@flowerforce/flowerbase 1.7.5-beta.2 → 1.7.5-beta.4

package/dist/utils/roles/helpers.js

@@ -19,26 +19,41 @@ const context_1 = require("../context");
 const rules_1 = require("../rules");
 const utils_1 = __importDefault(require("../rules-matcher/utils"));
 const functionsConditions = ['%%true', '%%false'];
+const normalizeUserRole = (user) => {
+    if (!user)
+        return user;
+    if (typeof user !== 'object')
+        return user;
+    const candidate = user;
+    if (typeof candidate.role === 'string')
+        return user;
+    const customRole = typeof candidate.custom_data === 'object' && candidate.custom_data !== null
+        ? candidate.custom_data.role
+        : undefined;
+    return typeof customRole === 'string' ? Object.assign(Object.assign({}, candidate), { role: customRole }) : user;
+};
 const evaluateExpression = (params, expression, user) => __awaiter(void 0, void 0, void 0, function* () {
     if (!expression || typeof expression === 'boolean')
         return !!expression;
-    const value = Object.assign(Object.assign(Object.assign({}, params.expansions), params.cursor), { '%%user': user, '%%true': true });
+    const normalizedUser = normalizeUserRole(user);
+    const value = Object.assign(Object.assign(Object.assign({}, params.expansions), params.cursor), { '%%user': normalizedUser, '%%true': true });
     const conditions = (0, rules_1.expandQuery)(expression, value);
     const complexCondition = Object.entries(conditions).find(([key]) => functionsConditions.includes(key));
     return complexCondition
-        ? yield evaluateComplexExpression(complexCondition, params, user)
+        ? yield evaluateComplexExpression(complexCondition, params, normalizedUser)
         : utils_1.default.checkRule(conditions, value, {});
 });
 exports.evaluateExpression = evaluateExpression;
 const evaluateComplexExpression = (condition, params, user) => __awaiter(void 0, void 0, void 0, function* () {
     var _a;
     const [key, config] = condition;
+    const normalizedUser = normalizeUserRole(user);
     const functionConfig = config['%function'];
     const { name, arguments: fnArguments } = functionConfig;
     const functionsList = state_1.StateManager.select('functions');
     const app = state_1.StateManager.select('app');
     const currentFunction = functionsList[name];
-    const expansionContext = Object.assign(Object.assign(Object.assign({}, params.expansions), params.cursor), { '%%root': params.cursor, '%%user': user, '%%true': true, '%%false': false });
+    const expansionContext = Object.assign(Object.assign(Object.assign({}, params.expansions), params.cursor), { '%%root': params.cursor, '%%user': normalizedUser, '%%true': true, '%%false': false });
     const expandedArguments = fnArguments && fnArguments.length
         ? ((_a = (0, rules_1.expandQuery)({ args: fnArguments }, expansionContext)
             .args) !== null && _a !== void 0 ? _a : [])
@@ -47,7 +62,7 @@ const evaluateComplexExpression = (condition, params, user) => __awaiter(void 0,
         args: expandedArguments,
         app,
         rules: state_1.StateManager.select("rules"),
-        user,
+        user: normalizedUser,
         currentFunction,
         functionName: name,
         functionsList,

package/dist/utils/roles/interface.d.ts

@@ -1,7 +1,13 @@
-export type PermissionExpression = boolean;
+export type PermissionExpression = boolean | Record<string, unknown>;
 export type FieldPermissionExpression = {
-    read?: boolean;
-    write?: boolean;
+    read?: PermissionExpression;
+    write?: PermissionExpression;
+    fields?: {
+        [K: string]: FieldPermissionExpression;
+    };
+};
+export type AdditionalFieldsPermissionExpression = FieldPermissionExpression | {
+    [K: string]: FieldPermissionExpression;
 };
 export interface DocumentFiltersPermissions {
     read?: PermissionExpression;
@@ -19,9 +25,7 @@ export interface Role {
     fields?: {
         [K: string]: FieldPermissionExpression;
     };
-    additional_fields?: {
-        [K: string]: FieldPermissionExpression;
-    };
+    additional_fields?: AdditionalFieldsPermissionExpression;
 }
 export interface Params {
     roles: Role[];

package/dist/utils/roles/interface.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"interface.d.ts","sourceRoot":"","sources":["../../../src/utils/roles/interface.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,oBAAoB,GAAG,OAAO,CAAA;AAE1C,MAAM,MAAM,yBAAyB,GAAG;IACtC,IAAI,CAAC,EAAE,OAAO,CAAA;IACd,KAAK,CAAC,EAAE,OAAO,CAAA;CAChB,CAAA;AAED,MAAM,WAAW,0BAA0B;IACzC,IAAI,CAAC,EAAE,oBAAoB,CAAA;IAC3B,KAAK,CAAC,EAAE,oBAAoB,CAAA;CAC7B;AAED,MAAM,WAAW,IAAI;IACnB,IAAI,EAAE,MAAM,CAAA;IAEZ,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;IAC/B,MAAM,CAAC,EAAE,oBAAoB,CAAA;IAC7B,gBAAgB,CAAC,EAAE,0BAA0B,CAAA;IAC7C,IAAI,CAAC,EAAE,oBAAoB,CAAA;IAC3B,KAAK,CAAC,EAAE,oBAAoB,CAAA;IAC5B,MAAM,CAAC,EAAE,oBAAoB,CAAA;IAC7B,MAAM,CAAC,EAAE,oBAAoB,CAAA;IAC7B,MAAM,CAAC,EAAE;QACP,CAAC,CAAC,EAAE,MAAM,GAAG,yBAAyB,CAAA;KACvC,CAAA;IACD,iBAAiB,CAAC,EAAE;QAClB,CAAC,CAAC,EAAE,MAAM,GAAG,yBAAyB,CAAA;KACvC,CAAA;CACF;AAED,MAAM,WAAW,MAAM;IACrB,KAAK,EAAE,IAAI,EAAE,CAAA;IAEb,MAAM,EAAE,GAAG,CAAA;IAEX,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;IAC/B,IAAI,EAAE,QAAQ,GAAG,MAAM,GAAG,QAAQ,GAAG,QAAQ,GAAG,OAAO,CAAA;CACxD;AAGD,MAAM,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA"}
+{"version":3,"file":"interface.d.ts","sourceRoot":"","sources":["../../../src/utils/roles/interface.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,oBAAoB,GAAG,OAAO,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;AAEpE,MAAM,MAAM,yBAAyB,GAAG;IACtC,IAAI,CAAC,EAAE,oBAAoB,CAAA;IAC3B,KAAK,CAAC,EAAE,oBAAoB,CAAA;IAC5B,MAAM,CAAC,EAAE;QACP,CAAC,CAAC,EAAE,MAAM,GAAG,yBAAyB,CAAA;KACvC,CAAA;CACF,CAAA;AAED,MAAM,MAAM,oCAAoC,GAC5C,yBAAyB,GACzB;IACE,CAAC,CAAC,EAAE,MAAM,GAAG,yBAAyB,CAAA;CACvC,CAAA;AAEL,MAAM,WAAW,0BAA0B;IACzC,IAAI,CAAC,EAAE,oBAAoB,CAAA;IAC3B,KAAK,CAAC,EAAE,oBAAoB,CAAA;CAC7B;AAED,MAAM,WAAW,IAAI;IACnB,IAAI,EAAE,MAAM,CAAA;IAEZ,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;IAC/B,MAAM,CAAC,EAAE,oBAAoB,CAAA;IAC7B,gBAAgB,CAAC,EAAE,0BAA0B,CAAA;IAC7C,IAAI,CAAC,EAAE,oBAAoB,CAAA;IAC3B,KAAK,CAAC,EAAE,oBAAoB,CAAA;IAC5B,MAAM,CAAC,EAAE,oBAAoB,CAAA;IAC7B,MAAM,CAAC,EAAE,oBAAoB,CAAA;IAC7B,MAAM,CAAC,EAAE;QACP,CAAC,CAAC,EAAE,MAAM,GAAG,yBAAyB,CAAA;KACvC,CAAA;IACD,iBAAiB,CAAC,EAAE,oCAAoC,CAAA;CACzD;AAED,MAAM,WAAW,MAAM;IACrB,KAAK,EAAE,IAAI,EAAE,CAAA;IAEb,MAAM,EAAE,GAAG,CAAA;IAEX,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;IAC/B,IAAI,EAAE,QAAQ,GAAG,MAAM,GAAG,QAAQ,GAAG,QAAQ,GAAG,OAAO,CAAA;CACxD;AAGD,MAAM,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA"}

package/dist/utils/roles/machines/commonValidators.js

@@ -29,9 +29,9 @@ const evaluateTopLevelPermissionsFn = (_a, currentType_1) => __awaiter(void 0, [
 });
 exports.evaluateTopLevelPermissionsFn = evaluateTopLevelPermissionsFn;
 const checkFieldsPropertyExists = ({ role }) => {
-    var _a, _b;
+    var _a;
     const hasFields = !!Object.keys((_a = role === null || role === void 0 ? void 0 : role.fields) !== null && _a !== void 0 ? _a : {}).length;
-    const hasAdditional = !!Object.keys((_b = role === null || role === void 0 ? void 0 : role.additional_fields) !== null && _b !== void 0 ? _b : {}).length;
+    const hasAdditional = typeof (role === null || role === void 0 ? void 0 : role.additional_fields) !== 'undefined';
     return hasFields || hasAdditional;
 };
 exports.checkFieldsPropertyExists = checkFieldsPropertyExists;

package/dist/utils/roles/machines/fieldPermissions.d.ts

@@ -0,0 +1,8 @@
+import { Document } from 'mongodb';
+import { Role } from '../interface';
+import { MachineContext } from './interface';
+export declare const hasAdditionalFieldsDefined: (role?: Role) => boolean;
+export declare const filterDocumentByFieldPermissions: (context: Pick<MachineContext, "params" | "role" | "user">, mode: "read" | "write", options?: {
+    defaultAllow?: boolean;
+}) => Promise<Document>;
+//# sourceMappingURL=fieldPermissions.d.ts.map

package/dist/utils/roles/machines/fieldPermissions.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"fieldPermissions.d.ts","sourceRoot":"","sources":["../../../../src/utils/roles/machines/fieldPermissions.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AAElC,OAAO,EAGL,IAAI,EACL,MAAM,cAAc,CAAA;AACrB,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAA;AA4C5C,eAAO,MAAM,0BAA0B,GAAI,OAAO,IAAI,YACN,CAAA;AAEhD,eAAO,MAAM,gCAAgC,GAC3C,SAAS,IAAI,CAAC,cAAc,EAAE,QAAQ,GAAG,MAAM,GAAG,MAAM,CAAC,EACzD,MAAM,MAAM,GAAG,OAAO,EACtB,UAAU;IACR,YAAY,CAAC,EAAE,OAAO,CAAA;CACvB,KACA,OAAO,CAAC,QAAQ,CAyBlB,CAAA"}

package/dist/utils/roles/machines/fieldPermissions.js

@@ -0,0 +1,67 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.filterDocumentByFieldPermissions = exports.hasAdditionalFieldsDefined = void 0;
+const helpers_1 = require("../helpers");
+const isObject = (value) => !!value && typeof value === 'object' && !Array.isArray(value);
+const isFieldPermissionExpression = (value) => isObject(value) && ('read' in value || 'write' in value);
+const getAdditionalFieldPermission = (additionalFields, fieldName) => {
+    if (!additionalFields || !isObject(additionalFields))
+        return undefined;
+    const byField = additionalFields[fieldName];
+    if (isFieldPermissionExpression(byField)) {
+        return byField;
+    }
+    if (isFieldPermissionExpression(additionalFields)) {
+        return additionalFields;
+    }
+    return undefined;
+};
+const canReadField = (context, permission) => __awaiter(void 0, void 0, void 0, function* () {
+    if (!permission)
+        return false;
+    const read = yield (0, helpers_1.evaluateExpression)(context.params, permission.read, context.user);
+    if (read)
+        return true;
+    return yield (0, helpers_1.evaluateExpression)(context.params, permission.write, context.user);
+});
+const canWriteField = (context, permission) => __awaiter(void 0, void 0, void 0, function* () {
+    if (!permission)
+        return false;
+    return yield (0, helpers_1.evaluateExpression)(context.params, permission.write, context.user);
+});
+const hasAdditionalFieldsDefined = (role) => typeof (role === null || role === void 0 ? void 0 : role.additional_fields) !== 'undefined';
+exports.hasAdditionalFieldsDefined = hasAdditionalFieldsDefined;
+const filterDocumentByFieldPermissions = (context, mode, options) => __awaiter(void 0, void 0, void 0, function* () {
+    var _a, _b;
+    const source = (_a = context.params) === null || _a === void 0 ? void 0 : _a.cursor;
+    if (!isObject(source))
+        return {};
+    const document = {};
+    const fields = (_b = context.role.fields) !== null && _b !== void 0 ? _b : {};
+    const additionalFields = context.role.additional_fields;
+    for (const [key, value] of Object.entries(source)) {
+        const fieldPermission = fields[key];
+        const permission = fieldPermission !== null && fieldPermission !== void 0 ? fieldPermission : getAdditionalFieldPermission(additionalFields, key);
+        let allowed = (options === null || options === void 0 ? void 0 : options.defaultAllow) === true;
+        if (permission) {
+            allowed =
+                mode === 'read'
+                    ? yield canReadField(context, permission)
+                    : yield canWriteField(context, permission);
+        }
+        if (allowed) {
+            document[key] = value;
+        }
+    }
+    return document;
+});
+exports.filterDocumentByFieldPermissions = filterDocumentByFieldPermissions;

package/dist/utils/roles/machines/read/A/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../../src/utils/roles/machines/read/A/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAA;AAGxC,eAAO,MAAM,aAAa,EAAE,MAuB3B,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../../src/utils/roles/machines/read/A/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAA;AAGxC,eAAO,MAAM,aAAa,EAAE,MAuB3B,CAAA"}

package/dist/utils/roles/machines/read/A/index.js

@@ -10,6 +10,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.STEP_A_STATES = void 0;
+const commonValidators_1 = require("../../commonValidators");
 const utils_1 = require("../../utils");
 exports.STEP_A_STATES = {
     checkSearchRequest: (_a) => __awaiter(void 0, [_a], void 0, function* ({ context, next, goToNextValidationStage }) {
@@ -24,14 +25,14 @@ exports.STEP_A_STATES = {
         }
         return goToNextValidationStage();
     }),
-    evaluateSearch: (_a) => __awaiter(void 0, [_a], void 0, function* ({ context, endValidation }) {
+    evaluateSearch: (_a) => __awaiter(void 0, [_a], void 0, function* ({ context, endValidation, goToNextValidationStage }) {
         (0, utils_1.logMachineInfo)({
             enabled: context.enableLog,
             machine: 'A',
             step: 2,
             stepName: 'evaluateSearch'
         });
-        // NOTE -> we don't support search operations
-        return endValidation({ success: false });
+        const check = yield (0, commonValidators_1.evaluateTopLevelPermissionsFn)(context, 'search');
+        return check ? goToNextValidationStage() : endValidation({ success: false });
     })
 };

package/dist/utils/roles/machines/read/C/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../../src/utils/roles/machines/read/C/index.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAA;AAGxC,eAAO,MAAM,aAAa,EAAE,MAyC3B,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../../src/utils/roles/machines/read/C/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAA;AAQxC,eAAO,MAAM,aAAa,EAAE,MAyC3B,CAAA"}

package/dist/utils/roles/machines/read/C/index.js

@@ -10,10 +10,10 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.STEP_C_STATES = void 0;
-const validators_1 = require("./validators");
 const utils_1 = require("../../utils");
+const validators_1 = require("./validators");
 exports.STEP_C_STATES = {
-    evaluateTopLevelRead: (_a) => __awaiter(void 0, [_a], void 0, function* ({ context, next, endValidation }) {
+    evaluateTopLevelRead: (_a) => __awaiter(void 0, [_a], void 0, function* ({ context, next }) {
         (0, utils_1.logMachineInfo)({
             enabled: context.enableLog,
             machine: 'C',
@@ -21,12 +21,7 @@ exports.STEP_C_STATES = {
             stepName: 'evaluateTopLevelRead'
         });
         const check = yield (0, validators_1.evaluateTopLevelReadFn)(context);
-        if (check) {
-            return (0, validators_1.checkFieldsPropertyExists)(context)
-                ? next('checkFieldsProperty')
-                : endValidation({ success: true });
-        }
-        return next('evaluateTopLevelWrite', { check });
+        return next('evaluateTopLevelWrite', { readCheck: check });
     }),
     evaluateTopLevelWrite: (_a) => __awaiter(void 0, [_a], void 0, function* ({ context, next, endValidation }) {
         var _b;
@@ -36,12 +31,18 @@ exports.STEP_C_STATES = {
             step: 2,
             stepName: 'evaluateTopLevelWrite'
         });
-        const check = yield (0, validators_1.evaluateTopLevelWriteFn)(context);
-        if (check)
-            return endValidation({ success: true });
-        return ((_b = context === null || context === void 0 ? void 0 : context.prevParams) === null || _b === void 0 ? void 0 : _b.check) === false
-            ? endValidation({ success: false })
-            : next('checkFieldsProperty');
+        const writeCheck = yield (0, validators_1.evaluateTopLevelWriteFn)(context);
+        const readCheck = (_b = context === null || context === void 0 ? void 0 : context.prevParams) === null || _b === void 0 ? void 0 : _b.readCheck;
+        if (readCheck === true || writeCheck === true) {
+            return (0, validators_1.checkFieldsPropertyExists)(context)
+                ? next('checkFieldsProperty')
+                : endValidation({ success: true });
+        }
+        if (readCheck === false)
+            return endValidation({ success: false });
+        return (0, validators_1.checkFieldsPropertyExists)(context)
+            ? next('checkFieldsProperty')
+            : endValidation({ success: false });
     }),
     checkFieldsProperty: (_a) => __awaiter(void 0, [_a], void 0, function* ({ context, goToNextValidationStage }) {
         (0, utils_1.logMachineInfo)({
@@ -50,7 +51,6 @@ exports.STEP_C_STATES = {
             step: 3,
             stepName: 'checkFieldsProperty'
         });
-        const check = (0, validators_1.checkFieldsPropertyExists)(context);
-        return goToNextValidationStage(check ? 'checkIsValidFieldName' : 'checkAdditionalFields');
+        return goToNextValidationStage('checkIsValidFieldName');
     })
 };

package/dist/utils/roles/machines/read/C/validators.js

@@ -12,14 +12,14 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.checkFieldsPropertyExists = exports.evaluateTopLevelWriteFn = exports.evaluateTopLevelReadFn = void 0;
 const commonValidators_1 = require("../../commonValidators");
 const evaluateTopLevelReadFn = (context) => __awaiter(void 0, void 0, void 0, function* () {
-    if (context.params.type !== 'read') {
+    if (!['read', 'search'].includes(context.params.type)) {
         return false;
     }
     return (0, commonValidators_1.evaluateTopLevelPermissionsFn)(context, 'read');
 });
 exports.evaluateTopLevelReadFn = evaluateTopLevelReadFn;
 const evaluateTopLevelWriteFn = (context) => __awaiter(void 0, void 0, void 0, function* () {
-    if (!['read', 'write'].includes(context.params.type)) {
+    if (!['read', 'search', 'write'].includes(context.params.type)) {
         return undefined;
     }
     return (0, commonValidators_1.evaluateTopLevelPermissionsFn)(context, 'write');

package/dist/utils/roles/machines/read/D/index.js

@@ -19,7 +19,7 @@ const runCheckIsValidFieldName = (_a) => __awaiter(void 0, [_a], void 0, functio
         step: 2,
         stepName: 'checkIsValidFieldName'
     });
-    const document = (0, validators_1.checkIsValidFieldNameFn)(context);
+    const document = yield (0, validators_1.checkIsValidFieldNameFn)(context);
     return endValidation({ success: !!Object.keys(document).length, document });
 });
 exports.STEP_D_STATES = {

package/dist/utils/roles/machines/read/D/validators.d.ts

@@ -1,4 +1,4 @@
 import { MachineContext } from '../../interface';
 export declare const checkAdditionalFieldsFn: ({ role }: MachineContext) => boolean;
-export declare const checkIsValidFieldNameFn: ({ role, params }: MachineContext) => {};
+export declare const checkIsValidFieldNameFn: (context: MachineContext) => Promise<import("bson/bson").Document>;
 //# sourceMappingURL=validators.d.ts.map

package/dist/utils/roles/machines/read/D/validators.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"validators.d.ts","sourceRoot":"","sources":["../../../../../../src/utils/roles/machines/read/D/validators.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAA;AAEhD,eAAO,MAAM,uBAAuB,GAAI,UAAU,cAAc,YAE/D,CAAA;AAED,eAAO,MAAM,uBAAuB,GAAI,kBAAkB,cAAc,OAyBvE,CAAA"}
+{"version":3,"file":"validators.d.ts","sourceRoot":"","sources":["../../../../../../src/utils/roles/machines/read/D/validators.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAA;AAEhD,eAAO,MAAM,uBAAuB,GAAI,UAAU,cAAc,YAE/D,CAAA;AAED,eAAO,MAAM,uBAAuB,GAAU,SAAS,cAAc,0CAOpE,CAAA"}

package/dist/utils/roles/machines/read/D/validators.js

@@ -1,28 +1,26 @@
 "use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.checkIsValidFieldNameFn = exports.checkAdditionalFieldsFn = void 0;
+const commonValidators_1 = require("../../commonValidators");
+const fieldPermissions_1 = require("../../fieldPermissions");
 const checkAdditionalFieldsFn = ({ role }) => {
-    return !!Object.keys(role.additional_fields || {}).length;
+    return (0, fieldPermissions_1.hasAdditionalFieldsDefined)(role);
 };
 exports.checkAdditionalFieldsFn = checkAdditionalFieldsFn;
-const checkIsValidFieldNameFn = ({ role, params }) => {
-    const { cursor } = params;
-    const { fields = {}, additional_fields = {} } = role;
-    const rulesOnId = !!(fields['_id'] || additional_fields['_id']);
-    const filteredDocument = Object.entries(cursor).reduce((filteredDocument, [key, value]) => {
-        var _a, _b;
-        if (fields[key]) {
-            return role.fields[key].read || role.fields[key].write
-                ? Object.assign(Object.assign({}, filteredDocument), { [key]: value }) : filteredDocument;
-        }
-        if (additional_fields[key]) {
-            return ((_a = additional_fields[key]) === null || _a === void 0 ? void 0 : _a.read) || ((_b = additional_fields[key]) === null || _b === void 0 ? void 0 : _b.write)
-                ? Object.assign(Object.assign({}, filteredDocument), { [key]: value }) : filteredDocument;
-        }
-        return Object.assign(Object.assign({}, filteredDocument), { [key]: value });
-    }, {});
-    return rulesOnId || cursor._id === undefined
-        ? filteredDocument
-        : Object.assign(Object.assign({}, filteredDocument), { _id: cursor._id });
-};
+const checkIsValidFieldNameFn = (context) => __awaiter(void 0, void 0, void 0, function* () {
+    const readCheck = yield (0, commonValidators_1.evaluateTopLevelPermissionsFn)(context, 'read');
+    const writeCheck = yield (0, commonValidators_1.evaluateTopLevelPermissionsFn)(context, 'write');
+    return yield (0, fieldPermissions_1.filterDocumentByFieldPermissions)(context, 'read', {
+        defaultAllow: readCheck === true || writeCheck === true
+    });
+});
 exports.checkIsValidFieldNameFn = checkIsValidFieldNameFn;

package/dist/utils/roles/machines/write/B/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../../src/utils/roles/machines/write/B/index.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAA;AAGxC,eAAO,MAAM,aAAa,EAAE,MA6D3B,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../../src/utils/roles/machines/write/B/index.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAA;AAGxC,eAAO,MAAM,aAAa,EAAE,MAgE3B,CAAA"}

package/dist/utils/roles/machines/write/B/index.js

@@ -43,13 +43,13 @@ exports.STEP_B_STATES = {
             stepName: 'evaluateTopLevelWrite'
         });
         const check = yield (0, commonValidators_1.evaluateTopLevelPermissionsFn)(context, 'write');
-        if (check)
-            return context.params.type === 'insert'
-                ? next('evaluateTopLevelInsert')
-                : endValidation({ success: true });
-        return check === false
-            ? endValidation({ success: false })
-            : next('checkFieldsProperty');
+        if (check) {
+            return next('evaluateTopLevelInsert');
+        }
+        if (check === false) {
+            return endValidation({ success: false });
+        }
+        return next('checkFieldsProperty');
     }),
     checkFieldsProperty: (_a) => __awaiter(void 0, [_a], void 0, function* ({ context, goToNextValidationStage }) {
         (0, utils_1.logMachineInfo)({
@@ -61,7 +61,7 @@ exports.STEP_B_STATES = {
         const check = (0, commonValidators_1.checkFieldsPropertyExists)(context);
         return goToNextValidationStage(check ? 'checkIsValidFieldName' : 'checkAdditionalFields');
     }),
-    evaluateTopLevelInsert: (_a) => __awaiter(void 0, [_a], void 0, function* ({ context, endValidation }) {
+    evaluateTopLevelInsert: (_a) => __awaiter(void 0, [_a], void 0, function* ({ context, next, endValidation }) {
         (0, utils_1.logMachineInfo)({
             enabled: context.enableLog,
             machine: 'B',
@@ -69,6 +69,9 @@ exports.STEP_B_STATES = {
             stepName: 'evaluateTopLevelInsert'
         });
         const check = yield (0, commonValidators_1.evaluateTopLevelPermissionsFn)(context, 'insert');
-        return endValidation({ success: !!check });
+        if (!check) {
+            return endValidation({ success: false });
+        }
+        return endValidation({ success: true });
     })
 };

package/dist/utils/roles/machines/write/C/index.js

@@ -30,7 +30,7 @@ exports.STEP_C_STATES = {
             step: 2,
             stepName: 'checkIsValidFieldName'
         });
-        const document = (0, validators_1.checkIsValidFieldNameFn)(context);
+        const document = yield (0, validators_1.checkIsValidFieldNameFn)(context);
         return endValidation({ success: !!Object.keys(document).length, document });
     })
 };

package/dist/utils/roles/machines/write/C/validators.d.ts

@@ -1,4 +1,4 @@
 import { MachineContext } from '../../interface';
 export declare const checkAdditionalFieldsFn: ({ role }: MachineContext) => boolean;
-export declare const checkIsValidFieldNameFn: ({ role, params }: MachineContext) => {};
+export declare const checkIsValidFieldNameFn: (context: MachineContext) => Promise<import("bson/bson").Document>;
 //# sourceMappingURL=validators.d.ts.map

package/dist/utils/roles/machines/write/C/validators.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"validators.d.ts","sourceRoot":"","sources":["../../../../../../src/utils/roles/machines/write/C/validators.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAA;AAEhD,eAAO,MAAM,uBAAuB,GAAI,UAAU,cAAc,YAE/D,CAAA;AAED,eAAO,MAAM,uBAAuB,GAAI,kBAAkB,cAAc,OAyBvE,CAAA"}
+{"version":3,"file":"validators.d.ts","sourceRoot":"","sources":["../../../../../../src/utils/roles/machines/write/C/validators.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAA;AAEhD,eAAO,MAAM,uBAAuB,GAAI,UAAU,cAAc,YAE/D,CAAA;AAED,eAAO,MAAM,uBAAuB,GAAU,SAAS,cAAc,0CAIpE,CAAA"}

package/dist/utils/roles/machines/write/C/validators.js

@@ -1,28 +1,23 @@
 "use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.checkIsValidFieldNameFn = exports.checkAdditionalFieldsFn = void 0;
+const fieldPermissions_1 = require("../../fieldPermissions");
 const checkAdditionalFieldsFn = ({ role }) => {
-    return !!Object.keys(role.additional_fields || {}).length;
+    return (0, fieldPermissions_1.hasAdditionalFieldsDefined)(role);
 };
 exports.checkAdditionalFieldsFn = checkAdditionalFieldsFn;
-const checkIsValidFieldNameFn = ({ role, params }) => {
-    const { cursor } = params;
-    const { fields = {}, additional_fields = {} } = role;
-    const rulesOnId = !!(fields['_id'] || additional_fields['_id']);
-    const filteredDocument = Object.entries(cursor).reduce((filteredDocument, [key, value]) => {
-        var _a;
-        if (fields[key]) {
-            return role.fields[key].write
-                ? Object.assign(Object.assign({}, filteredDocument), { [key]: value }) : filteredDocument;
-        }
-        if (additional_fields[key]) {
-            return ((_a = additional_fields[key]) === null || _a === void 0 ? void 0 : _a.write)
-                ? Object.assign(Object.assign({}, filteredDocument), { [key]: value }) : filteredDocument;
-        }
-        return Object.assign(Object.assign({}, filteredDocument), { [key]: value });
-    }, {});
-    return rulesOnId || cursor._id === undefined
-        ? filteredDocument
-        : Object.assign(Object.assign({}, filteredDocument), { _id: cursor._id });
-};
+const checkIsValidFieldNameFn = (context) => __awaiter(void 0, void 0, void 0, function* () {
+    return yield (0, fieldPermissions_1.filterDocumentByFieldPermissions)(context, 'write', {
+        defaultAllow: typeof context.role.write !== 'undefined'
+    });
+});
 exports.checkIsValidFieldNameFn = checkIsValidFieldNameFn;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@flowerforce/flowerbase",
-  "version": "1.7.5-beta.2",
+  "version": "1.7.5-beta.4",
   "description": "",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/features/functions/__tests__/watch-filter.test.ts

@@ -0,0 +1,116 @@
+import { ObjectId } from 'mongodb'
+import { mapWatchFilterToChangeStreamMatch, mapWatchFilterToDocumentQuery } from '../controller'
+
+describe('watch filter mapping', () => {
+  it('keeps change-event fields untouched and prefixes only document fields', () => {
+    const input = {
+      accountId: '699efbc09729e3b79f79e9b4',
+      $and: [
+        {
+          $or: [
+            { requestId: '69a282a75cd849c244e001ca' },
+            { 'fullDocument.requestId': '69a282a75cd849c244e001ca' }
+          ]
+        },
+        {
+          $or: [
+            { operationType: 'insert' },
+            { operationType: 'replace' },
+            {
+              operationType: 'update',
+              'updateDescription.updatedFields.stage': { $exists: true }
+            }
+          ]
+        }
+      ]
+    }
+
+    const output = mapWatchFilterToChangeStreamMatch(input)
+
+    expect(output).toEqual({
+      'fullDocument.accountId': '699efbc09729e3b79f79e9b4',
+      $and: [
+        {
+          $or: [
+            { 'fullDocument.requestId': '69a282a75cd849c244e001ca' },
+            { 'fullDocument.requestId': '69a282a75cd849c244e001ca' }
+          ]
+        },
+        {
+          $or: [
+            { operationType: 'insert' },
+            { operationType: 'replace' },
+            {
+              operationType: 'update',
+              'updateDescription.updatedFields.stage': { $exists: true }
+            }
+          ]
+        }
+      ]
+    })
+
+    const outputJson = JSON.stringify(output)
+    expect(outputJson).not.toContain('fullDocument.fullDocument.')
+    expect(outputJson).not.toContain('fullDocument.operationType')
+  })
+
+  it('supports stage-change filters and strips event-only clauses for document readability checks', () => {
+    const input = {
+      'fullDocument.accountId': '699efbc09729e3b79f79e9b4',
+      $and: [
+        {
+          $or: [
+            { 'fullDocument.requestId': '69a282a75cd849c244e001ca' },
+            { 'fullDocument.requestId': '69a282a75cd849c244e001ca' }
+          ]
+        },
+        {
+          $or: [
+            { operationType: 'insert' },
+            { operationType: 'replace' },
+            {
+              operationType: 'update',
+              'updateDescription.updatedFields.stage': { $exists: true }
+            }
+          ]
+        }
+      ]
+    }
+
+    const watchMatch = mapWatchFilterToChangeStreamMatch(input)
+    expect(watchMatch).toEqual(input)
+
+    const documentQuery = mapWatchFilterToDocumentQuery(input)
+    expect(documentQuery).toEqual({
+      accountId: '699efbc09729e3b79f79e9b4',
+      $and: [
+        {
+          $or: [
+            { requestId: '69a282a75cd849c244e001ca' },
+            { requestId: '69a282a75cd849c244e001ca' }
+          ]
+        }
+      ]
+    })
+
+    const documentQueryJson = JSON.stringify(documentQuery)
+    expect(documentQueryJson).not.toContain('operationType')
+    expect(documentQueryJson).not.toContain('updateDescription')
+  })
+
+  it('preserves ObjectId values in both change-stream and document mappings', () => {
+    const id = new ObjectId('69a282a75cd849c244e001ca')
+    const input = {
+      'fullDocument._id': id,
+      operationType: 'update',
+      'updateDescription.updatedFields.stage': { $exists: true }
+    }
+
+    const watchMatch = mapWatchFilterToChangeStreamMatch(input) as Record<string, unknown>
+    expect(watchMatch['fullDocument._id']).toEqual(id)
+
+    const documentQuery = mapWatchFilterToDocumentQuery(input) as Record<string, unknown>
+    expect(documentQuery._id).toEqual(id)
+    expect(documentQuery.operationType).toBeUndefined()
+  })
+})