npm - @punks/backend-entity-manager - Versions diffs - 0.0.27 → 0.0.28 - Mend

@punks/backend-entity-manager 0.0.27 → 0.0.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/dist/cjs/index.js CHANGED Viewed

@@ -23,9 +23,16 @@ exports.EntityOperationType = void 0;
     EntityOperationType[EntityOperationType["Update"] = 1] = "Update";
     EntityOperationType[EntityOperationType["Delete"] = 2] = "Delete";
     EntityOperationType[EntityOperationType["Read"] = 3] = "Read";
+    EntityOperationType[EntityOperationType["Search"] = 4] = "Search";
 })(exports.EntityOperationType || (exports.EntityOperationType = {}));
-class EntityOperationUnauthorizedException extends EntityManagerException {
-    constructor(operationType, entity, entityName) {
+class EntityManagerUnauthorizedException extends EntityManagerException {
+    constructor(message) {
+        super(message);
+        this.name = "EntityManagerUnauthorizedException";
+    }
+}
+class EntityOperationUnauthorizedException extends EntityManagerUnauthorizedException {
+    constructor(operationType, entityName, entity) {
         super(`The current user is not authorized to ${operationType} the entity of type ${entityName}.`);
         this.entity = entity;
         this.operation = operationType;
@@ -497,7 +504,7 @@ class EntityCreateCommand {
         const context = await contextService.getContext();
         const authorizationResult = await authorization.canCreate(entity, context);
         if (!authorizationResult.isAuthorized)
-            throw new EntityOperationUnauthorizedException(exports.EntityOperationType.Create, entity, this.services.getEntityName());
+            throw new EntityOperationUnauthorizedException(exports.EntityOperationType.Create, this.services.getEntityName(), entity);
     }
 }
@@ -523,7 +530,7 @@ class EntityDeleteCommand {
         const context = await contextService.getContext();
         const authorizationResult = await authorization.canDelete(entity, context);
         if (!authorizationResult.isAuthorized)
-            throw new EntityOperationUnauthorizedException(exports.EntityOperationType.Delete, entity, this.services.getEntityName());
+            throw new EntityOperationUnauthorizedException(exports.EntityOperationType.Delete, this.services.getEntityName(), entity);
     }
 }
@@ -561,7 +568,7 @@ class EntityUpdateCommand {
         const context = await contextService.getContext();
         const authorizationResult = await authorization.canUpdate(currentEntity, context);
         if (!authorizationResult.isAuthorized)
-            throw new EntityOperationUnauthorizedException(exports.EntityOperationType.Create, currentEntity, this.services.getEntityName());
+            throw new EntityOperationUnauthorizedException(exports.EntityOperationType.Create, this.services.getEntityName(), currentEntity);
     }
 }
@@ -598,12 +605,12 @@ class EntityUpsertCommand {
         if (currentEntity) {
             const updateResult = await authorization.canUpdate(currentEntity, context);
             if (!updateResult.isAuthorized)
-                throw new EntityOperationUnauthorizedException(exports.EntityOperationType.Update, currentEntity, this.services.getEntityName());
+                throw new EntityOperationUnauthorizedException(exports.EntityOperationType.Update, this.services.getEntityName(), currentEntity);
             return;
         }
         const authorizationResult = await authorization.canCreate(entity, context);
         if (!authorizationResult.isAuthorized)
-            throw new EntityOperationUnauthorizedException(exports.EntityOperationType.Create, entity, this.services.getEntityName());
+            throw new EntityOperationUnauthorizedException(exports.EntityOperationType.Create, this.services.getEntityName(), entity);
     }
 }
@@ -1081,7 +1088,7 @@ class EntityGetQuery {
         const context = await contextService.getContext();
         const authorizationResult = await authorization.canRead(entity, context);
         if (!authorizationResult.isAuthorized)
-            throw new EntityOperationUnauthorizedException(exports.EntityOperationType.Read, entity, this.services.getEntityName());
+            throw new EntityOperationUnauthorizedException(exports.EntityOperationType.Read, this.services.getEntityName(), entity);
     }
 }
@@ -1092,12 +1099,20 @@ class EntitiesSearchQuery {
     // @ts-ignore
     async execute(request) {
         const context = await this.getContext();
+        await this.authorizeSearch(context);
         const result = await this.services
             .resolveQueryBuilder()
             .search(request, context);
+        const filteredEntities = await this.filterAllowedEntities(result.items, context);
         return {
             ...result,
-            items: await this.filterAllowedEntities(result.items),
+            items: filteredEntities,
+            paging: result.paging
+                ? {
+                    ...result.paging,
+                    totPageItems: filteredEntities.length,
+                }
+                : undefined,
         };
     }
     async getContext() {
@@ -1108,13 +1123,11 @@ class EntitiesSearchQuery {
         const contextService = this.services.resolveAuthenticationContextProvider();
         return await contextService.getContext();
     }
-    async filterAllowedEntities(entities) {
+    async filterAllowedEntities(entities, context) {
         const authorization = this.services.resolveAuthorizationMiddleware();
         if (!authorization) {
             return entities;
         }
-        const contextService = this.services.resolveAuthenticationContextProvider();
-        const context = await contextService.getContext();
         const filteredEntities = await Promise.all(entities.map(async (entity) => {
             const authorizationResult = await authorization.canRead(entity, context);
             if (!authorizationResult.isAuthorized) {
@@ -1124,6 +1137,16 @@ class EntitiesSearchQuery {
         }));
         return filteredEntities.filter((entity) => entity !== null);
     }
+    async authorizeSearch(context) {
+        const authorization = this.services.resolveAuthorizationMiddleware();
+        if (!authorization) {
+            return;
+        }
+        const { isAuthorized } = await authorization.canSearch(context);
+        if (!isAuthorized) {
+            throw new EntityOperationUnauthorizedException(exports.EntityOperationType.Search, this.services.getEntityName());
+        }
+    }
 }
 var ConnectorMode;
@@ -18928,6 +18951,9 @@ class AppExceptionsFilterBase {
         if (exception instanceof EntityOperationUnauthorizedException) {
             return common.HttpStatus.UNAUTHORIZED;
         }
+        if (exception instanceof EntityNotFoundException) {
+            return common.HttpStatus.NOT_FOUND;
+        }
         if (exception instanceof common.HttpException) {
             return exception.getStatus();
         }
@@ -19128,6 +19154,7 @@ const newUuid = backendCore.newUuid;
 exports.AppExceptionsFilterBase = AppExceptionsFilterBase;
 exports.EntityManagerException = EntityManagerException;
 exports.EntityManagerSymbols = EntityManagerSymbols;
+exports.EntityManagerUnauthorizedException = EntityManagerUnauthorizedException;
 exports.EntityNotFoundException = EntityNotFoundException;
 exports.EntityOperationUnauthorizedException = EntityOperationUnauthorizedException;
 exports.MultipleEntitiesFoundException = MultipleEntitiesFoundException;