@izara_project/izara-market-library-service-schemas 1.0.74 → 1.0.75

package/index.js

@@ -17,14 +17,18 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 'use strict';
 
-
-
 module.exports = {
   templateMgr: require('./src/TemplateManager'),
   sourceMgr: require('./src/SourceManager'),
   generateCodeLibs: require('./src/GenerateCodeLibs'),
   utils: require('./src/MainLibs'),
-  generateSchemaWithTemplate: require('./src/TemplateManager/src/GenerateSchema').generateSchemaWithTemplate,
-  generateCodeWithTemplate: require('./src/reStructure/GenerateCode').generateCodeWithTemplate,
-  generateSchema: require('./src/reStructure/GenerateSchema')
-}
+  generateSchemaWithTemplate:
+    require('./src/TemplateManager/src/GenerateSchema')
+      .generateSchemaWithTemplate,
+  generateCodeWithTemplate: require('./src/reStructure/GenerateCode')
+    .generateCodeWithTemplate,
+  generateSchema: require('./src/reStructure/GenerateSchema'),
+
+  // Libs
+  checkPermission: require('./src/CheckPermission')
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@izara_project/izara-market-library-service-schemas",
-  "version": "1.0.74",
+  "version": "1.0.75",
   "description": "Schemas for Izara Market project",
   "main": "index.js",
   "scripts": {
@@ -14,26 +14,27 @@
   "license": "AGPL-3.0-or-later",
   "homepage": "https://bitbucket.org/izara-market-libraries/izara-market-library-service-schemas/src/master/README.md",
   "devDependencies": {
-    "jest": "^30.0.5"
+    "jest": "^30.2.0"
   },
   "jest": {
     "testEnvironment": "node"
   },
   "dependencies": {
     "@izara_project/izara-core-library-calling-flow": "^1.0.3",
-    "@izara_project/izara-core-library-core": "^1.0.20",
-    "@izara_project/izara-core-library-external-request": "^1.0.20",
+    "@izara_project/izara-core-library-core": "^1.0.27",
+    "@izara_project/izara-core-library-external-request": "^1.0.21",
+    "@izara_project/izara-core-library-lambda": "^1.0.5",
     "@izara_project/izara-core-library-logger": "^1.0.7",
-    "@izara_project/izara-core-library-service-schemas": "^1.0.96",
+    "@izara_project/izara-core-library-service-schemas": "^1.0.100",
     "@izara_project/izara-core-library-sns": "^1.0.6",
     "@izara_project/izara-core-library-sqs": "^1.0.4",
     "@izara_project/izara-shared": "^1.0.126",
-    "@izara_project/izara-shared-service-schemas": "^1.0.31",
-    "@izara_project/izara-shared-core": "^1.0.2",
+    "@izara_project/izara-shared-core": "^1.0.4",
+    "@izara_project/izara-shared-service-schemas": "^1.0.32",
     "ejs": "^3.1.10",
     "js-beautify": "^1.15.4",
     "lodash": "^4.17.21",
     "object-hash": "^3.0.0",
-    "yaml": "^2.8.0"
+    "yaml": "^2.8.1"
   }
 }

package/src/CheckPermission/CheckPermission.js

@@ -0,0 +1,140 @@
+/*
+Copyright (C) 2021 Sven Mason <http://izara.io>
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+Copyright (C) 2020 Sven Mason <http://izara.io>
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+'use strict';
+
+const {
+  lambdaFunctionName
+} = require('@izara_project/izara-core-library-lambda');
+const {
+  lambda
+} = require('@izara_project/izara-core-library-external-request');
+const { consts } = require('@izara_project/izara-core-library-core');
+
+/**
+ * Checks a user's permission by invoking another Lambda function.
+ * Adheres to Izara.io backend syntax guidelines.
+ *
+ * @param {object} _izContext - The context object containing logger, credentials, etc.
+ * @param {object} payload - The data payload for the permission check.
+ * @param {string} [payload.objectType] - The type of the object (e.g., 'INVOICE'). Must be used with `action`.
+ * @param {string} [payload.action] - The action to perform (e.g., 'READ', 'APPROVE'). Must be used with `objectType`.
+ * @param {string} [payload.flowTag] - The tag for a flow-based permission check. Used instead of `objectType`/`action`.
+ * @param {string} [payload.serviceName] - The name of the calling service (optional).
+ * @returns {Promise<void>} - Resolves on successful invocation, rejects on error.
+ * @throws {Error} If the payload data is invalid or if the Lambda invocation fails.
+ */
+async function checkPermission(_izContext, payload) {
+  // Validate that the payload object itself is provided.
+  if (!payload || typeof payload !== 'object') {
+    const error = new Error('Payload object is required.');
+    _izContext.logger.error(error.message);
+    throw error;
+  }
+
+  const userId = _izContext.correlationIds.get(consts.BASE_USER_ID);
+  const targetId = _izContext.correlationIds.get(consts.TARGET_ID);
+
+  // Validate the required 'userId' field.
+  if (!userId || typeof userId !== 'string' || userId.trim() === '') {
+    const error = new Error(
+      'userId is required and must be a non-empty string.'
+    );
+    _izContext.logger.error(error.message);
+    throw error;
+  } else {
+    payload.userId = userId;
+  }
+
+  if (targetId) {
+    payload.targetId = targetId;
+  }
+
+  // Define validation flags for business rules.
+  const hasObjectParams = payload.objectType || payload.action;
+  const hasFlowTag = payload.flowTag;
+
+  // Rule: Cannot mix object-based and flow-based parameters.
+  if (hasObjectParams && hasFlowTag) {
+    const error = new Error(
+      'Invalid payload: Cannot provide flowTag together with objectType or action.'
+    );
+    _izContext.logger.error(error.message, { payload });
+    throw error;
+  }
+
+  // Rule: If using object-based, both objectType and action are required.
+  if (hasObjectParams && (!payload.objectType || !payload.action)) {
+    const error = new Error(
+      'Invalid payload: Both objectType and action must be provided together.'
+    );
+    _izContext.logger.error(error.message, { payload });
+    throw error;
+  }
+
+  // Rule: Must provide at least one of the two valid schemas.
+  if (!hasObjectParams && !hasFlowTag) {
+    const error = new Error(
+      'Invalid payload: Must provide either (objectType and action) or flowTag.'
+    );
+    _izContext.logger.error(error.message, { payload });
+    throw error;
+  }
+
+  // Log the payload for debugging before invoking the next service.
+  _izContext.logger.debug('Checking permission with payload:', payload);
+
+  try {
+    const lambdaName = await lambdaFunctionName(
+      _izContext,
+      'CheckPermissionHdrInv',
+      'UserAccount'
+    );
+
+    await lambda.invokeSync(_izContext, lambdaName, payload);
+
+    _izContext.logger.info('Permission check invoked successfully.');
+  } catch (err) {
+    // Log the full error object for better traceability.
+    _izContext.logger.error(
+      'Error invoking CheckPermissionHdrInv Lambda: ',
+      err
+    );
+    throw err;
+  }
+}
+
+module.exports = {
+  checkPermission
+};