@intuitionrobotics/permissions 0.41.67 → 0.41.70
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/app-backend/api/v1/permissions/_permissions.js +1 -1
- package/app-backend/api/v1/permissions/_permissions.js.map +1 -1
- package/app-backend/api/v1/permissions/assert.js +15 -67
- package/app-backend/api/v1/permissions/assert.js.map +1 -1
- package/app-backend/api/v1/permissions/assign/apis.js +3 -3
- package/app-backend/api/v1/permissions/assign/apis.js.map +1 -1
- package/app-backend/api/v1/permissions/assign/app-permissions.js +23 -84
- package/app-backend/api/v1/permissions/assign/app-permissions.js.map +1 -1
- package/app-backend/api/v1/permissions/manage/apis.js +3 -3
- package/app-backend/api/v1/permissions/manage/apis.js.map +1 -1
- package/app-backend/api/v1/permissions/tags/apis.js +1 -1
- package/app-backend/api/v1/permissions/tags/apis.js.map +1 -1
- package/app-backend/api/v1/permissions/user-urls-permissions.js +14 -64
- package/app-backend/api/v1/permissions/user-urls-permissions.js.map +1 -1
- package/app-backend/api/v1/register/_register-project.js +1 -1
- package/app-backend/api/v1/register/_register-project.js.map +1 -1
- package/app-backend/api/v1/register/register-project.js +21 -82
- package/app-backend/api/v1/register/register-project.js.map +1 -1
- package/app-backend/api/v1/test/_test-permissions.js +1 -1
- package/app-backend/api/v1/test/_test-permissions.js.map +1 -1
- package/app-backend/api/v1/test/test-permissions.js +13 -63
- package/app-backend/api/v1/test/test-permissions.js.map +1 -1
- package/app-backend/api/v1/user-custom-fields/_user-custom-fields.js +1 -1
- package/app-backend/api/v1/user-custom-fields/_user-custom-fields.js.map +1 -1
- package/app-backend/api/v1/user-custom-fields/user-cf-by-share-groups.js +14 -64
- package/app-backend/api/v1/user-custom-fields/user-cf-by-share-groups.js.map +1 -1
- package/app-backend/api/v1/user-custom-fields/users-cf-by-share-groups.js +14 -63
- package/app-backend/api/v1/user-custom-fields/users-cf-by-share-groups.js.map +1 -1
- package/app-backend/benchmark/permission-user-assert-benchmark.js +67 -150
- package/app-backend/benchmark/permission-user-assert-benchmark.js.map +1 -1
- package/app-backend/core/module-pack.js +5 -5
- package/app-backend/core/module-pack.js.map +1 -1
- package/app-backend/modules/PermissionsModule.js +102 -210
- package/app-backend/modules/PermissionsModule.js.map +1 -1
- package/app-backend/modules/TagsModule.js +26 -78
- package/app-backend/modules/TagsModule.js.map +1 -1
- package/app-backend/modules/db-types/assign.js +205 -374
- package/app-backend/modules/db-types/assign.js.map +1 -1
- package/app-backend/modules/db-types/managment.js +168 -311
- package/app-backend/modules/db-types/managment.js.map +1 -1
- package/app-backend/modules/permissions-assert.js +154 -302
- package/app-backend/modules/permissions-assert.js.map +1 -1
- package/app-backend/modules/permissions-share.js +8 -60
- package/app-backend/modules/permissions-share.js.map +1 -1
- package/app-frontend/core/module-pack.js +7 -7
- package/app-frontend/core/module-pack.js.map +1 -1
- package/app-frontend/modules/PermissionsComponent.js +11 -29
- package/app-frontend/modules/PermissionsComponent.js.map +1 -1
- package/app-frontend/modules/PermissionsModuleFE.js +49 -97
- package/app-frontend/modules/PermissionsModuleFE.js.map +1 -1
- package/app-frontend/modules/assign/ApiCaller_PermissionsGroup.js +33 -91
- package/app-frontend/modules/assign/ApiCaller_PermissionsGroup.js.map +1 -1
- package/app-frontend/modules/assign/ApiCaller_PermissionsUser.js +33 -91
- package/app-frontend/modules/assign/ApiCaller_PermissionsUser.js.map +1 -1
- package/app-frontend/modules/manage/ApiCaller_PermissionsApi.js +36 -95
- package/app-frontend/modules/manage/ApiCaller_PermissionsApi.js.map +1 -1
- package/app-frontend/modules/manage/ApiCaller_PermissionsDomain.js +40 -100
- package/app-frontend/modules/manage/ApiCaller_PermissionsDomain.js.map +1 -1
- package/app-frontend/modules/manage/ApiCaller_PermissionsLevel.js +40 -100
- package/app-frontend/modules/manage/ApiCaller_PermissionsLevel.js.map +1 -1
- package/app-frontend/modules/manage/ApiCaller_PermissionsProject.js +40 -98
- package/app-frontend/modules/manage/ApiCaller_PermissionsProject.js.map +1 -1
- package/app-frontend/modules/tags/ApiCaller_PermissionsTags.js +32 -90
- package/app-frontend/modules/tags/ApiCaller_PermissionsTags.js.map +1 -1
- package/package.json +4 -4
|
@@ -16,19 +16,6 @@
|
|
|
16
16
|
* See the License for the specific language governing permissions and
|
|
17
17
|
* limitations under the License.
|
|
18
18
|
*/
|
|
19
|
-
var __extends = (this && this.__extends) || (function () {
|
|
20
|
-
var extendStatics = function (d, b) {
|
|
21
|
-
extendStatics = Object.setPrototypeOf ||
|
|
22
|
-
({ __proto__: [] } instanceof Array && function (d, b) { d.__proto__ = b; }) ||
|
|
23
|
-
function (d, b) { for (var p in b) if (Object.prototype.hasOwnProperty.call(b, p)) d[p] = b[p]; };
|
|
24
|
-
return extendStatics(d, b);
|
|
25
|
-
};
|
|
26
|
-
return function (d, b) {
|
|
27
|
-
extendStatics(d, b);
|
|
28
|
-
function __() { this.constructor = d; }
|
|
29
|
-
d.prototype = b === null ? Object.create(b) : (__.prototype = b.prototype, new __());
|
|
30
|
-
};
|
|
31
|
-
})();
|
|
32
19
|
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
33
20
|
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
34
21
|
return new (P || (P = Promise))(function (resolve, reject) {
|
|
@@ -38,394 +25,238 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
|
|
|
38
25
|
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
39
26
|
});
|
|
40
27
|
};
|
|
41
|
-
var __generator = (this && this.__generator) || function (thisArg, body) {
|
|
42
|
-
var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
|
|
43
|
-
return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
|
|
44
|
-
function verb(n) { return function (v) { return step([n, v]); }; }
|
|
45
|
-
function step(op) {
|
|
46
|
-
if (f) throw new TypeError("Generator is already executing.");
|
|
47
|
-
while (_) try {
|
|
48
|
-
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
|
|
49
|
-
if (y = 0, t) op = [op[0] & 2, t.value];
|
|
50
|
-
switch (op[0]) {
|
|
51
|
-
case 0: case 1: t = op; break;
|
|
52
|
-
case 4: _.label++; return { value: op[1], done: false };
|
|
53
|
-
case 5: _.label++; y = op[1]; op = [0]; continue;
|
|
54
|
-
case 7: op = _.ops.pop(); _.trys.pop(); continue;
|
|
55
|
-
default:
|
|
56
|
-
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
|
|
57
|
-
if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
|
|
58
|
-
if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
|
|
59
|
-
if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
|
|
60
|
-
if (t[2]) _.ops.pop();
|
|
61
|
-
_.trys.pop(); continue;
|
|
62
|
-
}
|
|
63
|
-
op = body.call(thisArg, _);
|
|
64
|
-
} catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
|
|
65
|
-
if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
|
|
66
|
-
}
|
|
67
|
-
};
|
|
68
28
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
69
29
|
exports.UserPermissionsDB = exports.GroupPermissionsDB = exports.UsersDB_Class = exports.GroupsDB_Class = void 0;
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
30
|
+
const _imports_1 = require("../_imports");
|
|
31
|
+
const backend_1 = require("@intuitionrobotics/db-api-generator/backend");
|
|
32
|
+
const backend_2 = require("@intuitionrobotics/user-account/backend");
|
|
33
|
+
const backend_3 = require("@intuitionrobotics/thunderstorm/backend");
|
|
34
|
+
const ts_common_1 = require("@intuitionrobotics/ts-common");
|
|
35
|
+
const managment_1 = require("./managment");
|
|
36
|
+
const permissions_share_1 = require("../permissions-share");
|
|
37
|
+
const validateUserUuid = ts_common_1.validateRegexp(/^.{0,50}$/);
|
|
38
|
+
const validateGroupLabel = ts_common_1.validateRegexp(/^[A-Za-z-\._ ]+$/);
|
|
39
|
+
const validateCustomFieldValues = ts_common_1.validateRegexp(/^.{0,500}$/);
|
|
80
40
|
function checkDuplicateLevelsDomain(levels) {
|
|
81
|
-
|
|
82
|
-
|
|
41
|
+
const domainIds = levels.map(level => level.domainId);
|
|
42
|
+
const filteredDomainIds = ts_common_1.filterDuplicates(domainIds);
|
|
83
43
|
if (filteredDomainIds.length !== domainIds.length)
|
|
84
44
|
throw new backend_3.ApiException(422, 'You trying insert duplicate accessLevel with the same domain');
|
|
85
45
|
}
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
_this.setLockKeys(['__accessLevels']);
|
|
91
|
-
return _this;
|
|
46
|
+
class GroupsDB_Class extends backend_1.BaseDB_ApiGenerator {
|
|
47
|
+
constructor() {
|
|
48
|
+
super(_imports_1.CollectionName_Groups, GroupsDB_Class._validator, "group");
|
|
49
|
+
this.setLockKeys(['__accessLevels']);
|
|
92
50
|
}
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
return { label
|
|
96
|
-
}
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
return [{ label
|
|
100
|
-
}
|
|
101
|
-
|
|
102
|
-
return __awaiter(this, void 0, void 0, function () {
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
case 1:
|
|
108
|
-
groups = _a.sent();
|
|
109
|
-
if (groups.length) {
|
|
110
|
-
throw new backend_3.ApiException(403, 'You trying delete group that associated with users, you need delete this group from users first');
|
|
111
|
-
}
|
|
112
|
-
return [2 /*return*/];
|
|
113
|
-
}
|
|
114
|
-
});
|
|
51
|
+
externalFilter(item) {
|
|
52
|
+
const { label } = item;
|
|
53
|
+
return { label };
|
|
54
|
+
}
|
|
55
|
+
internalFilter(item) {
|
|
56
|
+
const { label } = item;
|
|
57
|
+
return [{ label }];
|
|
58
|
+
}
|
|
59
|
+
assertDeletion(transaction, dbInstance) {
|
|
60
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
61
|
+
const groups = yield exports.UserPermissionsDB.collection.query({ where: { __groupIds: { $ac: dbInstance._id } } });
|
|
62
|
+
if (groups.length) {
|
|
63
|
+
throw new backend_3.ApiException(403, 'You trying delete group that associated with users, you need delete this group from users first');
|
|
64
|
+
}
|
|
115
65
|
});
|
|
116
|
-
}
|
|
117
|
-
|
|
118
|
-
return __awaiter(this, void 0, void 0, function () {
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
groupLevels = _a.sent();
|
|
131
|
-
checkDuplicateLevelsDomain(groupLevels);
|
|
132
|
-
dbInstance.__accessLevels = groupLevels.map(function (level) {
|
|
133
|
-
return { domainId: level.domainId, value: level.value };
|
|
134
|
-
});
|
|
135
|
-
_a.label = 2;
|
|
136
|
-
case 2: return [2 /*return*/];
|
|
137
|
-
}
|
|
138
|
-
});
|
|
66
|
+
}
|
|
67
|
+
setAccessLevels(dbInstance) {
|
|
68
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
69
|
+
dbInstance.__accessLevels = [];
|
|
70
|
+
const accessLevelIds = dbInstance.accessLevelIds || [];
|
|
71
|
+
if (accessLevelIds.length) {
|
|
72
|
+
const groupLevels = yield ts_common_1.batchAction(accessLevelIds, 10, (chunked) => {
|
|
73
|
+
return managment_1.AccessLevelPermissionsDB.query({ where: { _id: { $in: chunked } } });
|
|
74
|
+
});
|
|
75
|
+
checkDuplicateLevelsDomain(groupLevels);
|
|
76
|
+
dbInstance.__accessLevels = groupLevels.map(level => {
|
|
77
|
+
return { domainId: level.domainId, value: level.value };
|
|
78
|
+
});
|
|
79
|
+
}
|
|
139
80
|
});
|
|
140
|
-
}
|
|
141
|
-
|
|
142
|
-
return __awaiter(this, void 0, void 0, function () {
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
case 1:
|
|
148
|
-
groupsByTags = _a.sent();
|
|
149
|
-
if (!groupsByTags)
|
|
150
|
-
return [2 /*return*/, []];
|
|
151
|
-
return [2 /*return*/, groupsByTags];
|
|
152
|
-
}
|
|
153
|
-
});
|
|
81
|
+
}
|
|
82
|
+
getGroupsByTags(tags) {
|
|
83
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
84
|
+
const groupsByTags = yield this.collection.query({ where: { tags: { $aca: tags } } });
|
|
85
|
+
if (!groupsByTags)
|
|
86
|
+
return [];
|
|
87
|
+
return groupsByTags;
|
|
154
88
|
});
|
|
155
|
-
}
|
|
156
|
-
|
|
157
|
-
return __awaiter(this, void 0, void 0, function () {
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
_a.label = 2;
|
|
168
|
-
case 2:
|
|
169
|
-
if (!(_i < groupsWithTags_1.length)) return [3 /*break*/, 5];
|
|
170
|
-
_group = groupsWithTags_1[_i];
|
|
171
|
-
if (!_group.tags)
|
|
172
|
-
return [3 /*break*/, 4];
|
|
173
|
-
ts_common_1.removeItemFromArray(_group.tags, tag);
|
|
174
|
-
return [4 /*yield*/, this.collection.upsert(_group)];
|
|
175
|
-
case 3:
|
|
176
|
-
_a.sent();
|
|
177
|
-
_a.label = 4;
|
|
178
|
-
case 4:
|
|
179
|
-
_i++;
|
|
180
|
-
return [3 /*break*/, 2];
|
|
181
|
-
case 5: return [2 /*return*/];
|
|
182
|
-
}
|
|
183
|
-
});
|
|
89
|
+
}
|
|
90
|
+
deleteTags(tag) {
|
|
91
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
92
|
+
const groupsWithTags = yield this.collection.query({ where: { tags: { $aca: [tag] } } });
|
|
93
|
+
if (!groupsWithTags)
|
|
94
|
+
return;
|
|
95
|
+
for (const _group of groupsWithTags) {
|
|
96
|
+
if (!_group.tags)
|
|
97
|
+
continue;
|
|
98
|
+
ts_common_1.removeItemFromArray(_group.tags, tag);
|
|
99
|
+
yield this.collection.upsert(_group);
|
|
100
|
+
}
|
|
184
101
|
});
|
|
185
|
-
}
|
|
186
|
-
|
|
102
|
+
}
|
|
103
|
+
preUpsertProcessing(transaction, dbInstance, request) {
|
|
187
104
|
var _a;
|
|
188
|
-
return __awaiter(this, void 0, void 0, function () {
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
|
|
199
|
-
case 2:
|
|
200
|
-
if (!dbInstance.accessLevelIds)
|
|
201
|
-
return [2 /*return*/];
|
|
202
|
-
return [4 /*yield*/, this.setAccessLevels(dbInstance)];
|
|
203
|
-
case 3:
|
|
204
|
-
_b.sent();
|
|
205
|
-
filterAccessLevelIds = ts_common_1.filterDuplicates(dbInstance.accessLevelIds);
|
|
206
|
-
if (filterAccessLevelIds.length !== ((_a = dbInstance.accessLevelIds) === null || _a === void 0 ? void 0 : _a.length))
|
|
207
|
-
throw new backend_3.ApiException(422, 'You trying insert duplicate accessLevel id in group');
|
|
208
|
-
return [2 /*return*/];
|
|
209
|
-
}
|
|
210
|
-
});
|
|
105
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
106
|
+
if (request) {
|
|
107
|
+
const account = yield backend_2.AccountModule.validateSession(request);
|
|
108
|
+
dbInstance._audit = ts_common_1.auditBy(account.email);
|
|
109
|
+
}
|
|
110
|
+
if (!dbInstance.accessLevelIds)
|
|
111
|
+
return;
|
|
112
|
+
yield this.setAccessLevels(dbInstance);
|
|
113
|
+
const filterAccessLevelIds = ts_common_1.filterDuplicates(dbInstance.accessLevelIds);
|
|
114
|
+
if (filterAccessLevelIds.length !== ((_a = dbInstance.accessLevelIds) === null || _a === void 0 ? void 0 : _a.length))
|
|
115
|
+
throw new backend_3.ApiException(422, 'You trying insert duplicate accessLevel id in group');
|
|
211
116
|
});
|
|
212
|
-
}
|
|
213
|
-
|
|
117
|
+
}
|
|
118
|
+
getConfig() {
|
|
214
119
|
return this.config;
|
|
215
|
-
}
|
|
216
|
-
|
|
217
|
-
return projectId
|
|
218
|
-
}
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
|
|
231
|
-
})];
|
|
232
|
-
case 1:
|
|
233
|
-
dbGroups = _a.apply(void 0, [_b.sent()]);
|
|
234
|
-
groupsToInsert = _groups.filter(function (group) { return !dbGroups.find(function (dbGroup) { return dbGroup._id === group._id; }); });
|
|
235
|
-
return [2 /*return*/, this.upsertAll(groupsToInsert, transaction)];
|
|
236
|
-
}
|
|
237
|
-
});
|
|
238
|
-
}); });
|
|
239
|
-
};
|
|
240
|
-
GroupsDB_Class._validator = {
|
|
241
|
-
_id: backend_1.validateStringAndNumbersWithDashes,
|
|
242
|
-
label: validateGroupLabel,
|
|
243
|
-
tags: undefined,
|
|
244
|
-
accessLevelIds: ts_common_1.validateArray(backend_1.validateUniqueId, false),
|
|
245
|
-
customFields: ts_common_1.validateArray(ts_common_1.validateObjectValues(validateCustomFieldValues), false),
|
|
246
|
-
__accessLevels: undefined,
|
|
247
|
-
_audit: undefined
|
|
248
|
-
};
|
|
249
|
-
return GroupsDB_Class;
|
|
250
|
-
}(backend_1.BaseDB_ApiGenerator));
|
|
120
|
+
}
|
|
121
|
+
getPredefinedGroupId(projectId, predefinedGroupId) {
|
|
122
|
+
return `${projectId}--${predefinedGroupId}`;
|
|
123
|
+
}
|
|
124
|
+
upsertPredefinedGroups(projectId, projectName, predefinedGroups) {
|
|
125
|
+
return this.runInTransaction((transaction) => __awaiter(this, void 0, void 0, function* () {
|
|
126
|
+
const _groups = predefinedGroups.map(group => ({ _id: this.getPredefinedGroupId(projectId, group._id), label: `${projectName}--${group.key}-${group.label}` }));
|
|
127
|
+
const dbGroups = ts_common_1.filterInstances(yield ts_common_1.batchAction(_groups.map(group => group._id), 10, (chunk) => {
|
|
128
|
+
return transaction.query(this.collection, { where: { _id: { $in: chunk } } });
|
|
129
|
+
}));
|
|
130
|
+
//TODO patch the predefined groups, in case app changed the label of the group..
|
|
131
|
+
const groupsToInsert = _groups.filter(group => !dbGroups.find(dbGroup => dbGroup._id === group._id));
|
|
132
|
+
return this.upsertAll(groupsToInsert, transaction);
|
|
133
|
+
}));
|
|
134
|
+
}
|
|
135
|
+
}
|
|
251
136
|
exports.GroupsDB_Class = GroupsDB_Class;
|
|
252
|
-
|
|
253
|
-
|
|
254
|
-
|
|
255
|
-
|
|
256
|
-
|
|
257
|
-
|
|
137
|
+
GroupsDB_Class._validator = {
|
|
138
|
+
_id: backend_1.validateStringAndNumbersWithDashes,
|
|
139
|
+
label: validateGroupLabel,
|
|
140
|
+
tags: undefined,
|
|
141
|
+
accessLevelIds: ts_common_1.validateArray(backend_1.validateUniqueId, false),
|
|
142
|
+
customFields: ts_common_1.validateArray(ts_common_1.validateObjectValues(validateCustomFieldValues), false),
|
|
143
|
+
__accessLevels: undefined,
|
|
144
|
+
_audit: undefined
|
|
145
|
+
};
|
|
146
|
+
class UsersDB_Class extends backend_1.BaseDB_ApiGenerator {
|
|
147
|
+
constructor() {
|
|
148
|
+
super(_imports_1.CollectionName_Users, UsersDB_Class._validator, "user");
|
|
149
|
+
this.setLockKeys(["accountId"]);
|
|
258
150
|
}
|
|
259
|
-
|
|
151
|
+
preUpsertProcessing(transaction, dbInstance, request) {
|
|
260
152
|
var _a;
|
|
261
|
-
return __awaiter(this, void 0, void 0, function () {
|
|
262
|
-
|
|
263
|
-
|
|
264
|
-
|
|
265
|
-
|
|
266
|
-
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
|
|
270
|
-
|
|
271
|
-
|
|
272
|
-
|
|
273
|
-
|
|
274
|
-
|
|
275
|
-
|
|
276
|
-
|
|
277
|
-
|
|
278
|
-
|
|
279
|
-
|
|
280
|
-
|
|
281
|
-
|
|
282
|
-
|
|
283
|
-
|
|
284
|
-
|
|
285
|
-
userGroupsItems = dbInstance.groups || [];
|
|
286
|
-
userGroupsItems.forEach(function (userGroupItem) {
|
|
287
|
-
userGroupsItems.forEach(function (innerUserGroupItem) {
|
|
288
|
-
if (userGroupsItems.indexOf(userGroupItem) === userGroupsItems.indexOf(innerUserGroupItem))
|
|
289
|
-
return;
|
|
290
|
-
if (ts_common_1.compare(userGroupItem.groupId, innerUserGroupItem.groupId) && ts_common_1.compare(userGroupItem.customField || {}, innerUserGroupItem.customField || {})) {
|
|
291
|
-
throw new backend_3.ApiException(422, 'You trying upsert user with duplicate UserGroup (with the same groupId && customField)');
|
|
292
|
-
}
|
|
293
|
-
});
|
|
294
|
-
});
|
|
295
|
-
return [2 /*return*/];
|
|
296
|
-
}
|
|
153
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
154
|
+
if (request) {
|
|
155
|
+
const account = yield backend_2.AccountModule.validateSession(request);
|
|
156
|
+
dbInstance._audit = ts_common_1.auditBy(account.email);
|
|
157
|
+
}
|
|
158
|
+
this.setGroupIds(dbInstance);
|
|
159
|
+
const userGroupIds = ts_common_1.filterDuplicates(((_a = dbInstance.groups) === null || _a === void 0 ? void 0 : _a.map(group => group.groupId)) || []);
|
|
160
|
+
if (!userGroupIds.length)
|
|
161
|
+
return;
|
|
162
|
+
const userGroups = yield ts_common_1.batchAction(userGroupIds, 10, (chunked) => {
|
|
163
|
+
return exports.GroupPermissionsDB.query({ where: { _id: { $in: chunked } } });
|
|
164
|
+
});
|
|
165
|
+
if (userGroupIds.length !== userGroups.length) {
|
|
166
|
+
throw new backend_3.ApiException(422, 'You trying upsert user with group that not found in group permissions db');
|
|
167
|
+
}
|
|
168
|
+
const userGroupsItems = dbInstance.groups || [];
|
|
169
|
+
userGroupsItems.forEach((userGroupItem) => {
|
|
170
|
+
userGroupsItems.forEach(innerUserGroupItem => {
|
|
171
|
+
if (userGroupsItems.indexOf(userGroupItem) === userGroupsItems.indexOf(innerUserGroupItem))
|
|
172
|
+
return;
|
|
173
|
+
if (ts_common_1.compare(userGroupItem.groupId, innerUserGroupItem.groupId) && ts_common_1.compare(userGroupItem.customField || {}, innerUserGroupItem.customField || {})) {
|
|
174
|
+
throw new backend_3.ApiException(422, 'You trying upsert user with duplicate UserGroup (with the same groupId && customField)');
|
|
175
|
+
}
|
|
176
|
+
});
|
|
297
177
|
});
|
|
298
178
|
});
|
|
299
|
-
}
|
|
300
|
-
|
|
301
|
-
|
|
302
|
-
return [{ accountId
|
|
303
|
-
}
|
|
304
|
-
|
|
179
|
+
}
|
|
180
|
+
internalFilter(item) {
|
|
181
|
+
const { accountId } = item;
|
|
182
|
+
return [{ accountId }];
|
|
183
|
+
}
|
|
184
|
+
setGroupIds(dbInstance) {
|
|
305
185
|
dbInstance.__groupIds = [];
|
|
306
|
-
|
|
186
|
+
const userGroups = dbInstance.groups || [];
|
|
307
187
|
if (userGroups.length) {
|
|
308
|
-
dbInstance.__groupIds = userGroups.map(
|
|
188
|
+
dbInstance.__groupIds = userGroups.map(userGroup => userGroup.groupId);
|
|
309
189
|
}
|
|
310
|
-
}
|
|
311
|
-
|
|
312
|
-
return __awaiter(this, void 0, void 0, function () {
|
|
313
|
-
|
|
314
|
-
switch (_a.label) {
|
|
315
|
-
case 0: return [4 /*yield*/, this.insertIfNotExist(account.email)];
|
|
316
|
-
case 1:
|
|
317
|
-
_a.sent();
|
|
318
|
-
return [2 /*return*/];
|
|
319
|
-
}
|
|
320
|
-
});
|
|
190
|
+
}
|
|
191
|
+
__onUserLogin(account) {
|
|
192
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
193
|
+
yield this.insertIfNotExist(account.email);
|
|
321
194
|
});
|
|
322
|
-
}
|
|
323
|
-
|
|
324
|
-
return __awaiter(this, void 0, void 0, function () {
|
|
325
|
-
|
|
326
|
-
switch (_a.label) {
|
|
327
|
-
case 0: return [4 /*yield*/, this.insertIfNotExist(account.email)];
|
|
328
|
-
case 1:
|
|
329
|
-
_a.sent();
|
|
330
|
-
return [2 /*return*/];
|
|
331
|
-
}
|
|
332
|
-
});
|
|
195
|
+
}
|
|
196
|
+
__onNewUserRegistered(account) {
|
|
197
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
198
|
+
yield this.insertIfNotExist(account.email);
|
|
333
199
|
});
|
|
334
|
-
}
|
|
335
|
-
|
|
336
|
-
return __awaiter(this, void 0, void 0, function () {
|
|
337
|
-
|
|
338
|
-
|
|
339
|
-
|
|
340
|
-
|
|
341
|
-
|
|
342
|
-
|
|
343
|
-
|
|
344
|
-
|
|
345
|
-
|
|
346
|
-
if (!account)
|
|
347
|
-
throw new backend_3.ApiException(404, "user not found for email " + email);
|
|
348
|
-
return [4 /*yield*/, transaction.query(this.collection, { where: { accountId: account._id } })];
|
|
349
|
-
case 2:
|
|
350
|
-
users = _a.sent();
|
|
351
|
-
if (users.length)
|
|
352
|
-
return [2 /*return*/];
|
|
353
|
-
return [2 /*return*/, this.upsert({ accountId: account._id, groups: [] }, transaction)];
|
|
354
|
-
}
|
|
355
|
-
});
|
|
356
|
-
}); })];
|
|
357
|
-
});
|
|
200
|
+
}
|
|
201
|
+
insertIfNotExist(email) {
|
|
202
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
203
|
+
return this.runInTransaction((transaction) => __awaiter(this, void 0, void 0, function* () {
|
|
204
|
+
const account = yield backend_2.AccountModule.getUser(email);
|
|
205
|
+
if (!account)
|
|
206
|
+
throw new backend_3.ApiException(404, `user not found for email ${email}`);
|
|
207
|
+
const users = yield transaction.query(this.collection, { where: { accountId: account._id } });
|
|
208
|
+
if (users.length)
|
|
209
|
+
return;
|
|
210
|
+
return this.upsert({ accountId: account._id, groups: [] }, transaction);
|
|
211
|
+
}));
|
|
358
212
|
});
|
|
359
|
-
}
|
|
360
|
-
|
|
361
|
-
return __awaiter(this, void 0, void 0, function () {
|
|
362
|
-
|
|
363
|
-
|
|
364
|
-
|
|
365
|
-
|
|
366
|
-
|
|
367
|
-
|
|
368
|
-
|
|
369
|
-
|
|
370
|
-
|
|
371
|
-
|
|
372
|
-
|
|
373
|
-
|
|
374
|
-
|
|
375
|
-
|
|
376
|
-
|
|
377
|
-
|
|
378
|
-
|
|
379
|
-
|
|
380
|
-
|
|
381
|
-
|
|
382
|
-
|
|
383
|
-
|
|
384
|
-
|
|
385
|
-
|
|
386
|
-
|
|
387
|
-
|
|
388
|
-
|
|
389
|
-
|
|
390
|
-
|
|
391
|
-
|
|
392
|
-
|
|
393
|
-
|
|
394
|
-
|
|
395
|
-
updatedUsers = users.map(function (user) {
|
|
396
|
-
var _a;
|
|
397
|
-
var newGroups = (_a = (user.groups || [])) === null || _a === void 0 ? void 0 : _a.filter(function (group) { return !assignAppPermissionsObj.groupsToRemove.find(function (groupToRemove) {
|
|
398
|
-
if (exports.GroupPermissionsDB.getPredefinedGroupId(assignAppPermissionsObj.projectId, groupToRemove._id) !== group.groupId)
|
|
399
|
-
return false;
|
|
400
|
-
return ts_common_1.compare(group.customField, assignAppPermissionsObj.customField, assignAppPermissionsObj.assertKeys);
|
|
401
|
-
}); });
|
|
402
|
-
if (!newGroups.find(function (nGroup) { return nGroup.groupId === _group._id && ts_common_1.compare(nGroup.customField, assignAppPermissionsObj.customField); })) {
|
|
403
|
-
newGroups.push({ groupId: _group._id, customField: assignAppPermissionsObj.customField });
|
|
404
|
-
}
|
|
405
|
-
user.groups = newGroups;
|
|
406
|
-
return user;
|
|
407
|
-
});
|
|
408
|
-
return [2 /*return*/, this.upsertAll(updatedUsers, transaction, request)];
|
|
409
|
-
}
|
|
410
|
-
});
|
|
411
|
-
}); })];
|
|
412
|
-
case 2:
|
|
413
|
-
_a.sent();
|
|
414
|
-
return [2 /*return*/];
|
|
415
|
-
}
|
|
416
|
-
});
|
|
213
|
+
}
|
|
214
|
+
assignAppPermissions(assignAppPermissionsObj, request) {
|
|
215
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
216
|
+
const sharedUserIds = assignAppPermissionsObj.sharedUserIds || [];
|
|
217
|
+
if (!sharedUserIds.length)
|
|
218
|
+
throw new ts_common_1.BadImplementationException("SharedUserIds is missing");
|
|
219
|
+
const groupId = exports.GroupPermissionsDB.getPredefinedGroupId(assignAppPermissionsObj.projectId, assignAppPermissionsObj.group._id);
|
|
220
|
+
yield permissions_share_1.PermissionsShare.verifyPermissionGrantingAllowed(assignAppPermissionsObj.granterUserId, { groupId, customField: assignAppPermissionsObj.customField });
|
|
221
|
+
if (!assignAppPermissionsObj.groupsToRemove.find(groupToRemove => groupToRemove._id === assignAppPermissionsObj.group._id))
|
|
222
|
+
throw new ts_common_1.BadImplementationException("Group to must be a part of the groups to removed array");
|
|
223
|
+
yield this.runInTransaction((transaction) => __awaiter(this, void 0, void 0, function* () {
|
|
224
|
+
const users = yield ts_common_1.batchAction(sharedUserIds, 10, (chunked) => {
|
|
225
|
+
return transaction.query(this.collection, { where: { accountId: { $in: chunked } } });
|
|
226
|
+
});
|
|
227
|
+
if (users.length !== sharedUserIds.length)
|
|
228
|
+
throw new backend_3.ApiException(404, `No permissions USER for all user ids`); // TODO mention who miss?
|
|
229
|
+
if (!assignAppPermissionsObj.customField || ts_common_1._keys(assignAppPermissionsObj.customField).length === 0)
|
|
230
|
+
throw new backend_3.ApiException(400, `Cannot set app permissions '${assignAppPermissionsObj.projectId}--${assignAppPermissionsObj.group._id}', request must have custom fields restriction!!`);
|
|
231
|
+
const _group = yield transaction.queryUnique(exports.GroupPermissionsDB.collection, { where: { _id: groupId } });
|
|
232
|
+
if (!_group)
|
|
233
|
+
throw new backend_3.ApiException(404, `No permissions GROUP for id ${groupId}`);
|
|
234
|
+
const updatedUsers = users.map(user => {
|
|
235
|
+
var _a;
|
|
236
|
+
const newGroups = (_a = (user.groups || [])) === null || _a === void 0 ? void 0 : _a.filter(group => !assignAppPermissionsObj.groupsToRemove.find(groupToRemove => {
|
|
237
|
+
if (exports.GroupPermissionsDB.getPredefinedGroupId(assignAppPermissionsObj.projectId, groupToRemove._id) !== group.groupId)
|
|
238
|
+
return false;
|
|
239
|
+
return ts_common_1.compare(group.customField, assignAppPermissionsObj.customField, assignAppPermissionsObj.assertKeys);
|
|
240
|
+
}));
|
|
241
|
+
if (!newGroups.find(nGroup => nGroup.groupId === _group._id && ts_common_1.compare(nGroup.customField, assignAppPermissionsObj.customField))) {
|
|
242
|
+
newGroups.push({ groupId: _group._id, customField: assignAppPermissionsObj.customField });
|
|
243
|
+
}
|
|
244
|
+
user.groups = newGroups;
|
|
245
|
+
return user;
|
|
246
|
+
});
|
|
247
|
+
return this.upsertAll(updatedUsers, transaction, request);
|
|
248
|
+
}));
|
|
417
249
|
});
|
|
418
|
-
}
|
|
419
|
-
|
|
420
|
-
_id: undefined,
|
|
421
|
-
accountId: validateUserUuid,
|
|
422
|
-
groups: ts_common_1.validateArray({ groupId: backend_1.validateStringAndNumbersWithDashes, customField: ts_common_1.validateObjectValues(validateCustomFieldValues, false) }, false),
|
|
423
|
-
__groupIds: ts_common_1.validateArray(backend_1.validateStringAndNumbersWithDashes, false),
|
|
424
|
-
_audit: undefined
|
|
425
|
-
};
|
|
426
|
-
return UsersDB_Class;
|
|
427
|
-
}(backend_1.BaseDB_ApiGenerator));
|
|
250
|
+
}
|
|
251
|
+
}
|
|
428
252
|
exports.UsersDB_Class = UsersDB_Class;
|
|
253
|
+
UsersDB_Class._validator = {
|
|
254
|
+
_id: undefined,
|
|
255
|
+
accountId: validateUserUuid,
|
|
256
|
+
groups: ts_common_1.validateArray({ groupId: backend_1.validateStringAndNumbersWithDashes, customField: ts_common_1.validateObjectValues(validateCustomFieldValues, false) }, false),
|
|
257
|
+
__groupIds: ts_common_1.validateArray(backend_1.validateStringAndNumbersWithDashes, false),
|
|
258
|
+
_audit: undefined
|
|
259
|
+
};
|
|
429
260
|
exports.GroupPermissionsDB = new GroupsDB_Class();
|
|
430
261
|
exports.UserPermissionsDB = new UsersDB_Class();
|
|
431
262
|
//# sourceMappingURL=assign.js.map
|