@fieldwangai/agentflow 0.1.56 → 0.1.58
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/bin/lib/marketplace.mjs
CHANGED
|
@@ -113,11 +113,32 @@ function manifestOwnerUserId(manifest) {
|
|
|
113
113
|
return String(manifest?.ownerUserId || manifest?.createdBy || "").trim();
|
|
114
114
|
}
|
|
115
115
|
|
|
116
|
-
function
|
|
116
|
+
function isAdminRequest(opts = {}) {
|
|
117
|
+
return Boolean(opts?.isAdmin);
|
|
118
|
+
}
|
|
119
|
+
|
|
120
|
+
function shouldFilterMarketplaceOwner(opts = {}) {
|
|
121
|
+
return opts?.marketplaceScope === "owned";
|
|
122
|
+
}
|
|
123
|
+
|
|
124
|
+
function canAccessMarketplaceOwner(ownerUserId, opts = {}) {
|
|
125
|
+
if (!shouldFilterMarketplaceOwner(opts)) return true;
|
|
117
126
|
const requestedUserId = String(opts.userId || "").trim();
|
|
118
127
|
if (!requestedUserId) return true;
|
|
128
|
+
if (isAdminRequest(opts)) return true;
|
|
129
|
+
return Boolean(ownerUserId) && ownerUserId === requestedUserId;
|
|
130
|
+
}
|
|
131
|
+
|
|
132
|
+
function canManageMarketplaceOwner(ownerUserId, opts = {}) {
|
|
133
|
+
const requestedUserId = String(opts.userId || "").trim();
|
|
134
|
+
if (!requestedUserId) return false;
|
|
135
|
+
if (isAdminRequest(opts)) return true;
|
|
136
|
+
return Boolean(ownerUserId) && ownerUserId === requestedUserId;
|
|
137
|
+
}
|
|
138
|
+
|
|
139
|
+
function canAccessMarketplaceNode(manifest, opts = {}) {
|
|
119
140
|
if ((manifest?.source || "marketplace") !== "marketplace") return true;
|
|
120
|
-
return manifestOwnerUserId(manifest)
|
|
141
|
+
return canAccessMarketplaceOwner(manifestOwnerUserId(manifest), opts);
|
|
121
142
|
}
|
|
122
143
|
|
|
123
144
|
function sortVersionsDesc(versions) {
|
|
@@ -422,7 +443,7 @@ export function listMarketplaceFlowSnippets(workspaceRoot, opts = {}) {
|
|
|
422
443
|
if (!manifest) continue;
|
|
423
444
|
const snippet = manifest.snippet && typeof manifest.snippet === "object" ? manifest.snippet : {};
|
|
424
445
|
const ownerUserId = String(manifest.ownerUserId || manifest.createdBy || "").trim();
|
|
425
|
-
if (requestedUserId && ownerUserId
|
|
446
|
+
if (requestedUserId && !canAccessMarketplaceOwner(ownerUserId, opts)) continue;
|
|
426
447
|
snippets.push({
|
|
427
448
|
id: manifest.id || entry.name,
|
|
428
449
|
version: manifest.version || version,
|
|
@@ -454,8 +475,7 @@ export function deleteMarketplaceNodePackage(workspaceRoot, id, version, opts =
|
|
|
454
475
|
return { ok: false, error: `Marketplace node package not found: ${id}@${version}` };
|
|
455
476
|
}
|
|
456
477
|
const manifest = normalizeManifest(readYamlObject(manifestPath), packageDir, "marketplace");
|
|
457
|
-
|
|
458
|
-
if (!requestedUserId || !manifest || manifestOwnerUserId(manifest) !== requestedUserId) {
|
|
478
|
+
if (!manifest || !canManageMarketplaceOwner(manifestOwnerUserId(manifest), opts)) {
|
|
459
479
|
return { ok: false, error: "Marketplace node permission denied" };
|
|
460
480
|
}
|
|
461
481
|
const usage = listMarketplaceNodeUsages(workspaceRoot, id, version, opts);
|
|
@@ -483,8 +503,7 @@ export function deleteMarketplaceFlowSnippetPackage(workspaceRoot, id, version,
|
|
|
483
503
|
}
|
|
484
504
|
const manifest = readYamlObject(manifestPath) || {};
|
|
485
505
|
const ownerUserId = String(manifest.ownerUserId || manifest.createdBy || "").trim();
|
|
486
|
-
|
|
487
|
-
if (!requestedUserId || ownerUserId !== requestedUserId) {
|
|
506
|
+
if (!canManageMarketplaceOwner(ownerUserId, opts)) {
|
|
488
507
|
return { ok: false, error: "Flow snippet permission denied" };
|
|
489
508
|
}
|
|
490
509
|
fs.rmSync(packageDir, { recursive: true, force: true });
|
|
@@ -719,7 +738,7 @@ export function publishNodeFromInstance(workspaceRoot, payload = {}, options = {
|
|
|
719
738
|
const existingManifest = readYamlObject(path.join(dest, NODE_MANIFEST));
|
|
720
739
|
if (existingManifest) {
|
|
721
740
|
const existingOwner = manifestOwnerUserId(existingManifest);
|
|
722
|
-
if (existingOwner
|
|
741
|
+
if (!canManageMarketplaceOwner(existingOwner, options)) return { ok: false, error: "Marketplace node permission denied" };
|
|
723
742
|
}
|
|
724
743
|
const now = new Date().toISOString();
|
|
725
744
|
fs.mkdirSync(path.dirname(dest), { recursive: true });
|
|
@@ -797,7 +816,7 @@ export function publishFlowSnippet(workspaceRoot, payload = {}, opts = {}) {
|
|
|
797
816
|
const existingManifest = readYamlObject(path.join(dest, FLOW_SNIPPET_MANIFEST));
|
|
798
817
|
if (existingManifest) {
|
|
799
818
|
const existingOwner = String(existingManifest.ownerUserId || existingManifest.createdBy || "").trim();
|
|
800
|
-
if (existingOwner
|
|
819
|
+
if (!canManageMarketplaceOwner(existingOwner, opts)) return { ok: false, error: "Flow snippet permission denied" };
|
|
801
820
|
}
|
|
802
821
|
fs.mkdirSync(path.dirname(dest), { recursive: true });
|
|
803
822
|
fs.rmSync(dest, { recursive: true, force: true });
|
package/bin/lib/ui-server.mjs
CHANGED
|
@@ -3271,7 +3271,7 @@ export function startUiServer({
|
|
|
3271
3271
|
}
|
|
3272
3272
|
|
|
3273
3273
|
const authUser = getAuthUserFromRequest(req);
|
|
3274
|
-
const userCtx = authUser ? { userId: authUser.userId } : {};
|
|
3274
|
+
const userCtx = authUser ? { userId: authUser.userId, isAdmin: Boolean(authUser.isAdmin) } : {};
|
|
3275
3275
|
if (req.method === "GET" && url.pathname === "/api/display/share") {
|
|
3276
3276
|
try {
|
|
3277
3277
|
const id = String(url.searchParams.get("id") || "").trim();
|
|
@@ -4763,6 +4763,7 @@ export function startUiServer({
|
|
|
4763
4763
|
const flowId = url.searchParams.get("flowId");
|
|
4764
4764
|
const flowSource = url.searchParams.get("flowSource") || "user";
|
|
4765
4765
|
const lang = url.searchParams.get("lang") || "en";
|
|
4766
|
+
const marketplaceScope = url.searchParams.get("scope") === "owned" ? "owned" : "all";
|
|
4766
4767
|
if (flowId && !isValidFlowSourceRead(flowSource)) {
|
|
4767
4768
|
json(res, 400, { error: "Invalid flowSource" });
|
|
4768
4769
|
return;
|
|
@@ -4771,7 +4772,7 @@ export function startUiServer({
|
|
|
4771
4772
|
try {
|
|
4772
4773
|
const { setLanguage } = await import("./i18n.mjs");
|
|
4773
4774
|
setLanguage(lang);
|
|
4774
|
-
json(res, 200, listNodesJson(root, flowId || "", flowId ? flowSource : "", { archived: nodesArchived, ...userCtx }));
|
|
4775
|
+
json(res, 200, listNodesJson(root, flowId || "", flowId ? flowSource : "", { archived: nodesArchived, ...userCtx, marketplaceScope }));
|
|
4775
4776
|
} catch (e) {
|
|
4776
4777
|
json(res, 500, { error: (e && e.message) || String(e) });
|
|
4777
4778
|
}
|
|
@@ -4833,7 +4834,8 @@ export function startUiServer({
|
|
|
4833
4834
|
|
|
4834
4835
|
if (req.method === "GET" && url.pathname === "/api/marketplace/nodes") {
|
|
4835
4836
|
try {
|
|
4836
|
-
|
|
4837
|
+
const marketplaceScope = url.searchParams.get("scope") === "owned" ? "owned" : "all";
|
|
4838
|
+
json(res, 200, listMarketplacePackages(root, { ...userCtx, marketplaceScope }));
|
|
4837
4839
|
} catch (e) {
|
|
4838
4840
|
json(res, 500, { error: (e && e.message) || String(e) });
|
|
4839
4841
|
}
|
|
@@ -4842,7 +4844,8 @@ export function startUiServer({
|
|
|
4842
4844
|
|
|
4843
4845
|
if (req.method === "GET" && url.pathname === "/api/marketplace/flow-snippets") {
|
|
4844
4846
|
try {
|
|
4845
|
-
|
|
4847
|
+
const marketplaceScope = url.searchParams.get("scope") === "owned" ? "owned" : "all";
|
|
4848
|
+
json(res, 200, listMarketplaceFlowSnippets(root, { ...userCtx, marketplaceScope }));
|
|
4846
4849
|
} catch (e) {
|
|
4847
4850
|
json(res, 500, { error: (e && e.message) || String(e) });
|
|
4848
4851
|
}
|