@forestadmin/agent 1.0.2 → 1.1.0-alpha.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (34) hide show
  1. package/dist/routes/access/chart.js +3 -3
  2. package/dist/routes/access/count-related.js +3 -3
  3. package/dist/routes/access/count.js +3 -3
  4. package/dist/routes/access/csv-related.js +4 -4
  5. package/dist/routes/access/csv.js +4 -4
  6. package/dist/routes/access/get.js +3 -3
  7. package/dist/routes/access/list-related.js +3 -3
  8. package/dist/routes/access/list.js +3 -3
  9. package/dist/routes/modification/action.d.ts +1 -1
  10. package/dist/routes/modification/action.js +24 -7
  11. package/dist/routes/modification/associate-related.js +3 -3
  12. package/dist/routes/modification/create.js +4 -4
  13. package/dist/routes/modification/delete.js +3 -3
  14. package/dist/routes/modification/dissociate-delete-related.js +3 -3
  15. package/dist/routes/modification/update-field.js +3 -3
  16. package/dist/routes/modification/update-relation.js +5 -5
  17. package/dist/routes/modification/update.js +3 -3
  18. package/dist/routes/security/scope-invalidation.js +2 -2
  19. package/dist/services/authorization/authorization.d.ts +31 -0
  20. package/dist/services/authorization/authorization.js +107 -0
  21. package/dist/services/authorization/index.d.ts +4 -0
  22. package/dist/services/authorization/index.js +11 -0
  23. package/dist/services/authorization/types.d.ts +26 -0
  24. package/dist/services/authorization/types.js +3 -0
  25. package/dist/services/index.d.ts +2 -2
  26. package/dist/services/index.js +8 -6
  27. package/dist/types.d.ts +2 -0
  28. package/dist/types.js +1 -1
  29. package/dist/utils/forest-http-api.d.ts +0 -28
  30. package/dist/utils/forest-http-api.js +1 -81
  31. package/dist/utils/options-validator.js +14 -6
  32. package/package.json +4 -4
  33. package/dist/services/permissions.d.ts +0 -19
  34. package/dist/services/permissions.js +0 -85
package/dist/services/permissions.js DELETED
@@ -1,85 +0,0 @@
1
- "use strict";
2
- var __importDefault = (this && this.__importDefault) || function (mod) {
3
- return (mod && mod.__esModule) ? mod : { "default": mod };
4
- };
5
- Object.defineProperty(exports, "__esModule", { value: true });
6
- const lru_cache_1 = __importDefault(require("lru-cache"));
7
- const object_hash_1 = __importDefault(require("object-hash"));
8
- const types_1 = require("../types");
9
- const condition_tree_parser_1 = __importDefault(require("../utils/condition-tree-parser"));
10
- const forest_http_api_1 = __importDefault(require("../utils/forest-http-api"));
11
- class PermissionService {
12
- constructor(options) {
13
- this.options = options;
14
- this.cache = new lru_cache_1.default({
15
- max: 256,
16
- ttl: this.options.permissionsCacheDurationInSeconds * 1000,
17
- });
18
- }
19
- invalidateCache(renderingId) {
20
- this.cache.delete(renderingId);
21
- }
22
- /** Checks that a charting query is in the list of allowed queries */
23
- async canChart(context) {
24
- // If the permissions level already allow the chart, no need to check further
25
- if (['admin', 'editor', 'developer'].includes(context.state.user.permissionLevel)) {
26
- return;
27
- }
28
- const chart = { ...context.request.body };
29
- // When the server sends the data of the allowed charts, the target column is not specified
30
- // for relations => allow them all.
31
- if (chart?.group_by_field?.includes(':'))
32
- chart.group_by_field = chart.group_by_field.substring(0, chart.group_by_field.indexOf(':'));
33
- const chartHash = (0, object_hash_1.default)(chart, {
34
- respectType: false,
35
- excludeKeys: key => chart[key] === null,
36
- });
37
- await this.can(context, `chart:${chartHash}`);
38
- }
39
- /** Check if a user is allowed to perform a specific action */
40
- async can(context, action, allowRefetch = true) {
41
- const { id: userId, renderingId } = context.state.user;
42
- const perms = await this.getRenderingPermissions(renderingId);
43
- const isAllowed = perms.actions.has(action) || perms.actionsByUser[action]?.has(userId);
44
- if (!isAllowed && allowRefetch) {
45
- this.invalidateCache(renderingId);
46
- return this.can(context, action, false);
47
- }
48
- if (!isAllowed) {
49
- context.throw(types_1.HttpCode.Forbidden, 'Forbidden');
50
- }
51
- }
52
- async getScope(collection, context) {
53
- const { user } = context.state;
54
- const perms = await this.getRenderingPermissions(user.renderingId);
55
- const scopes = perms.scopes[collection.name];
56
- if (!scopes)
57
- return null;
58
- const conditionTree = condition_tree_parser_1.default.fromPlainObject(collection, scopes.conditionTree);
59
- return conditionTree.replaceLeafs(leaf => {
60
- const dynamicValues = scopes.dynamicScopeValues?.[user.id];
61
- if (typeof leaf.value === 'string' && leaf.value.startsWith('$currentUser')) {
62
- // Search replacement hash from forestadmin server
63
- if (dynamicValues) {
64
- return leaf.override({ value: dynamicValues[leaf.value] });
65
- }
66
- // Search JWT token (new user)
67
- return leaf.override({
68
- value: leaf.value.startsWith('$currentUser.tags.')
69
- ? user.tags[leaf.value.substring(18)]
70
- : user[leaf.value.substring(13)],
71
- });
72
- }
73
- return leaf;
74
- });
75
- }
76
- /** Get cached version of "rendering permissions" */
77
- getRenderingPermissions(renderingId) {
78
- if (!this.cache.has(renderingId))
79
- this.cache.set(renderingId, forest_http_api_1.default.getPermissions(this.options, renderingId));
80
- // We already checked the entry is up-to-date with the .has() call => allowStale
81
- return this.cache.get(renderingId, { allowStale: true });
82
- }
83
- }
84
- exports.default = PermissionService;
85
- //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGVybWlzc2lvbnMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvc2VydmljZXMvcGVybWlzc2lvbnMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFFQSwwREFBaUM7QUFDakMsOERBQXFDO0FBRXJDLG9DQUE4RDtBQUM5RCwyRkFBaUU7QUFDakUsK0VBQStFO0FBTy9FLE1BQXFCLGlCQUFpQjtJQUlwQyxZQUFZLE9BQXFCO1FBQy9CLElBQUksQ0FBQyxPQUFPLEdBQUcsT0FBTyxDQUFDO1FBQ3ZCLElBQUksQ0FBQyxLQUFLLEdBQUcsSUFBSSxtQkFBUSxDQUFDO1lBQ3hCLEdBQUcsRUFBRSxHQUFHO1lBQ1IsR0FBRyxFQUFFLElBQUksQ0FBQyxPQUFPLENBQUMsaUNBQWlDLEdBQUcsSUFBSTtTQUMzRCxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsZUFBZSxDQUFDLFdBQW1CO1FBQ2pDLElBQUksQ0FBQyxLQUFLLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FBQyxDQUFDO0lBQ2pDLENBQUM7SUFFRCxxRUFBcUU7SUFDckUsS0FBSyxDQUFDLFFBQVEsQ0FBQyxPQUFnQjtRQUM3Qiw2RUFBNkU7UUFDN0UsSUFBSSxDQUFDLE9BQU8sRUFBRSxRQUFRLEVBQUUsV0FBVyxDQUFDLENBQUMsUUFBUSxDQUFDLE9BQU8sQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxFQUFFO1lBQ2pGLE9BQU87U0FDUjtRQUVELE1BQU0sS0FBSyxHQUFHLEVBQUUsR0FBRyxPQUFPLENBQUMsT0FBTyxDQUFDLElBQUksRUFBRSxDQUFDO1FBRTFDLDJGQUEyRjtRQUMzRixtQ0FBbUM7UUFDbkMsSUFBSSxLQUFLLEVBQUUsY0FBYyxFQUFFLFFBQVEsQ0FBQyxHQUFHLENBQUM7WUFDdEMsS0FBSyxDQUFDLGNBQWMsR0FBRyxLQUFLLENBQUMsY0FBYyxDQUFDLFNBQVMsQ0FBQyxDQUFDLEVBQUUsS0FBSyxDQUFDLGNBQWMsQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQztRQUU5RixNQUFNLFNBQVMsR0FBRyxJQUFBLHFCQUFVLEVBQUMsS0FBSyxFQUFFO1lBQ2xDLFdBQVcsRUFBRSxLQUFLO1lBQ2xCLFdBQVcsRUFBRSxHQUFHLENBQUMsRUFBRSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsS0FBSyxJQUFJO1NBQ3hDLENBQUMsQ0FBQztRQUVILE1BQU0sSUFBSSxDQUFDLEdBQUcsQ0FBQyxPQUFPLEVBQUUsU0FBUyxTQUFTLEVBQUUsQ0FBQyxDQUFDO0lBQ2hELENBQUM7SUFFRCw4REFBOEQ7SUFDOUQsS0FBSyxDQUFDLEdBQUcsQ0FBQyxPQUFnQixFQUFFLE1BQWMsRUFBRSxZQUFZLEdBQUcsSUFBSTtRQUM3RCxNQUFNLEVBQUUsRUFBRSxFQUFFLE1BQU0sRUFBRSxXQUFXLEVBQUUsR0FBRyxPQUFPLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQztRQUN2RCxNQUFNLEtBQUssR0FBRyxNQUFNLElBQUksQ0FBQyx1QkFBdUIsQ0FBQyxXQUFXLENBQUMsQ0FBQztRQUM5RCxNQUFNLFNBQVMsR0FBRyxLQUFLLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsSUFBSSxLQUFLLENBQUMsYUFBYSxDQUFDLE1BQU0sQ0FBQyxFQUFFLEdBQUcsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUV4RixJQUFJLENBQUMsU0FBUyxJQUFJLFlBQVksRUFBRTtZQUM5QixJQUFJLENBQUMsZUFBZSxDQUFDLFdBQVcsQ0FBQyxDQUFDO1lBRWxDLE9BQU8sSUFBSSxDQUFDLEdBQUcsQ0FBQyxPQUFPLEVBQUUsTUFBTSxFQUFFLEtBQUssQ0FBQyxDQUFDO1NBQ3pDO1FBRUQsSUFBSSxDQUFDLFNBQVMsRUFBRTtZQUNkLE9BQU8sQ0FBQyxLQUFLLENBQUMsZ0JBQVEsQ0FBQyxTQUFTLEVBQUUsV0FBVyxDQUFDLENBQUM7U0FDaEQ7SUFDSCxDQUFDO0lBRUQsS0FBSyxDQUFDLFFBQVEsQ0FBQyxVQUFzQixFQUFFLE9BQWdCO1FBQ3JELE1BQU0sRUFBRSxJQUFJLEVBQUUsR0FBRyxPQUFPLENBQUMsS0FBSyxDQUFDO1FBQy9CLE1BQU0sS0FBSyxHQUFHLE1BQU0sSUFBSSxDQUFDLHVCQUF1QixDQUFDLElBQUksQ0FBQyxXQUFXLENBQUMsQ0FBQztRQUNuRSxNQUFNLE1BQU0sR0FBRyxLQUFLLENBQUMsTUFBTSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUU3QyxJQUFJLENBQUMsTUFBTTtZQUFFLE9BQU8sSUFBSSxDQUFDO1FBRXpCLE1BQU0sYUFBYSxHQUFHLCtCQUFtQixDQUFDLGVBQWUsQ0FBQyxVQUFVLEVBQUUsTUFBTSxDQUFDLGFBQWEsQ0FBQyxDQUFDO1FBRTVGLE9BQU8sYUFBYSxDQUFDLFlBQVksQ0FBQyxJQUFJLENBQUMsRUFBRTtZQUN2QyxNQUFNLGFBQWEsR0FBRyxNQUFNLENBQUMsa0JBQWtCLEVBQUUsQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLENBQUM7WUFFM0QsSUFBSSxPQUFPLElBQUksQ0FBQyxLQUFLLEtBQUssUUFBUSxJQUFJLElBQUksQ0FBQyxLQUFLLENBQUMsVUFBVSxDQUFDLGNBQWMsQ0FBQyxFQUFFO2dCQUMzRSxrREFBa0Q7Z0JBQ2xELElBQUksYUFBYSxFQUFFO29CQUNqQixPQUFPLElBQUksQ0FBQyxRQUFRLENBQUMsRUFBRSxLQUFLLEVBQUUsYUFBYSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLENBQUM7aUJBQzVEO2dCQUVELDhCQUE4QjtnQkFDOUIsT0FBTyxJQUFJLENBQUMsUUFBUSxDQUFDO29CQUNuQixLQUFLLEVBQUUsSUFBSSxDQUFDLEtBQUssQ0FBQyxVQUFVLENBQUMsb0JBQW9CLENBQUM7d0JBQ2hELENBQUMsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FBQyxDQUFDO3dCQUNyQyxDQUFDLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FBQyxDQUFDO2lCQUNuQyxDQUFDLENBQUM7YUFDSjtZQUVELE9BQU8sSUFBSSxDQUFDO1FBQ2QsQ0FBQyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsb0RBQW9EO0lBQzVDLHVCQUF1QixDQUFDLFdBQW1CO1FBQ2pELElBQUksQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxXQUFXLENBQUM7WUFDOUIsSUFBSSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsV0FBVyxFQUFFLHlCQUFhLENBQUMsY0FBYyxDQUFDLElBQUksQ0FBQyxPQUFPLEVBQUUsV0FBVyxDQUFDLENBQUMsQ0FBQztRQUV2RixnRkFBZ0Y7UUFDaEYsT0FBTyxJQUFJLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxXQUFXLEVBQUUsRUFBRSxVQUFVLEVBQUUsSUFBSSxFQUFFLENBQUMsQ0FBQztJQUMzRCxDQUFDO0NBQ0Y7QUE3RkQsb0NBNkZDIn0=