@nu-art/permissions-backend 0.401.9 → 0.500.6

package/_entity/permission-api/module-pack.js

@@ -1,3 +0,0 @@
-import { createApisForDBModuleV3 } from '@nu-art/thunderstorm-backend';
-import { ModuleBE_PermissionAPIDB } from './ModuleBE_PermissionAPIDB.js';
-export const ModulePackBE_PermissionAPI = [ModuleBE_PermissionAPIDB, createApisForDBModuleV3(ModuleBE_PermissionAPIDB)];

package/_entity/permission-domain/ModuleBE_PermissionDomainDB.d.ts

@@ -1,15 +0,0 @@
-import { DBApiConfigV3, ModuleBE_BaseDB } from '@nu-art/thunderstorm-backend';
-import { DB_PermissionDomain, DBProto_PermissionDomain } from '@nu-art/permissions-shared';
-import { Transaction } from 'firebase-admin/firestore';
-type Config = DBApiConfigV3<DBProto_PermissionDomain> & {};
-export declare class ModuleBE_PermissionDomainDB_Class extends ModuleBE_BaseDB<DBProto_PermissionDomain, Config> {
-    constructor();
-    protected assertDeletion(transaction: Transaction, dbInstance: DB_PermissionDomain): Promise<void>;
-    internalFilter(item: DB_PermissionDomain): {
-        namespace: string;
-        projectId: string;
-    }[];
-    protected preWriteProcessing(dbInstance: DB_PermissionDomain, originalDbInstance: DBProto_PermissionDomain['dbType'], t?: Transaction): Promise<void>;
-}
-export declare const ModuleBE_PermissionDomainDB: ModuleBE_PermissionDomainDB_Class;
-export {};

package/_entity/permission-domain/ModuleBE_PermissionDomainDB.js

@@ -1,25 +0,0 @@
-import { ModuleBE_BaseDB, } from '@nu-art/thunderstorm-backend';
-import { DBDef_PermissionDomain } from '@nu-art/permissions-shared';
-import { ApiException } from '@nu-art/ts-common';
-import { MemKey_AccountId } from '@nu-art/user-account-backend';
-import { ModuleBE_PermissionAccessLevelDB } from '../permission-access-level/index.js';
-import { ModuleBE_PermissionProjectDB } from '../permission-project/index.js';
-export class ModuleBE_PermissionDomainDB_Class extends ModuleBE_BaseDB {
-    constructor() {
-        super(DBDef_PermissionDomain);
-    }
-    async assertDeletion(transaction, dbInstance) {
-        const accessLevels = await ModuleBE_PermissionAccessLevelDB.query.custom({ where: { domainId: dbInstance._id } });
-        if (accessLevels.length) {
-            throw new ApiException(403, 'You trying delete domain that associated with accessLevels, you need delete the accessLevels first');
-        }
-    }
-    internalFilter(item) {
-        return [{ namespace: item.namespace, projectId: item.projectId }];
-    }
-    async preWriteProcessing(dbInstance, originalDbInstance, t) {
-        await ModuleBE_PermissionProjectDB.query.uniqueAssert(dbInstance.projectId, t);
-        dbInstance._auditorId = MemKey_AccountId.get();
-    }
-}
-export const ModuleBE_PermissionDomainDB = new ModuleBE_PermissionDomainDB_Class();

package/_entity/permission-domain/index.d.ts

@@ -1,2 +0,0 @@
-export * from './ModuleBE_PermissionDomainDB.js';
-export * from './module-pack.js';

package/_entity/permission-domain/index.js

@@ -1,2 +0,0 @@
-export * from './ModuleBE_PermissionDomainDB.js';
-export * from './module-pack.js';

package/_entity/permission-domain/module-pack.d.ts

@@ -1 +0,0 @@
-export declare const ModulePackBE_PermissionDomain: (import("./ModuleBE_PermissionDomainDB.js").ModuleBE_PermissionDomainDB_Class | import("@nu-art/thunderstorm-backend").ModuleBE_BaseApi_Class<import("@nu-art/permissions-shared").DBProto_PermissionDomain>)[];

package/_entity/permission-domain/module-pack.js

@@ -1,3 +0,0 @@
-import { createApisForDBModuleV3 } from '@nu-art/thunderstorm-backend';
-import { ModuleBE_PermissionDomainDB } from './ModuleBE_PermissionDomainDB.js';
-export const ModulePackBE_PermissionDomain = [ModuleBE_PermissionDomainDB, createApisForDBModuleV3(ModuleBE_PermissionDomainDB)];

package/_entity/permission-group/ModuleBE_PermissionGroupDB.d.ts

@@ -1,14 +0,0 @@
-import { DBApiConfigV3, ModuleBE_BaseDB } from '@nu-art/thunderstorm-backend';
-import { DB_PermissionGroup, DBProto_PermissionGroup } from '@nu-art/permissions-shared';
-import { Transaction } from 'firebase-admin/firestore';
-import { CollectionActionType, PostWriteProcessingData } from '@nu-art/firebase-backend/firestore-v3/FirestoreCollectionV3';
-type Config = DBApiConfigV3<DBProto_PermissionGroup> & {};
-export declare class ModuleBE_PermissionGroupDB_Class extends ModuleBE_BaseDB<DBProto_PermissionGroup, Config> {
-    constructor();
-    protected preWriteProcessing(instance: DB_PermissionGroup, originalDbInstance: DBProto_PermissionGroup['dbType'], t?: Transaction): Promise<void>;
-    protected postWriteProcessing(data: PostWriteProcessingData<DBProto_PermissionGroup>, actionType: CollectionActionType): Promise<void>;
-    private clearUnused;
-    private upgrade_100_101;
-}
-export declare const ModuleBE_PermissionGroupDB: ModuleBE_PermissionGroupDB_Class;
-export {};

package/_entity/permission-group/ModuleBE_PermissionGroupDB.js

@@ -1,62 +0,0 @@
-import { ModuleBE_ActionProcessor, ModuleBE_BaseDB, } from '@nu-art/thunderstorm-backend';
-import { DBDef_PermissionGroup } from '@nu-art/permissions-shared';
-import { _keys, ApiException, batchActionParallel, dbObjectToId, filterDuplicates, filterInstances, reduceToMap } from '@nu-art/ts-common';
-import { ModuleBE_PermissionAccessLevelDB } from '../permission-access-level/index.js';
-import { MemKey_AccountId, SlackReporter } from '@nu-art/user-account-backend';
-import { ModuleBE_PermissionUserDB } from '../permission-user/index.js';
-import { _EmptyQuery } from '@nu-art/firebase-shared';
-export class ModuleBE_PermissionGroupDB_Class extends ModuleBE_BaseDB {
-    constructor() {
-        super(DBDef_PermissionGroup);
-        ModuleBE_ActionProcessor.registerAction({
-            key: 'clear-unused-permission-groups',
-            group: 'Permissions',
-            description: 'Clears all permission groups that aren\'t in use',
-            processor: this.clearUnused
-        }, this);
-        this.registerVersionUpgradeProcessor('1.0.0', this.upgrade_100_101);
-    }
-    async preWriteProcessing(instance, originalDbInstance, t) {
-        instance._auditorId = MemKey_AccountId.get();
-        const dbLevels = filterInstances(await ModuleBE_PermissionAccessLevelDB.query.all(instance.accessLevelIds, t));
-        if (dbLevels.length < instance.accessLevelIds.length) {
-            const dbAccessLevelIds = dbLevels.map(dbObjectToId);
-            throw new ApiException(404, `Asked to assign a group non existing accessLevels: ${instance.accessLevelIds.filter(id => !dbAccessLevelIds.includes(id))}`);
-        }
-        // Find if there is more than one access level with the same domainId.
-        const duplicationMap = dbLevels.reduce((map, level) => {
-            if (map[level.domainId] === undefined)
-                map[level.domainId] = 0;
-            else
-                map[level.domainId]++;
-            return map;
-        }, {});
-        // Get all domainIds that appear more than once in this group
-        const duplicateDomainIds = filterInstances(_keys(duplicationMap)
-            .map(domainId => duplicationMap[domainId] > 1 ? domainId : undefined));
-        if (duplicateDomainIds.length > 0)
-            throw new ApiException(400, `Can't add a group with more than one access level per domain: ${duplicateDomainIds}, group: ${instance.label}`);
-        instance._levelsMap = reduceToMap(dbLevels, dbLevel => dbLevel.domainId, dbLevel => dbLevel.value);
-    }
-    async postWriteProcessing(data, actionType) {
-        const deleted = data.deleted ? (Array.isArray(data.deleted) ? data.deleted : [data.deleted]) : [];
-        const updated = data.updated ? (Array.isArray(data.updated) ? data.updated : [data.updated]) : [];
-        const groupIds = filterDuplicates([...deleted, ...updated].map(dbObjectToId));
-        const users = await batchActionParallel(groupIds, 10, async (ids) => await ModuleBE_PermissionUserDB.query.custom({ where: { __groupIds: { $aca: ids } } }));
-        await ModuleBE_PermissionUserDB.rotateSession(users.map(dbObjectToId));
-    }
-    clearUnused = async () => {
-        let report = 'Report for refactor action *Clean Unused Permission Groups*:\n\n';
-        const allPermissionUsers = await ModuleBE_PermissionUserDB.query.custom(_EmptyQuery);
-        const allGroups = await this.query.custom(_EmptyQuery);
-        const usedGroupIds = allPermissionUsers.map(user => user.__groupIds ?? []).flat();
-        const unusedGroups = allGroups.filter(group => !usedGroupIds.includes(group._id));
-        report += `Cleared ${unusedGroups.length} groups: ${unusedGroups.map(group => group.label).join(',\n')}`;
-        await this.delete.allItems(unusedGroups);
-        await new SlackReporter(report).sendReportToChannel();
-    };
-    upgrade_100_101 = async (items) => {
-        items.forEach(group => group.uiLabel = group.label);
-    };
-}
-export const ModuleBE_PermissionGroupDB = new ModuleBE_PermissionGroupDB_Class();

package/_entity/permission-group/index.d.ts

@@ -1,2 +0,0 @@
-export * from './ModuleBE_PermissionGroupDB.js';
-export * from './module-pack.js';

package/_entity/permission-group/index.js

@@ -1,2 +0,0 @@
-export * from './ModuleBE_PermissionGroupDB.js';
-export * from './module-pack.js';

package/_entity/permission-group/module-pack.d.ts

@@ -1 +0,0 @@
-export declare const ModulePackBE_PermissionGroup: (import("./ModuleBE_PermissionGroupDB.js").ModuleBE_PermissionGroupDB_Class | import("@nu-art/thunderstorm-backend").ModuleBE_BaseApi_Class<import("@nu-art/permissions-shared").DBProto_PermissionGroup>)[];

package/_entity/permission-group/module-pack.js

@@ -1,3 +0,0 @@
-import { createApisForDBModuleV3 } from '@nu-art/thunderstorm-backend';
-import { ModuleBE_PermissionGroupDB } from './ModuleBE_PermissionGroupDB.js';
-export const ModulePackBE_PermissionGroup = [ModuleBE_PermissionGroupDB, createApisForDBModuleV3(ModuleBE_PermissionGroupDB)];

package/_entity/permission-project/ModuleBE_PermissionProjectDB.d.ts

@@ -1,10 +0,0 @@
-import { DBApiConfigV3, ModuleBE_BaseDB } from '@nu-art/thunderstorm-backend';
-import { DB_PermissionProject, DBProto_PermissionProject } from '@nu-art/permissions-shared';
-import { Transaction } from 'firebase-admin/firestore';
-type Config = DBApiConfigV3<DBProto_PermissionProject> & {};
-export declare class ModuleBE_PermissionProjectDB_Class extends ModuleBE_BaseDB<DBProto_PermissionProject, Config> {
-    constructor();
-    protected preWriteProcessing(dbInstance: DB_PermissionProject, originalDbInstance: DBProto_PermissionProject['dbType'], t?: Transaction): Promise<void>;
-}
-export declare const ModuleBE_PermissionProjectDB: ModuleBE_PermissionProjectDB_Class;
-export {};

package/_entity/permission-project/ModuleBE_PermissionProjectDB.js

@@ -1,12 +0,0 @@
-import { ModuleBE_BaseDB, } from '@nu-art/thunderstorm-backend';
-import { DBDef_PermissionProject } from '@nu-art/permissions-shared';
-import { MemKey_AccountId } from '@nu-art/user-account-backend';
-export class ModuleBE_PermissionProjectDB_Class extends ModuleBE_BaseDB {
-    constructor() {
-        super(DBDef_PermissionProject);
-    }
-    async preWriteProcessing(dbInstance, originalDbInstance, t) {
-        dbInstance._auditorId = MemKey_AccountId.get();
-    }
-}
-export const ModuleBE_PermissionProjectDB = new ModuleBE_PermissionProjectDB_Class();

package/_entity/permission-project/index.d.ts

@@ -1,2 +0,0 @@
-export * from './ModuleBE_PermissionProjectDB.js';
-export * from './module-pack.js';

package/_entity/permission-project/index.js

@@ -1,2 +0,0 @@
-export * from './ModuleBE_PermissionProjectDB.js';
-export * from './module-pack.js';

package/_entity/permission-project/module-pack.d.ts

@@ -1 +0,0 @@
-export declare const ModulePackBE_PermissionProject: (import("./ModuleBE_PermissionProjectDB.js").ModuleBE_PermissionProjectDB_Class | import("@nu-art/thunderstorm-backend").ModuleBE_BaseApi_Class<import("@nu-art/permissions-shared").DBProto_PermissionProject>)[];

package/_entity/permission-project/module-pack.js

@@ -1,3 +0,0 @@
-import { createApisForDBModuleV3 } from '@nu-art/thunderstorm-backend';
-import { ModuleBE_PermissionProjectDB } from './ModuleBE_PermissionProjectDB.js';
-export const ModulePackBE_PermissionProject = [ModuleBE_PermissionProjectDB, createApisForDBModuleV3(ModuleBE_PermissionProjectDB)];

package/_entity/permission-user/ModuleBE_PermissionUserAPI.d.ts

@@ -1,8 +0,0 @@
-import { ModuleBE_BaseApi_Class } from '@nu-art/thunderstorm-backend';
-import { DBProto_PermissionUser } from '@nu-art/permissions-shared';
-declare class ModuleBE_PermissionUserAPI_Class extends ModuleBE_BaseApi_Class<DBProto_PermissionUser> {
-    constructor();
-    init(): void;
-}
-export declare const ModuleBE_PermissionUserAPI: ModuleBE_PermissionUserAPI_Class;
-export {};

package/_entity/permission-user/ModuleBE_PermissionUserAPI.js

@@ -1,13 +0,0 @@
-import { addRoutes, createBodyServerApi, ModuleBE_BaseApi_Class } from '@nu-art/thunderstorm-backend';
-import { ApiDef_PermissionUser } from '@nu-art/permissions-shared';
-import { ModuleBE_PermissionUserDB } from './ModuleBE_PermissionUserDB.js';
-class ModuleBE_PermissionUserAPI_Class extends ModuleBE_BaseApi_Class {
-    constructor() {
-        super(ModuleBE_PermissionUserDB);
-    }
-    init() {
-        super.init();
-        addRoutes([createBodyServerApi(ApiDef_PermissionUser._v1.assignPermissions, ModuleBE_PermissionUserDB.assignPermissions)]);
-    }
-}
-export const ModuleBE_PermissionUserAPI = new ModuleBE_PermissionUserAPI_Class();

package/_entity/permission-user/ModuleBE_PermissionUserDB.d.ts

@@ -1,37 +0,0 @@
-import { DBApiConfigV3, ModuleBE_BaseDB } from '@nu-art/thunderstorm-backend';
-import { DB_PermissionUser, DBProto_PermissionUser, Request_AssignPermissions } from '@nu-art/permissions-shared';
-import { PerformProjectSetup } from '@nu-art/thunderstorm-backend/modules/action-processor/Action_SetupProject';
-import { DB_BaseObject, UniqueId } from '@nu-art/ts-common';
-import { OnAccountDeleted, OnNewUserRegistered, OnUserLogin } from '@nu-art/user-account-backend';
-import { Transaction } from 'firebase-admin/firestore';
-import { SafeDB_Account, UI_Account } from '@nu-art/user-account-shared';
-import { CollectionActionType, PostWriteProcessingData } from '@nu-art/firebase-backend/firestore-v3/FirestoreCollectionV3';
-type Config = DBApiConfigV3<DBProto_PermissionUser> & {
-    defaultPermissionGroupIds?: UniqueId[];
-};
-export declare class ModuleBE_PermissionUserDB_Class extends ModuleBE_BaseDB<DBProto_PermissionUser, Config> implements OnNewUserRegistered, OnUserLogin, PerformProjectSetup, OnAccountDeleted {
-    constructor();
-    __performProjectSetup(): {
-        priority: number;
-        processor: () => Promise<void>;
-    };
-    __onUserLogin(account: UI_Account, transaction: Transaction): Promise<void>;
-    __onNewUserRegistered(account: UI_Account, transaction: Transaction): Promise<void>;
-    __onAccountDeleted: (account: SafeDB_Account, transaction: Transaction) => Promise<void>;
-    protected preWriteProcessing(instance: DB_PermissionUser, originalDbInstance: DBProto_PermissionUser['dbType'], t?: Transaction): Promise<void>;
-    protected postWriteProcessing(data: PostWriteProcessingData<DBProto_PermissionUser>, actionType: CollectionActionType): Promise<void>;
-    insertIfNotExist: (uiAccount: UI_Account & DB_BaseObject, transaction: Transaction) => Promise<DB_PermissionUser | (Omit<DB_PermissionUser, "_id" | "__metadata1" | "__hardDelete" | "__created" | "__updated" | "_v" | "_originDocId" | ("_auditorId" | "__groupIds")> & Partial<import("@nu-art/ts-common").SubsetObjectByKeys<DB_PermissionUser, "_id" | "__metadata1" | "__hardDelete" | "__created" | "__updated" | "_v" | "_originDocId" | ("_auditorId" | "__groupIds")>> & Partial<import("@nu-art/ts-common").DB_Object>)>;
-    assignPermissions(body: Request_AssignPermissions): Promise<void>;
-    private getDefaultPermissionGroups;
-    /**
-     * The system requires to perform action, which in other cases can also be done by a human.
-     * This requires system features to identify as a bot user, or "Service Account"
-     *
-     * @param serviceAccounts - List of Accounts to create
-     * @private
-     */
-    private createSystemServiceAccount;
-    rotateSession(accountIds: UniqueId[]): Promise<void>;
-}
-export declare const ModuleBE_PermissionUserDB: ModuleBE_PermissionUserDB_Class;
-export {};

package/_entity/permission-user/ModuleBE_PermissionUserDB.js

@@ -1,228 +0,0 @@
-import { MemKey_ServerApi, ModuleBE_BaseDB, Storm, } from '@nu-art/thunderstorm-backend';
-import { DBDef_PermissionUser } from '@nu-art/permissions-shared';
-import { _keys, ApiException, asOptionalArray, batchAction, batchActionParallel, dbObjectToId, exists, filterDuplicates, filterInstances, filterKeys, flatArray, JwtTools, merge, Year } from '@nu-art/ts-common';
-import { ModuleBE_PermissionGroupDB } from '../permission-group/ModuleBE_PermissionGroupDB.js';
-import { MemKey_AccountId, ModuleBE_AccountDB, ModuleBE_SessionDB } from '@nu-art/user-account-backend';
-import { MemKey_UserPermissions } from '../../consts.js';
-import { dispatcher_collectServiceAccounts } from '@nu-art/thunderstorm-backend/modules/_tdb/service-accounts';
-export class ModuleBE_PermissionUserDB_Class extends ModuleBE_BaseDB {
-    constructor() {
-        super(DBDef_PermissionUser);
-    }
-    __performProjectSetup() {
-        return {
-            priority: 200,
-            processor: async () => {
-                const accounts = await ModuleBE_AccountDB.query.where({});
-                const permissionsUser = await this.query.all(accounts.map(dbObjectToId));
-                const usersToUpsert = [];
-                const usersToDelete = [];
-                permissionsUser.forEach((user, index) => {
-                    if (exists(user)) {
-                        if (!exists(accounts.find(account => account._id === user._id)))
-                            usersToDelete.push(user);
-                        return;
-                    }
-                    usersToUpsert.push({
-                        _id: accounts[index]._id,
-                        groups: [],
-                    });
-                });
-                await this.set.all(usersToUpsert);
-                await this.delete.all(usersToDelete);
-                // This stage updates the rtdb's config- which is why it's last. Changing the rtdb's config kills the server.
-                const serviceAccounts = flatArray(dispatcher_collectServiceAccounts.dispatchModule());
-                await this.createSystemServiceAccount(serviceAccounts);
-            }
-        };
-    }
-    async __onUserLogin(account, transaction) {
-        await this.insertIfNotExist(account, transaction);
-    }
-    async __onNewUserRegistered(account, transaction) {
-        await this.insertIfNotExist(account, transaction);
-    }
-    __onAccountDeleted = async (account, transaction) => {
-        await this.delete.unique(account._id, transaction);
-    };
-    // protected async canDeleteDocument(transaction: FirestoreTransaction, dbInstances: DB_PermissionUser[]) {
-    // 	const conflicts: DB_PermissionUser[] = [];
-    // 	const accounts = await ModuleBE_AccountDB.query.custom(_EmptyQuery);
-    //
-    // 	for (const item of dbInstances) {
-    // 		const account = accounts.find(acc => acc._id === item.accountId);
-    // 		if (account)
-    // 			conflicts.push(item);
-    // 	}
-    //
-    // 	if (conflicts.length)
-    // 		throw new ApiException<DB_EntityDependency<any>[]>(422, 'permission users are connected to accounts').setErrorBody({
-    // 			type: 'has-dependencies',
-    // 			body: conflicts.map(conflict => ({collectionKey: 'User', conflictingIds: [conflict._id]}))
-    // 		});
-    // }
-    async preWriteProcessing(instance, originalDbInstance, t) {
-        instance._auditorId = MemKey_AccountId.get();
-        instance.__groupIds = filterDuplicates(instance.groups.map(group => group.groupId) || []);
-        if (!instance.__groupIds.length)
-            return;
-        // Get all groups the user has from the collection
-        const dbGroups = filterInstances(await ModuleBE_PermissionGroupDB.query.all(instance.__groupIds, t));
-        // Verify all groups actually existing in the collection
-        if (instance.__groupIds.length !== dbGroups.length) {
-            const dbGroupIds = dbGroups.map(dbObjectToId);
-            throw new ApiException(422, `Trying to assign a user to a permission-group that does not exist: ${instance.__groupIds.filter(groupId => !dbGroupIds.includes(groupId))}`);
-        }
-        //todo check for duplications in data
-    }
-    async postWriteProcessing(data, actionType) {
-        const deleted = asOptionalArray(data.deleted) ?? [];
-        const updated = asOptionalArray(data.updated) ?? [];
-        const beforeIds = (asOptionalArray(data.before) ?? []).map(before => before?._id);
-        const accountIdToInvalidate = filterDuplicates(filterInstances([...deleted, ...updated].map(i => i?._id))).filter(id => beforeIds.includes(id));
-        await this.rotateSession(accountIdToInvalidate);
-    }
-    insertIfNotExist = async (uiAccount, transaction) => {
-        const create = async (transaction) => {
-            const defaultPermissionGroups = await this.getDefaultPermissionGroups();
-            const permissionsUserToCreate = {
-                _id: uiAccount._id,
-                groups: defaultPermissionGroups.map(group => ({ groupId: group._id })),
-                _auditorId: MemKey_AccountId.get()
-            };
-            return ModuleBE_PermissionUserDB.create.item(permissionsUserToCreate, transaction);
-        };
-        return ModuleBE_PermissionUserDB.collection.uniqueGetOrCreate({ _id: uiAccount._id }, create, transaction);
-    };
-    async assignPermissions(body) {
-        if (!body.targetAccountIds.length)
-            throw new ApiException(400, `Asked to modify permissions but provided no users to modify permissions of.`);
-        const usersToGiveTo = filterInstances(await this.query.all(body.targetAccountIds));
-        // console.log('assignPermissions target accounts ');
-        // console.log(await this.query.custom(_EmptyQuery));
-        if (!usersToGiveTo.length || usersToGiveTo.length !== body.targetAccountIds.length) {
-            const dbUserIds = usersToGiveTo.map(dbObjectToId);
-            throw new ApiException(404, `Asked to give permissions to non-existent user accounts: ${body.targetAccountIds.filter(id => !dbUserIds.includes(id))}`);
-        }
-        const dbGroups = filterInstances(await ModuleBE_PermissionGroupDB.query.all(body.permissionGroupIds));
-        if (dbGroups.length !== body.permissionGroupIds.length) {
-            const dbGroupIds = dbGroups.map(dbObjectToId);
-            throw new ApiException(404, `Asked to give users non-existing permission groups: ${body.permissionGroupIds.filter(id => !dbGroupIds.includes(id))}`);
-        }
-        const myUserPermissions = MemKey_UserPermissions.get();
-        const permissionsToGive = dbGroups.reduce((map, group) => {
-            // Gather the highest permissions for each domain, from all groups
-            _keys(group._levelsMap || []).forEach(domainId => {
-                if (map[domainId] === undefined)
-                    map[domainId] = 0;
-                if (map[domainId] < group._levelsMap[domainId])
-                    map[domainId] = group._levelsMap[domainId];
-            });
-            return map;
-        }, {});
-        const failedDomains = _keys(permissionsToGive).filter(domainId => {
-            const tooLowPermission = myUserPermissions[domainId] < permissionsToGive[domainId];
-            this.logError(`${myUserPermissions[domainId]} < ${permissionsToGive[domainId]} === ${tooLowPermission}`);
-            const noPermissionInThisDomain = myUserPermissions[domainId] === undefined;
-            return noPermissionInThisDomain || tooLowPermission;
-        });
-        if (failedDomains.length)
-            throw new ApiException(403, `Attempted to give higher permissions than current user has: ${failedDomains}`);
-        const groupIds = dbGroups.map(group => ({ groupId: group._id }));
-        const usersToUpdate = usersToGiveTo.map(user => {
-            user.groups = groupIds;
-            return user;
-        });
-        await this.set.multi(usersToUpdate);
-    }
-    getDefaultPermissionGroups = async () => {
-        if (!this.config.defaultPermissionGroupIds?.length)
-            return [];
-        return ModuleBE_PermissionGroupDB.query.where({ _id: { $in: this.config.defaultPermissionGroupIds } });
-    };
-    /**
-     * The system requires to perform action, which in other cases can also be done by a human.
-     * This requires system features to identify as a bot user, or "Service Account"
-     *
-     * @param serviceAccounts - List of Accounts to create
-     * @private
-     */
-    async createSystemServiceAccount(serviceAccounts) {
-        this.logInfoBold('Creating Service Accounts: ', serviceAccounts);
-        // @ts-ignore
-        const tokenCreator = ModuleBE_AccountDB.token.create;
-        const envConfigRef = Storm.getInstance().getGlobalEnvConfigRef();
-        const updatedConfig = {};
-        //Run over all service accounts
-        for (const serviceAccount of serviceAccounts) {
-            // Create account if it doesn't already exist
-            const accountsToRequest = filterKeys({
-                type: 'service',
-                email: serviceAccount.email,
-                description: serviceAccount.description
-            });
-            let account;
-            //Get or create service account
-            try {
-                account = await ModuleBE_AccountDB.impl.querySafeAccount({ email: serviceAccount.email });
-            }
-            catch (e) {
-                this.logInfo('NOTICE: querySafeAccount failed, creating accounts');
-                account = await ModuleBE_AccountDB.account.create(accountsToRequest);
-            }
-            // Assign permissions groups to service account
-            const permissionsUser = await ModuleBE_PermissionUserDB.query.uniqueAssert({ _id: account._id });
-            permissionsUser.groups = serviceAccount.groupIds?.map(groupId => ({ groupId })) || [];
-            await ModuleBE_PermissionUserDB.set.item(permissionsUser);
-            //Service accounts are only allowed to have one session... but this isn't the defined place to be a cop about it
-            const sessions = await ModuleBE_AccountDB.account.getSessions(account);
-            //If we have a valid session(not expired) we use its JWT instead of creating a new one
-            let validSession;
-            for (const session of sessions.sessions) {
-                if (await JwtTools.isJwtActive(session.sessionIdJwt)) {
-                    validSession = session;
-                    break;
-                }
-            }
-            this.logError(serviceAccount.ttl);
-            const token = validSession?.sessionIdJwt ? { token: validSession?.sessionIdJwt } : await tokenCreator({
-                accountId: account._id,
-                ttl: serviceAccount.ttl ?? Year
-            });
-            updatedConfig[serviceAccount.moduleName] = {
-                serviceAccount: filterKeys({
-                    token,
-                    description: serviceAccount.description,
-                    accountId: account._id,
-                    email: account.email
-                })
-            };
-        }
-        if (_keys(updatedConfig).length > 0)
-            MemKey_ServerApi.get().addPostCallAction(async () => {
-                const currentConfig = await envConfigRef.get({});
-                await envConfigRef.set(merge(currentConfig, updatedConfig));
-                this.logInfoBold('Created Service Accounts for', _keys(updatedConfig));
-            });
-    }
-    async rotateSession(accountIds) {
-        if (!accountIds.length)
-            return;
-        //Collect all sessions connected to account
-        const sessions = await batchActionParallel(accountIds, 10, async (ids) => await ModuleBE_SessionDB.query.custom({ where: { accountId: { $in: ids } } }));
-        //TODO - Make sure new logic in ModuleBE_SessionDB that deletes expired sessions happens before this code, this will be redundant
-        //Filter to sessions that aren't expired
-        const validSessions = filterInstances(await Promise.all(sessions.map(async (session) => {
-            const isExpired = await JwtTools.isJwtExpired(session.sessionIdJwt);
-            return isExpired ? undefined : session;
-        })));
-        //TODO END
-        this.logWarning(`#### Rotating ${validSessions.length} Sessions! ####`);
-        await batchAction(validSessions, 500, async (sessions) => {
-            await this.runTransaction(async (t) => {
-                await Promise.all(sessions.map(session => ModuleBE_SessionDB._session.rotate.reissue.bySession(session, t)));
-            });
-        });
-    }
-}
-export const ModuleBE_PermissionUserDB = new ModuleBE_PermissionUserDB_Class();

package/_entity/permission-user/index.d.ts

@@ -1,3 +0,0 @@
-export * from './ModuleBE_PermissionUserDB.js';
-export * from './ModuleBE_PermissionUserAPI.js';
-export * from './module-pack.js';

package/_entity/permission-user/index.js

@@ -1,3 +0,0 @@
-export * from './ModuleBE_PermissionUserDB.js';
-export * from './ModuleBE_PermissionUserAPI.js';
-export * from './module-pack.js';

package/_entity/permission-user/module-pack.d.ts

@@ -1,2 +0,0 @@
-import { Module } from '@nu-art/ts-common';
-export declare const ModulePackBE_PermissionUser: Module[];

package/_entity/permission-user/module-pack.js

@@ -1,3 +0,0 @@
-import { ModuleBE_PermissionUserDB } from './ModuleBE_PermissionUserDB.js';
-import { ModuleBE_PermissionUserAPI } from './ModuleBE_PermissionUserAPI.js';
-export const ModulePackBE_PermissionUser = [ModuleBE_PermissionUserDB, ModuleBE_PermissionUserAPI];

package/_entity.d.ts

@@ -1,12 +0,0 @@
-export * from './_entity/permission-access-level/index.js';
-export * from './_entity/permission-access-level/index.js';
-export * from './_entity/permission-api/index.js';
-export * from './_entity/permission-api/index.js';
-export * from './_entity/permission-project/index.js';
-export * from './_entity/permission-project/index.js';
-export * from './_entity/permission-domain/index.js';
-export * from './_entity/permission-domain/index.js';
-export * from './_entity/permission-group/index.js';
-export * from './_entity/permission-group/index.js';
-export * from './_entity/permission-user/index.js';
-export * from './_entity/permission-user/index.js';

package/_entity.js

@@ -1,18 +0,0 @@
-//Access Level
-export * from './_entity/permission-access-level/index.js';
-export * from './_entity/permission-access-level/index.js';
-//API
-export * from './_entity/permission-api/index.js';
-export * from './_entity/permission-api/index.js';
-//Project
-export * from './_entity/permission-project/index.js';
-export * from './_entity/permission-project/index.js';
-//Domain
-export * from './_entity/permission-domain/index.js';
-export * from './_entity/permission-domain/index.js';
-//Group
-export * from './_entity/permission-group/index.js';
-export * from './_entity/permission-group/index.js';
-//User
-export * from './_entity/permission-user/index.js';
-export * from './_entity/permission-user/index.js';

package/core/utils.d.ts

@@ -1,25 +0,0 @@
-import { TypedMap, UniqueId } from '@nu-art/ts-common';
-import { DefaultDef_Group, PreDBAccessLevel } from '@nu-art/permissions-shared';
-import { PermissionKey_BE } from '../PermissionKey_BE.js';
-import { DefaultDef_Domain, DefaultDef_Package } from '../types.js';
-export declare const Permissions_abTest: (seed: UniqueId, namespace: string, permutations: string[]) => DefaultDef_Package;
-/**
- * Generate automatic BE permission keys for a domain
- * @param accessLevels the relevant access levels to generate keys for
- * @param keyByLevelMapper the key name mapper by access level name
- * @param domainId the domain id to apply in the resolver
- */
-export declare const generatePermissionKeys: <Key extends string | number | symbol>(accessLevels: PreDBAccessLevel[], keyByLevelMapper: TypedMap<string>, domainId: UniqueId) => { [key in Key]: PermissionKey_BE<string>; };
-/**
- * Automatic generator for domain default definitions,
- * @param key MUST NEVER CHANGE! the key is the "key" to uniqueness of the entire permission decleration
- * @param namespace The name space of the current generated domain definitions
- * @param preDBAccessLevels The access levels to create (can be default or custom)
- * @param permissionKeysByLevel The permission key name for each access level
- * @param dbNames List of db names (optional)
- */
-export declare const generateDomainDefaults: <Key extends string | number | symbol>(key: string, namespace: string, preDBAccessLevels: PreDBAccessLevel[], permissionKeysByLevel: { [key in Key]: string; }, dbNames?: string[]) => {
-    domain: DefaultDef_Domain;
-    groups: DefaultDef_Group[];
-    keys: { [key in Key]: PermissionKey_BE<string>; };
-};