@lightdash/common 0.1936.2 → 0.1937.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/authorization/index.d.ts +8 -4
- package/dist/cjs/authorization/index.d.ts.map +1 -1
- package/dist/cjs/authorization/index.js +26 -3
- package/dist/cjs/authorization/index.js.map +1 -1
- package/dist/cjs/authorization/index.mock.d.ts +2 -0
- package/dist/cjs/authorization/index.mock.d.ts.map +1 -1
- package/dist/cjs/authorization/index.mock.js +2 -0
- package/dist/cjs/authorization/index.mock.js.map +1 -1
- package/dist/cjs/authorization/organizationMemberAbility.mock.d.ts.map +1 -1
- package/dist/cjs/authorization/organizationMemberAbility.mock.js +1 -0
- package/dist/cjs/authorization/organizationMemberAbility.mock.js.map +1 -1
- package/dist/cjs/authorization/parseScopes.d.ts +3 -2
- package/dist/cjs/authorization/parseScopes.d.ts.map +1 -1
- package/dist/cjs/authorization/parseScopes.js +17 -8
- package/dist/cjs/authorization/parseScopes.js.map +1 -1
- package/dist/cjs/authorization/parseScopes.test.js +9 -14
- package/dist/cjs/authorization/parseScopes.test.js.map +1 -1
- package/dist/cjs/authorization/projectMemberAbility.mock.d.ts.map +1 -1
- package/dist/cjs/authorization/projectMemberAbility.mock.js +1 -0
- package/dist/cjs/authorization/projectMemberAbility.mock.js.map +1 -1
- package/dist/cjs/authorization/roleToScopeMapping.d.ts +19 -0
- package/dist/cjs/authorization/roleToScopeMapping.d.ts.map +1 -0
- package/dist/cjs/authorization/roleToScopeMapping.js +163 -0
- package/dist/cjs/authorization/roleToScopeMapping.js.map +1 -0
- package/dist/cjs/authorization/roleToScopeMapping.test.d.ts +2 -0
- package/dist/cjs/authorization/roleToScopeMapping.test.d.ts.map +1 -0
- package/dist/cjs/authorization/roleToScopeMapping.test.js +549 -0
- package/dist/cjs/authorization/roleToScopeMapping.test.js.map +1 -0
- package/dist/cjs/authorization/roleToScopeMapping.testUtils.d.ts +1393 -0
- package/dist/cjs/authorization/roleToScopeMapping.testUtils.d.ts.map +1 -0
- package/dist/cjs/authorization/roleToScopeMapping.testUtils.js +329 -0
- package/dist/cjs/authorization/roleToScopeMapping.testUtils.js.map +1 -0
- package/dist/cjs/authorization/scopeAbilityBuilder.d.ts +14 -8
- package/dist/cjs/authorization/scopeAbilityBuilder.d.ts.map +1 -1
- package/dist/cjs/authorization/scopeAbilityBuilder.js +7 -7
- package/dist/cjs/authorization/scopeAbilityBuilder.js.map +1 -1
- package/dist/cjs/authorization/scopeAbilityBuilder.test.js +258 -185
- package/dist/cjs/authorization/scopeAbilityBuilder.test.js.map +1 -1
- package/dist/cjs/authorization/scopes.d.ts.map +1 -1
- package/dist/cjs/authorization/scopes.js +132 -187
- package/dist/cjs/authorization/scopes.js.map +1 -1
- package/dist/cjs/ee/AiAgent/schemas/tools/index.d.ts +1 -0
- package/dist/cjs/ee/AiAgent/schemas/tools/index.d.ts.map +1 -1
- package/dist/cjs/ee/AiAgent/schemas/tools/index.js +1 -0
- package/dist/cjs/ee/AiAgent/schemas/tools/index.js.map +1 -1
- package/dist/cjs/ee/AiAgent/schemas/tools/toolSearchFieldValuesArgs.d.ts +2845 -0
- package/dist/cjs/ee/AiAgent/schemas/tools/toolSearchFieldValuesArgs.d.ts.map +1 -0
- package/dist/cjs/ee/AiAgent/schemas/tools/toolSearchFieldValuesArgs.js +41 -0
- package/dist/cjs/ee/AiAgent/schemas/tools/toolSearchFieldValuesArgs.js.map +1 -0
- package/dist/cjs/types/organizationMemberProfile.d.ts +1 -0
- package/dist/cjs/types/organizationMemberProfile.d.ts.map +1 -1
- package/dist/cjs/types/organizationMemberProfile.js.map +1 -1
- package/dist/cjs/types/projectMemberProfile.d.ts +1 -0
- package/dist/cjs/types/projectMemberProfile.d.ts.map +1 -1
- package/dist/cjs/types/scopes.d.ts +19 -9
- package/dist/cjs/types/scopes.d.ts.map +1 -1
- package/dist/cjs/types/search.d.ts +20 -0
- package/dist/cjs/types/search.d.ts.map +1 -1
- package/dist/cjs/types/search.js.map +1 -1
- package/dist/cjs/types/user.d.ts +1 -0
- package/dist/cjs/types/user.d.ts.map +1 -1
- package/dist/cjs/types/user.js.map +1 -1
- package/dist/esm/authorization/index.d.ts +8 -4
- package/dist/esm/authorization/index.d.ts.map +1 -1
- package/dist/esm/authorization/index.js +26 -3
- package/dist/esm/authorization/index.js.map +1 -1
- package/dist/esm/authorization/index.mock.d.ts +2 -0
- package/dist/esm/authorization/index.mock.d.ts.map +1 -1
- package/dist/esm/authorization/index.mock.js +2 -0
- package/dist/esm/authorization/index.mock.js.map +1 -1
- package/dist/esm/authorization/organizationMemberAbility.mock.d.ts.map +1 -1
- package/dist/esm/authorization/organizationMemberAbility.mock.js +1 -0
- package/dist/esm/authorization/organizationMemberAbility.mock.js.map +1 -1
- package/dist/esm/authorization/parseScopes.d.ts +3 -2
- package/dist/esm/authorization/parseScopes.d.ts.map +1 -1
- package/dist/esm/authorization/parseScopes.js +15 -7
- package/dist/esm/authorization/parseScopes.js.map +1 -1
- package/dist/esm/authorization/parseScopes.test.js +9 -14
- package/dist/esm/authorization/parseScopes.test.js.map +1 -1
- package/dist/esm/authorization/projectMemberAbility.mock.d.ts.map +1 -1
- package/dist/esm/authorization/projectMemberAbility.mock.js +1 -0
- package/dist/esm/authorization/projectMemberAbility.mock.js.map +1 -1
- package/dist/esm/authorization/roleToScopeMapping.d.ts +19 -0
- package/dist/esm/authorization/roleToScopeMapping.d.ts.map +1 -0
- package/dist/esm/authorization/roleToScopeMapping.js +157 -0
- package/dist/esm/authorization/roleToScopeMapping.js.map +1 -0
- package/dist/esm/authorization/roleToScopeMapping.test.d.ts +2 -0
- package/dist/esm/authorization/roleToScopeMapping.test.d.ts.map +1 -0
- package/dist/esm/authorization/roleToScopeMapping.test.js +547 -0
- package/dist/esm/authorization/roleToScopeMapping.test.js.map +1 -0
- package/dist/esm/authorization/roleToScopeMapping.testUtils.d.ts +1393 -0
- package/dist/esm/authorization/roleToScopeMapping.testUtils.d.ts.map +1 -0
- package/dist/esm/authorization/roleToScopeMapping.testUtils.js +319 -0
- package/dist/esm/authorization/roleToScopeMapping.testUtils.js.map +1 -0
- package/dist/esm/authorization/scopeAbilityBuilder.d.ts +14 -8
- package/dist/esm/authorization/scopeAbilityBuilder.d.ts.map +1 -1
- package/dist/esm/authorization/scopeAbilityBuilder.js +7 -7
- package/dist/esm/authorization/scopeAbilityBuilder.js.map +1 -1
- package/dist/esm/authorization/scopeAbilityBuilder.test.js +259 -186
- package/dist/esm/authorization/scopeAbilityBuilder.test.js.map +1 -1
- package/dist/esm/authorization/scopes.d.ts.map +1 -1
- package/dist/esm/authorization/scopes.js +132 -187
- package/dist/esm/authorization/scopes.js.map +1 -1
- package/dist/esm/ee/AiAgent/schemas/tools/index.d.ts +1 -0
- package/dist/esm/ee/AiAgent/schemas/tools/index.d.ts.map +1 -1
- package/dist/esm/ee/AiAgent/schemas/tools/index.js +1 -0
- package/dist/esm/ee/AiAgent/schemas/tools/index.js.map +1 -1
- package/dist/esm/ee/AiAgent/schemas/tools/toolSearchFieldValuesArgs.d.ts +2845 -0
- package/dist/esm/ee/AiAgent/schemas/tools/toolSearchFieldValuesArgs.d.ts.map +1 -0
- package/dist/esm/ee/AiAgent/schemas/tools/toolSearchFieldValuesArgs.js +38 -0
- package/dist/esm/ee/AiAgent/schemas/tools/toolSearchFieldValuesArgs.js.map +1 -0
- package/dist/esm/types/organizationMemberProfile.d.ts +1 -0
- package/dist/esm/types/organizationMemberProfile.d.ts.map +1 -1
- package/dist/esm/types/organizationMemberProfile.js.map +1 -1
- package/dist/esm/types/projectMemberProfile.d.ts +1 -0
- package/dist/esm/types/projectMemberProfile.d.ts.map +1 -1
- package/dist/esm/types/scopes.d.ts +19 -9
- package/dist/esm/types/scopes.d.ts.map +1 -1
- package/dist/esm/types/search.d.ts +20 -0
- package/dist/esm/types/search.d.ts.map +1 -1
- package/dist/esm/types/search.js.map +1 -1
- package/dist/esm/types/user.d.ts +1 -0
- package/dist/esm/types/user.d.ts.map +1 -1
- package/dist/esm/types/user.js.map +1 -1
- package/dist/tsconfig.types.tsbuildinfo +1 -1
- package/dist/types/authorization/index.d.ts +8 -4
- package/dist/types/authorization/index.d.ts.map +1 -1
- package/dist/types/authorization/index.mock.d.ts +2 -0
- package/dist/types/authorization/index.mock.d.ts.map +1 -1
- package/dist/types/authorization/organizationMemberAbility.mock.d.ts.map +1 -1
- package/dist/types/authorization/parseScopes.d.ts +3 -2
- package/dist/types/authorization/parseScopes.d.ts.map +1 -1
- package/dist/types/authorization/projectMemberAbility.mock.d.ts.map +1 -1
- package/dist/types/authorization/roleToScopeMapping.d.ts +19 -0
- package/dist/types/authorization/roleToScopeMapping.d.ts.map +1 -0
- package/dist/types/authorization/roleToScopeMapping.test.d.ts +2 -0
- package/dist/types/authorization/roleToScopeMapping.test.d.ts.map +1 -0
- package/dist/types/authorization/roleToScopeMapping.testUtils.d.ts +1393 -0
- package/dist/types/authorization/roleToScopeMapping.testUtils.d.ts.map +1 -0
- package/dist/types/authorization/scopeAbilityBuilder.d.ts +14 -8
- package/dist/types/authorization/scopeAbilityBuilder.d.ts.map +1 -1
- package/dist/types/authorization/scopes.d.ts.map +1 -1
- package/dist/types/ee/AiAgent/schemas/tools/index.d.ts +1 -0
- package/dist/types/ee/AiAgent/schemas/tools/index.d.ts.map +1 -1
- package/dist/types/ee/AiAgent/schemas/tools/toolSearchFieldValuesArgs.d.ts +2845 -0
- package/dist/types/ee/AiAgent/schemas/tools/toolSearchFieldValuesArgs.d.ts.map +1 -0
- package/dist/types/types/organizationMemberProfile.d.ts +1 -0
- package/dist/types/types/organizationMemberProfile.d.ts.map +1 -1
- package/dist/types/types/projectMemberProfile.d.ts +1 -0
- package/dist/types/types/projectMemberProfile.d.ts.map +1 -1
- package/dist/types/types/scopes.d.ts +19 -9
- package/dist/types/types/scopes.d.ts.map +1 -1
- package/dist/types/types/search.d.ts +20 -0
- package/dist/types/types/search.d.ts.map +1 -1
- package/dist/types/types/user.d.ts +1 -0
- package/dist/types/types/user.d.ts.map +1 -1
- package/package.json +1 -1
|
@@ -1,18 +1,22 @@
|
|
|
1
1
|
import { AbilityBuilder } from '@casl/ability';
|
|
2
2
|
import { type ProjectMemberProfile } from '../types/projectMemberProfile';
|
|
3
|
+
import { type Role, type RoleWithScopes } from '../types/roles';
|
|
3
4
|
import { type LightdashUser } from '../types/user';
|
|
4
5
|
import { type OrganizationMemberAbilitiesArgs } from './organizationMemberAbility';
|
|
5
6
|
import { type MemberAbility } from './types';
|
|
6
7
|
type UserAbilityBuilderArgs = {
|
|
7
|
-
user: Pick<LightdashUser, 'role' | 'organizationUuid' | 'userUuid'>;
|
|
8
|
-
projectProfiles: Pick<ProjectMemberProfile, 'projectUuid' | 'role' | 'userUuid'>[];
|
|
8
|
+
user: Pick<LightdashUser, 'role' | 'organizationUuid' | 'userUuid' | 'roleUuid'>;
|
|
9
|
+
projectProfiles: Pick<ProjectMemberProfile, 'projectUuid' | 'role' | 'userUuid' | 'roleUuid'>[];
|
|
9
10
|
permissionsConfig: OrganizationMemberAbilitiesArgs['permissionsConfig'];
|
|
11
|
+
customRoleScopes?: Record<Role['roleUuid'], RoleWithScopes['scopes']>;
|
|
12
|
+
customRolesEnabled?: boolean;
|
|
13
|
+
isEnterprise?: boolean;
|
|
10
14
|
};
|
|
11
15
|
export * from './buildAccountHelpers';
|
|
12
16
|
export * from './jwtAbility';
|
|
13
17
|
export * from './parseAccount';
|
|
14
18
|
export * from './serviceAccountAbility';
|
|
15
19
|
export declare const JWT_HEADER_NAME = "lightdash-embed-token";
|
|
16
|
-
export declare const getUserAbilityBuilder: ({ user, projectProfiles, permissionsConfig, }: UserAbilityBuilderArgs) => AbilityBuilder<MemberAbility>;
|
|
17
|
-
export declare const defineUserAbility: (user: Pick<LightdashUser, "role" | "organizationUuid" | "userUuid">, projectProfiles: Pick<ProjectMemberProfile, "projectUuid" | "role" | "userUuid">[]) => MemberAbility;
|
|
20
|
+
export declare const getUserAbilityBuilder: ({ user, projectProfiles, permissionsConfig, customRoleScopes, customRolesEnabled, isEnterprise, }: UserAbilityBuilderArgs) => AbilityBuilder<MemberAbility>;
|
|
21
|
+
export declare const defineUserAbility: (user: Pick<LightdashUser, "role" | "organizationUuid" | "userUuid" | "roleUuid">, projectProfiles: Pick<ProjectMemberProfile, "projectUuid" | "role" | "userUuid" | "roleUuid">[], customRoleScopes?: Record<Role["roleUuid"], RoleWithScopes["scopes"]>) => MemberAbility;
|
|
18
22
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/authorization/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAW,cAAc,EAAE,MAAM,eAAe,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/authorization/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAW,cAAc,EAAE,MAAM,eAAe,CAAC;AAExD,OAAO,EAAE,KAAK,oBAAoB,EAAE,MAAM,+BAA+B,CAAC;AAC1E,OAAO,EAAE,KAAK,IAAI,EAAE,KAAK,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChE,OAAO,EAAE,KAAK,aAAa,EAAE,MAAM,eAAe,CAAC;AACnD,OAAyC,EACrC,KAAK,+BAA+B,EACvC,MAAM,6BAA6B,CAAC;AAGrC,OAAO,EAAE,KAAK,aAAa,EAAE,MAAM,SAAS,CAAC;AAE7C,KAAK,sBAAsB,GAAG;IAC1B,IAAI,EAAE,IAAI,CACN,aAAa,EACb,MAAM,GAAG,kBAAkB,GAAG,UAAU,GAAG,UAAU,CACxD,CAAC;IACF,eAAe,EAAE,IAAI,CACjB,oBAAoB,EACpB,aAAa,GAAG,MAAM,GAAG,UAAU,GAAG,UAAU,CACnD,EAAE,CAAC;IACJ,iBAAiB,EAAE,+BAA+B,CAAC,mBAAmB,CAAC,CAAC;IACxE,gBAAgB,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC;IACtE,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,YAAY,CAAC,EAAE,OAAO,CAAC;CAC1B,CAAC;AAEF,cAAc,uBAAuB,CAAC;AACtC,cAAc,cAAc,CAAC;AAC7B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,yBAAyB,CAAC;AAExC,eAAO,MAAM,eAAe,0BAA0B,CAAC;AAEvD,eAAO,MAAM,qBAAqB,sGAO/B,sBAAsB,kCAgDxB,CAAC;AAGF,eAAO,MAAM,iBAAiB,SACpB,IAAI,CACN,aAAa,EACb,MAAM,GAAG,kBAAkB,GAAG,UAAU,GAAG,UAAU,CACxD,mBACgB,IAAI,CACjB,oBAAoB,EACpB,aAAa,GAAG,MAAM,GAAG,UAAU,GAAG,UAAU,CACnD,EAAE,qBACgB,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,cAAc,CAAC,QAAQ,CAAC,CAAC,KACtE,aAaF,CAAC"}
|
|
@@ -3,16 +3,19 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.defineUserAbility = exports.getUserAbilityBuilder = exports.JWT_HEADER_NAME = void 0;
|
|
4
4
|
const tslib_1 = require("tslib");
|
|
5
5
|
const ability_1 = require("@casl/ability");
|
|
6
|
+
const errors_1 = require("../types/errors");
|
|
6
7
|
const organizationMemberAbility_1 = tslib_1.__importDefault(require("./organizationMemberAbility"));
|
|
7
8
|
const projectMemberAbility_1 = require("./projectMemberAbility");
|
|
9
|
+
const scopeAbilityBuilder_1 = require("./scopeAbilityBuilder");
|
|
8
10
|
tslib_1.__exportStar(require("./buildAccountHelpers"), exports);
|
|
9
11
|
tslib_1.__exportStar(require("./jwtAbility"), exports);
|
|
10
12
|
tslib_1.__exportStar(require("./parseAccount"), exports);
|
|
11
13
|
tslib_1.__exportStar(require("./serviceAccountAbility"), exports);
|
|
12
14
|
exports.JWT_HEADER_NAME = 'lightdash-embed-token';
|
|
13
|
-
const getUserAbilityBuilder = ({ user, projectProfiles, permissionsConfig, }) => {
|
|
15
|
+
const getUserAbilityBuilder = ({ user, projectProfiles, permissionsConfig, customRoleScopes, customRolesEnabled, isEnterprise, }) => {
|
|
14
16
|
const builder = new ability_1.AbilityBuilder(ability_1.Ability);
|
|
15
17
|
if (user.role && user.organizationUuid) {
|
|
18
|
+
// TODO custom roles at organization level are not supported yet
|
|
16
19
|
(0, organizationMemberAbility_1.default)({
|
|
17
20
|
role: user.role,
|
|
18
21
|
member: {
|
|
@@ -23,14 +26,33 @@ const getUserAbilityBuilder = ({ user, projectProfiles, permissionsConfig, }) =>
|
|
|
23
26
|
permissionsConfig,
|
|
24
27
|
});
|
|
25
28
|
projectProfiles.forEach((projectProfile) => {
|
|
26
|
-
|
|
29
|
+
if (projectProfile.roleUuid && customRolesEnabled) {
|
|
30
|
+
const scopes = customRoleScopes?.[projectProfile.roleUuid];
|
|
31
|
+
if (!scopes) {
|
|
32
|
+
throw new errors_1.NotFoundError(`Custom role with uuid ${user.roleUuid} was not found`);
|
|
33
|
+
}
|
|
34
|
+
if (!user.organizationUuid) {
|
|
35
|
+
throw new errors_1.NotFoundError(`Organization with uuid ${user.organizationUuid} was not found`);
|
|
36
|
+
}
|
|
37
|
+
(0, scopeAbilityBuilder_1.buildAbilityFromScopes)({
|
|
38
|
+
projectUuid: projectProfile.projectUuid,
|
|
39
|
+
userUuid: user.userUuid,
|
|
40
|
+
scopes,
|
|
41
|
+
isEnterprise,
|
|
42
|
+
organizationRole: user.role,
|
|
43
|
+
permissionsConfig,
|
|
44
|
+
}, builder);
|
|
45
|
+
}
|
|
46
|
+
else {
|
|
47
|
+
projectMemberAbility_1.projectMemberAbilities[projectProfile.role](projectProfile, builder);
|
|
48
|
+
}
|
|
27
49
|
});
|
|
28
50
|
}
|
|
29
51
|
return builder;
|
|
30
52
|
};
|
|
31
53
|
exports.getUserAbilityBuilder = getUserAbilityBuilder;
|
|
32
54
|
// Defines user ability for test purposes
|
|
33
|
-
const defineUserAbility = (user, projectProfiles) => {
|
|
55
|
+
const defineUserAbility = (user, projectProfiles, customRoleScopes) => {
|
|
34
56
|
const builder = (0, exports.getUserAbilityBuilder)({
|
|
35
57
|
user,
|
|
36
58
|
projectProfiles,
|
|
@@ -40,6 +62,7 @@ const defineUserAbility = (user, projectProfiles) => {
|
|
|
40
62
|
allowedOrgRoles: [],
|
|
41
63
|
},
|
|
42
64
|
},
|
|
65
|
+
customRoleScopes,
|
|
43
66
|
});
|
|
44
67
|
return builder.build();
|
|
45
68
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/authorization/index.ts"],"names":[],"mappings":";;;;AAAA,2CAAwD;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/authorization/index.ts"],"names":[],"mappings":";;;;AAAA,2CAAwD;AACxD,4CAAgD;AAIhD,oGAEqC;AACrC,iEAAgE;AAChE,+DAA+D;AAkB/D,gEAAsC;AACtC,uDAA6B;AAC7B,yDAA+B;AAC/B,kEAAwC;AAE3B,QAAA,eAAe,GAAG,uBAAuB,CAAC;AAEhD,MAAM,qBAAqB,GAAG,CAAC,EAClC,IAAI,EACJ,eAAe,EACf,iBAAiB,EACjB,gBAAgB,EAChB,kBAAkB,EAClB,YAAY,GACS,EAAE,EAAE;IACzB,MAAM,OAAO,GAAG,IAAI,wBAAc,CAAgB,iBAAO,CAAC,CAAC;IAC3D,IAAI,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACrC,gEAAgE;QAChE,IAAA,mCAAgC,EAAC;YAC7B,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,MAAM,EAAE;gBACJ,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;gBACvC,QAAQ,EAAE,IAAI,CAAC,QAAQ;aAC1B;YACD,OAAO;YACP,iBAAiB;SACpB,CAAC,CAAC;QAEH,eAAe,CAAC,OAAO,CAAC,CAAC,cAAc,EAAE,EAAE;YACvC,IAAI,cAAc,CAAC,QAAQ,IAAI,kBAAkB,EAAE,CAAC;gBAChD,MAAM,MAAM,GAAG,gBAAgB,EAAE,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;gBAC3D,IAAI,CAAC,MAAM,EAAE,CAAC;oBACV,MAAM,IAAI,sBAAa,CACnB,yBAAyB,IAAI,CAAC,QAAQ,gBAAgB,CACzD,CAAC;gBACN,CAAC;gBAED,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAAC;oBACzB,MAAM,IAAI,sBAAa,CACnB,0BAA0B,IAAI,CAAC,gBAAgB,gBAAgB,CAClE,CAAC;gBACN,CAAC;gBACD,IAAA,4CAAsB,EAClB;oBACI,WAAW,EAAE,cAAc,CAAC,WAAW;oBACvC,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,MAAM;oBACN,YAAY;oBACZ,gBAAgB,EAAE,IAAI,CAAC,IAAI;oBAC3B,iBAAiB;iBACpB,EACD,OAAO,CACV,CAAC;YACN,CAAC;iBAAM,CAAC;gBACJ,6CAAsB,CAAC,cAAc,CAAC,IAAI,CAAC,CACvC,cAAc,EACd,OAAO,CACV,CAAC;YACN,CAAC;QACL,CAAC,CAAC,CAAC;IACP,CAAC;IACD,OAAO,OAAO,CAAC;AACnB,CAAC,CAAC;AAvDW,QAAA,qBAAqB,yBAuDhC;AAEF,yCAAyC;AAClC,MAAM,iBAAiB,GAAG,CAC7B,IAGC,EACD,eAGG,EACH,gBAAqE,EACxD,EAAE;IACf,MAAM,OAAO,GAAG,IAAA,6BAAqB,EAAC;QAClC,IAAI;QACJ,eAAe;QACf,iBAAiB,EAAE;YACf,GAAG,EAAE;gBACD,OAAO,EAAE,KAAK;gBACd,eAAe,EAAE,EAAE;aACtB;SACJ;QACD,gBAAgB;KACnB,CAAC,CAAC;IACH,OAAO,OAAO,CAAC,KAAK,EAAE,CAAC;AAC3B,CAAC,CAAC;AAvBW,QAAA,iBAAiB,qBAuB5B"}
|
|
@@ -15,6 +15,7 @@ export declare const adminOrgProfile: {
|
|
|
15
15
|
firstName: string;
|
|
16
16
|
lastName: string;
|
|
17
17
|
email: string;
|
|
18
|
+
roleUuid: string | undefined;
|
|
18
19
|
isActive: boolean;
|
|
19
20
|
isInviteExpired?: boolean;
|
|
20
21
|
isPending?: boolean;
|
|
@@ -23,6 +24,7 @@ export declare const adminProjectProfile: {
|
|
|
23
24
|
role: ProjectMemberRole;
|
|
24
25
|
projectUuid: string;
|
|
25
26
|
userUuid: string;
|
|
27
|
+
roleUuid: string | undefined;
|
|
26
28
|
email: string;
|
|
27
29
|
firstName: string;
|
|
28
30
|
lastName: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.mock.d.ts","sourceRoot":"","sources":["../../../src/authorization/index.mock.ts"],"names":[],"mappings":"AAAA,OAAO,EACH,sBAAsB,EACtB,KAAK,yBAAyB,EACjC,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EAAE,KAAK,oBAAoB,EAAE,MAAM,+BAA+B,CAAC;AAC1E,OAAO,EAAE,iBAAiB,EAAE,MAAM,4BAA4B,CAAC;AAE/D,eAAO,MAAM,cAAc;;CAE1B,CAAC;AACF,eAAO,MAAM,UAAU,EAAE,
|
|
1
|
+
{"version":3,"file":"index.mock.d.ts","sourceRoot":"","sources":["../../../src/authorization/index.mock.ts"],"names":[],"mappings":"AAAA,OAAO,EACH,sBAAsB,EACtB,KAAK,yBAAyB,EACjC,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EAAE,KAAK,oBAAoB,EAAE,MAAM,+BAA+B,CAAC;AAC1E,OAAO,EAAE,iBAAiB,EAAE,MAAM,4BAA4B,CAAC;AAE/D,eAAO,MAAM,cAAc;;CAE1B,CAAC;AACF,eAAO,MAAM,UAAU,EAAE,yBAWxB,CAAC;AACF,eAAO,MAAM,cAAc,EAAE,oBAQ5B,CAAC;AAEF,eAAO,MAAM,eAAe;;;;;;;;;;;;;CAI3B,CAAC;AAEF,eAAO,MAAM,mBAAmB;;;;;;;;CAI/B,CAAC;AAEF,eAAO,MAAM,UAAU;;;;CAItB,CAAC"}
|
|
@@ -9,6 +9,7 @@ exports.userWithoutOrg = {
|
|
|
9
9
|
exports.orgProfile = {
|
|
10
10
|
userUuid: 'user-uuid-1234',
|
|
11
11
|
role: organizationMemberProfile_1.OrganizationMemberRole.VIEWER,
|
|
12
|
+
roleUuid: undefined,
|
|
12
13
|
email: '',
|
|
13
14
|
firstName: '',
|
|
14
15
|
lastName: '',
|
|
@@ -21,6 +22,7 @@ exports.projectProfile = {
|
|
|
21
22
|
userUuid: 'user-uuid-1234',
|
|
22
23
|
role: projectMemberRole_1.ProjectMemberRole.VIEWER,
|
|
23
24
|
projectUuid: 'project-uuid-view',
|
|
25
|
+
roleUuid: undefined,
|
|
24
26
|
email: '',
|
|
25
27
|
firstName: '',
|
|
26
28
|
lastName: '',
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.mock.js","sourceRoot":"","sources":["../../../src/authorization/index.mock.ts"],"names":[],"mappings":";;;AAAA,kFAG4C;AAE5C,kEAA+D;AAElD,QAAA,cAAc,GAAG;IAC1B,QAAQ,EAAE,gBAAgB;CAC7B,CAAC;AACW,QAAA,UAAU,GAA8B;IACjD,QAAQ,EAAE,gBAAgB;IAC1B,IAAI,EAAE,kDAAsB,CAAC,MAAM;IACnC,KAAK,EAAE,EAAE;IACT,SAAS,EAAE,EAAE;IACb,QAAQ,EAAE,EAAE;IACZ,gBAAgB,EAAE,wBAAwB;IAC1C,QAAQ,EAAE,IAAI;IACd,aAAa,EAAE,IAAI,IAAI,EAAE;IACzB,aAAa,EAAE,IAAI,IAAI,EAAE;CAC5B,CAAC;AACW,QAAA,cAAc,GAAyB;IAChD,QAAQ,EAAE,gBAAgB;IAC1B,IAAI,EAAE,qCAAiB,CAAC,MAAM;IAC9B,WAAW,EAAE,mBAAmB;IAChC,KAAK,EAAE,EAAE;IACT,SAAS,EAAE,EAAE;IACb,QAAQ,EAAE,EAAE;CACf,CAAC;AAEW,QAAA,eAAe,GAAG;IAC3B,GAAG,kBAAU;IACb,IAAI,EAAE,kDAAsB,CAAC,KAAK;IAClC,gBAAgB,EAAE,yBAAyB;CAC9C,CAAC;AAEW,QAAA,mBAAmB,GAAG;IAC/B,GAAG,sBAAc;IACjB,IAAI,EAAE,qCAAiB,CAAC,KAAK;IAC7B,WAAW,EAAE,oBAAoB;CACpC,CAAC;AAEW,QAAA,UAAU,GAAG;IACtB,gBAAgB,EAAE,kBAAU,CAAC,gBAAgB;IAC7C,WAAW,EAAE,sBAAc,CAAC,WAAW;IACvC,SAAS,EAAE,KAAK;CACnB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.mock.js","sourceRoot":"","sources":["../../../src/authorization/index.mock.ts"],"names":[],"mappings":";;;AAAA,kFAG4C;AAE5C,kEAA+D;AAElD,QAAA,cAAc,GAAG;IAC1B,QAAQ,EAAE,gBAAgB;CAC7B,CAAC;AACW,QAAA,UAAU,GAA8B;IACjD,QAAQ,EAAE,gBAAgB;IAC1B,IAAI,EAAE,kDAAsB,CAAC,MAAM;IACnC,QAAQ,EAAE,SAAS;IACnB,KAAK,EAAE,EAAE;IACT,SAAS,EAAE,EAAE;IACb,QAAQ,EAAE,EAAE;IACZ,gBAAgB,EAAE,wBAAwB;IAC1C,QAAQ,EAAE,IAAI;IACd,aAAa,EAAE,IAAI,IAAI,EAAE;IACzB,aAAa,EAAE,IAAI,IAAI,EAAE;CAC5B,CAAC;AACW,QAAA,cAAc,GAAyB;IAChD,QAAQ,EAAE,gBAAgB;IAC1B,IAAI,EAAE,qCAAiB,CAAC,MAAM;IAC9B,WAAW,EAAE,mBAAmB;IAChC,QAAQ,EAAE,SAAS;IACnB,KAAK,EAAE,EAAE;IACT,SAAS,EAAE,EAAE;IACb,QAAQ,EAAE,EAAE;CACf,CAAC;AAEW,QAAA,eAAe,GAAG;IAC3B,GAAG,kBAAU;IACb,IAAI,EAAE,kDAAsB,CAAC,KAAK;IAClC,gBAAgB,EAAE,yBAAyB;CAC9C,CAAC;AAEW,QAAA,mBAAmB,GAAG;IAC/B,GAAG,sBAAc;IACjB,IAAI,EAAE,qCAAiB,CAAC,KAAK;IAC7B,WAAW,EAAE,oBAAoB;CACpC,CAAC;AAEW,QAAA,UAAU,GAAG;IACtB,gBAAgB,EAAE,kBAAU,CAAC,gBAAgB;IAC7C,WAAW,EAAE,sBAAc,CAAC,WAAW;IACvC,SAAS,EAAE,KAAK;CACnB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"organizationMemberAbility.mock.d.ts","sourceRoot":"","sources":["../../../src/authorization/organizationMemberAbility.mock.ts"],"names":[],"mappings":"AAAA,OAAO,EAEH,KAAK,yBAAyB,EACjC,MAAM,oCAAoC,CAAC;AAE5C,eAAO,MAAM,mBAAmB,EAAE,
|
|
1
|
+
{"version":3,"file":"organizationMemberAbility.mock.d.ts","sourceRoot":"","sources":["../../../src/authorization/organizationMemberAbility.mock.ts"],"names":[],"mappings":"AAAA,OAAO,EAEH,KAAK,yBAAyB,EACjC,MAAM,oCAAoC,CAAC;AAE5C,eAAO,MAAM,mBAAmB,EAAE,yBAWjC,CAAC;AAEF,eAAO,MAAM,mBAAmB,EAAE,yBAGjC,CAAC;AACF,eAAO,MAAM,+BAA+B,EAAE,yBAG7C,CAAC;AACF,eAAO,MAAM,mBAAmB,EAAE,yBAGjC,CAAC;AACF,eAAO,MAAM,sBAAsB,EAAE,yBAGpC,CAAC;AAEF,eAAO,MAAM,kBAAkB,EAAE,yBAGhC,CAAC"}
|
|
@@ -6,6 +6,7 @@ exports.ORGANIZATION_MEMBER = {
|
|
|
6
6
|
userUuid: 'b264d83a-9000-426a-85ec-3f9c20f368ce', // when insert to space_user_access table, a dummy value like '123' will fail uuid format check
|
|
7
7
|
organizationUuid: '456',
|
|
8
8
|
role: organizationMemberProfile_1.OrganizationMemberRole.MEMBER,
|
|
9
|
+
roleUuid: undefined,
|
|
9
10
|
firstName: 'jane',
|
|
10
11
|
lastName: 'jackson',
|
|
11
12
|
email: 'jane@gmail.com',
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"organizationMemberAbility.mock.js","sourceRoot":"","sources":["../../../src/authorization/organizationMemberAbility.mock.ts"],"names":[],"mappings":";;;AAAA,kFAG4C;AAE/B,QAAA,mBAAmB,GAA8B;IAC1D,QAAQ,EAAE,sCAAsC,EAAE,+FAA+F;IACjJ,gBAAgB,EAAE,KAAK;IACvB,IAAI,EAAE,kDAAsB,CAAC,MAAM;IACnC,SAAS,EAAE,MAAM;IACjB,QAAQ,EAAE,SAAS;IACnB,KAAK,EAAE,gBAAgB;IACvB,QAAQ,EAAE,IAAI;IACd,aAAa,EAAE,IAAI,IAAI,EAAE;IACzB,aAAa,EAAE,IAAI,IAAI,EAAE;CAC5B,CAAC;AAEW,QAAA,mBAAmB,GAA8B;IAC1D,GAAG,2BAAmB;IACtB,IAAI,EAAE,kDAAsB,CAAC,MAAM;CACtC,CAAC;AACW,QAAA,+BAA+B,GAA8B;IACtE,GAAG,2BAAmB;IACtB,IAAI,EAAE,kDAAsB,CAAC,kBAAkB;CAClD,CAAC;AACW,QAAA,mBAAmB,GAA8B;IAC1D,GAAG,2BAAmB;IACtB,IAAI,EAAE,kDAAsB,CAAC,MAAM;CACtC,CAAC;AACW,QAAA,sBAAsB,GAA8B;IAC7D,GAAG,2BAAmB;IACtB,IAAI,EAAE,kDAAsB,CAAC,SAAS;CACzC,CAAC;AAEW,QAAA,kBAAkB,GAA8B;IACzD,GAAG,2BAAmB;IACtB,IAAI,EAAE,kDAAsB,CAAC,KAAK;CACrC,CAAC"}
|
|
1
|
+
{"version":3,"file":"organizationMemberAbility.mock.js","sourceRoot":"","sources":["../../../src/authorization/organizationMemberAbility.mock.ts"],"names":[],"mappings":";;;AAAA,kFAG4C;AAE/B,QAAA,mBAAmB,GAA8B;IAC1D,QAAQ,EAAE,sCAAsC,EAAE,+FAA+F;IACjJ,gBAAgB,EAAE,KAAK;IACvB,IAAI,EAAE,kDAAsB,CAAC,MAAM;IACnC,QAAQ,EAAE,SAAS;IACnB,SAAS,EAAE,MAAM;IACjB,QAAQ,EAAE,SAAS;IACnB,KAAK,EAAE,gBAAgB;IACvB,QAAQ,EAAE,IAAI;IACd,aAAa,EAAE,IAAI,IAAI,EAAE;IACzB,aAAa,EAAE,IAAI,IAAI,EAAE;CAC5B,CAAC;AAEW,QAAA,mBAAmB,GAA8B;IAC1D,GAAG,2BAAmB;IACtB,IAAI,EAAE,kDAAsB,CAAC,MAAM;CACtC,CAAC;AACW,QAAA,+BAA+B,GAA8B;IACtE,GAAG,2BAAmB;IACtB,IAAI,EAAE,kDAAsB,CAAC,kBAAkB;CAClD,CAAC;AACW,QAAA,mBAAmB,GAA8B;IAC1D,GAAG,2BAAmB;IACtB,IAAI,EAAE,kDAAsB,CAAC,MAAM;CACtC,CAAC;AACW,QAAA,sBAAsB,GAA8B;IAC7D,GAAG,2BAAmB;IACtB,IAAI,EAAE,kDAAsB,CAAC,SAAS;CACzC,CAAC;AAEW,QAAA,kBAAkB,GAA8B;IACzD,GAAG,2BAAmB;IACtB,IAAI,EAAE,kDAAsB,CAAC,KAAK;CACrC,CAAC"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
|
-
import { type ScopeName } from '../types/scopes';
|
|
1
|
+
import { type ScopeModifer, type ScopeName } from '../types/scopes';
|
|
2
2
|
import { type AbilityAction, type CaslSubjectNames } from './types';
|
|
3
|
-
export declare const parseScope: (scope: string) => [AbilityAction, CaslSubjectNames];
|
|
3
|
+
export declare const parseScope: (scope: string) => [AbilityAction, CaslSubjectNames, ScopeModifer | undefined];
|
|
4
|
+
export declare const normalizeScopeName: (scope: string) => ScopeName;
|
|
4
5
|
export declare const parseScopes: ({ scopes, isEnterprise, }: {
|
|
5
6
|
scopes: string[];
|
|
6
7
|
isEnterprise: boolean;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"parseScopes.d.ts","sourceRoot":"","sources":["../../../src/authorization/parseScopes.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"parseScopes.d.ts","sourceRoot":"","sources":["../../../src/authorization/parseScopes.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,YAAY,EAAE,KAAK,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAEpE,OAAO,EAAE,KAAK,aAAa,EAAE,KAAK,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAEpE,eAAO,MAAM,UAAU,UACZ,MAAM,KACd,CAAC,aAAa,EAAE,gBAAgB,EAAE,YAAY,GAAG,SAAS,CAU5D,CAAC;AAEF,eAAO,MAAM,kBAAkB,UAAW,MAAM,KAAG,SAGlD,CAAC;AAEF,eAAO,MAAM,WAAW,8BAGrB;IACC,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,YAAY,EAAE,OAAO,CAAC;CACzB,KAAG,GAAG,CAAC,SAAS,CAiBhB,CAAC"}
|
|
@@ -1,23 +1,32 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.parseScopes = exports.parseScope = void 0;
|
|
3
|
+
exports.parseScopes = exports.normalizeScopeName = exports.parseScope = void 0;
|
|
4
4
|
const lodash_1 = require("lodash");
|
|
5
|
-
const errors_1 = require("../types/errors");
|
|
6
5
|
const scopes_1 = require("./scopes");
|
|
7
6
|
const parseScope = (scope) => {
|
|
8
|
-
const [action,
|
|
7
|
+
const [action, predicate] = scope.split(':');
|
|
8
|
+
const [subjectPart, modifier] = predicate.split('@');
|
|
9
9
|
const subject = (0, lodash_1.upperFirst)((0, lodash_1.camelCase)(subjectPart));
|
|
10
|
-
return [
|
|
10
|
+
return [
|
|
11
|
+
action,
|
|
12
|
+
subject,
|
|
13
|
+
modifier,
|
|
14
|
+
];
|
|
11
15
|
};
|
|
12
16
|
exports.parseScope = parseScope;
|
|
17
|
+
const normalizeScopeName = (scope) => {
|
|
18
|
+
const [action, subject, modifier] = (0, exports.parseScope)(scope);
|
|
19
|
+
return `${action}:${subject}${modifier ? `@${modifier}` : ''}`;
|
|
20
|
+
};
|
|
21
|
+
exports.normalizeScopeName = normalizeScopeName;
|
|
13
22
|
const parseScopes = ({ scopes, isEnterprise, }) => {
|
|
14
23
|
const scopeMap = (0, scopes_1.getAllScopeMap)({ isEnterprise });
|
|
15
|
-
const filtered = scopes
|
|
16
|
-
.map((scope) => (0, exports.parseScope)(scope).join(':'))
|
|
17
|
-
.filter((scope) => {
|
|
24
|
+
const filtered = scopes.map(exports.normalizeScopeName).filter((scope) => {
|
|
18
25
|
const foundScope = scopeMap[scope];
|
|
19
26
|
if (!foundScope) {
|
|
20
|
-
|
|
27
|
+
// eslint-disable-next-line no-console
|
|
28
|
+
console.warn(`Invalid scope: ${scope}. Please check the scope name and try again.`);
|
|
29
|
+
return false;
|
|
21
30
|
}
|
|
22
31
|
return true;
|
|
23
32
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"parseScopes.js","sourceRoot":"","sources":["../../../src/authorization/parseScopes.ts"],"names":[],"mappings":";;;AAAA,mCAA+C;
|
|
1
|
+
{"version":3,"file":"parseScopes.js","sourceRoot":"","sources":["../../../src/authorization/parseScopes.ts"],"names":[],"mappings":";;;AAAA,mCAA+C;AAE/C,qCAA0C;AAGnC,MAAM,UAAU,GAAG,CACtB,KAAa,EAC8C,EAAE;IAC7D,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC7C,MAAM,CAAC,WAAW,EAAE,QAAQ,CAAC,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACrD,MAAM,OAAO,GAAG,IAAA,mBAAU,EAAC,IAAA,kBAAS,EAAC,WAAW,CAAC,CAAC,CAAC;IAEnD,OAAO;QACH,MAAuB;QACvB,OAA2B;QAC3B,QAAwB;KAC3B,CAAC;AACN,CAAC,CAAC;AAZW,QAAA,UAAU,cAYrB;AAEK,MAAM,kBAAkB,GAAG,CAAC,KAAa,EAAa,EAAE;IAC3D,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,QAAQ,CAAC,GAAG,IAAA,kBAAU,EAAC,KAAK,CAAC,CAAC;IACtD,OAAO,GAAG,MAAM,IAAI,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,IAAI,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,EAAe,CAAC;AAChF,CAAC,CAAC;AAHW,QAAA,kBAAkB,sBAG7B;AAEK,MAAM,WAAW,GAAG,CAAC,EACxB,MAAM,EACN,YAAY,GAIf,EAAkB,EAAE;IACjB,MAAM,QAAQ,GAAG,IAAA,uBAAc,EAAC,EAAE,YAAY,EAAE,CAAC,CAAC;IAClD,MAAM,QAAQ,GAAG,MAAM,CAAC,GAAG,CAAC,0BAAkB,CAAC,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE;QAC7D,MAAM,UAAU,GAAG,QAAQ,CAAC,KAAkB,CAAC,CAAC;QAEhD,IAAI,CAAC,UAAU,EAAE,CAAC;YACd,sCAAsC;YACtC,OAAO,CAAC,IAAI,CACR,kBAAkB,KAAK,8CAA8C,CACxE,CAAC;YACF,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,OAAO,IAAI,CAAC;IAChB,CAAC,CAAC,CAAC;IAEH,OAAO,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC;AAC7B,CAAC,CAAC;AAvBW,QAAA,WAAW,eAuBtB"}
|
|
@@ -1,6 +1,5 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
const errors_1 = require("../types/errors");
|
|
4
3
|
const parseScopes_1 = require("./parseScopes");
|
|
5
4
|
describe('parseScopes', () => {
|
|
6
5
|
describe('with valid scopes', () => {
|
|
@@ -54,25 +53,21 @@ describe('parseScopes', () => {
|
|
|
54
53
|
});
|
|
55
54
|
});
|
|
56
55
|
describe('with invalid scopes', () => {
|
|
57
|
-
it('should
|
|
58
|
-
expect((
|
|
56
|
+
it('should filter out invalid scope names', () => {
|
|
57
|
+
expect((0, parseScopes_1.parseScopes)({
|
|
59
58
|
scopes: ['view:dashboard', 'invalid:scope'],
|
|
60
59
|
isEnterprise: false,
|
|
61
|
-
})).
|
|
62
|
-
expect(() => (0, parseScopes_1.parseScopes)({
|
|
63
|
-
scopes: ['view:dashboard', 'invalid:scope'],
|
|
64
|
-
isEnterprise: false,
|
|
65
|
-
})).toThrow('Invalid scope: invalid:Scope. Please check the scope name and try again.');
|
|
60
|
+
})).toEqual(new Set(['view:Dashboard']));
|
|
66
61
|
});
|
|
67
|
-
it('should
|
|
68
|
-
expect((
|
|
62
|
+
it('should filter out enterprise scopes when not enterprise', () => {
|
|
63
|
+
expect((0, parseScopes_1.parseScopes)({
|
|
69
64
|
scopes: ['view:dashboard', 'view:ai_agent'],
|
|
70
65
|
isEnterprise: false,
|
|
71
|
-
})).
|
|
72
|
-
expect((
|
|
66
|
+
})).toEqual(new Set(['view:Dashboard']));
|
|
67
|
+
expect((0, parseScopes_1.parseScopes)({
|
|
73
68
|
scopes: ['view:dashboard', 'view:ai_agent'],
|
|
74
|
-
isEnterprise:
|
|
75
|
-
})).
|
|
69
|
+
isEnterprise: true,
|
|
70
|
+
})).toEqual(new Set(['view:Dashboard', 'view:AiAgent']));
|
|
76
71
|
});
|
|
77
72
|
});
|
|
78
73
|
describe('scope parsing logic', () => {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"parseScopes.test.js","sourceRoot":"","sources":["../../../src/authorization/parseScopes.test.ts"],"names":[],"mappings":";;AAAA
|
|
1
|
+
{"version":3,"file":"parseScopes.test.js","sourceRoot":"","sources":["../../../src/authorization/parseScopes.test.ts"],"names":[],"mappings":";;AAAA,+CAA4C;AAE5C,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;IACzB,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;QAC/B,EAAE,CAAC,6DAA6D,EAAE,GAAG,EAAE;YACnE,MAAM,MAAM,GAAG,IAAA,yBAAW,EAAC;gBACvB,MAAM,EAAE,CAAC,gBAAgB,EAAE,kBAAkB,CAAC;gBAC9C,YAAY,EAAE,KAAK;aACtB,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;YACnC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC5B,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAChD,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yDAAyD,EAAE,GAAG,EAAE;YAC/D,MAAM,MAAM,GAAG,IAAA,yBAAW,EAAC;gBACvB,MAAM,EAAE,CAAC,eAAe,EAAE,iBAAiB,CAAC;gBAC5C,YAAY,EAAE,IAAI;aACrB,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;YACnC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC5B,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC9C,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;YACtD,MAAM,MAAM,GAAG,IAAA,yBAAW,EAAC;gBACvB,MAAM,EAAE;oBACJ,sBAAsB;oBACtB,8BAA8B;iBACjC;gBACD,YAAY,EAAE,IAAI;aACrB,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC5B,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACrD,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;YAC5C,MAAM,MAAM,GAAG,IAAA,yBAAW,EAAC;gBACvB,MAAM,EAAE,CAAC,cAAc,CAAC;gBACxB,YAAY,EAAE,KAAK;aACtB,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC5B,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YACxC,MAAM,MAAM,GAAG,IAAA,yBAAW,EAAC;gBACvB,MAAM,EAAE,EAAE;gBACV,YAAY,EAAE,KAAK;aACtB,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;YACnC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAChC,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;QACjC,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;YAC7C,MAAM,CACF,IAAA,yBAAW,EAAC;gBACR,MAAM,EAAE,CAAC,gBAAgB,EAAE,eAAe,CAAC;gBAC3C,YAAY,EAAE,KAAK;aACtB,CAAC,CACL,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yDAAyD,EAAE,GAAG,EAAE;YAC/D,MAAM,CACF,IAAA,yBAAW,EAAC;gBACR,MAAM,EAAE,CAAC,gBAAgB,EAAE,eAAe,CAAC;gBAC3C,YAAY,EAAE,KAAK;aACtB,CAAC,CACL,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC;YAEvC,MAAM,CACF,IAAA,yBAAW,EAAC;gBACR,MAAM,EAAE,CAAC,gBAAgB,EAAE,eAAe,CAAC;gBAC3C,YAAY,EAAE,IAAI;aACrB,CAAC,CACL,CAAC,OAAO,CAAC,IAAI,GAAG,CAAC,CAAC,gBAAgB,EAAE,cAAc,CAAC,CAAC,CAAC,CAAC;QAC3D,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;QACjC,EAAE,CAAC,qDAAqD,EAAE,GAAG,EAAE;YAC3D,MAAM,MAAM,GAAG,IAAA,yBAAW,EAAC;gBACvB,MAAM,EAAE;oBACJ,sBAAsB;oBACtB,8BAA8B;oBAC9B,sBAAsB;iBACzB;gBACD,YAAY,EAAE,IAAI;aACrB,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACrD,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC5D,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;YAC/C,MAAM,MAAM,GAAG,IAAA,yBAAW,EAAC;gBACvB,MAAM,EAAE,CAAC,gBAAgB,EAAE,mBAAmB,CAAC;gBAC/C,YAAY,EAAE,KAAK;aACtB,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAChD,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACvD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;YAChD,MAAM,MAAM,GAAG,IAAA,yBAAW,EAAC;gBACvB,MAAM,EAAE,CAAC,sBAAsB,CAAC;gBAChC,YAAY,EAAE,KAAK;aACtB,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;AACP,CAAC,CAAC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"projectMemberAbility.mock.d.ts","sourceRoot":"","sources":["../../../src/authorization/projectMemberAbility.mock.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,oBAAoB,EAAE,MAAM,+BAA+B,CAAC;AAG1E,eAAO,MAAM,cAAc,EAAE,
|
|
1
|
+
{"version":3,"file":"projectMemberAbility.mock.d.ts","sourceRoot":"","sources":["../../../src/authorization/projectMemberAbility.mock.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,oBAAoB,EAAE,MAAM,+BAA+B,CAAC;AAG1E,eAAO,MAAM,cAAc,EAAE,oBAQ5B,CAAC;AAEF,eAAO,MAAM,0BAA0B,EAAE,oBAGxC,CAAC;AAEF,eAAO,MAAM,cAAc,EAAE,oBAG5B,CAAC;AACF,eAAO,MAAM,iBAAiB,EAAE,oBAG/B,CAAC;AACF,eAAO,MAAM,aAAa,EAAE,oBAG3B,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"projectMemberAbility.mock.js","sourceRoot":"","sources":["../../../src/authorization/projectMemberAbility.mock.ts"],"names":[],"mappings":";;;AACA,kEAA+D;AAElD,QAAA,cAAc,GAAyB;IAChD,QAAQ,EAAE,gBAAgB;IAC1B,WAAW,EAAE,mBAAmB;IAChC,IAAI,EAAE,qCAAiB,CAAC,MAAM;IAC9B,KAAK,EAAE,EAAE;IACT,SAAS,EAAE,EAAE;IACb,QAAQ,EAAE,EAAE;CACf,CAAC;AAEW,QAAA,0BAA0B,GAAyB;IAC5D,GAAG,sBAAc;IACjB,IAAI,EAAE,qCAAiB,CAAC,kBAAkB;CAC7C,CAAC;AAEW,QAAA,cAAc,GAAyB;IAChD,GAAG,sBAAc;IACjB,IAAI,EAAE,qCAAiB,CAAC,MAAM;CACjC,CAAC;AACW,QAAA,iBAAiB,GAAyB;IACnD,GAAG,sBAAc;IACjB,IAAI,EAAE,qCAAiB,CAAC,SAAS;CACpC,CAAC;AACW,QAAA,aAAa,GAAyB;IAC/C,GAAG,sBAAc;IACjB,IAAI,EAAE,qCAAiB,CAAC,KAAK;CAChC,CAAC"}
|
|
1
|
+
{"version":3,"file":"projectMemberAbility.mock.js","sourceRoot":"","sources":["../../../src/authorization/projectMemberAbility.mock.ts"],"names":[],"mappings":";;;AACA,kEAA+D;AAElD,QAAA,cAAc,GAAyB;IAChD,QAAQ,EAAE,gBAAgB;IAC1B,WAAW,EAAE,mBAAmB;IAChC,IAAI,EAAE,qCAAiB,CAAC,MAAM;IAC9B,QAAQ,EAAE,SAAS;IACnB,KAAK,EAAE,EAAE;IACT,SAAS,EAAE,EAAE;IACb,QAAQ,EAAE,EAAE;CACf,CAAC;AAEW,QAAA,0BAA0B,GAAyB;IAC5D,GAAG,sBAAc;IACjB,IAAI,EAAE,qCAAiB,CAAC,kBAAkB;CAC7C,CAAC;AAEW,QAAA,cAAc,GAAyB;IAChD,GAAG,sBAAc;IACjB,IAAI,EAAE,qCAAiB,CAAC,MAAM;CACjC,CAAC;AACW,QAAA,iBAAiB,GAAyB;IACnD,GAAG,sBAAc;IACjB,IAAI,EAAE,qCAAiB,CAAC,SAAS;CACpC,CAAC;AACW,QAAA,aAAa,GAAyB;IAC/C,GAAG,sBAAc;IACjB,IAAI,EAAE,qCAAiB,CAAC,KAAK;CAChC,CAAC"}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
import { ProjectMemberRole } from '../types/projectMemberRole';
|
|
2
|
+
/**
|
|
3
|
+
* Maps project member roles to their equivalent scopes based on projectMemberAbility.ts analysis
|
|
4
|
+
* Each role inherits permissions from the roles below it in the hierarchy
|
|
5
|
+
*/
|
|
6
|
+
export declare const PROJECT_ROLE_TO_SCOPES_MAP: Record<ProjectMemberRole, string[]>;
|
|
7
|
+
/**
|
|
8
|
+
* Gets the scopes required for a specific project member role
|
|
9
|
+
*/
|
|
10
|
+
export declare const getScopesForRole: (role: ProjectMemberRole) => string[];
|
|
11
|
+
/**
|
|
12
|
+
* Gets only the non-enterprise scopes for a role (filters out enterprise-only features)
|
|
13
|
+
*/
|
|
14
|
+
export declare const getNonEnterpriseScopesForRole: (role: ProjectMemberRole) => string[];
|
|
15
|
+
/**
|
|
16
|
+
* Gets the incremental scopes added by a specific role (not inherited from lower roles)
|
|
17
|
+
*/
|
|
18
|
+
export declare const getIncrementalScopesForRole: (role: ProjectMemberRole) => string[];
|
|
19
|
+
//# sourceMappingURL=roleToScopeMapping.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"roleToScopeMapping.d.ts","sourceRoot":"","sources":["../../../src/authorization/roleToScopeMapping.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,4BAA4B,CAAC;AA0G/D;;;GAGG;AACH,eAAO,MAAM,0BAA0B,EAAE,MAAM,CAAC,iBAAiB,EAAE,MAAM,EAAE,CAoBnE,CAAC;AAET;;GAEG;AACH,eAAO,MAAM,gBAAgB,SAAU,iBAAiB,KAAG,MAAM,EAEhE,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,6BAA6B,SAChC,iBAAiB,KACxB,MAAM,EAkBR,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,2BAA2B,SAC9B,iBAAiB,KACxB,MAAM,EAqBR,CAAC"}
|
|
@@ -0,0 +1,163 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.getIncrementalScopesForRole = exports.getNonEnterpriseScopesForRole = exports.getScopesForRole = exports.PROJECT_ROLE_TO_SCOPES_MAP = void 0;
|
|
4
|
+
const projectMemberRole_1 = require("../types/projectMemberRole");
|
|
5
|
+
/**
|
|
6
|
+
* Utility functions to convert project member roles to equivalent scope sets
|
|
7
|
+
* for testing migration compatibility between role-based and scope-based authorization
|
|
8
|
+
*/
|
|
9
|
+
/**
|
|
10
|
+
* Base scopes for each role level (without inheritance)
|
|
11
|
+
*/
|
|
12
|
+
const BASE_ROLE_SCOPES = {
|
|
13
|
+
[projectMemberRole_1.ProjectMemberRole.VIEWER]: [
|
|
14
|
+
// Basic viewing permissions
|
|
15
|
+
'view:Dashboard',
|
|
16
|
+
'view:SavedChart',
|
|
17
|
+
'view:Space',
|
|
18
|
+
'view:Project',
|
|
19
|
+
'view:PinnedItems',
|
|
20
|
+
'view:DashboardComments',
|
|
21
|
+
'view:Tags',
|
|
22
|
+
'view:Job', // For viewing job status created by user
|
|
23
|
+
'manage:ExportCsv',
|
|
24
|
+
// Enterprise scopes (when available)
|
|
25
|
+
'view:MetricsTree',
|
|
26
|
+
'view:SpotlightTableConfig',
|
|
27
|
+
'view:AiAgentThread',
|
|
28
|
+
],
|
|
29
|
+
[projectMemberRole_1.ProjectMemberRole.INTERACTIVE_VIEWER]: [
|
|
30
|
+
// Additional interactive viewer permissions
|
|
31
|
+
'view:UnderlyingData',
|
|
32
|
+
'view:SemanticViewer',
|
|
33
|
+
'manage:Explore',
|
|
34
|
+
'manage:ChangeCsvResults',
|
|
35
|
+
'create:ScheduledDeliveries',
|
|
36
|
+
'create:DashboardComments',
|
|
37
|
+
'create:Job',
|
|
38
|
+
// Space-level content management (requires space admin/editor role)
|
|
39
|
+
'manage:Dashboard', // Via space access
|
|
40
|
+
'manage:SavedChart', // Via space access
|
|
41
|
+
'manage:Space', // Via space access (admin role)
|
|
42
|
+
// Enterprise scopes
|
|
43
|
+
'view:AiAgent',
|
|
44
|
+
'create:AiAgentThread',
|
|
45
|
+
],
|
|
46
|
+
[projectMemberRole_1.ProjectMemberRole.EDITOR]: [
|
|
47
|
+
// Editor-specific permissions
|
|
48
|
+
'create:Space',
|
|
49
|
+
'manage:Space', // For non-private spaces (requires manage:Project)
|
|
50
|
+
'manage:Job',
|
|
51
|
+
'manage:PinnedItems',
|
|
52
|
+
'manage:ScheduledDeliveries',
|
|
53
|
+
'manage:DashboardComments',
|
|
54
|
+
'manage:Tags',
|
|
55
|
+
// Enterprise scopes
|
|
56
|
+
'manage:MetricsTree',
|
|
57
|
+
'manage:AiAgentThread', // User's own threads
|
|
58
|
+
],
|
|
59
|
+
[projectMemberRole_1.ProjectMemberRole.DEVELOPER]: [
|
|
60
|
+
// Developer-specific permissions
|
|
61
|
+
'manage:VirtualView',
|
|
62
|
+
'manage:CustomSql',
|
|
63
|
+
'manage:SqlRunner',
|
|
64
|
+
'manage:Validation',
|
|
65
|
+
'manage:CompileProject',
|
|
66
|
+
'create:Project', // Preview projects
|
|
67
|
+
'delete:Project', // Preview projects created by user
|
|
68
|
+
'update:Project',
|
|
69
|
+
'view:JobStatus', // All jobs in project
|
|
70
|
+
// Enterprise scopes
|
|
71
|
+
'manage:SpotlightTableConfig',
|
|
72
|
+
'manage:ContentAsCode',
|
|
73
|
+
'manage:AiAgent',
|
|
74
|
+
'manage:AiAgentThread', // User's own threads
|
|
75
|
+
],
|
|
76
|
+
[projectMemberRole_1.ProjectMemberRole.ADMIN]: [
|
|
77
|
+
// Admin-specific permissions
|
|
78
|
+
'delete:Project', // Any project
|
|
79
|
+
'view:Analytics',
|
|
80
|
+
'manage:Dashboard', // All dashboards
|
|
81
|
+
'manage:Project', // Required for managing non-private spaces
|
|
82
|
+
'manage:SavedChart', // All saved charts
|
|
83
|
+
'view:AiAgentThread', // All threads in project
|
|
84
|
+
'manage:AiAgentThread', // All threads in project
|
|
85
|
+
],
|
|
86
|
+
};
|
|
87
|
+
/**
|
|
88
|
+
* Role hierarchy for inheritance
|
|
89
|
+
*/
|
|
90
|
+
const ROLE_HIERARCHY = [
|
|
91
|
+
projectMemberRole_1.ProjectMemberRole.VIEWER,
|
|
92
|
+
projectMemberRole_1.ProjectMemberRole.INTERACTIVE_VIEWER,
|
|
93
|
+
projectMemberRole_1.ProjectMemberRole.EDITOR,
|
|
94
|
+
projectMemberRole_1.ProjectMemberRole.DEVELOPER,
|
|
95
|
+
projectMemberRole_1.ProjectMemberRole.ADMIN,
|
|
96
|
+
];
|
|
97
|
+
/**
|
|
98
|
+
* Maps project member roles to their equivalent scopes based on projectMemberAbility.ts analysis
|
|
99
|
+
* Each role inherits permissions from the roles below it in the hierarchy
|
|
100
|
+
*/
|
|
101
|
+
exports.PROJECT_ROLE_TO_SCOPES_MAP = (() => {
|
|
102
|
+
const result = {};
|
|
103
|
+
for (const role of ROLE_HIERARCHY) {
|
|
104
|
+
const roleIndex = ROLE_HIERARCHY.indexOf(role);
|
|
105
|
+
const inheritedScopes = new Set();
|
|
106
|
+
// Add scopes from all lower-level roles
|
|
107
|
+
for (let i = 0; i <= roleIndex; i += 1) {
|
|
108
|
+
const currentRole = ROLE_HIERARCHY[i];
|
|
109
|
+
BASE_ROLE_SCOPES[currentRole].forEach((scope) => inheritedScopes.add(scope));
|
|
110
|
+
}
|
|
111
|
+
result[role] = Array.from(inheritedScopes);
|
|
112
|
+
}
|
|
113
|
+
return result;
|
|
114
|
+
})();
|
|
115
|
+
/**
|
|
116
|
+
* Gets the scopes required for a specific project member role
|
|
117
|
+
*/
|
|
118
|
+
const getScopesForRole = (role) => [
|
|
119
|
+
...exports.PROJECT_ROLE_TO_SCOPES_MAP[role],
|
|
120
|
+
];
|
|
121
|
+
exports.getScopesForRole = getScopesForRole;
|
|
122
|
+
/**
|
|
123
|
+
* Gets only the non-enterprise scopes for a role (filters out enterprise-only features)
|
|
124
|
+
*/
|
|
125
|
+
const getNonEnterpriseScopesForRole = (role) => {
|
|
126
|
+
const enterpriseScopes = new Set([
|
|
127
|
+
'view:MetricsTree',
|
|
128
|
+
'manage:MetricsTree',
|
|
129
|
+
'view:SpotlightTableConfig',
|
|
130
|
+
'manage:SpotlightTableConfig',
|
|
131
|
+
'view:AiAgent',
|
|
132
|
+
'view:AiAgentThread',
|
|
133
|
+
'create:AiAgentThread',
|
|
134
|
+
'manage:AiAgent',
|
|
135
|
+
'manage:AiAgentThread',
|
|
136
|
+
'manage:ContentAsCode',
|
|
137
|
+
'manage:PersonalAccessToken',
|
|
138
|
+
]);
|
|
139
|
+
return exports.PROJECT_ROLE_TO_SCOPES_MAP[role].filter((scope) => !enterpriseScopes.has(scope));
|
|
140
|
+
};
|
|
141
|
+
exports.getNonEnterpriseScopesForRole = getNonEnterpriseScopesForRole;
|
|
142
|
+
/**
|
|
143
|
+
* Gets the incremental scopes added by a specific role (not inherited from lower roles)
|
|
144
|
+
*/
|
|
145
|
+
const getIncrementalScopesForRole = (role) => {
|
|
146
|
+
const roleOrder = [
|
|
147
|
+
projectMemberRole_1.ProjectMemberRole.VIEWER,
|
|
148
|
+
projectMemberRole_1.ProjectMemberRole.INTERACTIVE_VIEWER,
|
|
149
|
+
projectMemberRole_1.ProjectMemberRole.EDITOR,
|
|
150
|
+
projectMemberRole_1.ProjectMemberRole.DEVELOPER,
|
|
151
|
+
projectMemberRole_1.ProjectMemberRole.ADMIN,
|
|
152
|
+
];
|
|
153
|
+
const roleIndex = roleOrder.indexOf(role);
|
|
154
|
+
if (roleIndex === 0) {
|
|
155
|
+
return (0, exports.getScopesForRole)(role);
|
|
156
|
+
}
|
|
157
|
+
const previousRole = roleOrder[roleIndex - 1];
|
|
158
|
+
const currentScopes = new Set((0, exports.getScopesForRole)(role));
|
|
159
|
+
const previousScopes = new Set((0, exports.getScopesForRole)(previousRole));
|
|
160
|
+
return Array.from(currentScopes).filter((scope) => !previousScopes.has(scope));
|
|
161
|
+
};
|
|
162
|
+
exports.getIncrementalScopesForRole = getIncrementalScopesForRole;
|
|
163
|
+
//# sourceMappingURL=roleToScopeMapping.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"roleToScopeMapping.js","sourceRoot":"","sources":["../../../src/authorization/roleToScopeMapping.ts"],"names":[],"mappings":";;;AAAA,kEAA+D;AAE/D;;;GAGG;AAEH;;GAEG;AACH,MAAM,gBAAgB,GAAG;IACrB,CAAC,qCAAiB,CAAC,MAAM,CAAC,EAAE;QACxB,4BAA4B;QAC5B,gBAAgB;QAChB,iBAAiB;QACjB,YAAY;QACZ,cAAc;QACd,kBAAkB;QAClB,wBAAwB;QACxB,WAAW;QACX,UAAU,EAAE,yCAAyC;QACrD,kBAAkB;QAElB,qCAAqC;QACrC,kBAAkB;QAClB,2BAA2B;QAC3B,oBAAoB;KACvB;IAED,CAAC,qCAAiB,CAAC,kBAAkB,CAAC,EAAE;QACpC,4CAA4C;QAC5C,qBAAqB;QACrB,qBAAqB;QACrB,gBAAgB;QAChB,yBAAyB;QACzB,4BAA4B;QAC5B,0BAA0B;QAC1B,YAAY;QAEZ,oEAAoE;QACpE,kBAAkB,EAAE,mBAAmB;QACvC,mBAAmB,EAAE,mBAAmB;QACxC,cAAc,EAAE,gCAAgC;QAEhD,oBAAoB;QACpB,cAAc;QACd,sBAAsB;KACzB;IAED,CAAC,qCAAiB,CAAC,MAAM,CAAC,EAAE;QACxB,8BAA8B;QAC9B,cAAc;QACd,cAAc,EAAE,mDAAmD;QACnE,YAAY;QACZ,oBAAoB;QACpB,4BAA4B;QAC5B,0BAA0B;QAC1B,aAAa;QAEb,oBAAoB;QACpB,oBAAoB;QACpB,sBAAsB,EAAE,qBAAqB;KAChD;IAED,CAAC,qCAAiB,CAAC,SAAS,CAAC,EAAE;QAC3B,iCAAiC;QACjC,oBAAoB;QACpB,kBAAkB;QAClB,kBAAkB;QAClB,mBAAmB;QACnB,uBAAuB;QACvB,gBAAgB,EAAE,mBAAmB;QACrC,gBAAgB,EAAE,mCAAmC;QACrD,gBAAgB;QAChB,gBAAgB,EAAE,sBAAsB;QAExC,oBAAoB;QACpB,6BAA6B;QAC7B,sBAAsB;QACtB,gBAAgB;QAChB,sBAAsB,EAAE,qBAAqB;KAChD;IAED,CAAC,qCAAiB,CAAC,KAAK,CAAC,EAAE;QACvB,6BAA6B;QAC7B,gBAAgB,EAAE,cAAc;QAChC,gBAAgB;QAChB,kBAAkB,EAAE,iBAAiB;QACrC,gBAAgB,EAAE,2CAA2C;QAC7D,mBAAmB,EAAE,mBAAmB;QACxC,oBAAoB,EAAE,yBAAyB;QAC/C,sBAAsB,EAAE,yBAAyB;KACpD;CACK,CAAC;AAEX;;GAEG;AACH,MAAM,cAAc,GAAG;IACnB,qCAAiB,CAAC,MAAM;IACxB,qCAAiB,CAAC,kBAAkB;IACpC,qCAAiB,CAAC,MAAM;IACxB,qCAAiB,CAAC,SAAS;IAC3B,qCAAiB,CAAC,KAAK;CACjB,CAAC;AAEX;;;GAGG;AACU,QAAA,0BAA0B,GACnC,CAAC,GAAG,EAAE;IACF,MAAM,MAAM,GAAG,EAAyC,CAAC;IAEzD,KAAK,MAAM,IAAI,IAAI,cAAc,EAAE,CAAC;QAChC,MAAM,SAAS,GAAG,cAAc,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC/C,MAAM,eAAe,GAAG,IAAI,GAAG,EAAU,CAAC;QAE1C,wCAAwC;QACxC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,SAAS,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YACrC,MAAM,WAAW,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC;YACtC,gBAAgB,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE,CAC5C,eAAe,CAAC,GAAG,CAAC,KAAK,CAAC,CAC7B,CAAC;QACN,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAC/C,CAAC;IAED,OAAO,MAAM,CAAC;AAClB,CAAC,CAAC,EAAE,CAAC;AAET;;GAEG;AACI,MAAM,gBAAgB,GAAG,CAAC,IAAuB,EAAY,EAAE,CAAC;IACnE,GAAG,kCAA0B,CAAC,IAAI,CAAC;CACtC,CAAC;AAFW,QAAA,gBAAgB,oBAE3B;AAEF;;GAEG;AACI,MAAM,6BAA6B,GAAG,CACzC,IAAuB,EACf,EAAE;IACV,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC;QAC7B,kBAAkB;QAClB,oBAAoB;QACpB,2BAA2B;QAC3B,6BAA6B;QAC7B,cAAc;QACd,oBAAoB;QACpB,sBAAsB;QACtB,gBAAgB;QAChB,sBAAsB;QACtB,sBAAsB;QACtB,4BAA4B;KAC/B,CAAC,CAAC;IAEH,OAAO,kCAA0B,CAAC,IAAI,CAAC,CAAC,MAAM,CAC1C,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,gBAAgB,CAAC,GAAG,CAAC,KAAK,CAAC,CAC1C,CAAC;AACN,CAAC,CAAC;AApBW,QAAA,6BAA6B,iCAoBxC;AAEF;;GAEG;AACI,MAAM,2BAA2B,GAAG,CACvC,IAAuB,EACf,EAAE;IACV,MAAM,SAAS,GAAG;QACd,qCAAiB,CAAC,MAAM;QACxB,qCAAiB,CAAC,kBAAkB;QACpC,qCAAiB,CAAC,MAAM;QACxB,qCAAiB,CAAC,SAAS;QAC3B,qCAAiB,CAAC,KAAK;KAC1B,CAAC;IAEF,MAAM,SAAS,GAAG,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1C,IAAI,SAAS,KAAK,CAAC,EAAE,CAAC;QAClB,OAAO,IAAA,wBAAgB,EAAC,IAAI,CAAC,CAAC;IAClC,CAAC;IAED,MAAM,YAAY,GAAG,SAAS,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC;IAC9C,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,IAAA,wBAAgB,EAAC,IAAI,CAAC,CAAC,CAAC;IACtD,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,IAAA,wBAAgB,EAAC,YAAY,CAAC,CAAC,CAAC;IAE/D,OAAO,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,MAAM,CACnC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,CACxC,CAAC;AACN,CAAC,CAAC;AAvBW,QAAA,2BAA2B,+BAuBtC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"roleToScopeMapping.test.d.ts","sourceRoot":"","sources":["../../../src/authorization/roleToScopeMapping.test.ts"],"names":[],"mappings":""}
|