@meridianjs/meridian 2.0.0 → 2.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/api/admin/issues/[id]/attachments/route.d.ts.map +1 -1
- package/dist/api/admin/issues/[id]/attachments/route.js +22 -0
- package/dist/api/admin/issues/[id]/attachments/route.js.map +1 -1
- package/dist/api/admin/issues/[id]/time-logs/route.d.ts.map +1 -1
- package/dist/api/admin/issues/[id]/time-logs/route.js +22 -0
- package/dist/api/admin/issues/[id]/time-logs/route.js.map +1 -1
- package/dist/api/admin/issues/[id]/time-logs/timer/route.d.ts.map +1 -1
- package/dist/api/admin/issues/[id]/time-logs/timer/route.js +22 -0
- package/dist/api/admin/issues/[id]/time-logs/timer/route.js.map +1 -1
- package/dist/api/admin/issues/route.d.ts.map +1 -1
- package/dist/api/admin/issues/route.js +2 -7
- package/dist/api/admin/issues/route.js.map +1 -1
- package/dist/api/admin/my/tasks/route.d.ts.map +1 -1
- package/dist/api/admin/my/tasks/route.js +16 -24
- package/dist/api/admin/my/tasks/route.js.map +1 -1
- package/dist/api/admin/notifications/route.d.ts.map +1 -1
- package/dist/api/admin/notifications/route.js +53 -1
- package/dist/api/admin/notifications/route.js.map +1 -1
- package/dist/api/admin/projects/[id]/access-requests/[requestId]/route.d.ts.map +1 -1
- package/dist/api/admin/projects/[id]/access-requests/[requestId]/route.js +15 -26
- package/dist/api/admin/projects/[id]/access-requests/[requestId]/route.js.map +1 -1
- package/dist/api/admin/projects/[id]/access-requests/route.d.ts.map +1 -1
- package/dist/api/admin/projects/[id]/access-requests/route.js +12 -27
- package/dist/api/admin/projects/[id]/access-requests/route.js.map +1 -1
- package/dist/api/admin/projects/[id]/health/[updateId]/route.d.ts.map +1 -1
- package/dist/api/admin/projects/[id]/health/[updateId]/route.js +5 -0
- package/dist/api/admin/projects/[id]/health/[updateId]/route.js.map +1 -1
- package/dist/api/admin/projects/route.d.ts.map +1 -1
- package/dist/api/admin/projects/route.js +3 -18
- package/dist/api/admin/projects/route.js.map +1 -1
- package/dist/api/admin/reporting/members/route.d.ts.map +1 -1
- package/dist/api/admin/reporting/members/route.js +2 -6
- package/dist/api/admin/reporting/members/route.js.map +1 -1
- package/dist/api/admin/reporting/time-logs/route.d.ts.map +1 -1
- package/dist/api/admin/reporting/time-logs/route.js +11 -26
- package/dist/api/admin/reporting/time-logs/route.js.map +1 -1
- package/dist/api/admin/workspaces/[id]/access-requests/[requestId]/route.d.ts.map +1 -1
- package/dist/api/admin/workspaces/[id]/access-requests/[requestId]/route.js +5 -26
- package/dist/api/admin/workspaces/[id]/access-requests/[requestId]/route.js.map +1 -1
- package/dist/api/admin/workspaces/[id]/access-requests/route.d.ts.map +1 -1
- package/dist/api/admin/workspaces/[id]/access-requests/route.js +5 -19
- package/dist/api/admin/workspaces/[id]/access-requests/route.js.map +1 -1
- package/dist/api/admin/workspaces/[id]/invitations/[inviteId]/resend/route.d.ts.map +1 -1
- package/dist/api/admin/workspaces/[id]/invitations/[inviteId]/resend/route.js +1 -15
- package/dist/api/admin/workspaces/[id]/invitations/[inviteId]/resend/route.js.map +1 -1
- package/dist/api/admin/workspaces/[id]/invitations/[inviteId]/route.d.ts.map +1 -1
- package/dist/api/admin/workspaces/[id]/invitations/[inviteId]/route.js +1 -15
- package/dist/api/admin/workspaces/[id]/invitations/[inviteId]/route.js.map +1 -1
- package/dist/api/admin/workspaces/[id]/invitations/route.d.ts.map +1 -1
- package/dist/api/admin/workspaces/[id]/invitations/route.js +3 -22
- package/dist/api/admin/workspaces/[id]/invitations/route.js.map +1 -1
- package/dist/api/admin/workspaces/[id]/logo/route.d.ts.map +1 -1
- package/dist/api/admin/workspaces/[id]/logo/route.js +1 -15
- package/dist/api/admin/workspaces/[id]/logo/route.js.map +1 -1
- package/dist/api/admin/workspaces/[id]/members/[userId]/route.d.ts.map +1 -1
- package/dist/api/admin/workspaces/[id]/members/[userId]/route.js +1 -19
- package/dist/api/admin/workspaces/[id]/members/[userId]/route.js.map +1 -1
- package/dist/api/admin/workspaces/[id]/members/batch/route.d.ts.map +1 -1
- package/dist/api/admin/workspaces/[id]/members/batch/route.js +15 -36
- package/dist/api/admin/workspaces/[id]/members/batch/route.js.map +1 -1
- package/dist/api/admin/workspaces/[id]/members/route.d.ts.map +1 -1
- package/dist/api/admin/workspaces/[id]/members/route.js +9 -36
- package/dist/api/admin/workspaces/[id]/members/route.js.map +1 -1
- package/dist/api/admin/workspaces/[id]/route.d.ts.map +1 -1
- package/dist/api/admin/workspaces/[id]/route.js +3 -22
- package/dist/api/admin/workspaces/[id]/route.js.map +1 -1
- package/dist/api/admin/workspaces/[id]/teams/[teamId]/members/[userId]/route.d.ts.map +1 -1
- package/dist/api/admin/workspaces/[id]/teams/[teamId]/members/[userId]/route.js +1 -19
- package/dist/api/admin/workspaces/[id]/teams/[teamId]/members/[userId]/route.js.map +1 -1
- package/dist/api/admin/workspaces/[id]/teams/[teamId]/members/route.d.ts.map +1 -1
- package/dist/api/admin/workspaces/[id]/teams/[teamId]/members/route.js +1 -19
- package/dist/api/admin/workspaces/[id]/teams/[teamId]/members/route.js.map +1 -1
- package/dist/api/admin/workspaces/[id]/teams/[teamId]/route.d.ts.map +1 -1
- package/dist/api/admin/workspaces/[id]/teams/[teamId]/route.js +1 -19
- package/dist/api/admin/workspaces/[id]/teams/[teamId]/route.js.map +1 -1
- package/dist/api/admin/workspaces/[id]/teams/route.d.ts.map +1 -1
- package/dist/api/admin/workspaces/[id]/teams/route.js +1 -19
- package/dist/api/admin/workspaces/[id]/teams/route.js.map +1 -1
- package/dist/api/admin/workspaces/route.js +1 -1
- package/dist/api/admin/workspaces/route.js.map +1 -1
- package/dist/api/auth/invite/[token]/route.d.ts.map +1 -1
- package/dist/api/auth/invite/[token]/route.js +2 -17
- package/dist/api/auth/invite/[token]/route.js.map +1 -1
- package/dist/api/utils/assign-default-role.d.ts +6 -0
- package/dist/api/utils/assign-default-role.d.ts.map +1 -0
- package/dist/api/utils/assign-default-role.js +23 -0
- package/dist/api/utils/assign-default-role.js.map +1 -0
- package/dist/api/utils/project-access.d.ts +9 -0
- package/dist/api/utils/project-access.d.ts.map +1 -1
- package/dist/api/utils/project-access.js +27 -0
- package/dist/api/utils/project-access.js.map +1 -1
- package/dist/api/utils/workspace-access.d.ts +17 -0
- package/dist/api/utils/workspace-access.d.ts.map +1 -0
- package/dist/api/utils/workspace-access.js +72 -0
- package/dist/api/utils/workspace-access.js.map +1 -0
- package/package.json +6 -6
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"route.js","sourceRoot":"","sources":["../../../../src/api/admin/workspaces/route.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAA;AAEpD,MAAM,CAAC,MAAM,GAAG,GAAG,KAAK,EAAE,GAAQ,EAAE,GAAa,EAAE,EAAE;IACnD,MAAM,gBAAgB,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,wBAAwB,CAAQ,CAAA;IAC3E,MAAM,sBAAsB,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,8BAA8B,CAAQ,CAAA;IACvF,MAAM,KAAK,GAAG,
|
|
1
|
+
{"version":3,"file":"route.js","sourceRoot":"","sources":["../../../../src/api/admin/workspaces/route.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAA;AAEpD,MAAM,CAAC,MAAM,GAAG,GAAG,KAAK,EAAE,GAAQ,EAAE,GAAa,EAAE,EAAE;IACnD,MAAM,gBAAgB,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,wBAAwB,CAAQ,CAAA;IAC3E,MAAM,sBAAsB,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,8BAA8B,CAAQ,CAAA;IACvF,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,GAAG,CAAA;IAC5C,MAAM,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;IAE5C,MAAM,KAAK,GAAa,GAAG,CAAC,IAAI,EAAE,KAAK,IAAI,EAAE,CAAA;IAC7C,MAAM,YAAY,GAAG,KAAK,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAA;IAE7E,yFAAyF;IACzF,MAAM,gBAAgB,GAAG,MAAM,sBAAsB,CAAC,sBAAsB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAEzF,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC,GAAG,MAAM,gBAAgB,CAAC,sBAAsB,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAA;QAChG,iEAAiE;QACjE,IAAI,KAAK,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,SAAS,KAAK,MAAM,EAAE,CAAC;YACpE,GAAG,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAA;YAC9C,OAAM;QACR,CAAC;QACD,yDAAyD;QACzD,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,gBAAgB,CAAC,CAAA;QAC3C,MAAM,QAAQ,GAAG,UAAU,CAAC,MAAM,CAChC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,IAAI,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CACjD,CAAA;QACD,GAAG,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,CAAC,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAA;QACzE,OAAM;IACR,CAAC;IAED,+CAA+C;IAC/C,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClC,GAAG,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAA;QACrD,OAAM;IACR,CAAC;IAED,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC,GAAG,MAAM,gBAAgB,CAAC,sBAAsB,CACvE,EAAE,EAAE,EAAE,gBAAgB,EAAE,EACxB,EAAE,KAAK,EAAE,MAAM,EAAE,CAClB,CAAA;IACD,GAAG,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAA;AAChD,CAAC,CAAA;AAED,MAAM,CAAC,MAAM,IAAI,GAAG,KAAK,EAAE,GAAQ,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;IACxE,iBAAiB,CAAC,kBAAkB,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,IAAI,EAAE;QACzD,IAAI,CAAC;YACH,MAAM,gBAAgB,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,wBAAwB,CAAQ,CAAA;YAC3E,MAAM,sBAAsB,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,8BAA8B,CAAQ,CAAA;YACvF,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,GAAG,CAAC,IAAI,CAAA;YAE3C,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAClE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,kBAAkB,EAAE,EAAE,CAAC,CAAA;gBAChE,OAAM;YACR,CAAC;YAED,MAAM,IAAI,GAAG,gBAAgB,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAA;YAEvD,qEAAqE;YACrE,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAA;YACrE,IAAI,QAAQ,EAAE,CAAC;gBACb,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,KAAK,EAAE;wBACL,OAAO,EAAE,sBAAsB,QAAQ,CAAC,IAAI,mBAAmB;wBAC/D,IAAI,EAAE,kBAAkB;wBACxB,SAAS,EAAE,EAAE,EAAE,EAAE,QAAQ,CAAC,EAAE,EAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE;qBACzE;iBACF,CAAC,CAAA;gBACF,OAAM;YACR,CAAC;YAED,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,eAAe,CAAC;gBACvD,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE;gBACjB,IAAI;gBACJ,IAAI,EAAE,IAAI,IAAI,MAAM;gBACpB,UAAU,EAAE,UAAU,IAAI,KAAK;aAChC,CAAC,CAAA;YAEF,gEAAgE;YAChE,IAAI,GAAG,CAAC,IAAI,EAAE,EAAE,EAAE,CAAC;gBACjB,MAAM,sBAAsB,CAAC,YAAY,CAAC,SAAS,CAAC,EAAE,EAAE,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,OAAO,CAAC,CAAA;gBAE7E,mDAAmD;gBACnD,IAAI,CAAC;oBACH,MAAM,cAAc,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,sBAAsB,CAAQ,CAAA;oBACvE,MAAM,WAAW,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAQ,CAAA;oBACjE,MAAM,CAAC,KAAK,CAAC,GAAG,MAAM,cAAc,CAAC,oBAAoB,CAAC,EAAE,IAAI,EAAE,iBAAiB,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,CAAA;oBACrH,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;wBACrB,MAAM,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;oBACzE,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,6CAA6C;gBAC/C,CAAC;YACH,CAAC;YAED,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,CAAC,CAAA;QACrC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,GAAG,CAAC,CAAA;QACX,CAAC;IACH,CAAC,CAAC,CAAA;AACJ,CAAC,CAAA"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"route.d.ts","sourceRoot":"","sources":["../../../../../src/api/auth/invite/[token]/route.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;
|
|
1
|
+
{"version":3,"file":"route.d.ts","sourceRoot":"","sources":["../../../../../src/api/auth/invite/[token]/route.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AAGvC,qGAAqG;AACrG,eAAO,MAAM,GAAG,GAAU,KAAK,GAAG,EAAE,KAAK,QAAQ,kBAsChD,CAAA;AASD;;;GAGG;AACH,eAAO,MAAM,IAAI,GAAU,KAAK,GAAG,EAAE,KAAK,QAAQ,kBA+EjD,CAAA"}
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { z } from "zod";
|
|
2
|
+
import { assignDefaultUserRole } from "../../../utils/assign-default-role.js";
|
|
2
3
|
/** Public endpoint — no auth middleware. Returns invitation + workspace name for the accept page. */
|
|
3
4
|
export const GET = async (req, res) => {
|
|
4
5
|
const invitationService = req.scope.resolve("invitationModuleService");
|
|
@@ -103,23 +104,7 @@ export const POST = async (req, res) => {
|
|
|
103
104
|
const wsRole = invitation.role === "member" ? "member" : "admin";
|
|
104
105
|
await workspaceMemberService.ensureMember(invitation.workspace_id, authResult.user.id, wsRole);
|
|
105
106
|
}
|
|
106
|
-
|
|
107
|
-
const userService = req.scope.resolve("userModuleService");
|
|
108
|
-
if (invitation.app_role_id) {
|
|
109
|
-
await userService.updateUser(authResult.user.id, { app_role_id: invitation.app_role_id });
|
|
110
|
-
}
|
|
111
|
-
else {
|
|
112
|
-
// Default to "User" system role when invitation has no specific app role
|
|
113
|
-
const appRoleService = req.scope.resolve("appRoleModuleService");
|
|
114
|
-
const [userRoles] = await appRoleService.listAndCountAppRoles({ name: "User", is_system: true }, { limit: 1 });
|
|
115
|
-
if (userRoles.length > 0) {
|
|
116
|
-
await userService.updateUser(authResult.user.id, { app_role_id: userRoles[0].id });
|
|
117
|
-
}
|
|
118
|
-
}
|
|
119
|
-
}
|
|
120
|
-
catch {
|
|
121
|
-
// Non-fatal — member joined, just couldn't assign app role
|
|
122
|
-
}
|
|
107
|
+
await assignDefaultUserRole(req, authResult.user.id, invitation.app_role_id);
|
|
123
108
|
await invitationService.updateInvitation(invitation.id, { status: "accepted" });
|
|
124
109
|
res.status(201).json(authResult);
|
|
125
110
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"route.js","sourceRoot":"","sources":["../../../../../src/api/auth/invite/[token]/route.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;
|
|
1
|
+
{"version":3,"file":"route.js","sourceRoot":"","sources":["../../../../../src/api/auth/invite/[token]/route.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AAEvB,OAAO,EAAE,qBAAqB,EAAE,MAAM,uCAAuC,CAAA;AAE7E,qGAAqG;AACrG,MAAM,CAAC,MAAM,GAAG,GAAG,KAAK,EAAE,GAAQ,EAAE,GAAa,EAAE,EAAE;IACnD,MAAM,iBAAiB,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,yBAAyB,CAAQ,CAAA;IAC7E,MAAM,gBAAgB,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,wBAAwB,CAAQ,CAAA;IAE3E,MAAM,CAAC,WAAW,CAAC,GAAG,MAAM,iBAAiB,CAAC,uBAAuB,CACnE,EAAE,KAAK,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,EAC3B,EAAE,KAAK,EAAE,CAAC,EAAE,CACb,CAAA;IACD,MAAM,UAAU,GAAG,WAAW,CAAC,CAAC,CAAC,CAAA;IAEjC,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,sBAAsB,EAAE,EAAE,CAAC,CAAA;QACpE,OAAM;IACR,CAAC;IAED,IAAI,UAAU,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QACpC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,uBAAuB,UAAU,CAAC,MAAM,EAAE,EAAE,EAAE,CAAC,CAAA;QACxF,OAAM;IACR,CAAC;IAED,IAAI,UAAU,CAAC,UAAU,IAAI,IAAI,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;QAC1E,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,4CAA4C,EAAE,EAAE,CAAC,CAAA;QAC1F,OAAM;IACR,CAAC;IAED,MAAM,SAAS,GAAG,UAAU,CAAC,YAAY;QACvC,CAAC,CAAC,MAAM,gBAAgB,CAAC,iBAAiB,CAAC,UAAU,CAAC,YAAY,CAAC;QACnE,CAAC,CAAC,IAAI,CAAA;IAER,GAAG,CAAC,IAAI,CAAC;QACP,UAAU,EAAE;YACV,EAAE,EAAE,UAAU,CAAC,EAAE;YACjB,IAAI,EAAE,UAAU,CAAC,IAAI;YACrB,KAAK,EAAE,UAAU,CAAC,KAAK;YACvB,MAAM,EAAE,UAAU,CAAC,MAAM;SAC1B;QACD,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,SAAS,CAAC,EAAE,EAAE,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI;KAC/F,CAAC,CAAA;AACJ,CAAC,CAAA;AAED,MAAM,YAAY,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5B,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE;IACzB,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,wCAAwC,CAAC;IACrE,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,wBAAwB,CAAC;IACvD,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,uBAAuB,CAAC;CACtD,CAAC,CAAA;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,IAAI,GAAG,KAAK,EAAE,GAAQ,EAAE,GAAa,EAAE,EAAE;IACpD,MAAM,iBAAiB,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,yBAAyB,CAAQ,CAAA;IAC7E,MAAM,WAAW,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAQ,CAAA;IACjE,MAAM,sBAAsB,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,8BAA8B,CAAQ,CAAA;IAEvF,MAAM,CAAC,WAAW,CAAC,GAAG,MAAM,iBAAiB,CAAC,uBAAuB,CACnE,EAAE,KAAK,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,EAC3B,EAAE,KAAK,EAAE,CAAC,EAAE,CACb,CAAA;IACD,MAAM,UAAU,GAAG,WAAW,CAAC,CAAC,CAAC,CAAA;IAEjC,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,sBAAsB,EAAE,EAAE,CAAC,CAAA;QACpE,OAAM;IACR,CAAC;IAED,IAAI,UAAU,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QACpC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,+BAA+B,UAAU,CAAC,MAAM,EAAE,EAAE,EAAE,CAAC,CAAA;QAChG,OAAM;IACR,CAAC;IAED,IAAI,UAAU,CAAC,UAAU,IAAI,IAAI,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;QAC1E,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,4CAA4C,EAAE,EAAE,CAAC,CAAA;QAC1F,OAAM;IACR,CAAC;IAED,MAAM,MAAM,GAAG,YAAY,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;IAC/C,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,kBAAkB,EAAE,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAA;QAC7G,OAAM;IACR,CAAC;IAED,IAAI,UAAU,CAAC,KAAK,IAAI,UAAU,CAAC,KAAK,CAAC,WAAW,EAAE,KAAK,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,EAAE,CAAC;QAC3F,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,KAAK,EAAE,EAAE,OAAO,EAAE,+BAA+B,UAAU,CAAC,KAAK,kCAAkC,EAAE;SACtG,CAAC,CAAA;QACF,OAAM;IACR,CAAC;IAED,IAAI,UAAmD,CAAA;IACvD,IAAI,CAAC;QACH,+DAA+D;QAC/D,wEAAwE;QACxE,MAAM,WAAW,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAQ,CAAA;QACjE,MAAM,YAAY,GAAG,MAAM,WAAW,CAAC,mBAAmB,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QAE7E,IAAI,YAAY,EAAE,UAAU,EAAE,CAAC;YAC7B,mFAAmF;YACnF,UAAU,GAAG,MAAM,WAAW,CAAC,iBAAiB,CAAC,YAAY,CAAC,EAAE,EAAE;gBAChE,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ;gBAC9B,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU;gBAClC,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS;gBAChC,IAAI,EAAE,UAAU,CAAC,IAAI;aACtB,CAAC,CAAA;QACJ,CAAC;aAAM,CAAC;YACN,UAAU,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC;gBACtC,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK;gBACxB,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ;gBAC9B,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU;gBAClC,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS;gBAChC,WAAW,EAAE,UAAU,CAAC,IAAI;aAC7B,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,IAAI,qBAAqB,EAAE,EAAE,CAAC,CAAA;QAChG,OAAM;IACR,CAAC;IAED,IAAI,UAAU,CAAC,YAAY,EAAE,CAAC;QAC5B,mFAAmF;QACnF,MAAM,MAAM,GAAG,UAAU,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAA;QAChE,MAAM,sBAAsB,CAAC,YAAY,CAAC,UAAU,CAAC,YAAY,EAAE,UAAU,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,CAAC,CAAA;IAChG,CAAC;IAED,MAAM,qBAAqB,CAAC,GAAG,EAAE,UAAU,CAAC,IAAI,CAAC,EAAE,EAAE,UAAU,CAAC,WAAW,CAAC,CAAA;IAE5E,MAAM,iBAAiB,CAAC,gBAAgB,CAAC,UAAU,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC,CAAA;IAE/E,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;AAClC,CAAC,CAAA"}
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Assigns the system "User" app-role to a user if no custom role is specified.
|
|
3
|
+
* Non-fatal — silently catches errors (e.g. app-role module not loaded).
|
|
4
|
+
*/
|
|
5
|
+
export declare function assignDefaultUserRole(req: any, userId: string, appRoleId?: string): Promise<void>;
|
|
6
|
+
//# sourceMappingURL=assign-default-role.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"assign-default-role.d.ts","sourceRoot":"","sources":["../../../src/api/utils/assign-default-role.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,wBAAsB,qBAAqB,CAAC,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAevG"}
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Assigns the system "User" app-role to a user if no custom role is specified.
|
|
3
|
+
* Non-fatal — silently catches errors (e.g. app-role module not loaded).
|
|
4
|
+
*/
|
|
5
|
+
export async function assignDefaultUserRole(req, userId, appRoleId) {
|
|
6
|
+
try {
|
|
7
|
+
const userService = req.scope.resolve("userModuleService");
|
|
8
|
+
if (appRoleId) {
|
|
9
|
+
await userService.updateUser(userId, { app_role_id: appRoleId });
|
|
10
|
+
}
|
|
11
|
+
else {
|
|
12
|
+
const appRoleService = req.scope.resolve("appRoleModuleService");
|
|
13
|
+
const [userRoles] = await appRoleService.listAndCountAppRoles({ name: "User", is_system: true }, { limit: 1 });
|
|
14
|
+
if (userRoles.length > 0) {
|
|
15
|
+
await userService.updateUser(userId, { app_role_id: userRoles[0].id });
|
|
16
|
+
}
|
|
17
|
+
}
|
|
18
|
+
}
|
|
19
|
+
catch {
|
|
20
|
+
// Non-fatal — app-role module may not be loaded
|
|
21
|
+
}
|
|
22
|
+
}
|
|
23
|
+
//# sourceMappingURL=assign-default-role.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"assign-default-role.js","sourceRoot":"","sources":["../../../src/api/utils/assign-default-role.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,GAAQ,EAAE,MAAc,EAAE,SAAkB;IACtF,IAAI,CAAC;QACH,MAAM,WAAW,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,mBAAmB,CAAQ,CAAA;QACjE,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,WAAW,CAAC,UAAU,CAAC,MAAM,EAAE,EAAE,WAAW,EAAE,SAAS,EAAE,CAAC,CAAA;QAClE,CAAC;aAAM,CAAC;YACN,MAAM,cAAc,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,sBAAsB,CAAQ,CAAA;YACvE,MAAM,CAAC,SAAS,CAAC,GAAG,MAAM,cAAc,CAAC,oBAAoB,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,CAAA;YAC9G,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACzB,MAAM,WAAW,CAAC,UAAU,CAAC,MAAM,EAAE,EAAE,WAAW,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;YACxE,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,gDAAgD;IAClD,CAAC;AACH,CAAC"}
|
|
@@ -9,4 +9,13 @@ export declare function hasProjectAccess(req: any, project: {
|
|
|
9
9
|
id: string;
|
|
10
10
|
workspace_id: string;
|
|
11
11
|
}): Promise<boolean>;
|
|
12
|
+
/**
|
|
13
|
+
* Resolves project and checks if caller is a project manager, workspace admin, or global admin.
|
|
14
|
+
* Returns null (and sends 404) if project doesn't exist.
|
|
15
|
+
* Returns { project, isAuthorized } otherwise.
|
|
16
|
+
*/
|
|
17
|
+
export declare function resolveProjectAndAccess(req: any, res: import("express").Response): Promise<{
|
|
18
|
+
project: any;
|
|
19
|
+
isAuthorized: boolean;
|
|
20
|
+
} | null>;
|
|
12
21
|
//# sourceMappingURL=project-access.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"project-access.d.ts","sourceRoot":"","sources":["../../../src/api/utils/project-access.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,wBAAsB,gBAAgB,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE;IAAE,EAAE,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,OAAO,CAAC,CAgBhH"}
|
|
1
|
+
{"version":3,"file":"project-access.d.ts","sourceRoot":"","sources":["../../../src/api/utils/project-access.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,wBAAsB,gBAAgB,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE;IAAE,EAAE,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,OAAO,CAAC,CAgBhH;AAED;;;;GAIG;AACH,wBAAsB,uBAAuB,CAC3C,GAAG,EAAE,GAAG,EACR,GAAG,EAAE,OAAO,SAAS,EAAE,QAAQ,GAC9B,OAAO,CAAC;IAAE,OAAO,EAAE,GAAG,CAAC;IAAC,YAAY,EAAE,OAAO,CAAA;CAAE,GAAG,IAAI,CAAC,CAsBzD"}
|
|
@@ -22,4 +22,31 @@ export async function hasProjectAccess(req, project) {
|
|
|
22
22
|
const accessibleProjectIds = await projectMemberService.getAccessibleProjectIds(userId, userTeamIds);
|
|
23
23
|
return accessibleProjectIds.includes(project.id);
|
|
24
24
|
}
|
|
25
|
+
/**
|
|
26
|
+
* Resolves project and checks if caller is a project manager, workspace admin, or global admin.
|
|
27
|
+
* Returns null (and sends 404) if project doesn't exist.
|
|
28
|
+
* Returns { project, isAuthorized } otherwise.
|
|
29
|
+
*/
|
|
30
|
+
export async function resolveProjectAndAccess(req, res) {
|
|
31
|
+
const projectService = req.scope.resolve("projectModuleService");
|
|
32
|
+
const project = await projectService.retrieveProject(req.params.id).catch(() => null);
|
|
33
|
+
if (!project) {
|
|
34
|
+
res.status(404).json({ error: { message: "Project not found" } });
|
|
35
|
+
return null;
|
|
36
|
+
}
|
|
37
|
+
const roles = req.user?.roles ?? [];
|
|
38
|
+
const isGlobalAdmin = roles.includes("super-admin") || roles.includes("admin");
|
|
39
|
+
if (isGlobalAdmin)
|
|
40
|
+
return { project, isAuthorized: true };
|
|
41
|
+
const workspaceMemberService = req.scope.resolve("workspaceMemberModuleService");
|
|
42
|
+
const wsMembership = await workspaceMemberService.getMembership(project.workspace_id, req.user?.id);
|
|
43
|
+
if (wsMembership?.role === "admin")
|
|
44
|
+
return { project, isAuthorized: true };
|
|
45
|
+
const projectMemberService = req.scope.resolve("projectMemberModuleService");
|
|
46
|
+
const members = await projectMemberService.listProjectMembers(project.id);
|
|
47
|
+
const myMembership = members.find((m) => m.user_id === req.user?.id);
|
|
48
|
+
if (myMembership?.role === "manager")
|
|
49
|
+
return { project, isAuthorized: true };
|
|
50
|
+
return { project, isAuthorized: false };
|
|
51
|
+
}
|
|
25
52
|
//# sourceMappingURL=project-access.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"project-access.js","sourceRoot":"","sources":["../../../src/api/utils/project-access.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,GAAQ,EAAE,OAA6C;IAC5F,MAAM,KAAK,GAAa,GAAG,CAAC,IAAI,EAAE,KAAK,IAAI,EAAE,CAAA;IAC7C,IAAI,KAAK,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAA;IAEzE,MAAM,sBAAsB,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,8BAA8B,CAAQ,CAAA;IACvF,MAAM,iBAAiB,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,yBAAyB,CAAQ,CAAA;IAC7E,MAAM,oBAAoB,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,4BAA4B,CAAQ,CAAA;IACnF,MAAM,MAAM,GAAG,GAAG,CAAC,IAAI,EAAE,EAAE,CAAA;IAE3B,MAAM,UAAU,GAAG,MAAM,sBAAsB,CAAC,aAAa,CAAC,OAAO,CAAC,YAAY,EAAE,MAAM,CAAC,CAAA;IAC3F,IAAI,CAAC,UAAU;QAAE,OAAO,KAAK,CAAA;IAC7B,IAAI,UAAU,CAAC,IAAI,KAAK,OAAO;QAAE,OAAO,IAAI,CAAA;IAE5C,MAAM,WAAW,GAAG,MAAM,iBAAiB,CAAC,cAAc,CAAC,MAAM,CAAC,CAAA;IAClE,MAAM,oBAAoB,GAAG,MAAM,oBAAoB,CAAC,uBAAuB,CAAC,MAAM,EAAE,WAAW,CAAC,CAAA;IACpG,OAAO,oBAAoB,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;AAClD,CAAC"}
|
|
1
|
+
{"version":3,"file":"project-access.js","sourceRoot":"","sources":["../../../src/api/utils/project-access.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,GAAQ,EAAE,OAA6C;IAC5F,MAAM,KAAK,GAAa,GAAG,CAAC,IAAI,EAAE,KAAK,IAAI,EAAE,CAAA;IAC7C,IAAI,KAAK,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,OAAO,IAAI,CAAA;IAEzE,MAAM,sBAAsB,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,8BAA8B,CAAQ,CAAA;IACvF,MAAM,iBAAiB,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,yBAAyB,CAAQ,CAAA;IAC7E,MAAM,oBAAoB,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,4BAA4B,CAAQ,CAAA;IACnF,MAAM,MAAM,GAAG,GAAG,CAAC,IAAI,EAAE,EAAE,CAAA;IAE3B,MAAM,UAAU,GAAG,MAAM,sBAAsB,CAAC,aAAa,CAAC,OAAO,CAAC,YAAY,EAAE,MAAM,CAAC,CAAA;IAC3F,IAAI,CAAC,UAAU;QAAE,OAAO,KAAK,CAAA;IAC7B,IAAI,UAAU,CAAC,IAAI,KAAK,OAAO;QAAE,OAAO,IAAI,CAAA;IAE5C,MAAM,WAAW,GAAG,MAAM,iBAAiB,CAAC,cAAc,CAAC,MAAM,CAAC,CAAA;IAClE,MAAM,oBAAoB,GAAG,MAAM,oBAAoB,CAAC,uBAAuB,CAAC,MAAM,EAAE,WAAW,CAAC,CAAA;IACpG,OAAO,oBAAoB,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;AAClD,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,GAAQ,EACR,GAA+B;IAE/B,MAAM,cAAc,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,sBAAsB,CAAQ,CAAA;IACvE,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAA;IACrF,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,mBAAmB,EAAE,EAAE,CAAC,CAAA;QACjE,OAAO,IAAI,CAAA;IACb,CAAC;IAED,MAAM,KAAK,GAAa,GAAG,CAAC,IAAI,EAAE,KAAK,IAAI,EAAE,CAAA;IAC7C,MAAM,aAAa,GAAG,KAAK,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAA;IAC9E,IAAI,aAAa;QAAE,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,CAAA;IAEzD,MAAM,sBAAsB,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,8BAA8B,CAAQ,CAAA;IACvF,MAAM,YAAY,GAAG,MAAM,sBAAsB,CAAC,aAAa,CAAC,OAAO,CAAC,YAAY,EAAE,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,CAAA;IACnG,IAAI,YAAY,EAAE,IAAI,KAAK,OAAO;QAAE,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,CAAA;IAE1E,MAAM,oBAAoB,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,4BAA4B,CAAQ,CAAA;IACnF,MAAM,OAAO,GAAG,MAAM,oBAAoB,CAAC,kBAAkB,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;IACzE,MAAM,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,CAAA;IACzE,IAAI,YAAY,EAAE,IAAI,KAAK,SAAS;QAAE,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,CAAA;IAE5E,OAAO,EAAE,OAAO,EAAE,YAAY,EAAE,KAAK,EAAE,CAAA;AACzC,CAAC"}
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
import type { Response } from "express";
|
|
2
|
+
/**
|
|
3
|
+
* Shared workspace access check. Verifies the workspace exists and the caller
|
|
4
|
+
* has access (public workspace for admins, or membership for private/members).
|
|
5
|
+
*/
|
|
6
|
+
export declare function assertWorkspaceAccess(req: any, res: Response): Promise<boolean>;
|
|
7
|
+
/**
|
|
8
|
+
* Stricter workspace access check — requires workspace admin role (not just member).
|
|
9
|
+
*/
|
|
10
|
+
export declare function assertWorkspaceAdmin(req: any, res: Response): Promise<boolean>;
|
|
11
|
+
export declare function isSuperAdminOrgScope(req: any): boolean;
|
|
12
|
+
/**
|
|
13
|
+
* Returns workspace IDs the caller can access (public + private where member).
|
|
14
|
+
* If wsIdHints are provided, only those workspaces are checked; otherwise all are fetched.
|
|
15
|
+
*/
|
|
16
|
+
export declare function getAccessibleWorkspaceIds(req: any, wsIdHints?: string[]): Promise<string[]>;
|
|
17
|
+
//# sourceMappingURL=workspace-access.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"workspace-access.d.ts","sourceRoot":"","sources":["../../../src/api/utils/workspace-access.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AAEvC;;;GAGG;AACH,wBAAsB,qBAAqB,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,CAqBrF;AAED;;GAEG;AACH,wBAAsB,oBAAoB,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,CAoBpF;AAED,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAGtD;AAED;;;GAGG;AACH,wBAAsB,yBAAyB,CAAC,GAAG,EAAE,GAAG,EAAE,SAAS,CAAC,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAqBjG"}
|
|
@@ -0,0 +1,72 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Shared workspace access check. Verifies the workspace exists and the caller
|
|
3
|
+
* has access (public workspace for admins, or membership for private/members).
|
|
4
|
+
*/
|
|
5
|
+
export async function assertWorkspaceAccess(req, res) {
|
|
6
|
+
const workspaceService = req.scope.resolve("workspaceModuleService");
|
|
7
|
+
const workspaceMemberService = req.scope.resolve("workspaceMemberModuleService");
|
|
8
|
+
const workspace = await workspaceService.retrieveWorkspace(req.params.id).catch(() => null);
|
|
9
|
+
if (!workspace) {
|
|
10
|
+
res.status(404).json({ error: { message: "Workspace not found" } });
|
|
11
|
+
return false;
|
|
12
|
+
}
|
|
13
|
+
const roles = req.user?.roles ?? [];
|
|
14
|
+
const isPrivileged = roles.includes("super-admin") || roles.includes("admin");
|
|
15
|
+
if (workspace.is_private || !isPrivileged) {
|
|
16
|
+
const membership = await workspaceMemberService.getMembership(req.params.id, req.user?.id);
|
|
17
|
+
if (!membership) {
|
|
18
|
+
res.status(403).json({ error: { message: "Forbidden — not a member of this workspace" } });
|
|
19
|
+
return false;
|
|
20
|
+
}
|
|
21
|
+
}
|
|
22
|
+
return true;
|
|
23
|
+
}
|
|
24
|
+
/**
|
|
25
|
+
* Stricter workspace access check — requires workspace admin role (not just member).
|
|
26
|
+
*/
|
|
27
|
+
export async function assertWorkspaceAdmin(req, res) {
|
|
28
|
+
const workspaceService = req.scope.resolve("workspaceModuleService");
|
|
29
|
+
const workspaceMemberService = req.scope.resolve("workspaceMemberModuleService");
|
|
30
|
+
const workspace = await workspaceService.retrieveWorkspace(req.params.id).catch(() => null);
|
|
31
|
+
if (!workspace) {
|
|
32
|
+
res.status(404).json({ error: { message: "Workspace not found" } });
|
|
33
|
+
return false;
|
|
34
|
+
}
|
|
35
|
+
const roles = req.user?.roles ?? [];
|
|
36
|
+
const isGlobalAdmin = roles.includes("super-admin") || roles.includes("admin");
|
|
37
|
+
if (isGlobalAdmin)
|
|
38
|
+
return true;
|
|
39
|
+
const membership = await workspaceMemberService.getMembership(req.params.id, req.user?.id);
|
|
40
|
+
if (!membership || membership.role !== "admin") {
|
|
41
|
+
res.status(403).json({ error: { message: "Workspace admin access required" } });
|
|
42
|
+
return false;
|
|
43
|
+
}
|
|
44
|
+
return true;
|
|
45
|
+
}
|
|
46
|
+
export function isSuperAdminOrgScope(req) {
|
|
47
|
+
const roles = req.user?.roles ?? [];
|
|
48
|
+
return roles.includes("super-admin") && req.query.org_scope === "true";
|
|
49
|
+
}
|
|
50
|
+
/**
|
|
51
|
+
* Returns workspace IDs the caller can access (public + private where member).
|
|
52
|
+
* If wsIdHints are provided, only those workspaces are checked; otherwise all are fetched.
|
|
53
|
+
*/
|
|
54
|
+
export async function getAccessibleWorkspaceIds(req, wsIdHints) {
|
|
55
|
+
const workspaceService = req.scope.resolve("workspaceModuleService");
|
|
56
|
+
const workspaceMemberService = req.scope.resolve("workspaceMemberModuleService");
|
|
57
|
+
const userId = req.user?.id;
|
|
58
|
+
let workspaces;
|
|
59
|
+
if (wsIdHints && wsIdHints.length > 0) {
|
|
60
|
+
const [ws] = await workspaceService.listAndCountWorkspaces({ id: wsIdHints.length === 1 ? wsIdHints[0] : wsIdHints }, { limit: wsIdHints.length });
|
|
61
|
+
workspaces = ws;
|
|
62
|
+
}
|
|
63
|
+
else {
|
|
64
|
+
const [all] = await workspaceService.listAndCountWorkspaces({}, { limit: 1000 });
|
|
65
|
+
workspaces = all;
|
|
66
|
+
}
|
|
67
|
+
const memberWsIds = new Set(await workspaceMemberService.getWorkspaceIdsForUser(userId));
|
|
68
|
+
return workspaces
|
|
69
|
+
.filter((ws) => !ws.is_private || memberWsIds.has(ws.id))
|
|
70
|
+
.map((ws) => ws.id);
|
|
71
|
+
}
|
|
72
|
+
//# sourceMappingURL=workspace-access.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"workspace-access.js","sourceRoot":"","sources":["../../../src/api/utils/workspace-access.ts"],"names":[],"mappings":"AAEA;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,GAAQ,EAAE,GAAa;IACjE,MAAM,gBAAgB,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,wBAAwB,CAAQ,CAAA;IAC3E,MAAM,sBAAsB,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,8BAA8B,CAAQ,CAAA;IAEvF,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,iBAAiB,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAA;IAC3F,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,qBAAqB,EAAE,EAAE,CAAC,CAAA;QACnE,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,KAAK,GAAa,GAAG,CAAC,IAAI,EAAE,KAAK,IAAI,EAAE,CAAA;IAC7C,MAAM,YAAY,GAAG,KAAK,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAA;IAE7E,IAAI,SAAS,CAAC,UAAU,IAAI,CAAC,YAAY,EAAE,CAAC;QAC1C,MAAM,UAAU,GAAG,MAAM,sBAAsB,CAAC,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,CAAA;QAC1F,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,4CAA4C,EAAE,EAAE,CAAC,CAAA;YAC1F,OAAO,KAAK,CAAA;QACd,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAA;AACb,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,GAAQ,EAAE,GAAa;IAChE,MAAM,gBAAgB,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,wBAAwB,CAAQ,CAAA;IAC3E,MAAM,sBAAsB,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,8BAA8B,CAAQ,CAAA;IAEvF,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,iBAAiB,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAA;IAC3F,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,qBAAqB,EAAE,EAAE,CAAC,CAAA;QACnE,OAAO,KAAK,CAAA;IACd,CAAC;IAED,MAAM,KAAK,GAAa,GAAG,CAAC,IAAI,EAAE,KAAK,IAAI,EAAE,CAAA;IAC7C,MAAM,aAAa,GAAG,KAAK,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAA;IAC9E,IAAI,aAAa;QAAE,OAAO,IAAI,CAAA;IAE9B,MAAM,UAAU,GAAG,MAAM,sBAAsB,CAAC,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,CAAA;IAC1F,IAAI,CAAC,UAAU,IAAI,UAAU,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QAC/C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,iCAAiC,EAAE,EAAE,CAAC,CAAA;QAC/E,OAAO,KAAK,CAAA;IACd,CAAC;IACD,OAAO,IAAI,CAAA;AACb,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,GAAQ;IAC3C,MAAM,KAAK,GAAa,GAAG,CAAC,IAAI,EAAE,KAAK,IAAI,EAAE,CAAA;IAC7C,OAAO,KAAK,CAAC,QAAQ,CAAC,aAAa,CAAC,IAAI,GAAG,CAAC,KAAK,CAAC,SAAS,KAAK,MAAM,CAAA;AACxE,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAAC,GAAQ,EAAE,SAAoB;IAC5E,MAAM,gBAAgB,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,wBAAwB,CAAQ,CAAA;IAC3E,MAAM,sBAAsB,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,8BAA8B,CAAQ,CAAA;IACvF,MAAM,MAAM,GAAW,GAAG,CAAC,IAAI,EAAE,EAAE,CAAA;IAEnC,IAAI,UAAiB,CAAA;IACrB,IAAI,SAAS,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtC,MAAM,CAAC,EAAE,CAAC,GAAG,MAAM,gBAAgB,CAAC,sBAAsB,CACxD,EAAE,EAAE,EAAE,SAAS,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,EAAE,EACzD,EAAE,KAAK,EAAE,SAAS,CAAC,MAAM,EAAE,CAC5B,CAAA;QACD,UAAU,GAAG,EAAE,CAAA;IACjB,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,GAAG,CAAC,GAAG,MAAM,gBAAgB,CAAC,sBAAsB,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAA;QAChF,UAAU,GAAG,GAAG,CAAA;IAClB,CAAC;IAED,MAAM,WAAW,GAAG,IAAI,GAAG,CAAS,MAAM,sBAAsB,CAAC,sBAAsB,CAAC,MAAM,CAAC,CAAC,CAAA;IAChG,OAAO,UAAU;SACd,MAAM,CAAC,CAAC,EAAO,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,UAAU,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;SAC7D,GAAG,CAAC,CAAC,EAAO,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAA;AAC5B,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@meridianjs/meridian",
|
|
3
|
-
"version": "2.
|
|
3
|
+
"version": "2.2.0",
|
|
4
4
|
"description": "Default API routes, workflows, links, and subscribers for Meridian applications",
|
|
5
5
|
"main": "./dist/index.js",
|
|
6
6
|
"module": "./dist/index.js",
|
|
@@ -20,13 +20,13 @@
|
|
|
20
20
|
"prepublishOnly": "cd ../.. && npm run check:routes && cd packages/meridian && npm run build"
|
|
21
21
|
},
|
|
22
22
|
"dependencies": {
|
|
23
|
-
"@meridianjs/framework": "^2.
|
|
24
|
-
"@meridianjs/framework-utils": "^2.
|
|
25
|
-
"@meridianjs/workflow-engine": "^2.
|
|
26
|
-
"@meridianjs/types": "^2.
|
|
23
|
+
"@meridianjs/framework": "^2.2.0",
|
|
24
|
+
"@meridianjs/framework-utils": "^2.2.0",
|
|
25
|
+
"@meridianjs/workflow-engine": "^2.2.0",
|
|
26
|
+
"@meridianjs/types": "^2.2.0",
|
|
27
27
|
"@meridianjs/user": "^2.0.0",
|
|
28
28
|
"@meridianjs/workspace": "^1.2.1",
|
|
29
|
-
"@meridianjs/auth": "^2.
|
|
29
|
+
"@meridianjs/auth": "^2.2.0",
|
|
30
30
|
"@meridianjs/project": "^2.0.0",
|
|
31
31
|
"@meridianjs/issue": "^2.0.0",
|
|
32
32
|
"@meridianjs/sprint": "^1.0.1",
|