@live-change/access-control-service 0.9.193 → 0.9.195
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/accessControl.js +2 -2
- package/invite.js +6 -7
- package/package.json +3 -3
- package/request.js +5 -5
- package/view.js +2 -2
package/accessControl.js
CHANGED
|
@@ -37,7 +37,7 @@ definition.processor({
|
|
|
37
37
|
/* console.log("ACTION", service.name, action.name, "ACCESS CONTROL TO",
|
|
38
38
|
objects, 'CLIENT', client, 'CONFIG', config, "ACCESSIBLE", accessible) */
|
|
39
39
|
|
|
40
|
-
if(!accessible) throw
|
|
40
|
+
if(!accessible) throw app.logicError("notAuthorized")
|
|
41
41
|
|
|
42
42
|
return oldExec.apply(action, args)
|
|
43
43
|
}
|
|
@@ -69,7 +69,7 @@ definition.processor({
|
|
|
69
69
|
console.log("ROLES", config.roles) */
|
|
70
70
|
const accessible = await access.clientHasAccessRoles(client, { objects }, config.roles)
|
|
71
71
|
//console.log("ACCESSIBLE", accessible)
|
|
72
|
-
if(!accessible) throw
|
|
72
|
+
if(!accessible) throw app.logicError("notAuthorized")
|
|
73
73
|
return oldGet.apply(view, args)
|
|
74
74
|
}
|
|
75
75
|
view.observable = (...args) => {
|
package/invite.js
CHANGED
|
@@ -144,7 +144,7 @@ definition.trigger({
|
|
|
144
144
|
])
|
|
145
145
|
console.log("INVITATION", invitation)
|
|
146
146
|
const invitationData = await AccessInvitation.get(invitation)
|
|
147
|
-
if(!invitationData) throw
|
|
147
|
+
if(!invitationData) throw app.logicError("not_found")
|
|
148
148
|
const { roles } = invitationData
|
|
149
149
|
/// Create account and sign-in:
|
|
150
150
|
const user = app.generateUid()
|
|
@@ -177,12 +177,12 @@ definition.action({
|
|
|
177
177
|
}
|
|
178
178
|
},
|
|
179
179
|
async execute({ objectType, object }, {client, service}, emit) {
|
|
180
|
-
if(!client.user) throw
|
|
180
|
+
if(!client.user) throw app.logicError("not_authorized")
|
|
181
181
|
const user = client.user
|
|
182
182
|
const invitation = App.encodeIdentifier(['user_User', user, objectType, object])
|
|
183
183
|
const invitationData = await AccessInvitation.get(invitation)
|
|
184
184
|
console.log("INVITATION", invitation, invitationData)
|
|
185
|
-
if(!invitationData) throw
|
|
185
|
+
if(!invitationData) throw app.logicError("not_found")
|
|
186
186
|
const { roles } = invitationData
|
|
187
187
|
emit({
|
|
188
188
|
type: 'userInvitationAccepted',
|
|
@@ -193,7 +193,6 @@ definition.action({
|
|
|
193
193
|
|
|
194
194
|
import task from '@live-change/task-service/task.js' // need to import taks.js to avoid circular dependency
|
|
195
195
|
|
|
196
|
-
|
|
197
196
|
for(const contactType of config.contactTypes) {
|
|
198
197
|
|
|
199
198
|
const contactTypeUpperCaseName = contactType[0].toUpperCase() + contactType.slice(1)
|
|
@@ -281,7 +280,7 @@ for(const contactType of config.contactTypes) {
|
|
|
281
280
|
const myRoles = await access.getClientObjectRoles(client, { objectType, object }, true)
|
|
282
281
|
if(!myRoles.includes('admin')) {
|
|
283
282
|
for(const requestedRole of roles) {
|
|
284
|
-
if(!myRoles.includes(requestedRole)) throw
|
|
283
|
+
if(!myRoles.includes(requestedRole)) throw app.logicError("notAuthorized")
|
|
285
284
|
}
|
|
286
285
|
}
|
|
287
286
|
|
|
@@ -402,7 +401,7 @@ for(const contactType of config.contactTypes) {
|
|
|
402
401
|
const myRoles = await access.getClientObjectRoles(client, { objectType, object }, true)
|
|
403
402
|
if(!myRoles.includes('admin')) {
|
|
404
403
|
for(const requestedRole of roles) {
|
|
405
|
-
if(!myRoles.includes(requestedRole)) throw
|
|
404
|
+
if(!myRoles.includes(requestedRole)) throw app.logicError("notAuthorized")
|
|
406
405
|
}
|
|
407
406
|
}
|
|
408
407
|
|
|
@@ -464,7 +463,7 @@ for(const contactType of config.contactTypes) {
|
|
|
464
463
|
)
|
|
465
464
|
if(!myRoles.includes('admin')) {
|
|
466
465
|
for(const requestedRole of roles) {
|
|
467
|
-
if(!myRoles.includes(requestedRole)) throw
|
|
466
|
+
if(!myRoles.includes(requestedRole)) throw app.logicError("notAuthorized")
|
|
468
467
|
}
|
|
469
468
|
}
|
|
470
469
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@live-change/access-control-service",
|
|
3
|
-
"version": "0.9.
|
|
3
|
+
"version": "0.9.195",
|
|
4
4
|
"description": "",
|
|
5
5
|
"main": "index.js",
|
|
6
6
|
"scripts": {
|
|
@@ -21,8 +21,8 @@
|
|
|
21
21
|
"url": "https://www.viamage.com/"
|
|
22
22
|
},
|
|
23
23
|
"dependencies": {
|
|
24
|
-
"@live-change/framework": "^0.9.
|
|
24
|
+
"@live-change/framework": "^0.9.195"
|
|
25
25
|
},
|
|
26
|
-
"gitHead": "
|
|
26
|
+
"gitHead": "9f61eddae56ddd89aba20988b8e208d948728496",
|
|
27
27
|
"type": "module"
|
|
28
28
|
}
|
package/request.js
CHANGED
|
@@ -40,14 +40,14 @@ definition.action({
|
|
|
40
40
|
const [sessionOrUserType, sessionOrUser] =
|
|
41
41
|
client.user ? ['user_User', client.user] : ['session_Session', client.session]
|
|
42
42
|
|
|
43
|
-
if(!publicAccess.availableRoles) throw
|
|
43
|
+
if(!publicAccess.availableRoles) throw app.logicError("notAuthorized")
|
|
44
44
|
for(const requestedRole of roles) {
|
|
45
|
-
if(!publicAccess.availableRoles.includes(requestedRole)) throw
|
|
45
|
+
if(!publicAccess.availableRoles.includes(requestedRole)) throw app.logicError("notAuthorized")
|
|
46
46
|
}
|
|
47
47
|
|
|
48
48
|
const request = App.encodeIdentifier([ sessionOrUserType, sessionOrUser, objectType, object ])
|
|
49
49
|
const requestData = await AccessRequest.get(request)
|
|
50
|
-
if(requestData) throw
|
|
50
|
+
if(requestData) throw app.logicError("already_requested")
|
|
51
51
|
|
|
52
52
|
if(publicAccess.autoGrantRequests) {
|
|
53
53
|
emit({
|
|
@@ -108,12 +108,12 @@ definition.action({
|
|
|
108
108
|
const myRoles = await access.getClientObjectRoles(client, { objectType, object }, true)
|
|
109
109
|
if(!myRoles.includes('admin')) {
|
|
110
110
|
for(const requestedRole of roles) {
|
|
111
|
-
if(!myRoles.includes(requestedRole)) throw
|
|
111
|
+
if(!myRoles.includes(requestedRole)) throw app.logicError("notAuthorized")
|
|
112
112
|
}
|
|
113
113
|
}
|
|
114
114
|
const request = App.encodeIdentifier([ sessionOrUserType, sessionOrUser, objectType, object ])
|
|
115
115
|
const requestData = await AccessRequest.get(request)
|
|
116
|
-
if(!requestData) throw
|
|
116
|
+
if(!requestData) throw app.logicError("not_found")
|
|
117
117
|
emit({
|
|
118
118
|
type: 'accessRequestAccepted',
|
|
119
119
|
objectType, object, sessionOrUserType, sessionOrUser, roles
|
package/view.js
CHANGED
|
@@ -39,7 +39,7 @@ definition.view({
|
|
|
39
39
|
},
|
|
40
40
|
async daoPath({ objectType, object, objects }, { client, service }, method) {
|
|
41
41
|
const allObjects = ((objectType && object) ? [{ objectType, object }] : []).concat(objects || [])
|
|
42
|
-
if(allObjects.length === 0) throw
|
|
42
|
+
if(allObjects.length === 0) throw app.logicError("empty_objects_list")
|
|
43
43
|
return access.accessPath(client, allObjects)
|
|
44
44
|
}
|
|
45
45
|
})
|
|
@@ -69,7 +69,7 @@ definition.view({
|
|
|
69
69
|
}
|
|
70
70
|
},
|
|
71
71
|
async daoPath({ objects }, { client, service }, method) {
|
|
72
|
-
if(objects.length === 0) throw
|
|
72
|
+
if(objects.length === 0) throw app.logicError("empty_objects_list")
|
|
73
73
|
return access.accessesPath(client, objects)
|
|
74
74
|
}
|
|
75
75
|
})
|