@forestadmin/agent 1.66.1 → 1.67.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/agent.js +1 -1
- package/dist/framework-mounter.d.ts +0 -1
- package/dist/framework-mounter.js +18 -8
- package/dist/index.js +3 -3
- package/dist/routes/access/api-chart-collection.d.ts +0 -1
- package/dist/routes/access/api-chart-collection.js +1 -1
- package/dist/routes/access/api-chart-datasource.d.ts +0 -1
- package/dist/routes/access/api-chart-datasource.js +1 -1
- package/dist/routes/access/chart.d.ts +0 -1
- package/dist/routes/access/chart.js +2 -2
- package/dist/routes/access/count-related.d.ts +0 -1
- package/dist/routes/access/count-related.js +1 -1
- package/dist/routes/access/count.d.ts +0 -1
- package/dist/routes/access/count.js +1 -1
- package/dist/routes/access/csv-related.d.ts +0 -1
- package/dist/routes/access/csv.d.ts +0 -1
- package/dist/routes/access/get.d.ts +0 -1
- package/dist/routes/access/get.js +1 -1
- package/dist/routes/access/list-related.d.ts +0 -1
- package/dist/routes/access/list.d.ts +0 -1
- package/dist/routes/access/native-query-datasource.d.ts +0 -1
- package/dist/routes/access/native-query-datasource.js +1 -1
- package/dist/routes/base-route.d.ts +0 -1
- package/dist/routes/capabilities.d.ts +0 -1
- package/dist/routes/index.js +2 -2
- package/dist/routes/modification/action/action-authorization.js +1 -1
- package/dist/routes/modification/action/action.d.ts +0 -1
- package/dist/routes/modification/action/action.js +1 -1
- package/dist/routes/modification/associate-related.d.ts +0 -1
- package/dist/routes/modification/associate-related.js +1 -1
- package/dist/routes/modification/create.d.ts +0 -1
- package/dist/routes/modification/create.js +1 -1
- package/dist/routes/modification/delete.d.ts +0 -1
- package/dist/routes/modification/dissociate-delete-related.d.ts +0 -1
- package/dist/routes/modification/dissociate-delete-related.js +1 -1
- package/dist/routes/modification/update-field.d.ts +0 -1
- package/dist/routes/modification/update-field.js +1 -1
- package/dist/routes/modification/update-relation.d.ts +0 -1
- package/dist/routes/modification/update-relation.js +1 -1
- package/dist/routes/modification/update.d.ts +0 -1
- package/dist/routes/modification/update.js +1 -1
- package/dist/routes/security/authentication.d.ts +0 -1
- package/dist/routes/security/authentication.js +1 -1
- package/dist/routes/security/ip-whitelist.d.ts +0 -1
- package/dist/routes/security/ip-whitelist.js +1 -1
- package/dist/routes/security/scope-invalidation.d.ts +0 -1
- package/dist/routes/security/scope-invalidation.js +1 -1
- package/dist/routes/system/error-handling.d.ts +0 -1
- package/dist/routes/system/error-handling.js +1 -1
- package/dist/routes/system/healthcheck.d.ts +0 -1
- package/dist/routes/system/logger.d.ts +0 -1
- package/dist/routes/system/logger.js +1 -1
- package/dist/services/authorization/authorization.js +1 -1
- package/dist/services/authorization/index.js +2 -2
- package/dist/services/model-customizations/actions/get-actions.js +2 -2
- package/dist/services/model-customizations/actions/update-record/execute-update-record.js +2 -2
- package/dist/services/model-customizations/actions/update-record/update-record-plugin.js +2 -2
- package/dist/services/model-customizations/actions/webhook/execute-webhook.js +2 -2
- package/dist/services/model-customizations/actions/webhook/webhook-plugin.js +2 -2
- package/dist/services/model-customizations/customization.js +2 -2
- package/dist/services/segment-query-handler.js +1 -1
- package/dist/services/serializer.js +1 -1
- package/dist/types.d.ts +0 -1
- package/dist/types.js +3 -3
- package/dist/utils/condition-tree-parser.js +1 -1
- package/dist/utils/csv-generator.js +1 -1
- package/dist/utils/forest-schema/action-values.js +1 -1
- package/dist/utils/forest-schema/column-schema-validator.js +1 -1
- package/dist/utils/forest-schema/generator-action-field-widget.js +2 -2
- package/dist/utils/forest-schema/generator-actions.js +3 -3
- package/dist/utils/forest-schema/generator-fields.js +2 -2
- package/dist/utils/forest-schema/validation.js +3 -3
- package/dist/utils/id.js +1 -1
- package/dist/utils/options-validator.js +2 -2
- package/dist/utils/query-string.js +2 -2
- package/package.json +4 -3
- package/dist/agent/services/chart.d.ts +0 -102
- package/dist/agent/services/chart.js +0 -114
- package/dist/routes/access/api-chart.d.ts +0 -16
- package/dist/routes/access/api-chart.js +0 -47
- package/dist/routes/modification/action.d.ts +0 -16
- package/dist/routes/modification/action.js +0 -121
- package/dist/services/authorization/internal/action-permission.d.ts +0 -20
- package/dist/services/authorization/internal/action-permission.js +0 -98
- package/dist/services/authorization/internal/generate-action-identifier.d.ts +0 -12
- package/dist/services/authorization/internal/generate-action-identifier.js +0 -15
- package/dist/services/authorization/internal/generate-actions-from-permissions.d.ts +0 -12
- package/dist/services/authorization/internal/generate-actions-from-permissions.js +0 -139
- package/dist/services/authorization/internal/generate-user-scope.d.ts +0 -10
- package/dist/services/authorization/internal/generate-user-scope.js +0 -45
- package/dist/services/authorization/internal/hash-chart.d.ts +0 -5
- package/dist/services/authorization/internal/hash-chart.js +0 -58
- package/dist/services/authorization/internal/rendering-permission.d.ts +0 -39
- package/dist/services/authorization/internal/rendering-permission.js +0 -121
- package/dist/services/authorization/internal/types.d.ts +0 -255
- package/dist/services/authorization/internal/types.js +0 -54
- package/dist/services/authorization/internal/user-permission.d.ts +0 -16
- package/dist/services/authorization/internal/user-permission.js +0 -46
- package/dist/services/permissions.d.ts +0 -19
- package/dist/services/permissions.js +0 -85
- package/dist/utils/forest-http-api.d.ts +0 -37
- package/dist/utils/forest-http-api.js +0 -100
- package/dist/utils/forest-schema/column-schema-validation.d.ts +0 -5
- package/dist/utils/forest-schema/column-schema-validation.js +0 -14
- package/dist/utils/forest-schema/emitter.d.ts +0 -17
- package/dist/utils/forest-schema/emitter.js +0 -38
- package/dist/utils/forest-schema/schema-generator.d.ts +0 -6
- package/dist/utils/forest-schema/schema-generator.js +0 -13
- package/dist/utils/forest-schema/schema-serializer.d.ts +0 -12
- package/dist/utils/forest-schema/schema-serializer.js +0 -35
- package/dist/utils/forest-schema/types.d.ts +0 -85
- package/dist/utils/forest-schema/types.js +0 -16
|
@@ -1,39 +0,0 @@
|
|
|
1
|
-
import { GenericTree } from '@forestadmin/datasource-toolkit';
|
|
2
|
-
|
|
3
|
-
import { AgentOptionsWithDefaults } from '../../../types';
|
|
4
|
-
import { User } from './types';
|
|
5
|
-
import UserPermissionService from './user-permission';
|
|
6
|
-
|
|
7
|
-
export declare type RenderingPermissionOptions = Pick<
|
|
8
|
-
AgentOptionsWithDefaults,
|
|
9
|
-
'forestServerUrl' | 'envSecret' | 'isProduction' | 'permissionsCacheDurationInSeconds' | 'logger'
|
|
10
|
-
>;
|
|
11
|
-
export default class RenderingPermissionService {
|
|
12
|
-
private readonly options;
|
|
13
|
-
private readonly userPermissions;
|
|
14
|
-
private readonly permissionsByRendering;
|
|
15
|
-
constructor(options: RenderingPermissionOptions, userPermissions: UserPermissionService);
|
|
16
|
-
getScope({
|
|
17
|
-
renderingId,
|
|
18
|
-
collectionName,
|
|
19
|
-
user,
|
|
20
|
-
}: {
|
|
21
|
-
renderingId: string;
|
|
22
|
-
collectionName: string;
|
|
23
|
-
user: User;
|
|
24
|
-
}): Promise<GenericTree>;
|
|
25
|
-
private getScopeOrRetry;
|
|
26
|
-
private loadPermissions;
|
|
27
|
-
canRetrieveChart({
|
|
28
|
-
renderingId,
|
|
29
|
-
chartRequest,
|
|
30
|
-
userId,
|
|
31
|
-
}: {
|
|
32
|
-
renderingId: number;
|
|
33
|
-
chartRequest: any;
|
|
34
|
-
userId: number;
|
|
35
|
-
}): Promise<boolean>;
|
|
36
|
-
private canRetrieveChartHashOrRetry;
|
|
37
|
-
invalidateCache(renderingId: any): void;
|
|
38
|
-
}
|
|
39
|
-
// # sourceMappingURL=rendering-permission.d.ts.map
|
|
@@ -1,121 +0,0 @@
|
|
|
1
|
-
const __importDefault =
|
|
2
|
-
(this && this.__importDefault) ||
|
|
3
|
-
function (mod) {
|
|
4
|
-
return mod && mod.__esModule ? mod : { default: mod };
|
|
5
|
-
};
|
|
6
|
-
|
|
7
|
-
Object.defineProperty(exports, '__esModule', { value: true });
|
|
8
|
-
const lru_cache_1 = __importDefault(require('lru-cache'));
|
|
9
|
-
const hash_chart_1 = require('./hash-chart');
|
|
10
|
-
const types_1 = require('./types');
|
|
11
|
-
const forest_http_api_1 = __importDefault(require('../../../utils/forest-http-api'));
|
|
12
|
-
const generate_user_scope_1 = __importDefault(require('./generate-user-scope'));
|
|
13
|
-
|
|
14
|
-
class RenderingPermissionService {
|
|
15
|
-
constructor(options, userPermissions) {
|
|
16
|
-
this.options = options;
|
|
17
|
-
this.userPermissions = userPermissions;
|
|
18
|
-
this.permissionsByRendering = new lru_cache_1.default({
|
|
19
|
-
max: 256,
|
|
20
|
-
ttl: this.options.permissionsCacheDurationInSeconds * 1000,
|
|
21
|
-
fetchMethod: renderingId => this.loadPermissions(renderingId),
|
|
22
|
-
});
|
|
23
|
-
}
|
|
24
|
-
|
|
25
|
-
async getScope({ renderingId, collectionName, user }) {
|
|
26
|
-
return this.getScopeOrRetry({ renderingId, collectionName, user, allowRetry: true });
|
|
27
|
-
}
|
|
28
|
-
|
|
29
|
-
async getScopeOrRetry({ renderingId, collectionName, user, allowRetry }) {
|
|
30
|
-
const [permissions, userInfo] = await Promise.all([
|
|
31
|
-
this.permissionsByRendering.fetch(renderingId),
|
|
32
|
-
this.userPermissions.getUserInfo(user.id),
|
|
33
|
-
]);
|
|
34
|
-
const collectionPermissions = permissions?.collections?.[collectionName];
|
|
35
|
-
|
|
36
|
-
if (!collectionPermissions) {
|
|
37
|
-
if (allowRetry) {
|
|
38
|
-
this.invalidateCache(renderingId);
|
|
39
|
-
|
|
40
|
-
return this.getScopeOrRetry({ renderingId, collectionName, user, allowRetry: false });
|
|
41
|
-
}
|
|
42
|
-
|
|
43
|
-
return null;
|
|
44
|
-
}
|
|
45
|
-
|
|
46
|
-
return (0, generate_user_scope_1.default)(
|
|
47
|
-
collectionPermissions.scope,
|
|
48
|
-
permissions.team,
|
|
49
|
-
userInfo,
|
|
50
|
-
);
|
|
51
|
-
}
|
|
52
|
-
|
|
53
|
-
async loadPermissions(renderingId) {
|
|
54
|
-
this.options.logger('Debug', `Loading rendering permissions for rendering ${renderingId}`);
|
|
55
|
-
const rawPermissions = await forest_http_api_1.default.getRenderingPermissions(
|
|
56
|
-
renderingId,
|
|
57
|
-
this.options,
|
|
58
|
-
);
|
|
59
|
-
|
|
60
|
-
return {
|
|
61
|
-
team: rawPermissions.team,
|
|
62
|
-
collections: rawPermissions.collections,
|
|
63
|
-
charts: (0, hash_chart_1.hashServerCharts)(rawPermissions.stats),
|
|
64
|
-
};
|
|
65
|
-
}
|
|
66
|
-
|
|
67
|
-
async canRetrieveChart({ renderingId, chartRequest, userId }) {
|
|
68
|
-
const chartHash = (0, hash_chart_1.hashChartRequest)(chartRequest);
|
|
69
|
-
|
|
70
|
-
return this.canRetrieveChartHashOrRetry({ renderingId, chartHash, userId, allowRetry: true });
|
|
71
|
-
}
|
|
72
|
-
|
|
73
|
-
async canRetrieveChartHashOrRetry({ renderingId, userId, chartHash, allowRetry }) {
|
|
74
|
-
const [userInfo, permissions] = await Promise.all([
|
|
75
|
-
this.userPermissions.getUserInfo(userId),
|
|
76
|
-
this.permissionsByRendering.fetch(renderingId),
|
|
77
|
-
]);
|
|
78
|
-
|
|
79
|
-
if (
|
|
80
|
-
[
|
|
81
|
-
types_1.PermissionLevel.Admin,
|
|
82
|
-
types_1.PermissionLevel.Developer,
|
|
83
|
-
types_1.PermissionLevel.Editor,
|
|
84
|
-
].includes(userInfo?.permissionLevel) ||
|
|
85
|
-
permissions.charts.has(chartHash)
|
|
86
|
-
) {
|
|
87
|
-
this.options.logger('Debug', `User ${userId} can retrieve chart on rendering ${renderingId}`);
|
|
88
|
-
|
|
89
|
-
return true;
|
|
90
|
-
}
|
|
91
|
-
|
|
92
|
-
if (allowRetry) {
|
|
93
|
-
this.invalidateCache(renderingId);
|
|
94
|
-
this.userPermissions.clearCache();
|
|
95
|
-
|
|
96
|
-
return this.canRetrieveChartHashOrRetry({
|
|
97
|
-
renderingId,
|
|
98
|
-
userId,
|
|
99
|
-
chartHash,
|
|
100
|
-
allowRetry: false,
|
|
101
|
-
});
|
|
102
|
-
}
|
|
103
|
-
|
|
104
|
-
this.options.logger(
|
|
105
|
-
'Debug',
|
|
106
|
-
`User ${userId} cannot retrieve chart on rendering ${renderingId}`,
|
|
107
|
-
);
|
|
108
|
-
|
|
109
|
-
return false;
|
|
110
|
-
}
|
|
111
|
-
|
|
112
|
-
invalidateCache(renderingId) {
|
|
113
|
-
this.options.logger(
|
|
114
|
-
'Debug',
|
|
115
|
-
`Invalidating rendering permissions cache for rendering ${renderingId}`,
|
|
116
|
-
);
|
|
117
|
-
this.permissionsByRendering.del(renderingId);
|
|
118
|
-
}
|
|
119
|
-
}
|
|
120
|
-
exports.default = RenderingPermissionService;
|
|
121
|
-
// # sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicmVuZGVyaW5nLXBlcm1pc3Npb24uanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvc2VydmljZXMvYXV0aG9yaXphdGlvbi9pbnRlcm5hbC9yZW5kZXJpbmctcGVybWlzc2lvbi50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7OztBQUNBLDBEQUFpQztBQUdqQyxtQ0FPaUI7QUFDakIsNkNBQWtFO0FBQ2xFLHFGQUEyRDtBQUUzRCxnRkFBc0Q7QUFhdEQsTUFBcUIsMEJBQTBCO0lBRzdDLFlBQ21CLE9BQW1DLEVBQ25DLGVBQXNDO1FBRHRDLFlBQU8sR0FBUCxPQUFPLENBQTRCO1FBQ25DLG9CQUFlLEdBQWYsZUFBZSxDQUF1QjtRQUV2RCxJQUFJLENBQUMsc0JBQXNCLEdBQUcsSUFBSSxtQkFBUSxDQUFDO1lBQ3pDLEdBQUcsRUFBRSxHQUFHO1lBQ1IsR0FBRyxFQUFFLElBQUksQ0FBQyxPQUFPLENBQUMsaUNBQWlDLEdBQUcsSUFBSTtZQUMxRCxXQUFXLEVBQUUsV0FBVyxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsZUFBZSxDQUFDLFdBQVcsQ0FBQztTQUM5RCxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRU0sS0FBSyxDQUFDLFFBQVEsQ0FBQyxFQUNwQixXQUFXLEVBQ1gsY0FBYyxFQUNkLElBQUksR0FLTDtRQUNDLE9BQU8sSUFBSSxDQUFDLGVBQWUsQ0FBQyxFQUFFLFdBQVcsRUFBRSxjQUFjLEVBQUUsSUFBSSxFQUFFLFVBQVUsRUFBRSxJQUFJLEVBQUUsQ0FBQyxDQUFDO0lBQ3ZGLENBQUM7SUFFTyxLQUFLLENBQUMsZUFBZSxDQUFDLEVBQzVCLFdBQVcsRUFDWCxjQUFjLEVBQ2QsSUFBSSxFQUNKLFVBQVUsR0FNWDtRQUNDLE1BQU0sQ0FBQyxXQUFXLEVBQUUsUUFBUSxDQUFDLEdBQThDLE1BQU0sT0FBTyxDQUFDLEdBQUcsQ0FBQztZQUMzRixJQUFJLENBQUMsc0JBQXNCLENBQUMsS0FBSyxDQUFDLFdBQVcsQ0FBQztZQUM5QyxJQUFJLENBQUMsZUFBZSxDQUFDLFdBQVcsQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDO1NBQzFDLENBQUMsQ0FBQztRQUVILE1BQU0scUJBQXFCLEdBQUcsV0FBVyxFQUFFLFdBQVcsRUFBRSxDQUFDLGNBQWMsQ0FBQyxDQUFDO1FBRXpFLElBQUksQ0FBQyxxQkFBcUIsRUFBRTtZQUMxQixJQUFJLFVBQVUsRUFBRTtnQkFDZCxJQUFJLENBQUMsZUFBZSxDQUFDLFdBQVcsQ0FBQyxDQUFDO2dCQUVsQyxPQUFPLElBQUksQ0FBQyxlQUFlLENBQUMsRUFBRSxXQUFXLEVBQUUsY0FBYyxFQUFFLElBQUksRUFBRSxVQUFVLEVBQUUsS0FBSyxFQUFFLENBQUMsQ0FBQzthQUN2RjtZQUVELE9BQU8sSUFBSSxDQUFDO1NBQ2I7UUFFRCxPQUFPLElBQUEsNkJBQWlCLEVBQUMscUJBQXFCLENBQUMsS0FBSyxFQUFFLFdBQVcsQ0FBQyxJQUFJLEVBQUUsUUFBUSxDQUFDLENBQUM7SUFDcEYsQ0FBQztJQUVPLEtBQUssQ0FBQyxlQUFlLENBQUMsV0FBbUI7UUFDL0MsSUFBSSxDQUFDLE9BQU8sQ0FBQyxNQUFNLENBQUMsT0FBTyxFQUFFLCtDQUErQyxXQUFXLEVBQUUsQ0FBQyxDQUFDO1FBRTNGLE1BQU0sY0FBYyxHQUFHLE1BQU0seUJBQWEsQ0FBQyx1QkFBdUIsQ0FBQyxXQUFXLEVBQUUsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBRTlGLE9BQU87WUFDTCxJQUFJLEVBQUUsY0FBYyxDQUFDLElBQUk7WUFDekIsV0FBVyxFQUFFLGNBQWMsQ0FBQyxXQUFXO1lBQ3ZDLE1BQU0sRUFBRSxJQUFBLDZCQUFnQixFQUFDLGNBQWMsQ0FBQyxLQUFLLENBQUM7U0FDL0MsQ0FBQztJQUNKLENBQUM7SUFFTSxLQUFLLENBQUMsZ0JBQWdCLENBQUMsRUFDNUIsV0FBVyxFQUNYLFlBQVksRUFDWixNQUFNLEdBS1A7UUFDQyxNQUFNLFNBQVMsR0FBRyxJQUFBLDZCQUFnQixFQUFDLFlBQVksQ0FBQyxDQUFDO1FBRWpELE9BQU8sSUFBSSxDQUFDLDJCQUEyQixDQUFDLEVBQUUsV0FBVyxFQUFFLFNBQVMsRUFBRSxNQUFNLEVBQUUsVUFBVSxFQUFFLElBQUksRUFBRSxDQUFDLENBQUM7SUFDaEcsQ0FBQztJQUVPLEtBQUssQ0FBQywyQkFBMkIsQ0FBQyxFQUN4QyxXQUFXLEVBQ1gsTUFBTSxFQUNOLFNBQVMsRUFDVCxVQUFVLEdBTVg7UUFDQyxNQUFNLENBQUMsUUFBUSxFQUFFLFdBQVcsQ0FBQyxHQUFHLE1BQU0sT0FBTyxDQUFDLEdBQUcsQ0FBQztZQUNoRCxJQUFJLENBQUMsZUFBZSxDQUFDLFdBQVcsQ0FBQyxNQUFNLENBQUM7WUFDeEMsSUFBSSxDQUFDLHNCQUFzQixDQUFDLEtBQUssQ0FBQyxXQUFXLENBQUM7U0FDL0MsQ0FBQyxDQUFDO1FBRUgsSUFDRSxDQUFDLHVCQUFlLENBQUMsS0FBSyxFQUFFLHVCQUFlLENBQUMsU0FBUyxFQUFFLHVCQUFlLENBQUMsTUFBTSxDQUFDLENBQUMsUUFBUSxDQUNqRixRQUFRLEVBQUUsZUFBZSxDQUMxQjtZQUNELFdBQVcsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLFNBQVMsQ0FBQyxFQUNqQztZQUNBLElBQUksQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUFDLE9BQU8sRUFBRSxRQUFRLE1BQU0sb0NBQW9DLFdBQVcsRUFBRSxDQUFDLENBQUM7WUFFOUYsT0FBTyxJQUFJLENBQUM7U0FDYjtRQUVELElBQUksVUFBVSxFQUFFO1lBQ2QsSUFBSSxDQUFDLGVBQWUsQ0FBQyxXQUFXLENBQUMsQ0FBQztZQUNsQyxJQUFJLENBQUMsZUFBZSxDQUFDLFVBQVUsRUFBRSxDQUFDO1lBRWxDLE9BQU8sSUFBSSxDQUFDLDJCQUEyQixDQUFDO2dCQUN0QyxXQUFXO2dCQUNYLE1BQU07Z0JBQ04sU0FBUztnQkFDVCxVQUFVLEVBQUUsS0FBSzthQUNsQixDQUFDLENBQUM7U0FDSjtRQUVELElBQUksQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUNqQixPQUFPLEVBQ1AsUUFBUSxNQUFNLHVDQUF1QyxXQUFXLEVBQUUsQ0FDbkUsQ0FBQztRQUVGLE9BQU8sS0FBSyxDQUFDO0lBQ2YsQ0FBQztJQUVNLGVBQWUsQ0FBQyxXQUFXO1FBQ2hDLElBQUksQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUNqQixPQUFPLEVBQ1AsMERBQTBELFdBQVcsRUFBRSxDQUN4RSxDQUFDO1FBRUYsSUFBSSxDQUFDLHNCQUFzQixDQUFDLEdBQUcsQ0FBQyxXQUFXLENBQUMsQ0FBQztJQUMvQyxDQUFDO0NBQ0Y7QUExSUQsNkNBMElDIn0=
|
|
@@ -1,255 +0,0 @@
|
|
|
1
|
-
import { GenericTree } from '@forestadmin/datasource-toolkit';
|
|
2
|
-
|
|
3
|
-
export declare type EnvironmentPermissionsV4 = EnvironmentPermissionsV4Remote | true;
|
|
4
|
-
export declare type RightDescriptionWithRolesV4 = {
|
|
5
|
-
roles: number[];
|
|
6
|
-
};
|
|
7
|
-
export declare type RightDescriptionV4 = boolean | RightDescriptionWithRolesV4;
|
|
8
|
-
export interface EnvironmentCollectionAccessPermissionsV4 {
|
|
9
|
-
browseEnabled: RightDescriptionV4;
|
|
10
|
-
readEnabled: RightDescriptionV4;
|
|
11
|
-
editEnabled: RightDescriptionV4;
|
|
12
|
-
addEnabled: RightDescriptionV4;
|
|
13
|
-
deleteEnabled: RightDescriptionV4;
|
|
14
|
-
exportEnabled: RightDescriptionV4;
|
|
15
|
-
}
|
|
16
|
-
export interface EnvironmentSmartActionPermissionsV4 {
|
|
17
|
-
triggerEnabled: RightDescriptionV4;
|
|
18
|
-
approvalRequired: RightDescriptionV4;
|
|
19
|
-
userApprovalEnabled: RightDescriptionV4;
|
|
20
|
-
selfApprovalEnabled: RightDescriptionV4;
|
|
21
|
-
}
|
|
22
|
-
export interface EnvironmentCollectionActionPermissionsV4 {
|
|
23
|
-
[actionName: string]: EnvironmentSmartActionPermissionsV4;
|
|
24
|
-
}
|
|
25
|
-
export interface EnvironmentCollectionPermissionsV4 {
|
|
26
|
-
collection: EnvironmentCollectionAccessPermissionsV4;
|
|
27
|
-
actions: EnvironmentCollectionActionPermissionsV4;
|
|
28
|
-
}
|
|
29
|
-
export interface EnvironmentCollectionsPermissionsV4 {
|
|
30
|
-
[id: string]: EnvironmentCollectionPermissionsV4;
|
|
31
|
-
}
|
|
32
|
-
export interface EnvironmentPermissionsV4Remote {
|
|
33
|
-
collections: EnvironmentCollectionsPermissionsV4;
|
|
34
|
-
}
|
|
35
|
-
export declare enum PermissionLevel {
|
|
36
|
-
Admin = 'admin',
|
|
37
|
-
Developer = 'developer',
|
|
38
|
-
Editor = 'editor',
|
|
39
|
-
User = 'user',
|
|
40
|
-
}
|
|
41
|
-
export declare type UserPermissionV4 = {
|
|
42
|
-
id: number;
|
|
43
|
-
firstName: string;
|
|
44
|
-
lastName: string;
|
|
45
|
-
email: string;
|
|
46
|
-
permissionLevel: PermissionLevel;
|
|
47
|
-
tags: Record<string, string>;
|
|
48
|
-
roleId: number;
|
|
49
|
-
};
|
|
50
|
-
export declare enum CollectionActionEvent {
|
|
51
|
-
Browse = 'browse',
|
|
52
|
-
Export = 'export',
|
|
53
|
-
Read = 'read',
|
|
54
|
-
Edit = 'edit',
|
|
55
|
-
Delete = 'delete',
|
|
56
|
-
Add = 'add',
|
|
57
|
-
}
|
|
58
|
-
export declare enum CustomActionEvent {
|
|
59
|
-
Trigger = 'trigger',
|
|
60
|
-
Approve = 'approve',
|
|
61
|
-
SelfApprove = 'self-approve',
|
|
62
|
-
RequireApproval = 'require-approval',
|
|
63
|
-
}
|
|
64
|
-
export declare enum ChartType {
|
|
65
|
-
Pie = 'Pie',
|
|
66
|
-
Value = 'Value',
|
|
67
|
-
Leaderboard = 'Leaderboard',
|
|
68
|
-
Line = 'Line',
|
|
69
|
-
Objective = 'Objective',
|
|
70
|
-
Percentage = 'Percentage',
|
|
71
|
-
Smart = 'Smart',
|
|
72
|
-
}
|
|
73
|
-
export interface DisplaySettings {
|
|
74
|
-
x: number;
|
|
75
|
-
y: number;
|
|
76
|
-
width: number;
|
|
77
|
-
height: number;
|
|
78
|
-
}
|
|
79
|
-
export interface BaseChart {
|
|
80
|
-
type: ChartType;
|
|
81
|
-
}
|
|
82
|
-
export interface SmartRouteChart extends BaseChart {
|
|
83
|
-
type: Exclude<ChartType, ChartType.Smart>;
|
|
84
|
-
smartRoute: string;
|
|
85
|
-
}
|
|
86
|
-
export interface ApiRouteChart extends BaseChart {
|
|
87
|
-
type: Exclude<ChartType, ChartType.Smart>;
|
|
88
|
-
apiRoute: string;
|
|
89
|
-
}
|
|
90
|
-
export interface QueryChart extends BaseChart {
|
|
91
|
-
type: Exclude<ChartType, ChartType.Smart>;
|
|
92
|
-
query: string;
|
|
93
|
-
filter?: Record<string, any>;
|
|
94
|
-
}
|
|
95
|
-
export interface S3Versions {
|
|
96
|
-
'component.js': string;
|
|
97
|
-
'template.hbs': string;
|
|
98
|
-
}
|
|
99
|
-
export interface FilterableChart extends BaseChart {
|
|
100
|
-
filter?: string;
|
|
101
|
-
}
|
|
102
|
-
export interface AggregatedChart extends BaseChart {
|
|
103
|
-
aggregator: 'Sum' | 'Count';
|
|
104
|
-
aggregateFieldName: string | null;
|
|
105
|
-
}
|
|
106
|
-
export interface CollectionChart extends BaseChart {
|
|
107
|
-
sourceCollectionName: string | number;
|
|
108
|
-
}
|
|
109
|
-
export interface GroupedByChart extends BaseChart {
|
|
110
|
-
groupByFieldName: string | null;
|
|
111
|
-
}
|
|
112
|
-
export interface SmartChart extends BaseChart {
|
|
113
|
-
type: ChartType.Smart;
|
|
114
|
-
s3Versions: S3Versions & {
|
|
115
|
-
'style.css': string;
|
|
116
|
-
};
|
|
117
|
-
id: string;
|
|
118
|
-
}
|
|
119
|
-
export interface LeaderboardChart extends BaseChart, AggregatedChart, CollectionChart {
|
|
120
|
-
type: ChartType.Leaderboard;
|
|
121
|
-
labelFieldName: string;
|
|
122
|
-
relationshipFieldName: string;
|
|
123
|
-
limit: number;
|
|
124
|
-
}
|
|
125
|
-
export interface LineChart
|
|
126
|
-
extends BaseChart,
|
|
127
|
-
FilterableChart,
|
|
128
|
-
AggregatedChart,
|
|
129
|
-
CollectionChart,
|
|
130
|
-
GroupedByChart {
|
|
131
|
-
type: ChartType.Line;
|
|
132
|
-
timeRange: 'Day' | 'Week' | 'Month' | 'Year';
|
|
133
|
-
}
|
|
134
|
-
export interface ObjectiveChart
|
|
135
|
-
extends BaseChart,
|
|
136
|
-
FilterableChart,
|
|
137
|
-
AggregatedChart,
|
|
138
|
-
CollectionChart {
|
|
139
|
-
type: ChartType.Objective;
|
|
140
|
-
objective: number;
|
|
141
|
-
}
|
|
142
|
-
export interface PercentageChart extends BaseChart {
|
|
143
|
-
type: ChartType.Percentage;
|
|
144
|
-
numeratorChartId: string;
|
|
145
|
-
denominatorChartId: string;
|
|
146
|
-
}
|
|
147
|
-
export interface PieChart
|
|
148
|
-
extends BaseChart,
|
|
149
|
-
FilterableChart,
|
|
150
|
-
AggregatedChart,
|
|
151
|
-
CollectionChart,
|
|
152
|
-
GroupedByChart {
|
|
153
|
-
type: ChartType.Pie;
|
|
154
|
-
}
|
|
155
|
-
export interface ValueChart extends BaseChart, FilterableChart, AggregatedChart, CollectionChart {
|
|
156
|
-
type: ChartType.Value;
|
|
157
|
-
}
|
|
158
|
-
export declare type Chart =
|
|
159
|
-
| SmartChart
|
|
160
|
-
| ApiRouteChart
|
|
161
|
-
| QueryChart
|
|
162
|
-
| SmartRouteChart
|
|
163
|
-
| LeaderboardChart
|
|
164
|
-
| LineChart
|
|
165
|
-
| ObjectiveChart
|
|
166
|
-
| PercentageChart
|
|
167
|
-
| PieChart
|
|
168
|
-
| ValueChart;
|
|
169
|
-
export interface CollectionColumn {
|
|
170
|
-
id: string | number;
|
|
171
|
-
fieldName: string;
|
|
172
|
-
position: number | null;
|
|
173
|
-
isVisible: boolean;
|
|
174
|
-
}
|
|
175
|
-
export interface BaseCollectionSegment {
|
|
176
|
-
id: string | number;
|
|
177
|
-
type: 'manual' | 'smart';
|
|
178
|
-
name: string;
|
|
179
|
-
position: number;
|
|
180
|
-
defaultSortingFieldName: string | null;
|
|
181
|
-
defaultSortingFieldOrder: 'ascending' | 'descending' | null;
|
|
182
|
-
isVisible: boolean;
|
|
183
|
-
hasColumnsConfiguration: boolean;
|
|
184
|
-
columns: CollectionColumn[];
|
|
185
|
-
}
|
|
186
|
-
export interface FilterCondition {
|
|
187
|
-
id: string;
|
|
188
|
-
value: boolean | number | string | string[];
|
|
189
|
-
fieldName: string | null;
|
|
190
|
-
subFieldName: string | null;
|
|
191
|
-
embeddedFieldName?: string | null;
|
|
192
|
-
operator: string;
|
|
193
|
-
embeddedField?: {
|
|
194
|
-
id?: number;
|
|
195
|
-
type: string;
|
|
196
|
-
field: string;
|
|
197
|
-
enums?: Array<string | number | Record<string, string>>;
|
|
198
|
-
} | null;
|
|
199
|
-
}
|
|
200
|
-
export interface Filter {
|
|
201
|
-
id?: string;
|
|
202
|
-
type: 'and' | 'or';
|
|
203
|
-
conditions: FilterCondition[] | null;
|
|
204
|
-
}
|
|
205
|
-
export interface ManualCollectionSegment extends BaseCollectionSegment {
|
|
206
|
-
type: 'manual';
|
|
207
|
-
filter: Filter | null;
|
|
208
|
-
query: string | null;
|
|
209
|
-
}
|
|
210
|
-
export interface SmartCollectionSegment extends BaseCollectionSegment {
|
|
211
|
-
type: 'smart';
|
|
212
|
-
}
|
|
213
|
-
export declare type CollectionSegment = ManualCollectionSegment | SmartCollectionSegment;
|
|
214
|
-
export declare type DynamicScopesValues = {
|
|
215
|
-
users: Record<string, Record<string, string | number>>;
|
|
216
|
-
};
|
|
217
|
-
export declare type CollectionRenderingPermissionV4 = {
|
|
218
|
-
scope: GenericTree | null;
|
|
219
|
-
segments: CollectionSegment[];
|
|
220
|
-
};
|
|
221
|
-
export declare type Team = {
|
|
222
|
-
id: number;
|
|
223
|
-
name: string;
|
|
224
|
-
};
|
|
225
|
-
export declare type RenderingPermissionV4 = {
|
|
226
|
-
team: Team;
|
|
227
|
-
collections: Record<string, CollectionRenderingPermissionV4>;
|
|
228
|
-
stats: Chart[];
|
|
229
|
-
};
|
|
230
|
-
export declare type User = Record<string, any> & {
|
|
231
|
-
id: number;
|
|
232
|
-
tags: Record<string, string>;
|
|
233
|
-
};
|
|
234
|
-
export interface ActionApprovalAttributes {
|
|
235
|
-
requester_id: number;
|
|
236
|
-
ids: Array<string>;
|
|
237
|
-
collection_name: string;
|
|
238
|
-
smart_action_id: string;
|
|
239
|
-
values: any | null;
|
|
240
|
-
parent_collection_name: string | null;
|
|
241
|
-
parent_collection_id: string | null;
|
|
242
|
-
parent_association_name: string | null;
|
|
243
|
-
all_records: boolean;
|
|
244
|
-
all_records_subset_query: null;
|
|
245
|
-
}
|
|
246
|
-
export declare type ActionApprovalJWT = {
|
|
247
|
-
data: {
|
|
248
|
-
id: string | number;
|
|
249
|
-
type: string;
|
|
250
|
-
attributes: ActionApprovalAttributes;
|
|
251
|
-
};
|
|
252
|
-
};
|
|
253
|
-
export declare class JTWUnableToVerifyError extends Error {}
|
|
254
|
-
export declare class JTWTokenExpiredError extends Error {}
|
|
255
|
-
// # sourceMappingURL=types.d.ts.map
|
|
@@ -1,54 +0,0 @@
|
|
|
1
|
-
Object.defineProperty(exports, '__esModule', { value: true });
|
|
2
|
-
exports.JTWTokenExpiredError =
|
|
3
|
-
exports.JTWUnableToVerifyError =
|
|
4
|
-
exports.ChartType =
|
|
5
|
-
exports.CustomActionEvent =
|
|
6
|
-
exports.CollectionActionEvent =
|
|
7
|
-
exports.PermissionLevel =
|
|
8
|
-
void 0;
|
|
9
|
-
let PermissionLevel;
|
|
10
|
-
|
|
11
|
-
(function (PermissionLevel) {
|
|
12
|
-
PermissionLevel.Admin = 'admin';
|
|
13
|
-
PermissionLevel.Developer = 'developer';
|
|
14
|
-
PermissionLevel.Editor = 'editor';
|
|
15
|
-
PermissionLevel.User = 'user';
|
|
16
|
-
})((PermissionLevel = exports.PermissionLevel || (exports.PermissionLevel = {})));
|
|
17
|
-
|
|
18
|
-
let CollectionActionEvent;
|
|
19
|
-
|
|
20
|
-
(function (CollectionActionEvent) {
|
|
21
|
-
CollectionActionEvent.Browse = 'browse';
|
|
22
|
-
CollectionActionEvent.Export = 'export';
|
|
23
|
-
CollectionActionEvent.Read = 'read';
|
|
24
|
-
CollectionActionEvent.Edit = 'edit';
|
|
25
|
-
CollectionActionEvent.Delete = 'delete';
|
|
26
|
-
CollectionActionEvent.Add = 'add';
|
|
27
|
-
})((CollectionActionEvent = exports.CollectionActionEvent || (exports.CollectionActionEvent = {})));
|
|
28
|
-
|
|
29
|
-
let CustomActionEvent;
|
|
30
|
-
|
|
31
|
-
(function (CustomActionEvent) {
|
|
32
|
-
CustomActionEvent.Trigger = 'trigger';
|
|
33
|
-
CustomActionEvent.Approve = 'approve';
|
|
34
|
-
CustomActionEvent.SelfApprove = 'self-approve';
|
|
35
|
-
CustomActionEvent.RequireApproval = 'require-approval';
|
|
36
|
-
})((CustomActionEvent = exports.CustomActionEvent || (exports.CustomActionEvent = {})));
|
|
37
|
-
|
|
38
|
-
let ChartType;
|
|
39
|
-
|
|
40
|
-
(function (ChartType) {
|
|
41
|
-
ChartType.Pie = 'Pie';
|
|
42
|
-
ChartType.Value = 'Value';
|
|
43
|
-
ChartType.Leaderboard = 'Leaderboard';
|
|
44
|
-
ChartType.Line = 'Line';
|
|
45
|
-
ChartType.Objective = 'Objective';
|
|
46
|
-
ChartType.Percentage = 'Percentage';
|
|
47
|
-
ChartType.Smart = 'Smart';
|
|
48
|
-
})((ChartType = exports.ChartType || (exports.ChartType = {})));
|
|
49
|
-
|
|
50
|
-
class JTWUnableToVerifyError extends Error {}
|
|
51
|
-
exports.JTWUnableToVerifyError = JTWUnableToVerifyError;
|
|
52
|
-
class JTWTokenExpiredError extends Error {}
|
|
53
|
-
exports.JTWTokenExpiredError = JTWTokenExpiredError;
|
|
54
|
-
// # sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidHlwZXMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvc2VydmljZXMvYXV0aG9yaXphdGlvbi9pbnRlcm5hbC90eXBlcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUF5Q0EsSUFBWSxlQUtYO0FBTEQsV0FBWSxlQUFlO0lBQ3pCLGtDQUFlLENBQUE7SUFDZiwwQ0FBdUIsQ0FBQTtJQUN2QixvQ0FBaUIsQ0FBQTtJQUNqQixnQ0FBYSxDQUFBO0FBQ2YsQ0FBQyxFQUxXLGVBQWUsR0FBZix1QkFBZSxLQUFmLHVCQUFlLFFBSzFCO0FBWUQsSUFBWSxxQkFPWDtBQVBELFdBQVkscUJBQXFCO0lBQy9CLDBDQUFpQixDQUFBO0lBQ2pCLDBDQUFpQixDQUFBO0lBQ2pCLHNDQUFhLENBQUE7SUFDYixzQ0FBYSxDQUFBO0lBQ2IsMENBQWlCLENBQUE7SUFDakIsb0NBQVcsQ0FBQTtBQUNiLENBQUMsRUFQVyxxQkFBcUIsR0FBckIsNkJBQXFCLEtBQXJCLDZCQUFxQixRQU9oQztBQUVELElBQVksaUJBS1g7QUFMRCxXQUFZLGlCQUFpQjtJQUMzQix3Q0FBbUIsQ0FBQTtJQUNuQix3Q0FBbUIsQ0FBQTtJQUNuQixpREFBNEIsQ0FBQTtJQUM1Qix5REFBb0MsQ0FBQTtBQUN0QyxDQUFDLEVBTFcsaUJBQWlCLEdBQWpCLHlCQUFpQixLQUFqQix5QkFBaUIsUUFLNUI7QUFFRCxJQUFZLFNBUVg7QUFSRCxXQUFZLFNBQVM7SUFDbkIsd0JBQVcsQ0FBQTtJQUNYLDRCQUFlLENBQUE7SUFDZix3Q0FBMkIsQ0FBQTtJQUMzQiwwQkFBYSxDQUFBO0lBQ2Isb0NBQXVCLENBQUE7SUFDdkIsc0NBQXlCLENBQUE7SUFDekIsNEJBQWUsQ0FBQTtBQUNqQixDQUFDLEVBUlcsU0FBUyxHQUFULGlCQUFTLEtBQVQsaUJBQVMsUUFRcEI7QUErTUQsTUFBYSxzQkFBdUIsU0FBUSxLQUFLO0NBQUc7QUFBcEQsd0RBQW9EO0FBQ3BELE1BQWEsb0JBQXFCLFNBQVEsS0FBSztDQUFHO0FBQWxELG9EQUFrRCJ9
|
|
@@ -1,16 +0,0 @@
|
|
|
1
|
-
import { AgentOptionsWithDefaults } from '../../../types';
|
|
2
|
-
import { UserPermissionV4 } from './types';
|
|
3
|
-
|
|
4
|
-
export declare type UserPermissionOptions = Pick<
|
|
5
|
-
AgentOptionsWithDefaults,
|
|
6
|
-
'forestServerUrl' | 'envSecret' | 'isProduction' | 'permissionsCacheDurationInSeconds' | 'logger'
|
|
7
|
-
>;
|
|
8
|
-
export default class UserPermissionService {
|
|
9
|
-
private readonly options;
|
|
10
|
-
private cacheExpirationTimestamp;
|
|
11
|
-
private userInfoById;
|
|
12
|
-
constructor(options: UserPermissionOptions);
|
|
13
|
-
getUserInfo(userId: number): Promise<UserPermissionV4 | undefined>;
|
|
14
|
-
clearCache(): void;
|
|
15
|
-
}
|
|
16
|
-
// # sourceMappingURL=user-permission.d.ts.map
|
|
@@ -1,46 +0,0 @@
|
|
|
1
|
-
const __importDefault =
|
|
2
|
-
(this && this.__importDefault) ||
|
|
3
|
-
function (mod) {
|
|
4
|
-
return mod && mod.__esModule ? mod : { default: mod };
|
|
5
|
-
};
|
|
6
|
-
|
|
7
|
-
Object.defineProperty(exports, '__esModule', { value: true });
|
|
8
|
-
const forest_http_api_1 = __importDefault(require('../../../utils/forest-http-api'));
|
|
9
|
-
|
|
10
|
-
class UserPermissionService {
|
|
11
|
-
constructor(options) {
|
|
12
|
-
this.options = options;
|
|
13
|
-
this.cacheExpirationTimestamp = 0;
|
|
14
|
-
// The trick here is to keep the cache as a Promise and not a Map
|
|
15
|
-
// in order to avoid doing the same HTTP request twice when
|
|
16
|
-
// 2 calls are made to getUserInfo at the same time.
|
|
17
|
-
this.userInfoById = null;
|
|
18
|
-
}
|
|
19
|
-
|
|
20
|
-
async getUserInfo(userId) {
|
|
21
|
-
if (
|
|
22
|
-
!this.cacheExpirationTimestamp ||
|
|
23
|
-
this.cacheExpirationTimestamp < Date.now() ||
|
|
24
|
-
!(await this.userInfoById).has(userId)
|
|
25
|
-
) {
|
|
26
|
-
this.cacheExpirationTimestamp =
|
|
27
|
-
Date.now() + this.options.permissionsCacheDurationInSeconds * 1000;
|
|
28
|
-
this.options.logger('Debug', `Refreshing user permissions cache`);
|
|
29
|
-
// The response here is not awaited in order to be set in the cache
|
|
30
|
-
// allowing subsequent calls to getUserInfo to use the cache even if
|
|
31
|
-
// the response is not yet available.
|
|
32
|
-
this.userInfoById = forest_http_api_1.default
|
|
33
|
-
.getUsers(this.options)
|
|
34
|
-
.then(users => new Map(users.map(user => [user.id, user])));
|
|
35
|
-
}
|
|
36
|
-
|
|
37
|
-
return (await this.userInfoById).get(userId);
|
|
38
|
-
}
|
|
39
|
-
|
|
40
|
-
clearCache() {
|
|
41
|
-
this.userInfoById = null;
|
|
42
|
-
this.cacheExpirationTimestamp = Number.NEGATIVE_INFINITY;
|
|
43
|
-
}
|
|
44
|
-
}
|
|
45
|
-
exports.default = UserPermissionService;
|
|
46
|
-
// # sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidXNlci1wZXJtaXNzaW9uLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL3NlcnZpY2VzL2F1dGhvcml6YXRpb24vaW50ZXJuYWwvdXNlci1wZXJtaXNzaW9uLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7O0FBRUEscUZBQTJEO0FBTzNELE1BQXFCLHFCQUFxQjtJQVF4QyxZQUE2QixPQUE4QjtRQUE5QixZQUFPLEdBQVAsT0FBTyxDQUF1QjtRQVBuRCw2QkFBd0IsR0FBRyxDQUFDLENBQUM7UUFFckMsaUVBQWlFO1FBQ2pFLDJEQUEyRDtRQUMzRCxvREFBb0Q7UUFDNUMsaUJBQVksR0FBMkMsSUFBSSxDQUFDO0lBRU4sQ0FBQztJQUV4RCxLQUFLLENBQUMsV0FBVyxDQUFDLE1BQWM7UUFDckMsSUFDRSxDQUFDLElBQUksQ0FBQyx3QkFBd0I7WUFDOUIsSUFBSSxDQUFDLHdCQUF3QixHQUFHLElBQUksQ0FBQyxHQUFHLEVBQUU7WUFDMUMsQ0FBQyxDQUFDLE1BQU0sSUFBSSxDQUFDLFlBQVksQ0FBQyxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsRUFDdEM7WUFDQSxJQUFJLENBQUMsd0JBQXdCO2dCQUMzQixJQUFJLENBQUMsR0FBRyxFQUFFLEdBQUcsSUFBSSxDQUFDLE9BQU8sQ0FBQyxpQ0FBaUMsR0FBRyxJQUFJLENBQUM7WUFFckUsSUFBSSxDQUFDLE9BQU8sQ0FBQyxNQUFNLENBQUMsT0FBTyxFQUFFLG1DQUFtQyxDQUFDLENBQUM7WUFFbEUsbUVBQW1FO1lBQ25FLG9FQUFvRTtZQUNwRSxxQ0FBcUM7WUFDckMsSUFBSSxDQUFDLFlBQVksR0FBRyx5QkFBYSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUMsSUFBSSxDQUMzRCxLQUFLLENBQUMsRUFBRSxDQUFDLElBQUksR0FBRyxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxDQUFDLElBQUksQ0FBQyxFQUFFLEVBQUUsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUNyRCxDQUFDO1NBQ0g7UUFFRCxPQUFPLENBQUMsTUFBTSxJQUFJLENBQUMsWUFBWSxDQUFDLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBQy9DLENBQUM7SUFFTSxVQUFVO1FBQ2YsSUFBSSxDQUFDLFlBQVksR0FBRyxJQUFJLENBQUM7UUFDekIsSUFBSSxDQUFDLHdCQUF3QixHQUFHLE1BQU0sQ0FBQyxpQkFBaUIsQ0FBQztJQUMzRCxDQUFDO0NBQ0Y7QUFwQ0Qsd0NBb0NDIn0=
|
|
@@ -1,19 +0,0 @@
|
|
|
1
|
-
import { Collection, ConditionTree } from '@forestadmin/datasource-toolkit';
|
|
2
|
-
import { Context } from 'koa';
|
|
3
|
-
import { AgentOptionsWithDefaults } from '../types';
|
|
4
|
-
declare type RolesOptions = Pick<AgentOptionsWithDefaults, 'forestServerUrl' | 'envSecret' | 'isProduction' | 'permissionsCacheDurationInSeconds'>;
|
|
5
|
-
export default class PermissionService {
|
|
6
|
-
private options;
|
|
7
|
-
private cache;
|
|
8
|
-
constructor(options: RolesOptions);
|
|
9
|
-
invalidateCache(renderingId: number): void;
|
|
10
|
-
/** Checks that a charting query is in the list of allowed queries */
|
|
11
|
-
canChart(context: Context): Promise<void>;
|
|
12
|
-
/** Check if a user is allowed to perform a specific action */
|
|
13
|
-
can(context: Context, action: string, allowRefetch?: boolean): Promise<void>;
|
|
14
|
-
getScope(collection: Collection, context: Context): Promise<ConditionTree>;
|
|
15
|
-
/** Get cached version of "rendering permissions" */
|
|
16
|
-
private getRenderingPermissions;
|
|
17
|
-
}
|
|
18
|
-
export {};
|
|
19
|
-
//# sourceMappingURL=permissions.d.ts.map
|
|
@@ -1,85 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
-
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
-
};
|
|
5
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
-
const lru_cache_1 = __importDefault(require("lru-cache"));
|
|
7
|
-
const object_hash_1 = __importDefault(require("object-hash"));
|
|
8
|
-
const types_1 = require("../types");
|
|
9
|
-
const condition_tree_parser_1 = __importDefault(require("../utils/condition-tree-parser"));
|
|
10
|
-
const forest_http_api_1 = __importDefault(require("../utils/forest-http-api"));
|
|
11
|
-
class PermissionService {
|
|
12
|
-
constructor(options) {
|
|
13
|
-
this.options = options;
|
|
14
|
-
this.cache = new lru_cache_1.default({
|
|
15
|
-
max: 256,
|
|
16
|
-
ttl: this.options.permissionsCacheDurationInSeconds * 1000,
|
|
17
|
-
});
|
|
18
|
-
}
|
|
19
|
-
invalidateCache(renderingId) {
|
|
20
|
-
this.cache.delete(renderingId);
|
|
21
|
-
}
|
|
22
|
-
/** Checks that a charting query is in the list of allowed queries */
|
|
23
|
-
async canChart(context) {
|
|
24
|
-
// If the permissions level already allow the chart, no need to check further
|
|
25
|
-
if (['admin', 'editor', 'developer'].includes(context.state.user.permissionLevel)) {
|
|
26
|
-
return;
|
|
27
|
-
}
|
|
28
|
-
const chart = { ...context.request.body };
|
|
29
|
-
// When the server sends the data of the allowed charts, the target column is not specified
|
|
30
|
-
// for relations => allow them all.
|
|
31
|
-
if (chart?.group_by_field?.includes(':'))
|
|
32
|
-
chart.group_by_field = chart.group_by_field.substring(0, chart.group_by_field.indexOf(':'));
|
|
33
|
-
const chartHash = (0, object_hash_1.default)(chart, {
|
|
34
|
-
respectType: false,
|
|
35
|
-
excludeKeys: key => chart[key] === null,
|
|
36
|
-
});
|
|
37
|
-
await this.can(context, `chart:${chartHash}`);
|
|
38
|
-
}
|
|
39
|
-
/** Check if a user is allowed to perform a specific action */
|
|
40
|
-
async can(context, action, allowRefetch = true) {
|
|
41
|
-
const { id: userId, renderingId } = context.state.user;
|
|
42
|
-
const perms = await this.getRenderingPermissions(renderingId);
|
|
43
|
-
const isAllowed = perms.actions.has(action) || perms.actionsByUser[action]?.has(userId);
|
|
44
|
-
if (!isAllowed && allowRefetch) {
|
|
45
|
-
this.invalidateCache(renderingId);
|
|
46
|
-
return this.can(context, action, false);
|
|
47
|
-
}
|
|
48
|
-
if (!isAllowed) {
|
|
49
|
-
context.throw(types_1.HttpCode.Forbidden, 'Forbidden');
|
|
50
|
-
}
|
|
51
|
-
}
|
|
52
|
-
async getScope(collection, context) {
|
|
53
|
-
const { user } = context.state;
|
|
54
|
-
const perms = await this.getRenderingPermissions(user.renderingId);
|
|
55
|
-
const scopes = perms.scopes[collection.name];
|
|
56
|
-
if (!scopes)
|
|
57
|
-
return null;
|
|
58
|
-
const conditionTree = condition_tree_parser_1.default.fromPlainObject(collection, scopes.conditionTree);
|
|
59
|
-
return conditionTree.replaceLeafs(leaf => {
|
|
60
|
-
const dynamicValues = scopes.dynamicScopeValues?.[user.id];
|
|
61
|
-
if (typeof leaf.value === 'string' && leaf.value.startsWith('$currentUser')) {
|
|
62
|
-
// Search replacement hash from forestadmin server
|
|
63
|
-
if (dynamicValues) {
|
|
64
|
-
return leaf.override({ value: dynamicValues[leaf.value] });
|
|
65
|
-
}
|
|
66
|
-
// Search JWT token (new user)
|
|
67
|
-
return leaf.override({
|
|
68
|
-
value: leaf.value.startsWith('$currentUser.tags.')
|
|
69
|
-
? user.tags[leaf.value.substring(18)]
|
|
70
|
-
: user[leaf.value.substring(13)],
|
|
71
|
-
});
|
|
72
|
-
}
|
|
73
|
-
return leaf;
|
|
74
|
-
});
|
|
75
|
-
}
|
|
76
|
-
/** Get cached version of "rendering permissions" */
|
|
77
|
-
getRenderingPermissions(renderingId) {
|
|
78
|
-
if (!this.cache.has(renderingId))
|
|
79
|
-
this.cache.set(renderingId, forest_http_api_1.default.getPermissions(this.options, renderingId));
|
|
80
|
-
// We already checked the entry is up-to-date with the .has() call => allowStale
|
|
81
|
-
return this.cache.get(renderingId, { allowStale: true });
|
|
82
|
-
}
|
|
83
|
-
}
|
|
84
|
-
exports.default = PermissionService;
|
|
85
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGVybWlzc2lvbnMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvc2VydmljZXMvcGVybWlzc2lvbnMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFFQSwwREFBaUM7QUFDakMsOERBQXFDO0FBRXJDLG9DQUE4RDtBQUM5RCwyRkFBaUU7QUFDakUsK0VBQStFO0FBTy9FLE1BQXFCLGlCQUFpQjtJQUlwQyxZQUFZLE9BQXFCO1FBQy9CLElBQUksQ0FBQyxPQUFPLEdBQUcsT0FBTyxDQUFDO1FBQ3ZCLElBQUksQ0FBQyxLQUFLLEdBQUcsSUFBSSxtQkFBUSxDQUFDO1lBQ3hCLEdBQUcsRUFBRSxHQUFHO1lBQ1IsR0FBRyxFQUFFLElBQUksQ0FBQyxPQUFPLENBQUMsaUNBQWlDLEdBQUcsSUFBSTtTQUMzRCxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsZUFBZSxDQUFDLFdBQW1CO1FBQ2pDLElBQUksQ0FBQyxLQUFLLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FBQyxDQUFDO0lBQ2pDLENBQUM7SUFFRCxxRUFBcUU7SUFDckUsS0FBSyxDQUFDLFFBQVEsQ0FBQyxPQUFnQjtRQUM3Qiw2RUFBNkU7UUFDN0UsSUFBSSxDQUFDLE9BQU8sRUFBRSxRQUFRLEVBQUUsV0FBVyxDQUFDLENBQUMsUUFBUSxDQUFDLE9BQU8sQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxFQUFFO1lBQ2pGLE9BQU87U0FDUjtRQUVELE1BQU0sS0FBSyxHQUFHLEVBQUUsR0FBRyxPQUFPLENBQUMsT0FBTyxDQUFDLElBQUksRUFBRSxDQUFDO1FBRTFDLDJGQUEyRjtRQUMzRixtQ0FBbUM7UUFDbkMsSUFBSSxLQUFLLEVBQUUsY0FBYyxFQUFFLFFBQVEsQ0FBQyxHQUFHLENBQUM7WUFDdEMsS0FBSyxDQUFDLGNBQWMsR0FBRyxLQUFLLENBQUMsY0FBYyxDQUFDLFNBQVMsQ0FBQyxDQUFDLEVBQUUsS0FBSyxDQUFDLGNBQWMsQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQztRQUU5RixNQUFNLFNBQVMsR0FBRyxJQUFBLHFCQUFVLEVBQUMsS0FBSyxFQUFFO1lBQ2xDLFdBQVcsRUFBRSxLQUFLO1lBQ2xCLFdBQVcsRUFBRSxHQUFHLENBQUMsRUFBRSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsS0FBSyxJQUFJO1NBQ3hDLENBQUMsQ0FBQztRQUVILE1BQU0sSUFBSSxDQUFDLEdBQUcsQ0FBQyxPQUFPLEVBQUUsU0FBUyxTQUFTLEVBQUUsQ0FBQyxDQUFDO0lBQ2hELENBQUM7SUFFRCw4REFBOEQ7SUFDOUQsS0FBSyxDQUFDLEdBQUcsQ0FBQyxPQUFnQixFQUFFLE1BQWMsRUFBRSxZQUFZLEdBQUcsSUFBSTtRQUM3RCxNQUFNLEVBQUUsRUFBRSxFQUFFLE1BQU0sRUFBRSxXQUFXLEVBQUUsR0FBRyxPQUFPLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQztRQUN2RCxNQUFNLEtBQUssR0FBRyxNQUFNLElBQUksQ0FBQyx1QkFBdUIsQ0FBQyxXQUFXLENBQUMsQ0FBQztRQUM5RCxNQUFNLFNBQVMsR0FBRyxLQUFLLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsSUFBSSxLQUFLLENBQUMsYUFBYSxDQUFDLE1BQU0sQ0FBQyxFQUFFLEdBQUcsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUV4RixJQUFJLENBQUMsU0FBUyxJQUFJLFlBQVksRUFBRTtZQUM5QixJQUFJLENBQUMsZUFBZSxDQUFDLFdBQVcsQ0FBQyxDQUFDO1lBRWxDLE9BQU8sSUFBSSxDQUFDLEdBQUcsQ0FBQyxPQUFPLEVBQUUsTUFBTSxFQUFFLEtBQUssQ0FBQyxDQUFDO1NBQ3pDO1FBRUQsSUFBSSxDQUFDLFNBQVMsRUFBRTtZQUNkLE9BQU8sQ0FBQyxLQUFLLENBQUMsZ0JBQVEsQ0FBQyxTQUFTLEVBQUUsV0FBVyxDQUFDLENBQUM7U0FDaEQ7SUFDSCxDQUFDO0lBRUQsS0FBSyxDQUFDLFFBQVEsQ0FBQyxVQUFzQixFQUFFLE9BQWdCO1FBQ3JELE1BQU0sRUFBRSxJQUFJLEVBQUUsR0FBRyxPQUFPLENBQUMsS0FBSyxDQUFDO1FBQy9CLE1BQU0sS0FBSyxHQUFHLE1BQU0sSUFBSSxDQUFDLHVCQUF1QixDQUFDLElBQUksQ0FBQyxXQUFXLENBQUMsQ0FBQztRQUNuRSxNQUFNLE1BQU0sR0FBRyxLQUFLLENBQUMsTUFBTSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUU3QyxJQUFJLENBQUMsTUFBTTtZQUFFLE9BQU8sSUFBSSxDQUFDO1FBRXpCLE1BQU0sYUFBYSxHQUFHLCtCQUFtQixDQUFDLGVBQWUsQ0FBQyxVQUFVLEVBQUUsTUFBTSxDQUFDLGFBQWEsQ0FBQyxDQUFDO1FBRTVGLE9BQU8sYUFBYSxDQUFDLFlBQVksQ0FBQyxJQUFJLENBQUMsRUFBRTtZQUN2QyxNQUFNLGFBQWEsR0FBRyxNQUFNLENBQUMsa0JBQWtCLEVBQUUsQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLENBQUM7WUFFM0QsSUFBSSxPQUFPLElBQUksQ0FBQyxLQUFLLEtBQUssUUFBUSxJQUFJLElBQUksQ0FBQyxLQUFLLENBQUMsVUFBVSxDQUFDLGNBQWMsQ0FBQyxFQUFFO2dCQUMzRSxrREFBa0Q7Z0JBQ2xELElBQUksYUFBYSxFQUFFO29CQUNqQixPQUFPLElBQUksQ0FBQyxRQUFRLENBQUMsRUFBRSxLQUFLLEVBQUUsYUFBYSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLENBQUM7aUJBQzVEO2dCQUVELDhCQUE4QjtnQkFDOUIsT0FBTyxJQUFJLENBQUMsUUFBUSxDQUFDO29CQUNuQixLQUFLLEVBQUUsSUFBSSxDQUFDLEtBQUssQ0FBQyxVQUFVLENBQUMsb0JBQW9CLENBQUM7d0JBQ2hELENBQUMsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FBQyxDQUFDO3dCQUNyQyxDQUFDLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FBQyxDQUFDO2lCQUNuQyxDQUFDLENBQUM7YUFDSjtZQUVELE9BQU8sSUFBSSxDQUFDO1FBQ2QsQ0FBQyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsb0RBQW9EO0lBQzVDLHVCQUF1QixDQUFDLFdBQW1CO1FBQ2pELElBQUksQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxXQUFXLENBQUM7WUFDOUIsSUFBSSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsV0FBVyxFQUFFLHlCQUFhLENBQUMsY0FBYyxDQUFDLElBQUksQ0FBQyxPQUFPLEVBQUUsV0FBVyxDQUFDLENBQUMsQ0FBQztRQUV2RixnRkFBZ0Y7UUFDaEYsT0FBTyxJQUFJLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxXQUFXLEVBQUUsRUFBRSxVQUFVLEVBQUUsSUFBSSxFQUFFLENBQUMsQ0FBQztJQUMzRCxDQUFDO0NBQ0Y7QUE3RkQsb0NBNkZDIn0=
|