npm - @ozdao/prometheus-framework - Versions diffs - 0.2.125 → 0.2.127 - Mend

@ozdao/prometheus-framework 0.2.125 → 0.2.127

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (190) hide show

package/src/components/Feed/Feed.vue CHANGED Viewed

@@ -227,7 +227,6 @@ const loadMoreItems = async () => {
 };
 const fetchItems = async () => {
-  console.log('Date is', date.value)
   const data = await props.store.read({
     skip: currentSkip.value,
     limit: currentLimit.value,
@@ -255,12 +254,14 @@ const fetchItems = async () => {
 watch(() => props.external, (newVal, oldVal) => {
   if (newVal !== oldVal) {
+     currentSkip.value = 0
     fetchItems();
   }
 }, { deep: true });
 watch(() => date.value, (newVal, oldVal) => {
   if (newVal !== oldVal) {
+     currentSkip.value = 0
     fetchItems();
   }
 }, { deep: true });
@@ -268,6 +269,7 @@ watch(() => date.value, (newVal, oldVal) => {
 watch(() => sort.value?.order, (newVal, oldVal) => {
   if (newVal !== oldVal) {
+     currentSkip.value = 0
     fetchItems();
   }
 }, { deep: true });
@@ -275,6 +277,7 @@ watch(() => sort.value?.order, (newVal, oldVal) => {
 watch(() => sort.value?.param, (newVal, oldVal) => {
   if (newVal !== oldVal) {
+     currentSkip.value = 0
     fetchItems();
   }
 }, { deep: true });
@@ -292,6 +295,7 @@ watch(() => props.options, (newVal, oldVal) => {
     newVal.type !== oldVal.type ||
     newVal.tags !== oldVal.tags
   ) {
+    currentSkip.value = 0
     fetchItems();
   }
 }, { deep: true });

package/src/modules/auth/controllers/auth.controller.js CHANGED Viewed

@@ -10,6 +10,8 @@ const controllerFactory = (db) => {
   const User = db.user;
   const Membership = db.membership;
+  const Department = db.department;
+  const Organization = db.organization;
   const Invite = db.invite;
   const Role = db.role;
@@ -146,7 +148,7 @@ const controllerFactory = (db) => {
       const newMembership = new Membership({
         type: 'organization',
-         user: new ObjectId(user._id),
+        user: new ObjectId(user._id),
         target: new ObjectId(invite.owner.target),
         role: invite.role,
         label: invite.role
@@ -223,11 +225,75 @@ const controllerFactory = (db) => {
     }
   };
+  const checkAccesses = async (req, res) => {
+    try {
+      const uid = new db.mongoose.Types.ObjectId(req.userId);
+      const depts = await Department.find({ 'members.user': uid });
+      // Fetch organizations where the user is the owner
+      const ownedOrgs = await Organization.find({ owner: uid });
+      const ownedOrgIds = ownedOrgs.map(org => org._id.toString());
+      const accesses = {};
+      depts.forEach(dept => {
+        const orgId = dept.organization.toString();
+        if (!accesses[orgId]) {
+          accesses[orgId] = {
+            organization: orgId,
+            rights: {}
+          };
+        }
+        const existingAccess = accesses[orgId].rights;
+        Object.keys(dept.accesses).forEach(key => {
+          if (!existingAccess[key]) {
+            existingAccess[key] = {};
+          }
+          const rights = dept.accesses[key];
+          Object.keys(rights).forEach(right => {
+            existingAccess[key][right] = existingAccess[key][right] || rights[right];
+          });
+        });
+      });
+      // Grant all accesses as true if the user is the owner of the organization
+      ownedOrgIds.forEach(orgId => {
+        if (!accesses[orgId]) {
+          accesses[orgId] = {
+            organization: orgId,
+            rights: {}
+          };
+        }
+        Object.keys(depts[0].accesses).forEach(key => {
+          if (!accesses[orgId].rights[key]) {
+            accesses[orgId].rights[key] = {};
+          }
+          Object.keys(depts[0].accesses[key]).forEach(right => {
+            accesses[orgId].rights[key][right] = true;
+          });
+        });
+      });
+      const accessArray = Object.values(accesses);
+      res.status(200).json(accessArray);
+    } catch (err) {
+      console.error('Error getting accesses:', err);
+      res.status(500).json({ message: 'Internal server error' });
+    }
+  };
   return {
     signin,
     signup,
-    updatePassword
+    updatePassword,
+    checkAccesses
   };
 };

package/src/modules/auth/routes/auth.routes.js CHANGED Viewed

@@ -8,7 +8,7 @@ module.exports = function(app, db, origins) {
   const controller = controllerFactory(db);
   const controllerTwofa = controllerFactoryTwofa(db);
-  const { verifySignUp, verifyUser } = middlewareFactory(db);
+  const { verifySignUp, verifyUser, authJwt } = middlewareFactory(db);
   app.post(
     "/api/auth/signup",
@@ -37,4 +37,11 @@ module.exports = function(app, db, origins) {
     controller.updatePassword
   );
+  app.get(
+    "/api/auth/check-accesses",
+    [
+      authJwt.verifyToken,
+    ],
+     controller.checkAccesses
+  );
 };

package/src/modules/auth/store/auth.js CHANGED Viewed

@@ -26,28 +26,40 @@
       token: null,
       status: false
     },
+    accesses: [
+    ]
   });
   async function initialize() {
+  try {
     const userCookie = await getCookie('user');
     if (userCookie) {
       const { _id, email, phone, roles, accessToken } = userCookie;
-      Object.assign(state.user, { _id, email, phone });
-      Object.assign(state.access, { token: accessToken, roles, status: !!accessToken });
-      $axios.interceptors.request.use((config) => {
-        if (accessToken) {
-          config.headers['x-access-token'] = accessToken;
-        }
+      // Установка токена в Axios интерцептор для всех запросов
+      axios.interceptors.request.use(config => {
+        config.headers['x-access-token'] = accessToken;
         return config;
-      }, (error) => {
+      }, error => {
         return Promise.reject(error);
       });
+      // Проверка токена через серверный маршрут
+      const response = await axios.get('/api/auth/check-accesses');
+      const userAccesses = response.data;
+      // Обновление состояния приложения с информацией о пользователе и его правах доступа
+      Object.assign(state.user, { _id, email, phone });
+      Object.assign(state.access, { token: accessToken, roles, status: !!accessToken });
+      state.accesses = userAccesses;
     }
+  } catch (error) {
+    console.error('Error initializing app:', error);
+    removeCookie('user');
+    state.accesses = [];
   }
+}
   initialize();

package/src/modules/backoffice/components/pages/Dashboard.vue CHANGED Viewed

@@ -6,6 +6,7 @@
 			class="bg-light mn-b-semi"
 		>
 			<MenuItem
+				v-if="hasAccess(route.params._id, 'members', 'read', auth.state.accesses)"
 		  	@click="router.push({
 		  		name: 'Organization Members',
 		  		params: {
@@ -34,6 +35,7 @@
 		  </MenuItem> -->
 		  <MenuItem
+		  	v-if="hasAccess(route.params._id, 'products', 'read', auth.state.accesses)"
 		  	@click="router.push({
 		  		name: 'Products',
 		  		params: {
@@ -48,6 +50,7 @@
 		  </MenuItem>
 		  <MenuItem
+		  	v-if="hasAccess(route.params._id, 'leftovers', 'read', auth.state.accesses)"
 		  	@click="router.push({
 		  		name: 'Leftovers',
 		  		params: {
@@ -62,6 +65,7 @@
 		  </MenuItem>
 		  <MenuItem
+		  	v-if="hasAccess(route.params._id, 'orders', 'read', auth.state.accesses)"
 		  	@click="router.push({
 		  		name: 'Backoffice Orders',
 		  		params: {
@@ -76,6 +80,7 @@
 		  </MenuItem>
 		  <MenuItem
+		  	v-if="hasAccess(route.params._id, 'gallery', 'read', auth.state.accesses)"
 		  	@click="router.push({
 		  		name: 'Backoffice Gallery',
 		  		params: {
@@ -90,6 +95,7 @@
 		  </MenuItem>
 		  <MenuItem
+		  	v-if="hasAccess(route.params._id, 'events', 'read', auth.state.accesses)"
 		  	@click="router.push({
 		  		name: 'Backoffice Events',
 		  		params: {

package/src/modules/gallery/gallery.client.js CHANGED Viewed

@@ -1,4 +1,4 @@
-import * as galleryStore from './store/gallery.js';
+import galleryStore from './store/gallery.js';
 // Importing Vue Router routes from the router directory
 import galleryRouter from './router/gallery.router.js';

package/src/modules/gallery/routes/gallery.routes.js CHANGED Viewed

@@ -2,32 +2,36 @@
 const controllerFactory = require("../controllers/gallery.controller");
 // Middlewares
 const middlewareFactoryGlobal = require('@pf/src/modules/middlewares/server');
+const middlewareFactoryAccesses = require('@pf/src/modules/middlewares/server/verifyAccesses')
 module.exports = function(app, db, origins) {
   const controller = controllerFactory(db);
   const { authJwt } = middlewareFactoryGlobal(db);
+  const { verifyRead } = middlewareFactoryAccesses(db)
   app.get(
     "/api/gallery/read",
+    [
+      authJwt.verifyToken,
+      verifyRead('gallery'),
+    ],
     controller.read
   );
   app.post(
     "/api/gallery/create",
-    [authJwt.verifyToken],
     controller.create
   );
   app.put(
     "/api/gallery/update",
-    [authJwt.verifyToken],
     controller.update
   );
   app.delete(
     "/api/gallery/delete/:_id",
-    [authJwt.verifyToken],
     controller.delete
   );
 };

package/src/modules/globals/mixins/mixins.js CHANGED Viewed

@@ -1,6 +1,23 @@
 // mixins.js
 export const globalMixins = {
   methods: {
+    hasAccess(organizationId, rightCategory, rightType, accesses) {
+      const accessArray = accesses;
+      const organizationAccess = accessArray.find(access => access.organization === organizationId);
+      if (!organizationAccess) {
+        return false;
+      }
+      const categoryAccess = organizationAccess.rights[rightCategory];
+      if (!categoryAccess) {
+        return false;
+      }
+      return categoryAccess[rightType] === true;
+    },
     returnCurrency() {
       const currency = '฿'
       return currency

package/src/modules/marketplace/components/pages/Catalog.vue CHANGED Viewed

@@ -2,7 +2,7 @@
 	<Feed
 		v-model:sort="store.marketplace.state.sort"
     :search="true"
-      :showLoadMore="false"
+    :showLoadMore="false"
     :states="{
       empty: {
         title: 'No Shops Found',

package/src/modules/middlewares/server/verifyAccesses.js CHANGED Viewed

@@ -1,33 +1,110 @@
-const ReadDepartments = require('./accessors/ReadDepartments');
+const middlewareFactory = (db) => {
+  const User = db.user;
+  const Organization = db.organization;
+  const Department = db.department;
-module.exports = (db) => {
-  // Объекты посредников
-  const instances = [];
+  const verifyRead = (resource) => {
+    return async (req, res, next) => {
+      try {
+        // Получаем идентификатор организации из запроса
+        const ownerOrgId = new db.mongoose.Types.ObjectId(req.query.owner);;
-  // Регистрация посредников отвечающий за проверку прав доступа
-  const middlewares = [
-    ReadDepartments,
-  ];
+        // Получаем текущего пользователя
+        const userId = new db.mongoose.Types.ObjectId(req.userId);
-  let nextMiddleware = null;
+        // Проверяем, является ли пользователь владельцем организации
+        const isOwnerOfOrg = await Organization.exists({
+          _id: ownerOrgId,
+          owner: userId
+        });
-  // Собираем цепочку посредников
-  for (let i = middlewares.length - 1; i >= 0; i--) {
-    const Middleware = middlewares[i];
-    const middleware = new Middleware();
+        // Если пользователь является владельцем организации, ему разрешен доступ ко всем ресурсам
+        if (isOwnerOfOrg) {
+          return next();
+        }
-    // Передаем в посредники параметры
-    middleware.db = db;
+        // Проверяем, является ли пользователь членом организации через департаменты
+        const isMemberOfOrg = await Department.exists({
+          organization: ownerOrgId,
+          'members.user': userId
+        });
-    // Добавляем звено следующего посредника
-    middleware.next = nextMiddleware;
-    // Добавляем middleware в начало массива.
-    instances.unshift(middleware);
+        if (!isMemberOfOrg) {
+          // Если пользователь не является членом организации, ограничиваем доступ к опубликованным ресурсам
+          req.query.status = 'published';
+        } else {
+          // Пользователь является членом организации, проверяем его права доступа
-    nextMiddleware = middleware;
-  }
+          // Находим все департаменты данной организации, к которым относится пользователь
+          const departments = await Department.find({ organization: ownerOrgId });
-  // Запускам цепочку зарегестрированных посредников
-  return (rule, entity) => instances[0].check(rule, entity);
+          // Проверяем доступ пользователя ко всем ресурсам
+          let hasAccess = false;
+          for (const department of departments) {
+            const accessRights = department.accesses[resource];
+            if (accessRights && accessRights.read) {
+              // Если хотя бы в одном департаменте есть права на чтение ресурса, разрешаем доступ
+              hasAccess = true;
+              break;
+            }
+          }
+          if (!hasAccess) {
+            // Если у пользователя нет прав на чтение данного ресурса ни в одном департаменте, ограничиваем доступ к опубликованным ресурсам
+            req.query.status = 'published';
+          }
+        }
+        next();
+      } catch (err) {
+        console.error('Access control error:', err);
+        return res.status(403).json({ error: 'Access denied' });
+      }
+    };
+  };
+   // Middleware для проверки доступа
+  const verifyModify = (action, resource) => {
+    return async (req, res, next) => {
+      try {
+        const user = req.userId;
+        const department = await Department.findOne({
+          owner: organizationId
+        });
+        if (!department) {
+          return res.status(403).json({
+            message: "Access forbidden"
+          });
+        }
+        const accesses = department.accesses;
+        // Проверяем права доступа пользователя к ресурсу
+        const resourceAccess = accesses[resource];
+        if (!resourceAccess || !resourceAccess[action]) {
+          return res.status(403).json({
+            message: "Access forbidden"
+          });
+        }
+        next();
+      } catch (error) {
+        console.error("Access control error:", error);
+        return res.status(500).json({
+          message: "Internal server error"
+        });
+      }
+    };
+  };
+  return {
+    verifyRead,
+  };
 };
+module.exports = middlewareFactory;

package/src/modules/organizations/components/blocks/CardDepartment.vue CHANGED Viewed

@@ -32,7 +32,7 @@
       <ul>
         <li v-if="department.members.length < 1">No members in department</li>
         <User
-          class="pd-small br-solid br-1px br-black-transp-5 radius-small mn-b-thin"
+          class="h-4r pd-small br-solid br-1px br-black-transp-5 radius-small mn-b-thin"
           v-for="(member, index) in department.members"
           :key="index"
           :user="member.user"

package/src/modules/organizations/components/pages/DepartmentEdit.vue CHANGED Viewed

@@ -54,7 +54,7 @@
       class="cols-1 gap-thin mn-b-thin"
     >
       <CardUser
-        class="bg-white pd-thin radius-medium w-100"
+        class="h-4r bg-white pd-thin radius-medium w-100"
         v-for="(member, index) in departments.state.department.members"
         :key="index"
         :user="member.user"
@@ -110,7 +110,7 @@
             globals.actions.add(departments.state.department.members, { _id: user.user._id, user: user.user, position: 'Member'})
             closeMemberPopup();
           }"
-          class="bg-white pd-thin radius-medium w-100 mn-b-thin"
+          class="h-4r bg-white pd-thin radius-medium w-100 mn-b-thin"
         />
       </Feed>
     </Popup>
@@ -139,6 +139,28 @@
           <p class="p-medium mn-b-small">Please select organization accesses for user in department:</p>
           <div class="cols-1 gap-thin">
+            <h4>Gallery</h4>
+            <Checkbox
+              label="Read gallery"
+              name="readProducts"
+              class="w-100 mn-r-small bg-white radius-small pd-small"
+              :radio="departments.state.department.accesses.gallery.read"
+              @update:radio="updated => (departments.state.department.accesses.gallery.read = !departments.state.department.accesses.gallery.read)"
+            />
+            <Checkbox
+              label="Edit gallery"
+              name="editProducts"
+              class="w-100 mn-r-small bg-white radius-small pd-small"
+              :radio="departments.state.department.accesses.gallery.edit"
+              @update:radio="updated => (departments.state.department.accesses.gallery.edit = !departments.state.department.accesses.gallery.edit)"
+            />
+            <Checkbox
+              label="Delete gallery"
+              name="deleteProducts"
+              class="w-100 bg-white radius-small pd-small"
+              :radio="departments.state.department.accesses.gallery.delete"
+              @update:radio="updated => (departments.state.department.accesses.gallery.delete = !departments.state.department.accesses.gallery.delete)"
+            />
             <h4>Products</h4>
             <Checkbox
               label="Read products"

package/src/modules/organizations/components/pages/Members.vue CHANGED Viewed

@@ -151,7 +151,7 @@
               },
               method: () => removeInvite(index, invite)
             }"
-            class="w-100 bg-light radius-big flex-nowrap flex pd-medium"
+            class="h-4r w-100 bg-light radius-big flex-nowrap flex pd-medium"
           />
         </Feed>
       </div>

package/src/modules/organizations/models/department.model.js CHANGED Viewed

@@ -28,6 +28,48 @@ module.exports = (mongoose) => {
     },
     accesses: {
+      members: {
+        read: {
+          type: Boolean,
+          default: false,
+        },
+        edit: {
+          type: Boolean,
+          default: false,
+        },
+        delete: {
+          type: Boolean,
+          default: false,
+        },
+      },
+      gallery: {
+        read: {
+          type: Boolean,
+          default: false,
+        },
+        edit: {
+          type: Boolean,
+          default: false,
+        },
+        delete: {
+          type: Boolean,
+          default: false,
+        },
+      },
+      leftovers: {
+        read: {
+          type: Boolean,
+          default: false,
+        },
+        edit: {
+          type: Boolean,
+          default: false,
+        },
+        delete: {
+          type: Boolean,
+          default: false,
+        },
+      },
       products: {
         read: {
           type: Boolean,
@@ -42,7 +84,6 @@ module.exports = (mongoose) => {
           default: false,
         },
       },
       orders: {
         read: {
           type: Boolean,
@@ -57,7 +98,6 @@ module.exports = (mongoose) => {
           default: false,
         },
       },
       departments: {
         read: {
           type: Boolean,

package/src/modules/organizations/routes/departments.routes.js CHANGED Viewed

@@ -1,19 +1,12 @@
 // Factories
 const controllerFactory = require("../controllers/departments.controller")
-// Middlewares
-const accessMiddlewaresFactory = require('@pf/src/modules/middlewares/server/verifyAccesses')
 // Routes
 module.exports = function(app, db) {
   const controller = controllerFactory(db)
-  const verifyAccesses = accessMiddlewaresFactory(db)
   // Get organization departments by _id
   app.get(
     "/api/departments/read",
-    // [
-    //   verifyAccesses('read', 'departments'),
-    // ],
     controller.read
   );

package/src/modules/organizations/store/departments.js CHANGED Viewed

@@ -34,6 +34,11 @@ const state = reactive({
     // Accesses
     hidden: false,
     accesses: {
+      gallery: {
+        read: false,
+        edit: false,
+        delete: false,
+      },
       products: {
         read: false,
         edit: false,