@j-schreiber/sf-cli-security-audit 0.16.1 → 0.18.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +9 -4
- package/lib/commands/org/scan/user-perms.d.ts +2 -0
- package/lib/commands/org/scan/user-perms.js +12 -1
- package/lib/commands/org/scan/user-perms.js.map +1 -1
- package/lib/libs/conf-init/defaultClassifications.js +4 -4
- package/lib/libs/conf-init/defaultClassifications.js.map +1 -1
- package/lib/libs/quick-scan/types.d.ts +3 -0
- package/lib/libs/quick-scan/userPermissionScanner.d.ts +6 -1
- package/lib/libs/quick-scan/userPermissionScanner.js +52 -16
- package/lib/libs/quick-scan/userPermissionScanner.js.map +1 -1
- package/lib/salesforce/describes/orgDescribe.d.ts +15 -9
- package/lib/salesforce/describes/orgDescribe.js +56 -31
- package/lib/salesforce/describes/orgDescribe.js.map +1 -1
- package/lib/salesforce/repositories/users/queries.d.ts +1 -0
- package/lib/salesforce/repositories/users/queries.js +1 -0
- package/lib/salesforce/repositories/users/queries.js.map +1 -1
- package/lib/salesforce/repositories/users/user.types.d.ts +1 -0
- package/lib/salesforce/repositories/users/user.types.js +2 -0
- package/lib/salesforce/repositories/users/user.types.js.map +1 -1
- package/lib/salesforce/repositories/users/users.js +5 -3
- package/lib/salesforce/repositories/users/users.js.map +1 -1
- package/messages/org.scan.user-perms.md +12 -0
- package/oclif.manifest.json +12 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -89,7 +89,7 @@ FLAG DESCRIPTIONS
|
|
|
89
89
|
essentially control, if a permission is allowed in a certain profile / permission set.
|
|
90
90
|
```
|
|
91
91
|
|
|
92
|
-
_See code: [src/commands/org/audit/init.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.
|
|
92
|
+
_See code: [src/commands/org/audit/init.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.18.0/src/commands/org/audit/init.ts)_
|
|
93
93
|
|
|
94
94
|
## `sf org audit run`
|
|
95
95
|
|
|
@@ -134,7 +134,7 @@ FLAG DESCRIPTIONS
|
|
|
134
134
|
never truncated.
|
|
135
135
|
```
|
|
136
136
|
|
|
137
|
-
_See code: [src/commands/org/audit/run.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.
|
|
137
|
+
_See code: [src/commands/org/audit/run.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.18.0/src/commands/org/audit/run.ts)_
|
|
138
138
|
|
|
139
139
|
## `sf org scan user-perms`
|
|
140
140
|
|
|
@@ -142,10 +142,11 @@ Performs a quick scan for specific user permissions.
|
|
|
142
142
|
|
|
143
143
|
```
|
|
144
144
|
USAGE
|
|
145
|
-
$ sf org scan user-perms -n <value>... -o <value> [--json] [--flags-dir <value>] [--api-version <value>] [-d]
|
|
145
|
+
$ sf org scan user-perms -n <value>... -o <value> [--json] [--flags-dir <value>] [--api-version <value>] [-i -d]
|
|
146
146
|
|
|
147
147
|
FLAGS
|
|
148
148
|
-d, --deep-scan Include all user permission assignments.
|
|
149
|
+
-i, --include-inactive Include inactive users.
|
|
149
150
|
-n, --name=<value>... (required) One or more permissions to be searched for.
|
|
150
151
|
-o, --target-org=<value> (required) The target org to scan.
|
|
151
152
|
--api-version=<value> Override the api version used for api requests made by this command
|
|
@@ -171,6 +172,10 @@ FLAG DESCRIPTIONS
|
|
|
171
172
|
Searches the profile and all assigned permission sets for active users on the target org. A user can be listed
|
|
172
173
|
multiple times if they receive a permission from different sources (e.g. a profile and a permission set).
|
|
173
174
|
|
|
175
|
+
-i, --include-inactive Include inactive users.
|
|
176
|
+
|
|
177
|
+
Include all inactive users on the org when you perform a deep scan.
|
|
178
|
+
|
|
174
179
|
-n, --name=<value>... One or more permissions to be searched for.
|
|
175
180
|
|
|
176
181
|
You can specify any valid user permission on your org, such as "AuthorApex", "CustomizeApplication", or "ViewSetup".
|
|
@@ -178,7 +183,7 @@ FLAG DESCRIPTIONS
|
|
|
178
183
|
userPermissions.yml.
|
|
179
184
|
```
|
|
180
185
|
|
|
181
|
-
_See code: [src/commands/org/scan/user-perms.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.
|
|
186
|
+
_See code: [src/commands/org/scan/user-perms.ts](https://github.com/j-schreiber/js-sf-cli-security-audit/blob/v0.18.0/src/commands/org/scan/user-perms.ts)_
|
|
182
187
|
|
|
183
188
|
<!-- commandsstop -->
|
|
184
189
|
|
|
@@ -11,10 +11,12 @@ export default class OrgUserPermScan extends SfCommand<OrgUserPermScanResult> {
|
|
|
11
11
|
'target-org': import("@oclif/core/interfaces").OptionFlag<import("@salesforce/core").Org, import("@oclif/core/interfaces").CustomOptions>;
|
|
12
12
|
'api-version': import("@oclif/core/interfaces").OptionFlag<string | undefined, import("@oclif/core/interfaces").CustomOptions>;
|
|
13
13
|
'deep-scan': import("@oclif/core/interfaces").BooleanFlag<boolean>;
|
|
14
|
+
'include-inactive': import("@oclif/core/interfaces").BooleanFlag<boolean>;
|
|
14
15
|
};
|
|
15
16
|
run(): Promise<OrgUserPermScanResult>;
|
|
16
17
|
private reportProgress;
|
|
17
18
|
private reportWarning;
|
|
19
|
+
private reportNormalisation;
|
|
18
20
|
private print;
|
|
19
21
|
private printSummary;
|
|
20
22
|
private printPermissionResults;
|
|
@@ -27,16 +27,24 @@ export default class OrgUserPermScan extends SfCommand {
|
|
|
27
27
|
description: messages.getMessage('flags.deep-scan.description'),
|
|
28
28
|
char: 'd',
|
|
29
29
|
}),
|
|
30
|
+
'include-inactive': Flags.boolean({
|
|
31
|
+
summary: messages.getMessage('flags.include-inactive.summary'),
|
|
32
|
+
description: messages.getMessage('flags.include-inactive.description'),
|
|
33
|
+
char: 'i',
|
|
34
|
+
dependsOn: ['deep-scan'],
|
|
35
|
+
}),
|
|
30
36
|
};
|
|
31
37
|
async run() {
|
|
32
38
|
const { flags } = await this.parse(OrgUserPermScan);
|
|
33
39
|
const scanner = new UserPermissionScanner();
|
|
34
40
|
scanner.on('progress', this.reportProgress);
|
|
35
41
|
scanner.on('permissionNotFound', this.reportWarning);
|
|
42
|
+
scanner.on('permissionNormalized', this.reportNormalisation);
|
|
36
43
|
const result = await scanner.quickScan({
|
|
37
44
|
targetOrg: flags['target-org'].getConnection(flags['api-version']),
|
|
38
45
|
permissions: flags.name,
|
|
39
46
|
deepScan: flags['deep-scan'],
|
|
47
|
+
includeInactive: flags['include-inactive'],
|
|
40
48
|
});
|
|
41
49
|
this.print(result);
|
|
42
50
|
return result;
|
|
@@ -61,6 +69,9 @@ export default class OrgUserPermScan extends SfCommand {
|
|
|
61
69
|
reportWarning = (event) => {
|
|
62
70
|
this.warn(messages.createWarning('PermissionNotFound', [event.permissionName]));
|
|
63
71
|
};
|
|
72
|
+
reportNormalisation = (event) => {
|
|
73
|
+
this.info(messages.createInfo('PermissionNameNormalized', [event.input, event.normalized]));
|
|
74
|
+
};
|
|
64
75
|
print(result) {
|
|
65
76
|
this.printSummary(result);
|
|
66
77
|
Object.entries(result.permissions).forEach(([permName, permResult]) => {
|
|
@@ -75,7 +86,7 @@ export default class OrgUserPermScan extends SfCommand {
|
|
|
75
86
|
permissionName,
|
|
76
87
|
profiles: permResult.profiles.length,
|
|
77
88
|
permissionSets: permResult.permissionSets.length,
|
|
78
|
-
...(permResult.users ? {
|
|
89
|
+
...(permResult.users ? { assignments: permResult.users.length } : undefined),
|
|
79
90
|
});
|
|
80
91
|
});
|
|
81
92
|
if (data.length > 0) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"user-perms.js","sourceRoot":"","sources":["../../../../src/commands/org/scan/user-perms.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,
|
|
1
|
+
{"version":3,"file":"user-perms.js","sourceRoot":"","sources":["../../../../src/commands/org/scan/user-perms.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAE5C,OAAO,qBAKN,MAAM,mDAAmD,CAAC;AAC3D,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAE/C,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,qBAAqB,CAAC,CAAC;AAIpG,MAAM,CAAC,OAAO,OAAO,eAAgB,SAAQ,SAAgC;IACpE,MAAM,CAAU,OAAO,GAAG,QAAQ,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACzD,MAAM,CAAU,WAAW,GAAG,QAAQ,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;IACjE,MAAM,CAAU,QAAQ,GAAG,QAAQ,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IAE5D,MAAM,CAAU,KAAK,GAAG;QAC7B,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC;YACjB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,oBAAoB,CAAC;YAClD,WAAW,EAAE,QAAQ,CAAC,UAAU,CAAC,wBAAwB,CAAC;YAC1D,IAAI,EAAE,GAAG;YACT,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,IAAI;SACf,CAAC;QACF,YAAY,EAAE,KAAK,CAAC,WAAW,CAAC;YAC9B,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,0BAA0B,CAAC;YACxD,IAAI,EAAE,GAAG;YACT,QAAQ,EAAE,IAAI;SACf,CAAC;QACF,aAAa,EAAE,KAAK,CAAC,aAAa,EAAE;QACpC,WAAW,EAAE,KAAK,CAAC,OAAO,CAAC;YACzB,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,yBAAyB,CAAC;YACvD,WAAW,EAAE,QAAQ,CAAC,UAAU,CAAC,6BAA6B,CAAC;YAC/D,IAAI,EAAE,GAAG;SACV,CAAC;QACF,kBAAkB,EAAE,KAAK,CAAC,OAAO,CAAC;YAChC,OAAO,EAAE,QAAQ,CAAC,UAAU,CAAC,gCAAgC,CAAC;YAC9D,WAAW,EAAE,QAAQ,CAAC,UAAU,CAAC,oCAAoC,CAAC;YACtE,IAAI,EAAE,GAAG;YACT,SAAS,EAAE,CAAC,WAAW,CAAC;SACzB,CAAC;KACH,CAAC;IAEK,KAAK,CAAC,GAAG;QACd,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;QACpD,MAAM,OAAO,GAAG,IAAI,qBAAqB,EAAE,CAAC;QAE5C,OAAO,CAAC,EAAE,CAAC,UAAU,EAAE,IAAI,CAAC,cAAc,CAAC,CAAC;QAC5C,OAAO,CAAC,EAAE,CAAC,oBAAoB,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC;QACrD,OAAO,CAAC,EAAE,CAAC,sBAAsB,EAAE,IAAI,CAAC,mBAAmB,CAAC,CAAC;QAE7D,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC;YACrC,SAAS,EAAE,KAAK,CAAC,YAAY,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;YAClE,WAAW,EAAE,KAAK,CAAC,IAAI;YACvB,QAAQ,EAAE,KAAK,CAAC,WAAW,CAAC;YAC5B,eAAe,EAAE,KAAK,CAAC,kBAAkB,CAAC;SAC3C,CAAC,CAAC;QACH,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACnB,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,cAAc,GAAG,CAAC,KAAsB,EAAQ,EAAE;QACxD,IAAI,KAAK,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YAC/B,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QACjC,CAAC;QACD,MAAM,QAAQ,GAAa,EAAE,CAAC;QAC9B,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,YAAY,CAAC,EAAE,EAAE;YACzD,IAAI,cAAc,CAAC,YAAY,CAAC,EAAE,CAAC;gBACjC,QAAQ,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,QAAQ,CAAC,KAAK,YAAY,CAAC,QAAS,IAAI,YAAY,CAAC,KAAM,GAAG,CAAC,CAAC;YAC9F,CAAC;QACH,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC3C,IAAI,KAAK,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;YACjC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;YACpB,IAAI,CAAC,UAAU,CACb,QAAQ,CAAC,UAAU,CAAC,gCAAgC,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,KAAK,EAAE,KAAK,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC,CAC1G,CAAC;YACF,IAAI,CAAC,GAAG,EAAE,CAAC;QACb,CAAC;IACH,CAAC,CAAC;IAEM,aAAa,GAAG,CAAC,KAAyB,EAAQ,EAAE;QAC1D,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,oBAAoB,EAAE,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC;IAClF,CAAC,CAAC;IAEM,mBAAmB,GAAG,CAAC,KAA2B,EAAQ,EAAE;QAClE,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,0BAA0B,EAAE,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAC9F,CAAC,CAAC;IAEM,KAAK,CAAC,MAAuB;QACnC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAC1B,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,UAAU,CAAC,EAAE,EAAE;YACpE,IAAI,CAAC,sBAAsB,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;YAClD,IAAI,CAAC,oBAAoB,CAAC,QAAQ,EAAE,UAAU,CAAC,KAAK,CAAC,CAAC;QACxD,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,YAAY,CAAC,MAAuB;QAC1C,MAAM,IAAI,GAAgG,EAAE,CAAC;QAC7G,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,cAAc,EAAE,UAAU,CAAC,EAAE,EAAE;YAC1E,IAAI,CAAC,IAAI,CAAC;gBACR,cAAc;gBACd,QAAQ,EAAE,UAAU,CAAC,QAAQ,CAAC,MAAM;gBACpC,cAAc,EAAE,UAAU,CAAC,cAAc,CAAC,MAAM;gBAChD,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,UAAU,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;aAC7E,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QACH,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpB,IAAI,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,iBAAiB,EAAE,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;QAC/E,CAAC;IACH,CAAC;IAEO,sBAAsB,CAAC,cAAsB,EAAE,MAA4B;QACjF,MAAM,IAAI,GAAgD,EAAE,CAAC;QAC7D,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;YACrC,IAAI,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;QACH,MAAM,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;YAC3C,IAAI,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,gBAAgB,EAAE,CAAC,CAAC;QACpD,CAAC,CAAC,CAAC;QACH,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpB,IAAI,CAAC,KAAK,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,cAAc,EAAE,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;QACjF,CAAC;IACH,CAAC;IAEO,oBAAoB,CAAC,QAAgB,EAAE,IAAmC;QAChF,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/B,OAAO;QACT,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YACjB,MAAM,MAAM,GAAG,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;YACpD,IAAI,MAAM,KAAK,CAAC,EAAE,CAAC;gBACjB,OAAO,MAAM,CAAC;YAChB,CAAC;YACD,MAAM,MAAM,GAAG,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YAC5C,IAAI,MAAM,KAAK,CAAC,EAAE,CAAC;gBACjB,OAAO,MAAM,CAAC;YAChB,CAAC;YACD,OAAO,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QAC1C,CAAC,CAAC,CAAC;QACH,IAAI,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,GAAG,QAAQ,gBAAgB,EAAE,IAAI,EAAE,CAAC,CAAC;IAC3D,CAAC;;AAGH,MAAM,UAAU,cAAc,CAAC,GAAY;IACzC,OAAQ,GAAwB,CAAC,KAAK,KAAK,SAAS,IAAK,GAAwB,CAAC,QAAQ,KAAK,SAAS,CAAC;AAC3G,CAAC"}
|
|
@@ -19,8 +19,8 @@ export const ClassificationInitDefinitions = {
|
|
|
19
19
|
},
|
|
20
20
|
};
|
|
21
21
|
async function initUserPermissions(con, preset) {
|
|
22
|
-
const orgManager =
|
|
23
|
-
const userPerms =
|
|
22
|
+
const orgManager = await OrgDescribe.create(con);
|
|
23
|
+
const userPerms = orgManager.getUserPermissions();
|
|
24
24
|
const presConfig = loadPreset(preset);
|
|
25
25
|
const perms = presConfig.classifyUserPermissions(userPerms);
|
|
26
26
|
perms.sort(classificationSorter);
|
|
@@ -34,8 +34,8 @@ async function initUserPermissions(con, preset) {
|
|
|
34
34
|
}
|
|
35
35
|
async function initCustomPermissions(con) {
|
|
36
36
|
const result = { permissions: {} };
|
|
37
|
-
const orgManager =
|
|
38
|
-
const customPerms =
|
|
37
|
+
const orgManager = await OrgDescribe.create(con);
|
|
38
|
+
const customPerms = orgManager.getCustomPermissions();
|
|
39
39
|
if (customPerms.length === 0) {
|
|
40
40
|
return undefined;
|
|
41
41
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"defaultClassifications.js","sourceRoot":"","sources":["../../../src/libs/conf-init/defaultClassifications.ts"],"names":[],"mappings":"AACA,OAAO,EAAmB,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AACpG,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,2BAA2B,CAAC;AACzF,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAc1C,MAAM,CAAC,MAAM,6BAA6B,GAAsD;IAC9F,eAAe,EAAE;QACf,WAAW,EAAE,mBAAmB;KACjC;IACD,iBAAiB,EAAE;QACjB,WAAW,EAAE,qBAAqB;KACnC;IACD,QAAQ,EAAE;QACR,WAAW,EAAE,YAAY;KAC1B;IACD,cAAc,EAAE;QACd,WAAW,EAAE,kBAAkB;KAChC;IACD,KAAK,EAAE;QACL,WAAW,EAAE,SAAS;KACvB;CACF,CAAC;AAEF,KAAK,UAAU,mBAAmB,CAAC,GAAe,EAAE,MAAyB;IAC3E,MAAM,UAAU,GAAG,
|
|
1
|
+
{"version":3,"file":"defaultClassifications.js","sourceRoot":"","sources":["../../../src/libs/conf-init/defaultClassifications.ts"],"names":[],"mappings":"AACA,OAAO,EAAmB,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AACpG,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,2BAA2B,CAAC;AACzF,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAc1C,MAAM,CAAC,MAAM,6BAA6B,GAAsD;IAC9F,eAAe,EAAE;QACf,WAAW,EAAE,mBAAmB;KACjC;IACD,iBAAiB,EAAE;QACjB,WAAW,EAAE,qBAAqB;KACnC;IACD,QAAQ,EAAE;QACR,WAAW,EAAE,YAAY;KAC1B;IACD,cAAc,EAAE;QACd,WAAW,EAAE,kBAAkB;KAChC;IACD,KAAK,EAAE;QACL,WAAW,EAAE,SAAS;KACvB;CACF,CAAC;AAEF,KAAK,UAAU,mBAAmB,CAAC,GAAe,EAAE,MAAyB;IAC3E,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACjD,MAAM,SAAS,GAAG,UAAU,CAAC,kBAAkB,EAAE,CAAC;IAClD,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IACtC,MAAM,KAAK,GAAG,UAAU,CAAC,uBAAuB,CAAC,SAAS,CAAC,CAAC;IAC5D,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IACjC,MAAM,MAAM,GAA8B,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;IAC9D,KAAK,CAAC,OAAO,CACX,CAAC,IAAI,EAAE,EAAE,CACP,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;QAC/B,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,cAAc,EAAE,IAAI,CAAC,cAAc;QACnC,MAAM,EAAE,IAAI,CAAC,MAAM;KACpB,CAAC,CACL,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,qBAAqB,CAAC,GAAe;IAClD,MAAM,MAAM,GAA8B,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC;IAC9D,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACjD,MAAM,WAAW,GAAG,UAAU,CAAC,oBAAoB,EAAE,CAAC;IACtD,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QACrC,GAAG,EAAE;QACL,cAAc,EAAE,mBAAmB,CAAC,OAAO;KAC5C,CAAC,CAAC,CAAC;IACJ,KAAK,CAAC,OAAO,CACX,CAAC,IAAI,EAAE,EAAE,CACP,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;QAC/B,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,cAAc,EAAE,IAAI,CAAC,cAAc;KACpC,CAAC,CACL,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,YAAY,CAAC,YAAwB;IAClD,MAAM,YAAY,GAAG,IAAI,QAAQ,CAAC,YAAY,CAAC,CAAC;IAChD,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,OAAO,EAAE,CAAC;IAC9C,MAAM,OAAO,GAA2B,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IACzD,KAAK,MAAM,WAAW,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC;QAC1C,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,GAAG,EAAE,IAAI,EAAE,kBAAkB,CAAC,OAAO,EAAE,CAAC;IACvE,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,KAAK,UAAU,kBAAkB,CAAC,YAAwB;IACxD,MAAM,YAAY,GAAG,IAAI,cAAc,CAAC,YAAY,CAAC,CAAC;IACtD,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC;IACpE,MAAM,OAAO,GAA2B,EAAE,cAAc,EAAE,EAAE,EAAE,CAAC;IAC/D,KAAK,MAAM,WAAW,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC;QAC1C,OAAO,CAAC,cAAc,CAAC,WAAW,CAAC,GAAG,EAAE,IAAI,EAAE,kBAAkB,CAAC,OAAO,EAAE,CAAC;IAC7E,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,KAAK,UAAU,SAAS,CAAC,YAAwB;IAC/C,MAAM,SAAS,GAAG,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC;IAC1C,MAAM,KAAK,GAAG,MAAM,SAAS,CAAC,OAAO,EAAE,CAAC;IACxC,MAAM,OAAO,GAAwB;QACnC,KAAK,EAAE,EAAE;KACV,CAAC;IACF,KAAK,MAAM,QAAQ,IAAI,KAAK,CAAC,IAAI,EAAE;QAAE,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,EAAE,IAAI,EAAE,kBAAkB,CAAC,aAAa,EAAE,CAAC;IAC1G,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,4BAA4B,CAAC,KAAa;IACjD,OAAO,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;AACvE,CAAC;AAED,MAAM,oBAAoB,GAAG,CAAC,CAAgC,EAAE,CAAgC,EAAU,EAAE,CAC1G,4BAA4B,CAAC,CAAC,CAAC,cAAc,CAAC,GAAG,4BAA4B,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC"}
|
|
@@ -16,9 +16,12 @@ export type UserPermissionAssignment = {
|
|
|
16
16
|
username: string;
|
|
17
17
|
source: string;
|
|
18
18
|
type: 'Permission Set' | 'Profile';
|
|
19
|
+
/** Indicates if user is active. Only exists, when inactive users are included */
|
|
20
|
+
isActive?: boolean;
|
|
19
21
|
};
|
|
20
22
|
export type QuickScanOptions = {
|
|
21
23
|
targetOrg: Connection;
|
|
22
24
|
permissions: string[];
|
|
23
25
|
deepScan: boolean;
|
|
26
|
+
includeInactive: boolean;
|
|
24
27
|
};
|
|
@@ -11,13 +11,18 @@ export type EntityScanStatus = {
|
|
|
11
11
|
resolved?: number;
|
|
12
12
|
status?: string;
|
|
13
13
|
};
|
|
14
|
-
export type
|
|
14
|
+
export type PermissionNotFound = {
|
|
15
15
|
permissionName: string;
|
|
16
16
|
};
|
|
17
|
+
export type PermissionNormalized = {
|
|
18
|
+
input: string;
|
|
19
|
+
normalized: string;
|
|
20
|
+
};
|
|
17
21
|
export default class UserPermissionScanner extends EventEmitter {
|
|
18
22
|
private status;
|
|
19
23
|
constructor();
|
|
20
24
|
quickScan(opts: QuickScanOptions): Promise<QuickScanResult>;
|
|
25
|
+
private normalizePermissions;
|
|
21
26
|
private resolveEntities;
|
|
22
27
|
private resolveProfiles;
|
|
23
28
|
private resolvePermissionSets;
|
|
@@ -12,31 +12,52 @@ export default class UserPermissionScanner extends EventEmitter {
|
|
|
12
12
|
}
|
|
13
13
|
async quickScan(opts) {
|
|
14
14
|
this.emitProgress({ status: 'Pending' });
|
|
15
|
-
const
|
|
15
|
+
const normalizedPerms = await this.normalizePermissions(opts);
|
|
16
16
|
const scannedEntities = await this.resolveEntities(opts);
|
|
17
17
|
const scanResult = {
|
|
18
18
|
permissions: {},
|
|
19
19
|
scannedProfiles: Object.keys(scannedEntities.profiles),
|
|
20
20
|
scannedPermissionSets: Object.keys(scannedEntities.permissionSets),
|
|
21
21
|
};
|
|
22
|
-
for (const permName of
|
|
23
|
-
// org caches async calls, so this is okay
|
|
24
|
-
// eslint-disable-next-line no-await-in-loop
|
|
25
|
-
if (!(await org.isValid(permName))) {
|
|
26
|
-
this.emit('permissionNotFound', {
|
|
27
|
-
permissionName: permName,
|
|
28
|
-
});
|
|
29
|
-
}
|
|
22
|
+
for (const permName of normalizedPerms) {
|
|
30
23
|
const profiles = findGrantingEntities(permName, scannedEntities.profiles);
|
|
31
24
|
const permissionSets = findGrantingEntities(permName, scannedEntities.permissionSets);
|
|
32
|
-
const users = findPermissionAssignments(permName, scannedEntities);
|
|
25
|
+
const users = findPermissionAssignments(permName, scannedEntities, opts.includeInactive);
|
|
33
26
|
if (profiles.length > 0 || permissionSets.length > 0) {
|
|
34
|
-
scanResult.permissions[permName] = {
|
|
27
|
+
scanResult.permissions[permName] = {
|
|
28
|
+
permissionSets,
|
|
29
|
+
profiles,
|
|
30
|
+
...(opts.deepScan ? { users } : undefined),
|
|
31
|
+
};
|
|
35
32
|
}
|
|
36
33
|
}
|
|
37
34
|
this.emitProgress({ status: 'Completed' });
|
|
38
35
|
return scanResult;
|
|
39
36
|
}
|
|
37
|
+
async normalizePermissions(opts) {
|
|
38
|
+
const sanitizedPerms = [];
|
|
39
|
+
const org = await OrgDescribe.create(opts.targetOrg);
|
|
40
|
+
for (const permName of opts.permissions) {
|
|
41
|
+
if (org.isValid(permName)) {
|
|
42
|
+
sanitizedPerms.push(permName);
|
|
43
|
+
continue;
|
|
44
|
+
}
|
|
45
|
+
const perm = org.findUserPermission(permName);
|
|
46
|
+
if (perm) {
|
|
47
|
+
this.emit('permissionNormalized', {
|
|
48
|
+
input: permName,
|
|
49
|
+
normalized: perm.name,
|
|
50
|
+
});
|
|
51
|
+
sanitizedPerms.push(perm.name);
|
|
52
|
+
}
|
|
53
|
+
else {
|
|
54
|
+
this.emit('permissionNotFound', {
|
|
55
|
+
permissionName: permName,
|
|
56
|
+
});
|
|
57
|
+
}
|
|
58
|
+
}
|
|
59
|
+
return sanitizedPerms;
|
|
60
|
+
}
|
|
40
61
|
async resolveEntities(opts) {
|
|
41
62
|
const promises = [];
|
|
42
63
|
this.emitProgress({ status: 'In Progress' });
|
|
@@ -44,7 +65,12 @@ export default class UserPermissionScanner extends EventEmitter {
|
|
|
44
65
|
promises.push(this.resolvePermissionSets(opts.targetOrg));
|
|
45
66
|
if (opts.deepScan) {
|
|
46
67
|
const usersRepo = new Users(opts.targetOrg);
|
|
47
|
-
promises.push(usersRepo.resolve({
|
|
68
|
+
promises.push(usersRepo.resolve({
|
|
69
|
+
withLoginHistory: false,
|
|
70
|
+
withPermissions: true,
|
|
71
|
+
withPermissionsMetadata: false,
|
|
72
|
+
includeInactive: opts.includeInactive,
|
|
73
|
+
}));
|
|
48
74
|
}
|
|
49
75
|
const resolvedPromises = await Promise.all(promises);
|
|
50
76
|
const resolvedEntities = {
|
|
@@ -95,21 +121,31 @@ function prepareIndizes(entities) {
|
|
|
95
121
|
}
|
|
96
122
|
return result;
|
|
97
123
|
}
|
|
98
|
-
function findPermissionAssignments(permName, scanContext) {
|
|
124
|
+
function findPermissionAssignments(permName, scanContext, includesInactive) {
|
|
99
125
|
if (!scanContext.users) {
|
|
100
|
-
return
|
|
126
|
+
return [];
|
|
101
127
|
}
|
|
102
128
|
const permAssignments = [];
|
|
103
129
|
for (const [username, userDetails] of scanContext.users.entries()) {
|
|
104
130
|
const profile = scanContext.profiles[userDetails.profileName];
|
|
105
131
|
if (profile && profile.userPermissions.has(permName)) {
|
|
106
|
-
permAssignments.push({
|
|
132
|
+
permAssignments.push({
|
|
133
|
+
username,
|
|
134
|
+
source: userDetails.profileName,
|
|
135
|
+
type: 'Profile',
|
|
136
|
+
...(includesInactive ? { isActive: userDetails.isActive } : undefined),
|
|
137
|
+
});
|
|
107
138
|
}
|
|
108
139
|
if (userDetails.assignments) {
|
|
109
140
|
for (const permSetAss of userDetails.assignments) {
|
|
110
141
|
const permSet = scanContext.permissionSets[permSetAss.permissionSetIdentifier];
|
|
111
142
|
if (permSet && permSet.userPermissions.has(permName)) {
|
|
112
|
-
permAssignments.push({
|
|
143
|
+
permAssignments.push({
|
|
144
|
+
username,
|
|
145
|
+
source: permSetAss.permissionSetIdentifier,
|
|
146
|
+
type: 'Permission Set',
|
|
147
|
+
...(includesInactive ? { isActive: userDetails.isActive } : undefined),
|
|
148
|
+
});
|
|
113
149
|
}
|
|
114
150
|
}
|
|
115
151
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"userPermissionScanner.js","sourceRoot":"","sources":["../../../src/libs/quick-scan/userPermissionScanner.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAG3C,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,QAAQ,EAAQ,KAAK,EAAE,MAAM,2BAA2B,CAAC;
|
|
1
|
+
{"version":3,"file":"userPermissionScanner.js","sourceRoot":"","sources":["../../../src/libs/quick-scan/userPermissionScanner.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAG3C,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,QAAQ,EAAQ,KAAK,EAAE,MAAM,2BAA2B,CAAC;AAsC/F,MAAM,CAAC,OAAO,OAAO,qBAAsB,SAAQ,YAAY;IACrD,MAAM,GAAoB;QAChC,QAAQ,EAAE,EAAE;QACZ,cAAc,EAAE,EAAE;QAClB,KAAK,EAAE,EAAE;QACT,MAAM,EAAE,SAAS;KAClB,CAAC;IAEF;QACE,KAAK,EAAE,CAAC;IACV,CAAC;IAEM,KAAK,CAAC,SAAS,CAAC,IAAsB;QAC3C,IAAI,CAAC,YAAY,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;QACzC,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAC;QAC9D,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;QACzD,MAAM,UAAU,GAAoB;YAClC,WAAW,EAAE,EAAE;YACf,eAAe,EAAE,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC;YACtD,qBAAqB,EAAE,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC;SACnE,CAAC;QACF,KAAK,MAAM,QAAQ,IAAI,eAAe,EAAE,CAAC;YACvC,MAAM,QAAQ,GAAG,oBAAoB,CAAC,QAAQ,EAAE,eAAe,CAAC,QAAQ,CAAC,CAAC;YAC1E,MAAM,cAAc,GAAG,oBAAoB,CAAC,QAAQ,EAAE,eAAe,CAAC,cAAc,CAAC,CAAC;YACtF,MAAM,KAAK,GAAG,yBAAyB,CAAC,QAAQ,EAAE,eAAe,EAAE,IAAI,CAAC,eAAe,CAAC,CAAC;YACzF,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACrD,UAAU,CAAC,WAAW,CAAC,QAAQ,CAAC,GAAG;oBACjC,cAAc;oBACd,QAAQ;oBACR,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;iBAC3C,CAAC;YACJ,CAAC;QACH,CAAC;QACD,IAAI,CAAC,YAAY,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;QAC3C,OAAO,UAAU,CAAC;IACpB,CAAC;IAEO,KAAK,CAAC,oBAAoB,CAAC,IAAsB;QACvD,MAAM,cAAc,GAAG,EAAE,CAAC;QAC1B,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACrD,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACxC,IAAI,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC1B,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;gBAC9B,SAAS;YACX,CAAC;YACD,MAAM,IAAI,GAAG,GAAG,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;YAC9C,IAAI,IAAI,EAAE,CAAC;gBACT,IAAI,CAAC,IAAI,CAAC,sBAAsB,EAAE;oBAChC,KAAK,EAAE,QAAQ;oBACf,UAAU,EAAE,IAAI,CAAC,IAAI;iBACtB,CAAC,CAAC;gBACH,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACjC,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,IAAI,CAAC,oBAAoB,EAAE;oBAC9B,cAAc,EAAE,QAAQ;iBACzB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QACD,OAAO,cAAc,CAAC;IACxB,CAAC;IAEO,KAAK,CAAC,eAAe,CAAC,IAAsB;QAClD,MAAM,QAAQ,GAA4B,EAAE,CAAC;QAC7C,IAAI,CAAC,YAAY,CAAC,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,CAAC;QAC7C,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;QACpD,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;QAC1D,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,MAAM,SAAS,GAAG,IAAI,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAC5C,QAAQ,CAAC,IAAI,CACX,SAAS,CAAC,OAAO,CAAC;gBAChB,gBAAgB,EAAE,KAAK;gBACvB,eAAe,EAAE,IAAI;gBACrB,uBAAuB,EAAE,KAAK;gBAC9B,eAAe,EAAE,IAAI,CAAC,eAAe;aACtC,CAAC,CACH,CAAC;QACJ,CAAC;QACD,MAAM,gBAAgB,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACrD,MAAM,gBAAgB,GAAoB;YACxC,QAAQ,EAAE,cAAc,CAAC,gBAAgB,CAAC,CAAC,CAAuC,CAAC;YACnF,cAAc,EAAE,cAAc,CAAC,gBAAgB,CAAC,CAAC,CAAuC,CAAC;SAC1F,CAAC;QACF,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,gBAAgB,CAAC,KAAK,GAAG,gBAAgB,CAAC,CAAC,CAAsB,CAAC;QACpE,CAAC;QACD,OAAO,gBAAgB,CAAC;IAC1B,CAAC;IAEO,KAAK,CAAC,eAAe,CAAC,SAAqB;QACjD,MAAM,YAAY,GAAG,IAAI,QAAQ,CAAC,SAAS,CAAC,CAAC;QAC7C,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC;QACpE,IAAI,CAAC,YAAY,CAAC,EAAE,QAAQ,EAAE,EAAE,KAAK,EAAE,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAC1D,MAAM,MAAM,GAA4B,EAAE,CAAC;QAC3C,KAAK,MAAM,OAAO,IAAI,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC;YACxC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,QAAS,CAAC;QAC3C,CAAC;QACD,IAAI,CAAC,YAAY,CAAC,EAAE,QAAQ,EAAE,EAAE,QAAQ,EAAE,QAAQ,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAC7D,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,KAAK,CAAC,qBAAqB,CAAC,SAAqB;QACvD,MAAM,YAAY,GAAG,IAAI,cAAc,CAAC,SAAS,CAAC,CAAC;QACnD,YAAY,CAAC,WAAW,CAAC,eAAe,EAAE,CAAC,UAAU,EAAE,EAAE,CACvD,IAAI,CAAC,YAAY,CAAC,EAAE,cAAc,EAAE,UAA+C,EAAE,CAAC,CACvF,CAAC;QACF,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC;QACpE,MAAM,QAAQ,GAA0C,EAAE,CAAC;QAC3D,KAAK,MAAM,EAAE,IAAI,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC;YACnC,QAAQ,CAAC,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,QAAS,CAAC;QACnC,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAEO,YAAY,CAAC,MAAgC;QACnD,IAAI,CAAC,MAAM,CAAC,QAAQ,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC;QACvE,IAAI,CAAC,MAAM,CAAC,cAAc,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,GAAG,MAAM,CAAC,cAAc,EAAE,CAAC;QACzF,IAAI,CAAC,MAAM,CAAC,KAAK,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,GAAG,MAAM,CAAC,KAAK,EAAE,CAAC;QAC9D,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC;QACzD,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,eAAe,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;IACtD,CAAC;CACF;AAED,SAAS,cAAc,CAAC,QAA4C;IAClE,MAAM,MAAM,GAAqC,EAAE,CAAC;IACpD,KAAK,MAAM,CAAC,UAAU,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC9D,MAAM,CAAC,UAAU,CAAC,GAAG;YACnB,eAAe,EAAE,IAAI,GAAG,CACtB,QAAQ,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CACjF;YACD,iBAAiB,EAAE,IAAI,GAAG,CACxB,QAAQ,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CACnF;SACF,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,yBAAyB,CAChC,QAAgB,EAChB,WAA4B,EAC5B,gBAAyB;IAEzB,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;QACvB,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,MAAM,eAAe,GAA+B,EAAE,CAAC;IACvD,KAAK,MAAM,CAAC,QAAQ,EAAE,WAAW,CAAC,IAAI,WAAW,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;QAClE,MAAM,OAAO,GAAG,WAAW,CAAC,QAAQ,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;QAC9D,IAAI,OAAO,IAAI,OAAO,CAAC,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YACrD,eAAe,CAAC,IAAI,CAAC;gBACnB,QAAQ;gBACR,MAAM,EAAE,WAAW,CAAC,WAAW;gBAC/B,IAAI,EAAE,SAAS;gBACf,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,WAAW,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;aACvE,CAAC,CAAC;QACL,CAAC;QACD,IAAI,WAAW,CAAC,WAAW,EAAE,CAAC;YAC5B,KAAK,MAAM,UAAU,IAAI,WAAW,CAAC,WAAW,EAAE,CAAC;gBACjD,MAAM,OAAO,GAAG,WAAW,CAAC,cAAc,CAAC,UAAU,CAAC,uBAAuB,CAAC,CAAC;gBAC/E,IAAI,OAAO,IAAI,OAAO,CAAC,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACrD,eAAe,CAAC,IAAI,CAAC;wBACnB,QAAQ;wBACR,MAAM,EAAE,UAAU,CAAC,uBAAuB;wBAC1C,IAAI,EAAE,gBAAgB;wBACtB,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,WAAW,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;qBACvE,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,eAAe,CAAC;AACzB,CAAC;AAED,SAAS,oBAAoB,CAAC,QAAgB,EAAE,gBAAkD;IAChG,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAU,CAAC;IACnC,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,UAAU,EAAE,QAAQ,CAAC,EAAE,EAAE;QAClE,IAAI,QAAQ,CAAC,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC3C,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC,CAAC,CAAC;IACH,OAAO,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AAC9B,CAAC"}
|
|
@@ -1,29 +1,35 @@
|
|
|
1
1
|
import { Connection } from '@salesforce/core';
|
|
2
2
|
import { Permission } from './orgDescribe.types.js';
|
|
3
3
|
export default class OrgDescribe {
|
|
4
|
-
|
|
5
|
-
private
|
|
6
|
-
private
|
|
7
|
-
|
|
8
|
-
|
|
4
|
+
private customPermissions;
|
|
5
|
+
private userPermissions;
|
|
6
|
+
private constructor();
|
|
7
|
+
static create(con: Connection): Promise<OrgDescribe>;
|
|
8
|
+
/**
|
|
9
|
+
* Tries to find a user permission based on unsanitized input. Searches
|
|
10
|
+
* by exact match (fastest) or tries fuzzy matching by name and label.
|
|
11
|
+
*
|
|
12
|
+
* @param maybeValidName
|
|
13
|
+
* @returns A valid user permission or undefined, if the name cannot be resolved
|
|
14
|
+
*/
|
|
15
|
+
findUserPermission(maybeValidName: string): Permission | undefined;
|
|
9
16
|
/**
|
|
10
17
|
* Analyses describe information and metadata to initialise
|
|
11
18
|
* all permissions from the target org.
|
|
12
19
|
*
|
|
13
20
|
* @returns
|
|
14
21
|
*/
|
|
15
|
-
getUserPermissions():
|
|
22
|
+
getUserPermissions(): Permission[];
|
|
16
23
|
/**
|
|
17
24
|
* Checks if the permission is valid for the org.
|
|
18
25
|
*
|
|
19
26
|
* @param permissionName
|
|
20
27
|
*/
|
|
21
|
-
isValid(permissionName: string):
|
|
28
|
+
isValid(permissionName: string): boolean;
|
|
22
29
|
/**
|
|
23
30
|
* Finds all custom permissions that exist on the target org.
|
|
24
31
|
*
|
|
25
32
|
* @returns
|
|
26
33
|
*/
|
|
27
|
-
getCustomPermissions():
|
|
28
|
-
private fetchUserPermissions;
|
|
34
|
+
getCustomPermissions(): Permission[];
|
|
29
35
|
}
|
|
@@ -1,14 +1,39 @@
|
|
|
1
1
|
import Profiles from '../repositories/profiles/profiles.js';
|
|
2
2
|
import { CUSTOM_PERMS_QUERY } from './orgDescribe.types.js';
|
|
3
|
+
/** Minimum length for perm label to start fuzzy matching */
|
|
4
|
+
const FUZZY_MATCH_MIN_LENGTH = 15;
|
|
3
5
|
export default class OrgDescribe {
|
|
4
|
-
con;
|
|
5
6
|
customPermissions;
|
|
6
|
-
|
|
7
|
-
constructor(
|
|
8
|
-
|
|
7
|
+
userPermissions;
|
|
8
|
+
constructor() { }
|
|
9
|
+
static async create(con) {
|
|
10
|
+
const inst = new OrgDescribe();
|
|
11
|
+
inst.userPermissions = await fetchUserPermissions(con);
|
|
12
|
+
inst.customPermissions = await fetchCustomPermissions(con);
|
|
13
|
+
return inst;
|
|
9
14
|
}
|
|
10
|
-
|
|
11
|
-
|
|
15
|
+
/**
|
|
16
|
+
* Tries to find a user permission based on unsanitized input. Searches
|
|
17
|
+
* by exact match (fastest) or tries fuzzy matching by name and label.
|
|
18
|
+
*
|
|
19
|
+
* @param maybeValidName
|
|
20
|
+
* @returns A valid user permission or undefined, if the name cannot be resolved
|
|
21
|
+
*/
|
|
22
|
+
findUserPermission(maybeValidName) {
|
|
23
|
+
const canonicalName = maybeValidName.toLowerCase().replaceAll(/[\s.]/g, '');
|
|
24
|
+
if (this.userPermissions.has(canonicalName)) {
|
|
25
|
+
return this.userPermissions.get(canonicalName);
|
|
26
|
+
}
|
|
27
|
+
for (const perm of this.userPermissions.values()) {
|
|
28
|
+
if (!perm.label) {
|
|
29
|
+
continue;
|
|
30
|
+
}
|
|
31
|
+
const canonicalLabel = perm.label.toLowerCase().replaceAll(/[\s.]/g, '');
|
|
32
|
+
if (canonicalLabel === canonicalName ||
|
|
33
|
+
(canonicalName.length >= FUZZY_MATCH_MIN_LENGTH && canonicalLabel.startsWith(canonicalName))) {
|
|
34
|
+
return perm;
|
|
35
|
+
}
|
|
36
|
+
}
|
|
12
37
|
}
|
|
13
38
|
/**
|
|
14
39
|
* Analyses describe information and metadata to initialise
|
|
@@ -16,44 +41,44 @@ export default class OrgDescribe {
|
|
|
16
41
|
*
|
|
17
42
|
* @returns
|
|
18
43
|
*/
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
return Array.from(userPerms.values());
|
|
44
|
+
getUserPermissions() {
|
|
45
|
+
return Array.from(this.userPermissions.values());
|
|
22
46
|
}
|
|
23
47
|
/**
|
|
24
48
|
* Checks if the permission is valid for the org.
|
|
25
49
|
*
|
|
26
50
|
* @param permissionName
|
|
27
51
|
*/
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
52
|
+
isValid(permissionName) {
|
|
53
|
+
return (this.userPermissions.has(permissionName.toLowerCase()) &&
|
|
54
|
+
this.userPermissions.get(permissionName.toLowerCase())?.name === permissionName);
|
|
31
55
|
}
|
|
32
56
|
/**
|
|
33
57
|
* Finds all custom permissions that exist on the target org.
|
|
34
58
|
*
|
|
35
59
|
* @returns
|
|
36
60
|
*/
|
|
37
|
-
|
|
38
|
-
if (!this.customPermissions) {
|
|
39
|
-
this.customPermissions = new Map();
|
|
40
|
-
const customPerms = await this.con.query(CUSTOM_PERMS_QUERY);
|
|
41
|
-
if (customPerms.records.length > 0) {
|
|
42
|
-
for (const cp of customPerms.records) {
|
|
43
|
-
this.customPermissions.set(cp.DeveloperName, {
|
|
44
|
-
name: cp.DeveloperName,
|
|
45
|
-
label: cp.MasterLabel,
|
|
46
|
-
});
|
|
47
|
-
}
|
|
48
|
-
}
|
|
49
|
-
}
|
|
61
|
+
getCustomPermissions() {
|
|
50
62
|
return Array.from(this.customPermissions.values());
|
|
51
63
|
}
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
64
|
+
}
|
|
65
|
+
async function fetchUserPermissions(con) {
|
|
66
|
+
const describePerms = await parsePermsFromDescribe(con);
|
|
67
|
+
const assignedPerms = await getUserPermsFromProfiles(con);
|
|
68
|
+
return mergeMaps(assignedPerms, describePerms);
|
|
69
|
+
}
|
|
70
|
+
async function fetchCustomPermissions(con) {
|
|
71
|
+
const result = new Map();
|
|
72
|
+
const customPerms = await con.query(CUSTOM_PERMS_QUERY);
|
|
73
|
+
if (customPerms.records.length > 0) {
|
|
74
|
+
for (const cp of customPerms.records) {
|
|
75
|
+
result.set(cp.DeveloperName, {
|
|
76
|
+
name: cp.DeveloperName,
|
|
77
|
+
label: cp.MasterLabel,
|
|
78
|
+
});
|
|
79
|
+
}
|
|
56
80
|
}
|
|
81
|
+
return result;
|
|
57
82
|
}
|
|
58
83
|
function mergeMaps(...permMaps) {
|
|
59
84
|
return new Map(permMaps.flatMap((m) => [...m]));
|
|
@@ -65,7 +90,7 @@ async function parsePermsFromDescribe(con) {
|
|
|
65
90
|
.filter((field) => field.name.startsWith('Permissions'))
|
|
66
91
|
.forEach((field) => {
|
|
67
92
|
const permName = field.name.replace('Permissions', '');
|
|
68
|
-
describeAvailablePerms.set(permName, {
|
|
93
|
+
describeAvailablePerms.set(permName.toLowerCase(), {
|
|
69
94
|
label: sanitiseLabel(field.label),
|
|
70
95
|
name: permName,
|
|
71
96
|
});
|
|
@@ -79,7 +104,7 @@ async function getUserPermsFromProfiles(con) {
|
|
|
79
104
|
for (const profile of profiles.values()) {
|
|
80
105
|
if (profile.metadata) {
|
|
81
106
|
profile.metadata.userPermissions.forEach((userPerm) => {
|
|
82
|
-
assignedPerms.set(userPerm.name, { name: userPerm.name, label: userPerm.name });
|
|
107
|
+
assignedPerms.set(userPerm.name.toLowerCase(), { name: userPerm.name, label: userPerm.name });
|
|
83
108
|
});
|
|
84
109
|
}
|
|
85
110
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"orgDescribe.js","sourceRoot":"","sources":["../../../src/salesforce/describes/orgDescribe.ts"],"names":[],"mappings":"AACA,OAAO,QAAQ,MAAM,sCAAsC,CAAC;AAC5D,OAAO,EAAE,kBAAkB,EAAkC,MAAM,wBAAwB,CAAC;AAE5F,MAAM,CAAC,OAAO,OAAO,WAAW;
|
|
1
|
+
{"version":3,"file":"orgDescribe.js","sourceRoot":"","sources":["../../../src/salesforce/describes/orgDescribe.ts"],"names":[],"mappings":"AACA,OAAO,QAAQ,MAAM,sCAAsC,CAAC;AAC5D,OAAO,EAAE,kBAAkB,EAAkC,MAAM,wBAAwB,CAAC;AAE5F,4DAA4D;AAC5D,MAAM,sBAAsB,GAAG,EAAE,CAAC;AAClC,MAAM,CAAC,OAAO,OAAO,WAAW;IACtB,iBAAiB,CAA2B;IAC5C,eAAe,CAA2B;IAElD,gBAAuB,CAAC;IAEjB,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,GAAe;QACxC,MAAM,IAAI,GAAG,IAAI,WAAW,EAAE,CAAC;QAC/B,IAAI,CAAC,eAAe,GAAG,MAAM,oBAAoB,CAAC,GAAG,CAAC,CAAC;QACvD,IAAI,CAAC,iBAAiB,GAAG,MAAM,sBAAsB,CAAC,GAAG,CAAC,CAAC;QAC3D,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;;OAMG;IACI,kBAAkB,CAAC,cAAsB;QAC9C,MAAM,aAAa,GAAG,cAAc,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QAC5E,IAAI,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC;YAC5C,OAAO,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;QACjD,CAAC;QACD,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,EAAE,CAAC;YACjD,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;gBAChB,SAAS;YACX,CAAC;YACD,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;YACzE,IACE,cAAc,KAAK,aAAa;gBAChC,CAAC,aAAa,CAAC,MAAM,IAAI,sBAAsB,IAAI,cAAc,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,EAC5F,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACI,kBAAkB;QACvB,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,CAAC,CAAC;IACnD,CAAC;IAED;;;;OAIG;IACI,OAAO,CAAC,cAAsB;QACnC,OAAO,CACL,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,cAAc,CAAC,WAAW,EAAE,CAAC;YACtD,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,cAAc,CAAC,WAAW,EAAE,CAAC,EAAE,IAAI,KAAK,cAAc,CAChF,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACI,oBAAoB;QACzB,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,MAAM,EAAE,CAAC,CAAC;IACrD,CAAC;CACF;AAED,KAAK,UAAU,oBAAoB,CAAC,GAAe;IACjD,MAAM,aAAa,GAAG,MAAM,sBAAsB,CAAC,GAAG,CAAC,CAAC;IACxD,MAAM,aAAa,GAAG,MAAM,wBAAwB,CAAC,GAAG,CAAC,CAAC;IAC1D,OAAO,SAAS,CAAC,aAAa,EAAE,aAAa,CAAC,CAAC;AACjD,CAAC;AAED,KAAK,UAAU,sBAAsB,CAAC,GAAe;IACnD,MAAM,MAAM,GAAG,IAAI,GAAG,EAAsB,CAAC;IAC7C,MAAM,WAAW,GAAG,MAAM,GAAG,CAAC,KAAK,CAAqB,kBAAkB,CAAC,CAAC;IAC5E,IAAI,WAAW,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnC,KAAK,MAAM,EAAE,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;YACrC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,aAAa,EAAE;gBAC3B,IAAI,EAAE,EAAE,CAAC,aAAa;gBACtB,KAAK,EAAE,EAAE,CAAC,WAAW;aACtB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,SAAS,CAAC,GAAG,QAAwC;IAC5D,OAAO,IAAI,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;AAClD,CAAC;AAED,KAAK,UAAU,sBAAsB,CAAC,GAAe;IACnD,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;IACpD,MAAM,sBAAsB,GAAG,IAAI,GAAG,EAAsB,CAAC;IAC7D,OAAO,CAAC,MAAM;SACX,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;SACvD,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;QACjB,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QACvD,sBAAsB,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,EAAE,EAAE;YACjD,KAAK,EAAE,aAAa,CAAC,KAAK,CAAC,KAAK,CAAC;YACjC,IAAI,EAAE,QAAQ;SACf,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IACL,OAAO,sBAAsB,CAAC;AAChC,CAAC;AAED,KAAK,UAAU,wBAAwB,CAAC,GAAe;IACrD,MAAM,aAAa,GAAG,IAAI,GAAG,EAAsB,CAAC;IACpD,MAAM,YAAY,GAAG,IAAI,QAAQ,CAAC,GAAG,CAAC,CAAC;IACvC,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,OAAO,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC;IACpE,KAAK,MAAM,OAAO,IAAI,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC;QACxC,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;YACrB,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;gBACpD,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,EAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,KAAK,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;YAChG,CAAC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,OAAO,aAAa,CAAC;AACvB,CAAC;AAED,SAAS,aAAa,CAAC,QAAiB;IACtC,OAAO,QAAQ,EAAE,UAAU,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAC;AACtD,CAAC"}
|
|
@@ -1,3 +1,4 @@
|
|
|
1
1
|
export declare const ACTIVE_USERS_DETAILS_QUERY = "SELECT Id,Username,Profile.Name,CreatedDate,LastLoginDate,IsActive FROM User WHERE IsActive = TRUE AND UserType IN ('Standard') LIMIT 2000";
|
|
2
|
+
export declare const ALL_USERS_DETAILS_QUERY = "SELECT Id,Username,Profile.Name,CreatedDate,LastLoginDate,IsActive FROM User WHERE UserType IN ('Standard') LIMIT 2000";
|
|
2
3
|
export declare const buildPermsetAssignmentsQuery: (userIds: string[]) => string;
|
|
3
4
|
export declare const buildLoginHistoryQuery: (daysToAnalayse?: number) => string;
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
export const ACTIVE_USERS_DETAILS_QUERY = "SELECT Id,Username,Profile.Name,CreatedDate,LastLoginDate,IsActive FROM User WHERE IsActive = TRUE AND UserType IN ('Standard') LIMIT 2000";
|
|
2
|
+
export const ALL_USERS_DETAILS_QUERY = "SELECT Id,Username,Profile.Name,CreatedDate,LastLoginDate,IsActive FROM User WHERE UserType IN ('Standard') LIMIT 2000";
|
|
2
3
|
// DYNAMIC QUERIES
|
|
3
4
|
export const buildPermsetAssignmentsQuery = (userIds) => `${USERS_PERMSET_ASSIGNMENTS_QUERY} AND AssigneeId IN (${userIds.map((userId) => `'${userId}'`).join(',')})`;
|
|
4
5
|
export const buildLoginHistoryQuery = (daysToAnalayse) => daysToAnalayse
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"queries.js","sourceRoot":"","sources":["../../../../src/salesforce/repositories/users/queries.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,0BAA0B,GACrC,4IAA4I,CAAC;
|
|
1
|
+
{"version":3,"file":"queries.js","sourceRoot":"","sources":["../../../../src/salesforce/repositories/users/queries.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,0BAA0B,GACrC,4IAA4I,CAAC;AAC/I,MAAM,CAAC,MAAM,uBAAuB,GAClC,wHAAwH,CAAC;AAE3H,kBAAkB;AAClB,MAAM,CAAC,MAAM,4BAA4B,GAAG,CAAC,OAAiB,EAAU,EAAE,CACxE,GAAG,+BAA+B,uBAAuB,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,IAAI,MAAM,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC;AAE/G,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,cAAuB,EAAU,EAAE,CACxE,cAAc;IACZ,CAAC,CAAC,GAAG,yBAAyB,mCAAmC,cAAc,wCAAwC;IACvH,CAAC,CAAC,GAAG,yBAAyB,wCAAwC,CAAC;AAE3E,eAAe;AACf,MAAM,yBAAyB,GAC7B,mGAAmG,CAAC;AACtG,MAAM,+BAA+B,GACnC,yJAAyJ,CAAC"}
|
|
@@ -45,6 +45,7 @@ export declare const ResolveUsersOptionsSchema: z.ZodObject<{
|
|
|
45
45
|
loginHistoryDaysToAnalyse: z.ZodOptional<z.ZodNumber>;
|
|
46
46
|
withPermissions: z.ZodDefault<z.ZodBoolean>;
|
|
47
47
|
withPermissionsMetadata: z.ZodDefault<z.ZodBoolean>;
|
|
48
|
+
includeInactive: z.ZodDefault<z.ZodBoolean>;
|
|
48
49
|
}, z.z.core.$strip>;
|
|
49
50
|
export type ResolveUsersOptions = z.infer<typeof ResolveUsersOptionsSchema>;
|
|
50
51
|
export type ResolvePermissionsOptions = {
|
|
@@ -8,5 +8,7 @@ export const ResolveUsersOptionsSchema = z.object({
|
|
|
8
8
|
withPermissions: z.boolean().default(false),
|
|
9
9
|
/** Adds metadata to permissions. Has no effect, if withPermissions is false */
|
|
10
10
|
withPermissionsMetadata: z.boolean().default(false),
|
|
11
|
+
/** Includes all existing users on the org */
|
|
12
|
+
includeInactive: z.boolean().default(false),
|
|
11
13
|
});
|
|
12
14
|
//# sourceMappingURL=user.types.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"user.types.js","sourceRoot":"","sources":["../../../../src/salesforce/repositories/users/user.types.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AA+CpB,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChD,uCAAuC;IACvC,gBAAgB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IAC5C,wEAAwE;IACxE,yBAAyB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChD,8EAA8E;IAC9E,eAAe,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IAC3C,+EAA+E;IAC/E,uBAAuB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;
|
|
1
|
+
{"version":3,"file":"user.types.js","sourceRoot":"","sources":["../../../../src/salesforce/repositories/users/user.types.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AA+CpB,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChD,uCAAuC;IACvC,gBAAgB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IAC5C,wEAAwE;IACxE,yBAAyB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChD,8EAA8E;IAC9E,eAAe,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IAC3C,+EAA+E;IAC/E,uBAAuB,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IACnD,6CAA6C;IAC7C,eAAe,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;CAC5C,CAAC,CAAC"}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import { isNullish } from '../../../utils.js';
|
|
2
2
|
import MDAPI from '../../mdapi/mdapi.js';
|
|
3
3
|
import { ResolveUsersOptionsSchema, } from './user.types.js';
|
|
4
|
-
import { ACTIVE_USERS_DETAILS_QUERY, buildLoginHistoryQuery, buildPermsetAssignmentsQuery } from './queries.js';
|
|
4
|
+
import { ACTIVE_USERS_DETAILS_QUERY, ALL_USERS_DETAILS_QUERY, buildLoginHistoryQuery, buildPermsetAssignmentsQuery, } from './queries.js';
|
|
5
5
|
export default class Users {
|
|
6
6
|
connection;
|
|
7
7
|
mdapiRepo;
|
|
@@ -19,8 +19,10 @@ export default class Users {
|
|
|
19
19
|
async resolve(opts) {
|
|
20
20
|
const definitiveOpts = ResolveUsersOptionsSchema.parse(opts ?? {});
|
|
21
21
|
const result = new Map();
|
|
22
|
-
const
|
|
23
|
-
|
|
22
|
+
const usersOnOrg = definitiveOpts.includeInactive
|
|
23
|
+
? await this.connection.query(ALL_USERS_DETAILS_QUERY)
|
|
24
|
+
: await this.connection.query(ACTIVE_USERS_DETAILS_QUERY);
|
|
25
|
+
for (const user of usersOnOrg.records) {
|
|
24
26
|
const usr = {
|
|
25
27
|
userId: user.Id,
|
|
26
28
|
username: user.Username,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"users.js","sourceRoot":"","sources":["../../../../src/salesforce/repositories/users/users.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC9C,OAAO,KAAK,MAAM,sBAAsB,CAAC;AACzC,OAAO,EAGL,yBAAyB,GAG1B,MAAM,iBAAiB,CAAC;AACzB,OAAO,
|
|
1
|
+
{"version":3,"file":"users.js","sourceRoot":"","sources":["../../../../src/salesforce/repositories/users/users.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC9C,OAAO,KAAK,MAAM,sBAAsB,CAAC;AACzC,OAAO,EAGL,yBAAyB,GAG1B,MAAM,iBAAiB,CAAC;AACzB,OAAO,EACL,0BAA0B,EAC1B,uBAAuB,EACvB,sBAAsB,EACtB,4BAA4B,GAC7B,MAAM,cAAc,CAAC;AAEtB,MAAM,CAAC,OAAO,OAAO,KAAK;IAGY;IAFnB,SAAS,CAAQ;IAElC,YAAoC,UAAsB;QAAtB,eAAU,GAAV,UAAU,CAAY;QACxD,IAAI,CAAC,SAAS,GAAG,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACjD,CAAC;IAED;;;;;;OAMG;IACI,KAAK,CAAC,OAAO,CAAC,IAAmC;QACtD,MAAM,cAAc,GAAG,yBAAyB,CAAC,KAAK,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;QACnE,MAAM,MAAM,GAAsB,IAAI,GAAG,EAAgB,CAAC;QAC1D,MAAM,UAAU,GAAG,cAAc,CAAC,eAAe;YAC/C,CAAC,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,CAAS,uBAAuB,CAAC;YAC9D,CAAC,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,CAAS,0BAA0B,CAAC,CAAC;QACpE,KAAK,MAAM,IAAI,IAAI,UAAU,CAAC,OAAO,EAAE,CAAC;YACtC,MAAM,GAAG,GAAG;gBACV,MAAM,EAAE,IAAI,CAAC,EAAG;gBAChB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,SAAS,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,SAAS;gBAC1E,QAAQ,EAAE,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC;gBAChC,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC;gBACzC,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI;aAC/B,CAAC;YACF,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QACjC,CAAC;QACD,IAAI,cAAc,CAAC,gBAAgB,EAAE,CAAC;YACpC,MAAM,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,cAAc,CAAC,yBAAyB,CAAC,CAAC;QAC7E,CAAC;QACD,IAAI,cAAc,CAAC,eAAe,EAAE,CAAC;YACnC,MAAM,IAAI,CAAC,kBAAkB,CAAC,MAAM,EAAE,cAAc,CAAC,uBAAuB,CAAC,CAAC;QAChF,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,sBAAsB;IAEd,KAAK,CAAC,aAAa,CAAC,KAAwB,EAAE,aAAsB;QAC1E,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC;QAC5D,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAClC,IAAI,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;gBAChC,IAAI,CAAC,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAC5C,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC;YACnB,CAAC;QACH,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAAC,KAAwB,EAAE,YAAqB;QAC9E,MAAM,IAAI,CAAC,yBAAyB,CAAC,KAAK,CAAC,CAAC;QAC5C,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YAClC,MAAM,IAAI,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,cAAc,CAAC,aAAsB;QACjD,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,CAAwB,sBAAsB,CAAC,aAAa,CAAC,CAAC,CAAC;QAC/G,MAAM,YAAY,GAAG,IAAI,GAAG,EAAwB,CAAC;QACrD,KAAK,MAAM,eAAe,IAAI,YAAY,CAAC,OAAO,EAAE,CAAC;YACnD,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC9C,YAAY,CAAC,GAAG,CAAC,eAAe,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;YAC/C,CAAC;YACD,YAAY,CAAC,GAAG,CAAC,eAAe,CAAC,MAAM,CAAE,CAAC,IAAI,CAAC;gBAC7C,SAAS,EAAE,eAAe,CAAC,SAAS;gBACpC,UAAU,EAAE,eAAe,CAAC,UAAU;gBACtC,WAAW,EAAE,eAAe,CAAC,WAAW;gBACxC,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,SAAS,CAAC;aACjD,CAAC,CAAC;QACL,CAAC;QACD,OAAO,YAAY,CAAC;IACtB,CAAC;IAEO,KAAK,CAAC,yBAAyB,CAAC,KAAwB;QAC9D,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACpE,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QACzD,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAClC,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QACxD,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,eAAe,CAAC,KAAwB;QACpD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,EAAE,kBAAkB,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QAC7F,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAClC,IAAI,CAAC,eAAe,GAAG,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,qBAAqB,CAAC,KAAwB;QAC1D,MAAM,YAAY,GAAG,wBAAwB,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;QAC9D,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,eAAe,EAAE,YAAY,CAAC,CAAC;QAC7E,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC;YAClC,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,WAAY,EAAE,CAAC;gBACpC,GAAG,CAAC,QAAQ,GAAG,QAAQ,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;YACvD,CAAC;QACH,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAAC,OAAiB;QAC9C,MAAM,WAAW,GAAG,IAAI,GAAG,EAAqC,CAAC;QACjE,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,CAA4B,4BAA4B,CAAC,OAAO,CAAC,CAAC,CAAC;QACpH,KAAK,MAAM,UAAU,IAAI,aAAa,CAAC,OAAO,EAAE,CAAC;YAC/C,IAAI,SAAS,CAAC,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;gBACtD,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;YAC7C,CAAC;YACD,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,UAAU,CAAE,CAAC,IAAI,CAAC;gBAC3C,uBAAuB,EAAE,UAAU,CAAC,aAAa,CAAC,IAAI;gBACtD,mBAAmB,EAAE,UAAU,CAAC,oBAAoB,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ;gBACzE,GAAG,CAAC,UAAU,CAAC,kBAAkB,EAAE,aAAa,IAAI;oBAClD,SAAS,EAAE,UAAU,CAAC,kBAAkB,EAAE,aAAa;iBACxD,CAAC;aACH,CAAC,CAAC;QACL,CAAC;QACD,OAAO,WAAW,CAAC;IACrB,CAAC;CACF;AAED,SAAS,wBAAwB,CAAC,KAAqB;IACrD,MAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;IACvC,KAAK,MAAM,GAAG,IAAI,KAAK,EAAE,CAAC;QACxB,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC;YACpB,KAAK,MAAM,GAAG,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC;gBAClC,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;YAChD,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;AAClC,CAAC;AAED,SAAS,kBAAkB,CAAC,KAAqB;IAC/C,MAAM,cAAc,GAAG,IAAI,GAAG,EAAU,CAAC;IACzC,KAAK,MAAM,GAAG,IAAI,KAAK,EAAE,CAAC;QACxB,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACtC,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;AACpC,CAAC"}
|
|
@@ -26,6 +26,14 @@ Include all user permission assignments.
|
|
|
26
26
|
|
|
27
27
|
Searches the profile and all assigned permission sets for active users on the target org. A user can be listed multiple times if they receive a permission from different sources (e.g. a profile and a permission set).
|
|
28
28
|
|
|
29
|
+
# flags.include-inactive.summary
|
|
30
|
+
|
|
31
|
+
Include inactive users.
|
|
32
|
+
|
|
33
|
+
# flags.include-inactive.description
|
|
34
|
+
|
|
35
|
+
Include all inactive users on the org when you perform a deep scan.
|
|
36
|
+
|
|
29
37
|
# examples
|
|
30
38
|
|
|
31
39
|
- Search for multiple permissions on MyTargetOrg
|
|
@@ -39,3 +47,7 @@ Scanned %s profiles and %s permission sets.
|
|
|
39
47
|
# PermissionNotFound
|
|
40
48
|
|
|
41
49
|
Permission "%s" does not exist on the target org. Maybe you mistyped it?
|
|
50
|
+
|
|
51
|
+
# PermissionNameNormalized
|
|
52
|
+
|
|
53
|
+
Permission "%s" normalized to %s.
|
package/oclif.manifest.json
CHANGED
|
@@ -237,6 +237,17 @@
|
|
|
237
237
|
"summary": "Include all user permission assignments.",
|
|
238
238
|
"allowNo": false,
|
|
239
239
|
"type": "boolean"
|
|
240
|
+
},
|
|
241
|
+
"include-inactive": {
|
|
242
|
+
"char": "i",
|
|
243
|
+
"dependsOn": [
|
|
244
|
+
"deep-scan"
|
|
245
|
+
],
|
|
246
|
+
"description": "Include all inactive users on the org when you perform a deep scan.",
|
|
247
|
+
"name": "include-inactive",
|
|
248
|
+
"summary": "Include inactive users.",
|
|
249
|
+
"allowNo": false,
|
|
250
|
+
"type": "boolean"
|
|
240
251
|
}
|
|
241
252
|
},
|
|
242
253
|
"hasDynamicHelp": true,
|
|
@@ -267,5 +278,5 @@
|
|
|
267
278
|
]
|
|
268
279
|
}
|
|
269
280
|
},
|
|
270
|
-
"version": "0.
|
|
281
|
+
"version": "0.18.0"
|
|
271
282
|
}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@j-schreiber/sf-cli-security-audit",
|
|
3
3
|
"description": "Salesforce CLI plugin to automate highly configurable security audits",
|
|
4
|
-
"version": "0.
|
|
4
|
+
"version": "0.18.0",
|
|
5
5
|
"repository": {
|
|
6
6
|
"type": "git",
|
|
7
7
|
"url": "git+https://github.com/j-schreiber/js-sf-cli-security-audit"
|