@flowerforce/flowerbase 1.7.6-beta.5 → 1.7.6-beta.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"fieldPermissions.d.ts","sourceRoot":"","sources":["../../../../src/utils/roles/machines/fieldPermissions.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AAElC,OAAO,EAGL,IAAI,EACL,MAAM,cAAc,CAAA;AACrB,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAA;
|
|
1
|
+
{"version":3,"file":"fieldPermissions.d.ts","sourceRoot":"","sources":["../../../../src/utils/roles/machines/fieldPermissions.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AAElC,OAAO,EAGL,IAAI,EACL,MAAM,cAAc,CAAA;AACrB,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAA;AA0C5C,eAAO,MAAM,0BAA0B,GAAI,OAAO,IAAI,YACN,CAAA;AAEhD,eAAO,MAAM,gCAAgC,GAC3C,SAAS,IAAI,CAAC,cAAc,EAAE,QAAQ,GAAG,MAAM,GAAG,MAAM,CAAC,EACzD,MAAM,MAAM,GAAG,OAAO,EACtB,UAAU;IACR,YAAY,CAAC,EAAE,OAAO,CAAA;CACvB,KACA,OAAO,CAAC,QAAQ,CA6BlB,CAAA"}
|
|
@@ -26,12 +26,9 @@ const getAdditionalFieldPermission = (additionalFields, fieldName) => {
|
|
|
26
26
|
return undefined;
|
|
27
27
|
};
|
|
28
28
|
const canReadField = (context, permission) => __awaiter(void 0, void 0, void 0, function* () {
|
|
29
|
-
if (!permission)
|
|
30
|
-
return
|
|
31
|
-
|
|
32
|
-
if (read)
|
|
33
|
-
return true;
|
|
34
|
-
return yield (0, helpers_1.evaluateExpression)(context.params, permission.write, context.user);
|
|
29
|
+
if (!permission || typeof permission.read === 'undefined')
|
|
30
|
+
return undefined;
|
|
31
|
+
return yield (0, helpers_1.evaluateExpression)(context.params, permission.read, context.user);
|
|
35
32
|
});
|
|
36
33
|
const canWriteField = (context, permission) => __awaiter(void 0, void 0, void 0, function* () {
|
|
37
34
|
if (!permission)
|
|
@@ -53,10 +50,15 @@ const filterDocumentByFieldPermissions = (context, mode, options) => __awaiter(v
|
|
|
53
50
|
const permission = fieldPermission !== null && fieldPermission !== void 0 ? fieldPermission : getAdditionalFieldPermission(additionalFields, key);
|
|
54
51
|
let allowed = (options === null || options === void 0 ? void 0 : options.defaultAllow) === true;
|
|
55
52
|
if (permission) {
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
53
|
+
if (mode === 'read') {
|
|
54
|
+
const readAllowed = yield canReadField(context, permission);
|
|
55
|
+
if (typeof readAllowed !== 'undefined') {
|
|
56
|
+
allowed = readAllowed;
|
|
57
|
+
}
|
|
58
|
+
}
|
|
59
|
+
else {
|
|
60
|
+
allowed = yield canWriteField(context, permission);
|
|
61
|
+
}
|
|
60
62
|
}
|
|
61
63
|
if (allowed) {
|
|
62
64
|
document[key] = value;
|
package/package.json
CHANGED
|
@@ -32,8 +32,7 @@ describe('checkIsValidFieldNameFn', () => {
|
|
|
32
32
|
|
|
33
33
|
const result = await checkIsValidFieldNameFn(context)
|
|
34
34
|
expect(result).toEqual({
|
|
35
|
-
name: 'Alice'
|
|
36
|
-
email: 'alice@example.com'
|
|
35
|
+
name: 'Alice'
|
|
37
36
|
})
|
|
38
37
|
})
|
|
39
38
|
|
|
@@ -56,8 +55,33 @@ describe('checkIsValidFieldNameFn', () => {
|
|
|
56
55
|
|
|
57
56
|
const result = await checkIsValidFieldNameFn(context)
|
|
58
57
|
expect(result).toEqual({
|
|
59
|
-
phone: '123456789'
|
|
60
|
-
|
|
58
|
+
phone: '123456789'
|
|
59
|
+
})
|
|
60
|
+
})
|
|
61
|
+
|
|
62
|
+
it('keeps fields readable when top-level read is true and the field only defines write rules', async () => {
|
|
63
|
+
const mockedRole = {
|
|
64
|
+
name: 'test',
|
|
65
|
+
apply_when: { '%%true': true },
|
|
66
|
+
read: true,
|
|
67
|
+
fields: {
|
|
68
|
+
avatar: { write: false },
|
|
69
|
+
name: { write: true }
|
|
70
|
+
}
|
|
71
|
+
} as Role
|
|
72
|
+
const context = {
|
|
73
|
+
user: mockUser,
|
|
74
|
+
role: mockedRole,
|
|
75
|
+
params: {
|
|
76
|
+
type: 'read',
|
|
77
|
+
cursor: { avatar: 'avatar.png', name: 'Alice' }
|
|
78
|
+
}
|
|
79
|
+
} as MachineContext
|
|
80
|
+
|
|
81
|
+
const result = await checkIsValidFieldNameFn(context)
|
|
82
|
+
expect(result).toEqual({
|
|
83
|
+
avatar: 'avatar.png',
|
|
84
|
+
name: 'Alice'
|
|
61
85
|
})
|
|
62
86
|
})
|
|
63
87
|
|
|
@@ -35,10 +35,8 @@ const canReadField = async (
|
|
|
35
35
|
context: Pick<MachineContext, 'params' | 'user'>,
|
|
36
36
|
permission?: FieldPermissionExpression
|
|
37
37
|
) => {
|
|
38
|
-
if (!permission) return
|
|
39
|
-
|
|
40
|
-
if (read) return true
|
|
41
|
-
return await evaluateExpression(context.params, permission.write, context.user)
|
|
38
|
+
if (!permission || typeof permission.read === 'undefined') return undefined
|
|
39
|
+
return await evaluateExpression(context.params, permission.read, context.user)
|
|
42
40
|
}
|
|
43
41
|
|
|
44
42
|
const canWriteField = async (
|
|
@@ -71,10 +69,14 @@ export const filterDocumentByFieldPermissions = async (
|
|
|
71
69
|
const permission = fieldPermission ?? getAdditionalFieldPermission(additionalFields, key)
|
|
72
70
|
let allowed = options?.defaultAllow === true
|
|
73
71
|
if (permission) {
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
72
|
+
if (mode === 'read') {
|
|
73
|
+
const readAllowed = await canReadField(context, permission)
|
|
74
|
+
if (typeof readAllowed !== 'undefined') {
|
|
75
|
+
allowed = readAllowed
|
|
76
|
+
}
|
|
77
|
+
} else {
|
|
78
|
+
allowed = await canWriteField(context, permission)
|
|
79
|
+
}
|
|
78
80
|
}
|
|
79
81
|
|
|
80
82
|
if (allowed) {
|