@lightdash/common 0.2884.2 → 0.2885.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/.tsbuildinfo +1 -1
- package/dist/cjs/authorization/getUserAbilityBuilder.test.d.ts +2 -0
- package/dist/cjs/authorization/getUserAbilityBuilder.test.d.ts.map +1 -0
- package/dist/cjs/authorization/getUserAbilityBuilder.test.js +172 -0
- package/dist/cjs/authorization/getUserAbilityBuilder.test.js.map +1 -0
- package/dist/cjs/authorization/index.d.ts.map +1 -1
- package/dist/cjs/authorization/index.js +27 -8
- package/dist/cjs/authorization/index.js.map +1 -1
- package/dist/cjs/authorization/organizationMemberAbility.d.ts +1 -0
- package/dist/cjs/authorization/organizationMemberAbility.d.ts.map +1 -1
- package/dist/cjs/authorization/organizationMemberAbility.js +8 -7
- package/dist/cjs/authorization/organizationMemberAbility.js.map +1 -1
- package/dist/cjs/authorization/serviceAccountAbility.d.ts +2 -1
- package/dist/cjs/authorization/serviceAccountAbility.d.ts.map +1 -1
- package/dist/cjs/authorization/serviceAccountAbility.js +34 -3
- package/dist/cjs/authorization/serviceAccountAbility.js.map +1 -1
- package/dist/cjs/ee/serviceAccounts/types.d.ts +15 -3
- package/dist/cjs/ee/serviceAccounts/types.d.ts.map +1 -1
- package/dist/cjs/ee/serviceAccounts/types.js +14 -0
- package/dist/cjs/ee/serviceAccounts/types.js.map +1 -1
- package/dist/cjs/index.d.ts +1 -0
- package/dist/cjs/index.d.ts.map +1 -1
- package/dist/cjs/index.js +1 -0
- package/dist/cjs/index.js.map +1 -1
- package/dist/esm/.tsbuildinfo +1 -1
- package/dist/esm/authorization/getUserAbilityBuilder.test.d.ts +2 -0
- package/dist/esm/authorization/getUserAbilityBuilder.test.d.ts.map +1 -0
- package/dist/esm/authorization/getUserAbilityBuilder.test.js +169 -0
- package/dist/esm/authorization/getUserAbilityBuilder.test.js.map +1 -0
- package/dist/esm/authorization/index.d.ts.map +1 -1
- package/dist/esm/authorization/index.js +27 -8
- package/dist/esm/authorization/index.js.map +1 -1
- package/dist/esm/authorization/organizationMemberAbility.d.ts +1 -0
- package/dist/esm/authorization/organizationMemberAbility.d.ts.map +1 -1
- package/dist/esm/authorization/organizationMemberAbility.js +1 -1
- package/dist/esm/authorization/organizationMemberAbility.js.map +1 -1
- package/dist/esm/authorization/serviceAccountAbility.d.ts +2 -1
- package/dist/esm/authorization/serviceAccountAbility.d.ts.map +1 -1
- package/dist/esm/authorization/serviceAccountAbility.js +34 -3
- package/dist/esm/authorization/serviceAccountAbility.js.map +1 -1
- package/dist/esm/ee/serviceAccounts/types.d.ts +15 -3
- package/dist/esm/ee/serviceAccounts/types.d.ts.map +1 -1
- package/dist/esm/ee/serviceAccounts/types.js +14 -0
- package/dist/esm/ee/serviceAccounts/types.js.map +1 -1
- package/dist/esm/index.d.ts +1 -0
- package/dist/esm/index.d.ts.map +1 -1
- package/dist/esm/index.js +1 -0
- package/dist/esm/index.js.map +1 -1
- package/dist/types/.tsbuildinfo +1 -1
- package/dist/types/authorization/getUserAbilityBuilder.test.d.ts +2 -0
- package/dist/types/authorization/getUserAbilityBuilder.test.d.ts.map +1 -0
- package/dist/types/authorization/getUserAbilityBuilder.test.js +169 -0
- package/dist/types/authorization/getUserAbilityBuilder.test.js.map +1 -0
- package/dist/types/authorization/index.d.ts.map +1 -1
- package/dist/types/authorization/index.js +27 -8
- package/dist/types/authorization/index.js.map +1 -1
- package/dist/types/authorization/organizationMemberAbility.d.ts +1 -0
- package/dist/types/authorization/organizationMemberAbility.d.ts.map +1 -1
- package/dist/types/authorization/organizationMemberAbility.js +1 -1
- package/dist/types/authorization/organizationMemberAbility.js.map +1 -1
- package/dist/types/authorization/serviceAccountAbility.d.ts +2 -1
- package/dist/types/authorization/serviceAccountAbility.d.ts.map +1 -1
- package/dist/types/authorization/serviceAccountAbility.js +34 -3
- package/dist/types/authorization/serviceAccountAbility.js.map +1 -1
- package/dist/types/ee/serviceAccounts/types.d.ts +15 -3
- package/dist/types/ee/serviceAccounts/types.d.ts.map +1 -1
- package/dist/types/ee/serviceAccounts/types.js +14 -0
- package/dist/types/ee/serviceAccounts/types.js.map +1 -1
- package/dist/types/index.d.ts +1 -0
- package/dist/types/index.d.ts.map +1 -1
- package/dist/types/index.js +1 -0
- package/dist/types/index.js.map +1 -1
- package/package.json +1 -1
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"getUserAbilityBuilder.test.d.ts","sourceRoot":"","sources":["../../../src/authorization/getUserAbilityBuilder.test.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,172 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
const tslib_1 = require("tslib");
|
|
4
|
+
const ability_1 = require("@casl/ability");
|
|
5
|
+
const organizationMemberProfile_1 = require("../types/organizationMemberProfile");
|
|
6
|
+
const index_1 = require("./index");
|
|
7
|
+
const organizationMemberAbility_1 = tslib_1.__importDefault(require("./organizationMemberAbility"));
|
|
8
|
+
const ORG_UUID = 'test-org-uuid';
|
|
9
|
+
const USER_UUID = 'test-user-uuid';
|
|
10
|
+
const CUSTOM_ROLE_UUID = '11111111-1111-4111-a111-111111111111';
|
|
11
|
+
const PERMISSIONS_CONFIG = {
|
|
12
|
+
pat: { enabled: false, allowedOrgRoles: [] },
|
|
13
|
+
};
|
|
14
|
+
const buildExpected = (role) => {
|
|
15
|
+
const builder = new ability_1.AbilityBuilder(ability_1.Ability);
|
|
16
|
+
(0, organizationMemberAbility_1.default)({
|
|
17
|
+
role,
|
|
18
|
+
member: { organizationUuid: ORG_UUID, userUuid: USER_UUID },
|
|
19
|
+
builder,
|
|
20
|
+
permissionsConfig: PERMISSIONS_CONFIG,
|
|
21
|
+
});
|
|
22
|
+
return builder.build().rules;
|
|
23
|
+
};
|
|
24
|
+
const ruleSetEqual = (a, b) => {
|
|
25
|
+
expect(a.length).toBe(b.length);
|
|
26
|
+
expect(JSON.stringify(a.slice().sort())).toBe(JSON.stringify(b.slice().sort()));
|
|
27
|
+
};
|
|
28
|
+
describe('getUserAbilityBuilder — org-level role resolution', () => {
|
|
29
|
+
describe('Backwards compatibility with system roles', () => {
|
|
30
|
+
it.each([
|
|
31
|
+
organizationMemberProfile_1.OrganizationMemberRole.MEMBER,
|
|
32
|
+
organizationMemberProfile_1.OrganizationMemberRole.VIEWER,
|
|
33
|
+
organizationMemberProfile_1.OrganizationMemberRole.INTERACTIVE_VIEWER,
|
|
34
|
+
organizationMemberProfile_1.OrganizationMemberRole.EDITOR,
|
|
35
|
+
organizationMemberProfile_1.OrganizationMemberRole.DEVELOPER,
|
|
36
|
+
organizationMemberProfile_1.OrganizationMemberRole.ADMIN,
|
|
37
|
+
])('%s user without roleUuid uses the system role path (unchanged)', (role) => {
|
|
38
|
+
const builder = (0, index_1.getUserAbilityBuilder)({
|
|
39
|
+
user: {
|
|
40
|
+
role,
|
|
41
|
+
organizationUuid: ORG_UUID,
|
|
42
|
+
userUuid: USER_UUID,
|
|
43
|
+
roleUuid: undefined,
|
|
44
|
+
},
|
|
45
|
+
projectProfiles: [],
|
|
46
|
+
permissionsConfig: PERMISSIONS_CONFIG,
|
|
47
|
+
});
|
|
48
|
+
ruleSetEqual(builder.build().rules, buildExpected(role));
|
|
49
|
+
});
|
|
50
|
+
});
|
|
51
|
+
describe('Custom-roles feature flag', () => {
|
|
52
|
+
it('falls through to the system role path when customRolesEnabled=false (even if roleUuid is set)', () => {
|
|
53
|
+
const builder = (0, index_1.getUserAbilityBuilder)({
|
|
54
|
+
user: {
|
|
55
|
+
role: organizationMemberProfile_1.OrganizationMemberRole.ADMIN,
|
|
56
|
+
organizationUuid: ORG_UUID,
|
|
57
|
+
userUuid: USER_UUID,
|
|
58
|
+
roleUuid: CUSTOM_ROLE_UUID,
|
|
59
|
+
},
|
|
60
|
+
projectProfiles: [],
|
|
61
|
+
permissionsConfig: PERMISSIONS_CONFIG,
|
|
62
|
+
customRoleScopes: { [CUSTOM_ROLE_UUID]: ['view:Dashboard'] },
|
|
63
|
+
customRolesEnabled: false, // gate off
|
|
64
|
+
});
|
|
65
|
+
ruleSetEqual(builder.build().rules, buildExpected(organizationMemberProfile_1.OrganizationMemberRole.ADMIN));
|
|
66
|
+
});
|
|
67
|
+
it('falls through to the system role path when customRolesEnabled=true but the role has no scopes loaded', () => {
|
|
68
|
+
const builder = (0, index_1.getUserAbilityBuilder)({
|
|
69
|
+
user: {
|
|
70
|
+
role: organizationMemberProfile_1.OrganizationMemberRole.ADMIN,
|
|
71
|
+
organizationUuid: ORG_UUID,
|
|
72
|
+
userUuid: USER_UUID,
|
|
73
|
+
roleUuid: CUSTOM_ROLE_UUID,
|
|
74
|
+
},
|
|
75
|
+
projectProfiles: [],
|
|
76
|
+
permissionsConfig: PERMISSIONS_CONFIG,
|
|
77
|
+
customRoleScopes: {}, // no scopes for this role
|
|
78
|
+
customRolesEnabled: true,
|
|
79
|
+
});
|
|
80
|
+
ruleSetEqual(builder.build().rules, buildExpected(organizationMemberProfile_1.OrganizationMemberRole.ADMIN));
|
|
81
|
+
});
|
|
82
|
+
});
|
|
83
|
+
describe('Org-level custom role active', () => {
|
|
84
|
+
it('uses the scope-derived path when roleUuid + customRolesEnabled + scopes are all present', () => {
|
|
85
|
+
// A custom role granting only view:Dashboard. Admin's normal
|
|
86
|
+
// abilities should NOT appear (e.g. manage:InviteLink).
|
|
87
|
+
const builder = (0, index_1.getUserAbilityBuilder)({
|
|
88
|
+
user: {
|
|
89
|
+
role: organizationMemberProfile_1.OrganizationMemberRole.ADMIN, // ignored — custom role wins
|
|
90
|
+
organizationUuid: ORG_UUID,
|
|
91
|
+
userUuid: USER_UUID,
|
|
92
|
+
roleUuid: CUSTOM_ROLE_UUID,
|
|
93
|
+
},
|
|
94
|
+
projectProfiles: [],
|
|
95
|
+
permissionsConfig: PERMISSIONS_CONFIG,
|
|
96
|
+
customRoleScopes: { [CUSTOM_ROLE_UUID]: ['view:Dashboard'] },
|
|
97
|
+
customRolesEnabled: true,
|
|
98
|
+
});
|
|
99
|
+
const ability = builder.build();
|
|
100
|
+
// Custom role grants what the scope says
|
|
101
|
+
expect(ability.rules.find((r) => r.subject === 'Dashboard')).toBeDefined();
|
|
102
|
+
// Admin abilities are NOT present
|
|
103
|
+
expect(ability.rules.find((r) => r.subject === 'InviteLink')).toBeUndefined();
|
|
104
|
+
expect(ability.rules.find((r) => r.subject === 'Organization')).toBeUndefined();
|
|
105
|
+
});
|
|
106
|
+
it('different custom roles produce different abilities (smoke)', () => {
|
|
107
|
+
const READ_ONLY_UUID = '22222222-2222-4222-a222-222222222222';
|
|
108
|
+
const EDIT_UUID = '33333333-3333-4333-a333-333333333333';
|
|
109
|
+
const readOnlyBuilder = (0, index_1.getUserAbilityBuilder)({
|
|
110
|
+
user: {
|
|
111
|
+
role: organizationMemberProfile_1.OrganizationMemberRole.MEMBER,
|
|
112
|
+
organizationUuid: ORG_UUID,
|
|
113
|
+
userUuid: USER_UUID,
|
|
114
|
+
roleUuid: READ_ONLY_UUID,
|
|
115
|
+
},
|
|
116
|
+
projectProfiles: [],
|
|
117
|
+
permissionsConfig: PERMISSIONS_CONFIG,
|
|
118
|
+
customRoleScopes: {
|
|
119
|
+
[READ_ONLY_UUID]: ['view:Dashboard'],
|
|
120
|
+
[EDIT_UUID]: ['view:Dashboard', 'manage:Dashboard'],
|
|
121
|
+
},
|
|
122
|
+
customRolesEnabled: true,
|
|
123
|
+
});
|
|
124
|
+
const editBuilder = (0, index_1.getUserAbilityBuilder)({
|
|
125
|
+
user: {
|
|
126
|
+
role: organizationMemberProfile_1.OrganizationMemberRole.MEMBER,
|
|
127
|
+
organizationUuid: ORG_UUID,
|
|
128
|
+
userUuid: USER_UUID,
|
|
129
|
+
roleUuid: EDIT_UUID,
|
|
130
|
+
},
|
|
131
|
+
projectProfiles: [],
|
|
132
|
+
permissionsConfig: PERMISSIONS_CONFIG,
|
|
133
|
+
customRoleScopes: {
|
|
134
|
+
[READ_ONLY_UUID]: ['view:Dashboard'],
|
|
135
|
+
[EDIT_UUID]: ['view:Dashboard', 'manage:Dashboard'],
|
|
136
|
+
},
|
|
137
|
+
customRolesEnabled: true,
|
|
138
|
+
});
|
|
139
|
+
const readOnlyRules = readOnlyBuilder.build().rules;
|
|
140
|
+
const editRules = editBuilder.build().rules;
|
|
141
|
+
// Edit role has manage rules; readOnly does not
|
|
142
|
+
expect(editRules.some((r) => r.action === 'manage')).toBe(true);
|
|
143
|
+
expect(readOnlyRules.some((r) => r.action === 'manage')).toBe(false);
|
|
144
|
+
});
|
|
145
|
+
});
|
|
146
|
+
describe('Project profile resolution still works alongside org-level custom roles', () => {
|
|
147
|
+
it('combines org system role with project-level system role', () => {
|
|
148
|
+
const PROJECT_UUID = 'test-project-uuid';
|
|
149
|
+
const builder = (0, index_1.getUserAbilityBuilder)({
|
|
150
|
+
user: {
|
|
151
|
+
role: organizationMemberProfile_1.OrganizationMemberRole.MEMBER,
|
|
152
|
+
organizationUuid: ORG_UUID,
|
|
153
|
+
userUuid: USER_UUID,
|
|
154
|
+
roleUuid: undefined,
|
|
155
|
+
},
|
|
156
|
+
projectProfiles: [
|
|
157
|
+
{
|
|
158
|
+
projectUuid: PROJECT_UUID,
|
|
159
|
+
role: 'admin', // ProjectMemberRole.ADMIN
|
|
160
|
+
userUuid: USER_UUID,
|
|
161
|
+
roleUuid: undefined,
|
|
162
|
+
},
|
|
163
|
+
],
|
|
164
|
+
permissionsConfig: PERMISSIONS_CONFIG,
|
|
165
|
+
});
|
|
166
|
+
const { rules } = builder.build();
|
|
167
|
+
// Org member abilities (minimal) plus project admin abilities
|
|
168
|
+
expect(rules.length).toBeGreaterThan(0);
|
|
169
|
+
});
|
|
170
|
+
});
|
|
171
|
+
});
|
|
172
|
+
//# sourceMappingURL=getUserAbilityBuilder.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"getUserAbilityBuilder.test.js","sourceRoot":"","sources":["../../../src/authorization/getUserAbilityBuilder.test.ts"],"names":[],"mappings":";;;AAAA,2CAAwD;AACxD,kFAA4E;AAC5E,mCAAgD;AAChD,oGAA2E;AAG3E,MAAM,QAAQ,GAAG,eAAe,CAAC;AACjC,MAAM,SAAS,GAAG,gBAAgB,CAAC;AACnC,MAAM,gBAAgB,GAAG,sCAAsC,CAAC;AAEhE,MAAM,kBAAkB,GAAG;IACvB,GAAG,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,eAAe,EAAE,EAAE,EAAE;CAC/C,CAAC;AAEF,MAAM,aAAa,GAAG,CAAC,IAA4B,EAAE,EAAE;IACnD,MAAM,OAAO,GAAG,IAAI,wBAAc,CAAgB,iBAAO,CAAC,CAAC;IAC3D,IAAA,mCAAgC,EAAC;QAC7B,IAAI;QACJ,MAAM,EAAE,EAAE,gBAAgB,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE;QAC3D,OAAO;QACP,iBAAiB,EAAE,kBAAkB;KACxC,CAAC,CAAC;IACH,OAAO,OAAO,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC;AACjC,CAAC,CAAC;AAEF,MAAM,YAAY,GAAG,CAAC,CAAY,EAAE,CAAY,EAAE,EAAE;IAChD,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;IAChC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CACzC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,CAAC,CACnC,CAAC;AACN,CAAC,CAAC;AAEF,QAAQ,CAAC,mDAAmD,EAAE,GAAG,EAAE;IAC/D,QAAQ,CAAC,2CAA2C,EAAE,GAAG,EAAE;QACvD,EAAE,CAAC,IAAI,CAAC;YACJ,kDAAsB,CAAC,MAAM;YAC7B,kDAAsB,CAAC,MAAM;YAC7B,kDAAsB,CAAC,kBAAkB;YACzC,kDAAsB,CAAC,MAAM;YAC7B,kDAAsB,CAAC,SAAS;YAChC,kDAAsB,CAAC,KAAK;SAC/B,CAAC,CACE,gEAAgE,EAChE,CAAC,IAAI,EAAE,EAAE;YACL,MAAM,OAAO,GAAG,IAAA,6BAAqB,EAAC;gBAClC,IAAI,EAAE;oBACF,IAAI;oBACJ,gBAAgB,EAAE,QAAQ;oBAC1B,QAAQ,EAAE,SAAS;oBACnB,QAAQ,EAAE,SAAS;iBACtB;gBACD,eAAe,EAAE,EAAE;gBACnB,iBAAiB,EAAE,kBAAkB;aACxC,CAAC,CAAC;YACH,YAAY,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC,KAAK,EAAE,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;QAC7D,CAAC,CACJ,CAAC;IACN,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,2BAA2B,EAAE,GAAG,EAAE;QACvC,EAAE,CAAC,+FAA+F,EAAE,GAAG,EAAE;YACrG,MAAM,OAAO,GAAG,IAAA,6BAAqB,EAAC;gBAClC,IAAI,EAAE;oBACF,IAAI,EAAE,kDAAsB,CAAC,KAAK;oBAClC,gBAAgB,EAAE,QAAQ;oBAC1B,QAAQ,EAAE,SAAS;oBACnB,QAAQ,EAAE,gBAAgB;iBAC7B;gBACD,eAAe,EAAE,EAAE;gBACnB,iBAAiB,EAAE,kBAAkB;gBACrC,gBAAgB,EAAE,EAAE,CAAC,gBAAgB,CAAC,EAAE,CAAC,gBAAgB,CAAC,EAAE;gBAC5D,kBAAkB,EAAE,KAAK,EAAE,WAAW;aACzC,CAAC,CAAC;YACH,YAAY,CACR,OAAO,CAAC,KAAK,EAAE,CAAC,KAAK,EACrB,aAAa,CAAC,kDAAsB,CAAC,KAAK,CAAC,CAC9C,CAAC;QACN,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sGAAsG,EAAE,GAAG,EAAE;YAC5G,MAAM,OAAO,GAAG,IAAA,6BAAqB,EAAC;gBAClC,IAAI,EAAE;oBACF,IAAI,EAAE,kDAAsB,CAAC,KAAK;oBAClC,gBAAgB,EAAE,QAAQ;oBAC1B,QAAQ,EAAE,SAAS;oBACnB,QAAQ,EAAE,gBAAgB;iBAC7B;gBACD,eAAe,EAAE,EAAE;gBACnB,iBAAiB,EAAE,kBAAkB;gBACrC,gBAAgB,EAAE,EAAE,EAAE,0BAA0B;gBAChD,kBAAkB,EAAE,IAAI;aAC3B,CAAC,CAAC;YACH,YAAY,CACR,OAAO,CAAC,KAAK,EAAE,CAAC,KAAK,EACrB,aAAa,CAAC,kDAAsB,CAAC,KAAK,CAAC,CAC9C,CAAC;QACN,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,8BAA8B,EAAE,GAAG,EAAE;QAC1C,EAAE,CAAC,yFAAyF,EAAE,GAAG,EAAE;YAC/F,6DAA6D;YAC7D,wDAAwD;YACxD,MAAM,OAAO,GAAG,IAAA,6BAAqB,EAAC;gBAClC,IAAI,EAAE;oBACF,IAAI,EAAE,kDAAsB,CAAC,KAAK,EAAE,6BAA6B;oBACjE,gBAAgB,EAAE,QAAQ;oBAC1B,QAAQ,EAAE,SAAS;oBACnB,QAAQ,EAAE,gBAAgB;iBAC7B;gBACD,eAAe,EAAE,EAAE;gBACnB,iBAAiB,EAAE,kBAAkB;gBACrC,gBAAgB,EAAE,EAAE,CAAC,gBAAgB,CAAC,EAAE,CAAC,gBAAgB,CAAC,EAAE;gBAC5D,kBAAkB,EAAE,IAAI;aAC3B,CAAC,CAAC;YACH,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,EAAE,CAAC;YAChC,yCAAyC;YACzC,MAAM,CACF,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,WAAW,CAAC,CACvD,CAAC,WAAW,EAAE,CAAC;YAChB,kCAAkC;YAClC,MAAM,CACF,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,YAAY,CAAC,CACxD,CAAC,aAAa,EAAE,CAAC;YAClB,MAAM,CACF,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,cAAc,CAAC,CAC1D,CAAC,aAAa,EAAE,CAAC;QACtB,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4DAA4D,EAAE,GAAG,EAAE;YAClE,MAAM,cAAc,GAAG,sCAAsC,CAAC;YAC9D,MAAM,SAAS,GAAG,sCAAsC,CAAC;YAEzD,MAAM,eAAe,GAAG,IAAA,6BAAqB,EAAC;gBAC1C,IAAI,EAAE;oBACF,IAAI,EAAE,kDAAsB,CAAC,MAAM;oBACnC,gBAAgB,EAAE,QAAQ;oBAC1B,QAAQ,EAAE,SAAS;oBACnB,QAAQ,EAAE,cAAc;iBAC3B;gBACD,eAAe,EAAE,EAAE;gBACnB,iBAAiB,EAAE,kBAAkB;gBACrC,gBAAgB,EAAE;oBACd,CAAC,cAAc,CAAC,EAAE,CAAC,gBAAgB,CAAC;oBACpC,CAAC,SAAS,CAAC,EAAE,CAAC,gBAAgB,EAAE,kBAAkB,CAAC;iBACtD;gBACD,kBAAkB,EAAE,IAAI;aAC3B,CAAC,CAAC;YAEH,MAAM,WAAW,GAAG,IAAA,6BAAqB,EAAC;gBACtC,IAAI,EAAE;oBACF,IAAI,EAAE,kDAAsB,CAAC,MAAM;oBACnC,gBAAgB,EAAE,QAAQ;oBAC1B,QAAQ,EAAE,SAAS;oBACnB,QAAQ,EAAE,SAAS;iBACtB;gBACD,eAAe,EAAE,EAAE;gBACnB,iBAAiB,EAAE,kBAAkB;gBACrC,gBAAgB,EAAE;oBACd,CAAC,cAAc,CAAC,EAAE,CAAC,gBAAgB,CAAC;oBACpC,CAAC,SAAS,CAAC,EAAE,CAAC,gBAAgB,EAAE,kBAAkB,CAAC;iBACtD;gBACD,kBAAkB,EAAE,IAAI;aAC3B,CAAC,CAAC;YAEH,MAAM,aAAa,GAAG,eAAe,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC;YACpD,MAAM,SAAS,GAAG,WAAW,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC;YAC5C,gDAAgD;YAChD,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAChE,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CACzD,KAAK,CACR,CAAC;QACN,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,yEAAyE,EAAE,GAAG,EAAE;QACrF,EAAE,CAAC,yDAAyD,EAAE,GAAG,EAAE;YAC/D,MAAM,YAAY,GAAG,mBAAmB,CAAC;YACzC,MAAM,OAAO,GAAG,IAAA,6BAAqB,EAAC;gBAClC,IAAI,EAAE;oBACF,IAAI,EAAE,kDAAsB,CAAC,MAAM;oBACnC,gBAAgB,EAAE,QAAQ;oBAC1B,QAAQ,EAAE,SAAS;oBACnB,QAAQ,EAAE,SAAS;iBACtB;gBACD,eAAe,EAAE;oBACb;wBACI,WAAW,EAAE,YAAY;wBACzB,IAAI,EAAE,OAAgB,EAAE,0BAA0B;wBAClD,QAAQ,EAAE,SAAS;wBACnB,QAAQ,EAAE,SAAS;qBACtB;iBACJ;gBACD,iBAAiB,EAAE,kBAAkB;aACxC,CAAC,CAAC;YACH,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,KAAK,EAAE,CAAC;YAClC,8DAA8D;YAC9D,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;QAC5C,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;AACP,CAAC,CAAC,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/authorization/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAW,cAAc,EAAE,MAAM,eAAe,CAAC;AAExD,OAAO,EAAE,KAAK,oBAAoB,EAAE,MAAM,+BAA+B,CAAC;AAC1E,OAAO,EAAE,KAAK,IAAI,EAAE,KAAK,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChE,OAAO,EAAE,KAAK,aAAa,EAAE,MAAM,eAAe,CAAC;AACnD,OAAyC,EACrC,KAAK,+BAA+B,EACvC,MAAM,6BAA6B,CAAC;AAGrC,OAAO,EAAE,KAAK,aAAa,EAAE,MAAM,SAAS,CAAC;AAE7C,KAAK,sBAAsB,GAAG;IAC1B,IAAI,EAAE,IAAI,CACN,aAAa,EACb,MAAM,GAAG,kBAAkB,GAAG,UAAU,GAAG,UAAU,CACxD,CAAC;IACF,eAAe,EAAE,IAAI,CACjB,oBAAoB,EACpB,aAAa,GAAG,MAAM,GAAG,UAAU,GAAG,UAAU,CACnD,EAAE,CAAC;IACJ,iBAAiB,EAAE,+BAA+B,CAAC,mBAAmB,CAAC,CAAC;IACxE,gBAAgB,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC;IACtE,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,YAAY,CAAC,EAAE,OAAO,CAAC;CAC1B,CAAC;AAEF,eAAO,MAAM,eAAe,0BAA0B,CAAC;AAEvD,eAAO,MAAM,qBAAqB,GAAI,mGAOnC,sBAAsB,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/authorization/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAW,cAAc,EAAE,MAAM,eAAe,CAAC;AAExD,OAAO,EAAE,KAAK,oBAAoB,EAAE,MAAM,+BAA+B,CAAC;AAC1E,OAAO,EAAE,KAAK,IAAI,EAAE,KAAK,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChE,OAAO,EAAE,KAAK,aAAa,EAAE,MAAM,eAAe,CAAC;AACnD,OAAyC,EACrC,KAAK,+BAA+B,EACvC,MAAM,6BAA6B,CAAC;AAGrC,OAAO,EAAE,KAAK,aAAa,EAAE,MAAM,SAAS,CAAC;AAE7C,KAAK,sBAAsB,GAAG;IAC1B,IAAI,EAAE,IAAI,CACN,aAAa,EACb,MAAM,GAAG,kBAAkB,GAAG,UAAU,GAAG,UAAU,CACxD,CAAC;IACF,eAAe,EAAE,IAAI,CACjB,oBAAoB,EACpB,aAAa,GAAG,MAAM,GAAG,UAAU,GAAG,UAAU,CACnD,EAAE,CAAC;IACJ,iBAAiB,EAAE,+BAA+B,CAAC,mBAAmB,CAAC,CAAC;IACxE,gBAAgB,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC;IACtE,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,YAAY,CAAC,EAAE,OAAO,CAAC;CAC1B,CAAC;AAEF,eAAO,MAAM,eAAe,0BAA0B,CAAC;AAEvD,eAAO,MAAM,qBAAqB,GAAI,mGAOnC,sBAAsB,kCA0ExB,CAAC;AAGF,eAAO,MAAM,iBAAiB,GAC1B,MAAM,IAAI,CACN,aAAa,EACb,MAAM,GAAG,kBAAkB,GAAG,UAAU,GAAG,UAAU,CACxD,EACD,iBAAiB,IAAI,CACjB,oBAAoB,EACpB,aAAa,GAAG,MAAM,GAAG,UAAU,GAAG,UAAU,CACnD,EAAE,EACH,mBAAmB,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,cAAc,CAAC,QAAQ,CAAC,CAAC,KACtE,aAaF,CAAC"}
|
|
@@ -11,16 +11,35 @@ exports.JWT_HEADER_NAME = 'lightdash-embed-token';
|
|
|
11
11
|
const getUserAbilityBuilder = ({ user, projectProfiles, permissionsConfig, customRoleScopes, customRolesEnabled, isEnterprise, }) => {
|
|
12
12
|
const builder = new ability_1.AbilityBuilder(ability_1.Ability);
|
|
13
13
|
if (user.role && user.organizationUuid) {
|
|
14
|
-
//
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
14
|
+
// Org-level custom role: if the user's organization_memberships row
|
|
15
|
+
// points at a role_uuid AND custom roles are enabled AND we have the
|
|
16
|
+
// role's scopes, build CASL from those scopes (same path as
|
|
17
|
+
// project-level custom roles below). Falls back to the system role
|
|
18
|
+
// path otherwise.
|
|
19
|
+
const orgCustomRoleScopes = customRolesEnabled && user.roleUuid
|
|
20
|
+
? customRoleScopes?.[user.roleUuid]
|
|
21
|
+
: undefined;
|
|
22
|
+
if (orgCustomRoleScopes) {
|
|
23
|
+
(0, scopeAbilityBuilder_1.buildAbilityFromScopes)({
|
|
18
24
|
organizationUuid: user.organizationUuid,
|
|
19
25
|
userUuid: user.userUuid,
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
26
|
+
scopes: orgCustomRoleScopes,
|
|
27
|
+
isEnterprise,
|
|
28
|
+
organizationRole: user.role,
|
|
29
|
+
permissionsConfig,
|
|
30
|
+
}, builder);
|
|
31
|
+
}
|
|
32
|
+
else {
|
|
33
|
+
(0, organizationMemberAbility_1.default)({
|
|
34
|
+
role: user.role,
|
|
35
|
+
member: {
|
|
36
|
+
organizationUuid: user.organizationUuid,
|
|
37
|
+
userUuid: user.userUuid,
|
|
38
|
+
},
|
|
39
|
+
builder,
|
|
40
|
+
permissionsConfig,
|
|
41
|
+
});
|
|
42
|
+
}
|
|
24
43
|
projectProfiles.forEach((projectProfile) => {
|
|
25
44
|
if (projectProfile.roleUuid && customRolesEnabled) {
|
|
26
45
|
if (!user.organizationUuid) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/authorization/index.ts"],"names":[],"mappings":";;;;AAAA,2CAAwD;AACxD,4CAAgD;AAIhD,oGAEqC;AACrC,iEAAgE;AAChE,+DAA+D;AAkBlD,QAAA,eAAe,GAAG,uBAAuB,CAAC;AAEhD,MAAM,qBAAqB,GAAG,CAAC,EAClC,IAAI,EACJ,eAAe,EACf,iBAAiB,EACjB,gBAAgB,EAChB,kBAAkB,EAClB,YAAY,GACS,EAAE,EAAE;IACzB,MAAM,OAAO,GAAG,IAAI,wBAAc,CAAgB,iBAAO,CAAC,CAAC;IAC3D,IAAI,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACrC,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/authorization/index.ts"],"names":[],"mappings":";;;;AAAA,2CAAwD;AACxD,4CAAgD;AAIhD,oGAEqC;AACrC,iEAAgE;AAChE,+DAA+D;AAkBlD,QAAA,eAAe,GAAG,uBAAuB,CAAC;AAEhD,MAAM,qBAAqB,GAAG,CAAC,EAClC,IAAI,EACJ,eAAe,EACf,iBAAiB,EACjB,gBAAgB,EAChB,kBAAkB,EAClB,YAAY,GACS,EAAE,EAAE;IACzB,MAAM,OAAO,GAAG,IAAI,wBAAc,CAAgB,iBAAO,CAAC,CAAC;IAC3D,IAAI,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACrC,oEAAoE;QACpE,qEAAqE;QACrE,4DAA4D;QAC5D,mEAAmE;QACnE,kBAAkB;QAClB,MAAM,mBAAmB,GACrB,kBAAkB,IAAI,IAAI,CAAC,QAAQ;YAC/B,CAAC,CAAC,gBAAgB,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC;YACnC,CAAC,CAAC,SAAS,CAAC;QAEpB,IAAI,mBAAmB,EAAE,CAAC;YACtB,IAAA,4CAAsB,EAClB;gBACI,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;gBACvC,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,MAAM,EAAE,mBAAmB;gBAC3B,YAAY;gBACZ,gBAAgB,EAAE,IAAI,CAAC,IAAI;gBAC3B,iBAAiB;aACpB,EACD,OAAO,CACV,CAAC;QACN,CAAC;aAAM,CAAC;YACJ,IAAA,mCAAgC,EAAC;gBAC7B,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,MAAM,EAAE;oBACJ,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;oBACvC,QAAQ,EAAE,IAAI,CAAC,QAAQ;iBAC1B;gBACD,OAAO;gBACP,iBAAiB;aACpB,CAAC,CAAC;QACP,CAAC;QAED,eAAe,CAAC,OAAO,CAAC,CAAC,cAAc,EAAE,EAAE;YACvC,IAAI,cAAc,CAAC,QAAQ,IAAI,kBAAkB,EAAE,CAAC;gBAChD,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAAC;oBACzB,MAAM,IAAI,sBAAa,CACnB,0BAA0B,IAAI,CAAC,gBAAgB,gBAAgB,CAClE,CAAC;gBACN,CAAC;gBAED,MAAM,MAAM,GAAG,gBAAgB,EAAE,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;gBAC3D,IAAI,CAAC,MAAM,EAAE,CAAC;oBACV,sCAAsC;oBACtC,OAAO,CAAC,KAAK,CACT,yBAAyB,cAAc,CAAC,QAAQ,gBAAgB,CACnE,CAAC;oBACF,OAAO;gBACX,CAAC;gBAED,IAAA,4CAAsB,EAClB;oBACI,WAAW,EAAE,cAAc,CAAC,WAAW;oBACvC,QAAQ,EAAE,IAAI,CAAC,QAAQ;oBACvB,MAAM;oBACN,YAAY;oBACZ,gBAAgB,EAAE,IAAI,CAAC,IAAI;oBAC3B,iBAAiB;iBACpB,EACD,OAAO,CACV,CAAC;YACN,CAAC;iBAAM,CAAC;gBACJ,6CAAsB,CAAC,cAAc,CAAC,IAAI,CAAC,CACvC,cAAc,EACd,OAAO,CACV,CAAC;YACN,CAAC;QACL,CAAC,CAAC,CAAC;IACP,CAAC;IACD,OAAO,OAAO,CAAC;AACnB,CAAC,CAAC;AAjFW,QAAA,qBAAqB,yBAiFhC;AAEF,yCAAyC;AAClC,MAAM,iBAAiB,GAAG,CAC7B,IAGC,EACD,eAGG,EACH,gBAAqE,EACxD,EAAE;IACf,MAAM,OAAO,GAAG,IAAA,6BAAqB,EAAC;QAClC,IAAI;QACJ,eAAe;QACf,iBAAiB,EAAE;YACf,GAAG,EAAE;gBACD,OAAO,EAAE,KAAK;gBACd,eAAe,EAAE,EAAE;aACtB;SACJ;QACD,gBAAgB;KACnB,CAAC,CAAC;IACH,OAAO,OAAO,CAAC,KAAK,EAAE,CAAC;AAC3B,CAAC,CAAC;AAvBW,QAAA,iBAAiB,qBAuB5B"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { type AbilityBuilder } from '@casl/ability';
|
|
2
2
|
import { type OrganizationMemberProfile, type OrganizationMemberRole } from '../types/organizationMemberProfile';
|
|
3
3
|
import { type MemberAbility } from './types';
|
|
4
|
+
export declare const applyOrganizationMemberStaticAbilities: Record<OrganizationMemberRole, (member: OrganizationMemberAbilitiesArgs['member'], builder: OrganizationMemberAbilitiesArgs['builder']) => void>;
|
|
4
5
|
export type OrganizationMemberAbilitiesArgs = {
|
|
5
6
|
role: OrganizationMemberRole;
|
|
6
7
|
member: Pick<OrganizationMemberProfile, 'organizationUuid' | 'userUuid'>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"organizationMemberAbility.d.ts","sourceRoot":"","sources":["../../../src/authorization/organizationMemberAbility.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,cAAc,EAAE,MAAM,eAAe,CAAC;AACpD,OAAO,EACH,KAAK,yBAAyB,EAC9B,KAAK,sBAAsB,EAC9B,MAAM,oCAAoC,CAAC;AAG5C,OAAO,EAAE,KAAK,aAAa,EAAE,MAAM,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"organizationMemberAbility.d.ts","sourceRoot":"","sources":["../../../src/authorization/organizationMemberAbility.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,cAAc,EAAE,MAAM,eAAe,CAAC;AACpD,OAAO,EACH,KAAK,yBAAyB,EAC9B,KAAK,sBAAsB,EAC9B,MAAM,oCAAoC,CAAC;AAG5C,OAAO,EAAE,KAAK,aAAa,EAAE,MAAM,SAAS,CAAC;AAe7C,eAAO,MAAM,sCAAsC,EAAE,MAAM,CACvD,sBAAsB,EACtB,CACI,MAAM,EAAE,+BAA+B,CAAC,QAAQ,CAAC,EACjD,OAAO,EAAE,+BAA+B,CAAC,SAAS,CAAC,KAClD,IAAI,CAyYZ,CAAC;AAEF,MAAM,MAAM,+BAA+B,GAAG;IAC1C,IAAI,EAAE,sBAAsB,CAAC;IAC7B,MAAM,EAAE,IAAI,CAAC,yBAAyB,EAAE,kBAAkB,GAAG,UAAU,CAAC,CAAC;IACzE,OAAO,EAAE,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,EAAE,KAAK,CAAC,CAAC;IACpD,iBAAiB,EAAE;QACf,GAAG,EAAE;YACD,OAAO,EAAE,OAAO,CAAC;YACjB,eAAe,EAAE,sBAAsB,EAAE,CAAC;SAC7C,CAAC;KACL,CAAC;CACL,CAAC;AAEF,MAAM,CAAC,OAAO,UAAU,gCAAgC,CAAC,EACrD,IAAI,EACJ,MAAM,EACN,OAAO,EACP,iBAAiB,GACpB,EAAE,+BAA+B,QAQjC"}
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.applyOrganizationMemberStaticAbilities = void 0;
|
|
3
4
|
exports.default = applyOrganizationMemberAbilities;
|
|
4
5
|
const projects_1 = require("../types/projects");
|
|
5
6
|
const space_1 = require("../types/space");
|
|
@@ -9,7 +10,7 @@ const applyOrganizationMemberDynamicAbilities = ({ role, builder: { can }, permi
|
|
|
9
10
|
can('manage', 'PersonalAccessToken', {});
|
|
10
11
|
}
|
|
11
12
|
};
|
|
12
|
-
|
|
13
|
+
exports.applyOrganizationMemberStaticAbilities = {
|
|
13
14
|
member(member, { can }) {
|
|
14
15
|
can('view', 'OrganizationMemberProfile', {
|
|
15
16
|
organizationUuid: member.organizationUuid,
|
|
@@ -22,7 +23,7 @@ const applyOrganizationMemberStaticAbilities = {
|
|
|
22
23
|
});
|
|
23
24
|
},
|
|
24
25
|
viewer(member, { can }) {
|
|
25
|
-
applyOrganizationMemberStaticAbilities.member(member, { can });
|
|
26
|
+
exports.applyOrganizationMemberStaticAbilities.member(member, { can });
|
|
26
27
|
can('view', 'Dashboard', {
|
|
27
28
|
organizationUuid: member.organizationUuid,
|
|
28
29
|
inheritsFromOrgOrProject: true,
|
|
@@ -90,7 +91,7 @@ const applyOrganizationMemberStaticAbilities = {
|
|
|
90
91
|
});
|
|
91
92
|
},
|
|
92
93
|
interactive_viewer(member, { can }) {
|
|
93
|
-
applyOrganizationMemberStaticAbilities.viewer(member, { can });
|
|
94
|
+
exports.applyOrganizationMemberStaticAbilities.viewer(member, { can });
|
|
94
95
|
can('create', 'Job');
|
|
95
96
|
can('view', 'Job', { userUuid: member.userUuid });
|
|
96
97
|
can('view', 'UnderlyingData', {
|
|
@@ -212,7 +213,7 @@ const applyOrganizationMemberStaticAbilities = {
|
|
|
212
213
|
});
|
|
213
214
|
},
|
|
214
215
|
editor(member, { can }) {
|
|
215
|
-
applyOrganizationMemberStaticAbilities.interactive_viewer(member, {
|
|
216
|
+
exports.applyOrganizationMemberStaticAbilities.interactive_viewer(member, {
|
|
216
217
|
can,
|
|
217
218
|
});
|
|
218
219
|
can('manage', 'Space', {
|
|
@@ -243,7 +244,7 @@ const applyOrganizationMemberStaticAbilities = {
|
|
|
243
244
|
});
|
|
244
245
|
},
|
|
245
246
|
developer(member, { can }) {
|
|
246
|
-
applyOrganizationMemberStaticAbilities.editor(member, { can });
|
|
247
|
+
exports.applyOrganizationMemberStaticAbilities.editor(member, { can });
|
|
247
248
|
can('manage', 'PreAggregation', {
|
|
248
249
|
organizationUuid: member.organizationUuid,
|
|
249
250
|
});
|
|
@@ -323,7 +324,7 @@ const applyOrganizationMemberStaticAbilities = {
|
|
|
323
324
|
});
|
|
324
325
|
},
|
|
325
326
|
admin(member, { can }) {
|
|
326
|
-
applyOrganizationMemberStaticAbilities.developer(member, { can });
|
|
327
|
+
exports.applyOrganizationMemberStaticAbilities.developer(member, { can });
|
|
327
328
|
can('manage', 'DataApp', {
|
|
328
329
|
organizationUuid: member.organizationUuid,
|
|
329
330
|
});
|
|
@@ -395,7 +396,7 @@ const applyOrganizationMemberStaticAbilities = {
|
|
|
395
396
|
},
|
|
396
397
|
};
|
|
397
398
|
function applyOrganizationMemberAbilities({ role, member, builder, permissionsConfig, }) {
|
|
398
|
-
applyOrganizationMemberStaticAbilities[role](member, builder);
|
|
399
|
+
exports.applyOrganizationMemberStaticAbilities[role](member, builder);
|
|
399
400
|
applyOrganizationMemberDynamicAbilities({
|
|
400
401
|
role,
|
|
401
402
|
member,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"organizationMemberAbility.js","sourceRoot":"","sources":["../../../src/authorization/organizationMemberAbility.ts"],"names":[],"mappings":";;AAkbA,mDAaC;AA1bD,gDAAgD;AAChD,0CAAiD;AAGjD,MAAM,uCAAuC,GAAG,CAAC,EAC7C,IAAI,EACJ,OAAO,EAAE,EAAE,GAAG,EAAE,EAChB,iBAAiB,GACa,EAAE,EAAE;IAClC,IACI,iBAAiB,CAAC,GAAG,CAAC,OAAO;QAC7B,iBAAiB,CAAC,GAAG,CAAC,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,EACtD,CAAC;QACC,GAAG,CAAC,QAAQ,EAAE,qBAAqB,EAAE,EAAE,CAAC,CAAC;IAC7C,CAAC;AACL,CAAC,CAAC;AAEF,MAAM,sCAAsC,GAMxC;IACA,MAAM,CAAC,MAAM,EAAE,EAAE,GAAG,EAAE;QAClB,GAAG,CAAC,MAAM,EAAE,2BAA2B,EAAE;YACrC,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,WAAW,EAAE;YACrB,iBAAiB,EAAE,MAAM,CAAC,QAAQ;SACrC,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,aAAa,EAAE;YACvB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;IACP,CAAC;IACD,MAAM,CAAC,MAAM,EAAE,EAAE,GAAG,EAAE;QAClB,sCAAsC,CAAC,MAAM,CAAC,MAAM,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QAC/D,GAAG,CAAC,MAAM,EAAE,WAAW,EAAE;YACrB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,wBAAwB,EAAE,IAAI;SACjC,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,YAAY,EAAE;YACtB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,wBAAwB,EAAE,IAAI;SACjC,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,WAAW,EAAE;YACrB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,MAAM,EAAE;gBACJ,UAAU,EAAE,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE;aAC5C;SACJ,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,YAAY,EAAE;YACtB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,MAAM,EAAE;gBACJ,UAAU,EAAE,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE;aAC5C;SACJ,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE;YACjB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,wBAAwB,EAAE,IAAI;SACjC,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE;YACjB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,MAAM,EAAE;gBACJ,UAAU,EAAE,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE;aAC5C;SACJ,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE;YACnB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,wBAAwB,EAAE,IAAI;SACjC,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE;YACnB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,MAAM,EAAE;gBACJ,UAAU,EAAE,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE;aAC5C;SACJ,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE;YACnB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,cAAc,EAAE;YACxB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,WAAW,EAAE;YACvB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,mBAAmB,EAAE;YAC7B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE;YAChB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,aAAa,EAAE;YACvB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,sBAAsB,EAAE;YAChC,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,eAAe,EAAE;YACzB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,QAAQ,EAAE,MAAM,CAAC,QAAQ;SAC5B,CAAC,CAAC;IACP,CAAC;IACD,kBAAkB,CAAC,MAAM,EAAE,EAAE,GAAG,EAAE;QAC9B,sCAAsC,CAAC,MAAM,CAAC,MAAM,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QAC/D,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;QACrB,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;QAClD,GAAG,CAAC,MAAM,EAAE,gBAAgB,EAAE;YAC1B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,gBAAgB,EAAE;YAC1B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,kBAAkB,EAAE;YAC9B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE;YACrB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,qBAAqB,EAAE;YACjC,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,qBAAqB,EAAE;YACjC,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,QAAQ,EAAE,MAAM,CAAC,QAAQ;SAC5B,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,cAAc,EAAE;YAC1B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QAEH,GAAG,CAAC,QAAQ,EAAE,mBAAmB,EAAE;YAC/B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,WAAW,EAAE;YACvB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,MAAM,EAAE;gBACJ,UAAU,EAAE;oBACR,QAAQ,EAAE,MAAM,CAAC,QAAQ;oBACzB,IAAI,EAAE,uBAAe,CAAC,MAAM;iBAC/B;aACJ;SACJ,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,YAAY,EAAE;YACxB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,MAAM,EAAE;gBACJ,UAAU,EAAE;oBACR,QAAQ,EAAE,MAAM,CAAC,QAAQ;oBACzB,IAAI,EAAE,uBAAe,CAAC,MAAM;iBAC/B;aACJ;SACJ,CAAC,CAAC;QAEH,GAAG,CAAC,QAAQ,EAAE,gBAAgB,EAAE;YAC5B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,MAAM,EAAE;gBACJ,UAAU,EAAE;oBACR,QAAQ,EAAE,MAAM,CAAC,QAAQ;oBACzB,IAAI,EAAE,uBAAe,CAAC,MAAM;iBAC/B;aACJ;SACJ,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,WAAW,EAAE;YACvB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,MAAM,EAAE;gBACJ,UAAU,EAAE;oBACR,QAAQ,EAAE,MAAM,CAAC,QAAQ;oBACzB,IAAI,EAAE,uBAAe,CAAC,KAAK;iBAC9B;aACJ;SACJ,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,YAAY,EAAE;YACxB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,MAAM,EAAE;gBACJ,UAAU,EAAE;oBACR,QAAQ,EAAE,MAAM,CAAC,QAAQ;oBACzB,IAAI,EAAE,uBAAe,CAAC,KAAK;iBAC9B;aACJ;SACJ,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE;YACrB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,MAAM,EAAE;gBACJ,UAAU,EAAE;oBACR,QAAQ,EAAE,MAAM,CAAC,QAAQ;oBACzB,IAAI,EAAE,uBAAe,CAAC,MAAM;iBAC/B;aACJ;SACJ,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE;YACrB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,MAAM,EAAE;gBACJ,UAAU,EAAE;oBACR,QAAQ,EAAE,MAAM,CAAC,QAAQ;oBACzB,IAAI,EAAE,uBAAe,CAAC,KAAK;iBAC9B;aACJ;SACJ,CAAC,CAAC;QACH,kEAAkE;QAClE,4DAA4D;QAC5D,gDAAgD;QAChD,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE;YACrB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE;YACnB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,iBAAiB,EAAE,MAAM,CAAC,QAAQ;SACrC,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE;YACrB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,iBAAiB,EAAE,MAAM,CAAC,QAAQ;SACrC,CAAC,CAAC;QAEH,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE;YACnB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,MAAM,EAAE;gBACJ,UAAU,EAAE;oBACR,QAAQ,EAAE,MAAM,CAAC,QAAQ;oBACzB,IAAI,EAAE,uBAAe,CAAC,KAAK;iBAC9B;aACJ;SACJ,CAAC,CAAC;QAEH,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE;YACnB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,eAAe,EAAE;YAC3B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;IACP,CAAC;IACD,MAAM,CAAC,MAAM,EAAE,EAAE,GAAG,EAAE;QAClB,sCAAsC,CAAC,kBAAkB,CAAC,MAAM,EAAE;YAC9D,GAAG;SACN,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE;YACnB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,wBAAwB,EAAE,IAAI;SACjC,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE;YACnB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;QACrB,GAAG,CAAC,QAAQ,EAAE,aAAa,EAAE;YACzB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,mBAAmB,EAAE;YAC/B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,gBAAgB,EAAE;YAC5B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE;YAClB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,aAAa,EAAE;YACzB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,kCAAkC,EAAE;YAC5C,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;IACP,CAAC;IACD,SAAS,CAAC,MAAM,EAAE,EAAE,GAAG,EAAE;QACrB,sCAAsC,CAAC,MAAM,CAAC,MAAM,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QAC/D,GAAG,CAAC,QAAQ,EAAE,gBAAgB,EAAE;YAC5B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,aAAa,EAAE;YACzB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,WAAW,EAAE;YACvB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,cAAc,EAAE;YAC1B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,WAAW,EAAE;YACvB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,YAAY,EAAE;YACxB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,YAAY,EAAE;YACtB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,YAAY,EAAE;YACxB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,SAAS,EAAE,YAAY,EAAE;YACzB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,MAAM,EAAE;gBACJ,UAAU,EAAE;oBACR,QAAQ,EAAE,MAAM,CAAC,QAAQ;oBACzB,IAAI,EAAE,uBAAe,CAAC,MAAM;iBAC/B;aACJ;SACJ,CAAC,CAAC;QACH,GAAG,CAAC,SAAS,EAAE,WAAW,EAAE;YACxB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,MAAM,EAAE;gBACJ,UAAU,EAAE;oBACR,QAAQ,EAAE,MAAM,CAAC,QAAQ;oBACzB,IAAI,EAAE,uBAAe,CAAC,MAAM;iBAC/B;aACJ;SACJ,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,gBAAgB,EAAE;YAC5B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE;YACrB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,IAAI,EAAE,sBAAW,CAAC,OAAO;SAC5B,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE;YACrB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,eAAe,EAAE;YAC3B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,IAAI,EAAE,sBAAW,CAAC,OAAO;YACzB,iBAAiB,EAAE,MAAM,CAAC,QAAQ;SACrC,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE;YACrB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,IAAI,EAAE,sBAAW,CAAC,OAAO;SAC5B,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,sBAAsB,EAAE;YAClC,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,eAAe,EAAE;YAC3B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,WAAW,EAAE;YACrB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE;YACrB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,eAAe,EAAE;YAC3B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,QAAQ,EAAE,MAAM,CAAC,QAAQ;SAC5B,CAAC,CAAC;IACP,CAAC;IACD,KAAK,CAAC,MAAM,EAAE,EAAE,GAAG,EAAE;QACjB,sCAAsC,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QAElE,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE;YACrB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QAEH,GAAG,CAAC,QAAQ,EAAE,qBAAqB,EAAE;YACjC,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QAEH,GAAG,CAAC,QAAQ,EAAE,WAAW,EAAE;YACvB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE;YACnB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,YAAY,EAAE;YACxB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE;YACrB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,IAAI,EAAE,EAAE,GAAG,EAAE,CAAC,sBAAW,CAAC,OAAO,EAAE,sBAAW,CAAC,OAAO,CAAC,EAAE;SAC5D,CAAC,CAAC;QAEH,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE;YACrB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE;YACrB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,YAAY,EAAE;YACxB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,cAAc,EAAE;YAC1B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,WAAW,EAAE;YACrB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,2BAA2B,EAAE;YACvC,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,aAAa,EAAE;YACzB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE;YACnB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,kCAAkC,EAAE;YAC9C,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,eAAe,EAAE;YACzB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,eAAe,EAAE;YAC3B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,qBAAqB,EAAE;YACjC,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,gBAAgB,EAAE;YAC5B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,gBAAgB,EAAE;YAC5B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,eAAe,EAAE;YAC3B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,aAAa,EAAE,MAAM,EAAE;YACvB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,QAAQ,EAAE,IAAI;SACjB,CAAC,CAAC;IACP,CAAC;CACJ,CAAC;AAcF,SAAwB,gCAAgC,CAAC,EACrD,IAAI,EACJ,MAAM,EACN,OAAO,EACP,iBAAiB,GACa;IAC9B,sCAAsC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9D,uCAAuC,CAAC;QACpC,IAAI;QACJ,MAAM;QACN,OAAO;QACP,iBAAiB;KACpB,CAAC,CAAC;AACP,CAAC"}
|
|
1
|
+
{"version":3,"file":"organizationMemberAbility.js","sourceRoot":"","sources":["../../../src/authorization/organizationMemberAbility.ts"],"names":[],"mappings":";;;AAkbA,mDAaC;AA1bD,gDAAgD;AAChD,0CAAiD;AAGjD,MAAM,uCAAuC,GAAG,CAAC,EAC7C,IAAI,EACJ,OAAO,EAAE,EAAE,GAAG,EAAE,EAChB,iBAAiB,GACa,EAAE,EAAE;IAClC,IACI,iBAAiB,CAAC,GAAG,CAAC,OAAO;QAC7B,iBAAiB,CAAC,GAAG,CAAC,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,EACtD,CAAC;QACC,GAAG,CAAC,QAAQ,EAAE,qBAAqB,EAAE,EAAE,CAAC,CAAC;IAC7C,CAAC;AACL,CAAC,CAAC;AAEW,QAAA,sCAAsC,GAM/C;IACA,MAAM,CAAC,MAAM,EAAE,EAAE,GAAG,EAAE;QAClB,GAAG,CAAC,MAAM,EAAE,2BAA2B,EAAE;YACrC,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,WAAW,EAAE;YACrB,iBAAiB,EAAE,MAAM,CAAC,QAAQ;SACrC,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,aAAa,EAAE;YACvB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;IACP,CAAC;IACD,MAAM,CAAC,MAAM,EAAE,EAAE,GAAG,EAAE;QAClB,8CAAsC,CAAC,MAAM,CAAC,MAAM,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QAC/D,GAAG,CAAC,MAAM,EAAE,WAAW,EAAE;YACrB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,wBAAwB,EAAE,IAAI;SACjC,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,YAAY,EAAE;YACtB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,wBAAwB,EAAE,IAAI;SACjC,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,WAAW,EAAE;YACrB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,MAAM,EAAE;gBACJ,UAAU,EAAE,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE;aAC5C;SACJ,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,YAAY,EAAE;YACtB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,MAAM,EAAE;gBACJ,UAAU,EAAE,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE;aAC5C;SACJ,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE;YACjB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,wBAAwB,EAAE,IAAI;SACjC,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE;YACjB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,MAAM,EAAE;gBACJ,UAAU,EAAE,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE;aAC5C;SACJ,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE;YACnB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,wBAAwB,EAAE,IAAI;SACjC,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE;YACnB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,MAAM,EAAE;gBACJ,UAAU,EAAE,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE;aAC5C;SACJ,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE;YACnB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,cAAc,EAAE;YACxB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,WAAW,EAAE;YACvB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,mBAAmB,EAAE;YAC7B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE;YAChB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,aAAa,EAAE;YACvB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,sBAAsB,EAAE;YAChC,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,eAAe,EAAE;YACzB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,QAAQ,EAAE,MAAM,CAAC,QAAQ;SAC5B,CAAC,CAAC;IACP,CAAC;IACD,kBAAkB,CAAC,MAAM,EAAE,EAAE,GAAG,EAAE;QAC9B,8CAAsC,CAAC,MAAM,CAAC,MAAM,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QAC/D,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;QACrB,GAAG,CAAC,MAAM,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;QAClD,GAAG,CAAC,MAAM,EAAE,gBAAgB,EAAE;YAC1B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,gBAAgB,EAAE;YAC1B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,kBAAkB,EAAE;YAC9B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE;YACrB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,qBAAqB,EAAE;YACjC,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,qBAAqB,EAAE;YACjC,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,QAAQ,EAAE,MAAM,CAAC,QAAQ;SAC5B,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,cAAc,EAAE;YAC1B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QAEH,GAAG,CAAC,QAAQ,EAAE,mBAAmB,EAAE;YAC/B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,WAAW,EAAE;YACvB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,MAAM,EAAE;gBACJ,UAAU,EAAE;oBACR,QAAQ,EAAE,MAAM,CAAC,QAAQ;oBACzB,IAAI,EAAE,uBAAe,CAAC,MAAM;iBAC/B;aACJ;SACJ,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,YAAY,EAAE;YACxB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,MAAM,EAAE;gBACJ,UAAU,EAAE;oBACR,QAAQ,EAAE,MAAM,CAAC,QAAQ;oBACzB,IAAI,EAAE,uBAAe,CAAC,MAAM;iBAC/B;aACJ;SACJ,CAAC,CAAC;QAEH,GAAG,CAAC,QAAQ,EAAE,gBAAgB,EAAE;YAC5B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,MAAM,EAAE;gBACJ,UAAU,EAAE;oBACR,QAAQ,EAAE,MAAM,CAAC,QAAQ;oBACzB,IAAI,EAAE,uBAAe,CAAC,MAAM;iBAC/B;aACJ;SACJ,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,WAAW,EAAE;YACvB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,MAAM,EAAE;gBACJ,UAAU,EAAE;oBACR,QAAQ,EAAE,MAAM,CAAC,QAAQ;oBACzB,IAAI,EAAE,uBAAe,CAAC,KAAK;iBAC9B;aACJ;SACJ,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,YAAY,EAAE;YACxB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,MAAM,EAAE;gBACJ,UAAU,EAAE;oBACR,QAAQ,EAAE,MAAM,CAAC,QAAQ;oBACzB,IAAI,EAAE,uBAAe,CAAC,KAAK;iBAC9B;aACJ;SACJ,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE;YACrB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,MAAM,EAAE;gBACJ,UAAU,EAAE;oBACR,QAAQ,EAAE,MAAM,CAAC,QAAQ;oBACzB,IAAI,EAAE,uBAAe,CAAC,MAAM;iBAC/B;aACJ;SACJ,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE;YACrB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,MAAM,EAAE;gBACJ,UAAU,EAAE;oBACR,QAAQ,EAAE,MAAM,CAAC,QAAQ;oBACzB,IAAI,EAAE,uBAAe,CAAC,KAAK;iBAC9B;aACJ;SACJ,CAAC,CAAC;QACH,kEAAkE;QAClE,4DAA4D;QAC5D,gDAAgD;QAChD,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE;YACrB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE;YACnB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,iBAAiB,EAAE,MAAM,CAAC,QAAQ;SACrC,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE;YACrB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,iBAAiB,EAAE,MAAM,CAAC,QAAQ;SACrC,CAAC,CAAC;QAEH,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE;YACnB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,MAAM,EAAE;gBACJ,UAAU,EAAE;oBACR,QAAQ,EAAE,MAAM,CAAC,QAAQ;oBACzB,IAAI,EAAE,uBAAe,CAAC,KAAK;iBAC9B;aACJ;SACJ,CAAC,CAAC;QAEH,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE;YACnB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,eAAe,EAAE;YAC3B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;IACP,CAAC;IACD,MAAM,CAAC,MAAM,EAAE,EAAE,GAAG,EAAE;QAClB,8CAAsC,CAAC,kBAAkB,CAAC,MAAM,EAAE;YAC9D,GAAG;SACN,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE;YACnB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,wBAAwB,EAAE,IAAI;SACjC,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE;YACnB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;QACrB,GAAG,CAAC,QAAQ,EAAE,aAAa,EAAE;YACzB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,mBAAmB,EAAE;YAC/B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,gBAAgB,EAAE;YAC5B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE;YAClB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,aAAa,EAAE;YACzB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,kCAAkC,EAAE;YAC5C,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;IACP,CAAC;IACD,SAAS,CAAC,MAAM,EAAE,EAAE,GAAG,EAAE;QACrB,8CAAsC,CAAC,MAAM,CAAC,MAAM,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QAC/D,GAAG,CAAC,QAAQ,EAAE,gBAAgB,EAAE;YAC5B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,aAAa,EAAE;YACzB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,WAAW,EAAE;YACvB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,cAAc,EAAE;YAC1B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,WAAW,EAAE;YACvB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,YAAY,EAAE;YACxB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,YAAY,EAAE;YACtB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,YAAY,EAAE;YACxB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,SAAS,EAAE,YAAY,EAAE;YACzB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,MAAM,EAAE;gBACJ,UAAU,EAAE;oBACR,QAAQ,EAAE,MAAM,CAAC,QAAQ;oBACzB,IAAI,EAAE,uBAAe,CAAC,MAAM;iBAC/B;aACJ;SACJ,CAAC,CAAC;QACH,GAAG,CAAC,SAAS,EAAE,WAAW,EAAE;YACxB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,MAAM,EAAE;gBACJ,UAAU,EAAE;oBACR,QAAQ,EAAE,MAAM,CAAC,QAAQ;oBACzB,IAAI,EAAE,uBAAe,CAAC,MAAM;iBAC/B;aACJ;SACJ,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,gBAAgB,EAAE;YAC5B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE;YACrB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,IAAI,EAAE,sBAAW,CAAC,OAAO;SAC5B,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE;YACrB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,eAAe,EAAE;YAC3B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,IAAI,EAAE,sBAAW,CAAC,OAAO;YACzB,iBAAiB,EAAE,MAAM,CAAC,QAAQ;SACrC,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE;YACrB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,IAAI,EAAE,sBAAW,CAAC,OAAO;SAC5B,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,sBAAsB,EAAE;YAClC,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,eAAe,EAAE;YAC3B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,WAAW,EAAE;YACrB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE;YACrB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,eAAe,EAAE;YAC3B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,QAAQ,EAAE,MAAM,CAAC,QAAQ;SAC5B,CAAC,CAAC;IACP,CAAC;IACD,KAAK,CAAC,MAAM,EAAE,EAAE,GAAG,EAAE;QACjB,8CAAsC,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;QAElE,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE;YACrB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QAEH,GAAG,CAAC,QAAQ,EAAE,qBAAqB,EAAE;YACjC,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QAEH,GAAG,CAAC,QAAQ,EAAE,WAAW,EAAE;YACvB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE;YACnB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,YAAY,EAAE;YACxB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE;YACrB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,IAAI,EAAE,EAAE,GAAG,EAAE,CAAC,sBAAW,CAAC,OAAO,EAAE,sBAAW,CAAC,OAAO,CAAC,EAAE;SAC5D,CAAC,CAAC;QAEH,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE;YACrB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE;YACrB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,YAAY,EAAE;YACxB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,cAAc,EAAE;YAC1B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,WAAW,EAAE;YACrB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,2BAA2B,EAAE;YACvC,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,aAAa,EAAE;YACzB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE;YACnB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,kCAAkC,EAAE;YAC9C,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,eAAe,EAAE;YACzB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,eAAe,EAAE;YAC3B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,qBAAqB,EAAE;YACjC,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,gBAAgB,EAAE;YAC5B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,gBAAgB,EAAE;YAC5B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,eAAe,EAAE;YAC3B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;SAC5C,CAAC,CAAC;QACH,GAAG,CAAC,aAAa,EAAE,MAAM,EAAE;YACvB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,QAAQ,EAAE,IAAI;SACjB,CAAC,CAAC;IACP,CAAC;CACJ,CAAC;AAcF,SAAwB,gCAAgC,CAAC,EACrD,IAAI,EACJ,MAAM,EACN,OAAO,EACP,iBAAiB,GACa;IAC9B,8CAAsC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9D,uCAAuC,CAAC;QACpC,IAAI;QACJ,MAAM;QACN,OAAO;QACP,iBAAiB;KACpB,CAAC,CAAC;AACP,CAAC"}
|
|
@@ -4,8 +4,9 @@ import { type MemberAbility } from './types';
|
|
|
4
4
|
type ServiceAccountAbilitiesArgs = {
|
|
5
5
|
organizationUuid: string;
|
|
6
6
|
builder: Pick<AbilityBuilder<MemberAbility>, 'can'>;
|
|
7
|
+
userUuid: string;
|
|
7
8
|
};
|
|
8
|
-
export declare const applyServiceAccountAbilities: ({ organizationUuid, builder, scopes, }: ServiceAccountAbilitiesArgs & {
|
|
9
|
+
export declare const applyServiceAccountAbilities: ({ organizationUuid, userUuid, builder, scopes, }: ServiceAccountAbilitiesArgs & {
|
|
9
10
|
scopes: ServiceAccountScope[];
|
|
10
11
|
}) => void;
|
|
11
12
|
export {};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"serviceAccountAbility.d.ts","sourceRoot":"","sources":["../../../src/authorization/serviceAccountAbility.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,cAAc,EAAE,MAAM,eAAe,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAC;
|
|
1
|
+
{"version":3,"file":"serviceAccountAbility.d.ts","sourceRoot":"","sources":["../../../src/authorization/serviceAccountAbility.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,cAAc,EAAE,MAAM,eAAe,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAC;AAIlE,OAAO,EAAE,KAAK,aAAa,EAAE,MAAM,SAAS,CAAC;AAE7C,KAAK,2BAA2B,GAAG;IAC/B,gBAAgB,EAAE,MAAM,CAAC;IACzB,OAAO,EAAE,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,EAAE,KAAK,CAAC,CAAC;IAMpD,QAAQ,EAAE,MAAM,CAAC;CACpB,CAAC;AAmZF,eAAO,MAAM,4BAA4B,GAAI,kDAK1C,2BAA2B,GAAG;IAC7B,MAAM,EAAE,mBAAmB,EAAE,CAAC;CACjC,SAQA,CAAC"}
|
|
@@ -2,7 +2,9 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.applyServiceAccountAbilities = void 0;
|
|
4
4
|
const types_1 = require("../ee/serviceAccounts/types");
|
|
5
|
+
const organizationMemberProfile_1 = require("../types/organizationMemberProfile");
|
|
5
6
|
const projects_1 = require("../types/projects");
|
|
7
|
+
const organizationMemberAbility_1 = require("./organizationMemberAbility");
|
|
6
8
|
const applyServiceAccountStaticAbilities = {
|
|
7
9
|
[types_1.ServiceAccountScope.ORG_READ]: ({ organizationUuid, builder: { can }, }) => {
|
|
8
10
|
can('view', 'OrganizationMemberProfile', {
|
|
@@ -151,9 +153,10 @@ const applyServiceAccountStaticAbilities = {
|
|
|
151
153
|
organizationUuid,
|
|
152
154
|
});
|
|
153
155
|
},
|
|
154
|
-
[types_1.ServiceAccountScope.ORG_EDIT]: ({ organizationUuid, builder: { can }, }) => {
|
|
156
|
+
[types_1.ServiceAccountScope.ORG_EDIT]: ({ organizationUuid, userUuid, builder: { can }, }) => {
|
|
155
157
|
applyServiceAccountStaticAbilities[types_1.ServiceAccountScope.ORG_READ]({
|
|
156
158
|
organizationUuid,
|
|
159
|
+
userUuid,
|
|
157
160
|
builder: { can },
|
|
158
161
|
});
|
|
159
162
|
can('manage', 'Space', {
|
|
@@ -182,10 +185,19 @@ const applyServiceAccountStaticAbilities = {
|
|
|
182
185
|
can('manage', 'MetricsTree', {
|
|
183
186
|
organizationUuid,
|
|
184
187
|
});
|
|
188
|
+
// CLI-driven content-as-code upload (`lightdash upload`) runs as an
|
|
189
|
+
// SA with `org:edit`. Pre-Phase-C the auth middleware spoofed the
|
|
190
|
+
// admin user so the call was implicitly allowed; the cutover to a
|
|
191
|
+
// dedicated SA identity dropped that side-effect, so we restore it
|
|
192
|
+
// here explicitly to preserve the existing CI workflow.
|
|
193
|
+
can('manage', 'ContentAsCode', {
|
|
194
|
+
organizationUuid,
|
|
195
|
+
});
|
|
185
196
|
},
|
|
186
|
-
[types_1.ServiceAccountScope.ORG_ADMIN]: ({ organizationUuid, builder: { can }, }) => {
|
|
197
|
+
[types_1.ServiceAccountScope.ORG_ADMIN]: ({ organizationUuid, userUuid, builder: { can }, }) => {
|
|
187
198
|
applyServiceAccountStaticAbilities[types_1.ServiceAccountScope.ORG_EDIT]({
|
|
188
199
|
organizationUuid,
|
|
200
|
+
userUuid,
|
|
189
201
|
builder: { can },
|
|
190
202
|
});
|
|
191
203
|
can('manage', 'PreAggregation', {
|
|
@@ -315,11 +327,30 @@ const applyServiceAccountStaticAbilities = {
|
|
|
315
327
|
organizationUuid,
|
|
316
328
|
});
|
|
317
329
|
},
|
|
330
|
+
// System-role aliases. Each one delegates to the matching org-member
|
|
331
|
+
// ability builder so the SA's CASL is exactly the user-with-this-role
|
|
332
|
+
// shape — no parallel scope mapping to drift out of sync.
|
|
333
|
+
[types_1.ServiceAccountScope.SYSTEM_ADMIN]: ({ organizationUuid, userUuid, builder: { can }, }) => {
|
|
334
|
+
organizationMemberAbility_1.applyOrganizationMemberStaticAbilities[organizationMemberProfile_1.OrganizationMemberRole.ADMIN]({ organizationUuid, userUuid }, { can });
|
|
335
|
+
},
|
|
336
|
+
[types_1.ServiceAccountScope.SYSTEM_DEVELOPER]: ({ organizationUuid, userUuid, builder: { can }, }) => {
|
|
337
|
+
organizationMemberAbility_1.applyOrganizationMemberStaticAbilities[organizationMemberProfile_1.OrganizationMemberRole.DEVELOPER]({ organizationUuid, userUuid }, { can });
|
|
338
|
+
},
|
|
339
|
+
[types_1.ServiceAccountScope.SYSTEM_EDITOR]: ({ organizationUuid, userUuid, builder: { can }, }) => {
|
|
340
|
+
organizationMemberAbility_1.applyOrganizationMemberStaticAbilities[organizationMemberProfile_1.OrganizationMemberRole.EDITOR]({ organizationUuid, userUuid }, { can });
|
|
341
|
+
},
|
|
342
|
+
[types_1.ServiceAccountScope.SYSTEM_INTERACTIVE_VIEWER]: ({ organizationUuid, userUuid, builder: { can }, }) => {
|
|
343
|
+
organizationMemberAbility_1.applyOrganizationMemberStaticAbilities[organizationMemberProfile_1.OrganizationMemberRole.INTERACTIVE_VIEWER]({ organizationUuid, userUuid }, { can });
|
|
344
|
+
},
|
|
345
|
+
[types_1.ServiceAccountScope.SYSTEM_VIEWER]: ({ organizationUuid, userUuid, builder: { can }, }) => {
|
|
346
|
+
organizationMemberAbility_1.applyOrganizationMemberStaticAbilities[organizationMemberProfile_1.OrganizationMemberRole.VIEWER]({ organizationUuid, userUuid }, { can });
|
|
347
|
+
},
|
|
318
348
|
};
|
|
319
|
-
const applyServiceAccountAbilities = ({ organizationUuid, builder, scopes, }) => {
|
|
349
|
+
const applyServiceAccountAbilities = ({ organizationUuid, userUuid, builder, scopes, }) => {
|
|
320
350
|
scopes.forEach((scope) => {
|
|
321
351
|
applyServiceAccountStaticAbilities[scope]({
|
|
322
352
|
organizationUuid,
|
|
353
|
+
userUuid,
|
|
323
354
|
builder,
|
|
324
355
|
});
|
|
325
356
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"serviceAccountAbility.js","sourceRoot":"","sources":["../../../src/authorization/serviceAccountAbility.ts"],"names":[],"mappings":";;;AACA,uDAAkE;AAClE,gDAAgD;
|
|
1
|
+
{"version":3,"file":"serviceAccountAbility.js","sourceRoot":"","sources":["../../../src/authorization/serviceAccountAbility.ts"],"names":[],"mappings":";;;AACA,uDAAkE;AAClE,kFAA4E;AAC5E,gDAAgD;AAChD,2EAAqF;AAcrF,MAAM,kCAAkC,GAGpC;IACA,CAAC,2BAAmB,CAAC,QAAQ,CAAC,EAAE,CAAC,EAC7B,gBAAgB,EAChB,OAAO,EAAE,EAAE,GAAG,EAAE,GACnB,EAAE,EAAE;QACD,GAAG,CAAC,MAAM,EAAE,2BAA2B,EAAE;YACrC,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,WAAW,EAAE;QACrB,+BAA+B;SAClC,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,aAAa,EAAE;YACvB,gBAAgB;SACnB,CAAC,CAAC;QAEH,GAAG,CAAC,MAAM,EAAE,WAAW,EAAE;YACrB,gBAAgB;YAChB,wBAAwB,EAAE,IAAI;SACjC,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,YAAY,EAAE;YACtB,gBAAgB;YAChB,wBAAwB,EAAE,IAAI;SACjC,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,WAAW,EAAE;YACrB,gBAAgB;YAChB;;iBAEK;SACR,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,YAAY,EAAE;YACtB,gBAAgB;YAChB;;;iBAGK;SACR,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE;YACjB,gBAAgB;YAChB,wBAAwB,EAAE,IAAI;SACjC,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE;YACjB,gBAAgB;YAChB;;iBAEK;SACR,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE;YACnB,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,cAAc,EAAE;YACxB,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,WAAW,EAAE;YACvB,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,mBAAmB,EAAE;YAC7B,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE;YAChB,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,aAAa,EAAE;YACvB,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,sBAAsB,EAAE;YAChC,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,eAAe,EAAE;YACzB,gBAAgB;YAChB,sBAAsB;SACzB,CAAC,CAAC;QAEH,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;QACrB,GAAG,CACC,MAAM,EACN,KAAK,CAER,CAAC;QACF,GAAG,CAAC,MAAM,EAAE,gBAAgB,EAAE;YAC1B,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,gBAAgB,EAAE;YAC1B,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,kBAAkB,EAAE;YAC9B,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE;YACrB,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,qBAAqB,EAAE;YACjC,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,mBAAmB,EAAE;YAC/B,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,WAAW,EAAE;YACvB,gBAAgB;YAChB;;;;;iBAKK;SACR,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,YAAY,EAAE;YACxB,gBAAgB;YAChB;;;;;iBAKK;SACR,CAAC,CAAC;QAEH,GAAG,CAAC,QAAQ,EAAE,gBAAgB,EAAE;YAC5B,gBAAgB;YAChB;;;;;iBAKK;SACR,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,WAAW,EAAE;YACvB,gBAAgB;YAChB;;;;;iBAKK;SACR,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,YAAY,EAAE;YACxB,gBAAgB;YAChB;;;;;iBAKK;SACR,CAAC,CAAC;QAEH,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE;YACnB,gBAAgB;YAChB;;;;;iBAKK;SACR,CAAC,CAAC;QAEH,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE;YACnB,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,eAAe,EAAE;YAC3B,gBAAgB;SACnB,CAAC,CAAC;IACP,CAAC;IACD,CAAC,2BAAmB,CAAC,QAAQ,CAAC,EAAE,CAAC,EAC7B,gBAAgB,EAChB,QAAQ,EACR,OAAO,EAAE,EAAE,GAAG,EAAE,GACnB,EAAE,EAAE;QACD,kCAAkC,CAAC,2BAAmB,CAAC,QAAQ,CAAC,CAAC;YAC7D,gBAAgB;YAChB,QAAQ;YACR,OAAO,EAAE,EAAE,GAAG,EAAE;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE;YACnB,gBAAgB;YAChB,wBAAwB,EAAE,IAAI;SACjC,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE;YACnB,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;QACrB,GAAG,CAAC,QAAQ,EAAE,aAAa,EAAE;YACzB,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,qBAAqB,EAAE;YACjC,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,mBAAmB,EAAE;YAC/B,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,gBAAgB,EAAE;YAC5B,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,MAAM,EAAE;YAClB,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,aAAa,EAAE;YACzB,gBAAgB;SACnB,CAAC,CAAC;QACH,oEAAoE;QACpE,kEAAkE;QAClE,kEAAkE;QAClE,mEAAmE;QACnE,wDAAwD;QACxD,GAAG,CAAC,QAAQ,EAAE,eAAe,EAAE;YAC3B,gBAAgB;SACnB,CAAC,CAAC;IACP,CAAC;IACD,CAAC,2BAAmB,CAAC,SAAS,CAAC,EAAE,CAAC,EAC9B,gBAAgB,EAChB,QAAQ,EACR,OAAO,EAAE,EAAE,GAAG,EAAE,GACnB,EAAE,EAAE;QACD,kCAAkC,CAAC,2BAAmB,CAAC,QAAQ,CAAC,CAAC;YAC7D,gBAAgB;YAChB,QAAQ;YACR,OAAO,EAAE,EAAE,GAAG,EAAE;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,gBAAgB,EAAE;YAC5B,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,aAAa,EAAE;YACzB,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,WAAW,EAAE;YACvB,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,cAAc,EAAE;YAC1B,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,WAAW,EAAE;YACvB,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,YAAY,EAAE;YACxB,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,SAAS,EAAE,YAAY,EAAE;YACzB,gBAAgB;YAChB;;;;;iBAKK;SACR,CAAC,CAAC;QACH,GAAG,CAAC,SAAS,EAAE,WAAW,EAAE;YACxB,gBAAgB;YAChB;;;;;iBAKK;SACR,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,gBAAgB,EAAE;YAC5B,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE;YACrB,gBAAgB;YAChB,IAAI,EAAE,sBAAW,CAAC,OAAO;SAC5B,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,eAAe,EAAE;YAC3B,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE;YACrB,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE;YACrB,gBAAgB;YAChB,IAAI,EAAE,sBAAW,CAAC,OAAO;SAC5B,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,sBAAsB,EAAE;YAClC,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,eAAe,EAAE;YAC3B,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,qBAAqB,EAAE;YACjC,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,WAAW,EAAE;YACrB,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE;YACrB,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,eAAe,EAAE;YAC3B,gBAAgB;YAChB,uBAAuB;SAC1B,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE;YACrB,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,WAAW,EAAE;YACvB,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE;YACnB,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,YAAY,EAAE;YACxB,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE;YACrB,gBAAgB;YAChB,IAAI,EAAE,EAAE,GAAG,EAAE,CAAC,sBAAW,CAAC,OAAO,EAAE,sBAAW,CAAC,OAAO,CAAC,EAAE;SAC5D,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE;YACrB,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE;YACrB,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,YAAY,EAAE;YACxB,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,cAAc,EAAE;YAC1B,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,WAAW,EAAE;YACrB,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,2BAA2B,EAAE;YACvC,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,aAAa,EAAE;YACzB,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE;YACnB,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,EAAE,eAAe,EAAE;YACzB,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,eAAe,EAAE;YAC3B,gBAAgB;SACnB,CAAC,CAAC;IACP,CAAC;IACD,CAAC,2BAAmB,CAAC,WAAW,CAAC,EAAE,CAAC,EAChC,gBAAgB,EAChB,OAAO,EAAE,EAAE,GAAG,EAAE,GACnB,EAAE,EAAE;QACD,GAAG,CAAC,QAAQ,EAAE,2BAA2B,EAAE;YACvC,gBAAgB;SACnB,CAAC,CAAC;QACH,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE;YACnB,gBAAgB;SACnB,CAAC,CAAC;IACP,CAAC;IACD,qEAAqE;IACrE,sEAAsE;IACtE,0DAA0D;IAC1D,CAAC,2BAAmB,CAAC,YAAY,CAAC,EAAE,CAAC,EACjC,gBAAgB,EAChB,QAAQ,EACR,OAAO,EAAE,EAAE,GAAG,EAAE,GACnB,EAAE,EAAE;QACD,kEAAsC,CAAC,kDAAsB,CAAC,KAAK,CAAC,CAChE,EAAE,gBAAgB,EAAE,QAAQ,EAAE,EAC9B,EAAE,GAAG,EAAE,CACV,CAAC;IACN,CAAC;IACD,CAAC,2BAAmB,CAAC,gBAAgB,CAAC,EAAE,CAAC,EACrC,gBAAgB,EAChB,QAAQ,EACR,OAAO,EAAE,EAAE,GAAG,EAAE,GACnB,EAAE,EAAE;QACD,kEAAsC,CAClC,kDAAsB,CAAC,SAAS,CACnC,CAAC,EAAE,gBAAgB,EAAE,QAAQ,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;IAC/C,CAAC;IACD,CAAC,2BAAmB,CAAC,aAAa,CAAC,EAAE,CAAC,EAClC,gBAAgB,EAChB,QAAQ,EACR,OAAO,EAAE,EAAE,GAAG,EAAE,GACnB,EAAE,EAAE;QACD,kEAAsC,CAAC,kDAAsB,CAAC,MAAM,CAAC,CACjE,EAAE,gBAAgB,EAAE,QAAQ,EAAE,EAC9B,EAAE,GAAG,EAAE,CACV,CAAC;IACN,CAAC;IACD,CAAC,2BAAmB,CAAC,yBAAyB,CAAC,EAAE,CAAC,EAC9C,gBAAgB,EAChB,QAAQ,EACR,OAAO,EAAE,EAAE,GAAG,EAAE,GACnB,EAAE,EAAE;QACD,kEAAsC,CAClC,kDAAsB,CAAC,kBAAkB,CAC5C,CAAC,EAAE,gBAAgB,EAAE,QAAQ,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;IAC/C,CAAC;IACD,CAAC,2BAAmB,CAAC,aAAa,CAAC,EAAE,CAAC,EAClC,gBAAgB,EAChB,QAAQ,EACR,OAAO,EAAE,EAAE,GAAG,EAAE,GACnB,EAAE,EAAE;QACD,kEAAsC,CAAC,kDAAsB,CAAC,MAAM,CAAC,CACjE,EAAE,gBAAgB,EAAE,QAAQ,EAAE,EAC9B,EAAE,GAAG,EAAE,CACV,CAAC;IACN,CAAC;CACJ,CAAC;AAEK,MAAM,4BAA4B,GAAG,CAAC,EACzC,gBAAgB,EAChB,QAAQ,EACR,OAAO,EACP,MAAM,GAGT,EAAE,EAAE;IACD,MAAM,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;QACrB,kCAAkC,CAAC,KAAK,CAAC,CAAC;YACtC,gBAAgB;YAChB,QAAQ;YACR,OAAO;SACV,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;AACP,CAAC,CAAC;AAfW,QAAA,4BAA4B,gCAevC"}
|
|
@@ -2,7 +2,12 @@ export declare enum ServiceAccountScope {
|
|
|
2
2
|
SCIM_MANAGE = "scim:manage",
|
|
3
3
|
ORG_ADMIN = "org:admin",
|
|
4
4
|
ORG_EDIT = "org:edit",
|
|
5
|
-
ORG_READ = "org:read"
|
|
5
|
+
ORG_READ = "org:read",
|
|
6
|
+
SYSTEM_ADMIN = "system:admin",
|
|
7
|
+
SYSTEM_DEVELOPER = "system:developer",
|
|
8
|
+
SYSTEM_EDITOR = "system:editor",
|
|
9
|
+
SYSTEM_INTERACTIVE_VIEWER = "system:interactive_viewer",
|
|
10
|
+
SYSTEM_VIEWER = "system:viewer"
|
|
6
11
|
}
|
|
7
12
|
export type ServiceAccount = {
|
|
8
13
|
uuid: string;
|
|
@@ -15,14 +20,21 @@ export type ServiceAccount = {
|
|
|
15
20
|
rotatedAt: Date | null;
|
|
16
21
|
scopes: ServiceAccountScope[];
|
|
17
22
|
userUuid: string;
|
|
23
|
+
roleUuid: string | null;
|
|
18
24
|
};
|
|
19
25
|
export type ServiceAccountWithToken = ServiceAccount & {
|
|
20
26
|
token: string;
|
|
21
27
|
};
|
|
22
|
-
export type ApiCreateServiceAccountRequest = Pick<ServiceAccount, 'expiresAt' | 'description'
|
|
28
|
+
export type ApiCreateServiceAccountRequest = Pick<ServiceAccount, 'expiresAt' | 'description'> & {
|
|
29
|
+
scopes?: ServiceAccountScope[];
|
|
30
|
+
roleUuid?: string | null;
|
|
31
|
+
};
|
|
23
32
|
export type ApiCreateServiceAccountResponse = {
|
|
24
33
|
token: string;
|
|
25
34
|
expiresAt: Date;
|
|
26
35
|
};
|
|
27
|
-
export type CreateServiceAccount = Pick<ServiceAccount, 'organizationUuid' | 'expiresAt' | 'description'
|
|
36
|
+
export type CreateServiceAccount = Pick<ServiceAccount, 'organizationUuid' | 'expiresAt' | 'description'> & {
|
|
37
|
+
scopes?: ServiceAccountScope[];
|
|
38
|
+
roleUuid?: string | null;
|
|
39
|
+
};
|
|
28
40
|
//# sourceMappingURL=types.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/ee/serviceAccounts/types.ts"],"names":[],"mappings":"AAAA,oBAAY,mBAAmB;IAC3B,WAAW,gBAAgB;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/ee/serviceAccounts/types.ts"],"names":[],"mappings":"AAAA,oBAAY,mBAAmB;IAC3B,WAAW,gBAAgB;IAK3B,SAAS,cAAc;IACvB,QAAQ,aAAa;IACrB,QAAQ,aAAa;IAMrB,YAAY,iBAAiB;IAC7B,gBAAgB,qBAAqB;IACrC,aAAa,kBAAkB;IAC/B,yBAAyB,8BAA8B;IACvD,aAAa,kBAAkB;CAClC;AAED,MAAM,MAAM,cAAc,GAAG;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,gBAAgB,EAAE,MAAM,CAAC;IACzB,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,IAAI,GAAG,IAAI,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,IAAI,GAAG,IAAI,CAAC;IACxB,SAAS,EAAE,IAAI,GAAG,IAAI,CAAC;IACvB,MAAM,EAAE,mBAAmB,EAAE,CAAC;IAK9B,QAAQ,EAAE,MAAM,CAAC;IAKjB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B,CAAC;AAEF,MAAM,MAAM,uBAAuB,GAAG,cAAc,GAAG;IACnD,KAAK,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,8BAA8B,GAAG,IAAI,CAC7C,cAAc,EACd,WAAW,GAAG,aAAa,CAC9B,GAAG;IAGA,MAAM,CAAC,EAAE,mBAAmB,EAAE,CAAC;IAC/B,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC5B,CAAC;AAEF,MAAM,MAAM,+BAA+B,GAAG;IAC1C,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,IAAI,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,oBAAoB,GAAG,IAAI,CACnC,cAAc,EACd,kBAAkB,GAAG,WAAW,GAAG,aAAa,CACnD,GAAG;IACA,MAAM,CAAC,EAAE,mBAAmB,EAAE,CAAC;IAC/B,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC5B,CAAC"}
|
|
@@ -4,8 +4,22 @@ exports.ServiceAccountScope = void 0;
|
|
|
4
4
|
var ServiceAccountScope;
|
|
5
5
|
(function (ServiceAccountScope) {
|
|
6
6
|
ServiceAccountScope["SCIM_MANAGE"] = "scim:manage";
|
|
7
|
+
// Legacy coarse-grained SA scopes — kept on the wire for back-compat
|
|
8
|
+
// with tokens minted before system-role aliases existed. New tokens use
|
|
9
|
+
// the `SYSTEM_*` aliases below, which give the SA exactly the same CASL
|
|
10
|
+
// grants as a human user with that organization role.
|
|
7
11
|
ServiceAccountScope["ORG_ADMIN"] = "org:admin";
|
|
8
12
|
ServiceAccountScope["ORG_EDIT"] = "org:edit";
|
|
9
13
|
ServiceAccountScope["ORG_READ"] = "org:read";
|
|
14
|
+
// System-role aliases. Each one delegates to the matching
|
|
15
|
+
// `applyOrganizationMemberStaticAbilities` block so the SA's runtime
|
|
16
|
+
// ability set is identical to a user assigned that org role. Member is
|
|
17
|
+
// intentionally not exposed — it grants near-zero abilities and isn't
|
|
18
|
+
// a useful SA shape.
|
|
19
|
+
ServiceAccountScope["SYSTEM_ADMIN"] = "system:admin";
|
|
20
|
+
ServiceAccountScope["SYSTEM_DEVELOPER"] = "system:developer";
|
|
21
|
+
ServiceAccountScope["SYSTEM_EDITOR"] = "system:editor";
|
|
22
|
+
ServiceAccountScope["SYSTEM_INTERACTIVE_VIEWER"] = "system:interactive_viewer";
|
|
23
|
+
ServiceAccountScope["SYSTEM_VIEWER"] = "system:viewer";
|
|
10
24
|
})(ServiceAccountScope || (exports.ServiceAccountScope = ServiceAccountScope = {}));
|
|
11
25
|
//# sourceMappingURL=types.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../src/ee/serviceAccounts/types.ts"],"names":[],"mappings":";;;AAAA,IAAY,
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../src/ee/serviceAccounts/types.ts"],"names":[],"mappings":";;;AAAA,IAAY,mBAmBX;AAnBD,WAAY,mBAAmB;IAC3B,kDAA2B,CAAA;IAC3B,qEAAqE;IACrE,wEAAwE;IACxE,wEAAwE;IACxE,sDAAsD;IACtD,8CAAuB,CAAA;IACvB,4CAAqB,CAAA;IACrB,4CAAqB,CAAA;IACrB,0DAA0D;IAC1D,qEAAqE;IACrE,uEAAuE;IACvE,sEAAsE;IACtE,qBAAqB;IACrB,oDAA6B,CAAA;IAC7B,4DAAqC,CAAA;IACrC,sDAA+B,CAAA;IAC/B,8EAAuD,CAAA;IACvD,sDAA+B,CAAA;AACnC,CAAC,EAnBW,mBAAmB,mCAAnB,mBAAmB,QAmB9B"}
|
package/dist/cjs/index.d.ts
CHANGED
|
@@ -15,6 +15,7 @@ export { defineUserAbility, getUserAbilityBuilder, JWT_HEADER_NAME, } from './au
|
|
|
15
15
|
export * from './authorization/jwtAbility';
|
|
16
16
|
export * from './authorization/parseAccount';
|
|
17
17
|
export * from './authorization/roleToScopeMapping';
|
|
18
|
+
export * from './authorization/scopeAbilityBuilder';
|
|
18
19
|
export * from './authorization/scopes';
|
|
19
20
|
export * from './authorization/serviceAccountAbility';
|
|
20
21
|
export * from './authorization/space/spaceAccessResolver';
|