npm - @kalisio/kdk - Versions diffs - 1.4.2 → 1.6.0 - Mend

@kalisio/kdk 1.4.2 → 1.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (410) hide show

package/lib/core/api/hooks/hooks.authorisations.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../../../core/api/hooks/hooks.authorisations.js"],"names":["hook","type","Error","operation","method","resourceType","service","name","debug","params","provider","user","checkAuthorisation","_","has","authorised","getPath","get","context","authorisationService","app","getService","abilities","getAbilities","rules","Forbidden","id","resource","data","dbQuery","query","transform","result","value","key","$and","$or","merge","total","skip","Object","assign","authorise","org","orgGroupService","groups","find","paginate","Promise","all","map","remove","group","_id","toString","scope","force","subjects","subjectsService","resourcesService","removeOrganisationGroupsAuthorisations","subjectService","orgTagsService","length","orgTags","promises","forEach","tags","subject","fromOrg","intersectionWith","isTagEqual","notFromOrg","differenceWith","push","patch","devices","removeOrganisationTagsAuthorisations","createJWT","populateSubjects","unpopulateSubjects","populateResource","unpopulateResource","preventEscalation","updateAbilities","preventRemovingLastOwner","options","defaults","items","isArray","Array","accessTokens","passport","payload","jwt","item","index","set","serviceField","idField","throwOnNotFound","checkEscalation","scopeName","permissions","undefined","role","Roles","isUndefined","filter","subjectScope","subjectResource","subjectPermissions","subjectRole","hasRole","authorisationRole","subjectAsItem","fetchSubject","resourceScope","grantedPermissions","grantedRole","owner","owners","removedOwners","reduce","count","resources","ownedResource","RoleNames","resourceName","translation"],"mappings":";;;;;;;;gCA8IO,WAA0BA,IAA1B,EAAgC;AACrC,QAAIA,KAAKC,IAAL,KAAc,QAAlB,EAA4B;AAC1B,YAAM,IAAIC,KAAJ,CAAU,kEAAV,CAAN;AACD;AACD,UAAMC,YAAYH,KAAKI,MAAvB;AACA,UAAMC,eAAeL,KAAKM,OAAL,CAAaC,IAAlC;AACAC,UAAM,aAAN,EAAqBR,KAAKS,MAAL,CAAYC,QAAjC;AACA,QAAIV,KAAKS,MAAL,CAAYE,IAAhB,EAAsBH,MAAM,SAAN,EAAiBR,KAAKS,MAAL,CAAYE,IAA7B;AACtBH,UAAM,cAAN,EAAsBL,SAAtB;AACA,QAAIE,YAAJ,EAAkBG,MAAM,kBAAN,EAA0BH,YAA1B;;AAElB;AACA,QAAIO,qBAAqBC,iBAAEC,GAAF,CAAMd,KAAKS,MAAX,EAAmB,UAAnB,CAAzB;AACAD,UAAM,mBAAmBI,qBAAqB,SAArB,GAAiC,UAApD,IAAkE,eAAxE;AACA;AACA,QAAIZ,KAAKS,MAAL,CAAYM,UAAhB,EAA4B;AAC1BP,YAAM,wBAAN;AACAI,2BAAqB,KAArB;AACD;AACD;AACA,QAAI,OAAOZ,KAAKM,OAAL,CAAaU,OAApB,KAAgC,UAApC,EAAgD;AAC9CR,YAAM,sCAAN;AACAI,2BAAqB,KAArB;AACD;AACD;AACA,QAAIC,iBAAEC,GAAF,CAAMd,KAAKS,MAAX,EAAmB,oBAAnB,CAAJ,EAA8C;AAC5CG,2BAAqBC,iBAAEI,GAAF,CAAMjB,KAAKS,MAAX,EAAmB,oBAAnB,CAArB;AACA;AACA,aAAOT,KAAKS,MAAL,CAAYG,kBAAnB;AACAJ,YAAM,mBAAmBI,qBAAqB,QAArB,GAAgC,UAAnD,CAAN;AACD;;AAED,UAAMM,UAAUlB,KAAKM,OAAL,CAAaY,OAA7B;AACA,QAAIN,kBAAJ,EAAwB;AACtB;AACA,YAAMO,uBAAuBnB,KAAKoB,GAAL,CAASC,UAAT,CAAoB,gBAApB,CAA7B;AACA,YAAMC,YAAY,MAAMH,qBAAqBI,YAArB,CAAkCvB,KAAKS,MAAL,CAAYE,IAA9C,CAAxB;AACAX,WAAKS,MAAL,CAAYa,SAAZ,GAAwBA,SAAxB;AACAd,YAAM,oBAAN,EAA4Bc,UAAUE,KAAtC;;AAEA;AACA,UAAI,CAAC,sCAAoBF,SAApB,EAA+BtB,KAAKM,OAApC,CAAL,EAAmD;AACjDE,cAAM,4BAAN;AACA,cAAM,IAAIiB,iBAAJ,CAAe,yCAAwCzB,KAAKM,OAAL,CAAaU,OAAb,EAAuB,EAA9E,CAAN;AACD;;AAED,UAAI,CAAChB,KAAK0B,EAAV,EAAc;AACZ;AACA;AACA,YAAIvB,cAAc,QAAlB,EAA4B;AAC1B,gBAAMwB,WAAW3B,KAAK4B,IAAtB;AACApB,gBAAM,qBAAN,EAA6BmB,QAA7B;AACA,cAAI,CAAC,uCAAqBL,SAArB,EAAgCnB,SAAhC,EAA2CE,YAA3C,EAAyDa,OAAzD,EAAkES,QAAlE,CAAL,EAAkF;AAChFnB,kBAAM,6BAAN;AACA,kBAAM,IAAIiB,iBAAJ,CAAe,kCAAiCtB,SAAU,iBAAgBE,YAAa,EAAvF,CAAN;AACD;AACF,SAPD,MAOO;AACL;AACA;AACA;AACA,gBAAMwB,UAAU,sBAAa,uCAAqBP,SAArB,EAAgCnB,SAAhC,EAA2CE,YAA3C,CAAb,CAAhB;AACA,cAAIwB,OAAJ,EAAa;AACX7B,iBAAKS,MAAL,CAAYqB,KAAZ,GAAoBjB,iBAAEkB,SAAF,CAAY/B,KAAKS,MAAL,CAAYqB,KAAxB,EAA+B,UAACE,MAAD,EAASC,KAAT,EAAgBC,GAAhB,EAAwB;AACzE,kBAAIA,QAAQ,KAAZ,EAAmBF,OAAOG,IAAP,GAAc,CAAC,EAAEC,KAAKH,KAAP,EAAD,CAAd,CAAnB,KACKD,OAAOE,GAAP,IAAcD,KAAd;AACN,aAHmB,EAGjB,EAHiB,CAApB;AAIApB,6BAAEwB,KAAF,CAAQrC,KAAKS,MAAL,CAAYqB,KAApB,EAA2BD,OAA3B;AACD,WAND,MAMO;AACL7B,iBAAKgC,MAAL,GAAc,EAAEM,OAAO,CAAT,EAAYC,MAAM,CAAlB,EAAqBX,MAAM,EAA3B,EAAd;AACD;AACF;AACDpB,cAAM,yBAAN;AACF;AACA;AACC,OA5BD,MA4BO,IAAI,OAAOR,KAAKM,OAAL,CAAaW,GAApB,KAA4B,UAAhC,EAA4C;AACjD;AACA,cAAMU,WAAW,MAAM3B,KAAKM,OAAL,CAAaW,GAAb,CAAiBjB,KAAK0B,EAAtB,EAA0Bc,OAAOC,MAAP,CAAc,EAAE7B,oBAAoB,KAAtB,EAAd,EAA6CZ,KAAKS,MAAlD,CAA1B,CAAvB;AACAD,cAAM,oBAAN,EAA4BmB,QAA5B;AACA;AACA,YAAI,CAAC,uCAAqBL,SAArB,EAAgCnB,SAAhC,EAA2CE,YAA3C,EAAyDa,OAAzD,EAAkES,QAAlE,CAAL,EAAkF;AAChFnB,gBAAM,6BAAN;AACA,gBAAM,IAAIiB,iBAAJ,CAAe,kCAAiCtB,SAAU,iBAAgBE,YAAa,EAAvF,CAAN;AACD;AACD;AACA,YAAIF,cAAc,KAAlB,EAAyB;AACvBH,eAAKgC,MAAL,GAAcL,QAAd;AACD;AACD3B,aAAKS,MAAL,CAAYM,UAAZ,GAAyB,IAAzB;AACAP,cAAM,yBAAN;AACA,eAAOR,IAAP;AACD;AACF,KA1DD,MA0DO;AACLQ,YAAM,6CAAN;AACD;;AAEDR,SAAKS,MAAL,CAAYM,UAAZ,GAAyB,IAAzB;AACA,WAAOf,IAAP;AACD,G;;kBAjGqB0C,S;;;;;;gCA6Jf,WAAuD1C,IAAvD,EAA6D;AAClE,UAAMoB,MAAMpB,KAAKoB,GAAjB;AACA,UAAMD,uBAAuBC,IAAIC,UAAJ,CAAe,gBAAf,CAA7B;AACA,UAAMsB,MAAM3C,KAAKS,MAAL,CAAYkB,QAAxB;AACA,UAAMhB,OAAOX,KAAKS,MAAL,CAAYE,IAAzB;AACA;AACA,UAAMiC,kBAAkBxB,IAAIC,UAAJ,CAAe,QAAf,EAAyBsB,GAAzB,CAAxB;AACA,UAAME,SAAS,MAAMD,gBAAgBE,IAAhB,CAAqB,EAAEC,UAAU,KAAZ,EAArB,CAArB;AACA,UAAMC,QAAQC,GAAR,CAAYJ,OAAOK,GAAP,CAAW,iBAAS;AACtC;AACE,aAAO/B,qBAAqBgC,MAArB,CAA4BC,MAAMC,GAAN,CAAUC,QAAV,EAA5B,EAAkD;AACvDxB,eAAO;AACLyB,iBAAO;AADF,SADgD;AAIvD5C,YAJuD;AAKvD6C,eAAOxD,KAAKS,MAAL,CAAY+C,KALoC;AAMvD;AACA;AACAC,kBAAUzD,KAAKS,MAAL,CAAYgD,QARiC;AASvDC,yBAAiB1D,KAAKS,MAAL,CAAYiD,eAT0B;AAUvD/B,kBAAUyB,KAV6C;AAWvDO,0BAAkBf;AAXqC,OAAlD,CAAP;AAaD,KAfiB,CAAZ,CAAN;AAgBApC,UAAM,qDAAqDmC,IAAIU,GAA/D;AACA,WAAOrD,IAAP;AACD,G;;kBA1BqB4D,sC;;;;;;gCA4Bf,WAAqD5D,IAArD,EAA2D;AAChE,UAAMoB,MAAMpB,KAAKoB,GAAjB;AACA,UAAMuB,MAAM3C,KAAKS,MAAL,CAAYkB,QAAxB;AACA,UAAMkC,iBAAiB7D,KAAKS,MAAL,CAAYiD,eAAnC;AACA,UAAMI,iBAAiB1C,IAAIC,UAAJ,CAAe,MAAf,EAAuBsB,GAAvB,CAAvB;AACA,UAAMc,WAAWzD,KAAKS,MAAL,CAAYgD,QAAZ,IAAwB,EAAzC;AACA,QAAIA,SAASM,MAAT,KAAoB,CAAxB,EAA2B,OAAO/D,IAAP;AAC3B;AACA,UAAMgE,UAAU,MAAMF,eAAehB,IAAf,CAAoB,EAAEC,UAAU,KAAZ,EAApB,CAAtB;AACA,UAAMkB,WAAW,EAAjB;AACAR,aAASS,OAAT,CAAiB,mBAAW;AAC1B,YAAMC,OAAOC,QAAQD,IAAR,IAAgB,EAA7B;AACA;AACA,YAAME,UAAUxD,iBAAEyD,gBAAF,CAAmBH,IAAnB,EAAyBH,OAAzB,EAAkCO,kBAAlC,CAAhB;AACA;AACA,YAAMC,aAAa3D,iBAAE4D,cAAF,CAAiBN,IAAjB,EAAuBH,OAAvB,EAAgCO,kBAAhC,CAAnB;AACA;AACA,UAAIF,QAAQN,MAAR,GAAiB,CAArB,EAAwB;AACtBE,iBAASS,IAAT,CAAcb,eAAec,KAAf,CAAqBP,QAAQf,GAAR,CAAYC,QAAZ,EAArB,EAA6C,EAAEa,MAAMK,UAAR,EAAoBI,SAASR,QAAQQ,OAArC,EAA7C,CAAd;AACD;AACF,KAVD;AAWA;AACA,UAAM5B,QAAQC,GAAR,CAAYgB,QAAZ,CAAN;AACAzD,UAAO,iBAAgByD,SAASF,MAAO,6BAAjC,GAAgEpB,IAAIU,GAA1E;AACA,WAAOrD,IAAP;AACD,G;;kBAzBqB6E,oC;;;;;QA5TNC,S,GAAAA,S;QAsBAC,gB,GAAAA,gB;QAQAC,kB,GAAAA,kB;QAQAC,gB,GAAAA,gB;QAQAC,kB,GAAAA,kB;QAQAC,iB,GAAAA,iB;QAgLAC,e,GAAAA,e;QAiBAC,wB,GAAAA,wB;;AAlQhB;;;;AACA;;;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;;;;;AAEA,MAAM7E,QAAQ,qBAAU,+BAAV,CAAd;;AAEO,SAASsE,SAAT,CAAoBQ,UAAU,EAA9B,EAAkC;AACvC;AAAA,iCAAO,WAAgBtF,IAAhB,EAAsB;AAC3B,YAAMuF,WAAWvF,KAAKoB,GAAL,CAASH,GAAT,CAAa,gBAAb,KAAkCjB,KAAKoB,GAAL,CAASH,GAAT,CAAa,MAAb,CAAnD;AACA,YAAMN,OAAOE,iBAAEI,GAAF,CAAMjB,IAAN,EAAY,aAAZ,CAAb;AACA,UAAIwF,QAAQ,mCAASxF,IAAT,CAAZ;AACA,YAAMyF,UAAUC,MAAMD,OAAN,CAAcD,KAAd,CAAhB;AACAA,cAASC,UAAUD,KAAV,GAAkB,CAACA,KAAD,CAA3B;AACA;AACA,YAAMG,eAAe,MAAM3C,QAAQC,GAAR,CAAYuC,MAAMtC,GAAN,CAAU;AAAA,eAAQlD,KAAKoB,GAAL,CAASwE,QAAT,CAAkBd,SAAlB;AACvD;AACC,eAAOQ,QAAQO,OAAf,KAA2B,UAA3B,GAAwCP,QAAQO,OAAR,CAAgBlF,IAAhB,CAAxC,GAAgE,EAFV;AAGvD;AACA;AACAE,yBAAEwB,KAAF,CAAQ,EAAR,EAAYkD,QAAZ,EAAuB,OAAOD,QAAQQ,GAAf,KAAuB,UAAvB,GAAoC,EAAEA,KAAKR,QAAQQ,GAAR,CAAYnF,IAAZ,CAAP,EAApC,GAAiE2E,OAAxF,CALuD,CAAR;AAAA,OAAV,CAAZ,CAA3B;AAOA;AACAE,YAAMtB,OAAN,CAAc,UAAC6B,IAAD,EAAOC,KAAP;AAAA,eAAiBnF,iBAAEoF,GAAF,CAAMF,IAAN,EAAYT,QAAQ/E,IAAR,IAAgB,aAA5B,EAA2CoF,aAAaK,KAAb,CAA3C,CAAjB;AAAA,OAAd;AACA,6CAAahG,IAAb,EAAmByF,UAAUD,KAAV,GAAkBA,MAAM,CAAN,CAArC;AACA,aAAOxF,IAAP;AACD,KAlBD;;AAAA;AAAA;AAAA;AAAA;AAmBD;;AAEM,SAAS+E,gBAAT,CAA2B/E,IAA3B,EAAiC;AACtC,MAAIA,KAAKC,IAAL,KAAc,QAAlB,EAA4B;AAC1B,UAAM,IAAIC,KAAJ,CAAU,yEAAV,CAAN;AACD;;AAED,SAAO,4BAAgB,EAAEgG,cAAc,iBAAhB,EAAmCC,SAAS,UAA5C,EAAwDC,iBAAiB,IAAzE,EAAhB,EAAiGpG,IAAjG,CAAP;AACD;;AAEM,SAASgF,kBAAT,CAA6BhF,IAA7B,EAAmC;AACxC,MAAIA,KAAKC,IAAL,KAAc,OAAlB,EAA2B;AACzB,UAAM,IAAIC,KAAJ,CAAU,0EAAV,CAAN;AACD;;AAED,SAAO,8BAAkB,EAAEgG,cAAc,iBAAhB,EAAmCC,SAAS,UAA5C,EAAlB,EAA4EnG,IAA5E,CAAP;AACD;;AAEM,SAASiF,gBAAT,CAA2BjF,IAA3B,EAAiC;AACtC,MAAIA,KAAKC,IAAL,KAAc,QAAlB,EAA4B;AAC1B,UAAM,IAAIC,KAAJ,CAAU,yEAAV,CAAN;AACD;;AAED,SAAO,2BAAe,EAAEgG,cAAc,kBAAhB,EAAoCC,SAAS,UAA7C,EAAyDC,iBAAiB,IAA1E,EAAf,EAAiGpG,IAAjG,CAAP;AACD;;AAEM,SAASkF,kBAAT,CAA6BlF,IAA7B,EAAmC;AACxC,MAAIA,KAAKC,IAAL,KAAc,OAAlB,EAA2B;AACzB,UAAM,IAAIC,KAAJ,CAAU,0EAAV,CAAN;AACD;;AAED,SAAO,6BAAiB,EAAEgG,cAAc,kBAAhB,EAAoCC,SAAS,UAA7C,EAAjB,EAA4EnG,IAA5E,CAAP;AACD;;AAEM,SAASmF,iBAAT,CAA4BnF,IAA5B,EAAkC;AACvC,MAAIA,KAAKC,IAAL,KAAc,QAAlB,EAA4B;AAC1B,UAAM,IAAIC,KAAJ,CAAU,0EAAV,CAAN;AACD;;AAED,QAAMO,SAAST,KAAKS,MAApB;AACA;AACA,MAAI4F,kBAAkBxF,iBAAEC,GAAF,CAAML,MAAN,EAAc,UAAd,CAAtB;AACAD,QAAM,uBAAuB6F,kBAAkB,SAAlB,GAA8B,UAArD,IAAmE,eAAzE;AACA;AACA,MAAIxF,iBAAEC,GAAF,CAAML,MAAN,EAAc,iBAAd,CAAJ,EAAsC;AACpC4F,sBAAkB5F,OAAO4F,eAAzB;AACA7F,UAAM,uBAAuB6F,kBAAkB,QAAlB,GAA6B,UAApD,CAAN;AACD;;AAED,MAAIA,eAAJ,EAAqB;AACnB,UAAM1F,OAAOF,OAAOE,IAApB;AACA;AACA,UAAMiB,OAAO5B,KAAK4B,IAAL,IAAa,EAA1B;AACA;AACA,UAAME,QAAQrB,OAAOqB,KAAP,IAAgB,EAA9B;AACA,UAAMwE,YAAY1E,KAAK2B,KAAL,IAAczB,MAAMyB,KAAtC,CANmB,CAMyB;AAC5C;AACA,UAAMA,QAAQ1C,iBAAEI,GAAF,CAAMN,IAAN,EAAY2F,SAAZ,EAAuB,EAAvB,CAAd;AACA;AACA,UAAM3E,WAAWd,iBAAEiC,IAAF,CAAOS,KAAP,EAAc5B,YAAYA,SAAS0B,GAAT,IAAiB1B,SAAS0B,GAAT,CAAaC,QAAb,OAA4B7C,OAAOkB,QAAP,CAAgB0B,GAAhB,CAAoBC,QAApB,EAAvE,CAAjB;AACA;AACA,UAAMiD,cAAe5E,WAAWA,SAAS4E,WAApB,GAAkCC,SAAvD;AACA,UAAMC,OAAQF,cAAcG,mBAAMH,WAAN,CAAd,GAAmCC,SAAjD;AACA,QAAI3F,iBAAE8F,WAAF,CAAcF,IAAd,CAAJ,EAAyB;AACvBjG,YAAM,wDAAwD8F,SAA9D;AACA,YAAM,IAAI7E,iBAAJ,CAAc,yDAAd,CAAN;AACD;;AAED;;AAEA;AACA;AACA;AACA;AACA;AACA,UAAMgC,WAAWhD,OAAOgD,QAAP,CAAgBmD,MAAhB,CAAuBxC,WAAW;AACjD,YAAMyC,eAAehG,iBAAEI,GAAF,CAAMmD,OAAN,EAAekC,SAAf,EAA0B,EAA1B,CAArB;AACA,YAAMQ,kBAAkBjG,iBAAEiC,IAAF,CAAO+D,YAAP,EAAqBlF,YAAYA,SAAS0B,GAAT,IAAiB1B,SAAS0B,GAAT,CAAaC,QAAb,OAA4B7C,OAAOkB,QAAP,CAAgB0B,GAAhB,CAAoBC,QAApB,EAA9E,CAAxB;AACA,YAAMyD,qBAAsBD,kBAAkBA,gBAAgBP,WAAlC,GAAgDC,SAA5E;AACA,YAAMQ,cAAeD,qBAAqBL,mBAAMK,kBAAN,CAArB,GAAiDP,SAAtE;AACA,YAAMS,UAAU,CAACpG,iBAAE8F,WAAF,CAAcK,WAAd,CAAjB;AACA,UAAIhH,KAAKI,MAAL,KAAgB,QAApB,EAA8B;AAC5B,eAAQ,CAAC6G,OAAD,IAAaD,eAAeP,IAApC,CAD4B,CACe;AAC5C,OAFD,MAEO;AACL,eAAQQ,WAAYD,eAAeP,IAAnC,CADK,CACqC;AAC3C;AACF,KAXgB,CAAjB;AAYA,QAAIhD,SAASM,MAAT,GAAkBtD,OAAOgD,QAAP,CAAgBM,MAAtC,EAA8C;AAC5CvD,YAAO,GAAGC,OAAOgD,QAAP,CAAgBM,MAAhB,GAAyBN,SAASM,MAAQ,2DAA0DuC,SAAU,EAAxH;AACA,YAAM,IAAI7E,iBAAJ,CAAc,2DAAd,CAAN;AACD;AACD;AACA;AACA;AACA,QAAIyF,iBAAJ;AACA,QAAItF,KAAK2E,WAAT,EAAsB;AACpBW,0BAAoBR,mBAAM9E,KAAK2E,WAAX,CAApB;AACD,KAFD,MAEO,IAAIzE,MAAMyE,WAAV,EAAuB;AAC5BW,0BAAoBR,mBAAM5E,MAAMyE,WAAZ,CAApB;AACD;AACD,QAAI,CAAC1F,iBAAE8F,WAAF,CAAcO,iBAAd,CAAL,EAAuC;AACrC,UAAIA,oBAAoBT,IAAxB,EAA8B;AAC5BjG,cAAM,6DAA6D8F,SAAnE;AACA,cAAM,IAAI7E,iBAAJ,CAAc,yDAAd,CAAN;AACD;AACF;AACF;;AAED,SAAOzB,IAAP;AACD;;AAqGM,SAASoF,eAAT,CAA0BE,UAAU,EAApC,EAAwC;AAC7C;AAAA,kCAAO,WAAgBtF,IAAhB,EAAsB;AAC3B,YAAMoB,MAAMpB,KAAKoB,GAAjB;AACA,YAAMX,SAAST,KAAKS,MAApB;AACA,YAAMU,uBAAuBC,IAAIC,UAAJ,CAAe,gBAAf,CAA7B;AACA,UAAI+C,UAAWkB,QAAQ6B,aAAR,GAAwB,mCAASnH,IAAT,CAAxB,GAAyCS,OAAOE,IAA/D;AACA;AACA;AACA,UAAI2E,QAAQ8B,YAAZ,EAA0B;AACxBhD,kBAAU,MAAMpE,KAAKM,OAAL,CAAaW,GAAb,CAAiBmD,QAAQf,GAAR,CAAYC,QAAZ,EAAjB,CAAhB;AACD;AACD,YAAMhC,YAAY,MAAMH,qBAAqBiE,eAArB,CAAqChB,OAArC,CAAxB;AACA5D,YAAM,8BAAN,EAAsC4D,OAAtC,EAA+C9C,UAAUE,KAAzD;AACA,aAAOxB,IAAP;AACD,KAbD;;AAAA;AAAA;AAAA;AAAA;AAcD;;AAEM,SAASqF,wBAAT,CAAmCgC,aAAnC,EAAkD;AACvD;AAAA,kCAAO,WAAgBrH,IAAhB,EAAsB;AAC3B;AACA,UAAIA,KAAKS,MAAL,CAAY+C,KAAhB,EAAuB,OAAOxD,IAAP;AACvB,YAAMS,SAAST,KAAKS,MAApB;AACA,YAAMmB,OAAO5B,KAAK4B,IAAL,IAAa,EAA1B;AACA,YAAME,QAAQrB,OAAOqB,KAAP,IAAgB,EAA9B;AACA,YAAMyB,QAAQ3B,KAAK2B,KAAL,IAAczB,MAAMyB,KAAlC;AACA,YAAM+D,qBAAqB1F,KAAK2E,WAAL,IAAoBzE,MAAMyE,WAArD;AACA,YAAMgB,cAAeD,qBAAqBZ,mBAAMY,kBAAN,CAArB,GAAiDd,SAAtE;AACA,YAAM7E,WAAW3B,KAAKS,MAAL,CAAYkB,QAA7B;AACA,YAAM8B,WAAWzD,KAAKS,MAAL,CAAYgD,QAA7B;AACA,YAAMI,iBAAiB7D,KAAKS,MAAL,CAAYiD,eAAnC;AACA;AACA,UAAI,CAAC7C,iBAAE8F,WAAF,CAAcY,WAAd,CAAD,IAAgCA,gBAAgBb,mBAAMc,KAA1D,EAAkE,OAAOxH,IAAP;;AAElE,UAAKuD,UAAU8D,aAAX,IAA6B1F,QAA7B,IAAyCA,SAAS0B,GAAtD,EAA2D;AACzD;AACA,cAAMoE,SAAS,MAAM,2CAAyB5D,cAAzB,EAAyCwD,aAAzC,EAAwD1F,SAAS0B,GAAjE,EAAsEqD,mBAAMc,KAA5E,CAArB;AACA;AACA,cAAME,gBAAgBjE,SAASkE,MAAT,CAAgB,UAACC,KAAD,EAAQxD,OAAR,EAAoB;AACxD,gBAAMyD,YAAYhH,iBAAEI,GAAF,CAAMmD,OAAN,EAAeiD,aAAf,EAA8B,EAA9B,CAAlB;AACA,gBAAMS,gBAAgBjH,iBAAEiC,IAAF,CAAO+E,SAAP,EAAkB,EAAExE,KAAK1B,SAAS0B,GAAhB,EAAqBkD,aAAawB,uBAAUrB,mBAAMc,KAAhB,CAAlC,EAAlB,CAAtB;AACA,iBAAQM,gBAAgBF,QAAQ,CAAxB,GAA4BA,KAApC;AACD,SAJqB,EAInB,CAJmB,CAAtB;AAKA;AACA,YAAIF,iBAAiBD,OAAOnF,KAA5B,EAAmC;AACjC9B,gBAAM,2CAAN,EAAmDmB,QAAnD;AACA,gBAAMqG,eAAerG,SAASpB,IAAT,GAAgBoB,SAASpB,IAAzB,GAAgCoB,SAAS0B,GAAT,CAAaC,QAAb,EAArD;AACA,gBAAM,IAAI7B,iBAAJ,CAAc,8DAA8DuG,YAA5E,EAA0F;AAC9FC,yBAAa;AACX/F,mBAAK,0BADM;AAEXzB,sBAAQ,EAAEkB,UAAUqG,YAAZ;AAFG;AADiF,WAA1F,CAAN;AAMD;AACF;AACD,aAAOhI,IAAP;AACD,KArCD;;AAAA;AAAA;AAAA;AAAA;AAsCD","file":"hooks.authorisations.js","sourcesContent":["import _ from 'lodash'\r\nimport makeDebug from 'debug'\r\nimport { getItems, replaceItems } from 'feathers-hooks-common'\r\nimport { Forbidden } from '@feathersjs/errors'\r\nimport { populateObject, unpopulateObject, populateObjects, unpopulateObjects } from './hooks.query'\r\nimport { objectifyIDs } from '../db'\r\nimport { hasServiceAbilities, hasResourceAbilities, getQueryForAbilities, Roles, RoleNames, countSubjectsForResource } from '../../common/permissions'\r\nimport { isTagEqual } from './hooks.tags'\r\n\r\nconst debug = makeDebug('kdk:core:authorisations:hooks')\r\n\r\nexport function createJWT (options = {}) {\r\n return async function (hook) {\r\n const defaults = hook.app.get('authentication') \|\| hook.app.get('auth')\r\n const user = _.get(hook, 'params.user')\r\n let items = getItems(hook)\r\n const isArray = Array.isArray(items)\r\n items = (isArray ? items : [items])\r\n // Generate access tokens for all items\r\n const accessTokens = await Promise.all(items.map(item => hook.app.passport.createJWT(\r\n // Provided function can be used to pick or omit properties in JWT payload\r\n (typeof options.payload === 'function' ? options.payload(user) : {}),\r\n // Provided function can be used for custom options cdepending on the user,\r\n // then we merge with default auth options for global properties like aud, iss, etc.\r\n _.merge({}, defaults, (typeof options.jwt === 'function' ? { jwt: options.jwt(user) } : options)))\r\n ))\r\n // Store access token on items\r\n items.forEach((item, index) => _.set(item, options.name \|\| 'accessToken', accessTokens[index]))\r\n replaceItems(hook, isArray ? items : items[0])\r\n return hook\r\n }\r\n}\r\n\r\nexport function populateSubjects (hook) {\r\n if (hook.type !== 'before') {\r\n throw new Error('The \\'populateSubjects\\' hook should only be used as a \\'before\\' hook.')\r\n }\r\n\r\n return populateObjects({ serviceField: 'subjectsService', idField: 'subjects', throwOnNotFound: true })(hook)\r\n}\r\n\r\nexport function unpopulateSubjects (hook) {\r\n if (hook.type !== 'after') {\r\n throw new Error('The \\'unpopulateSubjects\\' hook should only be used as a \\'after\\' hook.')\r\n }\r\n\r\n return unpopulateObjects({ serviceField: 'subjectsService', idField: 'subjects' })(hook)\r\n}\r\n\r\nexport function populateResource (hook) {\r\n if (hook.type !== 'before') {\r\n throw new Error('The \\'populateResource\\' hook should only be used as a \\'before\\' hook.')\r\n }\r\n\r\n return populateObject({ serviceField: 'resourcesService', idField: 'resource', throwOnNotFound: true })(hook)\r\n}\r\n\r\nexport function unpopulateResource (hook) {\r\n if (hook.type !== 'after') {\r\n throw new Error('The \\'unpopulateResource\\' hook should only be used as a \\'after\\' hook.')\r\n }\r\n\r\n return unpopulateObject({ serviceField: 'resourcesService', idField: 'resource' })(hook)\r\n}\r\n\r\nexport function preventEscalation (hook) {\r\n if (hook.type !== 'before') {\r\n throw new Error('The \\'preventEscalation\\' hook should only be used as a \\'before\\' hook.')\r\n }\r\n\r\n const params = hook.params\r\n // If called internally we skip authorisation\r\n let checkEscalation = _.has(params, 'provider')\r\n debug('Escalation check ' + (checkEscalation ? 'enabled' : 'disabled') + ' for provider')\r\n // If explicitely asked to perform/skip, override defaults\r\n if (_.has(params, 'checkEscalation')) {\r\n checkEscalation = params.checkEscalation\r\n debug('Escalation check ' + (checkEscalation ? 'forced' : 'unforced'))\r\n }\r\n\r\n if (checkEscalation) {\r\n const user = params.user\r\n // Make hook usable on remove as well\r\n const data = hook.data \|\| {}\r\n // Make hook usable with query params as well\r\n const query = params.query \|\| {}\r\n const scopeName = data.scope \|\| query.scope // Get scope name first\r\n // Retrieve the right scope on the user\r\n const scope = _.get(user, scopeName, [])\r\n // Then the target resource\r\n const resource = _.find(scope, resource => resource._id && (resource._id.toString() === params.resource._id.toString()))\r\n // Then user permission level\r\n const permissions = (resource ? resource.permissions : undefined)\r\n const role = (permissions ? Roles[permissions] : undefined)\r\n if (_.isUndefined(role)) {\r\n debug('Role for authorisation not found on user for scope ' + scopeName)\r\n throw new Forbidden('You are not allowed to change authorisation on resource')\r\n }\r\n\r\n // Check if privilege escalation might occur, if so clamp to user permission level\r\n\r\n // Input subjects need to be checked:\r\n // - on create you should not be able to change permissions on others having higher permissions than yourself\r\n // (e.g. cannot change a owner into a manager when you are a manager)\r\n // - on remove you should not be able to remove permissions on others having higher permissions than yourself\r\n // (e.g. cannot remove a owner when you are a manager)\r\n const subjects = params.subjects.filter(subject => {\r\n const subjectScope = _.get(subject, scopeName, [])\r\n const subjectResource = _.find(subjectScope, resource => resource._id && (resource._id.toString() === params.resource._id.toString()))\r\n const subjectPermissions = (subjectResource ? subjectResource.permissions : undefined)\r\n const subjectRole = (subjectPermissions ? Roles[subjectPermissions] : undefined)\r\n const hasRole = !_.isUndefined(subjectRole)\r\n if (hook.method === 'create') {\r\n return (!hasRole \|\| (subjectRole <= role)) // The first time no authorisation can be found\r\n } else {\r\n return (hasRole && (subjectRole <= role)) // Authorisation must be found on remove\r\n }\r\n })\r\n if (subjects.length < params.subjects.length) {\r\n debug(`${(params.subjects.length - subjects.length)} subjects with higher permissions level found for scope ${scopeName}`)\r\n throw new Forbidden('You are not allowed to change authorisation on subject(s)')\r\n }\r\n // Input permissions needs to be checked since:\r\n // - you should not be able to give higher permissions than your own ones to others\r\n // (e.g. cannot create a owner when you are a manager)\r\n let authorisationRole\r\n if (data.permissions) {\r\n authorisationRole = Roles[data.permissions]\r\n } else if (query.permissions) {\r\n authorisationRole = Roles[query.permissions]\r\n }\r\n if (!_.isUndefined(authorisationRole)) {\r\n if (authorisationRole > role) {\r\n debug('Cannot escalate with higher permissions level for scope ' + scopeName)\r\n throw new Forbidden('You are not allowed to change authorisation on resource')\r\n }\r\n }\r\n }\r\n\r\n return hook\r\n}\r\n\r\nexport async function authorise (hook) {\r\n if (hook.type !== 'before') {\r\n throw new Error('The \\'authorise\\' hook should only be used as a \\'before\\' hook.')\r\n }\r\n const operation = hook.method\r\n const resourceType = hook.service.name\r\n debug('Provider is', hook.params.provider)\r\n if (hook.params.user) debug('User is', hook.params.user)\r\n debug('Operation is', operation)\r\n if (resourceType) debug('Resource type is', resourceType)\r\n\r\n // If called internally we skip authorisation\r\n let checkAuthorisation = _.has(hook.params, 'provider')\r\n debug('Access check ' + (checkAuthorisation ? 'enabled' : 'disabled') + ' for provider')\r\n // If already checked we skip authorisation\r\n if (hook.params.authorised) {\r\n debug('Access already granted')\r\n checkAuthorisation = false\r\n }\r\n // We also skip authorisation for built-in Feathers services like authentication\r\n if (typeof hook.service.getPath !== 'function') {\r\n debug('Access disabled on built-in services')\r\n checkAuthorisation = false\r\n }\r\n // If explicitely asked to perform/skip, override defaults\r\n if (_.has(hook.params, 'checkAuthorisation')) {\r\n checkAuthorisation = _.get(hook.params, 'checkAuthorisation')\r\n // Bypass authorisation for next hooks otherwise we will loop infinitely\r\n delete hook.params.checkAuthorisation\r\n debug('Access check ' + (checkAuthorisation ? 'forced' : 'unforced'))\r\n }\r\n\r\n const context = hook.service.context\r\n if (checkAuthorisation) {\r\n // Build ability for user\r\n const authorisationService = hook.app.getService('authorisations')\r\n const abilities = await authorisationService.getAbilities(hook.params.user)\r\n hook.params.abilities = abilities\r\n debug('User abilities are', abilities.rules)\r\n\r\n // Check for access to service fisrt\r\n if (!hasServiceAbilities(abilities, hook.service)) {\r\n debug('Service access not granted')\r\n throw new Forbidden(`You are not allowed to access service ${hook.service.getPath()}`)\r\n }\r\n\r\n if (!hook.id) {\r\n // In this specific case there is no query to be run,\r\n // simply check against the object we'd like to create\r\n if (operation === 'create') {\r\n const resource = hook.data\r\n debug('Target resource is ', resource)\r\n if (!hasResourceAbilities(abilities, operation, resourceType, context, resource)) {\r\n debug('Resource access not granted')\r\n throw new Forbidden(`You are not allowed to perform ${operation} operation on ${resourceType}`)\r\n }\r\n } else {\r\n // When we find/update/patch/remove multiple items this ensures that\r\n // only the ones authorised by constraints on the resources will be fetched\r\n // This avoid fetching all first then check it one by one\r\n const dbQuery = objectifyIDs(getQueryForAbilities(abilities, operation, resourceType))\r\n if (dbQuery) {\r\n hook.params.query = _.transform(hook.params.query, (result, value, key) => {\r\n if (key === '$or') result.$and = [{ $or: value }]\r\n else result[key] = value\r\n }, {})\r\n _.merge(hook.params.query, dbQuery)\r\n } else {\r\n hook.result = { total: 0, skip: 0, data: [] }\r\n }\r\n }\r\n debug('Resource access granted')\r\n // Some specific services might not expose a get function, in this case we cannot check for authorisation\r\n // this has to be implemented by the service itself\r\n } else if (typeof hook.service.get === 'function') {\r\n // In this case (single get/update/patch/remove) we need to fetch the item first\r\n const resource = await hook.service.get(hook.id, Object.assign({ checkAuthorisation: false }, hook.params))\r\n debug('Target resource is', resource)\r\n // Then check against the object we'd like to manage\r\n if (!hasResourceAbilities(abilities, operation, resourceType, context, resource)) {\r\n debug('Resource access not granted')\r\n throw new Forbidden(`You are not allowed to perform ${operation} operation on ${resourceType}`)\r\n }\r\n // Avoid fetching again the object in this case\r\n if (operation === 'get') {\r\n hook.result = resource\r\n }\r\n hook.params.authorised = true\r\n debug('Resource access granted')\r\n return hook\r\n }\r\n } else {\r\n debug('Authorisation check skipped, access granted')\r\n }\r\n\r\n hook.params.authorised = true\r\n return hook\r\n}\r\n\r\nexport function updateAbilities (options = {}) {\r\n return async function (hook) {\r\n const app = hook.app\r\n const params = hook.params\r\n const authorisationService = app.getService('authorisations')\r\n let subject = (options.subjectAsItem ? getItems(hook) : params.user)\r\n // We might not have all information required eg on patch to compute new abilities,\r\n // in this case we have to fetch the whole subject\r\n if (options.fetchSubject) {\r\n subject = await hook.service.get(subject._id.toString())\r\n }\r\n const abilities = await authorisationService.updateAbilities(subject)\r\n debug('Abilities updated on subject', subject, abilities.rules)\r\n return hook\r\n }\r\n}\r\n\r\nexport function preventRemovingLastOwner (resourceScope) {\r\n return async function (hook) {\r\n // By pass check ?\r\n if (hook.params.force) return hook\r\n const params = hook.params\r\n const data = hook.data \|\| {}\r\n const query = params.query \|\| {}\r\n const scope = data.scope \|\| query.scope\r\n const grantedPermissions = data.permissions \|\| query.permissions\r\n const grantedRole = (grantedPermissions ? Roles[grantedPermissions] : undefined)\r\n const resource = hook.params.resource\r\n const subjects = hook.params.subjects\r\n const subjectService = hook.params.subjectsService\r\n // On create check if we try to downgrade permissions otherwise let pass through\r\n if (!_.isUndefined(grantedRole) && (grantedRole === Roles.owner)) return hook\r\n\r\n if ((scope === resourceScope) && resource && resource._id) {\r\n // Count existing owners\r\n const owners = await countSubjectsForResource(subjectService, resourceScope, resource._id, Roles.owner)\r\n // Now count owners we change/remove permissions on\r\n const removedOwners = subjects.reduce((count, subject) => {\r\n const resources = _.get(subject, resourceScope, [])\r\n const ownedResource = _.find(resources, { _id: resource._id, permissions: RoleNames[Roles.owner] })\r\n return (ownedResource ? count + 1 : count)\r\n }, 0)\r\n // If none remains stop\r\n if (removedOwners >= owners.total) {\r\n debug('Cannot remove the last owner of resource ', resource)\r\n const resourceName = resource.name ? resource.name : resource._id.toString()\r\n throw new Forbidden('You are not allowed to remove the last owner of resource ' + resourceName, {\r\n translation: {\r\n key: 'CANNOT_REMOVE_LAST_OWNER',\r\n params: { resource: resourceName }\r\n }\r\n })\r\n }\r\n }\r\n return hook\r\n }\r\n}\r\n\r\nexport async function removeOrganisationGroupsAuthorisations (hook) {\r\n const app = hook.app\r\n const authorisationService = app.getService('authorisations')\r\n const org = hook.params.resource\r\n const user = hook.params.user\r\n // Unset membership for the all org groups\r\n const orgGroupService = app.getService('groups', org)\r\n const groups = await orgGroupService.find({ paginate: false })\r\n await Promise.all(groups.map(group => {\r\n // Unset membership on group for the all org users\r\n return authorisationService.remove(group._id.toString(), {\r\n query: {\r\n scope: 'groups'\r\n },\r\n user,\r\n force: hook.params.force,\r\n // Because we already have resource set it as objects to avoid populating\r\n // Moreover used as an after hook the resource might not already exist anymore\r\n subjects: hook.params.subjects,\r\n subjectsService: hook.params.subjectsService,\r\n resource: group,\r\n resourcesService: orgGroupService\r\n })\r\n }))\r\n debug('Authorisations unset on groups for organisation ' + org._id)\r\n return hook\r\n}\r\n\r\nexport async function removeOrganisationTagsAuthorisations (hook) {\r\n const app = hook.app\r\n const org = hook.params.resource\r\n const subjectService = hook.params.subjectsService\r\n const orgTagsService = app.getService('tags', org)\r\n const subjects = hook.params.subjects \|\| []\r\n if (subjects.length === 0) return hook\r\n // Retrieve org tags\r\n const orgTags = await orgTagsService.find({ paginate: false })\r\n const promises = []\r\n subjects.forEach(subject => {\r\n const tags = subject.tags \|\| []\r\n // Find tags from org\r\n const fromOrg = _.intersectionWith(tags, orgTags, isTagEqual)\r\n // Clear removed tags\r\n const notFromOrg = _.differenceWith(tags, orgTags, isTagEqual)\r\n // Update subject if required\r\n if (fromOrg.length > 0) {\r\n promises.push(subjectService.patch(subject._id.toString(), { tags: notFromOrg, devices: subject.devices }))\r\n }\r\n })\r\n // Perform subject updates in parallel\r\n await Promise.all(promises)\r\n debug(`Tags unset on ${promises.length} subjects for organisation ` + org._id)\r\n return hook\r\n}\r\n"]}
1	+ {"version":3,"sources":["../../../../core/api/hooks/hooks.authorisations.js"],"names":["hook","type","Error","operation","method","resourceType","service","name","debug","params","provider","user","checkAuthorisation","_","has","authorised","getPath","get","context","authorisationService","app","getService","abilities","getAbilities","rules","Forbidden","id","resource","data","dbQuery","query","transform","result","value","key","$and","$or","merge","total","skip","Object","assign","authorise","org","orgGroupService","groups","find","paginate","Promise","all","map","remove","group","_id","toString","scope","force","subjects","subjectsService","resourcesService","removeOrganisationGroupsAuthorisations","subjectService","orgTagsService","length","orgTags","promises","forEach","tags","subject","fromOrg","intersectionWith","isTagEqual","notFromOrg","differenceWith","push","patch","devices","removeOrganisationTagsAuthorisations","createJWT","populateSubjects","unpopulateSubjects","populateResource","unpopulateResource","preventEscalation","updateAbilities","preventRemovingLastOwner","options","defaults","items","isArray","Array","accessTokens","passport","payload","jwt","item","index","set","serviceField","idField","throwOnNotFound","checkEscalation","scopeName","permissions","undefined","role","Roles","isUndefined","filter","subjectScope","subjectResource","subjectPermissions","subjectRole","hasRole","authorisationRole","subjectAsItem","fetchSubject","resourceScope","grantedPermissions","grantedRole","owner","owners","removedOwners","reduce","count","resources","ownedResource","RoleNames","resourceName","translation"],"mappings":";;;;;;;;gCA8IO,WAA0BA,IAA1B,EAAgC;AACrC,QAAIA,KAAKC,IAAL,KAAc,QAAlB,EAA4B;AAC1B,YAAM,IAAIC,KAAJ,CAAU,kEAAV,CAAN;AACD;AACD,UAAMC,YAAYH,KAAKI,MAAvB;AACA,UAAMC,eAAeL,KAAKM,OAAL,CAAaC,IAAlC;AACAC,UAAM,aAAN,EAAqBR,KAAKS,MAAL,CAAYC,QAAjC;AACA,QAAIV,KAAKS,MAAL,CAAYE,IAAhB,EAAsBH,MAAM,SAAN,EAAiBR,KAAKS,MAAL,CAAYE,IAA7B;AACtBH,UAAM,cAAN,EAAsBL,SAAtB;AACA,QAAIE,YAAJ,EAAkBG,MAAM,kBAAN,EAA0BH,YAA1B;;AAElB;AACA,QAAIO,qBAAqBC,iBAAEC,GAAF,CAAMd,KAAKS,MAAX,EAAmB,UAAnB,CAAzB;AACAD,UAAM,mBAAmBI,qBAAqB,SAArB,GAAiC,UAApD,IAAkE,eAAxE;AACA;AACA,QAAIZ,KAAKS,MAAL,CAAYM,UAAhB,EAA4B;AAC1BP,YAAM,wBAAN;AACAI,2BAAqB,KAArB;AACD;AACD;AACA,QAAI,OAAOZ,KAAKM,OAAL,CAAaU,OAApB,KAAgC,UAApC,EAAgD;AAC9CR,YAAM,sCAAN;AACAI,2BAAqB,KAArB;AACD;AACD;AACA,QAAIC,iBAAEC,GAAF,CAAMd,KAAKS,MAAX,EAAmB,oBAAnB,CAAJ,EAA8C;AAC5CG,2BAAqBC,iBAAEI,GAAF,CAAMjB,KAAKS,MAAX,EAAmB,oBAAnB,CAArB;AACA;AACA,aAAOT,KAAKS,MAAL,CAAYG,kBAAnB;AACAJ,YAAM,mBAAmBI,qBAAqB,QAArB,GAAgC,UAAnD,CAAN;AACD;;AAED,UAAMM,UAAUlB,KAAKM,OAAL,CAAaY,OAA7B;AACA,QAAIN,kBAAJ,EAAwB;AACtB;AACA,YAAMO,uBAAuBnB,KAAKoB,GAAL,CAASC,UAAT,CAAoB,gBAApB,CAA7B;AACA,YAAMC,YAAY,MAAMH,qBAAqBI,YAArB,CAAkCvB,KAAKS,MAAL,CAAYE,IAA9C,CAAxB;AACAX,WAAKS,MAAL,CAAYa,SAAZ,GAAwBA,SAAxB;AACAd,YAAM,oBAAN,EAA4Bc,UAAUE,KAAtC;;AAEA;AACA,UAAI,CAAC,sCAAoBF,SAApB,EAA+BtB,KAAKM,OAApC,CAAL,EAAmD;AACjDE,cAAM,4BAAN;AACA,cAAM,IAAIiB,iBAAJ,CAAe,yCAAwCzB,KAAKM,OAAL,CAAaU,OAAb,EAAuB,EAA9E,CAAN;AACD;;AAED,UAAI,CAAChB,KAAK0B,EAAV,EAAc;AACZ;AACA;AACA,YAAIvB,cAAc,QAAlB,EAA4B;AAC1B,gBAAMwB,WAAW3B,KAAK4B,IAAtB;AACApB,gBAAM,qBAAN,EAA6BmB,QAA7B;AACA,cAAI,CAAC,uCAAqBL,SAArB,EAAgCnB,SAAhC,EAA2CE,YAA3C,EAAyDa,OAAzD,EAAkES,QAAlE,CAAL,EAAkF;AAChFnB,kBAAM,6BAAN;AACA,kBAAM,IAAIiB,iBAAJ,CAAe,kCAAiCtB,SAAU,iBAAgBE,YAAa,EAAvF,CAAN;AACD;AACF,SAPD,MAOO;AACL;AACA;AACA;AACA,gBAAMwB,UAAU,sBAAa,uCAAqBP,SAArB,EAAgCnB,SAAhC,EAA2CE,YAA3C,CAAb,CAAhB;AACA,cAAIwB,OAAJ,EAAa;AACX7B,iBAAKS,MAAL,CAAYqB,KAAZ,GAAoBjB,iBAAEkB,SAAF,CAAY/B,KAAKS,MAAL,CAAYqB,KAAxB,EAA+B,UAACE,MAAD,EAASC,KAAT,EAAgBC,GAAhB,EAAwB;AACzE,kBAAIA,QAAQ,KAAZ,EAAmBF,OAAOG,IAAP,GAAc,CAAC,EAAEC,KAAKH,KAAP,EAAD,CAAd,CAAnB,KACKD,OAAOE,GAAP,IAAcD,KAAd;AACN,aAHmB,EAGjB,EAHiB,CAApB;AAIApB,6BAAEwB,KAAF,CAAQrC,KAAKS,MAAL,CAAYqB,KAApB,EAA2BD,OAA3B;AACD,WAND,MAMO;AACL,gBAAI1B,cAAc,MAAlB,EAA0B;AAAE;AAC1BH,mBAAKgC,MAAL,GAAe,CAACnB,iBAAEI,GAAF,CAAMjB,IAAN,EAAY,iBAAZ,EAA+B,IAA/B,CAAD,GAAwC,EAAxC,GAA6C,EAAEsC,OAAO,CAAT,EAAYC,MAAM,CAAlB,EAAqBX,MAAM,EAA3B,EAA5D;AACD,aAFD,MAEO;AAAE;AACPpB,oBAAM,6BAAN;AACA,oBAAM,IAAIiB,iBAAJ,CAAe,kCAAiCtB,SAAU,iBAAgBE,YAAa,EAAvF,CAAN;AACD;AACF;AACF;AACDG,cAAM,yBAAN;AACF;AACA;AACC,OAjCD,MAiCO,IAAI,OAAOR,KAAKM,OAAL,CAAaW,GAApB,KAA4B,UAAhC,EAA4C;AACjD;AACA,cAAMU,WAAW,MAAM3B,KAAKM,OAAL,CAAaW,GAAb,CAAiBjB,KAAK0B,EAAtB,EAA0Bc,OAAOC,MAAP,CAAc,EAAE7B,oBAAoB,KAAtB,EAAd,EAA6CZ,KAAKS,MAAlD,CAA1B,CAAvB;AACAD,cAAM,oBAAN,EAA4BmB,QAA5B;AACA;AACA,YAAI,CAAC,uCAAqBL,SAArB,EAAgCnB,SAAhC,EAA2CE,YAA3C,EAAyDa,OAAzD,EAAkES,QAAlE,CAAL,EAAkF;AAChFnB,gBAAM,6BAAN;AACA,gBAAM,IAAIiB,iBAAJ,CAAe,kCAAiCtB,SAAU,iBAAgBE,YAAa,EAAvF,CAAN;AACD;AACD;AACA,YAAIF,cAAc,KAAlB,EAAyB;AACvBH,eAAKgC,MAAL,GAAcL,QAAd;AACD;AACD3B,aAAKS,MAAL,CAAYM,UAAZ,GAAyB,IAAzB;AACAP,cAAM,yBAAN;AACA,eAAOR,IAAP;AACD;AACF,KA/DD,MA+DO;AACLQ,YAAM,6CAAN;AACD;;AAEDR,SAAKS,MAAL,CAAYM,UAAZ,GAAyB,IAAzB;AACA,WAAOf,IAAP;AACD,G;;kBAtGqB0C,S;;;;;;gCAkKf,WAAuD1C,IAAvD,EAA6D;AAClE,UAAMoB,MAAMpB,KAAKoB,GAAjB;AACA,UAAMD,uBAAuBC,IAAIC,UAAJ,CAAe,gBAAf,CAA7B;AACA,UAAMsB,MAAM3C,KAAKS,MAAL,CAAYkB,QAAxB;AACA,UAAMhB,OAAOX,KAAKS,MAAL,CAAYE,IAAzB;AACA;AACA,UAAMiC,kBAAkBxB,IAAIC,UAAJ,CAAe,QAAf,EAAyBsB,GAAzB,CAAxB;AACA,UAAME,SAAS,MAAMD,gBAAgBE,IAAhB,CAAqB,EAAEC,UAAU,KAAZ,EAArB,CAArB;AACA,UAAMC,QAAQC,GAAR,CAAYJ,OAAOK,GAAP,CAAW,iBAAS;AACtC;AACE,aAAO/B,qBAAqBgC,MAArB,CAA4BC,MAAMC,GAAN,CAAUC,QAAV,EAA5B,EAAkD;AACvDxB,eAAO;AACLyB,iBAAO;AADF,SADgD;AAIvD5C,YAJuD;AAKvD6C,eAAOxD,KAAKS,MAAL,CAAY+C,KALoC;AAMvD;AACA;AACAC,kBAAUzD,KAAKS,MAAL,CAAYgD,QARiC;AASvDC,yBAAiB1D,KAAKS,MAAL,CAAYiD,eAT0B;AAUvD/B,kBAAUyB,KAV6C;AAWvDO,0BAAkBf;AAXqC,OAAlD,CAAP;AAaD,KAfiB,CAAZ,CAAN;AAgBApC,UAAM,qDAAqDmC,IAAIU,GAA/D;AACA,WAAOrD,IAAP;AACD,G;;kBA1BqB4D,sC;;;;;;gCA4Bf,WAAqD5D,IAArD,EAA2D;AAChE,UAAMoB,MAAMpB,KAAKoB,GAAjB;AACA,UAAMuB,MAAM3C,KAAKS,MAAL,CAAYkB,QAAxB;AACA,UAAMkC,iBAAiB7D,KAAKS,MAAL,CAAYiD,eAAnC;AACA,UAAMI,iBAAiB1C,IAAIC,UAAJ,CAAe,MAAf,EAAuBsB,GAAvB,CAAvB;AACA,UAAMc,WAAWzD,KAAKS,MAAL,CAAYgD,QAAZ,IAAwB,EAAzC;AACA,QAAIA,SAASM,MAAT,KAAoB,CAAxB,EAA2B,OAAO/D,IAAP;AAC3B;AACA,UAAMgE,UAAU,MAAMF,eAAehB,IAAf,CAAoB,EAAEC,UAAU,KAAZ,EAApB,CAAtB;AACA,UAAMkB,WAAW,EAAjB;AACAR,aAASS,OAAT,CAAiB,mBAAW;AAC1B,YAAMC,OAAOC,QAAQD,IAAR,IAAgB,EAA7B;AACA;AACA,YAAME,UAAUxD,iBAAEyD,gBAAF,CAAmBH,IAAnB,EAAyBH,OAAzB,EAAkCO,kBAAlC,CAAhB;AACA;AACA,YAAMC,aAAa3D,iBAAE4D,cAAF,CAAiBN,IAAjB,EAAuBH,OAAvB,EAAgCO,kBAAhC,CAAnB;AACA;AACA,UAAIF,QAAQN,MAAR,GAAiB,CAArB,EAAwB;AACtBE,iBAASS,IAAT,CAAcb,eAAec,KAAf,CAAqBP,QAAQf,GAAR,CAAYC,QAAZ,EAArB,EAA6C,EAAEa,MAAMK,UAAR,EAAoBI,SAASR,QAAQQ,OAArC,EAA7C,CAAd;AACD;AACF,KAVD;AAWA;AACA,UAAM5B,QAAQC,GAAR,CAAYgB,QAAZ,CAAN;AACAzD,UAAO,iBAAgByD,SAASF,MAAO,6BAAjC,GAAgEpB,IAAIU,GAA1E;AACA,WAAOrD,IAAP;AACD,G;;kBAzBqB6E,oC;;;;;QAjUNC,S,GAAAA,S;QAsBAC,gB,GAAAA,gB;QAQAC,kB,GAAAA,kB;QAQAC,gB,GAAAA,gB;QAQAC,kB,GAAAA,kB;QAQAC,iB,GAAAA,iB;QAqLAC,e,GAAAA,e;QAiBAC,wB,GAAAA,wB;;AAvQhB;;;;AACA;;;;AACA;;AACA;;AACA;;AACA;;AACA;;AACA;;;;;;AAEA,MAAM7E,QAAQ,qBAAU,+BAAV,CAAd;;AAEO,SAASsE,SAAT,CAAoBQ,UAAU,EAA9B,EAAkC;AACvC;AAAA,iCAAO,WAAgBtF,IAAhB,EAAsB;AAC3B,YAAMuF,WAAWvF,KAAKoB,GAAL,CAASH,GAAT,CAAa,gBAAb,KAAkCjB,KAAKoB,GAAL,CAASH,GAAT,CAAa,MAAb,CAAnD;AACA,YAAMN,OAAOE,iBAAEI,GAAF,CAAMjB,IAAN,EAAY,aAAZ,CAAb;AACA,UAAIwF,QAAQ,mCAASxF,IAAT,CAAZ;AACA,YAAMyF,UAAUC,MAAMD,OAAN,CAAcD,KAAd,CAAhB;AACAA,cAASC,UAAUD,KAAV,GAAkB,CAACA,KAAD,CAA3B;AACA;AACA,YAAMG,eAAe,MAAM3C,QAAQC,GAAR,CAAYuC,MAAMtC,GAAN,CAAU;AAAA,eAAQlD,KAAKoB,GAAL,CAASwE,QAAT,CAAkBd,SAAlB;AACvD;AACC,eAAOQ,QAAQO,OAAf,KAA2B,UAA3B,GAAwCP,QAAQO,OAAR,CAAgBlF,IAAhB,CAAxC,GAAgE,EAFV;AAGvD;AACA;AACAE,yBAAEwB,KAAF,CAAQ,EAAR,EAAYkD,QAAZ,EAAuB,OAAOD,QAAQQ,GAAf,KAAuB,UAAvB,GAAoC,EAAEA,KAAKR,QAAQQ,GAAR,CAAYnF,IAAZ,CAAP,EAApC,GAAiE2E,OAAxF,CALuD,CAAR;AAAA,OAAV,CAAZ,CAA3B;AAOA;AACAE,YAAMtB,OAAN,CAAc,UAAC6B,IAAD,EAAOC,KAAP;AAAA,eAAiBnF,iBAAEoF,GAAF,CAAMF,IAAN,EAAYT,QAAQ/E,IAAR,IAAgB,aAA5B,EAA2CoF,aAAaK,KAAb,CAA3C,CAAjB;AAAA,OAAd;AACA,6CAAahG,IAAb,EAAmByF,UAAUD,KAAV,GAAkBA,MAAM,CAAN,CAArC;AACA,aAAOxF,IAAP;AACD,KAlBD;;AAAA;AAAA;AAAA;AAAA;AAmBD;;AAEM,SAAS+E,gBAAT,CAA2B/E,IAA3B,EAAiC;AACtC,MAAIA,KAAKC,IAAL,KAAc,QAAlB,EAA4B;AAC1B,UAAM,IAAIC,KAAJ,CAAU,yEAAV,CAAN;AACD;;AAED,SAAO,4BAAgB,EAAEgG,cAAc,iBAAhB,EAAmCC,SAAS,UAA5C,EAAwDC,iBAAiB,IAAzE,EAAhB,EAAiGpG,IAAjG,CAAP;AACD;;AAEM,SAASgF,kBAAT,CAA6BhF,IAA7B,EAAmC;AACxC,MAAIA,KAAKC,IAAL,KAAc,OAAlB,EAA2B;AACzB,UAAM,IAAIC,KAAJ,CAAU,0EAAV,CAAN;AACD;;AAED,SAAO,8BAAkB,EAAEgG,cAAc,iBAAhB,EAAmCC,SAAS,UAA5C,EAAlB,EAA4EnG,IAA5E,CAAP;AACD;;AAEM,SAASiF,gBAAT,CAA2BjF,IAA3B,EAAiC;AACtC,MAAIA,KAAKC,IAAL,KAAc,QAAlB,EAA4B;AAC1B,UAAM,IAAIC,KAAJ,CAAU,yEAAV,CAAN;AACD;;AAED,SAAO,2BAAe,EAAEgG,cAAc,kBAAhB,EAAoCC,SAAS,UAA7C,EAAyDC,iBAAiB,IAA1E,EAAf,EAAiGpG,IAAjG,CAAP;AACD;;AAEM,SAASkF,kBAAT,CAA6BlF,IAA7B,EAAmC;AACxC,MAAIA,KAAKC,IAAL,KAAc,OAAlB,EAA2B;AACzB,UAAM,IAAIC,KAAJ,CAAU,0EAAV,CAAN;AACD;;AAED,SAAO,6BAAiB,EAAEgG,cAAc,kBAAhB,EAAoCC,SAAS,UAA7C,EAAjB,EAA4EnG,IAA5E,CAAP;AACD;;AAEM,SAASmF,iBAAT,CAA4BnF,IAA5B,EAAkC;AACvC,MAAIA,KAAKC,IAAL,KAAc,QAAlB,EAA4B;AAC1B,UAAM,IAAIC,KAAJ,CAAU,0EAAV,CAAN;AACD;;AAED,QAAMO,SAAST,KAAKS,MAApB;AACA;AACA,MAAI4F,kBAAkBxF,iBAAEC,GAAF,CAAML,MAAN,EAAc,UAAd,CAAtB;AACAD,QAAM,uBAAuB6F,kBAAkB,SAAlB,GAA8B,UAArD,IAAmE,eAAzE;AACA;AACA,MAAIxF,iBAAEC,GAAF,CAAML,MAAN,EAAc,iBAAd,CAAJ,EAAsC;AACpC4F,sBAAkB5F,OAAO4F,eAAzB;AACA7F,UAAM,uBAAuB6F,kBAAkB,QAAlB,GAA6B,UAApD,CAAN;AACD;;AAED,MAAIA,eAAJ,EAAqB;AACnB,UAAM1F,OAAOF,OAAOE,IAApB;AACA;AACA,UAAMiB,OAAO5B,KAAK4B,IAAL,IAAa,EAA1B;AACA;AACA,UAAME,QAAQrB,OAAOqB,KAAP,IAAgB,EAA9B;AACA,UAAMwE,YAAY1E,KAAK2B,KAAL,IAAczB,MAAMyB,KAAtC,CANmB,CAMyB;AAC5C;AACA,UAAMA,QAAQ1C,iBAAEI,GAAF,CAAMN,IAAN,EAAY2F,SAAZ,EAAuB,EAAvB,CAAd;AACA;AACA,UAAM3E,WAAWd,iBAAEiC,IAAF,CAAOS,KAAP,EAAc5B,YAAYA,SAAS0B,GAAT,IAAiB1B,SAAS0B,GAAT,CAAaC,QAAb,OAA4B7C,OAAOkB,QAAP,CAAgB0B,GAAhB,CAAoBC,QAApB,EAAvE,CAAjB;AACA;AACA,UAAMiD,cAAe5E,WAAWA,SAAS4E,WAApB,GAAkCC,SAAvD;AACA,UAAMC,OAAQF,cAAcG,mBAAMH,WAAN,CAAd,GAAmCC,SAAjD;AACA,QAAI3F,iBAAE8F,WAAF,CAAcF,IAAd,CAAJ,EAAyB;AACvBjG,YAAM,wDAAwD8F,SAA9D;AACA,YAAM,IAAI7E,iBAAJ,CAAc,yDAAd,CAAN;AACD;;AAED;;AAEA;AACA;AACA;AACA;AACA;AACA,UAAMgC,WAAWhD,OAAOgD,QAAP,CAAgBmD,MAAhB,CAAuBxC,WAAW;AACjD,YAAMyC,eAAehG,iBAAEI,GAAF,CAAMmD,OAAN,EAAekC,SAAf,EAA0B,EAA1B,CAArB;AACA,YAAMQ,kBAAkBjG,iBAAEiC,IAAF,CAAO+D,YAAP,EAAqBlF,YAAYA,SAAS0B,GAAT,IAAiB1B,SAAS0B,GAAT,CAAaC,QAAb,OAA4B7C,OAAOkB,QAAP,CAAgB0B,GAAhB,CAAoBC,QAApB,EAA9E,CAAxB;AACA,YAAMyD,qBAAsBD,kBAAkBA,gBAAgBP,WAAlC,GAAgDC,SAA5E;AACA,YAAMQ,cAAeD,qBAAqBL,mBAAMK,kBAAN,CAArB,GAAiDP,SAAtE;AACA,YAAMS,UAAU,CAACpG,iBAAE8F,WAAF,CAAcK,WAAd,CAAjB;AACA,UAAIhH,KAAKI,MAAL,KAAgB,QAApB,EAA8B;AAC5B,eAAQ,CAAC6G,OAAD,IAAaD,eAAeP,IAApC,CAD4B,CACe;AAC5C,OAFD,MAEO;AACL,eAAQQ,WAAYD,eAAeP,IAAnC,CADK,CACqC;AAC3C;AACF,KAXgB,CAAjB;AAYA,QAAIhD,SAASM,MAAT,GAAkBtD,OAAOgD,QAAP,CAAgBM,MAAtC,EAA8C;AAC5CvD,YAAO,GAAGC,OAAOgD,QAAP,CAAgBM,MAAhB,GAAyBN,SAASM,MAAQ,2DAA0DuC,SAAU,EAAxH;AACA,YAAM,IAAI7E,iBAAJ,CAAc,2DAAd,CAAN;AACD;AACD;AACA;AACA;AACA,QAAIyF,iBAAJ;AACA,QAAItF,KAAK2E,WAAT,EAAsB;AACpBW,0BAAoBR,mBAAM9E,KAAK2E,WAAX,CAApB;AACD,KAFD,MAEO,IAAIzE,MAAMyE,WAAV,EAAuB;AAC5BW,0BAAoBR,mBAAM5E,MAAMyE,WAAZ,CAApB;AACD;AACD,QAAI,CAAC1F,iBAAE8F,WAAF,CAAcO,iBAAd,CAAL,EAAuC;AACrC,UAAIA,oBAAoBT,IAAxB,EAA8B;AAC5BjG,cAAM,6DAA6D8F,SAAnE;AACA,cAAM,IAAI7E,iBAAJ,CAAc,yDAAd,CAAN;AACD;AACF;AACF;;AAED,SAAOzB,IAAP;AACD;;AA0GM,SAASoF,eAAT,CAA0BE,UAAU,EAApC,EAAwC;AAC7C;AAAA,kCAAO,WAAgBtF,IAAhB,EAAsB;AAC3B,YAAMoB,MAAMpB,KAAKoB,GAAjB;AACA,YAAMX,SAAST,KAAKS,MAApB;AACA,YAAMU,uBAAuBC,IAAIC,UAAJ,CAAe,gBAAf,CAA7B;AACA,UAAI+C,UAAWkB,QAAQ6B,aAAR,GAAwB,mCAASnH,IAAT,CAAxB,GAAyCS,OAAOE,IAA/D;AACA;AACA;AACA,UAAI2E,QAAQ8B,YAAZ,EAA0B;AACxBhD,kBAAU,MAAMpE,KAAKM,OAAL,CAAaW,GAAb,CAAiBmD,QAAQf,GAAR,CAAYC,QAAZ,EAAjB,CAAhB;AACD;AACD,YAAMhC,YAAY,MAAMH,qBAAqBiE,eAArB,CAAqChB,OAArC,CAAxB;AACA5D,YAAM,8BAAN,EAAsC4D,OAAtC,EAA+C9C,UAAUE,KAAzD;AACA,aAAOxB,IAAP;AACD,KAbD;;AAAA;AAAA;AAAA;AAAA;AAcD;;AAEM,SAASqF,wBAAT,CAAmCgC,aAAnC,EAAkD;AACvD;AAAA,kCAAO,WAAgBrH,IAAhB,EAAsB;AAC3B;AACA,UAAIA,KAAKS,MAAL,CAAY+C,KAAhB,EAAuB,OAAOxD,IAAP;AACvB,YAAMS,SAAST,KAAKS,MAApB;AACA,YAAMmB,OAAO5B,KAAK4B,IAAL,IAAa,EAA1B;AACA,YAAME,QAAQrB,OAAOqB,KAAP,IAAgB,EAA9B;AACA,YAAMyB,QAAQ3B,KAAK2B,KAAL,IAAczB,MAAMyB,KAAlC;AACA,YAAM+D,qBAAqB1F,KAAK2E,WAAL,IAAoBzE,MAAMyE,WAArD;AACA,YAAMgB,cAAeD,qBAAqBZ,mBAAMY,kBAAN,CAArB,GAAiDd,SAAtE;AACA,YAAM7E,WAAW3B,KAAKS,MAAL,CAAYkB,QAA7B;AACA,YAAM8B,WAAWzD,KAAKS,MAAL,CAAYgD,QAA7B;AACA,YAAMI,iBAAiB7D,KAAKS,MAAL,CAAYiD,eAAnC;AACA;AACA,UAAI,CAAC7C,iBAAE8F,WAAF,CAAcY,WAAd,CAAD,IAAgCA,gBAAgBb,mBAAMc,KAA1D,EAAkE,OAAOxH,IAAP;;AAElE,UAAKuD,UAAU8D,aAAX,IAA6B1F,QAA7B,IAAyCA,SAAS0B,GAAtD,EAA2D;AACzD;AACA,cAAMoE,SAAS,MAAM,2CAAyB5D,cAAzB,EAAyCwD,aAAzC,EAAwD1F,SAAS0B,GAAjE,EAAsEqD,mBAAMc,KAA5E,CAArB;AACA;AACA,cAAME,gBAAgBjE,SAASkE,MAAT,CAAgB,UAACC,KAAD,EAAQxD,OAAR,EAAoB;AACxD,gBAAMyD,YAAYhH,iBAAEI,GAAF,CAAMmD,OAAN,EAAeiD,aAAf,EAA8B,EAA9B,CAAlB;AACA,gBAAMS,gBAAgBjH,iBAAEiC,IAAF,CAAO+E,SAAP,EAAkB,EAAExE,KAAK1B,SAAS0B,GAAhB,EAAqBkD,aAAawB,uBAAUrB,mBAAMc,KAAhB,CAAlC,EAAlB,CAAtB;AACA,iBAAQM,gBAAgBF,QAAQ,CAAxB,GAA4BA,KAApC;AACD,SAJqB,EAInB,CAJmB,CAAtB;AAKA;AACA,YAAIF,iBAAiBD,OAAOnF,KAA5B,EAAmC;AACjC9B,gBAAM,2CAAN,EAAmDmB,QAAnD;AACA,gBAAMqG,eAAerG,SAASpB,IAAT,GAAgBoB,SAASpB,IAAzB,GAAgCoB,SAAS0B,GAAT,CAAaC,QAAb,EAArD;AACA,gBAAM,IAAI7B,iBAAJ,CAAc,8DAA8DuG,YAA5E,EAA0F;AAC9FC,yBAAa;AACX/F,mBAAK,0BADM;AAEXzB,sBAAQ,EAAEkB,UAAUqG,YAAZ;AAFG;AADiF,WAA1F,CAAN;AAMD;AACF;AACD,aAAOhI,IAAP;AACD,KArCD;;AAAA;AAAA;AAAA;AAAA;AAsCD","file":"hooks.authorisations.js","sourcesContent":["import _ from 'lodash'\r\nimport makeDebug from 'debug'\r\nimport { getItems, replaceItems } from 'feathers-hooks-common'\r\nimport { Forbidden } from '@feathersjs/errors'\r\nimport { populateObject, unpopulateObject, populateObjects, unpopulateObjects } from './hooks.query'\r\nimport { objectifyIDs } from '../db'\r\nimport { hasServiceAbilities, hasResourceAbilities, getQueryForAbilities, Roles, RoleNames, countSubjectsForResource } from '../../common/permissions'\r\nimport { isTagEqual } from './hooks.tags'\r\n\r\nconst debug = makeDebug('kdk:core:authorisations:hooks')\r\n\r\nexport function createJWT (options = {}) {\r\n return async function (hook) {\r\n const defaults = hook.app.get('authentication') \|\| hook.app.get('auth')\r\n const user = _.get(hook, 'params.user')\r\n let items = getItems(hook)\r\n const isArray = Array.isArray(items)\r\n items = (isArray ? items : [items])\r\n // Generate access tokens for all items\r\n const accessTokens = await Promise.all(items.map(item => hook.app.passport.createJWT(\r\n // Provided function can be used to pick or omit properties in JWT payload\r\n (typeof options.payload === 'function' ? options.payload(user) : {}),\r\n // Provided function can be used for custom options cdepending on the user,\r\n // then we merge with default auth options for global properties like aud, iss, etc.\r\n _.merge({}, defaults, (typeof options.jwt === 'function' ? { jwt: options.jwt(user) } : options)))\r\n ))\r\n // Store access token on items\r\n items.forEach((item, index) => _.set(item, options.name \|\| 'accessToken', accessTokens[index]))\r\n replaceItems(hook, isArray ? items : items[0])\r\n return hook\r\n }\r\n}\r\n\r\nexport function populateSubjects (hook) {\r\n if (hook.type !== 'before') {\r\n throw new Error('The \\'populateSubjects\\' hook should only be used as a \\'before\\' hook.')\r\n }\r\n\r\n return populateObjects({ serviceField: 'subjectsService', idField: 'subjects', throwOnNotFound: true })(hook)\r\n}\r\n\r\nexport function unpopulateSubjects (hook) {\r\n if (hook.type !== 'after') {\r\n throw new Error('The \\'unpopulateSubjects\\' hook should only be used as a \\'after\\' hook.')\r\n }\r\n\r\n return unpopulateObjects({ serviceField: 'subjectsService', idField: 'subjects' })(hook)\r\n}\r\n\r\nexport function populateResource (hook) {\r\n if (hook.type !== 'before') {\r\n throw new Error('The \\'populateResource\\' hook should only be used as a \\'before\\' hook.')\r\n }\r\n\r\n return populateObject({ serviceField: 'resourcesService', idField: 'resource', throwOnNotFound: true })(hook)\r\n}\r\n\r\nexport function unpopulateResource (hook) {\r\n if (hook.type !== 'after') {\r\n throw new Error('The \\'unpopulateResource\\' hook should only be used as a \\'after\\' hook.')\r\n }\r\n\r\n return unpopulateObject({ serviceField: 'resourcesService', idField: 'resource' })(hook)\r\n}\r\n\r\nexport function preventEscalation (hook) {\r\n if (hook.type !== 'before') {\r\n throw new Error('The \\'preventEscalation\\' hook should only be used as a \\'before\\' hook.')\r\n }\r\n\r\n const params = hook.params\r\n // If called internally we skip authorisation\r\n let checkEscalation = _.has(params, 'provider')\r\n debug('Escalation check ' + (checkEscalation ? 'enabled' : 'disabled') + ' for provider')\r\n // If explicitely asked to perform/skip, override defaults\r\n if (_.has(params, 'checkEscalation')) {\r\n checkEscalation = params.checkEscalation\r\n debug('Escalation check ' + (checkEscalation ? 'forced' : 'unforced'))\r\n }\r\n\r\n if (checkEscalation) {\r\n const user = params.user\r\n // Make hook usable on remove as well\r\n const data = hook.data \|\| {}\r\n // Make hook usable with query params as well\r\n const query = params.query \|\| {}\r\n const scopeName = data.scope \|\| query.scope // Get scope name first\r\n // Retrieve the right scope on the user\r\n const scope = _.get(user, scopeName, [])\r\n // Then the target resource\r\n const resource = _.find(scope, resource => resource._id && (resource._id.toString() === params.resource._id.toString()))\r\n // Then user permission level\r\n const permissions = (resource ? resource.permissions : undefined)\r\n const role = (permissions ? Roles[permissions] : undefined)\r\n if (_.isUndefined(role)) {\r\n debug('Role for authorisation not found on user for scope ' + scopeName)\r\n throw new Forbidden('You are not allowed to change authorisation on resource')\r\n }\r\n\r\n // Check if privilege escalation might occur, if so clamp to user permission level\r\n\r\n // Input subjects need to be checked:\r\n // - on create you should not be able to change permissions on others having higher permissions than yourself\r\n // (e.g. cannot change a owner into a manager when you are a manager)\r\n // - on remove you should not be able to remove permissions on others having higher permissions than yourself\r\n // (e.g. cannot remove a owner when you are a manager)\r\n const subjects = params.subjects.filter(subject => {\r\n const subjectScope = _.get(subject, scopeName, [])\r\n const subjectResource = _.find(subjectScope, resource => resource._id && (resource._id.toString() === params.resource._id.toString()))\r\n const subjectPermissions = (subjectResource ? subjectResource.permissions : undefined)\r\n const subjectRole = (subjectPermissions ? Roles[subjectPermissions] : undefined)\r\n const hasRole = !_.isUndefined(subjectRole)\r\n if (hook.method === 'create') {\r\n return (!hasRole \|\| (subjectRole <= role)) // The first time no authorisation can be found\r\n } else {\r\n return (hasRole && (subjectRole <= role)) // Authorisation must be found on remove\r\n }\r\n })\r\n if (subjects.length < params.subjects.length) {\r\n debug(`${(params.subjects.length - subjects.length)} subjects with higher permissions level found for scope ${scopeName}`)\r\n throw new Forbidden('You are not allowed to change authorisation on subject(s)')\r\n }\r\n // Input permissions needs to be checked since:\r\n // - you should not be able to give higher permissions than your own ones to others\r\n // (e.g. cannot create a owner when you are a manager)\r\n let authorisationRole\r\n if (data.permissions) {\r\n authorisationRole = Roles[data.permissions]\r\n } else if (query.permissions) {\r\n authorisationRole = Roles[query.permissions]\r\n }\r\n if (!_.isUndefined(authorisationRole)) {\r\n if (authorisationRole > role) {\r\n debug('Cannot escalate with higher permissions level for scope ' + scopeName)\r\n throw new Forbidden('You are not allowed to change authorisation on resource')\r\n }\r\n }\r\n }\r\n\r\n return hook\r\n}\r\n\r\nexport async function authorise (hook) {\r\n if (hook.type !== 'before') {\r\n throw new Error('The \\'authorise\\' hook should only be used as a \\'before\\' hook.')\r\n }\r\n const operation = hook.method\r\n const resourceType = hook.service.name\r\n debug('Provider is', hook.params.provider)\r\n if (hook.params.user) debug('User is', hook.params.user)\r\n debug('Operation is', operation)\r\n if (resourceType) debug('Resource type is', resourceType)\r\n\r\n // If called internally we skip authorisation\r\n let checkAuthorisation = _.has(hook.params, 'provider')\r\n debug('Access check ' + (checkAuthorisation ? 'enabled' : 'disabled') + ' for provider')\r\n // If already checked we skip authorisation\r\n if (hook.params.authorised) {\r\n debug('Access already granted')\r\n checkAuthorisation = false\r\n }\r\n // We also skip authorisation for built-in Feathers services like authentication\r\n if (typeof hook.service.getPath !== 'function') {\r\n debug('Access disabled on built-in services')\r\n checkAuthorisation = false\r\n }\r\n // If explicitely asked to perform/skip, override defaults\r\n if (_.has(hook.params, 'checkAuthorisation')) {\r\n checkAuthorisation = _.get(hook.params, 'checkAuthorisation')\r\n // Bypass authorisation for next hooks otherwise we will loop infinitely\r\n delete hook.params.checkAuthorisation\r\n debug('Access check ' + (checkAuthorisation ? 'forced' : 'unforced'))\r\n }\r\n\r\n const context = hook.service.context\r\n if (checkAuthorisation) {\r\n // Build ability for user\r\n const authorisationService = hook.app.getService('authorisations')\r\n const abilities = await authorisationService.getAbilities(hook.params.user)\r\n hook.params.abilities = abilities\r\n debug('User abilities are', abilities.rules)\r\n\r\n // Check for access to service fisrt\r\n if (!hasServiceAbilities(abilities, hook.service)) {\r\n debug('Service access not granted')\r\n throw new Forbidden(`You are not allowed to access service ${hook.service.getPath()}`)\r\n }\r\n\r\n if (!hook.id) {\r\n // In this specific case there is no query to be run,\r\n // simply check against the object we'd like to create\r\n if (operation === 'create') {\r\n const resource = hook.data\r\n debug('Target resource is ', resource)\r\n if (!hasResourceAbilities(abilities, operation, resourceType, context, resource)) {\r\n debug('Resource access not granted')\r\n throw new Forbidden(`You are not allowed to perform ${operation} operation on ${resourceType}`)\r\n }\r\n } else {\r\n // When we find/update/patch/remove multiple items this ensures that\r\n // only the ones authorised by constraints on the resources will be fetched\r\n // This avoid fetching all first then check it one by one\r\n const dbQuery = objectifyIDs(getQueryForAbilities(abilities, operation, resourceType))\r\n if (dbQuery) {\r\n hook.params.query = _.transform(hook.params.query, (result, value, key) => {\r\n if (key === '$or') result.$and = [{ $or: value }]\r\n else result[key] = value\r\n }, {})\r\n _.merge(hook.params.query, dbQuery)\r\n } else {\r\n if (operation === 'find') { // You don't have right to read any items but you have access to the service so the result is empty\r\n hook.result = (!_.get(hook, 'params.paginate', true) ? [] : { total: 0, skip: 0, data: [] })\r\n } else { // You don't have the right to update/patch/remove any items so any tentative should throw\r\n debug('Resource access not granted')\r\n throw new Forbidden(`You are not allowed to perform ${operation} operation on ${resourceType}`)\r\n }\r\n }\r\n }\r\n debug('Resource access granted')\r\n // Some specific services might not expose a get function, in this case we cannot check for authorisation\r\n // this has to be implemented by the service itself\r\n } else if (typeof hook.service.get === 'function') {\r\n // In this case (single get/update/patch/remove) we need to fetch the item first\r\n const resource = await hook.service.get(hook.id, Object.assign({ checkAuthorisation: false }, hook.params))\r\n debug('Target resource is', resource)\r\n // Then check against the object we'd like to manage\r\n if (!hasResourceAbilities(abilities, operation, resourceType, context, resource)) {\r\n debug('Resource access not granted')\r\n throw new Forbidden(`You are not allowed to perform ${operation} operation on ${resourceType}`)\r\n }\r\n // Avoid fetching again the object in this case\r\n if (operation === 'get') {\r\n hook.result = resource\r\n }\r\n hook.params.authorised = true\r\n debug('Resource access granted')\r\n return hook\r\n }\r\n } else {\r\n debug('Authorisation check skipped, access granted')\r\n }\r\n\r\n hook.params.authorised = true\r\n return hook\r\n}\r\n\r\nexport function updateAbilities (options = {}) {\r\n return async function (hook) {\r\n const app = hook.app\r\n const params = hook.params\r\n const authorisationService = app.getService('authorisations')\r\n let subject = (options.subjectAsItem ? getItems(hook) : params.user)\r\n // We might not have all information required eg on patch to compute new abilities,\r\n // in this case we have to fetch the whole subject\r\n if (options.fetchSubject) {\r\n subject = await hook.service.get(subject._id.toString())\r\n }\r\n const abilities = await authorisationService.updateAbilities(subject)\r\n debug('Abilities updated on subject', subject, abilities.rules)\r\n return hook\r\n }\r\n}\r\n\r\nexport function preventRemovingLastOwner (resourceScope) {\r\n return async function (hook) {\r\n // By pass check ?\r\n if (hook.params.force) return hook\r\n const params = hook.params\r\n const data = hook.data \|\| {}\r\n const query = params.query \|\| {}\r\n const scope = data.scope \|\| query.scope\r\n const grantedPermissions = data.permissions \|\| query.permissions\r\n const grantedRole = (grantedPermissions ? Roles[grantedPermissions] : undefined)\r\n const resource = hook.params.resource\r\n const subjects = hook.params.subjects\r\n const subjectService = hook.params.subjectsService\r\n // On create check if we try to downgrade permissions otherwise let pass through\r\n if (!_.isUndefined(grantedRole) && (grantedRole === Roles.owner)) return hook\r\n\r\n if ((scope === resourceScope) && resource && resource._id) {\r\n // Count existing owners\r\n const owners = await countSubjectsForResource(subjectService, resourceScope, resource._id, Roles.owner)\r\n // Now count owners we change/remove permissions on\r\n const removedOwners = subjects.reduce((count, subject) => {\r\n const resources = _.get(subject, resourceScope, [])\r\n const ownedResource = _.find(resources, { _id: resource._id, permissions: RoleNames[Roles.owner] })\r\n return (ownedResource ? count + 1 : count)\r\n }, 0)\r\n // If none remains stop\r\n if (removedOwners >= owners.total) {\r\n debug('Cannot remove the last owner of resource ', resource)\r\n const resourceName = resource.name ? resource.name : resource._id.toString()\r\n throw new Forbidden('You are not allowed to remove the last owner of resource ' + resourceName, {\r\n translation: {\r\n key: 'CANNOT_REMOVE_LAST_OWNER',\r\n params: { resource: resourceName }\r\n }\r\n })\r\n }\r\n }\r\n return hook\r\n }\r\n}\r\n\r\nexport async function removeOrganisationGroupsAuthorisations (hook) {\r\n const app = hook.app\r\n const authorisationService = app.getService('authorisations')\r\n const org = hook.params.resource\r\n const user = hook.params.user\r\n // Unset membership for the all org groups\r\n const orgGroupService = app.getService('groups', org)\r\n const groups = await orgGroupService.find({ paginate: false })\r\n await Promise.all(groups.map(group => {\r\n // Unset membership on group for the all org users\r\n return authorisationService.remove(group._id.toString(), {\r\n query: {\r\n scope: 'groups'\r\n },\r\n user,\r\n force: hook.params.force,\r\n // Because we already have resource set it as objects to avoid populating\r\n // Moreover used as an after hook the resource might not already exist anymore\r\n subjects: hook.params.subjects,\r\n subjectsService: hook.params.subjectsService,\r\n resource: group,\r\n resourcesService: orgGroupService\r\n })\r\n }))\r\n debug('Authorisations unset on groups for organisation ' + org._id)\r\n return hook\r\n}\r\n\r\nexport async function removeOrganisationTagsAuthorisations (hook) {\r\n const app = hook.app\r\n const org = hook.params.resource\r\n const subjectService = hook.params.subjectsService\r\n const orgTagsService = app.getService('tags', org)\r\n const subjects = hook.params.subjects \|\| []\r\n if (subjects.length === 0) return hook\r\n // Retrieve org tags\r\n const orgTags = await orgTagsService.find({ paginate: false })\r\n const promises = []\r\n subjects.forEach(subject => {\r\n const tags = subject.tags \|\| []\r\n // Find tags from org\r\n const fromOrg = _.intersectionWith(tags, orgTags, isTagEqual)\r\n // Clear removed tags\r\n const notFromOrg = _.differenceWith(tags, orgTags, isTagEqual)\r\n // Update subject if required\r\n if (fromOrg.length > 0) {\r\n promises.push(subjectService.patch(subject._id.toString(), { tags: notFromOrg, devices: subject.devices }))\r\n }\r\n })\r\n // Perform subject updates in parallel\r\n await Promise.all(promises)\r\n debug(`Tags unset on ${promises.length} subjects for organisation ` + org._id)\r\n return hook\r\n}\r\n"]}

package/lib/core/api/hooks/hooks.query.js CHANGED Viewed

@@ -89,66 +89,85 @@ function marshallCollationQuery(hook) {
 }
 function populateObject(options) {
-  return function (hook) {
-    const app = hook.app;
-    const data = hook.data;
-    const params = hook.params;
-    const query = params.query;
-    const context = hook.service.context;
-    const idProperty = options.nameIdAs || options.idField;
-    const serviceProperty = options.nameServiceAs || options.serviceField;
+  return (() => {
+    var _ref2 = _asyncToGenerator(function* (hook) {
+      const app = hook.app;
+      const data = hook.data;
+      const params = hook.params;
+      const query = params.query;
+      const context = hook.service.context;
+      const idProperty = options.nameIdAs || options.idField;
+      const serviceProperty = options.nameServiceAs || options.serviceField;
-    // Check if not already done
-    if (typeof _lodash2.default.get(params, idProperty) === 'object') {
-      debug(`Skipping populating ${idProperty} as already done`);
-      return Promise.resolve(hook);
-    }
-    if (typeof _lodash2.default.get(params, serviceProperty) === 'object') {
-      debug(`Skipping populating ${serviceProperty} as already done`);
-      return Promise.resolve(hook);
-    }
+      // Check if not already done
+      if (typeof _lodash2.default.get(params, idProperty) === 'object') {
+        debug(`Skipping populating ${idProperty} as already done`);
+        return hook;
+      }
+      if (typeof _lodash2.default.get(params, serviceProperty) === 'object') {
+        debug(`Skipping populating ${serviceProperty} as already done`);
+        return hook;
+      }
-    // Get service where we can find the object to populate
-    // Make hook usable with query params as well and service name or real object
-    let service = _lodash2.default.get(data, options.serviceField) || _lodash2.default.get(query, options.serviceField);
-    if (typeof service === 'string') {
-      const message = `Cannot find the service for ${options.serviceField} = ${service} to dynamically populate.`;
-      service = app.getService(service, context);
-      if (!service) {
-        if (options.throwOnNotFound) throw new Error(message);else return Promise.resolve(hook);
+      // Get service where we can find the object to populate
+      // Make hook usable with query params as well and service name or real object
+      let service = _lodash2.default.get(data, options.serviceField) || _lodash2.default.get(query, options.serviceField);
+      if (typeof service === 'string') {
+        const message = `Cannot find the service for ${options.serviceField} = ${service} to dynamically populate.`;
+        service = app.getService(service, context);
+        if (!service) {
+          if (options.throwOnNotFound) throw new Error(message);else return hook;
+        }
+      } else if (!service) {
+        if (options.throwOnNotFound) throw new Error(`No ${options.serviceField} given to dynamically populate.`);else return hook;
       }
-    } else if (!service) {
-      if (options.throwOnNotFound) throw new Error(`No ${options.serviceField} given to dynamically populate.`);else return Promise.resolve(hook);
-    }
-    // Then the object ID
-    const id = _lodash2.default.get(data, options.idField) || _lodash2.default.get(query, options.idField) || _lodash2.default.get(hook, 'id');
-    if (!id) {
-      if (options.throwOnNotFound) throw new Error(`Cannot find the ${options.idField} to dynamically populate.`);else return Promise.resolve(hook);
-    }
-    // Then the perspective if any
-    const perspective = _lodash2.default.get(data, options.perspectiveField) || _lodash2.default.get(query, options.perspectiveField);
-    debug(`Populating ${idProperty} with ID ${id}`);
-    // Set the retrieved service on the same field or given one in hook params
-    _lodash2.default.set(params, serviceProperty, service);
-    // Let it work with id string or real object
-    if (typeof id === 'string' || _mongodb.ObjectID.isValid(id)) {
-      let args = { user: hook.params.user };
-      if (perspective) args = Object.assign(args, { query: { $select: [perspective] } });
-      return service.get(id.toString(), args).then(object => {
+      // Then the object ID
+      const id = _lodash2.default.get(data, options.idField) || _lodash2.default.get(query, options.idField) || _lodash2.default.get(hook, 'id');
+      if (!id) {
+        if (options.throwOnNotFound) throw new Error(`Cannot find the ${options.idField} to dynamically populate.`);else return hook;
+      }
+      // Then the perspective if any
+      const perspective = _lodash2.default.get(data, options.perspectiveField) || _lodash2.default.get(query, options.perspectiveField);
+      debug(`Populating ${idProperty} with ID ${id}`);
+      // Set the retrieved service on the same field or given one in hook params
+      _lodash2.default.set(params, serviceProperty, service);
+      // Let it work with id/name string or real object
+      if (typeof id === 'string' || _mongodb.ObjectID.isValid(id)) {
+        const args = { user: hook.params.user };
+        let object;
+        try {
+          // Get by ID or name ?
+          if (_mongodb.ObjectID.isValid(id)) {
+            if (perspective) Object.assign(args, { query: { $select: [perspective] } });
+            object = yield service.get(id.toString(), args);
+          } else {
+            Object.assign(args, { query: { name: id.toString() }, paginate: false });
+            if (perspective) Object.assign(args.query, { $select: [perspective] });
+            const results = yield service.find(args);
+            if (results.length >= 0) object = results[0];
+          }
+        } catch (error) {
+          // Not found error is managed hereafter
+          if (error.code !== 404) throw error;
+        }
         if (!object) {
           if (options.throwOnNotFound) throw new Error(`Cannot find object with id ${id} to dynamically populate.`);else return hook;
         }
         // Set the retrieved object on the same field or given one in hook params
         _lodash2.default.set(params, idProperty, object);
         return hook;
-      });
-    } else {
-      // Set the object on the same field or given one in hook params
-      _lodash2.default.set(params, idProperty, id);
-      return Promise.resolve(hook);
-    }
-  };
+      } else {
+        // Set the object on the same field or given one in hook params
+        _lodash2.default.set(params, idProperty, id);
+        return hook;
+      }
+    });
+    return function (_x2) {
+      return _ref2.apply(this, arguments);
+    };
+  })();
 }
 function unpopulateObject(options) {
@@ -166,71 +185,87 @@ function unpopulateObject(options) {
 }
 function populateObjects(options) {
-  return function (hook) {
-    const app = hook.app;
-    const data = hook.data;
-    const params = hook.params;
-    const query = params.query;
-    const context = hook.service.context;
-    const idProperty = options.nameIdAs || options.idField;
-    const serviceProperty = options.nameServiceAs || options.serviceField;
+  return (() => {
+    var _ref3 = _asyncToGenerator(function* (hook) {
+      const app = hook.app;
+      const data = hook.data;
+      const params = hook.params;
+      const query = params.query;
+      const context = hook.service.context;
+      const idProperty = options.nameIdAs || options.idField;
+      const serviceProperty = options.nameServiceAs || options.serviceField;
-    // Check if not already done
-    if (Array.isArray(_lodash2.default.get(params, idProperty))) {
-      debug(`Skipping populating ${idProperty} as already done`);
-      return Promise.resolve(hook);
-    }
-    if (typeof _lodash2.default.get(params, serviceProperty) === 'object') {
-      debug(`Skipping populating ${serviceProperty} as already done`);
-      return Promise.resolve(hook);
-    }
+      // Check if not already done
+      if (Array.isArray(_lodash2.default.get(params, idProperty))) {
+        debug(`Skipping populating ${idProperty} as already done`);
+        return hook;
+      }
+      if (typeof _lodash2.default.get(params, serviceProperty) === 'object') {
+        debug(`Skipping populating ${serviceProperty} as already done`);
+        return hook;
+      }
-    // Get service where we can find the object to populate
-    // Make hook usable with query params as well and service name or real object
-    let service = _lodash2.default.get(data, options.serviceField) || _lodash2.default.get(query, options.serviceField);
-    if (typeof service === 'string') {
-      const message = `Cannot find the service for ${options.serviceField} = ${service} to dynamically populate.`;
-      service = app.getService(service, context);
-      if (!service) {
-        if (options.throwOnNotFound) throw new Error(message);else return Promise.resolve(hook);
+      // Get service where we can find the object to populate
+      // Make hook usable with query params as well and service name or real object
+      let service = _lodash2.default.get(data, options.serviceField) || _lodash2.default.get(query, options.serviceField);
+      if (typeof service === 'string') {
+        const message = `Cannot find the service for ${options.serviceField} = ${service} to dynamically populate.`;
+        service = app.getService(service, context);
+        if (!service) {
+          if (options.throwOnNotFound) throw new Error(message);else return hook;
+        }
+      } else if (!service) {
+        if (options.throwOnNotFound) throw new Error(`No ${options.serviceField} given to dynamically populate.`);else return hook;
       }
-    } else if (!service) {
-      if (options.throwOnNotFound) throw new Error(`No ${options.serviceField} given to dynamically populate.`);else return Promise.resolve(hook);
-    }
-    // Set the retrieved service on the same field or given one in hook params
-    _lodash2.default.set(params, serviceProperty, service);
+      // Set the retrieved service on the same field or given one in hook params
+      _lodash2.default.set(params, serviceProperty, service);
-    // Then the object ID
-    const id = _lodash2.default.get(data, options.idField) || _lodash2.default.get(query, options.idField);
-    // If no ID given we perform a find, no pagination to be sure we get all objects
-    if (!id) {
-      debug(`Populating ${idProperty}`);
-      return service.find({ query: {}, paginate: false, user: hook.params.user }).then(objects => {
+      // Then the object ID
+      const id = _lodash2.default.get(data, options.idField) || _lodash2.default.get(query, options.idField);
+      // If no ID given we perform a find, no pagination to be sure we get all objects
+      if (!id) {
+        debug(`Populating ${idProperty}`);
+        const objects = yield service.find({ query: {}, paginate: false, user: hook.params.user });
         // Set the retrieved objects on the same field or given one in hook params
         debug(`Populated ${objects.length} ${idProperty}`);
         _lodash2.default.set(params, idProperty, objects);
         return hook;
-      });
-    } else {
-      debug(`Populating ${idProperty} with ID ${id}`);
-      // Let it work with id string or real object
-      if (typeof id === 'string' || _mongodb.ObjectID.isValid(id)) {
-        return service.get(id.toString(), { user: hook.params.user }).then(object => {
+      } else {
+        debug(`Populating ${idProperty} with ID ${id}`);
+        // Let it work with id/name string or real object
+        if (typeof id === 'string' || _mongodb.ObjectID.isValid(id)) {
+          let object;
+          try {
+            // Get by ID or name ?
+            if (_mongodb.ObjectID.isValid(id)) {
+              object = yield service.get(id.toString(), { user: hook.params.user });
+            } else {
+              const results = yield service.find({ query: { name: id.toString() }, paginate: false, user: hook.params.user });
+              if (results.length >= 0) object = results[0];
+            }
+          } catch (error) {
+            // Not found error is managed hereafter
+            if (error.code !== 404) throw error;
+          }
           if (!object) {
             if (options.throwOnNotFound) throw new Error(`Cannot find ${options.idField} = ${id} to dynamically populate.`);else return hook;
           }
           // Set the retrieved object on the same field or given one in hook params
           _lodash2.default.set(params, idProperty, [object]);
           return hook;
-        });
-      } else {
-        // Set the object on the same field or given one in hook params
-        _lodash2.default.set(params, idProperty, [id]);
-        return Promise.resolve(hook);
+        } else {
+          // Set the object on the same field or given one in hook params
+          _lodash2.default.set(params, idProperty, [id]);
+          return hook;
+        }
       }
-    }
-  };
+    });
+    return function (_x3) {
+      return _ref3.apply(this, arguments);
+    };
+  })();
 }
 function unpopulateObjects(options) {

package/lib/core/api/hooks/hooks.query.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../../../core/api/hooks/hooks.query.js"],"names":["hook","query","params","service","$aggregation","collection","Model","result","aggregate","pipeline","options","toArray","aggregationQuery","marshallTimeQuery","marshallComparisonQuery","marshallSortQuery","marshallCollationQuery","populateObject","unpopulateObject","populateObjects","unpopulateObjects","debug","$sort","$locale","collation","locale","$collation","app","data","context","idProperty","nameIdAs","idField","serviceProperty","nameServiceAs","serviceField","_","get","Promise","resolve","message","getService","throwOnNotFound","Error","id","perspective","perspectiveField","set","ObjectID","isValid","args","user","Object","assign","$select","toString","then","object","unset","Array","isArray","find","paginate","objects","length"],"mappings":";;;;;;;;+BA8CO,WAAiCA,IAAjC,EAAuC;AAC5C,UAAMC,QAAQD,KAAKE,MAAL,CAAYD,KAA1B;AACA,QAAI,CAACA,KAAL,EAAY;AACZ,UAAME,UAAUH,KAAKG,OAArB;AACA,QAAIF,MAAMG,YAAV,EAAwB;AACtB,YAAMC,aAAaF,QAAQG,KAA3B;AACA;AACAN,WAAKO,MAAL,GAAc,MAAMF,WAAWG,SAAX,CAAqBP,MAAMG,YAAN,CAAmBK,QAAxC,EAAkDR,MAAMG,YAAN,CAAmBM,OAArE,EAA8EC,OAA9E,EAApB;AACD;AACD,WAAOX,IAAP;AACD,G;;kBAVqBY,gB;;;;;QAtCNC,iB,GAAAA,iB;QAQAC,uB,GAAAA,uB;QAQAC,iB,GAAAA,iB;QAQAC,sB,GAAAA,sB;QA0BAC,c,GAAAA,c;QAmEAC,gB,GAAAA,gB;QAcAC,e,GAAAA,e;QAuEAC,iB,GAAAA,iB;;AAjNhB;;;;AACA;;AACA;;AACA;;;;;;;;AAEA,MAAMC,QAAQ,qBAAU,sBAAV,CAAd;;AAEO,SAASR,iBAAT,CAA4Bb,IAA5B,EAAkC;AACvC,QAAMC,QAAQD,KAAKE,MAAL,CAAYD,KAA1B;AACA,MAAIA,KAAJ,EAAW;AACT;AACA,gCAAaA,KAAb,EAAoB,MAApB;AACD;AACF;;AAEM,SAASa,uBAAT,CAAkCd,IAAlC,EAAwC;AAC7C,QAAMC,QAAQD,KAAKE,MAAL,CAAYD,KAA1B;AACA,MAAIA,KAAJ,EAAW;AACT;AACA,4CAAyBA,KAAzB;AACD;AACF;;AAEM,SAASc,iBAAT,CAA4Bf,IAA5B,EAAkC;AACvC,QAAMC,QAAQD,KAAKE,MAAL,CAAYD,KAA1B;AACA,MAAIA,SAASA,MAAMqB,KAAnB,EAA0B;AACxB;AACA,sCAAmBrB,MAAMqB,KAAzB;AACD;AACF;;AAEM,SAASN,sBAAT,CAAiChB,IAAjC,EAAuC;AAC5C,QAAMC,QAAQD,KAAKE,MAAL,CAAYD,KAA1B;AACA,MAAI,CAACA,KAAL,EAAY;AACZ;AACA,MAAIA,MAAMsB,OAAV,EAAmB;AACjBvB,SAAKE,MAAL,CAAYsB,SAAZ,GAAwB,EAAEC,QAAQxB,MAAMsB,OAAhB,EAAxB;AACA,WAAOtB,MAAMsB,OAAb;AACD,GAHD,MAGO,IAAItB,MAAMyB,UAAV,EAAsB;AAC3B1B,SAAKE,MAAL,CAAYsB,SAAZ,GAAwBvB,MAAMyB,UAA9B;AACA,WAAOzB,MAAMyB,UAAb;AACD;AACD,SAAO1B,IAAP;AACD;;AAcM,SAASiB,cAAT,CAAyBP,OAAzB,EAAkC;AACvC,SAAO,UAAUV,IAAV,EAAgB;AACrB,UAAM2B,MAAM3B,KAAK2B,GAAjB;AACA,UAAMC,OAAO5B,KAAK4B,IAAlB;AACA,UAAM1B,SAASF,KAAKE,MAApB;AACA,UAAMD,QAAQC,OAAOD,KAArB;AACA,UAAM4B,UAAU7B,KAAKG,OAAL,CAAa0B,OAA7B;AACA,UAAMC,aAAapB,QAAQqB,QAAR,IAAoBrB,QAAQsB,OAA/C;AACA,UAAMC,kBAAkBvB,QAAQwB,aAAR,IAAyBxB,QAAQyB,YAAzD;;AAEA;AACA,QAAI,OAAOC,iBAAEC,GAAF,CAAMnC,MAAN,EAAc4B,UAAd,CAAP,KAAqC,QAAzC,EAAmD;AACjDT,YAAO,uBAAsBS,UAAW,kBAAxC;AACA,aAAOQ,QAAQC,OAAR,CAAgBvC,IAAhB,CAAP;AACD;AACD,QAAI,OAAOoC,iBAAEC,GAAF,CAAMnC,MAAN,EAAc+B,eAAd,CAAP,KAA0C,QAA9C,EAAwD;AACtDZ,YAAO,uBAAsBY,eAAgB,kBAA7C;AACA,aAAOK,QAAQC,OAAR,CAAgBvC,IAAhB,CAAP;AACD;;AAED;AACA;AACA,QAAIG,UAAUiC,iBAAEC,GAAF,CAAMT,IAAN,EAAYlB,QAAQyB,YAApB,KAAqCC,iBAAEC,GAAF,CAAMpC,KAAN,EAAaS,QAAQyB,YAArB,CAAnD;AACA,QAAI,OAAOhC,OAAP,KAAmB,QAAvB,EAAiC;AAC/B,YAAMqC,UAAW,+BAA8B9B,QAAQyB,YAAa,MAAKhC,OAAQ,2BAAjF;AACAA,gBAAUwB,IAAIc,UAAJ,CAAetC,OAAf,EAAwB0B,OAAxB,CAAV;AACA,UAAI,CAAC1B,OAAL,EAAc;AACZ,YAAIO,QAAQgC,eAAZ,EAA6B,MAAM,IAAIC,KAAJ,CAAUH,OAAV,CAAN,CAA7B,KACK,OAAOF,QAAQC,OAAR,CAAgBvC,IAAhB,CAAP;AACN;AACF,KAPD,MAOO,IAAI,CAACG,OAAL,EAAc;AACnB,UAAIO,QAAQgC,eAAZ,EAA6B,MAAM,IAAIC,KAAJ,CAAW,MAAKjC,QAAQyB,YAAa,iCAArC,CAAN,CAA7B,KACK,OAAOG,QAAQC,OAAR,CAAgBvC,IAAhB,CAAP;AACN;AACD;AACA,UAAM4C,KAAKR,iBAAEC,GAAF,CAAMT,IAAN,EAAYlB,QAAQsB,OAApB,KAAgCI,iBAAEC,GAAF,CAAMpC,KAAN,EAAaS,QAAQsB,OAArB,CAAhC,IAAiEI,iBAAEC,GAAF,CAAMrC,IAAN,EAAY,IAAZ,CAA5E;AACA,QAAI,CAAC4C,EAAL,EAAS;AACP,UAAIlC,QAAQgC,eAAZ,EAA6B,MAAM,IAAIC,KAAJ,CAAW,mBAAkBjC,QAAQsB,OAAQ,2BAA7C,CAAN,CAA7B,KACK,OAAOM,QAAQC,OAAR,CAAgBvC,IAAhB,CAAP;AACN;AACD;AACA,UAAM6C,cAAcT,iBAAEC,GAAF,CAAMT,IAAN,EAAYlB,QAAQoC,gBAApB,KAAyCV,iBAAEC,GAAF,CAAMpC,KAAN,EAAaS,QAAQoC,gBAArB,CAA7D;;AAEAzB,UAAO,cAAaS,UAAW,YAAWc,EAAG,EAA7C;AACA;AACAR,qBAAEW,GAAF,CAAM7C,MAAN,EAAc+B,eAAd,EAA+B9B,OAA/B;AACA;AACA,QAAI,OAAOyC,EAAP,KAAc,QAAd,IAA0BI,kBAASC,OAAT,CAAiBL,EAAjB,CAA9B,EAAoD;AAClD,UAAIM,OAAO,EAAEC,MAAMnD,KAAKE,MAAL,CAAYiD,IAApB,EAAX;AACA,UAAIN,WAAJ,EAAiBK,OAAOE,OAAOC,MAAP,CAAcH,IAAd,EAAoB,EAAEjD,OAAO,EAAEqD,SAAS,CAACT,WAAD,CAAX,EAAT,EAApB,CAAP;AACjB,aAAO1C,QAAQkC,GAAR,CAAYO,GAAGW,QAAH,EAAZ,EAA2BL,IAA3B,EAAiCM,IAAjC,CAAsCC,UAAU;AACrD,YAAI,CAACA,MAAL,EAAa;AACX,cAAI/C,QAAQgC,eAAZ,EAA6B,MAAM,IAAIC,KAAJ,CAAW,8BAA6BC,EAAG,2BAA3C,CAAN,CAA7B,KACK,OAAO5C,IAAP;AACN;AACD;AACAoC,yBAAEW,GAAF,CAAM7C,MAAN,EAAc4B,UAAd,EAA0B2B,MAA1B;AACA,eAAOzD,IAAP;AACD,OARM,CAAP;AASD,KAZD,MAYO;AACL;AACAoC,uBAAEW,GAAF,CAAM7C,MAAN,EAAc4B,UAAd,EAA0Bc,EAA1B;AACA,aAAON,QAAQC,OAAR,CAAgBvC,IAAhB,CAAP;AACD;AACF,GA/DD;AAgED;;AAEM,SAASkB,gBAAT,CAA2BR,OAA3B,EAAoC;AACzC,SAAO,UAAUV,IAAV,EAAgB;AACrB,UAAME,SAASF,KAAKE,MAApB;AACA,UAAM4B,aAAapB,QAAQqB,QAAR,IAAoBrB,QAAQsB,OAA/C;AACA,UAAMC,kBAAkBvB,QAAQwB,aAAR,IAAyBxB,QAAQyB,YAAzD;;AAEA;AACAC,qBAAEsB,KAAF,CAAQxD,MAAR,EAAgB4B,UAAhB;AACAM,qBAAEsB,KAAF,CAAQxD,MAAR,EAAgB+B,eAAhB;;AAEA,WAAOjC,IAAP;AACD,GAVD;AAWD;;AAEM,SAASmB,eAAT,CAA0BT,OAA1B,EAAmC;AACxC,SAAO,UAAUV,IAAV,EAAgB;AACrB,UAAM2B,MAAM3B,KAAK2B,GAAjB;AACA,UAAMC,OAAO5B,KAAK4B,IAAlB;AACA,UAAM1B,SAASF,KAAKE,MAApB;AACA,UAAMD,QAAQC,OAAOD,KAArB;AACA,UAAM4B,UAAU7B,KAAKG,OAAL,CAAa0B,OAA7B;AACA,UAAMC,aAAapB,QAAQqB,QAAR,IAAoBrB,QAAQsB,OAA/C;AACA,UAAMC,kBAAkBvB,QAAQwB,aAAR,IAAyBxB,QAAQyB,YAAzD;;AAEA;AACA,QAAIwB,MAAMC,OAAN,CAAcxB,iBAAEC,GAAF,CAAMnC,MAAN,EAAc4B,UAAd,CAAd,CAAJ,EAA8C;AAC5CT,YAAO,uBAAsBS,UAAW,kBAAxC;AACA,aAAOQ,QAAQC,OAAR,CAAgBvC,IAAhB,CAAP;AACD;AACD,QAAI,OAAOoC,iBAAEC,GAAF,CAAMnC,MAAN,EAAc+B,eAAd,CAAP,KAA0C,QAA9C,EAAwD;AACtDZ,YAAO,uBAAsBY,eAAgB,kBAA7C;AACA,aAAOK,QAAQC,OAAR,CAAgBvC,IAAhB,CAAP;AACD;;AAED;AACA;AACA,QAAIG,UAAUiC,iBAAEC,GAAF,CAAMT,IAAN,EAAYlB,QAAQyB,YAApB,KAAqCC,iBAAEC,GAAF,CAAMpC,KAAN,EAAaS,QAAQyB,YAArB,CAAnD;AACA,QAAI,OAAOhC,OAAP,KAAmB,QAAvB,EAAiC;AAC/B,YAAMqC,UAAW,+BAA8B9B,QAAQyB,YAAa,MAAKhC,OAAQ,2BAAjF;AACAA,gBAAUwB,IAAIc,UAAJ,CAAetC,OAAf,EAAwB0B,OAAxB,CAAV;AACA,UAAI,CAAC1B,OAAL,EAAc;AACZ,YAAIO,QAAQgC,eAAZ,EAA6B,MAAM,IAAIC,KAAJ,CAAUH,OAAV,CAAN,CAA7B,KACK,OAAOF,QAAQC,OAAR,CAAgBvC,IAAhB,CAAP;AACN;AACF,KAPD,MAOO,IAAI,CAACG,OAAL,EAAc;AACnB,UAAIO,QAAQgC,eAAZ,EAA6B,MAAM,IAAIC,KAAJ,CAAW,MAAKjC,QAAQyB,YAAa,iCAArC,CAAN,CAA7B,KACK,OAAOG,QAAQC,OAAR,CAAgBvC,IAAhB,CAAP;AACN;;AAED;AACAoC,qBAAEW,GAAF,CAAM7C,MAAN,EAAc+B,eAAd,EAA+B9B,OAA/B;;AAEA;AACA,UAAMyC,KAAKR,iBAAEC,GAAF,CAAMT,IAAN,EAAYlB,QAAQsB,OAApB,KAAgCI,iBAAEC,GAAF,CAAMpC,KAAN,EAAaS,QAAQsB,OAArB,CAA3C;AACA;AACA,QAAI,CAACY,EAAL,EAAS;AACPvB,YAAO,cAAaS,UAAW,EAA/B;AACA,aAAO3B,QAAQ0D,IAAR,CAAa,EAAE5D,OAAO,EAAT,EAAa6D,UAAU,KAAvB,EAA8BX,MAAMnD,KAAKE,MAAL,CAAYiD,IAAhD,EAAb,EAAqEK,IAArE,CAA0EO,WAAW;AAC1F;AACA1C,cAAO,aAAY0C,QAAQC,MAAO,IAAGlC,UAAW,EAAhD;AACAM,yBAAEW,GAAF,CAAM7C,MAAN,EAAc4B,UAAd,EAA0BiC,OAA1B;AACA,eAAO/D,IAAP;AACD,OALM,CAAP;AAMD,KARD,MAQO;AACLqB,YAAO,cAAaS,UAAW,YAAWc,EAAG,EAA7C;AACA;AACA,UAAI,OAAOA,EAAP,KAAc,QAAd,IAA0BI,kBAASC,OAAT,CAAiBL,EAAjB,CAA9B,EAAoD;AAClD,eAAOzC,QAAQkC,GAAR,CAAYO,GAAGW,QAAH,EAAZ,EAA2B,EAAEJ,MAAMnD,KAAKE,MAAL,CAAYiD,IAApB,EAA3B,EAAuDK,IAAvD,CAA4DC,UAAU;AAC3E,cAAI,CAACA,MAAL,EAAa;AACX,gBAAI/C,QAAQgC,eAAZ,EAA6B,MAAM,IAAIC,KAAJ,CAAW,eAAcjC,QAAQsB,OAAQ,MAAKY,EAAG,2BAAjD,CAAN,CAA7B,KACK,OAAO5C,IAAP;AACN;AACD;AACAoC,2BAAEW,GAAF,CAAM7C,MAAN,EAAc4B,UAAd,EAA0B,CAAC2B,MAAD,CAA1B;AACA,iBAAOzD,IAAP;AACD,SARM,CAAP;AASD,OAVD,MAUO;AACL;AACAoC,yBAAEW,GAAF,CAAM7C,MAAN,EAAc4B,UAAd,EAA0B,CAACc,EAAD,CAA1B;AACA,eAAON,QAAQC,OAAR,CAAgBvC,IAAhB,CAAP;AACD;AACF;AACF,GAnED;AAoED;;AAEM,SAASoB,iBAAT,CAA4BV,OAA5B,EAAqC;AAC1C;AACA,SAAOQ,iBAAiBR,OAAjB,CAAP;AACD","file":"hooks.query.js","sourcesContent":["\r\nimport _ from 'lodash'\r\nimport { marshallComparisonFields, marshallSortFields, marshallTime } from '../marshall'\r\nimport { ObjectID } from 'mongodb'\r\nimport makeDebug from 'debug'\r\n\r\nconst debug = makeDebug('kdk:core:query:hooks')\r\n\r\nexport function marshallTimeQuery (hook) {\r\n const query = hook.params.query\r\n if (query) {\r\n // Need to convert from client/server side types : string or moment dates\r\n marshallTime(query, 'time')\r\n }\r\n}\r\n\r\nexport function marshallComparisonQuery (hook) {\r\n const query = hook.params.query\r\n if (query) {\r\n // Complex queries might have nested objects so we call a recursive function to handle this\r\n marshallComparisonFields(query)\r\n }\r\n}\r\n\r\nexport function marshallSortQuery (hook) {\r\n const query = hook.params.query\r\n if (query && query.$sort) {\r\n // Complex queries might have nested objects so we call a recursive function to handle this\r\n marshallSortFields(query.$sort)\r\n }\r\n}\r\n\r\nexport function marshallCollationQuery (hook) {\r\n const query = hook.params.query\r\n if (!query) return\r\n // Locale shortcut or whole query provided\r\n if (query.$locale) {\r\n hook.params.collation = { locale: query.$locale }\r\n delete query.$locale\r\n } else if (query.$collation) {\r\n hook.params.collation = query.$collation\r\n delete query.$collation\r\n }\r\n return hook\r\n}\r\n\r\nexport async function aggregationQuery (hook) {\r\n const query = hook.params.query\r\n if (!query) return\r\n const service = hook.service\r\n if (query.$aggregation) {\r\n const collection = service.Model\r\n // Set result to avoid service DB call\r\n hook.result = await collection.aggregate(query.$aggregation.pipeline, query.$aggregation.options).toArray()\r\n }\r\n return hook\r\n}\r\n\r\nexport function populateObject (options) {\r\n return function (hook) {\r\n const app = hook.app\r\n const data = hook.data\r\n const params = hook.params\r\n const query = params.query\r\n const context = hook.service.context\r\n const idProperty = options.nameIdAs \|\| options.idField\r\n const serviceProperty = options.nameServiceAs \|\| options.serviceField\r\n\r\n // Check if not already done\r\n if (typeof _.get(params, idProperty) === 'object') {\r\n debug(`Skipping populating ${idProperty} as already done`)\r\n return Promise.resolve(hook)\r\n }\r\n if (typeof _.get(params, serviceProperty) === 'object') {\r\n debug(`Skipping populating ${serviceProperty} as already done`)\r\n return Promise.resolve(hook)\r\n }\r\n\r\n // Get service where we can find the object to populate\r\n // Make hook usable with query params as well and service name or real object\r\n let service = _.get(data, options.serviceField) \|\| _.get(query, options.serviceField)\r\n if (typeof service === 'string') {\r\n const message = `Cannot find the service for ${options.serviceField} = ${service} to dynamically populate.`\r\n service = app.getService(service, context)\r\n if (!service) {\r\n if (options.throwOnNotFound) throw new Error(message)\r\n else return Promise.resolve(hook)\r\n }\r\n } else if (!service) {\r\n if (options.throwOnNotFound) throw new Error(`No ${options.serviceField} given to dynamically populate.`)\r\n else return Promise.resolve(hook)\r\n }\r\n // Then the object ID\r\n const id = _.get(data, options.idField) \|\| _.get(query, options.idField) \|\| _.get(hook, 'id')\r\n if (!id) {\r\n if (options.throwOnNotFound) throw new Error(`Cannot find the ${options.idField} to dynamically populate.`)\r\n else return Promise.resolve(hook)\r\n }\r\n // Then the perspective if any\r\n const perspective = _.get(data, options.perspectiveField) \|\| _.get(query, options.perspectiveField)\r\n\r\n debug(`Populating ${idProperty} with ID ${id}`)\r\n // Set the retrieved service on the same field or given one in hook params\r\n _.set(params, serviceProperty, service)\r\n // Let it work with id string or real object\r\n if (typeof id === 'string' \|\| ObjectID.isValid(id)) {\r\n let args = { user: hook.params.user }\r\n if (perspective) args = Object.assign(args, { query: { $select: [perspective] } })\r\n return service.get(id.toString(), args).then(object => {\r\n if (!object) {\r\n if (options.throwOnNotFound) throw new Error(`Cannot find object with id ${id} to dynamically populate.`)\r\n else return hook\r\n }\r\n // Set the retrieved object on the same field or given one in hook params\r\n _.set(params, idProperty, object)\r\n return hook\r\n })\r\n } else {\r\n // Set the object on the same field or given one in hook params\r\n _.set(params, idProperty, id)\r\n return Promise.resolve(hook)\r\n }\r\n }\r\n}\r\n\r\nexport function unpopulateObject (options) {\r\n return function (hook) {\r\n const params = hook.params\r\n const idProperty = options.nameIdAs \|\| options.idField\r\n const serviceProperty = options.nameServiceAs \|\| options.serviceField\r\n\r\n // Check if not already done\r\n _.unset(params, idProperty)\r\n _.unset(params, serviceProperty)\r\n\r\n return hook\r\n }\r\n}\r\n\r\nexport function populateObjects (options) {\r\n return function (hook) {\r\n const app = hook.app\r\n const data = hook.data\r\n const params = hook.params\r\n const query = params.query\r\n const context = hook.service.context\r\n const idProperty = options.nameIdAs \|\| options.idField\r\n const serviceProperty = options.nameServiceAs \|\| options.serviceField\r\n\r\n // Check if not already done\r\n if (Array.isArray(_.get(params, idProperty))) {\r\n debug(`Skipping populating ${idProperty} as already done`)\r\n return Promise.resolve(hook)\r\n }\r\n if (typeof _.get(params, serviceProperty) === 'object') {\r\n debug(`Skipping populating ${serviceProperty} as already done`)\r\n return Promise.resolve(hook)\r\n }\r\n\r\n // Get service where we can find the object to populate\r\n // Make hook usable with query params as well and service name or real object\r\n let service = _.get(data, options.serviceField) \|\| _.get(query, options.serviceField)\r\n if (typeof service === 'string') {\r\n const message = `Cannot find the service for ${options.serviceField} = ${service} to dynamically populate.`\r\n service = app.getService(service, context)\r\n if (!service) {\r\n if (options.throwOnNotFound) throw new Error(message)\r\n else return Promise.resolve(hook)\r\n }\r\n } else if (!service) {\r\n if (options.throwOnNotFound) throw new Error(`No ${options.serviceField} given to dynamically populate.`)\r\n else return Promise.resolve(hook)\r\n }\r\n\r\n // Set the retrieved service on the same field or given one in hook params\r\n _.set(params, serviceProperty, service)\r\n\r\n // Then the object ID\r\n const id = _.get(data, options.idField) \|\| _.get(query, options.idField)\r\n // If no ID given we perform a find, no pagination to be sure we get all objects\r\n if (!id) {\r\n debug(`Populating ${idProperty}`)\r\n return service.find({ query: {}, paginate: false, user: hook.params.user }).then(objects => {\r\n // Set the retrieved objects on the same field or given one in hook params\r\n debug(`Populated ${objects.length} ${idProperty}`)\r\n _.set(params, idProperty, objects)\r\n return hook\r\n })\r\n } else {\r\n debug(`Populating ${idProperty} with ID ${id}`)\r\n // Let it work with id string or real object\r\n if (typeof id === 'string' \|\| ObjectID.isValid(id)) {\r\n return service.get(id.toString(), { user: hook.params.user }).then(object => {\r\n if (!object) {\r\n if (options.throwOnNotFound) throw new Error(`Cannot find ${options.idField} = ${id} to dynamically populate.`)\r\n else return hook\r\n }\r\n // Set the retrieved object on the same field or given one in hook params\r\n _.set(params, idProperty, [object])\r\n return hook\r\n })\r\n } else {\r\n // Set the object on the same field or given one in hook params\r\n _.set(params, idProperty, [id])\r\n return Promise.resolve(hook)\r\n }\r\n }\r\n }\r\n}\r\n\r\nexport function unpopulateObjects (options) {\r\n // These are similar behaviour\r\n return unpopulateObject(options)\r\n}\r\n"]}
1	+ {"version":3,"sources":["../../../../core/api/hooks/hooks.query.js"],"names":["hook","query","params","service","$aggregation","collection","Model","result","aggregate","pipeline","options","toArray","aggregationQuery","marshallTimeQuery","marshallComparisonQuery","marshallSortQuery","marshallCollationQuery","populateObject","unpopulateObject","populateObjects","unpopulateObjects","debug","$sort","$locale","collation","locale","$collation","app","data","context","idProperty","nameIdAs","idField","serviceProperty","nameServiceAs","serviceField","_","get","message","getService","throwOnNotFound","Error","id","perspective","perspectiveField","set","ObjectID","isValid","args","user","object","Object","assign","$select","toString","name","paginate","results","find","length","error","code","unset","Array","isArray","objects"],"mappings":";;;;;;;;+BA6CO,WAAiCA,IAAjC,EAAuC;AAC5C,UAAMC,QAAQD,KAAKE,MAAL,CAAYD,KAA1B;AACA,QAAI,CAACA,KAAL,EAAY;AACZ,UAAME,UAAUH,KAAKG,OAArB;AACA,QAAIF,MAAMG,YAAV,EAAwB;AACtB,YAAMC,aAAaF,QAAQG,KAA3B;AACA;AACAN,WAAKO,MAAL,GAAc,MAAMF,WAAWG,SAAX,CAAqBP,MAAMG,YAAN,CAAmBK,QAAxC,EAAkDR,MAAMG,YAAN,CAAmBM,OAArE,EAA8EC,OAA9E,EAApB;AACD;AACD,WAAOX,IAAP;AACD,G;;kBAVqBY,gB;;;;;QAtCNC,iB,GAAAA,iB;QAQAC,uB,GAAAA,uB;QAQAC,iB,GAAAA,iB;QAQAC,sB,GAAAA,sB;QA0BAC,c,GAAAA,c;QAgFAC,gB,GAAAA,gB;QAcAC,e,GAAAA,e;QAiFAC,iB,GAAAA,iB;;AAxOhB;;;;AACA;;AACA;;AACA;;;;;;;;AAEA,MAAMC,QAAQ,qBAAU,sBAAV,CAAd;;AAEO,SAASR,iBAAT,CAA4Bb,IAA5B,EAAkC;AACvC,QAAMC,QAAQD,KAAKE,MAAL,CAAYD,KAA1B;AACA,MAAIA,KAAJ,EAAW;AACT;AACA,gCAAaA,KAAb,EAAoB,MAApB;AACD;AACF;;AAEM,SAASa,uBAAT,CAAkCd,IAAlC,EAAwC;AAC7C,QAAMC,QAAQD,KAAKE,MAAL,CAAYD,KAA1B;AACA,MAAIA,KAAJ,EAAW;AACT;AACA,4CAAyBA,KAAzB;AACD;AACF;;AAEM,SAASc,iBAAT,CAA4Bf,IAA5B,EAAkC;AACvC,QAAMC,QAAQD,KAAKE,MAAL,CAAYD,KAA1B;AACA,MAAIA,SAASA,MAAMqB,KAAnB,EAA0B;AACxB;AACA,sCAAmBrB,MAAMqB,KAAzB;AACD;AACF;;AAEM,SAASN,sBAAT,CAAiChB,IAAjC,EAAuC;AAC5C,QAAMC,QAAQD,KAAKE,MAAL,CAAYD,KAA1B;AACA,MAAI,CAACA,KAAL,EAAY;AACZ;AACA,MAAIA,MAAMsB,OAAV,EAAmB;AACjBvB,SAAKE,MAAL,CAAYsB,SAAZ,GAAwB,EAAEC,QAAQxB,MAAMsB,OAAhB,EAAxB;AACA,WAAOtB,MAAMsB,OAAb;AACD,GAHD,MAGO,IAAItB,MAAMyB,UAAV,EAAsB;AAC3B1B,SAAKE,MAAL,CAAYsB,SAAZ,GAAwBvB,MAAMyB,UAA9B;AACA,WAAOzB,MAAMyB,UAAb;AACD;AACD,SAAO1B,IAAP;AACD;;AAcM,SAASiB,cAAT,CAAyBP,OAAzB,EAAkC;AACvC;AAAA,kCAAO,WAAgBV,IAAhB,EAAsB;AAC3B,YAAM2B,MAAM3B,KAAK2B,GAAjB;AACA,YAAMC,OAAO5B,KAAK4B,IAAlB;AACA,YAAM1B,SAASF,KAAKE,MAApB;AACA,YAAMD,QAAQC,OAAOD,KAArB;AACA,YAAM4B,UAAU7B,KAAKG,OAAL,CAAa0B,OAA7B;AACA,YAAMC,aAAapB,QAAQqB,QAAR,IAAoBrB,QAAQsB,OAA/C;AACA,YAAMC,kBAAkBvB,QAAQwB,aAAR,IAAyBxB,QAAQyB,YAAzD;;AAEA;AACA,UAAI,OAAOC,iBAAEC,GAAF,CAAMnC,MAAN,EAAc4B,UAAd,CAAP,KAAqC,QAAzC,EAAmD;AACjDT,cAAO,uBAAsBS,UAAW,kBAAxC;AACA,eAAO9B,IAAP;AACD;AACD,UAAI,OAAOoC,iBAAEC,GAAF,CAAMnC,MAAN,EAAc+B,eAAd,CAAP,KAA0C,QAA9C,EAAwD;AACtDZ,cAAO,uBAAsBY,eAAgB,kBAA7C;AACA,eAAOjC,IAAP;AACD;;AAED;AACA;AACA,UAAIG,UAAUiC,iBAAEC,GAAF,CAAMT,IAAN,EAAYlB,QAAQyB,YAApB,KAAqCC,iBAAEC,GAAF,CAAMpC,KAAN,EAAaS,QAAQyB,YAArB,CAAnD;AACA,UAAI,OAAOhC,OAAP,KAAmB,QAAvB,EAAiC;AAC/B,cAAMmC,UAAW,+BAA8B5B,QAAQyB,YAAa,MAAKhC,OAAQ,2BAAjF;AACAA,kBAAUwB,IAAIY,UAAJ,CAAepC,OAAf,EAAwB0B,OAAxB,CAAV;AACA,YAAI,CAAC1B,OAAL,EAAc;AACZ,cAAIO,QAAQ8B,eAAZ,EAA6B,MAAM,IAAIC,KAAJ,CAAUH,OAAV,CAAN,CAA7B,KACK,OAAOtC,IAAP;AACN;AACF,OAPD,MAOO,IAAI,CAACG,OAAL,EAAc;AACnB,YAAIO,QAAQ8B,eAAZ,EAA6B,MAAM,IAAIC,KAAJ,CAAW,MAAK/B,QAAQyB,YAAa,iCAArC,CAAN,CAA7B,KACK,OAAOnC,IAAP;AACN;AACD;AACA,YAAM0C,KAAKN,iBAAEC,GAAF,CAAMT,IAAN,EAAYlB,QAAQsB,OAApB,KAAgCI,iBAAEC,GAAF,CAAMpC,KAAN,EAAaS,QAAQsB,OAArB,CAAhC,IAAiEI,iBAAEC,GAAF,CAAMrC,IAAN,EAAY,IAAZ,CAA5E;AACA,UAAI,CAAC0C,EAAL,EAAS;AACP,YAAIhC,QAAQ8B,eAAZ,EAA6B,MAAM,IAAIC,KAAJ,CAAW,mBAAkB/B,QAAQsB,OAAQ,2BAA7C,CAAN,CAA7B,KACK,OAAOhC,IAAP;AACN;AACD;AACA,YAAM2C,cAAcP,iBAAEC,GAAF,CAAMT,IAAN,EAAYlB,QAAQkC,gBAApB,KAAyCR,iBAAEC,GAAF,CAAMpC,KAAN,EAAaS,QAAQkC,gBAArB,CAA7D;;AAEAvB,YAAO,cAAaS,UAAW,YAAWY,EAAG,EAA7C;AACA;AACAN,uBAAES,GAAF,CAAM3C,MAAN,EAAc+B,eAAd,EAA+B9B,OAA/B;AACA;AACA,UAAI,OAAOuC,EAAP,KAAc,QAAd,IAA0BI,kBAASC,OAAT,CAAiBL,EAAjB,CAA9B,EAAoD;AAClD,cAAMM,OAAO,EAAEC,MAAMjD,KAAKE,MAAL,CAAY+C,IAApB,EAAb;AACA,YAAIC,MAAJ;AACA,YAAI;AACF;AACA,cAAIJ,kBAASC,OAAT,CAAiBL,EAAjB,CAAJ,EAA0B;AACxB,gBAAIC,WAAJ,EAAiBQ,OAAOC,MAAP,CAAcJ,IAAd,EAAoB,EAAE/C,OAAO,EAAEoD,SAAS,CAACV,WAAD,CAAX,EAAT,EAApB;AACjBO,qBAAS,MAAM/C,QAAQkC,GAAR,CAAYK,GAAGY,QAAH,EAAZ,EAA2BN,IAA3B,CAAf;AACD,WAHD,MAGO;AACLG,mBAAOC,MAAP,CAAcJ,IAAd,EAAoB,EAAE/C,OAAO,EAAEsD,MAAMb,GAAGY,QAAH,EAAR,EAAT,EAAkCE,UAAU,KAA5C,EAApB;AACA,gBAAIb,WAAJ,EAAiBQ,OAAOC,MAAP,CAAcJ,KAAK/C,KAAnB,EAA0B,EAAEoD,SAAS,CAACV,WAAD,CAAX,EAA1B;AACjB,kBAAMc,UAAU,MAAMtD,QAAQuD,IAAR,CAAaV,IAAb,CAAtB;AACA,gBAAIS,QAAQE,MAAR,IAAkB,CAAtB,EAAyBT,SAASO,QAAQ,CAAR,CAAT;AAC1B;AACF,SAXD,CAWE,OAAOG,KAAP,EAAc;AACd;AACA,cAAIA,MAAMC,IAAN,KAAe,GAAnB,EAAwB,MAAMD,KAAN;AACzB;AACD,YAAI,CAACV,MAAL,EAAa;AACX,cAAIxC,QAAQ8B,eAAZ,EAA6B,MAAM,IAAIC,KAAJ,CAAW,8BAA6BC,EAAG,2BAA3C,CAAN,CAA7B,KACK,OAAO1C,IAAP;AACN;AACD;AACAoC,yBAAES,GAAF,CAAM3C,MAAN,EAAc4B,UAAd,EAA0BoB,MAA1B;AACA,eAAOlD,IAAP;AACD,OAzBD,MAyBO;AACL;AACAoC,yBAAES,GAAF,CAAM3C,MAAN,EAAc4B,UAAd,EAA0BY,EAA1B;AACA,eAAO1C,IAAP;AACD;AACF,KA5ED;;AAAA;AAAA;AAAA;AAAA;AA6ED;;AAEM,SAASkB,gBAAT,CAA2BR,OAA3B,EAAoC;AACzC,SAAO,UAAUV,IAAV,EAAgB;AACrB,UAAME,SAASF,KAAKE,MAApB;AACA,UAAM4B,aAAapB,QAAQqB,QAAR,IAAoBrB,QAAQsB,OAA/C;AACA,UAAMC,kBAAkBvB,QAAQwB,aAAR,IAAyBxB,QAAQyB,YAAzD;;AAEA;AACAC,qBAAE0B,KAAF,CAAQ5D,MAAR,EAAgB4B,UAAhB;AACAM,qBAAE0B,KAAF,CAAQ5D,MAAR,EAAgB+B,eAAhB;;AAEA,WAAOjC,IAAP;AACD,GAVD;AAWD;;AAEM,SAASmB,eAAT,CAA0BT,OAA1B,EAAmC;AACxC;AAAA,kCAAO,WAAgBV,IAAhB,EAAsB;AAC3B,YAAM2B,MAAM3B,KAAK2B,GAAjB;AACA,YAAMC,OAAO5B,KAAK4B,IAAlB;AACA,YAAM1B,SAASF,KAAKE,MAApB;AACA,YAAMD,QAAQC,OAAOD,KAArB;AACA,YAAM4B,UAAU7B,KAAKG,OAAL,CAAa0B,OAA7B;AACA,YAAMC,aAAapB,QAAQqB,QAAR,IAAoBrB,QAAQsB,OAA/C;AACA,YAAMC,kBAAkBvB,QAAQwB,aAAR,IAAyBxB,QAAQyB,YAAzD;;AAEA;AACA,UAAI4B,MAAMC,OAAN,CAAc5B,iBAAEC,GAAF,CAAMnC,MAAN,EAAc4B,UAAd,CAAd,CAAJ,EAA8C;AAC5CT,cAAO,uBAAsBS,UAAW,kBAAxC;AACA,eAAO9B,IAAP;AACD;AACD,UAAI,OAAOoC,iBAAEC,GAAF,CAAMnC,MAAN,EAAc+B,eAAd,CAAP,KAA0C,QAA9C,EAAwD;AACtDZ,cAAO,uBAAsBY,eAAgB,kBAA7C;AACA,eAAOjC,IAAP;AACD;;AAED;AACA;AACA,UAAIG,UAAUiC,iBAAEC,GAAF,CAAMT,IAAN,EAAYlB,QAAQyB,YAApB,KAAqCC,iBAAEC,GAAF,CAAMpC,KAAN,EAAaS,QAAQyB,YAArB,CAAnD;AACA,UAAI,OAAOhC,OAAP,KAAmB,QAAvB,EAAiC;AAC/B,cAAMmC,UAAW,+BAA8B5B,QAAQyB,YAAa,MAAKhC,OAAQ,2BAAjF;AACAA,kBAAUwB,IAAIY,UAAJ,CAAepC,OAAf,EAAwB0B,OAAxB,CAAV;AACA,YAAI,CAAC1B,OAAL,EAAc;AACZ,cAAIO,QAAQ8B,eAAZ,EAA6B,MAAM,IAAIC,KAAJ,CAAUH,OAAV,CAAN,CAA7B,KACK,OAAOtC,IAAP;AACN;AACF,OAPD,MAOO,IAAI,CAACG,OAAL,EAAc;AACnB,YAAIO,QAAQ8B,eAAZ,EAA6B,MAAM,IAAIC,KAAJ,CAAW,MAAK/B,QAAQyB,YAAa,iCAArC,CAAN,CAA7B,KACK,OAAOnC,IAAP;AACN;;AAED;AACAoC,uBAAES,GAAF,CAAM3C,MAAN,EAAc+B,eAAd,EAA+B9B,OAA/B;;AAEA;AACA,YAAMuC,KAAKN,iBAAEC,GAAF,CAAMT,IAAN,EAAYlB,QAAQsB,OAApB,KAAgCI,iBAAEC,GAAF,CAAMpC,KAAN,EAAaS,QAAQsB,OAArB,CAA3C;AACA;AACA,UAAI,CAACU,EAAL,EAAS;AACPrB,cAAO,cAAaS,UAAW,EAA/B;AACA,cAAMmC,UAAU,MAAM9D,QAAQuD,IAAR,CAAa,EAAEzD,OAAO,EAAT,EAAauD,UAAU,KAAvB,EAA8BP,MAAMjD,KAAKE,MAAL,CAAY+C,IAAhD,EAAb,CAAtB;AACA;AACA5B,cAAO,aAAY4C,QAAQN,MAAO,IAAG7B,UAAW,EAAhD;AACAM,yBAAES,GAAF,CAAM3C,MAAN,EAAc4B,UAAd,EAA0BmC,OAA1B;AACA,eAAOjE,IAAP;AACD,OAPD,MAOO;AACLqB,cAAO,cAAaS,UAAW,YAAWY,EAAG,EAA7C;AACA;AACA,YAAI,OAAOA,EAAP,KAAc,QAAd,IAA0BI,kBAASC,OAAT,CAAiBL,EAAjB,CAA9B,EAAoD;AAClD,cAAIQ,MAAJ;AACA,cAAI;AACF;AACA,gBAAIJ,kBAASC,OAAT,CAAiBL,EAAjB,CAAJ,EAA0B;AACxBQ,uBAAS,MAAM/C,QAAQkC,GAAR,CAAYK,GAAGY,QAAH,EAAZ,EAA2B,EAAEL,MAAMjD,KAAKE,MAAL,CAAY+C,IAApB,EAA3B,CAAf;AACD,aAFD,MAEO;AACL,oBAAMQ,UAAU,MAAMtD,QAAQuD,IAAR,CAAa,EAAEzD,OAAO,EAAEsD,MAAMb,GAAGY,QAAH,EAAR,EAAT,EAAkCE,UAAU,KAA5C,EAAmDP,MAAMjD,KAAKE,MAAL,CAAY+C,IAArE,EAAb,CAAtB;AACA,kBAAIQ,QAAQE,MAAR,IAAkB,CAAtB,EAAyBT,SAASO,QAAQ,CAAR,CAAT;AAC1B;AACF,WARD,CAQE,OAAOG,KAAP,EAAc;AACd;AACA,gBAAIA,MAAMC,IAAN,KAAe,GAAnB,EAAwB,MAAMD,KAAN;AACzB;AACD,cAAI,CAACV,MAAL,EAAa;AACX,gBAAIxC,QAAQ8B,eAAZ,EAA6B,MAAM,IAAIC,KAAJ,CAAW,eAAc/B,QAAQsB,OAAQ,MAAKU,EAAG,2BAAjD,CAAN,CAA7B,KACK,OAAO1C,IAAP;AACN;AACD;AACAoC,2BAAES,GAAF,CAAM3C,MAAN,EAAc4B,UAAd,EAA0B,CAACoB,MAAD,CAA1B;AACA,iBAAOlD,IAAP;AACD,SArBD,MAqBO;AACL;AACAoC,2BAAES,GAAF,CAAM3C,MAAN,EAAc4B,UAAd,EAA0B,CAACY,EAAD,CAA1B;AACA,iBAAO1C,IAAP;AACD;AACF;AACF,KA7ED;;AAAA;AAAA;AAAA;AAAA;AA8ED;;AAEM,SAASoB,iBAAT,CAA4BV,OAA5B,EAAqC;AAC1C;AACA,SAAOQ,iBAAiBR,OAAjB,CAAP;AACD","file":"hooks.query.js","sourcesContent":["import _ from 'lodash'\r\nimport { marshallComparisonFields, marshallSortFields, marshallTime } from '../marshall'\r\nimport { ObjectID } from 'mongodb'\r\nimport makeDebug from 'debug'\r\n\r\nconst debug = makeDebug('kdk:core:query:hooks')\r\n\r\nexport function marshallTimeQuery (hook) {\r\n const query = hook.params.query\r\n if (query) {\r\n // Need to convert from client/server side types : string or moment dates\r\n marshallTime(query, 'time')\r\n }\r\n}\r\n\r\nexport function marshallComparisonQuery (hook) {\r\n const query = hook.params.query\r\n if (query) {\r\n // Complex queries might have nested objects so we call a recursive function to handle this\r\n marshallComparisonFields(query)\r\n }\r\n}\r\n\r\nexport function marshallSortQuery (hook) {\r\n const query = hook.params.query\r\n if (query && query.$sort) {\r\n // Complex queries might have nested objects so we call a recursive function to handle this\r\n marshallSortFields(query.$sort)\r\n }\r\n}\r\n\r\nexport function marshallCollationQuery (hook) {\r\n const query = hook.params.query\r\n if (!query) return\r\n // Locale shortcut or whole query provided\r\n if (query.$locale) {\r\n hook.params.collation = { locale: query.$locale }\r\n delete query.$locale\r\n } else if (query.$collation) {\r\n hook.params.collation = query.$collation\r\n delete query.$collation\r\n }\r\n return hook\r\n}\r\n\r\nexport async function aggregationQuery (hook) {\r\n const query = hook.params.query\r\n if (!query) return\r\n const service = hook.service\r\n if (query.$aggregation) {\r\n const collection = service.Model\r\n // Set result to avoid service DB call\r\n hook.result = await collection.aggregate(query.$aggregation.pipeline, query.$aggregation.options).toArray()\r\n }\r\n return hook\r\n}\r\n\r\nexport function populateObject (options) {\r\n return async function (hook) {\r\n const app = hook.app\r\n const data = hook.data\r\n const params = hook.params\r\n const query = params.query\r\n const context = hook.service.context\r\n const idProperty = options.nameIdAs \|\| options.idField\r\n const serviceProperty = options.nameServiceAs \|\| options.serviceField\r\n\r\n // Check if not already done\r\n if (typeof _.get(params, idProperty) === 'object') {\r\n debug(`Skipping populating ${idProperty} as already done`)\r\n return hook\r\n }\r\n if (typeof _.get(params, serviceProperty) === 'object') {\r\n debug(`Skipping populating ${serviceProperty} as already done`)\r\n return hook\r\n }\r\n\r\n // Get service where we can find the object to populate\r\n // Make hook usable with query params as well and service name or real object\r\n let service = _.get(data, options.serviceField) \|\| _.get(query, options.serviceField)\r\n if (typeof service === 'string') {\r\n const message = `Cannot find the service for ${options.serviceField} = ${service} to dynamically populate.`\r\n service = app.getService(service, context)\r\n if (!service) {\r\n if (options.throwOnNotFound) throw new Error(message)\r\n else return hook\r\n }\r\n } else if (!service) {\r\n if (options.throwOnNotFound) throw new Error(`No ${options.serviceField} given to dynamically populate.`)\r\n else return hook\r\n }\r\n // Then the object ID\r\n const id = _.get(data, options.idField) \|\| _.get(query, options.idField) \|\| _.get(hook, 'id')\r\n if (!id) {\r\n if (options.throwOnNotFound) throw new Error(`Cannot find the ${options.idField} to dynamically populate.`)\r\n else return hook\r\n }\r\n // Then the perspective if any\r\n const perspective = _.get(data, options.perspectiveField) \|\| _.get(query, options.perspectiveField)\r\n\r\n debug(`Populating ${idProperty} with ID ${id}`)\r\n // Set the retrieved service on the same field or given one in hook params\r\n _.set(params, serviceProperty, service)\r\n // Let it work with id/name string or real object\r\n if (typeof id === 'string' \|\| ObjectID.isValid(id)) {\r\n const args = { user: hook.params.user }\r\n let object\r\n try {\r\n // Get by ID or name ?\r\n if (ObjectID.isValid(id)) {\r\n if (perspective) Object.assign(args, { query: { $select: [perspective] } })\r\n object = await service.get(id.toString(), args)\r\n } else {\r\n Object.assign(args, { query: { name: id.toString() }, paginate: false })\r\n if (perspective) Object.assign(args.query, { $select: [perspective] })\r\n const results = await service.find(args)\r\n if (results.length >= 0) object = results[0]\r\n }\r\n } catch (error) {\r\n // Not found error is managed hereafter\r\n if (error.code !== 404) throw error\r\n }\r\n if (!object) {\r\n if (options.throwOnNotFound) throw new Error(`Cannot find object with id ${id} to dynamically populate.`)\r\n else return hook\r\n }\r\n // Set the retrieved object on the same field or given one in hook params\r\n _.set(params, idProperty, object)\r\n return hook\r\n } else {\r\n // Set the object on the same field or given one in hook params\r\n _.set(params, idProperty, id)\r\n return hook\r\n }\r\n }\r\n}\r\n\r\nexport function unpopulateObject (options) {\r\n return function (hook) {\r\n const params = hook.params\r\n const idProperty = options.nameIdAs \|\| options.idField\r\n const serviceProperty = options.nameServiceAs \|\| options.serviceField\r\n\r\n // Check if not already done\r\n _.unset(params, idProperty)\r\n _.unset(params, serviceProperty)\r\n\r\n return hook\r\n }\r\n}\r\n\r\nexport function populateObjects (options) {\r\n return async function (hook) {\r\n const app = hook.app\r\n const data = hook.data\r\n const params = hook.params\r\n const query = params.query\r\n const context = hook.service.context\r\n const idProperty = options.nameIdAs \|\| options.idField\r\n const serviceProperty = options.nameServiceAs \|\| options.serviceField\r\n\r\n // Check if not already done\r\n if (Array.isArray(_.get(params, idProperty))) {\r\n debug(`Skipping populating ${idProperty} as already done`)\r\n return hook\r\n }\r\n if (typeof _.get(params, serviceProperty) === 'object') {\r\n debug(`Skipping populating ${serviceProperty} as already done`)\r\n return hook\r\n }\r\n\r\n // Get service where we can find the object to populate\r\n // Make hook usable with query params as well and service name or real object\r\n let service = _.get(data, options.serviceField) \|\| _.get(query, options.serviceField)\r\n if (typeof service === 'string') {\r\n const message = `Cannot find the service for ${options.serviceField} = ${service} to dynamically populate.`\r\n service = app.getService(service, context)\r\n if (!service) {\r\n if (options.throwOnNotFound) throw new Error(message)\r\n else return hook\r\n }\r\n } else if (!service) {\r\n if (options.throwOnNotFound) throw new Error(`No ${options.serviceField} given to dynamically populate.`)\r\n else return hook\r\n }\r\n\r\n // Set the retrieved service on the same field or given one in hook params\r\n _.set(params, serviceProperty, service)\r\n\r\n // Then the object ID\r\n const id = _.get(data, options.idField) \|\| _.get(query, options.idField)\r\n // If no ID given we perform a find, no pagination to be sure we get all objects\r\n if (!id) {\r\n debug(`Populating ${idProperty}`)\r\n const objects = await service.find({ query: {}, paginate: false, user: hook.params.user })\r\n // Set the retrieved objects on the same field or given one in hook params\r\n debug(`Populated ${objects.length} ${idProperty}`)\r\n _.set(params, idProperty, objects)\r\n return hook\r\n } else {\r\n debug(`Populating ${idProperty} with ID ${id}`)\r\n // Let it work with id/name string or real object\r\n if (typeof id === 'string' \|\| ObjectID.isValid(id)) {\r\n let object\r\n try {\r\n // Get by ID or name ?\r\n if (ObjectID.isValid(id)) {\r\n object = await service.get(id.toString(), { user: hook.params.user })\r\n } else {\r\n const results = await service.find({ query: { name: id.toString() }, paginate: false, user: hook.params.user })\r\n if (results.length >= 0) object = results[0]\r\n }\r\n } catch (error) {\r\n // Not found error is managed hereafter\r\n if (error.code !== 404) throw error\r\n }\r\n if (!object) {\r\n if (options.throwOnNotFound) throw new Error(`Cannot find ${options.idField} = ${id} to dynamically populate.`)\r\n else return hook\r\n }\r\n // Set the retrieved object on the same field or given one in hook params\r\n _.set(params, idProperty, [object])\r\n return hook\r\n } else {\r\n // Set the object on the same field or given one in hook params\r\n _.set(params, idProperty, [id])\r\n return hook\r\n }\r\n }\r\n }\r\n}\r\n\r\nexport function unpopulateObjects (options) {\r\n // These are similar behaviour\r\n return unpopulateObject(options)\r\n}\r\n"]}

package/lib/core/api/services/authorisations/authorisations.service.js CHANGED Viewed

@@ -46,6 +46,12 @@ exports.default = {
         let resource = _lodash2.default.find(scope, function (resource) {
           return resource._id && resource._id.toString() === params.resource._id.toString();
         });
+        if (!resource) {
+          // Fallback as name
+          resource = _lodash2.default.find(scope, function (resource) {
+            return resource.name && resource.name === params.resource.name;
+          });
+        }
         // On first authorisation create the resource in scope
         if (!resource) {
           resource = Object.assign({}, params.resource);
@@ -90,9 +96,15 @@ exports.default = {
         // Then retrieve the right scope on the subject
         const scope = _lodash2.default.get(subject, scopeName, []);
         // Remove the target resource if any
-        const resources = _lodash2.default.remove(scope, function (resource) {
+        let resources = _lodash2.default.remove(scope, function (resource) {
           return resource._id && resource._id.toString() === id.toString();
         });
+        if (resources.length === 0) {
+          // Fallback as name
+          resources = _lodash2.default.remove(scope, function (resource) {
+            return resource.name && resource.name === id;
+          });
+        }
         if (resources.length > 0) {
           // This cover the case when we create the scope on the first auth,
           // so that if the caller want to get back the update subject he can have it

package/lib/core/api/services/authorisations/authorisations.service.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../../../../core/api/services/authorisations/authorisations.service.js"],"names":["debug","ANONYMOUS_USER","create","data","params","query","context","resourcesService","scopeName","scope","Promise","all","subjects","map","subject","_","get","resource","find","_id","toString","Object","assign","push","permissions","set","subjectsService","patch","user","updateAbilities","remove","id","resources","length","deleted","setup","app","config","cache","LruCache","maxUsers","getAbilities","has","abilities","del"],"mappings":";;;;;;AAAA;;;;AACA;;;;AACA;;;;AACA;;;;;;AAEA,MAAMA,QAAQ,qBAAU,iCAAV,CAAd;;AAEA;AACA,MAAMC,iBAAiB,WAAvB;;kBAEe;AACb;AACA;AACA;AACAC,SAAQC,IAAR,EAAcC,MAAd,EAAsB;AAAA;;AACpB,UAAMC,QAAQD,OAAOC,KAArB;AACA,UAAMC,UAAUF,OAAOG,gBAAP,CAAwBD,OAAxC;AACA;AACA,UAAME,YAAYL,KAAKM,KAAL,IAAcJ,MAAMI,KAAtC,CAJoB,CAIwB;AAC5C,WAAOC,QAAQC,GAAR,CAAYP,OAAOQ,QAAP,CAAgBC,GAAhB;AAAA,mCAAoB,WAAMC,OAAN,EAAiB;AACtD;AACA,cAAML,QAAQM,iBAAEC,GAAF,CAAMF,OAAN,EAAeN,SAAf,EAA0B,EAA1B,CAAd;AACA;AACA,YAAIS,WAAWF,iBAAEG,IAAF,CAAOT,KAAP,EAAc;AAAA,iBAAYQ,SAASE,GAAT,IAAiBF,SAASE,GAAT,CAAaC,QAAb,OAA4BhB,OAAOa,QAAP,CAAgBE,GAAhB,CAAoBC,QAApB,EAAzD;AAAA,SAAd,CAAf;AACA;AACA,YAAI,CAACH,QAAL,EAAe;AACbA,qBAAWI,OAAOC,MAAP,CAAc,EAAd,EAAkBlB,OAAOa,QAAzB,CAAX;AACA,cAAIX,OAAJ,EAAa;AACXW,qBAASX,OAAT,GAAoB,OAAOA,OAAP,KAAmB,QAAnB,GAA8BA,QAAQa,GAAR,CAAYC,QAAZ,EAA9B,GAAuDd,QAAQc,QAAR,EAA3E;AACD;AACDX,gBAAMc,IAAN,CAAWN,QAAX;AACD;AACD;AACA;AACAA,iBAASO,WAAT,GAAuBrB,KAAKqB,WAAL,IAAoBnB,MAAMmB,WAAjD;AACA;AACA;AACAT,yBAAEU,GAAF,CAAMX,OAAN,EAAeN,SAAf,EAA0BC,KAA1B;AACAT,cAAM,oBAAoBQ,SAApB,GAAgC,eAAhC,GAAkDM,QAAQK,GAA1D,GAAgE,eAAhE,GAAkFf,OAAOa,QAAP,CAAgBE,GAAlG,GAAwG,GAA9G,EAAmHV,KAAnH;AACAK,kBAAU,MAAMV,OAAOsB,eAAP,CAAuBC,KAAvB,CAA6Bb,QAAQK,GAArC,EAA0C;AACxD,WAACX,SAAD,GAAaC;AAD2C,SAA1C,EAEb;AACDmB,gBAAMxB,OAAOwB;AADZ,SAFa,CAAhB;AAKA,cAAM,MAAKC,eAAL,CAAqBf,OAArB,CAAN;AACAd,cAAM,mBAAmBG,KAAKqB,WAAxB,GAAsC,mBAAtC,GAA4DV,QAAQK,GAApE,GAA0E,eAA1E,GAA4Ff,OAAOa,QAAP,CAAgBE,GAA5G,GAAkH,cAAlH,GAAmIX,SAAzI;AACA,eAAOM,OAAP;AACD,OA5BkB;;AAAA;AAAA;AAAA;AAAA,SAAZ,CAAP;AA6BD,GAtCY;;AAwCb;AACA;AACA;AACAgB,SAAQC,EAAR,EAAY3B,MAAZ,EAAoB;AAAA;;AAClB,UAAMC,QAAQD,OAAOC,KAArB;AACA,UAAMG,YAAYH,MAAMI,KAAxB,CAFkB,CAEY;AAC9B,WAAOC,QAAQC,GAAR,CAAYP,OAAOQ,QAAP,CAAgBC,GAAhB;AAAA,oCAAoB,WAAMC,OAAN,EAAiB;AACtD;AACA,cAAML,QAAQM,iBAAEC,GAAF,CAAMF,OAAN,EAAeN,SAAf,EAA0B,EAA1B,CAAd;AACA;AACA,cAAMwB,YAAYjB,iBAAEe,MAAF,CAASrB,KAAT,EAAgB;AAAA,iBAAYQ,SAASE,GAAT,IAAiBF,SAASE,GAAT,CAAaC,QAAb,OAA4BW,GAAGX,QAAH,EAAzD;AAAA,SAAhB,CAAlB;AACA,YAAIY,UAAUC,MAAV,GAAmB,CAAvB,EAA0B;AACxB;AACA;AACAlB,2BAAEU,GAAF,CAAMX,OAAN,EAAeN,SAAf,EAA0BC,KAA1B;AACA;AACA,cAAI,CAACK,QAAQoB,OAAb,EAAsB;AACpBlC,kBAAM,oBAAoBQ,SAApB,GAAgC,eAAhC,GAAkDM,QAAQK,GAA1D,GAAgE,eAAhE,GAAkFY,EAAlF,GAAuF,GAA7F,EAAkGtB,KAAlG;AACAK,sBAAU,MAAMV,OAAOsB,eAAP,CAAuBC,KAAvB,CAA6Bb,QAAQK,GAArC,EAA0C;AACxD,eAACX,SAAD,GAAaC;AAD2C,aAA1C,EAEb;AACDmB,oBAAMxB,OAAOwB;AADZ,aAFa,CAAhB;AAKA,kBAAM,OAAKC,eAAL,CAAqBf,OAArB,CAAN;AACAd,kBAAM,qCAAqCc,QAAQK,GAA7C,GAAmD,eAAnD,GAAqEY,EAArE,GAA0E,cAA1E,GAA2FvB,SAAjG;AACA,mBAAOM,OAAP;AACD;AACF;AACD,eAAOA,OAAP;AACD,OAvBkB;;AAAA;AAAA;AAAA;AAAA,SAAZ,CAAP;AAwBD,GAtEY;;AAwEbqB,QAAOC,GAAP,EAAY;AACV,UAAMC,SAASD,IAAIpB,GAAJ,CAAQ,eAAR,CAAf;AACA,QAAIqB,UAAUA,OAAOC,KAArB,EAA4B;AAC1B;AACA,WAAKA,KAAL,GAAa,IAAIC,kBAAJ,CAAaF,OAAOC,KAAP,CAAaE,QAAb,IAAyB,IAAtC,CAAb;AACAxC,YAAM,oCAAN;AACD,KAJD,MAIO;AACLA,YAAM,yCAAN;AACD;AACF,GAjFY;;AAmFb;AACA;AACMyC,cAAN,CAAoB3B,OAApB,EAA6B;AAAA;;AAAA;AAC3B,UAAI,OAAKwB,KAAT,EAAgB;AACd,YAAIxB,WAAWA,QAAQK,GAAvB,EAA4B;AAC1B,cAAI,OAAKmB,KAAL,CAAWI,GAAX,CAAe5B,QAAQK,GAAR,CAAYC,QAAZ,EAAf,CAAJ,EAA4C,OAAO,OAAKkB,KAAL,CAAWtB,GAAX,CAAeF,QAAQK,GAAR,CAAYC,QAAZ,EAAf,CAAP;AAC7C,SAFD,MAEO;AACL,cAAI,OAAKkB,KAAL,CAAWI,GAAX,CAAezC,cAAf,CAAJ,EAAoC,OAAO,OAAKqC,KAAL,CAAWtB,GAAX,CAAef,cAAf,CAAP;AACrC;AACF;AACD;AACA,YAAM0C,YAAY,MAAM,kCAAgB7B,OAAhB,EAAyB,OAAKsB,GAA9B,CAAxB;;AAEA,UAAI,OAAKE,KAAT,EAAgB;AACd,YAAIxB,WAAWA,QAAQK,GAAvB,EAA4B;AAC1B,iBAAKmB,KAAL,CAAWb,GAAX,CAAeX,QAAQK,GAAR,CAAYC,QAAZ,EAAf,EAAuCuB,SAAvC;AACD,SAFD,MAEO;AACL,iBAAKL,KAAL,CAAWb,GAAX,CAAexB,cAAf,EAA+B0C,SAA/B;AACD;AACF;;AAED,aAAOA,SAAP;AAnB2B;AAoB5B,GAzGY;;AA2Gb;AACMd,iBAAN,CAAuBf,OAAvB,EAAgC;AAAA;;AAAA;AAC9B,UAAI,OAAKwB,KAAT,EAAgB;AACd,YAAIxB,WAAWA,QAAQK,GAAvB,EAA4B;AAC1B,iBAAKmB,KAAL,CAAWM,GAAX,CAAe9B,QAAQK,GAAR,CAAYC,QAAZ,EAAf;AACD,SAFD,MAEO;AACL,iBAAKkB,KAAL,CAAWM,GAAX,CAAe3C,cAAf;AACD;AACF;;AAED,YAAM0C,YAAY,MAAM,OAAKF,YAAL,CAAkB3B,OAAlB,CAAxB;AACA,aAAO6B,SAAP;AAV8B;AAW/B;AAvHY,C","file":"authorisations.service.js","sourcesContent":["import _ from 'lodash'\r\nimport LruCache from 'lru-cache'\r\nimport makeDebug from 'debug'\r\nimport { defineAbilities } from '../../../common/permissions'\r\n\r\nconst debug = makeDebug('kdk:core:authorisations:service')\r\n\r\n// Global key to store abilities in cache for anonymous users\r\nconst ANONYMOUS_USER = 'anonymous'\r\n\r\nexport default {\r\n // Used to change permissions for a subject on a resource\r\n // We pass parameters in the query/data object\r\n // The params object should be already filled by populate hooks\r\n create (data, params) {\r\n const query = params.query\r\n const context = params.resourcesService.context\r\n // Make hook usable with query params as well\r\n const scopeName = data.scope \|\| query.scope // Get scope name first\r\n return Promise.all(params.subjects.map(async subject => {\r\n // Then retrieve the right scope on the subject\r\n const scope = _.get(subject, scopeName, [])\r\n // Then the target resource\r\n let resource = _.find(scope, resource => resource._id && (resource._id.toString() === params.resource._id.toString()))\r\n // On first authorisation create the resource in scope\r\n if (!resource) {\r\n resource = Object.assign({}, params.resource)\r\n if (context) {\r\n resource.context = (typeof context === 'object' ? context._id.toString() : context.toString())\r\n }\r\n scope.push(resource)\r\n }\r\n // Hooks should have populate subject/resource,\r\n // now we have to set permissions on the given subject's scope\r\n resource.permissions = data.permissions \|\| query.permissions\r\n // This cover the case when we create the scope on the first auth,\r\n // so that if the caller want to get back the update subject he can have it\r\n _.set(subject, scopeName, scope)\r\n debug('Updating scope ' + scopeName + ' for subject ' + subject._id + ' on resource ' + params.resource._id + ':', scope)\r\n subject = await params.subjectsService.patch(subject._id, {\r\n [scopeName]: scope\r\n }, {\r\n user: params.user\r\n })\r\n await this.updateAbilities(subject)\r\n debug('Authorisation ' + data.permissions + ' set for subject ' + subject._id + ' on resource ' + params.resource._id + ' with scope ' + scopeName)\r\n return subject\r\n }))\r\n },\r\n\r\n // Used to remove permissions for a subject on a resource\r\n // We use ID as target resource and pass parameters in the query object\r\n // The params object should be already filled by populate hooks\r\n remove (id, params) {\r\n const query = params.query\r\n const scopeName = query.scope // Get scope name first\r\n return Promise.all(params.subjects.map(async subject => {\r\n // Then retrieve the right scope on the subject\r\n const scope = _.get(subject, scopeName, [])\r\n // Remove the target resource if any\r\n const resources = _.remove(scope, resource => resource._id && (resource._id.toString() === id.toString()))\r\n if (resources.length > 0) {\r\n // This cover the case when we create the scope on the first auth,\r\n // so that if the caller want to get back the update subject he can have it\r\n _.set(subject, scopeName, scope)\r\n // Skip patching if the subject is currently deleted\r\n if (!subject.deleted) {\r\n debug('Updating scope ' + scopeName + ' for subject ' + subject._id + ' on resource ' + id + ':', scope)\r\n subject = await params.subjectsService.patch(subject._id, {\r\n [scopeName]: scope\r\n }, {\r\n user: params.user\r\n })\r\n await this.updateAbilities(subject)\r\n debug('Authorisation unset for subject ' + subject._id + ' on resource ' + id + ' with scope ' + scopeName)\r\n return subject\r\n }\r\n }\r\n return subject\r\n }))\r\n },\r\n\r\n setup (app) {\r\n const config = app.get('authorisation')\r\n if (config && config.cache) {\r\n // Store abilities of the N most active users in LRU cache (defaults to 1000)\r\n this.cache = new LruCache(config.cache.maxUsers \|\| 1000)\r\n debug('Using LRU cache for user abilities')\r\n } else {\r\n debug('Do not use LRU cache for user abilities')\r\n }\r\n },\r\n\r\n // Compute abilities for a given user and set it in cache the first time\r\n // or get it from cache if found\r\n async getAbilities (subject) {\r\n if (this.cache) {\r\n if (subject && subject._id) {\r\n if (this.cache.has(subject._id.toString())) return this.cache.get(subject._id.toString())\r\n } else {\r\n if (this.cache.has(ANONYMOUS_USER)) return this.cache.get(ANONYMOUS_USER)\r\n }\r\n }\r\n // Provide app for any complex use case requiring to make requests\r\n const abilities = await defineAbilities(subject, this.app)\r\n\r\n if (this.cache) {\r\n if (subject && subject._id) {\r\n this.cache.set(subject._id.toString(), abilities)\r\n } else {\r\n this.cache.set(ANONYMOUS_USER, abilities)\r\n }\r\n }\r\n\r\n return abilities\r\n },\r\n\r\n // Compute abilities for a given user and update it in cache\r\n async updateAbilities (subject) {\r\n if (this.cache) {\r\n if (subject && subject._id) {\r\n this.cache.del(subject._id.toString())\r\n } else {\r\n this.cache.del(ANONYMOUS_USER)\r\n }\r\n }\r\n\r\n const abilities = await this.getAbilities(subject)\r\n return abilities\r\n }\r\n}\r\n"]}
1	+ {"version":3,"sources":["../../../../../core/api/services/authorisations/authorisations.service.js"],"names":["debug","ANONYMOUS_USER","create","data","params","query","context","resourcesService","scopeName","scope","Promise","all","subjects","map","subject","_","get","resource","find","_id","toString","name","Object","assign","push","permissions","set","subjectsService","patch","user","updateAbilities","remove","id","resources","length","deleted","setup","app","config","cache","LruCache","maxUsers","getAbilities","has","abilities","del"],"mappings":";;;;;;AAAA;;;;AACA;;;;AACA;;;;AACA;;;;;;AAEA,MAAMA,QAAQ,qBAAU,iCAAV,CAAd;;AAEA;AACA,MAAMC,iBAAiB,WAAvB;;kBAEe;AACb;AACA;AACA;AACAC,SAAQC,IAAR,EAAcC,MAAd,EAAsB;AAAA;;AACpB,UAAMC,QAAQD,OAAOC,KAArB;AACA,UAAMC,UAAUF,OAAOG,gBAAP,CAAwBD,OAAxC;AACA;AACA,UAAME,YAAYL,KAAKM,KAAL,IAAcJ,MAAMI,KAAtC,CAJoB,CAIwB;AAC5C,WAAOC,QAAQC,GAAR,CAAYP,OAAOQ,QAAP,CAAgBC,GAAhB;AAAA,mCAAoB,WAAMC,OAAN,EAAiB;AACtD;AACA,cAAML,QAAQM,iBAAEC,GAAF,CAAMF,OAAN,EAAeN,SAAf,EAA0B,EAA1B,CAAd;AACA;AACA,YAAIS,WAAWF,iBAAEG,IAAF,CAAOT,KAAP,EAAc;AAAA,iBAAYQ,SAASE,GAAT,IAAiBF,SAASE,GAAT,CAAaC,QAAb,OAA4BhB,OAAOa,QAAP,CAAgBE,GAAhB,CAAoBC,QAApB,EAAzD;AAAA,SAAd,CAAf;AACA,YAAI,CAACH,QAAL,EAAe;AACb;AACAA,qBAAWF,iBAAEG,IAAF,CAAOT,KAAP,EAAc;AAAA,mBAAYQ,SAASI,IAAT,IAAkBJ,SAASI,IAAT,KAAkBjB,OAAOa,QAAP,CAAgBI,IAAhE;AAAA,WAAd,CAAX;AACD;AACD;AACA,YAAI,CAACJ,QAAL,EAAe;AACbA,qBAAWK,OAAOC,MAAP,CAAc,EAAd,EAAkBnB,OAAOa,QAAzB,CAAX;AACA,cAAIX,OAAJ,EAAa;AACXW,qBAASX,OAAT,GAAoB,OAAOA,OAAP,KAAmB,QAAnB,GAA8BA,QAAQa,GAAR,CAAYC,QAAZ,EAA9B,GAAuDd,QAAQc,QAAR,EAA3E;AACD;AACDX,gBAAMe,IAAN,CAAWP,QAAX;AACD;AACD;AACA;AACAA,iBAASQ,WAAT,GAAuBtB,KAAKsB,WAAL,IAAoBpB,MAAMoB,WAAjD;AACA;AACA;AACAV,yBAAEW,GAAF,CAAMZ,OAAN,EAAeN,SAAf,EAA0BC,KAA1B;AACAT,cAAM,oBAAoBQ,SAApB,GAAgC,eAAhC,GAAkDM,QAAQK,GAA1D,GAAgE,eAAhE,GAAkFf,OAAOa,QAAP,CAAgBE,GAAlG,GAAwG,GAA9G,EAAmHV,KAAnH;AACAK,kBAAU,MAAMV,OAAOuB,eAAP,CAAuBC,KAAvB,CAA6Bd,QAAQK,GAArC,EAA0C;AACxD,WAACX,SAAD,GAAaC;AAD2C,SAA1C,EAEb;AACDoB,gBAAMzB,OAAOyB;AADZ,SAFa,CAAhB;AAKA,cAAM,MAAKC,eAAL,CAAqBhB,OAArB,CAAN;AACAd,cAAM,mBAAmBG,KAAKsB,WAAxB,GAAsC,mBAAtC,GAA4DX,QAAQK,GAApE,GAA0E,eAA1E,GAA4Ff,OAAOa,QAAP,CAAgBE,GAA5G,GAAkH,cAAlH,GAAmIX,SAAzI;AACA,eAAOM,OAAP;AACD,OAhCkB;;AAAA;AAAA;AAAA;AAAA,SAAZ,CAAP;AAiCD,GA1CY;;AA4Cb;AACA;AACA;AACAiB,SAAQC,EAAR,EAAY5B,MAAZ,EAAoB;AAAA;;AAClB,UAAMC,QAAQD,OAAOC,KAArB;AACA,UAAMG,YAAYH,MAAMI,KAAxB,CAFkB,CAEY;AAC9B,WAAOC,QAAQC,GAAR,CAAYP,OAAOQ,QAAP,CAAgBC,GAAhB;AAAA,oCAAoB,WAAMC,OAAN,EAAiB;AACtD;AACA,cAAML,QAAQM,iBAAEC,GAAF,CAAMF,OAAN,EAAeN,SAAf,EAA0B,EAA1B,CAAd;AACA;AACA,YAAIyB,YAAYlB,iBAAEgB,MAAF,CAAStB,KAAT,EAAgB;AAAA,iBAAYQ,SAASE,GAAT,IAAiBF,SAASE,GAAT,CAAaC,QAAb,OAA4BY,GAAGZ,QAAH,EAAzD;AAAA,SAAhB,CAAhB;AACA,YAAIa,UAAUC,MAAV,KAAqB,CAAzB,EAA4B;AAC1B;AACAD,sBAAYlB,iBAAEgB,MAAF,CAAStB,KAAT,EAAgB;AAAA,mBAAYQ,SAASI,IAAT,IAAkBJ,SAASI,IAAT,KAAkBW,EAAhD;AAAA,WAAhB,CAAZ;AACD;AACD,YAAIC,UAAUC,MAAV,GAAmB,CAAvB,EAA0B;AACxB;AACA;AACAnB,2BAAEW,GAAF,CAAMZ,OAAN,EAAeN,SAAf,EAA0BC,KAA1B;AACA;AACA,cAAI,CAACK,QAAQqB,OAAb,EAAsB;AACpBnC,kBAAM,oBAAoBQ,SAApB,GAAgC,eAAhC,GAAkDM,QAAQK,GAA1D,GAAgE,eAAhE,GAAkFa,EAAlF,GAAuF,GAA7F,EAAkGvB,KAAlG;AACAK,sBAAU,MAAMV,OAAOuB,eAAP,CAAuBC,KAAvB,CAA6Bd,QAAQK,GAArC,EAA0C;AACxD,eAACX,SAAD,GAAaC;AAD2C,aAA1C,EAEb;AACDoB,oBAAMzB,OAAOyB;AADZ,aAFa,CAAhB;AAKA,kBAAM,OAAKC,eAAL,CAAqBhB,OAArB,CAAN;AACAd,kBAAM,qCAAqCc,QAAQK,GAA7C,GAAmD,eAAnD,GAAqEa,EAArE,GAA0E,cAA1E,GAA2FxB,SAAjG;AACA,mBAAOM,OAAP;AACD;AACF;AACD,eAAOA,OAAP;AACD,OA3BkB;;AAAA;AAAA;AAAA;AAAA,SAAZ,CAAP;AA4BD,GA9EY;;AAgFbsB,QAAOC,GAAP,EAAY;AACV,UAAMC,SAASD,IAAIrB,GAAJ,CAAQ,eAAR,CAAf;AACA,QAAIsB,UAAUA,OAAOC,KAArB,EAA4B;AAC1B;AACA,WAAKA,KAAL,GAAa,IAAIC,kBAAJ,CAAaF,OAAOC,KAAP,CAAaE,QAAb,IAAyB,IAAtC,CAAb;AACAzC,YAAM,oCAAN;AACD,KAJD,MAIO;AACLA,YAAM,yCAAN;AACD;AACF,GAzFY;;AA2Fb;AACA;AACM0C,cAAN,CAAoB5B,OAApB,EAA6B;AAAA;;AAAA;AAC3B,UAAI,OAAKyB,KAAT,EAAgB;AACd,YAAIzB,WAAWA,QAAQK,GAAvB,EAA4B;AAC1B,cAAI,OAAKoB,KAAL,CAAWI,GAAX,CAAe7B,QAAQK,GAAR,CAAYC,QAAZ,EAAf,CAAJ,EAA4C,OAAO,OAAKmB,KAAL,CAAWvB,GAAX,CAAeF,QAAQK,GAAR,CAAYC,QAAZ,EAAf,CAAP;AAC7C,SAFD,MAEO;AACL,cAAI,OAAKmB,KAAL,CAAWI,GAAX,CAAe1C,cAAf,CAAJ,EAAoC,OAAO,OAAKsC,KAAL,CAAWvB,GAAX,CAAef,cAAf,CAAP;AACrC;AACF;AACD;AACA,YAAM2C,YAAY,MAAM,kCAAgB9B,OAAhB,EAAyB,OAAKuB,GAA9B,CAAxB;;AAEA,UAAI,OAAKE,KAAT,EAAgB;AACd,YAAIzB,WAAWA,QAAQK,GAAvB,EAA4B;AAC1B,iBAAKoB,KAAL,CAAWb,GAAX,CAAeZ,QAAQK,GAAR,CAAYC,QAAZ,EAAf,EAAuCwB,SAAvC;AACD,SAFD,MAEO;AACL,iBAAKL,KAAL,CAAWb,GAAX,CAAezB,cAAf,EAA+B2C,SAA/B;AACD;AACF;;AAED,aAAOA,SAAP;AAnB2B;AAoB5B,GAjHY;;AAmHb;AACMd,iBAAN,CAAuBhB,OAAvB,EAAgC;AAAA;;AAAA;AAC9B,UAAI,OAAKyB,KAAT,EAAgB;AACd,YAAIzB,WAAWA,QAAQK,GAAvB,EAA4B;AAC1B,iBAAKoB,KAAL,CAAWM,GAAX,CAAe/B,QAAQK,GAAR,CAAYC,QAAZ,EAAf;AACD,SAFD,MAEO;AACL,iBAAKmB,KAAL,CAAWM,GAAX,CAAe5C,cAAf;AACD;AACF;;AAED,YAAM2C,YAAY,MAAM,OAAKF,YAAL,CAAkB5B,OAAlB,CAAxB;AACA,aAAO8B,SAAP;AAV8B;AAW/B;AA/HY,C","file":"authorisations.service.js","sourcesContent":["import _ from 'lodash'\r\nimport LruCache from 'lru-cache'\r\nimport makeDebug from 'debug'\r\nimport { defineAbilities } from '../../../common/permissions'\r\n\r\nconst debug = makeDebug('kdk:core:authorisations:service')\r\n\r\n// Global key to store abilities in cache for anonymous users\r\nconst ANONYMOUS_USER = 'anonymous'\r\n\r\nexport default {\r\n // Used to change permissions for a subject on a resource\r\n // We pass parameters in the query/data object\r\n // The params object should be already filled by populate hooks\r\n create (data, params) {\r\n const query = params.query\r\n const context = params.resourcesService.context\r\n // Make hook usable with query params as well\r\n const scopeName = data.scope \|\| query.scope // Get scope name first\r\n return Promise.all(params.subjects.map(async subject => {\r\n // Then retrieve the right scope on the subject\r\n const scope = _.get(subject, scopeName, [])\r\n // Then the target resource\r\n let resource = _.find(scope, resource => resource._id && (resource._id.toString() === params.resource._id.toString()))\r\n if (!resource) {\r\n // Fallback as name\r\n resource = _.find(scope, resource => resource.name && (resource.name === params.resource.name))\r\n }\r\n // On first authorisation create the resource in scope\r\n if (!resource) {\r\n resource = Object.assign({}, params.resource)\r\n if (context) {\r\n resource.context = (typeof context === 'object' ? context._id.toString() : context.toString())\r\n }\r\n scope.push(resource)\r\n }\r\n // Hooks should have populate subject/resource,\r\n // now we have to set permissions on the given subject's scope\r\n resource.permissions = data.permissions \|\| query.permissions\r\n // This cover the case when we create the scope on the first auth,\r\n // so that if the caller want to get back the update subject he can have it\r\n _.set(subject, scopeName, scope)\r\n debug('Updating scope ' + scopeName + ' for subject ' + subject._id + ' on resource ' + params.resource._id + ':', scope)\r\n subject = await params.subjectsService.patch(subject._id, {\r\n [scopeName]: scope\r\n }, {\r\n user: params.user\r\n })\r\n await this.updateAbilities(subject)\r\n debug('Authorisation ' + data.permissions + ' set for subject ' + subject._id + ' on resource ' + params.resource._id + ' with scope ' + scopeName)\r\n return subject\r\n }))\r\n },\r\n\r\n // Used to remove permissions for a subject on a resource\r\n // We use ID as target resource and pass parameters in the query object\r\n // The params object should be already filled by populate hooks\r\n remove (id, params) {\r\n const query = params.query\r\n const scopeName = query.scope // Get scope name first\r\n return Promise.all(params.subjects.map(async subject => {\r\n // Then retrieve the right scope on the subject\r\n const scope = _.get(subject, scopeName, [])\r\n // Remove the target resource if any\r\n let resources = _.remove(scope, resource => resource._id && (resource._id.toString() === id.toString()))\r\n if (resources.length === 0) {\r\n // Fallback as name\r\n resources = _.remove(scope, resource => resource.name && (resource.name === id))\r\n }\r\n if (resources.length > 0) {\r\n // This cover the case when we create the scope on the first auth,\r\n // so that if the caller want to get back the update subject he can have it\r\n _.set(subject, scopeName, scope)\r\n // Skip patching if the subject is currently deleted\r\n if (!subject.deleted) {\r\n debug('Updating scope ' + scopeName + ' for subject ' + subject._id + ' on resource ' + id + ':', scope)\r\n subject = await params.subjectsService.patch(subject._id, {\r\n [scopeName]: scope\r\n }, {\r\n user: params.user\r\n })\r\n await this.updateAbilities(subject)\r\n debug('Authorisation unset for subject ' + subject._id + ' on resource ' + id + ' with scope ' + scopeName)\r\n return subject\r\n }\r\n }\r\n return subject\r\n }))\r\n },\r\n\r\n setup (app) {\r\n const config = app.get('authorisation')\r\n if (config && config.cache) {\r\n // Store abilities of the N most active users in LRU cache (defaults to 1000)\r\n this.cache = new LruCache(config.cache.maxUsers \|\| 1000)\r\n debug('Using LRU cache for user abilities')\r\n } else {\r\n debug('Do not use LRU cache for user abilities')\r\n }\r\n },\r\n\r\n // Compute abilities for a given user and set it in cache the first time\r\n // or get it from cache if found\r\n async getAbilities (subject) {\r\n if (this.cache) {\r\n if (subject && subject._id) {\r\n if (this.cache.has(subject._id.toString())) return this.cache.get(subject._id.toString())\r\n } else {\r\n if (this.cache.has(ANONYMOUS_USER)) return this.cache.get(ANONYMOUS_USER)\r\n }\r\n }\r\n // Provide app for any complex use case requiring to make requests\r\n const abilities = await defineAbilities(subject, this.app)\r\n\r\n if (this.cache) {\r\n if (subject && subject._id) {\r\n this.cache.set(subject._id.toString(), abilities)\r\n } else {\r\n this.cache.set(ANONYMOUS_USER, abilities)\r\n }\r\n }\r\n\r\n return abilities\r\n },\r\n\r\n // Compute abilities for a given user and update it in cache\r\n async updateAbilities (subject) {\r\n if (this.cache) {\r\n if (subject && subject._id) {\r\n this.cache.del(subject._id.toString())\r\n } else {\r\n this.cache.del(ANONYMOUS_USER)\r\n }\r\n }\r\n\r\n const abilities = await this.getAbilities(subject)\r\n return abilities\r\n }\r\n}\r\n"]}