@drodil/backstage-plugin-qeta-node 3.50.0 → 3.51.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -16,6 +16,9 @@ class DefaultQetaPermissionPolicy {
|
|
|
16
16
|
if (pluginPermissionCommon.isPermission(request.permission, backstagePluginQetaCommon.qetaModeratePermission) && (moderators.includes(user.identity.userEntityRef) || user.identity.ownershipEntityRefs.some((ref) => moderators.includes(ref)))) {
|
|
17
17
|
return { result: pluginPermissionCommon.AuthorizeResult.ALLOW };
|
|
18
18
|
}
|
|
19
|
+
if (pluginPermissionCommon.isPermission(request.permission, backstagePluginQetaCommon.qetaReadPostReviewPermission) || pluginPermissionCommon.isPermission(request.permission, backstagePluginQetaCommon.qetaCreatePostReviewPermission) || pluginPermissionCommon.isPermission(request.permission, backstagePluginQetaCommon.qetaDeletePostReviewPermission)) {
|
|
20
|
+
return { result: pluginPermissionCommon.AuthorizeResult.DENY };
|
|
21
|
+
}
|
|
19
22
|
if (request.permission.attributes.action === "create" || request.permission.attributes.action === "read") {
|
|
20
23
|
return { result: pluginPermissionCommon.AuthorizeResult.ALLOW };
|
|
21
24
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"defaultPermissionPolicy.cjs.js","sources":["../src/defaultPermissionPolicy.ts"],"sourcesContent":["/*\n * SPDX-FileCopyrightText: Copyright 2024 OP Financial Group (https://op.fi). All Rights Reserved.\n * SPDX-License-Identifier: LicenseRef-OpAllRightsReserved\n */\nimport { BackstageIdentityResponse } from '@backstage/plugin-auth-node';\nimport {\n AuthorizeResult,\n isPermission,\n isResourcePermission,\n isUpdatePermission,\n PolicyDecision,\n} from '@backstage/plugin-permission-common';\nimport {\n PermissionPolicy,\n PolicyQuery,\n} from '@backstage/plugin-permission-node';\nimport {\n ANSWER_RESOURCE_TYPE,\n COLLECTION_RESOUCE_TYPE,\n COMMENT_RESOURCE_TYPE,\n POST_RESOURCE_TYPE,\n qetaModeratePermission,\n TAG_RESOURCE_TYPE,\n} from '@drodil/backstage-plugin-qeta-common';\nimport {\n answerAuthorConditionFactory,\n answerTagExpertConditionFactory,\n collectionOwnerConditionFactory,\n collectionTagExpertConditionFactory,\n commentAuthorConditionFactory,\n createAnswerConditionalDecision,\n createCollectionConditionalDecision,\n createCommentConditionalDecision,\n createPostConditionalDecision,\n postAuthorConditionFactory,\n postTagExpertConditionFactory,\n} from '@drodil/backstage-plugin-qeta-node';\nimport { Config } from '@backstage/config';\n\nexport class DefaultQetaPermissionPolicy implements PermissionPolicy {\n constructor(private readonly config?: Config) {}\n\n async handle(\n request: PolicyQuery,\n user?: BackstageIdentityResponse,\n ): Promise<PolicyDecision> {\n // We cannot do anything without a user\n if (!user) {\n return { result: AuthorizeResult.DENY };\n }\n\n // Moderators can modify anything\n const moderators =\n this.config?.getOptionalStringArray('qeta.moderators') ?? [];\n if (\n isPermission(request.permission, qetaModeratePermission) &&\n (moderators.includes(user.identity.userEntityRef) ||\n user.identity.ownershipEntityRefs.some(ref => moderators.includes(ref)))\n ) {\n return { result: AuthorizeResult.ALLOW };\n }\n\n if (\n request.permission.attributes.action === 'create' ||\n request.permission.attributes.action === 'read'\n ) {\n return { result: AuthorizeResult.ALLOW };\n }\n\n if (\n request.permission.attributes.action === 'update' ||\n request.permission.attributes.action === 'delete'\n ) {\n if (isResourcePermission(request.permission, POST_RESOURCE_TYPE)) {\n return createPostConditionalDecision(request.permission, {\n anyOf: [\n // Can edit and delete own questions\n postAuthorConditionFactory({\n userRef: user.identity.userEntityRef,\n }),\n // Can edit and delete if tag expert\n postTagExpertConditionFactory({\n userRef: user.identity.userEntityRef,\n }),\n ],\n });\n }\n\n if (isResourcePermission(request.permission, ANSWER_RESOURCE_TYPE)) {\n return createAnswerConditionalDecision(request.permission, {\n anyOf: [\n answerAuthorConditionFactory({\n userRef: user.identity.userEntityRef,\n }),\n answerTagExpertConditionFactory({\n userRef: user.identity.userEntityRef,\n }),\n ],\n });\n }\n\n // Allow deleting and updating only own comments\n if (isResourcePermission(request.permission, COMMENT_RESOURCE_TYPE)) {\n return createCommentConditionalDecision(request.permission, {\n allOf: [\n commentAuthorConditionFactory({\n userRef: user.identity.userEntityRef,\n }),\n ],\n });\n }\n\n if (isResourcePermission(request.permission, COLLECTION_RESOUCE_TYPE)) {\n return createCollectionConditionalDecision(request.permission, {\n anyOf: [\n // Allow deleting and updating only own collections\n collectionOwnerConditionFactory({\n userRef: user.identity.userEntityRef,\n }),\n // Allow deleting and updating if tag expert\n collectionTagExpertConditionFactory({\n userRef: user.identity.userEntityRef,\n }),\n ],\n });\n }\n\n // Allow updating any tag by anyone\n if (\n isResourcePermission(request.permission, TAG_RESOURCE_TYPE) &&\n isUpdatePermission(request.permission)\n ) {\n return { result: AuthorizeResult.ALLOW };\n }\n }\n\n return { result: AuthorizeResult.DENY };\n }\n}\n"],"names":["AuthorizeResult","isPermission","qetaModeratePermission","isResourcePermission","POST_RESOURCE_TYPE","createPostConditionalDecision","postAuthorConditionFactory","postTagExpertConditionFactory","ANSWER_RESOURCE_TYPE","createAnswerConditionalDecision","answerAuthorConditionFactory","answerTagExpertConditionFactory","COMMENT_RESOURCE_TYPE","createCommentConditionalDecision","commentAuthorConditionFactory","COLLECTION_RESOUCE_TYPE","createCollectionConditionalDecision","collectionOwnerConditionFactory","collectionTagExpertConditionFactory","TAG_RESOURCE_TYPE","isUpdatePermission"],"mappings":";;;;;;
|
|
1
|
+
{"version":3,"file":"defaultPermissionPolicy.cjs.js","sources":["../src/defaultPermissionPolicy.ts"],"sourcesContent":["/*\n * SPDX-FileCopyrightText: Copyright 2024 OP Financial Group (https://op.fi). All Rights Reserved.\n * SPDX-License-Identifier: LicenseRef-OpAllRightsReserved\n */\nimport { BackstageIdentityResponse } from '@backstage/plugin-auth-node';\nimport {\n AuthorizeResult,\n isPermission,\n isResourcePermission,\n isUpdatePermission,\n PolicyDecision,\n} from '@backstage/plugin-permission-common';\nimport {\n PermissionPolicy,\n PolicyQuery,\n} from '@backstage/plugin-permission-node';\nimport {\n ANSWER_RESOURCE_TYPE,\n COLLECTION_RESOUCE_TYPE,\n COMMENT_RESOURCE_TYPE,\n POST_RESOURCE_TYPE,\n qetaCreatePostReviewPermission,\n qetaDeletePostReviewPermission,\n qetaModeratePermission,\n qetaReadPostReviewPermission,\n TAG_RESOURCE_TYPE,\n} from '@drodil/backstage-plugin-qeta-common';\nimport {\n answerAuthorConditionFactory,\n answerTagExpertConditionFactory,\n collectionOwnerConditionFactory,\n collectionTagExpertConditionFactory,\n commentAuthorConditionFactory,\n createAnswerConditionalDecision,\n createCollectionConditionalDecision,\n createCommentConditionalDecision,\n createPostConditionalDecision,\n postAuthorConditionFactory,\n postTagExpertConditionFactory,\n} from '@drodil/backstage-plugin-qeta-node';\nimport { Config } from '@backstage/config';\n\nexport class DefaultQetaPermissionPolicy implements PermissionPolicy {\n constructor(private readonly config?: Config) {}\n\n async handle(\n request: PolicyQuery,\n user?: BackstageIdentityResponse,\n ): Promise<PolicyDecision> {\n // We cannot do anything without a user\n if (!user) {\n return { result: AuthorizeResult.DENY };\n }\n\n // Moderators can modify anything\n const moderators =\n this.config?.getOptionalStringArray('qeta.moderators') ?? [];\n if (\n isPermission(request.permission, qetaModeratePermission) &&\n (moderators.includes(user.identity.userEntityRef) ||\n user.identity.ownershipEntityRefs.some(ref => moderators.includes(ref)))\n ) {\n return { result: AuthorizeResult.ALLOW };\n }\n\n if (\n isPermission(request.permission, qetaReadPostReviewPermission) ||\n isPermission(request.permission, qetaCreatePostReviewPermission) ||\n isPermission(request.permission, qetaDeletePostReviewPermission)\n ) {\n return { result: AuthorizeResult.DENY };\n }\n\n if (\n request.permission.attributes.action === 'create' ||\n request.permission.attributes.action === 'read'\n ) {\n return { result: AuthorizeResult.ALLOW };\n }\n\n if (\n request.permission.attributes.action === 'update' ||\n request.permission.attributes.action === 'delete'\n ) {\n if (isResourcePermission(request.permission, POST_RESOURCE_TYPE)) {\n return createPostConditionalDecision(request.permission, {\n anyOf: [\n // Can edit and delete own questions\n postAuthorConditionFactory({\n userRef: user.identity.userEntityRef,\n }),\n // Can edit and delete if tag expert\n postTagExpertConditionFactory({\n userRef: user.identity.userEntityRef,\n }),\n ],\n });\n }\n\n if (isResourcePermission(request.permission, ANSWER_RESOURCE_TYPE)) {\n return createAnswerConditionalDecision(request.permission, {\n anyOf: [\n answerAuthorConditionFactory({\n userRef: user.identity.userEntityRef,\n }),\n answerTagExpertConditionFactory({\n userRef: user.identity.userEntityRef,\n }),\n ],\n });\n }\n\n // Allow deleting and updating only own comments\n if (isResourcePermission(request.permission, COMMENT_RESOURCE_TYPE)) {\n return createCommentConditionalDecision(request.permission, {\n allOf: [\n commentAuthorConditionFactory({\n userRef: user.identity.userEntityRef,\n }),\n ],\n });\n }\n\n if (isResourcePermission(request.permission, COLLECTION_RESOUCE_TYPE)) {\n return createCollectionConditionalDecision(request.permission, {\n anyOf: [\n // Allow deleting and updating only own collections\n collectionOwnerConditionFactory({\n userRef: user.identity.userEntityRef,\n }),\n // Allow deleting and updating if tag expert\n collectionTagExpertConditionFactory({\n userRef: user.identity.userEntityRef,\n }),\n ],\n });\n }\n\n // Allow updating any tag by anyone\n if (\n isResourcePermission(request.permission, TAG_RESOURCE_TYPE) &&\n isUpdatePermission(request.permission)\n ) {\n return { result: AuthorizeResult.ALLOW };\n }\n }\n\n return { result: AuthorizeResult.DENY };\n }\n}\n"],"names":["AuthorizeResult","isPermission","qetaModeratePermission","qetaReadPostReviewPermission","qetaCreatePostReviewPermission","qetaDeletePostReviewPermission","isResourcePermission","POST_RESOURCE_TYPE","createPostConditionalDecision","postAuthorConditionFactory","postTagExpertConditionFactory","ANSWER_RESOURCE_TYPE","createAnswerConditionalDecision","answerAuthorConditionFactory","answerTagExpertConditionFactory","COMMENT_RESOURCE_TYPE","createCommentConditionalDecision","commentAuthorConditionFactory","COLLECTION_RESOUCE_TYPE","createCollectionConditionalDecision","collectionOwnerConditionFactory","collectionTagExpertConditionFactory","TAG_RESOURCE_TYPE","isUpdatePermission"],"mappings":";;;;;;AA0CO,MAAM,2BAAwD,CAAA;AAAA,EACnE,YAA6B,MAAiB,EAAA;AAAjB,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AAAA;AAAkB,EAE/C,MAAM,MACJ,CAAA,OAAA,EACA,IACyB,EAAA;AAEzB,IAAA,IAAI,CAAC,IAAM,EAAA;AACT,MAAO,OAAA,EAAE,MAAQ,EAAAA,sCAAA,CAAgB,IAAK,EAAA;AAAA;AAIxC,IAAA,MAAM,aACJ,IAAK,CAAA,MAAA,EAAQ,sBAAuB,CAAA,iBAAiB,KAAK,EAAC;AAC7D,IACE,IAAAC,mCAAA,CAAa,QAAQ,UAAY,EAAAC,gDAAsB,MACtD,UAAW,CAAA,QAAA,CAAS,KAAK,QAAS,CAAA,aAAa,KAC9C,IAAK,CAAA,QAAA,CAAS,oBAAoB,IAAK,CAAA,CAAA,GAAA,KAAO,WAAW,QAAS,CAAA,GAAG,CAAC,CACxE,CAAA,EAAA;AACA,MAAO,OAAA,EAAE,MAAQ,EAAAF,sCAAA,CAAgB,KAAM,EAAA;AAAA;AAGzC,IAAA,IACEC,mCAAa,CAAA,OAAA,CAAQ,UAAY,EAAAE,sDAA4B,KAC7DF,mCAAa,CAAA,OAAA,CAAQ,UAAY,EAAAG,wDAA8B,CAC/D,IAAAH,mCAAA,CAAa,OAAQ,CAAA,UAAA,EAAYI,wDAA8B,CAC/D,EAAA;AACA,MAAO,OAAA,EAAE,MAAQ,EAAAL,sCAAA,CAAgB,IAAK,EAAA;AAAA;AAGxC,IACE,IAAA,OAAA,CAAQ,WAAW,UAAW,CAAA,MAAA,KAAW,YACzC,OAAQ,CAAA,UAAA,CAAW,UAAW,CAAA,MAAA,KAAW,MACzC,EAAA;AACA,MAAO,OAAA,EAAE,MAAQ,EAAAA,sCAAA,CAAgB,KAAM,EAAA;AAAA;AAGzC,IACE,IAAA,OAAA,CAAQ,WAAW,UAAW,CAAA,MAAA,KAAW,YACzC,OAAQ,CAAA,UAAA,CAAW,UAAW,CAAA,MAAA,KAAW,QACzC,EAAA;AACA,MAAA,IAAIM,2CAAqB,CAAA,OAAA,CAAQ,UAAY,EAAAC,4CAAkB,CAAG,EAAA;AAChE,QAAO,OAAAC,qDAAA,CAA8B,QAAQ,UAAY,EAAA;AAAA,UACvD,KAAO,EAAA;AAAA;AAAA,YAELC,kDAA2B,CAAA;AAAA,cACzB,OAAA,EAAS,KAAK,QAAS,CAAA;AAAA,aACxB,CAAA;AAAA;AAAA,YAEDC,qDAA8B,CAAA;AAAA,cAC5B,OAAA,EAAS,KAAK,QAAS,CAAA;AAAA,aACxB;AAAA;AACH,SACD,CAAA;AAAA;AAGH,MAAA,IAAIJ,2CAAqB,CAAA,OAAA,CAAQ,UAAY,EAAAK,8CAAoB,CAAG,EAAA;AAClE,QAAO,OAAAC,uDAAA,CAAgC,QAAQ,UAAY,EAAA;AAAA,UACzD,KAAO,EAAA;AAAA,YACLC,oDAA6B,CAAA;AAAA,cAC3B,OAAA,EAAS,KAAK,QAAS,CAAA;AAAA,aACxB,CAAA;AAAA,YACDC,uDAAgC,CAAA;AAAA,cAC9B,OAAA,EAAS,KAAK,QAAS,CAAA;AAAA,aACxB;AAAA;AACH,SACD,CAAA;AAAA;AAIH,MAAA,IAAIR,2CAAqB,CAAA,OAAA,CAAQ,UAAY,EAAAS,+CAAqB,CAAG,EAAA;AACnE,QAAO,OAAAC,wDAAA,CAAiC,QAAQ,UAAY,EAAA;AAAA,UAC1D,KAAO,EAAA;AAAA,YACLC,qDAA8B,CAAA;AAAA,cAC5B,OAAA,EAAS,KAAK,QAAS,CAAA;AAAA,aACxB;AAAA;AACH,SACD,CAAA;AAAA;AAGH,MAAA,IAAIX,2CAAqB,CAAA,OAAA,CAAQ,UAAY,EAAAY,iDAAuB,CAAG,EAAA;AACrE,QAAO,OAAAC,2DAAA,CAAoC,QAAQ,UAAY,EAAA;AAAA,UAC7D,KAAO,EAAA;AAAA;AAAA,YAELC,uDAAgC,CAAA;AAAA,cAC9B,OAAA,EAAS,KAAK,QAAS,CAAA;AAAA,aACxB,CAAA;AAAA;AAAA,YAEDC,2DAAoC,CAAA;AAAA,cAClC,OAAA,EAAS,KAAK,QAAS,CAAA;AAAA,aACxB;AAAA;AACH,SACD,CAAA;AAAA;AAIH,MACE,IAAAf,2CAAA,CAAqB,QAAQ,UAAY,EAAAgB,2CAAiB,KAC1DC,yCAAmB,CAAA,OAAA,CAAQ,UAAU,CACrC,EAAA;AACA,QAAO,OAAA,EAAE,MAAQ,EAAAvB,sCAAA,CAAgB,KAAM,EAAA;AAAA;AACzC;AAGF,IAAO,OAAA,EAAE,MAAQ,EAAAA,sCAAA,CAAgB,IAAK,EAAA;AAAA;AAE1C;;;;"}
|
package/package.json
CHANGED
|
@@ -7,7 +7,7 @@
|
|
|
7
7
|
"backstage.io",
|
|
8
8
|
"node"
|
|
9
9
|
],
|
|
10
|
-
"version": "3.
|
|
10
|
+
"version": "3.51.0",
|
|
11
11
|
"main": "dist/index.cjs.js",
|
|
12
12
|
"types": "dist/index.d.ts",
|
|
13
13
|
"prepublishOnly": "yarn tsc && yarn build",
|
|
@@ -60,7 +60,7 @@
|
|
|
60
60
|
"@backstage/plugin-auth-node": "^0.6.10",
|
|
61
61
|
"@backstage/plugin-permission-common": "^0.9.3",
|
|
62
62
|
"@backstage/plugin-permission-node": "^0.10.7",
|
|
63
|
-
"@drodil/backstage-plugin-qeta-common": "^3.
|
|
63
|
+
"@drodil/backstage-plugin-qeta-common": "^3.51.0",
|
|
64
64
|
"zod": "^3.22.4"
|
|
65
65
|
},
|
|
66
66
|
"typesVersions": {
|