npm - @forestadmin/agent - Versions diffs - 1.66.0 → 1.66.1 - Mend

@forestadmin/agent 1.66.0 → 1.66.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (37) hide show

package/dist/services/authorization/internal/generate-actions-from-permissions.js ADDED Viewed

@@ -0,0 +1,139 @@
+Object.defineProperty(exports, '__esModule', { value: true });
+const generate_action_identifier_1 = require('./generate-action-identifier');
+const types_1 = require('./types');
+function generateCollectionPermissions(permissions) {
+  return Object.entries(permissions).reduce((acc, [collectionId, collectionPermissions]) => {
+    const { collection } = collectionPermissions;
+    return {
+      ...acc,
+      [(0, generate_action_identifier_1.generateCollectionActionIdentifier)(
+        types_1.CollectionActionEvent.Browse,
+        collectionId,
+      )]: collection.browseEnabled,
+      [(0, generate_action_identifier_1.generateCollectionActionIdentifier)(
+        types_1.CollectionActionEvent.Read,
+        collectionId,
+      )]: collection.readEnabled,
+      [(0, generate_action_identifier_1.generateCollectionActionIdentifier)(
+        types_1.CollectionActionEvent.Edit,
+        collectionId,
+      )]: collection.editEnabled,
+      [(0, generate_action_identifier_1.generateCollectionActionIdentifier)(
+        types_1.CollectionActionEvent.Add,
+        collectionId,
+      )]: collection.addEnabled,
+      [(0, generate_action_identifier_1.generateCollectionActionIdentifier)(
+        types_1.CollectionActionEvent.Delete,
+        collectionId,
+      )]: collection.deleteEnabled,
+      [(0, generate_action_identifier_1.generateCollectionActionIdentifier)(
+        types_1.CollectionActionEvent.Export,
+        collectionId,
+      )]: collection.exportEnabled,
+    };
+  }, {});
+}
+function generateCollectionActionPermission(collectionId, actions) {
+  return Object.entries(actions).reduce((acc, [actionName, actionPermissions]) => {
+    return {
+      ...acc,
+      ...{
+        [(0, generate_action_identifier_1.generateCustomActionIdentifier)(
+          types_1.CustomActionEvent.Approve,
+          actionName,
+          collectionId,
+        )]: actionPermissions.userApprovalEnabled,
+        [(0, generate_action_identifier_1.generateCustomActionIdentifier)(
+          types_1.CustomActionEvent.SelfApprove,
+          actionName,
+          collectionId,
+        )]: actionPermissions.selfApprovalEnabled,
+        [(0, generate_action_identifier_1.generateCustomActionIdentifier)(
+          types_1.CustomActionEvent.Trigger,
+          actionName,
+          collectionId,
+        )]: actionPermissions.triggerEnabled,
+        [(0, generate_action_identifier_1.generateCustomActionIdentifier)(
+          types_1.CustomActionEvent.RequireApproval,
+          actionName,
+          collectionId,
+        )]: actionPermissions.approvalRequired,
+      },
+    };
+  }, {});
+}
+function generateActionPermissions(permissions) {
+  return Object.entries(permissions).reduce((acc, [collectionId, collectionPermissions]) => {
+    const { actions } = collectionPermissions;
+    return {
+      ...acc,
+      ...generateCollectionActionPermission(collectionId, actions),
+    };
+  }, {});
+}
+function generateActionsGloballyAllowed(permissions) {
+  return new Set(
+    Object.entries(permissions)
+      .filter(([, permission]) => permission === true)
+      .map(([action]) => action),
+  );
+}
+function getUsersForRoles(roles, userIdsByRole) {
+  return new Set(
+    roles.reduce((acc, roleId) => {
+      const userIds = (userIdsByRole.get(roleId) || []).map(userId => `${userId}`);
+      if (userIds) {
+        return [...acc, ...userIds];
+      }
+      return acc;
+    }, []),
+  );
+}
+function generateActionsAllowedByUser(permissions, users) {
+  const userIdsByRole = users.reduce((acc, { id, roleId }) => {
+    acc.set(roleId, [...(acc.get(roleId) || []), id]);
+    return acc;
+  }, new Map());
+  return new Map(
+    Object.entries(permissions)
+      .filter(([, permission]) => typeof permission !== 'boolean')
+      .map(([name, permission]) => [name, getUsersForRoles(permission.roles, userIdsByRole)]),
+  );
+}
+function generateActionsFromPermissions(environmentPermissions, users) {
+  if (environmentPermissions === true) {
+    return {
+      everythingAllowed: true,
+      actionsGloballyAllowed: new Set(),
+      actionsAllowedByUser: new Map(),
+    };
+  }
+  const remotePermissions = environmentPermissions;
+  const allPermissions = {
+    ...generateCollectionPermissions(remotePermissions.collections),
+    ...generateActionPermissions(remotePermissions.collections),
+  };
+  return {
+    everythingAllowed: false,
+    actionsGloballyAllowed: generateActionsGloballyAllowed(allPermissions),
+    actionsAllowedByUser: generateActionsAllowedByUser(allPermissions, users),
+  };
+}
+exports.default = generateActionsFromPermissions;
+// # sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZ2VuZXJhdGUtYWN0aW9ucy1mcm9tLXBlcm1pc3Npb25zLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL3NlcnZpY2VzL2F1dGhvcml6YXRpb24vaW50ZXJuYWwvZ2VuZXJhdGUtYWN0aW9ucy1mcm9tLXBlcm1pc3Npb25zLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBQUEsbUNBVWlCO0FBQ2pCLDZFQUdzQztBQVl0QyxTQUFTLDZCQUE2QixDQUNwQyxXQUFnRDtJQUVoRCxPQUFPLE1BQU0sQ0FBQyxPQUFPLENBQUMsV0FBVyxDQUFDLENBQUMsTUFBTSxDQUFDLENBQUMsR0FBRyxFQUFFLENBQUMsWUFBWSxFQUFFLHFCQUFxQixDQUFDLEVBQUUsRUFBRTtRQUN2RixNQUFNLEVBQUUsVUFBVSxFQUFFLEdBQUcscUJBQXFCLENBQUM7UUFFN0MsT0FBTztZQUNMLEdBQUcsR0FBRztZQUNOLENBQUMsSUFBQSwrREFBa0MsRUFBQyw2QkFBcUIsQ0FBQyxNQUFNLEVBQUUsWUFBWSxDQUFDLENBQUMsRUFDOUUsVUFBVSxDQUFDLGFBQWE7WUFDMUIsQ0FBQyxJQUFBLCtEQUFrQyxFQUFDLDZCQUFxQixDQUFDLElBQUksRUFBRSxZQUFZLENBQUMsQ0FBQyxFQUM1RSxVQUFVLENBQUMsV0FBVztZQUN4QixDQUFDLElBQUEsK0RBQWtDLEVBQUMsNkJBQXFCLENBQUMsSUFBSSxFQUFFLFlBQVksQ0FBQyxDQUFDLEVBQzVFLFVBQVUsQ0FBQyxXQUFXO1lBQ3hCLENBQUMsSUFBQSwrREFBa0MsRUFBQyw2QkFBcUIsQ0FBQyxHQUFHLEVBQUUsWUFBWSxDQUFDLENBQUMsRUFDM0UsVUFBVSxDQUFDLFVBQVU7WUFDdkIsQ0FBQyxJQUFBLCtEQUFrQyxFQUFDLDZCQUFxQixDQUFDLE1BQU0sRUFBRSxZQUFZLENBQUMsQ0FBQyxFQUM5RSxVQUFVLENBQUMsYUFBYTtZQUMxQixDQUFDLElBQUEsK0RBQWtDLEVBQUMsNkJBQXFCLENBQUMsTUFBTSxFQUFFLFlBQVksQ0FBQyxDQUFDLEVBQzlFLFVBQVUsQ0FBQyxhQUFhO1NBQzNCLENBQUM7SUFDSixDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUM7QUFDVCxDQUFDO0FBRUQsU0FBUyxrQ0FBa0MsQ0FDekMsWUFBb0IsRUFDcEIsT0FBaUQ7SUFFakQsT0FBTyxNQUFNLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxDQUFDLE1BQU0sQ0FBQyxDQUFDLEdBQUcsRUFBRSxDQUFDLFVBQVUsRUFBRSxpQkFBaUIsQ0FBQyxFQUFFLEVBQUU7UUFDN0UsT0FBTztZQUNMLEdBQUcsR0FBRztZQUNOLEdBQUc7Z0JBQ0QsQ0FBQyxJQUFBLDJEQUE4QixFQUFDLHlCQUFpQixDQUFDLE9BQU8sRUFBRSxVQUFVLEVBQUUsWUFBWSxDQUFDLENBQUMsRUFDbkYsaUJBQWlCLENBQUMsbUJBQW1CO2dCQUN2QyxDQUFDLElBQUEsMkRBQThCLEVBQUMseUJBQWlCLENBQUMsV0FBVyxFQUFFLFVBQVUsRUFBRSxZQUFZLENBQUMsQ0FBQyxFQUN2RixpQkFBaUIsQ0FBQyxtQkFBbUI7Z0JBQ3ZDLENBQUMsSUFBQSwyREFBOEIsRUFBQyx5QkFBaUIsQ0FBQyxPQUFPLEVBQUUsVUFBVSxFQUFFLFlBQVksQ0FBQyxDQUFDLEVBQ25GLGlCQUFpQixDQUFDLGNBQWM7Z0JBQ2xDLENBQUMsSUFBQSwyREFBOEIsRUFDN0IseUJBQWlCLENBQUMsZUFBZSxFQUNqQyxVQUFVLEVBQ1YsWUFBWSxDQUNiLENBQUMsRUFBRSxpQkFBaUIsQ0FBQyxnQkFBZ0I7YUFDdkM7U0FDRixDQUFDO0lBQ0osQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDO0FBQ1QsQ0FBQztBQUVELFNBQVMseUJBQXlCLENBQ2hDLFdBQWdEO0lBRWhELE9BQU8sTUFBTSxDQUFDLE9BQU8sQ0FBQyxXQUFXLENBQUMsQ0FBQyxNQUFNLENBQUMsQ0FBQyxHQUFHLEVBQUUsQ0FBQyxZQUFZLEVBQUUscUJBQXFCLENBQUMsRUFBRSxFQUFFO1FBQ3ZGLE1BQU0sRUFBRSxPQUFPLEVBQUUsR0FBRyxxQkFBcUIsQ0FBQztRQUUxQyxPQUFPO1lBQ0wsR0FBRyxHQUFHO1lBQ04sR0FBRyxrQ0FBa0MsQ0FBQyxZQUFZLEVBQUUsT0FBTyxDQUFDO1NBQzdELENBQUM7SUFDSixDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUM7QUFDVCxDQUFDO0FBRUQsU0FBUyw4QkFBOEIsQ0FBQyxXQUFtQztJQUN6RSxPQUFPLElBQUksR0FBRyxDQUNaLE1BQU0sQ0FBQyxPQUFPLENBQUMsV0FBVyxDQUFDO1NBQ3hCLE1BQU0sQ0FBQyxDQUFDLENBQUMsRUFBRSxVQUFVLENBQUMsRUFBRSxFQUFFLENBQUMsVUFBVSxLQUFLLElBQUksQ0FBQztTQUMvQyxHQUFHLENBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxFQUFFLEVBQUUsQ0FBQyxNQUFNLENBQUMsQ0FDN0IsQ0FBQztBQUNKLENBQUM7QUFFRCxTQUFTLGdCQUFnQixDQUFDLEtBQWUsRUFBRSxhQUFvQztJQUM3RSxPQUFPLElBQUksR0FBRyxDQUNaLEtBQUssQ0FBQyxNQUFNLENBQUMsQ0FBQyxHQUFHLEVBQUUsTUFBTSxFQUFFLEVBQUU7UUFDM0IsTUFBTSxPQUFPLEdBQUcsQ0FBQyxhQUFhLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxJQUFJLEVBQUUsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsRUFBRSxDQUFDLEdBQUcsTUFBTSxFQUFFLENBQUMsQ0FBQztRQUU3RSxJQUFJLE9BQU8sRUFBRTtZQUNYLE9BQU8sQ0FBQyxHQUFHLEdBQUcsRUFBRSxHQUFHLE9BQU8sQ0FBQyxDQUFDO1NBQzdCO1FBRUQsT0FBTyxHQUFHLENBQUM7SUFDYixDQUFDLEVBQUUsRUFBRSxDQUFDLENBQ1AsQ0FBQztBQUNKLENBQUM7QUFFRCxTQUFTLDRCQUE0QixDQUNuQyxXQUFtQyxFQUNuQyxLQUF5QjtJQUV6QixNQUFNLGFBQWEsR0FBRyxLQUFLLENBQUMsTUFBTSxDQUFDLENBQUMsR0FBRyxFQUFFLEVBQUUsRUFBRSxFQUFFLE1BQU0sRUFBRSxFQUFFLEVBQUU7UUFDekQsR0FBRyxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsSUFBSSxFQUFFLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDO1FBRWxELE9BQU8sR0FBRyxDQUFDO0lBQ2IsQ0FBQyxFQUFFLElBQUksR0FBRyxFQUFvQixDQUFDLENBQUM7SUFFaEMsT0FBTyxJQUFJLEdBQUcsQ0FDWixNQUFNLENBQUMsT0FBTyxDQUFDLFdBQVcsQ0FBQztTQUN4QixNQUFNLENBQUMsQ0FBQyxDQUFDLEVBQUUsVUFBVSxDQUFDLEVBQUUsRUFBRSxDQUFDLE9BQU8sVUFBVSxLQUFLLFNBQVMsQ0FBQztTQUMzRCxHQUFHLENBQUMsQ0FBQyxDQUFDLElBQUksRUFBRSxVQUFVLENBQUMsRUFBRSxFQUFFLENBQUM7UUFDM0IsSUFBSTtRQUNKLGdCQUFnQixDQUFFLFVBQTBDLENBQUMsS0FBSyxFQUFFLGFBQWEsQ0FBQztLQUNuRixDQUFDLENBQ0wsQ0FBQztBQUNKLENBQUM7QUFFRCxTQUF3Qiw4QkFBOEIsQ0FDcEQsc0JBQWdELEVBQ2hELEtBQXlCO0lBRXpCLElBQUksc0JBQXNCLEtBQUssSUFBSSxFQUFFO1FBQ25DLE9BQU87WUFDTCxpQkFBaUIsRUFBRSxJQUFJO1lBQ3ZCLHNCQUFzQixFQUFFLElBQUksR0FBRyxFQUFFO1lBQ2pDLG9CQUFvQixFQUFFLElBQUksR0FBRyxFQUFFO1NBQ2hDLENBQUM7S0FDSDtJQUVELE1BQU0saUJBQWlCLEdBQW1DLHNCQUFzQixDQUFDO0lBRWpGLE1BQU0sY0FBYyxHQUFHO1FBQ3JCLEdBQUcsNkJBQTZCLENBQUMsaUJBQWlCLENBQUMsV0FBVyxDQUFDO1FBQy9ELEdBQUcseUJBQXlCLENBQUMsaUJBQWlCLENBQUMsV0FBVyxDQUFDO0tBQzVELENBQUM7SUFFRixPQUFPO1FBQ0wsaUJBQWlCLEVBQUUsS0FBSztRQUN4QixzQkFBc0IsRUFBRSw4QkFBOEIsQ0FBQyxjQUFjLENBQUM7UUFDdEUsb0JBQW9CLEVBQUUsNEJBQTRCLENBQUMsY0FBYyxFQUFFLEtBQUssQ0FBQztLQUMxRSxDQUFDO0FBQ0osQ0FBQztBQXhCRCxpREF3QkMifQ==

package/dist/services/authorization/internal/generate-user-scope.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import { GenericTree } from '@forestadmin/datasource-toolkit';
+import { Team, UserPermissionV4 } from './types';
+export default function generateUserScope(
+  filter: GenericTree | null,
+  team: Team,
+  user: UserPermissionV4,
+): GenericTree;
+// # sourceMappingURL=generate-user-scope.d.ts.map

package/dist/services/authorization/internal/generate-user-scope.js ADDED Viewed

@@ -0,0 +1,45 @@
+Object.defineProperty(exports, '__esModule', { value: true });
+const USER_VALUE_PREFIX = '$currentUser.';
+const USER_VALUE_TAG_PREFIX = '$currentUser.tags.';
+const USER_VALUE_TEAM_PREFIX = '$currentUser.team.';
+function generateUserValue(value, team, user) {
+  if (typeof value !== 'string' || !value.startsWith(USER_VALUE_PREFIX)) {
+    return value;
+  }
+  if (value.startsWith(USER_VALUE_TEAM_PREFIX)) {
+    return team[value.slice(USER_VALUE_TEAM_PREFIX.length)];
+  }
+  if (value.startsWith(USER_VALUE_TAG_PREFIX)) {
+    return user?.tags?.[value.substring(USER_VALUE_TAG_PREFIX.length)];
+  }
+  return user?.[value.substring(USER_VALUE_PREFIX.length)];
+}
+function generateUserScope(filter, team, user) {
+  if (!filter) {
+    return null;
+  }
+  const branch = filter;
+  if (branch.aggregator) {
+    return {
+      ...filter,
+      conditions: branch.conditions.map(condition => generateUserScope(condition, team, user)),
+    };
+  }
+  const leaf = filter;
+  return {
+    ...filter,
+    value: generateUserValue(leaf.value, team, user),
+  };
+}
+exports.default = generateUserScope;
+// # sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZ2VuZXJhdGUtdXNlci1zY29wZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9zZXJ2aWNlcy9hdXRob3JpemF0aW9uL2ludGVybmFsL2dlbmVyYXRlLXVzZXItc2NvcGUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFHQSxNQUFNLGlCQUFpQixHQUFHLGVBQWUsQ0FBQztBQUMxQyxNQUFNLHFCQUFxQixHQUFHLG9CQUFvQixDQUFDO0FBQ25ELE1BQU0sc0JBQXNCLEdBQUcsb0JBQW9CLENBQUM7QUFFcEQsU0FBUyxpQkFBaUIsQ0FBQyxLQUF1QixFQUFFLElBQVUsRUFBRSxJQUFzQjtJQUNwRixJQUFJLE9BQU8sS0FBSyxLQUFLLFFBQVEsSUFBSSxDQUFDLEtBQUssQ0FBQyxVQUFVLENBQUMsaUJBQWlCLENBQUMsRUFBRTtRQUNyRSxPQUFPLEtBQUssQ0FBQztLQUNkO0lBRUQsSUFBSSxLQUFLLENBQUMsVUFBVSxDQUFDLHNCQUFzQixDQUFDLEVBQUU7UUFDNUMsT0FBTyxJQUFJLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxzQkFBc0IsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDO0tBQ3pEO0lBRUQsSUFBSSxLQUFLLENBQUMsVUFBVSxDQUFDLHFCQUFxQixDQUFDLEVBQUU7UUFDM0MsT0FBTyxJQUFJLEVBQUUsSUFBSSxFQUFFLENBQUMsS0FBSyxDQUFDLFNBQVMsQ0FBQyxxQkFBcUIsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDO0tBQ3BFO0lBRUQsT0FBTyxJQUFJLEVBQUUsQ0FBQyxLQUFLLENBQUMsU0FBUyxDQUFDLGlCQUFpQixDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUM7QUFDM0QsQ0FBQztBQUVELFNBQXdCLGlCQUFpQixDQUN2QyxNQUEwQixFQUMxQixJQUFVLEVBQ1YsSUFBc0I7SUFFdEIsSUFBSSxDQUFDLE1BQU0sRUFBRTtRQUNYLE9BQU8sSUFBSSxDQUFDO0tBQ2I7SUFFRCxNQUFNLE1BQU0sR0FBRyxNQUEyQixDQUFDO0lBRTNDLElBQUksTUFBTSxDQUFDLFVBQVUsRUFBRTtRQUNyQixPQUFPO1lBQ0wsR0FBRyxNQUFNO1lBQ1QsVUFBVSxFQUFFLE1BQU0sQ0FBQyxVQUFVLENBQUMsR0FBRyxDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQUMsaUJBQWlCLENBQUMsU0FBUyxFQUFFLElBQUksRUFBRSxJQUFJLENBQUMsQ0FBQztTQUN6RixDQUFDO0tBQ0g7SUFFRCxNQUFNLElBQUksR0FBRyxNQUF5QixDQUFDO0lBRXZDLE9BQU87UUFDTCxHQUFHLE1BQU07UUFDVCxLQUFLLEVBQUUsaUJBQWlCLENBQUMsSUFBSSxDQUFDLEtBQUssRUFBRSxJQUFJLEVBQUUsSUFBSSxDQUFDO0tBQ2pELENBQUM7QUFDSixDQUFDO0FBeEJELG9DQXdCQyJ9

package/dist/services/authorization/internal/hash-chart.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+import { RenderingChartDefinitions } from './types';
+export declare function hashServerCharts(chartsByType: RenderingChartDefinitions): Set<string>;
+export declare function hashChartRequest(chart: any): string;
+// # sourceMappingURL=hash-chart.d.ts.map

package/dist/services/authorization/internal/hash-chart.js ADDED Viewed

@@ -0,0 +1,58 @@
+const __importDefault =
+  (this && this.__importDefault) ||
+  function (mod) {
+    return mod && mod.__esModule ? mod : { default: mod };
+  };
+Object.defineProperty(exports, '__esModule', { value: true });
+exports.hashChartRequest = exports.hashServerCharts = void 0;
+const object_hash_1 = __importDefault(require('object-hash'));
+function hashServerCharts(chartsByType) {
+  const serverCharts = Object.entries(chartsByType)
+    .filter(([key]) => key !== 'queries')
+    .map(([, value]) => value)
+    .flat();
+  const frontendCharts = serverCharts.map(chart => ({
+    type: chart.type,
+    filters: chart.filter,
+    aggregate: chart.aggregator,
+    aggregate_field: chart.aggregateFieldName,
+    collection: chart.sourceCollectionId,
+    time_range: chart.timeRange,
+    group_by_date_field: (chart.type === 'Line' && chart.groupByFieldName) || null,
+    group_by_field: (chart.type !== 'Line' && chart.groupByFieldName) || null,
+    limit: chart.limit,
+    label_field: chart.labelFieldName,
+    relationship_field: chart.relationshipFieldName,
+  }));
+  const hashes = frontendCharts.map(chart =>
+    (0, object_hash_1.default)(chart, {
+      respectType: false,
+      excludeKeys: key => chart[key] === null || chart[key] === undefined,
+    }),
+  );
+  return new Set(hashes);
+}
+exports.hashServerCharts = hashServerCharts;
+function hashChartRequest(chart) {
+  const hashed = {
+    ...chart,
+    // When the server sends the data of the allowed charts, the target column is not specified
+    // for relations => allow them all.
+    ...(chart?.group_by_field?.includes(':')
+      ? { group_by_field: chart.group_by_field.substring(0, chart.group_by_field.indexOf(':')) }
+      : {}),
+  };
+  return (0, object_hash_1.default)(hashed, {
+    respectType: false,
+    excludeKeys: key => chart[key] === null,
+  });
+}
+exports.hashChartRequest = hashChartRequest;
+// # sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaGFzaC1jaGFydC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9zZXJ2aWNlcy9hdXRob3JpemF0aW9uL2ludGVybmFsL2hhc2gtY2hhcnQudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7O0FBQUEsOERBQXFDO0FBSXJDLFNBQWdCLGdCQUFnQixDQUFDLFlBQXVDO0lBQ3RFLE1BQU0sWUFBWSxHQUFHLE1BQU0sQ0FBQyxPQUFPLENBQUMsWUFBWSxDQUFDO1NBQzlDLE1BQU0sQ0FBQyxDQUFDLENBQUMsR0FBRyxDQUFDLEVBQUUsRUFBRSxDQUFDLEdBQUcsS0FBSyxTQUFTLENBQUM7U0FDcEMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEtBQUssQ0FBQyxFQUFFLEVBQUUsQ0FBQyxLQUFLLENBQUM7U0FDekIsSUFBSSxFQUFFLENBQUM7SUFFVixNQUFNLGNBQWMsR0FBRyxZQUFZLENBQUMsR0FBRyxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUMsQ0FBQztRQUNoRCxJQUFJLEVBQUUsS0FBSyxDQUFDLElBQUk7UUFDaEIsT0FBTyxFQUFFLEtBQUssQ0FBQyxNQUFNO1FBQ3JCLFNBQVMsRUFBRSxLQUFLLENBQUMsVUFBVTtRQUMzQixlQUFlLEVBQUUsS0FBSyxDQUFDLGtCQUFrQjtRQUN6QyxVQUFVLEVBQUUsS0FBSyxDQUFDLGtCQUFrQjtRQUNwQyxVQUFVLEVBQUUsS0FBSyxDQUFDLFNBQVM7UUFDM0IsbUJBQW1CLEVBQUUsQ0FBQyxLQUFLLENBQUMsSUFBSSxLQUFLLE1BQU0sSUFBSSxLQUFLLENBQUMsZ0JBQWdCLENBQUMsSUFBSSxJQUFJO1FBQzlFLGNBQWMsRUFBRSxDQUFDLEtBQUssQ0FBQyxJQUFJLEtBQUssTUFBTSxJQUFJLEtBQUssQ0FBQyxnQkFBZ0IsQ0FBQyxJQUFJLElBQUk7UUFDekUsS0FBSyxFQUFFLEtBQUssQ0FBQyxLQUFLO1FBQ2xCLFdBQVcsRUFBRSxLQUFLLENBQUMsY0FBYztRQUNqQyxrQkFBa0IsRUFBRSxLQUFLLENBQUMscUJBQXFCO0tBQ2hELENBQUMsQ0FBQyxDQUFDO0lBRUosTUFBTSxNQUFNLEdBQUcsY0FBYyxDQUFDLEdBQUcsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUN4QyxJQUFBLHFCQUFVLEVBQUMsS0FBSyxFQUFFO1FBQ2hCLFdBQVcsRUFBRSxLQUFLO1FBQ2xCLFdBQVcsRUFBRSxHQUFHLENBQUMsRUFBRSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsS0FBSyxJQUFJLElBQUksS0FBSyxDQUFDLEdBQUcsQ0FBQyxLQUFLLFNBQVM7S0FDcEUsQ0FBQyxDQUNILENBQUM7SUFFRixPQUFPLElBQUksR0FBRyxDQUFDLE1BQU0sQ0FBQyxDQUFDO0FBQ3pCLENBQUM7QUE1QkQsNENBNEJDO0FBRUQsU0FBZ0IsZ0JBQWdCLENBQUMsS0FBVTtJQUN6QyxNQUFNLE1BQU0sR0FBRztRQUNiLEdBQUcsS0FBSztRQUNSLDJGQUEyRjtRQUMzRixtQ0FBbUM7UUFDbkMsR0FBRyxDQUFDLEtBQUssRUFBRSxjQUFjLEVBQUUsUUFBUSxDQUFDLEdBQUcsQ0FBQztZQUN0QyxDQUFDLENBQUMsRUFBRSxjQUFjLEVBQUUsS0FBSyxDQUFDLGNBQWMsQ0FBQyxTQUFTLENBQUMsQ0FBQyxFQUFFLEtBQUssQ0FBQyxjQUFjLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxDQUFDLEVBQUU7WUFDMUYsQ0FBQyxDQUFDLEVBQUUsQ0FBQztLQUNSLENBQUM7SUFFRixPQUFPLElBQUEscUJBQVUsRUFBQyxNQUFNLEVBQUU7UUFDeEIsV0FBVyxFQUFFLEtBQUs7UUFDbEIsV0FBVyxFQUFFLEdBQUcsQ0FBQyxFQUFFLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxLQUFLLElBQUk7S0FDeEMsQ0FBQyxDQUFDO0FBQ0wsQ0FBQztBQWRELDRDQWNDIn0=

package/dist/services/authorization/internal/rendering-permission.d.ts ADDED Viewed

@@ -0,0 +1,39 @@
+import { GenericTree } from '@forestadmin/datasource-toolkit';
+import { AgentOptionsWithDefaults } from '../../../types';
+import { User } from './types';
+import UserPermissionService from './user-permission';
+export declare type RenderingPermissionOptions = Pick<
+  AgentOptionsWithDefaults,
+  'forestServerUrl' | 'envSecret' | 'isProduction' | 'permissionsCacheDurationInSeconds' | 'logger'
+>;
+export default class RenderingPermissionService {
+  private readonly options;
+  private readonly userPermissions;
+  private readonly permissionsByRendering;
+  constructor(options: RenderingPermissionOptions, userPermissions: UserPermissionService);
+  getScope({
+    renderingId,
+    collectionName,
+    user,
+  }: {
+    renderingId: string;
+    collectionName: string;
+    user: User;
+  }): Promise<GenericTree>;
+  private getScopeOrRetry;
+  private loadPermissions;
+  canRetrieveChart({
+    renderingId,
+    chartRequest,
+    userId,
+  }: {
+    renderingId: number;
+    chartRequest: any;
+    userId: number;
+  }): Promise<boolean>;
+  private canRetrieveChartHashOrRetry;
+  invalidateCache(renderingId: any): void;
+}
+// # sourceMappingURL=rendering-permission.d.ts.map

package/dist/services/authorization/internal/rendering-permission.js ADDED Viewed

@@ -0,0 +1,121 @@
+const __importDefault =
+  (this && this.__importDefault) ||
+  function (mod) {
+    return mod && mod.__esModule ? mod : { default: mod };
+  };
+Object.defineProperty(exports, '__esModule', { value: true });
+const lru_cache_1 = __importDefault(require('lru-cache'));
+const hash_chart_1 = require('./hash-chart');
+const types_1 = require('./types');
+const forest_http_api_1 = __importDefault(require('../../../utils/forest-http-api'));
+const generate_user_scope_1 = __importDefault(require('./generate-user-scope'));
+class RenderingPermissionService {
+  constructor(options, userPermissions) {
+    this.options = options;
+    this.userPermissions = userPermissions;
+    this.permissionsByRendering = new lru_cache_1.default({
+      max: 256,
+      ttl: this.options.permissionsCacheDurationInSeconds * 1000,
+      fetchMethod: renderingId => this.loadPermissions(renderingId),
+    });
+  }
+  async getScope({ renderingId, collectionName, user }) {
+    return this.getScopeOrRetry({ renderingId, collectionName, user, allowRetry: true });
+  }
+  async getScopeOrRetry({ renderingId, collectionName, user, allowRetry }) {
+    const [permissions, userInfo] = await Promise.all([
+      this.permissionsByRendering.fetch(renderingId),
+      this.userPermissions.getUserInfo(user.id),
+    ]);
+    const collectionPermissions = permissions?.collections?.[collectionName];
+    if (!collectionPermissions) {
+      if (allowRetry) {
+        this.invalidateCache(renderingId);
+        return this.getScopeOrRetry({ renderingId, collectionName, user, allowRetry: false });
+      }
+      return null;
+    }
+    return (0, generate_user_scope_1.default)(
+      collectionPermissions.scope,
+      permissions.team,
+      userInfo,
+    );
+  }
+  async loadPermissions(renderingId) {
+    this.options.logger('Debug', `Loading rendering permissions for rendering ${renderingId}`);
+    const rawPermissions = await forest_http_api_1.default.getRenderingPermissions(
+      renderingId,
+      this.options,
+    );
+    return {
+      team: rawPermissions.team,
+      collections: rawPermissions.collections,
+      charts: (0, hash_chart_1.hashServerCharts)(rawPermissions.stats),
+    };
+  }
+  async canRetrieveChart({ renderingId, chartRequest, userId }) {
+    const chartHash = (0, hash_chart_1.hashChartRequest)(chartRequest);
+    return this.canRetrieveChartHashOrRetry({ renderingId, chartHash, userId, allowRetry: true });
+  }
+  async canRetrieveChartHashOrRetry({ renderingId, userId, chartHash, allowRetry }) {
+    const [userInfo, permissions] = await Promise.all([
+      this.userPermissions.getUserInfo(userId),
+      this.permissionsByRendering.fetch(renderingId),
+    ]);
+    if (
+      [
+        types_1.PermissionLevel.Admin,
+        types_1.PermissionLevel.Developer,
+        types_1.PermissionLevel.Editor,
+      ].includes(userInfo?.permissionLevel) ||
+      permissions.charts.has(chartHash)
+    ) {
+      this.options.logger('Debug', `User ${userId} can retrieve chart on rendering ${renderingId}`);
+      return true;
+    }
+    if (allowRetry) {
+      this.invalidateCache(renderingId);
+      this.userPermissions.clearCache();
+      return this.canRetrieveChartHashOrRetry({
+        renderingId,
+        userId,
+        chartHash,
+        allowRetry: false,
+      });
+    }
+    this.options.logger(
+      'Debug',
+      `User ${userId} cannot retrieve chart on rendering ${renderingId}`,
+    );
+    return false;
+  }
+  invalidateCache(renderingId) {
+    this.options.logger(
+      'Debug',
+      `Invalidating rendering permissions cache for rendering ${renderingId}`,
+    );
+    this.permissionsByRendering.del(renderingId);
+  }
+}
+exports.default = RenderingPermissionService;
+// # sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicmVuZGVyaW5nLXBlcm1pc3Npb24uanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvc2VydmljZXMvYXV0aG9yaXphdGlvbi9pbnRlcm5hbC9yZW5kZXJpbmctcGVybWlzc2lvbi50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7OztBQUNBLDBEQUFpQztBQUdqQyxtQ0FPaUI7QUFDakIsNkNBQWtFO0FBQ2xFLHFGQUEyRDtBQUUzRCxnRkFBc0Q7QUFhdEQsTUFBcUIsMEJBQTBCO0lBRzdDLFlBQ21CLE9BQW1DLEVBQ25DLGVBQXNDO1FBRHRDLFlBQU8sR0FBUCxPQUFPLENBQTRCO1FBQ25DLG9CQUFlLEdBQWYsZUFBZSxDQUF1QjtRQUV2RCxJQUFJLENBQUMsc0JBQXNCLEdBQUcsSUFBSSxtQkFBUSxDQUFDO1lBQ3pDLEdBQUcsRUFBRSxHQUFHO1lBQ1IsR0FBRyxFQUFFLElBQUksQ0FBQyxPQUFPLENBQUMsaUNBQWlDLEdBQUcsSUFBSTtZQUMxRCxXQUFXLEVBQUUsV0FBVyxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsZUFBZSxDQUFDLFdBQVcsQ0FBQztTQUM5RCxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRU0sS0FBSyxDQUFDLFFBQVEsQ0FBQyxFQUNwQixXQUFXLEVBQ1gsY0FBYyxFQUNkLElBQUksR0FLTDtRQUNDLE9BQU8sSUFBSSxDQUFDLGVBQWUsQ0FBQyxFQUFFLFdBQVcsRUFBRSxjQUFjLEVBQUUsSUFBSSxFQUFFLFVBQVUsRUFBRSxJQUFJLEVBQUUsQ0FBQyxDQUFDO0lBQ3ZGLENBQUM7SUFFTyxLQUFLLENBQUMsZUFBZSxDQUFDLEVBQzVCLFdBQVcsRUFDWCxjQUFjLEVBQ2QsSUFBSSxFQUNKLFVBQVUsR0FNWDtRQUNDLE1BQU0sQ0FBQyxXQUFXLEVBQUUsUUFBUSxDQUFDLEdBQThDLE1BQU0sT0FBTyxDQUFDLEdBQUcsQ0FBQztZQUMzRixJQUFJLENBQUMsc0JBQXNCLENBQUMsS0FBSyxDQUFDLFdBQVcsQ0FBQztZQUM5QyxJQUFJLENBQUMsZUFBZSxDQUFDLFdBQVcsQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDO1NBQzFDLENBQUMsQ0FBQztRQUVILE1BQU0scUJBQXFCLEdBQUcsV0FBVyxFQUFFLFdBQVcsRUFBRSxDQUFDLGNBQWMsQ0FBQyxDQUFDO1FBRXpFLElBQUksQ0FBQyxxQkFBcUIsRUFBRTtZQUMxQixJQUFJLFVBQVUsRUFBRTtnQkFDZCxJQUFJLENBQUMsZUFBZSxDQUFDLFdBQVcsQ0FBQyxDQUFDO2dCQUVsQyxPQUFPLElBQUksQ0FBQyxlQUFlLENBQUMsRUFBRSxXQUFXLEVBQUUsY0FBYyxFQUFFLElBQUksRUFBRSxVQUFVLEVBQUUsS0FBSyxFQUFFLENBQUMsQ0FBQzthQUN2RjtZQUVELE9BQU8sSUFBSSxDQUFDO1NBQ2I7UUFFRCxPQUFPLElBQUEsNkJBQWlCLEVBQUMscUJBQXFCLENBQUMsS0FBSyxFQUFFLFdBQVcsQ0FBQyxJQUFJLEVBQUUsUUFBUSxDQUFDLENBQUM7SUFDcEYsQ0FBQztJQUVPLEtBQUssQ0FBQyxlQUFlLENBQUMsV0FBbUI7UUFDL0MsSUFBSSxDQUFDLE9BQU8sQ0FBQyxNQUFNLENBQUMsT0FBTyxFQUFFLCtDQUErQyxXQUFXLEVBQUUsQ0FBQyxDQUFDO1FBRTNGLE1BQU0sY0FBYyxHQUFHLE1BQU0seUJBQWEsQ0FBQyx1QkFBdUIsQ0FBQyxXQUFXLEVBQUUsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBRTlGLE9BQU87WUFDTCxJQUFJLEVBQUUsY0FBYyxDQUFDLElBQUk7WUFDekIsV0FBVyxFQUFFLGNBQWMsQ0FBQyxXQUFXO1lBQ3ZDLE1BQU0sRUFBRSxJQUFBLDZCQUFnQixFQUFDLGNBQWMsQ0FBQyxLQUFLLENBQUM7U0FDL0MsQ0FBQztJQUNKLENBQUM7SUFFTSxLQUFLLENBQUMsZ0JBQWdCLENBQUMsRUFDNUIsV0FBVyxFQUNYLFlBQVksRUFDWixNQUFNLEdBS1A7UUFDQyxNQUFNLFNBQVMsR0FBRyxJQUFBLDZCQUFnQixFQUFDLFlBQVksQ0FBQyxDQUFDO1FBRWpELE9BQU8sSUFBSSxDQUFDLDJCQUEyQixDQUFDLEVBQUUsV0FBVyxFQUFFLFNBQVMsRUFBRSxNQUFNLEVBQUUsVUFBVSxFQUFFLElBQUksRUFBRSxDQUFDLENBQUM7SUFDaEcsQ0FBQztJQUVPLEtBQUssQ0FBQywyQkFBMkIsQ0FBQyxFQUN4QyxXQUFXLEVBQ1gsTUFBTSxFQUNOLFNBQVMsRUFDVCxVQUFVLEdBTVg7UUFDQyxNQUFNLENBQUMsUUFBUSxFQUFFLFdBQVcsQ0FBQyxHQUFHLE1BQU0sT0FBTyxDQUFDLEdBQUcsQ0FBQztZQUNoRCxJQUFJLENBQUMsZUFBZSxDQUFDLFdBQVcsQ0FBQyxNQUFNLENBQUM7WUFDeEMsSUFBSSxDQUFDLHNCQUFzQixDQUFDLEtBQUssQ0FBQyxXQUFXLENBQUM7U0FDL0MsQ0FBQyxDQUFDO1FBRUgsSUFDRSxDQUFDLHVCQUFlLENBQUMsS0FBSyxFQUFFLHVCQUFlLENBQUMsU0FBUyxFQUFFLHVCQUFlLENBQUMsTUFBTSxDQUFDLENBQUMsUUFBUSxDQUNqRixRQUFRLEVBQUUsZUFBZSxDQUMxQjtZQUNELFdBQVcsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLFNBQVMsQ0FBQyxFQUNqQztZQUNBLElBQUksQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUFDLE9BQU8sRUFBRSxRQUFRLE1BQU0sb0NBQW9DLFdBQVcsRUFBRSxDQUFDLENBQUM7WUFFOUYsT0FBTyxJQUFJLENBQUM7U0FDYjtRQUVELElBQUksVUFBVSxFQUFFO1lBQ2QsSUFBSSxDQUFDLGVBQWUsQ0FBQyxXQUFXLENBQUMsQ0FBQztZQUNsQyxJQUFJLENBQUMsZUFBZSxDQUFDLFVBQVUsRUFBRSxDQUFDO1lBRWxDLE9BQU8sSUFBSSxDQUFDLDJCQUEyQixDQUFDO2dCQUN0QyxXQUFXO2dCQUNYLE1BQU07Z0JBQ04sU0FBUztnQkFDVCxVQUFVLEVBQUUsS0FBSzthQUNsQixDQUFDLENBQUM7U0FDSjtRQUVELElBQUksQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUNqQixPQUFPLEVBQ1AsUUFBUSxNQUFNLHVDQUF1QyxXQUFXLEVBQUUsQ0FDbkUsQ0FBQztRQUVGLE9BQU8sS0FBSyxDQUFDO0lBQ2YsQ0FBQztJQUVNLGVBQWUsQ0FBQyxXQUFXO1FBQ2hDLElBQUksQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUNqQixPQUFPLEVBQ1AsMERBQTBELFdBQVcsRUFBRSxDQUN4RSxDQUFDO1FBRUYsSUFBSSxDQUFDLHNCQUFzQixDQUFDLEdBQUcsQ0FBQyxXQUFXLENBQUMsQ0FBQztJQUMvQyxDQUFDO0NBQ0Y7QUExSUQsNkNBMElDIn0=