@live-change/access-control-service 0.9.41 → 0.9.43
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/indexes.js +375 -4
- package/package.json +3 -3
package/indexes.js
CHANGED
|
@@ -401,7 +401,7 @@ if(config.indexed) {
|
|
|
401
401
|
}
|
|
402
402
|
})
|
|
403
403
|
|
|
404
|
-
definition.index({
|
|
404
|
+
const roleByOwnerAndObjectIndex = definition.index({
|
|
405
405
|
name: 'roleByOwnerAndObject',
|
|
406
406
|
async function(input, output, { expandedRolesIndexName }) {
|
|
407
407
|
const expandedRolesIndex = await input.index(expandedRolesIndexName)
|
|
@@ -433,7 +433,7 @@ if(config.indexed) {
|
|
|
433
433
|
expandedRolesIndexName: definition.name + '_expandedRoles'
|
|
434
434
|
}
|
|
435
435
|
})
|
|
436
|
-
definition.index({
|
|
436
|
+
const objectByOwnerAndRoleIndex = definition.index({
|
|
437
437
|
name: 'objectByOwnerAndRole',
|
|
438
438
|
async function(input, output, { rolesIndexName }) {
|
|
439
439
|
const rolesIndex = await input.index(rolesIndexName)
|
|
@@ -455,7 +455,7 @@ if(config.indexed) {
|
|
|
455
455
|
}
|
|
456
456
|
})
|
|
457
457
|
|
|
458
|
-
definition.index({
|
|
458
|
+
const ownerByObjectAndRoleIndex = definition.index({
|
|
459
459
|
name: 'ownerByObjectAndRole',
|
|
460
460
|
async function(input, output, { rolesIndexName }) {
|
|
461
461
|
const rolesIndex = await input.index(rolesIndexName)
|
|
@@ -477,4 +477,375 @@ if(config.indexed) {
|
|
|
477
477
|
}
|
|
478
478
|
})
|
|
479
479
|
|
|
480
|
-
|
|
480
|
+
definition.view({
|
|
481
|
+
name: 'accessibleObjects',
|
|
482
|
+
properties: {
|
|
483
|
+
sessionOrUserType: {
|
|
484
|
+
type: String,
|
|
485
|
+
validation: ['nonEmpty']
|
|
486
|
+
},
|
|
487
|
+
sessionOrUser: {
|
|
488
|
+
type: String,
|
|
489
|
+
validation: ['nonEmpty']
|
|
490
|
+
},
|
|
491
|
+
objectType: {
|
|
492
|
+
type: String
|
|
493
|
+
},
|
|
494
|
+
...App.rangeProperties
|
|
495
|
+
},
|
|
496
|
+
access({ }, { client }) {
|
|
497
|
+
return client.roles.includes('admin')
|
|
498
|
+
},
|
|
499
|
+
daoPath(params, { client, service }, method) {
|
|
500
|
+
const { sessionOrUserType, sessionOrUser, objectType } = params
|
|
501
|
+
const range = App.extractRange(params)
|
|
502
|
+
if(!range.limit || range.limit > 1000) range.limit = 1000
|
|
503
|
+
if(objectType) {
|
|
504
|
+
return roleByOwnerAndObjectIndex.rangePath(
|
|
505
|
+
[sessionOrUserType, sessionOrUser, objectType],
|
|
506
|
+
range
|
|
507
|
+
)
|
|
508
|
+
} else {
|
|
509
|
+
return ownerByObjectAndRoleIndex.rangePath(
|
|
510
|
+
[sessionOrUserType, sessionOrUser],
|
|
511
|
+
range
|
|
512
|
+
)
|
|
513
|
+
}
|
|
514
|
+
}
|
|
515
|
+
})
|
|
516
|
+
|
|
517
|
+
definition.view({
|
|
518
|
+
name: 'accessibleObjectsCount',
|
|
519
|
+
properties: {
|
|
520
|
+
sessionOrUserType: {
|
|
521
|
+
type: String,
|
|
522
|
+
validation: ['nonEmpty']
|
|
523
|
+
},
|
|
524
|
+
sessionOrUser: {
|
|
525
|
+
type: String,
|
|
526
|
+
validation: ['nonEmpty']
|
|
527
|
+
},
|
|
528
|
+
objectType: {
|
|
529
|
+
type: String
|
|
530
|
+
},
|
|
531
|
+
...App.rangeProperties
|
|
532
|
+
},
|
|
533
|
+
access({ }, { client }) {
|
|
534
|
+
return client.roles.includes('admin')
|
|
535
|
+
},
|
|
536
|
+
daoPath(params, { client, service }, method) {
|
|
537
|
+
const { sessionOrUserType, sessionOrUser, objectType } = params
|
|
538
|
+
const range = App.extractRange(params)
|
|
539
|
+
if(!range.limit || range.limit > 1000) range.limit = 1000
|
|
540
|
+
if(objectType) {
|
|
541
|
+
return roleByOwnerAndObjectIndex.countPath(
|
|
542
|
+
[sessionOrUserType, sessionOrUser, objectType],
|
|
543
|
+
range
|
|
544
|
+
)
|
|
545
|
+
} else {
|
|
546
|
+
return ownerByObjectAndRoleIndex.countPath(
|
|
547
|
+
[sessionOrUserType, sessionOrUser],
|
|
548
|
+
range
|
|
549
|
+
)
|
|
550
|
+
}
|
|
551
|
+
}
|
|
552
|
+
})
|
|
553
|
+
|
|
554
|
+
definition.view({
|
|
555
|
+
name: 'myAccessibleObjects',
|
|
556
|
+
properties: {
|
|
557
|
+
objectType: {
|
|
558
|
+
type: String
|
|
559
|
+
},
|
|
560
|
+
...App.rangeProperties
|
|
561
|
+
},
|
|
562
|
+
access({ }, { client }) {
|
|
563
|
+
return client.roles.includes('admin')
|
|
564
|
+
},
|
|
565
|
+
daoPath(params, { client, service }, method) {
|
|
566
|
+
const [ sessionOrUserType, sessionOrUser ] = client.user
|
|
567
|
+
? ['user_User', client.user] : ['session_Session', client.session]
|
|
568
|
+
const { objectType } = params
|
|
569
|
+
const range = App.extractRange(params)
|
|
570
|
+
if(!range.limit || range.limit > 1000) range.limit = 1000
|
|
571
|
+
if(objectType) {
|
|
572
|
+
return roleByOwnerAndObjectIndex.rangePath(
|
|
573
|
+
[sessionOrUserType, sessionOrUser, objectType],
|
|
574
|
+
range
|
|
575
|
+
)
|
|
576
|
+
} else {
|
|
577
|
+
return ownerByObjectAndRoleIndex.rangePath(
|
|
578
|
+
[sessionOrUserType, sessionOrUser],
|
|
579
|
+
range
|
|
580
|
+
)
|
|
581
|
+
}
|
|
582
|
+
}
|
|
583
|
+
})
|
|
584
|
+
|
|
585
|
+
definition.view({
|
|
586
|
+
name: 'myAccessibleObjectsCount',
|
|
587
|
+
properties: {
|
|
588
|
+
objectType: {
|
|
589
|
+
type: String
|
|
590
|
+
},
|
|
591
|
+
...App.rangeProperties
|
|
592
|
+
},
|
|
593
|
+
access({ }, { client }) {
|
|
594
|
+
return client.roles.includes('admin')
|
|
595
|
+
},
|
|
596
|
+
daoPath(params, { client, service }, method) {
|
|
597
|
+
const [ sessionOrUserType, sessionOrUser ] = client.user
|
|
598
|
+
? ['user_User', client.user] : ['session_Session', client.session]
|
|
599
|
+
const { objectType } = params
|
|
600
|
+
const range = App.extractRange(params)
|
|
601
|
+
if(!range.limit || range.limit > 1000) range.limit = 1000
|
|
602
|
+
if(objectType) {
|
|
603
|
+
return roleByOwnerAndObjectIndex.countPath(
|
|
604
|
+
[sessionOrUserType, sessionOrUser, objectType],
|
|
605
|
+
range
|
|
606
|
+
)
|
|
607
|
+
} else {
|
|
608
|
+
return ownerByObjectAndRoleIndex.countPath(
|
|
609
|
+
[sessionOrUserType, sessionOrUser],
|
|
610
|
+
range
|
|
611
|
+
)
|
|
612
|
+
}
|
|
613
|
+
}
|
|
614
|
+
})
|
|
615
|
+
|
|
616
|
+
|
|
617
|
+
definition.view({
|
|
618
|
+
name: 'accessibleObjectsByRole',
|
|
619
|
+
properties: {
|
|
620
|
+
sessionOrUserType: {
|
|
621
|
+
type: String,
|
|
622
|
+
validation: ['nonEmpty']
|
|
623
|
+
},
|
|
624
|
+
sessionOrUser: {
|
|
625
|
+
type: String,
|
|
626
|
+
validation: ['nonEmpty']
|
|
627
|
+
},
|
|
628
|
+
role: {
|
|
629
|
+
type: String,
|
|
630
|
+
validation: ['nonEmpty']
|
|
631
|
+
},
|
|
632
|
+
objectType: {
|
|
633
|
+
type: String
|
|
634
|
+
},
|
|
635
|
+
...App.rangeProperties
|
|
636
|
+
},
|
|
637
|
+
access({ }, { client }) {
|
|
638
|
+
return client.roles.includes('admin')
|
|
639
|
+
},
|
|
640
|
+
daoPath(params, { client, service }, method) {
|
|
641
|
+
const { sessionOrUserType, sessionOrUser, role, objectType } = params
|
|
642
|
+
const range = App.extractRange(params)
|
|
643
|
+
if(!range.limit || range.limit > 1000) range.limit = 1000
|
|
644
|
+
if(objectType) {
|
|
645
|
+
return objectByOwnerAndRoleIndex.rangePath(
|
|
646
|
+
[sessionOrUserType, sessionOrUser, role, objectType],
|
|
647
|
+
range
|
|
648
|
+
)
|
|
649
|
+
} else {
|
|
650
|
+
return ownerByObjectAndRoleIndex.rangePath(
|
|
651
|
+
[sessionOrUserType, sessionOrUser, role],
|
|
652
|
+
range
|
|
653
|
+
)
|
|
654
|
+
}
|
|
655
|
+
}
|
|
656
|
+
})
|
|
657
|
+
|
|
658
|
+
definition.view({
|
|
659
|
+
name: 'accessibleObjectsByRoleCount',
|
|
660
|
+
properties: {
|
|
661
|
+
sessionOrUserType: {
|
|
662
|
+
type: String,
|
|
663
|
+
validation: ['nonEmpty']
|
|
664
|
+
},
|
|
665
|
+
sessionOrUser: {
|
|
666
|
+
type: String,
|
|
667
|
+
validation: ['nonEmpty']
|
|
668
|
+
},
|
|
669
|
+
role: {
|
|
670
|
+
type: String,
|
|
671
|
+
validation: ['nonEmpty']
|
|
672
|
+
},
|
|
673
|
+
objectType: {
|
|
674
|
+
type: String
|
|
675
|
+
},
|
|
676
|
+
...App.rangeProperties
|
|
677
|
+
},
|
|
678
|
+
access({ }, { client }) {
|
|
679
|
+
return client.roles.includes('admin')
|
|
680
|
+
},
|
|
681
|
+
daoPath(params, { client, service }, method) {
|
|
682
|
+
const { sessionOrUserType, sessionOrUser, role, objectType } = params
|
|
683
|
+
const range = App.extractRange(params)
|
|
684
|
+
if(!range.limit || range.limit > 1000) range.limit = 1000
|
|
685
|
+
if(objectType) {
|
|
686
|
+
return objectByOwnerAndRoleIndex.countPath(
|
|
687
|
+
[sessionOrUserType, sessionOrUser, role, objectType],
|
|
688
|
+
range
|
|
689
|
+
)
|
|
690
|
+
} else {
|
|
691
|
+
return ownerByObjectAndRoleIndex.countPath(
|
|
692
|
+
[sessionOrUserType, sessionOrUser, role],
|
|
693
|
+
range
|
|
694
|
+
)
|
|
695
|
+
}
|
|
696
|
+
}
|
|
697
|
+
})
|
|
698
|
+
|
|
699
|
+
definition.view({
|
|
700
|
+
name: 'myAccessibleObjectsByRole',
|
|
701
|
+
properties: {
|
|
702
|
+
role: {
|
|
703
|
+
type: String,
|
|
704
|
+
validation: ['nonEmpty']
|
|
705
|
+
},
|
|
706
|
+
objectType: {
|
|
707
|
+
type: String
|
|
708
|
+
},
|
|
709
|
+
...App.rangeProperties
|
|
710
|
+
},
|
|
711
|
+
access({ }, { client }) {
|
|
712
|
+
return client.roles.includes('admin')
|
|
713
|
+
},
|
|
714
|
+
daoPath(params, { client, service }, method) {
|
|
715
|
+
const [ sessionOrUserType, sessionOrUser ] = client.user
|
|
716
|
+
? ['user_User', client.user] : ['session_Session', client.session]
|
|
717
|
+
const { role, objectType } = params
|
|
718
|
+
const range = App.extractRange(params)
|
|
719
|
+
if(!range.limit || range.limit > 1000) range.limit = 1000
|
|
720
|
+
if(objectType) {
|
|
721
|
+
return objectByOwnerAndRoleIndex.rangePath(
|
|
722
|
+
[sessionOrUserType, sessionOrUser, role, objectType],
|
|
723
|
+
range
|
|
724
|
+
)
|
|
725
|
+
} else {
|
|
726
|
+
return ownerByObjectAndRoleIndex.rangePath(
|
|
727
|
+
[sessionOrUserType, sessionOrUser, role],
|
|
728
|
+
range
|
|
729
|
+
)
|
|
730
|
+
}
|
|
731
|
+
}
|
|
732
|
+
})
|
|
733
|
+
|
|
734
|
+
definition.view({
|
|
735
|
+
name: 'myAccessibleObjectsByRoleCount',
|
|
736
|
+
properties: {
|
|
737
|
+
role: {
|
|
738
|
+
type: String,
|
|
739
|
+
validation: ['nonEmpty']
|
|
740
|
+
},
|
|
741
|
+
objectType: {
|
|
742
|
+
type: String
|
|
743
|
+
},
|
|
744
|
+
...App.rangeProperties
|
|
745
|
+
},
|
|
746
|
+
access({ }, { client }) {
|
|
747
|
+
return client.roles.includes('admin')
|
|
748
|
+
},
|
|
749
|
+
daoPath(params, { client, service }, method) {
|
|
750
|
+
const [ sessionOrUserType, sessionOrUser ] = client.user
|
|
751
|
+
? ['user_User', client.user] : ['session_Session', client.session]
|
|
752
|
+
const { role, objectType } = params
|
|
753
|
+
const range = App.extractRange(params)
|
|
754
|
+
if(!range.limit || range.limit > 1000) range.limit = 1000
|
|
755
|
+
if(objectType) {
|
|
756
|
+
return objectByOwnerAndRoleIndex.countPath(
|
|
757
|
+
[sessionOrUserType, sessionOrUser, role, objectType],
|
|
758
|
+
range
|
|
759
|
+
)
|
|
760
|
+
} else {
|
|
761
|
+
return ownerByObjectAndRoleIndex.countPath(
|
|
762
|
+
[sessionOrUserType, sessionOrUser, role],
|
|
763
|
+
range
|
|
764
|
+
)
|
|
765
|
+
}
|
|
766
|
+
}
|
|
767
|
+
})
|
|
768
|
+
|
|
769
|
+
function isObjectRole(client, objectType, object, role) {
|
|
770
|
+
const [ sessionOrUserType, sessionOrUser ] = client.user
|
|
771
|
+
? [ 'user_User', client.user ] : [ 'session_Session', client.session ]
|
|
772
|
+
const found = objectByOwnerAndRoleIndex.rangePath(
|
|
773
|
+
[sessionOrUserType, sessionOrUser, role, objectType, object],
|
|
774
|
+
{ limit: 1 }
|
|
775
|
+
)
|
|
776
|
+
return found.length > 0
|
|
777
|
+
}
|
|
778
|
+
|
|
779
|
+
definition.view({
|
|
780
|
+
name: 'objectAccesses',
|
|
781
|
+
properties: {
|
|
782
|
+
objectType: {
|
|
783
|
+
type: String,
|
|
784
|
+
validation: ['nonEmpty']
|
|
785
|
+
},
|
|
786
|
+
object: {
|
|
787
|
+
type: String,
|
|
788
|
+
validation: ['nonEmpty']
|
|
789
|
+
},
|
|
790
|
+
role: {
|
|
791
|
+
type: String,
|
|
792
|
+
},
|
|
793
|
+
...App.rangeProperties
|
|
794
|
+
},
|
|
795
|
+
access({ objectType, object }, { client }) {
|
|
796
|
+
if(client.roles.includes('admin')) return true
|
|
797
|
+
return isObjectRole(client, objectType, object, 'owner')
|
|
798
|
+
},
|
|
799
|
+
daoPath(params, { client, service }, method) {
|
|
800
|
+
const { objectType, object } = params
|
|
801
|
+
const range = App.extractRange(params)
|
|
802
|
+
if(!range.limit || range.limit > 1000) range.limit = 1000
|
|
803
|
+
if(role) {
|
|
804
|
+
return objectByOwnerAndRoleIndex.rangePath(
|
|
805
|
+
[objectType, object, role],
|
|
806
|
+
range
|
|
807
|
+
)
|
|
808
|
+
} else {
|
|
809
|
+
return ownerByObjectAndRoleIndex.rangePath(
|
|
810
|
+
[objectType, object],
|
|
811
|
+
range
|
|
812
|
+
)
|
|
813
|
+
}
|
|
814
|
+
}
|
|
815
|
+
})
|
|
816
|
+
|
|
817
|
+
definition.view({
|
|
818
|
+
name: 'objectAccessesCount',
|
|
819
|
+
properties: {
|
|
820
|
+
objectType: {
|
|
821
|
+
type: String,
|
|
822
|
+
validation: ['nonEmpty']
|
|
823
|
+
},
|
|
824
|
+
object: {
|
|
825
|
+
type: String,
|
|
826
|
+
validation: ['nonEmpty']
|
|
827
|
+
},
|
|
828
|
+
...App.rangeProperties
|
|
829
|
+
},
|
|
830
|
+
access({ }, { client }) {
|
|
831
|
+
if(client.roles.includes('admin')) return true
|
|
832
|
+
return isObjectRole(client, objectType, object, 'owner')
|
|
833
|
+
},
|
|
834
|
+
daoPath(params, { client, service }, method) {
|
|
835
|
+
const { objectType, object } = params
|
|
836
|
+
const range = App.extractRange(params)
|
|
837
|
+
if(role) {
|
|
838
|
+
return objectByOwnerAndRoleIndex.countPath(
|
|
839
|
+
[objectType, object, role],
|
|
840
|
+
range
|
|
841
|
+
)
|
|
842
|
+
} else {
|
|
843
|
+
return ownerByObjectAndRoleIndex.countPath(
|
|
844
|
+
[objectType, object],
|
|
845
|
+
range
|
|
846
|
+
)
|
|
847
|
+
}
|
|
848
|
+
}
|
|
849
|
+
})
|
|
850
|
+
|
|
851
|
+
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@live-change/access-control-service",
|
|
3
|
-
"version": "0.9.
|
|
3
|
+
"version": "0.9.43",
|
|
4
4
|
"description": "",
|
|
5
5
|
"main": "index.js",
|
|
6
6
|
"scripts": {
|
|
@@ -21,8 +21,8 @@
|
|
|
21
21
|
"url": "https://www.viamage.com/"
|
|
22
22
|
},
|
|
23
23
|
"dependencies": {
|
|
24
|
-
"@live-change/framework": "^0.9.
|
|
24
|
+
"@live-change/framework": "^0.9.43"
|
|
25
25
|
},
|
|
26
|
-
"gitHead": "
|
|
26
|
+
"gitHead": "608a5e07398216f7f52f58ec338e7b10df457bc3",
|
|
27
27
|
"type": "module"
|
|
28
28
|
}
|