@forestadmin/forestadmin-client 1.0.0-alpha.1

package/dist/forest-admin-client-with-cache.d.ts

@@ -0,0 +1,17 @@
+import type { GenericTree } from '@forestadmin/datasource-toolkit';
+import { ForestAdminClient, ForestAdminClientOptionsWithDefaults, PermissionService } from './types';
+import RenderingPermissionService from './permissions/rendering-permission';
+export default class ForestAdminClientWithCache implements ForestAdminClient {
+    protected readonly options: ForestAdminClientOptionsWithDefaults;
+    readonly permissionService: PermissionService;
+    protected readonly renderingPermissionService: RenderingPermissionService;
+    constructor(options: ForestAdminClientOptionsWithDefaults, permissionService: PermissionService, renderingPermissionService: RenderingPermissionService);
+    verifySignedActionParameters<TSignedParameters>(signedParameters: string): TSignedParameters;
+    getScope({ renderingId, userId, collectionName, }: {
+        renderingId: number | string;
+        userId: number | string;
+        collectionName: string;
+    }): Promise<GenericTree>;
+    markScopesAsUpdated(renderingId: number | string): void;
+}
+//# sourceMappingURL=forest-admin-client-with-cache.d.ts.map

package/dist/forest-admin-client-with-cache.js

@@ -0,0 +1,28 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const verify_approval_1 = __importDefault(require("./permissions/verify-approval"));
+class ForestAdminClientWithCache {
+    constructor(options, permissionService, renderingPermissionService) {
+        this.options = options;
+        this.permissionService = permissionService;
+        this.renderingPermissionService = renderingPermissionService;
+    }
+    verifySignedActionParameters(signedParameters) {
+        return (0, verify_approval_1.default)(signedParameters, this.options.envSecret);
+    }
+    async getScope({ renderingId, userId, collectionName, }) {
+        return this.renderingPermissionService.getScope({
+            renderingId,
+            collectionName,
+            userId,
+        });
+    }
+    markScopesAsUpdated(renderingId) {
+        this.renderingPermissionService.invalidateCache(renderingId);
+    }
+}
+exports.default = ForestAdminClientWithCache;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZm9yZXN0LWFkbWluLWNsaWVudC13aXRoLWNhY2hlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL2ZvcmVzdC1hZG1pbi1jbGllbnQtd2l0aC1jYWNoZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7OztBQVFBLG9GQUFxRTtBQUVyRSxNQUFxQiwwQkFBMEI7SUFDN0MsWUFDcUIsT0FBNkMsRUFDaEQsaUJBQW9DLEVBQ2pDLDBCQUFzRDtRQUZ0RCxZQUFPLEdBQVAsT0FBTyxDQUFzQztRQUNoRCxzQkFBaUIsR0FBakIsaUJBQWlCLENBQW1CO1FBQ2pDLCtCQUEwQixHQUExQiwwQkFBMEIsQ0FBNEI7SUFDeEUsQ0FBQztJQUVHLDRCQUE0QixDQUNqQyxnQkFBd0I7UUFFeEIsT0FBTyxJQUFBLHlCQUF3QixFQUFDLGdCQUFnQixFQUFFLElBQUksQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLENBQUM7SUFDNUUsQ0FBQztJQUVNLEtBQUssQ0FBQyxRQUFRLENBQUMsRUFDcEIsV0FBVyxFQUNYLE1BQU0sRUFDTixjQUFjLEdBS2Y7UUFDQyxPQUFPLElBQUksQ0FBQywwQkFBMEIsQ0FBQyxRQUFRLENBQUM7WUFDOUMsV0FBVztZQUNYLGNBQWM7WUFDZCxNQUFNO1NBQ1AsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVNLG1CQUFtQixDQUFDLFdBQTRCO1FBQ3JELElBQUksQ0FBQywwQkFBMEIsQ0FBQyxlQUFlLENBQUMsV0FBVyxDQUFDLENBQUM7SUFDL0QsQ0FBQztDQUNGO0FBaENELDZDQWdDQyJ9

package/dist/index.d.ts

@@ -0,0 +1,8 @@
+import { ForestAdminClientOptions } from './types';
+import ForestAdminClient from './forest-admin-client-with-cache';
+export { ForestAdminClientOptions, Logger, LoggerLevel, ForestAdminClient } from './types';
+export { CollectionActionEvent } from './permissions/types';
+export { default as JTWTokenExpiredError } from './permissions/errors/jwt-token-expired-error';
+export { default as JTWUnableToVerifyError } from './permissions/errors/jwt-unable-to-verify-error';
+export default function createForestAdminClient(options: ForestAdminClientOptions): ForestAdminClient;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.js

@@ -0,0 +1,33 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JTWUnableToVerifyError = exports.JTWTokenExpiredError = exports.CollectionActionEvent = void 0;
+const action_permission_1 = __importDefault(require("./permissions/action-permission"));
+const forest_admin_client_with_cache_1 = __importDefault(require("./forest-admin-client-with-cache"));
+const permission_with_cache_1 = __importDefault(require("./permissions/permission-with-cache"));
+const rendering_permission_1 = __importDefault(require("./permissions/rendering-permission"));
+const user_permission_1 = __importDefault(require("./permissions/user-permission"));
+var types_1 = require("./permissions/types");
+Object.defineProperty(exports, "CollectionActionEvent", { enumerable: true, get: function () { return types_1.CollectionActionEvent; } });
+var jwt_token_expired_error_1 = require("./permissions/errors/jwt-token-expired-error");
+Object.defineProperty(exports, "JTWTokenExpiredError", { enumerable: true, get: function () { return __importDefault(jwt_token_expired_error_1).default; } });
+var jwt_unable_to_verify_error_1 = require("./permissions/errors/jwt-unable-to-verify-error");
+Object.defineProperty(exports, "JTWUnableToVerifyError", { enumerable: true, get: function () { return __importDefault(jwt_unable_to_verify_error_1).default; } });
+function createForestAdminClient(options) {
+    const optionsWithDefaults = {
+        forestServerUrl: 'https://api.forestadmin.com',
+        permissionsCacheDurationInSeconds: 15 * 60,
+        // eslint-disable-next-line no-console
+        logger: (level, ...args) => console[level.toLowerCase()](...args),
+        ...options,
+    };
+    const actionPermission = new action_permission_1.default(optionsWithDefaults);
+    const userPermission = new user_permission_1.default(optionsWithDefaults);
+    const renderingPermission = new rendering_permission_1.default(optionsWithDefaults, userPermission);
+    const permissionService = new permission_with_cache_1.default(actionPermission, renderingPermission);
+    return new forest_admin_client_with_cache_1.default(optionsWithDefaults, permissionService, renderingPermission);
+}
+exports.default = createForestAdminClient;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7O0FBQ0Esd0ZBQXNFO0FBQ3RFLHNHQUFpRTtBQUNqRSxnR0FBb0U7QUFDcEUsOEZBQTRFO0FBQzVFLG9GQUFrRTtBQUdsRSw2Q0FBNEQ7QUFBbkQsOEdBQUEscUJBQXFCLE9BQUE7QUFDOUIsd0ZBQStGO0FBQXRGLGdKQUFBLE9BQU8sT0FBd0I7QUFDeEMsOEZBQW9HO0FBQTNGLHFKQUFBLE9BQU8sT0FBMEI7QUFFMUMsU0FBd0IsdUJBQXVCLENBQzdDLE9BQWlDO0lBRWpDLE1BQU0sbUJBQW1CLEdBQXlDO1FBQ2hFLGVBQWUsRUFBRSw2QkFBNkI7UUFDOUMsaUNBQWlDLEVBQUUsRUFBRSxHQUFHLEVBQUU7UUFDMUMsc0NBQXNDO1FBQ3RDLE1BQU0sRUFBRSxDQUFDLEtBQUssRUFBRSxHQUFHLElBQUksRUFBRSxFQUFFLENBQUMsT0FBTyxDQUFDLEtBQUssQ0FBQyxXQUFXLEVBQUUsQ0FBQyxDQUFDLEdBQUcsSUFBSSxDQUFDO1FBQ2pFLEdBQUcsT0FBTztLQUNYLENBQUM7SUFFRixNQUFNLGdCQUFnQixHQUFHLElBQUksMkJBQXVCLENBQUMsbUJBQW1CLENBQUMsQ0FBQztJQUMxRSxNQUFNLGNBQWMsR0FBRyxJQUFJLHlCQUFxQixDQUFDLG1CQUFtQixDQUFDLENBQUM7SUFDdEUsTUFBTSxtQkFBbUIsR0FBRyxJQUFJLDhCQUEwQixDQUFDLG1CQUFtQixFQUFFLGNBQWMsQ0FBQyxDQUFDO0lBQ2hHLE1BQU0saUJBQWlCLEdBQUcsSUFBSSwrQkFBaUIsQ0FBQyxnQkFBZ0IsRUFBRSxtQkFBbUIsQ0FBQyxDQUFDO0lBRXZGLE9BQU8sSUFBSSx3Q0FBaUIsQ0FBQyxtQkFBbUIsRUFBRSxpQkFBaUIsRUFBRSxtQkFBbUIsQ0FBQyxDQUFDO0FBQzVGLENBQUM7QUFqQkQsMENBaUJDIn0=

package/dist/permissions/action-permission.d.ts

@@ -0,0 +1,15 @@
+import { ForestAdminClientOptionsWithDefaults } from '../types';
+export default class ActionPermissionService {
+    private readonly options;
+    private permissionsPromise;
+    private permissionExpirationTimestamp;
+    constructor(options: ForestAdminClientOptionsWithDefaults);
+    canOneOf(userId: string, actionNames: string[]): Promise<boolean>;
+    can(userId: string, actionName: string): Promise<boolean>;
+    private hasPermissionOrRefetch;
+    private isAllowedOneOf;
+    private isAllowed;
+    private getPermissions;
+    private fetchEnvironmentPermissions;
+}
+//# sourceMappingURL=action-permission.d.ts.map

package/dist/permissions/action-permission.js

@@ -0,0 +1,70 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const forest_http_api_1 = __importDefault(require("./forest-http-api"));
+const generate_actions_from_permissions_1 = __importDefault(require("./generate-actions-from-permissions"));
+class ActionPermissionService {
+    constructor(options) {
+        this.options = options;
+    }
+    canOneOf(userId, actionNames) {
+        return this.hasPermissionOrRefetch({
+            userId,
+            actionNames,
+            allowRefetch: true,
+        });
+    }
+    can(userId, actionName) {
+        return this.hasPermissionOrRefetch({
+            userId,
+            actionNames: [actionName],
+            allowRefetch: true,
+        });
+    }
+    async hasPermissionOrRefetch({ userId, actionNames, allowRefetch, }) {
+        const permissions = await this.getPermissions();
+        const isAllowed = this.isAllowedOneOf({ permissions, actionNames, userId });
+        if (!isAllowed && allowRefetch) {
+            this.permissionsPromise = undefined;
+            this.permissionExpirationTimestamp = undefined;
+            return this.hasPermissionOrRefetch({
+                userId,
+                actionNames,
+                allowRefetch: false,
+            });
+        }
+        this.options.logger('Debug', `User ${userId} is ${isAllowed ? '' : 'not '}allowed to perform ${actionNames.length > 1 ? ' one of ' : ''}${actionNames.join(', ')}`);
+        return isAllowed;
+    }
+    isAllowedOneOf({ permissions, actionNames, userId, }) {
+        return actionNames.some(actionName => this.isAllowed({ permissions, actionName, userId }));
+    }
+    isAllowed({ permissions, actionName, userId, }) {
+        return Boolean(permissions.everythingAllowed ||
+            permissions.actionsGloballyAllowed.has(actionName) ||
+            permissions.actionsAllowedByUser.get(actionName)?.has(userId));
+    }
+    async getPermissions() {
+        if (this.permissionsPromise &&
+            this.permissionExpirationTimestamp &&
+            this.permissionExpirationTimestamp > Date.now()) {
+            return this.permissionsPromise;
+        }
+        this.permissionsPromise = this.fetchEnvironmentPermissions();
+        this.permissionExpirationTimestamp =
+            Date.now() + this.options.permissionsCacheDurationInSeconds * 1000;
+        return this.permissionsPromise;
+    }
+    async fetchEnvironmentPermissions() {
+        this.options.logger('Debug', 'Fetching environment permissions');
+        const [rawPermissions, users] = await Promise.all([
+            forest_http_api_1.default.getEnvironmentPermissions(this.options),
+            forest_http_api_1.default.getUsers(this.options),
+        ]);
+        return (0, generate_actions_from_permissions_1.default)(rawPermissions, users);
+    }
+}
+exports.default = ActionPermissionService;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWN0aW9uLXBlcm1pc3Npb24uanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvcGVybWlzc2lvbnMvYWN0aW9uLXBlcm1pc3Npb24udHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFDQSx3RUFBOEM7QUFDOUMsNEdBRTZDO0FBRTdDLE1BQXFCLHVCQUF1QjtJQUkxQyxZQUE2QixPQUE2QztRQUE3QyxZQUFPLEdBQVAsT0FBTyxDQUFzQztJQUFHLENBQUM7SUFFdkUsUUFBUSxDQUFDLE1BQWMsRUFBRSxXQUFxQjtRQUNuRCxPQUFPLElBQUksQ0FBQyxzQkFBc0IsQ0FBQztZQUNqQyxNQUFNO1lBQ04sV0FBVztZQUNYLFlBQVksRUFBRSxJQUFJO1NBQ25CLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFTSxHQUFHLENBQUMsTUFBYyxFQUFFLFVBQWtCO1FBQzNDLE9BQU8sSUFBSSxDQUFDLHNCQUFzQixDQUFDO1lBQ2pDLE1BQU07WUFDTixXQUFXLEVBQUUsQ0FBQyxVQUFVLENBQUM7WUFDekIsWUFBWSxFQUFFLElBQUk7U0FDbkIsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVPLEtBQUssQ0FBQyxzQkFBc0IsQ0FBQyxFQUNuQyxNQUFNLEVBQ04sV0FBVyxFQUNYLFlBQVksR0FLYjtRQUNDLE1BQU0sV0FBVyxHQUFHLE1BQU0sSUFBSSxDQUFDLGNBQWMsRUFBRSxDQUFDO1FBQ2hELE1BQU0sU0FBUyxHQUFHLElBQUksQ0FBQyxjQUFjLENBQUMsRUFBRSxXQUFXLEVBQUUsV0FBVyxFQUFFLE1BQU0sRUFBRSxDQUFDLENBQUM7UUFFNUUsSUFBSSxDQUFDLFNBQVMsSUFBSSxZQUFZLEVBQUU7WUFDOUIsSUFBSSxDQUFDLGtCQUFrQixHQUFHLFNBQVMsQ0FBQztZQUNwQyxJQUFJLENBQUMsNkJBQTZCLEdBQUcsU0FBUyxDQUFDO1lBRS9DLE9BQU8sSUFBSSxDQUFDLHNCQUFzQixDQUFDO2dCQUNqQyxNQUFNO2dCQUNOLFdBQVc7Z0JBQ1gsWUFBWSxFQUFFLEtBQUs7YUFDcEIsQ0FBQyxDQUFDO1NBQ0o7UUFFRCxJQUFJLENBQUMsT0FBTyxDQUFDLE1BQU0sQ0FDakIsT0FBTyxFQUNQLFFBQVEsTUFBTSxPQUFPLFNBQVMsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxNQUFNLHNCQUMxQyxXQUFXLENBQUMsTUFBTSxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUMsVUFBVSxDQUFDLENBQUMsQ0FBQyxFQUN4QyxHQUFHLFdBQVcsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FDNUIsQ0FBQztRQUVGLE9BQU8sU0FBUyxDQUFDO0lBQ25CLENBQUM7SUFFTyxjQUFjLENBQUMsRUFDckIsV0FBVyxFQUNYLFdBQVcsRUFDWCxNQUFNLEdBS1A7UUFDQyxPQUFPLFdBQVcsQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLEVBQUUsV0FBVyxFQUFFLFVBQVUsRUFBRSxNQUFNLEVBQUUsQ0FBQyxDQUFDLENBQUM7SUFDN0YsQ0FBQztJQUVPLFNBQVMsQ0FBQyxFQUNoQixXQUFXLEVBQ1gsVUFBVSxFQUNWLE1BQU0sR0FLUDtRQUNDLE9BQU8sT0FBTyxDQUNaLFdBQVcsQ0FBQyxpQkFBaUI7WUFDM0IsV0FBVyxDQUFDLHNCQUFzQixDQUFDLEdBQUcsQ0FBQyxVQUFVLENBQUM7WUFDbEQsV0FBVyxDQUFDLG9CQUFvQixDQUFDLEdBQUcsQ0FBQyxVQUFVLENBQUMsRUFBRSxHQUFHLENBQUMsTUFBTSxDQUFDLENBQ2hFLENBQUM7SUFDSixDQUFDO0lBRU8sS0FBSyxDQUFDLGNBQWM7UUFDMUIsSUFDRSxJQUFJLENBQUMsa0JBQWtCO1lBQ3ZCLElBQUksQ0FBQyw2QkFBNkI7WUFDbEMsSUFBSSxDQUFDLDZCQUE2QixHQUFHLElBQUksQ0FBQyxHQUFHLEVBQUUsRUFDL0M7WUFDQSxPQUFPLElBQUksQ0FBQyxrQkFBa0IsQ0FBQztTQUNoQztRQUVELElBQUksQ0FBQyxrQkFBa0IsR0FBRyxJQUFJLENBQUMsMkJBQTJCLEVBQUUsQ0FBQztRQUM3RCxJQUFJLENBQUMsNkJBQTZCO1lBQ2hDLElBQUksQ0FBQyxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDLGlDQUFpQyxHQUFHLElBQUksQ0FBQztRQUVyRSxPQUFPLElBQUksQ0FBQyxrQkFBa0IsQ0FBQztJQUNqQyxDQUFDO0lBRU8sS0FBSyxDQUFDLDJCQUEyQjtRQUN2QyxJQUFJLENBQUMsT0FBTyxDQUFDLE1BQU0sQ0FBQyxPQUFPLEVBQUUsa0NBQWtDLENBQUMsQ0FBQztRQUVqRSxNQUFNLENBQUMsY0FBYyxFQUFFLEtBQUssQ0FBQyxHQUFHLE1BQU0sT0FBTyxDQUFDLEdBQUcsQ0FBQztZQUNoRCx5QkFBYSxDQUFDLHlCQUF5QixDQUFDLElBQUksQ0FBQyxPQUFPLENBQUM7WUFDckQseUJBQWEsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQztTQUNyQyxDQUFDLENBQUM7UUFFSCxPQUFPLElBQUEsMkNBQThCLEVBQUMsY0FBYyxFQUFFLEtBQUssQ0FBQyxDQUFDO0lBQy9ELENBQUM7Q0FDRjtBQTdHRCwwQ0E2R0MifQ==

package/dist/permissions/errors/jwt-token-expired-error.d.ts

@@ -0,0 +1,3 @@
+export default class JTWTokenExpiredError extends Error {
+}
+//# sourceMappingURL=jwt-token-expired-error.d.ts.map

package/dist/permissions/errors/jwt-token-expired-error.js

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+class JTWTokenExpiredError extends Error {
+}
+exports.default = JTWTokenExpiredError;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiand0LXRva2VuLWV4cGlyZWQtZXJyb3IuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvcGVybWlzc2lvbnMvZXJyb3JzL2p3dC10b2tlbi1leHBpcmVkLWVycm9yLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBQUEsTUFBcUIsb0JBQXFCLFNBQVEsS0FBSztDQUFHO0FBQTFELHVDQUEwRCJ9

package/dist/permissions/errors/jwt-unable-to-verify-error.d.ts

@@ -0,0 +1,3 @@
+export default class JTWUnableToVerifyError extends Error {
+}
+//# sourceMappingURL=jwt-unable-to-verify-error.d.ts.map

package/dist/permissions/errors/jwt-unable-to-verify-error.js

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+class JTWUnableToVerifyError extends Error {
+}
+exports.default = JTWUnableToVerifyError;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiand0LXVuYWJsZS10by12ZXJpZnktZXJyb3IuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvcGVybWlzc2lvbnMvZXJyb3JzL2p3dC11bmFibGUtdG8tdmVyaWZ5LWVycm9yLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBQUEsTUFBcUIsc0JBQXVCLFNBQVEsS0FBSztDQUFHO0FBQTVELHlDQUE0RCJ9

package/dist/permissions/forest-http-api.d.ts

@@ -0,0 +1,11 @@
+import { EnvironmentPermissionsV4, RenderingPermissionV4, UserPermissionV4 } from './types';
+import { ForestAdminClientOptionsWithDefaults } from '../types';
+declare type HttpOptions = Pick<ForestAdminClientOptionsWithDefaults, 'envSecret' | 'forestServerUrl'>;
+export default class ForestHttpApi {
+    static getEnvironmentPermissions(options: HttpOptions): Promise<EnvironmentPermissionsV4>;
+    static getUsers(options: HttpOptions): Promise<UserPermissionV4[]>;
+    static getRenderingPermissions(renderingId: number, options: HttpOptions): Promise<RenderingPermissionV4>;
+    private static handleResponseError;
+}
+export {};
+//# sourceMappingURL=forest-http-api.d.ts.map

package/dist/permissions/forest-http-api.js

@@ -0,0 +1,63 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const superagent_1 = __importDefault(require("superagent"));
+class ForestHttpApi {
+    static async getEnvironmentPermissions(options) {
+        try {
+            const { body } = await superagent_1.default
+                .get(`${options.forestServerUrl}/liana/v4/permissions/environment`)
+                .set('forest-secret-key', options.envSecret);
+            return body;
+        }
+        catch (e) {
+            this.handleResponseError(e);
+        }
+    }
+    static async getUsers(options) {
+        try {
+            const { body } = await superagent_1.default
+                .get(`${options.forestServerUrl}/liana/v4/permissions/users`)
+                .set('forest-secret-key', options.envSecret);
+            return body;
+        }
+        catch (e) {
+            this.handleResponseError(e);
+        }
+    }
+    static async getRenderingPermissions(renderingId, options) {
+        try {
+            const { body } = await superagent_1.default
+                .get(`${options.forestServerUrl}/liana/v4/permissions/renderings/${renderingId}`)
+                .set('forest-secret-key', options.envSecret);
+            return body;
+        }
+        catch (e) {
+            this.handleResponseError(e);
+        }
+    }
+    static handleResponseError(e) {
+        if (/certificate/i.test(e.message))
+            throw new Error('ForestAdmin server TLS certificate cannot be verified. ' +
+                'Please check that your system time is set properly.');
+        if (e.response) {
+            const status = e?.response?.status;
+            // 0 == offline, 502 == bad gateway from proxy
+            if (status === 0 || status === 502)
+                throw new Error('Failed to reach ForestAdmin server. Are you online?');
+            if (status === 404)
+                throw new Error('ForestAdmin server failed to find the project related to the envSecret you configured.' +
+                    ' Can you check that you copied it properly in the Forest initialization?');
+            if (status === 503)
+                throw new Error('Forest is in maintenance for a few minutes. We are upgrading your experience in ' +
+                    'the forest. We just need a few more minutes to get it right.');
+            throw new Error('An unexpected error occurred while contacting the ForestAdmin server. ' +
+                'Please contact support@forestadmin.com for further investigations.');
+        }
+        throw e;
+    }
+}
+exports.default = ForestHttpApi;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZm9yZXN0LWh0dHAtYXBpLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL3Blcm1pc3Npb25zL2ZvcmVzdC1odHRwLWFwaS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7OztBQUFBLDREQUF1RDtBQU92RCxNQUFxQixhQUFhO0lBQ2hDLE1BQU0sQ0FBQyxLQUFLLENBQUMseUJBQXlCLENBQUMsT0FBb0I7UUFDekQsSUFBSTtZQUNGLE1BQU0sRUFBRSxJQUFJLEVBQUUsR0FBRyxNQUFNLG9CQUFVO2lCQUM5QixHQUFHLENBQUMsR0FBRyxPQUFPLENBQUMsZUFBZSxtQ0FBbUMsQ0FBQztpQkFDbEUsR0FBRyxDQUFDLG1CQUFtQixFQUFFLE9BQU8sQ0FBQyxTQUFTLENBQUMsQ0FBQztZQUUvQyxPQUFPLElBQUksQ0FBQztTQUNiO1FBQUMsT0FBTyxDQUFDLEVBQUU7WUFDVixJQUFJLENBQUMsbUJBQW1CLENBQUMsQ0FBQyxDQUFDLENBQUM7U0FDN0I7SUFDSCxDQUFDO0lBRUQsTUFBTSxDQUFDLEtBQUssQ0FBQyxRQUFRLENBQUMsT0FBb0I7UUFDeEMsSUFBSTtZQUNGLE1BQU0sRUFBRSxJQUFJLEVBQUUsR0FBRyxNQUFNLG9CQUFVO2lCQUM5QixHQUFHLENBQUMsR0FBRyxPQUFPLENBQUMsZUFBZSw2QkFBNkIsQ0FBQztpQkFDNUQsR0FBRyxDQUFDLG1CQUFtQixFQUFFLE9BQU8sQ0FBQyxTQUFTLENBQUMsQ0FBQztZQUUvQyxPQUFPLElBQUksQ0FBQztTQUNiO1FBQUMsT0FBTyxDQUFDLEVBQUU7WUFDVixJQUFJLENBQUMsbUJBQW1CLENBQUMsQ0FBQyxDQUFDLENBQUM7U0FDN0I7SUFDSCxDQUFDO0lBRUQsTUFBTSxDQUFDLEtBQUssQ0FBQyx1QkFBdUIsQ0FDbEMsV0FBbUIsRUFDbkIsT0FBb0I7UUFFcEIsSUFBSTtZQUNGLE1BQU0sRUFBRSxJQUFJLEVBQUUsR0FBRyxNQUFNLG9CQUFVO2lCQUM5QixHQUFHLENBQUMsR0FBRyxPQUFPLENBQUMsZUFBZSxvQ0FBb0MsV0FBVyxFQUFFLENBQUM7aUJBQ2hGLEdBQUcsQ0FBQyxtQkFBbUIsRUFBRSxPQUFPLENBQUMsU0FBUyxDQUFDLENBQUM7WUFFL0MsT0FBTyxJQUFJLENBQUM7U0FDYjtRQUFDLE9BQU8sQ0FBQyxFQUFFO1lBQ1YsSUFBSSxDQUFDLG1CQUFtQixDQUFDLENBQUMsQ0FBQyxDQUFDO1NBQzdCO0lBQ0gsQ0FBQztJQUVPLE1BQU0sQ0FBQyxtQkFBbUIsQ0FBQyxDQUFRO1FBQ3pDLElBQUksY0FBYyxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDO1lBQ2hDLE1BQU0sSUFBSSxLQUFLLENBQ2IseURBQXlEO2dCQUN2RCxxREFBcUQsQ0FDeEQsQ0FBQztRQUVKLElBQUssQ0FBbUIsQ0FBQyxRQUFRLEVBQUU7WUFDakMsTUFBTSxNQUFNLEdBQUksQ0FBbUIsRUFBRSxRQUFRLEVBQUUsTUFBTSxDQUFDO1lBRXRELDhDQUE4QztZQUM5QyxJQUFJLE1BQU0sS0FBSyxDQUFDLElBQUksTUFBTSxLQUFLLEdBQUc7Z0JBQ2hDLE1BQU0sSUFBSSxLQUFLLENBQUMscURBQXFELENBQUMsQ0FBQztZQUV6RSxJQUFJLE1BQU0sS0FBSyxHQUFHO2dCQUNoQixNQUFNLElBQUksS0FBSyxDQUNiLHdGQUF3RjtvQkFDdEYsMEVBQTBFLENBQzdFLENBQUM7WUFFSixJQUFJLE1BQU0sS0FBSyxHQUFHO2dCQUNoQixNQUFNLElBQUksS0FBSyxDQUNiLGtGQUFrRjtvQkFDaEYsOERBQThELENBQ2pFLENBQUM7WUFFSixNQUFNLElBQUksS0FBSyxDQUNiLHdFQUF3RTtnQkFDdEUsb0VBQW9FLENBQ3ZFLENBQUM7U0FDSDtRQUVELE1BQU0sQ0FBQyxDQUFDO0lBQ1YsQ0FBQztDQUNGO0FBMUVELGdDQTBFQyJ9

package/dist/permissions/generate-action-identifier.d.ts

@@ -0,0 +1,4 @@
+import { CollectionActionEvent, CustomActionEvent } from './types';
+export declare function generateCustomActionIdentifier(actionEventName: CustomActionEvent, customActionName: string, collectionName: string): string;
+export declare function generateCollectionActionIdentifier(action: CollectionActionEvent, collectionName: string): string;
+//# sourceMappingURL=generate-action-identifier.d.ts.map

package/dist/permissions/generate-action-identifier.js

@@ -0,0 +1,12 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateCollectionActionIdentifier = exports.generateCustomActionIdentifier = void 0;
+function generateCustomActionIdentifier(actionEventName, customActionName, collectionName) {
+    return `custom:${collectionName}:${customActionName}:${actionEventName}`;
+}
+exports.generateCustomActionIdentifier = generateCustomActionIdentifier;
+function generateCollectionActionIdentifier(action, collectionName) {
+    return `collection:${collectionName}:${action}`;
+}
+exports.generateCollectionActionIdentifier = generateCollectionActionIdentifier;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZ2VuZXJhdGUtYWN0aW9uLWlkZW50aWZpZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvcGVybWlzc2lvbnMvZ2VuZXJhdGUtYWN0aW9uLWlkZW50aWZpZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBRUEsU0FBZ0IsOEJBQThCLENBQzVDLGVBQWtDLEVBQ2xDLGdCQUF3QixFQUN4QixjQUFzQjtJQUV0QixPQUFPLFVBQVUsY0FBYyxJQUFJLGdCQUFnQixJQUFJLGVBQWUsRUFBRSxDQUFDO0FBQzNFLENBQUM7QUFORCx3RUFNQztBQUVELFNBQWdCLGtDQUFrQyxDQUNoRCxNQUE2QixFQUM3QixjQUFzQjtJQUV0QixPQUFPLGNBQWMsY0FBYyxJQUFJLE1BQU0sRUFBRSxDQUFDO0FBQ2xELENBQUM7QUFMRCxnRkFLQyJ9

package/dist/permissions/generate-actions-from-permissions.d.ts

@@ -0,0 +1,8 @@
+import { EnvironmentPermissionsV4, UserPermissionV4 } from './types';
+export declare type ActionPermissions = {
+    everythingAllowed: boolean;
+    actionsGloballyAllowed: Set<string>;
+    actionsAllowedByUser: Map<string, Set<string>>;
+};
+export default function generateActionsFromPermissions(environmentPermissions: EnvironmentPermissionsV4, users: UserPermissionV4[]): ActionPermissions;
+//# sourceMappingURL=generate-actions-from-permissions.d.ts.map

package/dist/permissions/generate-actions-from-permissions.js

@@ -0,0 +1,87 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const types_1 = require("./types");
+const generate_action_identifier_1 = require("./generate-action-identifier");
+function generateCollectionPermissions(permissions) {
+    return Object.entries(permissions).reduce((acc, [collectionId, collectionPermissions]) => {
+        const { collection } = collectionPermissions;
+        return {
+            ...acc,
+            [(0, generate_action_identifier_1.generateCollectionActionIdentifier)(types_1.CollectionActionEvent.Browse, collectionId)]: collection.browseEnabled,
+            [(0, generate_action_identifier_1.generateCollectionActionIdentifier)(types_1.CollectionActionEvent.Read, collectionId)]: collection.readEnabled,
+            [(0, generate_action_identifier_1.generateCollectionActionIdentifier)(types_1.CollectionActionEvent.Edit, collectionId)]: collection.editEnabled,
+            [(0, generate_action_identifier_1.generateCollectionActionIdentifier)(types_1.CollectionActionEvent.Add, collectionId)]: collection.addEnabled,
+            [(0, generate_action_identifier_1.generateCollectionActionIdentifier)(types_1.CollectionActionEvent.Delete, collectionId)]: collection.deleteEnabled,
+            [(0, generate_action_identifier_1.generateCollectionActionIdentifier)(types_1.CollectionActionEvent.Export, collectionId)]: collection.exportEnabled,
+        };
+    }, {});
+}
+function generateCollectionActionPermission(collectionId, actions) {
+    return Object.entries(actions).reduce((acc, [actionName, actionPermissions]) => {
+        return {
+            ...acc,
+            ...{
+                [(0, generate_action_identifier_1.generateCustomActionIdentifier)(types_1.CustomActionEvent.Approve, actionName, collectionId)]: actionPermissions.userApprovalEnabled,
+                [(0, generate_action_identifier_1.generateCustomActionIdentifier)(types_1.CustomActionEvent.SelfApprove, actionName, collectionId)]: actionPermissions.selfApprovalEnabled,
+                [(0, generate_action_identifier_1.generateCustomActionIdentifier)(types_1.CustomActionEvent.Trigger, actionName, collectionId)]: actionPermissions.triggerEnabled,
+                [(0, generate_action_identifier_1.generateCustomActionIdentifier)(types_1.CustomActionEvent.RequireApproval, actionName, collectionId)]: actionPermissions.approvalRequired,
+            },
+        };
+    }, {});
+}
+function generateActionPermissions(permissions) {
+    return Object.entries(permissions).reduce((acc, [collectionId, collectionPermissions]) => {
+        const { actions } = collectionPermissions;
+        return {
+            ...acc,
+            ...generateCollectionActionPermission(collectionId, actions),
+        };
+    }, {});
+}
+function generateActionsGloballyAllowed(permissions) {
+    return new Set(Object.entries(permissions)
+        .filter(([, permission]) => permission === true)
+        .map(([action]) => action));
+}
+function getUsersForRoles(roles, userIdsByRole) {
+    return new Set(roles.reduce((acc, roleId) => {
+        const userIds = (userIdsByRole.get(roleId) || []).map(userId => `${userId}`);
+        if (userIds) {
+            return [...acc, ...userIds];
+        }
+        return acc;
+    }, []));
+}
+function generateActionsAllowedByUser(permissions, users) {
+    const userIdsByRole = users.reduce((acc, { id, roleId }) => {
+        acc.set(roleId, [...(acc.get(roleId) || []), id]);
+        return acc;
+    }, new Map());
+    return new Map(Object.entries(permissions)
+        .filter(([, permission]) => typeof permission !== 'boolean')
+        .map(([name, permission]) => [
+        name,
+        getUsersForRoles(permission.roles, userIdsByRole),
+    ]));
+}
+function generateActionsFromPermissions(environmentPermissions, users) {
+    if (environmentPermissions === true) {
+        return {
+            everythingAllowed: true,
+            actionsGloballyAllowed: new Set(),
+            actionsAllowedByUser: new Map(),
+        };
+    }
+    const remotePermissions = environmentPermissions;
+    const allPermissions = {
+        ...generateCollectionPermissions(remotePermissions.collections),
+        ...generateActionPermissions(remotePermissions.collections),
+    };
+    return {
+        everythingAllowed: false,
+        actionsGloballyAllowed: generateActionsGloballyAllowed(allPermissions),
+        actionsAllowedByUser: generateActionsAllowedByUser(allPermissions, users),
+    };
+}
+exports.default = generateActionsFromPermissions;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZ2VuZXJhdGUtYWN0aW9ucy1mcm9tLXBlcm1pc3Npb25zLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL3Blcm1pc3Npb25zL2dlbmVyYXRlLWFjdGlvbnMtZnJvbS1wZXJtaXNzaW9ucy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQUFBLG1DQVVpQjtBQUNqQiw2RUFHc0M7QUFZdEMsU0FBUyw2QkFBNkIsQ0FDcEMsV0FBZ0Q7SUFFaEQsT0FBTyxNQUFNLENBQUMsT0FBTyxDQUFDLFdBQVcsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxDQUFDLEdBQUcsRUFBRSxDQUFDLFlBQVksRUFBRSxxQkFBcUIsQ0FBQyxFQUFFLEVBQUU7UUFDdkYsTUFBTSxFQUFFLFVBQVUsRUFBRSxHQUFHLHFCQUFxQixDQUFDO1FBRTdDLE9BQU87WUFDTCxHQUFHLEdBQUc7WUFDTixDQUFDLElBQUEsK0RBQWtDLEVBQUMsNkJBQXFCLENBQUMsTUFBTSxFQUFFLFlBQVksQ0FBQyxDQUFDLEVBQzlFLFVBQVUsQ0FBQyxhQUFhO1lBQzFCLENBQUMsSUFBQSwrREFBa0MsRUFBQyw2QkFBcUIsQ0FBQyxJQUFJLEVBQUUsWUFBWSxDQUFDLENBQUMsRUFDNUUsVUFBVSxDQUFDLFdBQVc7WUFDeEIsQ0FBQyxJQUFBLCtEQUFrQyxFQUFDLDZCQUFxQixDQUFDLElBQUksRUFBRSxZQUFZLENBQUMsQ0FBQyxFQUM1RSxVQUFVLENBQUMsV0FBVztZQUN4QixDQUFDLElBQUEsK0RBQWtDLEVBQUMsNkJBQXFCLENBQUMsR0FBRyxFQUFFLFlBQVksQ0FBQyxDQUFDLEVBQzNFLFVBQVUsQ0FBQyxVQUFVO1lBQ3ZCLENBQUMsSUFBQSwrREFBa0MsRUFBQyw2QkFBcUIsQ0FBQyxNQUFNLEVBQUUsWUFBWSxDQUFDLENBQUMsRUFDOUUsVUFBVSxDQUFDLGFBQWE7WUFDMUIsQ0FBQyxJQUFBLCtEQUFrQyxFQUFDLDZCQUFxQixDQUFDLE1BQU0sRUFBRSxZQUFZLENBQUMsQ0FBQyxFQUM5RSxVQUFVLENBQUMsYUFBYTtTQUMzQixDQUFDO0lBQ0osQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDO0FBQ1QsQ0FBQztBQUVELFNBQVMsa0NBQWtDLENBQ3pDLFlBQW9CLEVBQ3BCLE9BQWlEO0lBRWpELE9BQU8sTUFBTSxDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUMsQ0FBQyxNQUFNLENBQUMsQ0FBQyxHQUFHLEVBQUUsQ0FBQyxVQUFVLEVBQUUsaUJBQWlCLENBQUMsRUFBRSxFQUFFO1FBQzdFLE9BQU87WUFDTCxHQUFHLEdBQUc7WUFDTixHQUFHO2dCQUNELENBQUMsSUFBQSwyREFBOEIsRUFBQyx5QkFBaUIsQ0FBQyxPQUFPLEVBQUUsVUFBVSxFQUFFLFlBQVksQ0FBQyxDQUFDLEVBQ25GLGlCQUFpQixDQUFDLG1CQUFtQjtnQkFDdkMsQ0FBQyxJQUFBLDJEQUE4QixFQUFDLHlCQUFpQixDQUFDLFdBQVcsRUFBRSxVQUFVLEVBQUUsWUFBWSxDQUFDLENBQUMsRUFDdkYsaUJBQWlCLENBQUMsbUJBQW1CO2dCQUN2QyxDQUFDLElBQUEsMkRBQThCLEVBQUMseUJBQWlCLENBQUMsT0FBTyxFQUFFLFVBQVUsRUFBRSxZQUFZLENBQUMsQ0FBQyxFQUNuRixpQkFBaUIsQ0FBQyxjQUFjO2dCQUNsQyxDQUFDLElBQUEsMkRBQThCLEVBQzdCLHlCQUFpQixDQUFDLGVBQWUsRUFDakMsVUFBVSxFQUNWLFlBQVksQ0FDYixDQUFDLEVBQUUsaUJBQWlCLENBQUMsZ0JBQWdCO2FBQ3ZDO1NBQ0YsQ0FBQztJQUNKLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQztBQUNULENBQUM7QUFFRCxTQUFTLHlCQUF5QixDQUNoQyxXQUFnRDtJQUVoRCxPQUFPLE1BQU0sQ0FBQyxPQUFPLENBQUMsV0FBVyxDQUFDLENBQUMsTUFBTSxDQUFDLENBQUMsR0FBRyxFQUFFLENBQUMsWUFBWSxFQUFFLHFCQUFxQixDQUFDLEVBQUUsRUFBRTtRQUN2RixNQUFNLEVBQUUsT0FBTyxFQUFFLEdBQUcscUJBQXFCLENBQUM7UUFFMUMsT0FBTztZQUNMLEdBQUcsR0FBRztZQUNOLEdBQUcsa0NBQWtDLENBQUMsWUFBWSxFQUFFLE9BQU8sQ0FBQztTQUM3RCxDQUFDO0lBQ0osQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDO0FBQ1QsQ0FBQztBQUVELFNBQVMsOEJBQThCLENBQUMsV0FBbUM7SUFDekUsT0FBTyxJQUFJLEdBQUcsQ0FDWixNQUFNLENBQUMsT0FBTyxDQUFDLFdBQVcsQ0FBQztTQUN4QixNQUFNLENBQUMsQ0FBQyxDQUFDLEVBQUUsVUFBVSxDQUFDLEVBQUUsRUFBRSxDQUFDLFVBQVUsS0FBSyxJQUFJLENBQUM7U0FDL0MsR0FBRyxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUMsRUFBRSxFQUFFLENBQUMsTUFBTSxDQUFDLENBQzdCLENBQUM7QUFDSixDQUFDO0FBRUQsU0FBUyxnQkFBZ0IsQ0FBQyxLQUFlLEVBQUUsYUFBb0M7SUFDN0UsT0FBTyxJQUFJLEdBQUcsQ0FDWixLQUFLLENBQUMsTUFBTSxDQUFDLENBQUMsR0FBRyxFQUFFLE1BQU0sRUFBRSxFQUFFO1FBQzNCLE1BQU0sT0FBTyxHQUFHLENBQUMsYUFBYSxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsSUFBSSxFQUFFLENBQUMsQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQyxHQUFHLE1BQU0sRUFBRSxDQUFDLENBQUM7UUFFN0UsSUFBSSxPQUFPLEVBQUU7WUFDWCxPQUFPLENBQUMsR0FBRyxHQUFHLEVBQUUsR0FBRyxPQUFPLENBQUMsQ0FBQztTQUM3QjtRQUVELE9BQU8sR0FBRyxDQUFDO0lBQ2IsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUNQLENBQUM7QUFDSixDQUFDO0FBRUQsU0FBUyw0QkFBNEIsQ0FDbkMsV0FBbUMsRUFDbkMsS0FBeUI7SUFFekIsTUFBTSxhQUFhLEdBQUcsS0FBSyxDQUFDLE1BQU0sQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFLEVBQUUsRUFBRSxNQUFNLEVBQUUsRUFBRSxFQUFFO1FBQ3pELEdBQUcsQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLENBQUMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLElBQUksRUFBRSxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQztRQUVsRCxPQUFPLEdBQUcsQ0FBQztJQUNiLENBQUMsRUFBRSxJQUFJLEdBQUcsRUFBb0IsQ0FBQyxDQUFDO0lBRWhDLE9BQU8sSUFBSSxHQUFHLENBQ1osTUFBTSxDQUFDLE9BQU8sQ0FBQyxXQUFXLENBQUM7U0FDeEIsTUFBTSxDQUFDLENBQUMsQ0FBQyxFQUFFLFVBQVUsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxPQUFPLFVBQVUsS0FBSyxTQUFTLENBQUM7U0FDM0QsR0FBRyxDQUFDLENBQUMsQ0FBQyxJQUFJLEVBQUUsVUFBVSxDQUFDLEVBQUUsRUFBRSxDQUFDO1FBQzNCLElBQUk7UUFDSixnQkFBZ0IsQ0FBRSxVQUEwQyxDQUFDLEtBQUssRUFBRSxhQUFhLENBQUM7S0FDbkYsQ0FBQyxDQUNMLENBQUM7QUFDSixDQUFDO0FBRUQsU0FBd0IsOEJBQThCLENBQ3BELHNCQUFnRCxFQUNoRCxLQUF5QjtJQUV6QixJQUFJLHNCQUFzQixLQUFLLElBQUksRUFBRTtRQUNuQyxPQUFPO1lBQ0wsaUJBQWlCLEVBQUUsSUFBSTtZQUN2QixzQkFBc0IsRUFBRSxJQUFJLEdBQUcsRUFBRTtZQUNqQyxvQkFBb0IsRUFBRSxJQUFJLEdBQUcsRUFBRTtTQUNoQyxDQUFDO0tBQ0g7SUFFRCxNQUFNLGlCQUFpQixHQUFtQyxzQkFBc0IsQ0FBQztJQUVqRixNQUFNLGNBQWMsR0FBRztRQUNyQixHQUFHLDZCQUE2QixDQUFDLGlCQUFpQixDQUFDLFdBQVcsQ0FBQztRQUMvRCxHQUFHLHlCQUF5QixDQUFDLGlCQUFpQixDQUFDLFdBQVcsQ0FBQztLQUM1RCxDQUFDO0lBRUYsT0FBTztRQUNMLGlCQUFpQixFQUFFLEtBQUs7UUFDeEIsc0JBQXNCLEVBQUUsOEJBQThCLENBQUMsY0FBYyxDQUFDO1FBQ3RFLG9CQUFvQixFQUFFLDRCQUE0QixDQUFDLGNBQWMsRUFBRSxLQUFLLENBQUM7S0FDMUUsQ0FBQztBQUNKLENBQUM7QUF4QkQsaURBd0JDIn0=

package/dist/permissions/generate-user-scope.d.ts

@@ -0,0 +1,4 @@
+import type { GenericTree } from '@forestadmin/datasource-toolkit';
+import { Team, UserPermissionV4 } from './types';
+export default function generateUserScope(filter: GenericTree | null, team: Team, user: UserPermissionV4): GenericTree;
+//# sourceMappingURL=generate-user-scope.d.ts.map

package/dist/permissions/generate-user-scope.js

@@ -0,0 +1,36 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const USER_VALUE_PREFIX = '$currentUser.';
+const USER_VALUE_TAG_PREFIX = '$currentUser.tags.';
+const USER_VALUE_TEAM_PREFIX = '$currentUser.team.';
+function generateUserValue(value, team, user) {
+    if (typeof value !== 'string' || !value.startsWith(USER_VALUE_PREFIX)) {
+        return value;
+    }
+    if (value.startsWith(USER_VALUE_TEAM_PREFIX)) {
+        return team[value.slice(USER_VALUE_TEAM_PREFIX.length)];
+    }
+    if (value.startsWith(USER_VALUE_TAG_PREFIX)) {
+        return user?.tags?.[value.substring(USER_VALUE_TAG_PREFIX.length)];
+    }
+    return user?.[value.substring(USER_VALUE_PREFIX.length)];
+}
+function generateUserScope(filter, team, user) {
+    if (!filter) {
+        return null;
+    }
+    const branch = filter;
+    if (branch.aggregator) {
+        return {
+            ...filter,
+            conditions: branch.conditions.map(condition => generateUserScope(condition, team, user)),
+        };
+    }
+    const leaf = filter;
+    return {
+        ...filter,
+        value: generateUserValue(leaf.value, team, user),
+    };
+}
+exports.default = generateUserScope;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZ2VuZXJhdGUtdXNlci1zY29wZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9wZXJtaXNzaW9ucy9nZW5lcmF0ZS11c2VyLXNjb3BlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBUUEsTUFBTSxpQkFBaUIsR0FBRyxlQUFlLENBQUM7QUFDMUMsTUFBTSxxQkFBcUIsR0FBRyxvQkFBb0IsQ0FBQztBQUNuRCxNQUFNLHNCQUFzQixHQUFHLG9CQUFvQixDQUFDO0FBRXBELFNBQVMsaUJBQWlCLENBQUMsS0FBdUIsRUFBRSxJQUFVLEVBQUUsSUFBc0I7SUFDcEYsSUFBSSxPQUFPLEtBQUssS0FBSyxRQUFRLElBQUksQ0FBQyxLQUFLLENBQUMsVUFBVSxDQUFDLGlCQUFpQixDQUFDLEVBQUU7UUFDckUsT0FBTyxLQUFLLENBQUM7S0FDZDtJQUVELElBQUksS0FBSyxDQUFDLFVBQVUsQ0FBQyxzQkFBc0IsQ0FBQyxFQUFFO1FBQzVDLE9BQU8sSUFBSSxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsc0JBQXNCLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQztLQUN6RDtJQUVELElBQUksS0FBSyxDQUFDLFVBQVUsQ0FBQyxxQkFBcUIsQ0FBQyxFQUFFO1FBQzNDLE9BQU8sSUFBSSxFQUFFLElBQUksRUFBRSxDQUFDLEtBQUssQ0FBQyxTQUFTLENBQUMscUJBQXFCLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQztLQUNwRTtJQUVELE9BQU8sSUFBSSxFQUFFLENBQUMsS0FBSyxDQUFDLFNBQVMsQ0FBQyxpQkFBaUIsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDO0FBQzNELENBQUM7QUFFRCxTQUF3QixpQkFBaUIsQ0FDdkMsTUFBMEIsRUFDMUIsSUFBVSxFQUNWLElBQXNCO0lBRXRCLElBQUksQ0FBQyxNQUFNLEVBQUU7UUFDWCxPQUFPLElBQUksQ0FBQztLQUNiO0lBRUQsTUFBTSxNQUFNLEdBQUcsTUFBMkIsQ0FBQztJQUUzQyxJQUFJLE1BQU0sQ0FBQyxVQUFVLEVBQUU7UUFDckIsT0FBTztZQUNMLEdBQUcsTUFBTTtZQUNULFVBQVUsRUFBRSxNQUFNLENBQUMsVUFBVSxDQUFDLEdBQUcsQ0FBQyxTQUFTLENBQUMsRUFBRSxDQUFDLGlCQUFpQixDQUFDLFNBQVMsRUFBRSxJQUFJLEVBQUUsSUFBSSxDQUFDLENBQUM7U0FDekYsQ0FBQztLQUNIO0lBRUQsTUFBTSxJQUFJLEdBQUcsTUFBeUIsQ0FBQztJQUV2QyxPQUFPO1FBQ0wsR0FBRyxNQUFNO1FBQ1QsS0FBSyxFQUFFLGlCQUFpQixDQUFDLElBQUksQ0FBQyxLQUFLLEVBQUUsSUFBSSxFQUFFLElBQUksQ0FBQztLQUNqRCxDQUFDO0FBQ0osQ0FBQztBQXhCRCxvQ0F3QkMifQ==

package/dist/permissions/hash-chart.d.ts

@@ -0,0 +1,4 @@
+import { Chart } from './types';
+export declare function hashServerCharts(charts: Chart[]): Set<string>;
+export declare function hashChartRequest(chart: Record<string, any>): string;
+//# sourceMappingURL=hash-chart.d.ts.map

package/dist/permissions/hash-chart.js

@@ -0,0 +1,48 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.hashChartRequest = exports.hashServerCharts = void 0;
+const object_hash_1 = __importDefault(require("object-hash"));
+const types_1 = require("./types");
+function hashChart(chart) {
+    const hash = (0, object_hash_1.default)(chart, {
+        respectType: false,
+        excludeKeys: key => chart[key] === null || chart[key] === undefined,
+    });
+    return hash;
+}
+function hashServerCharts(charts) {
+    const frontendCharts = charts.map(chart => ({
+        type: chart.type,
+        filters: chart.filter,
+        aggregate: chart.aggregator,
+        aggregate_field: chart.aggregateFieldName,
+        collection: chart.sourceCollectionId,
+        time_range: chart.timeRange,
+        group_by_date_field: (chart.type === types_1.ChartType.Line && chart.groupByFieldName) || null,
+        group_by_field: (chart.type !== types_1.ChartType.Line && chart.groupByFieldName) || null,
+        limit: chart.limit,
+        label_field: chart.labelFieldName,
+        relationship_field: chart.relationshipFieldName,
+        query: chart.query,
+    }));
+    const hashes = frontendCharts.map(hashChart);
+    return new Set(hashes);
+}
+exports.hashServerCharts = hashServerCharts;
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+function hashChartRequest(chart) {
+    const hashed = {
+        ...chart,
+        // When the server sends the data of the allowed charts, the target column is not specified
+        // for relations => allow them all.
+        ...(chart?.group_by_field?.includes(':')
+            ? { group_by_field: chart.group_by_field.substring(0, chart.group_by_field.indexOf(':')) }
+            : {}),
+    };
+    return hashChart(hashed);
+}
+exports.hashChartRequest = hashChartRequest;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaGFzaC1jaGFydC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9wZXJtaXNzaW9ucy9oYXNoLWNoYXJ0LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7OztBQUFBLDhEQUFxQztBQUVyQyxtQ0FVaUI7QUFFakIsU0FBUyxTQUFTLENBQUMsS0FBOEI7SUFDL0MsTUFBTSxJQUFJLEdBQUcsSUFBQSxxQkFBVSxFQUFDLEtBQUssRUFBRTtRQUM3QixXQUFXLEVBQUUsS0FBSztRQUNsQixXQUFXLEVBQUUsR0FBRyxDQUFDLEVBQUUsQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLEtBQUssSUFBSSxJQUFJLEtBQUssQ0FBQyxHQUFHLENBQUMsS0FBSyxTQUFTO0tBQ3BFLENBQUMsQ0FBQztJQUVILE9BQU8sSUFBSSxDQUFDO0FBQ2QsQ0FBQztBQUVELFNBQWdCLGdCQUFnQixDQUFDLE1BQWU7SUFDOUMsTUFBTSxjQUFjLEdBQUcsTUFBTSxDQUFDLEdBQUcsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLENBQUM7UUFDMUMsSUFBSSxFQUFFLEtBQUssQ0FBQyxJQUFJO1FBQ2hCLE9BQU8sRUFBRyxLQUF5QixDQUFDLE1BQU07UUFDMUMsU0FBUyxFQUFHLEtBQXlCLENBQUMsVUFBVTtRQUNoRCxlQUFlLEVBQUcsS0FBeUIsQ0FBQyxrQkFBa0I7UUFDOUQsVUFBVSxFQUFHLEtBQXlCLENBQUMsa0JBQWtCO1FBQ3pELFVBQVUsRUFBRyxLQUFtQixDQUFDLFNBQVM7UUFDMUMsbUJBQW1CLEVBQ2pCLENBQUMsS0FBSyxDQUFDLElBQUksS0FBSyxpQkFBUyxDQUFDLElBQUksSUFBSyxLQUFtQixDQUFDLGdCQUFnQixDQUFDLElBQUksSUFBSTtRQUNsRixjQUFjLEVBQ1osQ0FBQyxLQUFLLENBQUMsSUFBSSxLQUFLLGlCQUFTLENBQUMsSUFBSSxJQUFLLEtBQXdCLENBQUMsZ0JBQWdCLENBQUMsSUFBSSxJQUFJO1FBQ3ZGLEtBQUssRUFBRyxLQUEwQixDQUFDLEtBQUs7UUFDeEMsV0FBVyxFQUFHLEtBQTBCLENBQUMsY0FBYztRQUN2RCxrQkFBa0IsRUFBRyxLQUEwQixDQUFDLHFCQUFxQjtRQUNyRSxLQUFLLEVBQUcsS0FBb0IsQ0FBQyxLQUFLO0tBQ25DLENBQUMsQ0FBQyxDQUFDO0lBRUosTUFBTSxNQUFNLEdBQUcsY0FBYyxDQUFDLEdBQUcsQ0FBQyxTQUFTLENBQUMsQ0FBQztJQUU3QyxPQUFPLElBQUksR0FBRyxDQUFDLE1BQU0sQ0FBQyxDQUFDO0FBQ3pCLENBQUM7QUFyQkQsNENBcUJDO0FBRUQsOERBQThEO0FBQzlELFNBQWdCLGdCQUFnQixDQUFDLEtBQTBCO0lBQ3pELE1BQU0sTUFBTSxHQUFHO1FBQ2IsR0FBRyxLQUFLO1FBQ1IsMkZBQTJGO1FBQzNGLG1DQUFtQztRQUNuQyxHQUFHLENBQUMsS0FBSyxFQUFFLGNBQWMsRUFBRSxRQUFRLENBQUMsR0FBRyxDQUFDO1lBQ3RDLENBQUMsQ0FBQyxFQUFFLGNBQWMsRUFBRSxLQUFLLENBQUMsY0FBYyxDQUFDLFNBQVMsQ0FBQyxDQUFDLEVBQUUsS0FBSyxDQUFDLGNBQWMsQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLENBQUMsRUFBRTtZQUMxRixDQUFDLENBQUMsRUFBRSxDQUFDO0tBQ1IsQ0FBQztJQUVGLE9BQU8sU0FBUyxDQUFDLE1BQU0sQ0FBQyxDQUFDO0FBQzNCLENBQUM7QUFYRCw0Q0FXQyJ9

package/dist/permissions/is-segment-query-authorized.d.ts

@@ -0,0 +1,2 @@
+export default function isSegmentQueryAllowed(inputSegmentQuery: string, authorizedSegments: string[]): boolean;
+//# sourceMappingURL=is-segment-query-authorized.d.ts.map

package/dist/permissions/is-segment-query-authorized.js

@@ -0,0 +1,19 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+function isSegmentQueryAllowed(inputSegmentQuery, authorizedSegments) {
+    if (!authorizedSegments) {
+        return false;
+    }
+    // NOTICE: Handle UNION queries made by the FRONT to display available actions on details view
+    // NOTICE: This can only be used on related data (Has Many relationships) to detect available
+    // Smart Actions restricted to segment when a Smart Action is available on multiple SQL segments
+    const unionQueries = inputSegmentQuery.split('/*MULTI-SEGMENTS-QUERIES-UNION*/ UNION ');
+    if (unionQueries.length > 1) {
+        const authorizedQueries = new Set(authorizedSegments.map(segmentQuery => segmentQuery.replace(/;\s*/i, '').trim()));
+        return unionQueries.every((unionQuery) => authorizedQueries.has(unionQuery.trim()));
+    }
+    // NOTICE: Queries made by the FRONT to browse to an SQL segment
+    return authorizedSegments.some(segmentQuery => segmentQuery === inputSegmentQuery);
+}
+exports.default = isSegmentQueryAllowed;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaXMtc2VnbWVudC1xdWVyeS1hdXRob3JpemVkLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL3Blcm1pc3Npb25zL2lzLXNlZ21lbnQtcXVlcnktYXV0aG9yaXplZC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQUFBLFNBQXdCLHFCQUFxQixDQUMzQyxpQkFBeUIsRUFDekIsa0JBQTRCO0lBRTVCLElBQUksQ0FBQyxrQkFBa0IsRUFBRTtRQUN2QixPQUFPLEtBQUssQ0FBQztLQUNkO0lBRUQsOEZBQThGO0lBQzlGLDZGQUE2RjtJQUM3RixnR0FBZ0c7SUFDaEcsTUFBTSxZQUFZLEdBQUcsaUJBQWlCLENBQUMsS0FBSyxDQUFDLHlDQUF5QyxDQUFDLENBQUM7SUFFeEYsSUFBSSxZQUFZLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRTtRQUMzQixNQUFNLGlCQUFpQixHQUFHLElBQUksR0FBRyxDQUMvQixrQkFBa0IsQ0FBQyxHQUFHLENBQUMsWUFBWSxDQUFDLEVBQUUsQ0FBQyxZQUFZLENBQUMsT0FBTyxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUMsQ0FBQyxJQUFJLEVBQUUsQ0FBQyxDQUNqRixDQUFDO1FBRUYsT0FBTyxZQUFZLENBQUMsS0FBSyxDQUFDLENBQUMsVUFBa0IsRUFBRSxFQUFFLENBQUMsaUJBQWlCLENBQUMsR0FBRyxDQUFDLFVBQVUsQ0FBQyxJQUFJLEVBQUUsQ0FBQyxDQUFDLENBQUM7S0FDN0Y7SUFFRCxnRUFBZ0U7SUFDaEUsT0FBTyxrQkFBa0IsQ0FBQyxJQUFJLENBQUMsWUFBWSxDQUFDLEVBQUUsQ0FBQyxZQUFZLEtBQUssaUJBQWlCLENBQUMsQ0FBQztBQUNyRixDQUFDO0FBdkJELHdDQXVCQyJ9

package/dist/permissions/permission-with-cache.d.ts

@@ -0,0 +1,42 @@
+import { CollectionActionEvent } from './types';
+import { PermissionService } from '../types';
+import ActionPermission from './action-permission';
+import RenderingPermissionService from './rendering-permission';
+export default class PermissionServiceWithCache implements PermissionService {
+    private readonly actionPermissionService;
+    private readonly renderingPermissionService;
+    constructor(actionPermissionService: ActionPermission, renderingPermissionService: RenderingPermissionService);
+    canOnCollection({ userId, collectionName, event, }: {
+        userId: number;
+        event: CollectionActionEvent;
+        collectionName: string;
+    }): Promise<boolean>;
+    canExecuteSegmentQuery(params: {
+        userId: number;
+        collectionName: string;
+        renderingId: number;
+        segmentQuery: string;
+    }): Promise<boolean>;
+    canTriggerCustomAction({ userId, collectionName, customActionName, }: {
+        userId: number;
+        customActionName: string;
+        collectionName: string;
+    }): Promise<boolean>;
+    canApproveCustomAction({ userId, collectionName, customActionName, requesterId, }: {
+        userId: number;
+        customActionName: string;
+        collectionName: string;
+        requesterId: number;
+    }): Promise<boolean>;
+    canRequestCustomActionParameters({ userId, collectionName, customActionName, }: {
+        userId: number;
+        collectionName: string;
+        customActionName: string;
+    }): Promise<boolean>;
+    canRetrieveChart({ renderingId, userId, chartRequest, }: {
+        renderingId: number;
+        userId: number;
+        chartRequest: unknown;
+    }): Promise<boolean>;
+}
+//# sourceMappingURL=permission-with-cache.d.ts.map