@nu-art/permissions-backend 0.400.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/PermissionKey_BE.d.ts +13 -0
- package/PermissionKey_BE.js +48 -0
- package/_entity/permission-access-level/ModuleBE_PermissionAccessLevelDB.d.ts +18 -0
- package/_entity/permission-access-level/ModuleBE_PermissionAccessLevelDB.js +55 -0
- package/_entity/permission-access-level/index.d.ts +2 -0
- package/_entity/permission-access-level/index.js +2 -0
- package/_entity/permission-access-level/module-pack.d.ts +1 -0
- package/_entity/permission-access-level/module-pack.js +3 -0
- package/_entity/permission-api/ModuleBE_PermissionAPIDB.d.ts +12 -0
- package/_entity/permission-api/ModuleBE_PermissionAPIDB.js +62 -0
- package/_entity/permission-api/index.d.ts +2 -0
- package/_entity/permission-api/index.js +2 -0
- package/_entity/permission-api/module-pack.d.ts +1 -0
- package/_entity/permission-api/module-pack.js +3 -0
- package/_entity/permission-domain/ModuleBE_PermissionDomainDB.d.ts +15 -0
- package/_entity/permission-domain/ModuleBE_PermissionDomainDB.js +25 -0
- package/_entity/permission-domain/index.d.ts +2 -0
- package/_entity/permission-domain/index.js +2 -0
- package/_entity/permission-domain/module-pack.d.ts +1 -0
- package/_entity/permission-domain/module-pack.js +3 -0
- package/_entity/permission-group/ModuleBE_PermissionGroupDB.d.ts +14 -0
- package/_entity/permission-group/ModuleBE_PermissionGroupDB.js +62 -0
- package/_entity/permission-group/index.d.ts +2 -0
- package/_entity/permission-group/index.js +2 -0
- package/_entity/permission-group/module-pack.d.ts +1 -0
- package/_entity/permission-group/module-pack.js +3 -0
- package/_entity/permission-project/ModuleBE_PermissionProjectDB.d.ts +10 -0
- package/_entity/permission-project/ModuleBE_PermissionProjectDB.js +12 -0
- package/_entity/permission-project/index.d.ts +2 -0
- package/_entity/permission-project/index.js +2 -0
- package/_entity/permission-project/module-pack.d.ts +1 -0
- package/_entity/permission-project/module-pack.js +3 -0
- package/_entity/permission-user/ModuleBE_PermissionUserAPI.d.ts +8 -0
- package/_entity/permission-user/ModuleBE_PermissionUserAPI.js +13 -0
- package/_entity/permission-user/ModuleBE_PermissionUserDB.d.ts +36 -0
- package/_entity/permission-user/ModuleBE_PermissionUserDB.js +222 -0
- package/_entity/permission-user/index.d.ts +3 -0
- package/_entity/permission-user/index.js +3 -0
- package/_entity/permission-user/module-pack.d.ts +2 -0
- package/_entity/permission-user/module-pack.js +3 -0
- package/_entity.d.ts +12 -0
- package/_entity.js +18 -0
- package/consts.d.ts +7 -0
- package/consts.js +5 -0
- package/core/module-pack.d.ts +3 -0
- package/core/module-pack.js +32 -0
- package/core/utils.d.ts +25 -0
- package/core/utils.js +85 -0
- package/index.d.ts +4 -0
- package/index.js +22 -0
- package/modules/ModuleBE_Permissions.d.ts +77 -0
- package/modules/ModuleBE_Permissions.js +357 -0
- package/modules/ModuleBE_PermissionsAssert.d.ts +48 -0
- package/modules/ModuleBE_PermissionsAssert.js +242 -0
- package/modules/consts.d.ts +11 -0
- package/modules/consts.js +29 -0
- package/modules/index.d.ts +1 -0
- package/modules/index.js +19 -0
- package/package.json +85 -0
- package/permissions.d.ts +22 -0
- package/permissions.js +154 -0
- package/shared.d.ts +1 -0
- package/shared.js +19 -0
- package/types.d.ts +28 -0
- package/types.js +1 -0
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import { TypedKeyValue } from '@nu-art/ts-common';
|
|
2
|
+
import { AppConfigKey_BE } from '@nu-art/thunderstorm-backend';
|
|
3
|
+
import { DB_PermissionKeyData } from '@nu-art/permissions-shared';
|
|
4
|
+
type Resolver = () => Promise<DB_PermissionKeyData>;
|
|
5
|
+
export declare class PermissionKey_BE<K extends string> extends AppConfigKey_BE<TypedKeyValue<K, DB_PermissionKeyData>> {
|
|
6
|
+
static _resolver: Resolver;
|
|
7
|
+
static buildData: (data: DB_PermissionKeyData) => Promise<DB_PermissionKeyData>;
|
|
8
|
+
constructor(key: K, initialDataResolver?: Resolver);
|
|
9
|
+
set(value: DB_PermissionKeyData): Promise<void>;
|
|
10
|
+
}
|
|
11
|
+
export declare const defaultValueResolverV2: (domainId: string, accessLevelName: string) => Promise<DB_PermissionKeyData>;
|
|
12
|
+
export declare const defaultValueResolver: (domainNamespace: string, accessLevelValue: number) => Promise<DB_PermissionKeyData>;
|
|
13
|
+
export {};
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
import { filterInstances } from '@nu-art/ts-common';
|
|
2
|
+
import { ModuleBE_PermissionAccessLevelDB, ModuleBE_PermissionDomainDB } from './_entity.js';
|
|
3
|
+
import { AppConfigKey_BE, ModuleBE_AppConfigDB } from '@nu-art/thunderstorm-backend';
|
|
4
|
+
import { Const_PermissionKeyType } from '@nu-art/permissions-shared';
|
|
5
|
+
export class PermissionKey_BE extends AppConfigKey_BE {
|
|
6
|
+
static _resolver = async () => {
|
|
7
|
+
return { type: Const_PermissionKeyType, accessLevelIds: [], _accessLevels: {} };
|
|
8
|
+
};
|
|
9
|
+
static buildData = async (data) => {
|
|
10
|
+
ModuleBE_AppConfigDB.logVerbose('**************** Building Data ****************');
|
|
11
|
+
const accessLevels = filterInstances(await ModuleBE_PermissionAccessLevelDB.query.all(data.accessLevelIds));
|
|
12
|
+
const _data = {
|
|
13
|
+
type: 'permission-key',
|
|
14
|
+
accessLevelIds: data.accessLevelIds,
|
|
15
|
+
_accessLevels: accessLevels.reduce((acc, level) => {
|
|
16
|
+
acc[level.domainId] = level.value;
|
|
17
|
+
return acc;
|
|
18
|
+
}, {})
|
|
19
|
+
};
|
|
20
|
+
ModuleBE_AppConfigDB.logVerbose('**************** Data ****************');
|
|
21
|
+
ModuleBE_AppConfigDB.logVerbose(_data);
|
|
22
|
+
return _data;
|
|
23
|
+
};
|
|
24
|
+
constructor(key, initialDataResolver) {
|
|
25
|
+
super(key, initialDataResolver ?? PermissionKey_BE._resolver, PermissionKey_BE.buildData);
|
|
26
|
+
}
|
|
27
|
+
async set(value) {
|
|
28
|
+
const dbValue = await PermissionKey_BE.buildData(value);
|
|
29
|
+
await super.set(dbValue);
|
|
30
|
+
}
|
|
31
|
+
}
|
|
32
|
+
export const defaultValueResolverV2 = async (domainId, accessLevelName) => {
|
|
33
|
+
const accessLevel = await ModuleBE_PermissionAccessLevelDB.query.uniqueCustom({ where: { domainId, name: accessLevelName } });
|
|
34
|
+
return {
|
|
35
|
+
type: Const_PermissionKeyType,
|
|
36
|
+
accessLevelIds: [accessLevel._id],
|
|
37
|
+
_accessLevels: { [accessLevel._id]: accessLevel.value }
|
|
38
|
+
};
|
|
39
|
+
};
|
|
40
|
+
export const defaultValueResolver = async (domainNamespace, accessLevelValue) => {
|
|
41
|
+
const domain = await ModuleBE_PermissionDomainDB.query.uniqueCustom({ where: { namespace: domainNamespace } });
|
|
42
|
+
const accessLevel = await ModuleBE_PermissionAccessLevelDB.query.uniqueCustom({ where: { domainId: domain._id, value: accessLevelValue } });
|
|
43
|
+
return {
|
|
44
|
+
type: Const_PermissionKeyType,
|
|
45
|
+
accessLevelIds: [accessLevel._id],
|
|
46
|
+
_accessLevels: { [accessLevel._id]: accessLevel.value }
|
|
47
|
+
};
|
|
48
|
+
};
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
import { DBApiConfigV3, ModuleBE_BaseDB } from '@nu-art/thunderstorm-backend';
|
|
2
|
+
import { Clause_Where } from '@nu-art/firebase-shared';
|
|
3
|
+
import { FirestoreTransaction } from '@nu-art/firebase-backend';
|
|
4
|
+
import { Transaction } from 'firebase-admin/firestore';
|
|
5
|
+
import { CollectionActionType, PostWriteProcessingData } from '@nu-art/firebase-backend/firestore-v3/FirestoreCollectionV3';
|
|
6
|
+
import { DB_PermissionAccessLevel, DBProto_PermissionAccessLevel } from '@nu-art/permissions-shared';
|
|
7
|
+
type Config = DBApiConfigV3<DBProto_PermissionAccessLevel> & {};
|
|
8
|
+
export declare class ModuleBE_PermissionAccessLevelDB_Class extends ModuleBE_BaseDB<DBProto_PermissionAccessLevel, Config> {
|
|
9
|
+
constructor();
|
|
10
|
+
protected internalFilter(item: DB_PermissionAccessLevel): Clause_Where<DB_PermissionAccessLevel>[];
|
|
11
|
+
protected preWriteProcessing(dbInstance: DB_PermissionAccessLevel, originalDbInstance: DBProto_PermissionAccessLevel['dbType'], transaction?: Transaction): Promise<void>;
|
|
12
|
+
protected postWriteProcessing(data: PostWriteProcessingData<DBProto_PermissionAccessLevel>, actionType: CollectionActionType, transaction?: Transaction): Promise<void>;
|
|
13
|
+
protected assertDeletion(transaction: FirestoreTransaction, dbInstance: DB_PermissionAccessLevel): Promise<void>;
|
|
14
|
+
private upgrade_100_101;
|
|
15
|
+
}
|
|
16
|
+
export declare const ModuleBE_PermissionAccessLevelDB: ModuleBE_PermissionAccessLevelDB_Class;
|
|
17
|
+
export declare function checkDuplicateLevelsDomain(levels: DB_PermissionAccessLevel[]): void;
|
|
18
|
+
export {};
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
import { ModuleBE_BaseDB, } from '@nu-art/thunderstorm-backend';
|
|
2
|
+
import { ApiException, batchActionParallel, dbObjectToId, filterDuplicates } from '@nu-art/ts-common';
|
|
3
|
+
import { MemKey_AccountId } from '@nu-art/user-account-backend';
|
|
4
|
+
import { ModuleBE_PermissionAPIDB } from '../permission-api/index.js';
|
|
5
|
+
import { ModuleBE_PermissionDomainDB } from '../permission-domain/index.js';
|
|
6
|
+
import { ModuleBE_PermissionGroupDB } from '../permission-group/index.js';
|
|
7
|
+
import { DBDef_PermissionAccessLevel } from '@nu-art/permissions-shared';
|
|
8
|
+
export class ModuleBE_PermissionAccessLevelDB_Class extends ModuleBE_BaseDB {
|
|
9
|
+
constructor() {
|
|
10
|
+
super(DBDef_PermissionAccessLevel);
|
|
11
|
+
this.registerVersionUpgradeProcessor('1.0.0', this.upgrade_100_101);
|
|
12
|
+
}
|
|
13
|
+
internalFilter(item) {
|
|
14
|
+
const { domainId, name, value } = item;
|
|
15
|
+
return [{ domainId, name }, { domainId, value }];
|
|
16
|
+
}
|
|
17
|
+
async preWriteProcessing(dbInstance, originalDbInstance, transaction) {
|
|
18
|
+
await ModuleBE_PermissionDomainDB.query.uniqueAssert(dbInstance.domainId);
|
|
19
|
+
dbInstance._auditorId = MemKey_AccountId.get();
|
|
20
|
+
}
|
|
21
|
+
async postWriteProcessing(data, actionType, transaction) {
|
|
22
|
+
const deleted = data.deleted ? (Array.isArray(data.deleted) ? data.deleted : [data.deleted]) : [];
|
|
23
|
+
const updated = data.updated ? (Array.isArray(data.updated) ? data.updated : [data.updated]) : [];
|
|
24
|
+
//Collect all apis that hold an access level id in the levels that have changed
|
|
25
|
+
const deletedIds = deleted.map(dbObjectToId);
|
|
26
|
+
const levelIds = [...deletedIds, ...updated.map(dbObjectToId)];
|
|
27
|
+
const _connectedApis = await batchActionParallel(levelIds, 10, async (ids) => await ModuleBE_PermissionAPIDB.query.custom({ where: { accessLevelIds: { $aca: ids } } }));
|
|
28
|
+
const connectedApis = filterDuplicates(_connectedApis, api => api._id);
|
|
29
|
+
deletedIds.forEach(id => {
|
|
30
|
+
//For each deleted level remove it from any api that held it
|
|
31
|
+
connectedApis.forEach(api => {
|
|
32
|
+
api.accessLevelIds = api.accessLevelIds?.filter(i => i !== id);
|
|
33
|
+
});
|
|
34
|
+
});
|
|
35
|
+
//Send all apis to upsert so their _accessLevels update
|
|
36
|
+
await ModuleBE_PermissionAPIDB.set.all(connectedApis);
|
|
37
|
+
return super.postWriteProcessing(data, actionType, transaction);
|
|
38
|
+
}
|
|
39
|
+
async assertDeletion(transaction, dbInstance) {
|
|
40
|
+
const groups = await ModuleBE_PermissionGroupDB.query.custom({ where: { accessLevelIds: { $ac: dbInstance._id } } });
|
|
41
|
+
const apis = await ModuleBE_PermissionAPIDB.query.custom({ where: { accessLevelIds: { $ac: dbInstance._id } } });
|
|
42
|
+
if (groups.length || apis.length)
|
|
43
|
+
throw new ApiException(403, 'You trying delete access level that associated with users/groups/apis, you need delete the associations first');
|
|
44
|
+
}
|
|
45
|
+
upgrade_100_101 = async (items) => {
|
|
46
|
+
items.forEach(accessLevel => accessLevel.uiLabel = accessLevel.name);
|
|
47
|
+
};
|
|
48
|
+
}
|
|
49
|
+
export const ModuleBE_PermissionAccessLevelDB = new ModuleBE_PermissionAccessLevelDB_Class();
|
|
50
|
+
export function checkDuplicateLevelsDomain(levels) {
|
|
51
|
+
const domainIds = levels.map(level => level.domainId);
|
|
52
|
+
const filteredDomainIds = filterDuplicates(domainIds);
|
|
53
|
+
if (filteredDomainIds.length !== domainIds.length)
|
|
54
|
+
throw new ApiException(422, 'You trying test-add-data duplicate accessLevel with the same domain');
|
|
55
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export declare const ModulePackBE_PermissionAccessLevel: (import("./ModuleBE_PermissionAccessLevelDB.js").ModuleBE_PermissionAccessLevelDB_Class | import("@nu-art/thunderstorm-backend").ModuleBE_BaseApi_Class<import("@nu-art/permissions-shared").DBProto_PermissionAccessLevel>)[];
|
|
@@ -0,0 +1,3 @@
|
|
|
1
|
+
import { createApisForDBModuleV3 } from '@nu-art/thunderstorm-backend';
|
|
2
|
+
import { ModuleBE_PermissionAccessLevelDB } from './ModuleBE_PermissionAccessLevelDB.js';
|
|
3
|
+
export const ModulePackBE_PermissionAccessLevel = [ModuleBE_PermissionAccessLevelDB, createApisForDBModuleV3(ModuleBE_PermissionAccessLevelDB)];
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import { DBApiConfigV3, ModuleBE_BaseDB, ServerApi } from '@nu-art/thunderstorm-backend';
|
|
2
|
+
import { DB_PermissionAPI, DBProto_PermissionAPI } from '@nu-art/permissions-shared';
|
|
3
|
+
import { Transaction } from 'firebase-admin/firestore';
|
|
4
|
+
type Config = DBApiConfigV3<DBProto_PermissionAPI> & {};
|
|
5
|
+
export declare class ModuleBE_PermissionAPIDB_Class extends ModuleBE_BaseDB<DBProto_PermissionAPI, Config> {
|
|
6
|
+
constructor();
|
|
7
|
+
protected preWriteProcessing(instance: DB_PermissionAPI, originalDbInstance: DBProto_PermissionAPI['dbType'], t?: Transaction): Promise<void>;
|
|
8
|
+
registerApis(projectId: string, routes: string[]): Promise<DB_PermissionAPI[]>;
|
|
9
|
+
apiUpsert(): ServerApi<any> | undefined;
|
|
10
|
+
}
|
|
11
|
+
export declare const ModuleBE_PermissionAPIDB: ModuleBE_PermissionAPIDB_Class;
|
|
12
|
+
export {};
|
|
@@ -0,0 +1,62 @@
|
|
|
1
|
+
import { ModuleBE_BaseDB, } from '@nu-art/thunderstorm-backend';
|
|
2
|
+
import { DBDef_PermissionAPI } from '@nu-art/permissions-shared';
|
|
3
|
+
import { dbObjectToId, filterInstances } from '@nu-art/ts-common';
|
|
4
|
+
import { ModuleBE_PermissionAccessLevelDB } from '../permission-access-level/index.js';
|
|
5
|
+
import { MemKey_AccountId } from '@nu-art/user-account-backend';
|
|
6
|
+
import { ModuleBE_PermissionProjectDB } from '../permission-project/index.js';
|
|
7
|
+
import { HttpCodes } from '@nu-art/ts-common/core/exceptions/http-codes';
|
|
8
|
+
import { trimStartingForwardSlash } from '@nu-art/thunderstorm-shared/route-tools';
|
|
9
|
+
export class ModuleBE_PermissionAPIDB_Class extends ModuleBE_BaseDB {
|
|
10
|
+
constructor() {
|
|
11
|
+
super(DBDef_PermissionAPI);
|
|
12
|
+
this.registerVersionUpgradeProcessor('1.0.0', async (instances) => {
|
|
13
|
+
}); // adjustment made in pre-write requires us to do this in order to upgrade the data
|
|
14
|
+
}
|
|
15
|
+
async preWriteProcessing(instance, originalDbInstance, t) {
|
|
16
|
+
await ModuleBE_PermissionProjectDB.query.uniqueAssert(instance.projectId);
|
|
17
|
+
// clean '/' from api path start
|
|
18
|
+
instance.path = trimStartingForwardSlash(instance.path);
|
|
19
|
+
// set who created this
|
|
20
|
+
instance._auditorId = MemKey_AccountId.get();
|
|
21
|
+
const accessLevelIds = new Set();
|
|
22
|
+
const duplicateAccessLevelIds = new Set();
|
|
23
|
+
//Check for duplicated Unique IDs
|
|
24
|
+
instance.accessLevelIds?.forEach(id => {
|
|
25
|
+
const duplicate = accessLevelIds.has(id);
|
|
26
|
+
accessLevelIds.add(id);
|
|
27
|
+
if (duplicate)
|
|
28
|
+
duplicateAccessLevelIds.add(id);
|
|
29
|
+
});
|
|
30
|
+
if (duplicateAccessLevelIds.size)
|
|
31
|
+
throw HttpCodes._4XX.BAD_REQUEST('Could not update permission api', `Trying to create API with duplicate access levels: ${duplicateAccessLevelIds}`);
|
|
32
|
+
// Verify all AccessLevels actually exist, and assign _accessLevels
|
|
33
|
+
if (instance.accessLevelIds?.length) {
|
|
34
|
+
const dbAccessLevels = filterInstances(await ModuleBE_PermissionAccessLevelDB.query.all(instance.accessLevelIds));
|
|
35
|
+
if (dbAccessLevels.length !== instance.accessLevelIds.length) {
|
|
36
|
+
const dbAccessLevelIds = dbAccessLevels.map(dbObjectToId);
|
|
37
|
+
throw HttpCodes._4XX.NOT_FOUND('Could not update permission api', `Asked to assign an api non existing accessLevels: ${instance.accessLevelIds.filter(id => !dbAccessLevelIds.includes(id))}`);
|
|
38
|
+
}
|
|
39
|
+
dbAccessLevels.forEach(accessLevel => {
|
|
40
|
+
if (!instance._accessLevels)
|
|
41
|
+
instance._accessLevels = {};
|
|
42
|
+
instance._accessLevels[accessLevel.domainId] = accessLevel.value;
|
|
43
|
+
});
|
|
44
|
+
}
|
|
45
|
+
else {
|
|
46
|
+
instance._accessLevels = {};
|
|
47
|
+
}
|
|
48
|
+
}
|
|
49
|
+
registerApis(projectId, routes) {
|
|
50
|
+
return this.runTransaction(async (transaction) => {
|
|
51
|
+
const existingProjectApis = await this.query.custom({ where: { projectId: projectId } }, transaction);
|
|
52
|
+
const apisToAdd = routes
|
|
53
|
+
.filter(path => !existingProjectApis.find(api => api.path === path))
|
|
54
|
+
.map(path => ({ path, projectId: projectId, _auditorId: MemKey_AccountId.get() }));
|
|
55
|
+
return this.set.all(apisToAdd, transaction);
|
|
56
|
+
});
|
|
57
|
+
}
|
|
58
|
+
apiUpsert() {
|
|
59
|
+
return;
|
|
60
|
+
}
|
|
61
|
+
}
|
|
62
|
+
export const ModuleBE_PermissionAPIDB = new ModuleBE_PermissionAPIDB_Class();
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export declare const ModulePackBE_PermissionAPI: (import("./ModuleBE_PermissionAPIDB.js").ModuleBE_PermissionAPIDB_Class | import("@nu-art/thunderstorm-backend").ModuleBE_BaseApi_Class<import("@nu-art/permissions-shared").DBProto_PermissionAPI>)[];
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import { DBApiConfigV3, ModuleBE_BaseDB } from '@nu-art/thunderstorm-backend';
|
|
2
|
+
import { DB_PermissionDomain, DBProto_PermissionDomain } from '@nu-art/permissions-shared';
|
|
3
|
+
import { Transaction } from 'firebase-admin/firestore';
|
|
4
|
+
type Config = DBApiConfigV3<DBProto_PermissionDomain> & {};
|
|
5
|
+
export declare class ModuleBE_PermissionDomainDB_Class extends ModuleBE_BaseDB<DBProto_PermissionDomain, Config> {
|
|
6
|
+
constructor();
|
|
7
|
+
protected assertDeletion(transaction: Transaction, dbInstance: DB_PermissionDomain): Promise<void>;
|
|
8
|
+
internalFilter(item: DB_PermissionDomain): {
|
|
9
|
+
namespace: string;
|
|
10
|
+
projectId: string;
|
|
11
|
+
}[];
|
|
12
|
+
protected preWriteProcessing(dbInstance: DB_PermissionDomain, originalDbInstance: DBProto_PermissionDomain['dbType'], t?: Transaction): Promise<void>;
|
|
13
|
+
}
|
|
14
|
+
export declare const ModuleBE_PermissionDomainDB: ModuleBE_PermissionDomainDB_Class;
|
|
15
|
+
export {};
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
import { ModuleBE_BaseDB, } from '@nu-art/thunderstorm-backend';
|
|
2
|
+
import { DBDef_PermissionDomain } from '@nu-art/permissions-shared';
|
|
3
|
+
import { ApiException } from '@nu-art/ts-common';
|
|
4
|
+
import { MemKey_AccountId } from '@nu-art/user-account-backend';
|
|
5
|
+
import { ModuleBE_PermissionAccessLevelDB } from '../permission-access-level/index.js';
|
|
6
|
+
import { ModuleBE_PermissionProjectDB } from '../permission-project/index.js';
|
|
7
|
+
export class ModuleBE_PermissionDomainDB_Class extends ModuleBE_BaseDB {
|
|
8
|
+
constructor() {
|
|
9
|
+
super(DBDef_PermissionDomain);
|
|
10
|
+
}
|
|
11
|
+
async assertDeletion(transaction, dbInstance) {
|
|
12
|
+
const accessLevels = await ModuleBE_PermissionAccessLevelDB.query.custom({ where: { domainId: dbInstance._id } });
|
|
13
|
+
if (accessLevels.length) {
|
|
14
|
+
throw new ApiException(403, 'You trying delete domain that associated with accessLevels, you need delete the accessLevels first');
|
|
15
|
+
}
|
|
16
|
+
}
|
|
17
|
+
internalFilter(item) {
|
|
18
|
+
return [{ namespace: item.namespace, projectId: item.projectId }];
|
|
19
|
+
}
|
|
20
|
+
async preWriteProcessing(dbInstance, originalDbInstance, t) {
|
|
21
|
+
await ModuleBE_PermissionProjectDB.query.uniqueAssert(dbInstance.projectId, t);
|
|
22
|
+
dbInstance._auditorId = MemKey_AccountId.get();
|
|
23
|
+
}
|
|
24
|
+
}
|
|
25
|
+
export const ModuleBE_PermissionDomainDB = new ModuleBE_PermissionDomainDB_Class();
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export declare const ModulePackBE_PermissionDomain: (import("./ModuleBE_PermissionDomainDB.js").ModuleBE_PermissionDomainDB_Class | import("@nu-art/thunderstorm-backend").ModuleBE_BaseApi_Class<import("@nu-art/permissions-shared").DBProto_PermissionDomain>)[];
|
|
@@ -0,0 +1,3 @@
|
|
|
1
|
+
import { createApisForDBModuleV3 } from '@nu-art/thunderstorm-backend';
|
|
2
|
+
import { ModuleBE_PermissionDomainDB } from './ModuleBE_PermissionDomainDB.js';
|
|
3
|
+
export const ModulePackBE_PermissionDomain = [ModuleBE_PermissionDomainDB, createApisForDBModuleV3(ModuleBE_PermissionDomainDB)];
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
import { DBApiConfigV3, ModuleBE_BaseDB } from '@nu-art/thunderstorm-backend';
|
|
2
|
+
import { DB_PermissionGroup, DBProto_PermissionGroup } from '@nu-art/permissions-shared';
|
|
3
|
+
import { Transaction } from 'firebase-admin/firestore';
|
|
4
|
+
import { CollectionActionType, PostWriteProcessingData } from '@nu-art/firebase-backend/firestore-v3/FirestoreCollectionV3';
|
|
5
|
+
type Config = DBApiConfigV3<DBProto_PermissionGroup> & {};
|
|
6
|
+
export declare class ModuleBE_PermissionGroupDB_Class extends ModuleBE_BaseDB<DBProto_PermissionGroup, Config> {
|
|
7
|
+
constructor();
|
|
8
|
+
protected preWriteProcessing(instance: DB_PermissionGroup, originalDbInstance: DBProto_PermissionGroup['dbType'], t?: Transaction): Promise<void>;
|
|
9
|
+
protected postWriteProcessing(data: PostWriteProcessingData<DBProto_PermissionGroup>, actionType: CollectionActionType): Promise<void>;
|
|
10
|
+
private clearUnused;
|
|
11
|
+
private upgrade_100_101;
|
|
12
|
+
}
|
|
13
|
+
export declare const ModuleBE_PermissionGroupDB: ModuleBE_PermissionGroupDB_Class;
|
|
14
|
+
export {};
|
|
@@ -0,0 +1,62 @@
|
|
|
1
|
+
import { ModuleBE_ActionProcessor, ModuleBE_BaseDB, } from '@nu-art/thunderstorm-backend';
|
|
2
|
+
import { DBDef_PermissionGroup } from '@nu-art/permissions-shared';
|
|
3
|
+
import { _keys, ApiException, batchActionParallel, dbObjectToId, filterDuplicates, filterInstances, reduceToMap } from '@nu-art/ts-common';
|
|
4
|
+
import { ModuleBE_PermissionAccessLevelDB } from '../permission-access-level/index.js';
|
|
5
|
+
import { MemKey_AccountId, SlackReporter } from '@nu-art/user-account-backend';
|
|
6
|
+
import { ModuleBE_PermissionUserDB } from '../permission-user/index.js';
|
|
7
|
+
import { _EmptyQuery } from '@nu-art/firebase-shared';
|
|
8
|
+
export class ModuleBE_PermissionGroupDB_Class extends ModuleBE_BaseDB {
|
|
9
|
+
constructor() {
|
|
10
|
+
super(DBDef_PermissionGroup);
|
|
11
|
+
ModuleBE_ActionProcessor.registerAction({
|
|
12
|
+
key: 'clear-unused-permission-groups',
|
|
13
|
+
group: 'Permissions',
|
|
14
|
+
description: 'Clears all permission groups that aren\'t in use',
|
|
15
|
+
processor: this.clearUnused
|
|
16
|
+
}, this);
|
|
17
|
+
this.registerVersionUpgradeProcessor('1.0.0', this.upgrade_100_101);
|
|
18
|
+
}
|
|
19
|
+
async preWriteProcessing(instance, originalDbInstance, t) {
|
|
20
|
+
instance._auditorId = MemKey_AccountId.get();
|
|
21
|
+
const dbLevels = filterInstances(await ModuleBE_PermissionAccessLevelDB.query.all(instance.accessLevelIds, t));
|
|
22
|
+
if (dbLevels.length < instance.accessLevelIds.length) {
|
|
23
|
+
const dbAccessLevelIds = dbLevels.map(dbObjectToId);
|
|
24
|
+
throw new ApiException(404, `Asked to assign a group non existing accessLevels: ${instance.accessLevelIds.filter(id => !dbAccessLevelIds.includes(id))}`);
|
|
25
|
+
}
|
|
26
|
+
// Find if there is more than one access level with the same domainId.
|
|
27
|
+
const duplicationMap = dbLevels.reduce((map, level) => {
|
|
28
|
+
if (map[level.domainId] === undefined)
|
|
29
|
+
map[level.domainId] = 0;
|
|
30
|
+
else
|
|
31
|
+
map[level.domainId]++;
|
|
32
|
+
return map;
|
|
33
|
+
}, {});
|
|
34
|
+
// Get all domainIds that appear more than once in this group
|
|
35
|
+
const duplicateDomainIds = filterInstances(_keys(duplicationMap)
|
|
36
|
+
.map(domainId => duplicationMap[domainId] > 1 ? domainId : undefined));
|
|
37
|
+
if (duplicateDomainIds.length > 0)
|
|
38
|
+
throw new ApiException(400, `Can't add a group with more than one access level per domain: ${duplicateDomainIds}, group: ${instance.label}`);
|
|
39
|
+
instance._levelsMap = reduceToMap(dbLevels, dbLevel => dbLevel.domainId, dbLevel => dbLevel.value);
|
|
40
|
+
}
|
|
41
|
+
async postWriteProcessing(data, actionType) {
|
|
42
|
+
const deleted = data.deleted ? (Array.isArray(data.deleted) ? data.deleted : [data.deleted]) : [];
|
|
43
|
+
const updated = data.updated ? (Array.isArray(data.updated) ? data.updated : [data.updated]) : [];
|
|
44
|
+
const groupIds = filterDuplicates([...deleted, ...updated].map(dbObjectToId));
|
|
45
|
+
const users = await batchActionParallel(groupIds, 10, async (ids) => await ModuleBE_PermissionUserDB.query.custom({ where: { __groupIds: { $aca: ids } } }));
|
|
46
|
+
await ModuleBE_PermissionUserDB.invalidateSession(users.map(dbObjectToId));
|
|
47
|
+
}
|
|
48
|
+
clearUnused = async () => {
|
|
49
|
+
let report = 'Report for refactor action *Clean Unused Permission Groups*:\n\n';
|
|
50
|
+
const allPermissionUsers = await ModuleBE_PermissionUserDB.query.custom(_EmptyQuery);
|
|
51
|
+
const allGroups = await this.query.custom(_EmptyQuery);
|
|
52
|
+
const usedGroupIds = allPermissionUsers.map(user => user.__groupIds ?? []).flat();
|
|
53
|
+
const unusedGroups = allGroups.filter(group => !usedGroupIds.includes(group._id));
|
|
54
|
+
report += `Cleared ${unusedGroups.length} groups: ${unusedGroups.map(group => group.label).join(',\n')}`;
|
|
55
|
+
await this.delete.allItems(unusedGroups);
|
|
56
|
+
await new SlackReporter(report).sendReportToChannel();
|
|
57
|
+
};
|
|
58
|
+
upgrade_100_101 = async (items) => {
|
|
59
|
+
items.forEach(group => group.uiLabel = group.label);
|
|
60
|
+
};
|
|
61
|
+
}
|
|
62
|
+
export const ModuleBE_PermissionGroupDB = new ModuleBE_PermissionGroupDB_Class();
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export declare const ModulePackBE_PermissionGroup: (import("./ModuleBE_PermissionGroupDB.js").ModuleBE_PermissionGroupDB_Class | import("@nu-art/thunderstorm-backend").ModuleBE_BaseApi_Class<import("@nu-art/permissions-shared").DBProto_PermissionGroup>)[];
|
|
@@ -0,0 +1,3 @@
|
|
|
1
|
+
import { createApisForDBModuleV3 } from '@nu-art/thunderstorm-backend';
|
|
2
|
+
import { ModuleBE_PermissionGroupDB } from './ModuleBE_PermissionGroupDB.js';
|
|
3
|
+
export const ModulePackBE_PermissionGroup = [ModuleBE_PermissionGroupDB, createApisForDBModuleV3(ModuleBE_PermissionGroupDB)];
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import { DBApiConfigV3, ModuleBE_BaseDB } from '@nu-art/thunderstorm-backend';
|
|
2
|
+
import { DB_PermissionProject, DBProto_PermissionProject } from '@nu-art/permissions-shared';
|
|
3
|
+
import { Transaction } from 'firebase-admin/firestore';
|
|
4
|
+
type Config = DBApiConfigV3<DBProto_PermissionProject> & {};
|
|
5
|
+
export declare class ModuleBE_PermissionProjectDB_Class extends ModuleBE_BaseDB<DBProto_PermissionProject, Config> {
|
|
6
|
+
constructor();
|
|
7
|
+
protected preWriteProcessing(dbInstance: DB_PermissionProject, originalDbInstance: DBProto_PermissionProject['dbType'], t?: Transaction): Promise<void>;
|
|
8
|
+
}
|
|
9
|
+
export declare const ModuleBE_PermissionProjectDB: ModuleBE_PermissionProjectDB_Class;
|
|
10
|
+
export {};
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import { ModuleBE_BaseDB, } from '@nu-art/thunderstorm-backend';
|
|
2
|
+
import { DBDef_PermissionProject } from '@nu-art/permissions-shared';
|
|
3
|
+
import { MemKey_AccountId } from '@nu-art/user-account-backend';
|
|
4
|
+
export class ModuleBE_PermissionProjectDB_Class extends ModuleBE_BaseDB {
|
|
5
|
+
constructor() {
|
|
6
|
+
super(DBDef_PermissionProject);
|
|
7
|
+
}
|
|
8
|
+
async preWriteProcessing(dbInstance, originalDbInstance, t) {
|
|
9
|
+
dbInstance._auditorId = MemKey_AccountId.get();
|
|
10
|
+
}
|
|
11
|
+
}
|
|
12
|
+
export const ModuleBE_PermissionProjectDB = new ModuleBE_PermissionProjectDB_Class();
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export declare const ModulePackBE_PermissionProject: (import("./ModuleBE_PermissionProjectDB.js").ModuleBE_PermissionProjectDB_Class | import("@nu-art/thunderstorm-backend").ModuleBE_BaseApi_Class<import("@nu-art/permissions-shared").DBProto_PermissionProject>)[];
|
|
@@ -0,0 +1,3 @@
|
|
|
1
|
+
import { createApisForDBModuleV3 } from '@nu-art/thunderstorm-backend';
|
|
2
|
+
import { ModuleBE_PermissionProjectDB } from './ModuleBE_PermissionProjectDB.js';
|
|
3
|
+
export const ModulePackBE_PermissionProject = [ModuleBE_PermissionProjectDB, createApisForDBModuleV3(ModuleBE_PermissionProjectDB)];
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
import { ModuleBE_BaseApi_Class } from '@nu-art/thunderstorm-backend';
|
|
2
|
+
import { DBProto_PermissionUser } from '@nu-art/permissions-shared';
|
|
3
|
+
declare class ModuleBE_PermissionUserAPI_Class extends ModuleBE_BaseApi_Class<DBProto_PermissionUser> {
|
|
4
|
+
constructor();
|
|
5
|
+
init(): void;
|
|
6
|
+
}
|
|
7
|
+
export declare const ModuleBE_PermissionUserAPI: ModuleBE_PermissionUserAPI_Class;
|
|
8
|
+
export {};
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import { addRoutes, createBodyServerApi, ModuleBE_BaseApi_Class } from '@nu-art/thunderstorm-backend';
|
|
2
|
+
import { ApiDef_PermissionUser } from '@nu-art/permissions-shared';
|
|
3
|
+
import { ModuleBE_PermissionUserDB } from './ModuleBE_PermissionUserDB.js';
|
|
4
|
+
class ModuleBE_PermissionUserAPI_Class extends ModuleBE_BaseApi_Class {
|
|
5
|
+
constructor() {
|
|
6
|
+
super(ModuleBE_PermissionUserDB);
|
|
7
|
+
}
|
|
8
|
+
init() {
|
|
9
|
+
super.init();
|
|
10
|
+
addRoutes([createBodyServerApi(ApiDef_PermissionUser._v1.assignPermissions, ModuleBE_PermissionUserDB.assignPermissions)]);
|
|
11
|
+
}
|
|
12
|
+
}
|
|
13
|
+
export const ModuleBE_PermissionUserAPI = new ModuleBE_PermissionUserAPI_Class();
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
import { DBApiConfigV3, ModuleBE_BaseDB } from '@nu-art/thunderstorm-backend';
|
|
2
|
+
import { DB_PermissionUser, DBProto_PermissionUser, Request_AssignPermissions, User_Group } from '@nu-art/permissions-shared';
|
|
3
|
+
import { PerformProjectSetup } from '@nu-art/thunderstorm-backend/modules/action-processor/Action_SetupProject';
|
|
4
|
+
import { DB_BaseObject, UniqueId } from '@nu-art/ts-common';
|
|
5
|
+
import { OnNewUserRegistered, OnUserLogin } from '@nu-art/user-account-backend';
|
|
6
|
+
import { Transaction } from 'firebase-admin/firestore';
|
|
7
|
+
import { UI_Account } from '@nu-art/user-account-shared';
|
|
8
|
+
import { CollectionActionType, PostWriteProcessingData } from '@nu-art/firebase-backend/firestore-v3/FirestoreCollectionV3';
|
|
9
|
+
type Config = DBApiConfigV3<DBProto_PermissionUser> & {};
|
|
10
|
+
export declare class ModuleBE_PermissionUserDB_Class extends ModuleBE_BaseDB<DBProto_PermissionUser, Config> implements OnNewUserRegistered, OnUserLogin, PerformProjectSetup {
|
|
11
|
+
private defaultPermissionGroups?;
|
|
12
|
+
constructor();
|
|
13
|
+
__performProjectSetup(): {
|
|
14
|
+
priority: number;
|
|
15
|
+
processor: () => Promise<void>;
|
|
16
|
+
};
|
|
17
|
+
__onUserLogin(account: UI_Account, transaction: Transaction): Promise<void>;
|
|
18
|
+
__onNewUserRegistered(account: UI_Account, transaction: Transaction): Promise<void>;
|
|
19
|
+
protected preWriteProcessing(instance: DB_PermissionUser, originalDbInstance: DBProto_PermissionUser['dbType'], t?: Transaction): Promise<void>;
|
|
20
|
+
protected postWriteProcessing(data: PostWriteProcessingData<DBProto_PermissionUser>, actionType: CollectionActionType): Promise<void>;
|
|
21
|
+
insertIfNotExist: (uiAccount: UI_Account & DB_BaseObject, transaction: Transaction) => Promise<DB_PermissionUser | (Omit<DB_PermissionUser, "_id" | "__metadata1" | "__hardDelete" | "__created" | "__updated" | "_v" | "_originDocId" | ("_auditorId" | "__groupIds")> & Partial<import("@nu-art/ts-common").SubsetObjectByKeys<DB_PermissionUser, "_id" | "__metadata1" | "__hardDelete" | "__created" | "__updated" | "_v" | "_originDocId" | ("_auditorId" | "__groupIds")>> & Partial<import("@nu-art/ts-common").DB_Object>)>;
|
|
22
|
+
assignPermissions(body: Request_AssignPermissions): Promise<void>;
|
|
23
|
+
setDefaultPermissionGroups: (groupsGetter: () => Promise<User_Group[]>) => void;
|
|
24
|
+
clearDefaultPermissionGroups: () => void;
|
|
25
|
+
/**
|
|
26
|
+
* The system requires to perform action, which in other cases can also be done by a human.
|
|
27
|
+
* This requires system features to identify as a bot user, or "Service Account"
|
|
28
|
+
*
|
|
29
|
+
* @param serviceAccounts - List of Accounts to create
|
|
30
|
+
* @private
|
|
31
|
+
*/
|
|
32
|
+
private createSystemServiceAccount;
|
|
33
|
+
invalidateSession(accountIds: UniqueId[]): Promise<void>;
|
|
34
|
+
}
|
|
35
|
+
export declare const ModuleBE_PermissionUserDB: ModuleBE_PermissionUserDB_Class;
|
|
36
|
+
export {};
|