@opengis/fastify-table 2.0.158 → 2.0.159
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/server/plugins/crud/funcs/getAccess.d.ts.map +1 -1
- package/dist/server/plugins/crud/funcs/getAccess.js +13 -3
- package/dist/server/plugins/policy/funcs/checkPermissions.d.ts.map +1 -1
- package/dist/server/plugins/policy/funcs/checkPermissions.js +4 -1
- package/dist/server/routes/access/controllers/access.user.d.ts.map +1 -1
- package/dist/server/routes/access/controllers/access.user.js +1 -5
- package/dist/server/routes/access/controllers/access.user.post.d.ts.map +1 -1
- package/dist/server/routes/access/controllers/access.user.post.js +1 -5
- package/dist/server/routes/access/index.d.ts.map +1 -1
- package/dist/server/routes/access/index.js +2 -2
- package/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"getAccess.d.ts","sourceRoot":"","sources":["../../../../../server/plugins/crud/funcs/getAccess.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"getAccess.d.ts","sourceRoot":"","sources":["../../../../../server/plugins/crud/funcs/getAccess.ts"],"names":[],"mappings":"AA8BA;;;;;;;;;GASG;AAEH,wBAA8B,SAAS,CACrC,EAAE,KAAK,EAAE,IAAI,EAAE,IAAS,EAAE,MAAc,EAAE,EAAE,GAAG,EAC/C,EAAE,MAAmB,sBAiGtB"}
|
|
@@ -2,7 +2,14 @@ import pgClients from "../../pg/pgClients.js";
|
|
|
2
2
|
import getMeta from "../../pg/funcs/getMeta.js";
|
|
3
3
|
import getTemplate from "../../table/funcs/getTemplate.js";
|
|
4
4
|
import applyHook from "../../hook/applyHook.js";
|
|
5
|
+
import getUserPermissions from "../../auth/funcs/getUserPermissions.js";
|
|
5
6
|
const allActions = ["view", "edit", "add", "del"];
|
|
7
|
+
const matches = {
|
|
8
|
+
read: "view",
|
|
9
|
+
create: "add",
|
|
10
|
+
update: "edit",
|
|
11
|
+
delete: "del",
|
|
12
|
+
};
|
|
6
13
|
const q = `select a.route_id as id, d.actions as user_roles, d.actions as role_actions, coalesce(b.actions, array['view']) as interface_actions, b.scope, c.role_id
|
|
7
14
|
from admin.routes a
|
|
8
15
|
left join admin.role_access b on
|
|
@@ -28,7 +35,7 @@ where $1 in (a.route_id, a.alias, a.table_name) and $2 in (b.user_uid, d.user_ui
|
|
|
28
35
|
* @param {String} user.user_type User type
|
|
29
36
|
* @returns { scope: String, roles: String[], actions: String[], query: String }
|
|
30
37
|
*/
|
|
31
|
-
export default async function getAccess({ table, form, user = {}, method =
|
|
38
|
+
export default async function getAccess({ table, form, user = {}, method = "GET" }, pg = pgClients.client) {
|
|
32
39
|
if (!table)
|
|
33
40
|
return null;
|
|
34
41
|
const hookData = await applyHook("getAccess", { table, user, pg, method });
|
|
@@ -83,12 +90,15 @@ export default async function getAccess({ table, form, user = {}, method = 'GET'
|
|
|
83
90
|
}))
|
|
84
91
|
: {};
|
|
85
92
|
const query = userAccess?.scope === "my" ? `uid='${uid}'` : "1=1";
|
|
86
|
-
const
|
|
93
|
+
const permissions = await getUserPermissions(uid, pg).then((el) => (el || [])
|
|
94
|
+
.filter((e) => e.name === (body.table || table))
|
|
95
|
+
.flatMap((el) => el.actions.map((e) => matches[e] || e)));
|
|
96
|
+
const actions = permissions.concat(userAccess?.interface_actions
|
|
87
97
|
?.filter((el) => userAccess?.role_actions?.length
|
|
88
98
|
? userAccess?.role_actions.includes(el)
|
|
89
99
|
: true)
|
|
90
100
|
?.filter((el) => tableActions.includes(el))
|
|
91
|
-
?.filter?.((el, idx, arr) => arr.indexOf(el) === idx);
|
|
101
|
+
?.filter?.((el, idx, arr) => arr.indexOf(el) === idx));
|
|
92
102
|
return {
|
|
93
103
|
scope: userAccess?.scope,
|
|
94
104
|
roles: userAccess?.roles,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"checkPermissions.d.ts","sourceRoot":"","sources":["../../../../../server/plugins/policy/funcs/checkPermissions.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAE5C,OAAO,KAAK,EAEV,eAAe,EAEhB,MAAM,wBAAwB,CAAC;AAMhC,wBAA8B,gBAAgB,CAC5C,GAAG,EAAE,eAAe,EACpB,KAAK,EAAE,YAAY,
|
|
1
|
+
{"version":3,"file":"checkPermissions.d.ts","sourceRoot":"","sources":["../../../../../server/plugins/policy/funcs/checkPermissions.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAE5C,OAAO,KAAK,EAEV,eAAe,EAEhB,MAAM,wBAAwB,CAAC;AAMhC,wBAA8B,gBAAgB,CAC5C,GAAG,EAAE,eAAe,EACpB,KAAK,EAAE,YAAY,iBAgEpB"}
|
|
@@ -9,7 +9,10 @@ export default async function checkPermissions(req, reply) {
|
|
|
9
9
|
: undefined;
|
|
10
10
|
const { permission } = (routeOptions?.config ||
|
|
11
11
|
{});
|
|
12
|
-
const permissions = (Array.isArray(permission) ? permission : permission?.split("|"))?.map((el) =>
|
|
12
|
+
const permissions = (Array.isArray(permission) ? permission : permission?.split("|"))?.map((el) => {
|
|
13
|
+
const lastDotIndex = el.lastIndexOf(".");
|
|
14
|
+
return [el.slice(0, lastDotIndex), el.slice(lastDotIndex + 1)];
|
|
15
|
+
});
|
|
13
16
|
if (!permissions?.length) {
|
|
14
17
|
return null;
|
|
15
18
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"access.user.d.ts","sourceRoot":"","sources":["../../../../../server/routes/access/controllers/access.user.ts"],"names":[],"mappings":"AAEA,wBAA8B,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,
|
|
1
|
+
{"version":3,"file":"access.user.d.ts","sourceRoot":"","sources":["../../../../../server/routes/access/controllers/access.user.ts"],"names":[],"mappings":"AAEA,wBAA8B,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,gBA6B5D"}
|
|
@@ -1,14 +1,10 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { pgClients } from "../../../../utils.js";
|
|
2
2
|
export default async function accessUser(req, reply) {
|
|
3
3
|
if (!req.params?.id) {
|
|
4
4
|
return reply
|
|
5
5
|
.status(400)
|
|
6
6
|
.send({ error: "not enough params: id", code: 400 });
|
|
7
7
|
}
|
|
8
|
-
// restrict access - admin only
|
|
9
|
-
if (!config.local && !req.user?.user_type?.includes?.("admin")) {
|
|
10
|
-
return reply.status(403).send({ error: "access restricted", code: 403 });
|
|
11
|
-
}
|
|
12
8
|
const { pg = pgClients.client } = req;
|
|
13
9
|
const routes = await pg
|
|
14
10
|
.query(`select a.route_id as path, b.actions from admin.routes a
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"access.user.post.d.ts","sourceRoot":"","sources":["../../../../../server/routes/access/controllers/access.user.post.ts"],"names":[],"mappings":"AAIA,wBAA8B,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,
|
|
1
|
+
{"version":3,"file":"access.user.post.d.ts","sourceRoot":"","sources":["../../../../../server/routes/access/controllers/access.user.post.ts"],"names":[],"mappings":"AAIA,wBAA8B,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,gBAyDhE"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { pgClients } from "../../../../utils.js";
|
|
2
2
|
import accessUser from "./access.user.js";
|
|
3
3
|
export default async function accessUserPost(req, reply) {
|
|
4
4
|
const { pg = pgClients.client, params, body, user } = req;
|
|
@@ -10,10 +10,6 @@ export default async function accessUserPost(req, reply) {
|
|
|
10
10
|
if (!user?.uid) {
|
|
11
11
|
return reply.status(401).send({ error: "unauthorized", code: 401 });
|
|
12
12
|
}
|
|
13
|
-
// restrict access - admin only
|
|
14
|
-
if (!config.local && !user?.user_type?.includes?.("admin")) {
|
|
15
|
-
return reply.status(403).send({ error: "access restricted", code: 403 });
|
|
16
|
-
}
|
|
17
13
|
await pg.query("delete from admin.role_access where user_uid=$1", [
|
|
18
14
|
params.id,
|
|
19
15
|
]);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../server/routes/access/index.ts"],"names":[],"mappings":"AAeA,MAAM,CAAC,OAAO,UAAU,KAAK,CAAC,OAAO,EAAE,GAAG,EAAE,GAAG,GAAE,GAAQ,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../server/routes/access/index.ts"],"names":[],"mappings":"AAeA,MAAM,CAAC,OAAO,UAAU,KAAK,CAAC,OAAO,EAAE,GAAG,EAAE,GAAG,GAAE,GAAQ,QAsBxD"}
|
|
@@ -7,7 +7,7 @@ import { accessGroupPostSchema, accessGroupSchema, accessInterfaceSchema, access
|
|
|
7
7
|
export default function route(fastify, opt = {}) {
|
|
8
8
|
fastify.get("/access-group/:id", { schema: accessGroupSchema }, accessGroup);
|
|
9
9
|
fastify.post("/access-group/:id", { schema: accessGroupPostSchema }, accessGroupPost);
|
|
10
|
-
fastify.get("/access-user/:id", { schema: accessUserSchema }, accessUser);
|
|
11
|
-
fastify.post("/access-user/:id", { schema: accessUserPostSchema }, accessUserPost);
|
|
10
|
+
fastify.get("/access-user/:id", { permission: "admin.users.read", schema: accessUserSchema }, accessUser);
|
|
11
|
+
fastify.post("/access-user/:id", { permission: "admin.users.update", schema: accessUserPostSchema }, accessUserPost);
|
|
12
12
|
fastify.get("/access-interface/:name", { schema: accessInterfaceSchema }, accessInterface);
|
|
13
13
|
}
|