@forestadmin/agent 1.3.2 → 1.4.0-alpha.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/routes/access/chart.d.ts +1 -1
- package/dist/routes/access/chart.js +39 -40
- package/dist/routes/access/count-related.js +3 -3
- package/dist/routes/access/count.js +3 -3
- package/dist/routes/access/csv-related.js +4 -4
- package/dist/routes/access/csv.js +4 -4
- package/dist/routes/access/get.js +3 -3
- package/dist/routes/access/list-related.js +3 -3
- package/dist/routes/access/list.js +3 -3
- package/dist/routes/modification/action.d.ts +1 -1
- package/dist/routes/modification/action.js +24 -7
- package/dist/routes/modification/associate-related.js +3 -3
- package/dist/routes/modification/create.js +4 -4
- package/dist/routes/modification/delete.js +4 -4
- package/dist/routes/modification/dissociate-delete-related.js +3 -3
- package/dist/routes/modification/update-field.js +3 -3
- package/dist/routes/modification/update-relation.js +5 -5
- package/dist/routes/modification/update.js +3 -3
- package/dist/routes/security/scope-invalidation.js +2 -2
- package/dist/routes/system/error-handling.d.ts +2 -0
- package/dist/routes/system/error-handling.js +20 -3
- package/dist/services/authorization/authorization.d.ts +31 -0
- package/dist/services/authorization/authorization.js +118 -0
- package/dist/services/authorization/index.d.ts +4 -0
- package/dist/services/authorization/index.js +11 -0
- package/dist/services/authorization/types.d.ts +26 -0
- package/dist/services/authorization/types.js +3 -0
- package/dist/services/index.d.ts +4 -2
- package/dist/services/index.js +9 -6
- package/dist/types.d.ts +2 -0
- package/dist/types.js +1 -1
- package/dist/utils/condition-tree-parser.d.ts +2 -1
- package/dist/utils/condition-tree-parser.js +53 -17
- package/dist/utils/forest-http-api.d.ts +0 -28
- package/dist/utils/forest-http-api.js +1 -81
- package/dist/utils/options-validator.js +13 -1
- package/dist/utils/query-string.js +3 -2
- package/package.json +4 -4
- package/dist/services/permissions.d.ts +0 -19
- package/dist/services/permissions.js +0 -85
|
@@ -1,6 +1,14 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
const datasource_toolkit_1 = require("@forestadmin/datasource-toolkit");
|
|
4
|
+
const STRING_TO_BOOLEAN = {
|
|
5
|
+
true: true,
|
|
6
|
+
yes: true,
|
|
7
|
+
'1': true,
|
|
8
|
+
false: false,
|
|
9
|
+
no: false,
|
|
10
|
+
'0': false,
|
|
11
|
+
};
|
|
4
12
|
class ConditionTreeParser {
|
|
5
13
|
static fromPlainObject(collection, json) {
|
|
6
14
|
if (ConditionTreeParser.isLeaf(json)) {
|
|
@@ -17,24 +25,10 @@ class ConditionTreeParser {
|
|
|
17
25
|
}
|
|
18
26
|
throw new Error('Failed to instantiate condition tree from json');
|
|
19
27
|
}
|
|
20
|
-
/** Handle 'In' where the frontend unexpectedly sends strings */
|
|
21
28
|
static parseValue(collection, leaf) {
|
|
22
29
|
const schema = datasource_toolkit_1.CollectionUtils.getFieldSchema(collection, leaf.field);
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
return leaf.value
|
|
26
|
-
.split(',')
|
|
27
|
-
.map(bool => !['false', '0', 'no'].includes(bool.toLowerCase().trim()));
|
|
28
|
-
}
|
|
29
|
-
if (schema.columnType === 'Number') {
|
|
30
|
-
return leaf.value
|
|
31
|
-
.split(',')
|
|
32
|
-
.map(string => Number(string.trim()))
|
|
33
|
-
.filter(number => !Number.isNaN(number) && Number.isFinite(number));
|
|
34
|
-
}
|
|
35
|
-
return leaf.value.split(',').map(v => v.trim());
|
|
36
|
-
}
|
|
37
|
-
return leaf.value;
|
|
30
|
+
const expectedType = this.getExpectedTypeForCondition(leaf, schema);
|
|
31
|
+
return this.castToType(leaf.value, expectedType);
|
|
38
32
|
}
|
|
39
33
|
/** Convert snake_case to PascalCase */
|
|
40
34
|
static toPascalCase(value) {
|
|
@@ -42,6 +36,48 @@ class ConditionTreeParser {
|
|
|
42
36
|
value.slice(1).replace(/_[a-z]/g, match => match.slice(1).toUpperCase());
|
|
43
37
|
return pascalCased;
|
|
44
38
|
}
|
|
39
|
+
static getExpectedTypeForCondition(filter, fieldSchema) {
|
|
40
|
+
const operatorsExpectingNumber = [
|
|
41
|
+
'ShorterThan',
|
|
42
|
+
'LongerThan',
|
|
43
|
+
'AfterXHoursAgo',
|
|
44
|
+
'BeforeXHoursAgo',
|
|
45
|
+
'PreviousXDays',
|
|
46
|
+
'PreviousXDaysToDate',
|
|
47
|
+
];
|
|
48
|
+
if (operatorsExpectingNumber.includes(filter.operator)) {
|
|
49
|
+
return 'Number';
|
|
50
|
+
}
|
|
51
|
+
if (filter.operator === 'In') {
|
|
52
|
+
return [fieldSchema.columnType];
|
|
53
|
+
}
|
|
54
|
+
return fieldSchema.columnType;
|
|
55
|
+
}
|
|
56
|
+
static castToType(value, expectedType) {
|
|
57
|
+
if (value === null || value === undefined)
|
|
58
|
+
return value;
|
|
59
|
+
if (Array.isArray(expectedType)) {
|
|
60
|
+
const items = typeof value === 'string' ? value.split(',').map(item => item.trim()) : value;
|
|
61
|
+
const filter = expectedType[0] === 'Number' ? item => !Number.isNaN(item) : () => true;
|
|
62
|
+
return Array.isArray(items)
|
|
63
|
+
? items.map(item => this.castToType(item, expectedType[0])).filter(filter)
|
|
64
|
+
: value;
|
|
65
|
+
}
|
|
66
|
+
switch (expectedType) {
|
|
67
|
+
case 'String':
|
|
68
|
+
case 'Dateonly':
|
|
69
|
+
case 'Date':
|
|
70
|
+
return `${value}`;
|
|
71
|
+
case 'Number':
|
|
72
|
+
return Number(value);
|
|
73
|
+
case 'Boolean':
|
|
74
|
+
return typeof value === 'string' && value in STRING_TO_BOOLEAN
|
|
75
|
+
? STRING_TO_BOOLEAN[value]
|
|
76
|
+
: !!value;
|
|
77
|
+
default:
|
|
78
|
+
return value;
|
|
79
|
+
}
|
|
80
|
+
}
|
|
45
81
|
static isLeaf(raw) {
|
|
46
82
|
return typeof raw === 'object' && 'field' in raw && 'operator' in raw;
|
|
47
83
|
}
|
|
@@ -50,4 +86,4 @@ class ConditionTreeParser {
|
|
|
50
86
|
}
|
|
51
87
|
}
|
|
52
88
|
exports.default = ConditionTreeParser;
|
|
53
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
89
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29uZGl0aW9uLXRyZWUtcGFyc2VyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL3V0aWxzL2NvbmRpdGlvbi10cmVlLXBhcnNlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQUFBLHdFQVd5QztBQUV6QyxNQUFNLGlCQUFpQixHQUFHO0lBQ3hCLElBQUksRUFBRSxJQUFJO0lBQ1YsR0FBRyxFQUFFLElBQUk7SUFDVCxHQUFHLEVBQUUsSUFBSTtJQUNULEtBQUssRUFBRSxLQUFLO0lBQ1osRUFBRSxFQUFFLEtBQUs7SUFDVCxHQUFHLEVBQUUsS0FBSztDQUNYLENBQUM7QUFFRixNQUFxQixtQkFBbUI7SUFDdEMsTUFBTSxDQUFDLGVBQWUsQ0FBQyxVQUFzQixFQUFFLElBQWE7UUFDMUQsSUFBSSxtQkFBbUIsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLEVBQUU7WUFDcEMsTUFBTSxRQUFRLEdBQUcsbUJBQW1CLENBQUMsWUFBWSxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsQ0FBQztZQUNqRSxNQUFNLEtBQUssR0FBRyxtQkFBbUIsQ0FBQyxVQUFVLENBQUMsVUFBVSxFQUFFLEVBQUUsR0FBRyxJQUFJLEVBQUUsUUFBUSxFQUFFLENBQUMsQ0FBQztZQUVoRixPQUFPLElBQUksc0NBQWlCLENBQUMsSUFBSSxDQUFDLEtBQUssRUFBRSxRQUFRLEVBQUUsS0FBSyxDQUFDLENBQUM7U0FDM0Q7UUFFRCxJQUFJLG1CQUFtQixDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsRUFBRTtZQUN0QyxNQUFNLFVBQVUsR0FBRyxtQkFBbUIsQ0FBQyxZQUFZLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBZSxDQUFDO1lBQ25GLE1BQU0sVUFBVSxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsR0FBRyxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQy9DLG1CQUFtQixDQUFDLGVBQWUsQ0FBQyxVQUFVLEVBQUUsT0FBTyxDQUFDLENBQ3pELENBQUM7WUFFRixPQUFPLFVBQVUsQ0FBQyxNQUFNLEtBQUssQ0FBQztnQkFDNUIsQ0FBQyxDQUFDLElBQUksd0NBQW1CLENBQUMsVUFBVSxFQUFFLFVBQVUsQ0FBQztnQkFDakQsQ0FBQyxDQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUMsQ0FBQztTQUNuQjtRQUVELE1BQU0sSUFBSSxLQUFLLENBQUMsZ0RBQWdELENBQUMsQ0FBQztJQUNwRSxDQUFDO0lBRU8sTUFBTSxDQUFDLFVBQVUsQ0FBQyxVQUFzQixFQUFFLElBQTRCO1FBQzVFLE1BQU0sTUFBTSxHQUFHLG9DQUFlLENBQUMsY0FBYyxDQUFDLFVBQVUsRUFBRSxJQUFJLENBQUMsS0FBSyxDQUFpQixDQUFDO1FBQ3RGLE1BQU0sWUFBWSxHQUFHLElBQUksQ0FBQywyQkFBMkIsQ0FBQyxJQUFJLEVBQUUsTUFBTSxDQUFDLENBQUM7UUFFcEUsT0FBTyxJQUFJLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxLQUFLLEVBQUUsWUFBWSxDQUFDLENBQUM7SUFDbkQsQ0FBQztJQUVELHVDQUF1QztJQUMvQixNQUFNLENBQUMsWUFBWSxDQUFDLEtBQWE7UUFDdkMsTUFBTSxXQUFXLEdBQ2YsS0FBSyxDQUFDLEtBQUssQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsV0FBVyxFQUFFO1lBQy9CLEtBQUssQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLFNBQVMsRUFBRSxLQUFLLENBQUMsRUFBRSxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUMsV0FBVyxFQUFFLENBQUMsQ0FBQztRQUUzRSxPQUFPLFdBQXVCLENBQUM7SUFDakMsQ0FBQztJQUVPLE1BQU0sQ0FBQywyQkFBMkIsQ0FDeEMsTUFBOEIsRUFDOUIsV0FBeUI7UUFFekIsTUFBTSx3QkFBd0IsR0FBZTtZQUMzQyxhQUFhO1lBQ2IsWUFBWTtZQUNaLGdCQUFnQjtZQUNoQixpQkFBaUI7WUFDakIsZUFBZTtZQUNmLHFCQUFxQjtTQUN0QixDQUFDO1FBRUYsSUFBSSx3QkFBd0IsQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxFQUFFO1lBQ3RELE9BQU8sUUFBUSxDQUFDO1NBQ2pCO1FBRUQsSUFBSSxNQUFNLENBQUMsUUFBUSxLQUFLLElBQUksRUFBRTtZQUM1QixPQUFPLENBQUMsV0FBVyxDQUFDLFVBQVUsQ0FBQyxDQUFDO1NBQ2pDO1FBRUQsT0FBTyxXQUFXLENBQUMsVUFBVSxDQUFDO0lBQ2hDLENBQUM7SUFFTyxNQUFNLENBQUMsVUFBVSxDQUFDLEtBQWMsRUFBRSxZQUF3QjtRQUNoRSxJQUFJLEtBQUssS0FBSyxJQUFJLElBQUksS0FBSyxLQUFLLFNBQVM7WUFBRSxPQUFPLEtBQUssQ0FBQztRQUV4RCxJQUFJLEtBQUssQ0FBQyxPQUFPLENBQUMsWUFBWSxDQUFDLEVBQUU7WUFDL0IsTUFBTSxLQUFLLEdBQUcsT0FBTyxLQUFLLEtBQUssUUFBUSxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLElBQUksQ0FBQyxJQUFJLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUM7WUFDNUYsTUFBTSxNQUFNLEdBQUcsWUFBWSxDQUFDLENBQUMsQ0FBQyxLQUFLLFFBQVEsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDLEdBQUcsRUFBRSxDQUFDLElBQUksQ0FBQztZQUV2RixPQUFPLEtBQUssQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDO2dCQUN6QixDQUFDLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsSUFBSSxFQUFFLFlBQVksQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQztnQkFDMUUsQ0FBQyxDQUFDLEtBQUssQ0FBQztTQUNYO1FBRUQsUUFBUSxZQUFZLEVBQUU7WUFDcEIsS0FBSyxRQUFRLENBQUM7WUFDZCxLQUFLLFVBQVUsQ0FBQztZQUNoQixLQUFLLE1BQU07Z0JBQ1QsT0FBTyxHQUFHLEtBQXdCLEVBQUUsQ0FBQztZQUN2QyxLQUFLLFFBQVE7Z0JBQ1gsT0FBTyxNQUFNLENBQUMsS0FBSyxDQUFDLENBQUM7WUFDdkIsS0FBSyxTQUFTO2dCQUNaLE9BQU8sT0FBTyxLQUFLLEtBQUssUUFBUSxJQUFJLEtBQUssSUFBSSxpQkFBaUI7b0JBQzVELENBQUMsQ0FBQyxpQkFBaUIsQ0FBQyxLQUFLLENBQUM7b0JBQzFCLENBQUMsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDO1lBQ2Q7Z0JBQ0UsT0FBTyxLQUFLLENBQUM7U0FDaEI7SUFDSCxDQUFDO0lBRU8sTUFBTSxDQUFDLE1BQU0sQ0FBQyxHQUFZO1FBQ2hDLE9BQU8sT0FBTyxHQUFHLEtBQUssUUFBUSxJQUFJLE9BQU8sSUFBSSxHQUFHLElBQUksVUFBVSxJQUFJLEdBQUcsQ0FBQztJQUN4RSxDQUFDO0lBRU8sTUFBTSxDQUFDLFFBQVEsQ0FBQyxHQUFZO1FBQ2xDLE9BQU8sT0FBTyxHQUFHLEtBQUssUUFBUSxJQUFJLFlBQVksSUFBSSxHQUFHLElBQUksWUFBWSxJQUFJLEdBQUcsQ0FBQztJQUMvRSxDQUFDO0NBQ0Y7QUFsR0Qsc0NBa0dDIn0=
|
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
import { PlainConditionTree } from '@forestadmin/datasource-toolkit';
|
|
2
1
|
import { JSONAPIDocument } from 'json-api-serializer';
|
|
3
2
|
import { IssuerMetadata } from 'openid-client';
|
|
4
3
|
import { AgentOptions } from '../types';
|
|
@@ -25,22 +24,6 @@ export declare type UserInfo = {
|
|
|
25
24
|
};
|
|
26
25
|
permissionLevel: string;
|
|
27
26
|
};
|
|
28
|
-
export declare type RenderingPermissions = {
|
|
29
|
-
actions: Set<string>;
|
|
30
|
-
actionsByUser: {
|
|
31
|
-
[actionName: string]: Set<number>;
|
|
32
|
-
};
|
|
33
|
-
scopes: {
|
|
34
|
-
[collectionName: string]: {
|
|
35
|
-
conditionTree: PlainConditionTree;
|
|
36
|
-
dynamicScopeValues: {
|
|
37
|
-
[userId: number]: {
|
|
38
|
-
[replacementKey: string]: unknown;
|
|
39
|
-
};
|
|
40
|
-
};
|
|
41
|
-
};
|
|
42
|
-
};
|
|
43
|
-
};
|
|
44
27
|
declare type HttpOptions = Pick<AgentOptions, 'envSecret' | 'forestServerUrl' | 'isProduction'>;
|
|
45
28
|
export default class ForestHttpApi {
|
|
46
29
|
static getIpWhitelistConfiguration(options: HttpOptions): Promise<IpWhitelistConfiguration>;
|
|
@@ -48,17 +31,6 @@ export default class ForestHttpApi {
|
|
|
48
31
|
static getUserInformation(options: HttpOptions, renderingId: number, accessToken: string): Promise<UserInfo>;
|
|
49
32
|
static hasSchema(options: HttpOptions, hash: string): Promise<boolean>;
|
|
50
33
|
static uploadSchema(options: HttpOptions, apimap: JSONAPIDocument): Promise<void>;
|
|
51
|
-
static getPermissions(options: HttpOptions, renderingId: number): Promise<RenderingPermissions>;
|
|
52
|
-
/** Helper to format permissions into something easy to validate against */
|
|
53
|
-
private static decodeChartPermissions;
|
|
54
|
-
/**
|
|
55
|
-
* Helper to format permissions into something easy to validate against
|
|
56
|
-
* Note that the format the server is sending varies depending on if we're using a remote or
|
|
57
|
-
* local environment.
|
|
58
|
-
*/
|
|
59
|
-
private static decodeActionPermissions;
|
|
60
|
-
/** Helper to format permissions into something easy to validate against */
|
|
61
|
-
private static decodeScopePermissions;
|
|
62
34
|
private static handleResponseError;
|
|
63
35
|
}
|
|
64
36
|
export {};
|
|
@@ -3,7 +3,6 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
3
3
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
4
|
};
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
-
const object_hash_1 = __importDefault(require("object-hash"));
|
|
7
6
|
const superagent_1 = __importDefault(require("superagent"));
|
|
8
7
|
class ForestHttpApi {
|
|
9
8
|
static async getIpWhitelistConfiguration(options) {
|
|
@@ -76,85 +75,6 @@ class ForestHttpApi {
|
|
|
76
75
|
this.handleResponseError(e);
|
|
77
76
|
}
|
|
78
77
|
}
|
|
79
|
-
static async getPermissions(options, renderingId) {
|
|
80
|
-
try {
|
|
81
|
-
const { body } = await superagent_1.default
|
|
82
|
-
.get(`${options.forestServerUrl}/liana/v3/permissions`)
|
|
83
|
-
.set('forest-secret-key', options.envSecret)
|
|
84
|
-
.query(`renderingId=${renderingId}`);
|
|
85
|
-
if (!body.meta?.rolesACLActivated) {
|
|
86
|
-
throw new Error('Roles V2 are unsupported');
|
|
87
|
-
}
|
|
88
|
-
const actions = new Set();
|
|
89
|
-
const actionsByUser = {};
|
|
90
|
-
ForestHttpApi.decodeChartPermissions(body?.stats ?? {}, actions);
|
|
91
|
-
ForestHttpApi.decodeActionPermissions(body?.data?.collections ?? {}, actions, actionsByUser);
|
|
92
|
-
return {
|
|
93
|
-
actions,
|
|
94
|
-
actionsByUser,
|
|
95
|
-
scopes: ForestHttpApi.decodeScopePermissions(body?.data?.renderings?.[renderingId] ?? {}),
|
|
96
|
-
};
|
|
97
|
-
}
|
|
98
|
-
catch (e) {
|
|
99
|
-
this.handleResponseError(e);
|
|
100
|
-
}
|
|
101
|
-
}
|
|
102
|
-
/** Helper to format permissions into something easy to validate against */
|
|
103
|
-
static decodeChartPermissions(chartsByType, actions) {
|
|
104
|
-
const serverCharts = Object.values(chartsByType).flat();
|
|
105
|
-
const frontendCharts = serverCharts.map(chart => ({
|
|
106
|
-
type: chart.type,
|
|
107
|
-
filters: chart.filter,
|
|
108
|
-
aggregate: chart.aggregator,
|
|
109
|
-
aggregate_field: chart.aggregateFieldName,
|
|
110
|
-
collection: chart.sourceCollectionId,
|
|
111
|
-
time_range: chart.timeRange,
|
|
112
|
-
group_by_date_field: (chart.type === 'Line' && chart.groupByFieldName) || null,
|
|
113
|
-
group_by_field: (chart.type !== 'Line' && chart.groupByFieldName) || null,
|
|
114
|
-
limit: chart.limit,
|
|
115
|
-
label_field: chart.labelFieldName,
|
|
116
|
-
relationship_field: chart.relationshipFieldName,
|
|
117
|
-
}));
|
|
118
|
-
const hashes = frontendCharts.map(chart => (0, object_hash_1.default)(chart, {
|
|
119
|
-
respectType: false,
|
|
120
|
-
excludeKeys: key => chart[key] === null || chart[key] === undefined,
|
|
121
|
-
}));
|
|
122
|
-
hashes.forEach(hash => actions.add(`chart:${hash}`));
|
|
123
|
-
}
|
|
124
|
-
/**
|
|
125
|
-
* Helper to format permissions into something easy to validate against
|
|
126
|
-
* Note that the format the server is sending varies depending on if we're using a remote or
|
|
127
|
-
* local environment.
|
|
128
|
-
*/
|
|
129
|
-
static decodeActionPermissions(collections, actions, actionsByUser) {
|
|
130
|
-
for (const [name, settings] of Object.entries(collections)) {
|
|
131
|
-
for (const [actionName, userIds] of Object.entries(settings.collection ?? {})) {
|
|
132
|
-
const shortName = actionName.substring(0, actionName.length - 'Enabled'.length);
|
|
133
|
-
if (typeof userIds === 'boolean')
|
|
134
|
-
actions.add(`${shortName}:${name}`);
|
|
135
|
-
else
|
|
136
|
-
actionsByUser[`${shortName}:${name}`] = new Set(userIds);
|
|
137
|
-
}
|
|
138
|
-
for (const [actionName, actionPerms] of Object.entries(settings.actions ?? {})) {
|
|
139
|
-
const userIds = actionPerms.triggerEnabled;
|
|
140
|
-
if (typeof userIds === 'boolean')
|
|
141
|
-
actions.add(`custom:${actionName}:${name}`);
|
|
142
|
-
else
|
|
143
|
-
actionsByUser[`custom:${actionName}:${name}`] = new Set(userIds);
|
|
144
|
-
}
|
|
145
|
-
}
|
|
146
|
-
}
|
|
147
|
-
/** Helper to format permissions into something easy to validate against */
|
|
148
|
-
static decodeScopePermissions(rendering) {
|
|
149
|
-
const scopes = {};
|
|
150
|
-
for (const [name, { scope }] of Object.entries(rendering)) {
|
|
151
|
-
scopes[name] = scope && {
|
|
152
|
-
conditionTree: scope.filter,
|
|
153
|
-
dynamicScopeValues: scope.dynamicScopesValues?.users ?? {},
|
|
154
|
-
};
|
|
155
|
-
}
|
|
156
|
-
return scopes;
|
|
157
|
-
}
|
|
158
78
|
static handleResponseError(e) {
|
|
159
79
|
if (/certificate/i.test(e.message))
|
|
160
80
|
throw new Error('ForestAdmin server TLS certificate cannot be verified. ' +
|
|
@@ -177,4 +97,4 @@ class ForestHttpApi {
|
|
|
177
97
|
}
|
|
178
98
|
}
|
|
179
99
|
exports.default = ForestHttpApi;
|
|
180
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
100
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZm9yZXN0LWh0dHAtYXBpLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL3V0aWxzL2ZvcmVzdC1odHRwLWFwaS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7OztBQUdBLDREQUFpRTtBQTZCakUsTUFBcUIsYUFBYTtJQUNoQyxNQUFNLENBQUMsS0FBSyxDQUFDLDJCQUEyQixDQUN0QyxPQUFvQjtRQUVwQixJQUFJO1lBQ0YsTUFBTSxRQUFRLEdBQWEsTUFBTSxvQkFBVTtpQkFDeEMsR0FBRyxDQUFDLElBQUksR0FBRyxDQUFDLDhCQUE4QixFQUFFLE9BQU8sQ0FBQyxlQUFlLENBQUMsQ0FBQyxRQUFRLEVBQUUsQ0FBQztpQkFDaEYsR0FBRyxDQUFDLG1CQUFtQixFQUFFLE9BQU8sQ0FBQyxTQUFTLENBQUMsQ0FBQztZQUUvQyxNQUFNLEVBQUUsVUFBVSxFQUFFLEdBQUcsUUFBUSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUM7WUFFMUMsT0FBTyxFQUFFLGdCQUFnQixFQUFFLFVBQVUsQ0FBQyxnQkFBZ0IsRUFBRSxPQUFPLEVBQUUsVUFBVSxDQUFDLEtBQUssRUFBRSxDQUFDO1NBQ3JGO1FBQUMsT0FBTyxDQUFDLEVBQUU7WUFDVixJQUFJLENBQUMsbUJBQW1CLENBQUMsQ0FBQyxDQUFDLENBQUM7U0FDN0I7SUFDSCxDQUFDO0lBRUQsTUFBTSxDQUFDLEtBQUssQ0FBQyx1QkFBdUIsQ0FBQyxPQUFvQjtRQUN2RCxJQUFJO1lBQ0YsTUFBTSxRQUFRLEdBQWEsTUFBTSxvQkFBVTtpQkFDeEMsR0FBRyxDQUFDLElBQUksR0FBRyxDQUFDLHdDQUF3QyxFQUFFLE9BQU8sQ0FBQyxlQUFlLENBQUMsQ0FBQyxRQUFRLEVBQUUsQ0FBQztpQkFDMUYsR0FBRyxDQUFDLG1CQUFtQixFQUFFLE9BQU8sQ0FBQyxTQUFTLENBQUMsQ0FBQztZQUUvQyxPQUFPLFFBQVEsQ0FBQyxJQUFJLENBQUM7U0FDdEI7UUFBQyxPQUFPLENBQUMsRUFBRTtZQUNWLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxDQUFDLENBQUMsQ0FBQztTQUM3QjtJQUNILENBQUM7SUFFRCxNQUFNLENBQUMsS0FBSyxDQUFDLGtCQUFrQixDQUM3QixPQUFvQixFQUNwQixXQUFtQixFQUNuQixXQUFtQjtRQUVuQixJQUFJO1lBQ0YsTUFBTSxHQUFHLEdBQUcsSUFBSSxHQUFHLENBQ2pCLHdCQUF3QixXQUFXLGdCQUFnQixFQUNuRCxPQUFPLENBQUMsZUFBZSxDQUN4QixDQUFDO1lBRUYsTUFBTSxRQUFRLEdBQUcsTUFBTSxvQkFBVTtpQkFDOUIsR0FBRyxDQUFDLEdBQUcsQ0FBQyxRQUFRLEVBQUUsQ0FBQztpQkFDbkIsR0FBRyxDQUFDLGNBQWMsRUFBRSxXQUFXLENBQUM7aUJBQ2hDLEdBQUcsQ0FBQyxtQkFBbUIsRUFBRSxPQUFPLENBQUMsU0FBUyxDQUFDLENBQUM7WUFFL0MsTUFBTSxFQUFFLFVBQVUsRUFBRSxFQUFFLEVBQUUsR0FBRyxRQUFRLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQztZQUU5QyxPQUFPO2dCQUNMLEVBQUUsRUFBRSxNQUFNLENBQUMsRUFBRSxDQUFDO2dCQUNkLEtBQUssRUFBRSxVQUFVLENBQUMsS0FBSztnQkFDdkIsU0FBUyxFQUFFLFVBQVUsQ0FBQyxVQUFVO2dCQUNoQyxRQUFRLEVBQUUsVUFBVSxDQUFDLFNBQVM7Z0JBQzlCLElBQUksRUFBRSxVQUFVLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQztnQkFDekIsSUFBSSxFQUFFLFVBQVUsQ0FBQyxJQUFJO2dCQUNyQixJQUFJLEVBQUUsVUFBVSxDQUFDLElBQUksRUFBRSxNQUFNLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxHQUFHLEVBQUUsS0FBSyxFQUFFLEVBQUUsRUFBRSxDQUFDLENBQUMsRUFBRSxHQUFHLElBQUksRUFBRSxDQUFDLEdBQUcsQ0FBQyxFQUFFLEtBQUssRUFBRSxDQUFDLEVBQUUsRUFBRSxDQUFDO2dCQUN4RixXQUFXO2dCQUNYLGVBQWUsRUFBRSxVQUFVLENBQUMsZ0JBQWdCO2FBQzdDLENBQUM7U0FDSDtRQUFDLE9BQU8sQ0FBQyxFQUFFO1lBQ1YsSUFBSSxDQUFDLG1CQUFtQixDQUFDLENBQUMsQ0FBQyxDQUFDO1NBQzdCO0lBQ0gsQ0FBQztJQUVELE1BQU0sQ0FBQyxLQUFLLENBQUMsU0FBUyxDQUFDLE9BQW9CLEVBQUUsSUFBWTtRQUN2RCxJQUFJO1lBQ0YsTUFBTSxRQUFRLEdBQUcsTUFBTSxvQkFBVTtpQkFDOUIsSUFBSSxDQUFDLElBQUksR0FBRyxDQUFDLDJCQUEyQixFQUFFLE9BQU8sQ0FBQyxlQUFlLENBQUMsQ0FBQyxRQUFRLEVBQUUsQ0FBQztpQkFDOUUsSUFBSSxDQUFDLEVBQUUsY0FBYyxFQUFFLElBQUksRUFBRSxDQUFDO2lCQUM5QixHQUFHLENBQUMsbUJBQW1CLEVBQUUsT0FBTyxDQUFDLFNBQVMsQ0FBQyxDQUFDO1lBRS9DLE9BQU8sQ0FBQyxRQUFRLEVBQUUsSUFBSSxFQUFFLFVBQVUsQ0FBQztTQUNwQztRQUFDLE9BQU8sQ0FBQyxFQUFFO1lBQ1YsSUFBSSxDQUFDLG1CQUFtQixDQUFDLENBQUMsQ0FBQyxDQUFDO1NBQzdCO0lBQ0gsQ0FBQztJQUVELE1BQU0sQ0FBQyxLQUFLLENBQUMsWUFBWSxDQUFDLE9BQW9CLEVBQUUsTUFBdUI7UUFDckUsSUFBSTtZQUNGLE1BQU0sb0JBQVU7aUJBQ2IsSUFBSSxDQUFDLElBQUksR0FBRyxDQUFDLGlCQUFpQixFQUFFLE9BQU8sQ0FBQyxlQUFlLENBQUMsQ0FBQyxRQUFRLEVBQUUsQ0FBQztpQkFDcEUsSUFBSSxDQUFDLE1BQU0sQ0FBQztpQkFDWixHQUFHLENBQUMsbUJBQW1CLEVBQUUsT0FBTyxDQUFDLFNBQVMsQ0FBQyxDQUFDO1NBQ2hEO1FBQUMsT0FBTyxDQUFDLEVBQUU7WUFDVixJQUFJLENBQUMsbUJBQW1CLENBQUMsQ0FBQyxDQUFDLENBQUM7U0FDN0I7SUFDSCxDQUFDO0lBRU8sTUFBTSxDQUFDLG1CQUFtQixDQUFDLENBQVE7UUFDekMsSUFBSSxjQUFjLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxPQUFPLENBQUM7WUFDaEMsTUFBTSxJQUFJLEtBQUssQ0FDYix5REFBeUQ7Z0JBQ3ZELHFEQUFxRCxDQUN4RCxDQUFDO1FBRUosSUFBSyxDQUFtQixDQUFDLFFBQVEsRUFBRTtZQUNqQyxNQUFNLE1BQU0sR0FBSSxDQUFtQixFQUFFLFFBQVEsRUFBRSxNQUFNLENBQUM7WUFFdEQsOENBQThDO1lBQzlDLElBQUksTUFBTSxLQUFLLENBQUMsSUFBSSxNQUFNLEtBQUssR0FBRztnQkFDaEMsTUFBTSxJQUFJLEtBQUssQ0FBQyxxREFBcUQsQ0FBQyxDQUFDO1lBRXpFLElBQUksTUFBTSxLQUFLLEdBQUc7Z0JBQ2hCLE1BQU0sSUFBSSxLQUFLLENBQ2Isd0ZBQXdGO29CQUN0RiwwRUFBMEUsQ0FDN0UsQ0FBQztZQUVKLElBQUksTUFBTSxLQUFLLEdBQUc7Z0JBQ2hCLE1BQU0sSUFBSSxLQUFLLENBQ2Isa0ZBQWtGO29CQUNoRiw4REFBOEQsQ0FDakUsQ0FBQztZQUVKLE1BQU0sSUFBSSxLQUFLLENBQ2Isd0VBQXdFO2dCQUN0RSxvRUFBb0UsQ0FDdkUsQ0FBQztTQUNIO1FBRUQsTUFBTSxDQUFDLENBQUM7SUFDVixDQUFDO0NBQ0Y7QUF6SEQsZ0NBeUhDIn0=
|
|
@@ -3,6 +3,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
3
3
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
4
|
};
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
+
const forestadmin_client_1 = __importDefault(require("@forestadmin/forestadmin-client"));
|
|
6
7
|
const fs_1 = require("fs");
|
|
7
8
|
const path_1 = __importDefault(require("path"));
|
|
8
9
|
const DEFAULT_MINIMUM_CACHE_DURATION = 60;
|
|
@@ -21,6 +22,17 @@ class OptionsValidator {
|
|
|
21
22
|
copyOptions.forestServerUrl = copyOptions.forestServerUrl || 'https://api.forestadmin.com';
|
|
22
23
|
copyOptions.typingsMaxDepth = copyOptions.typingsMaxDepth ?? 5;
|
|
23
24
|
copyOptions.prefix = copyOptions.prefix || '';
|
|
25
|
+
copyOptions.permissionsCacheDurationInSeconds =
|
|
26
|
+
copyOptions.permissionsCacheDurationInSeconds ?? 15 * 60;
|
|
27
|
+
copyOptions.loggerLevel = copyOptions.loggerLevel || 'Info';
|
|
28
|
+
copyOptions.forestAdminClient =
|
|
29
|
+
copyOptions.forestAdminClient ||
|
|
30
|
+
(0, forestadmin_client_1.default)({
|
|
31
|
+
envSecret: copyOptions.envSecret,
|
|
32
|
+
forestServerUrl: copyOptions.forestServerUrl,
|
|
33
|
+
logger: copyOptions.logger,
|
|
34
|
+
permissionsCacheDurationInSeconds: copyOptions.permissionsCacheDurationInSeconds,
|
|
35
|
+
});
|
|
24
36
|
copyOptions.permissionsCacheDurationInSeconds =
|
|
25
37
|
copyOptions.permissionsCacheDurationInSeconds ?? 15 * DEFAULT_MINIMUM_CACHE_DURATION;
|
|
26
38
|
if (copyOptions.permissionsCacheDurationInSeconds < DEFAULT_MINIMUM_CACHE_DURATION) {
|
|
@@ -96,4 +108,4 @@ OptionsValidator.loggerPrefix = {
|
|
|
96
108
|
Warn: '\x1b[33mwarning:\x1b[0m',
|
|
97
109
|
Error: '\x1b[31merror:\x1b[0m',
|
|
98
110
|
};
|
|
99
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
111
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib3B0aW9ucy12YWxpZGF0b3IuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvdXRpbHMvb3B0aW9ucy12YWxpZGF0b3IudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFBQSx5RkFBc0U7QUFDdEUsMkJBQWdDO0FBQ2hDLGdEQUF3QjtBQUl4QixNQUFNLDhCQUE4QixHQUFHLEVBQUUsQ0FBQztBQUUxQyxNQUFxQixnQkFBZ0I7SUFRbkMsTUFBTSxDQUFDLFlBQVksQ0FBQyxPQUFxQjtRQUN2QyxNQUFNLFdBQVcsR0FBRyxFQUFFLEdBQUcsT0FBTyxFQUFFLENBQUM7UUFFbkMsTUFBTSxhQUFhLEdBQUcsQ0FBQyxLQUFLLEVBQUUsSUFBSSxFQUFFLEVBQUU7WUFDcEMsTUFBTSxXQUFXLEdBQUcsT0FBTyxDQUFDLFdBQVcsSUFBSSxNQUFNLENBQUM7WUFDbEQsTUFBTSxNQUFNLEdBQUcsTUFBTSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsWUFBWSxDQUFDLENBQUM7WUFFOUMsSUFBSSxNQUFNLENBQUMsT0FBTyxDQUFDLEtBQUssQ0FBQyxJQUFJLE1BQU0sQ0FBQyxPQUFPLENBQUMsV0FBVyxDQUFDLEVBQUU7Z0JBQ3hELE9BQU8sQ0FBQyxLQUFLLENBQUMsZ0JBQWdCLENBQUMsWUFBWSxDQUFDLEtBQUssQ0FBQyxFQUFFLElBQUksQ0FBQyxDQUFDO2FBQzNEO1FBQ0gsQ0FBQyxDQUFDO1FBRUYsV0FBVyxDQUFDLE1BQU0sR0FBRyxXQUFXLENBQUMsTUFBTSxJQUFJLGFBQWEsQ0FBQztRQUN6RCxXQUFXLENBQUMsVUFBVSxHQUFHLFdBQVcsQ0FBQyxVQUFVLElBQUksMEJBQTBCLENBQUM7UUFDOUUsV0FBVyxDQUFDLGVBQWUsR0FBRyxXQUFXLENBQUMsZUFBZSxJQUFJLDZCQUE2QixDQUFDO1FBQzNGLFdBQVcsQ0FBQyxlQUFlLEdBQUcsV0FBVyxDQUFDLGVBQWUsSUFBSSxDQUFDLENBQUM7UUFDL0QsV0FBVyxDQUFDLE1BQU0sR0FBRyxXQUFXLENBQUMsTUFBTSxJQUFJLEVBQUUsQ0FBQztRQUM5QyxXQUFXLENBQUMsaUNBQWlDO1lBQzNDLFdBQVcsQ0FBQyxpQ0FBaUMsSUFBSSxFQUFFLEdBQUcsRUFBRSxDQUFDO1FBQzNELFdBQVcsQ0FBQyxXQUFXLEdBQUcsV0FBVyxDQUFDLFdBQVcsSUFBSSxNQUFNLENBQUM7UUFFNUQsV0FBVyxDQUFDLGlCQUFpQjtZQUMzQixXQUFXLENBQUMsaUJBQWlCO2dCQUM3QixJQUFBLDRCQUF1QixFQUFDO29CQUN0QixTQUFTLEVBQUUsV0FBVyxDQUFDLFNBQVM7b0JBQ2hDLGVBQWUsRUFBRSxXQUFXLENBQUMsZUFBZTtvQkFDNUMsTUFBTSxFQUFFLFdBQVcsQ0FBQyxNQUFNO29CQUMxQixpQ0FBaUMsRUFBRSxXQUFXLENBQUMsaUNBQWlDO2lCQUNqRixDQUFDLENBQUM7UUFFTCxXQUFXLENBQUMsaUNBQWlDO1lBQzNDLFdBQVcsQ0FBQyxpQ0FBaUMsSUFBSSxFQUFFLEdBQUcsOEJBQThCLENBQUM7UUFFdkYsSUFBSSxXQUFXLENBQUMsaUNBQWlDLEdBQUcsOEJBQThCLEVBQUU7WUFDbEYsV0FBVyxDQUFDLGlDQUFpQyxHQUFHLDhCQUE4QixDQUFDO1lBQy9FLFdBQVcsQ0FBQyxNQUFNLENBQ2hCLE1BQU0sRUFDTixzREFBc0Q7Z0JBQ3BELG9CQUFvQiw4QkFBOEIsVUFBVSxDQUMvRCxDQUFDO1NBQ0g7UUFFRCxPQUFPO1lBQ0wsV0FBVyxFQUFFLE1BQU07WUFDbkIsR0FBRyxXQUFXO1NBQ2EsQ0FBQztJQUNoQyxDQUFDO0lBRUQsTUFBTSxDQUFDLFFBQVEsQ0FBQyxPQUFxQjtRQUNuQyxnQkFBZ0IsQ0FBQyx3QkFBd0IsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUNuRCxnQkFBZ0IsQ0FBQyxnQkFBZ0IsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUMzQyxnQkFBZ0IsQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUU1QyxPQUFPLE9BQW1DLENBQUM7SUFDN0MsQ0FBQztJQUVPLE1BQU0sQ0FBQyx3QkFBd0IsQ0FBQyxPQUFxQjtRQUMzRCxJQUFJLE9BQU8sT0FBTyxDQUFDLFNBQVMsS0FBSyxRQUFRLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxFQUFFO1lBQ3RGLE1BQU0sSUFBSSxLQUFLLENBQ2IsZ0VBQWdFO2dCQUM5RCw2QkFBNkIsQ0FDaEMsQ0FBQztTQUNIO1FBRUQsSUFBSSxDQUFDLGdCQUFnQixDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsZUFBZSxDQUFDLEVBQUU7WUFDcEQsTUFBTSxJQUFJLEtBQUssQ0FDYiwrREFBK0Q7Z0JBQzdELHNDQUFzQyxDQUN6QyxDQUFDO1NBQ0g7UUFFRCxJQUFJLENBQUMsZ0JBQWdCLENBQUMsY0FBYyxDQUFDLE9BQU8sQ0FBQyxVQUFVLENBQUMsRUFBRTtZQUN4RCxNQUFNLElBQUksS0FBSyxDQUNiLHVFQUF1RTtnQkFDckUsK0VBQStFLENBQ2xGLENBQUM7U0FDSDtRQUVELElBQUksT0FBTyxDQUFDLFdBQVcsSUFBSSxDQUFDLGdCQUFnQixDQUFDLGNBQWMsQ0FBQyxPQUFPLENBQUMsV0FBVyxDQUFDLEVBQUU7WUFDaEYsTUFBTSxJQUFJLEtBQUssQ0FDYix3RUFBd0U7Z0JBQ3RFLHFFQUFxRSxDQUN4RSxDQUFDO1NBQ0g7SUFDSCxDQUFDO0lBRU8sTUFBTSxDQUFDLGdCQUFnQixDQUFDLE9BQXFCO1FBQ25ELElBQUksT0FBTyxPQUFPLENBQUMsVUFBVSxLQUFLLFFBQVEsRUFBRTtZQUMxQyxNQUFNLElBQUksS0FBSyxDQUNiLG9FQUFvRTtnQkFDbEUsOEJBQThCLENBQ2pDLENBQUM7U0FDSDtJQUNILENBQUM7SUFFTyxNQUFNLENBQUMsaUJBQWlCLENBQUMsT0FBcUI7UUFDcEQsSUFBSSxPQUFPLE9BQU8sQ0FBQyxNQUFNLEtBQUssUUFBUSxJQUFJLENBQUMsYUFBYSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUFDLEVBQUU7WUFDN0UsTUFBTSxJQUFJLEtBQUssQ0FDYixtRUFBbUU7Z0JBQ2pFLHdEQUF3RCxDQUMzRCxDQUFDO1NBQ0g7SUFDSCxDQUFDO0lBRU8sTUFBTSxDQUFDLGNBQWMsQ0FBQyxNQUFlO1FBQzNDLElBQUksT0FBTyxNQUFNLEtBQUssUUFBUSxFQUFFO1lBQzlCLE9BQU8sS0FBSyxDQUFDO1NBQ2Q7UUFFRCxNQUFNLE1BQU0sR0FBRyxjQUFJLENBQUMsS0FBSyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBRWxDLE9BQU8sTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLElBQUEsZUFBVSxFQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDO0lBQzNELENBQUM7SUFFTyxNQUFNLENBQUMsS0FBSyxDQUFDLE1BQWU7UUFDbEMsSUFBSSxPQUFPLE1BQU0sS0FBSyxRQUFRLEVBQUU7WUFDOUIsT0FBTyxLQUFLLENBQUM7U0FDZDtRQUVELElBQUk7WUFDRixNQUFNLEdBQUcsR0FBRyxJQUFJLEdBQUcsQ0FBQyxNQUFNLENBQUMsQ0FBQztZQUU1QixPQUFPLEdBQUcsQ0FBQyxRQUFRLEtBQUssT0FBTyxJQUFJLEdBQUcsQ0FBQyxRQUFRLEtBQUssUUFBUSxDQUFDO1NBQzlEO1FBQUMsT0FBTyxDQUFDLEVBQUU7WUFDVixPQUFPLEtBQUssQ0FBQztTQUNkO0lBQ0gsQ0FBQzs7QUF0SUgsbUNBdUlDO0FBdElnQiw2QkFBWSxHQUFHO0lBQzVCLEtBQUssRUFBRSx1QkFBdUI7SUFDOUIsSUFBSSxFQUFFLHNCQUFzQjtJQUM1QixJQUFJLEVBQUUseUJBQXlCO0lBQy9CLEtBQUssRUFBRSx1QkFBdUI7Q0FDL0IsQ0FBQyJ9
|
|
@@ -12,10 +12,11 @@ class QueryStringParser {
|
|
|
12
12
|
try {
|
|
13
13
|
const filters = context.request.body?.data?.attributes?.all_records_subset_query?.filters ??
|
|
14
14
|
context.request.body?.filters ??
|
|
15
|
+
context.request.body?.filter ??
|
|
15
16
|
context.request.query?.filters;
|
|
16
17
|
if (!filters)
|
|
17
18
|
return null;
|
|
18
|
-
const json = JSON.parse(filters.toString());
|
|
19
|
+
const json = typeof filters === 'object' ? filters : JSON.parse(filters.toString());
|
|
19
20
|
const conditionTree = condition_tree_parser_1.default.fromPlainObject(collection, json);
|
|
20
21
|
datasource_toolkit_1.ConditionTreeValidator.validate(conditionTree, collection);
|
|
21
22
|
return conditionTree;
|
|
@@ -131,4 +132,4 @@ class QueryStringParser {
|
|
|
131
132
|
}
|
|
132
133
|
}
|
|
133
134
|
exports.default = QueryStringParser;
|
|
134
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
135
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicXVlcnktc3RyaW5nLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL3V0aWxzL3F1ZXJ5LXN0cmluZy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7OztBQUFBLHdFQWF5QztBQUd6QyxvRkFBMEQ7QUFFMUQsTUFBTSxzQkFBc0IsR0FBRyxFQUFFLENBQUM7QUFDbEMsTUFBTSxvQkFBb0IsR0FBRyxDQUFDLENBQUM7QUFFL0IsTUFBcUIsaUJBQWlCO0lBQ3BDLE1BQU0sQ0FBQyxrQkFBa0IsQ0FBQyxVQUFzQixFQUFFLE9BQWdCO1FBQ2hFLElBQUk7WUFDRixNQUFNLE9BQU8sR0FDWCxPQUFPLENBQUMsT0FBTyxDQUFDLElBQUksRUFBRSxJQUFJLEVBQUUsVUFBVSxFQUFFLHdCQUF3QixFQUFFLE9BQU87Z0JBQ3pFLE9BQU8sQ0FBQyxPQUFPLENBQUMsSUFBSSxFQUFFLE9BQU87Z0JBQzdCLE9BQU8sQ0FBQyxPQUFPLENBQUMsSUFBSSxFQUFFLE1BQU07Z0JBQzVCLE9BQU8sQ0FBQyxPQUFPLENBQUMsS0FBSyxFQUFFLE9BQU8sQ0FBQztZQUVqQyxJQUFJLENBQUMsT0FBTztnQkFBRSxPQUFPLElBQUksQ0FBQztZQUUxQixNQUFNLElBQUksR0FBRyxPQUFPLE9BQU8sS0FBSyxRQUFRLENBQUMsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsUUFBUSxFQUFFLENBQUMsQ0FBQztZQUNwRixNQUFNLGFBQWEsR0FBRywrQkFBbUIsQ0FBQyxlQUFlLENBQUMsVUFBVSxFQUFFLElBQUksQ0FBQyxDQUFDO1lBQzVFLDJDQUFzQixDQUFDLFFBQVEsQ0FBQyxhQUFhLEVBQUUsVUFBVSxDQUFDLENBQUM7WUFFM0QsT0FBTyxhQUFhLENBQUM7U0FDdEI7UUFBQyxPQUFPLENBQUMsRUFBRTtZQUNWLE1BQU0sSUFBSSxvQ0FBZSxDQUFDLG9CQUFvQixDQUFDLENBQUMsT0FBTyxHQUFHLENBQUMsQ0FBQztTQUM3RDtJQUNILENBQUM7SUFFRCxNQUFNLENBQUMsZUFBZSxDQUFDLFVBQXNCLEVBQUUsT0FBZ0I7UUFDN0QsSUFBSTtZQUNGLE1BQU0sTUFBTSxHQUFHLE9BQU8sQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDLFVBQVUsVUFBVSxDQUFDLElBQUksR0FBRyxDQUFDLENBQUM7WUFFbkUsSUFBSSxNQUFNLEtBQUssRUFBRSxJQUFJLE1BQU0sS0FBSyxTQUFTLEVBQUU7Z0JBQ3pDLE9BQU8sc0NBQWlCLENBQUMsR0FBRyxDQUFDLFVBQVUsQ0FBQyxDQUFDO2FBQzFDO1lBRUQsTUFBTSxVQUFVLEdBQUcsTUFBTSxDQUFDLFFBQVEsRUFBRSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQztZQUNoRCxNQUFNLGVBQWUsR0FBRyxVQUFVLENBQUMsR0FBRyxDQUFDLEtBQUssQ0FBQyxFQUFFO2dCQUM3QyxNQUFNLE1BQU0sR0FBRyxVQUFVLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQztnQkFFL0MsT0FBTyxNQUFNLENBQUMsSUFBSSxLQUFLLFFBQVE7b0JBQzdCLENBQUMsQ0FBQyxLQUFLO29CQUNQLENBQUMsQ0FBQyxHQUFHLEtBQUssSUFBSSxPQUFPLENBQUMsT0FBTyxDQUFDLEtBQUssQ0FBQyxVQUFVLEtBQUssR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUM5RCxDQUFDLENBQUMsQ0FBQztZQUVILHdDQUFtQixDQUFDLFFBQVEsQ0FBQyxVQUFVLEVBQUUsZUFBZSxDQUFDLENBQUM7WUFFMUQsT0FBTyxJQUFJLCtCQUFVLENBQUMsR0FBRyxlQUFlLENBQUMsQ0FBQztTQUMzQztRQUFDLE9BQU8sQ0FBQyxFQUFFO1lBQ1YsTUFBTSxJQUFJLG9DQUFlLENBQUMsb0JBQW9CLENBQUMsQ0FBQztTQUNqRDtJQUNILENBQUM7SUFFRCxNQUFNLENBQUMsc0JBQXNCLENBQUMsVUFBc0IsRUFBRSxPQUFnQjtRQUNwRSxNQUFNLFVBQVUsR0FBRyxpQkFBaUIsQ0FBQyxlQUFlLENBQUMsVUFBVSxFQUFFLE9BQU8sQ0FBQyxDQUFDO1FBRTFFLDhFQUE4RTtRQUM5RSwrREFBK0Q7UUFDL0QsT0FBTyxVQUFVLENBQUMsT0FBTyxDQUFDLFVBQVUsQ0FBQyxDQUFDO0lBQ3hDLENBQUM7SUFFRCxNQUFNLENBQUMsV0FBVyxDQUFDLFVBQXNCLEVBQUUsT0FBZ0I7UUFDekQsTUFBTSxNQUFNLEdBQ1YsT0FBTyxDQUFDLE9BQU8sQ0FBQyxJQUFJLEVBQUUsSUFBSSxFQUFFLFVBQVUsRUFBRSx3QkFBd0IsRUFBRSxNQUFNLEVBQUUsUUFBUSxFQUFFO1lBQ3BGLE9BQU8sQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDLE1BQU0sRUFBRSxRQUFRLEVBQUUsQ0FBQztRQUUzQyxJQUFJLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxNQUFNLENBQUMsVUFBVSxFQUFFO1lBQzNDLE1BQU0sSUFBSSxvQ0FBZSxDQUFDLDhCQUE4QixDQUFDLENBQUM7U0FDM0Q7UUFFRCxPQUFPLE1BQU0sSUFBSSxJQUFJLENBQUM7SUFDeEIsQ0FBQztJQUVELE1BQU0sQ0FBQyxtQkFBbUIsQ0FBQyxPQUFnQjtRQUN6QyxNQUFNLEVBQUUsT0FBTyxFQUFFLEdBQUcsT0FBTyxDQUFDO1FBQzVCLE1BQU0sUUFBUSxHQUNaLE9BQU8sQ0FBQyxJQUFJLEVBQUUsSUFBSSxFQUFFLFVBQVUsRUFBRSx3QkFBd0IsRUFBRSxjQUFjLEVBQUUsUUFBUSxFQUFFO1lBQ3BGLE9BQU8sQ0FBQyxLQUFLLENBQUMsY0FBYyxFQUFFLFFBQVEsRUFBRSxDQUFDO1FBRTNDLE9BQU8sQ0FBQyxDQUFDLFFBQVEsSUFBSSxRQUFRLEtBQUssR0FBRyxJQUFJLFFBQVEsS0FBSyxPQUFPLENBQUM7SUFDaEUsQ0FBQztJQUVELE1BQU0sQ0FBQyxZQUFZLENBQUMsVUFBc0IsRUFBRSxPQUFnQjtRQUMxRCxNQUFNLE9BQU8sR0FDWCxPQUFPLENBQUMsT0FBTyxDQUFDLElBQUksRUFBRSxJQUFJLEVBQUUsVUFBVSxFQUFFLHdCQUF3QixFQUFFLE9BQU8sRUFBRSxRQUFRLEVBQUU7WUFDckYsT0FBTyxDQUFDLE9BQU8sQ0FBQyxLQUFLLENBQUMsT0FBTyxFQUFFLFFBQVEsRUFBRSxDQUFDO1FBRTVDLElBQUksQ0FBQyxPQUFPLEVBQUU7WUFDWixPQUFPLElBQUksQ0FBQztTQUNiO1FBRUQsSUFBSSxDQUFDLFVBQVUsQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsRUFBRTtZQUNqRCxNQUFNLElBQUksb0NBQWUsQ0FBQyxxQkFBcUIsT0FBTyxHQUFHLENBQUMsQ0FBQztTQUM1RDtRQUVELE9BQU8sT0FBTyxDQUFDO0lBQ2pCLENBQUM7SUFFRCxNQUFNLENBQUMsV0FBVyxDQUFDLE9BQWdCO1FBQ2pDLE1BQU0sUUFBUSxHQUFHLE9BQU8sQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDLFFBQVEsRUFBRSxRQUFRLEVBQUUsQ0FBQztRQUU1RCxJQUFJLENBQUMsUUFBUSxFQUFFO1lBQ2IsTUFBTSxJQUFJLG9DQUFlLENBQUMsa0JBQWtCLENBQUMsQ0FBQztTQUMvQztRQUVELDBEQUEwRDtRQUMxRCxvREFBb0Q7UUFDcEQsSUFBSSxDQUFDLElBQUksSUFBSSxDQUFDLElBQUksQ0FBQyxjQUFjLEVBQUUsQ0FBQyxlQUFlLEVBQUUsQ0FBQyxRQUFRLEVBQUU7WUFDOUQsTUFBTSxJQUFJLEtBQUssQ0FBQyxrREFBa0QsQ0FBQyxDQUFDO1NBQ3JFO1FBRUQsSUFBSTtZQUNGLElBQUksQ0FBQyxjQUFjLENBQUMsT0FBTyxFQUFFLEVBQUUsUUFBUSxFQUFFLFFBQVEsRUFBRSxDQUFDLENBQUM7U0FDdEQ7UUFBQyxNQUFNO1lBQ04sTUFBTSxJQUFJLG9DQUFlLENBQUMsc0JBQXNCLFFBQVEsR0FBRyxDQUFDLENBQUM7U0FDOUQ7UUFFRCxPQUFPLEVBQUUsR0FBRyxPQUFPLENBQUMsS0FBSyxDQUFDLElBQUksRUFBRSxRQUFRLEVBQUUsQ0FBQztJQUM3QyxDQUFDO0lBRUQsTUFBTSxDQUFDLGVBQWUsQ0FBQyxPQUFnQjtRQUNyQyxNQUFNLGlCQUFpQixHQUFHLENBQ3hCLE9BQU8sQ0FBQyxPQUFPLENBQUMsSUFBSSxFQUFFLElBQUksRUFBRSxVQUFVLEVBQUUsd0JBQXdCLEVBQUUsQ0FBQyxZQUFZLENBQUM7WUFDaEYsT0FBTyxDQUFDLE9BQU8sQ0FBQyxLQUFLLENBQUMsWUFBWSxDQUFDO1lBQ25DLHNCQUFzQixDQUN2QixDQUFDLFFBQVEsRUFBRSxDQUFDO1FBQ2IsTUFBTSxlQUFlLEdBQUcsQ0FDdEIsT0FBTyxDQUFDLE9BQU8sQ0FBQyxJQUFJLEVBQUUsSUFBSSxFQUFFLFVBQVUsRUFBRSx3QkFBd0IsRUFBRSxDQUFDLGNBQWMsQ0FBQztZQUNsRixPQUFPLENBQUMsT0FBTyxDQUFDLEtBQUssQ0FBQyxjQUFjLENBQUM7WUFDckMsb0JBQW9CLENBQ3JCLENBQUMsUUFBUSxFQUFFLENBQUM7UUFFYixNQUFNLFlBQVksR0FBRyxNQUFNLENBQUMsUUFBUSxDQUFDLGlCQUFpQixFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBQzVELElBQUksVUFBVSxHQUFHLE1BQU0sQ0FBQyxRQUFRLENBQUMsZUFBZSxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBRXRELElBQ0UsTUFBTSxDQUFDLEtBQUssQ0FBQyxZQUFZLENBQUM7WUFDMUIsTUFBTSxDQUFDLEtBQUssQ0FBQyxVQUFVLENBQUM7WUFDeEIsWUFBWSxJQUFJLENBQUM7WUFDakIsVUFBVSxJQUFJLENBQUMsRUFDZjtZQUNBLE1BQU0sSUFBSSxvQ0FBZSxDQUFDLDhCQUE4QixZQUFZLFdBQVcsVUFBVSxHQUFHLENBQUMsQ0FBQztTQUMvRjtRQUVELFVBQVUsR0FBRyxJQUFJLENBQUMsR0FBRyxDQUFDLFVBQVUsR0FBRyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUM7UUFDekMsVUFBVSxJQUFJLFlBQVksQ0FBQztRQUUzQixPQUFPLElBQUkseUJBQUksQ0FBQyxVQUFVLEVBQUUsWUFBWSxDQUFDLENBQUM7SUFDNUMsQ0FBQztJQUVELE1BQU0sQ0FBQyxTQUFTLENBQUMsVUFBc0IsRUFBRSxPQUFnQjtRQUN2RCxNQUFNLFVBQVUsR0FDZCxPQUFPLENBQUMsT0FBTyxDQUFDLElBQUksRUFBRSxJQUFJLEVBQUUsVUFBVSxFQUFFLHdCQUF3QixFQUFFLElBQUksRUFBRSxRQUFRLEVBQUU7WUFDbEYsT0FBTyxDQUFDLE9BQU8sQ0FBQyxLQUFLLENBQUMsSUFBSSxFQUFFLFFBQVEsRUFBRSxDQUFDO1FBRXpDLElBQUk7WUFDRixJQUFJLENBQUMsVUFBVTtnQkFBRSxPQUFPLGdDQUFXLENBQUMsYUFBYSxDQUFDLFVBQVUsQ0FBQyxDQUFDO1lBRTlELE1BQU0sSUFBSSxHQUFHLElBQUkseUJBQUksQ0FBQztnQkFDcEIsS0FBSyxFQUFFLFVBQVUsQ0FBQyxPQUFPLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxHQUFHLEVBQUUsR0FBRyxDQUFDO2dCQUNyRCxTQUFTLEVBQUUsQ0FBQyxVQUFVLENBQUMsVUFBVSxDQUFDLEdBQUcsQ0FBQzthQUN2QyxDQUFDLENBQUM7WUFFSCxrQ0FBYSxDQUFDLFFBQVEsQ0FBQyxVQUFVLEVBQUUsSUFBSSxDQUFDLENBQUM7WUFFekMsT0FBTyxJQUFJLENBQUM7U0FDYjtRQUFDLE1BQU07WUFDTixNQUFNLElBQUksb0NBQWUsQ0FBQyxpQkFBaUIsVUFBVSxFQUFFLENBQUMsQ0FBQztTQUMxRDtJQUNILENBQUM7Q0FDRjtBQW5LRCxvQ0FtS0MifQ==
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@forestadmin/agent",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.4.0-alpha.2",
|
|
4
4
|
"main": "dist/index.js",
|
|
5
5
|
"license": "GPL-3.0",
|
|
6
6
|
"publishConfig": {
|
|
@@ -14,8 +14,9 @@
|
|
|
14
14
|
"dependencies": {
|
|
15
15
|
"@fast-csv/format": "^4.3.5",
|
|
16
16
|
"@fastify/express": "^1.1.0",
|
|
17
|
-
"@forestadmin/datasource-customizer": "1.4.1",
|
|
18
|
-
"@forestadmin/datasource-toolkit": "1.1.
|
|
17
|
+
"@forestadmin/datasource-customizer": "1.4.2-alpha.1",
|
|
18
|
+
"@forestadmin/datasource-toolkit": "1.1.1-alpha.1",
|
|
19
|
+
"@forestadmin/forestadmin-client": "1.0.0-alpha.4",
|
|
19
20
|
"@koa/cors": "^3.3.0",
|
|
20
21
|
"@koa/router": "^10.1.1",
|
|
21
22
|
"forest-ip-utils": "^1.0.1",
|
|
@@ -25,7 +26,6 @@
|
|
|
25
26
|
"koa": "^2.13.4",
|
|
26
27
|
"koa-bodyparser": "^4.3.0",
|
|
27
28
|
"koa-jwt": "^4.0.3",
|
|
28
|
-
"lru-cache": "^7.3.1",
|
|
29
29
|
"luxon": "^2.3.0",
|
|
30
30
|
"object-hash": "^3.0.0",
|
|
31
31
|
"openid-client": "5.2.1",
|
|
@@ -1,19 +0,0 @@
|
|
|
1
|
-
import { Collection, ConditionTree } from '@forestadmin/datasource-toolkit';
|
|
2
|
-
import { Context } from 'koa';
|
|
3
|
-
import { AgentOptionsWithDefaults } from '../types';
|
|
4
|
-
declare type RolesOptions = Pick<AgentOptionsWithDefaults, 'forestServerUrl' | 'envSecret' | 'isProduction' | 'permissionsCacheDurationInSeconds'>;
|
|
5
|
-
export default class PermissionService {
|
|
6
|
-
private options;
|
|
7
|
-
private cache;
|
|
8
|
-
constructor(options: RolesOptions);
|
|
9
|
-
invalidateCache(renderingId: number): void;
|
|
10
|
-
/** Checks that a charting query is in the list of allowed queries */
|
|
11
|
-
canChart(context: Context): Promise<void>;
|
|
12
|
-
/** Check if a user is allowed to perform a specific action */
|
|
13
|
-
can(context: Context, action: string, allowRefetch?: boolean): Promise<void>;
|
|
14
|
-
getScope(collection: Collection, context: Context): Promise<ConditionTree>;
|
|
15
|
-
/** Get cached version of "rendering permissions" */
|
|
16
|
-
private getRenderingPermissions;
|
|
17
|
-
}
|
|
18
|
-
export {};
|
|
19
|
-
//# sourceMappingURL=permissions.d.ts.map
|
|
@@ -1,85 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
-
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
-
};
|
|
5
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
-
const lru_cache_1 = __importDefault(require("lru-cache"));
|
|
7
|
-
const object_hash_1 = __importDefault(require("object-hash"));
|
|
8
|
-
const types_1 = require("../types");
|
|
9
|
-
const condition_tree_parser_1 = __importDefault(require("../utils/condition-tree-parser"));
|
|
10
|
-
const forest_http_api_1 = __importDefault(require("../utils/forest-http-api"));
|
|
11
|
-
class PermissionService {
|
|
12
|
-
constructor(options) {
|
|
13
|
-
this.options = options;
|
|
14
|
-
this.cache = new lru_cache_1.default({
|
|
15
|
-
max: 256,
|
|
16
|
-
ttl: this.options.permissionsCacheDurationInSeconds * 1000,
|
|
17
|
-
});
|
|
18
|
-
}
|
|
19
|
-
invalidateCache(renderingId) {
|
|
20
|
-
this.cache.delete(renderingId);
|
|
21
|
-
}
|
|
22
|
-
/** Checks that a charting query is in the list of allowed queries */
|
|
23
|
-
async canChart(context) {
|
|
24
|
-
// If the permissions level already allow the chart, no need to check further
|
|
25
|
-
if (['admin', 'editor', 'developer'].includes(context.state.user.permissionLevel)) {
|
|
26
|
-
return;
|
|
27
|
-
}
|
|
28
|
-
const chart = { ...context.request.body };
|
|
29
|
-
// When the server sends the data of the allowed charts, the target column is not specified
|
|
30
|
-
// for relations => allow them all.
|
|
31
|
-
if (chart?.group_by_field?.includes(':'))
|
|
32
|
-
chart.group_by_field = chart.group_by_field.substring(0, chart.group_by_field.indexOf(':'));
|
|
33
|
-
const chartHash = (0, object_hash_1.default)(chart, {
|
|
34
|
-
respectType: false,
|
|
35
|
-
excludeKeys: key => chart[key] === null,
|
|
36
|
-
});
|
|
37
|
-
await this.can(context, `chart:${chartHash}`);
|
|
38
|
-
}
|
|
39
|
-
/** Check if a user is allowed to perform a specific action */
|
|
40
|
-
async can(context, action, allowRefetch = true) {
|
|
41
|
-
const { id: userId, renderingId } = context.state.user;
|
|
42
|
-
const perms = await this.getRenderingPermissions(renderingId);
|
|
43
|
-
const isAllowed = perms.actions.has(action) || perms.actionsByUser[action]?.has(userId);
|
|
44
|
-
if (!isAllowed && allowRefetch) {
|
|
45
|
-
this.invalidateCache(renderingId);
|
|
46
|
-
return this.can(context, action, false);
|
|
47
|
-
}
|
|
48
|
-
if (!isAllowed) {
|
|
49
|
-
context.throw(types_1.HttpCode.Forbidden, 'Forbidden');
|
|
50
|
-
}
|
|
51
|
-
}
|
|
52
|
-
async getScope(collection, context) {
|
|
53
|
-
const { user } = context.state;
|
|
54
|
-
const perms = await this.getRenderingPermissions(user.renderingId);
|
|
55
|
-
const scopes = perms.scopes[collection.name];
|
|
56
|
-
if (!scopes)
|
|
57
|
-
return null;
|
|
58
|
-
const conditionTree = condition_tree_parser_1.default.fromPlainObject(collection, scopes.conditionTree);
|
|
59
|
-
return conditionTree.replaceLeafs(leaf => {
|
|
60
|
-
const dynamicValues = scopes.dynamicScopeValues?.[user.id];
|
|
61
|
-
if (typeof leaf.value === 'string' && leaf.value.startsWith('$currentUser')) {
|
|
62
|
-
// Search replacement hash from forestadmin server
|
|
63
|
-
if (dynamicValues) {
|
|
64
|
-
return leaf.override({ value: dynamicValues[leaf.value] });
|
|
65
|
-
}
|
|
66
|
-
// Search JWT token (new user)
|
|
67
|
-
return leaf.override({
|
|
68
|
-
value: leaf.value.startsWith('$currentUser.tags.')
|
|
69
|
-
? user.tags[leaf.value.substring(18)]
|
|
70
|
-
: user[leaf.value.substring(13)],
|
|
71
|
-
});
|
|
72
|
-
}
|
|
73
|
-
return leaf;
|
|
74
|
-
});
|
|
75
|
-
}
|
|
76
|
-
/** Get cached version of "rendering permissions" */
|
|
77
|
-
getRenderingPermissions(renderingId) {
|
|
78
|
-
if (!this.cache.has(renderingId))
|
|
79
|
-
this.cache.set(renderingId, forest_http_api_1.default.getPermissions(this.options, renderingId));
|
|
80
|
-
// We already checked the entry is up-to-date with the .has() call => allowStale
|
|
81
|
-
return this.cache.get(renderingId, { allowStale: true });
|
|
82
|
-
}
|
|
83
|
-
}
|
|
84
|
-
exports.default = PermissionService;
|
|
85
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGVybWlzc2lvbnMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvc2VydmljZXMvcGVybWlzc2lvbnMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFFQSwwREFBaUM7QUFDakMsOERBQXFDO0FBRXJDLG9DQUE4RDtBQUM5RCwyRkFBaUU7QUFDakUsK0VBQStFO0FBTy9FLE1BQXFCLGlCQUFpQjtJQUlwQyxZQUFZLE9BQXFCO1FBQy9CLElBQUksQ0FBQyxPQUFPLEdBQUcsT0FBTyxDQUFDO1FBQ3ZCLElBQUksQ0FBQyxLQUFLLEdBQUcsSUFBSSxtQkFBUSxDQUFDO1lBQ3hCLEdBQUcsRUFBRSxHQUFHO1lBQ1IsR0FBRyxFQUFFLElBQUksQ0FBQyxPQUFPLENBQUMsaUNBQWlDLEdBQUcsSUFBSTtTQUMzRCxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsZUFBZSxDQUFDLFdBQW1CO1FBQ2pDLElBQUksQ0FBQyxLQUFLLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FBQyxDQUFDO0lBQ2pDLENBQUM7SUFFRCxxRUFBcUU7SUFDckUsS0FBSyxDQUFDLFFBQVEsQ0FBQyxPQUFnQjtRQUM3Qiw2RUFBNkU7UUFDN0UsSUFBSSxDQUFDLE9BQU8sRUFBRSxRQUFRLEVBQUUsV0FBVyxDQUFDLENBQUMsUUFBUSxDQUFDLE9BQU8sQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxFQUFFO1lBQ2pGLE9BQU87U0FDUjtRQUVELE1BQU0sS0FBSyxHQUFHLEVBQUUsR0FBRyxPQUFPLENBQUMsT0FBTyxDQUFDLElBQUksRUFBRSxDQUFDO1FBRTFDLDJGQUEyRjtRQUMzRixtQ0FBbUM7UUFDbkMsSUFBSSxLQUFLLEVBQUUsY0FBYyxFQUFFLFFBQVEsQ0FBQyxHQUFHLENBQUM7WUFDdEMsS0FBSyxDQUFDLGNBQWMsR0FBRyxLQUFLLENBQUMsY0FBYyxDQUFDLFNBQVMsQ0FBQyxDQUFDLEVBQUUsS0FBSyxDQUFDLGNBQWMsQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQztRQUU5RixNQUFNLFNBQVMsR0FBRyxJQUFBLHFCQUFVLEVBQUMsS0FBSyxFQUFFO1lBQ2xDLFdBQVcsRUFBRSxLQUFLO1lBQ2xCLFdBQVcsRUFBRSxHQUFHLENBQUMsRUFBRSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsS0FBSyxJQUFJO1NBQ3hDLENBQUMsQ0FBQztRQUVILE1BQU0sSUFBSSxDQUFDLEdBQUcsQ0FBQyxPQUFPLEVBQUUsU0FBUyxTQUFTLEVBQUUsQ0FBQyxDQUFDO0lBQ2hELENBQUM7SUFFRCw4REFBOEQ7SUFDOUQsS0FBSyxDQUFDLEdBQUcsQ0FBQyxPQUFnQixFQUFFLE1BQWMsRUFBRSxZQUFZLEdBQUcsSUFBSTtRQUM3RCxNQUFNLEVBQUUsRUFBRSxFQUFFLE1BQU0sRUFBRSxXQUFXLEVBQUUsR0FBRyxPQUFPLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQztRQUN2RCxNQUFNLEtBQUssR0FBRyxNQUFNLElBQUksQ0FBQyx1QkFBdUIsQ0FBQyxXQUFXLENBQUMsQ0FBQztRQUM5RCxNQUFNLFNBQVMsR0FBRyxLQUFLLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsSUFBSSxLQUFLLENBQUMsYUFBYSxDQUFDLE1BQU0sQ0FBQyxFQUFFLEdBQUcsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUV4RixJQUFJLENBQUMsU0FBUyxJQUFJLFlBQVksRUFBRTtZQUM5QixJQUFJLENBQUMsZUFBZSxDQUFDLFdBQVcsQ0FBQyxDQUFDO1lBRWxDLE9BQU8sSUFBSSxDQUFDLEdBQUcsQ0FBQyxPQUFPLEVBQUUsTUFBTSxFQUFFLEtBQUssQ0FBQyxDQUFDO1NBQ3pDO1FBRUQsSUFBSSxDQUFDLFNBQVMsRUFBRTtZQUNkLE9BQU8sQ0FBQyxLQUFLLENBQUMsZ0JBQVEsQ0FBQyxTQUFTLEVBQUUsV0FBVyxDQUFDLENBQUM7U0FDaEQ7SUFDSCxDQUFDO0lBRUQsS0FBSyxDQUFDLFFBQVEsQ0FBQyxVQUFzQixFQUFFLE9BQWdCO1FBQ3JELE1BQU0sRUFBRSxJQUFJLEVBQUUsR0FBRyxPQUFPLENBQUMsS0FBSyxDQUFDO1FBQy9CLE1BQU0sS0FBSyxHQUFHLE1BQU0sSUFBSSxDQUFDLHVCQUF1QixDQUFDLElBQUksQ0FBQyxXQUFXLENBQUMsQ0FBQztRQUNuRSxNQUFNLE1BQU0sR0FBRyxLQUFLLENBQUMsTUFBTSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUU3QyxJQUFJLENBQUMsTUFBTTtZQUFFLE9BQU8sSUFBSSxDQUFDO1FBRXpCLE1BQU0sYUFBYSxHQUFHLCtCQUFtQixDQUFDLGVBQWUsQ0FBQyxVQUFVLEVBQUUsTUFBTSxDQUFDLGFBQWEsQ0FBQyxDQUFDO1FBRTVGLE9BQU8sYUFBYSxDQUFDLFlBQVksQ0FBQyxJQUFJLENBQUMsRUFBRTtZQUN2QyxNQUFNLGFBQWEsR0FBRyxNQUFNLENBQUMsa0JBQWtCLEVBQUUsQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLENBQUM7WUFFM0QsSUFBSSxPQUFPLElBQUksQ0FBQyxLQUFLLEtBQUssUUFBUSxJQUFJLElBQUksQ0FBQyxLQUFLLENBQUMsVUFBVSxDQUFDLGNBQWMsQ0FBQyxFQUFFO2dCQUMzRSxrREFBa0Q7Z0JBQ2xELElBQUksYUFBYSxFQUFFO29CQUNqQixPQUFPLElBQUksQ0FBQyxRQUFRLENBQUMsRUFBRSxLQUFLLEVBQUUsYUFBYSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLENBQUM7aUJBQzVEO2dCQUVELDhCQUE4QjtnQkFDOUIsT0FBTyxJQUFJLENBQUMsUUFBUSxDQUFDO29CQUNuQixLQUFLLEVBQUUsSUFBSSxDQUFDLEtBQUssQ0FBQyxVQUFVLENBQUMsb0JBQW9CLENBQUM7d0JBQ2hELENBQUMsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FBQyxDQUFDO3dCQUNyQyxDQUFDLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FBQyxDQUFDO2lCQUNuQyxDQUFDLENBQUM7YUFDSjtZQUVELE9BQU8sSUFBSSxDQUFDO1FBQ2QsQ0FBQyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsb0RBQW9EO0lBQzVDLHVCQUF1QixDQUFDLFdBQW1CO1FBQ2pELElBQUksQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxXQUFXLENBQUM7WUFDOUIsSUFBSSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsV0FBVyxFQUFFLHlCQUFhLENBQUMsY0FBYyxDQUFDLElBQUksQ0FBQyxPQUFPLEVBQUUsV0FBVyxDQUFDLENBQUMsQ0FBQztRQUV2RixnRkFBZ0Y7UUFDaEYsT0FBTyxJQUFJLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxXQUFXLEVBQUUsRUFBRSxVQUFVLEVBQUUsSUFBSSxFQUFFLENBQUMsQ0FBQztJQUMzRCxDQUFDO0NBQ0Y7QUE3RkQsb0NBNkZDIn0=
|