@magda/acs-cmd 2.3.3 → 3.0.0-alpha.1

package/bin/acs-cmd-list-roles.js

@@ -0,0 +1,136 @@
+#!/usr/bin/env node
+
+// ../../node_modules/@magda/esm-utils/dist/esmUtils.js
+import { createRequire } from "module";
+function callsites() {
+  const _prepareStackTrace = Error.prepareStackTrace;
+  try {
+    let result = [];
+    Error.prepareStackTrace = (_, callSites) => {
+      const callSitesWithoutCurrent = callSites.slice(1);
+      result = callSitesWithoutCurrent;
+      return callSitesWithoutCurrent;
+    };
+    new Error().stack;
+    return result;
+  } finally {
+    Error.prepareStackTrace = _prepareStackTrace;
+  }
+}
+function callerCallsite({ depth = 0 } = {}) {
+  const callers = [];
+  const callerFileSet = /* @__PURE__ */ new Set();
+  for (const callsite of callsites()) {
+    const fileName = callsite.getFileName();
+    const hasReceiver = callsite.getTypeName() !== null && fileName !== null;
+    if (!callerFileSet.has(fileName)) {
+      callerFileSet.add(fileName);
+      callers.unshift(callsite);
+    }
+    if (hasReceiver) {
+      return callers[depth];
+    }
+  }
+}
+function callerpath({ depth = 0 } = {}) {
+  const callsite = callerCallsite({ depth });
+  return callsite && callsite.getFileName();
+}
+function require2(id) {
+  const requireFrom = createRequire(callerpath({ depth: 1 }));
+  return requireFrom(id);
+}
+
+// ../../scripts/acs-cmd/acs-cmd-list-roles.js
+import { program } from "commander";
+import chalk from "chalk";
+
+// ../../scripts/db/getDBPool.js
+import pg from "pg";
+
+// ../../scripts/db/getDBConfig.js
+function getDBConfig() {
+  const {
+    POSTGRES_HOST: host,
+    POSTGRES_DB: database,
+    POSTGRES_USER: user,
+    POSTGRES_PASSWORD: password,
+    POSTGRES_PORT: port
+  } = process.env;
+  return {
+    host: host ? host : "localhost",
+    database: database ? database : "auth",
+    port: port ? port : 5432,
+    user: user ? user : "postgres",
+    password: password ? password : ""
+  };
+}
+
+// ../../scripts/db/getDBPool.js
+var pool = new pg.Pool(getDBConfig());
+pool.on("error", function(err, client) {
+  console.error("DB Pool Error: ", err.message, err.stack);
+});
+function getDBPool() {
+  return pool;
+}
+var getDBPool_default = getDBPool;
+
+// ../../scripts/acs-cmd/acs-cmd-list-roles.js
+import { table } from "table";
+var pkg = require2("../package.json");
+var pool2 = getDBPool_default();
+program.description("List all roles").version(pkg.version).action(async () => {
+  try {
+    const selectFields = ["id", "name", "description"];
+    const result = await pool2.query(
+      `SELECT ${selectFields.join(", ")} FROM roles`
+    );
+    if (!result || !result.rows || !result.rows.length) {
+      throw new Error("Cannot find any records!");
+    }
+    const data = [["ID", "Name", "Description", "Permissions"]];
+    const options = {
+      columns: {
+        0: {
+          width: 36
+        },
+        1: {
+          width: 20
+        },
+        2: {
+          width: 25
+        },
+        3: {
+          width: 37
+        }
+      }
+    };
+    for (let i = 0; i < result.rows.length; i++) {
+      const role = result.rows[i];
+      const permissions = await getPermissionsByRoleId(role["id"]);
+      data.push(
+        selectFields.map((k) => role[k]).concat([
+          permissions.map((p) => `${p.id}:
+${p.name}`).join("\n\n")
+        ])
+      );
+    }
+    console.log(table(data, options));
+  } catch (e) {
+    console.error(chalk.red(`Error: ${e}`));
+  }
+  process.exit(0);
+}).parse(process.argv);
+async function getPermissionsByRoleId(roleId) {
+  const result = await pool2.query(
+    `SELECT p.* 
+        FROM role_permissions AS rp
+        LEFT JOIN permissions p ON p.id = rp.permission_id
+        WHERE rp.role_id = $1`,
+    [roleId]
+  );
+  if (!result || !result.rows || !result.rows.length)
+    return [];
+  return result.rows;
+}

package/bin/acs-cmd-list-users.js

@@ -0,0 +1,147 @@
+#!/usr/bin/env node
+
+// ../../node_modules/@magda/esm-utils/dist/esmUtils.js
+import { createRequire } from "module";
+function callsites() {
+  const _prepareStackTrace = Error.prepareStackTrace;
+  try {
+    let result = [];
+    Error.prepareStackTrace = (_, callSites) => {
+      const callSitesWithoutCurrent = callSites.slice(1);
+      result = callSitesWithoutCurrent;
+      return callSitesWithoutCurrent;
+    };
+    new Error().stack;
+    return result;
+  } finally {
+    Error.prepareStackTrace = _prepareStackTrace;
+  }
+}
+function callerCallsite({ depth = 0 } = {}) {
+  const callers = [];
+  const callerFileSet = /* @__PURE__ */ new Set();
+  for (const callsite of callsites()) {
+    const fileName = callsite.getFileName();
+    const hasReceiver = callsite.getTypeName() !== null && fileName !== null;
+    if (!callerFileSet.has(fileName)) {
+      callerFileSet.add(fileName);
+      callers.unshift(callsite);
+    }
+    if (hasReceiver) {
+      return callers[depth];
+    }
+  }
+}
+function callerpath({ depth = 0 } = {}) {
+  const callsite = callerCallsite({ depth });
+  return callsite && callsite.getFileName();
+}
+function require2(id) {
+  const requireFrom = createRequire(callerpath({ depth: 1 }));
+  return requireFrom(id);
+}
+
+// ../../scripts/acs-cmd/acs-cmd-list-users.js
+import { program } from "commander";
+import chalk from "chalk";
+
+// ../../scripts/db/getDBPool.js
+import pg from "pg";
+
+// ../../scripts/db/getDBConfig.js
+function getDBConfig() {
+  const {
+    POSTGRES_HOST: host,
+    POSTGRES_DB: database,
+    POSTGRES_USER: user,
+    POSTGRES_PASSWORD: password,
+    POSTGRES_PORT: port
+  } = process.env;
+  return {
+    host: host ? host : "localhost",
+    database: database ? database : "auth",
+    port: port ? port : 5432,
+    user: user ? user : "postgres",
+    password: password ? password : ""
+  };
+}
+
+// ../../scripts/db/getDBPool.js
+var pool = new pg.Pool(getDBConfig());
+pool.on("error", function(err, client) {
+  console.error("DB Pool Error: ", err.message, err.stack);
+});
+function getDBPool() {
+  return pool;
+}
+var getDBPool_default = getDBPool;
+
+// ../../scripts/acs-cmd/acs-cmd-list-users.js
+import { table } from "table";
+var pkg = require2("../package.json");
+var pool2 = getDBPool_default();
+program.description("List all users").version(pkg.version).action(async () => {
+  try {
+    const selectFields = ["id", "displayName", "orgUnitId"];
+    const result = await pool2.query(
+      `SELECT ${selectFields.map((n) => `"${n}"`).join(", ")} FROM users`
+    );
+    if (!result || !result.rows || !result.rows.length) {
+      throw new Error("Cannot find any records!");
+    }
+    const data = [["ID", "Name", "Org Unit", "Roles"]];
+    const options = {
+      columns: {
+        0: {
+          width: 36
+        },
+        1: {
+          width: 15
+        },
+        2: {
+          width: 20
+        },
+        3: {
+          width: 37
+        }
+      }
+    };
+    for (let i = 0; i < result.rows.length; i++) {
+      const user = result.rows[i];
+      const roles = await getRolesByUserId(user["id"]);
+      const row = selectFields.map((k) => user[k]).concat([
+        roles.map((r) => `${r.id}:
+${r.name}`).join("\n\n")
+      ]);
+      row[2] = await getOrgUnitNameById(row[2]);
+      data.push(row);
+    }
+    console.log(table(data, options));
+  } catch (e) {
+    console.error(chalk.red(`Error: ${e}`));
+  }
+  process.exit(0);
+}).parse(process.argv);
+async function getRolesByUserId(userId) {
+  const result = await pool2.query(
+    `SELECT r.* 
+        FROM user_roles AS ur
+        LEFT JOIN roles r ON r.id = ur.role_id
+        WHERE ur.user_id = $1`,
+    [userId]
+  );
+  if (!result || !result.rows || !result.rows.length)
+    return [];
+  return result.rows;
+}
+async function getOrgUnitNameById(id) {
+  const result = await pool2.query(
+    `SELECT name 
+        FROM org_units
+        WHERE id = $1`,
+    [id]
+  );
+  if (!result || !result.rows || !result.rows.length)
+    return null;
+  return result.rows[0]["name"];
+}

package/bin/acs-cmd-list.js

@@ -0,0 +1,62 @@
+#!/usr/bin/env node
+
+// ../../node_modules/@magda/esm-utils/dist/esmUtils.js
+import { createRequire } from "module";
+function callsites() {
+  const _prepareStackTrace = Error.prepareStackTrace;
+  try {
+    let result = [];
+    Error.prepareStackTrace = (_, callSites) => {
+      const callSitesWithoutCurrent = callSites.slice(1);
+      result = callSitesWithoutCurrent;
+      return callSitesWithoutCurrent;
+    };
+    new Error().stack;
+    return result;
+  } finally {
+    Error.prepareStackTrace = _prepareStackTrace;
+  }
+}
+function callerCallsite({ depth = 0 } = {}) {
+  const callers = [];
+  const callerFileSet = /* @__PURE__ */ new Set();
+  for (const callsite of callsites()) {
+    const fileName = callsite.getFileName();
+    const hasReceiver = callsite.getTypeName() !== null && fileName !== null;
+    if (!callerFileSet.has(fileName)) {
+      callerFileSet.add(fileName);
+      callers.unshift(callsite);
+    }
+    if (hasReceiver) {
+      return callers[depth];
+    }
+  }
+}
+function callerpath({ depth = 0 } = {}) {
+  const callsite = callerCallsite({ depth });
+  return callsite && callsite.getFileName();
+}
+function require2(id) {
+  const requireFrom = createRequire(callerpath({ depth: 1 }));
+  return requireFrom(id);
+}
+
+// ../../scripts/acs-cmd/acs-cmd-list.js
+import { program } from "commander";
+import chalk from "chalk";
+var pkg = require2("../package.json");
+program.version(pkg.version).description(
+  `A tool for viewing magda access control data. Version: ${pkg.version}`
+).command("permissions", "List all permissions").command("roles", "List all roles").command("users", "List all users").on("command:*", function(cmds) {
+  if (["permissions", "roles", "users"].indexOf(cmds[0]) === -1) {
+    console.error(
+      chalk.red(
+        `Invalid command: ${program.args.join(
+          " "
+        )}
+See --help for a list of available commands.`
+      )
+    );
+    process.exit(1);
+  }
+}).parse(process.argv);

package/bin/acs-cmd-remove-permission.js

@@ -0,0 +1,132 @@
+#!/usr/bin/env node
+
+// ../../node_modules/@magda/esm-utils/dist/esmUtils.js
+import { createRequire } from "module";
+function callsites() {
+  const _prepareStackTrace = Error.prepareStackTrace;
+  try {
+    let result = [];
+    Error.prepareStackTrace = (_, callSites) => {
+      const callSitesWithoutCurrent = callSites.slice(1);
+      result = callSitesWithoutCurrent;
+      return callSitesWithoutCurrent;
+    };
+    new Error().stack;
+    return result;
+  } finally {
+    Error.prepareStackTrace = _prepareStackTrace;
+  }
+}
+function callerCallsite({ depth = 0 } = {}) {
+  const callers = [];
+  const callerFileSet = /* @__PURE__ */ new Set();
+  for (const callsite of callsites()) {
+    const fileName = callsite.getFileName();
+    const hasReceiver = callsite.getTypeName() !== null && fileName !== null;
+    if (!callerFileSet.has(fileName)) {
+      callerFileSet.add(fileName);
+      callers.unshift(callsite);
+    }
+    if (hasReceiver) {
+      return callers[depth];
+    }
+  }
+}
+function callerpath({ depth = 0 } = {}) {
+  const callsite = callerCallsite({ depth });
+  return callsite && callsite.getFileName();
+}
+function require2(id) {
+  const requireFrom = createRequire(callerpath({ depth: 1 }));
+  return requireFrom(id);
+}
+
+// ../../scripts/acs-cmd/acs-cmd-remove-permission.js
+import { program } from "commander";
+import chalk from "chalk";
+
+// ../../scripts/db/getDBPool.js
+import pg from "pg";
+
+// ../../scripts/db/getDBConfig.js
+function getDBConfig() {
+  const {
+    POSTGRES_HOST: host,
+    POSTGRES_DB: database,
+    POSTGRES_USER: user,
+    POSTGRES_PASSWORD: password,
+    POSTGRES_PORT: port
+  } = process.env;
+  return {
+    host: host ? host : "localhost",
+    database: database ? database : "auth",
+    port: port ? port : 5432,
+    user: user ? user : "postgres",
+    password: password ? password : ""
+  };
+}
+
+// ../../scripts/db/getDBPool.js
+var pool = new pg.Pool(getDBConfig());
+pool.on("error", function(err, client) {
+  console.error("DB Pool Error: ", err.message, err.stack);
+});
+function getDBPool() {
+  return pool;
+}
+var getDBPool_default = getDBPool;
+
+// ../../scripts/acs-cmd/utils.js
+async function recordExist(pool3, table, record) {
+  if (!Object.keys(record).length) {
+    throw new Error("record cannot be an empty object!");
+  }
+  const sqlValues = [];
+  const where = Object.keys(record).map((key) => {
+    sqlValues.push(record[key]);
+    return `"${key}" = $${sqlValues.length}`;
+  }).join(" AND ");
+  const result = await pool3.query(
+    `SELECT id FROM "${table}" WHERE ${where}`,
+    sqlValues
+  );
+  if (!result || !result.rows || !result.rows.length) {
+    return false;
+  }
+  return true;
+}
+
+// ../../scripts/acs-cmd/acs-cmd-remove-permission.js
+var pkg = require2("../package.json");
+var pool2 = getDBPool_default();
+program.description("Remove a permission from a role").argument("<permissionId>", "Permission ID").argument("<roleId>", "Role ID").version(pkg.version).action(async (permissionId, roleId) => {
+  try {
+    if (process.argv.slice(2).length < 2) {
+      program.help();
+    }
+    if (!await recordExist(pool2, "permissions", { id: permissionId })) {
+      throw new Error(
+        `Supplied permissionId: ${permissionId} doesn't exist`
+      );
+    }
+    if (!await recordExist(pool2, "roles", { id: roleId })) {
+      throw new Error(`Supplied roleId: ${roleId} doesn't exist`);
+    }
+    if (!await recordExist(pool2, "role_permissions", {
+      role_id: roleId,
+      permission_id: permissionId
+    })) {
+      throw new Error(
+        `Cannot remove the permission: Role (id: ${roleId}) has no permission with id: ${ropermissionIdleId}!`
+      );
+    }
+    await pool2.query(
+      `DELETE FROM role_permissions WHERE role_id = $1 AND permission_id = $2`,
+      [roleId, permissionId]
+    );
+    console.log(chalk.green("Operation Completed!"));
+  } catch (e) {
+    console.error(chalk.red(`Error: ${e}`));
+  }
+  process.exit(0);
+}).parse(process.argv);

package/bin/acs-cmd-remove-role.js

@@ -0,0 +1,130 @@
+#!/usr/bin/env node
+
+// ../../node_modules/@magda/esm-utils/dist/esmUtils.js
+import { createRequire } from "module";
+function callsites() {
+  const _prepareStackTrace = Error.prepareStackTrace;
+  try {
+    let result = [];
+    Error.prepareStackTrace = (_, callSites) => {
+      const callSitesWithoutCurrent = callSites.slice(1);
+      result = callSitesWithoutCurrent;
+      return callSitesWithoutCurrent;
+    };
+    new Error().stack;
+    return result;
+  } finally {
+    Error.prepareStackTrace = _prepareStackTrace;
+  }
+}
+function callerCallsite({ depth = 0 } = {}) {
+  const callers = [];
+  const callerFileSet = /* @__PURE__ */ new Set();
+  for (const callsite of callsites()) {
+    const fileName = callsite.getFileName();
+    const hasReceiver = callsite.getTypeName() !== null && fileName !== null;
+    if (!callerFileSet.has(fileName)) {
+      callerFileSet.add(fileName);
+      callers.unshift(callsite);
+    }
+    if (hasReceiver) {
+      return callers[depth];
+    }
+  }
+}
+function callerpath({ depth = 0 } = {}) {
+  const callsite = callerCallsite({ depth });
+  return callsite && callsite.getFileName();
+}
+function require2(id) {
+  const requireFrom = createRequire(callerpath({ depth: 1 }));
+  return requireFrom(id);
+}
+
+// ../../scripts/acs-cmd/acs-cmd-remove-role.js
+import { program } from "commander";
+import chalk from "chalk";
+
+// ../../scripts/db/getDBPool.js
+import pg from "pg";
+
+// ../../scripts/db/getDBConfig.js
+function getDBConfig() {
+  const {
+    POSTGRES_HOST: host,
+    POSTGRES_DB: database,
+    POSTGRES_USER: user,
+    POSTGRES_PASSWORD: password,
+    POSTGRES_PORT: port
+  } = process.env;
+  return {
+    host: host ? host : "localhost",
+    database: database ? database : "auth",
+    port: port ? port : 5432,
+    user: user ? user : "postgres",
+    password: password ? password : ""
+  };
+}
+
+// ../../scripts/db/getDBPool.js
+var pool = new pg.Pool(getDBConfig());
+pool.on("error", function(err, client) {
+  console.error("DB Pool Error: ", err.message, err.stack);
+});
+function getDBPool() {
+  return pool;
+}
+var getDBPool_default = getDBPool;
+
+// ../../scripts/acs-cmd/utils.js
+async function recordExist(pool3, table, record) {
+  if (!Object.keys(record).length) {
+    throw new Error("record cannot be an empty object!");
+  }
+  const sqlValues = [];
+  const where = Object.keys(record).map((key) => {
+    sqlValues.push(record[key]);
+    return `"${key}" = $${sqlValues.length}`;
+  }).join(" AND ");
+  const result = await pool3.query(
+    `SELECT id FROM "${table}" WHERE ${where}`,
+    sqlValues
+  );
+  if (!result || !result.rows || !result.rows.length) {
+    return false;
+  }
+  return true;
+}
+
+// ../../scripts/acs-cmd/acs-cmd-remove-role.js
+var pkg = require2("../package.json");
+var pool2 = getDBPool_default();
+program.description("Remove a role from a user").argument("<roleId>", "Role ID").argument("<userId>", "User ID").version(pkg.version).action(async (roleId, userId) => {
+  try {
+    if (process.argv.slice(2).length < 2) {
+      program.help();
+    }
+    if (!await recordExist(pool2, "users", { id: userId })) {
+      throw new Error(`Supplied userId: ${userId} doesn't exist`);
+    }
+    if (!await recordExist(pool2, "roles", { id: roleId })) {
+      throw new Error(`Supplied roleId: ${roleId} doesn't exist`);
+    }
+    if (!await recordExist(pool2, "user_roles", {
+      role_id: roleId,
+      user_id: userId
+    })) {
+      throw new Error(
+        `Cannot remove the role: User (id: ${userId}) has no Role with id: ${roleId}!`
+      );
+    }
+    await pool2.query(
+      `DELETE FROM user_roles WHERE role_id = $1 AND user_id = $2`,
+      [roleId, userId]
+    );
+    console.log(chalk.green("Operation Completed!"));
+  } catch (e) {
+    console.error(chalk.red(`Error: ${e}`));
+  }
+  process.exit(0);
+}).parse(process.argv);

package/bin/acs-cmd-remove.js

@@ -0,0 +1,65 @@
+#!/usr/bin/env node
+
+// ../../node_modules/@magda/esm-utils/dist/esmUtils.js
+import { createRequire } from "module";
+function callsites() {
+  const _prepareStackTrace = Error.prepareStackTrace;
+  try {
+    let result = [];
+    Error.prepareStackTrace = (_, callSites) => {
+      const callSitesWithoutCurrent = callSites.slice(1);
+      result = callSitesWithoutCurrent;
+      return callSitesWithoutCurrent;
+    };
+    new Error().stack;
+    return result;
+  } finally {
+    Error.prepareStackTrace = _prepareStackTrace;
+  }
+}
+function callerCallsite({ depth = 0 } = {}) {
+  const callers = [];
+  const callerFileSet = /* @__PURE__ */ new Set();
+  for (const callsite of callsites()) {
+    const fileName = callsite.getFileName();
+    const hasReceiver = callsite.getTypeName() !== null && fileName !== null;
+    if (!callerFileSet.has(fileName)) {
+      callerFileSet.add(fileName);
+      callers.unshift(callsite);
+    }
+    if (hasReceiver) {
+      return callers[depth];
+    }
+  }
+}
+function callerpath({ depth = 0 } = {}) {
+  const callsite = callerCallsite({ depth });
+  return callsite && callsite.getFileName();
+}
+function require2(id) {
+  const requireFrom = createRequire(callerpath({ depth: 1 }));
+  return requireFrom(id);
+}
+
+// ../../scripts/acs-cmd/acs-cmd-remove.js
+import { program } from "commander";
+import chalk from "chalk";
+var pkg = require2("../package.json");
+program.version(pkg.version).description(
+  `A tool for removing magda access control role / permission assignment. Version: ${pkg.version}`
+).command(
+  "permission <permissionId> <roleId>",
+  "Remove a permission from a role"
+).command("role <roleId> <userId>", "Remove a role from a user").on("command:*", function(cmds) {
+  if (["permission", "role"].indexOf(cmds[0]) === -1) {
+    console.error(
+      chalk.red(
+        `Invalid command: ${program.args.join(
+          " "
+        )}
+See --help for a list of available commands.`
+      )
+    );
+    process.exit(1);
+  }
+}).parse(process.argv);