n permissionMapping: permInfo,\n };\n}\n\nexport function deepSort(value: any): any {\n if (isArray(value)) {\n return sortBy(value.map(deepSort));\n } else if (isPlainObject(value)) {\n return fromPairs(\n sortBy(\n toPairs(value).map(([k, v]: [string, any]) => [k, deepSort(v)]),\n 0,\n ),\n );\n }\n return value;\n}\n\nexport function deepSortEqual(obj1: any, obj2: any): boolean {\n return isEqual(deepSort(obj1), deepSort(obj2));\n}\n"],"names":["auditLogger","difference","RoleEvents","RBAC_BACKEND","HANDLE_RBAC_DATA_STAGE","omitBy","sortBy","toPairs","isEqual","isArray","isPlainObject","fromPairs"],"mappings":";;;;;AAiDO,SAAS,eAAe,MAA0B,EAAA;AACvD,EAAA,OAAO,CAAI,CAAA,EAAA,MAAA,CAAO,IAAK,CAAA,IAAI,CAAC,CAAA,CAAA,CAAA,CAAA;AAC9B,CAAA;AAEgB,SAAA,mBAAA,CAAoB,QAAkB,IAAsB,EAAA;AAC1E,EAAA,OAAO,GAAG,IAAI,CAAA,EAAA,EAAK,MAAO,CAAA,IAAA,CAAK,IAAI,CAAC,CAAA,CAAA,CAAA;AACtC,CAAA;AAEO,SAAS,iBAAiB,QAA8B,EAAA;AAC7D,EAAM,MAAA,cAAA,GAAiB,SACpB,GAAI,CAAA,CAAA,MAAA,KAAU,eAAe,MAAM,CAAC,CACpC,CAAA,IAAA,CAAK,GAAG,CAAA,CAAA;AACX,EAAA,OAAO,IAAI,cAAc,CAAA,CAAA,CAAA,CAAA;AAC3B,CAAA;AAEgB,SAAA,qBAAA,CACd,UACA,IACQ,EAAA;AACR,EAAM,MAAA,cAAA,GAAiB,QACpB,CAAA,GAAA,CAAI,CAAU,MAAA,KAAA;AACb,IAAA,OAAO,OAAO,MAAW,KAAA,CAAA,GAAI,mBAAoB,CAAA,MAAA,EAAQ,IAAI,CAAI,GAAA,EAAA,CAAA;AAAA,GAClE,CACA,CAAA,IAAA,CAAK,IAAI,CAAA,CAAA;AACZ,EAAO,OAAA,CAAA;AAAA,IAAA,EACH,cAAc,CAAA;AAAA,EAAA,CAAA,CAAA;AAEpB,CAAA;AAEO,SAAS,uBAAuB,MAA0B,EAAA;AAC/D,EAAO,OAAA,MAAA,CAAO,OAAQ,CAAA,GAAA,EAAK,EAAE,CAAA,CAAE,QAAQ,GAAK,EAAA,EAAE,CAAE,CAAA,KAAA,CAAM,IAAI,CAAA,CAAA;AAC5D,CAAA;AAEA,eAAsB,oBACpB,aACA,EAAA,UAAA,EACA,QACA,aACA,EAAA,GAAA,EACAA,eACA,UACe,EAAA;AACf,EAAA,aAAA,CAAc,KAAK,CAAC,CAAA,EAAG,MAAM,CAAE,CAAA,aAAA,CAAc,CAAC,CAAC,CAAA,CAAA;AAC/C,EAAA,UAAA,CAAW,KAAK,CAAC,CAAA,EAAG,MAAM,CAAE,CAAA,aAAA,CAAc,CAAC,CAAC,CAAA,CAAA;AAC5C,EAAM,MAAA,OAAA,GAAUC,iBAAW,CAAA,aAAA,EAAe,UAAU,CAAA,CAAA;AAEpD,EAAA,MAAM,gBAA4B,EAAC,CAAA;AACnC,EAAA,KAAA,MAAW,eAAe,OAAS,EAAA;AACjC,IAAA,aAAA,CAAc,IAAK,CAAA,CAAC,WAAa,EAAA,aAAa,CAAC,CAAA,CAAA;AAAA,GACjD;AAEA,EAAI,IAAA,aAAA,CAAc,WAAW,CAAG,EAAA;AAC9B,IAAA,OAAA;AAAA,GACF;AAEA,EAAA,MAAM,YAAe,GAAA,EAAE,MAAQ,EAAA,UAAA,EAAY,aAAc,EAAA,CAAA;AACzD,EAAA,MAAM,GAAI,CAAA,sBAAA,CAAuB,aAAe,EAAA,YAAA,EAAc,KAAK,CAAA,CAAA;AAEnE,EAAM,MAAA,gBAAA,GAAmB,MAAM,GAAI,CAAA,yBAAA;AAAA,IACjC,CAAA;AAAA,IACA,aAAA;AAAA,GACF,CAAA;AACA,EAAA,MAAM,OACJ,GAAA,gBAAA,CAAiB,MAAS,GAAA,CAAA,GACtB,+BACA,GAAA,cAAA,CAAA;AACN,EAAA,MAAM,YACJ,gBAAiB,CAAA,MAAA,GAAS,CACtB,GAAAC,sBAAA,CAAW,cACXA,sBAAW,CAAA,WAAA,CAAA;AACjB,EAAA,MAAMF,cAAY,QAAwB,CAAA;AAAA,IACxC,OAAS,EAAAG,wBAAA;AAAA,IACT,OAAA;AAAA,IACA,SAAA;AAAA,IACA,QAAU,EAAA;AAAA,MACR,GAAG,YAAA;AAAA,MACH,SAAS,aAAc,CAAA,GAAA,CAAI,CAAM,EAAA,KAAA,EAAA,CAAG,CAAC,CAAC,CAAA;AAAA,KACxC;AAAA,IACA,KAAO,EAAAC,kCAAA;AAAA,IACP,MAAQ,EAAA,WAAA;AAAA,GACT,CAAA,CAAA;AACH,CAAA;AAEO,SAAS,uBAAuB,WAAwC,EAAA;AAC7E,EAAA,MAAM,CAAC,eAAA,EAAiB,UAAY,EAAA,MAAA,EAAQ,MAAM,CAAI,GAAA,WAAA,CAAA;AACtD,EAAA,OAAO,EAAE,eAAA,EAAiB,UAAY,EAAA,MAAA,EAAQ,MAAO,EAAA,CAAA;AACvD,CAAA;AAEgB,SAAA,eAAA,CACd,IACA,EAAA,IAAA,EACA,aACS,EAAA;AACT,EAAI,IAAA,QAAA,CAAA;AACJ,EAAI,IAAA,QAAA,CAAA;AACJ,EAAA,IAAI,aAAe,EAAA;AACjB,IAAM,MAAA,sBAAA,GAAgD,CAAC,MAAA,EAAQ,GAAQ,KAAA;AACrE,MAAA,KAAA,MAAW,SAAS,aAAe,EAAA;AACjC,QAAA,IAAI,QAAQ,KAAO,EAAA;AACjB,UAAO,OAAA,IAAA,CAAA;AAAA,SACT;AAAA,OACF;AACA,MAAO,OAAA,KAAA,CAAA;AAAA,KACT,CAAA;AACA,IAAW,QAAA,GAAAC,aAAA,CAAO,MAAM,sBAAsB,CAAA,CAAA;AAC9C,IAAW,QAAA,GAAAA,aAAA,CAAO,MAAM,sBAAsB,CAAA,CAAA;AAAA,GAChD;AAEA,EAAM,MAAA,UAAA,GAAaC,aAAO,CAAAC,cAAA,CAAQ,QAAY,IAAA,IAAI,GAAG,CAAC,CAAC,GAAG,CAAA,KAAM,GAAG,CAAA,CAAA;AACnE,EAAM,MAAA,UAAA,GAAaD,aAAO,CAAAC,cAAA,CAAQ,QAAY,IAAA,IAAI,GAAG,CAAC,CAAC,GAAG,CAAA,KAAM,GAAG,CAAA,CAAA;AAEnE,EAAO,OAAAC,cAAA,CAAQ,YAAY,UAAU,CAAA,CAAA;AACvC,CAAA;AAEO,SAAS,mBAAmB,MAA4C,EAAA;AAC7E,EAAA,OAAO,CAAC,QAAU,EAAA,MAAA,EAAQ,QAAU,EAAA,QAAA,EAAU,KAAK,CAAE,CAAA,QAAA;AAAA,IACnD,MAAA;AAAA,GACF,CAAA;AACF,CAAA;AAEsB,eAAA,kBAAA,CACpB,UACA,YAC0C,EAAA;AAC1C,EAAA,OAAO,MAAM,QAAS,CAAA,MAAA;AAAA,IACpB,OACE,KACA,MAC6C,KAAA;AAC7C,MAAM,MAAA,aAAA,GAAgB,OAAO,CAAC,CAAA,CAAA;AAC9B,MAAA,MAAM,cAAc,MAAM,GAAA,CAAA;AAC1B,MAAA,IAAI,CAAC,WAAA,CAAY,GAAI,CAAA,aAAa,CAAG,EAAA;AACnC,QAAA,MAAM,QAAW,GAAA,MAAM,YAAa,CAAA,gBAAA,CAAiB,aAAa,CAAA,CAAA;AAClE,QAAY,WAAA,CAAA,GAAA,CAAI,aAAe,EAAA,QAAA,EAAU,MAAM,CAAA,CAAA;AAAA,OACjD;AACA,MAAO,OAAA,WAAA,CAAA;AAAA,KACT;AAAA,IACA,OAAQ,CAAA,OAAA,iBAAY,IAAA,GAAA,EAAiC,CAAA;AAAA,GACvD,CAAA;AACF,CAAA;AAEgB,SAAA,iBAAA,CACd,iBACA,WACiB,EAAA;AACjB,EAAM,MAAA,cAAA,GAAkC,EAAE,GAAG,eAAgB,EAAA,CAAA;AAC7D,EAAA,cAAA,CAAe,eACb,WAAY,CAAA,YAAA,IAAA,iBAAoB,IAAA,IAAA,IAAO,WAAY,EAAA,CAAA;AACrD,EAAA,cAAA,CAAe,aAAa,WAAY,CAAA,UAAA,CAAA;AACxC,EAAe,cAAA,CAAA,WAAA,GACb,WAAY,CAAA,WAAA,IAAe,eAAgB,CAAA,WAAA,CAAA;AAC7C,EAAA,cAAA,CAAe,gBAAgB,WAAY,CAAA,aAAA,CAAA;AAC3C,EAAA,cAAA,CAAe,SAAS,WAAY,CAAA,MAAA,CAAA;AACpC,EAAO,OAAA,cAAA,CAAA;AACT,CAAA;AAEsB,eAAA,uBAAA,CACpB,mBACA,EAAA,kBAAA,EACA,IACwD,EAAA;AACxD,EAAA,MAAM,EAAE,KAAA,EAAU,GAAA,MAAM,KAAK,qBAAsB,CAAA;AAAA,IACjD,UAAA,EAAY,MAAM,IAAA,CAAK,wBAAyB,EAAA;AAAA,IAChD,gBAAgB,mBAAoB,CAAA,QAAA;AAAA,GACrC,CAAA,CAAA;AAED,EAAM,MAAA,IAAA,GACJ,MAAM,kBAAmB,CAAA,qBAAA;AAAA,IACvB,mBAAoB,CAAA,QAAA;AAAA,IACpB,KAAA;AAAA,GACF,CAAA;AACF,EAAI,IAAA,CAAC,MAAM,WAAa,EAAA;AACtB,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,yCAAA,EAA4C,oBAAoB,QAAQ,CAAA,CAAA;AAAA,KAC1E,CAAA;AAAA,GACF;AAEA,EAAA,MAAM,WAA6B,EAAC,CAAA;AACpC,EAAW,KAAA,MAAA,MAAA,IAAU,oBAAoB,iBAAmB,EAAA;AAC1D,IAAM,MAAA,IAAA,GAAO,KAAK,WAAY,CAAA,IAAA;AAAA,MAC5B,CACE,UAAA,KAAA,UAAA,CAAW,IAAS,KAAA,UAAA,KACnB,MAAW,KAAA,UAAA,CAAW,UAAW,CAAA,MAAA,IAC/B,MAAW,KAAA,KAAA,IAAS,UAAW,CAAA,UAAA,CAAW,MAAW,KAAA,KAAA,CAAA,CAAA;AAAA,KAC5D,CAAA;AACA,IAAA,IAAI,CAAC,IAAM,EAAA;AACT,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,uEACE,mBAAoB,CAAA,YACtB,gBAAgB,IAAK,CAAA,SAAA,CAAU,MAAM,CAAC,CAAA,CAAA;AAAA,OACxC,CAAA;AAAA,KACF;AACA,IAAA,QAAA,CAAS,KAAK,EAAE,IAAA,EAAM,IAAK,CAAA,IAAA,EAAM,QAAQ,CAAA,CAAA;AAAA,GAC3C;AAEA,EAAO,OAAA;AAAA,IACL,GAAG,mBAAA;AAAA,IACH,iBAAmB,EAAA,QAAA;AAAA,GACrB,CAAA;AACF,CAAA;AAEO,SAAS,SAAS,KAAiB,EAAA;AACxC,EAAI,IAAAC,cAAA,CAAQ,KAAK,CAAG,EAAA;AAClB,IAAA,OAAOH,aAAO,CAAA,KAAA,CAAM,GAAI,CAAA,QAAQ,CAAC,CAAA,CAAA;AAAA,GACnC,MAAA,IAAWI,oBAAc,CAAA,KAAK,CAAG,EAAA;AAC/B,IAAO,OAAAC,gBAAA;AAAA,MACLL,aAAA;AAAA,QACEC,cAAQ,CAAA,KAAK,CAAE,CAAA,GAAA,CAAI,CAAC,CAAC,CAAA,EAAG,CAAC,CAAA,KAAqB,CAAC,CAAA,EAAG,QAAS,CAAA,CAAC,CAAC,CAAC,CAAA;AAAA,QAC9D,CAAA;AAAA,OACF;AAAA,KACF,CAAA;AAAA,GACF;AACA,EAAO,OAAA,KAAA,CAAA;AACT,CAAA;AAEgB,SAAA,aAAA,CAAc,MAAW,IAAoB,EAAA;AAC3D,EAAA,OAAOC,eAAQ,QAAS,CAAA,IAAI,CAAG,EAAA,QAAA,CAAS,IAAI,CAAC,CAAA,CAAA;AAC/C;;;;;;;;;;;;;;;;;"}

package/dist/index.cjs.js ADDED Viewed

@@ -0,0 +1,14 @@
+'use strict';
+Object.defineProperty(exports, '__esModule', { value: true });
+var router = require('./service/router.cjs.js');
+var policyBuilder = require('./service/policy-builder.cjs.js');
+var plugin = require('./plugin.cjs.js');
+exports.createRouter = router.createRouter;
+exports.PolicyBuilder = policyBuilder.PolicyBuilder;
+exports.default = plugin.rbacPlugin;
+//# sourceMappingURL=index.cjs.js.map

package/dist/index.cjs.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.cjs.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;;;;;"}

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,45 @@
+import * as _backstage_backend_plugin_api from '@backstage/backend-plugin-api';
+import { LoggerService, DiscoveryService, AuthService, HttpAuthService, UserInfoService, LifecycleService } from '@backstage/backend-plugin-api';
+import { Config } from '@backstage/config';
+import express, { Router } from 'express';
+import { PermissionEvaluator } from '@backstage/plugin-permission-common';
+import { PermissionPolicy } from '@backstage/plugin-permission-node';
+import { PluginIdProvider, RBACProvider } from '@backstage-community/plugin-rbac-node';
+export { PluginIdProvider } from '@backstage-community/plugin-rbac-node';
+interface RouterOptions {
+    logger: LoggerService;
+    config: Config;
+}
+declare function createRouter(options: RouterOptions): Promise<express.Router>;
+type EnvOptions = {
+    config: Config;
+    logger: LoggerService;
+    discovery: DiscoveryService;
+    permissions: PermissionEvaluator;
+    auth: AuthService;
+    httpAuth: HttpAuthService;
+    userInfo: UserInfoService;
+    lifecycle: LifecycleService;
+};
+type RBACRouterOptions = {
+    config: Config;
+    logger: LoggerService;
+    discovery: DiscoveryService;
+    policy: PermissionPolicy;
+    auth: AuthService;
+    httpAuth: HttpAuthService;
+    userInfo: UserInfoService;
+};
+declare class PolicyBuilder {
+    static build(env: EnvOptions, pluginIdProvider?: PluginIdProvider, rbacProviders?: Array<RBACProvider>): Promise<Router>;
+}
+/**
+ * RBAC plugin
+ *
+ */
+declare const rbacPlugin: _backstage_backend_plugin_api.BackendFeature;
+export { type EnvOptions, PolicyBuilder, type RBACRouterOptions, type RouterOptions, createRouter, rbacPlugin as default };

package/dist/plugin.cjs.js ADDED Viewed

@@ -0,0 +1,79 @@
+'use strict';
+var backendPluginApi = require('@backstage/backend-plugin-api');
+var pluginRbacBackend = require('@backstage-community/plugin-rbac-backend');
+var pluginRbacNode = require('@backstage-community/plugin-rbac-node');
+const rbacPlugin = backendPluginApi.createBackendPlugin({
+  pluginId: "permission",
+  register(env) {
+    const pluginIdProviderExtensionPointImpl = new class PluginIdProviderImpl {
+      pluginIdProviders = [];
+      addPluginIdProvider(pluginIdProvider) {
+        this.pluginIdProviders.push(pluginIdProvider);
+      }
+    }();
+    env.registerExtensionPoint(
+      pluginRbacNode.pluginIdProviderExtensionPoint,
+      pluginIdProviderExtensionPointImpl
+    );
+    const rbacProviders = new Array();
+    env.registerExtensionPoint(pluginRbacNode.rbacProviderExtensionPoint, {
+      addRBACProvider(...providers) {
+        rbacProviders.push(...providers.flat());
+      }
+    });
+    env.registerInit({
+      deps: {
+        http: backendPluginApi.coreServices.httpRouter,
+        config: backendPluginApi.coreServices.rootConfig,
+        logger: backendPluginApi.coreServices.logger,
+        discovery: backendPluginApi.coreServices.discovery,
+        permissions: backendPluginApi.coreServices.permissions,
+        auth: backendPluginApi.coreServices.auth,
+        httpAuth: backendPluginApi.coreServices.httpAuth,
+        userInfo: backendPluginApi.coreServices.userInfo,
+        lifecycle: backendPluginApi.coreServices.lifecycle
+      },
+      async init({
+        http,
+        config,
+        logger,
+        discovery,
+        permissions,
+        auth,
+        httpAuth,
+        userInfo,
+        lifecycle
+      }) {
+        http.use(
+          await pluginRbacBackend.PolicyBuilder.build(
+            {
+              config,
+              logger,
+              discovery,
+              permissions,
+              auth,
+              httpAuth,
+              userInfo,
+              lifecycle
+            },
+            {
+              getPluginIds: () => Array.from(
+                new Set(
+                  pluginIdProviderExtensionPointImpl.pluginIdProviders.flatMap(
+                    (p) => p.getPluginIds()
+                  )
+                )
+              )
+            },
+            rbacProviders
+          )
+        );
+      }
+    });
+  }
+});
+exports.rbacPlugin = rbacPlugin;
+//# sourceMappingURL=plugin.cjs.js.map

package/dist/plugin.cjs.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"plugin.cjs.js","sources":["../src/plugin.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport {\n coreServices,\n createBackendPlugin,\n} from '@backstage/backend-plugin-api';\n\nimport { PolicyBuilder } from '@backstage-community/plugin-rbac-backend';\nimport {\n PluginIdProvider,\n PluginIdProviderExtensionPoint,\n pluginIdProviderExtensionPoint,\n RBACProvider,\n rbacProviderExtensionPoint,\n} from '@backstage-community/plugin-rbac-node';\n\n/**\n * RBAC plugin\n *\n */\nexport const rbacPlugin = createBackendPlugin({\n pluginId: 'permission',\n register(env) {\n const pluginIdProviderExtensionPointImpl = new (class PluginIdProviderImpl\n implements PluginIdProviderExtensionPoint\n {\n pluginIdProviders: PluginIdProvider[] = [];\n\n addPluginIdProvider(pluginIdProvider: PluginIdProvider): void {\n this.pluginIdProviders.push(pluginIdProvider);\n }\n })();\n\n env.registerExtensionPoint(\n pluginIdProviderExtensionPoint,\n pluginIdProviderExtensionPointImpl,\n );\n\n const rbacProviders = new Array<RBACProvider>();\n\n env.registerExtensionPoint(rbacProviderExtensionPoint, {\n addRBACProvider(\n ...providers: Array<RBACProvider | Array<RBACProvider>>\n ): void {\n rbacProviders.push(...providers.flat());\n },\n });\n\n env.registerInit({\n deps: {\n http: coreServices.httpRouter,\n config: coreServices.rootConfig,\n logger: coreServices.logger,\n discovery: coreServices.discovery,\n permissions: coreServices.permissions,\n auth: coreServices.auth,\n httpAuth: coreServices.httpAuth,\n userInfo: coreServices.userInfo,\n lifecycle: coreServices.lifecycle,\n },\n async init({\n http,\n config,\n logger,\n discovery,\n permissions,\n auth,\n httpAuth,\n userInfo,\n lifecycle,\n }) {\n http.use(\n await PolicyBuilder.build(\n {\n config,\n logger,\n discovery,\n permissions,\n auth,\n httpAuth,\n userInfo,\n lifecycle,\n },\n {\n getPluginIds: () =>\n Array.from(\n new Set(\n pluginIdProviderExtensionPointImpl.pluginIdProviders.flatMap(\n p => p.getPluginIds(),\n ),\n ),\n ),\n },\n rbacProviders,\n ),\n );\n },\n });\n },\n});\n"],"names":["createBackendPlugin","pluginIdProviderExtensionPoint","rbacProviderExtensionPoint","coreServices","PolicyBuilder"],"mappings":";;;;;;AAiCO,MAAM,aAAaA,oCAAoB,CAAA;AAAA,EAC5C,QAAU,EAAA,YAAA;AAAA,EACV,SAAS,GAAK,EAAA;AACZ,IAAM,MAAA,kCAAA,GAAqC,IAAK,MAAM,oBAEtD,CAAA;AAAA,MACE,oBAAwC,EAAC,CAAA;AAAA,MAEzC,oBAAoB,gBAA0C,EAAA;AAC5D,QAAK,IAAA,CAAA,iBAAA,CAAkB,KAAK,gBAAgB,CAAA,CAAA;AAAA,OAC9C;AAAA,KACC,EAAA,CAAA;AAEH,IAAI,GAAA,CAAA,sBAAA;AAAA,MACFC,6CAAA;AAAA,MACA,kCAAA;AAAA,KACF,CAAA;AAEA,IAAM,MAAA,aAAA,GAAgB,IAAI,KAAoB,EAAA,CAAA;AAE9C,IAAA,GAAA,CAAI,uBAAuBC,yCAA4B,EAAA;AAAA,MACrD,mBACK,SACG,EAAA;AACN,QAAA,aAAA,CAAc,IAAK,CAAA,GAAG,SAAU,CAAA,IAAA,EAAM,CAAA,CAAA;AAAA,OACxC;AAAA,KACD,CAAA,CAAA;AAED,IAAA,GAAA,CAAI,YAAa,CAAA;AAAA,MACf,IAAM,EAAA;AAAA,QACJ,MAAMC,6BAAa,CAAA,UAAA;AAAA,QACnB,QAAQA,6BAAa,CAAA,UAAA;AAAA,QACrB,QAAQA,6BAAa,CAAA,MAAA;AAAA,QACrB,WAAWA,6BAAa,CAAA,SAAA;AAAA,QACxB,aAAaA,6BAAa,CAAA,WAAA;AAAA,QAC1B,MAAMA,6BAAa,CAAA,IAAA;AAAA,QACnB,UAAUA,6BAAa,CAAA,QAAA;AAAA,QACvB,UAAUA,6BAAa,CAAA,QAAA;AAAA,QACvB,WAAWA,6BAAa,CAAA,SAAA;AAAA,OAC1B;AAAA,MACA,MAAM,IAAK,CAAA;AAAA,QACT,IAAA;AAAA,QACA,MAAA;AAAA,QACA,MAAA;AAAA,QACA,SAAA;AAAA,QACA,WAAA;AAAA,QACA,IAAA;AAAA,QACA,QAAA;AAAA,QACA,QAAA;AAAA,QACA,SAAA;AAAA,OACC,EAAA;AACD,QAAK,IAAA,CAAA,GAAA;AAAA,UACH,MAAMC,+BAAc,CAAA,KAAA;AAAA,YAClB;AAAA,cACE,MAAA;AAAA,cACA,MAAA;AAAA,cACA,SAAA;AAAA,cACA,WAAA;AAAA,cACA,IAAA;AAAA,cACA,QAAA;AAAA,cACA,QAAA;AAAA,cACA,SAAA;AAAA,aACF;AAAA,YACA;AAAA,cACE,YAAA,EAAc,MACZ,KAAM,CAAA,IAAA;AAAA,gBACJ,IAAI,GAAA;AAAA,kBACF,mCAAmC,iBAAkB,CAAA,OAAA;AAAA,oBACnD,CAAA,CAAA,KAAK,EAAE,YAAa,EAAA;AAAA,mBACtB;AAAA,iBACF;AAAA,eACF;AAAA,aACJ;AAAA,YACA,aAAA;AAAA,WACF;AAAA,SACF,CAAA;AAAA,OACF;AAAA,KACD,CAAA,CAAA;AAAA,GACH;AACF,CAAC;;;;"}

package/dist/policies/allow-all-policy.cjs.js ADDED Viewed

@@ -0,0 +1,12 @@
+'use strict';
+var pluginPermissionCommon = require('@backstage/plugin-permission-common');
+class AllowAllPolicy {
+  async handle(_request, _user) {
+    return { result: pluginPermissionCommon.AuthorizeResult.ALLOW };
+  }
+}
+exports.AllowAllPolicy = AllowAllPolicy;
+//# sourceMappingURL=allow-all-policy.cjs.js.map

package/dist/policies/allow-all-policy.cjs.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"allow-all-policy.cjs.js","sources":["../../src/policies/allow-all-policy.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport {\n AuthorizeResult,\n PolicyDecision,\n} from '@backstage/plugin-permission-common';\nimport {\n PermissionPolicy,\n PolicyQuery,\n PolicyQueryUser,\n} from '@backstage/plugin-permission-node';\n\nexport class AllowAllPolicy implements PermissionPolicy {\n async handle(\n _request: PolicyQuery,\n _user?: PolicyQueryUser,\n ): Promise<PolicyDecision> {\n return { result: AuthorizeResult.ALLOW };\n }\n}\n"],"names":["AuthorizeResult"],"mappings":";;;;AAyBO,MAAM,cAA2C,CAAA;AAAA,EACtD,MAAM,MACJ,CAAA,QAAA,EACA,KACyB,EAAA;AACzB,IAAO,OAAA,EAAE,MAAQ,EAAAA,sCAAA,CAAgB,KAAM,EAAA,CAAA;AAAA,GACzC;AACF;;;;"}