@kubun/server 0.4.2 → 0.4.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/data/access-control.d.ts +1 -1
- package/lib/data/access-control.d.ts.map +1 -1
- package/lib/data/access-control.js +21 -5
- package/lib/data/graphql.d.ts.map +1 -1
- package/lib/data/graphql.js +31 -0
- package/lib/data/mutations.d.ts +37 -0
- package/lib/data/mutations.d.ts.map +1 -1
- package/lib/data/mutations.js +104 -0
- package/lib/handlers/graph.d.ts.map +1 -1
- package/lib/handlers/graph.js +8 -7
- package/package.json +5 -5
|
@@ -26,7 +26,7 @@ export declare function validateDIDs(dids: Array<string>): void;
|
|
|
26
26
|
/**
|
|
27
27
|
* Resolve the effective access rule for a document and permission type
|
|
28
28
|
* Order of precedence:
|
|
29
|
-
* 1. Document
|
|
29
|
+
* 1. Document accessPermissions override
|
|
30
30
|
* 2. User's model default from database
|
|
31
31
|
* 3. Server configuration default
|
|
32
32
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"access-control.d.ts","sourceRoot":"","sources":["../../src/data/access-control.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AACxC,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAA;AAEnD,MAAM,MAAM,UAAU,GAAG;IACvB,KAAK,EAAE,MAAM,CAAA;IACb,WAAW,EAAE,KAAK,CAAC,MAAM,CAAC,GAAG,IAAI,CAAA;CAClC,CAAA;AAED,MAAM,MAAM,iBAAiB,GAAG;IAC9B,IAAI,CAAC,EAAE,UAAU,CAAA;IACjB,KAAK,CAAC,EAAE,UAAU,CAAA;CACnB,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC/B,kBAAkB,EAAE;QAClB,IAAI,EAAE,YAAY,GAAG,QAAQ,GAAG,cAAc,CAAA;QAC9C,KAAK,EAAE,YAAY,GAAG,cAAc,CAAA;KACrC,CAAA;CACF,CAAA;AAED,MAAM,MAAM,aAAa,GAAG,CAC1B,GAAG,EAAE,YAAY,EACjB,cAAc,EAAE,MAAM,GAAG,OAAO,KAC7B,OAAO,CAAC,OAAO,CAAC,CAAA;AAErB;;GAEG;AACH,wBAAgB,8BAA8B,CAAC,IAAI,EAAE,GAAG,GAAG,iBAAiB,GAAG,IAAI,CAiBlF;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC,GAAG,IAAI,CAMtD;AAaD;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CACrC,QAAQ,EAAE,YAAY,EACtB,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,EAChB,cAAc,EAAE,MAAM,GAAG,OAAO,EAChC,EAAE,EAAE,OAAO,EACX,YAAY,EAAE,kBAAkB,GAC/B,OAAO,CAAC,UAAU,CAAC,CA4BrB;AAED;;GAEG;AACH,wBAAsB,eAAe,CACnC,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,YAAY,EACtB,cAAc,EAAE,MAAM,GAAG,OAAO,EAChC,gBAAgB,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,GAC/B,OAAO,CAAC,OAAO,CAAC,
|
|
1
|
+
{"version":3,"file":"access-control.d.ts","sourceRoot":"","sources":["../../src/data/access-control.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AACxC,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAA;AAEnD,MAAM,MAAM,UAAU,GAAG;IACvB,KAAK,EAAE,MAAM,CAAA;IACb,WAAW,EAAE,KAAK,CAAC,MAAM,CAAC,GAAG,IAAI,CAAA;CAClC,CAAA;AAED,MAAM,MAAM,iBAAiB,GAAG;IAC9B,IAAI,CAAC,EAAE,UAAU,CAAA;IACjB,KAAK,CAAC,EAAE,UAAU,CAAA;CACnB,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC/B,kBAAkB,EAAE;QAClB,IAAI,EAAE,YAAY,GAAG,QAAQ,GAAG,cAAc,CAAA;QAC9C,KAAK,EAAE,YAAY,GAAG,cAAc,CAAA;KACrC,CAAA;CACF,CAAA;AAED,MAAM,MAAM,aAAa,GAAG,CAC1B,GAAG,EAAE,YAAY,EACjB,cAAc,EAAE,MAAM,GAAG,OAAO,KAC7B,OAAO,CAAC,OAAO,CAAC,CAAA;AAErB;;GAEG;AACH,wBAAgB,8BAA8B,CAAC,IAAI,EAAE,GAAG,GAAG,iBAAiB,GAAG,IAAI,CAiBlF;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,MAAM,CAAC,GAAG,IAAI,CAMtD;AAaD;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CACrC,QAAQ,EAAE,YAAY,EACtB,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,EAChB,cAAc,EAAE,MAAM,GAAG,OAAO,EAChC,EAAE,EAAE,OAAO,EACX,YAAY,EAAE,kBAAkB,GAC/B,OAAO,CAAC,UAAU,CAAC,CA4BrB;AAED;;GAEG;AACH,wBAAsB,eAAe,CACnC,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,YAAY,EACtB,cAAc,EAAE,MAAM,GAAG,OAAO,EAChC,gBAAgB,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,GAC/B,OAAO,CAAC,OAAO,CAAC,CAoClB;AAED;;GAEG;AACH,wBAAsB,WAAW,CAC/B,SAAS,EAAE,MAAM,GAAG,IAAI,EACxB,QAAQ,EAAE,YAAY,EACtB,cAAc,EAAE,MAAM,GAAG,OAAO,EAChC,EAAE,EAAE,OAAO,EACX,YAAY,EAAE,kBAAkB,EAChC,gBAAgB,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,GAC/B,OAAO,CAAC,OAAO,CAAC,CA+DlB;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CACjC,SAAS,EAAE,MAAM,GAAG,IAAI,EACxB,gBAAgB,EAAE,KAAK,CAAC,MAAM,CAAC,GAAG,SAAS,EAC3C,EAAE,EAAE,OAAO,EACX,YAAY,EAAE,kBAAkB,GAC/B,aAAa,CAIf"}
|
|
@@ -3,11 +3,11 @@ import { checkCapability } from '@enkaku/capability';
|
|
|
3
3
|
* Parse and validate access permissions from document data
|
|
4
4
|
*/ export function parseDocumentAccessPermissions(data) {
|
|
5
5
|
try {
|
|
6
|
-
if (!data.
|
|
7
|
-
const perms = data.
|
|
6
|
+
if (!data.accessPermissions) return null;
|
|
7
|
+
const perms = data.accessPermissions;
|
|
8
8
|
// Basic validation - check if the permission object has the expected structure
|
|
9
9
|
if (typeof perms !== 'object') {
|
|
10
|
-
console.warn('Invalid
|
|
10
|
+
console.warn('Invalid accessPermissions structure in document, ignoring');
|
|
11
11
|
return null;
|
|
12
12
|
}
|
|
13
13
|
return perms;
|
|
@@ -37,7 +37,7 @@ import { checkCapability } from '@enkaku/capability';
|
|
|
37
37
|
/**
|
|
38
38
|
* Resolve the effective access rule for a document and permission type
|
|
39
39
|
* Order of precedence:
|
|
40
|
-
* 1. Document
|
|
40
|
+
* 1. Document accessPermissions override
|
|
41
41
|
* 2. User's model default from database
|
|
42
42
|
* 3. Server configuration default
|
|
43
43
|
*/ export async function resolveAccessRule(document, modelId, ownerDID, permissionType, db, serverConfig) {
|
|
@@ -81,7 +81,7 @@ import { checkCapability } from '@enkaku/capability';
|
|
|
81
81
|
];
|
|
82
82
|
const action = `document/${permissionType}` // document/read or document/write
|
|
83
83
|
;
|
|
84
|
-
//
|
|
84
|
+
// First, try tokens as a delegation chain (for A→B→C scenarios)
|
|
85
85
|
for (const res of resources){
|
|
86
86
|
try {
|
|
87
87
|
await checkCapability({
|
|
@@ -95,6 +95,22 @@ import { checkCapability } from '@enkaku/capability';
|
|
|
95
95
|
return true;
|
|
96
96
|
} catch {}
|
|
97
97
|
}
|
|
98
|
+
// If chain validation fails, try each token independently (for multiple independent grants)
|
|
99
|
+
for (const token of delegationTokens){
|
|
100
|
+
for (const res of resources){
|
|
101
|
+
try {
|
|
102
|
+
await checkCapability({
|
|
103
|
+
act: action,
|
|
104
|
+
res
|
|
105
|
+
}, {
|
|
106
|
+
iss: viewerDID,
|
|
107
|
+
sub: grantor,
|
|
108
|
+
cap: token
|
|
109
|
+
});
|
|
110
|
+
return true;
|
|
111
|
+
} catch {}
|
|
112
|
+
}
|
|
113
|
+
}
|
|
98
114
|
return false;
|
|
99
115
|
}
|
|
100
116
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"graphql.d.ts","sourceRoot":"","sources":["../../src/data/graphql.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AACxC,OAAO,EAAE,KAAK,OAAO,EAA+C,MAAM,gBAAgB,CAAA;AAC1F,OAAO,KAAK,EAAgB,YAAY,EAAE,MAAM,iBAAiB,CAAA;AACjE,OAAO,EACL,KAAK,aAAa,EAElB,KAAK,aAAa,EAElB,KAAK,iBAAiB,EAEvB,MAAM,SAAS,CAAA;AAEhB,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;
|
|
1
|
+
{"version":3,"file":"graphql.d.ts","sourceRoot":"","sources":["../../src/data/graphql.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AACxC,OAAO,EAAE,KAAK,OAAO,EAA+C,MAAM,gBAAgB,CAAA;AAC1F,OAAO,KAAK,EAAgB,YAAY,EAAE,MAAM,iBAAiB,CAAA;AACjE,OAAO,EACL,KAAK,aAAa,EAElB,KAAK,aAAa,EAElB,KAAK,iBAAiB,EAEvB,MAAM,SAAS,CAAA;AAEhB,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AAQxD,MAAM,MAAM,gBAAgB,GAAG;IAC7B,EAAE,EAAE,OAAO,CAAA;IACX,SAAS,EAAE,MAAM,CAAA;IACjB,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,YAAY,CAAC,CAAA;IAC/C,aAAa,CAAC,EAAE,aAAa,CAAA;CAC9B,CAAA;AAED,wBAAgB,aAAa,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAgG5D;AAED,MAAM,MAAM,oBAAoB,GAAG;IACjC,OAAO,EAAE,gBAAgB,CAAA;IACzB,MAAM,EAAE,aAAa,CAAA;IACrB,IAAI,EAAE,MAAM,CAAA;IACZ,IAAI,EAAE,iBAAiB,CAAA;IACvB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;CACnC,CAAA;AAED,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,oBAAoB,GAAG,aAAa,CAiB5E"}
|
package/lib/data/graphql.js
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import { createReadContext } from '@kubun/graphql';
|
|
2
2
|
import { Kind, parse } from 'graphql';
|
|
3
|
+
import { removeDocumentAccessOverride, removeModelAccessDefaults, setDocumentAccessOverride, setModelAccessDefaults } from './mutations.js';
|
|
3
4
|
export function createContext(ctx) {
|
|
4
5
|
const readContext = createReadContext({
|
|
5
6
|
db: ctx.db,
|
|
@@ -22,6 +23,36 @@ export function createContext(ctx) {
|
|
|
22
23
|
},
|
|
23
24
|
async executeRemoveMutation (_id, _info) {
|
|
24
25
|
// no-op
|
|
26
|
+
},
|
|
27
|
+
async executeSetModelAccessDefaults (modelId, permissionType, accessLevel, allowedDIDs) {
|
|
28
|
+
await setModelAccessDefaults({
|
|
29
|
+
ownerDID: ctx.viewerDID,
|
|
30
|
+
modelID: modelId,
|
|
31
|
+
permissionType,
|
|
32
|
+
accessLevel,
|
|
33
|
+
allowedDIDs
|
|
34
|
+
}, ctx.db);
|
|
35
|
+
},
|
|
36
|
+
async executeRemoveModelAccessDefaults (modelId, permissionTypes) {
|
|
37
|
+
await removeModelAccessDefaults({
|
|
38
|
+
ownerDID: ctx.viewerDID,
|
|
39
|
+
modelID: modelId,
|
|
40
|
+
permissionTypes
|
|
41
|
+
}, ctx.db);
|
|
42
|
+
},
|
|
43
|
+
async executeSetDocumentAccessOverride (documentId, permissionType, accessLevel, allowedDIDs) {
|
|
44
|
+
await setDocumentAccessOverride({
|
|
45
|
+
documentID: documentId,
|
|
46
|
+
permissionType,
|
|
47
|
+
accessLevel,
|
|
48
|
+
allowedDIDs
|
|
49
|
+
}, ctx.db);
|
|
50
|
+
},
|
|
51
|
+
async executeRemoveDocumentAccessOverride (documentId, permissionTypes) {
|
|
52
|
+
await removeDocumentAccessOverride({
|
|
53
|
+
documentID: documentId,
|
|
54
|
+
permissionTypes
|
|
55
|
+
}, ctx.db);
|
|
25
56
|
}
|
|
26
57
|
};
|
|
27
58
|
}
|
package/lib/data/mutations.d.ts
CHANGED
|
@@ -1,4 +1,41 @@
|
|
|
1
|
+
import type { KubunDB } from '@kubun/db';
|
|
1
2
|
import { type MutationContext } from '@kubun/mutation';
|
|
2
3
|
import { type DocumentNode } from '@kubun/protocol';
|
|
4
|
+
import { type ServerAccessConfig } from './access-control.js';
|
|
3
5
|
export declare function applyMutation(ctx: MutationContext, token: string): Promise<DocumentNode>;
|
|
6
|
+
/**
|
|
7
|
+
* Set model-level access defaults for a user
|
|
8
|
+
*/
|
|
9
|
+
export declare function setModelAccessDefaults(params: {
|
|
10
|
+
ownerDID: string;
|
|
11
|
+
modelID: string;
|
|
12
|
+
permissionType: 'read' | 'write';
|
|
13
|
+
accessLevel: string;
|
|
14
|
+
allowedDIDs: Array<string> | null;
|
|
15
|
+
}, db: KubunDB): Promise<void>;
|
|
16
|
+
/**
|
|
17
|
+
* Remove model-level access defaults for a user
|
|
18
|
+
*/
|
|
19
|
+
export declare function removeModelAccessDefaults(params: {
|
|
20
|
+
ownerDID: string;
|
|
21
|
+
modelID: string;
|
|
22
|
+
permissionTypes: Array<'read' | 'write'>;
|
|
23
|
+
}, db: KubunDB): Promise<void>;
|
|
24
|
+
/**
|
|
25
|
+
* Set document-level access override
|
|
26
|
+
*/
|
|
27
|
+
export declare function setDocumentAccessOverride(params: {
|
|
28
|
+
documentID: string;
|
|
29
|
+
permissionType: 'read' | 'write';
|
|
30
|
+
accessLevel: string;
|
|
31
|
+
allowedDIDs: Array<string> | null;
|
|
32
|
+
}, db: KubunDB): Promise<void>;
|
|
33
|
+
/**
|
|
34
|
+
* Remove document-level access override
|
|
35
|
+
*/
|
|
36
|
+
export declare function removeDocumentAccessOverride(params: {
|
|
37
|
+
documentID: string;
|
|
38
|
+
permissionTypes: Array<'read' | 'write'>;
|
|
39
|
+
}, db: KubunDB): Promise<void>;
|
|
40
|
+
export type { ServerAccessConfig };
|
|
4
41
|
//# sourceMappingURL=mutations.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mutations.d.ts","sourceRoot":"","sources":["../../src/data/mutations.ts"],"names":[],"mappings":"AAEA,OAAO,EAA0B,KAAK,eAAe,EAAE,MAAM,iBAAiB,CAAA;AAC9E,OAAO,EAAyB,KAAK,YAAY,EAAoB,MAAM,iBAAiB,CAAA;
|
|
1
|
+
{"version":3,"file":"mutations.d.ts","sourceRoot":"","sources":["../../src/data/mutations.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AAExC,OAAO,EAA0B,KAAK,eAAe,EAAE,MAAM,iBAAiB,CAAA;AAC9E,OAAO,EAAyB,KAAK,YAAY,EAAoB,MAAM,iBAAiB,CAAA;AAE5F,OAAO,EAAE,KAAK,kBAAkB,EAAgB,MAAM,qBAAqB,CAAA;AAI3E,wBAAsB,aAAa,CAAC,GAAG,EAAE,eAAe,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAI9F;AAED;;GAEG;AACH,wBAAsB,sBAAsB,CAC1C,MAAM,EAAE;IACN,QAAQ,EAAE,MAAM,CAAA;IAChB,OAAO,EAAE,MAAM,CAAA;IACf,cAAc,EAAE,MAAM,GAAG,OAAO,CAAA;IAChC,WAAW,EAAE,MAAM,CAAA;IACnB,WAAW,EAAE,KAAK,CAAC,MAAM,CAAC,GAAG,IAAI,CAAA;CAClC,EACD,EAAE,EAAE,OAAO,GACV,OAAO,CAAC,IAAI,CAAC,CAyBf;AAED;;GAEG;AACH,wBAAsB,yBAAyB,CAC7C,MAAM,EAAE;IACN,QAAQ,EAAE,MAAM,CAAA;IAChB,OAAO,EAAE,MAAM,CAAA;IACf,eAAe,EAAE,KAAK,CAAC,MAAM,GAAG,OAAO,CAAC,CAAA;CACzC,EACD,EAAE,EAAE,OAAO,GACV,OAAO,CAAC,IAAI,CAAC,CAGf;AAED;;GAEG;AACH,wBAAsB,yBAAyB,CAC7C,MAAM,EAAE;IACN,UAAU,EAAE,MAAM,CAAA;IAClB,cAAc,EAAE,MAAM,GAAG,OAAO,CAAA;IAChC,WAAW,EAAE,MAAM,CAAA;IACnB,WAAW,EAAE,KAAK,CAAC,MAAM,CAAC,GAAG,IAAI,CAAA;CAClC,EACD,EAAE,EAAE,OAAO,GACV,OAAO,CAAC,IAAI,CAAC,CAqCf;AAED;;GAEG;AACH,wBAAsB,4BAA4B,CAChD,MAAM,EAAE;IACN,UAAU,EAAE,MAAM,CAAA;IAClB,eAAe,EAAE,KAAK,CAAC,MAAM,GAAG,OAAO,CAAC,CAAA;CACzC,EACD,EAAE,EAAE,OAAO,GACV,OAAO,CAAC,IAAI,CAAC,CA6Bf;AAGD,YAAY,EAAE,kBAAkB,EAAE,CAAA"}
|
package/lib/data/mutations.js
CHANGED
|
@@ -1,10 +1,114 @@
|
|
|
1
1
|
import { asType, createValidator } from '@enkaku/schema';
|
|
2
2
|
import { verifyToken } from '@enkaku/token';
|
|
3
|
+
import { DocumentID } from '@kubun/id';
|
|
3
4
|
import { applyMutation as apply } from '@kubun/mutation';
|
|
4
5
|
import { documentMutation } from '@kubun/protocol';
|
|
6
|
+
import { validateDIDs } from './access-control.js';
|
|
5
7
|
const validateMutation = createValidator(documentMutation);
|
|
6
8
|
export async function applyMutation(ctx, token) {
|
|
7
9
|
const verified = await verifyToken(token);
|
|
8
10
|
const mutation = asType(validateMutation, verified.payload);
|
|
9
11
|
return await apply(ctx, mutation);
|
|
10
12
|
}
|
|
13
|
+
/**
|
|
14
|
+
* Set model-level access defaults for a user
|
|
15
|
+
*/ export async function setModelAccessDefaults(params, db) {
|
|
16
|
+
const { ownerDID, modelID, permissionType, accessLevel, allowedDIDs } = params;
|
|
17
|
+
// Validate DIDs if provided
|
|
18
|
+
if (allowedDIDs && allowedDIDs.length > 0) {
|
|
19
|
+
validateDIDs(allowedDIDs);
|
|
20
|
+
}
|
|
21
|
+
// Validate access level for permission type
|
|
22
|
+
const validLevels = {
|
|
23
|
+
read: [
|
|
24
|
+
'only_owner',
|
|
25
|
+
'anyone',
|
|
26
|
+
'allowed_dids'
|
|
27
|
+
],
|
|
28
|
+
write: [
|
|
29
|
+
'only_owner',
|
|
30
|
+
'allowed_dids'
|
|
31
|
+
]
|
|
32
|
+
};
|
|
33
|
+
if (!validLevels[permissionType].includes(accessLevel)) {
|
|
34
|
+
throw new Error(`Invalid access level "${accessLevel}" for permission type "${permissionType}"`);
|
|
35
|
+
}
|
|
36
|
+
await db.setUserModelAccessDefault({
|
|
37
|
+
ownerDID,
|
|
38
|
+
modelID,
|
|
39
|
+
permissionType,
|
|
40
|
+
accessLevel,
|
|
41
|
+
allowedDIDs
|
|
42
|
+
});
|
|
43
|
+
}
|
|
44
|
+
/**
|
|
45
|
+
* Remove model-level access defaults for a user
|
|
46
|
+
*/ export async function removeModelAccessDefaults(params, db) {
|
|
47
|
+
const { ownerDID, modelID, permissionTypes } = params;
|
|
48
|
+
await db.removeUserModelAccessDefaults(ownerDID, modelID, permissionTypes);
|
|
49
|
+
}
|
|
50
|
+
/**
|
|
51
|
+
* Set document-level access override
|
|
52
|
+
*/ export async function setDocumentAccessOverride(params, db) {
|
|
53
|
+
const { documentID, permissionType, accessLevel, allowedDIDs } = params;
|
|
54
|
+
// Validate DIDs if provided
|
|
55
|
+
if (allowedDIDs && allowedDIDs.length > 0) {
|
|
56
|
+
validateDIDs(allowedDIDs);
|
|
57
|
+
}
|
|
58
|
+
// Get the document
|
|
59
|
+
const docID = DocumentID.fromString(documentID);
|
|
60
|
+
const doc = await db.getDocument(docID);
|
|
61
|
+
if (!doc) {
|
|
62
|
+
throw new Error(`Document not found: ${documentID}`);
|
|
63
|
+
}
|
|
64
|
+
// Preserve existing permissions
|
|
65
|
+
const existingPerms = doc.data?.accessPermissions || {};
|
|
66
|
+
// Update the specific permission type
|
|
67
|
+
const updatedPerms = {
|
|
68
|
+
...existingPerms,
|
|
69
|
+
[permissionType]: {
|
|
70
|
+
level: accessLevel,
|
|
71
|
+
allowedDIDs
|
|
72
|
+
}
|
|
73
|
+
};
|
|
74
|
+
// Update the document with new access permissions
|
|
75
|
+
await db.saveDocument({
|
|
76
|
+
id: docID,
|
|
77
|
+
data: {
|
|
78
|
+
...doc.data,
|
|
79
|
+
accessPermissions: updatedPerms
|
|
80
|
+
},
|
|
81
|
+
state: null,
|
|
82
|
+
existing: doc
|
|
83
|
+
});
|
|
84
|
+
}
|
|
85
|
+
/**
|
|
86
|
+
* Remove document-level access override
|
|
87
|
+
*/ export async function removeDocumentAccessOverride(params, db) {
|
|
88
|
+
const { documentID, permissionTypes } = params;
|
|
89
|
+
// Get the document
|
|
90
|
+
const docID = DocumentID.fromString(documentID);
|
|
91
|
+
const doc = await db.getDocument(docID);
|
|
92
|
+
if (!doc) {
|
|
93
|
+
// Silently return if document doesn't exist
|
|
94
|
+
return;
|
|
95
|
+
}
|
|
96
|
+
// Preserve existing permissions, removing specified types
|
|
97
|
+
const existingPerms = doc.data?.accessPermissions || {};
|
|
98
|
+
const updatedPerms = {
|
|
99
|
+
...existingPerms
|
|
100
|
+
};
|
|
101
|
+
for (const permType of permissionTypes){
|
|
102
|
+
delete updatedPerms[permType];
|
|
103
|
+
}
|
|
104
|
+
// Update the document with updated access permissions
|
|
105
|
+
await db.saveDocument({
|
|
106
|
+
id: docID,
|
|
107
|
+
data: {
|
|
108
|
+
...doc.data,
|
|
109
|
+
accessPermissions: Object.keys(updatedPerms).length > 0 ? updatedPerms : undefined
|
|
110
|
+
},
|
|
111
|
+
state: null,
|
|
112
|
+
existing: doc
|
|
113
|
+
});
|
|
114
|
+
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"graph.d.ts","sourceRoot":"","sources":["../../src/handlers/graph.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAA;AAKvD,OAAO,KAAK,
|
|
1
|
+
{"version":3,"file":"graph.d.ts","sourceRoot":"","sources":["../../src/handlers/graph.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAA;AAKvD,OAAO,KAAK,EAIV,aAAa,EACd,MAAM,iBAAiB,CAAA;AAexB,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAA;AAUtD,wBAAgB,cAAc,CAC5B,cAAc,EAAE,oBAAoB,GACnC,iBAAiB,CAAC,aAAa,CAAC,CAqKlC"}
|
package/lib/handlers/graph.js
CHANGED
|
@@ -31,7 +31,10 @@ export function createHandlers(handlersParams) {
|
|
|
31
31
|
logger.debug('cached model for graph {id}', {
|
|
32
32
|
id
|
|
33
33
|
});
|
|
34
|
-
return
|
|
34
|
+
return {
|
|
35
|
+
record: graph.record,
|
|
36
|
+
aliases: graph.aliases
|
|
37
|
+
};
|
|
35
38
|
});
|
|
36
39
|
}
|
|
37
40
|
return await graphModels[id];
|
|
@@ -39,8 +42,8 @@ export function createHandlers(handlersParams) {
|
|
|
39
42
|
const schemas = {};
|
|
40
43
|
async function getGraphQLSchema(id) {
|
|
41
44
|
if (schemas[id] == null) {
|
|
42
|
-
schemas[id] = getGraphModels(id).then((
|
|
43
|
-
const schema = createSchema(
|
|
45
|
+
schemas[id] = getGraphModels(id).then((model)=>{
|
|
46
|
+
const schema = createSchema(model);
|
|
44
47
|
logger.debug('cached schema for graph {id}', {
|
|
45
48
|
id
|
|
46
49
|
});
|
|
@@ -72,7 +75,7 @@ export function createHandlers(handlersParams) {
|
|
|
72
75
|
});
|
|
73
76
|
return {
|
|
74
77
|
id,
|
|
75
|
-
|
|
78
|
+
...model.toJSON()
|
|
76
79
|
};
|
|
77
80
|
},
|
|
78
81
|
'graph/list': async ()=>{
|
|
@@ -85,9 +88,7 @@ export function createHandlers(handlersParams) {
|
|
|
85
88
|
};
|
|
86
89
|
},
|
|
87
90
|
'graph/load': async (ctx)=>{
|
|
88
|
-
return
|
|
89
|
-
models: await getGraphModels(ctx.param.id)
|
|
90
|
-
};
|
|
91
|
+
return await getGraphModels(ctx.param.id);
|
|
91
92
|
},
|
|
92
93
|
'graph/mutate': async (ctx)=>{
|
|
93
94
|
const attachments = Object.entries(ctx.param.attachments ?? {}).map(([key, value])=>{
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@kubun/server",
|
|
3
|
-
"version": "0.4.
|
|
3
|
+
"version": "0.4.3",
|
|
4
4
|
"license": "see LICENSE.md",
|
|
5
5
|
"keywords": [],
|
|
6
6
|
"type": "module",
|
|
@@ -24,12 +24,12 @@
|
|
|
24
24
|
"@enkaku/token": "0.12.3",
|
|
25
25
|
"@enkaku/transport": "0.12.0",
|
|
26
26
|
"graphql": "^16.12.0",
|
|
27
|
-
"@kubun/client": "^0.4.
|
|
28
|
-
"@kubun/db": "^0.4.0",
|
|
27
|
+
"@kubun/client": "^0.4.1",
|
|
29
28
|
"@kubun/mutation": "^0.4.0",
|
|
30
|
-
"@kubun/
|
|
31
|
-
"@kubun/graphql": "^0.4.4",
|
|
29
|
+
"@kubun/graphql": "^0.4.5",
|
|
32
30
|
"@kubun/logger": "^0.4.0",
|
|
31
|
+
"@kubun/protocol": "^0.4.1",
|
|
32
|
+
"@kubun/db": "^0.4.0",
|
|
33
33
|
"@kubun/id": "^0.4.0"
|
|
34
34
|
},
|
|
35
35
|
"devDependencies": {
|