@kalisio/kdk 1.3.5 → 1.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (535) hide show
  1. package/.nyc_output/2c5b7c8e-81db-4d2c-a7a4-02dc640d301f.json +1 -0
  2. package/.nyc_output/{0b8aa700-8daa-49ce-85e7-a8f8965d55f0.json → 2e74ca23-8cf0-4161-9536-f71c2a1a74bb.json} +0 -0
  3. package/.nyc_output/{20df4355-911a-4b16-a8ab-d3392e9f0a7f.json → 81d21e46-766a-46bc-b1b7-143ca577347a.json} +0 -0
  4. package/.nyc_output/a762cb58-70dc-4d39-ab69-928635affa98.json +1 -0
  5. package/.nyc_output/{257af0bb-96c3-465a-b5ef-a1df60078d5f.json → aaf3ebbb-f895-4d7b-9255-bc5dee832570.json} +0 -0
  6. package/.nyc_output/{284aebfa-23fd-425f-9d72-e4b8904dc224.json → dbeb2602-0ac2-4e66-978b-0d29548359ca.json} +0 -0
  7. package/.nyc_output/{5cbee06e-be6e-468a-bd78-4793ee785fe4.json → e47d1e4c-2fff-4dcb-908f-d3081162547c.json} +0 -0
  8. package/.nyc_output/processinfo/{2bece194-92f7-4971-a688-10604044a7fa.json → 2c5b7c8e-81db-4d2c-a7a4-02dc640d301f.json} +1 -1
  9. package/.nyc_output/processinfo/2e74ca23-8cf0-4161-9536-f71c2a1a74bb.json +1 -0
  10. package/.nyc_output/processinfo/81d21e46-766a-46bc-b1b7-143ca577347a.json +1 -0
  11. package/.nyc_output/processinfo/a762cb58-70dc-4d39-ab69-928635affa98.json +1 -0
  12. package/.nyc_output/processinfo/aaf3ebbb-f895-4d7b-9255-bc5dee832570.json +1 -0
  13. package/.nyc_output/processinfo/dbeb2602-0ac2-4e66-978b-0d29548359ca.json +1 -0
  14. package/.nyc_output/processinfo/e47d1e4c-2fff-4dcb-908f-d3081162547c.json +1 -0
  15. package/.nyc_output/processinfo/index.json +1 -1
  16. package/CHANGELOG.md +189 -67
  17. package/README.md +1 -1
  18. package/coverage/core/api/application.js.html +145 -145
  19. package/coverage/core/api/authentication.js.html +37 -37
  20. package/coverage/core/api/db.js.html +74 -74
  21. package/coverage/core/api/hooks/hooks.account.js.html +15 -15
  22. package/coverage/core/api/hooks/hooks.authentication.js.html +16 -16
  23. package/coverage/core/api/hooks/hooks.authorisations.js.html +112 -121
  24. package/coverage/core/api/hooks/hooks.devices.js.html +5 -5
  25. package/coverage/core/api/hooks/hooks.groups.js.html +3 -3
  26. package/coverage/core/api/hooks/hooks.logger.js.html +7 -7
  27. package/coverage/core/api/hooks/hooks.model.js.html +149 -149
  28. package/coverage/core/api/hooks/hooks.organisations.js.html +13 -61
  29. package/coverage/core/api/hooks/hooks.pusher.js.html +7 -7
  30. package/coverage/core/api/hooks/hooks.query.js.html +68 -32
  31. package/coverage/core/api/hooks/hooks.service.js.html +15 -15
  32. package/coverage/core/api/hooks/hooks.storage.js.html +5 -5
  33. package/coverage/core/api/hooks/hooks.tags.js.html +7 -7
  34. package/coverage/core/api/hooks/hooks.users.js.html +111 -63
  35. package/coverage/core/api/hooks/index.html +72 -72
  36. package/coverage/core/api/hooks/index.js.html +15 -15
  37. package/coverage/core/api/index.html +35 -35
  38. package/coverage/core/api/index.js.html +13 -13
  39. package/coverage/core/api/marshall.js.html +81 -81
  40. package/coverage/core/api/models/groups.model.mongodb.js.html +1 -1
  41. package/coverage/core/api/models/index.html +1 -1
  42. package/coverage/core/api/models/organisations.model.mongodb.js.html +1 -1
  43. package/coverage/core/api/models/tags.model.mongodb.js.html +1 -1
  44. package/coverage/core/api/models/users.model.mongodb.js.html +7 -7
  45. package/coverage/core/api/oauth2-handler.js.html +3 -3
  46. package/coverage/core/api/oauth2-verifier.js.html +5 -5
  47. package/coverage/core/api/services/account/account.hooks.js.html +1 -1
  48. package/coverage/core/api/services/account/account.service.js.html +34 -34
  49. package/coverage/core/api/services/account/index.html +17 -17
  50. package/coverage/core/api/services/authorisations/authorisations.hooks.js.html +3 -3
  51. package/coverage/core/api/services/authorisations/authorisations.service.js.html +40 -37
  52. package/coverage/core/api/services/authorisations/index.html +17 -17
  53. package/coverage/core/api/services/databases/databases.hooks.js.html +1 -1
  54. package/coverage/core/api/services/databases/databases.service.js.html +1 -1
  55. package/coverage/core/api/services/databases/index.html +1 -1
  56. package/coverage/core/api/services/devices/devices.hooks.js.html +1 -1
  57. package/coverage/core/api/services/devices/devices.service.js.html +1 -1
  58. package/coverage/core/api/services/devices/index.html +1 -1
  59. package/coverage/core/api/services/groups/groups.hooks.js.html +1 -1
  60. package/coverage/core/api/services/groups/index.html +1 -1
  61. package/coverage/core/api/services/index.html +5 -5
  62. package/coverage/core/api/services/index.js.html +40 -40
  63. package/coverage/core/api/services/mailer/index.html +1 -1
  64. package/coverage/core/api/services/mailer/mailer.hooks.js.html +1 -1
  65. package/coverage/core/api/services/mailer/mailer.service.js.html +1 -1
  66. package/coverage/core/api/services/organisations/index.html +1 -1
  67. package/coverage/core/api/services/organisations/organisations.hooks.js.html +1 -1
  68. package/coverage/core/api/services/organisations/organisations.service.js.html +1 -1
  69. package/coverage/core/api/services/pusher/index.html +1 -1
  70. package/coverage/core/api/services/pusher/pusher.channels.js.html +1 -1
  71. package/coverage/core/api/services/pusher/pusher.hooks.js.html +1 -1
  72. package/coverage/core/api/services/pusher/pusher.service.js.html +1 -1
  73. package/coverage/core/api/services/storage/index.html +1 -1
  74. package/coverage/core/api/services/storage/storage.hooks.js.html +4 -4
  75. package/coverage/core/api/services/tags/index.html +1 -1
  76. package/coverage/core/api/services/tags/tags.hooks.js.html +1 -1
  77. package/coverage/core/api/services/users/index.html +1 -1
  78. package/coverage/core/api/services/users/users.hooks.js.html +12 -12
  79. package/coverage/core/common/index.html +32 -32
  80. package/coverage/core/common/index.js.html +27 -27
  81. package/coverage/core/common/permissions.js.html +135 -75
  82. package/coverage/index.html +157 -157
  83. package/coverage/lcov-report/core/api/application.js.html +145 -145
  84. package/coverage/lcov-report/core/api/authentication.js.html +37 -37
  85. package/coverage/lcov-report/core/api/db.js.html +74 -74
  86. package/coverage/lcov-report/core/api/hooks/hooks.account.js.html +15 -15
  87. package/coverage/lcov-report/core/api/hooks/hooks.authentication.js.html +16 -16
  88. package/coverage/lcov-report/core/api/hooks/hooks.authorisations.js.html +112 -121
  89. package/coverage/lcov-report/core/api/hooks/hooks.devices.js.html +5 -5
  90. package/coverage/lcov-report/core/api/hooks/hooks.groups.js.html +3 -3
  91. package/coverage/lcov-report/core/api/hooks/hooks.logger.js.html +7 -7
  92. package/coverage/lcov-report/core/api/hooks/hooks.model.js.html +149 -149
  93. package/coverage/lcov-report/core/api/hooks/hooks.organisations.js.html +13 -61
  94. package/coverage/lcov-report/core/api/hooks/hooks.pusher.js.html +7 -7
  95. package/coverage/lcov-report/core/api/hooks/hooks.query.js.html +68 -32
  96. package/coverage/lcov-report/core/api/hooks/hooks.service.js.html +15 -15
  97. package/coverage/lcov-report/core/api/hooks/hooks.storage.js.html +5 -5
  98. package/coverage/lcov-report/core/api/hooks/hooks.tags.js.html +7 -7
  99. package/coverage/lcov-report/core/api/hooks/hooks.users.js.html +111 -63
  100. package/coverage/lcov-report/core/api/hooks/index.html +72 -72
  101. package/coverage/lcov-report/core/api/hooks/index.js.html +15 -15
  102. package/coverage/lcov-report/core/api/index.html +35 -35
  103. package/coverage/lcov-report/core/api/index.js.html +13 -13
  104. package/coverage/lcov-report/core/api/marshall.js.html +81 -81
  105. package/coverage/lcov-report/core/api/models/groups.model.mongodb.js.html +1 -1
  106. package/coverage/lcov-report/core/api/models/index.html +1 -1
  107. package/coverage/lcov-report/core/api/models/organisations.model.mongodb.js.html +1 -1
  108. package/coverage/lcov-report/core/api/models/tags.model.mongodb.js.html +1 -1
  109. package/coverage/lcov-report/core/api/models/users.model.mongodb.js.html +7 -7
  110. package/coverage/lcov-report/core/api/oauth2-handler.js.html +3 -3
  111. package/coverage/lcov-report/core/api/oauth2-verifier.js.html +5 -5
  112. package/coverage/lcov-report/core/api/services/account/account.hooks.js.html +1 -1
  113. package/coverage/lcov-report/core/api/services/account/account.service.js.html +34 -34
  114. package/coverage/lcov-report/core/api/services/account/index.html +17 -17
  115. package/coverage/lcov-report/core/api/services/authorisations/authorisations.hooks.js.html +3 -3
  116. package/coverage/lcov-report/core/api/services/authorisations/authorisations.service.js.html +40 -37
  117. package/coverage/lcov-report/core/api/services/authorisations/index.html +17 -17
  118. package/coverage/lcov-report/core/api/services/databases/databases.hooks.js.html +1 -1
  119. package/coverage/lcov-report/core/api/services/databases/databases.service.js.html +1 -1
  120. package/coverage/lcov-report/core/api/services/databases/index.html +1 -1
  121. package/coverage/lcov-report/core/api/services/devices/devices.hooks.js.html +1 -1
  122. package/coverage/lcov-report/core/api/services/devices/devices.service.js.html +1 -1
  123. package/coverage/lcov-report/core/api/services/devices/index.html +1 -1
  124. package/coverage/lcov-report/core/api/services/groups/groups.hooks.js.html +1 -1
  125. package/coverage/lcov-report/core/api/services/groups/index.html +1 -1
  126. package/coverage/lcov-report/core/api/services/index.html +5 -5
  127. package/coverage/lcov-report/core/api/services/index.js.html +40 -40
  128. package/coverage/lcov-report/core/api/services/mailer/index.html +1 -1
  129. package/coverage/lcov-report/core/api/services/mailer/mailer.hooks.js.html +1 -1
  130. package/coverage/lcov-report/core/api/services/mailer/mailer.service.js.html +1 -1
  131. package/coverage/lcov-report/core/api/services/organisations/index.html +1 -1
  132. package/coverage/lcov-report/core/api/services/organisations/organisations.hooks.js.html +1 -1
  133. package/coverage/lcov-report/core/api/services/organisations/organisations.service.js.html +1 -1
  134. package/coverage/lcov-report/core/api/services/pusher/index.html +1 -1
  135. package/coverage/lcov-report/core/api/services/pusher/pusher.channels.js.html +1 -1
  136. package/coverage/lcov-report/core/api/services/pusher/pusher.hooks.js.html +1 -1
  137. package/coverage/lcov-report/core/api/services/pusher/pusher.service.js.html +1 -1
  138. package/coverage/lcov-report/core/api/services/storage/index.html +1 -1
  139. package/coverage/lcov-report/core/api/services/storage/storage.hooks.js.html +4 -4
  140. package/coverage/lcov-report/core/api/services/tags/index.html +1 -1
  141. package/coverage/lcov-report/core/api/services/tags/tags.hooks.js.html +1 -1
  142. package/coverage/lcov-report/core/api/services/users/index.html +1 -1
  143. package/coverage/lcov-report/core/api/services/users/users.hooks.js.html +12 -12
  144. package/coverage/lcov-report/core/common/index.html +32 -32
  145. package/coverage/lcov-report/core/common/index.js.html +27 -27
  146. package/coverage/lcov-report/core/common/permissions.js.html +135 -75
  147. package/coverage/lcov-report/index.html +157 -157
  148. package/coverage/lcov-report/map/api/hooks/hooks.catalog.js.html +55 -55
  149. package/coverage/lcov-report/map/api/hooks/hooks.query.js.html +337 -274
  150. package/coverage/lcov-report/map/api/hooks/index.html +43 -43
  151. package/coverage/lcov-report/map/api/hooks/index.js.html +12 -12
  152. package/coverage/lcov-report/map/api/index.html +31 -31
  153. package/coverage/lcov-report/map/api/index.js.html +24 -24
  154. package/coverage/lcov-report/map/api/marshall.js.html +39 -39
  155. package/coverage/lcov-report/map/api/models/alerts.model.mongodb.js.html +20 -20
  156. package/coverage/lcov-report/map/api/models/catalog.model.mongodb.js.html +22 -22
  157. package/coverage/lcov-report/map/api/models/features.model.mongodb.js.html +24 -24
  158. package/coverage/lcov-report/map/api/models/index.html +43 -43
  159. package/coverage/lcov-report/map/api/services/alerts/alerts.hooks.js.html +21 -21
  160. package/coverage/lcov-report/map/api/services/alerts/alerts.service.js.html +156 -156
  161. package/coverage/lcov-report/map/api/services/alerts/index.html +30 -30
  162. package/coverage/lcov-report/map/api/services/catalog/catalog.hooks.js.html +19 -19
  163. package/coverage/lcov-report/map/api/services/catalog/index.html +17 -17
  164. package/coverage/lcov-report/map/api/services/daptiles/daptiles.service.js.html +1 -1
  165. package/coverage/lcov-report/map/api/services/daptiles/index.html +1 -1
  166. package/coverage/lcov-report/map/api/services/features/features.hooks.js.html +20 -20
  167. package/coverage/lcov-report/map/api/services/features/index.html +21 -21
  168. package/coverage/lcov-report/map/api/services/geocoder/geocoder.hooks.js.html +8 -8
  169. package/coverage/lcov-report/map/api/services/geocoder/geocoder.service.js.html +99 -99
  170. package/coverage/lcov-report/map/api/services/geocoder/index.html +28 -28
  171. package/coverage/lcov-report/map/api/services/index.html +21 -21
  172. package/coverage/lcov-report/map/api/services/index.js.html +71 -71
  173. package/coverage/lcov-report/map/common/dynamic-grid-source.js.html +68 -68
  174. package/coverage/lcov-report/map/common/errors.js.html +9 -9
  175. package/coverage/lcov-report/map/common/geotiff-grid-source.js.html +120 -120
  176. package/coverage/lcov-report/map/common/grid.js.html +268 -268
  177. package/coverage/lcov-report/map/common/index.html +149 -149
  178. package/coverage/lcov-report/map/common/index.js.html +31 -31
  179. package/coverage/lcov-report/map/common/meteo-model-grid-source.js.html +71 -71
  180. package/coverage/lcov-report/map/common/moment-utils.js.html +14 -14
  181. package/coverage/lcov-report/map/common/opendap-grid-source.js.html +280 -280
  182. package/coverage/lcov-report/map/common/opendap-utils.js.html +220 -220
  183. package/coverage/lcov-report/map/common/permissions.js.html +21 -21
  184. package/coverage/lcov-report/map/common/time-based-grid-source.js.html +51 -51
  185. package/coverage/lcov-report/map/common/tms-utils.js.html +1 -1
  186. package/coverage/lcov-report/map/common/wcs-grid-source.js.html +99 -99
  187. package/coverage/lcov-report/map/common/wcs-utils.js.html +66 -66
  188. package/coverage/lcov-report/map/common/weacast-grid-source.js.html +196 -196
  189. package/coverage/lcov-report/map/common/wfs-utils.js.html +8 -5
  190. package/coverage/lcov-report/map/common/wms-utils.js.html +1 -1
  191. package/coverage/lcov-report/map/common/wmts-utils.js.html +71 -11
  192. package/coverage/lcov.info +3588 -3659
  193. package/coverage/map/api/hooks/hooks.catalog.js.html +55 -55
  194. package/coverage/map/api/hooks/hooks.query.js.html +337 -274
  195. package/coverage/map/api/hooks/index.html +43 -43
  196. package/coverage/map/api/hooks/index.js.html +12 -12
  197. package/coverage/map/api/index.html +31 -31
  198. package/coverage/map/api/index.js.html +24 -24
  199. package/coverage/map/api/marshall.js.html +39 -39
  200. package/coverage/map/api/models/alerts.model.mongodb.js.html +20 -20
  201. package/coverage/map/api/models/catalog.model.mongodb.js.html +22 -22
  202. package/coverage/map/api/models/features.model.mongodb.js.html +24 -24
  203. package/coverage/map/api/models/index.html +43 -43
  204. package/coverage/map/api/services/alerts/alerts.hooks.js.html +21 -21
  205. package/coverage/map/api/services/alerts/alerts.service.js.html +156 -156
  206. package/coverage/map/api/services/alerts/index.html +30 -30
  207. package/coverage/map/api/services/catalog/catalog.hooks.js.html +19 -19
  208. package/coverage/map/api/services/catalog/index.html +17 -17
  209. package/coverage/map/api/services/daptiles/daptiles.service.js.html +1 -1
  210. package/coverage/map/api/services/daptiles/index.html +1 -1
  211. package/coverage/map/api/services/features/features.hooks.js.html +20 -20
  212. package/coverage/map/api/services/features/index.html +21 -21
  213. package/coverage/map/api/services/geocoder/geocoder.hooks.js.html +8 -8
  214. package/coverage/map/api/services/geocoder/geocoder.service.js.html +99 -99
  215. package/coverage/map/api/services/geocoder/index.html +28 -28
  216. package/coverage/map/api/services/index.html +21 -21
  217. package/coverage/map/api/services/index.js.html +71 -71
  218. package/coverage/map/common/dynamic-grid-source.js.html +68 -68
  219. package/coverage/map/common/errors.js.html +9 -9
  220. package/coverage/map/common/geotiff-grid-source.js.html +120 -120
  221. package/coverage/map/common/grid.js.html +268 -268
  222. package/coverage/map/common/index.html +149 -149
  223. package/coverage/map/common/index.js.html +31 -31
  224. package/coverage/map/common/meteo-model-grid-source.js.html +71 -71
  225. package/coverage/map/common/moment-utils.js.html +14 -14
  226. package/coverage/map/common/opendap-grid-source.js.html +280 -280
  227. package/coverage/map/common/opendap-utils.js.html +220 -220
  228. package/coverage/map/common/permissions.js.html +21 -21
  229. package/coverage/map/common/time-based-grid-source.js.html +51 -51
  230. package/coverage/map/common/tms-utils.js.html +1 -1
  231. package/coverage/map/common/wcs-grid-source.js.html +99 -99
  232. package/coverage/map/common/wcs-utils.js.html +66 -66
  233. package/coverage/map/common/weacast-grid-source.js.html +196 -196
  234. package/coverage/map/common/wfs-utils.js.html +8 -5
  235. package/coverage/map/common/wms-utils.js.html +1 -1
  236. package/coverage/map/common/wmts-utils.js.html +71 -11
  237. package/extras/icons/kanban.png +0 -0
  238. package/extras/testcafe/page-models/map/catalog.js +2 -2
  239. package/extras/tours/core/add-member.js +10 -1
  240. package/extras/tours/core/{tag-member.js → edit-member-tags.js} +4 -3
  241. package/extras/tours/core/groups.js +8 -2
  242. package/extras/tours/core/members.js +11 -21
  243. package/extras/tours/core/tags.js +7 -1
  244. package/extras/tours/map/catalog-categories.js +4 -4
  245. package/extras/tours/map/catalog-panel.js +16 -16
  246. package/extras/tours/map/favorite-views.js +3 -3
  247. package/lib/core/api/hooks/hooks.authorisations.js +149 -140
  248. package/lib/core/api/hooks/hooks.authorisations.js.map +1 -1
  249. package/lib/core/api/hooks/hooks.organisations.js +1 -23
  250. package/lib/core/api/hooks/hooks.organisations.js.map +1 -1
  251. package/lib/core/api/hooks/hooks.query.js +22 -0
  252. package/lib/core/api/hooks/hooks.query.js.map +1 -1
  253. package/lib/core/api/hooks/hooks.users.js +34 -18
  254. package/lib/core/api/hooks/hooks.users.js.map +1 -1
  255. package/lib/core/api/services/authorisations/authorisations.service.js +34 -25
  256. package/lib/core/api/services/authorisations/authorisations.service.js.map +1 -1
  257. package/lib/core/client/api.js +1 -0
  258. package/lib/core/client/api.js.map +1 -1
  259. package/lib/core/client/components/account/KAccountDZ.vue +3 -4
  260. package/lib/core/client/components/account/KAccountDevices.vue +5 -6
  261. package/lib/core/client/components/account/KDeviceCard.vue +2 -1
  262. package/lib/core/client/components/account/KIdentityPanel.vue +1 -7
  263. package/lib/core/client/components/collection/KBoard.vue +26 -155
  264. package/lib/core/client/components/collection/KCard.vue +144 -42
  265. package/lib/core/client/components/collection/KCardSection.vue +52 -0
  266. package/lib/core/client/components/collection/KColumn.vue +181 -0
  267. package/lib/core/client/components/collection/KGrid.vue +13 -18
  268. package/lib/core/client/components/collection/KHistory.vue +61 -89
  269. package/lib/core/client/components/collection/KHistoryEntry.vue +90 -66
  270. package/lib/core/client/components/collection/KItem.vue +21 -2
  271. package/lib/core/client/components/collection/KList.vue +9 -12
  272. package/lib/core/client/components/collection/KTable.vue +33 -39
  273. package/lib/core/client/components/collection/index.js +6 -1
  274. package/lib/core/client/components/collection/index.js.map +1 -1
  275. package/lib/core/client/components/editor/KEditor.vue +0 -6
  276. package/lib/core/client/components/editor/KModalEditor.vue +4 -4
  277. package/lib/core/client/components/editor/KSettingsEditor.vue +49 -0
  278. package/lib/core/client/components/form/KAttachmentField.vue +10 -10
  279. package/lib/core/client/components/form/KChipsField.vue +28 -23
  280. package/lib/core/client/components/form/KColorField.vue +30 -25
  281. package/lib/core/client/components/form/KForm.vue +0 -12
  282. package/lib/core/client/components/form/KIconField.vue +1 -0
  283. package/lib/core/client/components/form/KItemField.vue +8 -4
  284. package/lib/core/client/components/form/KRoleField.vue +56 -0
  285. package/lib/core/client/components/form/KSelectField.vue +16 -1
  286. package/lib/core/client/components/form/KView.vue +5 -14
  287. package/lib/core/client/components/frame/KAction.vue +18 -12
  288. package/lib/core/client/components/frame/KAvatar.vue +3 -3
  289. package/lib/core/client/components/frame/KChart.vue +60 -0
  290. package/lib/core/client/components/frame/KChipsPane.vue +80 -0
  291. package/lib/core/client/components/frame/KContent.vue +1 -1
  292. package/lib/core/client/components/frame/KModal.vue +30 -44
  293. package/lib/core/client/components/frame/KPanel.vue +1 -1
  294. package/lib/core/client/components/frame/{KMenu.vue → KPopupAction.vue} +6 -7
  295. package/lib/core/client/components/frame/KSpot.vue +31 -0
  296. package/lib/core/client/components/frame/KStamp.vue +62 -0
  297. package/lib/core/client/components/frame/index.js +56 -1
  298. package/lib/core/client/components/frame/index.js.map +1 -1
  299. package/lib/core/client/components/input/KColorChooser.vue +16 -8
  300. package/lib/core/client/components/input/KIconChooser.vue +2 -1
  301. package/lib/core/client/components/input/KUploader.vue +14 -5
  302. package/lib/core/client/components/layout/KAbout.vue +9 -3
  303. package/lib/core/client/components/layout/KFab.vue +1 -1
  304. package/lib/core/client/components/layout/KPage.vue +44 -19
  305. package/lib/core/client/components/layout/KTour.vue +2 -2
  306. package/lib/core/client/components/layout/KWelcome.vue +13 -12
  307. package/lib/core/client/components/layout/KWindow.vue +1 -1
  308. package/lib/core/client/components/media/KImageViewer.vue +9 -7
  309. package/lib/core/client/components/media/KMediaBrowser.vue +12 -8
  310. package/lib/core/client/components/menu/KMenu.vue +103 -0
  311. package/lib/core/client/components/team/KAddMember.vue +17 -9
  312. package/lib/core/client/components/team/KChangeRole.vue +5 -7
  313. package/lib/core/client/components/team/KGroupCard.vue +34 -51
  314. package/lib/core/client/components/team/KGroupsActivity.vue +9 -2
  315. package/lib/core/client/components/team/KJoinGroup.vue +5 -7
  316. package/lib/core/client/components/team/KMemberCard.vue +104 -63
  317. package/lib/core/client/components/team/KMembersActivity.vue +9 -2
  318. package/lib/core/client/components/team/KOrganisationsActivity.vue +8 -1
  319. package/lib/core/client/components/team/KTagCard.vue +26 -26
  320. package/lib/core/client/components/team/KTagsActivity.vue +9 -2
  321. package/lib/core/client/components/time/KTimeRange.vue +144 -0
  322. package/lib/core/client/components/viewer/KModalViewer.vue +6 -0
  323. package/lib/core/client/components/viewer/KViewer.vue +0 -6
  324. package/lib/core/client/i18n/core_en.json +133 -93
  325. package/lib/core/client/i18n/core_fr.json +56 -16
  326. package/lib/core/client/index.js +28 -14
  327. package/lib/core/client/index.js.map +1 -1
  328. package/lib/core/client/mixins/mixin.authorisation.js +28 -18
  329. package/lib/core/client/mixins/mixin.authorisation.js.map +1 -1
  330. package/lib/core/client/mixins/mixin.base-collection.js +57 -9
  331. package/lib/core/client/mixins/mixin.base-collection.js.map +1 -1
  332. package/lib/core/client/mixins/mixin.base-context.js +1 -1
  333. package/lib/core/client/mixins/mixin.base-context.js.map +1 -1
  334. package/lib/core/client/mixins/mixin.base-editor.js +26 -16
  335. package/lib/core/client/mixins/mixin.base-editor.js.map +1 -1
  336. package/lib/core/client/mixins/mixin.base-field.js +0 -4
  337. package/lib/core/client/mixins/mixin.base-field.js.map +1 -1
  338. package/lib/core/client/mixins/mixin.base-item.js +29 -14
  339. package/lib/core/client/mixins/mixin.base-item.js.map +1 -1
  340. package/lib/core/client/mixins/mixin.base-viewer.js +0 -2
  341. package/lib/core/client/mixins/mixin.base-viewer.js.map +1 -1
  342. package/lib/core/client/mixins/mixin.object-proxy.js +17 -3
  343. package/lib/core/client/mixins/mixin.object-proxy.js.map +1 -1
  344. package/lib/core/client/mixins/mixin.schema-proxy.js +31 -0
  345. package/lib/core/client/mixins/mixin.schema-proxy.js.map +1 -1
  346. package/lib/core/client/mixins/mixin.service.js +5 -33
  347. package/lib/core/client/mixins/mixin.service.js.map +1 -1
  348. package/lib/core/client/services/index.js +23 -0
  349. package/lib/core/client/services/index.js.map +1 -1
  350. package/lib/core/client/services/local-settings.service.js +4 -0
  351. package/lib/core/client/services/local-settings.service.js.map +1 -1
  352. package/lib/core/client/time.js +131 -0
  353. package/lib/core/client/time.js.map +1 -0
  354. package/lib/core/common/permissions.js +65 -23
  355. package/lib/core/common/permissions.js.map +1 -1
  356. package/lib/core/common/schemas/groups.create.json +1 -1
  357. package/lib/core/common/schemas/groups.update.json +1 -1
  358. package/lib/core/common/schemas/organisations.create.json +1 -1
  359. package/lib/core/common/schemas/organisations.update.json +2 -2
  360. package/lib/core/common/schemas/settings.update.json +139 -0
  361. package/lib/core/common/schemas/tags.update.json +9 -1
  362. package/lib/map/api/hooks/hooks.query.js +48 -27
  363. package/lib/map/api/hooks/hooks.query.js.map +1 -1
  364. package/lib/map/api/services/features/features.hooks.js +1 -1
  365. package/lib/map/api/services/features/features.hooks.js.map +1 -1
  366. package/lib/map/client/components/KColorLegend.vue +25 -23
  367. package/lib/map/client/components/KFavoriteViews.vue +71 -35
  368. package/lib/map/client/components/KFeaturesChart.vue +11 -9
  369. package/lib/map/client/components/KFeaturesFilter.vue +15 -7
  370. package/lib/map/client/components/KFeaturesTable.vue +27 -2
  371. package/lib/map/client/components/KLayerEditionToolbar.vue +43 -0
  372. package/lib/map/client/components/KLayerStyleEditor.vue +10 -4
  373. package/lib/map/client/components/KLayerStyleForm.vue +14 -11
  374. package/lib/map/client/components/KLocationInput.vue +126 -65
  375. package/lib/map/client/components/KLocationMap.vue +199 -84
  376. package/lib/map/client/components/KPositionIndicator.vue +1 -0
  377. package/lib/map/client/components/KTimeline.vue +41 -36
  378. package/lib/map/client/components/KUrlLegend.vue +21 -19
  379. package/lib/map/client/components/catalog/KBaseLayersSelector.vue +105 -0
  380. package/lib/map/client/components/catalog/KCatalog.vue +14 -2
  381. package/lib/map/client/components/catalog/KConnectLayer.vue +31 -11
  382. package/lib/map/client/components/catalog/KCreateLayer.vue +37 -14
  383. package/lib/map/client/components/catalog/KImportLayer.vue +28 -8
  384. package/lib/map/client/components/catalog/KLayerCategories.vue +86 -62
  385. package/lib/map/client/components/catalog/KLayersSelector.vue +42 -42
  386. package/lib/map/client/components/catalog/KWeatherLayersSelector.vue +3 -3
  387. package/lib/map/client/components/form/KLocationField.vue +1 -1
  388. package/lib/map/client/components/form/KOwsLayerField.vue +21 -2
  389. package/lib/map/client/components/form/KOwsServiceField.vue +1 -0
  390. package/lib/map/client/components/widget/KInformationBox.vue +10 -16
  391. package/lib/map/client/components/widget/KMapillaryViewer.vue +59 -49
  392. package/lib/map/client/components/widget/KTimeSeries.vue +39 -29
  393. package/lib/map/client/i18n/map_en.json +65 -17
  394. package/lib/map/client/i18n/map_fr.json +67 -20
  395. package/lib/map/client/init.js +18 -6
  396. package/lib/map/client/init.js.map +1 -1
  397. package/lib/map/client/leaflet/GSMaPLayer.js +4 -9
  398. package/lib/map/client/leaflet/GSMaPLayer.js.map +1 -1
  399. package/lib/map/client/leaflet/GradientPath.js.map +1 -1
  400. package/lib/map/client/leaflet/MaskLayer.js +64 -0
  401. package/lib/map/client/leaflet/MaskLayer.js.map +1 -0
  402. package/lib/map/client/mixins/globe/mixin.base-globe.js +4 -1
  403. package/lib/map/client/mixins/globe/mixin.base-globe.js.map +1 -1
  404. package/lib/map/client/mixins/globe/mixin.geojson-layers.js +7 -9
  405. package/lib/map/client/mixins/globe/mixin.geojson-layers.js.map +1 -1
  406. package/lib/map/client/mixins/index.js +8 -13
  407. package/lib/map/client/mixins/index.js.map +1 -1
  408. package/lib/map/client/mixins/map/mixin.base-map.js +30 -6
  409. package/lib/map/client/mixins/map/mixin.base-map.js.map +1 -1
  410. package/lib/map/client/mixins/map/mixin.canvas-layers.js +274 -51
  411. package/lib/map/client/mixins/map/mixin.canvas-layers.js.map +1 -1
  412. package/lib/map/client/mixins/map/mixin.edit-layers.js +218 -121
  413. package/lib/map/client/mixins/map/mixin.edit-layers.js.map +1 -1
  414. package/lib/map/client/mixins/map/mixin.file-layers.js +25 -18
  415. package/lib/map/client/mixins/map/mixin.file-layers.js.map +1 -1
  416. package/lib/map/client/mixins/map/mixin.geojson-layers.js +18 -10
  417. package/lib/map/client/mixins/map/mixin.geojson-layers.js.map +1 -1
  418. package/lib/map/client/mixins/map/mixin.georaster-layers.js +7 -4
  419. package/lib/map/client/mixins/map/mixin.georaster-layers.js.map +1 -1
  420. package/lib/map/client/mixins/map/mixin.gsmap-layers.js +3 -3
  421. package/lib/map/client/mixins/map/mixin.gsmap-layers.js.map +1 -1
  422. package/lib/map/client/mixins/map/mixin.heatmap-layers.js +8 -10
  423. package/lib/map/client/mixins/map/mixin.heatmap-layers.js.map +1 -1
  424. package/lib/map/client/mixins/map/mixin.mapillary-layers.js +25 -40
  425. package/lib/map/client/mixins/map/mixin.mapillary-layers.js.map +1 -1
  426. package/lib/map/client/mixins/map/mixin.tiled-mesh-layers.js +5 -3
  427. package/lib/map/client/mixins/map/mixin.tiled-mesh-layers.js.map +1 -1
  428. package/lib/map/client/mixins/map/mixin.tiled-wind-layers.js +5 -3
  429. package/lib/map/client/mixins/map/mixin.tiled-wind-layers.js.map +1 -1
  430. package/lib/map/client/mixins/mixin.activity.js +60 -68
  431. package/lib/map/client/mixins/mixin.activity.js.map +1 -1
  432. package/lib/map/client/mixins/mixin.feature-selection.js +8 -10
  433. package/lib/map/client/mixins/mixin.feature-selection.js.map +1 -1
  434. package/lib/map/client/mixins/mixin.feature-service.js +7 -5
  435. package/lib/map/client/mixins/mixin.feature-service.js.map +1 -1
  436. package/lib/map/client/mixins/mixin.weacast.js +6 -4
  437. package/lib/map/client/mixins/mixin.weacast.js.map +1 -1
  438. package/lib/map/client/pixi-utils.js +9 -0
  439. package/lib/map/client/pixi-utils.js.map +1 -1
  440. package/lib/map/client/utils.js +50 -0
  441. package/lib/map/client/utils.js.map +1 -1
  442. package/lib/map/common/wfs-utils.js +1 -1
  443. package/lib/map/common/wfs-utils.js.map +1 -1
  444. package/lib/map/common/wmts-utils.js +31 -7
  445. package/lib/map/common/wmts-utils.js.map +1 -1
  446. package/lib/test/client/core/account.js +100 -0
  447. package/lib/test/client/core/account.js.map +1 -0
  448. package/lib/test/client/core/api.js +400 -0
  449. package/lib/test/client/core/api.js.map +1 -0
  450. package/lib/test/client/core/collection.js +109 -0
  451. package/lib/test/client/core/collection.js.map +1 -0
  452. package/lib/test/client/core/index.js +90 -0
  453. package/lib/test/client/core/index.js.map +1 -0
  454. package/lib/test/client/core/layout.js +221 -0
  455. package/lib/test/client/core/layout.js.map +1 -0
  456. package/lib/test/client/core/runner.js +204 -0
  457. package/lib/test/client/core/runner.js.map +1 -0
  458. package/lib/test/client/core/screens.js +68 -0
  459. package/lib/test/client/core/screens.js.map +1 -0
  460. package/lib/test/client/core/utils.js +304 -0
  461. package/lib/test/client/core/utils.js.map +1 -0
  462. package/lib/test/client/index.js +20 -0
  463. package/lib/test/client/index.js.map +1 -0
  464. package/lib/test/client/map/catalog.js +191 -0
  465. package/lib/test/client/map/catalog.js.map +1 -0
  466. package/lib/test/client/map/controls.js +54 -0
  467. package/lib/test/client/map/controls.js.map +1 -0
  468. package/lib/test/client/map/index.js +30 -0
  469. package/lib/test/client/map/index.js.map +1 -0
  470. package/package.json +17 -9
  471. package/test.client.js +1 -0
  472. package/tests/core/test-log-2021-07-15.log +71 -0
  473. package/tests/core/test-log-2021-09-02.log +47 -0
  474. package/tests/map/test-log-%DATE%.logYYYY-07-DD +12 -0
  475. package/tests/map/test-log-%DATE%.logYYYY-09-DD +6 -0
  476. package/tests/map/test-log-2021-07-12.log +12 -0
  477. package/tests/map/test-log-2021-07-15.log +5 -0
  478. package/tests/map/test-log-2021-09-02.log +3 -0
  479. package/.nyc_output/11cd93d8-69cb-405c-98a3-d249ea35b6da.json +0 -1
  480. package/.nyc_output/2bece194-92f7-4971-a688-10604044a7fa.json +0 -1
  481. package/.nyc_output/5ddee33e-b658-4c8e-a247-54f575ac67e8.json +0 -1
  482. package/.nyc_output/78760ae4-555f-4d9c-a6a1-acf5e2f0fe45.json +0 -1
  483. package/.nyc_output/d0bb2559-084e-4c92-b9e6-29a9abd41f7c.json +0 -1
  484. package/.nyc_output/processinfo/0b8aa700-8daa-49ce-85e7-a8f8965d55f0.json +0 -1
  485. package/.nyc_output/processinfo/11cd93d8-69cb-405c-98a3-d249ea35b6da.json +0 -1
  486. package/.nyc_output/processinfo/20df4355-911a-4b16-a8ab-d3392e9f0a7f.json +0 -1
  487. package/.nyc_output/processinfo/257af0bb-96c3-465a-b5ef-a1df60078d5f.json +0 -1
  488. package/.nyc_output/processinfo/284aebfa-23fd-425f-9d72-e4b8904dc224.json +0 -1
  489. package/.nyc_output/processinfo/5cbee06e-be6e-468a-bd78-4793ee785fe4.json +0 -1
  490. package/.nyc_output/processinfo/5ddee33e-b658-4c8e-a247-54f575ac67e8.json +0 -1
  491. package/.nyc_output/processinfo/78760ae4-555f-4d9c-a6a1-acf5e2f0fe45.json +0 -1
  492. package/.nyc_output/processinfo/d0bb2559-084e-4c92-b9e6-29a9abd41f7c.json +0 -1
  493. package/lib/core/client/components/frame/KLabel.vue +0 -56
  494. package/lib/core/client/components/team/KTagsPane.vue +0 -35
  495. package/lib/map/client/leaflet/TiledMapillaryLayer.js +0 -137
  496. package/lib/map/client/leaflet/TiledMapillaryLayer.js.map +0 -1
  497. package/lib/map/client/mixins/mixin.time.js +0 -73
  498. package/lib/map/client/mixins/mixin.time.js.map +0 -1
  499. package/tests/core/account.test.js +0 -415
  500. package/tests/core/client.test.js.skip +0 -37
  501. package/tests/core/config/default.js +0 -97
  502. package/tests/core/config/email-templates/confirmInvitation/html.ejs +0 -18
  503. package/tests/core/config/email-templates/identityChange/html.ejs +0 -12
  504. package/tests/core/config/email-templates/newDevice/html.ejs +0 -7
  505. package/tests/core/config/email-templates/passwordChange/html.ejs +0 -5
  506. package/tests/core/config/email-templates/resendVerifySignup/html.ejs +0 -10
  507. package/tests/core/config/email-templates/resetPwd/html.ejs +0 -5
  508. package/tests/core/config/email-templates/sendResetPwd/html.ejs +0 -8
  509. package/tests/core/config/email-templates/verifySignup/html.ejs +0 -3
  510. package/tests/core/data/10k_most_common_passwords.txt +0 -10000
  511. package/tests/core/data/logo.png +0 -0
  512. package/tests/core/hooks.test.js +0 -175
  513. package/tests/core/index.test.js +0 -418
  514. package/tests/core/notifications.test.js +0 -465
  515. package/tests/core/storage.test.js +0 -134
  516. package/tests/core/team.test.js +0 -610
  517. package/tests/core/utils.js +0 -59
  518. package/tests/map/alerts.test.js +0 -554
  519. package/tests/map/config/default.js +0 -112
  520. package/tests/map/config/layers.json +0 -37
  521. package/tests/map/daptiles.test.js +0 -41
  522. package/tests/map/data/DescribeCoverage.xml +0 -55
  523. package/tests/map/data/GetCoverage.tif +0 -0
  524. package/tests/map/data/adsb.observations.json +0 -132
  525. package/tests/map/data/dataset.grb.das +0 -55
  526. package/tests/map/data/dataset.grb.dds +0 -17
  527. package/tests/map/data/dataset.grb.dods +0 -0
  528. package/tests/map/data/lat_lon_bounds.grb.dods +0 -0
  529. package/tests/map/data/subdataset.grb.dods +0 -0
  530. package/tests/map/data/vigicrues.observations.json +0 -47042
  531. package/tests/map/data/vigicrues.stations.json +0 -15422
  532. package/tests/map/data/zones.json +0 -1228
  533. package/tests/map/grid-sources.test.js +0 -304
  534. package/tests/map/hooks.test.js +0 -96
  535. package/tests/map/index.test.js +0 -333
package/lib/core/api/hooks/hooks.authorisations.js CHANGED
@@ -3,10 +3,148 @@
3
3
  Object.defineProperty(exports, "__esModule", {
4
4
  value: true
5
5
  });
6
- exports.removeOrganisationTagsAuthorisations = undefined;
6
+ exports.removeOrganisationTagsAuthorisations = exports.removeOrganisationGroupsAuthorisations = exports.authorise = undefined;
7
+
8
+ let authorise = exports.authorise = (() => {
9
+ var _ref2 = _asyncToGenerator(function* (hook) {
10
+ if (hook.type !== 'before') {
11
+ throw new Error('The \'authorise\' hook should only be used as a \'before\' hook.');
12
+ }
13
+ const operation = hook.method;
14
+ const resourceType = hook.service.name;
15
+ debug('Provider is', hook.params.provider);
16
+ if (hook.params.user) debug('User is', hook.params.user);
17
+ debug('Operation is', operation);
18
+ if (resourceType) debug('Resource type is', resourceType);
19
+
20
+ // If called internally we skip authorisation
21
+ let checkAuthorisation = _lodash2.default.has(hook.params, 'provider');
22
+ debug('Access check ' + (checkAuthorisation ? 'enabled' : 'disabled') + ' for provider');
23
+ // If already checked we skip authorisation
24
+ if (hook.params.authorised) {
25
+ debug('Access already granted');
26
+ checkAuthorisation = false;
27
+ }
28
+ // We also skip authorisation for built-in Feathers services like authentication
29
+ if (typeof hook.service.getPath !== 'function') {
30
+ debug('Access disabled on built-in services');
31
+ checkAuthorisation = false;
32
+ }
33
+ // If explicitely asked to perform/skip, override defaults
34
+ if (_lodash2.default.has(hook.params, 'checkAuthorisation')) {
35
+ checkAuthorisation = _lodash2.default.get(hook.params, 'checkAuthorisation');
36
+ // Bypass authorisation for next hooks otherwise we will loop infinitely
37
+ delete hook.params.checkAuthorisation;
38
+ debug('Access check ' + (checkAuthorisation ? 'forced' : 'unforced'));
39
+ }
40
+
41
+ const context = hook.service.context;
42
+ if (checkAuthorisation) {
43
+ // Build ability for user
44
+ const authorisationService = hook.app.getService('authorisations');
45
+ const abilities = yield authorisationService.getAbilities(hook.params.user);
46
+ hook.params.abilities = abilities;
47
+ debug('User abilities are', abilities.rules);
48
+
49
+ // Check for access to service fisrt
50
+ if (!(0, _permissions.hasServiceAbilities)(abilities, hook.service)) {
51
+ debug('Service access not granted');
52
+ throw new _errors.Forbidden(`You are not allowed to access service ${hook.service.getPath()}`);
53
+ }
54
+
55
+ if (!hook.id) {
56
+ // In this specific case there is no query to be run,
57
+ // simply check against the object we'd like to create
58
+ if (operation === 'create') {
59
+ const resource = hook.data;
60
+ debug('Target resource is ', resource);
61
+ if (!(0, _permissions.hasResourceAbilities)(abilities, operation, resourceType, context, resource)) {
62
+ debug('Resource access not granted');
63
+ throw new _errors.Forbidden(`You are not allowed to perform ${operation} operation on ${resourceType}`);
64
+ }
65
+ } else {
66
+ // When we find/update/patch/remove multiple items this ensures that
67
+ // only the ones authorised by constraints on the resources will be fetched
68
+ // This avoid fetching all first then check it one by one
69
+ const dbQuery = (0, _db.objectifyIDs)((0, _permissions.getQueryForAbilities)(abilities, operation, resourceType));
70
+ if (dbQuery) {
71
+ hook.params.query = _lodash2.default.transform(hook.params.query, function (result, value, key) {
72
+ if (key === '$or') result.$and = [{ $or: value }];else result[key] = value;
73
+ }, {});
74
+ _lodash2.default.merge(hook.params.query, dbQuery);
75
+ } else {
76
+ hook.result = { total: 0, skip: 0, data: [] };
77
+ }
78
+ }
79
+ debug('Resource access granted');
80
+ // Some specific services might not expose a get function, in this case we cannot check for authorisation
81
+ // this has to be implemented by the service itself
82
+ } else if (typeof hook.service.get === 'function') {
83
+ // In this case (single get/update/patch/remove) we need to fetch the item first
84
+ const resource = yield hook.service.get(hook.id, Object.assign({ checkAuthorisation: false }, hook.params));
85
+ debug('Target resource is', resource);
86
+ // Then check against the object we'd like to manage
87
+ if (!(0, _permissions.hasResourceAbilities)(abilities, operation, resourceType, context, resource)) {
88
+ debug('Resource access not granted');
89
+ throw new _errors.Forbidden(`You are not allowed to perform ${operation} operation on ${resourceType}`);
90
+ }
91
+ // Avoid fetching again the object in this case
92
+ if (operation === 'get') {
93
+ hook.result = resource;
94
+ }
95
+ hook.params.authorised = true;
96
+ debug('Resource access granted');
97
+ return hook;
98
+ }
99
+ } else {
100
+ debug('Authorisation check skipped, access granted');
101
+ }
102
+
103
+ hook.params.authorised = true;
104
+ return hook;
105
+ });
106
+
107
+ return function authorise(_x2) {
108
+ return _ref2.apply(this, arguments);
109
+ };
110
+ })();
111
+
112
+ let removeOrganisationGroupsAuthorisations = exports.removeOrganisationGroupsAuthorisations = (() => {
113
+ var _ref5 = _asyncToGenerator(function* (hook) {
114
+ const app = hook.app;
115
+ const authorisationService = app.getService('authorisations');
116
+ const org = hook.params.resource;
117
+ const user = hook.params.user;
118
+ // Unset membership for the all org groups
119
+ const orgGroupService = app.getService('groups', org);
120
+ const groups = yield orgGroupService.find({ paginate: false });
121
+ yield Promise.all(groups.map(function (group) {
122
+ // Unset membership on group for the all org users
123
+ return authorisationService.remove(group._id.toString(), {
124
+ query: {
125
+ scope: 'groups'
126
+ },
127
+ user,
128
+ force: hook.params.force,
129
+ // Because we already have resource set it as objects to avoid populating
130
+ // Moreover used as an after hook the resource might not already exist anymore
131
+ subjects: hook.params.subjects,
132
+ subjectsService: hook.params.subjectsService,
133
+ resource: group,
134
+ resourcesService: orgGroupService
135
+ });
136
+ }));
137
+ debug('Authorisations unset on groups for organisation ' + org._id);
138
+ return hook;
139
+ });
140
+
141
+ return function removeOrganisationGroupsAuthorisations(_x5) {
142
+ return _ref5.apply(this, arguments);
143
+ };
144
+ })();
7
145
 
8
146
  let removeOrganisationTagsAuthorisations = exports.removeOrganisationTagsAuthorisations = (() => {
9
- var _ref4 = _asyncToGenerator(function* (hook) {
147
+ var _ref6 = _asyncToGenerator(function* (hook) {
10
148
  const app = hook.app;
11
149
  const org = hook.params.resource;
12
150
  const subjectService = hook.params.subjectsService;
@@ -33,8 +171,8 @@ let removeOrganisationTagsAuthorisations = exports.removeOrganisationTagsAuthori
33
171
  return hook;
34
172
  });
35
173
 
36
- return function removeOrganisationTagsAuthorisations(_x4) {
37
- return _ref4.apply(this, arguments);
174
+ return function removeOrganisationTagsAuthorisations(_x6) {
175
+ return _ref6.apply(this, arguments);
38
176
  };
39
177
  })();
40
178
 
@@ -44,10 +182,8 @@ exports.unpopulateSubjects = unpopulateSubjects;
44
182
  exports.populateResource = populateResource;
45
183
  exports.unpopulateResource = unpopulateResource;
46
184
  exports.preventEscalation = preventEscalation;
47
- exports.authorise = authorise;
48
185
  exports.updateAbilities = updateAbilities;
49
186
  exports.preventRemovingLastOwner = preventRemovingLastOwner;
50
- exports.removeOrganisationGroupsAuthorisations = removeOrganisationGroupsAuthorisations;
51
187
 
52
188
  var _lodash = require('lodash');
53
189
 
@@ -215,106 +351,9 @@ function preventEscalation(hook) {
215
351
  return hook;
216
352
  }
217
353
 
218
- function authorise(hook) {
219
- if (hook.type !== 'before') {
220
- throw new Error('The \'authorise\' hook should only be used as a \'before\' hook.');
221
- }
222
- const operation = hook.method;
223
- const resourceType = hook.service.name;
224
- debug('Provider is', hook.params.provider);
225
- if (hook.params.user) debug('User is', hook.params.user);
226
- debug('Operation is', operation);
227
- if (resourceType) debug('Resource type is', resourceType);
228
-
229
- // If called internally we skip authorisation
230
- let checkAuthorisation = _lodash2.default.has(hook.params, 'provider');
231
- debug('Access check ' + (checkAuthorisation ? 'enabled' : 'disabled') + ' for provider');
232
- // If already checked we skip authorisation
233
- if (hook.params.authorised) {
234
- debug('Access already granted');
235
- checkAuthorisation = false;
236
- }
237
- // We also skip authorisation for built-in Feathers services like authentication
238
- if (typeof hook.service.getPath !== 'function') {
239
- debug('Access disabled on built-in services');
240
- checkAuthorisation = false;
241
- }
242
- // If explicitely asked to perform/skip, override defaults
243
- if (_lodash2.default.has(hook.params, 'checkAuthorisation')) {
244
- checkAuthorisation = _lodash2.default.get(hook.params, 'checkAuthorisation');
245
- // Bypass authorisation for next hooks otherwise we will loop infinitely
246
- delete hook.params.checkAuthorisation;
247
- debug('Access check ' + (checkAuthorisation ? 'forced' : 'unforced'));
248
- }
249
-
250
- const context = hook.service.context;
251
- if (checkAuthorisation) {
252
- // Build ability for user
253
- const authorisationService = hook.app.getService('authorisations');
254
- const abilities = authorisationService.getAbilities(hook.params.user);
255
- hook.params.abilities = abilities;
256
- debug('User abilities are', abilities.rules);
257
-
258
- // Check for access to service fisrt
259
- if (!(0, _permissions.hasServiceAbilities)(abilities, hook.service)) {
260
- debug('Service access not granted');
261
- throw new _errors.Forbidden(`You are not allowed to access service ${hook.service.getPath()}`);
262
- }
263
-
264
- if (!hook.id) {
265
- // In this specific case there is no query to be run,
266
- // simply check against the object we'd like to create
267
- if (operation === 'create') {
268
- const resource = hook.data;
269
- debug('Target resource is ', resource);
270
- if (!(0, _permissions.hasResourceAbilities)(abilities, operation, resourceType, context, resource)) {
271
- debug('Resource access not granted');
272
- throw new _errors.Forbidden(`You are not allowed to perform ${operation} operation on ${resourceType}`);
273
- }
274
- } else {
275
- // When we find/update/patch/remove multiple items this ensures that
276
- // only the ones authorised by constraints on the resources will be fetched
277
- // This avoid fetching all first then check it one by one
278
- const dbQuery = (0, _db.objectifyIDs)((0, _permissions.getQueryForAbilities)(abilities, operation, resourceType));
279
- if (dbQuery) {
280
- debug('Target resource conditions are ', dbQuery);
281
- _lodash2.default.merge(hook.params.query, dbQuery);
282
- } else {
283
- hook.result = { total: 0, skip: 0, data: [] };
284
- }
285
- }
286
- debug('Resource access granted');
287
- // Some specific services might not expose a get function, in this case we cannot check for authorisation
288
- // this has to be implemented by the service itself
289
- } else if (typeof hook.service.get === 'function') {
290
- // In this case (single get/update/patch/remove) we need to fetch the item first
291
- return hook.service.get(hook.id, Object.assign({ checkAuthorisation: false }, hook.params)).then(resource => {
292
- debug('Target resource is', resource);
293
- // Then check against the object we'd like to manage
294
- if (!(0, _permissions.hasResourceAbilities)(abilities, operation, resourceType, context, resource)) {
295
- debug('Resource access not granted');
296
- throw new _errors.Forbidden(`You are not allowed to perform ${operation} operation on ${resourceType}`);
297
- }
298
- // Avoid fetching again the object in this case
299
- if (operation === 'get') {
300
- hook.result = resource;
301
- }
302
- hook.params.authorised = true;
303
- debug('Resource access granted');
304
- return hook;
305
- });
306
- }
307
- } else {
308
- debug('Authorisation check skipped, access granted');
309
- }
310
-
311
- hook.params.authorised = true;
312
- return Promise.resolve(hook);
313
- }
314
-
315
354
  function updateAbilities(options = {}) {
316
355
  return (() => {
317
- var _ref2 = _asyncToGenerator(function* (hook) {
356
+ var _ref3 = _asyncToGenerator(function* (hook) {
318
357
  const app = hook.app;
319
358
  const params = hook.params;
320
359
  const authorisationService = app.getService('authorisations');
@@ -324,20 +363,20 @@ function updateAbilities(options = {}) {
324
363
  if (options.fetchSubject) {
325
364
  subject = yield hook.service.get(subject._id.toString());
326
365
  }
327
- const abilities = authorisationService.updateAbilities(subject);
366
+ const abilities = yield authorisationService.updateAbilities(subject);
328
367
  debug('Abilities updated on subject', subject, abilities.rules);
329
368
  return hook;
330
369
  });
331
370
 
332
- return function (_x2) {
333
- return _ref2.apply(this, arguments);
371
+ return function (_x3) {
372
+ return _ref3.apply(this, arguments);
334
373
  };
335
374
  })();
336
375
  }
337
376
 
338
377
  function preventRemovingLastOwner(resourceScope) {
339
378
  return (() => {
340
- var _ref3 = _asyncToGenerator(function* (hook) {
379
+ var _ref4 = _asyncToGenerator(function* (hook) {
341
380
  // By pass check ?
342
381
  if (hook.params.force) return hook;
343
382
  const params = hook.params;
@@ -376,39 +415,9 @@ function preventRemovingLastOwner(resourceScope) {
376
415
  return hook;
377
416
  });
378
417
 
379
- return function (_x3) {
380
- return _ref3.apply(this, arguments);
418
+ return function (_x4) {
419
+ return _ref4.apply(this, arguments);
381
420
  };
382
421
  })();
383
422
  }
384
-
385
- function removeOrganisationGroupsAuthorisations(hook) {
386
- const app = hook.app;
387
- const authorisationService = app.getService('authorisations');
388
- const org = hook.params.resource;
389
- const user = hook.params.user;
390
- // Unset membership for the all org groups
391
- const orgGroupService = app.getService('groups', org);
392
- return orgGroupService.find({ paginate: false }).then(groups => {
393
- return Promise.all(groups.map(group => {
394
- // Unset membership on group for the all org users
395
- return authorisationService.remove(group._id.toString(), {
396
- query: {
397
- scope: 'groups'
398
- },
399
- user,
400
- force: hook.params.force,
401
- // Because we already have resource set it as objects to avoid populating
402
- // Moreover used as an after hook the resource might not already exist anymore
403
- subjects: hook.params.subjects,
404
- subjectsService: hook.params.subjectsService,
405
- resource: group,
406
- resourcesService: orgGroupService
407
- });
408
- }));
409
- }).then(groups => {
410
- debug('Authorisations unset on groups for organisation ' + org._id);
411
- return hook;
412
- });
413
- }
414
423
  //# sourceMappingURL=hooks.authorisations.js.map
package/lib/core/api/hooks/hooks.authorisations.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../../core/api/hooks/hooks.authorisations.js"],"names":["hook","app","org","params","resource","subjectService","subjectsService","orgTagsService","getService","subjects","length","orgTags","find","paginate","promises","forEach","tags","subject","fromOrg","_","intersectionWith","isTagEqual","notFromOrg","differenceWith","push","patch","_id","toString","devices","Promise","all","debug","removeOrganisationTagsAuthorisations","createJWT","populateSubjects","unpopulateSubjects","populateResource","unpopulateResource","preventEscalation","authorise","updateAbilities","preventRemovingLastOwner","removeOrganisationGroupsAuthorisations","options","defaults","get","user","items","isArray","Array","accessTokens","map","passport","payload","merge","jwt","item","index","set","name","type","Error","serviceField","idField","throwOnNotFound","checkEscalation","has","data","query","scopeName","scope","permissions","undefined","role","Roles","isUndefined","Forbidden","filter","subjectScope","subjectResource","subjectPermissions","subjectRole","hasRole","method","authorisationRole","operation","resourceType","service","provider","checkAuthorisation","authorised","getPath","context","authorisationService","abilities","getAbilities","rules","id","dbQuery","result","total","skip","Object","assign","then","resolve","subjectAsItem","fetchSubject","resourceScope","force","grantedPermissions","grantedRole","owner","owners","removedOwners","reduce","count","resources","ownedResource","RoleNames","resourceName","translation","key","orgGroupService","groups","group","remove","resourcesService"],"mappings":";;;;;;;;gCA0UO,WAAqDA,IAArD,EAA2D;AAChE,UAAMC,MAAMD,KAAKC,GAAjB;AACA,UAAMC,MAAMF,KAAKG,MAAL,CAAYC,QAAxB;AACA,UAAMC,iBAAiBL,KAAKG,MAAL,CAAYG,eAAnC;AACA,UAAMC,iBAAiBN,IAAIO,UAAJ,CAAe,MAAf,EAAuBN,GAAvB,CAAvB;AACA,UAAMO,WAAWT,KAAKG,MAAL,CAAYM,QAAZ,IAAwB,EAAzC;AACA,QAAIA,SAASC,MAAT,KAAoB,CAAxB,EAA2B,OAAOV,IAAP;AAC3B;AACA,UAAMW,UAAU,MAAMJ,eAAeK,IAAf,CAAoB,EAAEC,UAAU,KAAZ,EAApB,CAAtB;AACA,UAAMC,WAAW,EAAjB;AACAL,aAASM,OAAT,CAAiB,mBAAW;AAC1B,YAAMC,OAAOC,QAAQD,IAAR,IAAgB,EAA7B;AACA;AACA,YAAME,UAAUC,iBAAEC,gBAAF,CAAmBJ,IAAnB,EAAyBL,OAAzB,EAAkCU,kBAAlC,CAAhB;AACA;AACA,YAAMC,aAAaH,iBAAEI,cAAF,CAAiBP,IAAjB,EAAuBL,OAAvB,EAAgCU,kBAAhC,CAAnB;AACA;AACA,UAAIH,QAAQR,MAAR,GAAiB,CAArB,EAAwB;AACtBI,iBAASU,IAAT,CAAcnB,eAAeoB,KAAf,CAAqBR,QAAQS,GAAR,CAAYC,QAAZ,EAArB,EAA6C,EAAEX,MAAMM,UAAR,EAAoBM,SAASX,QAAQW,OAArC,EAA7C,CAAd;AACD;AACF,KAVD;AAWA;AACA,UAAMC,QAAQC,GAAR,CAAYhB,QAAZ,CAAN;AACAiB,UAAO,iBAAgBjB,SAASJ,MAAO,6BAAjC,GAAgER,IAAIwB,GAA1E;AACA,WAAO1B,IAAP;AACD,G;;kBAzBqBgC,oC;;;;;QA/TNC,S,GAAAA,S;QAsBAC,gB,GAAAA,gB;QAQAC,kB,GAAAA,kB;QAQAC,gB,GAAAA,gB;QAQAC,kB,GAAAA,kB;QAQAC,iB,GAAAA,iB;QA6EAC,S,GAAAA,S;QAkGAC,e,GAAAA,e;QAiBAC,wB,GAAAA,wB;QAyCAC,sC,GAAAA,sC;;AA1ShB;;;;AACA;;;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;;;;;AAEA,MAAMX,QAAQ,qBAAU,+BAAV,CAAd;;AAEO,SAASE,SAAT,CAAoBU,UAAU,EAA9B,EAAkC;AACvC;AAAA,iCAAO,WAAgB3C,IAAhB,EAAsB;AAC3B,YAAM4C,WAAW5C,KAAKC,GAAL,CAAS4C,GAAT,CAAa,gBAAb,KAAkC7C,KAAKC,GAAL,CAAS4C,GAAT,CAAa,MAAb,CAAnD;AACA,YAAMC,OAAO3B,iBAAE0B,GAAF,CAAM7C,IAAN,EAAY,aAAZ,CAAb;AACA,UAAI+C,QAAQ,mCAAS/C,IAAT,CAAZ;AACA,YAAMgD,UAAUC,MAAMD,OAAN,CAAcD,KAAd,CAAhB;AACAA,cAASC,UAAUD,KAAV,GAAkB,CAACA,KAAD,CAA3B;AACA;AACA,YAAMG,eAAe,MAAMrB,QAAQC,GAAR,CAAYiB,MAAMI,GAAN,CAAU;AAAA,eAAQnD,KAAKC,GAAL,CAASmD,QAAT,CAAkBnB,SAAlB;AACvD;AACC,eAAOU,QAAQU,OAAf,KAA2B,UAA3B,GAAwCV,QAAQU,OAAR,CAAgBP,IAAhB,CAAxC,GAAgE,EAFV;AAGvD;AACA;AACA3B,yBAAEmC,KAAF,CAAQ,EAAR,EAAYV,QAAZ,EAAuB,OAAOD,QAAQY,GAAf,KAAuB,UAAvB,GAAoC,EAAEA,KAAKZ,QAAQY,GAAR,CAAYT,IAAZ,CAAP,EAApC,GAAiEH,OAAxF,CALuD,CAAR;AAAA,OAAV,CAAZ,CAA3B;AAOA;AACAI,YAAMhC,OAAN,CAAc,UAACyC,IAAD,EAAOC,KAAP;AAAA,eAAiBtC,iBAAEuC,GAAF,CAAMF,IAAN,EAAYb,QAAQgB,IAAR,IAAgB,aAA5B,EAA2CT,aAAaO,KAAb,CAA3C,CAAjB;AAAA,OAAd;AACA,6CAAazD,IAAb,EAAmBgD,UAAUD,KAAV,GAAkBA,MAAM,CAAN,CAArC;AACA,aAAO/C,IAAP;AACD,KAlBD;;AAAA;AAAA;AAAA;AAAA;AAmBD;;AAEM,SAASkC,gBAAT,CAA2BlC,IAA3B,EAAiC;AACtC,MAAIA,KAAK4D,IAAL,KAAc,QAAlB,EAA4B;AAC1B,UAAM,IAAIC,KAAJ,CAAU,yEAAV,CAAN;AACD;;AAED,SAAO,4BAAgB,EAAEC,cAAc,iBAAhB,EAAmCC,SAAS,UAA5C,EAAwDC,iBAAiB,IAAzE,EAAhB,EAAiGhE,IAAjG,CAAP;AACD;;AAEM,SAASmC,kBAAT,CAA6BnC,IAA7B,EAAmC;AACxC,MAAIA,KAAK4D,IAAL,KAAc,OAAlB,EAA2B;AACzB,UAAM,IAAIC,KAAJ,CAAU,0EAAV,CAAN;AACD;;AAED,SAAO,8BAAkB,EAAEC,cAAc,iBAAhB,EAAmCC,SAAS,UAA5C,EAAlB,EAA4E/D,IAA5E,CAAP;AACD;;AAEM,SAASoC,gBAAT,CAA2BpC,IAA3B,EAAiC;AACtC,MAAIA,KAAK4D,IAAL,KAAc,QAAlB,EAA4B;AAC1B,UAAM,IAAIC,KAAJ,CAAU,yEAAV,CAAN;AACD;;AAED,SAAO,2BAAe,EAAEC,cAAc,kBAAhB,EAAoCC,SAAS,UAA7C,EAAyDC,iBAAiB,IAA1E,EAAf,EAAiGhE,IAAjG,CAAP;AACD;;AAEM,SAASqC,kBAAT,CAA6BrC,IAA7B,EAAmC;AACxC,MAAIA,KAAK4D,IAAL,KAAc,OAAlB,EAA2B;AACzB,UAAM,IAAIC,KAAJ,CAAU,0EAAV,CAAN;AACD;;AAED,SAAO,6BAAiB,EAAEC,cAAc,kBAAhB,EAAoCC,SAAS,UAA7C,EAAjB,EAA4E/D,IAA5E,CAAP;AACD;;AAEM,SAASsC,iBAAT,CAA4BtC,IAA5B,EAAkC;AACvC,MAAIA,KAAK4D,IAAL,KAAc,QAAlB,EAA4B;AAC1B,UAAM,IAAIC,KAAJ,CAAU,0EAAV,CAAN;AACD;;AAED,QAAM1D,SAASH,KAAKG,MAApB;AACA;AACA,MAAI8D,kBAAkB9C,iBAAE+C,GAAF,CAAM/D,MAAN,EAAc,UAAd,CAAtB;AACA4B,QAAM,uBAAuBkC,kBAAkB,SAAlB,GAA8B,UAArD,IAAmE,eAAzE;AACA;AACA,MAAI9C,iBAAE+C,GAAF,CAAM/D,MAAN,EAAc,iBAAd,CAAJ,EAAsC;AACpC8D,sBAAkB9D,OAAO8D,eAAzB;AACAlC,UAAM,uBAAuBkC,kBAAkB,QAAlB,GAA6B,UAApD,CAAN;AACD;;AAED,MAAIA,eAAJ,EAAqB;AACnB,UAAMnB,OAAO3C,OAAO2C,IAApB;AACA;AACA,UAAMqB,OAAOnE,KAAKmE,IAAL,IAAa,EAA1B;AACA;AACA,UAAMC,QAAQjE,OAAOiE,KAAP,IAAgB,EAA9B;AACA,UAAMC,YAAYF,KAAKG,KAAL,IAAcF,MAAME,KAAtC,CANmB,CAMyB;AAC5C;AACA,UAAMA,QAAQnD,iBAAE0B,GAAF,CAAMC,IAAN,EAAYuB,SAAZ,EAAuB,EAAvB,CAAd;AACA;AACA,UAAMjE,WAAWe,iBAAEP,IAAF,CAAO0D,KAAP,EAAclE,YAAYA,SAASsB,GAAT,IAAiBtB,SAASsB,GAAT,CAAaC,QAAb,OAA4BxB,OAAOC,QAAP,CAAgBsB,GAAhB,CAAoBC,QAApB,EAAvE,CAAjB;AACA;AACA,UAAM4C,cAAenE,WAAWA,SAASmE,WAApB,GAAkCC,SAAvD;AACA,UAAMC,OAAQF,cAAcG,mBAAMH,WAAN,CAAd,GAAmCC,SAAjD;AACA,QAAIrD,iBAAEwD,WAAF,CAAcF,IAAd,CAAJ,EAAyB;AACvB1C,YAAM,wDAAwDsC,SAA9D;AACA,YAAM,IAAIO,iBAAJ,CAAc,yDAAd,CAAN;AACD;;AAED;;AAEA;AACA;AACA;AACA;AACA;AACA,UAAMnE,WAAWN,OAAOM,QAAP,CAAgBoE,MAAhB,CAAuB5D,WAAW;AACjD,YAAM6D,eAAe3D,iBAAE0B,GAAF,CAAM5B,OAAN,EAAeoD,SAAf,EAA0B,EAA1B,CAArB;AACA,YAAMU,kBAAkB5D,iBAAEP,IAAF,CAAOkE,YAAP,EAAqB1E,YAAYA,SAASsB,GAAT,IAAiBtB,SAASsB,GAAT,CAAaC,QAAb,OAA4BxB,OAAOC,QAAP,CAAgBsB,GAAhB,CAAoBC,QAApB,EAA9E,CAAxB;AACA,YAAMqD,qBAAsBD,kBAAkBA,gBAAgBR,WAAlC,GAAgDC,SAA5E;AACA,YAAMS,cAAeD,qBAAqBN,mBAAMM,kBAAN,CAArB,GAAiDR,SAAtE;AACA,YAAMU,UAAU,CAAC/D,iBAAEwD,WAAF,CAAcM,WAAd,CAAjB;AACA,UAAIjF,KAAKmF,MAAL,KAAgB,QAApB,EAA8B;AAC5B,eAAQ,CAACD,OAAD,IAAaD,eAAeR,IAApC,CAD4B,CACe;AAC5C,OAFD,MAEO;AACL,eAAQS,WAAYD,eAAeR,IAAnC,CADK,CACqC;AAC3C;AACF,KAXgB,CAAjB;AAYA,QAAIhE,SAASC,MAAT,GAAkBP,OAAOM,QAAP,CAAgBC,MAAtC,EAA8C;AAC5CqB,YAAO,GAAG5B,OAAOM,QAAP,CAAgBC,MAAhB,GAAyBD,SAASC,MAAQ,2DAA0D2D,SAAU,EAAxH;AACA,YAAM,IAAIO,iBAAJ,CAAc,2DAAd,CAAN;AACD;AACD;AACA;AACA;AACA,QAAIQ,iBAAJ;AACA,QAAIjB,KAAKI,WAAT,EAAsB;AACpBa,0BAAoBV,mBAAMP,KAAKI,WAAX,CAApB;AACD,KAFD,MAEO,IAAIH,MAAMG,WAAV,EAAuB;AAC5Ba,0BAAoBV,mBAAMN,MAAMG,WAAZ,CAApB;AACD;AACD,QAAI,CAACpD,iBAAEwD,WAAF,CAAcS,iBAAd,CAAL,EAAuC;AACrC,UAAIA,oBAAoBX,IAAxB,EAA8B;AAC5B1C,cAAM,6DAA6DsC,SAAnE;AACA,cAAM,IAAIO,iBAAJ,CAAc,yDAAd,CAAN;AACD;AACF;AACF;;AAED,SAAO5E,IAAP;AACD;;AAEM,SAASuC,SAAT,CAAoBvC,IAApB,EAA0B;AAC/B,MAAIA,KAAK4D,IAAL,KAAc,QAAlB,EAA4B;AAC1B,UAAM,IAAIC,KAAJ,CAAU,kEAAV,CAAN;AACD;AACD,QAAMwB,YAAYrF,KAAKmF,MAAvB;AACA,QAAMG,eAAetF,KAAKuF,OAAL,CAAa5B,IAAlC;AACA5B,QAAM,aAAN,EAAqB/B,KAAKG,MAAL,CAAYqF,QAAjC;AACA,MAAIxF,KAAKG,MAAL,CAAY2C,IAAhB,EAAsBf,MAAM,SAAN,EAAiB/B,KAAKG,MAAL,CAAY2C,IAA7B;AACtBf,QAAM,cAAN,EAAsBsD,SAAtB;AACA,MAAIC,YAAJ,EAAkBvD,MAAM,kBAAN,EAA0BuD,YAA1B;;AAElB;AACA,MAAIG,qBAAqBtE,iBAAE+C,GAAF,CAAMlE,KAAKG,MAAX,EAAmB,UAAnB,CAAzB;AACA4B,QAAM,mBAAmB0D,qBAAqB,SAArB,GAAiC,UAApD,IAAkE,eAAxE;AACA;AACA,MAAIzF,KAAKG,MAAL,CAAYuF,UAAhB,EAA4B;AAC1B3D,UAAM,wBAAN;AACA0D,yBAAqB,KAArB;AACD;AACD;AACA,MAAI,OAAOzF,KAAKuF,OAAL,CAAaI,OAApB,KAAgC,UAApC,EAAgD;AAC9C5D,UAAM,sCAAN;AACA0D,yBAAqB,KAArB;AACD;AACD;AACA,MAAItE,iBAAE+C,GAAF,CAAMlE,KAAKG,MAAX,EAAmB,oBAAnB,CAAJ,EAA8C;AAC5CsF,yBAAqBtE,iBAAE0B,GAAF,CAAM7C,KAAKG,MAAX,EAAmB,oBAAnB,CAArB;AACA;AACA,WAAOH,KAAKG,MAAL,CAAYsF,kBAAnB;AACA1D,UAAM,mBAAmB0D,qBAAqB,QAArB,GAAgC,UAAnD,CAAN;AACD;;AAED,QAAMG,UAAU5F,KAAKuF,OAAL,CAAaK,OAA7B;AACA,MAAIH,kBAAJ,EAAwB;AACtB;AACA,UAAMI,uBAAuB7F,KAAKC,GAAL,CAASO,UAAT,CAAoB,gBAApB,CAA7B;AACA,UAAMsF,YAAYD,qBAAqBE,YAArB,CAAkC/F,KAAKG,MAAL,CAAY2C,IAA9C,CAAlB;AACA9C,SAAKG,MAAL,CAAY2F,SAAZ,GAAwBA,SAAxB;AACA/D,UAAM,oBAAN,EAA4B+D,UAAUE,KAAtC;;AAEA;AACA,QAAI,CAAC,sCAAoBF,SAApB,EAA+B9F,KAAKuF,OAApC,CAAL,EAAmD;AACjDxD,YAAM,4BAAN;AACA,YAAM,IAAI6C,iBAAJ,CAAe,yCAAwC5E,KAAKuF,OAAL,CAAaI,OAAb,EAAuB,EAA9E,CAAN;AACD;;AAED,QAAI,CAAC3F,KAAKiG,EAAV,EAAc;AACZ;AACA;AACA,UAAIZ,cAAc,QAAlB,EAA4B;AAC1B,cAAMjF,WAAWJ,KAAKmE,IAAtB;AACApC,cAAM,qBAAN,EAA6B3B,QAA7B;AACA,YAAI,CAAC,uCAAqB0F,SAArB,EAAgCT,SAAhC,EAA2CC,YAA3C,EAAyDM,OAAzD,EAAkExF,QAAlE,CAAL,EAAkF;AAChF2B,gBAAM,6BAAN;AACA,gBAAM,IAAI6C,iBAAJ,CAAe,kCAAiCS,SAAU,iBAAgBC,YAAa,EAAvF,CAAN;AACD;AACF,OAPD,MAOO;AACL;AACA;AACA;AACA,cAAMY,UAAU,sBAAa,uCAAqBJ,SAArB,EAAgCT,SAAhC,EAA2CC,YAA3C,CAAb,CAAhB;AACA,YAAIY,OAAJ,EAAa;AACXnE,gBAAM,iCAAN,EAAyCmE,OAAzC;AACA/E,2BAAEmC,KAAF,CAAQtD,KAAKG,MAAL,CAAYiE,KAApB,EAA2B8B,OAA3B;AACD,SAHD,MAGO;AACLlG,eAAKmG,MAAL,GAAc,EAAEC,OAAO,CAAT,EAAYC,MAAM,CAAlB,EAAqBlC,MAAM,EAA3B,EAAd;AACD;AACF;AACDpC,YAAM,yBAAN;AACF;AACA;AACC,KAzBD,MAyBO,IAAI,OAAO/B,KAAKuF,OAAL,CAAa1C,GAApB,KAA4B,UAAhC,EAA4C;AACjD;AACA,aAAO7C,KAAKuF,OAAL,CAAa1C,GAAb,CAAiB7C,KAAKiG,EAAtB,EAA0BK,OAAOC,MAAP,CAAc,EAAEd,oBAAoB,KAAtB,EAAd,EAA6CzF,KAAKG,MAAlD,CAA1B,EACJqG,IADI,CACCpG,YAAY;AAChB2B,cAAM,oBAAN,EAA4B3B,QAA5B;AACA;AACA,YAAI,CAAC,uCAAqB0F,SAArB,EAAgCT,SAAhC,EAA2CC,YAA3C,EAAyDM,OAAzD,EAAkExF,QAAlE,CAAL,EAAkF;AAChF2B,gBAAM,6BAAN;AACA,gBAAM,IAAI6C,iBAAJ,CAAe,kCAAiCS,SAAU,iBAAgBC,YAAa,EAAvF,CAAN;AACD;AACD;AACA,YAAID,cAAc,KAAlB,EAAyB;AACvBrF,eAAKmG,MAAL,GAAc/F,QAAd;AACD;AACDJ,aAAKG,MAAL,CAAYuF,UAAZ,GAAyB,IAAzB;AACA3D,cAAM,yBAAN;AACA,eAAO/B,IAAP;AACD,OAfI,CAAP;AAgBD;AACF,GAzDD,MAyDO;AACL+B,UAAM,6CAAN;AACD;;AAED/B,OAAKG,MAAL,CAAYuF,UAAZ,GAAyB,IAAzB;AACA,SAAO7D,QAAQ4E,OAAR,CAAgBzG,IAAhB,CAAP;AACD;;AAEM,SAASwC,eAAT,CAA0BG,UAAU,EAApC,EAAwC;AAC7C;AAAA,kCAAO,WAAgB3C,IAAhB,EAAsB;AAC3B,YAAMC,MAAMD,KAAKC,GAAjB;AACA,YAAME,SAASH,KAAKG,MAApB;AACA,YAAM0F,uBAAuB5F,IAAIO,UAAJ,CAAe,gBAAf,CAA7B;AACA,UAAIS,UAAW0B,QAAQ+D,aAAR,GAAwB,mCAAS1G,IAAT,CAAxB,GAAyCG,OAAO2C,IAA/D;AACA;AACA;AACA,UAAIH,QAAQgE,YAAZ,EAA0B;AACxB1F,kBAAU,MAAMjB,KAAKuF,OAAL,CAAa1C,GAAb,CAAiB5B,QAAQS,GAAR,CAAYC,QAAZ,EAAjB,CAAhB;AACD;AACD,YAAMmE,YAAYD,qBAAqBrD,eAArB,CAAqCvB,OAArC,CAAlB;AACAc,YAAM,8BAAN,EAAsCd,OAAtC,EAA+C6E,UAAUE,KAAzD;AACA,aAAOhG,IAAP;AACD,KAbD;;AAAA;AAAA;AAAA;AAAA;AAcD;;AAEM,SAASyC,wBAAT,CAAmCmE,aAAnC,EAAkD;AACvD;AAAA,kCAAO,WAAgB5G,IAAhB,EAAsB;AAC3B;AACA,UAAIA,KAAKG,MAAL,CAAY0G,KAAhB,EAAuB,OAAO7G,IAAP;AACvB,YAAMG,SAASH,KAAKG,MAApB;AACA,YAAMgE,OAAOnE,KAAKmE,IAAL,IAAa,EAA1B;AACA,YAAMC,QAAQjE,OAAOiE,KAAP,IAAgB,EAA9B;AACA,YAAME,QAAQH,KAAKG,KAAL,IAAcF,MAAME,KAAlC;AACA,YAAMwC,qBAAqB3C,KAAKI,WAAL,IAAoBH,MAAMG,WAArD;AACA,YAAMwC,cAAeD,qBAAqBpC,mBAAMoC,kBAAN,CAArB,GAAiDtC,SAAtE;AACA,YAAMpE,WAAWJ,KAAKG,MAAL,CAAYC,QAA7B;AACA,YAAMK,WAAWT,KAAKG,MAAL,CAAYM,QAA7B;AACA,YAAMJ,iBAAiBL,KAAKG,MAAL,CAAYG,eAAnC;AACA;AACA,UAAI,CAACa,iBAAEwD,WAAF,CAAcoC,WAAd,CAAD,IAAgCA,gBAAgBrC,mBAAMsC,KAA1D,EAAkE,OAAOhH,IAAP;;AAElE,UAAKsE,UAAUsC,aAAX,IAA6BxG,QAA7B,IAAyCA,SAASsB,GAAtD,EAA2D;AACzD;AACA,cAAMuF,SAAS,MAAM,2CAAyB5G,cAAzB,EAAyCuG,aAAzC,EAAwDxG,SAASsB,GAAjE,EAAsEgD,mBAAMsC,KAA5E,CAArB;AACA;AACA,cAAME,gBAAgBzG,SAAS0G,MAAT,CAAgB,UAACC,KAAD,EAAQnG,OAAR,EAAoB;AACxD,gBAAMoG,YAAYlG,iBAAE0B,GAAF,CAAM5B,OAAN,EAAe2F,aAAf,EAA8B,EAA9B,CAAlB;AACA,gBAAMU,gBAAgBnG,iBAAEP,IAAF,CAAOyG,SAAP,EAAkB,EAAE3F,KAAKtB,SAASsB,GAAhB,EAAqB6C,aAAagD,uBAAU7C,mBAAMsC,KAAhB,CAAlC,EAAlB,CAAtB;AACA,iBAAQM,gBAAgBF,QAAQ,CAAxB,GAA4BA,KAApC;AACD,SAJqB,EAInB,CAJmB,CAAtB;AAKA;AACA,YAAIF,iBAAiBD,OAAOb,KAA5B,EAAmC;AACjCrE,gBAAM,2CAAN,EAAmD3B,QAAnD;AACA,gBAAMoH,eAAepH,SAASuD,IAAT,GAAgBvD,SAASuD,IAAzB,GAAgCvD,SAASsB,GAAT,CAAaC,QAAb,EAArD;AACA,gBAAM,IAAIiD,iBAAJ,CAAc,8DAA8D4C,YAA5E,EAA0F;AAC9FC,yBAAa;AACXC,mBAAK,0BADM;AAEXvH,sBAAQ,EAAEC,UAAUoH,YAAZ;AAFG;AADiF,WAA1F,CAAN;AAMD;AACF;AACD,aAAOxH,IAAP;AACD,KArCD;;AAAA;AAAA;AAAA;AAAA;AAsCD;;AAEM,SAAS0C,sCAAT,CAAiD1C,IAAjD,EAAuD;AAC5D,QAAMC,MAAMD,KAAKC,GAAjB;AACA,QAAM4F,uBAAuB5F,IAAIO,UAAJ,CAAe,gBAAf,CAA7B;AACA,QAAMN,MAAMF,KAAKG,MAAL,CAAYC,QAAxB;AACA,QAAM0C,OAAO9C,KAAKG,MAAL,CAAY2C,IAAzB;AACA;AACA,QAAM6E,kBAAkB1H,IAAIO,UAAJ,CAAe,QAAf,EAAyBN,GAAzB,CAAxB;AACA,SAAOyH,gBAAgB/G,IAAhB,CAAqB,EAAEC,UAAU,KAAZ,EAArB,EACJ2F,IADI,CACCoB,UAAU;AACd,WAAO/F,QAAQC,GAAR,CAAY8F,OAAOzE,GAAP,CAAW0E,SAAS;AACvC;AACE,aAAOhC,qBAAqBiC,MAArB,CAA4BD,MAAMnG,GAAN,CAAUC,QAAV,EAA5B,EAAkD;AACvDyC,eAAO;AACLE,iBAAO;AADF,SADgD;AAIvDxB,YAJuD;AAKvD+D,eAAO7G,KAAKG,MAAL,CAAY0G,KALoC;AAMvD;AACA;AACApG,kBAAUT,KAAKG,MAAL,CAAYM,QARiC;AASvDH,yBAAiBN,KAAKG,MAAL,CAAYG,eAT0B;AAUvDF,kBAAUyH,KAV6C;AAWvDE,0BAAkBJ;AAXqC,OAAlD,CAAP;AAaD,KAfkB,CAAZ,CAAP;AAgBD,GAlBI,EAmBJnB,IAnBI,CAmBCoB,UAAU;AACd7F,UAAM,qDAAqD7B,IAAIwB,GAA/D;AACA,WAAO1B,IAAP;AACD,GAtBI,CAAP;AAuBD","file":"hooks.authorisations.js","sourcesContent":["import _ from 'lodash'\r\nimport makeDebug from 'debug'\r\nimport { getItems, replaceItems } from 'feathers-hooks-common'\r\nimport { Forbidden } from '@feathersjs/errors'\r\nimport { populateObject, unpopulateObject, populateObjects, unpopulateObjects } from './hooks.query'\r\nimport { objectifyIDs } from '../db'\r\nimport { hasServiceAbilities, hasResourceAbilities, getQueryForAbilities, Roles, RoleNames, countSubjectsForResource } from '../../common/permissions'\r\nimport { isTagEqual } from './hooks.tags'\r\n\r\nconst debug = makeDebug('kdk:core:authorisations:hooks')\r\n\r\nexport function createJWT (options = {}) {\r\n return async function (hook) {\r\n const defaults = hook.app.get('authentication') || hook.app.get('auth')\r\n const user = _.get(hook, 'params.user')\r\n let items = getItems(hook)\r\n const isArray = Array.isArray(items)\r\n items = (isArray ? items : [items])\r\n // Generate access tokens for all items\r\n const accessTokens = await Promise.all(items.map(item => hook.app.passport.createJWT(\r\n // Provided function can be used to pick or omit properties in JWT payload\r\n (typeof options.payload === 'function' ? options.payload(user) : {}),\r\n // Provided function can be used for custom options cdepending on the user,\r\n // then we merge with default auth options for global properties like aud, iss, etc.\r\n _.merge({}, defaults, (typeof options.jwt === 'function' ? { jwt: options.jwt(user) } : options)))\r\n ))\r\n // Store access token on items\r\n items.forEach((item, index) => _.set(item, options.name || 'accessToken', accessTokens[index]))\r\n replaceItems(hook, isArray ? items : items[0])\r\n return hook\r\n }\r\n}\r\n\r\nexport function populateSubjects (hook) {\r\n if (hook.type !== 'before') {\r\n throw new Error('The \\'populateSubjects\\' hook should only be used as a \\'before\\' hook.')\r\n }\r\n\r\n return populateObjects({ serviceField: 'subjectsService', idField: 'subjects', throwOnNotFound: true })(hook)\r\n}\r\n\r\nexport function unpopulateSubjects (hook) {\r\n if (hook.type !== 'after') {\r\n throw new Error('The \\'unpopulateSubjects\\' hook should only be used as a \\'after\\' hook.')\r\n }\r\n\r\n return unpopulateObjects({ serviceField: 'subjectsService', idField: 'subjects' })(hook)\r\n}\r\n\r\nexport function populateResource (hook) {\r\n if (hook.type !== 'before') {\r\n throw new Error('The \\'populateResource\\' hook should only be used as a \\'before\\' hook.')\r\n }\r\n\r\n return populateObject({ serviceField: 'resourcesService', idField: 'resource', throwOnNotFound: true })(hook)\r\n}\r\n\r\nexport function unpopulateResource (hook) {\r\n if (hook.type !== 'after') {\r\n throw new Error('The \\'unpopulateResource\\' hook should only be used as a \\'after\\' hook.')\r\n }\r\n\r\n return unpopulateObject({ serviceField: 'resourcesService', idField: 'resource' })(hook)\r\n}\r\n\r\nexport function preventEscalation (hook) {\r\n if (hook.type !== 'before') {\r\n throw new Error('The \\'preventEscalation\\' hook should only be used as a \\'before\\' hook.')\r\n }\r\n\r\n const params = hook.params\r\n // If called internally we skip authorisation\r\n let checkEscalation = _.has(params, 'provider')\r\n debug('Escalation check ' + (checkEscalation ? 'enabled' : 'disabled') + ' for provider')\r\n // If explicitely asked to perform/skip, override defaults\r\n if (_.has(params, 'checkEscalation')) {\r\n checkEscalation = params.checkEscalation\r\n debug('Escalation check ' + (checkEscalation ? 'forced' : 'unforced'))\r\n }\r\n\r\n if (checkEscalation) {\r\n const user = params.user\r\n // Make hook usable on remove as well\r\n const data = hook.data || {}\r\n // Make hook usable with query params as well\r\n const query = params.query || {}\r\n const scopeName = data.scope || query.scope // Get scope name first\r\n // Retrieve the right scope on the user\r\n const scope = _.get(user, scopeName, [])\r\n // Then the target resource\r\n const resource = _.find(scope, resource => resource._id && (resource._id.toString() === params.resource._id.toString()))\r\n // Then user permission level\r\n const permissions = (resource ? resource.permissions : undefined)\r\n const role = (permissions ? Roles[permissions] : undefined)\r\n if (_.isUndefined(role)) {\r\n debug('Role for authorisation not found on user for scope ' + scopeName)\r\n throw new Forbidden('You are not allowed to change authorisation on resource')\r\n }\r\n\r\n // Check if privilege escalation might occur, if so clamp to user permission level\r\n\r\n // Input subjects need to be checked:\r\n // - on create you should not be able to change permissions on others having higher permissions than yourself\r\n // (e.g. cannot change a owner into a manager when you are a manager)\r\n // - on remove you should not be able to remove permissions on others having higher permissions than yourself\r\n // (e.g. cannot remove a owner when you are a manager)\r\n const subjects = params.subjects.filter(subject => {\r\n const subjectScope = _.get(subject, scopeName, [])\r\n const subjectResource = _.find(subjectScope, resource => resource._id && (resource._id.toString() === params.resource._id.toString()))\r\n const subjectPermissions = (subjectResource ? subjectResource.permissions : undefined)\r\n const subjectRole = (subjectPermissions ? Roles[subjectPermissions] : undefined)\r\n const hasRole = !_.isUndefined(subjectRole)\r\n if (hook.method === 'create') {\r\n return (!hasRole || (subjectRole <= role)) // The first time no authorisation can be found\r\n } else {\r\n return (hasRole && (subjectRole <= role)) // Authorisation must be found on remove\r\n }\r\n })\r\n if (subjects.length < params.subjects.length) {\r\n debug(`${(params.subjects.length - subjects.length)} subjects with higher permissions level found for scope ${scopeName}`)\r\n throw new Forbidden('You are not allowed to change authorisation on subject(s)')\r\n }\r\n // Input permissions needs to be checked since:\r\n // - you should not be able to give higher permissions than your own ones to others\r\n // (e.g. cannot create a owner when you are a manager)\r\n let authorisationRole\r\n if (data.permissions) {\r\n authorisationRole = Roles[data.permissions]\r\n } else if (query.permissions) {\r\n authorisationRole = Roles[query.permissions]\r\n }\r\n if (!_.isUndefined(authorisationRole)) {\r\n if (authorisationRole > role) {\r\n debug('Cannot escalate with higher permissions level for scope ' + scopeName)\r\n throw new Forbidden('You are not allowed to change authorisation on resource')\r\n }\r\n }\r\n }\r\n\r\n return hook\r\n}\r\n\r\nexport function authorise (hook) {\r\n if (hook.type !== 'before') {\r\n throw new Error('The \\'authorise\\' hook should only be used as a \\'before\\' hook.')\r\n }\r\n const operation = hook.method\r\n const resourceType = hook.service.name\r\n debug('Provider is', hook.params.provider)\r\n if (hook.params.user) debug('User is', hook.params.user)\r\n debug('Operation is', operation)\r\n if (resourceType) debug('Resource type is', resourceType)\r\n\r\n // If called internally we skip authorisation\r\n let checkAuthorisation = _.has(hook.params, 'provider')\r\n debug('Access check ' + (checkAuthorisation ? 'enabled' : 'disabled') + ' for provider')\r\n // If already checked we skip authorisation\r\n if (hook.params.authorised) {\r\n debug('Access already granted')\r\n checkAuthorisation = false\r\n }\r\n // We also skip authorisation for built-in Feathers services like authentication\r\n if (typeof hook.service.getPath !== 'function') {\r\n debug('Access disabled on built-in services')\r\n checkAuthorisation = false\r\n }\r\n // If explicitely asked to perform/skip, override defaults\r\n if (_.has(hook.params, 'checkAuthorisation')) {\r\n checkAuthorisation = _.get(hook.params, 'checkAuthorisation')\r\n // Bypass authorisation for next hooks otherwise we will loop infinitely\r\n delete hook.params.checkAuthorisation\r\n debug('Access check ' + (checkAuthorisation ? 'forced' : 'unforced'))\r\n }\r\n\r\n const context = hook.service.context\r\n if (checkAuthorisation) {\r\n // Build ability for user\r\n const authorisationService = hook.app.getService('authorisations')\r\n const abilities = authorisationService.getAbilities(hook.params.user)\r\n hook.params.abilities = abilities\r\n debug('User abilities are', abilities.rules)\r\n\r\n // Check for access to service fisrt\r\n if (!hasServiceAbilities(abilities, hook.service)) {\r\n debug('Service access not granted')\r\n throw new Forbidden(`You are not allowed to access service ${hook.service.getPath()}`)\r\n }\r\n\r\n if (!hook.id) {\r\n // In this specific case there is no query to be run,\r\n // simply check against the object we'd like to create\r\n if (operation === 'create') {\r\n const resource = hook.data\r\n debug('Target resource is ', resource)\r\n if (!hasResourceAbilities(abilities, operation, resourceType, context, resource)) {\r\n debug('Resource access not granted')\r\n throw new Forbidden(`You are not allowed to perform ${operation} operation on ${resourceType}`)\r\n }\r\n } else {\r\n // When we find/update/patch/remove multiple items this ensures that\r\n // only the ones authorised by constraints on the resources will be fetched\r\n // This avoid fetching all first then check it one by one\r\n const dbQuery = objectifyIDs(getQueryForAbilities(abilities, operation, resourceType))\r\n if (dbQuery) {\r\n debug('Target resource conditions are ', dbQuery)\r\n _.merge(hook.params.query, dbQuery)\r\n } else {\r\n hook.result = { total: 0, skip: 0, data: [] }\r\n }\r\n }\r\n debug('Resource access granted')\r\n // Some specific services might not expose a get function, in this case we cannot check for authorisation\r\n // this has to be implemented by the service itself\r\n } else if (typeof hook.service.get === 'function') {\r\n // In this case (single get/update/patch/remove) we need to fetch the item first\r\n return hook.service.get(hook.id, Object.assign({ checkAuthorisation: false }, hook.params))\r\n .then(resource => {\r\n debug('Target resource is', resource)\r\n // Then check against the object we'd like to manage\r\n if (!hasResourceAbilities(abilities, operation, resourceType, context, resource)) {\r\n debug('Resource access not granted')\r\n throw new Forbidden(`You are not allowed to perform ${operation} operation on ${resourceType}`)\r\n }\r\n // Avoid fetching again the object in this case\r\n if (operation === 'get') {\r\n hook.result = resource\r\n }\r\n hook.params.authorised = true\r\n debug('Resource access granted')\r\n return hook\r\n })\r\n }\r\n } else {\r\n debug('Authorisation check skipped, access granted')\r\n }\r\n\r\n hook.params.authorised = true\r\n return Promise.resolve(hook)\r\n}\r\n\r\nexport function updateAbilities (options = {}) {\r\n return async function (hook) {\r\n const app = hook.app\r\n const params = hook.params\r\n const authorisationService = app.getService('authorisations')\r\n let subject = (options.subjectAsItem ? getItems(hook) : params.user)\r\n // We might not have all information required eg on patch to compute new abilities,\r\n // in this case we have to fetch the whole subject\r\n if (options.fetchSubject) {\r\n subject = await hook.service.get(subject._id.toString())\r\n }\r\n const abilities = authorisationService.updateAbilities(subject)\r\n debug('Abilities updated on subject', subject, abilities.rules)\r\n return hook\r\n }\r\n}\r\n\r\nexport function preventRemovingLastOwner (resourceScope) {\r\n return async function (hook) {\r\n // By pass check ?\r\n if (hook.params.force) return hook\r\n const params = hook.params\r\n const data = hook.data || {}\r\n const query = params.query || {}\r\n const scope = data.scope || query.scope\r\n const grantedPermissions = data.permissions || query.permissions\r\n const grantedRole = (grantedPermissions ? Roles[grantedPermissions] : undefined)\r\n const resource = hook.params.resource\r\n const subjects = hook.params.subjects\r\n const subjectService = hook.params.subjectsService\r\n // On create check if we try to downgrade permissions otherwise let pass through\r\n if (!_.isUndefined(grantedRole) && (grantedRole === Roles.owner)) return hook\r\n\r\n if ((scope === resourceScope) && resource && resource._id) {\r\n // Count existing owners\r\n const owners = await countSubjectsForResource(subjectService, resourceScope, resource._id, Roles.owner)\r\n // Now count owners we change/remove permissions on\r\n const removedOwners = subjects.reduce((count, subject) => {\r\n const resources = _.get(subject, resourceScope, [])\r\n const ownedResource = _.find(resources, { _id: resource._id, permissions: RoleNames[Roles.owner] })\r\n return (ownedResource ? count + 1 : count)\r\n }, 0)\r\n // If none remains stop\r\n if (removedOwners >= owners.total) {\r\n debug('Cannot remove the last owner of resource ', resource)\r\n const resourceName = resource.name ? resource.name : resource._id.toString()\r\n throw new Forbidden('You are not allowed to remove the last owner of resource ' + resourceName, {\r\n translation: {\r\n key: 'CANNOT_REMOVE_LAST_OWNER',\r\n params: { resource: resourceName }\r\n }\r\n })\r\n }\r\n }\r\n return hook\r\n }\r\n}\r\n\r\nexport function removeOrganisationGroupsAuthorisations (hook) {\r\n const app = hook.app\r\n const authorisationService = app.getService('authorisations')\r\n const org = hook.params.resource\r\n const user = hook.params.user\r\n // Unset membership for the all org groups\r\n const orgGroupService = app.getService('groups', org)\r\n return orgGroupService.find({ paginate: false })\r\n .then(groups => {\r\n return Promise.all(groups.map(group => {\r\n // Unset membership on group for the all org users\r\n return authorisationService.remove(group._id.toString(), {\r\n query: {\r\n scope: 'groups'\r\n },\r\n user,\r\n force: hook.params.force,\r\n // Because we already have resource set it as objects to avoid populating\r\n // Moreover used as an after hook the resource might not already exist anymore\r\n subjects: hook.params.subjects,\r\n subjectsService: hook.params.subjectsService,\r\n resource: group,\r\n resourcesService: orgGroupService\r\n })\r\n }))\r\n })\r\n .then(groups => {\r\n debug('Authorisations unset on groups for organisation ' + org._id)\r\n return hook\r\n })\r\n}\r\n\r\nexport async function removeOrganisationTagsAuthorisations (hook) {\r\n const app = hook.app\r\n const org = hook.params.resource\r\n const subjectService = hook.params.subjectsService\r\n const orgTagsService = app.getService('tags', org)\r\n const subjects = hook.params.subjects || []\r\n if (subjects.length === 0) return hook\r\n // Retrieve org tags\r\n const orgTags = await orgTagsService.find({ paginate: false })\r\n const promises = []\r\n subjects.forEach(subject => {\r\n const tags = subject.tags || []\r\n // Find tags from org\r\n const fromOrg = _.intersectionWith(tags, orgTags, isTagEqual)\r\n // Clear removed tags\r\n const notFromOrg = _.differenceWith(tags, orgTags, isTagEqual)\r\n // Update subject if required\r\n if (fromOrg.length > 0) {\r\n promises.push(subjectService.patch(subject._id.toString(), { tags: notFromOrg, devices: subject.devices }))\r\n }\r\n })\r\n // Perform subject updates in parallel\r\n await Promise.all(promises)\r\n debug(`Tags unset on ${promises.length} subjects for organisation ` + org._id)\r\n return hook\r\n}\r\n"]}
1
+ {"version":3,"sources":["../../../../core/api/hooks/hooks.authorisations.js"],"names":["hook","type","Error","operation","method","resourceType","service","name","debug","params","provider","user","checkAuthorisation","_","has","authorised","getPath","get","context","authorisationService","app","getService","abilities","getAbilities","rules","Forbidden","id","resource","data","dbQuery","query","transform","result","value","key","$and","$or","merge","total","skip","Object","assign","authorise","org","orgGroupService","groups","find","paginate","Promise","all","map","remove","group","_id","toString","scope","force","subjects","subjectsService","resourcesService","removeOrganisationGroupsAuthorisations","subjectService","orgTagsService","length","orgTags","promises","forEach","tags","subject","fromOrg","intersectionWith","isTagEqual","notFromOrg","differenceWith","push","patch","devices","removeOrganisationTagsAuthorisations","createJWT","populateSubjects","unpopulateSubjects","populateResource","unpopulateResource","preventEscalation","updateAbilities","preventRemovingLastOwner","options","defaults","items","isArray","Array","accessTokens","passport","payload","jwt","item","index","set","serviceField","idField","throwOnNotFound","checkEscalation","scopeName","permissions","undefined","role","Roles","isUndefined","filter","subjectScope","subjectResource","subjectPermissions","subjectRole","hasRole","authorisationRole","subjectAsItem","fetchSubject","resourceScope","grantedPermissions","grantedRole","owner","owners","removedOwners","reduce","count","resources","ownedResource","RoleNames","resourceName","translation"],"mappings":";;;;;;;;gCA8IO,WAA0BA,IAA1B,EAAgC;AACrC,QAAIA,KAAKC,IAAL,KAAc,QAAlB,EAA4B;AAC1B,YAAM,IAAIC,KAAJ,CAAU,kEAAV,CAAN;AACD;AACD,UAAMC,YAAYH,KAAKI,MAAvB;AACA,UAAMC,eAAeL,KAAKM,OAAL,CAAaC,IAAlC;AACAC,UAAM,aAAN,EAAqBR,KAAKS,MAAL,CAAYC,QAAjC;AACA,QAAIV,KAAKS,MAAL,CAAYE,IAAhB,EAAsBH,MAAM,SAAN,EAAiBR,KAAKS,MAAL,CAAYE,IAA7B;AACtBH,UAAM,cAAN,EAAsBL,SAAtB;AACA,QAAIE,YAAJ,EAAkBG,MAAM,kBAAN,EAA0BH,YAA1B;;AAElB;AACA,QAAIO,qBAAqBC,iBAAEC,GAAF,CAAMd,KAAKS,MAAX,EAAmB,UAAnB,CAAzB;AACAD,UAAM,mBAAmBI,qBAAqB,SAArB,GAAiC,UAApD,IAAkE,eAAxE;AACA;AACA,QAAIZ,KAAKS,MAAL,CAAYM,UAAhB,EAA4B;AAC1BP,YAAM,wBAAN;AACAI,2BAAqB,KAArB;AACD;AACD;AACA,QAAI,OAAOZ,KAAKM,OAAL,CAAaU,OAApB,KAAgC,UAApC,EAAgD;AAC9CR,YAAM,sCAAN;AACAI,2BAAqB,KAArB;AACD;AACD;AACA,QAAIC,iBAAEC,GAAF,CAAMd,KAAKS,MAAX,EAAmB,oBAAnB,CAAJ,EAA8C;AAC5CG,2BAAqBC,iBAAEI,GAAF,CAAMjB,KAAKS,MAAX,EAAmB,oBAAnB,CAArB;AACA;AACA,aAAOT,KAAKS,MAAL,CAAYG,kBAAnB;AACAJ,YAAM,mBAAmBI,qBAAqB,QAArB,GAAgC,UAAnD,CAAN;AACD;;AAED,UAAMM,UAAUlB,KAAKM,OAAL,CAAaY,OAA7B;AACA,QAAIN,kBAAJ,EAAwB;AACtB;AACA,YAAMO,uBAAuBnB,KAAKoB,GAAL,CAASC,UAAT,CAAoB,gBAApB,CAA7B;AACA,YAAMC,YAAY,MAAMH,qBAAqBI,YAArB,CAAkCvB,KAAKS,MAAL,CAAYE,IAA9C,CAAxB;AACAX,WAAKS,MAAL,CAAYa,SAAZ,GAAwBA,SAAxB;AACAd,YAAM,oBAAN,EAA4Bc,UAAUE,KAAtC;;AAEA;AACA,UAAI,CAAC,sCAAoBF,SAApB,EAA+BtB,KAAKM,OAApC,CAAL,EAAmD;AACjDE,cAAM,4BAAN;AACA,cAAM,IAAIiB,iBAAJ,CAAe,yCAAwCzB,KAAKM,OAAL,CAAaU,OAAb,EAAuB,EAA9E,CAAN;AACD;;AAED,UAAI,CAAChB,KAAK0B,EAAV,EAAc;AACZ;AACA;AACA,YAAIvB,cAAc,QAAlB,EAA4B;AAC1B,gBAAMwB,WAAW3B,KAAK4B,IAAtB;AACApB,gBAAM,qBAAN,EAA6BmB,QAA7B;AACA,cAAI,CAAC,uCAAqBL,SAArB,EAAgCnB,SAAhC,EAA2CE,YAA3C,EAAyDa,OAAzD,EAAkES,QAAlE,CAAL,EAAkF;AAChFnB,kBAAM,6BAAN;AACA,kBAAM,IAAIiB,iBAAJ,CAAe,kCAAiCtB,SAAU,iBAAgBE,YAAa,EAAvF,CAAN;AACD;AACF,SAPD,MAOO;AACL;AACA;AACA;AACA,gBAAMwB,UAAU,sBAAa,uCAAqBP,SAArB,EAAgCnB,SAAhC,EAA2CE,YAA3C,CAAb,CAAhB;AACA,cAAIwB,OAAJ,EAAa;AACX7B,iBAAKS,MAAL,CAAYqB,KAAZ,GAAoBjB,iBAAEkB,SAAF,CAAY/B,KAAKS,MAAL,CAAYqB,KAAxB,EAA+B,UAACE,MAAD,EAASC,KAAT,EAAgBC,GAAhB,EAAwB;AACzE,kBAAIA,QAAQ,KAAZ,EAAmBF,OAAOG,IAAP,GAAc,CAAC,EAAEC,KAAKH,KAAP,EAAD,CAAd,CAAnB,KACKD,OAAOE,GAAP,IAAcD,KAAd;AACN,aAHmB,EAGjB,EAHiB,CAApB;AAIApB,6BAAEwB,KAAF,CAAQrC,KAAKS,MAAL,CAAYqB,KAApB,EAA2BD,OAA3B;AACD,WAND,MAMO;AACL7B,iBAAKgC,MAAL,GAAc,EAAEM,OAAO,CAAT,EAAYC,MAAM,CAAlB,EAAqBX,MAAM,EAA3B,EAAd;AACD;AACF;AACDpB,cAAM,yBAAN;AACF;AACA;AACC,OA5BD,MA4BO,IAAI,OAAOR,KAAKM,OAAL,CAAaW,GAApB,KAA4B,UAAhC,EAA4C;AACjD;AACA,cAAMU,WAAW,MAAM3B,KAAKM,OAAL,CAAaW,GAAb,CAAiBjB,KAAK0B,EAAtB,EAA0Bc,OAAOC,MAAP,CAAc,EAAE7B,oBAAoB,KAAtB,EAAd,EAA6CZ,KAAKS,MAAlD,CAA1B,CAAvB;AACAD,cAAM,oBAAN,EAA4BmB,QAA5B;AACA;AACA,YAAI,CAAC,uCAAqBL,SAArB,EAAgCnB,SAAhC,EAA2CE,YAA3C,EAAyDa,OAAzD,EAAkES,QAAlE,CAAL,EAAkF;AAChFnB,gBAAM,6BAAN;AACA,gBAAM,IAAIiB,iBAAJ,CAAe,kCAAiCtB,SAAU,iBAAgBE,YAAa,EAAvF,CAAN;AACD;AACD;AACA,YAAIF,cAAc,KAAlB,EAAyB;AACvBH,eAAKgC,MAAL,GAAcL,QAAd;AACD;AACD3B,aAAKS,MAAL,CAAYM,UAAZ,GAAyB,IAAzB;AACAP,cAAM,yBAAN;AACA,eAAOR,IAAP;AACD;AACF,KA1DD,MA0DO;AACLQ,YAAM,6CAAN;AACD;;AAEDR,SAAKS,MAAL,CAAYM,UAAZ,GAAyB,IAAzB;AACA,WAAOf,IAAP;AACD,G;;kBAjGqB0C,S;;;;;;gCA6Jf,WAAuD1C,IAAvD,EAA6D;AAClE,UAAMoB,MAAMpB,KAAKoB,GAAjB;AACA,UAAMD,uBAAuBC,IAAIC,UAAJ,CAAe,gBAAf,CAA7B;AACA,UAAMsB,MAAM3C,KAAKS,MAAL,CAAYkB,QAAxB;AACA,UAAMhB,OAAOX,KAAKS,MAAL,CAAYE,IAAzB;AACA;AACA,UAAMiC,kBAAkBxB,IAAIC,UAAJ,CAAe,QAAf,EAAyBsB,GAAzB,CAAxB;AACA,UAAME,SAAS,MAAMD,gBAAgBE,IAAhB,CAAqB,EAAEC,UAAU,KAAZ,EAArB,CAArB;AACA,UAAMC,QAAQC,GAAR,CAAYJ,OAAOK,GAAP,CAAW,iBAAS;AACtC;AACE,aAAO/B,qBAAqBgC,MAArB,CAA4BC,MAAMC,GAAN,CAAUC,QAAV,EAA5B,EAAkD;AACvDxB,eAAO;AACLyB,iBAAO;AADF,SADgD;AAIvD5C,YAJuD;AAKvD6C,eAAOxD,KAAKS,MAAL,CAAY+C,KALoC;AAMvD;AACA;AACAC,kBAAUzD,KAAKS,MAAL,CAAYgD,QARiC;AASvDC,yBAAiB1D,KAAKS,MAAL,CAAYiD,eAT0B;AAUvD/B,kBAAUyB,KAV6C;AAWvDO,0BAAkBf;AAXqC,OAAlD,CAAP;AAaD,KAfiB,CAAZ,CAAN;AAgBApC,UAAM,qDAAqDmC,IAAIU,GAA/D;AACA,WAAOrD,IAAP;AACD,G;;kBA1BqB4D,sC;;;;;;gCA4Bf,WAAqD5D,IAArD,EAA2D;AAChE,UAAMoB,MAAMpB,KAAKoB,GAAjB;AACA,UAAMuB,MAAM3C,KAAKS,MAAL,CAAYkB,QAAxB;AACA,UAAMkC,iBAAiB7D,KAAKS,MAAL,CAAYiD,eAAnC;AACA,UAAMI,iBAAiB1C,IAAIC,UAAJ,CAAe,MAAf,EAAuBsB,GAAvB,CAAvB;AACA,UAAMc,WAAWzD,KAAKS,MAAL,CAAYgD,QAAZ,IAAwB,EAAzC;AACA,QAAIA,SAASM,MAAT,KAAoB,CAAxB,EAA2B,OAAO/D,IAAP;AAC3B;AACA,UAAMgE,UAAU,MAAMF,eAAehB,IAAf,CAAoB,EAAEC,UAAU,KAAZ,EAApB,CAAtB;AACA,UAAMkB,WAAW,EAAjB;AACAR,aAASS,OAAT,CAAiB,mBAAW;AAC1B,YAAMC,OAAOC,QAAQD,IAAR,IAAgB,EAA7B;AACA;AACA,YAAME,UAAUxD,iBAAEyD,gBAAF,CAAmBH,IAAnB,EAAyBH,OAAzB,EAAkCO,kBAAlC,CAAhB;AACA;AACA,YAAMC,aAAa3D,iBAAE4D,cAAF,CAAiBN,IAAjB,EAAuBH,OAAvB,EAAgCO,kBAAhC,CAAnB;AACA;AACA,UAAIF,QAAQN,MAAR,GAAiB,CAArB,EAAwB;AACtBE,iBAASS,IAAT,CAAcb,eAAec,KAAf,CAAqBP,QAAQf,GAAR,CAAYC,QAAZ,EAArB,EAA6C,EAAEa,MAAMK,UAAR,EAAoBI,SAASR,QAAQQ,OAArC,EAA7C,CAAd;AACD;AACF,KAVD;AAWA;AACA,UAAM5B,QAAQC,GAAR,CAAYgB,QAAZ,CAAN;AACAzD,UAAO,iBAAgByD,SAASF,MAAO,6BAAjC,GAAgEpB,IAAIU,GAA1E;AACA,WAAOrD,IAAP;AACD,G;;kBAzBqB6E,oC;;;;;QA5TNC,S,GAAAA,S;QAsBAC,gB,GAAAA,gB;QAQAC,kB,GAAAA,kB;QAQAC,gB,GAAAA,gB;QAQAC,kB,GAAAA,kB;QAQAC,iB,GAAAA,iB;QAgLAC,e,GAAAA,e;QAiBAC,wB,GAAAA,wB;;AAlQhB;;;;AACA;;;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;;;;;AAEA,MAAM7E,QAAQ,qBAAU,+BAAV,CAAd;;AAEO,SAASsE,SAAT,CAAoBQ,UAAU,EAA9B,EAAkC;AACvC;AAAA,iCAAO,WAAgBtF,IAAhB,EAAsB;AAC3B,YAAMuF,WAAWvF,KAAKoB,GAAL,CAASH,GAAT,CAAa,gBAAb,KAAkCjB,KAAKoB,GAAL,CAASH,GAAT,CAAa,MAAb,CAAnD;AACA,YAAMN,OAAOE,iBAAEI,GAAF,CAAMjB,IAAN,EAAY,aAAZ,CAAb;AACA,UAAIwF,QAAQ,mCAASxF,IAAT,CAAZ;AACA,YAAMyF,UAAUC,MAAMD,OAAN,CAAcD,KAAd,CAAhB;AACAA,cAASC,UAAUD,KAAV,GAAkB,CAACA,KAAD,CAA3B;AACA;AACA,YAAMG,eAAe,MAAM3C,QAAQC,GAAR,CAAYuC,MAAMtC,GAAN,CAAU;AAAA,eAAQlD,KAAKoB,GAAL,CAASwE,QAAT,CAAkBd,SAAlB;AACvD;AACC,eAAOQ,QAAQO,OAAf,KAA2B,UAA3B,GAAwCP,QAAQO,OAAR,CAAgBlF,IAAhB,CAAxC,GAAgE,EAFV;AAGvD;AACA;AACAE,yBAAEwB,KAAF,CAAQ,EAAR,EAAYkD,QAAZ,EAAuB,OAAOD,QAAQQ,GAAf,KAAuB,UAAvB,GAAoC,EAAEA,KAAKR,QAAQQ,GAAR,CAAYnF,IAAZ,CAAP,EAApC,GAAiE2E,OAAxF,CALuD,CAAR;AAAA,OAAV,CAAZ,CAA3B;AAOA;AACAE,YAAMtB,OAAN,CAAc,UAAC6B,IAAD,EAAOC,KAAP;AAAA,eAAiBnF,iBAAEoF,GAAF,CAAMF,IAAN,EAAYT,QAAQ/E,IAAR,IAAgB,aAA5B,EAA2CoF,aAAaK,KAAb,CAA3C,CAAjB;AAAA,OAAd;AACA,6CAAahG,IAAb,EAAmByF,UAAUD,KAAV,GAAkBA,MAAM,CAAN,CAArC;AACA,aAAOxF,IAAP;AACD,KAlBD;;AAAA;AAAA;AAAA;AAAA;AAmBD;;AAEM,SAAS+E,gBAAT,CAA2B/E,IAA3B,EAAiC;AACtC,MAAIA,KAAKC,IAAL,KAAc,QAAlB,EAA4B;AAC1B,UAAM,IAAIC,KAAJ,CAAU,yEAAV,CAAN;AACD;;AAED,SAAO,4BAAgB,EAAEgG,cAAc,iBAAhB,EAAmCC,SAAS,UAA5C,EAAwDC,iBAAiB,IAAzE,EAAhB,EAAiGpG,IAAjG,CAAP;AACD;;AAEM,SAASgF,kBAAT,CAA6BhF,IAA7B,EAAmC;AACxC,MAAIA,KAAKC,IAAL,KAAc,OAAlB,EAA2B;AACzB,UAAM,IAAIC,KAAJ,CAAU,0EAAV,CAAN;AACD;;AAED,SAAO,8BAAkB,EAAEgG,cAAc,iBAAhB,EAAmCC,SAAS,UAA5C,EAAlB,EAA4EnG,IAA5E,CAAP;AACD;;AAEM,SAASiF,gBAAT,CAA2BjF,IAA3B,EAAiC;AACtC,MAAIA,KAAKC,IAAL,KAAc,QAAlB,EAA4B;AAC1B,UAAM,IAAIC,KAAJ,CAAU,yEAAV,CAAN;AACD;;AAED,SAAO,2BAAe,EAAEgG,cAAc,kBAAhB,EAAoCC,SAAS,UAA7C,EAAyDC,iBAAiB,IAA1E,EAAf,EAAiGpG,IAAjG,CAAP;AACD;;AAEM,SAASkF,kBAAT,CAA6BlF,IAA7B,EAAmC;AACxC,MAAIA,KAAKC,IAAL,KAAc,OAAlB,EAA2B;AACzB,UAAM,IAAIC,KAAJ,CAAU,0EAAV,CAAN;AACD;;AAED,SAAO,6BAAiB,EAAEgG,cAAc,kBAAhB,EAAoCC,SAAS,UAA7C,EAAjB,EAA4EnG,IAA5E,CAAP;AACD;;AAEM,SAASmF,iBAAT,CAA4BnF,IAA5B,EAAkC;AACvC,MAAIA,KAAKC,IAAL,KAAc,QAAlB,EAA4B;AAC1B,UAAM,IAAIC,KAAJ,CAAU,0EAAV,CAAN;AACD;;AAED,QAAMO,SAAST,KAAKS,MAApB;AACA;AACA,MAAI4F,kBAAkBxF,iBAAEC,GAAF,CAAML,MAAN,EAAc,UAAd,CAAtB;AACAD,QAAM,uBAAuB6F,kBAAkB,SAAlB,GAA8B,UAArD,IAAmE,eAAzE;AACA;AACA,MAAIxF,iBAAEC,GAAF,CAAML,MAAN,EAAc,iBAAd,CAAJ,EAAsC;AACpC4F,sBAAkB5F,OAAO4F,eAAzB;AACA7F,UAAM,uBAAuB6F,kBAAkB,QAAlB,GAA6B,UAApD,CAAN;AACD;;AAED,MAAIA,eAAJ,EAAqB;AACnB,UAAM1F,OAAOF,OAAOE,IAApB;AACA;AACA,UAAMiB,OAAO5B,KAAK4B,IAAL,IAAa,EAA1B;AACA;AACA,UAAME,QAAQrB,OAAOqB,KAAP,IAAgB,EAA9B;AACA,UAAMwE,YAAY1E,KAAK2B,KAAL,IAAczB,MAAMyB,KAAtC,CANmB,CAMyB;AAC5C;AACA,UAAMA,QAAQ1C,iBAAEI,GAAF,CAAMN,IAAN,EAAY2F,SAAZ,EAAuB,EAAvB,CAAd;AACA;AACA,UAAM3E,WAAWd,iBAAEiC,IAAF,CAAOS,KAAP,EAAc5B,YAAYA,SAAS0B,GAAT,IAAiB1B,SAAS0B,GAAT,CAAaC,QAAb,OAA4B7C,OAAOkB,QAAP,CAAgB0B,GAAhB,CAAoBC,QAApB,EAAvE,CAAjB;AACA;AACA,UAAMiD,cAAe5E,WAAWA,SAAS4E,WAApB,GAAkCC,SAAvD;AACA,UAAMC,OAAQF,cAAcG,mBAAMH,WAAN,CAAd,GAAmCC,SAAjD;AACA,QAAI3F,iBAAE8F,WAAF,CAAcF,IAAd,CAAJ,EAAyB;AACvBjG,YAAM,wDAAwD8F,SAA9D;AACA,YAAM,IAAI7E,iBAAJ,CAAc,yDAAd,CAAN;AACD;;AAED;;AAEA;AACA;AACA;AACA;AACA;AACA,UAAMgC,WAAWhD,OAAOgD,QAAP,CAAgBmD,MAAhB,CAAuBxC,WAAW;AACjD,YAAMyC,eAAehG,iBAAEI,GAAF,CAAMmD,OAAN,EAAekC,SAAf,EAA0B,EAA1B,CAArB;AACA,YAAMQ,kBAAkBjG,iBAAEiC,IAAF,CAAO+D,YAAP,EAAqBlF,YAAYA,SAAS0B,GAAT,IAAiB1B,SAAS0B,GAAT,CAAaC,QAAb,OAA4B7C,OAAOkB,QAAP,CAAgB0B,GAAhB,CAAoBC,QAApB,EAA9E,CAAxB;AACA,YAAMyD,qBAAsBD,kBAAkBA,gBAAgBP,WAAlC,GAAgDC,SAA5E;AACA,YAAMQ,cAAeD,qBAAqBL,mBAAMK,kBAAN,CAArB,GAAiDP,SAAtE;AACA,YAAMS,UAAU,CAACpG,iBAAE8F,WAAF,CAAcK,WAAd,CAAjB;AACA,UAAIhH,KAAKI,MAAL,KAAgB,QAApB,EAA8B;AAC5B,eAAQ,CAAC6G,OAAD,IAAaD,eAAeP,IAApC,CAD4B,CACe;AAC5C,OAFD,MAEO;AACL,eAAQQ,WAAYD,eAAeP,IAAnC,CADK,CACqC;AAC3C;AACF,KAXgB,CAAjB;AAYA,QAAIhD,SAASM,MAAT,GAAkBtD,OAAOgD,QAAP,CAAgBM,MAAtC,EAA8C;AAC5CvD,YAAO,GAAGC,OAAOgD,QAAP,CAAgBM,MAAhB,GAAyBN,SAASM,MAAQ,2DAA0DuC,SAAU,EAAxH;AACA,YAAM,IAAI7E,iBAAJ,CAAc,2DAAd,CAAN;AACD;AACD;AACA;AACA;AACA,QAAIyF,iBAAJ;AACA,QAAItF,KAAK2E,WAAT,EAAsB;AACpBW,0BAAoBR,mBAAM9E,KAAK2E,WAAX,CAApB;AACD,KAFD,MAEO,IAAIzE,MAAMyE,WAAV,EAAuB;AAC5BW,0BAAoBR,mBAAM5E,MAAMyE,WAAZ,CAApB;AACD;AACD,QAAI,CAAC1F,iBAAE8F,WAAF,CAAcO,iBAAd,CAAL,EAAuC;AACrC,UAAIA,oBAAoBT,IAAxB,EAA8B;AAC5BjG,cAAM,6DAA6D8F,SAAnE;AACA,cAAM,IAAI7E,iBAAJ,CAAc,yDAAd,CAAN;AACD;AACF;AACF;;AAED,SAAOzB,IAAP;AACD;;AAqGM,SAASoF,eAAT,CAA0BE,UAAU,EAApC,EAAwC;AAC7C;AAAA,kCAAO,WAAgBtF,IAAhB,EAAsB;AAC3B,YAAMoB,MAAMpB,KAAKoB,GAAjB;AACA,YAAMX,SAAST,KAAKS,MAApB;AACA,YAAMU,uBAAuBC,IAAIC,UAAJ,CAAe,gBAAf,CAA7B;AACA,UAAI+C,UAAWkB,QAAQ6B,aAAR,GAAwB,mCAASnH,IAAT,CAAxB,GAAyCS,OAAOE,IAA/D;AACA;AACA;AACA,UAAI2E,QAAQ8B,YAAZ,EAA0B;AACxBhD,kBAAU,MAAMpE,KAAKM,OAAL,CAAaW,GAAb,CAAiBmD,QAAQf,GAAR,CAAYC,QAAZ,EAAjB,CAAhB;AACD;AACD,YAAMhC,YAAY,MAAMH,qBAAqBiE,eAArB,CAAqChB,OAArC,CAAxB;AACA5D,YAAM,8BAAN,EAAsC4D,OAAtC,EAA+C9C,UAAUE,KAAzD;AACA,aAAOxB,IAAP;AACD,KAbD;;AAAA;AAAA;AAAA;AAAA;AAcD;;AAEM,SAASqF,wBAAT,CAAmCgC,aAAnC,EAAkD;AACvD;AAAA,kCAAO,WAAgBrH,IAAhB,EAAsB;AAC3B;AACA,UAAIA,KAAKS,MAAL,CAAY+C,KAAhB,EAAuB,OAAOxD,IAAP;AACvB,YAAMS,SAAST,KAAKS,MAApB;AACA,YAAMmB,OAAO5B,KAAK4B,IAAL,IAAa,EAA1B;AACA,YAAME,QAAQrB,OAAOqB,KAAP,IAAgB,EAA9B;AACA,YAAMyB,QAAQ3B,KAAK2B,KAAL,IAAczB,MAAMyB,KAAlC;AACA,YAAM+D,qBAAqB1F,KAAK2E,WAAL,IAAoBzE,MAAMyE,WAArD;AACA,YAAMgB,cAAeD,qBAAqBZ,mBAAMY,kBAAN,CAArB,GAAiDd,SAAtE;AACA,YAAM7E,WAAW3B,KAAKS,MAAL,CAAYkB,QAA7B;AACA,YAAM8B,WAAWzD,KAAKS,MAAL,CAAYgD,QAA7B;AACA,YAAMI,iBAAiB7D,KAAKS,MAAL,CAAYiD,eAAnC;AACA;AACA,UAAI,CAAC7C,iBAAE8F,WAAF,CAAcY,WAAd,CAAD,IAAgCA,gBAAgBb,mBAAMc,KAA1D,EAAkE,OAAOxH,IAAP;;AAElE,UAAKuD,UAAU8D,aAAX,IAA6B1F,QAA7B,IAAyCA,SAAS0B,GAAtD,EAA2D;AACzD;AACA,cAAMoE,SAAS,MAAM,2CAAyB5D,cAAzB,EAAyCwD,aAAzC,EAAwD1F,SAAS0B,GAAjE,EAAsEqD,mBAAMc,KAA5E,CAArB;AACA;AACA,cAAME,gBAAgBjE,SAASkE,MAAT,CAAgB,UAACC,KAAD,EAAQxD,OAAR,EAAoB;AACxD,gBAAMyD,YAAYhH,iBAAEI,GAAF,CAAMmD,OAAN,EAAeiD,aAAf,EAA8B,EAA9B,CAAlB;AACA,gBAAMS,gBAAgBjH,iBAAEiC,IAAF,CAAO+E,SAAP,EAAkB,EAAExE,KAAK1B,SAAS0B,GAAhB,EAAqBkD,aAAawB,uBAAUrB,mBAAMc,KAAhB,CAAlC,EAAlB,CAAtB;AACA,iBAAQM,gBAAgBF,QAAQ,CAAxB,GAA4BA,KAApC;AACD,SAJqB,EAInB,CAJmB,CAAtB;AAKA;AACA,YAAIF,iBAAiBD,OAAOnF,KAA5B,EAAmC;AACjC9B,gBAAM,2CAAN,EAAmDmB,QAAnD;AACA,gBAAMqG,eAAerG,SAASpB,IAAT,GAAgBoB,SAASpB,IAAzB,GAAgCoB,SAAS0B,GAAT,CAAaC,QAAb,EAArD;AACA,gBAAM,IAAI7B,iBAAJ,CAAc,8DAA8DuG,YAA5E,EAA0F;AAC9FC,yBAAa;AACX/F,mBAAK,0BADM;AAEXzB,sBAAQ,EAAEkB,UAAUqG,YAAZ;AAFG;AADiF,WAA1F,CAAN;AAMD;AACF;AACD,aAAOhI,IAAP;AACD,KArCD;;AAAA;AAAA;AAAA;AAAA;AAsCD","file":"hooks.authorisations.js","sourcesContent":["import _ from 'lodash'\r\nimport makeDebug from 'debug'\r\nimport { getItems, replaceItems } from 'feathers-hooks-common'\r\nimport { Forbidden } from '@feathersjs/errors'\r\nimport { populateObject, unpopulateObject, populateObjects, unpopulateObjects } from './hooks.query'\r\nimport { objectifyIDs } from '../db'\r\nimport { hasServiceAbilities, hasResourceAbilities, getQueryForAbilities, Roles, RoleNames, countSubjectsForResource } from '../../common/permissions'\r\nimport { isTagEqual } from './hooks.tags'\r\n\r\nconst debug = makeDebug('kdk:core:authorisations:hooks')\r\n\r\nexport function createJWT (options = {}) {\r\n return async function (hook) {\r\n const defaults = hook.app.get('authentication') || hook.app.get('auth')\r\n const user = _.get(hook, 'params.user')\r\n let items = getItems(hook)\r\n const isArray = Array.isArray(items)\r\n items = (isArray ? items : [items])\r\n // Generate access tokens for all items\r\n const accessTokens = await Promise.all(items.map(item => hook.app.passport.createJWT(\r\n // Provided function can be used to pick or omit properties in JWT payload\r\n (typeof options.payload === 'function' ? options.payload(user) : {}),\r\n // Provided function can be used for custom options cdepending on the user,\r\n // then we merge with default auth options for global properties like aud, iss, etc.\r\n _.merge({}, defaults, (typeof options.jwt === 'function' ? { jwt: options.jwt(user) } : options)))\r\n ))\r\n // Store access token on items\r\n items.forEach((item, index) => _.set(item, options.name || 'accessToken', accessTokens[index]))\r\n replaceItems(hook, isArray ? items : items[0])\r\n return hook\r\n }\r\n}\r\n\r\nexport function populateSubjects (hook) {\r\n if (hook.type !== 'before') {\r\n throw new Error('The \\'populateSubjects\\' hook should only be used as a \\'before\\' hook.')\r\n }\r\n\r\n return populateObjects({ serviceField: 'subjectsService', idField: 'subjects', throwOnNotFound: true })(hook)\r\n}\r\n\r\nexport function unpopulateSubjects (hook) {\r\n if (hook.type !== 'after') {\r\n throw new Error('The \\'unpopulateSubjects\\' hook should only be used as a \\'after\\' hook.')\r\n }\r\n\r\n return unpopulateObjects({ serviceField: 'subjectsService', idField: 'subjects' })(hook)\r\n}\r\n\r\nexport function populateResource (hook) {\r\n if (hook.type !== 'before') {\r\n throw new Error('The \\'populateResource\\' hook should only be used as a \\'before\\' hook.')\r\n }\r\n\r\n return populateObject({ serviceField: 'resourcesService', idField: 'resource', throwOnNotFound: true })(hook)\r\n}\r\n\r\nexport function unpopulateResource (hook) {\r\n if (hook.type !== 'after') {\r\n throw new Error('The \\'unpopulateResource\\' hook should only be used as a \\'after\\' hook.')\r\n }\r\n\r\n return unpopulateObject({ serviceField: 'resourcesService', idField: 'resource' })(hook)\r\n}\r\n\r\nexport function preventEscalation (hook) {\r\n if (hook.type !== 'before') {\r\n throw new Error('The \\'preventEscalation\\' hook should only be used as a \\'before\\' hook.')\r\n }\r\n\r\n const params = hook.params\r\n // If called internally we skip authorisation\r\n let checkEscalation = _.has(params, 'provider')\r\n debug('Escalation check ' + (checkEscalation ? 'enabled' : 'disabled') + ' for provider')\r\n // If explicitely asked to perform/skip, override defaults\r\n if (_.has(params, 'checkEscalation')) {\r\n checkEscalation = params.checkEscalation\r\n debug('Escalation check ' + (checkEscalation ? 'forced' : 'unforced'))\r\n }\r\n\r\n if (checkEscalation) {\r\n const user = params.user\r\n // Make hook usable on remove as well\r\n const data = hook.data || {}\r\n // Make hook usable with query params as well\r\n const query = params.query || {}\r\n const scopeName = data.scope || query.scope // Get scope name first\r\n // Retrieve the right scope on the user\r\n const scope = _.get(user, scopeName, [])\r\n // Then the target resource\r\n const resource = _.find(scope, resource => resource._id && (resource._id.toString() === params.resource._id.toString()))\r\n // Then user permission level\r\n const permissions = (resource ? resource.permissions : undefined)\r\n const role = (permissions ? Roles[permissions] : undefined)\r\n if (_.isUndefined(role)) {\r\n debug('Role for authorisation not found on user for scope ' + scopeName)\r\n throw new Forbidden('You are not allowed to change authorisation on resource')\r\n }\r\n\r\n // Check if privilege escalation might occur, if so clamp to user permission level\r\n\r\n // Input subjects need to be checked:\r\n // - on create you should not be able to change permissions on others having higher permissions than yourself\r\n // (e.g. cannot change a owner into a manager when you are a manager)\r\n // - on remove you should not be able to remove permissions on others having higher permissions than yourself\r\n // (e.g. cannot remove a owner when you are a manager)\r\n const subjects = params.subjects.filter(subject => {\r\n const subjectScope = _.get(subject, scopeName, [])\r\n const subjectResource = _.find(subjectScope, resource => resource._id && (resource._id.toString() === params.resource._id.toString()))\r\n const subjectPermissions = (subjectResource ? subjectResource.permissions : undefined)\r\n const subjectRole = (subjectPermissions ? Roles[subjectPermissions] : undefined)\r\n const hasRole = !_.isUndefined(subjectRole)\r\n if (hook.method === 'create') {\r\n return (!hasRole || (subjectRole <= role)) // The first time no authorisation can be found\r\n } else {\r\n return (hasRole && (subjectRole <= role)) // Authorisation must be found on remove\r\n }\r\n })\r\n if (subjects.length < params.subjects.length) {\r\n debug(`${(params.subjects.length - subjects.length)} subjects with higher permissions level found for scope ${scopeName}`)\r\n throw new Forbidden('You are not allowed to change authorisation on subject(s)')\r\n }\r\n // Input permissions needs to be checked since:\r\n // - you should not be able to give higher permissions than your own ones to others\r\n // (e.g. cannot create a owner when you are a manager)\r\n let authorisationRole\r\n if (data.permissions) {\r\n authorisationRole = Roles[data.permissions]\r\n } else if (query.permissions) {\r\n authorisationRole = Roles[query.permissions]\r\n }\r\n if (!_.isUndefined(authorisationRole)) {\r\n if (authorisationRole > role) {\r\n debug('Cannot escalate with higher permissions level for scope ' + scopeName)\r\n throw new Forbidden('You are not allowed to change authorisation on resource')\r\n }\r\n }\r\n }\r\n\r\n return hook\r\n}\r\n\r\nexport async function authorise (hook) {\r\n if (hook.type !== 'before') {\r\n throw new Error('The \\'authorise\\' hook should only be used as a \\'before\\' hook.')\r\n }\r\n const operation = hook.method\r\n const resourceType = hook.service.name\r\n debug('Provider is', hook.params.provider)\r\n if (hook.params.user) debug('User is', hook.params.user)\r\n debug('Operation is', operation)\r\n if (resourceType) debug('Resource type is', resourceType)\r\n\r\n // If called internally we skip authorisation\r\n let checkAuthorisation = _.has(hook.params, 'provider')\r\n debug('Access check ' + (checkAuthorisation ? 'enabled' : 'disabled') + ' for provider')\r\n // If already checked we skip authorisation\r\n if (hook.params.authorised) {\r\n debug('Access already granted')\r\n checkAuthorisation = false\r\n }\r\n // We also skip authorisation for built-in Feathers services like authentication\r\n if (typeof hook.service.getPath !== 'function') {\r\n debug('Access disabled on built-in services')\r\n checkAuthorisation = false\r\n }\r\n // If explicitely asked to perform/skip, override defaults\r\n if (_.has(hook.params, 'checkAuthorisation')) {\r\n checkAuthorisation = _.get(hook.params, 'checkAuthorisation')\r\n // Bypass authorisation for next hooks otherwise we will loop infinitely\r\n delete hook.params.checkAuthorisation\r\n debug('Access check ' + (checkAuthorisation ? 'forced' : 'unforced'))\r\n }\r\n\r\n const context = hook.service.context\r\n if (checkAuthorisation) {\r\n // Build ability for user\r\n const authorisationService = hook.app.getService('authorisations')\r\n const abilities = await authorisationService.getAbilities(hook.params.user)\r\n hook.params.abilities = abilities\r\n debug('User abilities are', abilities.rules)\r\n\r\n // Check for access to service fisrt\r\n if (!hasServiceAbilities(abilities, hook.service)) {\r\n debug('Service access not granted')\r\n throw new Forbidden(`You are not allowed to access service ${hook.service.getPath()}`)\r\n }\r\n\r\n if (!hook.id) {\r\n // In this specific case there is no query to be run,\r\n // simply check against the object we'd like to create\r\n if (operation === 'create') {\r\n const resource = hook.data\r\n debug('Target resource is ', resource)\r\n if (!hasResourceAbilities(abilities, operation, resourceType, context, resource)) {\r\n debug('Resource access not granted')\r\n throw new Forbidden(`You are not allowed to perform ${operation} operation on ${resourceType}`)\r\n }\r\n } else {\r\n // When we find/update/patch/remove multiple items this ensures that\r\n // only the ones authorised by constraints on the resources will be fetched\r\n // This avoid fetching all first then check it one by one\r\n const dbQuery = objectifyIDs(getQueryForAbilities(abilities, operation, resourceType))\r\n if (dbQuery) {\r\n hook.params.query = _.transform(hook.params.query, (result, value, key) => {\r\n if (key === '$or') result.$and = [{ $or: value }]\r\n else result[key] = value\r\n }, {})\r\n _.merge(hook.params.query, dbQuery)\r\n } else {\r\n hook.result = { total: 0, skip: 0, data: [] }\r\n }\r\n }\r\n debug('Resource access granted')\r\n // Some specific services might not expose a get function, in this case we cannot check for authorisation\r\n // this has to be implemented by the service itself\r\n } else if (typeof hook.service.get === 'function') {\r\n // In this case (single get/update/patch/remove) we need to fetch the item first\r\n const resource = await hook.service.get(hook.id, Object.assign({ checkAuthorisation: false }, hook.params))\r\n debug('Target resource is', resource)\r\n // Then check against the object we'd like to manage\r\n if (!hasResourceAbilities(abilities, operation, resourceType, context, resource)) {\r\n debug('Resource access not granted')\r\n throw new Forbidden(`You are not allowed to perform ${operation} operation on ${resourceType}`)\r\n }\r\n // Avoid fetching again the object in this case\r\n if (operation === 'get') {\r\n hook.result = resource\r\n }\r\n hook.params.authorised = true\r\n debug('Resource access granted')\r\n return hook\r\n }\r\n } else {\r\n debug('Authorisation check skipped, access granted')\r\n }\r\n\r\n hook.params.authorised = true\r\n return hook\r\n}\r\n\r\nexport function updateAbilities (options = {}) {\r\n return async function (hook) {\r\n const app = hook.app\r\n const params = hook.params\r\n const authorisationService = app.getService('authorisations')\r\n let subject = (options.subjectAsItem ? getItems(hook) : params.user)\r\n // We might not have all information required eg on patch to compute new abilities,\r\n // in this case we have to fetch the whole subject\r\n if (options.fetchSubject) {\r\n subject = await hook.service.get(subject._id.toString())\r\n }\r\n const abilities = await authorisationService.updateAbilities(subject)\r\n debug('Abilities updated on subject', subject, abilities.rules)\r\n return hook\r\n }\r\n}\r\n\r\nexport function preventRemovingLastOwner (resourceScope) {\r\n return async function (hook) {\r\n // By pass check ?\r\n if (hook.params.force) return hook\r\n const params = hook.params\r\n const data = hook.data || {}\r\n const query = params.query || {}\r\n const scope = data.scope || query.scope\r\n const grantedPermissions = data.permissions || query.permissions\r\n const grantedRole = (grantedPermissions ? Roles[grantedPermissions] : undefined)\r\n const resource = hook.params.resource\r\n const subjects = hook.params.subjects\r\n const subjectService = hook.params.subjectsService\r\n // On create check if we try to downgrade permissions otherwise let pass through\r\n if (!_.isUndefined(grantedRole) && (grantedRole === Roles.owner)) return hook\r\n\r\n if ((scope === resourceScope) && resource && resource._id) {\r\n // Count existing owners\r\n const owners = await countSubjectsForResource(subjectService, resourceScope, resource._id, Roles.owner)\r\n // Now count owners we change/remove permissions on\r\n const removedOwners = subjects.reduce((count, subject) => {\r\n const resources = _.get(subject, resourceScope, [])\r\n const ownedResource = _.find(resources, { _id: resource._id, permissions: RoleNames[Roles.owner] })\r\n return (ownedResource ? count + 1 : count)\r\n }, 0)\r\n // If none remains stop\r\n if (removedOwners >= owners.total) {\r\n debug('Cannot remove the last owner of resource ', resource)\r\n const resourceName = resource.name ? resource.name : resource._id.toString()\r\n throw new Forbidden('You are not allowed to remove the last owner of resource ' + resourceName, {\r\n translation: {\r\n key: 'CANNOT_REMOVE_LAST_OWNER',\r\n params: { resource: resourceName }\r\n }\r\n })\r\n }\r\n }\r\n return hook\r\n }\r\n}\r\n\r\nexport async function removeOrganisationGroupsAuthorisations (hook) {\r\n const app = hook.app\r\n const authorisationService = app.getService('authorisations')\r\n const org = hook.params.resource\r\n const user = hook.params.user\r\n // Unset membership for the all org groups\r\n const orgGroupService = app.getService('groups', org)\r\n const groups = await orgGroupService.find({ paginate: false })\r\n await Promise.all(groups.map(group => {\r\n // Unset membership on group for the all org users\r\n return authorisationService.remove(group._id.toString(), {\r\n query: {\r\n scope: 'groups'\r\n },\r\n user,\r\n force: hook.params.force,\r\n // Because we already have resource set it as objects to avoid populating\r\n // Moreover used as an after hook the resource might not already exist anymore\r\n subjects: hook.params.subjects,\r\n subjectsService: hook.params.subjectsService,\r\n resource: group,\r\n resourcesService: orgGroupService\r\n })\r\n }))\r\n debug('Authorisations unset on groups for organisation ' + org._id)\r\n return hook\r\n}\r\n\r\nexport async function removeOrganisationTagsAuthorisations (hook) {\r\n const app = hook.app\r\n const org = hook.params.resource\r\n const subjectService = hook.params.subjectsService\r\n const orgTagsService = app.getService('tags', org)\r\n const subjects = hook.params.subjects || []\r\n if (subjects.length === 0) return hook\r\n // Retrieve org tags\r\n const orgTags = await orgTagsService.find({ paginate: false })\r\n const promises = []\r\n subjects.forEach(subject => {\r\n const tags = subject.tags || []\r\n // Find tags from org\r\n const fromOrg = _.intersectionWith(tags, orgTags, isTagEqual)\r\n // Clear removed tags\r\n const notFromOrg = _.differenceWith(tags, orgTags, isTagEqual)\r\n // Update subject if required\r\n if (fromOrg.length > 0) {\r\n promises.push(subjectService.patch(subject._id.toString(), { tags: notFromOrg, devices: subject.devices }))\r\n }\r\n })\r\n // Perform subject updates in parallel\r\n await Promise.all(promises)\r\n debug(`Tags unset on ${promises.length} subjects for organisation ` + org._id)\r\n return hook\r\n}\r\n"]}
package/lib/core/api/hooks/hooks.organisations.js CHANGED
@@ -3,7 +3,7 @@
3
3
  Object.defineProperty(exports, "__esModule", {
4
4
  value: true
5
5
  });
6
- exports.createSubscribersGroup = exports.preventRemoveOrganisation = exports.removeOrganisationTags = undefined;
6
+ exports.preventRemoveOrganisation = exports.removeOrganisationTags = undefined;
7
7
 
8
8
  let removeOrganisationTags = exports.removeOrganisationTags = (() => {
9
9
  var _ref2 = _asyncToGenerator(function* (hook) {
@@ -62,28 +62,6 @@ let preventRemoveOrganisation = exports.preventRemoveOrganisation = (() => {
62
62
  };
63
63
  })();
64
64
 
65
- let createSubscribersGroup = exports.createSubscribersGroup = (() => {
66
- var _ref4 = _asyncToGenerator(function* (hook) {
67
- if (hook.type !== 'after') {
68
- throw new Error('The \'createSubscribersGroup\' hook should only be used as a \'after\' hook.');
69
- }
70
-
71
- const app = hook.app;
72
- const orgId = hook.result._id;
73
- const orgGroupService = app.getService('groups', orgId);
74
- yield orgGroupService.create({
75
- name: 'KGroup.SUBSCRIBERS_GROUP_NAME',
76
- description: 'KGroup.SUBSCRIBERS_GROUP_DESCRIPTION',
77
- system: true
78
- }, hook.params);
79
- return hook;
80
- });
81
-
82
- return function createSubscribersGroup(_x4) {
83
- return _ref4.apply(this, arguments);
84
- };
85
- })();
86
-
87
65
  exports.addOrganisationPlan = addOrganisationPlan;
88
66
  exports.createOrganisationServices = createOrganisationServices;
89
67
  exports.removeOrganisationServices = removeOrganisationServices;
package/lib/core/api/hooks/hooks.organisations.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../../../core/api/hooks/hooks.organisations.js"],"names":["hook","type","Error","app","orgTagsService","getService","result","tags","find","paginate","orgMembersService","members","i","member","filteredTagsMember","_","filter","tag","findIndex","_id","patch","debug","removeOrganisationTags","params","force","orgGroupService","id","$limit","total","Forbidden","translation","key","preventRemoveOrganisation","orgId","create","name","description","system","createSubscribersGroup","addOrganisationPlan","createOrganisationServices","removeOrganisationServices","createOrganisationAuthorisations","removeOrganisationAuthorisations","updateOrganisationResource","removeOrganisationGroups","createPrivateOrganisation","removePrivateOrganisation","plans","keys","get","plan","data","length","set","organisationService","service","databaseService","toString","user","then","db","client","remove","authorisationService","userService","scope","permissions","subjects","subjectsService","resource","resourcesService","authorisation","query","resourceScope","getContextId","$elemMatch","Promise","all","map","resources","Object","assign","resolve","groups","group","profile","org"],"mappings":";;;;;;;;gCAuKO,WAAuCA,IAAvC,EAA6C;AAClD,QAAIA,KAAKC,IAAL,KAAc,OAAlB,EAA2B;AACzB,YAAM,IAAIC,KAAJ,CAAU,8EAAV,CAAN;AACD;;AAED,UAAMC,MAAMH,KAAKG,GAAjB;AACA;AACA,UAAMC,iBAAiBD,IAAIE,UAAJ,CAAe,MAAf,EAAuBL,KAAKM,MAA5B,CAAvB;AACA,UAAMC,OAAO,MAAMH,eAAeI,IAAf,CAAoB,EAAEC,UAAU,KAAZ,EAApB,CAAnB;AACA;AACA,UAAMC,oBAAoBP,IAAIE,UAAJ,CAAe,SAAf,EAA0BL,KAAKM,MAA/B,CAA1B;AACA,UAAMK,UAAU,MAAMD,kBAAkBF,IAAlB,CAAuB,EAAEC,UAAU,KAAZ,EAAvB,CAAtB;AACA;AACA,SAAK,MAAMG,CAAX,IAAgBD,OAAhB,EAAyB;AACvB,YAAME,SAASF,QAAQC,CAAR,CAAf;AACA,UAAIC,OAAON,IAAX,EAAiB;AACf,cAAMO,qBAAqBC,iBAAEC,MAAF,CAASH,OAAON,IAAhB,EAAsB,UAACU,GAAD,EAAS;AACxD,iBAAOF,iBAAEG,SAAF,CAAYX,IAAZ,EAAkB,EAAEY,KAAKF,IAAIE,GAAX,EAAlB,MAAwC,CAAC,CAAhD;AACD,SAF0B,CAA3B;AAGA,cAAMT,kBAAkBU,KAAlB,CAAwBP,OAAOM,GAA/B,EAAoC,EAAEZ,MAAMO,kBAAR,EAApC,CAAN;AACD;AACF;;AAEDO,UAAM,oCAAoCrB,KAAKM,MAAL,CAAYa,GAAtD;AACA,WAAOnB,IAAP;AACD,G;;kBAzBqBsB,sB;;;;;;gCA8Df,WAA0CtB,IAA1C,EAAgD;AACrD,QAAIA,KAAKC,IAAL,KAAc,QAAlB,EAA4B;AAC1B,YAAM,IAAIC,KAAJ,CAAU,mFAAV,CAAN;AACD;;AAED;AACA,QAAIF,KAAKuB,MAAL,CAAYC,KAAhB,EAAuB,OAAOxB,IAAP;AACvB,UAAMG,MAAMH,KAAKG,GAAjB;AACA,UAAMsB,kBAAkBtB,IAAIE,UAAJ,CAAe,QAAf,EAAyBL,KAAK0B,EAA9B,CAAxB;AACA,UAAMpB,SAAS,MAAMmB,gBAAgBjB,IAAhB,CAAqB,EAAEmB,QAAQ,CAAV,EAArB,CAArB;AACA,QAAIrB,OAAOsB,KAAP,GAAe,CAAnB,EAAsB;AACpB,YAAM,IAAIC,iBAAJ,CAAc,gDAAd,EAAgE;AACpEC,qBAAa,EAAEC,KAAK,4BAAP;AADuD,OAAhE,CAAN;AAGD;AACD,WAAO/B,IAAP;AACD,G;;kBAhBqBgC,yB;;;;;;gCAkBf,WAAuChC,IAAvC,EAA6C;AAClD,QAAIA,KAAKC,IAAL,KAAc,OAAlB,EAA2B;AACzB,YAAM,IAAIC,KAAJ,CAAU,8EAAV,CAAN;AACD;;AAED,UAAMC,MAAMH,KAAKG,GAAjB;AACA,UAAM8B,QAAQjC,KAAKM,MAAL,CAAYa,GAA1B;AACA,UAAMM,kBAAkBtB,IAAIE,UAAJ,CAAe,QAAf,EAAyB4B,KAAzB,CAAxB;AACA,UAAMR,gBAAgBS,MAAhB,CAAuB;AAC3BC,YAAM,+BADqB;AAE3BC,mBAAa,sCAFc;AAG3BC,cAAQ;AAHmB,KAAvB,EAIHrC,KAAKuB,MAJF,CAAN;AAKA,WAAOvB,IAAP;AACD,G;;kBAdqBsC,sB;;;;;QAlPNC,mB,GAAAA,mB;QAeAC,0B,GAAAA,0B;QAwBAC,0B,GAAAA,0B;QAoBAC,gC,GAAAA,gC;QA0BAC,gC,GAAAA,gC;QA0BAC,0B,GAAAA,0B;QA8BAC,wB,GAAAA,wB;QAgDAC,yB,GAAAA,yB;QAmBAC,yB,GAAAA,yB;;AArNhB;;;;AACA;;;;AACA;;;;;;AACA,MAAM1B,QAAQ,qBAAU,8BAAV,CAAd;;AAEO,SAASkB,mBAAT,CAA8BvC,IAA9B,EAAoC;AACzC,MAAIA,KAAKC,IAAL,KAAc,QAAlB,EAA4B;AAC1B,UAAM,IAAIC,KAAJ,CAAU,4EAAV,CAAN;AACD;;AAED,QAAM8C,QAAQjC,iBAAEkC,IAAF,CAAOjD,KAAKG,GAAL,CAAS+C,GAAT,CAAa,OAAb,KAAyB,EAAhC,CAAd;AACA,QAAMC,OAAOpC,iBAAEmC,GAAF,CAAMlD,KAAKoD,IAAX,EAAiB,cAAjB,CAAb;AACA,MAAI,CAACD,IAAD,IAAUH,MAAMK,MAAN,GAAe,CAA7B,EAAiC;AAC/B;AACAtC,qBAAEuC,GAAF,CAAMtD,KAAKoD,IAAX,EAAiB,cAAjB,EAAiCJ,MAAM,CAAN,CAAjC;AACA3B,UAAM,sCAAN,EAA8CrB,KAAKoD,IAAnD;AACD;AACD,SAAOpD,IAAP;AACD;;AAEM,SAASwC,0BAAT,CAAqCxC,IAArC,EAA2C;AAChD,MAAIA,KAAKC,IAAL,KAAc,OAAlB,EAA2B;AACzB,UAAM,IAAIC,KAAJ,CAAU,kFAAV,CAAN;AACD;;AAED,QAAMC,MAAMH,KAAKG,GAAjB;AACA,QAAMoD,sBAAsBvD,KAAKwD,OAAjC;AACA,QAAMC,kBAAkBtD,IAAIE,UAAJ,CAAe,WAAf,CAAxB;;AAEA;AACA,SAAOoD,gBAAgBvB,MAAhB,CAAuB;AAC5BC,UAAMnC,KAAKM,MAAL,CAAYa,GAAZ,CAAgBuC,QAAhB;AADsB,GAAvB,EAEJ;AACDC,UAAM3D,KAAKuB,MAAL,CAAYoC;AADjB,GAFI,EAKJC,IALI,CAKCC,MAAM;AACVxC,UAAM,iCAAiCrB,KAAKM,MAAL,CAAY6B,IAAnD;AACA;AACA0B,SAAK1D,IAAI0D,EAAJ,CAAOC,MAAP,CAAcD,EAAd,CAAiB7D,KAAKM,MAAL,CAAYa,GAAZ,CAAgBuC,QAAhB,EAAjB,CAAL;AACAH,wBAAoBf,0BAApB,CAA+CxC,KAAKM,MAApD,EAA4DuD,EAA5D;AACA,WAAO7D,IAAP;AACD,GAXI,CAAP;AAYD;;AAEM,SAASyC,0BAAT,CAAqCzC,IAArC,EAA2C;AAChD,MAAIA,KAAKC,IAAL,KAAc,OAAlB,EAA2B;AACzB,UAAM,IAAIC,KAAJ,CAAU,kFAAV,CAAN;AACD;;AAED,QAAMC,MAAMH,KAAKG,GAAjB;AACA,QAAMoD,sBAAsBvD,KAAKwD,OAAjC;AACA,QAAMC,kBAAkBtD,IAAIE,UAAJ,CAAe,WAAf,CAAxB;;AAEA;AACA,SAAOoD,gBAAgBM,MAAhB,CAAuB/D,KAAKM,MAAL,CAAYa,GAAZ,CAAgBuC,QAAhB,EAAvB,EAAmD;AACxDC,UAAM3D,KAAKuB,MAAL,CAAYoC;AADsC,GAAnD,EAGJC,IAHI,CAGCC,MAAM;AACVxC,UAAM,iCAAiCrB,KAAKM,MAAL,CAAY6B,IAAnD;AACAoB,wBAAoBd,0BAApB,CAA+CzC,KAAKM,MAApD;AACA,WAAON,IAAP;AACD,GAPI,CAAP;AAQD;;AAEM,SAAS0C,gCAAT,CAA2C1C,IAA3C,EAAiD;AACtD,MAAIA,KAAKC,IAAL,KAAc,OAAlB,EAA2B;AACzB,UAAM,IAAIC,KAAJ,CAAU,wFAAV,CAAN;AACD;;AAED,QAAMC,MAAMH,KAAKG,GAAjB;AACA,QAAM6D,uBAAuB7D,IAAIE,UAAJ,CAAe,gBAAf,CAA7B;AACA,QAAM4D,cAAc9D,IAAIE,UAAJ,CAAe,OAAf,CAApB;AACA;AACA,SAAO2D,qBAAqB9B,MAArB,CAA4B;AACjCgC,WAAO,eAD0B;AAEjCC,iBAAa,OAFoB,CAEZ;AAFY,GAA5B,EAGJ;AACDR,UAAM3D,KAAKuB,MAAL,CAAYoC,IADjB;AAED;AACAS,cAAU,CAACpE,KAAKuB,MAAL,CAAYoC,IAAb,CAHT;AAIDU,qBAAiBJ,WAJhB;AAKDK,cAAUtE,KAAKM,MALd;AAMDiE,sBAAkBvE,KAAKwD;AANtB,GAHI,EAWJI,IAXI,CAWCY,iBAAiB;AACrBnD,UAAM,yCAAyCrB,KAAKM,MAAL,CAAYa,GAA3D;AACA,WAAOnB,IAAP;AACD,GAdI,CAAP;AAeD;;AAEM,SAAS2C,gCAAT,CAA2C3C,IAA3C,EAAiD;AACtD,MAAIA,KAAKC,IAAL,KAAc,OAAlB,EAA2B;AACzB,UAAM,IAAIC,KAAJ,CAAU,wFAAV,CAAN;AACD;;AAED,QAAMC,MAAMH,KAAKG,GAAjB;AACA,QAAM6D,uBAAuB7D,IAAIE,UAAJ,CAAe,gBAAf,CAA7B;;AAEA;AACA,SAAO2D,qBAAqBD,MAArB,CAA4B/D,KAAKM,MAAL,CAAYa,GAAZ,CAAgBuC,QAAhB,EAA5B,EAAwD;AAC7De,WAAO;AACLJ,uBAAiBrE,KAAKM,MAAL,CAAYa,GAAZ,CAAgBuC,QAAhB,KAA6B,UADzC;AAELQ,aAAO;AAFF,KADsD;AAK7DP,UAAM3D,KAAKuB,MAAL,CAAYoC,IAL2C;AAM7D;AACA;AACAW,cAAUtE,KAAKM,MAR8C;AAS7DiE,sBAAkBvE,KAAKwD;AATsC,GAAxD,EAWJI,IAXI,CAWCY,iBAAiB;AACrBnD,UAAM,2CAA2CrB,KAAKM,MAAL,CAAYa,GAA7D;AACA,WAAOnB,IAAP;AACD,GAdI,CAAP;AAeD;;AAEM,SAAS4C,0BAAT,CAAqC8B,aAArC,EAAoD;AACzD;AAAA,iCAAO,WAAgB1E,IAAhB,EAAsB;AAC3B,UAAIA,KAAKC,IAAL,KAAc,OAAlB,EAA2B;AACzB,cAAM,IAAIC,KAAJ,CAAU,kFAAV,CAAN;AACD;;AAED,YAAMC,MAAMH,KAAKG,GAAjB;AACA;AACA,YAAMO,oBAAoBP,IAAIE,UAAJ,CAAe,SAAf,EAA0BL,KAAKwD,OAAL,CAAamB,YAAb,EAA1B,CAA1B;AACA,YAAMhE,UAAU,MAAMD,kBAAkBF,IAAlB,CAAuB;AAC3CiE,eAAO,EAAE,CAACC,aAAD,GAAiB,EAAEE,YAAY,EAAEzD,KAAKnB,KAAKM,MAAL,CAAYa,GAAnB,EAAd,EAAnB,EADoC;AAE3CV,kBAAU;AAFiC,OAAvB,CAAtB;AAIA;AACA,YAAMoE,QAAQC,GAAR,CAAYnE,QAAQoE,GAAR,CAAY,kBAAU;AACtC,cAAMC,YAAYjE,iBAAEmC,GAAF,CAAMrC,MAAN,EAAc6D,aAAd,EAA6B,EAA7B,CAAlB;AACA,cAAMJ,WAAWvD,iBAAEP,IAAF,CAAOwE,SAAP,EAAkB,EAAE7D,KAAKnB,KAAKM,MAAL,CAAYa,GAAnB,EAAlB,CAAjB;AACA,YAAImD,QAAJ,EAAc;AACZW,iBAAOC,MAAP,CAAcZ,QAAd,EAAwBtE,KAAKM,MAA7B;AACA,iBAAOI,kBAAkBU,KAAlB,CAAwBP,OAAOM,GAA/B,EAAoC,EAAE,CAACuD,aAAD,GAAiBM,SAAnB,EAApC,CAAP;AACD,SAHD,MAGO;AACL,iBAAOH,QAAQM,OAAR,EAAP;AACD;AACF,OATiB,CAAZ,CAAN;;AAWA9D,YAAO,oBAAmBrB,KAAKM,MAAL,CAAYa,GAAI,aAAYuD,aAAc,+BAA9D,GAA+F1E,KAAKM,MAAL,CAAYa,GAAjH;AACA,aAAOnB,IAAP;AACD,KA1BD;;AAAA;AAAA;AAAA;AAAA;AA2BD;;AAEM,SAAS6C,wBAAT,CAAmC7C,IAAnC,EAAyC;AAC9C,MAAIA,KAAKC,IAAL,KAAc,OAAlB,EAA2B;AACzB,UAAM,IAAIC,KAAJ,CAAU,gFAAV,CAAN;AACD;;AAED,QAAMC,MAAMH,KAAKG,GAAjB;AACA,QAAMsB,kBAAkBtB,IAAIE,UAAJ,CAAe,QAAf,EAAyBL,KAAKM,MAA9B,CAAxB;AACA,SAAOmB,gBAAgBjB,IAAhB,CAAqB,EAAEC,UAAU,KAAZ,EAArB,EACJmD,IADI,CACCwB,UAAU;AACd,WAAOP,QAAQC,GAAR,CAAYM,OAAOL,GAAP,CAAWM,SAAS;AACrC,aAAO5D,gBAAgBsC,MAAhB,CAAuBsB,MAAMlE,GAAN,CAAUuC,QAAV,EAAvB,EAA6C;AAClDC,cAAM3D,KAAKuB,MAAL,CAAYoC;AADgC,OAA7C,CAAP;AAGD,KAJkB,CAAZ,CAAP;AAKD,GAPI,EAQJC,IARI,CAQCwB,UAAU;AACd/D,UAAM,qCAAqCrB,KAAKM,MAAL,CAAYa,GAAvD;AACA,WAAOnB,IAAP;AACD,GAXI,CAAP;AAYD;;AA6BM,SAAS8C,yBAAT,CAAoC9C,IAApC,EAA0C;AAC/C,MAAIA,KAAKC,IAAL,KAAc,OAAlB,EAA2B;AACzB,UAAM,IAAIC,KAAJ,CAAU,iFAAV,CAAN;AACD;;AAED,QAAMC,MAAMH,KAAKG,GAAjB;AACA,QAAMoD,sBAAsBpD,IAAIE,UAAJ,CAAe,eAAf,CAA5B;AACA;AACA,SAAOkD,oBAAoBrB,MAApB,CAA2B;AAChCf,SAAKnB,KAAKM,MAAL,CAAYa,GADe,EACV;AACtBgB,UAAMnC,KAAKM,MAAL,CAAYgF,OAAZ,CAAoBnD,IAFM,CAED;AAFC,GAA3B,EAGJ;AACDwB,UAAM3D,KAAKM;AADV,GAHI,EAMJsD,IANI,CAMC2B,OAAO;AACXlE,UAAM,2CAA2CrB,KAAKM,MAAL,CAAYa,GAA7D;AACD,GARI,CAAP;AASD;;AAEM,SAAS4B,yBAAT,CAAoC/C,IAApC,EAA0C;AAC/C,MAAIA,KAAKC,IAAL,KAAc,OAAlB,EAA2B;AACzB,UAAM,IAAIC,KAAJ,CAAU,iFAAV,CAAN;AACD;;AAED,QAAMC,MAAMH,KAAKG,GAAjB;AACA,QAAMoD,sBAAsBpD,IAAIE,UAAJ,CAAe,eAAf,CAA5B;AACA;AACA,SAAOkD,oBAAoBQ,MAApB,CAA2B/D,KAAKM,MAAL,CAAYa,GAAZ,CAAgBuC,QAAhB,EAA3B,EAAuD;AAC5DC,UAAM3D,KAAKM;AADiD,GAAvD,EAGJsD,IAHI,CAGC2B,OAAO;AACXlE,UAAM,2CAA2CrB,KAAKM,MAAL,CAAYa,GAA7D;AACD,GALI,CAAP;AAMD","file":"hooks.organisations.js","sourcesContent":["import _ from 'lodash'\r\nimport makeDebug from 'debug'\r\nimport { Forbidden } from '@feathersjs/errors'\r\nconst debug = makeDebug('kdk:core:organisations:hooks')\r\n\r\nexport function addOrganisationPlan (hook) {\r\n if (hook.type !== 'before') {\r\n throw new Error('The \\'addOrganisationPlan\\' hook should only be used as a \\'before\\' hook.')\r\n }\r\n\r\n const plans = _.keys(hook.app.get('plans') || {})\r\n const plan = _.get(hook.data, 'billing.plan')\r\n if (!plan && (plans.length > 0)) {\r\n // Add defaul plan\r\n _.set(hook.data, 'billing.plan', plans[0])\r\n debug('Added default plan to organisation: ', hook.data)\r\n }\r\n return hook\r\n}\r\n\r\nexport function createOrganisationServices (hook) {\r\n if (hook.type !== 'after') {\r\n throw new Error('The \\'createOrganisationServices\\' hook should only be used as a \\'after\\' hook.')\r\n }\r\n\r\n const app = hook.app\r\n const organisationService = hook.service\r\n const databaseService = app.getService('databases')\r\n\r\n // First we create the organisation DB\r\n return databaseService.create({\r\n name: hook.result._id.toString()\r\n }, {\r\n user: hook.params.user\r\n })\r\n .then(db => {\r\n debug('DB created for organisation ' + hook.result.name)\r\n // Jump from infos/stats to real DB object\r\n db = app.db.client.db(hook.result._id.toString())\r\n organisationService.createOrganisationServices(hook.result, db)\r\n return hook\r\n })\r\n}\r\n\r\nexport function removeOrganisationServices (hook) {\r\n if (hook.type !== 'after') {\r\n throw new Error('The \\'removeOrganisationServices\\' hook should only be used as a \\'after\\' hook.')\r\n }\r\n\r\n const app = hook.app\r\n const organisationService = hook.service\r\n const databaseService = app.getService('databases')\r\n\r\n // Then we remove the organisation DB\r\n return databaseService.remove(hook.result._id.toString(), {\r\n user: hook.params.user\r\n })\r\n .then(db => {\r\n debug('DB removed for organisation ' + hook.result.name)\r\n organisationService.removeOrganisationServices(hook.result)\r\n return hook\r\n })\r\n}\r\n\r\nexport function createOrganisationAuthorisations (hook) {\r\n if (hook.type !== 'after') {\r\n throw new Error('The \\'createOrganisationAuthorisations\\' hook should only be used as a \\'after\\' hook.')\r\n }\r\n\r\n const app = hook.app\r\n const authorisationService = app.getService('authorisations')\r\n const userService = app.getService('users')\r\n // Set membership for the owner\r\n return authorisationService.create({\r\n scope: 'organisations',\r\n permissions: 'owner' // Owner by default\r\n }, {\r\n user: hook.params.user,\r\n // Because we already have subject/resource set it as objects to avoid populating\r\n subjects: [hook.params.user],\r\n subjectsService: userService,\r\n resource: hook.result,\r\n resourcesService: hook.service\r\n })\r\n .then(authorisation => {\r\n debug('Organisation ownership set for user ' + hook.result._id)\r\n return hook\r\n })\r\n}\r\n\r\nexport function removeOrganisationAuthorisations (hook) {\r\n if (hook.type !== 'after') {\r\n throw new Error('The \\'removeOrganisationAuthorisations\\' hook should only be used as a \\'after\\' hook.')\r\n }\r\n\r\n const app = hook.app\r\n const authorisationService = app.getService('authorisations')\r\n\r\n // Unset membership for the all org users\r\n return authorisationService.remove(hook.result._id.toString(), {\r\n query: {\r\n subjectsService: hook.result._id.toString() + '/members',\r\n scope: 'organisations'\r\n },\r\n user: hook.params.user,\r\n // Because we already have resource set it as objects to avoid populating\r\n // Moreover used as an after hook the resource might not already exist anymore\r\n resource: hook.result,\r\n resourcesService: hook.service\r\n })\r\n .then(authorisation => {\r\n debug('Authorisations unset for organisation ' + hook.result._id)\r\n return hook\r\n })\r\n}\r\n\r\nexport function updateOrganisationResource (resourceScope) {\r\n return async function (hook) {\r\n if (hook.type !== 'after') {\r\n throw new Error('The \\'updateOrganisationResource\\' hook should only be used as a \\'after\\' hook.')\r\n }\r\n\r\n const app = hook.app\r\n // Retrieve the list of members\r\n const orgMembersService = app.getService('members', hook.service.getContextId())\r\n const members = await orgMembersService.find({\r\n query: { [resourceScope]: { $elemMatch: { _id: hook.result._id } } },\r\n paginate: false\r\n })\r\n // Update each members\r\n await Promise.all(members.map(member => {\r\n const resources = _.get(member, resourceScope, [])\r\n const resource = _.find(resources, { _id: hook.result._id })\r\n if (resource) {\r\n Object.assign(resource, hook.result)\r\n return orgMembersService.patch(member._id, { [resourceScope]: resources })\r\n } else {\r\n return Promise.resolve()\r\n }\r\n }))\r\n\r\n debug(`Updated resource ${hook.result._id} on scope ${resourceScope} for members of organisation ` + hook.result._id)\r\n return hook\r\n }\r\n}\r\n\r\nexport function removeOrganisationGroups (hook) {\r\n if (hook.type !== 'after') {\r\n throw new Error('The \\'removeOrganisationGroups\\' hook should only be used as a \\'after\\' hook.')\r\n }\r\n\r\n const app = hook.app\r\n const orgGroupService = app.getService('groups', hook.result)\r\n return orgGroupService.find({ paginate: false })\r\n .then(groups => {\r\n return Promise.all(groups.map(group => {\r\n return orgGroupService.remove(group._id.toString(), {\r\n user: hook.params.user\r\n })\r\n }))\r\n })\r\n .then(groups => {\r\n debug('Removed groups for organisation ' + hook.result._id)\r\n return hook\r\n })\r\n}\r\n\r\nexport async function removeOrganisationTags (hook) {\r\n if (hook.type !== 'after') {\r\n throw new Error('The \\'removeOrganisationTags\\' hook should only be used as a \\'after\\' hook.')\r\n }\r\n\r\n const app = hook.app\r\n // Retrieve the list of tags\r\n const orgTagsService = app.getService('tags', hook.result)\r\n const tags = await orgTagsService.find({ paginate: false })\r\n // Retrieve the list of members\r\n const orgMembersService = app.getService('members', hook.result)\r\n const members = await orgMembersService.find({ paginate: false })\r\n // Update each members\r\n for (const i in members) {\r\n const member = members[i]\r\n if (member.tags) {\r\n const filteredTagsMember = _.filter(member.tags, (tag) => {\r\n return _.findIndex(tags, { _id: tag._id }) === -1\r\n })\r\n await orgMembersService.patch(member._id, { tags: filteredTagsMember })\r\n }\r\n }\r\n\r\n debug('Removed tags from organisation ' + hook.result._id)\r\n return hook\r\n}\r\n\r\nexport function createPrivateOrganisation (hook) {\r\n if (hook.type !== 'after') {\r\n throw new Error('The \\'createPrivateOrganisation\\' hook should only be used as a \\'after\\' hook.')\r\n }\r\n\r\n const app = hook.app\r\n const organisationService = app.getService('organisations')\r\n // Create a private organisation for the user\r\n return organisationService.create({\r\n _id: hook.result._id, // Same ID as user, fine because in another service\r\n name: hook.result.profile.name // Same name as user\r\n }, {\r\n user: hook.result\r\n })\r\n .then(org => {\r\n debug('Private organisation created for user ' + hook.result._id)\r\n })\r\n}\r\n\r\nexport function removePrivateOrganisation (hook) {\r\n if (hook.type !== 'after') {\r\n throw new Error('The \\'removePrivateOrganisation\\' hook should only be used as a \\'after\\' hook.')\r\n }\r\n\r\n const app = hook.app\r\n const organisationService = app.getService('organisations')\r\n // Remove the private user's organisation\r\n return organisationService.remove(hook.result._id.toString(), {\r\n user: hook.result\r\n })\r\n .then(org => {\r\n debug('Private organisation removed for user ' + hook.result._id)\r\n })\r\n}\r\n\r\nexport async function preventRemoveOrganisation (hook) {\r\n if (hook.type !== 'before') {\r\n throw new Error('The \\'preventRemoveOrganisations\\' hook should only be used as a \\'before\\' hook.')\r\n }\r\n\r\n // By pass check ?\r\n if (hook.params.force) return hook\r\n const app = hook.app\r\n const orgGroupService = app.getService('groups', hook.id)\r\n const result = await orgGroupService.find({ $limit: 0 })\r\n if (result.total > 0) {\r\n throw new Forbidden('You are not allowed to delete the organisation', {\r\n translation: { key: 'CANNOT_REMOVE_ORGANISATION' }\r\n })\r\n }\r\n return hook\r\n}\r\n\r\nexport async function createSubscribersGroup (hook) {\r\n if (hook.type !== 'after') {\r\n throw new Error('The \\'createSubscribersGroup\\' hook should only be used as a \\'after\\' hook.')\r\n }\r\n\r\n const app = hook.app\r\n const orgId = hook.result._id\r\n const orgGroupService = app.getService('groups', orgId)\r\n await orgGroupService.create({\r\n name: 'KGroup.SUBSCRIBERS_GROUP_NAME',\r\n description: 'KGroup.SUBSCRIBERS_GROUP_DESCRIPTION',\r\n system: true\r\n }, hook.params)\r\n return hook\r\n}\r\n"]}
1
+ {"version":3,"sources":["../../../../core/api/hooks/hooks.organisations.js"],"names":["hook","type","Error","app","orgTagsService","getService","result","tags","find","paginate","orgMembersService","members","i","member","filteredTagsMember","_","filter","tag","findIndex","_id","patch","debug","removeOrganisationTags","params","force","orgGroupService","id","$limit","total","Forbidden","translation","key","preventRemoveOrganisation","addOrganisationPlan","createOrganisationServices","removeOrganisationServices","createOrganisationAuthorisations","removeOrganisationAuthorisations","updateOrganisationResource","removeOrganisationGroups","createPrivateOrganisation","removePrivateOrganisation","plans","keys","get","plan","data","length","set","organisationService","service","databaseService","create","name","toString","user","then","db","client","remove","authorisationService","userService","scope","permissions","subjects","subjectsService","resource","resourcesService","authorisation","query","resourceScope","getContextId","$elemMatch","Promise","all","map","resources","Object","assign","resolve","groups","group","profile","org"],"mappings":";;;;;;;;gCAuKO,WAAuCA,IAAvC,EAA6C;AAClD,QAAIA,KAAKC,IAAL,KAAc,OAAlB,EAA2B;AACzB,YAAM,IAAIC,KAAJ,CAAU,8EAAV,CAAN;AACD;;AAED,UAAMC,MAAMH,KAAKG,GAAjB;AACA;AACA,UAAMC,iBAAiBD,IAAIE,UAAJ,CAAe,MAAf,EAAuBL,KAAKM,MAA5B,CAAvB;AACA,UAAMC,OAAO,MAAMH,eAAeI,IAAf,CAAoB,EAAEC,UAAU,KAAZ,EAApB,CAAnB;AACA;AACA,UAAMC,oBAAoBP,IAAIE,UAAJ,CAAe,SAAf,EAA0BL,KAAKM,MAA/B,CAA1B;AACA,UAAMK,UAAU,MAAMD,kBAAkBF,IAAlB,CAAuB,EAAEC,UAAU,KAAZ,EAAvB,CAAtB;AACA;AACA,SAAK,MAAMG,CAAX,IAAgBD,OAAhB,EAAyB;AACvB,YAAME,SAASF,QAAQC,CAAR,CAAf;AACA,UAAIC,OAAON,IAAX,EAAiB;AACf,cAAMO,qBAAqBC,iBAAEC,MAAF,CAASH,OAAON,IAAhB,EAAsB,UAACU,GAAD,EAAS;AACxD,iBAAOF,iBAAEG,SAAF,CAAYX,IAAZ,EAAkB,EAAEY,KAAKF,IAAIE,GAAX,EAAlB,MAAwC,CAAC,CAAhD;AACD,SAF0B,CAA3B;AAGA,cAAMT,kBAAkBU,KAAlB,CAAwBP,OAAOM,GAA/B,EAAoC,EAAEZ,MAAMO,kBAAR,EAApC,CAAN;AACD;AACF;;AAEDO,UAAM,oCAAoCrB,KAAKM,MAAL,CAAYa,GAAtD;AACA,WAAOnB,IAAP;AACD,G;;kBAzBqBsB,sB;;;;;;gCA8Df,WAA0CtB,IAA1C,EAAgD;AACrD,QAAIA,KAAKC,IAAL,KAAc,QAAlB,EAA4B;AAC1B,YAAM,IAAIC,KAAJ,CAAU,mFAAV,CAAN;AACD;;AAED;AACA,QAAIF,KAAKuB,MAAL,CAAYC,KAAhB,EAAuB,OAAOxB,IAAP;AACvB,UAAMG,MAAMH,KAAKG,GAAjB;AACA,UAAMsB,kBAAkBtB,IAAIE,UAAJ,CAAe,QAAf,EAAyBL,KAAK0B,EAA9B,CAAxB;AACA,UAAMpB,SAAS,MAAMmB,gBAAgBjB,IAAhB,CAAqB,EAAEmB,QAAQ,CAAV,EAArB,CAArB;AACA,QAAIrB,OAAOsB,KAAP,GAAe,CAAnB,EAAsB;AACpB,YAAM,IAAIC,iBAAJ,CAAc,gDAAd,EAAgE;AACpEC,qBAAa,EAAEC,KAAK,4BAAP;AADuD,OAAhE,CAAN;AAGD;AACD,WAAO/B,IAAP;AACD,G;;kBAhBqBgC,yB;;;;;QAhONC,mB,GAAAA,mB;QAeAC,0B,GAAAA,0B;QAwBAC,0B,GAAAA,0B;QAoBAC,gC,GAAAA,gC;QA0BAC,gC,GAAAA,gC;QA0BAC,0B,GAAAA,0B;QA8BAC,wB,GAAAA,wB;QAgDAC,yB,GAAAA,yB;QAmBAC,yB,GAAAA,yB;;AArNhB;;;;AACA;;;;AACA;;;;;;AACA,MAAMpB,QAAQ,qBAAU,8BAAV,CAAd;;AAEO,SAASY,mBAAT,CAA8BjC,IAA9B,EAAoC;AACzC,MAAIA,KAAKC,IAAL,KAAc,QAAlB,EAA4B;AAC1B,UAAM,IAAIC,KAAJ,CAAU,4EAAV,CAAN;AACD;;AAED,QAAMwC,QAAQ3B,iBAAE4B,IAAF,CAAO3C,KAAKG,GAAL,CAASyC,GAAT,CAAa,OAAb,KAAyB,EAAhC,CAAd;AACA,QAAMC,OAAO9B,iBAAE6B,GAAF,CAAM5C,KAAK8C,IAAX,EAAiB,cAAjB,CAAb;AACA,MAAI,CAACD,IAAD,IAAUH,MAAMK,MAAN,GAAe,CAA7B,EAAiC;AAC/B;AACAhC,qBAAEiC,GAAF,CAAMhD,KAAK8C,IAAX,EAAiB,cAAjB,EAAiCJ,MAAM,CAAN,CAAjC;AACArB,UAAM,sCAAN,EAA8CrB,KAAK8C,IAAnD;AACD;AACD,SAAO9C,IAAP;AACD;;AAEM,SAASkC,0BAAT,CAAqClC,IAArC,EAA2C;AAChD,MAAIA,KAAKC,IAAL,KAAc,OAAlB,EAA2B;AACzB,UAAM,IAAIC,KAAJ,CAAU,kFAAV,CAAN;AACD;;AAED,QAAMC,MAAMH,KAAKG,GAAjB;AACA,QAAM8C,sBAAsBjD,KAAKkD,OAAjC;AACA,QAAMC,kBAAkBhD,IAAIE,UAAJ,CAAe,WAAf,CAAxB;;AAEA;AACA,SAAO8C,gBAAgBC,MAAhB,CAAuB;AAC5BC,UAAMrD,KAAKM,MAAL,CAAYa,GAAZ,CAAgBmC,QAAhB;AADsB,GAAvB,EAEJ;AACDC,UAAMvD,KAAKuB,MAAL,CAAYgC;AADjB,GAFI,EAKJC,IALI,CAKCC,MAAM;AACVpC,UAAM,iCAAiCrB,KAAKM,MAAL,CAAY+C,IAAnD;AACA;AACAI,SAAKtD,IAAIsD,EAAJ,CAAOC,MAAP,CAAcD,EAAd,CAAiBzD,KAAKM,MAAL,CAAYa,GAAZ,CAAgBmC,QAAhB,EAAjB,CAAL;AACAL,wBAAoBf,0BAApB,CAA+ClC,KAAKM,MAApD,EAA4DmD,EAA5D;AACA,WAAOzD,IAAP;AACD,GAXI,CAAP;AAYD;;AAEM,SAASmC,0BAAT,CAAqCnC,IAArC,EAA2C;AAChD,MAAIA,KAAKC,IAAL,KAAc,OAAlB,EAA2B;AACzB,UAAM,IAAIC,KAAJ,CAAU,kFAAV,CAAN;AACD;;AAED,QAAMC,MAAMH,KAAKG,GAAjB;AACA,QAAM8C,sBAAsBjD,KAAKkD,OAAjC;AACA,QAAMC,kBAAkBhD,IAAIE,UAAJ,CAAe,WAAf,CAAxB;;AAEA;AACA,SAAO8C,gBAAgBQ,MAAhB,CAAuB3D,KAAKM,MAAL,CAAYa,GAAZ,CAAgBmC,QAAhB,EAAvB,EAAmD;AACxDC,UAAMvD,KAAKuB,MAAL,CAAYgC;AADsC,GAAnD,EAGJC,IAHI,CAGCC,MAAM;AACVpC,UAAM,iCAAiCrB,KAAKM,MAAL,CAAY+C,IAAnD;AACAJ,wBAAoBd,0BAApB,CAA+CnC,KAAKM,MAApD;AACA,WAAON,IAAP;AACD,GAPI,CAAP;AAQD;;AAEM,SAASoC,gCAAT,CAA2CpC,IAA3C,EAAiD;AACtD,MAAIA,KAAKC,IAAL,KAAc,OAAlB,EAA2B;AACzB,UAAM,IAAIC,KAAJ,CAAU,wFAAV,CAAN;AACD;;AAED,QAAMC,MAAMH,KAAKG,GAAjB;AACA,QAAMyD,uBAAuBzD,IAAIE,UAAJ,CAAe,gBAAf,CAA7B;AACA,QAAMwD,cAAc1D,IAAIE,UAAJ,CAAe,OAAf,CAApB;AACA;AACA,SAAOuD,qBAAqBR,MAArB,CAA4B;AACjCU,WAAO,eAD0B;AAEjCC,iBAAa,OAFoB,CAEZ;AAFY,GAA5B,EAGJ;AACDR,UAAMvD,KAAKuB,MAAL,CAAYgC,IADjB;AAED;AACAS,cAAU,CAAChE,KAAKuB,MAAL,CAAYgC,IAAb,CAHT;AAIDU,qBAAiBJ,WAJhB;AAKDK,cAAUlE,KAAKM,MALd;AAMD6D,sBAAkBnE,KAAKkD;AANtB,GAHI,EAWJM,IAXI,CAWCY,iBAAiB;AACrB/C,UAAM,yCAAyCrB,KAAKM,MAAL,CAAYa,GAA3D;AACA,WAAOnB,IAAP;AACD,GAdI,CAAP;AAeD;;AAEM,SAASqC,gCAAT,CAA2CrC,IAA3C,EAAiD;AACtD,MAAIA,KAAKC,IAAL,KAAc,OAAlB,EAA2B;AACzB,UAAM,IAAIC,KAAJ,CAAU,wFAAV,CAAN;AACD;;AAED,QAAMC,MAAMH,KAAKG,GAAjB;AACA,QAAMyD,uBAAuBzD,IAAIE,UAAJ,CAAe,gBAAf,CAA7B;;AAEA;AACA,SAAOuD,qBAAqBD,MAArB,CAA4B3D,KAAKM,MAAL,CAAYa,GAAZ,CAAgBmC,QAAhB,EAA5B,EAAwD;AAC7De,WAAO;AACLJ,uBAAiBjE,KAAKM,MAAL,CAAYa,GAAZ,CAAgBmC,QAAhB,KAA6B,UADzC;AAELQ,aAAO;AAFF,KADsD;AAK7DP,UAAMvD,KAAKuB,MAAL,CAAYgC,IAL2C;AAM7D;AACA;AACAW,cAAUlE,KAAKM,MAR8C;AAS7D6D,sBAAkBnE,KAAKkD;AATsC,GAAxD,EAWJM,IAXI,CAWCY,iBAAiB;AACrB/C,UAAM,2CAA2CrB,KAAKM,MAAL,CAAYa,GAA7D;AACA,WAAOnB,IAAP;AACD,GAdI,CAAP;AAeD;;AAEM,SAASsC,0BAAT,CAAqCgC,aAArC,EAAoD;AACzD;AAAA,iCAAO,WAAgBtE,IAAhB,EAAsB;AAC3B,UAAIA,KAAKC,IAAL,KAAc,OAAlB,EAA2B;AACzB,cAAM,IAAIC,KAAJ,CAAU,kFAAV,CAAN;AACD;;AAED,YAAMC,MAAMH,KAAKG,GAAjB;AACA;AACA,YAAMO,oBAAoBP,IAAIE,UAAJ,CAAe,SAAf,EAA0BL,KAAKkD,OAAL,CAAaqB,YAAb,EAA1B,CAA1B;AACA,YAAM5D,UAAU,MAAMD,kBAAkBF,IAAlB,CAAuB;AAC3C6D,eAAO,EAAE,CAACC,aAAD,GAAiB,EAAEE,YAAY,EAAErD,KAAKnB,KAAKM,MAAL,CAAYa,GAAnB,EAAd,EAAnB,EADoC;AAE3CV,kBAAU;AAFiC,OAAvB,CAAtB;AAIA;AACA,YAAMgE,QAAQC,GAAR,CAAY/D,QAAQgE,GAAR,CAAY,kBAAU;AACtC,cAAMC,YAAY7D,iBAAE6B,GAAF,CAAM/B,MAAN,EAAcyD,aAAd,EAA6B,EAA7B,CAAlB;AACA,cAAMJ,WAAWnD,iBAAEP,IAAF,CAAOoE,SAAP,EAAkB,EAAEzD,KAAKnB,KAAKM,MAAL,CAAYa,GAAnB,EAAlB,CAAjB;AACA,YAAI+C,QAAJ,EAAc;AACZW,iBAAOC,MAAP,CAAcZ,QAAd,EAAwBlE,KAAKM,MAA7B;AACA,iBAAOI,kBAAkBU,KAAlB,CAAwBP,OAAOM,GAA/B,EAAoC,EAAE,CAACmD,aAAD,GAAiBM,SAAnB,EAApC,CAAP;AACD,SAHD,MAGO;AACL,iBAAOH,QAAQM,OAAR,EAAP;AACD;AACF,OATiB,CAAZ,CAAN;;AAWA1D,YAAO,oBAAmBrB,KAAKM,MAAL,CAAYa,GAAI,aAAYmD,aAAc,+BAA9D,GAA+FtE,KAAKM,MAAL,CAAYa,GAAjH;AACA,aAAOnB,IAAP;AACD,KA1BD;;AAAA;AAAA;AAAA;AAAA;AA2BD;;AAEM,SAASuC,wBAAT,CAAmCvC,IAAnC,EAAyC;AAC9C,MAAIA,KAAKC,IAAL,KAAc,OAAlB,EAA2B;AACzB,UAAM,IAAIC,KAAJ,CAAU,gFAAV,CAAN;AACD;;AAED,QAAMC,MAAMH,KAAKG,GAAjB;AACA,QAAMsB,kBAAkBtB,IAAIE,UAAJ,CAAe,QAAf,EAAyBL,KAAKM,MAA9B,CAAxB;AACA,SAAOmB,gBAAgBjB,IAAhB,CAAqB,EAAEC,UAAU,KAAZ,EAArB,EACJ+C,IADI,CACCwB,UAAU;AACd,WAAOP,QAAQC,GAAR,CAAYM,OAAOL,GAAP,CAAWM,SAAS;AACrC,aAAOxD,gBAAgBkC,MAAhB,CAAuBsB,MAAM9D,GAAN,CAAUmC,QAAV,EAAvB,EAA6C;AAClDC,cAAMvD,KAAKuB,MAAL,CAAYgC;AADgC,OAA7C,CAAP;AAGD,KAJkB,CAAZ,CAAP;AAKD,GAPI,EAQJC,IARI,CAQCwB,UAAU;AACd3D,UAAM,qCAAqCrB,KAAKM,MAAL,CAAYa,GAAvD;AACA,WAAOnB,IAAP;AACD,GAXI,CAAP;AAYD;;AA6BM,SAASwC,yBAAT,CAAoCxC,IAApC,EAA0C;AAC/C,MAAIA,KAAKC,IAAL,KAAc,OAAlB,EAA2B;AACzB,UAAM,IAAIC,KAAJ,CAAU,iFAAV,CAAN;AACD;;AAED,QAAMC,MAAMH,KAAKG,GAAjB;AACA,QAAM8C,sBAAsB9C,IAAIE,UAAJ,CAAe,eAAf,CAA5B;AACA;AACA,SAAO4C,oBAAoBG,MAApB,CAA2B;AAChCjC,SAAKnB,KAAKM,MAAL,CAAYa,GADe,EACV;AACtBkC,UAAMrD,KAAKM,MAAL,CAAY4E,OAAZ,CAAoB7B,IAFM,CAED;AAFC,GAA3B,EAGJ;AACDE,UAAMvD,KAAKM;AADV,GAHI,EAMJkD,IANI,CAMC2B,OAAO;AACX9D,UAAM,2CAA2CrB,KAAKM,MAAL,CAAYa,GAA7D;AACD,GARI,CAAP;AASD;;AAEM,SAASsB,yBAAT,CAAoCzC,IAApC,EAA0C;AAC/C,MAAIA,KAAKC,IAAL,KAAc,OAAlB,EAA2B;AACzB,UAAM,IAAIC,KAAJ,CAAU,iFAAV,CAAN;AACD;;AAED,QAAMC,MAAMH,KAAKG,GAAjB;AACA,QAAM8C,sBAAsB9C,IAAIE,UAAJ,CAAe,eAAf,CAA5B;AACA;AACA,SAAO4C,oBAAoBU,MAApB,CAA2B3D,KAAKM,MAAL,CAAYa,GAAZ,CAAgBmC,QAAhB,EAA3B,EAAuD;AAC5DC,UAAMvD,KAAKM;AADiD,GAAvD,EAGJkD,IAHI,CAGC2B,OAAO;AACX9D,UAAM,2CAA2CrB,KAAKM,MAAL,CAAYa,GAA7D;AACD,GALI,CAAP;AAMD","file":"hooks.organisations.js","sourcesContent":["import _ from 'lodash'\r\nimport makeDebug from 'debug'\r\nimport { Forbidden } from '@feathersjs/errors'\r\nconst debug = makeDebug('kdk:core:organisations:hooks')\r\n\r\nexport function addOrganisationPlan (hook) {\r\n if (hook.type !== 'before') {\r\n throw new Error('The \\'addOrganisationPlan\\' hook should only be used as a \\'before\\' hook.')\r\n }\r\n\r\n const plans = _.keys(hook.app.get('plans') || {})\r\n const plan = _.get(hook.data, 'billing.plan')\r\n if (!plan && (plans.length > 0)) {\r\n // Add defaul plan\r\n _.set(hook.data, 'billing.plan', plans[0])\r\n debug('Added default plan to organisation: ', hook.data)\r\n }\r\n return hook\r\n}\r\n\r\nexport function createOrganisationServices (hook) {\r\n if (hook.type !== 'after') {\r\n throw new Error('The \\'createOrganisationServices\\' hook should only be used as a \\'after\\' hook.')\r\n }\r\n\r\n const app = hook.app\r\n const organisationService = hook.service\r\n const databaseService = app.getService('databases')\r\n\r\n // First we create the organisation DB\r\n return databaseService.create({\r\n name: hook.result._id.toString()\r\n }, {\r\n user: hook.params.user\r\n })\r\n .then(db => {\r\n debug('DB created for organisation ' + hook.result.name)\r\n // Jump from infos/stats to real DB object\r\n db = app.db.client.db(hook.result._id.toString())\r\n organisationService.createOrganisationServices(hook.result, db)\r\n return hook\r\n })\r\n}\r\n\r\nexport function removeOrganisationServices (hook) {\r\n if (hook.type !== 'after') {\r\n throw new Error('The \\'removeOrganisationServices\\' hook should only be used as a \\'after\\' hook.')\r\n }\r\n\r\n const app = hook.app\r\n const organisationService = hook.service\r\n const databaseService = app.getService('databases')\r\n\r\n // Then we remove the organisation DB\r\n return databaseService.remove(hook.result._id.toString(), {\r\n user: hook.params.user\r\n })\r\n .then(db => {\r\n debug('DB removed for organisation ' + hook.result.name)\r\n organisationService.removeOrganisationServices(hook.result)\r\n return hook\r\n })\r\n}\r\n\r\nexport function createOrganisationAuthorisations (hook) {\r\n if (hook.type !== 'after') {\r\n throw new Error('The \\'createOrganisationAuthorisations\\' hook should only be used as a \\'after\\' hook.')\r\n }\r\n\r\n const app = hook.app\r\n const authorisationService = app.getService('authorisations')\r\n const userService = app.getService('users')\r\n // Set membership for the owner\r\n return authorisationService.create({\r\n scope: 'organisations',\r\n permissions: 'owner' // Owner by default\r\n }, {\r\n user: hook.params.user,\r\n // Because we already have subject/resource set it as objects to avoid populating\r\n subjects: [hook.params.user],\r\n subjectsService: userService,\r\n resource: hook.result,\r\n resourcesService: hook.service\r\n })\r\n .then(authorisation => {\r\n debug('Organisation ownership set for user ' + hook.result._id)\r\n return hook\r\n })\r\n}\r\n\r\nexport function removeOrganisationAuthorisations (hook) {\r\n if (hook.type !== 'after') {\r\n throw new Error('The \\'removeOrganisationAuthorisations\\' hook should only be used as a \\'after\\' hook.')\r\n }\r\n\r\n const app = hook.app\r\n const authorisationService = app.getService('authorisations')\r\n\r\n // Unset membership for the all org users\r\n return authorisationService.remove(hook.result._id.toString(), {\r\n query: {\r\n subjectsService: hook.result._id.toString() + '/members',\r\n scope: 'organisations'\r\n },\r\n user: hook.params.user,\r\n // Because we already have resource set it as objects to avoid populating\r\n // Moreover used as an after hook the resource might not already exist anymore\r\n resource: hook.result,\r\n resourcesService: hook.service\r\n })\r\n .then(authorisation => {\r\n debug('Authorisations unset for organisation ' + hook.result._id)\r\n return hook\r\n })\r\n}\r\n\r\nexport function updateOrganisationResource (resourceScope) {\r\n return async function (hook) {\r\n if (hook.type !== 'after') {\r\n throw new Error('The \\'updateOrganisationResource\\' hook should only be used as a \\'after\\' hook.')\r\n }\r\n\r\n const app = hook.app\r\n // Retrieve the list of members\r\n const orgMembersService = app.getService('members', hook.service.getContextId())\r\n const members = await orgMembersService.find({\r\n query: { [resourceScope]: { $elemMatch: { _id: hook.result._id } } },\r\n paginate: false\r\n })\r\n // Update each members\r\n await Promise.all(members.map(member => {\r\n const resources = _.get(member, resourceScope, [])\r\n const resource = _.find(resources, { _id: hook.result._id })\r\n if (resource) {\r\n Object.assign(resource, hook.result)\r\n return orgMembersService.patch(member._id, { [resourceScope]: resources })\r\n } else {\r\n return Promise.resolve()\r\n }\r\n }))\r\n\r\n debug(`Updated resource ${hook.result._id} on scope ${resourceScope} for members of organisation ` + hook.result._id)\r\n return hook\r\n }\r\n}\r\n\r\nexport function removeOrganisationGroups (hook) {\r\n if (hook.type !== 'after') {\r\n throw new Error('The \\'removeOrganisationGroups\\' hook should only be used as a \\'after\\' hook.')\r\n }\r\n\r\n const app = hook.app\r\n const orgGroupService = app.getService('groups', hook.result)\r\n return orgGroupService.find({ paginate: false })\r\n .then(groups => {\r\n return Promise.all(groups.map(group => {\r\n return orgGroupService.remove(group._id.toString(), {\r\n user: hook.params.user\r\n })\r\n }))\r\n })\r\n .then(groups => {\r\n debug('Removed groups for organisation ' + hook.result._id)\r\n return hook\r\n })\r\n}\r\n\r\nexport async function removeOrganisationTags (hook) {\r\n if (hook.type !== 'after') {\r\n throw new Error('The \\'removeOrganisationTags\\' hook should only be used as a \\'after\\' hook.')\r\n }\r\n\r\n const app = hook.app\r\n // Retrieve the list of tags\r\n const orgTagsService = app.getService('tags', hook.result)\r\n const tags = await orgTagsService.find({ paginate: false })\r\n // Retrieve the list of members\r\n const orgMembersService = app.getService('members', hook.result)\r\n const members = await orgMembersService.find({ paginate: false })\r\n // Update each members\r\n for (const i in members) {\r\n const member = members[i]\r\n if (member.tags) {\r\n const filteredTagsMember = _.filter(member.tags, (tag) => {\r\n return _.findIndex(tags, { _id: tag._id }) === -1\r\n })\r\n await orgMembersService.patch(member._id, { tags: filteredTagsMember })\r\n }\r\n }\r\n\r\n debug('Removed tags from organisation ' + hook.result._id)\r\n return hook\r\n}\r\n\r\nexport function createPrivateOrganisation (hook) {\r\n if (hook.type !== 'after') {\r\n throw new Error('The \\'createPrivateOrganisation\\' hook should only be used as a \\'after\\' hook.')\r\n }\r\n\r\n const app = hook.app\r\n const organisationService = app.getService('organisations')\r\n // Create a private organisation for the user\r\n return organisationService.create({\r\n _id: hook.result._id, // Same ID as user, fine because in another service\r\n name: hook.result.profile.name // Same name as user\r\n }, {\r\n user: hook.result\r\n })\r\n .then(org => {\r\n debug('Private organisation created for user ' + hook.result._id)\r\n })\r\n}\r\n\r\nexport function removePrivateOrganisation (hook) {\r\n if (hook.type !== 'after') {\r\n throw new Error('The \\'removePrivateOrganisation\\' hook should only be used as a \\'after\\' hook.')\r\n }\r\n\r\n const app = hook.app\r\n const organisationService = app.getService('organisations')\r\n // Remove the private user's organisation\r\n return organisationService.remove(hook.result._id.toString(), {\r\n user: hook.result\r\n })\r\n .then(org => {\r\n debug('Private organisation removed for user ' + hook.result._id)\r\n })\r\n}\r\n\r\nexport async function preventRemoveOrganisation (hook) {\r\n if (hook.type !== 'before') {\r\n throw new Error('The \\'preventRemoveOrganisations\\' hook should only be used as a \\'before\\' hook.')\r\n }\r\n\r\n // By pass check ?\r\n if (hook.params.force) return hook\r\n const app = hook.app\r\n const orgGroupService = app.getService('groups', hook.id)\r\n const result = await orgGroupService.find({ $limit: 0 })\r\n if (result.total > 0) {\r\n throw new Forbidden('You are not allowed to delete the organisation', {\r\n translation: { key: 'CANNOT_REMOVE_ORGANISATION' }\r\n })\r\n }\r\n return hook\r\n}\r\n"]}