@nu-art/permissions-backend 0.500.0 → 0.500.6

package/_entity/permission-api/ModuleBE_PermissionAPIDB.d.ts

@@ -1,10 +0,0 @@
-import { ModuleBE_BaseDB } from '@nu-art/db-api-backend';
-import { DB_PermissionAPI, DatabaseDef_PermissionAPI, DatabaseDef_PermissionProject } from '@nu-art/permissions-shared';
-import { Transaction } from 'firebase-admin/firestore';
-export declare class ModuleBE_PermissionAPIDB_Class extends ModuleBE_BaseDB<DatabaseDef_PermissionAPI> {
-    constructor();
-    protected preWriteProcessing(instance: DB_PermissionAPI, originalDbInstance: DatabaseDef_PermissionAPI['dbType'], t?: Transaction): Promise<void>;
-    registerApis(projectId: DatabaseDef_PermissionProject['id'], routes: string[]): Promise<DB_PermissionAPI[]>;
-    apiUpsert(): unknown;
-}
-export declare const ModuleBE_PermissionAPIDB: ModuleBE_PermissionAPIDB_Class;

package/_entity/permission-api/ModuleBE_PermissionAPIDB.js

@@ -1,62 +0,0 @@
-import { ModuleBE_BaseDB } from '@nu-art/db-api-backend';
-import { DBDef_PermissionAPI } from '@nu-art/permissions-shared';
-import { dbObjectToId, filterInstances } from '@nu-art/ts-common';
-import { ModuleBE_PermissionAccessLevelDB } from '../permission-access-level/index.js';
-import { MemKey_AccountId } from '@nu-art/user-account-backend';
-import { ModuleBE_PermissionProjectDB } from '../permission-project/index.js';
-import { HttpCodes } from '@nu-art/ts-common/core/exceptions/http-codes';
-import { trimStartingForwardSlash } from '@nu-art/permissions-shared';
-export class ModuleBE_PermissionAPIDB_Class extends ModuleBE_BaseDB {
-    constructor() {
-        super(DBDef_PermissionAPI);
-        this.registerVersionUpgradeProcessor('1.0.0', async (instances) => {
-        }); // adjustment made in pre-write requires us to do this in order to upgrade the data
-    }
-    async preWriteProcessing(instance, originalDbInstance, t) {
-        await ModuleBE_PermissionProjectDB.query.uniqueAssert(instance.projectId);
-        // clean '/' from api path start
-        instance.path = trimStartingForwardSlash(instance.path);
-        // set who created this
-        instance._auditorId = MemKey_AccountId.get();
-        const accessLevelIds = new Set();
-        const duplicateAccessLevelIds = new Set();
-        //Check for duplicated Unique IDs
-        instance.accessLevelIds?.forEach(id => {
-            const duplicate = accessLevelIds.has(id);
-            accessLevelIds.add(id);
-            if (duplicate)
-                duplicateAccessLevelIds.add(id);
-        });
-        if (duplicateAccessLevelIds.size)
-            throw HttpCodes._4XX.BAD_REQUEST('Could not update permission api', `Trying to create API with duplicate access levels: ${duplicateAccessLevelIds}`);
-        // Verify all AccessLevels actually exist, and assign _accessLevels
-        if (instance.accessLevelIds?.length) {
-            const dbAccessLevels = filterInstances(await ModuleBE_PermissionAccessLevelDB.query.all(instance.accessLevelIds));
-            if (dbAccessLevels.length !== instance.accessLevelIds.length) {
-                const dbAccessLevelIds = dbAccessLevels.map(dbObjectToId);
-                throw HttpCodes._4XX.NOT_FOUND('Could not update permission api', `Asked to assign an api non existing accessLevels: ${instance.accessLevelIds.filter(id => !dbAccessLevelIds.includes(id))}`);
-            }
-            dbAccessLevels.forEach(accessLevel => {
-                if (!instance._accessLevels)
-                    instance._accessLevels = {};
-                instance._accessLevels[accessLevel.domainId] = accessLevel.value;
-            });
-        }
-        else {
-            instance._accessLevels = {};
-        }
-    }
-    registerApis(projectId, routes) {
-        return this.runTransaction(async (transaction) => {
-            const existingProjectApis = await this.query.custom({ where: { projectId } }, transaction);
-            const apisToAdd = routes
-                .filter(path => !existingProjectApis.find(api => api.path === path))
-                .map(path => ({ path, projectId, _auditorId: MemKey_AccountId.get() }));
-            return this.set.all(apisToAdd, transaction);
-        });
-    }
-    apiUpsert() {
-        return;
-    }
-}
-export const ModuleBE_PermissionAPIDB = new ModuleBE_PermissionAPIDB_Class();

package/_entity/permission-api/index.d.ts

@@ -1,2 +0,0 @@
-export * from './ModuleBE_PermissionAPIDB.js';
-export * from './module-pack.js';

package/_entity/permission-api/index.js

@@ -1,2 +0,0 @@
-export * from './ModuleBE_PermissionAPIDB.js';
-export * from './module-pack.js';

package/_entity/permission-api/module-pack.d.ts

@@ -1 +0,0 @@
-export declare const ModulePackBE_PermissionAPI: (import("./ModuleBE_PermissionAPIDB.js").ModuleBE_PermissionAPIDB_Class | import("@nu-art/db-api-backend").ModuleBE_BaseApi_Class<import("@nu-art/permissions-shared").DatabaseDef_PermissionAPI>)[];

package/_entity/permission-api/module-pack.js

@@ -1,3 +0,0 @@
-import { createApisForDBModule } from '@nu-art/db-api-backend';
-import { ModuleBE_PermissionAPIDB } from './ModuleBE_PermissionAPIDB.js';
-export const ModulePackBE_PermissionAPI = [ModuleBE_PermissionAPIDB, createApisForDBModule(ModuleBE_PermissionAPIDB)];

package/_entity/permission-domain/ModuleBE_PermissionDomainDB.d.ts

@@ -1,9 +0,0 @@
-import { ModuleBE_BaseDB } from '@nu-art/db-api-backend';
-import { DatabaseDef_PermissionDomain, DB_PermissionDomain } from '@nu-art/permissions-shared';
-import { Transaction } from 'firebase-admin/firestore';
-export declare class ModuleBE_PermissionDomainDB_Class extends ModuleBE_BaseDB<DatabaseDef_PermissionDomain> {
-    constructor();
-    protected assertDeletion(transaction: Transaction, dbInstance: DB_PermissionDomain): Promise<void>;
-    protected preWriteProcessing(dbInstance: DB_PermissionDomain, originalDbInstance: DatabaseDef_PermissionDomain['dbType'], t?: Transaction): Promise<void>;
-}
-export declare const ModuleBE_PermissionDomainDB: ModuleBE_PermissionDomainDB_Class;

package/_entity/permission-domain/ModuleBE_PermissionDomainDB.js

@@ -1,22 +0,0 @@
-import { ModuleBE_BaseDB } from '@nu-art/db-api-backend';
-import { DBDef_PermissionDomain } from '@nu-art/permissions-shared';
-import { ApiException } from '@nu-art/ts-common';
-import { MemKey_AccountId } from '@nu-art/user-account-backend';
-import { ModuleBE_PermissionAccessLevelDB } from '../permission-access-level/index.js';
-import { ModuleBE_PermissionProjectDB } from '../permission-project/index.js';
-export class ModuleBE_PermissionDomainDB_Class extends ModuleBE_BaseDB {
-    constructor() {
-        super(DBDef_PermissionDomain);
-    }
-    async assertDeletion(transaction, dbInstance) {
-        const accessLevels = await ModuleBE_PermissionAccessLevelDB.query.custom({ where: { domainId: dbInstance._id } });
-        if (accessLevels.length) {
-            throw new ApiException(403, 'You trying delete domain that associated with accessLevels, you need delete the accessLevels first');
-        }
-    }
-    async preWriteProcessing(dbInstance, originalDbInstance, t) {
-        await ModuleBE_PermissionProjectDB.query.uniqueAssert(dbInstance.projectId, t);
-        dbInstance._auditorId = MemKey_AccountId.get();
-    }
-}
-export const ModuleBE_PermissionDomainDB = new ModuleBE_PermissionDomainDB_Class();

package/_entity/permission-domain/index.d.ts

@@ -1,2 +0,0 @@
-export * from './ModuleBE_PermissionDomainDB.js';
-export * from './module-pack.js';

package/_entity/permission-domain/index.js

@@ -1,2 +0,0 @@
-export * from './ModuleBE_PermissionDomainDB.js';
-export * from './module-pack.js';

package/_entity/permission-domain/module-pack.d.ts

@@ -1 +0,0 @@
-export declare const ModulePackBE_PermissionDomain: (import("./ModuleBE_PermissionDomainDB.js").ModuleBE_PermissionDomainDB_Class | import("@nu-art/db-api-backend").ModuleBE_BaseApi_Class<import("@nu-art/permissions-shared").DatabaseDef_PermissionDomain>)[];

package/_entity/permission-domain/module-pack.js

@@ -1,3 +0,0 @@
-import { createApisForDBModule } from '@nu-art/db-api-backend';
-import { ModuleBE_PermissionDomainDB } from './ModuleBE_PermissionDomainDB.js';
-export const ModulePackBE_PermissionDomain = [ModuleBE_PermissionDomainDB, createApisForDBModule(ModuleBE_PermissionDomainDB)];

package/_entity/permission-group/ModuleBE_PermissionGroupDB.d.ts

@@ -1,12 +0,0 @@
-import { ModuleBE_BaseDB } from '@nu-art/db-api-backend';
-import { DB_PermissionGroup, DatabaseDef_PermissionGroup } from '@nu-art/permissions-shared';
-import { Transaction } from 'firebase-admin/firestore';
-import { CollectionActionType, PostWriteProcessingData } from '@nu-art/firebase-backend/firestore-v3/FirestoreCollectionV3';
-export declare class ModuleBE_PermissionGroupDB_Class extends ModuleBE_BaseDB<DatabaseDef_PermissionGroup> {
-    constructor();
-    protected preWriteProcessing(instance: DB_PermissionGroup, originalDbInstance: DatabaseDef_PermissionGroup['dbType'], t?: Transaction): Promise<void>;
-    protected postWriteProcessing(data: PostWriteProcessingData<DatabaseDef_PermissionGroup['dbType']>, actionType: CollectionActionType): Promise<void>;
-    private clearUnused;
-    private upgrade_100_101;
-}
-export declare const ModuleBE_PermissionGroupDB: ModuleBE_PermissionGroupDB_Class;

package/_entity/permission-group/ModuleBE_PermissionGroupDB.js

@@ -1,65 +0,0 @@
-import { ModuleBE_BaseDB } from '@nu-art/db-api-backend';
-import { DBDef_PermissionGroup } from '@nu-art/permissions-shared';
-import { getActionProcessor } from '../../permissions-wire.js';
-import { _keys, ApiException, batchActionParallel, dbObjectToId, filterDuplicates, filterInstances, reduceToMap } from '@nu-art/ts-common';
-import { ModuleBE_PermissionAccessLevelDB } from '../permission-access-level/index.js';
-import { MemKey_AccountId, SlackReporter } from '@nu-art/user-account-backend';
-import { ModuleBE_PermissionUserDB } from '../permission-user/index.js';
-import { _EmptyQuery } from '@nu-art/firebase-shared';
-export class ModuleBE_PermissionGroupDB_Class extends ModuleBE_BaseDB {
-    constructor() {
-        super(DBDef_PermissionGroup);
-        const processor = getActionProcessor();
-        if (processor)
-            processor.registerAction({
-                key: 'clear-unused-permission-groups',
-                group: 'Permissions',
-                description: 'Clears all permission groups that aren\'t in use',
-                processor: this.clearUnused
-            }, this);
-        this.registerVersionUpgradeProcessor('1.0.0', this.upgrade_100_101);
-    }
-    async preWriteProcessing(instance, originalDbInstance, t) {
-        instance._auditorId = MemKey_AccountId.get();
-        const dbLevels = filterInstances(await ModuleBE_PermissionAccessLevelDB.query.all(instance.accessLevelIds, t));
-        if (dbLevels.length < instance.accessLevelIds.length) {
-            const dbAccessLevelIds = dbLevels.map(dbObjectToId);
-            throw new ApiException(404, `Asked to assign a group non existing accessLevels: ${instance.accessLevelIds.filter(id => !dbAccessLevelIds.includes(id))}`);
-        }
-        // Find if there is more than one access level with the same domainId.
-        const duplicationMap = dbLevels.reduce((map, level) => {
-            if (map[level.domainId] === undefined)
-                map[level.domainId] = 0;
-            else
-                map[level.domainId]++;
-            return map;
-        }, {});
-        // Get all domainIds that appear more than once in this group
-        const duplicateDomainIds = filterInstances(_keys(duplicationMap)
-            .map(domainId => duplicationMap[domainId] > 1 ? domainId : undefined));
-        if (duplicateDomainIds.length > 0)
-            throw new ApiException(400, `Can't add a group with more than one access level per domain: ${duplicateDomainIds}, group: ${instance.label}`);
-        instance._levelsMap = reduceToMap(dbLevels, dbLevel => dbLevel.domainId, dbLevel => dbLevel.value);
-    }
-    async postWriteProcessing(data, actionType) {
-        const deleted = data.deleted ? (Array.isArray(data.deleted) ? data.deleted : [data.deleted]) : [];
-        const updated = data.updated ? (Array.isArray(data.updated) ? data.updated : [data.updated]) : [];
-        const groupIds = filterDuplicates([...deleted, ...updated].map(dbObjectToId));
-        const users = await batchActionParallel(groupIds, 10, async (ids) => await ModuleBE_PermissionUserDB.query.custom({ where: { __groupIds: { $aca: ids } } }));
-        await ModuleBE_PermissionUserDB.rotateSession(users.map(dbObjectToId));
-    }
-    clearUnused = async () => {
-        let report = 'Report for refactor action *Clean Unused Permission Groups*:\n\n';
-        const allPermissionUsers = await ModuleBE_PermissionUserDB.query.custom(_EmptyQuery);
-        const allGroups = await this.query.custom(_EmptyQuery);
-        const usedGroupIds = allPermissionUsers.map(user => user.__groupIds ?? []).flat();
-        const unusedGroups = allGroups.filter(group => !usedGroupIds.includes(group._id));
-        report += `Cleared ${unusedGroups.length} groups: ${unusedGroups.map(group => group.label).join(',\n')}`;
-        await this.delete.allItems(unusedGroups);
-        await new SlackReporter(report).sendReportToChannel();
-    };
-    upgrade_100_101 = async (items) => {
-        items.forEach(group => group.uiLabel = group.label);
-    };
-}
-export const ModuleBE_PermissionGroupDB = new ModuleBE_PermissionGroupDB_Class();

package/_entity/permission-group/index.d.ts

@@ -1,2 +0,0 @@
-export * from './ModuleBE_PermissionGroupDB.js';
-export * from './module-pack.js';

package/_entity/permission-group/index.js

@@ -1,2 +0,0 @@
-export * from './ModuleBE_PermissionGroupDB.js';
-export * from './module-pack.js';

package/_entity/permission-group/module-pack.d.ts

@@ -1 +0,0 @@
-export declare const ModulePackBE_PermissionGroup: (import("./ModuleBE_PermissionGroupDB.js").ModuleBE_PermissionGroupDB_Class | import("@nu-art/db-api-backend").ModuleBE_BaseApi_Class<import("@nu-art/permissions-shared").DatabaseDef_PermissionGroup>)[];

package/_entity/permission-group/module-pack.js

@@ -1,3 +0,0 @@
-import { createApisForDBModule } from '@nu-art/db-api-backend';
-import { ModuleBE_PermissionGroupDB } from './ModuleBE_PermissionGroupDB.js';
-export const ModulePackBE_PermissionGroup = [ModuleBE_PermissionGroupDB, createApisForDBModule(ModuleBE_PermissionGroupDB)];

package/_entity/permission-project/ModuleBE_PermissionProjectDB.d.ts

@@ -1,8 +0,0 @@
-import { ModuleBE_BaseDB } from '@nu-art/db-api-backend';
-import { DB_PermissionProject, DatabaseDef_PermissionProject } from '@nu-art/permissions-shared';
-import { Transaction } from 'firebase-admin/firestore';
-export declare class ModuleBE_PermissionProjectDB_Class extends ModuleBE_BaseDB<DatabaseDef_PermissionProject> {
-    constructor();
-    protected preWriteProcessing(dbInstance: DB_PermissionProject, originalDbInstance: DatabaseDef_PermissionProject['dbType'], t?: Transaction): Promise<void>;
-}
-export declare const ModuleBE_PermissionProjectDB: ModuleBE_PermissionProjectDB_Class;

package/_entity/permission-project/ModuleBE_PermissionProjectDB.js

@@ -1,12 +0,0 @@
-import { ModuleBE_BaseDB } from '@nu-art/db-api-backend';
-import { DBDef_PermissionProject } from '@nu-art/permissions-shared';
-import { MemKey_AccountId } from '@nu-art/user-account-backend';
-export class ModuleBE_PermissionProjectDB_Class extends ModuleBE_BaseDB {
-    constructor() {
-        super(DBDef_PermissionProject);
-    }
-    async preWriteProcessing(dbInstance, originalDbInstance, t) {
-        dbInstance._auditorId = MemKey_AccountId.get();
-    }
-}
-export const ModuleBE_PermissionProjectDB = new ModuleBE_PermissionProjectDB_Class();

package/_entity/permission-project/index.d.ts

@@ -1,2 +0,0 @@
-export * from './ModuleBE_PermissionProjectDB.js';
-export * from './module-pack.js';

package/_entity/permission-project/index.js

@@ -1,2 +0,0 @@
-export * from './ModuleBE_PermissionProjectDB.js';
-export * from './module-pack.js';

package/_entity/permission-project/module-pack.d.ts

@@ -1 +0,0 @@
-export declare const ModulePackBE_PermissionProject: (import("./ModuleBE_PermissionProjectDB.js").ModuleBE_PermissionProjectDB_Class | import("@nu-art/db-api-backend").ModuleBE_BaseApi_Class<import("@nu-art/permissions-shared").DatabaseDef_PermissionProject>)[];

package/_entity/permission-project/module-pack.js

@@ -1,3 +0,0 @@
-import { createApisForDBModule } from '@nu-art/db-api-backend';
-import { ModuleBE_PermissionProjectDB } from './ModuleBE_PermissionProjectDB.js';
-export const ModulePackBE_PermissionProject = [ModuleBE_PermissionProjectDB, createApisForDBModule(ModuleBE_PermissionProjectDB)];

package/_entity/permission-user/ModuleBE_PermissionUserAPI.d.ts

@@ -1,9 +0,0 @@
-import { ModuleBE_BaseApi_Class } from '@nu-art/db-api-backend';
-import { API_PermissionUser, DatabaseDef_PermissionUser } from '@nu-art/permissions-shared';
-declare class ModuleBE_PermissionUserAPI_Class extends ModuleBE_BaseApi_Class<DatabaseDef_PermissionUser> {
-    constructor();
-    init(): void;
-    assignPermissions(body: API_PermissionUser['assignPermissions']['Body']): Promise<void>;
-}
-export declare const ModuleBE_PermissionUserAPI: ModuleBE_PermissionUserAPI_Class;
-export {};

package/_entity/permission-user/ModuleBE_PermissionUserDB.d.ts

@@ -1,34 +0,0 @@
-import { ModuleBE_BaseDB } from '@nu-art/db-api-backend';
-import { DB_PermissionUser, DatabaseDef_PermissionUser, Request_AssignPermissions, User_Group, type PerformProjectSetup } from '@nu-art/permissions-shared';
-import { DB_BaseObject, UniqueId } from '@nu-art/ts-common';
-import { OnNewUserRegistered, OnUserLogin } from '@nu-art/user-account-backend';
-import { Transaction } from 'firebase-admin/firestore';
-import { UI_Account } from '@nu-art/user-account-shared';
-import { CollectionActionType } from '@nu-art/firebase-backend/firestore-v3/FirestoreCollectionV3';
-import { PostWriteProcessingDataShape } from '@nu-art/db-api-backend';
-export declare class ModuleBE_PermissionUserDB_Class extends ModuleBE_BaseDB<DatabaseDef_PermissionUser> implements OnNewUserRegistered, OnUserLogin, PerformProjectSetup {
-    private defaultPermissionGroups?;
-    constructor();
-    __performProjectSetup(): {
-        priority: number;
-        processor: () => Promise<void>;
-    };
-    __onUserLogin(account: UI_Account, transaction: Transaction): Promise<void>;
-    __onNewUserRegistered(account: UI_Account, transaction: Transaction): Promise<void>;
-    protected preWriteProcessing(instance: DB_PermissionUser, originalDbInstance: DatabaseDef_PermissionUser['dbType'], t?: Transaction): Promise<void>;
-    protected postWriteProcessing(data: PostWriteProcessingDataShape<DatabaseDef_PermissionUser['dbType']>, actionType: CollectionActionType): Promise<void>;
-    insertIfNotExist: (uiAccount: UI_Account & DB_BaseObject, transaction: Transaction) => Promise<DB_PermissionUser | (Omit<DB_PermissionUser, "_id" | "__created" | "__updated" | "_v" | ("_auditorId" | "__groupIds")> & Partial<import("@nu-art/ts-common").SubsetObjectByKeys<DB_PermissionUser, "_id" | "__created" | "__updated" | "_v" | ("_auditorId" | "__groupIds")>> & Partial<import("@nu-art/db-api-shared").DB_Object>)>;
-    assignPermissions(body: Request_AssignPermissions): Promise<void>;
-    setDefaultPermissionGroups: (groupsGetter: () => Promise<User_Group[]>) => void;
-    clearDefaultPermissionGroups: () => void;
-    /**
-     * The system requires to perform action, which in other cases can also be done by a human.
-     * This requires system features to identify as a bot user, or "Service Account"
-     *
-     * @param serviceAccounts - List of Accounts to create
-     * @private
-     */
-    private createSystemServiceAccount;
-    rotateSession(accountIds: UniqueId[]): Promise<void>;
-}
-export declare const ModuleBE_PermissionUserDB: ModuleBE_PermissionUserDB_Class;

package/_entity/permission-user/ModuleBE_PermissionUserDB.js

@@ -1,241 +0,0 @@
-import { ModuleBE_BaseDB } from '@nu-art/db-api-backend';
-import { MemKey_ServerApi } from '@nu-art/http-server';
-import { DBDef_PermissionUser, toPermissionGroupId } from '@nu-art/permissions-shared';
-import { getGlobalEnvConfigRef, getServiceAccountsProvider } from '../../permissions-wire.js';
-import { _keys, ApiException, batchAction, batchActionParallel, dbObjectToId, exists, filterDuplicates, filterInstances, filterKeys, JwtTools, merge, Year } from '@nu-art/ts-common';
-import { ModuleBE_PermissionGroupDB } from '../permission-group/ModuleBE_PermissionGroupDB.js';
-import { MemKey_AccountId, ModuleBE_AccountDB, ModuleBE_SessionDB } from '@nu-art/user-account-backend';
-import { MemKey_UserPermissions } from '../../consts.js';
-export class ModuleBE_PermissionUserDB_Class extends ModuleBE_BaseDB {
-    defaultPermissionGroups;
-    constructor() {
-        super(DBDef_PermissionUser);
-    }
-    __performProjectSetup() {
-        return {
-            priority: 200,
-            processor: async () => {
-                const accounts = await ModuleBE_AccountDB.query.where({});
-                // Permission user _id is 1:1 with account _id; query.all expects permission user ids.
-                const permissionUserIds = accounts.map(dbObjectToId);
-                const permissionsUser = await this.query.all(permissionUserIds);
-                const usersToUpsert = [];
-                const usersToDelete = [];
-                permissionsUser.forEach((user, index) => {
-                    if (exists(user)) {
-                        // Same 1:1 design: account id and permission user id are the same value.
-                        if (!exists(accounts.find(account => account._id === user._id)))
-                            usersToDelete.push(user);
-                        return;
-                    }
-                    usersToUpsert.push({
-                        _id: accounts[index]._id,
-                        groups: [],
-                    });
-                });
-                await this.set.all(usersToUpsert);
-                await this.delete.all(usersToDelete);
-                // This stage updates the rtdb's config- which is why it's last. Changing the rtdb's config kills the server.
-                const provider = getServiceAccountsProvider();
-                const serviceAccounts = provider ? await provider() : [];
-                await this.createSystemServiceAccount(serviceAccounts);
-            }
-        };
-    }
-    async __onUserLogin(account, transaction) {
-        await this.insertIfNotExist(account, transaction);
-    }
-    async __onNewUserRegistered(account, transaction) {
-        await this.insertIfNotExist(account, transaction);
-    }
-    // protected async canDeleteDocument(transaction: FirestoreTransaction, dbInstances: DB_PermissionUser[]) {
-    // 	const conflicts: DB_PermissionUser[] = [];
-    // 	const accounts = await ModuleBE_AccountDB.query.custom(_EmptyQuery);
-    //
-    // 	for (const item of dbInstances) {
-    // 		const account = accounts.find(acc => acc._id === item.accountId);
-    // 		if (account)
-    // 			conflicts.push(item);
-    // 	}
-    //
-    // 	if (conflicts.length)
-    // 		throw new ApiException<DB_EntityDependency<any>[]>(422, 'permission users are connected to accounts').setErrorBody({
-    // 			type: 'has-dependencies',
-    // 			body: conflicts.map(conflict => ({collectionKey: 'User', conflictingIds: [conflict._id]}))
-    // 		});
-    // }
-    async preWriteProcessing(instance, originalDbInstance, t) {
-        instance._auditorId = MemKey_AccountId.get();
-        instance.__groupIds = filterDuplicates(instance.groups.map(group => group.groupId) || []);
-        if (!instance.__groupIds.length)
-            return;
-        // Get all groups the user has from the collection
-        const dbGroups = filterInstances(await ModuleBE_PermissionGroupDB.query.all(instance.__groupIds, t));
-        // Verify all groups actually existing in the collection
-        if (instance.__groupIds.length !== dbGroups.length) {
-            const dbGroupIds = dbGroups.map(dbObjectToId);
-            throw new ApiException(422, `Trying to assign a user to a permission-group that does not exist: ${instance.__groupIds.filter(groupId => !dbGroupIds.includes(groupId))}`);
-        }
-        //todo check for duplications in data
-    }
-    async postWriteProcessing(data, actionType) {
-        const deleted = data.deleted ? (Array.isArray(data.deleted) ? data.deleted : [data.deleted]) : [];
-        const updated = data.updated ? (Array.isArray(data.updated) ? data.updated : [data.updated]) : [];
-        const before = data.before ? (Array.isArray(data.before) ? data.before : [data.before]) : [];
-        const beforeIds = before.map(b => b._id);
-        const accountIdToInvalidate = filterDuplicates(filterInstances([...deleted, ...updated].map(i => i._id))).filter(id => beforeIds.includes(id));
-        await this.rotateSession(accountIdToInvalidate);
-    }
-    insertIfNotExist = async (uiAccount, transaction) => {
-        const create = async (transaction) => {
-            const defaultPermissionGroups = ModuleBE_PermissionUserDB.defaultPermissionGroups ? await ModuleBE_PermissionUserDB.defaultPermissionGroups() : [];
-            const permissionGroups = ModuleBE_PermissionUserDB.defaultPermissionGroups
-                ? filterInstances(await ModuleBE_PermissionGroupDB.query.all(defaultPermissionGroups.map(item => item.groupId)))
-                : [];
-            this.logInfo(`Received ${defaultPermissionGroups.length} groups to assign, ${permissionGroups.length} of which exist`);
-            // Permission user _id is 1:1 with account _id (design); cast required across brands.
-            const permissionUserId = uiAccount._id;
-            const permissionsUserToCreate = {
-                _id: permissionUserId,
-                groups: permissionGroups.map(group => ({ groupId: group._id })),
-                _auditorId: MemKey_AccountId.get()
-            };
-            return ModuleBE_PermissionUserDB.create.item(permissionsUserToCreate, transaction);
-        };
-        return ModuleBE_PermissionUserDB.collection.uniqueGetOrCreate({ _id: uiAccount._id }, create, transaction);
-    };
-    async assignPermissions(body) {
-        if (!body.targetAccountIds.length)
-            throw new ApiException(400, `Asked to modify permissions but provided no users to modify permissions of.`);
-        // Permission user id is 1:1 with account id (design); cast required across brands.
-        const permissionUserIds = body.targetAccountIds;
-        const usersToGiveTo = filterInstances(await this.query.all(permissionUserIds));
-        // console.log('assignPermissions target accounts ');
-        // console.log(await this.query.custom(_EmptyQuery));
-        if (!usersToGiveTo.length || usersToGiveTo.length !== body.targetAccountIds.length) {
-            const dbUserIds = usersToGiveTo.map(dbObjectToId);
-            throw new ApiException(404, `Asked to give permissions to non-existent user accounts: ${body.targetAccountIds.filter(id => !dbUserIds.includes(id))}`);
-        }
-        const dbGroups = filterInstances(await ModuleBE_PermissionGroupDB.query.all(body.permissionGroupIds));
-        if (dbGroups.length !== body.permissionGroupIds.length) {
-            const dbGroupIds = dbGroups.map(dbObjectToId);
-            throw new ApiException(404, `Asked to give users non-existing permission groups: ${body.permissionGroupIds.filter(id => !dbGroupIds.includes(id))}`);
-        }
-        const myUserPermissions = MemKey_UserPermissions.get();
-        const permissionsToGive = dbGroups.reduce((map, group) => {
-            // Gather the highest permissions for each domain, from all groups
-            _keys(group._levelsMap || []).forEach(domainId => {
-                if (map[domainId] === undefined)
-                    map[domainId] = 0;
-                if (map[domainId] < group._levelsMap[domainId])
-                    map[domainId] = group._levelsMap[domainId];
-            });
-            return map;
-        }, {});
-        const failedDomains = _keys(permissionsToGive).filter(domainId => {
-            const tooLowPermission = myUserPermissions[domainId] < permissionsToGive[domainId];
-            this.logError(`${myUserPermissions[domainId]} < ${permissionsToGive[domainId]} === ${tooLowPermission}`);
-            const noPermissionInThisDomain = myUserPermissions[domainId] === undefined;
-            return noPermissionInThisDomain || tooLowPermission;
-        });
-        if (failedDomains.length)
-            throw new ApiException(403, `Attempted to give higher permissions than current user has: ${failedDomains}`);
-        const groupIds = dbGroups.map(group => ({ groupId: group._id }));
-        const usersToUpdate = usersToGiveTo.map(user => {
-            user.groups = groupIds;
-            return user;
-        });
-        await this.set.multi(usersToUpdate);
-    }
-    setDefaultPermissionGroups = (groupsGetter) => {
-        this.defaultPermissionGroups = groupsGetter;
-    };
-    clearDefaultPermissionGroups = () => {
-        delete this.defaultPermissionGroups;
-    };
-    /**
-     * The system requires to perform action, which in other cases can also be done by a human.
-     * This requires system features to identify as a bot user, or "Service Account"
-     *
-     * @param serviceAccounts - List of Accounts to create
-     * @private
-     */
-    async createSystemServiceAccount(serviceAccounts) {
-        this.logInfoBold('Creating Service Accounts: ', serviceAccounts);
-        // @ts-ignore
-        const tokenCreator = ModuleBE_AccountDB.token.create;
-        const envConfigRef = getGlobalEnvConfigRef();
-        const updatedConfig = {};
-        //Run over all service accounts
-        for (const serviceAccount of serviceAccounts) {
-            // Create account if it doesn't already exist
-            const accountsToRequest = filterKeys({
-                type: 'service',
-                email: serviceAccount.email,
-                description: serviceAccount.description
-            });
-            let account;
-            //Get or create service account
-            try {
-                account = await ModuleBE_AccountDB.impl.querySafeAccount({ email: serviceAccount.email });
-            }
-            catch (e) {
-                this.logInfo('NOTICE: querySafeAccount failed, creating accounts');
-                account = await ModuleBE_AccountDB.account.create(accountsToRequest);
-            }
-            // Assign permissions groups to service account; permission user _id is 1:1 with account _id
-            const permissionsUser = await ModuleBE_PermissionUserDB.query.uniqueAssert({ _id: account._id });
-            permissionsUser.groups = serviceAccount.groupIds?.map(gid => ({ groupId: toPermissionGroupId(gid) })) || [];
-            await ModuleBE_PermissionUserDB.set.item(permissionsUser);
-            //Service accounts are only allowed to have one session... but this isn't the defined place to be a cop about it
-            const sessions = await ModuleBE_AccountDB.account.getSessions(account);
-            //If we have a valid session(not expired) we use its JWT instead of creating a new one
-            let validSession;
-            for (const session of sessions.sessions) {
-                if (await JwtTools.isJwtActive(session.sessionIdJwt)) {
-                    validSession = session;
-                    break;
-                }
-            }
-            this.logError(serviceAccount.ttl);
-            const token = validSession?.sessionIdJwt ? { token: validSession?.sessionIdJwt } : await tokenCreator({
-                accountId: account._id,
-                ttl: serviceAccount.ttl ?? Year
-            });
-            updatedConfig[serviceAccount.moduleName] = {
-                serviceAccount: filterKeys({
-                    token,
-                    description: serviceAccount.description,
-                    accountId: account._id,
-                    email: account.email
-                })
-            };
-        }
-        if (_keys(updatedConfig).length > 0 && envConfigRef)
-            MemKey_ServerApi.get().addPostCallAction(async () => {
-                const currentConfig = await envConfigRef.get({});
-                await envConfigRef.set(merge(currentConfig, updatedConfig));
-                this.logInfoBold('Created Service Accounts for', _keys(updatedConfig));
-            });
-    }
-    async rotateSession(accountIds) {
-        if (!accountIds.length)
-            return;
-        //Collect all sessions connected to account
-        const sessions = await batchActionParallel(accountIds, 10, async (ids) => await ModuleBE_SessionDB.query.custom({ where: { accountId: { $in: ids } } }));
-        //TODO - Make sure new logic in ModuleBE_SessionDB that deletes expired sessions happens before this code, this will be redundant
-        //Filter to sessions that aren't expired
-        const validSessions = filterInstances(await Promise.all(sessions.map(async (session) => {
-            const isExpired = await JwtTools.isJwtExpired(session.sessionIdJwt);
-            return isExpired ? undefined : session;
-        })));
-        //TODO END
-        this.logWarning(`#### Rotating ${validSessions.length} Sessions! ####`);
-        await batchAction(validSessions, 500, async (sessions) => {
-            await this.runTransaction(async (t) => {
-                await Promise.all(sessions.map(session => ModuleBE_SessionDB._session.rotate.reissue.bySession(session, t)));
-            });
-        });
-    }
-}
-export const ModuleBE_PermissionUserDB = new ModuleBE_PermissionUserDB_Class();

package/_entity/permission-user/index.d.ts

@@ -1,3 +0,0 @@
-export * from './ModuleBE_PermissionUserDB.js';
-export * from './ModuleBE_PermissionUserAPI.js';
-export * from './module-pack.js';

package/_entity/permission-user/index.js

@@ -1,3 +0,0 @@
-export * from './ModuleBE_PermissionUserDB.js';
-export * from './ModuleBE_PermissionUserAPI.js';
-export * from './module-pack.js';

package/_entity/permission-user/module-pack.d.ts

@@ -1,2 +0,0 @@
-import { Module } from '@nu-art/ts-common';
-export declare const ModulePackBE_PermissionUser: Module[];

package/_entity/permission-user/module-pack.js

@@ -1,3 +0,0 @@
-import { ModuleBE_PermissionUserDB } from './ModuleBE_PermissionUserDB.js';
-import { ModuleBE_PermissionUserAPI } from './ModuleBE_PermissionUserAPI.js';
-export const ModulePackBE_PermissionUser = [ModuleBE_PermissionUserDB, ModuleBE_PermissionUserAPI];

package/_entity.d.ts

@@ -1,12 +0,0 @@
-export * from './_entity/permission-access-level/index.js';
-export * from './_entity/permission-access-level/index.js';
-export * from './_entity/permission-api/index.js';
-export * from './_entity/permission-api/index.js';
-export * from './_entity/permission-project/index.js';
-export * from './_entity/permission-project/index.js';
-export * from './_entity/permission-domain/index.js';
-export * from './_entity/permission-domain/index.js';
-export * from './_entity/permission-group/index.js';
-export * from './_entity/permission-group/index.js';
-export * from './_entity/permission-user/index.js';
-export * from './_entity/permission-user/index.js';

package/_entity.js

@@ -1,18 +0,0 @@
-//Access Level
-export * from './_entity/permission-access-level/index.js';
-export * from './_entity/permission-access-level/index.js';
-//API
-export * from './_entity/permission-api/index.js';
-export * from './_entity/permission-api/index.js';
-//Project
-export * from './_entity/permission-project/index.js';
-export * from './_entity/permission-project/index.js';
-//Domain
-export * from './_entity/permission-domain/index.js';
-export * from './_entity/permission-domain/index.js';
-//Group
-export * from './_entity/permission-group/index.js';
-export * from './_entity/permission-group/index.js';
-//User
-export * from './_entity/permission-user/index.js';
-export * from './_entity/permission-user/index.js';