@fieldwangai/agentflow 0.1.56 → 0.1.58

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -113,11 +113,32 @@ function manifestOwnerUserId(manifest) {
113
113
  return String(manifest?.ownerUserId || manifest?.createdBy || "").trim();
114
114
  }
115
115
 
116
- function canAccessMarketplaceNode(manifest, opts = {}) {
116
+ function isAdminRequest(opts = {}) {
117
+ return Boolean(opts?.isAdmin);
118
+ }
119
+
120
+ function shouldFilterMarketplaceOwner(opts = {}) {
121
+ return opts?.marketplaceScope === "owned";
122
+ }
123
+
124
+ function canAccessMarketplaceOwner(ownerUserId, opts = {}) {
125
+ if (!shouldFilterMarketplaceOwner(opts)) return true;
117
126
  const requestedUserId = String(opts.userId || "").trim();
118
127
  if (!requestedUserId) return true;
128
+ if (isAdminRequest(opts)) return true;
129
+ return Boolean(ownerUserId) && ownerUserId === requestedUserId;
130
+ }
131
+
132
+ function canManageMarketplaceOwner(ownerUserId, opts = {}) {
133
+ const requestedUserId = String(opts.userId || "").trim();
134
+ if (!requestedUserId) return false;
135
+ if (isAdminRequest(opts)) return true;
136
+ return Boolean(ownerUserId) && ownerUserId === requestedUserId;
137
+ }
138
+
139
+ function canAccessMarketplaceNode(manifest, opts = {}) {
119
140
  if ((manifest?.source || "marketplace") !== "marketplace") return true;
120
- return manifestOwnerUserId(manifest) === requestedUserId;
141
+ return canAccessMarketplaceOwner(manifestOwnerUserId(manifest), opts);
121
142
  }
122
143
 
123
144
  function sortVersionsDesc(versions) {
@@ -422,7 +443,7 @@ export function listMarketplaceFlowSnippets(workspaceRoot, opts = {}) {
422
443
  if (!manifest) continue;
423
444
  const snippet = manifest.snippet && typeof manifest.snippet === "object" ? manifest.snippet : {};
424
445
  const ownerUserId = String(manifest.ownerUserId || manifest.createdBy || "").trim();
425
- if (requestedUserId && ownerUserId !== requestedUserId) continue;
446
+ if (requestedUserId && !canAccessMarketplaceOwner(ownerUserId, opts)) continue;
426
447
  snippets.push({
427
448
  id: manifest.id || entry.name,
428
449
  version: manifest.version || version,
@@ -454,8 +475,7 @@ export function deleteMarketplaceNodePackage(workspaceRoot, id, version, opts =
454
475
  return { ok: false, error: `Marketplace node package not found: ${id}@${version}` };
455
476
  }
456
477
  const manifest = normalizeManifest(readYamlObject(manifestPath), packageDir, "marketplace");
457
- const requestedUserId = String(opts.userId || "").trim();
458
- if (!requestedUserId || !manifest || manifestOwnerUserId(manifest) !== requestedUserId) {
478
+ if (!manifest || !canManageMarketplaceOwner(manifestOwnerUserId(manifest), opts)) {
459
479
  return { ok: false, error: "Marketplace node permission denied" };
460
480
  }
461
481
  const usage = listMarketplaceNodeUsages(workspaceRoot, id, version, opts);
@@ -483,8 +503,7 @@ export function deleteMarketplaceFlowSnippetPackage(workspaceRoot, id, version,
483
503
  }
484
504
  const manifest = readYamlObject(manifestPath) || {};
485
505
  const ownerUserId = String(manifest.ownerUserId || manifest.createdBy || "").trim();
486
- const requestedUserId = String(opts.userId || "").trim();
487
- if (!requestedUserId || ownerUserId !== requestedUserId) {
506
+ if (!canManageMarketplaceOwner(ownerUserId, opts)) {
488
507
  return { ok: false, error: "Flow snippet permission denied" };
489
508
  }
490
509
  fs.rmSync(packageDir, { recursive: true, force: true });
@@ -719,7 +738,7 @@ export function publishNodeFromInstance(workspaceRoot, payload = {}, options = {
719
738
  const existingManifest = readYamlObject(path.join(dest, NODE_MANIFEST));
720
739
  if (existingManifest) {
721
740
  const existingOwner = manifestOwnerUserId(existingManifest);
722
- if (existingOwner !== ownerUserId) return { ok: false, error: "Marketplace node permission denied" };
741
+ if (!canManageMarketplaceOwner(existingOwner, options)) return { ok: false, error: "Marketplace node permission denied" };
723
742
  }
724
743
  const now = new Date().toISOString();
725
744
  fs.mkdirSync(path.dirname(dest), { recursive: true });
@@ -797,7 +816,7 @@ export function publishFlowSnippet(workspaceRoot, payload = {}, opts = {}) {
797
816
  const existingManifest = readYamlObject(path.join(dest, FLOW_SNIPPET_MANIFEST));
798
817
  if (existingManifest) {
799
818
  const existingOwner = String(existingManifest.ownerUserId || existingManifest.createdBy || "").trim();
800
- if (existingOwner !== ownerUserId) return { ok: false, error: "Flow snippet permission denied" };
819
+ if (!canManageMarketplaceOwner(existingOwner, opts)) return { ok: false, error: "Flow snippet permission denied" };
801
820
  }
802
821
  fs.mkdirSync(path.dirname(dest), { recursive: true });
803
822
  fs.rmSync(dest, { recursive: true, force: true });
@@ -3271,7 +3271,7 @@ export function startUiServer({
3271
3271
  }
3272
3272
 
3273
3273
  const authUser = getAuthUserFromRequest(req);
3274
- const userCtx = authUser ? { userId: authUser.userId } : {};
3274
+ const userCtx = authUser ? { userId: authUser.userId, isAdmin: Boolean(authUser.isAdmin) } : {};
3275
3275
  if (req.method === "GET" && url.pathname === "/api/display/share") {
3276
3276
  try {
3277
3277
  const id = String(url.searchParams.get("id") || "").trim();
@@ -4763,6 +4763,7 @@ export function startUiServer({
4763
4763
  const flowId = url.searchParams.get("flowId");
4764
4764
  const flowSource = url.searchParams.get("flowSource") || "user";
4765
4765
  const lang = url.searchParams.get("lang") || "en";
4766
+ const marketplaceScope = url.searchParams.get("scope") === "owned" ? "owned" : "all";
4766
4767
  if (flowId && !isValidFlowSourceRead(flowSource)) {
4767
4768
  json(res, 400, { error: "Invalid flowSource" });
4768
4769
  return;
@@ -4771,7 +4772,7 @@ export function startUiServer({
4771
4772
  try {
4772
4773
  const { setLanguage } = await import("./i18n.mjs");
4773
4774
  setLanguage(lang);
4774
- json(res, 200, listNodesJson(root, flowId || "", flowId ? flowSource : "", { archived: nodesArchived, ...userCtx }));
4775
+ json(res, 200, listNodesJson(root, flowId || "", flowId ? flowSource : "", { archived: nodesArchived, ...userCtx, marketplaceScope }));
4775
4776
  } catch (e) {
4776
4777
  json(res, 500, { error: (e && e.message) || String(e) });
4777
4778
  }
@@ -4833,7 +4834,8 @@ export function startUiServer({
4833
4834
 
4834
4835
  if (req.method === "GET" && url.pathname === "/api/marketplace/nodes") {
4835
4836
  try {
4836
- json(res, 200, listMarketplacePackages(root, userCtx));
4837
+ const marketplaceScope = url.searchParams.get("scope") === "owned" ? "owned" : "all";
4838
+ json(res, 200, listMarketplacePackages(root, { ...userCtx, marketplaceScope }));
4837
4839
  } catch (e) {
4838
4840
  json(res, 500, { error: (e && e.message) || String(e) });
4839
4841
  }
@@ -4842,7 +4844,8 @@ export function startUiServer({
4842
4844
 
4843
4845
  if (req.method === "GET" && url.pathname === "/api/marketplace/flow-snippets") {
4844
4846
  try {
4845
- json(res, 200, listMarketplaceFlowSnippets(root, userCtx));
4847
+ const marketplaceScope = url.searchParams.get("scope") === "owned" ? "owned" : "all";
4848
+ json(res, 200, listMarketplaceFlowSnippets(root, { ...userCtx, marketplaceScope }));
4846
4849
  } catch (e) {
4847
4850
  json(res, 500, { error: (e && e.message) || String(e) });
4848
4851
  }