@nu-art/permissions-backend 0.401.9 → 0.500.6

package/modules/ModuleBE_PermissionsAssert.d.ts

@@ -1,48 +1,17 @@
-import { Module, StringMap, TypedMap } from '@nu-art/ts-common';
-import { ServerApi_Middleware } from '@nu-art/thunderstorm-backend';
+import { Module } from '@nu-art/ts-common';
+import type { ServerApi_Middleware } from '@nu-art/http-server';
 import { CollectSessionData } from '@nu-art/user-account-backend';
-import { Base_AccessLevel, DB_PermissionAccessLevel, DB_PermissionAPI, DomainToLevelValueMap, SessionData_StrictMode } from '@nu-art/permissions-shared';
-import { PermissionKey_BE } from '../PermissionKey_BE.js';
-export type UserCalculatedAccessLevel = {
-    [domainId: string]: number;
-};
-export type GroupPairWithBaseLevelsObj = {
-    accessLevels: Base_AccessLevel[];
-};
-export type RequestPairWithLevelsObj = {
-    accessLevels: DB_PermissionAccessLevel[];
-};
+import { SessionData_StrictMode } from '@nu-art/permissions-shared';
+import type { PermissionScope } from '@nu-art/permissions-shared';
+import type { PermissionAssertionContext } from '../assertion-types.js';
 type Config = {
     strictMode?: boolean;
 };
-/**
- * [DomainId uniqueString]: accessLevel's numerical value
- */
 export declare class ModuleBE_PermissionsAssert_Class extends Module<Config> implements CollectSessionData<SessionData_StrictMode> {
-    private projectId;
-    _keys: TypedMap<boolean>;
-    permissionKeys: TypedMap<PermissionKey_BE<any>>;
-    readonly Middleware: (keys?: string[]) => ServerApi_Middleware;
     readonly LoadPermissionsMiddleware: ServerApi_Middleware;
-    readonly CustomMiddleware: (keys: string[], action: (projectId: string, customFields: StringMap) => Promise<void>) => ServerApi_Middleware;
     __collectSessionData(): Promise<SessionData_StrictMode>;
-    init(): void;
-    private assertPermission;
-    assertUserPermissions(projectId: string, path: string): Promise<void>;
-    assertUserPassesAccessLevels(domainToLevelValueMap: DomainToLevelValueMap, userPermissions: TypedMap<number>): void;
-    getApiDetails(_path: string, projectId: string): Promise<{
-        dbApi: DB_PermissionAPI;
-        requestPermissions: DB_PermissionAccessLevel[];
-    } | undefined>;
-    getApisDetails(urls: string[], projectId: string): Promise<({
-        apiDb: DB_PermissionAPI;
-        requestPermissions: DB_PermissionAccessLevel[];
-    } | undefined)[]>;
-    private getAccessLevels;
-    setProjectId: (projectId: string) => void;
-    getRegEx(value: string): RegExp;
-    registerPermissionKeys(keys: string[]): void;
-    private isStrictMode;
+    assertScopePermission(scope: PermissionScope, requiredValue: string): void;
+    createAssertionContext(): PermissionAssertionContext;
 }
 export declare const ModuleBE_PermissionsAssert: ModuleBE_PermissionsAssert_Class;
 export {};

package/modules/ModuleBE_PermissionsAssert.js

@@ -16,227 +16,68 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-import { _keys, ApiException, arrayToMap, BadImplementationException, batchActionParallel, exists, filterDuplicates, filterInstances, ImplementationMissingException, Module, RuntimeModules } from '@nu-art/ts-common';
-import { addRoutes, createBodyServerApi, ModuleBE_SyncManager } from '@nu-art/thunderstorm-backend';
-import { HttpMethod } from '@nu-art/thunderstorm-shared';
-import { MemKey_AccountEmail } from '@nu-art/user-account-backend';
-import { ApiDef_PermissionsAssert } from '@nu-art/permissions-shared';
-import { MemKey_HttpRequestBody, MemKey_HttpRequestMethod, MemKey_HttpRequestQuery, MemKey_HttpRequestUrl } from '@nu-art/thunderstorm-backend/modules/server/consts';
-import { MemKey_UserPermissions, SessionKey_Permissions_BE } from '../consts.js';
-import { PermissionKey_BE } from '../PermissionKey_BE.js';
-import { ModuleBE_PermissionAccessLevelDB, ModuleBE_PermissionAPIDB } from '../_entity.js';
-/**
- * [DomainId uniqueString]: accessLevel's numerical value
- */
+import { ApiException, Module } from '@nu-art/ts-common';
+import { stringToUniqueId } from '@nu-art/db-api-shared';
+import { SessionKey_Account_BE } from '@nu-art/user-account-backend';
+import { AccessScope_Self } from '@nu-art/permissions-shared';
+import { MemKey_UserAccessIds, MemKey_UserEntityContexts, MemKey_UserScopePermissions } from '../consts.js';
+import { ModuleBE_UserPermissionsDB } from '../_entity/user-permissions/ModuleBE_UserPermissionsDB.js';
 export class ModuleBE_PermissionsAssert_Class extends Module {
-    projectId;
-    _keys = {};
-    permissionKeys = {};
-    // constructor() {
-    // 	super();
-    // 	this.setMinLevel(LogLevel.Debug);
-    // }
-    Middleware = (keys = []) => async () => {
-        await this.CustomMiddleware(keys, async (projectId) => {
-            return this.assertUserPermissions(projectId, MemKey_HttpRequestUrl.get());
-        })();
-    };
     LoadPermissionsMiddleware = async () => {
-        try {
-            MemKey_UserPermissions.get();
-        }
-        catch (err) {
-            MemKey_UserPermissions.set(SessionKey_Permissions_BE.get().domainToValueMap);
-        }
-    };
-    CustomMiddleware = (keys, action) => async () => {
-        const customFields = {};
-        let object;
-        const reqMethod = MemKey_HttpRequestMethod.get();
-        switch (reqMethod) {
-            case HttpMethod.POST:
-            case HttpMethod.PATCH:
-            case HttpMethod.PUT:
-                object = MemKey_HttpRequestBody.get();
-                break;
-            case HttpMethod.GET:
-            case HttpMethod.DELETE:
-                object = MemKey_HttpRequestQuery.get();
-                break;
-            default:
-                throw new BadImplementationException(`Generic custom fields cannot be extracted on api with method: ${reqMethod}`);
-        }
-        _keys(object).filter(key => keys.includes(key)).forEach(key => {
-            const oElement = object[key];
-            if (oElement === undefined || oElement === null)
-                return;
-            if (typeof oElement !== 'string')
-                return;
-            customFields[key] = oElement;
-        });
-        const projectId = this.projectId;
-        await action(projectId, customFields);
+        const account = SessionKey_Account_BE.get();
+        const permissionsId = stringToUniqueId(account._id);
+        const entity = await ModuleBE_UserPermissionsDB.query.unique(permissionsId);
+        MemKey_UserScopePermissions.set(entity?.scopeEntries ?? []);
+        const personalGroupId = stringToUniqueId(account._id);
+        MemKey_UserAccessIds.set(entity?.accessIds ?? { [AccessScope_Self]: [personalGroupId] });
     };
     async __collectSessionData() {
-        return { key: 'strictMode', value: { isStrictMode: this.isStrictMode() } };
-    }
-    init() {
-        super.init();
-        addRoutes([createBodyServerApi(ApiDef_PermissionsAssert.vv1.assertUserPermissions, this.assertPermission)]);
-        _keys(this._keys).forEach(key => this.permissionKeys[key] = new PermissionKey_BE(key));
-        ModuleBE_SyncManager.setModuleFilter(async (dbModules) => {
-            // return dbModules;
-            //Filter out any module we don't have permission to sync
-            const userPermissions = MemKey_UserPermissions.get();
-            const mapDbNameToApiModules = arrayToMap(RuntimeModules()
-                .filter((module) => !!module.apiDef && !!module.dbModule?.dbDef?.dbKey), item => item.dbModule.dbDef.dbKey);
-            const paths = dbModules.map(module => {
-                const mapDbNameToApiModule = mapDbNameToApiModules[module.dbDef.dbKey];
-                if (!mapDbNameToApiModule) {
-                    // this.logWarning(`no module found for ${module.dbDef.dbKey}`);
-                    return undefined;
-                }
-                return mapDbNameToApiModule.apiDef?.['v1']?.['query'].path;
-            });
-            // this.logWarning(`Paths(${paths.length}):`, paths);
-            const _allApis = await ModuleBE_PermissionAPIDB.query.where({});
-            const apis = _allApis.filter(_api => paths.includes(_api.path));
-            const mapPathToDBApi = arrayToMap(apis, api => api.path);
-            return dbModules.filter((dbModule, index) => {
-                const path = paths[index];
-                if (!path) {
-                    // this.logWarningBold('no path');
-                    return false;
-                }
-                const dbApi = mapPathToDBApi[path];
-                if (!dbApi) {
-                    // this.logWarningBold(`no dbApi ${path}`);
-                    return !ModuleBE_PermissionsAssert.isStrictMode();
-                }
-                const accessLevels = dbApi._accessLevels;
-                return _keys(accessLevels).reduce((hasAccess, domainId) => {
-                    if (!hasAccess)
-                        return false;
-                    const userDomainAccessValue = userPermissions[domainId];
-                    const apiRequiredAccessValue = accessLevels[domainId];
-                    if (!userDomainAccessValue)
-                        return false;
-                    if (!exists(userDomainAccessValue) || userDomainAccessValue < apiRequiredAccessValue) {
-                        this.logErrorBold(`${(userDomainAccessValue ?? 0)} < ${apiRequiredAccessValue} === ${(userDomainAccessValue ?? 0) < apiRequiredAccessValue}`);
-                        return false;
-                    }
-                    return hasAccess;
-                }, true);
-            });
-        });
+        return { key: 'strictMode', value: { isStrictMode: !!this.config?.strictMode } };
     }
-    assertPermission = async (body) => {
-        await ModuleBE_PermissionsAssert.assertUserPermissions(body.projectId, body.path);
-        return { userId: MemKey_AccountEmail.get() };
-    };
-    async assertUserPermissions(projectId, path) {
-        // [DomainId]: accessLevel's numerical value
-        const userPermissions = MemKey_UserPermissions.get();
-        const apiDetails = await this.getApiDetails(path, projectId);
-        this.logDebug('______________________________');
-        this.logDebug(userPermissions);
-        this.logDebug('______________________________');
-        this.logDebug(apiDetails?.dbApi);
-        this.logDebug('______________________________');
-        if (!apiDetails || !apiDetails.dbApi.accessLevelIds) {
-            if (!this.config.strictMode)
-                return;
-            throw new ApiException(403, `No permissions configuration specified for api: ${projectId ? `${projectId}--` : ''}${path}`);
+    assertScopePermission(scope, requiredValue) {
+        const userPerms = MemKey_UserScopePermissions.get();
+        const prefix = scope.key + ':';
+        const entry = userPerms.find(p => p.startsWith(prefix));
+        if (!entry)
+            throw new ApiException(403, `No access for scope: ${scope.key}`);
+        const userValue = entry.substring(prefix.length);
+        const requiredIdx = scope.values.indexOf(requiredValue);
+        if (requiredIdx === -1)
+            throw new ApiException(503, `Unknown permission value '${requiredValue}' for scope '${scope.key}'`);
+        const userIdx = scope.values.indexOf(userValue);
+        if (userIdx === -1 || userIdx < requiredIdx) {
+            this.logErrorBold(`scope permission denied: ${scope.key} (has: ${userValue}, needs: ${requiredValue})`);
+            throw new ApiException(403, `Insufficient access for scope: ${scope.key}`);
         }
-        //_accessLevels is a map[domain id <> access level numeric value]
-        this.assertUserPassesAccessLevels(apiDetails.dbApi._accessLevels, userPermissions);
     }
-    assertUserPassesAccessLevels(domainToLevelValueMap, userPermissions) {
-        _keys(domainToLevelValueMap).forEach(domainId => {
-            const userDomainPermission = userPermissions[domainId];
-            if (!exists(userDomainPermission))
-                throw new ApiException(403, 'Missing Access For This Domain');
-            if (userDomainPermission < domainToLevelValueMap[domainId]) {
-                this.logErrorBold(`for domain - userAccessLevel <> expectedAccessLevel: "${domainId}" ${(userDomainPermission ?? 0)} <> ${domainToLevelValueMap[domainId]}`);
-                throw new ApiException(403, 'Action Forbidden');
-            }
-        });
-    }
-    async getApiDetails(_path, projectId) {
-        let path = _path.substring(0, (_path + '?').indexOf('?')); //Get raw path without query
-        if (path.at(0) === '/')
-            path = path.substring(1);
-        this.logDebug(`Fetching Permission API for path: ${path} and project id: ${projectId}`);
-        const dbApi = (await ModuleBE_PermissionAPIDB.query.custom({
-            where: {
-                path,
-                projectId
-            }
-        }))[0];
-        if (!dbApi)
-            return undefined;
-        const requestPermissions = await this.getAccessLevels(dbApi.accessLevelIds || []);
+    createAssertionContext() {
+        const userPerms = MemKey_UserScopePermissions.get();
+        const entityContexts = MemKey_UserEntityContexts.get();
         return {
-            dbApi,
-            requestPermissions
+            hasScope: (scope, value) => {
+                const prefix = scope.key + ':';
+                const entry = userPerms.find(p => p.startsWith(prefix));
+                if (!entry)
+                    return false;
+                const userValue = entry.substring(prefix.length);
+                const requiredIdx = scope.values.indexOf(value);
+                if (requiredIdx === -1)
+                    return false;
+                const userIdx = scope.values.indexOf(userValue);
+                return userIdx >= requiredIdx;
+            },
+            ownsEntity: async (pointer) => {
+                return entityContexts.some(ctx => ctx.dbKey === pointer.dbKey && ctx.id === pointer.id);
+            },
+            and: async (...predicates) => {
+                const results = await Promise.all(predicates);
+                return results.every(r => r);
+            },
+            or: async (...predicates) => {
+                const results = await Promise.all(predicates);
+                return results.some(r => r);
+            },
         };
     }
-    async getApisDetails(urls, projectId) {
-        const paths = urls.map(_path => _path.substring(0, (_path + '?').indexOf('?')));
-        const apiDbs = await batchActionParallel(paths, 10, elements => ModuleBE_PermissionAPIDB.query.custom({
-            where: {
-                projectId,
-                path: { $in: elements }
-            }
-        }));
-        return Promise.all(paths.map(async (path) => {
-            const apiDb = apiDbs.find(_apiDb => _apiDb.path === path);
-            if (!apiDb)
-                return;
-            try {
-                const requestPermissions = await this.getAccessLevels(apiDb.accessLevelIds);
-                return ({
-                    apiDb,
-                    requestPermissions
-                });
-            }
-            catch (e) {
-                return;
-            }
-        }));
-    }
-    async getAccessLevels(_accessLevelIds) {
-        const accessLevelIds = filterDuplicates(_accessLevelIds || []);
-        const requestPermissions = filterInstances(await ModuleBE_PermissionAccessLevelDB.query.all(accessLevelIds));
-        const idNotFound = accessLevelIds.find(lId => !requestPermissions.find(r => r._id === lId));
-        if (idNotFound)
-            throw new ApiException(404, `Could not find api level with _id: ${idNotFound}`);
-        return requestPermissions;
-    }
-    setProjectId = (projectId) => {
-        this.projectId = projectId;
-    };
-    getRegEx(value) {
-        if (!value)
-            return new RegExp(`^${value}$`, 'g');
-        let regExValue = value;
-        const startRegEx = '^';
-        const endRegEx = '$';
-        if (value[0] !== startRegEx)
-            regExValue = startRegEx + regExValue;
-        if (value[value.length - 1] !== endRegEx)
-            regExValue = regExValue + endRegEx;
-        return new RegExp(regExValue, 'g');
-    }
-    registerPermissionKeys(keys) {
-        keys.forEach(key => {
-            if (this._keys[key])
-                throw new ImplementationMissingException(`Registered PermissionKey '${key}' more than once!`);
-            this._keys[key] = true;
-        });
-    }
-    isStrictMode() {
-        return !!this.config.strictMode;
-    }
 }
 export const ModuleBE_PermissionsAssert = new ModuleBE_PermissionsAssert_Class();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nu-art/permissions-backend",
-  "version": "0.401.9",
+  "version": "0.500.6",
   "description": "Permissions Backend",
   "keywords": [
     "TacB0sS",
@@ -11,7 +11,6 @@
     "nu-art",
     "permissions",
     "saml",
-    "thunderstorm",
     "typescript",
     "user-account"
   ],
@@ -35,15 +34,14 @@
     "test": "ts-mocha -w -p src/test/tsconfig.json --timeout 0 --inspect=8107 --watch-files '**/*.ts' src/test/__all-tests.ts"
   },
   "dependencies": {
-    "@nu-art/permissions-shared": "0.401.9",
-    "@nu-art/firebase-backend": "0.401.9",
-    "@nu-art/firebase-shared": "0.401.9",
-    "@nu-art/google-services-backend": "0.401.9",
-    "@nu-art/thunderstorm-backend": "0.401.9",
-    "@nu-art/thunderstorm-shared": "0.401.9",
-    "@nu-art/ts-common": "0.401.9",
-    "@nu-art/user-account-backend": "0.401.9",
-    "@nu-art/user-account-shared": "0.401.9",
+    "@nu-art/action-processor-backend": "0.500.6",
+    "@nu-art/permissions-shared": "0.500.6",
+    "@nu-art/firebase-backend": "0.500.6",
+    "@nu-art/firebase-shared": "0.500.6",
+    "@nu-art/google-services-backend": "0.500.6",
+    "@nu-art/ts-common": "0.500.6",
+    "@nu-art/user-account-backend": "0.500.6",
+    "@nu-art/user-account-shared": "0.500.6",
     "express": "^4.18.2",
     "firebase": "^11.9.0",
     "firebase-admin": "13.4.0",
@@ -52,9 +50,14 @@
     "react": "^18.0.0",
     "react-dom": "^18.0.0",
     "react-router-dom": "^6.9.0",
-    "saml2-js": "^4.0.1"
+    "saml2-js": "^4.0.1",
+    "@nu-art/http-server": "0.500.6",
+    "@nu-art/api-types": "0.500.6",
+    "@nu-art/db-api-backend": "0.500.6",
+    "@nu-art/db-api-shared": "0.500.6"
   },
   "devDependencies": {
+    "@nu-art/testalot": "0.500.6",
     "@types/react": "^18.0.0",
     "@types/express": "^4.17.17",
     "@types/react-dom": "^18.0.0",
@@ -63,6 +66,7 @@
     "@types/chai": "^4.3.4",
     "@types/mocha": "^10.0.1",
     "@types/history": "^4.7.2",
+    "@types/request": "^2.48.1",
     "@types/saml2-js": "^1.6.8"
   },
   "unitConfig": {

package/PermissionKey_BE.d.ts

@@ -1,13 +0,0 @@
-import { TypedKeyValue } from '@nu-art/ts-common';
-import { AppConfigKey_BE } from '@nu-art/thunderstorm-backend';
-import { DB_PermissionKeyData } from '@nu-art/permissions-shared';
-type Resolver = () => Promise<DB_PermissionKeyData>;
-export declare class PermissionKey_BE<K extends string> extends AppConfigKey_BE<TypedKeyValue<K, DB_PermissionKeyData>> {
-    static _resolver: Resolver;
-    static buildData: (data: DB_PermissionKeyData) => Promise<DB_PermissionKeyData>;
-    constructor(key: K, initialDataResolver?: Resolver);
-    set(value: DB_PermissionKeyData): Promise<void>;
-}
-export declare const defaultValueResolverV2: (domainId: string, accessLevelName: string) => Promise<DB_PermissionKeyData>;
-export declare const defaultValueResolver: (domainNamespace: string, accessLevelValue: number) => Promise<DB_PermissionKeyData>;
-export {};

package/PermissionKey_BE.js

@@ -1,48 +0,0 @@
-import { filterInstances } from '@nu-art/ts-common';
-import { ModuleBE_PermissionAccessLevelDB, ModuleBE_PermissionDomainDB } from './_entity.js';
-import { AppConfigKey_BE, ModuleBE_AppConfigDB } from '@nu-art/thunderstorm-backend';
-import { Const_PermissionKeyType } from '@nu-art/permissions-shared';
-export class PermissionKey_BE extends AppConfigKey_BE {
-    static _resolver = async () => {
-        return { type: Const_PermissionKeyType, accessLevelIds: [], _accessLevels: {} };
-    };
-    static buildData = async (data) => {
-        ModuleBE_AppConfigDB.logVerbose('**************** Building Data ****************');
-        const accessLevels = filterInstances(await ModuleBE_PermissionAccessLevelDB.query.all(data.accessLevelIds));
-        const _data = {
-            type: 'permission-key',
-            accessLevelIds: data.accessLevelIds,
-            _accessLevels: accessLevels.reduce((acc, level) => {
-                acc[level.domainId] = level.value;
-                return acc;
-            }, {})
-        };
-        ModuleBE_AppConfigDB.logVerbose('**************** Data ****************');
-        ModuleBE_AppConfigDB.logVerbose(_data);
-        return _data;
-    };
-    constructor(key, initialDataResolver) {
-        super(key, initialDataResolver ?? PermissionKey_BE._resolver, PermissionKey_BE.buildData);
-    }
-    async set(value) {
-        const dbValue = await PermissionKey_BE.buildData(value);
-        await super.set(dbValue);
-    }
-}
-export const defaultValueResolverV2 = async (domainId, accessLevelName) => {
-    const accessLevel = await ModuleBE_PermissionAccessLevelDB.query.uniqueCustom({ where: { domainId, name: accessLevelName } });
-    return {
-        type: Const_PermissionKeyType,
-        accessLevelIds: [accessLevel._id],
-        _accessLevels: { [accessLevel._id]: accessLevel.value }
-    };
-};
-export const defaultValueResolver = async (domainNamespace, accessLevelValue) => {
-    const domain = await ModuleBE_PermissionDomainDB.query.uniqueCustom({ where: { namespace: domainNamespace } });
-    const accessLevel = await ModuleBE_PermissionAccessLevelDB.query.uniqueCustom({ where: { domainId: domain._id, value: accessLevelValue } });
-    return {
-        type: Const_PermissionKeyType,
-        accessLevelIds: [accessLevel._id],
-        _accessLevels: { [accessLevel._id]: accessLevel.value }
-    };
-};

package/_entity/permission-access-level/ModuleBE_PermissionAccessLevelDB.d.ts

@@ -1,17 +0,0 @@
-import { DBApiConfigV3, ModuleBE_BaseDB } from '@nu-art/thunderstorm-backend';
-import { Clause_Where } from '@nu-art/firebase-shared';
-import { Transaction } from 'firebase-admin/firestore';
-import { CollectionActionType, PostWriteProcessingData } from '@nu-art/firebase-backend/firestore-v3/FirestoreCollectionV3';
-import { DB_PermissionAccessLevel, DBProto_PermissionAccessLevel } from '@nu-art/permissions-shared';
-type Config = DBApiConfigV3<DBProto_PermissionAccessLevel> & {};
-export declare class ModuleBE_PermissionAccessLevelDB_Class extends ModuleBE_BaseDB<DBProto_PermissionAccessLevel, Config> {
-    constructor();
-    protected internalFilter(item: DB_PermissionAccessLevel): Clause_Where<DB_PermissionAccessLevel>[];
-    protected preWriteProcessing(dbInstance: DB_PermissionAccessLevel, originalDbInstance: DBProto_PermissionAccessLevel['dbType'], transaction?: Transaction): Promise<void>;
-    protected postWriteProcessing(data: PostWriteProcessingData<DBProto_PermissionAccessLevel>, actionType: CollectionActionType, transaction?: Transaction): Promise<void>;
-    protected assertDeletion(transaction: Transaction, dbInstance: DB_PermissionAccessLevel): Promise<void>;
-    private upgrade_100_101;
-}
-export declare const ModuleBE_PermissionAccessLevelDB: ModuleBE_PermissionAccessLevelDB_Class;
-export declare function checkDuplicateLevelsDomain(levels: DB_PermissionAccessLevel[]): void;
-export {};

package/_entity/permission-access-level/ModuleBE_PermissionAccessLevelDB.js

@@ -1,55 +0,0 @@
-import { ModuleBE_BaseDB, } from '@nu-art/thunderstorm-backend';
-import { ApiException, batchActionParallel, dbObjectToId, filterDuplicates } from '@nu-art/ts-common';
-import { MemKey_AccountId } from '@nu-art/user-account-backend';
-import { ModuleBE_PermissionAPIDB } from '../permission-api/index.js';
-import { ModuleBE_PermissionDomainDB } from '../permission-domain/index.js';
-import { ModuleBE_PermissionGroupDB } from '../permission-group/index.js';
-import { DBDef_PermissionAccessLevel } from '@nu-art/permissions-shared';
-export class ModuleBE_PermissionAccessLevelDB_Class extends ModuleBE_BaseDB {
-    constructor() {
-        super(DBDef_PermissionAccessLevel);
-        this.registerVersionUpgradeProcessor('1.0.0', this.upgrade_100_101);
-    }
-    internalFilter(item) {
-        const { domainId, name, value } = item;
-        return [{ domainId, name }, { domainId, value }];
-    }
-    async preWriteProcessing(dbInstance, originalDbInstance, transaction) {
-        await ModuleBE_PermissionDomainDB.query.uniqueAssert(dbInstance.domainId);
-        dbInstance._auditorId = MemKey_AccountId.get();
-    }
-    async postWriteProcessing(data, actionType, transaction) {
-        const deleted = data.deleted ? (Array.isArray(data.deleted) ? data.deleted : [data.deleted]) : [];
-        const updated = data.updated ? (Array.isArray(data.updated) ? data.updated : [data.updated]) : [];
-        //Collect all apis that hold an access level id in the levels that have changed
-        const deletedIds = deleted.map(dbObjectToId);
-        const levelIds = [...deletedIds, ...updated.map(dbObjectToId)];
-        const _connectedApis = await batchActionParallel(levelIds, 10, async (ids) => await ModuleBE_PermissionAPIDB.query.custom({ where: { accessLevelIds: { $aca: ids } } }));
-        const connectedApis = filterDuplicates(_connectedApis, api => api._id);
-        deletedIds.forEach(id => {
-            //For each deleted level remove it from any api that held it
-            connectedApis.forEach(api => {
-                api.accessLevelIds = api.accessLevelIds?.filter(i => i !== id);
-            });
-        });
-        //Send all apis to upsert so their _accessLevels update
-        await ModuleBE_PermissionAPIDB.set.all(connectedApis);
-        return super.postWriteProcessing(data, actionType, transaction);
-    }
-    async assertDeletion(transaction, dbInstance) {
-        const groups = await ModuleBE_PermissionGroupDB.query.custom({ where: { accessLevelIds: { $ac: dbInstance._id } } });
-        const apis = await ModuleBE_PermissionAPIDB.query.custom({ where: { accessLevelIds: { $ac: dbInstance._id } } });
-        if (groups.length || apis.length)
-            throw new ApiException(403, 'You trying delete access level that associated with users/groups/apis, you need delete the associations first');
-    }
-    upgrade_100_101 = async (items) => {
-        items.forEach(accessLevel => accessLevel.uiLabel = accessLevel.name);
-    };
-}
-export const ModuleBE_PermissionAccessLevelDB = new ModuleBE_PermissionAccessLevelDB_Class();
-export function checkDuplicateLevelsDomain(levels) {
-    const domainIds = levels.map(level => level.domainId);
-    const filteredDomainIds = filterDuplicates(domainIds);
-    if (filteredDomainIds.length !== domainIds.length)
-        throw new ApiException(422, 'You trying test-add-data duplicate accessLevel with the same domain');
-}

package/_entity/permission-access-level/index.d.ts

@@ -1,2 +0,0 @@
-export * from './ModuleBE_PermissionAccessLevelDB.js';
-export * from './module-pack.js';

package/_entity/permission-access-level/index.js

@@ -1,2 +0,0 @@
-export * from './ModuleBE_PermissionAccessLevelDB.js';
-export * from './module-pack.js';

package/_entity/permission-access-level/module-pack.d.ts

@@ -1 +0,0 @@
-export declare const ModulePackBE_PermissionAccessLevel: (import("./ModuleBE_PermissionAccessLevelDB.js").ModuleBE_PermissionAccessLevelDB_Class | import("@nu-art/thunderstorm-backend").ModuleBE_BaseApi_Class<import("@nu-art/permissions-shared").DBProto_PermissionAccessLevel>)[];

package/_entity/permission-access-level/module-pack.js

@@ -1,3 +0,0 @@
-import { createApisForDBModuleV3 } from '@nu-art/thunderstorm-backend';
-import { ModuleBE_PermissionAccessLevelDB } from './ModuleBE_PermissionAccessLevelDB.js';
-export const ModulePackBE_PermissionAccessLevel = [ModuleBE_PermissionAccessLevelDB, createApisForDBModuleV3(ModuleBE_PermissionAccessLevelDB)];

package/_entity/permission-api/ModuleBE_PermissionAPIDB.d.ts

@@ -1,12 +0,0 @@
-import { DBApiConfigV3, ModuleBE_BaseDB, ServerApi } from '@nu-art/thunderstorm-backend';
-import { DB_PermissionAPI, DBProto_PermissionAPI } from '@nu-art/permissions-shared';
-import { Transaction } from 'firebase-admin/firestore';
-type Config = DBApiConfigV3<DBProto_PermissionAPI> & {};
-export declare class ModuleBE_PermissionAPIDB_Class extends ModuleBE_BaseDB<DBProto_PermissionAPI, Config> {
-    constructor();
-    protected preWriteProcessing(instance: DB_PermissionAPI, originalDbInstance: DBProto_PermissionAPI['dbType'], t?: Transaction): Promise<void>;
-    registerApis(projectId: string, routes: string[]): Promise<DB_PermissionAPI[]>;
-    apiUpsert(): ServerApi<any> | undefined;
-}
-export declare const ModuleBE_PermissionAPIDB: ModuleBE_PermissionAPIDB_Class;
-export {};

package/_entity/permission-api/ModuleBE_PermissionAPIDB.js

@@ -1,62 +0,0 @@
-import { ModuleBE_BaseDB, } from '@nu-art/thunderstorm-backend';
-import { DBDef_PermissionAPI } from '@nu-art/permissions-shared';
-import { dbObjectToId, filterInstances } from '@nu-art/ts-common';
-import { ModuleBE_PermissionAccessLevelDB } from '../permission-access-level/index.js';
-import { MemKey_AccountId } from '@nu-art/user-account-backend';
-import { ModuleBE_PermissionProjectDB } from '../permission-project/index.js';
-import { HttpCodes } from '@nu-art/ts-common/core/exceptions/http-codes';
-import { trimStartingForwardSlash } from '@nu-art/thunderstorm-shared/route-tools';
-export class ModuleBE_PermissionAPIDB_Class extends ModuleBE_BaseDB {
-    constructor() {
-        super(DBDef_PermissionAPI);
-        this.registerVersionUpgradeProcessor('1.0.0', async (instances) => {
-        }); // adjustment made in pre-write requires us to do this in order to upgrade the data
-    }
-    async preWriteProcessing(instance, originalDbInstance, t) {
-        await ModuleBE_PermissionProjectDB.query.uniqueAssert(instance.projectId);
-        // clean '/' from api path start
-        instance.path = trimStartingForwardSlash(instance.path);
-        // set who created this
-        instance._auditorId = MemKey_AccountId.get();
-        const accessLevelIds = new Set();
-        const duplicateAccessLevelIds = new Set();
-        //Check for duplicated Unique IDs
-        instance.accessLevelIds?.forEach(id => {
-            const duplicate = accessLevelIds.has(id);
-            accessLevelIds.add(id);
-            if (duplicate)
-                duplicateAccessLevelIds.add(id);
-        });
-        if (duplicateAccessLevelIds.size)
-            throw HttpCodes._4XX.BAD_REQUEST('Could not update permission api', `Trying to create API with duplicate access levels: ${duplicateAccessLevelIds}`);
-        // Verify all AccessLevels actually exist, and assign _accessLevels
-        if (instance.accessLevelIds?.length) {
-            const dbAccessLevels = filterInstances(await ModuleBE_PermissionAccessLevelDB.query.all(instance.accessLevelIds));
-            if (dbAccessLevels.length !== instance.accessLevelIds.length) {
-                const dbAccessLevelIds = dbAccessLevels.map(dbObjectToId);
-                throw HttpCodes._4XX.NOT_FOUND('Could not update permission api', `Asked to assign an api non existing accessLevels: ${instance.accessLevelIds.filter(id => !dbAccessLevelIds.includes(id))}`);
-            }
-            dbAccessLevels.forEach(accessLevel => {
-                if (!instance._accessLevels)
-                    instance._accessLevels = {};
-                instance._accessLevels[accessLevel.domainId] = accessLevel.value;
-            });
-        }
-        else {
-            instance._accessLevels = {};
-        }
-    }
-    registerApis(projectId, routes) {
-        return this.runTransaction(async (transaction) => {
-            const existingProjectApis = await this.query.custom({ where: { projectId: projectId } }, transaction);
-            const apisToAdd = routes
-                .filter(path => !existingProjectApis.find(api => api.path === path))
-                .map(path => ({ path, projectId: projectId, _auditorId: MemKey_AccountId.get() }));
-            return this.set.all(apisToAdd, transaction);
-        });
-    }
-    apiUpsert() {
-        return;
-    }
-}
-export const ModuleBE_PermissionAPIDB = new ModuleBE_PermissionAPIDB_Class();

package/_entity/permission-api/index.d.ts

@@ -1,2 +0,0 @@
-export * from './ModuleBE_PermissionAPIDB.js';
-export * from './module-pack.js';

package/_entity/permission-api/index.js

@@ -1,2 +0,0 @@
-export * from './ModuleBE_PermissionAPIDB.js';
-export * from './module-pack.js';

package/_entity/permission-api/module-pack.d.ts

@@ -1 +0,0 @@
-export declare const ModulePackBE_PermissionAPI: (import("./ModuleBE_PermissionAPIDB.js").ModuleBE_PermissionAPIDB_Class | import("@nu-art/thunderstorm-backend").ModuleBE_BaseApi_Class<import("@nu-art/permissions-shared").DBProto_PermissionAPI>)[];