npm - @opengis/fastify-table - Versions diffs - 2.0.158 → 2.0.160 - Mend

@opengis/fastify-table 2.0.158 → 2.0.160

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/dist/server/plugins/crud/funcs/getAccess.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"getAccess.d.ts","sourceRoot":"","sources":["../../../../../server/plugins/crud/funcs/getAccess.ts"],"names":[],"mappings":"~~AAuBA~~;;;;;;;;;GASG;AAEH,wBAA8B,SAAS,CACrC,EAAE,KAAK,EAAE,IAAI,EAAE,IAAS,EAAE,MAAc,EAAE,EAAE,GAAG,EAC/C,EAAE,MAAmB,~~sBAwFtB~~"}
1	+ {"version":3,"file":"getAccess.d.ts","sourceRoot":"","sources":["../../../../../server/plugins/crud/funcs/getAccess.ts"],"names":[],"mappings":"AA8BA;;;;;;;;;GASG;AAEH,wBAA8B,SAAS,CACrC,EAAE,KAAK,EAAE,IAAI,EAAE,IAAS,EAAE,MAAc,EAAE,EAAE,GAAG,EAC/C,EAAE,MAAmB,sBAiGtB"}

package/dist/server/plugins/crud/funcs/getAccess.js CHANGED Viewed

@@ -2,7 +2,14 @@ import pgClients from "../../pg/pgClients.js";
 import getMeta from "../../pg/funcs/getMeta.js";
 import getTemplate from "../../table/funcs/getTemplate.js";
 import applyHook from "../../hook/applyHook.js";
+import getUserPermissions from "../../auth/funcs/getUserPermissions.js";
 const allActions = ["view", "edit", "add", "del"];
+const matches = {
+    read: "view",
+    create: "add",
+    update: "edit",
+    delete: "del",
+};
 const q = `select a.route_id as id, d.actions as user_roles, d.actions as role_actions, coalesce(b.actions, array['view']) as interface_actions, b.scope, c.role_id
 from admin.routes a
 left join admin.role_access b on
@@ -28,7 +35,7 @@ where $1 in (a.route_id, a.alias, a.table_name) and $2 in (b.user_uid, d.user_ui
  * @param {String} user.user_type User type
  * @returns { scope: String, roles: String[], actions: String[], query: String }
  */
-export default async function getAccess({ table, form, user = {}, method = 'GET' }, pg = pgClients.client) {
+export default async function getAccess({ table, form, user = {}, method = "GET" }, pg = pgClients.client) {
     if (!table)
         return null;
     const hookData = await applyHook("getAccess", { table, user, pg, method });
@@ -83,12 +90,15 @@ export default async function getAccess({ table, form, user = {}, method = 'GET'
         }))
         : {};
     const query = userAccess?.scope === "my" ? `uid='${uid}'` : "1=1";
-    const actions = userAccess?.interface_actions
+    const permissions = await getUserPermissions(uid, pg).then((el) => (el || [])
+        .filter((e) => e.name === (body.table || table))
+        .flatMap((el) => el.actions.map((e) => matches[e] || e)));
+    const actions = permissions.concat(userAccess?.interface_actions
         ?.filter((el) => userAccess?.role_actions?.length
         ? userAccess?.role_actions.includes(el)
         : true)
         ?.filter((el) => tableActions.includes(el))
-        ?.filter?.((el, idx, arr) => arr.indexOf(el) === idx);
+        ?.filter?.((el, idx, arr) => arr.indexOf(el) === idx));
     return {
         scope: userAccess?.scope,
         roles: userAccess?.roles,

package/dist/server/plugins/policy/funcs/checkPermissions.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"checkPermissions.d.ts","sourceRoot":"","sources":["../../../../../server/plugins/policy/funcs/checkPermissions.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAE5C,OAAO,KAAK,EAEV,eAAe,EAEhB,MAAM,wBAAwB,CAAC;AAMhC,wBAA8B,gBAAgB,CAC5C,GAAG,EAAE,eAAe,EACpB,KAAK,EAAE,YAAY,~~iBA6DpB~~"}
1	+ {"version":3,"file":"checkPermissions.d.ts","sourceRoot":"","sources":["../../../../../server/plugins/policy/funcs/checkPermissions.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAE5C,OAAO,KAAK,EAEV,eAAe,EAEhB,MAAM,wBAAwB,CAAC;AAMhC,wBAA8B,gBAAgB,CAC5C,GAAG,EAAE,eAAe,EACpB,KAAK,EAAE,YAAY,iBAgEpB"}

package/dist/server/plugins/policy/funcs/checkPermissions.js CHANGED Viewed

@@ -9,7 +9,10 @@ export default async function checkPermissions(req, reply) {
         : undefined;
     const { permission } = (routeOptions?.config ||
         {});
-    const permissions = (Array.isArray(permission) ? permission : permission?.split("|"))?.map((el) => el.split("."));
+    const permissions = (Array.isArray(permission) ? permission : permission?.split("|"))?.map((el) => {
+        const lastDotIndex = el.lastIndexOf(".");
+        return [el.slice(0, lastDotIndex), el.slice(lastDotIndex + 1)];
+    });
     if (!permissions?.length) {
         return null;
     }

package/dist/server/routes/access/controllers/access.user.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"access.user.d.ts","sourceRoot":"","sources":["../../../../../server/routes/access/controllers/access.user.ts"],"names":[],"mappings":"AAEA,wBAA8B,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,~~gBAkC5D~~"}
1	+ {"version":3,"file":"access.user.d.ts","sourceRoot":"","sources":["../../../../../server/routes/access/controllers/access.user.ts"],"names":[],"mappings":"AAEA,wBAA8B,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,gBAqC5D"}

package/dist/server/routes/access/controllers/access.user.js CHANGED Viewed

@@ -1,25 +1,25 @@
-import { config, pgClients } from "../../../../utils.js";
+import { pgClients } from "../../../../utils.js";
 export default async function accessUser(req, reply) {
     if (!req.params?.id) {
         return reply
             .status(400)
             .send({ error: "not enough params: id", code: 400 });
     }
-    // restrict access - admin only
-    if (!config.local && !req.user?.user_type?.includes?.("admin")) {
-        return reply.status(403).send({ error: "access restricted", code: 403 });
-    }
     const { pg = pgClients.client } = req;
     const routes = await pg
         .query(`select a.route_id as path, b.actions from admin.routes a
     left join admin.role_access b on a.route_id=b.route_id
     where b.user_uid=$1`, [req.params.id])
         .then((el) => el.rows || []);
+    const resources = await pg
+        .query(`select resource_id, actions from admin.role_access
+where resource_id is not null and user_uid=$1`, [req.params.id])
+        .then((el) => el.rows || []);
     const user = await pg
         .query(`select user_uid as id, user_name as name, access_granted,
     b.cdate as user_created, b.last_activity_date as last_activity from admin.user_roles a
     left join admin.users b on a.user_uid=b.uid
     where a.user_uid=$1`, [req.params.id])
         .then((el) => el.rows?.[0]);
-    return reply.status(200).send({ routes, user });
+    return reply.status(200).send({ routes, resources, user });
 }

package/dist/server/routes/access/controllers/access.user.post.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"access.user.post.d.ts","sourceRoot":"","sources":["../../../../../server/routes/access/controllers/access.user.post.ts"],"names":[],"mappings":"AAIA,wBAA8B,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,~~gBA8DhE~~"}
1	+ {"version":3,"file":"access.user.post.d.ts","sourceRoot":"","sources":["../../../../../server/routes/access/controllers/access.user.post.ts"],"names":[],"mappings":"AAIA,wBAA8B,cAAc,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,gBAyDhE"}

package/dist/server/routes/access/controllers/access.user.post.js CHANGED Viewed

@@ -1,4 +1,4 @@
-import { config, pgClients } from "../../../../utils.js";
+import { pgClients } from "../../../../utils.js";
 import accessUser from "./access.user.js";
 export default async function accessUserPost(req, reply) {
     const { pg = pgClients.client, params, body, user } = req;
@@ -10,10 +10,6 @@ export default async function accessUserPost(req, reply) {
     if (!user?.uid) {
         return reply.status(401).send({ error: "unauthorized", code: 401 });
     }
-    // restrict access - admin only
-    if (!config.local && !user?.user_type?.includes?.("admin")) {
-        return reply.status(403).send({ error: "access restricted", code: 403 });
-    }
     await pg.query("delete from admin.role_access where user_uid=$1", [
         params.id,
     ]);

package/dist/server/routes/access/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../server/routes/access/index.ts"],"names":[],"mappings":"AAeA,MAAM,CAAC,OAAO,UAAU,KAAK,CAAC,OAAO,EAAE,GAAG,EAAE,GAAG,GAAE,GAAQ,~~QAkBxD~~"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../server/routes/access/index.ts"],"names":[],"mappings":"AAeA,MAAM,CAAC,OAAO,UAAU,KAAK,CAAC,OAAO,EAAE,GAAG,EAAE,GAAG,GAAE,GAAQ,QAsBxD"}

package/dist/server/routes/access/index.js CHANGED Viewed

@@ -7,7 +7,7 @@ import { accessGroupPostSchema, accessGroupSchema, accessInterfaceSchema, access
 export default function route(fastify, opt = {}) {
     fastify.get("/access-group/:id", { schema: accessGroupSchema }, accessGroup);
     fastify.post("/access-group/:id", { schema: accessGroupPostSchema }, accessGroupPost);
-    fastify.get("/access-user/:id", { schema: accessUserSchema }, accessUser);
-    fastify.post("/access-user/:id", { schema: accessUserPostSchema }, accessUserPost);
+    fastify.get("/access-user/:id", { permission: "admin.users.read", schema: accessUserSchema }, accessUser);
+    fastify.post("/access-user/:id", { permission: "admin.users.update", schema: accessUserPostSchema }, accessUserPost);
     fastify.get("/access-interface/:name", { schema: accessInterfaceSchema }, accessInterface);
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@opengis/fastify-table",
-  "version": "2.0.158",
+  "version": "2.0.160",
   "type": "module",
   "description": "core-plugins",
   "keywords": [