@flowerforce/flowerbase 1.8.3 → 1.8.4-beta.2

package/src/utils/__tests__/evaluateExpression.test.ts

@@ -1,7 +1,48 @@
 import { evaluateExpression } from '../roles/helpers'
 import { Params } from '../roles/interface'
+import { GenerateContext } from '../context'
+import { StateManager } from '../../state'
+
+jest.mock('../context', () => ({
+  GenerateContext: jest.fn()
+}))
+
+jest.mock('../../state', () => ({
+  StateManager: {
+    select: jest.fn()
+  }
+}))
+
+jest.mock('../../services', () => ({
+  services: {}
+}))
+
+const mockedGenerateContext = jest.mocked(GenerateContext)
+const mockedSelect = jest.mocked(StateManager.select)
 
 describe('evaluateExpression', () => {
+  beforeEach(() => {
+    jest.clearAllMocks()
+    mockedSelect.mockImplementation(((key: string) => {
+      switch (key) {
+        case 'functions':
+          return {
+            checkAccess: {
+              name: 'checkAccess'
+            }
+          }
+        case 'app':
+          return {
+            id: 'app-id'
+          }
+        case 'rules':
+          return {}
+        default:
+          return undefined
+      }
+    }) as never)
+  })
+
   it('supports insert-only write expressions that rely on %%prevRoot', async () => {
     const expression = {
       '%%prevRoot': {
@@ -30,4 +71,52 @@ describe('evaluateExpression', () => {
     await expect(evaluateExpression(insertParams, expression)).resolves.toBe(true)
     await expect(evaluateExpression(readParams, expression)).resolves.toBe(false)
   })
+
+  it('supports nested %function conditions inside %or/%and expressions', async () => {
+    mockedGenerateContext.mockResolvedValue(true)
+
+    const expression = {
+      '%or': [
+        {
+          '%%root.company': 'company-1'
+        },
+        {
+          '%and': [
+            {
+              '%%user.custom_data.type': 'customer'
+            },
+            {
+              '%%true': {
+                '%function': {
+                  name: 'checkAccess',
+                  arguments: ['%%root.company']
+                }
+              }
+            }
+          ]
+        }
+      ]
+    }
+
+    const params = {
+      type: 'read',
+      cursor: { company: 'company-2' },
+      expansions: {},
+      roles: []
+    } as Params
+
+    const user = {
+      custom_data: {
+        type: 'customer'
+      }
+    }
+
+    await expect(evaluateExpression(params, expression, user as never)).resolves.toBe(true)
+    expect(mockedGenerateContext).toHaveBeenCalledWith(
+      expect.objectContaining({
+        args: ['company-2'],
+        functionName: 'checkAccess'
+      })
+    )
+  })
 })

package/src/utils/__tests__/getWinningRole.test.ts

@@ -70,4 +70,21 @@ describe('getWinningRole', () => {
     const result = getWinningRole(null, mockUser, mockRoles)
     expect(result).toEqual(mockRoles[0])
   })
+
+  it('should return the first matching role asynchronously', async () => {
+    const mockCheckApplyWhenAsync = jest
+      .spyOn(Utils, 'checkApplyWhenAsync')
+      .mockResolvedValueOnce(true)
+
+    await expect(Utils.getWinningRoleAsync(mockDocument, mockUser, mockRoles)).resolves.toEqual(
+      mockRoles[0]
+    )
+    expect(mockCheckApplyWhenAsync).toHaveBeenCalledWith(
+      mockRoles[0].apply_when,
+      mockUser,
+      mockDocument
+    )
+    expect(mockCheckApplyWhenAsync).toHaveBeenCalledTimes(1)
+    mockCheckApplyWhenAsync.mockReset()
+  })
 })

package/src/utils/roles/helpers.ts

@@ -7,6 +7,8 @@ import { PermissionExpression } from './interface'
 import { MachineContext } from './machines/interface'
 
 const functionsConditions = ['%%true', '%%false']
+const andConditions = ['$and', '%and']
+const orConditions = ['$or', '%or']
 
 const normalizeUserRole = (user?: MachineContext['user']) => {
   if (!user) return user
@@ -22,30 +24,121 @@ const normalizeUserRole = (user?: MachineContext['user']) => {
     : user
 }
 
-export const evaluateExpression = async (
+const buildEvaluationContext = (
   params: MachineContext['params'],
-  expression?: PermissionExpression,
   user?: MachineContext['user']
-): Promise<boolean> => {
-  if (!expression || typeof expression === 'boolean') return !!expression
+) => {
   const normalizedUser = normalizeUserRole(user)
 
-  const value = {
-    ...params.expansions,
-    ...params.cursor,
+  return {
+    ...(params.expansions ?? {}),
+    ...(params.cursor ?? {}),
     '%%root': params.cursor,
     '%%prevRoot': params.expansions?.['%%prevRoot'],
     '%%user': normalizedUser,
     '%%true': true,
     '%%false': false
   }
+}
+
+const getFunctionCondition = (
+  expression: unknown
+): [string, Record<string, any>] | null => {
+  if (!expression || typeof expression !== 'object' || Array.isArray(expression)) {
+    return null
+  }
+
+  const entries = Object.entries(expression as Record<string, unknown>)
+  if (entries.length !== 1) {
+    return null
+  }
+
+  const [key, value] = entries[0]
+  if (!functionsConditions.includes(key)) {
+    return null
+  }
+
+  if (!value || typeof value !== 'object' || Array.isArray(value)) {
+    return null
+  }
+
+  return Object.prototype.hasOwnProperty.call(value, '%function')
+    ? [key, value as Record<string, any>]
+    : null
+}
+
+export const evaluateExpandedExpression = async (
+  expression: unknown,
+  params: MachineContext['params'],
+  user?: MachineContext['user']
+): Promise<boolean> => {
+  if (typeof expression === 'boolean') {
+    return expression
+  }
+
+  if (!expression || typeof expression !== 'object') {
+    return Boolean(expression)
+  }
+
+  const block = expression as Record<string, unknown>
+  const functionCondition = getFunctionCondition(block)
+
+  if (functionCondition) {
+    return evaluateComplexExpression(functionCondition, params, user)
+  }
+
+  const andKey = andConditions.find((key) => Object.prototype.hasOwnProperty.call(block, key))
+  if (andKey) {
+    const conditions = Array.isArray(block[andKey]) ? (block[andKey] as unknown[]) : []
+    if (!conditions.length) return true
+
+    for (const condition of conditions) {
+      if (!(await evaluateExpandedExpression(condition, params, user))) {
+        return false
+      }
+    }
+
+    return true
+  }
+
+  const orKey = orConditions.find((key) => Object.prototype.hasOwnProperty.call(block, key))
+  if (orKey) {
+    const conditions = Array.isArray(block[orKey]) ? (block[orKey] as unknown[]) : []
+    if (!conditions.length) return true
+
+    for (const condition of conditions) {
+      if (await evaluateExpandedExpression(condition, params, user)) {
+        return true
+      }
+    }
+
+    return false
+  }
+
+  const keys = Object.keys(block)
+  if (keys.length > 1) {
+    for (const key of keys) {
+      if (!(await evaluateExpandedExpression({ [key]: block[key] }, params, user))) {
+        return false
+      }
+    }
+
+    return true
+  }
+
+  return rulesMatcherUtils.checkRule(block as never, buildEvaluationContext(params, user), {})
+}
+
+export const evaluateExpression = async (
+  params: MachineContext['params'],
+  expression?: PermissionExpression,
+  user?: MachineContext['user']
+): Promise<boolean> => {
+  if (!expression || typeof expression === 'boolean') return !!expression
+
+  const value = buildEvaluationContext(params, user)
   const conditions = expandQuery(expression, value)
-  const complexCondition = Object.entries(conditions as Record<string, any>).find(
-    ([key]) => functionsConditions.includes(key)
-  )
-  return complexCondition
-    ? await evaluateComplexExpression(complexCondition, params, normalizedUser)
-    : rulesMatcherUtils.checkRule(conditions, value, {})
+  return evaluateExpandedExpression(conditions, params, user)
 }
 
 const evaluateComplexExpression = async (
@@ -74,7 +167,7 @@ const evaluateComplexExpression = async (
   const expandedArguments =
     fnArguments && fnArguments.length
       ? ((expandQuery({ args: fnArguments }, expansionContext) as { args: unknown[] })
-          .args ?? [])
+        .args ?? [])
       : [params.cursor]
 
   const response = await GenerateContext({

package/src/utils/roles/machines/utils.ts

@@ -2,6 +2,7 @@ import { Document, OptionalId } from 'mongodb'
 import { User } from '../../../auth/dtos'
 import { Filter } from '../../../features/rules/interface'
 import { getValidRule } from '../../../services/mongodb-atlas/utils'
+import { evaluateExpression } from '../helpers'
 import { Role } from '../interface'
 import { LogMachineInfoParams } from './interface'
 
@@ -28,6 +29,20 @@ export const getWinningRole = (
   return null
 }
 
+export const getWinningRoleAsync = async (
+  document: OptionalId<Document> | null,
+  user: User,
+  roles: Role[] = []
+): Promise<Role | null> => {
+  if (!roles.length) return null
+  for (const role of roles) {
+    if (await checkApplyWhenAsync(role.apply_when, user, document)) {
+      return role
+    }
+  }
+  return null
+}
+
 /**
  * Checks if the `apply_when` condition is valid for the given user and document.
  *
@@ -50,6 +65,25 @@ export const checkApplyWhen = (
   return !!validRule.length
 }
 
+export const checkApplyWhenAsync = async (
+  apply_when: Role['apply_when'],
+  user: User,
+  document: OptionalId<Document> | null
+) => {
+  return evaluateExpression(
+    {
+      type: 'read',
+      roles: [],
+      cursor: document,
+      expansions: {
+        '%%prevRoot': undefined
+      }
+    },
+    apply_when,
+    user
+  )
+}
+
 /**
  * Logs machine step information if logging is enabled.
  *