@backstage/plugin-catalog-backend 1.1.0-next.2 → 1.1.0-next.3

package/CHANGELOG.md

@@ -1,5 +1,17 @@
 # @backstage/plugin-catalog-backend
 
+## 1.1.0-next.3
+
+### Patch Changes
+
+- 23646e51a5: Use new `PermissionEvaluator#authorizeConditional` method when retrieving permission conditions.
+- 48405ed232: Added `spec.profile.displayName` to search index for Group kinds
+- Updated dependencies
+  - @backstage/plugin-permission-common@0.6.0-next.1
+  - @backstage/plugin-permission-node@0.6.0-next.2
+  - @backstage/backend-common@0.13.2-next.2
+  - @backstage/integration@1.1.0-next.2
+
 ## 1.1.0-next.2
 
 ### Minor Changes

package/alpha/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@backstage/plugin-catalog-backend",
-  "version": "1.1.0-next.2",
+  "version": "1.1.0-next.3",
   "main": "../dist/index.cjs.js",
   "types": "../dist/index.alpha.d.ts"
 }

package/dist/index.alpha.d.ts

@@ -23,6 +23,7 @@ import { Permission } from '@backstage/plugin-permission-common';
 import { PermissionAuthorizer } from '@backstage/plugin-permission-common';
 import { PermissionCondition } from '@backstage/plugin-permission-common';
 import { PermissionCriteria } from '@backstage/plugin-permission-common';
+import { PermissionEvaluator } from '@backstage/plugin-permission-common';
 import { PermissionRule } from '@backstage/plugin-permission-node';
 import { PluginDatabaseManager } from '@backstage/backend-common';
 import { PluginEndpointDiscovery } from '@backstage/backend-common';
@@ -308,7 +309,7 @@ export declare type CatalogEnvironment = {
     database: PluginDatabaseManager;
     config: Config;
     reader: UrlReader;
-    permissions: PermissionAuthorizer;
+    permissions: PermissionEvaluator | PermissionAuthorizer;
 };
 
 /**
@@ -572,8 +573,6 @@ export declare class DefaultCatalogCollatorFactory implements DocumentCollatorFa
     private constructor();
     getCollator(): Promise<Readable>;
     private applyArgsToFormat;
-    private isUserEntity;
-    private getDocumentText;
     private execute;
 }
 

package/dist/index.beta.d.ts

@@ -23,6 +23,7 @@ import { Permission } from '@backstage/plugin-permission-common';
 import { PermissionAuthorizer } from '@backstage/plugin-permission-common';
 import { PermissionCondition } from '@backstage/plugin-permission-common';
 import { PermissionCriteria } from '@backstage/plugin-permission-common';
+import { PermissionEvaluator } from '@backstage/plugin-permission-common';
 import { PermissionRule } from '@backstage/plugin-permission-node';
 import { PluginDatabaseManager } from '@backstage/backend-common';
 import { PluginEndpointDiscovery } from '@backstage/backend-common';
@@ -287,7 +288,7 @@ export declare type CatalogEnvironment = {
     database: PluginDatabaseManager;
     config: Config;
     reader: UrlReader;
-    permissions: PermissionAuthorizer;
+    permissions: PermissionEvaluator | PermissionAuthorizer;
 };
 
 /* Excluded from this release type: CatalogPermissionRule */
@@ -506,8 +507,6 @@ export declare class DefaultCatalogCollatorFactory implements DocumentCollatorFa
     private constructor();
     getCollator(): Promise<Readable>;
     private applyArgsToFormat;
-    private isUserEntity;
-    private getDocumentText;
     private execute;
 }
 

package/dist/index.cjs.js

@@ -781,6 +781,24 @@ function createRandomProcessingInterval(options) {
   };
 }
 
+function isUserEntity(entity) {
+  return entity.kind.toLocaleUpperCase("en-US") === "USER";
+}
+function isGroupEntity(entity) {
+  return entity.kind.toLocaleUpperCase("en-US") === "GROUP";
+}
+function getDocumentText(entity) {
+  var _a, _b;
+  const documentTexts = [];
+  documentTexts.push(entity.metadata.description || "");
+  if (isUserEntity(entity) || isGroupEntity(entity)) {
+    if ((_b = (_a = entity.spec) == null ? void 0 : _a.profile) == null ? void 0 : _b.displayName) {
+      documentTexts.push(entity.spec.profile.displayName);
+    }
+  }
+  return documentTexts.join(" : ");
+}
+
 class DefaultCatalogCollatorFactory {
   constructor(options) {
     this.type = "software-catalog";
@@ -812,22 +830,6 @@ class DefaultCatalogCollatorFactory {
     }
     return formatted.toLowerCase();
   }
-  isUserEntity(entity) {
-    return entity.kind.toLocaleUpperCase("en-US") === "USER";
-  }
-  getDocumentText(entity) {
-    var _a, _b, _c, _d, _e, _f;
-    let documentText = entity.metadata.description || "";
-    if (this.isUserEntity(entity)) {
-      if (((_b = (_a = entity.spec) == null ? void 0 : _a.profile) == null ? void 0 : _b.displayName) && documentText) {
-        const displayName = (_d = (_c = entity.spec) == null ? void 0 : _c.profile) == null ? void 0 : _d.displayName;
-        documentText = displayName.concat(" : ", documentText);
-      } else {
-        documentText = ((_f = (_e = entity.spec) == null ? void 0 : _e.profile) == null ? void 0 : _f.displayName) || documentText;
-      }
-    }
-    return documentText;
-  }
   async *execute() {
     var _a, _b, _c, _d, _e, _f, _g;
     const { token } = await this.tokenManager.getToken();
@@ -849,7 +851,7 @@ class DefaultCatalogCollatorFactory {
             kind: entity.kind,
             name: entity.metadata.name
           }),
-          text: this.getDocumentText(entity),
+          text: getDocumentText(entity),
           componentType: ((_c = (_b = entity.spec) == null ? void 0 : _b.type) == null ? void 0 : _c.toString()) || "other",
           type: ((_e = (_d = entity.spec) == null ? void 0 : _d.type) == null ? void 0 : _e.toString()) || "other",
           namespace: entity.metadata.namespace || "default",
@@ -3243,7 +3245,7 @@ class AuthorizedEntitiesCatalog {
     this.transformConditions = transformConditions;
   }
   async entities(request) {
-    const authorizeDecision = (await this.permissionApi.authorize([{ permission: pluginCatalogCommon.catalogEntityReadPermission }], { token: request == null ? void 0 : request.authorizationToken }))[0];
+    const authorizeDecision = (await this.permissionApi.authorizeConditional([{ permission: pluginCatalogCommon.catalogEntityReadPermission }], { token: request == null ? void 0 : request.authorizationToken }))[0];
     if (authorizeDecision.result === pluginPermissionCommon.AuthorizeResult.DENY) {
       return {
         entities: [],
@@ -3260,7 +3262,7 @@ class AuthorizedEntitiesCatalog {
     return this.entitiesCatalog.entities(request);
   }
   async removeEntityByUid(uid, options) {
-    const authorizeResponse = (await this.permissionApi.authorize([{ permission: pluginCatalogCommon.catalogEntityDeletePermission }], { token: options == null ? void 0 : options.authorizationToken }))[0];
+    const authorizeResponse = (await this.permissionApi.authorizeConditional([{ permission: pluginCatalogCommon.catalogEntityDeletePermission }], { token: options == null ? void 0 : options.authorizationToken }))[0];
     if (authorizeResponse.result === pluginPermissionCommon.AuthorizeResult.DENY) {
       throw new errors.NotAllowedError();
     }
@@ -3299,7 +3301,7 @@ class AuthorizedEntitiesCatalog {
     };
   }
   async facets(request) {
-    const authorizeDecision = (await this.permissionApi.authorize([{ permission: pluginCatalogCommon.catalogEntityReadPermission }], { token: request == null ? void 0 : request.authorizationToken }))[0];
+    const authorizeDecision = (await this.permissionApi.authorizeConditional([{ permission: pluginCatalogCommon.catalogEntityReadPermission }], { token: request == null ? void 0 : request.authorizationToken }))[0];
     if (authorizeDecision.result === pluginPermissionCommon.AuthorizeResult.DENY) {
       return {
         facets: Object.fromEntries(request.facets.map((f) => [f, []]))
@@ -3472,7 +3474,14 @@ class CatalogBuilder {
       policy
     });
     const unauthorizedEntitiesCatalog = new DefaultEntitiesCatalog(dbClient);
-    const entitiesCatalog = new AuthorizedEntitiesCatalog(unauthorizedEntitiesCatalog, permissions, pluginPermissionNode.createConditionTransformer(this.permissionRules));
+    let permissionEvaluator;
+    if ("query" in permissions) {
+      permissionEvaluator = permissions;
+    } else {
+      logger.warn("PermissionAuthorizer is deprecated. Please use an instance of PermissionEvaluator instead of PermissionAuthorizer in PluginEnvironment#permissions");
+      permissionEvaluator = pluginPermissionCommon.toPermissionEvaluator(permissions);
+    }
+    const entitiesCatalog = new AuthorizedEntitiesCatalog(unauthorizedEntitiesCatalog, permissionEvaluator, pluginPermissionNode.createConditionTransformer(this.permissionRules));
     const permissionIntegrationRouter = pluginPermissionNode.createPermissionIntegrationRouter({
       resourceType: pluginCatalogCommon.RESOURCE_TYPE_CATALOG_ENTITY,
       getResources: async (resourceRefs) => {
@@ -3499,8 +3508,8 @@ class CatalogBuilder {
     const entityProviders = lodash__default["default"].uniqBy([...this.entityProviders, locationStore, configLocationProvider], (provider) => provider.getProviderName());
     const processingEngine = new DefaultCatalogProcessingEngine(logger, processingDatabase, orchestrator, stitcher, () => crypto.createHash("sha1"));
     const locationAnalyzer = (_b = this.locationAnalyzer) != null ? _b : new RepoLocationAnalyzer(logger, integrations);
-    const locationService = new AuthorizedLocationService(new DefaultLocationService(locationStore, orchestrator), permissions);
-    const refreshService = new AuthorizedRefreshService(new DefaultRefreshService({ database: processingDatabase }), permissions);
+    const locationService = new AuthorizedLocationService(new DefaultLocationService(locationStore, orchestrator), permissionEvaluator);
+    const refreshService = new AuthorizedRefreshService(new DefaultRefreshService({ database: processingDatabase }), permissionEvaluator);
     const router = await createRouter({
       entitiesCatalog,
       locationAnalyzer,