@openhi/constructs 0.0.118 → 0.0.120
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/{chunk-QWWLM452.mjs → chunk-7WDX6GPO.mjs} +57 -1
- package/lib/chunk-7WDX6GPO.mjs.map +1 -0
- package/lib/{chunk-AJQUWHFK.mjs → chunk-WXS3PUHR.mjs} +2 -2
- package/lib/index.js +11 -0
- package/lib/index.js.map +1 -1
- package/lib/index.mjs +14 -3
- package/lib/index.mjs.map +1 -1
- package/lib/provision-default-workspace.handler.js +53 -0
- package/lib/provision-default-workspace.handler.js.map +1 -1
- package/lib/provision-default-workspace.handler.mjs +1 -1
- package/lib/rest-api-lambda.handler.js +85 -0
- package/lib/rest-api-lambda.handler.js.map +1 -1
- package/lib/rest-api-lambda.handler.mjs +34 -1
- package/lib/rest-api-lambda.handler.mjs.map +1 -1
- package/lib/seed-demo-data.handler.js +53 -0
- package/lib/seed-demo-data.handler.js.map +1 -1
- package/lib/seed-demo-data.handler.mjs +2 -2
- package/package.json +3 -3
- package/lib/chunk-QWWLM452.mjs.map +0 -1
- /package/lib/{chunk-AJQUWHFK.mjs.map → chunk-WXS3PUHR.mjs.map} +0 -0
|
@@ -3162,6 +3162,19 @@ function extractDenormalizedReferenceDisplay(resource, fieldName) {
|
|
|
3162
3162
|
return trimmed.length > 0 ? trimmed : void 0;
|
|
3163
3163
|
}
|
|
3164
3164
|
|
|
3165
|
+
// src/data/operations/control/membership-constraints/assert-workspace-in-tenant-operation.ts
|
|
3166
|
+
async function assertWorkspaceInTenantOperation(params) {
|
|
3167
|
+
const { tenantId, workspaceId, tableName } = params;
|
|
3168
|
+
const service = getDynamoControlService(tableName);
|
|
3169
|
+
const { data: item } = await service.entities.workspace.get({ tenantId, id: workspaceId, sk: "CURRENT" }).go();
|
|
3170
|
+
if (!item) {
|
|
3171
|
+
throw new ConflictError(
|
|
3172
|
+
`Workspace ${workspaceId} does not belong to tenant ${tenantId}; the workspace must be created in the referenced tenant before this resource can reference it.`,
|
|
3173
|
+
{ details: { tenantId, workspaceId } }
|
|
3174
|
+
);
|
|
3175
|
+
}
|
|
3176
|
+
}
|
|
3177
|
+
|
|
3165
3178
|
// src/data/operations/control/multi-write-operation.ts
|
|
3166
3179
|
var TRANSACT_WRITE_ITEM_LIMIT = 100;
|
|
3167
3180
|
async function executeMultiWrite(params) {
|
|
@@ -3308,6 +3321,15 @@ async function createMembershipOperation(params) {
|
|
|
3308
3321
|
resourceRecord,
|
|
3309
3322
|
"workspace"
|
|
3310
3323
|
);
|
|
3324
|
+
if (workspaceIdFromResource !== void 0) {
|
|
3325
|
+
const tenantIdFromResource = extractReferenceSlug(resourceRecord, "tenant");
|
|
3326
|
+
const referencedTenantId = tenantIdFromResource ?? context.tenantId;
|
|
3327
|
+
await assertWorkspaceInTenantOperation({
|
|
3328
|
+
tenantId: referencedTenantId,
|
|
3329
|
+
workspaceId: workspaceIdFromResource,
|
|
3330
|
+
tableName
|
|
3331
|
+
});
|
|
3332
|
+
}
|
|
3311
3333
|
const userProjectionItem = userIdFromResource !== void 0 ? buildMembershipUserProjectionItem({
|
|
3312
3334
|
tenantId: context.tenantId,
|
|
3313
3335
|
userId: userIdFromResource,
|
|
@@ -3483,6 +3505,21 @@ function buildRoleAssignmentWorkspaceProjectionItem(input) {
|
|
|
3483
3505
|
};
|
|
3484
3506
|
}
|
|
3485
3507
|
|
|
3508
|
+
// src/data/operations/control/membership-constraints/assert-user-has-tenant-membership-operation.ts
|
|
3509
|
+
var TENANT_LANE_SK_PREFIX = "MEMBERSHIP#TENANT#";
|
|
3510
|
+
async function assertUserHasTenantMembershipOperation(params) {
|
|
3511
|
+
const { userId, tenantId, tableName } = params;
|
|
3512
|
+
const service = getDynamoControlService(tableName);
|
|
3513
|
+
const result = await service.entities.membershipUserProjection.query.record({ userId }).begins({ sk: TENANT_LANE_SK_PREFIX }).go();
|
|
3514
|
+
const matched = (result.data ?? []).some((row) => row.tenantId === tenantId);
|
|
3515
|
+
if (!matched) {
|
|
3516
|
+
throw new ConflictError(
|
|
3517
|
+
`User ${userId} has no tenant-level Membership in tenant ${tenantId}; a Membership must exist before a RoleAssignment can be created.`,
|
|
3518
|
+
{ details: { userId, tenantId } }
|
|
3519
|
+
);
|
|
3520
|
+
}
|
|
3521
|
+
}
|
|
3522
|
+
|
|
3486
3523
|
// src/data/operations/control/roleassignment/roleassignment-create-operation.ts
|
|
3487
3524
|
async function createRoleAssignmentOperation(params) {
|
|
3488
3525
|
const { context, body, tableName } = params;
|
|
@@ -3512,6 +3549,22 @@ async function createRoleAssignmentOperation(params) {
|
|
|
3512
3549
|
resourceRecord,
|
|
3513
3550
|
"workspace"
|
|
3514
3551
|
);
|
|
3552
|
+
if (userIdFromResource !== void 0) {
|
|
3553
|
+
const tenantIdFromResource = extractReferenceSlug2(resourceRecord, "tenant");
|
|
3554
|
+
const referencedTenantId = tenantIdFromResource ?? context.tenantId;
|
|
3555
|
+
await assertUserHasTenantMembershipOperation({
|
|
3556
|
+
userId: userIdFromResource,
|
|
3557
|
+
tenantId: referencedTenantId,
|
|
3558
|
+
tableName
|
|
3559
|
+
});
|
|
3560
|
+
if (workspaceIdFromResource !== void 0) {
|
|
3561
|
+
await assertWorkspaceInTenantOperation({
|
|
3562
|
+
tenantId: referencedTenantId,
|
|
3563
|
+
workspaceId: workspaceIdFromResource,
|
|
3564
|
+
tableName
|
|
3565
|
+
});
|
|
3566
|
+
}
|
|
3567
|
+
}
|
|
3515
3568
|
const userProjectionItem = userIdFromResource !== void 0 && roleIdFromResource !== void 0 ? buildRoleAssignmentUserProjectionItem({
|
|
3516
3569
|
tenantId: context.tenantId,
|
|
3517
3570
|
userId: userIdFromResource,
|