@fieldwangai/agentflow 0.1.55 → 0.1.57
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bin/lib/marketplace.mjs +23 -9
- package/bin/lib/ui-server.mjs +1 -1
- package/builtin/web-ui/dist/assets/{index-CJ4YeMk6.js → index-B5VFaSRf.js} +3 -3
- package/builtin/web-ui/dist/assets/index-BYlDWj_n.css +1 -0
- package/builtin/web-ui/dist/index.html +2 -2
- package/package.json +1 -1
- package/builtin/web-ui/dist/assets/index-DUDsW1dU.css +0 -1
package/bin/lib/marketplace.mjs
CHANGED
|
@@ -113,11 +113,27 @@ function manifestOwnerUserId(manifest) {
|
|
|
113
113
|
return String(manifest?.ownerUserId || manifest?.createdBy || "").trim();
|
|
114
114
|
}
|
|
115
115
|
|
|
116
|
-
function
|
|
116
|
+
function isAdminRequest(opts = {}) {
|
|
117
|
+
return Boolean(opts?.isAdmin);
|
|
118
|
+
}
|
|
119
|
+
|
|
120
|
+
function canAccessMarketplaceOwner(ownerUserId, opts = {}) {
|
|
117
121
|
const requestedUserId = String(opts.userId || "").trim();
|
|
118
122
|
if (!requestedUserId) return true;
|
|
123
|
+
if (isAdminRequest(opts)) return true;
|
|
124
|
+
return Boolean(ownerUserId) && ownerUserId === requestedUserId;
|
|
125
|
+
}
|
|
126
|
+
|
|
127
|
+
function canManageMarketplaceOwner(ownerUserId, opts = {}) {
|
|
128
|
+
const requestedUserId = String(opts.userId || "").trim();
|
|
129
|
+
if (!requestedUserId) return false;
|
|
130
|
+
if (isAdminRequest(opts)) return true;
|
|
131
|
+
return Boolean(ownerUserId) && ownerUserId === requestedUserId;
|
|
132
|
+
}
|
|
133
|
+
|
|
134
|
+
function canAccessMarketplaceNode(manifest, opts = {}) {
|
|
119
135
|
if ((manifest?.source || "marketplace") !== "marketplace") return true;
|
|
120
|
-
return manifestOwnerUserId(manifest)
|
|
136
|
+
return canAccessMarketplaceOwner(manifestOwnerUserId(manifest), opts);
|
|
121
137
|
}
|
|
122
138
|
|
|
123
139
|
function sortVersionsDesc(versions) {
|
|
@@ -422,7 +438,7 @@ export function listMarketplaceFlowSnippets(workspaceRoot, opts = {}) {
|
|
|
422
438
|
if (!manifest) continue;
|
|
423
439
|
const snippet = manifest.snippet && typeof manifest.snippet === "object" ? manifest.snippet : {};
|
|
424
440
|
const ownerUserId = String(manifest.ownerUserId || manifest.createdBy || "").trim();
|
|
425
|
-
if (requestedUserId && ownerUserId
|
|
441
|
+
if (requestedUserId && !canAccessMarketplaceOwner(ownerUserId, opts)) continue;
|
|
426
442
|
snippets.push({
|
|
427
443
|
id: manifest.id || entry.name,
|
|
428
444
|
version: manifest.version || version,
|
|
@@ -454,8 +470,7 @@ export function deleteMarketplaceNodePackage(workspaceRoot, id, version, opts =
|
|
|
454
470
|
return { ok: false, error: `Marketplace node package not found: ${id}@${version}` };
|
|
455
471
|
}
|
|
456
472
|
const manifest = normalizeManifest(readYamlObject(manifestPath), packageDir, "marketplace");
|
|
457
|
-
|
|
458
|
-
if (!requestedUserId || !manifest || manifestOwnerUserId(manifest) !== requestedUserId) {
|
|
473
|
+
if (!manifest || !canManageMarketplaceOwner(manifestOwnerUserId(manifest), opts)) {
|
|
459
474
|
return { ok: false, error: "Marketplace node permission denied" };
|
|
460
475
|
}
|
|
461
476
|
const usage = listMarketplaceNodeUsages(workspaceRoot, id, version, opts);
|
|
@@ -483,8 +498,7 @@ export function deleteMarketplaceFlowSnippetPackage(workspaceRoot, id, version,
|
|
|
483
498
|
}
|
|
484
499
|
const manifest = readYamlObject(manifestPath) || {};
|
|
485
500
|
const ownerUserId = String(manifest.ownerUserId || manifest.createdBy || "").trim();
|
|
486
|
-
|
|
487
|
-
if (!requestedUserId || ownerUserId !== requestedUserId) {
|
|
501
|
+
if (!canManageMarketplaceOwner(ownerUserId, opts)) {
|
|
488
502
|
return { ok: false, error: "Flow snippet permission denied" };
|
|
489
503
|
}
|
|
490
504
|
fs.rmSync(packageDir, { recursive: true, force: true });
|
|
@@ -719,7 +733,7 @@ export function publishNodeFromInstance(workspaceRoot, payload = {}, options = {
|
|
|
719
733
|
const existingManifest = readYamlObject(path.join(dest, NODE_MANIFEST));
|
|
720
734
|
if (existingManifest) {
|
|
721
735
|
const existingOwner = manifestOwnerUserId(existingManifest);
|
|
722
|
-
if (existingOwner
|
|
736
|
+
if (!canManageMarketplaceOwner(existingOwner, options)) return { ok: false, error: "Marketplace node permission denied" };
|
|
723
737
|
}
|
|
724
738
|
const now = new Date().toISOString();
|
|
725
739
|
fs.mkdirSync(path.dirname(dest), { recursive: true });
|
|
@@ -797,7 +811,7 @@ export function publishFlowSnippet(workspaceRoot, payload = {}, opts = {}) {
|
|
|
797
811
|
const existingManifest = readYamlObject(path.join(dest, FLOW_SNIPPET_MANIFEST));
|
|
798
812
|
if (existingManifest) {
|
|
799
813
|
const existingOwner = String(existingManifest.ownerUserId || existingManifest.createdBy || "").trim();
|
|
800
|
-
if (existingOwner
|
|
814
|
+
if (!canManageMarketplaceOwner(existingOwner, opts)) return { ok: false, error: "Flow snippet permission denied" };
|
|
801
815
|
}
|
|
802
816
|
fs.mkdirSync(path.dirname(dest), { recursive: true });
|
|
803
817
|
fs.rmSync(dest, { recursive: true, force: true });
|
package/bin/lib/ui-server.mjs
CHANGED
|
@@ -3271,7 +3271,7 @@ export function startUiServer({
|
|
|
3271
3271
|
}
|
|
3272
3272
|
|
|
3273
3273
|
const authUser = getAuthUserFromRequest(req);
|
|
3274
|
-
const userCtx = authUser ? { userId: authUser.userId } : {};
|
|
3274
|
+
const userCtx = authUser ? { userId: authUser.userId, isAdmin: Boolean(authUser.isAdmin) } : {};
|
|
3275
3275
|
if (req.method === "GET" && url.pathname === "/api/display/share") {
|
|
3276
3276
|
try {
|
|
3277
3277
|
const id = String(url.searchParams.get("id") || "").trim();
|