@posiwise/common-services 0.2.4 → 0.2.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1478,15 +1478,15 @@ class PermissionService {
|
|
|
1478
1478
|
expr = this.handleNonBooleanPermissions(permission, expr, productKey, permission_key, productSlug);
|
|
1479
1479
|
// Now expr is made of true/false values with &&, ||, ()
|
|
1480
1480
|
// Safe parser: no eval() - CSP 'unsafe-eval' not required
|
|
1481
|
-
|
|
1481
|
+
const sop = this.evaluateBooleanExpression(expr);
|
|
1482
|
+
console.log("Usama", sop, eval(expr));
|
|
1483
|
+
return eval(expr); // NOSONAR
|
|
1482
1484
|
}
|
|
1483
1485
|
/** Safe boolean expression parser - replaces eval() for CSP compliance. */
|
|
1484
1486
|
evaluateBooleanExpression(expr) {
|
|
1485
1487
|
expr = expr.replace(/\s+/g, ' ').trim();
|
|
1486
|
-
if (!expr)
|
|
1487
|
-
console.warn('[evaluateBooleanExpression] empty expr', { expr: `"${expr}"` });
|
|
1488
|
+
if (!expr)
|
|
1488
1489
|
return false;
|
|
1489
|
-
}
|
|
1490
1490
|
if (expr === 'true')
|
|
1491
1491
|
return true;
|
|
1492
1492
|
if (expr === 'false')
|
|
@@ -1501,9 +1501,7 @@ class PermissionService {
|
|
|
1501
1501
|
else if (depth === 0 && expr.substring(i, i + 2) === '||') {
|
|
1502
1502
|
const left = expr.substring(0, i).trim();
|
|
1503
1503
|
const right = expr.substring(i + 2).trim();
|
|
1504
|
-
|
|
1505
|
-
console.debug('[evaluateBooleanExpression] ||', { expr, left, right, result });
|
|
1506
|
-
return result;
|
|
1504
|
+
return (this.evaluateBooleanExpression(left) || this.evaluateBooleanExpression(right));
|
|
1507
1505
|
}
|
|
1508
1506
|
}
|
|
1509
1507
|
depth = 0;
|
|
@@ -1516,41 +1514,27 @@ class PermissionService {
|
|
|
1516
1514
|
else if (depth === 0 && expr.substring(i, i + 2) === '&&') {
|
|
1517
1515
|
const left = expr.substring(0, i).trim();
|
|
1518
1516
|
const right = expr.substring(i + 2).trim();
|
|
1519
|
-
|
|
1520
|
-
console.debug('[evaluateBooleanExpression] &&', { expr, left, right, result });
|
|
1521
|
-
return result;
|
|
1517
|
+
return (this.evaluateBooleanExpression(left) && this.evaluateBooleanExpression(right));
|
|
1522
1518
|
}
|
|
1523
1519
|
}
|
|
1524
|
-
// Strip matching outer parens - only when first ( and last ) are a pair (fix for nested)
|
|
1525
1520
|
if (expr.startsWith('(') && expr.endsWith(')')) {
|
|
1526
1521
|
let d = 0;
|
|
1527
|
-
for (let j =
|
|
1522
|
+
for (let j = 1; j < expr.length - 1; j++) {
|
|
1528
1523
|
if (expr[j] === '(')
|
|
1529
1524
|
d++;
|
|
1530
|
-
|
|
1525
|
+
if (expr[j] === ')')
|
|
1531
1526
|
d--;
|
|
1532
|
-
if (d === 0) {
|
|
1533
|
-
if (j === expr.length - 1) {
|
|
1534
|
-
const inner = expr.substring(1, expr.length - 1);
|
|
1535
|
-
const result = this.evaluateBooleanExpression(inner);
|
|
1536
|
-
console.debug('[evaluateBooleanExpression] strip parens', { expr, inner, result });
|
|
1537
|
-
return result;
|
|
1538
|
-
}
|
|
1539
|
-
break;
|
|
1540
|
-
}
|
|
1541
1527
|
if (d < 0)
|
|
1542
|
-
|
|
1528
|
+
return false;
|
|
1543
1529
|
}
|
|
1530
|
+
return this.evaluateBooleanExpression(expr.substring(1, expr.length - 1));
|
|
1544
1531
|
}
|
|
1545
|
-
console.warn('[evaluateBooleanExpression] unrecognized', { expr });
|
|
1546
1532
|
return false;
|
|
1547
1533
|
}
|
|
1548
1534
|
handleNonBooleanPermissions(permission, expr, productKey, permission_key, productSlug) {
|
|
1549
1535
|
if (typeof permission !== 'boolean') {
|
|
1550
1536
|
permission.split(' ').forEach(x => {
|
|
1551
1537
|
const raw = x.trim();
|
|
1552
|
-
if (!raw)
|
|
1553
|
-
return;
|
|
1554
1538
|
if (['||', '&&', '(', ')'].includes(raw)) {
|
|
1555
1539
|
expr += ` ${raw} `;
|
|
1556
1540
|
}
|