@nu-art/permissions-backend 0.500.0 → 0.500.6

package/modules/ModuleBE_PermissionsAssert.d.ts

@@ -1,65 +1,17 @@
-import { Module, StringMap, TypedMap } from '@nu-art/ts-common';
+import { Module } from '@nu-art/ts-common';
 import type { ServerApi_Middleware } from '@nu-art/http-server';
-import { ModuleBE_BaseDB } from '@nu-art/db-api-backend';
 import { CollectSessionData } from '@nu-art/user-account-backend';
-import { API_PermissionsAssert, Base_AccessLevel, DB_PermissionAccessLevel, DB_PermissionAPI, DomainToLevelValueMap, SessionData_StrictMode } from '@nu-art/permissions-shared';
-import { PermissionKey_BE } from '../PermissionKey_BE.js';
-import type { FunctionPermissionDef } from '../core/function-permission-registry.js';
-export type UserCalculatedAccessLevel = {
-    [domainId: string]: number;
-};
-export type GroupPairWithBaseLevelsObj = {
-    accessLevels: Base_AccessLevel[];
-};
-export type RequestPairWithLevelsObj = {
-    accessLevels: DB_PermissionAccessLevel[];
-};
+import { SessionData_StrictMode } from '@nu-art/permissions-shared';
+import type { PermissionScope } from '@nu-art/permissions-shared';
+import type { PermissionAssertionContext } from '../assertion-types.js';
 type Config = {
     strictMode?: boolean;
 };
-/**
- * [DomainId uniqueString]: accessLevel's numerical value
- */
 export declare class ModuleBE_PermissionsAssert_Class extends Module<Config> implements CollectSessionData<SessionData_StrictMode> {
-    private projectId;
-    _keys: TypedMap<boolean>;
-    permissionKeys: TypedMap<PermissionKey_BE<any>>;
-    readonly Middleware: (keys?: string[]) => ServerApi_Middleware;
     readonly LoadPermissionsMiddleware: ServerApi_Middleware;
-    readonly CustomMiddleware: (keys: string[], action: (projectId: string, customFields: StringMap) => Promise<void>) => ServerApi_Middleware;
     __collectSessionData(): Promise<SessionData_StrictMode>;
-    init(): void;
-    /**
-     * @deprecated Path-based sync filter; use function-based permissions instead. API collection deprecated.
-     * Returns a filter for sync manager. The app must call SyncManager.setModuleFilter(ModuleBE_PermissionsAssert.getPermissionsAssertSyncFilter()) when using a sync manager.
-     */
-    getPermissionsAssertSyncFilter(): (dbModules: (ModuleBE_BaseDB<any>)[]) => Promise<(ModuleBE_BaseDB<any>)[]>;
-    assertUserPermissions(body: API_PermissionsAssert['assertUserPermissions']['Body']): Promise<API_PermissionsAssert['assertUserPermissions']['Response']>;
-    private assertPermission;
-    /**
-     * @deprecated Path-based API permission; use function-based permissions and assertFunctionPermission(def) instead. API collection deprecated.
-     */
-    assertPathPermissions(projectId: string, path: string): Promise<void>;
-    assertUserPassesAccessLevels(domainToLevelValueMap: DomainToLevelValueMap, userPermissions: TypedMap<number>): void;
-    /**
-     * Asserts that the user has at least the required level for the function-permission def (from @RequirePermission).
-     * Call this before invoking a handler when getRequirePermissionDef(handler) returns a def.
-     */
-    assertFunctionPermission(def: FunctionPermissionDef): void;
-    /** @deprecated Path-based API lookup; API collection deprecated. Use function-based permissions. */
-    getApiDetails(_path: string, projectId: string): Promise<{
-        dbApi: DB_PermissionAPI;
-        requestPermissions: DB_PermissionAccessLevel[];
-    } | undefined>;
-    getApisDetails(urls: string[], projectId: string): Promise<({
-        apiDb: DB_PermissionAPI;
-        requestPermissions: DB_PermissionAccessLevel[];
-    } | undefined)[]>;
-    private getAccessLevels;
-    setProjectId: (projectId: string) => void;
-    getRegEx(value: string): RegExp;
-    registerPermissionKeys(keys: string[]): void;
-    private isStrictMode;
+    assertScopePermission(scope: PermissionScope, requiredValue: string): void;
+    createAssertionContext(): PermissionAssertionContext;
 }
 export declare const ModuleBE_PermissionsAssert: ModuleBE_PermissionsAssert_Class;
 export {};

package/modules/ModuleBE_PermissionsAssert.js

@@ -16,293 +16,68 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-var __runInitializers = (this && this.__runInitializers) || function (thisArg, initializers, value) {
-    var useValue = arguments.length > 2;
-    for (var i = 0; i < initializers.length; i++) {
-        value = useValue ? initializers[i].call(thisArg, value) : initializers[i].call(thisArg);
+import { ApiException, Module } from '@nu-art/ts-common';
+import { stringToUniqueId } from '@nu-art/db-api-shared';
+import { SessionKey_Account_BE } from '@nu-art/user-account-backend';
+import { AccessScope_Self } from '@nu-art/permissions-shared';
+import { MemKey_UserAccessIds, MemKey_UserEntityContexts, MemKey_UserScopePermissions } from '../consts.js';
+import { ModuleBE_UserPermissionsDB } from '../_entity/user-permissions/ModuleBE_UserPermissionsDB.js';
+export class ModuleBE_PermissionsAssert_Class extends Module {
+    LoadPermissionsMiddleware = async () => {
+        const account = SessionKey_Account_BE.get();
+        const permissionsId = stringToUniqueId(account._id);
+        const entity = await ModuleBE_UserPermissionsDB.query.unique(permissionsId);
+        MemKey_UserScopePermissions.set(entity?.scopeEntries ?? []);
+        const personalGroupId = stringToUniqueId(account._id);
+        MemKey_UserAccessIds.set(entity?.accessIds ?? { [AccessScope_Self]: [personalGroupId] });
+    };
+    async __collectSessionData() {
+        return { key: 'strictMode', value: { isStrictMode: !!this.config?.strictMode } };
     }
-    return useValue ? value : void 0;
-};
-var __esDecorate = (this && this.__esDecorate) || function (ctor, descriptorIn, decorators, contextIn, initializers, extraInitializers) {
-    function accept(f) { if (f !== void 0 && typeof f !== "function") throw new TypeError("Function expected"); return f; }
-    var kind = contextIn.kind, key = kind === "getter" ? "get" : kind === "setter" ? "set" : "value";
-    var target = !descriptorIn && ctor ? contextIn["static"] ? ctor : ctor.prototype : null;
-    var descriptor = descriptorIn || (target ? Object.getOwnPropertyDescriptor(target, contextIn.name) : {});
-    var _, done = false;
-    for (var i = decorators.length - 1; i >= 0; i--) {
-        var context = {};
-        for (var p in contextIn) context[p] = p === "access" ? {} : contextIn[p];
-        for (var p in contextIn.access) context.access[p] = contextIn.access[p];
-        context.addInitializer = function (f) { if (done) throw new TypeError("Cannot add initializers after decoration has completed"); extraInitializers.push(accept(f || null)); };
-        var result = (0, decorators[i])(kind === "accessor" ? { get: descriptor.get, set: descriptor.set } : descriptor[key], context);
-        if (kind === "accessor") {
-            if (result === void 0) continue;
-            if (result === null || typeof result !== "object") throw new TypeError("Object expected");
-            if (_ = accept(result.get)) descriptor.get = _;
-            if (_ = accept(result.set)) descriptor.set = _;
-            if (_ = accept(result.init)) initializers.unshift(_);
-        }
-        else if (_ = accept(result)) {
-            if (kind === "field") initializers.unshift(_);
-            else descriptor[key] = _;
+    assertScopePermission(scope, requiredValue) {
+        const userPerms = MemKey_UserScopePermissions.get();
+        const prefix = scope.key + ':';
+        const entry = userPerms.find(p => p.startsWith(prefix));
+        if (!entry)
+            throw new ApiException(403, `No access for scope: ${scope.key}`);
+        const userValue = entry.substring(prefix.length);
+        const requiredIdx = scope.values.indexOf(requiredValue);
+        if (requiredIdx === -1)
+            throw new ApiException(503, `Unknown permission value '${requiredValue}' for scope '${scope.key}'`);
+        const userIdx = scope.values.indexOf(userValue);
+        if (userIdx === -1 || userIdx < requiredIdx) {
+            this.logErrorBold(`scope permission denied: ${scope.key} (has: ${userValue}, needs: ${requiredValue})`);
+            throw new ApiException(403, `Insufficient access for scope: ${scope.key}`);
         }
     }
-    if (target) Object.defineProperty(target, contextIn.name, descriptor);
-    done = true;
-};
-import { _keys, ApiException, arrayToMap, BadImplementationException, batchActionParallel, exists, filterDuplicates, filterInstances, ImplementationMissingException, Module } from '@nu-art/ts-common';
-import { ApiHandler } from '@nu-art/http-server';
-import { HttpMethod } from '@nu-art/api-types';
-import { MemKey_AccountId } from '@nu-art/user-account-backend';
-import { ApiDef_PermissionsAssert } from '@nu-art/permissions-shared';
-import { MemKey_HttpRequestBody, MemKey_HttpRequestMethod, MemKey_HttpRequestQuery, MemKey_HttpRequestUrl } from '@nu-art/http-server';
-import { MemKey_UserPermissions, SessionKey_Permissions_BE } from '../consts.js';
-import { PermissionKey_BE } from '../PermissionKey_BE.js';
-import { ModuleBE_PermissionAccessLevelDB, ModuleBE_PermissionAPIDB } from '../_entity.js';
-import { RuntimeBE_Modules } from '@nu-art/db-api-backend';
-/**
- * [DomainId uniqueString]: accessLevel's numerical value
- */
-let ModuleBE_PermissionsAssert_Class = (() => {
-    let _classSuper = Module;
-    let _instanceExtraInitializers = [];
-    let _assertUserPermissions_decorators;
-    return class ModuleBE_PermissionsAssert_Class extends _classSuper {
-        static {
-            const _metadata = typeof Symbol === "function" && Symbol.metadata ? Object.create(_classSuper[Symbol.metadata] ?? null) : void 0;
-            _assertUserPermissions_decorators = [ApiHandler(ApiDef_PermissionsAssert.assertUserPermissions)];
-            __esDecorate(this, null, _assertUserPermissions_decorators, { kind: "method", name: "assertUserPermissions", static: false, private: false, access: { has: obj => "assertUserPermissions" in obj, get: obj => obj.assertUserPermissions }, metadata: _metadata }, null, _instanceExtraInitializers);
-            if (_metadata) Object.defineProperty(this, Symbol.metadata, { enumerable: true, configurable: true, writable: true, value: _metadata });
-        }
-        projectId = __runInitializers(this, _instanceExtraInitializers);
-        _keys = {};
-        permissionKeys = {};
-        // constructor() {
-        // 	super();
-        // 	this.setMinLevel(LogLevel.Debug);
-        // }
-        Middleware = (keys = []) => async () => {
-            await this.CustomMiddleware(keys, async (projectId) => {
-                return this.assertPathPermissions(projectId, MemKey_HttpRequestUrl.get());
-            })();
-        };
-        LoadPermissionsMiddleware = async () => {
-            try {
-                MemKey_UserPermissions.get();
-            }
-            catch (err) {
-                MemKey_UserPermissions.set(SessionKey_Permissions_BE.get().domainToValueMap);
-            }
-        };
-        CustomMiddleware = (keys, action) => async () => {
-            const customFields = {};
-            let object;
-            const reqMethod = MemKey_HttpRequestMethod.get();
-            switch (reqMethod) {
-                case HttpMethod.POST:
-                case HttpMethod.PATCH:
-                case HttpMethod.PUT:
-                    object = MemKey_HttpRequestBody.get();
-                    break;
-                case HttpMethod.GET:
-                case HttpMethod.DELETE:
-                    object = MemKey_HttpRequestQuery.get();
-                    break;
-                default:
-                    throw new BadImplementationException(`Generic custom fields cannot be extracted on api with method: ${reqMethod}`);
-            }
-            _keys(object).filter(key => keys.includes(key)).forEach(key => {
-                const oElement = object[key];
-                if (oElement === undefined || oElement === null)
-                    return;
-                if (typeof oElement !== 'string')
-                    return;
-                customFields[key] = oElement;
-            });
-            const projectId = this.projectId;
-            await action(projectId, customFields);
+    createAssertionContext() {
+        const userPerms = MemKey_UserScopePermissions.get();
+        const entityContexts = MemKey_UserEntityContexts.get();
+        return {
+            hasScope: (scope, value) => {
+                const prefix = scope.key + ':';
+                const entry = userPerms.find(p => p.startsWith(prefix));
+                if (!entry)
+                    return false;
+                const userValue = entry.substring(prefix.length);
+                const requiredIdx = scope.values.indexOf(value);
+                if (requiredIdx === -1)
+                    return false;
+                const userIdx = scope.values.indexOf(userValue);
+                return userIdx >= requiredIdx;
+            },
+            ownsEntity: async (pointer) => {
+                return entityContexts.some(ctx => ctx.dbKey === pointer.dbKey && ctx.id === pointer.id);
+            },
+            and: async (...predicates) => {
+                const results = await Promise.all(predicates);
+                return results.every(r => r);
+            },
+            or: async (...predicates) => {
+                const results = await Promise.all(predicates);
+                return results.some(r => r);
+            },
         };
-        async __collectSessionData() {
-            return { key: 'strictMode', value: { isStrictMode: this.isStrictMode() } };
-        }
-        init() {
-            super.init();
-            _keys(this._keys).forEach(key => this.permissionKeys[key] = new PermissionKey_BE(key));
-        }
-        /**
-         * @deprecated Path-based sync filter; use function-based permissions instead. API collection deprecated.
-         * Returns a filter for sync manager. The app must call SyncManager.setModuleFilter(ModuleBE_PermissionsAssert.getPermissionsAssertSyncFilter()) when using a sync manager.
-         */
-        getPermissionsAssertSyncFilter() {
-            const assert = this;
-            return async (dbModules) => {
-                const userPermissions = MemKey_UserPermissions.get();
-                const mapDbNameToApiModules = arrayToMap(RuntimeBE_Modules(), (item) => item.dbModule.dbDef.dbKey);
-                const paths = dbModules.map(module => {
-                    const apiModule = mapDbNameToApiModules[module.dbDef.dbKey];
-                    if (!apiModule)
-                        return undefined;
-                    return apiModule.crudApiDef?.query?.path;
-                });
-                const _allApis = await ModuleBE_PermissionAPIDB.query.where({});
-                const apis = _allApis.filter(_api => paths.includes(_api.path));
-                const mapPathToDBApi = arrayToMap(apis, api => api.path);
-                return dbModules.filter((dbModule, index) => {
-                    const path = paths[index];
-                    if (!path)
-                        return false;
-                    const dbApi = mapPathToDBApi[path];
-                    if (!dbApi)
-                        return !ModuleBE_PermissionsAssert.isStrictMode();
-                    const accessLevels = dbApi._accessLevels;
-                    return _keys(accessLevels).reduce((hasAccess, domainId) => {
-                        if (!hasAccess)
-                            return false;
-                        const userDomainAccessValue = userPermissions[domainId];
-                        const apiRequiredAccessValue = accessLevels[domainId];
-                        if (!userDomainAccessValue)
-                            return false;
-                        if (!exists(userDomainAccessValue) || userDomainAccessValue < apiRequiredAccessValue) {
-                            assert.logErrorBold(`${(userDomainAccessValue ?? 0)} < ${apiRequiredAccessValue} === ${(userDomainAccessValue ?? 0) < apiRequiredAccessValue}`);
-                            return false;
-                        }
-                        return hasAccess;
-                    }, true);
-                });
-            };
-        }
-        async assertUserPermissions(body) {
-            return this.assertPermission(body);
-        }
-        assertPermission = async (body) => {
-            await ModuleBE_PermissionsAssert.assertPathPermissions(body.projectId, body.path);
-            return { userId: MemKey_AccountId.get() };
-        };
-        /**
-         * @deprecated Path-based API permission; use function-based permissions and assertFunctionPermission(def) instead. API collection deprecated.
-         */
-        async assertPathPermissions(projectId, path) {
-            // [DomainId]: accessLevel's numerical value
-            const userPermissions = MemKey_UserPermissions.get();
-            const apiDetails = await this.getApiDetails(path, projectId);
-            this.logDebug('______________________________');
-            this.logDebug(userPermissions);
-            this.logDebug('______________________________');
-            this.logDebug(apiDetails?.dbApi);
-            this.logDebug('______________________________');
-            if (!apiDetails || !apiDetails.dbApi.accessLevelIds) {
-                if (!this.config.strictMode)
-                    return;
-                throw new ApiException(403, `No permissions configuration specified for api: ${projectId ? `${projectId}--` : ''}${path}`);
-            }
-            //_accessLevels is a map[domain id <> access level numeric value]
-            this.assertUserPassesAccessLevels(apiDetails.dbApi._accessLevels, userPermissions);
-        }
-        assertUserPassesAccessLevels(domainToLevelValueMap, userPermissions) {
-            _keys(domainToLevelValueMap).forEach(domainId => {
-                const userDomainPermission = userPermissions[domainId];
-                if (!exists(userDomainPermission))
-                    throw new ApiException(403, 'Missing Access For This Domain');
-                if (userDomainPermission < domainToLevelValueMap[domainId]) {
-                    this.logErrorBold(`for domain - userAccessLevel <> expectedAccessLevel: "${domainId}" ${(userDomainPermission ?? 0)} <> ${domainToLevelValueMap[domainId]}`);
-                    throw new ApiException(403, 'Action Forbidden');
-                }
-            });
-        }
-        /**
-         * Asserts that the user has at least the required level for the function-permission def (from @RequirePermission).
-         * Call this before invoking a handler when getRequirePermissionDef(handler) returns a def.
-         */
-        assertFunctionPermission(def) {
-            if (def.domainId === undefined || def.levelValue === undefined)
-                throw new ApiException(503, `Function permission "${def.scopeKey}/${def.value}" not yet provisioned; run project setup to create domains/levels from registry.`);
-            const userPermissions = MemKey_UserPermissions.get();
-            const userDomainPermission = userPermissions[def.domainId];
-            if (!exists(userDomainPermission))
-                throw new ApiException(403, 'Missing Access For This Domain');
-            if (userDomainPermission < def.levelValue) {
-                this.logErrorBold(`function permission - userLevel < required: "${def.scopeKey}/${def.value}" ${userDomainPermission} < ${def.levelValue}`);
-                throw new ApiException(403, 'Action Forbidden');
-            }
-        }
-        /** @deprecated Path-based API lookup; API collection deprecated. Use function-based permissions. */
-        async getApiDetails(_path, projectId) {
-            let path = _path.substring(0, (_path + '?').indexOf('?')); //Get raw path without query
-            if (path.at(0) === '/')
-                path = path.substring(1);
-            this.logDebug(`Fetching Permission API for path: ${path} and project id: ${projectId}`);
-            const dbApi = (await ModuleBE_PermissionAPIDB.query.custom({
-                where: {
-                    path,
-                    projectId
-                }
-            }))[0];
-            if (!dbApi)
-                return undefined;
-            const requestPermissions = await this.getAccessLevels(dbApi.accessLevelIds || []);
-            return {
-                dbApi,
-                requestPermissions
-            };
-        }
-        async getApisDetails(urls, projectId) {
-            const paths = urls.map(_path => _path.substring(0, (_path + '?').indexOf('?')));
-            const apiDbs = await batchActionParallel(paths, 10, elements => ModuleBE_PermissionAPIDB.query.custom({
-                where: {
-                    projectId,
-                    path: { $in: elements }
-                }
-            }));
-            return Promise.all(paths.map(async (path) => {
-                const apiDb = apiDbs.find(_apiDb => _apiDb.path === path);
-                if (!apiDb)
-                    return;
-                try {
-                    const requestPermissions = await this.getAccessLevels(apiDb.accessLevelIds);
-                    return ({
-                        apiDb,
-                        requestPermissions
-                    });
-                }
-                catch (e) {
-                    return;
-                }
-            }));
-        }
-        async getAccessLevels(_accessLevelIds) {
-            const accessLevelIds = filterDuplicates(_accessLevelIds || []);
-            const requestPermissions = filterInstances(await ModuleBE_PermissionAccessLevelDB.query.all(accessLevelIds));
-            const idNotFound = accessLevelIds.find(lId => !requestPermissions.find(r => r._id === lId));
-            if (idNotFound)
-                throw new ApiException(404, `Could not find api level with _id: ${idNotFound}`);
-            return requestPermissions;
-        }
-        setProjectId = (projectId) => {
-            this.projectId = projectId;
-        };
-        getRegEx(value) {
-            if (!value)
-                return new RegExp(`^${value}$`, 'g');
-            let regExValue = value;
-            const startRegEx = '^';
-            const endRegEx = '$';
-            if (value[0] !== startRegEx)
-                regExValue = startRegEx + regExValue;
-            if (value[value.length - 1] !== endRegEx)
-                regExValue = regExValue + endRegEx;
-            return new RegExp(regExValue, 'g');
-        }
-        registerPermissionKeys(keys) {
-            keys.forEach(key => {
-                if (this._keys[key])
-                    throw new ImplementationMissingException(`Registered PermissionKey '${key}' more than once!`);
-                this._keys[key] = true;
-            });
-        }
-        isStrictMode() {
-            return !!this.config.strictMode;
-        }
-    };
-})();
-export { ModuleBE_PermissionsAssert_Class };
+    }
+}
 export const ModuleBE_PermissionsAssert = new ModuleBE_PermissionsAssert_Class();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nu-art/permissions-backend",
-  "version": "0.500.0",
+  "version": "0.500.6",
   "description": "Permissions Backend",
   "keywords": [
     "TacB0sS",
@@ -34,13 +34,14 @@
     "test": "ts-mocha -w -p src/test/tsconfig.json --timeout 0 --inspect=8107 --watch-files '**/*.ts' src/test/__all-tests.ts"
   },
   "dependencies": {
-    "@nu-art/permissions-shared": "0.500.0",
-    "@nu-art/firebase-backend": "0.500.0",
-    "@nu-art/firebase-shared": "0.500.0",
-    "@nu-art/google-services-backend": "0.500.0",
-    "@nu-art/ts-common": "0.500.0",
-    "@nu-art/user-account-backend": "0.500.0",
-    "@nu-art/user-account-shared": "0.500.0",
+    "@nu-art/action-processor-backend": "0.500.6",
+    "@nu-art/permissions-shared": "0.500.6",
+    "@nu-art/firebase-backend": "0.500.6",
+    "@nu-art/firebase-shared": "0.500.6",
+    "@nu-art/google-services-backend": "0.500.6",
+    "@nu-art/ts-common": "0.500.6",
+    "@nu-art/user-account-backend": "0.500.6",
+    "@nu-art/user-account-shared": "0.500.6",
     "express": "^4.18.2",
     "firebase": "^11.9.0",
     "firebase-admin": "13.4.0",
@@ -50,12 +51,13 @@
     "react-dom": "^18.0.0",
     "react-router-dom": "^6.9.0",
     "saml2-js": "^4.0.1",
-    "@nu-art/http-server": "{{THUNDERSTORM_VERSION}}",
-    "@nu-art/api-types": "{{THUNDERSTORM_VERSION}}",
-    "@nu-art/db-api-backend": "0.500.0",
-    "@nu-art/db-api-shared": "0.500.0"
+    "@nu-art/http-server": "0.500.6",
+    "@nu-art/api-types": "0.500.6",
+    "@nu-art/db-api-backend": "0.500.6",
+    "@nu-art/db-api-shared": "0.500.6"
   },
   "devDependencies": {
+    "@nu-art/testalot": "0.500.6",
     "@types/react": "^18.0.0",
     "@types/express": "^4.17.17",
     "@types/react-dom": "^18.0.0",

package/PermissionKey_BE.d.ts

@@ -1,16 +0,0 @@
-import { Logger } from '@nu-art/ts-common';
-import { DatabaseDef_PermissionDomain, DB_PermissionKeyData } from '@nu-art/permissions-shared';
-type Resolver = (logger?: Logger) => Promise<DB_PermissionKeyData>;
-export declare class PermissionKey_BE<K extends string> {
-    readonly key: K;
-    readonly resolver: Resolver;
-    readonly dataManipulator: (data: DB_PermissionKeyData) => Promise<DB_PermissionKeyData>;
-    static _resolver: Resolver;
-    static buildData: (data: DB_PermissionKeyData) => Promise<DB_PermissionKeyData>;
-    constructor(key: K, initialDataResolver?: Resolver);
-    get(): Promise<DB_PermissionKeyData>;
-    set(value: DB_PermissionKeyData): Promise<void>;
-}
-export declare const defaultValueResolverV2: (domainId: DatabaseDef_PermissionDomain["id"], accessLevelName: string) => Promise<DB_PermissionKeyData>;
-export declare const defaultValueResolver: (domainNamespace: string, accessLevelValue: number) => Promise<DB_PermissionKeyData>;
-export {};

package/PermissionKey_BE.js

@@ -1,59 +0,0 @@
-import { filterInstances } from '@nu-art/ts-common';
-import { ModuleBE_PermissionAccessLevelDB, ModuleBE_PermissionDomainDB } from './_entity.js';
-import { getAppConfigKeyHandler } from './permissions-wire.js';
-import { Const_PermissionKeyType } from '@nu-art/permissions-shared';
-export class PermissionKey_BE {
-    key;
-    resolver;
-    dataManipulator;
-    static _resolver = async () => {
-        return { type: Const_PermissionKeyType, accessLevelIds: [], _accessLevels: {} };
-    };
-    static buildData = async (data) => {
-        const accessLevels = filterInstances(await ModuleBE_PermissionAccessLevelDB.query.all(data.accessLevelIds));
-        return {
-            type: 'permission-key',
-            accessLevelIds: data.accessLevelIds,
-            _accessLevels: accessLevels.reduce((acc, level) => {
-                acc[level.domainId] = level.value;
-                return acc;
-            }, {})
-        };
-    };
-    constructor(key, initialDataResolver) {
-        this.key = key;
-        this.resolver = initialDataResolver ?? PermissionKey_BE._resolver;
-        this.dataManipulator = PermissionKey_BE.buildData;
-        getAppConfigKeyHandler()?.registerKey(this);
-    }
-    async get() {
-        const handler = getAppConfigKeyHandler();
-        if (!handler)
-            throw new Error('AppConfigKeyHandler not set; wire setAppConfigKeyHandler(ModuleBE_AppConfigDB) when using app-config-backend');
-        return handler.getAppKey(this);
-    }
-    async set(value) {
-        const dbValue = await PermissionKey_BE.buildData(value);
-        const handler = getAppConfigKeyHandler();
-        if (!handler)
-            throw new Error('AppConfigKeyHandler not set; wire setAppConfigKeyHandler(ModuleBE_AppConfigDB) when using app-config-backend');
-        await handler.setAppKey(this, dbValue);
-    }
-}
-export const defaultValueResolverV2 = async (domainId, accessLevelName) => {
-    const accessLevel = await ModuleBE_PermissionAccessLevelDB.query.uniqueCustom({ where: { domainId, name: accessLevelName } });
-    return {
-        type: Const_PermissionKeyType,
-        accessLevelIds: [accessLevel._id],
-        _accessLevels: { [accessLevel._id]: accessLevel.value }
-    };
-};
-export const defaultValueResolver = async (domainNamespace, accessLevelValue) => {
-    const domain = await ModuleBE_PermissionDomainDB.query.uniqueCustom({ where: { namespace: domainNamespace } });
-    const accessLevel = await ModuleBE_PermissionAccessLevelDB.query.uniqueCustom({ where: { domainId: domain._id, value: accessLevelValue } });
-    return {
-        type: Const_PermissionKeyType,
-        accessLevelIds: [accessLevel._id],
-        _accessLevels: { [accessLevel._id]: accessLevel.value }
-    };
-};

package/_entity/permission-access-level/ModuleBE_PermissionAccessLevelDB.d.ts

@@ -1,13 +0,0 @@
-import { ModuleBE_BaseDB } from '@nu-art/db-api-backend';
-import { Transaction } from 'firebase-admin/firestore';
-import { CollectionActionType, PostWriteProcessingData } from '@nu-art/firebase-backend/firestore-v3/FirestoreCollectionV3';
-import { DatabaseDef_PermissionAccessLevel, DB_PermissionAccessLevel } from '@nu-art/permissions-shared';
-export declare class ModuleBE_PermissionAccessLevelDB_Class extends ModuleBE_BaseDB<DatabaseDef_PermissionAccessLevel> {
-    constructor();
-    protected preWriteProcessing(dbInstance: DB_PermissionAccessLevel, originalDbInstance: DatabaseDef_PermissionAccessLevel['dbType'], transaction?: Transaction): Promise<void>;
-    protected postWriteProcessing(data: PostWriteProcessingData<DatabaseDef_PermissionAccessLevel['dbType']>, actionType: CollectionActionType, transaction?: Transaction): Promise<void>;
-    protected assertDeletion(transaction: Transaction, dbInstance: DB_PermissionAccessLevel): Promise<void>;
-    private upgrade_100_101;
-}
-export declare const ModuleBE_PermissionAccessLevelDB: ModuleBE_PermissionAccessLevelDB_Class;
-export declare function checkDuplicateLevelsDomain(levels: DB_PermissionAccessLevel[]): void;

package/_entity/permission-access-level/ModuleBE_PermissionAccessLevelDB.js

@@ -1,49 +0,0 @@
-import { ModuleBE_BaseDB } from '@nu-art/db-api-backend';
-import { ApiException, batchActionParallel, dbObjectToId, filterDuplicates } from '@nu-art/ts-common';
-import { ModuleBE_PermissionAPIDB } from '../permission-api/index.js';
-import { ModuleBE_PermissionDomainDB } from '../permission-domain/index.js';
-import { ModuleBE_PermissionGroupDB } from '../permission-group/index.js';
-import { DBDef_PermissionAccessLevel } from '@nu-art/permissions-shared';
-export class ModuleBE_PermissionAccessLevelDB_Class extends ModuleBE_BaseDB {
-    constructor() {
-        super(DBDef_PermissionAccessLevel);
-        this.registerVersionUpgradeProcessor('1.0.0', this.upgrade_100_101);
-    }
-    async preWriteProcessing(dbInstance, originalDbInstance, transaction) {
-        await ModuleBE_PermissionDomainDB.query.uniqueAssert(dbInstance.domainId);
-    }
-    async postWriteProcessing(data, actionType, transaction) {
-        const deleted = data.deleted ? (Array.isArray(data.deleted) ? data.deleted : [data.deleted]) : [];
-        const updated = data.updated ? (Array.isArray(data.updated) ? data.updated : [data.updated]) : [];
-        //Collect all apis that hold an access level id in the levels that have changed
-        const deletedIds = deleted.map(dbObjectToId);
-        const levelIds = [...deletedIds, ...updated.map(dbObjectToId)];
-        const _connectedApis = await batchActionParallel(levelIds, 10, async (ids) => await ModuleBE_PermissionAPIDB.query.custom({ where: { accessLevelIds: { $aca: ids } } }));
-        const connectedApis = filterDuplicates(_connectedApis, api => api._id);
-        deletedIds.forEach(id => {
-            //For each deleted level remove it from any api that held it
-            connectedApis.forEach(api => {
-                api.accessLevelIds = api.accessLevelIds?.filter(i => i !== id);
-            });
-        });
-        //Send all apis to upsert so their _accessLevels update
-        await ModuleBE_PermissionAPIDB.set.all(connectedApis);
-        return super.postWriteProcessing(data, actionType, transaction);
-    }
-    async assertDeletion(transaction, dbInstance) {
-        const groups = await ModuleBE_PermissionGroupDB.query.custom({ where: { accessLevelIds: { $ac: dbInstance._id } } });
-        const apis = await ModuleBE_PermissionAPIDB.query.custom({ where: { accessLevelIds: { $ac: dbInstance._id } } });
-        if (groups.length || apis.length)
-            throw new ApiException(403, 'You trying delete access level that associated with users/groups/apis, you need delete the associations first');
-    }
-    upgrade_100_101 = async (items) => {
-        items.forEach(accessLevel => accessLevel.uiLabel = accessLevel.name);
-    };
-}
-export const ModuleBE_PermissionAccessLevelDB = new ModuleBE_PermissionAccessLevelDB_Class();
-export function checkDuplicateLevelsDomain(levels) {
-    const domainIds = levels.map(level => level.domainId);
-    const filteredDomainIds = filterDuplicates(domainIds);
-    if (filteredDomainIds.length !== domainIds.length)
-        throw new ApiException(422, 'You trying test-add-data duplicate accessLevel with the same domain');
-}

package/_entity/permission-access-level/index.d.ts

@@ -1,2 +0,0 @@
-export * from './ModuleBE_PermissionAccessLevelDB.js';
-export * from './module-pack.js';

package/_entity/permission-access-level/index.js

@@ -1,2 +0,0 @@
-export * from './ModuleBE_PermissionAccessLevelDB.js';
-export * from './module-pack.js';

package/_entity/permission-access-level/module-pack.d.ts

@@ -1 +0,0 @@
-export declare const ModulePackBE_PermissionAccessLevel: (import("./ModuleBE_PermissionAccessLevelDB.js").ModuleBE_PermissionAccessLevelDB_Class | import("@nu-art/db-api-backend").ModuleBE_BaseApi_Class<import("@nu-art/permissions-shared").DatabaseDef_PermissionAccessLevel>)[];

package/_entity/permission-access-level/module-pack.js

@@ -1,3 +0,0 @@
-import { createApisForDBModule } from '@nu-art/db-api-backend';
-import { ModuleBE_PermissionAccessLevelDB } from './ModuleBE_PermissionAccessLevelDB.js';
-export const ModulePackBE_PermissionAccessLevel = [ModuleBE_PermissionAccessLevelDB, createApisForDBModule(ModuleBE_PermissionAccessLevelDB)];