@drodil/backstage-plugin-qeta-node 3.59.6 → 3.59.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -2,7 +2,8 @@
|
|
|
2
2
|
|
|
3
3
|
var pluginPermissionCommon = require('@backstage/plugin-permission-common');
|
|
4
4
|
var backstagePluginQetaCommon = require('@drodil/backstage-plugin-qeta-common');
|
|
5
|
-
var
|
|
5
|
+
var permissionRules = require('./permissionRules.cjs.js');
|
|
6
|
+
var conditionExports = require('./conditionExports.cjs.js');
|
|
6
7
|
|
|
7
8
|
class DefaultQetaPermissionPolicy {
|
|
8
9
|
constructor(config) {
|
|
@@ -14,7 +15,7 @@ class DefaultQetaPermissionPolicy {
|
|
|
14
15
|
return { result: pluginPermissionCommon.AuthorizeResult.DENY };
|
|
15
16
|
}
|
|
16
17
|
const moderators = this.config?.getOptionalStringArray("qeta.moderators") ?? [];
|
|
17
|
-
if (moderators.includes(user.
|
|
18
|
+
if (moderators.includes(user.info.userEntityRef) || user.info.ownershipEntityRefs.some((ref) => moderators.includes(ref))) {
|
|
18
19
|
return { result: pluginPermissionCommon.AuthorizeResult.ALLOW };
|
|
19
20
|
}
|
|
20
21
|
if (pluginPermissionCommon.isPermission(request.permission, backstagePluginQetaCommon.qetaReadPostReviewPermission) || pluginPermissionCommon.isPermission(request.permission, backstagePluginQetaCommon.qetaCreatePostReviewPermission) || pluginPermissionCommon.isPermission(request.permission, backstagePluginQetaCommon.qetaDeletePostReviewPermission)) {
|
|
@@ -25,50 +26,50 @@ class DefaultQetaPermissionPolicy {
|
|
|
25
26
|
}
|
|
26
27
|
if (request.permission.attributes.action === "update" || request.permission.attributes.action === "delete") {
|
|
27
28
|
if (pluginPermissionCommon.isResourcePermission(request.permission, backstagePluginQetaCommon.POST_RESOURCE_TYPE)) {
|
|
28
|
-
return
|
|
29
|
+
return conditionExports.createPostConditionalDecision(request.permission, {
|
|
29
30
|
anyOf: [
|
|
30
31
|
// Can edit and delete own questions
|
|
31
|
-
|
|
32
|
-
userRef: user.
|
|
32
|
+
permissionRules.postAuthorConditionFactory({
|
|
33
|
+
userRef: user.info.userEntityRef
|
|
33
34
|
}),
|
|
34
35
|
// Can edit and delete if tag expert
|
|
35
|
-
|
|
36
|
-
userRef: user.
|
|
36
|
+
permissionRules.postTagExpertConditionFactory({
|
|
37
|
+
userRef: user.info.userEntityRef
|
|
37
38
|
})
|
|
38
39
|
]
|
|
39
40
|
});
|
|
40
41
|
}
|
|
41
42
|
if (pluginPermissionCommon.isResourcePermission(request.permission, backstagePluginQetaCommon.ANSWER_RESOURCE_TYPE)) {
|
|
42
|
-
return
|
|
43
|
+
return conditionExports.createAnswerConditionalDecision(request.permission, {
|
|
43
44
|
anyOf: [
|
|
44
|
-
|
|
45
|
-
userRef: user.
|
|
45
|
+
permissionRules.answerAuthorConditionFactory({
|
|
46
|
+
userRef: user.info.userEntityRef
|
|
46
47
|
}),
|
|
47
|
-
|
|
48
|
-
userRef: user.
|
|
48
|
+
permissionRules.answerTagExpertConditionFactory({
|
|
49
|
+
userRef: user.info.userEntityRef
|
|
49
50
|
})
|
|
50
51
|
]
|
|
51
52
|
});
|
|
52
53
|
}
|
|
53
54
|
if (pluginPermissionCommon.isResourcePermission(request.permission, backstagePluginQetaCommon.COMMENT_RESOURCE_TYPE)) {
|
|
54
|
-
return
|
|
55
|
+
return conditionExports.createCommentConditionalDecision(request.permission, {
|
|
55
56
|
allOf: [
|
|
56
|
-
|
|
57
|
-
userRef: user.
|
|
57
|
+
permissionRules.commentAuthorConditionFactory({
|
|
58
|
+
userRef: user.info.userEntityRef
|
|
58
59
|
})
|
|
59
60
|
]
|
|
60
61
|
});
|
|
61
62
|
}
|
|
62
63
|
if (pluginPermissionCommon.isResourcePermission(request.permission, backstagePluginQetaCommon.COLLECTION_RESOUCE_TYPE)) {
|
|
63
|
-
return
|
|
64
|
+
return conditionExports.createCollectionConditionalDecision(request.permission, {
|
|
64
65
|
anyOf: [
|
|
65
66
|
// Allow deleting and updating only own collections
|
|
66
|
-
|
|
67
|
-
userRef: user.
|
|
67
|
+
permissionRules.collectionOwnerConditionFactory({
|
|
68
|
+
userRef: user.info.userEntityRef
|
|
68
69
|
}),
|
|
69
70
|
// Allow deleting and updating if tag expert
|
|
70
|
-
|
|
71
|
-
userRef: user.
|
|
71
|
+
permissionRules.collectionTagExpertConditionFactory({
|
|
72
|
+
userRef: user.info.userEntityRef
|
|
72
73
|
})
|
|
73
74
|
]
|
|
74
75
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"defaultPermissionPolicy.cjs.js","sources":["../src/defaultPermissionPolicy.ts"],"sourcesContent":["/*\n * SPDX-FileCopyrightText: Copyright 2024 OP Financial Group (https://op.fi). All Rights Reserved.\n * SPDX-License-Identifier: LicenseRef-OpAllRightsReserved\n */\nimport {
|
|
1
|
+
{"version":3,"file":"defaultPermissionPolicy.cjs.js","sources":["../src/defaultPermissionPolicy.ts"],"sourcesContent":["/*\n * SPDX-FileCopyrightText: Copyright 2024 OP Financial Group (https://op.fi). All Rights Reserved.\n * SPDX-License-Identifier: LicenseRef-OpAllRightsReserved\n */\nimport {\n AuthorizeResult,\n isPermission,\n isResourcePermission,\n isUpdatePermission,\n PolicyDecision,\n} from '@backstage/plugin-permission-common';\nimport {\n PermissionPolicy,\n PolicyQuery,\n PolicyQueryUser,\n} from '@backstage/plugin-permission-node';\nimport {\n ANSWER_RESOURCE_TYPE,\n COLLECTION_RESOUCE_TYPE,\n COMMENT_RESOURCE_TYPE,\n POST_RESOURCE_TYPE,\n qetaCreatePostReviewPermission,\n qetaDeletePostReviewPermission,\n qetaReadPostReviewPermission,\n TAG_RESOURCE_TYPE,\n} from '@drodil/backstage-plugin-qeta-common';\nimport {\n answerAuthorConditionFactory,\n answerTagExpertConditionFactory,\n collectionOwnerConditionFactory,\n collectionTagExpertConditionFactory,\n commentAuthorConditionFactory,\n postAuthorConditionFactory,\n postTagExpertConditionFactory,\n} from './permissionRules';\nimport { Config } from '@backstage/config';\nimport {\n createAnswerConditionalDecision,\n createCollectionConditionalDecision,\n createCommentConditionalDecision,\n createPostConditionalDecision,\n} from './conditionExports.ts';\n\nexport class DefaultQetaPermissionPolicy implements PermissionPolicy {\n constructor(private readonly config?: Config) {}\n\n async handle(\n request: PolicyQuery,\n user?: PolicyQueryUser,\n ): Promise<PolicyDecision> {\n // We cannot do anything without a user\n if (!user) {\n return { result: AuthorizeResult.DENY };\n }\n\n // Moderators can modify anything\n const moderators =\n this.config?.getOptionalStringArray('qeta.moderators') ?? [];\n if (\n moderators.includes(user.info.userEntityRef) ||\n user.info.ownershipEntityRefs.some(ref => moderators.includes(ref))\n ) {\n return { result: AuthorizeResult.ALLOW };\n }\n\n if (\n isPermission(request.permission, qetaReadPostReviewPermission) ||\n isPermission(request.permission, qetaCreatePostReviewPermission) ||\n isPermission(request.permission, qetaDeletePostReviewPermission)\n ) {\n return { result: AuthorizeResult.DENY };\n }\n\n if (\n request.permission.attributes.action === 'create' ||\n request.permission.attributes.action === 'read'\n ) {\n return { result: AuthorizeResult.ALLOW };\n }\n\n if (\n request.permission.attributes.action === 'update' ||\n request.permission.attributes.action === 'delete'\n ) {\n if (isResourcePermission(request.permission, POST_RESOURCE_TYPE)) {\n return createPostConditionalDecision(request.permission, {\n anyOf: [\n // Can edit and delete own questions\n postAuthorConditionFactory({\n userRef: user.info.userEntityRef,\n }),\n // Can edit and delete if tag expert\n postTagExpertConditionFactory({\n userRef: user.info.userEntityRef,\n }),\n ],\n });\n }\n\n if (isResourcePermission(request.permission, ANSWER_RESOURCE_TYPE)) {\n return createAnswerConditionalDecision(request.permission, {\n anyOf: [\n answerAuthorConditionFactory({\n userRef: user.info.userEntityRef,\n }),\n answerTagExpertConditionFactory({\n userRef: user.info.userEntityRef,\n }),\n ],\n });\n }\n\n // Allow deleting and updating only own comments\n if (isResourcePermission(request.permission, COMMENT_RESOURCE_TYPE)) {\n return createCommentConditionalDecision(request.permission, {\n allOf: [\n commentAuthorConditionFactory({\n userRef: user.info.userEntityRef,\n }),\n ],\n });\n }\n\n if (isResourcePermission(request.permission, COLLECTION_RESOUCE_TYPE)) {\n return createCollectionConditionalDecision(request.permission, {\n anyOf: [\n // Allow deleting and updating only own collections\n collectionOwnerConditionFactory({\n userRef: user.info.userEntityRef,\n }),\n // Allow deleting and updating if tag expert\n collectionTagExpertConditionFactory({\n userRef: user.info.userEntityRef,\n }),\n ],\n });\n }\n\n // Allow updating any tag by anyone\n if (\n isResourcePermission(request.permission, TAG_RESOURCE_TYPE) &&\n isUpdatePermission(request.permission)\n ) {\n return { result: AuthorizeResult.ALLOW };\n }\n }\n\n return { result: AuthorizeResult.DENY };\n }\n}\n"],"names":["AuthorizeResult","isPermission","qetaReadPostReviewPermission","qetaCreatePostReviewPermission","qetaDeletePostReviewPermission","isResourcePermission","POST_RESOURCE_TYPE","createPostConditionalDecision","postAuthorConditionFactory","postTagExpertConditionFactory","ANSWER_RESOURCE_TYPE","createAnswerConditionalDecision","answerAuthorConditionFactory","answerTagExpertConditionFactory","COMMENT_RESOURCE_TYPE","createCommentConditionalDecision","commentAuthorConditionFactory","COLLECTION_RESOUCE_TYPE","createCollectionConditionalDecision","collectionOwnerConditionFactory","collectionTagExpertConditionFactory","TAG_RESOURCE_TYPE","isUpdatePermission"],"mappings":";;;;;;;AA2CO,MAAM,2BAAA,CAAwD;AAAA,EACnE,YAA6B,MAAA,EAAiB;AAAjB,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AAAA,EAAkB;AAAA,EAAlB,MAAA;AAAA,EAE7B,MAAM,MAAA,CACJ,OAAA,EACA,IAAA,EACyB;AAEzB,IAAA,IAAI,CAAC,IAAA,EAAM;AACT,MAAA,OAAO,EAAE,MAAA,EAAQA,sCAAA,CAAgB,IAAA,EAAK;AAAA,IACxC;AAGA,IAAA,MAAM,aACJ,IAAA,CAAK,MAAA,EAAQ,sBAAA,CAAuB,iBAAiB,KAAK,EAAC;AAC7D,IAAA,IACE,UAAA,CAAW,QAAA,CAAS,IAAA,CAAK,IAAA,CAAK,aAAa,CAAA,IAC3C,IAAA,CAAK,IAAA,CAAK,mBAAA,CAAoB,KAAK,CAAA,GAAA,KAAO,UAAA,CAAW,QAAA,CAAS,GAAG,CAAC,CAAA,EAClE;AACA,MAAA,OAAO,EAAE,MAAA,EAAQA,sCAAA,CAAgB,KAAA,EAAM;AAAA,IACzC;AAEA,IAAA,IACEC,mCAAA,CAAa,OAAA,CAAQ,UAAA,EAAYC,sDAA4B,KAC7DD,mCAAA,CAAa,OAAA,CAAQ,UAAA,EAAYE,wDAA8B,CAAA,IAC/DF,mCAAA,CAAa,OAAA,CAAQ,UAAA,EAAYG,wDAA8B,CAAA,EAC/D;AACA,MAAA,OAAO,EAAE,MAAA,EAAQJ,sCAAA,CAAgB,IAAA,EAAK;AAAA,IACxC;AAEA,IAAA,IACE,OAAA,CAAQ,WAAW,UAAA,CAAW,MAAA,KAAW,YACzC,OAAA,CAAQ,UAAA,CAAW,UAAA,CAAW,MAAA,KAAW,MAAA,EACzC;AACA,MAAA,OAAO,EAAE,MAAA,EAAQA,sCAAA,CAAgB,KAAA,EAAM;AAAA,IACzC;AAEA,IAAA,IACE,OAAA,CAAQ,WAAW,UAAA,CAAW,MAAA,KAAW,YACzC,OAAA,CAAQ,UAAA,CAAW,UAAA,CAAW,MAAA,KAAW,QAAA,EACzC;AACA,MAAA,IAAIK,2CAAA,CAAqB,OAAA,CAAQ,UAAA,EAAYC,4CAAkB,CAAA,EAAG;AAChE,QAAA,OAAOC,8CAAA,CAA8B,QAAQ,UAAA,EAAY;AAAA,UACvD,KAAA,EAAO;AAAA;AAAA,YAELC,0CAAA,CAA2B;AAAA,cACzB,OAAA,EAAS,KAAK,IAAA,CAAK;AAAA,aACpB,CAAA;AAAA;AAAA,YAEDC,6CAAA,CAA8B;AAAA,cAC5B,OAAA,EAAS,KAAK,IAAA,CAAK;AAAA,aACpB;AAAA;AACH,SACD,CAAA;AAAA,MACH;AAEA,MAAA,IAAIJ,2CAAA,CAAqB,OAAA,CAAQ,UAAA,EAAYK,8CAAoB,CAAA,EAAG;AAClE,QAAA,OAAOC,gDAAA,CAAgC,QAAQ,UAAA,EAAY;AAAA,UACzD,KAAA,EAAO;AAAA,YACLC,4CAAA,CAA6B;AAAA,cAC3B,OAAA,EAAS,KAAK,IAAA,CAAK;AAAA,aACpB,CAAA;AAAA,YACDC,+CAAA,CAAgC;AAAA,cAC9B,OAAA,EAAS,KAAK,IAAA,CAAK;AAAA,aACpB;AAAA;AACH,SACD,CAAA;AAAA,MACH;AAGA,MAAA,IAAIR,2CAAA,CAAqB,OAAA,CAAQ,UAAA,EAAYS,+CAAqB,CAAA,EAAG;AACnE,QAAA,OAAOC,iDAAA,CAAiC,QAAQ,UAAA,EAAY;AAAA,UAC1D,KAAA,EAAO;AAAA,YACLC,6CAAA,CAA8B;AAAA,cAC5B,OAAA,EAAS,KAAK,IAAA,CAAK;AAAA,aACpB;AAAA;AACH,SACD,CAAA;AAAA,MACH;AAEA,MAAA,IAAIX,2CAAA,CAAqB,OAAA,CAAQ,UAAA,EAAYY,iDAAuB,CAAA,EAAG;AACrE,QAAA,OAAOC,oDAAA,CAAoC,QAAQ,UAAA,EAAY;AAAA,UAC7D,KAAA,EAAO;AAAA;AAAA,YAELC,+CAAA,CAAgC;AAAA,cAC9B,OAAA,EAAS,KAAK,IAAA,CAAK;AAAA,aACpB,CAAA;AAAA;AAAA,YAEDC,mDAAA,CAAoC;AAAA,cAClC,OAAA,EAAS,KAAK,IAAA,CAAK;AAAA,aACpB;AAAA;AACH,SACD,CAAA;AAAA,MACH;AAGA,MAAA,IACEf,2CAAA,CAAqB,QAAQ,UAAA,EAAYgB,2CAAiB,KAC1DC,yCAAA,CAAmB,OAAA,CAAQ,UAAU,CAAA,EACrC;AACA,QAAA,OAAO,EAAE,MAAA,EAAQtB,sCAAA,CAAgB,KAAA,EAAM;AAAA,MACzC;AAAA,IACF;AAEA,IAAA,OAAO,EAAE,MAAA,EAAQA,sCAAA,CAAgB,IAAA,EAAK;AAAA,EACxC;AACF;;;;"}
|
package/dist/index.d.ts
CHANGED
|
@@ -5,8 +5,7 @@ import { Question, AIResponse, Article, Badge, QetaIdEntity, UserResponse, Post,
|
|
|
5
5
|
import * as _backstage_plugin_permission_common from '@backstage/plugin-permission-common';
|
|
6
6
|
import { PolicyDecision } from '@backstage/plugin-permission-common';
|
|
7
7
|
import * as _backstage_plugin_permission_node from '@backstage/plugin-permission-node';
|
|
8
|
-
import { PermissionPolicy, PolicyQuery } from '@backstage/plugin-permission-node';
|
|
9
|
-
import { BackstageIdentityResponse } from '@backstage/plugin-auth-node';
|
|
8
|
+
import { PermissionPolicy, PolicyQuery, PolicyQueryUser } from '@backstage/plugin-permission-node';
|
|
10
9
|
import { Config } from '@backstage/config';
|
|
11
10
|
|
|
12
11
|
interface AIHandler {
|
|
@@ -663,7 +662,7 @@ declare const collectionPermissionResourceRef: _backstage_plugin_permission_node
|
|
|
663
662
|
declare class DefaultQetaPermissionPolicy implements PermissionPolicy {
|
|
664
663
|
private readonly config?;
|
|
665
664
|
constructor(config?: Config | undefined);
|
|
666
|
-
handle(request: PolicyQuery, user?:
|
|
665
|
+
handle(request: PolicyQuery, user?: PolicyQueryUser): Promise<PolicyDecision>;
|
|
667
666
|
}
|
|
668
667
|
|
|
669
668
|
export { type AIHandler, type BadgeEvaluator, DefaultQetaPermissionPolicy, type NotificationReceiversHandler, type QetaAIExtensionPoint, type QetaBadgeEvaluatorExtensionPoint, type QetaNotificationReceiversExtensionPoint, type QetaTagDatabaseExtensionPoint, type TagDatabase, answerAuthorConditionFactory, answerConditions, answerPermissionResourceRef, answerQuestionAnyTagConditionFactory, answerQuestionDoesNotHaveEntitiesConditionFactory, answerQuestionDoesNotHaveEntityRefs, answerQuestionDoesNotHaveTags, answerQuestionDoesNotHaveTagsConditionFactory, answerQuestionEntitiesConditionFactory, answerQuestionHasAnyEntitiesConditionFactory, answerQuestionHasAnyEntityRefs, answerQuestionHasAnyTag, answerQuestionHasEntityRefs, answerQuestionHasTags, answerQuestionTagsConditionFactory, answerRules, answerTagExpertConditionFactory, collectionConditions, collectionDoesNotHaveEntities, collectionDoesNotHaveEntitiesConditionFactory, collectionDoesNotHaveTags, collectionDoesNotHaveTagsConditionFactory, collectionHasAnyEntity, collectionHasAnyEntityConditionFactory, collectionHasAnyTag, collectionHasAnyTagConditionFactory, collectionHasEntities, collectionHasEntitiesConditionFactory, collectionHasTags, collectionHasTagsConditionFactory, collectionOwnerConditionFactory, collectionPermissionResourceRef, collectionRules, collectionTagExpertConditionFactory, commentAuthorConditionFactory, commentConditions, commentPermissionResourceRef, commentRules, createAnswerConditionalDecision, createCollectionConditionalDecision, createCommentConditionalDecision, createPostConditionalDecision, createTagConditionalDecision, isAnswerAuthor, isAnswerTagExpert, isCollectionOwner, isCollectionTagExpert, isCommentAuthor, isPostAuthor, isPostTagExpert, isTag, isTagExpert, postAuthorConditionFactory, postDoesNotHaveEntities, postDoesNotHaveEntitiesConditionFactory, postDoesNotHaveTags, postDoesNotHaveTagsConditionFactory, postHasAnyEntity, postHasAnyEntityConditionFactory, postHasAnyTag, postHasAnyTagConditionFactory, postHasEntities, postHasEntitiesConditionFactory, postHasTags, postHasTagsConditionFactory, postHasType, postHasTypeConditionFactory, postPermissionResourceRef, postRules, postTagExpertConditionFactory, qetaAIExtensionPoint, qetaBadgeEvaluatorExtensionPoint, qetaNotificationReceiversExtensionPoint, qetaTagDatabaseExtensionPoint, questionConditions, rules, tagConditionFactory, tagConditions, tagExpertConditionFactory, tagPermissionResourceRef, tagRules };
|
package/package.json
CHANGED
|
@@ -7,7 +7,7 @@
|
|
|
7
7
|
"backstage.io",
|
|
8
8
|
"node"
|
|
9
9
|
],
|
|
10
|
-
"version": "3.59.
|
|
10
|
+
"version": "3.59.9",
|
|
11
11
|
"main": "dist/index.cjs.js",
|
|
12
12
|
"types": "dist/index.d.ts",
|
|
13
13
|
"prepublishOnly": "yarn tsc && yarn build",
|
|
@@ -47,19 +47,18 @@
|
|
|
47
47
|
"tsc": "tsc"
|
|
48
48
|
},
|
|
49
49
|
"devDependencies": {
|
|
50
|
-
"@backstage/cli": "^0.36.
|
|
50
|
+
"@backstage/cli": "^0.36.2"
|
|
51
51
|
},
|
|
52
52
|
"files": [
|
|
53
53
|
"dist"
|
|
54
54
|
],
|
|
55
55
|
"dependencies": {
|
|
56
|
-
"@backstage/backend-plugin-api": "^1.9.
|
|
57
|
-
"@backstage/catalog-model": "^1.
|
|
58
|
-
"@backstage/config": "^1.3.
|
|
59
|
-
"@backstage/plugin-
|
|
60
|
-
"@backstage/plugin-permission-
|
|
61
|
-
"@backstage
|
|
62
|
-
"@drodil/backstage-plugin-qeta-common": "^3.59.6",
|
|
56
|
+
"@backstage/backend-plugin-api": "^1.9.1",
|
|
57
|
+
"@backstage/catalog-model": "^1.9.0",
|
|
58
|
+
"@backstage/config": "^1.3.8",
|
|
59
|
+
"@backstage/plugin-permission-common": "^0.9.9",
|
|
60
|
+
"@backstage/plugin-permission-node": "^0.11.0",
|
|
61
|
+
"@drodil/backstage-plugin-qeta-common": "^3.59.9",
|
|
63
62
|
"zod": "^4.0.0"
|
|
64
63
|
},
|
|
65
64
|
"typesVersions": {
|