@j-schreiber/sf-cli-security-audit 0.20.2 → 0.21.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -3
- package/lib/libs/audit-engine/index.d.ts +8 -0
- package/lib/libs/audit-engine/registry/definitions.d.ts +8 -0
- package/lib/libs/audit-engine/registry/definitions.js +2 -0
- package/lib/libs/audit-engine/registry/definitions.js.map +1 -1
- package/lib/libs/audit-engine/registry/policies/permissionSets.d.ts +4 -3
- package/lib/libs/audit-engine/registry/policies/permissionSets.js +1 -0
- package/lib/libs/audit-engine/registry/policies/permissionSets.js.map +1 -1
- package/lib/libs/audit-engine/registry/policies/profiles.d.ts +3 -1
- package/lib/libs/audit-engine/registry/policies/profiles.js +1 -0
- package/lib/libs/audit-engine/registry/policies/profiles.js.map +1 -1
- package/lib/libs/audit-engine/registry/policies/users.js +1 -1
- package/lib/libs/audit-engine/registry/policies/users.js.map +1 -1
- package/lib/libs/audit-engine/registry/policy.js +2 -6
- package/lib/libs/audit-engine/registry/policy.js.map +1 -1
- package/lib/libs/audit-engine/registry/roles/roleManager.d.ts +15 -5
- package/lib/libs/audit-engine/registry/roles/roleManager.js +86 -14
- package/lib/libs/audit-engine/registry/roles/roleManager.js.map +1 -1
- package/lib/libs/audit-engine/registry/roles/roleManager.types.d.ts +24 -5
- package/lib/libs/audit-engine/registry/roles/roleManager.types.js +3 -1
- package/lib/libs/audit-engine/registry/roles/roleManager.types.js.map +1 -1
- package/lib/libs/audit-engine/registry/roles/userRole.d.ts +28 -6
- package/lib/libs/audit-engine/registry/roles/userRole.js +102 -32
- package/lib/libs/audit-engine/registry/roles/userRole.js.map +1 -1
- package/lib/libs/audit-engine/registry/rules/enforceObjectAccessOnUser.d.ts +8 -0
- package/lib/libs/audit-engine/registry/rules/enforceObjectAccessOnUser.js +39 -0
- package/lib/libs/audit-engine/registry/rules/enforceObjectAccessOnUser.js.map +1 -0
- package/lib/libs/audit-engine/registry/rules/enforcePermissionsOnProfileLike.js +4 -16
- package/lib/libs/audit-engine/registry/rules/enforcePermissionsOnProfileLike.js.map +1 -1
- package/lib/libs/audit-engine/registry/rules/enforcePermissionsOnUser.d.ts +0 -1
- package/lib/libs/audit-engine/registry/rules/enforcePermissionsOnUser.js +17 -31
- package/lib/libs/audit-engine/registry/rules/enforcePermissionsOnUser.js.map +1 -1
- package/lib/libs/audit-engine/registry/shape/auditConfigShape.d.ts +8 -0
- package/lib/libs/audit-engine/registry/shape/schema.d.ts +33 -0
- package/lib/libs/audit-engine/registry/shape/schema.js +24 -3
- package/lib/libs/audit-engine/registry/shape/schema.js.map +1 -1
- package/lib/salesforce/mdapi/metadataRegistry.js +3 -1
- package/lib/salesforce/mdapi/metadataRegistry.js.map +1 -1
- package/messages/rules.enforceClassificationPresets.md +10 -2
- package/oclif.manifest.json +1 -1
- package/package.json +1 -1
|
@@ -1,18 +1,32 @@
|
|
|
1
1
|
import { merge } from '@salesforce/kit';
|
|
2
2
|
import { Messages } from '@salesforce/core';
|
|
3
|
-
import { PermissionRiskLevel, UserPrivilegeLevel,
|
|
3
|
+
import { PermissionRiskLevel, UserPrivilegeLevel, } from '../shape/schema.js';
|
|
4
4
|
Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
|
|
5
5
|
const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'rules.enforceClassificationPresets');
|
|
6
6
|
export default class UserRole {
|
|
7
7
|
roleName;
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
constructor(roleName, userPermissions, customPermissions, roleOrdinalValue) {
|
|
8
|
+
config;
|
|
9
|
+
objectAccess;
|
|
10
|
+
constructor(roleName, config) {
|
|
12
11
|
this.roleName = roleName;
|
|
13
|
-
this.
|
|
14
|
-
|
|
15
|
-
|
|
12
|
+
this.config = {
|
|
13
|
+
userPermissions: { allowed: new Set(), denied: new Set() },
|
|
14
|
+
customPermissions: { allowed: new Set(), denied: new Set() },
|
|
15
|
+
objectAccess: {},
|
|
16
|
+
isStrict: false,
|
|
17
|
+
...config,
|
|
18
|
+
};
|
|
19
|
+
this.objectAccess = {};
|
|
20
|
+
for (const [objName, objDef] of Object.entries(config.objectAccess ?? {})) {
|
|
21
|
+
this.objectAccess[objName] = {
|
|
22
|
+
allowRead: false,
|
|
23
|
+
allowCreate: false,
|
|
24
|
+
allowDelete: false,
|
|
25
|
+
allowEdit: false,
|
|
26
|
+
viewAllFields: false,
|
|
27
|
+
...objDef,
|
|
28
|
+
};
|
|
29
|
+
}
|
|
16
30
|
}
|
|
17
31
|
/**
|
|
18
32
|
* Evaluates if a permission is explicitly denied
|
|
@@ -22,10 +36,10 @@ export default class UserRole {
|
|
|
22
36
|
*/
|
|
23
37
|
isDenied(permission) {
|
|
24
38
|
if (permission.type === 'customPermissions') {
|
|
25
|
-
return this.customPermissions.denied.has(permission.name.toLowerCase());
|
|
39
|
+
return this.config.customPermissions.denied.has(permission.name.toLowerCase());
|
|
26
40
|
}
|
|
27
41
|
else {
|
|
28
|
-
return this.userPermissions.denied.has(permission.name.toLowerCase());
|
|
42
|
+
return this.config.userPermissions.denied.has(permission.name.toLowerCase());
|
|
29
43
|
}
|
|
30
44
|
}
|
|
31
45
|
/**
|
|
@@ -37,22 +51,31 @@ export default class UserRole {
|
|
|
37
51
|
*/
|
|
38
52
|
isAllowed(permission) {
|
|
39
53
|
if (permission.type === 'customPermissions') {
|
|
40
|
-
return this.customPermissions.allowed.has(permission.name);
|
|
54
|
+
return this.config.customPermissions.allowed.has(permission.name);
|
|
41
55
|
}
|
|
42
56
|
else {
|
|
43
|
-
return this.userPermissions.allowed.has(permission.name);
|
|
57
|
+
return this.config.userPermissions.allowed.has(permission.name);
|
|
44
58
|
}
|
|
45
59
|
}
|
|
60
|
+
/**
|
|
61
|
+
* Runs a deep analysis of all access controls (permissions, object access, etc)
|
|
62
|
+
* of the role and determins which role is more permissive (or if they are intersecting)
|
|
63
|
+
*
|
|
64
|
+
* @param otherRole
|
|
65
|
+
* @returns
|
|
66
|
+
*/
|
|
46
67
|
compareWith(otherRole) {
|
|
47
68
|
const missingPermsInOther = new Array();
|
|
48
69
|
const missingPermsInThis = new Array();
|
|
49
|
-
const isOrdinallyHigher = this.roleOrdinalValue && otherRole.
|
|
50
|
-
|
|
70
|
+
const isOrdinallyHigher = this.config.roleOrdinalValue && otherRole.config.roleOrdinalValue
|
|
71
|
+
? this.config.roleOrdinalValue >= otherRole.config.roleOrdinalValue
|
|
72
|
+
: true;
|
|
73
|
+
const merged = new Set([...this.config.userPermissions.allowed, ...otherRole.config.userPermissions.allowed]);
|
|
51
74
|
for (const perm of merged) {
|
|
52
|
-
if (!this.userPermissions.allowed.has(perm)) {
|
|
75
|
+
if (!this.config.userPermissions.allowed.has(perm)) {
|
|
53
76
|
missingPermsInThis.push(perm);
|
|
54
77
|
}
|
|
55
|
-
if (!otherRole.userPermissions.allowed.has(perm)) {
|
|
78
|
+
if (!otherRole.config.userPermissions.allowed.has(perm)) {
|
|
56
79
|
missingPermsInOther.push(perm);
|
|
57
80
|
}
|
|
58
81
|
}
|
|
@@ -62,17 +85,44 @@ export default class UserRole {
|
|
|
62
85
|
missingPermsInOther,
|
|
63
86
|
};
|
|
64
87
|
}
|
|
88
|
+
/**
|
|
89
|
+
* Returns coerced object access for the role. If the object is
|
|
90
|
+
* not explicitly defined, the "strict" flag determins if the role
|
|
91
|
+
* allows access or not.
|
|
92
|
+
*
|
|
93
|
+
* @param objName
|
|
94
|
+
* @returns
|
|
95
|
+
*/
|
|
96
|
+
getObjectAccess(objName) {
|
|
97
|
+
const allowedObjectAccess = this.objectAccess[objName];
|
|
98
|
+
// if object is not explicitly defined, we allow access for roles that are "not strict"
|
|
99
|
+
if (!allowedObjectAccess) {
|
|
100
|
+
return {
|
|
101
|
+
allowCreate: !this.config.isStrict,
|
|
102
|
+
allowEdit: !this.config.isStrict,
|
|
103
|
+
allowRead: !this.config.isStrict,
|
|
104
|
+
allowDelete: !this.config.isStrict,
|
|
105
|
+
viewAllFields: !this.config.isStrict,
|
|
106
|
+
};
|
|
107
|
+
}
|
|
108
|
+
return allowedObjectAccess;
|
|
109
|
+
}
|
|
65
110
|
}
|
|
66
111
|
export function newRoleFromDefinition(roleName, config) {
|
|
67
|
-
const { permissions } = resolveRole(roleName, config.controls);
|
|
68
|
-
const
|
|
69
|
-
const
|
|
70
|
-
return new UserRole(roleName,
|
|
112
|
+
const { permissions, objectAccess, strict } = resolveRole(roleName, config.controls);
|
|
113
|
+
const userPermissions = buildAllowedPerms(permissions?.userPermissions, config.shape.userPermissions, permissions?.allowedClassifications);
|
|
114
|
+
const customPermissions = buildAllowedPerms(permissions?.customPermissions, config.shape.customPermissions, permissions?.allowedClassifications);
|
|
115
|
+
return new UserRole(roleName, { userPermissions, customPermissions, objectAccess, isStrict: strict });
|
|
71
116
|
}
|
|
72
117
|
export function newRoleFromOrdinals(roleName, perms) {
|
|
73
118
|
const roleOrdinalValue = resolvePresetOrdinalValue(roleName);
|
|
74
119
|
if (!perms || roleName === UserPrivilegeLevel.UNKNOWN) {
|
|
75
|
-
return new UserRole(roleName, {
|
|
120
|
+
return new UserRole(roleName, {
|
|
121
|
+
userPermissions: { allowed: new Set(), denied: new Set() },
|
|
122
|
+
customPermissions: { allowed: new Set(), denied: new Set() },
|
|
123
|
+
roleOrdinalValue,
|
|
124
|
+
objectAccess: {},
|
|
125
|
+
});
|
|
76
126
|
}
|
|
77
127
|
const allAllowed = new Set();
|
|
78
128
|
for (const [permName, permDef] of Object.entries(perms)) {
|
|
@@ -80,7 +130,12 @@ export function newRoleFromOrdinals(roleName, perms) {
|
|
|
80
130
|
allAllowed.add(permName);
|
|
81
131
|
}
|
|
82
132
|
}
|
|
83
|
-
return new UserRole(roleName, {
|
|
133
|
+
return new UserRole(roleName, {
|
|
134
|
+
userPermissions: { allowed: allAllowed, denied: new Set() },
|
|
135
|
+
customPermissions: { allowed: new Set(), denied: new Set() },
|
|
136
|
+
roleOrdinalValue,
|
|
137
|
+
objectAccess: {},
|
|
138
|
+
});
|
|
84
139
|
}
|
|
85
140
|
function resolvePresetOrdinalValue(value) {
|
|
86
141
|
const indexOfValue = Object.values(UserPrivilegeLevel).indexOf(value);
|
|
@@ -94,22 +149,37 @@ function resolveRole(roleName, controls) {
|
|
|
94
149
|
if (!rawRoleDef) {
|
|
95
150
|
throw messages.createError('TriedToAccessRoleThatDoesNotExist', [roleName]);
|
|
96
151
|
}
|
|
97
|
-
const
|
|
98
|
-
|
|
99
|
-
|
|
152
|
+
const aggregatedRoleDef = { strict: rawRoleDef.strict ?? false };
|
|
153
|
+
for (const controlType of ['permissions', 'objectAccess']) {
|
|
154
|
+
try {
|
|
155
|
+
aggregatedRoleDef[controlType] = resolveReferences(rawRoleDef[controlType], controls[controlType]);
|
|
156
|
+
}
|
|
157
|
+
catch (err) {
|
|
158
|
+
const errorDetails = err instanceof Error ? err.message : 'Unknown';
|
|
159
|
+
throw messages.createError('RoleReferencesControlThatDoesNotExist', [roleName, controlType, errorDetails]);
|
|
160
|
+
}
|
|
100
161
|
}
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
162
|
+
return aggregatedRoleDef;
|
|
163
|
+
}
|
|
164
|
+
function resolveReferences(roleDef, controls) {
|
|
165
|
+
const mergedControl = {};
|
|
166
|
+
const definitiveControls = controls ?? {};
|
|
167
|
+
const definitiveRoleDef = roleDef ?? {};
|
|
168
|
+
if (Array.isArray(definitiveRoleDef)) {
|
|
169
|
+
for (const controlRef of definitiveRoleDef) {
|
|
170
|
+
const referencedControl = definitiveControls[controlRef];
|
|
171
|
+
if (referencedControl) {
|
|
172
|
+
merge(mergedControl, referencedControl);
|
|
106
173
|
}
|
|
107
174
|
else {
|
|
108
|
-
throw
|
|
175
|
+
throw new Error(controlRef);
|
|
109
176
|
}
|
|
110
177
|
}
|
|
111
178
|
}
|
|
112
|
-
|
|
179
|
+
else {
|
|
180
|
+
merge(mergedControl, definitiveRoleDef);
|
|
181
|
+
}
|
|
182
|
+
return mergedControl;
|
|
113
183
|
}
|
|
114
184
|
function buildAllowedPerms(rolePermDef, permClassifications, allowedClassifications) {
|
|
115
185
|
const allowedPerms = new Set();
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"userRole.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/roles/userRole.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAC;AACxC,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAEL,mBAAmB,EACnB,kBAAkB,
|
|
1
|
+
{"version":3,"file":"userRole.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/roles/userRole.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAC;AACxC,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAEL,mBAAmB,EACnB,kBAAkB,GAInB,MAAM,oBAAoB,CAAC;AAU5B,QAAQ,CAAC,kCAAkC,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,MAAM,QAAQ,GAAG,QAAQ,CAAC,YAAY,CAAC,oCAAoC,EAAE,oCAAoC,CAAC,CAAC;AAenH,MAAM,CAAC,OAAO,OAAO,QAAQ;IAID;IAHlB,MAAM,CAAiB;IACvB,YAAY,CAA4C;IAEhE,YAA0B,QAAgB,EAAE,MAA+B;QAAjD,aAAQ,GAAR,QAAQ,CAAQ;QACxC,IAAI,CAAC,MAAM,GAAG;YACZ,eAAe,EAAE,EAAE,OAAO,EAAE,IAAI,GAAG,EAAU,EAAE,MAAM,EAAE,IAAI,GAAG,EAAU,EAAE;YAC1E,iBAAiB,EAAE,EAAE,OAAO,EAAE,IAAI,GAAG,EAAU,EAAE,MAAM,EAAE,IAAI,GAAG,EAAU,EAAE;YAC5E,YAAY,EAAE,EAAE;YAChB,QAAQ,EAAE,KAAK;YACf,GAAG,MAAM;SACV,CAAC;QACF,IAAI,CAAC,YAAY,GAAG,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,YAAY,IAAI,EAAE,CAAC,EAAE,CAAC;YAC1E,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG;gBAC3B,SAAS,EAAE,KAAK;gBAChB,WAAW,EAAE,KAAK;gBAClB,WAAW,EAAE,KAAK;gBAClB,SAAS,EAAE,KAAK;gBAChB,aAAa,EAAE,KAAK;gBACpB,GAAG,MAAM;aACV,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACI,QAAQ,CAAC,UAA2B;QACzC,IAAI,UAAU,CAAC,IAAI,KAAK,mBAAmB,EAAE,CAAC;YAC5C,OAAO,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;QACjF,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;QAC/E,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACI,SAAS,CAAC,UAA2B;QAC1C,IAAI,UAAU,CAAC,IAAI,KAAK,mBAAmB,EAAE,CAAC;YAC5C,OAAO,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QACpE,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QAClE,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACI,WAAW,CAAC,SAAmB;QACpC,MAAM,mBAAmB,GAAG,IAAI,KAAK,EAAU,CAAC;QAChD,MAAM,kBAAkB,GAAG,IAAI,KAAK,EAAU,CAAC;QAC/C,MAAM,iBAAiB,GACrB,IAAI,CAAC,MAAM,CAAC,gBAAgB,IAAI,SAAS,CAAC,MAAM,CAAC,gBAAgB;YAC/D,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,gBAAgB,IAAI,SAAS,CAAC,MAAM,CAAC,gBAAgB;YACnE,CAAC,CAAC,IAAI,CAAC;QACX,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,OAAO,EAAE,GAAG,SAAS,CAAC,MAAM,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,CAAC;QAC9G,KAAK,MAAM,IAAI,IAAI,MAAM,EAAE,CAAC;YAC1B,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBACnD,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAChC,CAAC;YACD,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBACxD,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACjC,CAAC;QACH,CAAC;QACD,OAAO;YACL,UAAU,EAAE,kBAAkB,CAAC,MAAM,KAAK,CAAC,IAAI,iBAAiB;YAChE,kBAAkB;YAClB,mBAAmB;SACpB,CAAC;IACJ,CAAC;IAED;;;;;;;OAOG;IACI,eAAe,CAAC,OAAe;QACpC,MAAM,mBAAmB,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;QACvD,uFAAuF;QACvF,IAAI,CAAC,mBAAmB,EAAE,CAAC;YACzB,OAAO;gBACL,WAAW,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ;gBAClC,SAAS,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ;gBAChC,SAAS,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ;gBAChC,WAAW,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ;gBAClC,aAAa,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ;aACrC,CAAC;QACJ,CAAC;QACD,OAAO,mBAAmB,CAAC;IAC7B,CAAC;CACF;AAED,MAAM,UAAU,qBAAqB,CAAC,QAAgB,EAAE,MAAyB;IAC/E,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,EAAE,GAAG,WAAW,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;IACrF,MAAM,eAAe,GAAG,iBAAiB,CACvC,WAAW,EAAE,eAAe,EAC5B,MAAM,CAAC,KAAK,CAAC,eAAe,EAC5B,WAAW,EAAE,sBAAsB,CACpC,CAAC;IACF,MAAM,iBAAiB,GAAG,iBAAiB,CACzC,WAAW,EAAE,iBAAiB,EAC9B,MAAM,CAAC,KAAK,CAAC,iBAAiB,EAC9B,WAAW,EAAE,sBAAsB,CACpC,CAAC;IACF,OAAO,IAAI,QAAQ,CAAC,QAAQ,EAAE,EAAE,eAAe,EAAE,iBAAiB,EAAE,YAAY,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC;AACxG,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,QAA4B,EAAE,KAAiC;IACjG,MAAM,gBAAgB,GAAG,yBAAyB,CAAC,QAAQ,CAAC,CAAC;IAC7D,IAAI,CAAC,KAAK,IAAI,QAAQ,KAAK,kBAAkB,CAAC,OAAO,EAAE,CAAC;QACtD,OAAO,IAAI,QAAQ,CAAC,QAAQ,EAAE;YAC5B,eAAe,EAAE,EAAE,OAAO,EAAE,IAAI,GAAG,EAAU,EAAE,MAAM,EAAE,IAAI,GAAG,EAAU,EAAE;YAC1E,iBAAiB,EAAE,EAAE,OAAO,EAAE,IAAI,GAAG,EAAU,EAAE,MAAM,EAAE,IAAI,GAAG,EAAU,EAAE;YAC5E,gBAAgB;YAChB,YAAY,EAAE,EAAE;SACjB,CAAC,CAAC;IACL,CAAC;IACD,MAAM,UAAU,GAAG,IAAI,GAAG,EAAU,CAAC;IACrC,KAAK,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACxD,IAAI,gBAAgB,IAAI,4BAA4B,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;YAC7E,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;IACD,OAAO,IAAI,QAAQ,CAAC,QAAQ,EAAE;QAC5B,eAAe,EAAE,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,EAAE,IAAI,GAAG,EAAU,EAAE;QACnE,iBAAiB,EAAE,EAAE,OAAO,EAAE,IAAI,GAAG,EAAU,EAAE,MAAM,EAAE,IAAI,GAAG,EAAU,EAAE;QAC5E,gBAAgB;QAChB,YAAY,EAAE,EAAE;KACjB,CAAC,CAAC;AACL,CAAC;AAED,SAAS,yBAAyB,CAAC,KAAyB;IAC1D,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IACtE,OAAO,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,MAAM,GAAG,YAAY,CAAC;AAC/D,CAAC;AAED,SAAS,4BAA4B,CAAC,KAAa;IACjD,OAAO,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;AACjH,CAAC;AAED,SAAS,WAAW,CAAC,QAAgB,EAAE,QAA0B;IAC/D,MAAM,UAAU,GAAG,QAAQ,CAAC,KAAK,EAAE,CAAC,QAAQ,CAAC,CAAC;IAC9C,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,QAAQ,CAAC,WAAW,CAAC,mCAAmC,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC9E,CAAC;IACD,MAAM,iBAAiB,GAAsC,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,IAAI,KAAK,EAAE,CAAC;IACpG,KAAK,MAAM,WAAW,IAAI,CAAC,aAAa,EAAE,cAAc,CAAU,EAAE,CAAC;QACnE,IAAI,CAAC;YACH,iBAAiB,CAAC,WAAW,CAAC,GAAG,iBAAiB,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC;QACrG,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,YAAY,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,MAAM,QAAQ,CAAC,WAAW,CAAC,uCAAuC,EAAE,CAAC,QAAQ,EAAE,WAAW,EAAE,YAAY,CAAC,CAAC,CAAC;QAC7G,CAAC;IACH,CAAC;IACD,OAAO,iBAA6C,CAAC;AACvD,CAAC;AAMD,SAAS,iBAAiB,CACxB,OAA0B,EAC1B,QAAiC;IAEjC,MAAM,aAAa,GAAG,EAAE,CAAC;IACzB,MAAM,kBAAkB,GAAG,QAAQ,IAAI,EAAE,CAAC;IAC1C,MAAM,iBAAiB,GAAsB,OAAO,IAAI,EAAE,CAAC;IAC3D,IAAI,KAAK,CAAC,OAAO,CAAC,iBAAiB,CAAC,EAAE,CAAC;QACrC,KAAK,MAAM,UAAU,IAAI,iBAAiB,EAAE,CAAC;YAC3C,MAAM,iBAAiB,GAAG,kBAAkB,CAAC,UAAU,CAAC,CAAC;YACzD,IAAI,iBAAiB,EAAE,CAAC;gBACtB,KAAK,CAAC,aAAa,EAAE,iBAAiB,CAAC,CAAC;YAC1C,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,KAAK,CAAC,UAAU,CAAC,CAAC;YAC9B,CAAC;QACH,CAAC;IACH,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,aAAa,EAAE,iBAAiB,CAAC,CAAC;IAC1C,CAAC;IACD,OAAO,aAAa,CAAC;AACvB,CAAC;AAED,SAAS,iBAAiB,CACxB,WAAsC,EACtC,mBAA+C,EAC/C,sBAAiC;IAEjC,MAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;IACvC,IAAI,sBAAsB,IAAI,mBAAmB,EAAE,CAAC;QAClD,KAAK,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,mBAAmB,CAAC,EAAE,CAAC;YACtE,IAAI,sBAAsB,CAAC,QAAQ,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;gBAC5D,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YAC7B,CAAC;QACH,CAAC;IACH,CAAC;IACD,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,EAAE,IAAI,GAAG,EAAU,EAAE,CAAC;IAC9D,CAAC;IACD,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;QACxB,KAAK,MAAM,QAAQ,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;YAC3C,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC7B,CAAC;IACH,CAAC;IACD,IAAI,WAAW,CAAC,QAAQ,EAAE,CAAC;QACzB,KAAK,MAAM,QAAQ,IAAI,WAAW,CAAC,QAAQ,EAAE,CAAC;YAC5C,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAC7B,CAAC;IACH,CAAC;IACD,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;QACvB,KAAK,MAAM,QAAQ,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;YAC1C,YAAY,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;IACD,OAAO;QACL,OAAO,EAAE,YAAY;QACrB,MAAM,EAAE,IAAI,GAAG,CAAS,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;KAClG,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
import { PartialPolicyRuleResult, RuleAuditContext } from '../context.types.js';
|
|
2
|
+
import { ResolvedUser } from '../policies/users.js';
|
|
3
|
+
import PolicyRule, { RuleOptions } from './policyRule.js';
|
|
4
|
+
export default class EnforceObjectAccessOnUser extends PolicyRule<ResolvedUser> {
|
|
5
|
+
private readonly roleManager;
|
|
6
|
+
constructor(opts: RuleOptions);
|
|
7
|
+
run(context: RuleAuditContext<ResolvedUser>): Promise<PartialPolicyRuleResult>;
|
|
8
|
+
}
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
import RoleManager from '../roles/roleManager.js';
|
|
2
|
+
import PolicyRule from './policyRule.js';
|
|
3
|
+
export default class EnforceObjectAccessOnUser extends PolicyRule {
|
|
4
|
+
roleManager;
|
|
5
|
+
constructor(opts) {
|
|
6
|
+
super(opts);
|
|
7
|
+
this.roleManager = new RoleManager({
|
|
8
|
+
controls: opts.auditConfig.controls,
|
|
9
|
+
shape: opts.auditConfig.shape,
|
|
10
|
+
});
|
|
11
|
+
}
|
|
12
|
+
run(context) {
|
|
13
|
+
const result = this.initResult();
|
|
14
|
+
const users = context.resolvedEntities;
|
|
15
|
+
for (const user of Object.values(users)) {
|
|
16
|
+
const profileLikes = buildProfileLikes(user);
|
|
17
|
+
const { violations, warnings, errors } = this.roleManager.scanObjectAccess(user.role, profileLikes, [
|
|
18
|
+
user.username,
|
|
19
|
+
]);
|
|
20
|
+
result.errors.push(...errors);
|
|
21
|
+
result.warnings.push(...warnings);
|
|
22
|
+
result.violations.push(...violations);
|
|
23
|
+
}
|
|
24
|
+
return Promise.resolve(result);
|
|
25
|
+
}
|
|
26
|
+
}
|
|
27
|
+
function buildProfileLikes(user) {
|
|
28
|
+
const profileLikes = [];
|
|
29
|
+
profileLikes.push({ metadata: user.profileMetadata, name: user.profileName, type: 'Profile' });
|
|
30
|
+
for (const permSetAssignment of user.assignments ?? []) {
|
|
31
|
+
profileLikes.push({
|
|
32
|
+
metadata: permSetAssignment.metadata,
|
|
33
|
+
name: permSetAssignment.permissionSetIdentifier,
|
|
34
|
+
type: 'PermissionSet',
|
|
35
|
+
});
|
|
36
|
+
}
|
|
37
|
+
return profileLikes;
|
|
38
|
+
}
|
|
39
|
+
//# sourceMappingURL=enforceObjectAccessOnUser.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"enforceObjectAccessOnUser.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/rules/enforceObjectAccessOnUser.ts"],"names":[],"mappings":"AACA,OAAO,WAAW,MAAM,yBAAyB,CAAC;AAGlD,OAAO,UAA2B,MAAM,iBAAiB,CAAC;AAE1D,MAAM,CAAC,OAAO,OAAO,yBAA0B,SAAQ,UAAwB;IAC5D,WAAW,CAAC;IAE7B,YAAmB,IAAiB;QAClC,KAAK,CAAC,IAAI,CAAC,CAAC;QACZ,IAAI,CAAC,WAAW,GAAG,IAAI,WAAW,CAAC;YACjC,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC,QAAQ;YACnC,KAAK,EAAE,IAAI,CAAC,WAAW,CAAC,KAAK;SAC9B,CAAC,CAAC;IACL,CAAC;IAEM,GAAG,CAAC,OAAuC;QAChD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,MAAM,KAAK,GAAG,OAAO,CAAC,gBAAgB,CAAC;QACvC,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YACxC,MAAM,YAAY,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;YAC7C,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,EAAE,YAAY,EAAE;gBAClG,IAAI,CAAC,QAAQ;aACd,CAAC,CAAC;YACH,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,CAAC;YAC9B,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,CAAC;YAClC,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,CAAC;QACxC,CAAC;QACD,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;CACF;AAED,SAAS,iBAAiB,CAAC,IAAkB;IAC3C,MAAM,YAAY,GAAkB,EAAE,CAAC;IACvC,YAAY,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,IAAI,CAAC,eAAe,EAAE,IAAI,EAAE,IAAI,CAAC,WAAW,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;IAC/F,KAAK,MAAM,iBAAiB,IAAI,IAAI,CAAC,WAAW,IAAI,EAAE,EAAE,CAAC;QACvD,YAAY,CAAC,IAAI,CAAC;YAChB,QAAQ,EAAE,iBAAiB,CAAC,QAAQ;YACpC,IAAI,EAAE,iBAAiB,CAAC,uBAAuB;YAC/C,IAAI,EAAE,eAAe;SACtB,CAAC,CAAC;IACL,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC"}
|
|
@@ -1,9 +1,5 @@
|
|
|
1
|
-
import { Messages } from '@salesforce/core';
|
|
2
|
-
import { isNullish } from '../../../../utils.js';
|
|
3
1
|
import RoleManager from '../roles/roleManager.js';
|
|
4
2
|
import PolicyRule from './policyRule.js';
|
|
5
|
-
Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
|
|
6
|
-
const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'rules.enforceClassificationPresets');
|
|
7
3
|
export default class EnforcePermissionsOnProfileLike extends PolicyRule {
|
|
8
4
|
roleManager;
|
|
9
5
|
constructor(opts) {
|
|
@@ -17,18 +13,10 @@ export default class EnforcePermissionsOnProfileLike extends PolicyRule {
|
|
|
17
13
|
const result = this.initResult();
|
|
18
14
|
const resolvedProfiles = context.resolvedEntities;
|
|
19
15
|
for (const profile of Object.values(resolvedProfiles)) {
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
});
|
|
25
|
-
continue;
|
|
26
|
-
}
|
|
27
|
-
if (!isNullish(profile.metadata)) {
|
|
28
|
-
const profileScanResult = this.roleManager.scanProfileLike(profile);
|
|
29
|
-
result.violations.push(...profileScanResult.violations);
|
|
30
|
-
result.warnings.push(...profileScanResult.warnings);
|
|
31
|
-
}
|
|
16
|
+
const { errors, violations, warnings } = this.roleManager.scanPermissions(profile.role, profile);
|
|
17
|
+
result.errors.push(...errors);
|
|
18
|
+
result.warnings.push(...warnings);
|
|
19
|
+
result.violations.push(...violations);
|
|
32
20
|
}
|
|
33
21
|
return Promise.resolve(result);
|
|
34
22
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"enforcePermissionsOnProfileLike.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/rules/enforcePermissionsOnProfileLike.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"enforcePermissionsOnProfileLike.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/rules/enforcePermissionsOnProfileLike.ts"],"names":[],"mappings":"AACA,OAAO,WAAW,MAAM,yBAAyB,CAAC;AAElD,OAAO,UAA2B,MAAM,iBAAiB,CAAC;AAE1D,MAAM,CAAC,OAAO,OAAO,+BAAgC,SAAQ,UAA+B;IACzE,WAAW,CAAC;IAE7B,YAAmB,IAAiB;QAClC,KAAK,CAAC,IAAI,CAAC,CAAC;QACZ,IAAI,CAAC,WAAW,GAAG,IAAI,WAAW,CAAC;YACjC,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC,QAAQ;YACnC,KAAK,EAAE,IAAI,CAAC,WAAW,CAAC,KAAK;SAC9B,CAAC,CAAC;IACL,CAAC;IAEM,GAAG,CAAC,OAA8C;QACvD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,MAAM,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,CAAC;QAClD,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE,CAAC;YACtD,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;YACjG,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,CAAC;YAC9B,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,CAAC;YAClC,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,CAAC;QACxC,CAAC;QACD,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;CACF"}
|
|
@@ -1,8 +1,5 @@
|
|
|
1
|
-
import { Messages } from '@salesforce/core';
|
|
2
1
|
import RoleManager from '../roles/roleManager.js';
|
|
3
2
|
import PolicyRule from './policyRule.js';
|
|
4
|
-
Messages.importMessagesDirectoryFromMetaUrl(import.meta.url);
|
|
5
|
-
const messages = Messages.loadMessages('@j-schreiber/sf-cli-security-audit', 'rules.enforceClassificationPresets');
|
|
6
3
|
export default class EnforcePermissionsOnUser extends PolicyRule {
|
|
7
4
|
roleManager;
|
|
8
5
|
constructor(opts) {
|
|
@@ -16,38 +13,27 @@ export default class EnforcePermissionsOnUser extends PolicyRule {
|
|
|
16
13
|
const result = this.initResult();
|
|
17
14
|
const users = context.resolvedEntities;
|
|
18
15
|
for (const user of Object.values(users)) {
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
continue;
|
|
25
|
-
}
|
|
26
|
-
const { violations, warnings } = this.scanAssignedPermissionSets(user, user.assignments);
|
|
27
|
-
result.violations.push(...violations);
|
|
16
|
+
const profileLikes = buildProfileLikes(user);
|
|
17
|
+
const { violations, warnings, errors } = this.roleManager.scanPermissions(user.role, profileLikes, [
|
|
18
|
+
user.username,
|
|
19
|
+
]);
|
|
20
|
+
result.errors.push(...errors);
|
|
28
21
|
result.warnings.push(...warnings);
|
|
29
|
-
|
|
30
|
-
const profileResult = this.roleManager.scanProfileLike({ role: user.role, metadata: user.profileMetadata, name: user.profileName }, [user.username]);
|
|
31
|
-
result.violations.push(...profileResult.violations);
|
|
32
|
-
result.warnings.push(...profileResult.warnings);
|
|
33
|
-
}
|
|
22
|
+
result.violations.push(...violations);
|
|
34
23
|
}
|
|
35
24
|
return Promise.resolve(result);
|
|
36
25
|
}
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
result.violations.push(...permsetScan.violations);
|
|
48
|
-
result.warnings.push(...permsetScan.warnings);
|
|
49
|
-
}
|
|
50
|
-
return result;
|
|
26
|
+
}
|
|
27
|
+
function buildProfileLikes(user) {
|
|
28
|
+
const profileLikes = [];
|
|
29
|
+
profileLikes.push({ metadata: user.profileMetadata, name: user.profileName, type: 'Profile' });
|
|
30
|
+
for (const permSetAssignment of user.assignments ?? []) {
|
|
31
|
+
profileLikes.push({
|
|
32
|
+
metadata: permSetAssignment.metadata,
|
|
33
|
+
name: permSetAssignment.permissionSetIdentifier,
|
|
34
|
+
type: 'PermissionSet',
|
|
35
|
+
});
|
|
51
36
|
}
|
|
37
|
+
return profileLikes;
|
|
52
38
|
}
|
|
53
39
|
//# sourceMappingURL=enforcePermissionsOnUser.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"enforcePermissionsOnUser.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/rules/enforcePermissionsOnUser.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"enforcePermissionsOnUser.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/rules/enforcePermissionsOnUser.ts"],"names":[],"mappings":"AACA,OAAO,WAAW,MAAM,yBAAyB,CAAC;AAGlD,OAAO,UAA2B,MAAM,iBAAiB,CAAC;AAE1D,MAAM,CAAC,OAAO,OAAO,wBAAyB,SAAQ,UAAwB;IAC3D,WAAW,CAAC;IAE7B,YAAmB,IAAiB;QAClC,KAAK,CAAC,IAAI,CAAC,CAAC;QACZ,IAAI,CAAC,WAAW,GAAG,IAAI,WAAW,CAAC;YACjC,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAC,QAAQ;YACnC,KAAK,EAAE,IAAI,CAAC,WAAW,CAAC,KAAK;SAC9B,CAAC,CAAC;IACL,CAAC;IAEM,GAAG,CAAC,OAAuC;QAChD,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,MAAM,KAAK,GAAG,OAAO,CAAC,gBAAgB,CAAC;QACvC,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YACxC,MAAM,YAAY,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;YAC7C,MAAM,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,EAAE,YAAY,EAAE;gBACjG,IAAI,CAAC,QAAQ;aACd,CAAC,CAAC;YACH,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,CAAC;YAC9B,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,CAAC;YAClC,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,CAAC;QACxC,CAAC;QACD,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACjC,CAAC;CACF;AAED,SAAS,iBAAiB,CAAC,IAAkB;IAC3C,MAAM,YAAY,GAAkB,EAAE,CAAC;IACvC,YAAY,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,IAAI,CAAC,eAAe,EAAE,IAAI,EAAE,IAAI,CAAC,WAAW,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;IAC/F,KAAK,MAAM,iBAAiB,IAAI,IAAI,CAAC,WAAW,IAAI,EAAE,EAAE,CAAC;QACvD,YAAY,CAAC,IAAI,CAAC;YAChB,QAAQ,EAAE,iBAAiB,CAAC,QAAQ;YACpC,IAAI,EAAE,iBAAiB,CAAC,uBAAuB;YAC/C,IAAI,EAAE,eAAe;SACtB,CAAC,CAAC;IACL,CAAC;IACD,OAAO,YAAY,CAAC;AACtB,CAAC"}
|
|
@@ -8,6 +8,7 @@ export declare const BaseAuditConfigShape: {
|
|
|
8
8
|
files: {
|
|
9
9
|
roles: {
|
|
10
10
|
schema: import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
|
|
11
|
+
strict: import("zod").ZodOptional<import("zod").ZodBoolean>;
|
|
11
12
|
permissions: import("zod").ZodOptional<import("zod").ZodXor<readonly [import("zod").ZodArray<import("zod").ZodString>, import("zod").ZodObject<{
|
|
12
13
|
allowedClassifications: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodEnum<typeof import("./schema.js").PermissionRiskLevel>>>;
|
|
13
14
|
userPermissions: import("zod").ZodOptional<import("zod").ZodObject<{
|
|
@@ -21,6 +22,13 @@ export declare const BaseAuditConfigShape: {
|
|
|
21
22
|
required: import("zod").ZodOptional<import("zod").ZodArray<import("zod").ZodString>>;
|
|
22
23
|
}, import("zod/v4/core").$strip>>;
|
|
23
24
|
}, import("zod/v4/core").$strip>]>>;
|
|
25
|
+
objectAccess: import("zod").ZodOptional<import("zod").ZodXor<readonly [import("zod").ZodArray<import("zod").ZodString>, import("zod").ZodRecord<import("zod").ZodString, import("zod").ZodObject<{
|
|
26
|
+
allowRead: import("zod").ZodOptional<import("zod").ZodBoolean>;
|
|
27
|
+
allowCreate: import("zod").ZodOptional<import("zod").ZodBoolean>;
|
|
28
|
+
allowEdit: import("zod").ZodOptional<import("zod").ZodBoolean>;
|
|
29
|
+
allowDelete: import("zod").ZodOptional<import("zod").ZodBoolean>;
|
|
30
|
+
viewAllFields: import("zod").ZodOptional<import("zod").ZodBoolean>;
|
|
31
|
+
}, import("zod/v4/core").$strip>>]>>;
|
|
24
32
|
}, import("zod/v4/core").$strict>>;
|
|
25
33
|
};
|
|
26
34
|
permissions: {
|
|
@@ -50,6 +50,13 @@ export declare const PermissionControlSchema: z.ZodObject<{
|
|
|
50
50
|
required: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
51
51
|
}, z.z.core.$strip>>;
|
|
52
52
|
}, z.z.core.$strip>;
|
|
53
|
+
export declare const ObjectAccessControlSchema: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
54
|
+
allowRead: z.ZodOptional<z.ZodBoolean>;
|
|
55
|
+
allowCreate: z.ZodOptional<z.ZodBoolean>;
|
|
56
|
+
allowEdit: z.ZodOptional<z.ZodBoolean>;
|
|
57
|
+
allowDelete: z.ZodOptional<z.ZodBoolean>;
|
|
58
|
+
viewAllFields: z.ZodOptional<z.ZodBoolean>;
|
|
59
|
+
}, z.z.core.$strip>>;
|
|
53
60
|
export declare const PermissionControlsFileSchema: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
54
61
|
allowedClassifications: z.ZodOptional<z.ZodArray<z.ZodEnum<typeof PermissionRiskLevel>>>;
|
|
55
62
|
userPermissions: z.ZodOptional<z.ZodObject<{
|
|
@@ -63,7 +70,15 @@ export declare const PermissionControlsFileSchema: z.ZodRecord<z.ZodString, z.Zo
|
|
|
63
70
|
required: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
64
71
|
}, z.z.core.$strip>>;
|
|
65
72
|
}, z.z.core.$strip>>;
|
|
73
|
+
export declare const ObjectAccessControlFileSchema: z.ZodRecord<z.ZodString, z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
74
|
+
allowRead: z.ZodOptional<z.ZodBoolean>;
|
|
75
|
+
allowCreate: z.ZodOptional<z.ZodBoolean>;
|
|
76
|
+
allowEdit: z.ZodOptional<z.ZodBoolean>;
|
|
77
|
+
allowDelete: z.ZodOptional<z.ZodBoolean>;
|
|
78
|
+
viewAllFields: z.ZodOptional<z.ZodBoolean>;
|
|
79
|
+
}, z.z.core.$strip>>>;
|
|
66
80
|
export declare const ResolvedRoleDefinitionSchema: z.ZodObject<{
|
|
81
|
+
strict: z.ZodOptional<z.ZodBoolean>;
|
|
67
82
|
permissions: z.ZodOptional<z.ZodObject<{
|
|
68
83
|
allowedClassifications: z.ZodOptional<z.ZodArray<z.ZodEnum<typeof PermissionRiskLevel>>>;
|
|
69
84
|
userPermissions: z.ZodOptional<z.ZodObject<{
|
|
@@ -77,8 +92,16 @@ export declare const ResolvedRoleDefinitionSchema: z.ZodObject<{
|
|
|
77
92
|
required: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
78
93
|
}, z.z.core.$strip>>;
|
|
79
94
|
}, z.z.core.$strip>>;
|
|
95
|
+
objectAccess: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
96
|
+
allowRead: z.ZodOptional<z.ZodBoolean>;
|
|
97
|
+
allowCreate: z.ZodOptional<z.ZodBoolean>;
|
|
98
|
+
allowEdit: z.ZodOptional<z.ZodBoolean>;
|
|
99
|
+
allowDelete: z.ZodOptional<z.ZodBoolean>;
|
|
100
|
+
viewAllFields: z.ZodOptional<z.ZodBoolean>;
|
|
101
|
+
}, z.z.core.$strip>>>;
|
|
80
102
|
}, z.z.core.$strip>;
|
|
81
103
|
export declare const ComposableRolesFileSchema: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
104
|
+
strict: z.ZodOptional<z.ZodBoolean>;
|
|
82
105
|
permissions: z.ZodOptional<z.ZodXor<readonly [z.ZodArray<z.ZodString>, z.ZodObject<{
|
|
83
106
|
allowedClassifications: z.ZodOptional<z.ZodArray<z.ZodEnum<typeof PermissionRiskLevel>>>;
|
|
84
107
|
userPermissions: z.ZodOptional<z.ZodObject<{
|
|
@@ -92,6 +115,13 @@ export declare const ComposableRolesFileSchema: z.ZodRecord<z.ZodString, z.ZodOb
|
|
|
92
115
|
required: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
93
116
|
}, z.z.core.$strip>>;
|
|
94
117
|
}, z.z.core.$strip>]>>;
|
|
118
|
+
objectAccess: z.ZodOptional<z.ZodXor<readonly [z.ZodArray<z.ZodString>, z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
119
|
+
allowRead: z.ZodOptional<z.ZodBoolean>;
|
|
120
|
+
allowCreate: z.ZodOptional<z.ZodBoolean>;
|
|
121
|
+
allowEdit: z.ZodOptional<z.ZodBoolean>;
|
|
122
|
+
allowDelete: z.ZodOptional<z.ZodBoolean>;
|
|
123
|
+
viewAllFields: z.ZodOptional<z.ZodBoolean>;
|
|
124
|
+
}, z.z.core.$strip>>]>>;
|
|
95
125
|
}, z.z.core.$strict>>;
|
|
96
126
|
export declare const PermissionsClassificationFileSchema: z.ZodRecord<z.ZodString, z.ZodObject<{
|
|
97
127
|
label: z.ZodOptional<z.ZodString>;
|
|
@@ -152,5 +182,8 @@ export type ResolvedRoleDefinition = z.infer<typeof ResolvedRoleDefinitionSchema
|
|
|
152
182
|
export type ComposableRolesControl = z.infer<typeof ComposableRolesFileSchema>;
|
|
153
183
|
export type PermissionControl = z.infer<typeof PermissionControlSchema>;
|
|
154
184
|
export type PermissionControls = z.infer<typeof PermissionControlsFileSchema>;
|
|
185
|
+
export type ObjectAccessControl = z.infer<typeof ObjectAccessControlSchema>;
|
|
186
|
+
export type ObjectAccessControls = z.infer<typeof ObjectAccessControlFileSchema>;
|
|
155
187
|
export declare function isPermissionControl(maybeRoleDef: unknown): maybeRoleDef is PermissionControl;
|
|
188
|
+
export declare function isObjectAccessControl(maybeObjectDef: unknown): maybeObjectDef is ObjectAccessControl;
|
|
156
189
|
export {};
|
|
@@ -71,10 +71,27 @@ export const PermissionControlSchema = z.object({
|
|
|
71
71
|
userPermissions: IndividualPermissionControlSchema.optional(),
|
|
72
72
|
customPermissions: IndividualPermissionControlSchema.optional(),
|
|
73
73
|
});
|
|
74
|
+
export const ObjectAccessControlSchema = z.record(z.string(), z.object({
|
|
75
|
+
allowRead: z.boolean().optional(),
|
|
76
|
+
allowCreate: z.boolean().optional(),
|
|
77
|
+
allowEdit: z.boolean().optional(),
|
|
78
|
+
allowDelete: z.boolean().optional(),
|
|
79
|
+
viewAllFields: z.boolean().optional(),
|
|
80
|
+
}));
|
|
74
81
|
export const PermissionControlsFileSchema = z.record(z.string(), PermissionControlSchema);
|
|
75
|
-
|
|
76
|
-
export const ResolvedRoleDefinitionSchema = z.object({
|
|
77
|
-
|
|
82
|
+
export const ObjectAccessControlFileSchema = z.record(z.string(), ObjectAccessControlSchema);
|
|
83
|
+
export const ResolvedRoleDefinitionSchema = z.object({
|
|
84
|
+
strict: z.boolean().optional(),
|
|
85
|
+
permissions: PermissionControlSchema.optional(),
|
|
86
|
+
objectAccess: ObjectAccessControlSchema.optional(),
|
|
87
|
+
});
|
|
88
|
+
export const ComposableRolesFileSchema = z.record(z.string(), z
|
|
89
|
+
.object({
|
|
90
|
+
strict: z.boolean().optional(),
|
|
91
|
+
permissions: z.xor([z.array(z.string()), PermissionControlSchema]).optional(),
|
|
92
|
+
objectAccess: z.xor([z.array(z.string()), ObjectAccessControlSchema]).optional(),
|
|
93
|
+
})
|
|
94
|
+
.strict());
|
|
78
95
|
// Classification File Schemata
|
|
79
96
|
export const PermissionsClassificationFileSchema = z.record(z.string(), PermClassification);
|
|
80
97
|
export const ProfilesClassificationFileSchema = z.record(z.string(), ProfileConfig);
|
|
@@ -100,4 +117,8 @@ export function isPermissionControl(maybeRoleDef) {
|
|
|
100
117
|
const parseResult = PermissionControlSchema.safeParse(maybeRoleDef);
|
|
101
118
|
return maybeRoleDef !== undefined && parseResult.success === true;
|
|
102
119
|
}
|
|
120
|
+
export function isObjectAccessControl(maybeObjectDef) {
|
|
121
|
+
const parseResult = ObjectAccessControlSchema.safeParse(maybeObjectDef);
|
|
122
|
+
return maybeObjectDef !== undefined && parseResult.success === true;
|
|
123
|
+
}
|
|
103
124
|
//# sourceMappingURL=schema.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"schema.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/shape/schema.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AAEpB,MAAM,SAAS,GAAG,2CAA2C,CAAC;AAE9D;;GAEG;AACH,MAAM,CAAN,IAAY,mBAaX;AAbD,WAAY,mBAAmB;IAC7B,+EAA+E;IAC/E,0CAAmB,CAAA;IACnB,6DAA6D;IAC7D,4CAAqB,CAAA;IACrB,sEAAsE;IACtE,oCAAa,CAAA;IACb,yDAAyD;IACzD,wCAAiB,CAAA;IACjB,qEAAqE;IACrE,kCAAW,CAAA;IACX,kFAAkF;IAClF,0CAAmB,CAAA;AACrB,CAAC,EAbW,mBAAmB,KAAnB,mBAAmB,QAa9B;AAED;;;GAGG;AACH,MAAM,CAAN,IAAY,kBAWX;AAXD,WAAY,kBAAkB;IAC5B,0CAA0C;IAC1C,6CAAuB,CAAA;IACvB,sCAAsC;IACtC,qCAAe,CAAA;IACf,wCAAwC;IACxC,+CAAyB,CAAA;IACzB,oCAAoC;IACpC,qDAA+B,CAAA;IAC/B,qCAAqC;IACrC,yCAAmB,CAAA;AACrB,CAAC,EAXW,kBAAkB,KAAlB,kBAAkB,QAW7B;AAED,MAAM,kBAAkB,GAAG,CAAC,CAAC,MAAM,CAAC;IAClC,eAAe;IACf,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,4DAA4D;IAC5D,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,yCAAyC;IACzC,cAAc,EAAE,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC;CAC5C,CAAC,CAAC;AAEH,MAAM,yBAAyB,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,kBAAkB,CAAC,CAAC;AAE3E,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IACnC,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;CACtD,CAAC,CAAC;AAEH,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,sBAAsB,CAAC,CAAC;AAEnE,MAAM,aAAa,GAAG,CAAC,CAAC,YAAY,CAAC;IACnC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;CACjB,CAAC,CAAC;AAEH,MAAM,aAAa,GAAG,aAAa,CAAC,MAAM,CAAC;IACzC,eAAe,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE;CACtH,CAAC,CAAC;AAEH,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AAElD,MAAM,kBAAkB,GAAG,CAAC,CAAC,YAAY,CAAC;IACxC,0BAA0B,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,kBAAkB,CAAC,aAAa,CAAC;IAChF,8BAA8B,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACtD,CAAC,CAAC;AAEH,MAAM,iCAAiC,GAAG,CAAC,CAAC,MAAM,CAAC;IACjD,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACvC,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACtC,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CACzC,CAAC,CAAC;AAEH,uBAAuB;AAEvB,MAAM,CAAC,MAAM,uBAAuB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC9C,sBAAsB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,CAAC,QAAQ,EAAE;IACvE,eAAe,EAAE,iCAAiC,CAAC,QAAQ,EAAE;IAC7D,iBAAiB,EAAE,iCAAiC,CAAC,QAAQ,EAAE;CAChE,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,4BAA4B,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,uBAAuB,CAAC,CAAC;AAE1F,
|
|
1
|
+
{"version":3,"file":"schema.js","sourceRoot":"","sources":["../../../../../src/libs/audit-engine/registry/shape/schema.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,CAAC;AAEpB,MAAM,SAAS,GAAG,2CAA2C,CAAC;AAE9D;;GAEG;AACH,MAAM,CAAN,IAAY,mBAaX;AAbD,WAAY,mBAAmB;IAC7B,+EAA+E;IAC/E,0CAAmB,CAAA;IACnB,6DAA6D;IAC7D,4CAAqB,CAAA;IACrB,sEAAsE;IACtE,oCAAa,CAAA;IACb,yDAAyD;IACzD,wCAAiB,CAAA;IACjB,qEAAqE;IACrE,kCAAW,CAAA;IACX,kFAAkF;IAClF,0CAAmB,CAAA;AACrB,CAAC,EAbW,mBAAmB,KAAnB,mBAAmB,QAa9B;AAED;;;GAGG;AACH,MAAM,CAAN,IAAY,kBAWX;AAXD,WAAY,kBAAkB;IAC5B,0CAA0C;IAC1C,6CAAuB,CAAA;IACvB,sCAAsC;IACtC,qCAAe,CAAA;IACf,wCAAwC;IACxC,+CAAyB,CAAA;IACzB,oCAAoC;IACpC,qDAA+B,CAAA;IAC/B,qCAAqC;IACrC,yCAAmB,CAAA;AACrB,CAAC,EAXW,kBAAkB,KAAlB,kBAAkB,QAW7B;AAED,MAAM,kBAAkB,GAAG,CAAC,CAAC,MAAM,CAAC;IAClC,eAAe;IACf,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,4DAA4D;IAC5D,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,yCAAyC;IACzC,cAAc,EAAE,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC;CAC5C,CAAC,CAAC;AAEH,MAAM,yBAAyB,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,kBAAkB,CAAC,CAAC;AAE3E,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IACnC,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;CACtD,CAAC,CAAC;AAEH,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,sBAAsB,CAAC,CAAC;AAEnE,MAAM,aAAa,GAAG,CAAC,CAAC,YAAY,CAAC;IACnC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;CACjB,CAAC,CAAC;AAEH,MAAM,aAAa,GAAG,aAAa,CAAC,MAAM,CAAC;IACzC,eAAe,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE;CACtH,CAAC,CAAC;AAEH,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AAElD,MAAM,kBAAkB,GAAG,CAAC,CAAC,YAAY,CAAC;IACxC,0BAA0B,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,kBAAkB,CAAC,aAAa,CAAC;IAChF,8BAA8B,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACtD,CAAC,CAAC;AAEH,MAAM,iCAAiC,GAAG,CAAC,CAAC,MAAM,CAAC;IACjD,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACvC,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACtC,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CACzC,CAAC,CAAC;AAEH,uBAAuB;AAEvB,MAAM,CAAC,MAAM,uBAAuB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC9C,sBAAsB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,CAAC,QAAQ,EAAE;IACvE,eAAe,EAAE,iCAAiC,CAAC,QAAQ,EAAE;IAC7D,iBAAiB,EAAE,iCAAiC,CAAC,QAAQ,EAAE;CAChE,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC,MAAM,CAC/C,CAAC,CAAC,MAAM,EAAE,EACV,CAAC,CAAC,MAAM,CAAC;IACP,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACjC,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACnC,SAAS,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACjC,WAAW,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACnC,aAAa,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CACtC,CAAC,CACH,CAAC;AAEF,MAAM,CAAC,MAAM,4BAA4B,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,uBAAuB,CAAC,CAAC;AAE1F,MAAM,CAAC,MAAM,6BAA6B,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,yBAAyB,CAAC,CAAC;AAE7F,MAAM,CAAC,MAAM,4BAA4B,GAAG,CAAC,CAAC,MAAM,CAAC;IACnD,MAAM,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC9B,WAAW,EAAE,uBAAuB,CAAC,QAAQ,EAAE;IAC/C,YAAY,EAAE,yBAAyB,CAAC,QAAQ,EAAE;CACnD,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC,MAAM,CAC/C,CAAC,CAAC,MAAM,EAAE,EACV,CAAC;KACE,MAAM,CAAC;IACN,MAAM,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAC9B,WAAW,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,uBAAuB,CAAC,CAAC,CAAC,QAAQ,EAAE;IAC7E,YAAY,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,yBAAyB,CAAC,CAAC,CAAC,QAAQ,EAAE;CACjF,CAAC;KACD,MAAM,EAAE,CACZ,CAAC;AAEF,+BAA+B;AAE/B,MAAM,CAAC,MAAM,mCAAmC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,kBAAkB,CAAC,CAAC;AAE5F,MAAM,CAAC,MAAM,gCAAgC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,aAAa,CAAC,CAAC;AAEpF,MAAM,CAAC,MAAM,sCAAsC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,aAAa,CAAC,CAAC;AAE1F,MAAM,CAAC,MAAM,4BAA4B,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,UAAU,CAAC,CAAC;AAE7E,uBAAuB;AAEvB,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAClC,KAAK,EAAE,aAAa,CAAC,OAAO,CAAC,EAAE,CAAC;IAChC,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;CACtD,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,oBAAoB,GAAG,gBAAgB,CAAC,MAAM,CAAC;IAC1D,OAAO,EAAE,kBAAkB;CAC5B,CAAC,CAAC;AAUH,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;AAE3D;;;GAGG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAA+B,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CACzE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,iBAAiB,EAAE,mBAAmB,CAAC,CAAC,CAAC,CACxE,CAAC;AAwBF,kBAAkB;AAElB,MAAM,UAAU,mBAAmB,CAAC,YAAqB;IACvD,MAAM,WAAW,GAAG,uBAAuB,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;IACpE,OAAO,YAAY,KAAK,SAAS,IAAI,WAAW,CAAC,OAAO,KAAK,IAAI,CAAC;AACpE,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,cAAuB;IAC3D,MAAM,WAAW,GAAG,yBAAyB,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC;IACxE,OAAO,cAAc,KAAK,SAAS,IAAI,WAAW,CAAC,OAAO,KAAK,IAAI,CAAC;AACtE,CAAC"}
|
|
@@ -8,13 +8,14 @@ const NamedTypesRegistry = {
|
|
|
8
8
|
retrieveType: 'PermissionSet',
|
|
9
9
|
rootNodeName: 'PermissionSet',
|
|
10
10
|
parser: new XMLParser({
|
|
11
|
-
isArray: (jpath) => ['userPermissions', 'fieldPermissions', 'customPermissions', 'classAccesses'].includes(jpath),
|
|
11
|
+
isArray: (jpath) => ['userPermissions', 'fieldPermissions', 'customPermissions', 'classAccesses', 'objectPermissions'].includes(jpath),
|
|
12
12
|
}),
|
|
13
13
|
parsePostProcessor: (parseResult) => ({
|
|
14
14
|
...parseResult,
|
|
15
15
|
userPermissions: parseResult.userPermissions ?? [],
|
|
16
16
|
customPermissions: parseResult.customPermissions ?? [],
|
|
17
17
|
classAccesses: parseResult.classAccesses ?? [],
|
|
18
|
+
objectPermissions: parseResult.objectPermissions ?? [],
|
|
18
19
|
}),
|
|
19
20
|
}),
|
|
20
21
|
Profile: new NamedMetadataQueryable({
|
|
@@ -25,6 +26,7 @@ const NamedTypesRegistry = {
|
|
|
25
26
|
userPermissions: parseResult.userPermissions ?? [],
|
|
26
27
|
customPermissions: parseResult.customPermissions ?? [],
|
|
27
28
|
classAccesses: parseResult.classAccesses ?? [],
|
|
29
|
+
objectPermissions: parseResult.objectPermissions ?? [],
|
|
28
30
|
}),
|
|
29
31
|
}),
|
|
30
32
|
Settings: new GenericSettingsMetadata(),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"metadataRegistry.js","sourceRoot":"","sources":["../../../src/salesforce/mdapi/metadataRegistry.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAM5C,OAAO,aAAa,MAAM,wBAAwB,CAAC;AACnD,OAAO,iBAAiB,MAAM,4BAA4B,CAAC;AAC3D,OAAO,sBAAsB,MAAM,oCAAoC,CAAC;AACxE,OAAO,uBAAuB,MAAM,8BAA8B,CAAC;AAEnE,MAAM,kBAAkB,GAAG;IACzB,aAAa,EAAE,IAAI,aAAa,CAAoC;QAClE,YAAY,EAAE,eAAe;QAC7B,YAAY,EAAE,eAAe;QAC7B,MAAM,EAAE,IAAI,SAAS,CAAC;YACpB,OAAO,EAAE,CAAC,KAAK,EAAW,EAAE,CAC1B,CAAC,iBAAiB,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,eAAe,CAAC,CAAC,QAAQ,
|
|
1
|
+
{"version":3,"file":"metadataRegistry.js","sourceRoot":"","sources":["../../../src/salesforce/mdapi/metadataRegistry.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAM5C,OAAO,aAAa,MAAM,wBAAwB,CAAC;AACnD,OAAO,iBAAiB,MAAM,4BAA4B,CAAC;AAC3D,OAAO,sBAAsB,MAAM,oCAAoC,CAAC;AACxE,OAAO,uBAAuB,MAAM,8BAA8B,CAAC;AAEnE,MAAM,kBAAkB,GAAG;IACzB,aAAa,EAAE,IAAI,aAAa,CAAoC;QAClE,YAAY,EAAE,eAAe;QAC7B,YAAY,EAAE,eAAe;QAC7B,MAAM,EAAE,IAAI,SAAS,CAAC;YACpB,OAAO,EAAE,CAAC,KAAK,EAAW,EAAE,CAC1B,CAAC,iBAAiB,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,eAAe,EAAE,mBAAmB,CAAC,CAAC,QAAQ,CACzG,KAAK,CACN;SACJ,CAAC;QACF,kBAAkB,EAAE,CAAC,WAAW,EAAiB,EAAE,CAAC,CAAC;YACnD,GAAG,WAAW;YACd,eAAe,EAAE,WAAW,CAAC,eAAe,IAAI,EAAE;YAClD,iBAAiB,EAAE,WAAW,CAAC,iBAAiB,IAAI,EAAE;YACtD,aAAa,EAAE,WAAW,CAAC,aAAa,IAAI,EAAE;YAC9C,iBAAiB,EAAE,WAAW,CAAC,iBAAiB,IAAI,EAAE;SACvD,CAAC;KACH,CAAC;IACF,OAAO,EAAE,IAAI,sBAAsB,CAAwB;QACzD,UAAU,EAAE,SAAS;QACrB,SAAS,EAAE,MAAM;QACjB,kBAAkB,EAAE,CAAC,WAAW,EAAmB,EAAE,CAAC,CAAC;YACrD,GAAG,WAAW;YACd,eAAe,EAAE,WAAW,CAAC,eAAe,IAAI,EAAE;YAClD,iBAAiB,EAAE,WAAW,CAAC,iBAAiB,IAAI,EAAE;YACtD,aAAa,EAAE,WAAW,CAAC,aAAa,IAAI,EAAE;YAC9C,iBAAiB,EAAE,WAAW,CAAC,iBAAiB,IAAI,EAAE;SACvD,CAAC;KACH,CAAC;IACF,QAAQ,EAAE,IAAI,uBAAuB,EAAE;CACxC,CAAC;AAEF,MAAM,iBAAiB,GAAG;IACxB,oBAAoB,EAAE,IAAI,iBAAiB,CAAkD;QAC3F,YAAY,EAAE,sBAAsB;QACpC,YAAY,EAAE,cAAc;QAC5B,YAAY,EAAE,UAAU;KACzB,CAAC;CACH,CAAC;AAgBF,MAAM,CAAC,MAAM,QAAQ,GAAG;IACtB,UAAU,EAAE,kBAAkB;IAC9B,cAAc,EAAE,iBAAiB;CAClC,CAAC"}
|