@openhi/constructs 0.0.118 → 0.0.120
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/{chunk-QWWLM452.mjs → chunk-7WDX6GPO.mjs} +57 -1
- package/lib/chunk-7WDX6GPO.mjs.map +1 -0
- package/lib/{chunk-AJQUWHFK.mjs → chunk-WXS3PUHR.mjs} +2 -2
- package/lib/index.js +11 -0
- package/lib/index.js.map +1 -1
- package/lib/index.mjs +14 -3
- package/lib/index.mjs.map +1 -1
- package/lib/provision-default-workspace.handler.js +53 -0
- package/lib/provision-default-workspace.handler.js.map +1 -1
- package/lib/provision-default-workspace.handler.mjs +1 -1
- package/lib/rest-api-lambda.handler.js +85 -0
- package/lib/rest-api-lambda.handler.js.map +1 -1
- package/lib/rest-api-lambda.handler.mjs +34 -1
- package/lib/rest-api-lambda.handler.mjs.map +1 -1
- package/lib/seed-demo-data.handler.js +53 -0
- package/lib/seed-demo-data.handler.js.map +1 -1
- package/lib/seed-demo-data.handler.mjs +2 -2
- package/package.json +3 -3
- package/lib/chunk-QWWLM452.mjs.map +0 -1
- /package/lib/{chunk-AJQUWHFK.mjs.map → chunk-WXS3PUHR.mjs.map} +0 -0
|
@@ -1953,6 +1953,19 @@ function extractDenormalizedReferenceDisplay(resource, fieldName) {
|
|
|
1953
1953
|
return trimmed.length > 0 ? trimmed : void 0;
|
|
1954
1954
|
}
|
|
1955
1955
|
|
|
1956
|
+
// src/data/operations/control/membership-constraints/assert-workspace-in-tenant-operation.ts
|
|
1957
|
+
async function assertWorkspaceInTenantOperation(params) {
|
|
1958
|
+
const { tenantId, workspaceId, tableName } = params;
|
|
1959
|
+
const service = getDynamoControlService(tableName);
|
|
1960
|
+
const { data: item } = await service.entities.workspace.get({ tenantId, id: workspaceId, sk: "CURRENT" }).go();
|
|
1961
|
+
if (!item) {
|
|
1962
|
+
throw new ConflictError(
|
|
1963
|
+
`Workspace ${workspaceId} does not belong to tenant ${tenantId}; the workspace must be created in the referenced tenant before this resource can reference it.`,
|
|
1964
|
+
{ details: { tenantId, workspaceId } }
|
|
1965
|
+
);
|
|
1966
|
+
}
|
|
1967
|
+
}
|
|
1968
|
+
|
|
1956
1969
|
// src/data/operations/control/multi-write-operation.ts
|
|
1957
1970
|
var TRANSACT_WRITE_ITEM_LIMIT = 100;
|
|
1958
1971
|
async function executeMultiWrite(params) {
|
|
@@ -2099,6 +2112,15 @@ async function createMembershipOperation(params) {
|
|
|
2099
2112
|
resourceRecord,
|
|
2100
2113
|
"workspace"
|
|
2101
2114
|
);
|
|
2115
|
+
if (workspaceIdFromResource !== void 0) {
|
|
2116
|
+
const tenantIdFromResource = extractReferenceSlug(resourceRecord, "tenant");
|
|
2117
|
+
const referencedTenantId = tenantIdFromResource ?? context.tenantId;
|
|
2118
|
+
await assertWorkspaceInTenantOperation({
|
|
2119
|
+
tenantId: referencedTenantId,
|
|
2120
|
+
workspaceId: workspaceIdFromResource,
|
|
2121
|
+
tableName
|
|
2122
|
+
});
|
|
2123
|
+
}
|
|
2102
2124
|
const userProjectionItem = userIdFromResource !== void 0 ? buildMembershipUserProjectionItem({
|
|
2103
2125
|
tenantId: context.tenantId,
|
|
2104
2126
|
userId: userIdFromResource,
|
|
@@ -2258,6 +2280,21 @@ function buildRoleAssignmentWorkspaceProjectionItem(input) {
|
|
|
2258
2280
|
};
|
|
2259
2281
|
}
|
|
2260
2282
|
|
|
2283
|
+
// src/data/operations/control/membership-constraints/assert-user-has-tenant-membership-operation.ts
|
|
2284
|
+
var TENANT_LANE_SK_PREFIX = "MEMBERSHIP#TENANT#";
|
|
2285
|
+
async function assertUserHasTenantMembershipOperation(params) {
|
|
2286
|
+
const { userId, tenantId, tableName } = params;
|
|
2287
|
+
const service = getDynamoControlService(tableName);
|
|
2288
|
+
const result = await service.entities.membershipUserProjection.query.record({ userId }).begins({ sk: TENANT_LANE_SK_PREFIX }).go();
|
|
2289
|
+
const matched = (result.data ?? []).some((row) => row.tenantId === tenantId);
|
|
2290
|
+
if (!matched) {
|
|
2291
|
+
throw new ConflictError(
|
|
2292
|
+
`User ${userId} has no tenant-level Membership in tenant ${tenantId}; a Membership must exist before a RoleAssignment can be created.`,
|
|
2293
|
+
{ details: { userId, tenantId } }
|
|
2294
|
+
);
|
|
2295
|
+
}
|
|
2296
|
+
}
|
|
2297
|
+
|
|
2261
2298
|
// src/data/operations/control/roleassignment/roleassignment-create-operation.ts
|
|
2262
2299
|
async function createRoleAssignmentOperation(params) {
|
|
2263
2300
|
const { context, body, tableName } = params;
|
|
@@ -2287,6 +2324,22 @@ async function createRoleAssignmentOperation(params) {
|
|
|
2287
2324
|
resourceRecord,
|
|
2288
2325
|
"workspace"
|
|
2289
2326
|
);
|
|
2327
|
+
if (userIdFromResource !== void 0) {
|
|
2328
|
+
const tenantIdFromResource = extractReferenceSlug2(resourceRecord, "tenant");
|
|
2329
|
+
const referencedTenantId = tenantIdFromResource ?? context.tenantId;
|
|
2330
|
+
await assertUserHasTenantMembershipOperation({
|
|
2331
|
+
userId: userIdFromResource,
|
|
2332
|
+
tenantId: referencedTenantId,
|
|
2333
|
+
tableName
|
|
2334
|
+
});
|
|
2335
|
+
if (workspaceIdFromResource !== void 0) {
|
|
2336
|
+
await assertWorkspaceInTenantOperation({
|
|
2337
|
+
tenantId: referencedTenantId,
|
|
2338
|
+
workspaceId: workspaceIdFromResource,
|
|
2339
|
+
tableName
|
|
2340
|
+
});
|
|
2341
|
+
}
|
|
2342
|
+
}
|
|
2290
2343
|
const userProjectionItem = userIdFromResource !== void 0 && roleIdFromResource !== void 0 ? buildRoleAssignmentUserProjectionItem({
|
|
2291
2344
|
tenantId: context.tenantId,
|
|
2292
2345
|
userId: userIdFromResource,
|