@lightdash/common 0.1936.2 → 0.1937.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/authorization/index.d.ts +8 -4
- package/dist/cjs/authorization/index.d.ts.map +1 -1
- package/dist/cjs/authorization/index.js +26 -3
- package/dist/cjs/authorization/index.js.map +1 -1
- package/dist/cjs/authorization/index.mock.d.ts +2 -0
- package/dist/cjs/authorization/index.mock.d.ts.map +1 -1
- package/dist/cjs/authorization/index.mock.js +2 -0
- package/dist/cjs/authorization/index.mock.js.map +1 -1
- package/dist/cjs/authorization/organizationMemberAbility.mock.d.ts.map +1 -1
- package/dist/cjs/authorization/organizationMemberAbility.mock.js +1 -0
- package/dist/cjs/authorization/organizationMemberAbility.mock.js.map +1 -1
- package/dist/cjs/authorization/parseScopes.d.ts +3 -2
- package/dist/cjs/authorization/parseScopes.d.ts.map +1 -1
- package/dist/cjs/authorization/parseScopes.js +17 -8
- package/dist/cjs/authorization/parseScopes.js.map +1 -1
- package/dist/cjs/authorization/parseScopes.test.js +9 -14
- package/dist/cjs/authorization/parseScopes.test.js.map +1 -1
- package/dist/cjs/authorization/projectMemberAbility.mock.d.ts.map +1 -1
- package/dist/cjs/authorization/projectMemberAbility.mock.js +1 -0
- package/dist/cjs/authorization/projectMemberAbility.mock.js.map +1 -1
- package/dist/cjs/authorization/roleToScopeMapping.d.ts +19 -0
- package/dist/cjs/authorization/roleToScopeMapping.d.ts.map +1 -0
- package/dist/cjs/authorization/roleToScopeMapping.js +163 -0
- package/dist/cjs/authorization/roleToScopeMapping.js.map +1 -0
- package/dist/cjs/authorization/roleToScopeMapping.test.d.ts +2 -0
- package/dist/cjs/authorization/roleToScopeMapping.test.d.ts.map +1 -0
- package/dist/cjs/authorization/roleToScopeMapping.test.js +549 -0
- package/dist/cjs/authorization/roleToScopeMapping.test.js.map +1 -0
- package/dist/cjs/authorization/roleToScopeMapping.testUtils.d.ts +1393 -0
- package/dist/cjs/authorization/roleToScopeMapping.testUtils.d.ts.map +1 -0
- package/dist/cjs/authorization/roleToScopeMapping.testUtils.js +329 -0
- package/dist/cjs/authorization/roleToScopeMapping.testUtils.js.map +1 -0
- package/dist/cjs/authorization/scopeAbilityBuilder.d.ts +14 -8
- package/dist/cjs/authorization/scopeAbilityBuilder.d.ts.map +1 -1
- package/dist/cjs/authorization/scopeAbilityBuilder.js +7 -7
- package/dist/cjs/authorization/scopeAbilityBuilder.js.map +1 -1
- package/dist/cjs/authorization/scopeAbilityBuilder.test.js +258 -185
- package/dist/cjs/authorization/scopeAbilityBuilder.test.js.map +1 -1
- package/dist/cjs/authorization/scopes.d.ts.map +1 -1
- package/dist/cjs/authorization/scopes.js +132 -187
- package/dist/cjs/authorization/scopes.js.map +1 -1
- package/dist/cjs/ee/AiAgent/schemas/tools/index.d.ts +1 -0
- package/dist/cjs/ee/AiAgent/schemas/tools/index.d.ts.map +1 -1
- package/dist/cjs/ee/AiAgent/schemas/tools/index.js +1 -0
- package/dist/cjs/ee/AiAgent/schemas/tools/index.js.map +1 -1
- package/dist/cjs/ee/AiAgent/schemas/tools/toolSearchFieldValuesArgs.d.ts +2845 -0
- package/dist/cjs/ee/AiAgent/schemas/tools/toolSearchFieldValuesArgs.d.ts.map +1 -0
- package/dist/cjs/ee/AiAgent/schemas/tools/toolSearchFieldValuesArgs.js +41 -0
- package/dist/cjs/ee/AiAgent/schemas/tools/toolSearchFieldValuesArgs.js.map +1 -0
- package/dist/cjs/types/organizationMemberProfile.d.ts +1 -0
- package/dist/cjs/types/organizationMemberProfile.d.ts.map +1 -1
- package/dist/cjs/types/organizationMemberProfile.js.map +1 -1
- package/dist/cjs/types/projectMemberProfile.d.ts +1 -0
- package/dist/cjs/types/projectMemberProfile.d.ts.map +1 -1
- package/dist/cjs/types/scopes.d.ts +19 -9
- package/dist/cjs/types/scopes.d.ts.map +1 -1
- package/dist/cjs/types/search.d.ts +20 -0
- package/dist/cjs/types/search.d.ts.map +1 -1
- package/dist/cjs/types/search.js.map +1 -1
- package/dist/cjs/types/user.d.ts +1 -0
- package/dist/cjs/types/user.d.ts.map +1 -1
- package/dist/cjs/types/user.js.map +1 -1
- package/dist/esm/authorization/index.d.ts +8 -4
- package/dist/esm/authorization/index.d.ts.map +1 -1
- package/dist/esm/authorization/index.js +26 -3
- package/dist/esm/authorization/index.js.map +1 -1
- package/dist/esm/authorization/index.mock.d.ts +2 -0
- package/dist/esm/authorization/index.mock.d.ts.map +1 -1
- package/dist/esm/authorization/index.mock.js +2 -0
- package/dist/esm/authorization/index.mock.js.map +1 -1
- package/dist/esm/authorization/organizationMemberAbility.mock.d.ts.map +1 -1
- package/dist/esm/authorization/organizationMemberAbility.mock.js +1 -0
- package/dist/esm/authorization/organizationMemberAbility.mock.js.map +1 -1
- package/dist/esm/authorization/parseScopes.d.ts +3 -2
- package/dist/esm/authorization/parseScopes.d.ts.map +1 -1
- package/dist/esm/authorization/parseScopes.js +15 -7
- package/dist/esm/authorization/parseScopes.js.map +1 -1
- package/dist/esm/authorization/parseScopes.test.js +9 -14
- package/dist/esm/authorization/parseScopes.test.js.map +1 -1
- package/dist/esm/authorization/projectMemberAbility.mock.d.ts.map +1 -1
- package/dist/esm/authorization/projectMemberAbility.mock.js +1 -0
- package/dist/esm/authorization/projectMemberAbility.mock.js.map +1 -1
- package/dist/esm/authorization/roleToScopeMapping.d.ts +19 -0
- package/dist/esm/authorization/roleToScopeMapping.d.ts.map +1 -0
- package/dist/esm/authorization/roleToScopeMapping.js +157 -0
- package/dist/esm/authorization/roleToScopeMapping.js.map +1 -0
- package/dist/esm/authorization/roleToScopeMapping.test.d.ts +2 -0
- package/dist/esm/authorization/roleToScopeMapping.test.d.ts.map +1 -0
- package/dist/esm/authorization/roleToScopeMapping.test.js +547 -0
- package/dist/esm/authorization/roleToScopeMapping.test.js.map +1 -0
- package/dist/esm/authorization/roleToScopeMapping.testUtils.d.ts +1393 -0
- package/dist/esm/authorization/roleToScopeMapping.testUtils.d.ts.map +1 -0
- package/dist/esm/authorization/roleToScopeMapping.testUtils.js +319 -0
- package/dist/esm/authorization/roleToScopeMapping.testUtils.js.map +1 -0
- package/dist/esm/authorization/scopeAbilityBuilder.d.ts +14 -8
- package/dist/esm/authorization/scopeAbilityBuilder.d.ts.map +1 -1
- package/dist/esm/authorization/scopeAbilityBuilder.js +7 -7
- package/dist/esm/authorization/scopeAbilityBuilder.js.map +1 -1
- package/dist/esm/authorization/scopeAbilityBuilder.test.js +259 -186
- package/dist/esm/authorization/scopeAbilityBuilder.test.js.map +1 -1
- package/dist/esm/authorization/scopes.d.ts.map +1 -1
- package/dist/esm/authorization/scopes.js +132 -187
- package/dist/esm/authorization/scopes.js.map +1 -1
- package/dist/esm/ee/AiAgent/schemas/tools/index.d.ts +1 -0
- package/dist/esm/ee/AiAgent/schemas/tools/index.d.ts.map +1 -1
- package/dist/esm/ee/AiAgent/schemas/tools/index.js +1 -0
- package/dist/esm/ee/AiAgent/schemas/tools/index.js.map +1 -1
- package/dist/esm/ee/AiAgent/schemas/tools/toolSearchFieldValuesArgs.d.ts +2845 -0
- package/dist/esm/ee/AiAgent/schemas/tools/toolSearchFieldValuesArgs.d.ts.map +1 -0
- package/dist/esm/ee/AiAgent/schemas/tools/toolSearchFieldValuesArgs.js +38 -0
- package/dist/esm/ee/AiAgent/schemas/tools/toolSearchFieldValuesArgs.js.map +1 -0
- package/dist/esm/types/organizationMemberProfile.d.ts +1 -0
- package/dist/esm/types/organizationMemberProfile.d.ts.map +1 -1
- package/dist/esm/types/organizationMemberProfile.js.map +1 -1
- package/dist/esm/types/projectMemberProfile.d.ts +1 -0
- package/dist/esm/types/projectMemberProfile.d.ts.map +1 -1
- package/dist/esm/types/scopes.d.ts +19 -9
- package/dist/esm/types/scopes.d.ts.map +1 -1
- package/dist/esm/types/search.d.ts +20 -0
- package/dist/esm/types/search.d.ts.map +1 -1
- package/dist/esm/types/search.js.map +1 -1
- package/dist/esm/types/user.d.ts +1 -0
- package/dist/esm/types/user.d.ts.map +1 -1
- package/dist/esm/types/user.js.map +1 -1
- package/dist/tsconfig.types.tsbuildinfo +1 -1
- package/dist/types/authorization/index.d.ts +8 -4
- package/dist/types/authorization/index.d.ts.map +1 -1
- package/dist/types/authorization/index.mock.d.ts +2 -0
- package/dist/types/authorization/index.mock.d.ts.map +1 -1
- package/dist/types/authorization/organizationMemberAbility.mock.d.ts.map +1 -1
- package/dist/types/authorization/parseScopes.d.ts +3 -2
- package/dist/types/authorization/parseScopes.d.ts.map +1 -1
- package/dist/types/authorization/projectMemberAbility.mock.d.ts.map +1 -1
- package/dist/types/authorization/roleToScopeMapping.d.ts +19 -0
- package/dist/types/authorization/roleToScopeMapping.d.ts.map +1 -0
- package/dist/types/authorization/roleToScopeMapping.test.d.ts +2 -0
- package/dist/types/authorization/roleToScopeMapping.test.d.ts.map +1 -0
- package/dist/types/authorization/roleToScopeMapping.testUtils.d.ts +1393 -0
- package/dist/types/authorization/roleToScopeMapping.testUtils.d.ts.map +1 -0
- package/dist/types/authorization/scopeAbilityBuilder.d.ts +14 -8
- package/dist/types/authorization/scopeAbilityBuilder.d.ts.map +1 -1
- package/dist/types/authorization/scopes.d.ts.map +1 -1
- package/dist/types/ee/AiAgent/schemas/tools/index.d.ts +1 -0
- package/dist/types/ee/AiAgent/schemas/tools/index.d.ts.map +1 -1
- package/dist/types/ee/AiAgent/schemas/tools/toolSearchFieldValuesArgs.d.ts +2845 -0
- package/dist/types/ee/AiAgent/schemas/tools/toolSearchFieldValuesArgs.d.ts.map +1 -0
- package/dist/types/types/organizationMemberProfile.d.ts +1 -0
- package/dist/types/types/organizationMemberProfile.d.ts.map +1 -1
- package/dist/types/types/projectMemberProfile.d.ts +1 -0
- package/dist/types/types/projectMemberProfile.d.ts.map +1 -1
- package/dist/types/types/scopes.d.ts +19 -9
- package/dist/types/types/scopes.d.ts.map +1 -1
- package/dist/types/types/search.d.ts +20 -0
- package/dist/types/types/search.d.ts.map +1 -1
- package/dist/types/types/user.d.ts +1 -0
- package/dist/types/types/user.d.ts.map +1 -1
- package/package.json +1 -1
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"roleToScopeMapping.testUtils.d.ts","sourceRoot":"","sources":["../../../src/authorization/roleToScopeMapping.testUtils.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,iBAAiB,EAAE,MAAM,4BAA4B,CAAC;AAO/D,OAAO,EAAE,KAAK,aAAa,EAAE,MAAM,SAAS,CAAC;AAE7C;;;GAGG;AAEH;;GAEG;AACH,eAAO,MAAM,uBAAuB,QAAO;IACvC,KAAK,EAAE,OAAO,CAAC;IACf,MAAM,EAAE,MAAM,EAAE,CAAC;CAgCpB,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,sBAAsB,SACzB,iBAAiB,KACxB;IACC,KAAK,EAAE,KAAK,CAAC;QACT,MAAM,EAAE,MAAM,CAAC;QACf,OAAO,EAAE,MAAM,CAAC;QAChB,UAAU,CAAC,EAAE,OAAO,CAAC;QACrB,QAAQ,CAAC,EAAE,OAAO,CAAC;QACnB,MAAM,CAAC,EAAE,MAAM,CAAC;KACnB,CAAC,CAAC;IACH,UAAU,EAAE,aAAa,CAAC;CAwB7B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAqHnC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,oBAAoB,SACvB,iBAAiB,YACd;IACL,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC7B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA2CJ,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,4BAA4B,SAC/B,iBAAiB,aACZ,UAAU,CAAC,OAAO,uBAAuB,CAAC,YAC5C;IAAE,YAAY,CAAC,EAAE,OAAO,CAAA;CAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAkDtC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,uBAAuB,aACvB;IAAE,YAAY,CAAC,EAAE,OAAO,CAAA;CAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAmCtC,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,qBAAqB,SAAU,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA2B5D,CAAC"}
|
|
@@ -0,0 +1,319 @@
|
|
|
1
|
+
/* eslint-disable no-console */
|
|
2
|
+
import { Ability, AbilityBuilder, subject } from '@casl/ability';
|
|
3
|
+
import { ProjectMemberRole } from '../types/projectMemberRole';
|
|
4
|
+
import { projectMemberAbilities } from './projectMemberAbility';
|
|
5
|
+
import { getNonEnterpriseScopesForRole, getScopesForRole, } from './roleToScopeMapping';
|
|
6
|
+
import { buildAbilityFromScopes } from './scopeAbilityBuilder';
|
|
7
|
+
/**
|
|
8
|
+
* Test utilities for role to scope mapping validation
|
|
9
|
+
* These functions are only used for testing migration compatibility
|
|
10
|
+
*/
|
|
11
|
+
/**
|
|
12
|
+
* Validates that a role properly inherits permissions from lower roles
|
|
13
|
+
*/
|
|
14
|
+
export const validateRoleInheritance = () => {
|
|
15
|
+
const errors = [];
|
|
16
|
+
const roleOrder = [
|
|
17
|
+
ProjectMemberRole.VIEWER,
|
|
18
|
+
ProjectMemberRole.INTERACTIVE_VIEWER,
|
|
19
|
+
ProjectMemberRole.EDITOR,
|
|
20
|
+
ProjectMemberRole.DEVELOPER,
|
|
21
|
+
ProjectMemberRole.ADMIN,
|
|
22
|
+
];
|
|
23
|
+
for (let i = 1; i < roleOrder.length; i += 1) {
|
|
24
|
+
const currentRole = roleOrder[i];
|
|
25
|
+
const previousRole = roleOrder[i - 1];
|
|
26
|
+
const currentScopes = new Set(getScopesForRole(currentRole));
|
|
27
|
+
const previousScopes = getScopesForRole(previousRole);
|
|
28
|
+
// Check that all previous scopes are included in current role
|
|
29
|
+
for (const scope of previousScopes) {
|
|
30
|
+
if (!currentScopes.has(scope)) {
|
|
31
|
+
errors.push(`Role ${currentRole} is missing inherited scope: ${scope} from ${previousRole}`);
|
|
32
|
+
}
|
|
33
|
+
}
|
|
34
|
+
}
|
|
35
|
+
return {
|
|
36
|
+
valid: errors.length === 0,
|
|
37
|
+
errors,
|
|
38
|
+
};
|
|
39
|
+
};
|
|
40
|
+
/**
|
|
41
|
+
* Extracts the actual permissions granted by a role builder for analysis and comparison
|
|
42
|
+
* This is useful for debugging and validating that our scope mappings are correct
|
|
43
|
+
*/
|
|
44
|
+
export const extractRolePermissions = (role) => {
|
|
45
|
+
const builder = new AbilityBuilder(Ability);
|
|
46
|
+
const testMember = {
|
|
47
|
+
role,
|
|
48
|
+
projectUuid: 'test-project-uuid',
|
|
49
|
+
userUuid: 'test-user-uuid',
|
|
50
|
+
};
|
|
51
|
+
// Build the ability using the role-based system
|
|
52
|
+
projectMemberAbilities[role](testMember, builder);
|
|
53
|
+
const ability = builder.build();
|
|
54
|
+
// Extract the rules for analysis
|
|
55
|
+
return {
|
|
56
|
+
rules: ability.rules.map((rule) => ({
|
|
57
|
+
action: rule.action,
|
|
58
|
+
subject: rule.subject,
|
|
59
|
+
conditions: rule.conditions,
|
|
60
|
+
inverted: rule.inverted,
|
|
61
|
+
reason: rule.reason,
|
|
62
|
+
})),
|
|
63
|
+
rawAbility: ability,
|
|
64
|
+
};
|
|
65
|
+
};
|
|
66
|
+
/**
|
|
67
|
+
* Helper function to create standardized test cases for role compatibility testing
|
|
68
|
+
*/
|
|
69
|
+
export const createStandardTestCases = () => [
|
|
70
|
+
// View permissions
|
|
71
|
+
{
|
|
72
|
+
action: 'view',
|
|
73
|
+
subject: 'Dashboard',
|
|
74
|
+
resource: {
|
|
75
|
+
organizationUuid: 'org-uuid-test',
|
|
76
|
+
projectUuid: 'test-project-uuid',
|
|
77
|
+
isPrivate: false,
|
|
78
|
+
},
|
|
79
|
+
},
|
|
80
|
+
{
|
|
81
|
+
action: 'view',
|
|
82
|
+
subject: 'SavedChart',
|
|
83
|
+
resource: {
|
|
84
|
+
organizationUuid: 'org-uuid-test',
|
|
85
|
+
projectUuid: 'test-project-uuid',
|
|
86
|
+
isPrivate: false,
|
|
87
|
+
},
|
|
88
|
+
},
|
|
89
|
+
{
|
|
90
|
+
action: 'view',
|
|
91
|
+
subject: 'Space',
|
|
92
|
+
resource: {
|
|
93
|
+
organizationUuid: 'org-uuid-test',
|
|
94
|
+
projectUuid: 'test-project-uuid',
|
|
95
|
+
isPrivate: false,
|
|
96
|
+
},
|
|
97
|
+
},
|
|
98
|
+
{
|
|
99
|
+
action: 'view',
|
|
100
|
+
subject: 'Project',
|
|
101
|
+
resource: { projectUuid: 'test-project-uuid' },
|
|
102
|
+
},
|
|
103
|
+
// Create permissions
|
|
104
|
+
{
|
|
105
|
+
action: 'create',
|
|
106
|
+
subject: 'Space',
|
|
107
|
+
resource: {
|
|
108
|
+
organizationUuid: 'org-uuid-test',
|
|
109
|
+
projectUuid: 'test-project-uuid',
|
|
110
|
+
},
|
|
111
|
+
},
|
|
112
|
+
{
|
|
113
|
+
action: 'create',
|
|
114
|
+
subject: 'DashboardComments',
|
|
115
|
+
resource: { projectUuid: 'test-project-uuid' },
|
|
116
|
+
},
|
|
117
|
+
{
|
|
118
|
+
action: 'create',
|
|
119
|
+
subject: 'ScheduledDeliveries',
|
|
120
|
+
resource: { projectUuid: 'test-project-uuid' },
|
|
121
|
+
},
|
|
122
|
+
// Manage permissions (varies by role level)
|
|
123
|
+
{
|
|
124
|
+
action: 'manage',
|
|
125
|
+
subject: 'Space',
|
|
126
|
+
resource: {
|
|
127
|
+
organizationUuid: 'org-uuid-test',
|
|
128
|
+
projectUuid: 'test-project-uuid',
|
|
129
|
+
isPrivate: false,
|
|
130
|
+
},
|
|
131
|
+
},
|
|
132
|
+
{
|
|
133
|
+
action: 'manage',
|
|
134
|
+
subject: 'Job',
|
|
135
|
+
resource: {},
|
|
136
|
+
},
|
|
137
|
+
{
|
|
138
|
+
action: 'manage',
|
|
139
|
+
subject: 'PinnedItems',
|
|
140
|
+
resource: {
|
|
141
|
+
organizationUuid: 'org-uuid-test',
|
|
142
|
+
projectUuid: 'test-project-uuid',
|
|
143
|
+
},
|
|
144
|
+
},
|
|
145
|
+
{
|
|
146
|
+
action: 'manage',
|
|
147
|
+
subject: 'Explore',
|
|
148
|
+
resource: { projectUuid: 'test-project-uuid' },
|
|
149
|
+
},
|
|
150
|
+
// Higher-level permissions (developer+ only)
|
|
151
|
+
{
|
|
152
|
+
action: 'manage',
|
|
153
|
+
subject: 'Project',
|
|
154
|
+
resource: { projectUuid: 'test-project-uuid' },
|
|
155
|
+
},
|
|
156
|
+
{
|
|
157
|
+
action: 'manage',
|
|
158
|
+
subject: 'Validation',
|
|
159
|
+
resource: { projectUuid: 'test-project-uuid' },
|
|
160
|
+
},
|
|
161
|
+
{
|
|
162
|
+
action: 'manage',
|
|
163
|
+
subject: 'VirtualView',
|
|
164
|
+
resource: { projectUuid: 'test-project-uuid' },
|
|
165
|
+
},
|
|
166
|
+
{
|
|
167
|
+
action: 'manage',
|
|
168
|
+
subject: 'CustomSql',
|
|
169
|
+
resource: { projectUuid: 'test-project-uuid' },
|
|
170
|
+
},
|
|
171
|
+
// Admin-only permissions
|
|
172
|
+
{
|
|
173
|
+
action: 'delete',
|
|
174
|
+
subject: 'Project',
|
|
175
|
+
resource: { projectUuid: 'test-project-uuid' },
|
|
176
|
+
},
|
|
177
|
+
{
|
|
178
|
+
action: 'view',
|
|
179
|
+
subject: 'Analytics',
|
|
180
|
+
resource: { projectUuid: 'test-project-uuid' },
|
|
181
|
+
},
|
|
182
|
+
];
|
|
183
|
+
/**
|
|
184
|
+
* Helper function to create test parameters for role compatibility testing
|
|
185
|
+
*/
|
|
186
|
+
export const createRoleTestParams = (role, options = {}) => {
|
|
187
|
+
const { isEnterprise = false, projectUuid = 'test-project-uuid', userUuid = 'test-user-uuid', organizationUuid = 'test-org-uuid', } = options;
|
|
188
|
+
const scopes = isEnterprise
|
|
189
|
+
? getScopesForRole(role)
|
|
190
|
+
: getNonEnterpriseScopesForRole(role);
|
|
191
|
+
const scopeBuilderParams = {
|
|
192
|
+
userUuid,
|
|
193
|
+
scopes,
|
|
194
|
+
isEnterprise,
|
|
195
|
+
organizationRole: 'editor',
|
|
196
|
+
permissionsConfig: {
|
|
197
|
+
pat: {
|
|
198
|
+
enabled: false,
|
|
199
|
+
allowedOrgRoles: [],
|
|
200
|
+
},
|
|
201
|
+
},
|
|
202
|
+
};
|
|
203
|
+
return {
|
|
204
|
+
role,
|
|
205
|
+
scopes,
|
|
206
|
+
projectMember: {
|
|
207
|
+
role,
|
|
208
|
+
projectUuid,
|
|
209
|
+
userUuid,
|
|
210
|
+
},
|
|
211
|
+
scopeOrgBuilderParams: {
|
|
212
|
+
...scopeBuilderParams,
|
|
213
|
+
organizationUuid,
|
|
214
|
+
},
|
|
215
|
+
scopeProjectBuilderParams: {
|
|
216
|
+
...scopeBuilderParams,
|
|
217
|
+
projectUuid,
|
|
218
|
+
},
|
|
219
|
+
};
|
|
220
|
+
};
|
|
221
|
+
/**
|
|
222
|
+
* Compares role-based and scope-based abilities for a specific set of test cases
|
|
223
|
+
* Returns detailed results showing which permissions match or differ
|
|
224
|
+
*/
|
|
225
|
+
export const compareRoleAndScopeAbilities = (role, testCases, options = {}) => {
|
|
226
|
+
const { isEnterprise = false } = options;
|
|
227
|
+
const testParams = createRoleTestParams(role, { isEnterprise });
|
|
228
|
+
// Build role-based ability
|
|
229
|
+
const roleBuilder = new AbilityBuilder(Ability);
|
|
230
|
+
projectMemberAbilities[role](testParams.projectMember, roleBuilder);
|
|
231
|
+
const roleAbility = roleBuilder.build();
|
|
232
|
+
// Build Project-based scope-based ability
|
|
233
|
+
const scopeBuilder = new AbilityBuilder(Ability);
|
|
234
|
+
buildAbilityFromScopes(testParams.scopeProjectBuilderParams, scopeBuilder);
|
|
235
|
+
const scopeAbility = scopeBuilder.build();
|
|
236
|
+
const results = testCases.map((testCase) => {
|
|
237
|
+
const subjectWithResource = subject(testCase.subject, testCase.resource);
|
|
238
|
+
const roleResult = roleAbility.can(testCase.action, subjectWithResource);
|
|
239
|
+
const scopeResult = scopeAbility.can(testCase.action, subjectWithResource);
|
|
240
|
+
return {
|
|
241
|
+
...testCase,
|
|
242
|
+
roleResult,
|
|
243
|
+
scopeResult,
|
|
244
|
+
match: roleResult === scopeResult,
|
|
245
|
+
};
|
|
246
|
+
});
|
|
247
|
+
const summary = {
|
|
248
|
+
total: results.length,
|
|
249
|
+
matches: results.filter((r) => r.match).length,
|
|
250
|
+
mismatches: results.filter((r) => !r.match),
|
|
251
|
+
allMatch: results.every((r) => r.match),
|
|
252
|
+
};
|
|
253
|
+
return {
|
|
254
|
+
role,
|
|
255
|
+
scopes: testParams.scopes,
|
|
256
|
+
results,
|
|
257
|
+
summary,
|
|
258
|
+
};
|
|
259
|
+
};
|
|
260
|
+
/**
|
|
261
|
+
* Runs a comprehensive comparison of all roles against standard test cases
|
|
262
|
+
*/
|
|
263
|
+
export const validateAllRoleMappings = (options = {}) => {
|
|
264
|
+
const roles = [
|
|
265
|
+
ProjectMemberRole.VIEWER,
|
|
266
|
+
ProjectMemberRole.INTERACTIVE_VIEWER,
|
|
267
|
+
ProjectMemberRole.EDITOR,
|
|
268
|
+
ProjectMemberRole.DEVELOPER,
|
|
269
|
+
ProjectMemberRole.ADMIN,
|
|
270
|
+
];
|
|
271
|
+
const testCases = createStandardTestCases();
|
|
272
|
+
const results = roles.map((role) => compareRoleAndScopeAbilities(role, testCases, options));
|
|
273
|
+
const overallSummary = {
|
|
274
|
+
rolesValidated: results.length,
|
|
275
|
+
successfulRoles: results
|
|
276
|
+
.filter((r) => r.summary.allMatch)
|
|
277
|
+
.map((r) => r.role),
|
|
278
|
+
failedRoles: results
|
|
279
|
+
.filter((r) => !r.summary.allMatch)
|
|
280
|
+
.map((r) => ({
|
|
281
|
+
role: r.role,
|
|
282
|
+
mismatches: r.summary.mismatches.length,
|
|
283
|
+
})),
|
|
284
|
+
totalTestCases: results.reduce((sum, r) => sum + r.summary.total, 0),
|
|
285
|
+
totalMatches: results.reduce((sum, r) => sum + r.summary.matches, 0),
|
|
286
|
+
};
|
|
287
|
+
return {
|
|
288
|
+
roleResults: results,
|
|
289
|
+
overallSummary,
|
|
290
|
+
allRolesValid: overallSummary.failedRoles.length === 0,
|
|
291
|
+
};
|
|
292
|
+
};
|
|
293
|
+
/**
|
|
294
|
+
* Debug utility to show what scopes are missing or extra for a specific role
|
|
295
|
+
*/
|
|
296
|
+
export const debugRoleScopeMapping = (role) => {
|
|
297
|
+
const testCases = createStandardTestCases();
|
|
298
|
+
const comparison = compareRoleAndScopeAbilities(role, testCases);
|
|
299
|
+
const mismatches = comparison.results.filter((r) => !r.match);
|
|
300
|
+
console.debug(`\n=== Debug: ${role} Role Scope Mapping ===`);
|
|
301
|
+
console.debug(`Scopes assigned: ${comparison.scopes.length}`);
|
|
302
|
+
console.debug(`Test cases: ${comparison.summary.total}`);
|
|
303
|
+
console.debug(`Matches: ${comparison.summary.matches}`);
|
|
304
|
+
console.debug(`Mismatches: ${mismatches.length}`);
|
|
305
|
+
if (mismatches.length > 0) {
|
|
306
|
+
console.debug('\n--- Mismatched Permissions ---');
|
|
307
|
+
mismatches.forEach((mismatch) => {
|
|
308
|
+
console.debug(`${mismatch.action}:${mismatch.subject}`);
|
|
309
|
+
console.debug(` Role-based: ${mismatch.roleResult}`);
|
|
310
|
+
console.debug(` Scope-based: ${mismatch.scopeResult}`);
|
|
311
|
+
console.debug(` Resource:`, mismatch.resource);
|
|
312
|
+
console.debug('');
|
|
313
|
+
});
|
|
314
|
+
}
|
|
315
|
+
console.debug(`\nAssigned Scopes:`);
|
|
316
|
+
comparison.scopes.forEach((scope) => console.debug(` - ${scope}`));
|
|
317
|
+
return comparison;
|
|
318
|
+
};
|
|
319
|
+
//# sourceMappingURL=roleToScopeMapping.testUtils.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"roleToScopeMapping.testUtils.js","sourceRoot":"","sources":["../../../src/authorization/roleToScopeMapping.testUtils.ts"],"names":[],"mappings":"AAAA,+BAA+B;AAC/B,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACjE,OAAO,EAAE,iBAAiB,EAAE,MAAM,4BAA4B,CAAC;AAC/D,OAAO,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAC;AAChE,OAAO,EACH,6BAA6B,EAC7B,gBAAgB,GACnB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AAG/D;;;GAGG;AAEH;;GAEG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,GAGrC,EAAE;IACA,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,SAAS,GAAG;QACd,iBAAiB,CAAC,MAAM;QACxB,iBAAiB,CAAC,kBAAkB;QACpC,iBAAiB,CAAC,MAAM;QACxB,iBAAiB,CAAC,SAAS;QAC3B,iBAAiB,CAAC,KAAK;KAC1B,CAAC;IAEF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QAC3C,MAAM,WAAW,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;QACjC,MAAM,YAAY,GAAG,SAAS,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAEtC,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC,CAAC;QAC7D,MAAM,cAAc,GAAG,gBAAgB,CAAC,YAAY,CAAC,CAAC;QAEtD,8DAA8D;QAC9D,KAAK,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;YACjC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC5B,MAAM,CAAC,IAAI,CACP,QAAQ,WAAW,gCAAgC,KAAK,SAAS,YAAY,EAAE,CAClF,CAAC;YACN,CAAC;QACL,CAAC;IACL,CAAC;IAED,OAAO;QACH,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QAC1B,MAAM;KACT,CAAC;AACN,CAAC,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAClC,IAAuB,EAUzB,EAAE;IACA,MAAM,OAAO,GAAG,IAAI,cAAc,CAAgB,OAAO,CAAC,CAAC;IAC3D,MAAM,UAAU,GAAG;QACf,IAAI;QACJ,WAAW,EAAE,mBAAmB;QAChC,QAAQ,EAAE,gBAAgB;KAC7B,CAAC;IAEF,gDAAgD;IAChD,sBAAsB,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAClD,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,EAAE,CAAC;IAEhC,iCAAiC;IACjC,OAAO;QACH,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;YAChC,MAAM,EAAE,IAAI,CAAC,MAAgB;YAC7B,OAAO,EAAE,IAAI,CAAC,OAAiB;YAC/B,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,MAAM,EAAE,IAAI,CAAC,MAAM;SACtB,CAAC,CAAC;QACH,UAAU,EAAE,OAAO;KACtB,CAAC;AACN,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,GAAG,EAAE,CAAC;IACzC,mBAAmB;IACnB;QACI,MAAM,EAAE,MAAe;QACvB,OAAO,EAAE,WAAoB;QAC7B,QAAQ,EAAE;YACN,gBAAgB,EAAE,eAAe;YACjC,WAAW,EAAE,mBAAmB;YAChC,SAAS,EAAE,KAAK;SACnB;KACJ;IACD;QACI,MAAM,EAAE,MAAe;QACvB,OAAO,EAAE,YAAqB;QAC9B,QAAQ,EAAE;YACN,gBAAgB,EAAE,eAAe;YACjC,WAAW,EAAE,mBAAmB;YAChC,SAAS,EAAE,KAAK;SACnB;KACJ;IACD;QACI,MAAM,EAAE,MAAe;QACvB,OAAO,EAAE,OAAgB;QACzB,QAAQ,EAAE;YACN,gBAAgB,EAAE,eAAe;YACjC,WAAW,EAAE,mBAAmB;YAChC,SAAS,EAAE,KAAK;SACnB;KACJ;IACD;QACI,MAAM,EAAE,MAAe;QACvB,OAAO,EAAE,SAAkB;QAC3B,QAAQ,EAAE,EAAE,WAAW,EAAE,mBAAmB,EAAE;KACjD;IAED,qBAAqB;IACrB;QACI,MAAM,EAAE,QAAiB;QACzB,OAAO,EAAE,OAAgB;QACzB,QAAQ,EAAE;YACN,gBAAgB,EAAE,eAAe;YACjC,WAAW,EAAE,mBAAmB;SACnC;KACJ;IACD;QACI,MAAM,EAAE,QAAiB;QACzB,OAAO,EAAE,mBAA4B;QACrC,QAAQ,EAAE,EAAE,WAAW,EAAE,mBAAmB,EAAE;KACjD;IACD;QACI,MAAM,EAAE,QAAiB;QACzB,OAAO,EAAE,qBAA8B;QACvC,QAAQ,EAAE,EAAE,WAAW,EAAE,mBAAmB,EAAE;KACjD;IAED,4CAA4C;IAC5C;QACI,MAAM,EAAE,QAAiB;QACzB,OAAO,EAAE,OAAgB;QACzB,QAAQ,EAAE;YACN,gBAAgB,EAAE,eAAe;YACjC,WAAW,EAAE,mBAAmB;YAChC,SAAS,EAAE,KAAK;SACnB;KACJ;IACD;QACI,MAAM,EAAE,QAAiB;QACzB,OAAO,EAAE,KAAc;QACvB,QAAQ,EAAE,EAAE;KACf;IACD;QACI,MAAM,EAAE,QAAiB;QACzB,OAAO,EAAE,aAAsB;QAC/B,QAAQ,EAAE;YACN,gBAAgB,EAAE,eAAe;YACjC,WAAW,EAAE,mBAAmB;SACnC;KACJ;IACD;QACI,MAAM,EAAE,QAAiB;QACzB,OAAO,EAAE,SAAkB;QAC3B,QAAQ,EAAE,EAAE,WAAW,EAAE,mBAAmB,EAAE;KACjD;IAED,6CAA6C;IAC7C;QACI,MAAM,EAAE,QAAiB;QACzB,OAAO,EAAE,SAAkB;QAC3B,QAAQ,EAAE,EAAE,WAAW,EAAE,mBAAmB,EAAE;KACjD;IACD;QACI,MAAM,EAAE,QAAiB;QACzB,OAAO,EAAE,YAAqB;QAC9B,QAAQ,EAAE,EAAE,WAAW,EAAE,mBAAmB,EAAE;KACjD;IACD;QACI,MAAM,EAAE,QAAiB;QACzB,OAAO,EAAE,aAAsB;QAC/B,QAAQ,EAAE,EAAE,WAAW,EAAE,mBAAmB,EAAE;KACjD;IACD;QACI,MAAM,EAAE,QAAiB;QACzB,OAAO,EAAE,WAAoB;QAC7B,QAAQ,EAAE,EAAE,WAAW,EAAE,mBAAmB,EAAE;KACjD;IAED,yBAAyB;IACzB;QACI,MAAM,EAAE,QAAiB;QACzB,OAAO,EAAE,SAAkB;QAC3B,QAAQ,EAAE,EAAE,WAAW,EAAE,mBAAmB,EAAE;KACjD;IACD;QACI,MAAM,EAAE,MAAe;QACvB,OAAO,EAAE,WAAoB;QAC7B,QAAQ,EAAE,EAAE,WAAW,EAAE,mBAAmB,EAAE;KACjD;CACJ,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAChC,IAAuB,EACvB,UAKI,EAAE,EACR,EAAE;IACA,MAAM,EACF,YAAY,GAAG,KAAK,EACpB,WAAW,GAAG,mBAAmB,EACjC,QAAQ,GAAG,gBAAgB,EAC3B,gBAAgB,GAAG,eAAe,GACrC,GAAG,OAAO,CAAC;IAEZ,MAAM,MAAM,GAAG,YAAY;QACvB,CAAC,CAAC,gBAAgB,CAAC,IAAI,CAAC;QACxB,CAAC,CAAC,6BAA6B,CAAC,IAAI,CAAC,CAAC;IAE1C,MAAM,kBAAkB,GAAG;QACvB,QAAQ;QACR,MAAM;QACN,YAAY;QACZ,gBAAgB,EAAE,QAAiB;QACnC,iBAAiB,EAAE;YACf,GAAG,EAAE;gBACD,OAAO,EAAE,KAAK;gBACd,eAAe,EAAE,EAAE;aACtB;SACJ;KACJ,CAAC;IAEF,OAAO;QACH,IAAI;QACJ,MAAM;QACN,aAAa,EAAE;YACX,IAAI;YACJ,WAAW;YACX,QAAQ;SACX;QACD,qBAAqB,EAAE;YACnB,GAAG,kBAAkB;YACrB,gBAAgB;SACnB;QACD,yBAAyB,EAAE;YACvB,GAAG,kBAAkB;YACrB,WAAW;SACd;KACJ,CAAC;AACN,CAAC,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,4BAA4B,GAAG,CACxC,IAAuB,EACvB,SAAqD,EACrD,UAAsC,EAAE,EAC1C,EAAE;IACA,MAAM,EAAE,YAAY,GAAG,KAAK,EAAE,GAAG,OAAO,CAAC;IACzC,MAAM,UAAU,GAAG,oBAAoB,CAAC,IAAI,EAAE,EAAE,YAAY,EAAE,CAAC,CAAC;IAEhE,2BAA2B;IAC3B,MAAM,WAAW,GAAG,IAAI,cAAc,CAAgB,OAAO,CAAC,CAAC;IAC/D,sBAAsB,CAAC,IAAI,CAAC,CAAC,UAAU,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC;IACpE,MAAM,WAAW,GAAG,WAAW,CAAC,KAAK,EAAE,CAAC;IAExC,0CAA0C;IAC1C,MAAM,YAAY,GAAG,IAAI,cAAc,CAAgB,OAAO,CAAC,CAAC;IAChE,sBAAsB,CAAC,UAAU,CAAC,yBAAyB,EAAE,YAAY,CAAC,CAAC;IAC3E,MAAM,YAAY,GAAG,YAAY,CAAC,KAAK,EAAE,CAAC;IAE1C,MAAM,OAAO,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE;QACvC,MAAM,mBAAmB,GAAG,OAAO,CAC/B,QAAQ,CAAC,OAAO,EAChB,QAAQ,CAAC,QAAQ,CACpB,CAAC;QACF,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,CAC9B,QAAQ,CAAC,MAAM,EACf,mBAAmB,CACtB,CAAC;QACF,MAAM,WAAW,GAAG,YAAY,CAAC,GAAG,CAChC,QAAQ,CAAC,MAAM,EACf,mBAAmB,CACtB,CAAC;QAEF,OAAO;YACH,GAAG,QAAQ;YACX,UAAU;YACV,WAAW;YACX,KAAK,EAAE,UAAU,KAAK,WAAW;SACpC,CAAC;IACN,CAAC,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG;QACZ,KAAK,EAAE,OAAO,CAAC,MAAM;QACrB,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,MAAM;QAC9C,UAAU,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;QAC3C,QAAQ,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC;KAC1C,CAAC;IAEF,OAAO;QACH,IAAI;QACJ,MAAM,EAAE,UAAU,CAAC,MAAM;QACzB,OAAO;QACP,OAAO;KACV,CAAC;AACN,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,CACnC,UAAsC,EAAE,EAC1C,EAAE;IACA,MAAM,KAAK,GAAG;QACV,iBAAiB,CAAC,MAAM;QACxB,iBAAiB,CAAC,kBAAkB;QACpC,iBAAiB,CAAC,MAAM;QACxB,iBAAiB,CAAC,SAAS;QAC3B,iBAAiB,CAAC,KAAK;KAC1B,CAAC;IAEF,MAAM,SAAS,GAAG,uBAAuB,EAAE,CAAC;IAC5C,MAAM,OAAO,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAC/B,4BAA4B,CAAC,IAAI,EAAE,SAAS,EAAE,OAAO,CAAC,CACzD,CAAC;IAEF,MAAM,cAAc,GAAG;QACnB,cAAc,EAAE,OAAO,CAAC,MAAM;QAC9B,eAAe,EAAE,OAAO;aACnB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;aACjC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;QACvB,WAAW,EAAE,OAAO;aACf,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;aAClC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACT,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,UAAU,EAAE,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,MAAM;SAC1C,CAAC,CAAC;QACP,cAAc,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;QACpE,YAAY,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;KACvE,CAAC;IAEF,OAAO;QACH,WAAW,EAAE,OAAO;QACpB,cAAc;QACd,aAAa,EAAE,cAAc,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC;KACzD,CAAC;AACN,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,IAAuB,EAAE,EAAE;IAC7D,MAAM,SAAS,GAAG,uBAAuB,EAAE,CAAC;IAC5C,MAAM,UAAU,GAAG,4BAA4B,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IAEjE,MAAM,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IAE9D,OAAO,CAAC,KAAK,CAAC,gBAAgB,IAAI,yBAAyB,CAAC,CAAC;IAC7D,OAAO,CAAC,KAAK,CAAC,oBAAoB,UAAU,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IAC9D,OAAO,CAAC,KAAK,CAAC,eAAe,UAAU,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC;IACzD,OAAO,CAAC,KAAK,CAAC,YAAY,UAAU,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;IACxD,OAAO,CAAC,KAAK,CAAC,eAAe,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;IAElD,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,OAAO,CAAC,KAAK,CAAC,kCAAkC,CAAC,CAAC;QAClD,UAAU,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,EAAE;YAC5B,OAAO,CAAC,KAAK,CAAC,GAAG,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC;YACxD,OAAO,CAAC,KAAK,CAAC,iBAAiB,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;YACtD,OAAO,CAAC,KAAK,CAAC,kBAAkB,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;YACxD,OAAO,CAAC,KAAK,CAAC,aAAa,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAChD,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QACtB,CAAC,CAAC,CAAC;IACP,CAAC;IAED,OAAO,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;IACpC,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC;IAEpE,OAAO,UAAU,CAAC;AACtB,CAAC,CAAC"}
|
|
@@ -1,23 +1,29 @@
|
|
|
1
|
+
import { type AbilityBuilder } from '@casl/ability';
|
|
1
2
|
import { type MemberAbility } from './types';
|
|
2
|
-
type
|
|
3
|
+
type OptionalIdContext = {
|
|
3
4
|
organizationUuid: string;
|
|
5
|
+
projectUuid?: never;
|
|
6
|
+
} | {
|
|
4
7
|
projectUuid: string;
|
|
5
|
-
|
|
8
|
+
organizationUuid?: never;
|
|
9
|
+
};
|
|
10
|
+
type BuilderOptions = {
|
|
11
|
+
userUuid: string;
|
|
6
12
|
scopes: string[];
|
|
7
|
-
isEnterprise: boolean;
|
|
8
|
-
organizationRole
|
|
13
|
+
isEnterprise: boolean | undefined;
|
|
14
|
+
organizationRole?: string;
|
|
9
15
|
permissionsConfig?: {
|
|
10
16
|
pat: {
|
|
11
17
|
enabled: boolean;
|
|
12
18
|
allowedOrgRoles: string[];
|
|
13
19
|
};
|
|
14
20
|
};
|
|
15
|
-
};
|
|
21
|
+
} & OptionalIdContext;
|
|
16
22
|
/**
|
|
17
|
-
*
|
|
23
|
+
* Apply CASL abilities from scopes to a builder
|
|
18
24
|
* @param context - Context containing organization, project, user, and space access information
|
|
19
|
-
* @
|
|
25
|
+
* @param builder - CASL ability builder to add permissions to
|
|
20
26
|
*/
|
|
21
|
-
export declare const buildAbilityFromScopes: (context: BuilderOptions) =>
|
|
27
|
+
export declare const buildAbilityFromScopes: (context: BuilderOptions, builder: AbilityBuilder<MemberAbility>) => void;
|
|
22
28
|
export {};
|
|
23
29
|
//# sourceMappingURL=scopeAbilityBuilder.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scopeAbilityBuilder.d.ts","sourceRoot":"","sources":["../../../src/authorization/scopeAbilityBuilder.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"scopeAbilityBuilder.d.ts","sourceRoot":"","sources":["../../../src/authorization/scopeAbilityBuilder.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,cAAc,EAAE,MAAM,eAAe,CAAC;AAIpD,OAAO,EAAE,KAAK,aAAa,EAAE,MAAM,SAAS,CAAC;AAqD7C,KAAK,iBAAiB,GAChB;IACI,gBAAgB,EAAE,MAAM,CAAC;IACzB,WAAW,CAAC,EAAE,KAAK,CAAC;CACvB,GACD;IACI,WAAW,EAAE,MAAM,CAAC;IACpB,gBAAgB,CAAC,EAAE,KAAK,CAAC;CAC5B,CAAC;AAER,KAAK,cAAc,GAAG;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,YAAY,EAAE,OAAO,GAAG,SAAS,CAAC;IAClC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,iBAAiB,CAAC,EAAE;QAChB,GAAG,EAAE;YACD,OAAO,EAAE,OAAO,CAAC;YACjB,eAAe,EAAE,MAAM,EAAE,CAAC;SAC7B,CAAC;KACL,CAAC;CACL,GAAG,iBAAiB,CAAC;AAEtB;;;;GAIG;AACH,eAAO,MAAM,sBAAsB,YACtB,cAAc,WACd,cAAc,CAAC,aAAa,CAAC,KACvC,IAaF,CAAC"}
|
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
import { Ability, AbilityBuilder } from '@casl/ability';
|
|
2
1
|
import { parseScope, parseScopes } from './parseScopes';
|
|
3
2
|
import { getAllScopeMap } from './scopes';
|
|
4
3
|
const handlePatConfigApplication = (context, builder) => {
|
|
@@ -6,6 +5,7 @@ const handlePatConfigApplication = (context, builder) => {
|
|
|
6
5
|
const hasPatRule = builder.rules.find((rule) => rule.action === 'manage' && rule.subject === 'PersonalAccessToken');
|
|
7
6
|
if (!hasPatRule &&
|
|
8
7
|
pat?.enabled &&
|
|
8
|
+
context.organizationRole &&
|
|
9
9
|
pat?.allowedOrgRoles?.includes(context.organizationRole)) {
|
|
10
10
|
builder.can('manage', 'PersonalAccessToken');
|
|
11
11
|
}
|
|
@@ -34,21 +34,21 @@ const applyScopeAbilities = (context, builder) => {
|
|
|
34
34
|
handlePatConfigApplication(context, builder);
|
|
35
35
|
};
|
|
36
36
|
/**
|
|
37
|
-
*
|
|
37
|
+
* Apply CASL abilities from scopes to a builder
|
|
38
38
|
* @param context - Context containing organization, project, user, and space access information
|
|
39
|
-
* @
|
|
39
|
+
* @param builder - CASL ability builder to add permissions to
|
|
40
40
|
*/
|
|
41
|
-
export const buildAbilityFromScopes = (context) => {
|
|
42
|
-
const
|
|
41
|
+
export const buildAbilityFromScopes = (context, builder) => {
|
|
42
|
+
const isEnterprise = context.isEnterprise ?? false;
|
|
43
43
|
const scopes = parseScopes({
|
|
44
44
|
scopes: context.scopes,
|
|
45
|
-
isEnterprise
|
|
45
|
+
isEnterprise,
|
|
46
46
|
});
|
|
47
47
|
const parsedContext = {
|
|
48
48
|
...context,
|
|
49
49
|
scopes,
|
|
50
|
+
isEnterprise,
|
|
50
51
|
};
|
|
51
52
|
applyScopeAbilities(parsedContext, builder);
|
|
52
|
-
return builder.build();
|
|
53
53
|
};
|
|
54
54
|
//# sourceMappingURL=scopeAbilityBuilder.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"scopeAbilityBuilder.js","sourceRoot":"","sources":["../../../src/authorization/scopeAbilityBuilder.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"scopeAbilityBuilder.js","sourceRoot":"","sources":["../../../src/authorization/scopeAbilityBuilder.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AACxD,OAAO,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAG1C,MAAM,0BAA0B,GAAG,CAC/B,OAAqB,EACrB,OAAsC,EACxC,EAAE;IACA,MAAM,EAAE,GAAG,EAAE,GAAG,OAAO,EAAE,iBAAiB,IAAI,EAAE,CAAC;IACjD,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CACjC,CAAC,IAAI,EAAE,EAAE,CACL,IAAI,CAAC,MAAM,KAAK,QAAQ,IAAI,IAAI,CAAC,OAAO,KAAK,qBAAqB,CACzE,CAAC;IAEF,IACI,CAAC,UAAU;QACX,GAAG,EAAE,OAAO;QACZ,OAAO,CAAC,gBAAgB;QACxB,GAAG,EAAE,eAAe,EAAE,QAAQ,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAC1D,CAAC;QACC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,qBAAqB,CAAC,CAAC;IACjD,CAAC;AACL,CAAC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,mBAAmB,GAAG,CACxB,OAAqB,EACrB,OAAsC,EAClC,EAAE;IACN,MAAM,QAAQ,GAAG,cAAc,CAAC,EAAE,YAAY,EAAE,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC;IAExE,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,EAAE;QACjC,MAAM,KAAK,GAAG,QAAQ,CAAC,SAAS,CAAC,CAAC;QAElC,IAAI,CAAC,KAAK;YAAE,OAAO;QAEnB,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;QAChD,MAAM,cAAc,GAAG,KAAK,CAAC,aAAa;YACtC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,OAAO,CAAC;YAC9B,CAAC,CAAC,EAAE,CAAC;QAET,2BAA2B;QAC3B,cAAc,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,EAAE;YAClC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC;QAC7C,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,0BAA0B,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;AACjD,CAAC,CAAC;AAyBF;;;;GAIG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAClC,OAAuB,EACvB,OAAsC,EAClC,EAAE;IACN,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,IAAI,KAAK,CAAC;IACnD,MAAM,MAAM,GAAG,WAAW,CAAC;QACvB,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,YAAY;KACf,CAAC,CAAC;IACH,MAAM,aAAa,GAAG;QAClB,GAAG,OAAO;QACV,MAAM;QACN,YAAY;KACf,CAAC;IAEF,mBAAmB,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;AAChD,CAAC,CAAC"}
|