@drodil/backstage-plugin-qeta-node 3.24.5 → 3.25.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -13,7 +13,7 @@ class DefaultQetaPermissionPolicy {
|
|
|
13
13
|
return { result: pluginPermissionCommon.AuthorizeResult.DENY };
|
|
14
14
|
}
|
|
15
15
|
const moderators = this.config?.getOptionalStringArray("qeta.moderators") ?? [];
|
|
16
|
-
if (moderators.includes(user.identity.userEntityRef) || user.identity.ownershipEntityRefs.some((ref) => moderators.includes(ref))) {
|
|
16
|
+
if (pluginPermissionCommon.isPermission(request.permission, backstagePluginQetaCommon.qetaModeratePermission) && (moderators.includes(user.identity.userEntityRef) || user.identity.ownershipEntityRefs.some((ref) => moderators.includes(ref)))) {
|
|
17
17
|
return { result: pluginPermissionCommon.AuthorizeResult.ALLOW };
|
|
18
18
|
}
|
|
19
19
|
if (request.permission.attributes.action === "create" || request.permission.attributes.action === "read") {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"defaultPermissionPolicy.cjs.js","sources":["../src/defaultPermissionPolicy.ts"],"sourcesContent":["/*\n * SPDX-FileCopyrightText: Copyright 2024 OP Financial Group (https://op.fi). All Rights Reserved.\n * SPDX-License-Identifier: LicenseRef-OpAllRightsReserved\n */\nimport { BackstageIdentityResponse } from '@backstage/plugin-auth-node';\nimport {\n AuthorizeResult,\n isResourcePermission,\n isUpdatePermission,\n PolicyDecision,\n} from '@backstage/plugin-permission-common';\nimport {\n PermissionPolicy,\n PolicyQuery,\n} from '@backstage/plugin-permission-node';\nimport {\n ANSWER_RESOURCE_TYPE,\n COLLECTION_RESOUCE_TYPE,\n COMMENT_RESOURCE_TYPE,\n POST_RESOURCE_TYPE,\n TAG_RESOURCE_TYPE,\n} from '@drodil/backstage-plugin-qeta-common';\nimport {\n answerAuthorConditionFactory,\n collectionOwnerConditionFactory,\n commentAuthorConditionFactory,\n createAnswerConditionalDecision,\n createCollectionConditionalDecision,\n createCommentConditionalDecision,\n createPostConditionalDecision,\n postAuthorConditionFactory,\n} from '@drodil/backstage-plugin-qeta-node';\nimport { Config } from '@backstage/config';\n\nexport class DefaultQetaPermissionPolicy implements PermissionPolicy {\n constructor(private readonly config?: Config) {}\n\n async handle(\n request: PolicyQuery,\n user?: BackstageIdentityResponse,\n ): Promise<PolicyDecision> {\n // We cannot do anything without a user\n if (!user) {\n return { result: AuthorizeResult.DENY };\n }\n\n // Moderators can modify anything\n const moderators =\n this.config?.getOptionalStringArray('qeta.moderators') ?? [];\n if (\n moderators.includes(user.identity.userEntityRef) ||\n
|
|
1
|
+
{"version":3,"file":"defaultPermissionPolicy.cjs.js","sources":["../src/defaultPermissionPolicy.ts"],"sourcesContent":["/*\n * SPDX-FileCopyrightText: Copyright 2024 OP Financial Group (https://op.fi). All Rights Reserved.\n * SPDX-License-Identifier: LicenseRef-OpAllRightsReserved\n */\nimport { BackstageIdentityResponse } from '@backstage/plugin-auth-node';\nimport {\n AuthorizeResult,\n isPermission,\n isResourcePermission,\n isUpdatePermission,\n PolicyDecision,\n} from '@backstage/plugin-permission-common';\nimport {\n PermissionPolicy,\n PolicyQuery,\n} from '@backstage/plugin-permission-node';\nimport {\n ANSWER_RESOURCE_TYPE,\n COLLECTION_RESOUCE_TYPE,\n COMMENT_RESOURCE_TYPE,\n POST_RESOURCE_TYPE,\n qetaModeratePermission,\n TAG_RESOURCE_TYPE,\n} from '@drodil/backstage-plugin-qeta-common';\nimport {\n answerAuthorConditionFactory,\n collectionOwnerConditionFactory,\n commentAuthorConditionFactory,\n createAnswerConditionalDecision,\n createCollectionConditionalDecision,\n createCommentConditionalDecision,\n createPostConditionalDecision,\n postAuthorConditionFactory,\n} from '@drodil/backstage-plugin-qeta-node';\nimport { Config } from '@backstage/config';\n\nexport class DefaultQetaPermissionPolicy implements PermissionPolicy {\n constructor(private readonly config?: Config) {}\n\n async handle(\n request: PolicyQuery,\n user?: BackstageIdentityResponse,\n ): Promise<PolicyDecision> {\n // We cannot do anything without a user\n if (!user) {\n return { result: AuthorizeResult.DENY };\n }\n\n // Moderators can modify anything\n const moderators =\n this.config?.getOptionalStringArray('qeta.moderators') ?? [];\n if (\n isPermission(request.permission, qetaModeratePermission) &&\n (moderators.includes(user.identity.userEntityRef) ||\n user.identity.ownershipEntityRefs.some(ref => moderators.includes(ref)))\n ) {\n return { result: AuthorizeResult.ALLOW };\n }\n\n if (\n request.permission.attributes.action === 'create' ||\n request.permission.attributes.action === 'read'\n ) {\n return { result: AuthorizeResult.ALLOW };\n }\n\n // Allow updating and deleting only own posts/answers/comments\n if (\n request.permission.attributes.action === 'update' ||\n request.permission.attributes.action === 'delete'\n ) {\n if (isResourcePermission(request.permission, POST_RESOURCE_TYPE)) {\n return createPostConditionalDecision(request.permission, {\n allOf: [\n // Can edit and delete own questions\n postAuthorConditionFactory({\n userRef: user.identity.userEntityRef,\n }),\n ],\n });\n }\n\n if (isResourcePermission(request.permission, ANSWER_RESOURCE_TYPE)) {\n return createAnswerConditionalDecision(request.permission, {\n allOf: [\n answerAuthorConditionFactory({\n userRef: user.identity.userEntityRef,\n }),\n ],\n });\n }\n\n // Allow deleting and updating only own comments\n if (isResourcePermission(request.permission, COMMENT_RESOURCE_TYPE)) {\n return createCommentConditionalDecision(request.permission, {\n allOf: [\n commentAuthorConditionFactory({\n userRef: user.identity.userEntityRef,\n }),\n ],\n });\n }\n\n // Allow deleting and updating only own collections\n if (isResourcePermission(request.permission, COLLECTION_RESOUCE_TYPE)) {\n return createCollectionConditionalDecision(request.permission, {\n allOf: [\n collectionOwnerConditionFactory({\n userRef: user.identity.userEntityRef,\n }),\n ],\n });\n }\n\n // Allow updating any tag by anyone\n if (\n isResourcePermission(request.permission, TAG_RESOURCE_TYPE) &&\n isUpdatePermission(request.permission)\n ) {\n return { result: AuthorizeResult.ALLOW };\n }\n }\n\n return { result: AuthorizeResult.DENY };\n }\n}\n"],"names":["AuthorizeResult","isPermission","qetaModeratePermission","isResourcePermission","POST_RESOURCE_TYPE","createPostConditionalDecision","postAuthorConditionFactory","ANSWER_RESOURCE_TYPE","createAnswerConditionalDecision","answerAuthorConditionFactory","COMMENT_RESOURCE_TYPE","createCommentConditionalDecision","commentAuthorConditionFactory","COLLECTION_RESOUCE_TYPE","createCollectionConditionalDecision","collectionOwnerConditionFactory","TAG_RESOURCE_TYPE","isUpdatePermission"],"mappings":";;;;;;AAoCO,MAAM,2BAAwD,CAAA;AAAA,EACnE,YAA6B,MAAiB,EAAA;AAAjB,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AAAA;AAAkB,EAE/C,MAAM,MACJ,CAAA,OAAA,EACA,IACyB,EAAA;AAEzB,IAAA,IAAI,CAAC,IAAM,EAAA;AACT,MAAO,OAAA,EAAE,MAAQ,EAAAA,sCAAA,CAAgB,IAAK,EAAA;AAAA;AAIxC,IAAA,MAAM,aACJ,IAAK,CAAA,MAAA,EAAQ,sBAAuB,CAAA,iBAAiB,KAAK,EAAC;AAC7D,IACE,IAAAC,mCAAA,CAAa,QAAQ,UAAY,EAAAC,gDAAsB,MACtD,UAAW,CAAA,QAAA,CAAS,KAAK,QAAS,CAAA,aAAa,KAC9C,IAAK,CAAA,QAAA,CAAS,oBAAoB,IAAK,CAAA,CAAA,GAAA,KAAO,WAAW,QAAS,CAAA,GAAG,CAAC,CACxE,CAAA,EAAA;AACA,MAAO,OAAA,EAAE,MAAQ,EAAAF,sCAAA,CAAgB,KAAM,EAAA;AAAA;AAGzC,IACE,IAAA,OAAA,CAAQ,WAAW,UAAW,CAAA,MAAA,KAAW,YACzC,OAAQ,CAAA,UAAA,CAAW,UAAW,CAAA,MAAA,KAAW,MACzC,EAAA;AACA,MAAO,OAAA,EAAE,MAAQ,EAAAA,sCAAA,CAAgB,KAAM,EAAA;AAAA;AAIzC,IACE,IAAA,OAAA,CAAQ,WAAW,UAAW,CAAA,MAAA,KAAW,YACzC,OAAQ,CAAA,UAAA,CAAW,UAAW,CAAA,MAAA,KAAW,QACzC,EAAA;AACA,MAAA,IAAIG,2CAAqB,CAAA,OAAA,CAAQ,UAAY,EAAAC,4CAAkB,CAAG,EAAA;AAChE,QAAO,OAAAC,qDAAA,CAA8B,QAAQ,UAAY,EAAA;AAAA,UACvD,KAAO,EAAA;AAAA;AAAA,YAELC,kDAA2B,CAAA;AAAA,cACzB,OAAA,EAAS,KAAK,QAAS,CAAA;AAAA,aACxB;AAAA;AACH,SACD,CAAA;AAAA;AAGH,MAAA,IAAIH,2CAAqB,CAAA,OAAA,CAAQ,UAAY,EAAAI,8CAAoB,CAAG,EAAA;AAClE,QAAO,OAAAC,uDAAA,CAAgC,QAAQ,UAAY,EAAA;AAAA,UACzD,KAAO,EAAA;AAAA,YACLC,oDAA6B,CAAA;AAAA,cAC3B,OAAA,EAAS,KAAK,QAAS,CAAA;AAAA,aACxB;AAAA;AACH,SACD,CAAA;AAAA;AAIH,MAAA,IAAIN,2CAAqB,CAAA,OAAA,CAAQ,UAAY,EAAAO,+CAAqB,CAAG,EAAA;AACnE,QAAO,OAAAC,wDAAA,CAAiC,QAAQ,UAAY,EAAA;AAAA,UAC1D,KAAO,EAAA;AAAA,YACLC,qDAA8B,CAAA;AAAA,cAC5B,OAAA,EAAS,KAAK,QAAS,CAAA;AAAA,aACxB;AAAA;AACH,SACD,CAAA;AAAA;AAIH,MAAA,IAAIT,2CAAqB,CAAA,OAAA,CAAQ,UAAY,EAAAU,iDAAuB,CAAG,EAAA;AACrE,QAAO,OAAAC,2DAAA,CAAoC,QAAQ,UAAY,EAAA;AAAA,UAC7D,KAAO,EAAA;AAAA,YACLC,uDAAgC,CAAA;AAAA,cAC9B,OAAA,EAAS,KAAK,QAAS,CAAA;AAAA,aACxB;AAAA;AACH,SACD,CAAA;AAAA;AAIH,MACE,IAAAZ,2CAAA,CAAqB,QAAQ,UAAY,EAAAa,2CAAiB,KAC1DC,yCAAmB,CAAA,OAAA,CAAQ,UAAU,CACrC,EAAA;AACA,QAAO,OAAA,EAAE,MAAQ,EAAAjB,sCAAA,CAAgB,KAAM,EAAA;AAAA;AACzC;AAGF,IAAO,OAAA,EAAE,MAAQ,EAAAA,sCAAA,CAAgB,IAAK,EAAA;AAAA;AAE1C;;;;"}
|
package/package.json
CHANGED
|
@@ -7,7 +7,7 @@
|
|
|
7
7
|
"backstage.io",
|
|
8
8
|
"node"
|
|
9
9
|
],
|
|
10
|
-
"version": "3.
|
|
10
|
+
"version": "3.25.0",
|
|
11
11
|
"main": "dist/index.cjs.js",
|
|
12
12
|
"types": "dist/index.d.ts",
|
|
13
13
|
"prepublishOnly": "yarn tsc && yarn build",
|
|
@@ -47,20 +47,27 @@
|
|
|
47
47
|
"tsc": "tsc"
|
|
48
48
|
},
|
|
49
49
|
"devDependencies": {
|
|
50
|
-
"@backstage/cli": "^0.
|
|
50
|
+
"@backstage/cli": "^0.32.0"
|
|
51
51
|
},
|
|
52
52
|
"files": [
|
|
53
53
|
"dist"
|
|
54
54
|
],
|
|
55
55
|
"dependencies": {
|
|
56
|
-
"@backstage/backend-plugin-api": "^1.
|
|
56
|
+
"@backstage/backend-plugin-api": "^1.3.0",
|
|
57
57
|
"@backstage/catalog-client": "^1.9.1",
|
|
58
58
|
"@backstage/catalog-model": "^1.7.3",
|
|
59
59
|
"@backstage/config": "^1.3.2",
|
|
60
|
-
"@backstage/plugin-auth-node": "^0.6.
|
|
60
|
+
"@backstage/plugin-auth-node": "^0.6.2",
|
|
61
61
|
"@backstage/plugin-permission-common": "^0.8.4",
|
|
62
|
-
"@backstage/plugin-permission-node": "^0.9.
|
|
63
|
-
"@drodil/backstage-plugin-qeta-common": "^3.
|
|
62
|
+
"@backstage/plugin-permission-node": "^0.9.1",
|
|
63
|
+
"@drodil/backstage-plugin-qeta-common": "^3.25.0",
|
|
64
64
|
"zod": "^3.22.4"
|
|
65
|
+
},
|
|
66
|
+
"typesVersions": {
|
|
67
|
+
"*": {
|
|
68
|
+
"package.json": [
|
|
69
|
+
"package.json"
|
|
70
|
+
]
|
|
71
|
+
}
|
|
65
72
|
}
|
|
66
73
|
}
|