@qrvey/assets-sharing 0.3.3 → 0.3.4-dev.2086

package/__test__/hasAdminRole.test.ts

@@ -5,13 +5,19 @@ const loginType = 'qrveyLogin';
 
 describe('Check if has admin role.', () => {
     beforeEach(() => {
+        // User Exist
+        jest.spyOn(UserRepository.prototype, 'getOne').mockResolvedValue(
+            {} as any,
+        );
+
+        // User has no admin role
         jest.spyOn(UserRepository.prototype, 'getList').mockResolvedValue({
             count: 0,
             items: [],
         } as any);
     });
 
-    test('Has access with API Key only.', async () => {
+    test('Does not have access when: Only API Key', async () => {
         const body = {
             apiKey: 'api-key',
         };
@@ -19,163 +25,224 @@ describe('Check if has admin role.', () => {
         expect(result).toBe(false);
     });
 
-    test('Has access with API Key and userId.', async () => {
+    test('Does not have access when: API Key and Non existing userId', async () => {
+        jest.spyOn(UserRepository.prototype, 'getOne').mockResolvedValue(null);
+
         const body = {
             apiKey: 'api-key',
-            userId: 'user-id',
+            userId: 'non-existing-user',
         };
         const result = await hasAdminRole(body);
-        expect(result).toBe(true);
+        expect(result).toBe(false);
     });
 
-    test('Has access with API Key, userId and same clientId as userId.', async () => {
+    test('Has access when: API Key and Existing userId', async () => {
         const body = {
             apiKey: 'api-key',
-            userId: 'user-id',
-            clientId: 'user-id',
+            userId: 'existing-user',
         };
         const result = await hasAdminRole(body);
         expect(result).toBe(true);
     });
 
-    test('Has access with API Key, userId, clientId and org:0.', async () => {
+    test('Has access when: API Key, org:0 and Existing userId', async () => {
         const body = {
             apiKey: 'api-key',
-            userId: 'user-id',
-            clientId: 'user-id',
+            userId: 'existing-user',
             orgId: ORGANIZATION_QRVEY,
         };
         const result = await hasAdminRole(body);
         expect(result).toBe(true);
     });
 
-    test('Has no access with another org and apiKey.', async () => {
+    test('Does not have access when: API Key, Existing userId and Non existing clientId', async () => {
         const body = {
             apiKey: 'api-key',
-            userId: 'user-id',
-            clientId: 'user-id',
-            orgId: 'another-org',
+            userId: 'existing-user',
+            clientId: 'non-existing-user',
         };
         const result = await hasAdminRole(body);
         expect(result).toBe(false);
     });
 
-    test('Has no access with another org.', async () => {
+    test('Has access when: API Key, Existing userId and existing clientId', async () => {
+        const body = {
+            apiKey: 'api-key',
+            userId: 'existing-user',
+            clientId: 'existing-user',
+        };
+        const result = await hasAdminRole(body);
+        expect(result).toBe(true);
+    });
+
+    test('Has access when: API Key, no Admin userId and admin clientId', async () => {
         jest.spyOn(UserRepository.prototype, 'getList').mockResolvedValue({
             count: 1,
             items: [{}],
         } as any);
+
         const body = {
-            userId: 'user-id',
-            clientId: 'user-id',
-            orgId: 'another-org',
+            apiKey: 'api-key',
+            userId: 'existing-user',
+            clientId: 'admin-user',
         };
         const result = await hasAdminRole(body);
-        expect(result).toBe(false);
+        expect(result).toBe(true);
     });
 
-    test('Has no access with another clientId and org.', async () => {
+    test('Does not have access when: API Key, org:0 and Existing userId', async () => {
         const body = {
-            userId: 'user-id',
-            clientId: 'another-id',
+            apiKey: 'api-key',
+            userId: 'existing-user',
             orgId: 'another-org',
         };
         const result = await hasAdminRole(body);
         expect(result).toBe(false);
     });
 
-    test('Has no access with another clientId.', async () => {
+    test('Does not have access when: InComposer only (need userId)', async () => {
         const body = {
-            userId: 'user-id',
-            clientId: 'another-id',
+            loginType,
         };
         const result = await hasAdminRole(body);
         expect(result).toBe(false);
     });
 
-    test('Has access with admin user.', async () => {
+    test('Has access when: InComposer, org:0 and Admin userId', async () => {
         jest.spyOn(UserRepository.prototype, 'getList').mockResolvedValue({
             count: 1,
             items: [{}],
         } as any);
+
         const body = {
-            userId: 'admin-user',
             loginType,
+            userId: 'admin-user',
+            orgId: ORGANIZATION_QRVEY,
         };
         const result = await hasAdminRole(body);
         expect(result).toBe(true);
     });
 
-    test('Has no access with other user.', async () => {
+    test('Does not have access when: InComposer, org:0 and non Admin userId', async () => {
         const body = {
-            userId: 'other-user',
+            loginType,
+            userId: 'non-admin-user',
+            orgId: ORGANIZATION_QRVEY,
         };
         const result = await hasAdminRole(body);
         expect(result).toBe(false);
     });
 
-    test('Has no access even with admin user but, with another client.', async () => {
+    test('Does not have access when: org:0 and Admin userId only', async () => {
+        jest.spyOn(UserRepository.prototype, 'getList').mockResolvedValue({
+            count: 1,
+            items: [{}],
+        } as any);
+
         const body = {
             userId: 'admin-user',
-            clientId: 'other-user',
+            orgId: ORGANIZATION_QRVEY,
         };
         const result = await hasAdminRole(body);
         expect(result).toBe(false);
     });
 
-    test('Has no access even with admin user but, with another client and org.', async () => {
+    test('Has access when: org:0, Admin userId and Admin ClientId (same as userId)', async () => {
+        jest.spyOn(UserRepository.prototype, 'getList').mockResolvedValue({
+            count: 1,
+            items: [{}],
+        } as any);
+
         const body = {
             userId: 'admin-user',
-            clientId: 'other-user',
-            orgId: 'other-org',
+            clientId: 'admin-user',
+            orgId: ORGANIZATION_QRVEY,
         };
         const result = await hasAdminRole(body);
-        expect(result).toBe(false);
+        expect(result).toBe(true);
+    });
+
+    test('Has access when: org:0, Admin userId and Another Admin ClientId', async () => {
+        jest.spyOn(UserRepository.prototype, 'getList').mockResolvedValue({
+            count: 1,
+            items: [{}],
+        } as any);
+
+        const body = {
+            userId: 'admin-user',
+            clientId: 'another-admin-user',
+            orgId: ORGANIZATION_QRVEY,
+        };
+        const result = await hasAdminRole(body);
+        expect(result).toBe(true);
     });
 
-    test('Has no access even with admin user but, with another client and org0.', async () => {
+    test('Does not have access when: org:0, Admin userId and Non Admin ClientId', async () => {
         const body = {
             userId: 'admin-user',
-            clientId: 'other-user',
+            clientId: 'non-admin-user',
             orgId: ORGANIZATION_QRVEY,
         };
         const result = await hasAdminRole(body);
         expect(result).toBe(false);
     });
 
-    test('Has admin level if is in composer', async () => {
+    test('Has access when: org:0, non Admin userId and Admin ClientId', async () => {
         jest.spyOn(UserRepository.prototype, 'getList').mockResolvedValue({
             count: 1,
             items: [{}],
         } as any);
+
         const body = {
-            userId: 'admin-user',
+            userId: 'non-admin-user',
+            clientId: 'admin-user',
             orgId: ORGANIZATION_QRVEY,
-            loginType,
         };
         const result = await hasAdminRole(body);
         expect(result).toBe(true);
     });
 
-    test('Has admin level if is not in composer with admin clientId', async () => {
+    test('Does not have access when: org:0, non Admin userId and non Admin ClientId', async () => {
+        const body = {
+            userId: 'non-admin-user',
+            clientId: 'another-non-admin-user',
+            orgId: ORGANIZATION_QRVEY,
+        };
+        const result = await hasAdminRole(body);
+        expect(result).toBe(false);
+    });
+
+    test('Does not have access when: InComposer, Another org, Admin userId', async () => {
         jest.spyOn(UserRepository.prototype, 'getList').mockResolvedValue({
             count: 1,
             items: [{}],
         } as any);
+
         const body = {
             userId: 'admin-user',
-            clientId: 'another-admin-user',
-            orgId: ORGANIZATION_QRVEY,
+            orgId: 'another-org',
+            loginType,
         };
         const result = await hasAdminRole(body);
-        expect(result).toBe(true);
+        expect(result).toBe(false);
     });
 
-    test('Has not admin level if is not in composer with admin clientId but with another org', async () => {
+    test('Does not have access when: InComposer, Another org, non Admin userId', async () => {
+        const body = {
+            userId: 'non-admin-user',
+            orgId: 'another-org',
+            loginType,
+        };
+        const result = await hasAdminRole(body);
+        expect(result).toBe(false);
+    });
+
+    test('Does not have access when: Another org, Admin userId and Admin clientId', async () => {
         jest.spyOn(UserRepository.prototype, 'getList').mockResolvedValue({
             count: 1,
             items: [{}],
         } as any);
+
         const body = {
             userId: 'admin-user',
             clientId: 'admin-user',
@@ -185,14 +252,46 @@ describe('Check if has admin role.', () => {
         expect(result).toBe(false);
     });
 
-    test('Has not admin level if is not in composer and not clientId', async () => {
+    test('Does not have access when: Another org, Admin userId and another Admin clientId', async () => {
         jest.spyOn(UserRepository.prototype, 'getList').mockResolvedValue({
             count: 1,
             items: [{}],
         } as any);
+
         const body = {
             userId: 'admin-user',
-            orgId: ORGANIZATION_QRVEY,
+            clientId: 'another-admin-user',
+            orgId: 'another-org',
+        };
+        const result = await hasAdminRole(body);
+        expect(result).toBe(false);
+    });
+
+    test('Does not have access when: Another org, Admin userId and non Admin clientId', async () => {
+        const body = {
+            userId: 'admin-user',
+            clientId: 'non-admin-user',
+            orgId: 'another-org',
+        };
+        const result = await hasAdminRole(body);
+        expect(result).toBe(false);
+    });
+
+    test('Does not have access when: Another org, non Admin userId and Admin clientId', async () => {
+        const body = {
+            userId: 'non-admin-user',
+            clientId: 'admin-user',
+            orgId: 'another-org',
+        };
+        const result = await hasAdminRole(body);
+        expect(result).toBe(false);
+    });
+
+    test('Does not have access when: Another org, non Admin userId and non Admin clientId', async () => {
+        const body = {
+            userId: 'non-admin-user',
+            clientId: 'another-non-admin-user',
+            orgId: 'another-org',
         };
         const result = await hasAdminRole(body);
         expect(result).toBe(false);

package/package.json

@@ -1,54 +1,55 @@
 {
-    "name": "@qrvey/assets-sharing",
-    "version": "0.3.3",
-    "types": "dist/types/index.d.ts",
-    "main": "dist/cjs/index.js",
-    "exports": {
-        ".": {
-            "import": "./dist/esm/index.mjs",
-            "require": "./dist/cjs/index.js",
-            "default": "./dist/cjs/index.js"
-        }
-    },
-    "scripts": {
-        "test": "jest",
-        "lint": "eslint \"{src,apps,libs,test}/**/*.ts\"",
-        "lint:fix": "eslint \"{src,apps,libs,test}/**/*.ts\" --fix",
-        "build:clean": "rm -rf dist",
-        "build:compile:original": "tsc -b ./tsconfig.cjs.json ./tsconfig.esm.json ./tsconfig.types.json",
-        "build:compile:cjs:original": "tsup --config ./tsup.config.cjs.ts",
-        "build:compile:cjs": "tsc -b ./tsconfig.cjs.json",
-        "build:compile:esm": "tsup --config ./tsup.config.esm.ts",
-        "build:compile:types": "tsup --config ./tsup.config.types.ts",
-        "build:compile": "yarn build:compile:cjs && yarn build:compile:esm && yarn build:compile:types",
-        "build": "yarn build:clean && yarn build:compile",
-        "prepare-publish": "yarn install && yarn build",
-        "publish-package": "yarn prepare-publish && npm publish"
-    },
-    "dependencies": {
-        "@qrvey/data-persistence": "0.5.1-bundled.1",
-        "@qrvey/id-generator": "1.0.1",
-        "reflect-metadata": "0.2.2",
-        "tsyringe": "4.8.0"
-    },
-    "devDependencies": {
-        "@types/jest": "29.5.14",
-        "eslint": "8.48.0",
-        "eslint-import-resolver-typescript": "3.8.0",
-        "eslint-plugin-import": "2.31.0",
-        "jest": "29.7.0",
-        "ts-jest": "29.3.4",
-        "tsup": "8.0.2",
-        "typescript": "5.7.3"
-    },
-    "keywords": [
-        "sharing",
-        "qrvey"
-    ],
-    "author": "Qrvey",
-    "license": "ISC",
-    "publishConfig": {
-        "access": "public",
-        "registry": "https://registry.npmjs.org"
+  "name": "@qrvey/assets-sharing",
+  "version": "0.3.4-dev.2086",
+  "types": "dist/types/index.d.ts",
+  "main": "dist/cjs/index.js",
+  "exports": {
+    ".": {
+      "import": "./dist/esm/index.mjs",
+      "require": "./dist/cjs/index.js",
+      "default": "./dist/cjs/index.js"
     }
-}
+  },
+  "scripts": {
+    "test": "jest",
+    "lint": "eslint \"{src,apps,libs,test}/**/*.ts\"",
+    "lint:fix": "eslint \"{src,apps,libs,test}/**/*.ts\" --fix",
+    "build:clean": "rm -rf dist",
+    "build:compile:original": "tsc -b ./tsconfig.cjs.json ./tsconfig.esm.json ./tsconfig.types.json",
+    "build:compile:cjs:original": "tsup --config ./tsup.config.cjs.ts",
+    "build:compile:cjs": "tsc -b ./tsconfig.cjs.json",
+    "build:compile:esm": "tsup --config ./tsup.config.esm.ts",
+    "build:compile:types": "tsup --config ./tsup.config.types.ts",
+    "build:compile": "yarn build:compile:cjs && yarn build:compile:esm && yarn build:compile:types",
+    "build": "yarn build:clean && yarn build:compile",
+    "prepare-publish": "yarn install && yarn build",
+    "publish-package": "yarn prepare-publish && npm publish"
+  },
+  "dependencies": {
+    "@qrvey/data-persistence": "0.5.1-bundled.1",
+    "@qrvey/id-generator": "workspace:*",
+    "@qrvey/utils": "1.15.0-30",
+    "reflect-metadata": "0.2.2",
+    "tsyringe": "4.8.0"
+  },
+  "devDependencies": {
+    "@types/jest": "29.5.14",
+    "eslint": "8.48.0",
+    "eslint-import-resolver-typescript": "3.8.0",
+    "eslint-plugin-import": "2.31.0",
+    "jest": "29.7.0",
+    "ts-jest": "29.3.4",
+    "tsup": "8.3.5",
+    "typescript": "5.7.3"
+  },
+  "keywords": [
+    "sharing",
+    "qrvey"
+  ],
+  "author": "Qrvey",
+  "license": "ISC",
+  "publishConfig": {
+    "access": "public",
+    "registry": "https://registry.npmjs.org"
+  }
+}

package/src/common/constants.ts

@@ -1,6 +1,8 @@
 export const ENVIRONMENT = {
     SERVER_PREFIX: process.env.SERVER_PREFIX,
     TABLE_PREFIX: process.env.TABLE_PREFIX,
+    DOMAIN: process.env.DOMAIN,
+    API_KEY: process.env.API_KEY,
 };
 
 export const DATABASE_INFO = {
@@ -44,4 +46,19 @@ export enum ACCESS_LEVEL {
     ADMIN = 4,
 }
 
+export enum AppSharingStatus {
+    PUBLIC = 'public',
+    PRIVATE = 'private',
+}
+
+export interface AppPermissionResponse {
+    privacy: AppSharingStatus;
+}
+
+export interface AppOwner {
+    userId: string;
+    appId: string;
+    userEmail?: string;
+}
+
 export const LIMIT_PER_PAGE = 10;

package/src/context.ts

@@ -12,6 +12,10 @@ import { type DashboardRepositoryInterface } from './sharing/interfaces/dashboar
 import { type SharingDetailsRepositoryInterface } from './sharing/interfaces/detailsRepository.interface';
 import { type DownloadManagerRepositoryInterface } from './sharing/interfaces/downloadManagerRepository.interface';
 import { type SharingRepositoryInterface } from './sharing/interfaces/sharingRepository.interface';
+import { OrganizationRepositoryInterface } from './sharing/interfaces/organizationRepository.interface';
+import { OrganizationRepository } from './sharing/implementations/organization.repository';
+import { AdminRepositoryInterface } from './sharing/interfaces/adminRepository.interface';
+import { AdminRepository } from './sharing/implementations/admin.repository';
 
 container.register<SharingRepositoryInterface>(
     'SharingRepository',
@@ -31,5 +35,13 @@ container.register<DownloadManagerRepositoryInterface>(
     'dmRepository',
     DownloadManagerRepository,
 );
+container.register<OrganizationRepositoryInterface>(
+    'OrganizationRepository',
+    OrganizationRepository,
+);
+container.register<AdminRepositoryInterface>(
+    'AdminRepository',
+    AdminRepository,
+);
 
 export const Context = container;

package/src/index.ts

@@ -6,6 +6,8 @@ import { CheckUserAccessLevel } from './sharing/services/checkUserAccessLevel';
 import { DeleteSharing } from './sharing/services/delete';
 import { ListSharing } from './sharing/services/list';
 import { UpsertSharing } from './sharing/services/upsert';
+import CheckAppPermissions from './sharing/services/checkAppPermissions';
+import CheckOrgPermissions from './sharing/services/checkOrgPermissions';
 
 export const api = {
     upsert: (...args: Parameters<UpsertSharing['execute']>) =>
@@ -20,6 +22,14 @@ export const checkUserAccessLevel = (
     ...args: Parameters<CheckUserAccessLevel['execute']>
 ) => Context.resolve(CheckUserAccessLevel).execute(...args);
 
+export const checkAppPermissions = (
+    ...args: Parameters<CheckAppPermissions['execute']>
+) => Context.resolve(CheckAppPermissions).execute(...args);
+
+export const checkOrgPermissions = (
+    ...args: Parameters<CheckOrgPermissions['execute']>
+) => Context.resolve(CheckOrgPermissions).execute(...args);
+
 export const fromTokenToUser = (
     ...args: Parameters<FromTokenToUser['execute']>
 ) => Context.resolve(FromTokenToUser).execute(...args);

package/src/quser/services/hasAdminRole.ts

@@ -26,9 +26,18 @@ export class HasAdminRole {
     } = {}): Promise<boolean> {
         if (!userId) return false;
 
+        const existingUser = await this.userRepository.getOne(userId);
         const isMasterKey =
             apiKey && (orgId === undefined || orgId === ORGANIZATION_QRVEY);
-        if (isMasterKey) return true;
+        if (isMasterKey && existingUser && (!clientId || clientId === userId))
+            return true;
+
+        const user = await this.userRepository.getList({
+            data: { identifier: clientId ?? userId, role: 'administrator' },
+        });
+        const isAdmin = user.items.length > 0;
+
+        if (isMasterKey && isAdmin) return true;
 
         const inComposer = isComposer(loginType || '');
         const isExternal =
@@ -36,10 +45,7 @@ export class HasAdminRole {
             (orgId && orgId !== ORGANIZATION_QRVEY);
         if (isExternal) return false;
 
-        const user = await this.userRepository.getList({
-            data: { identifier: clientId ?? userId, role: 'administrator' },
-        });
-        if (user.items.length > 0) return true;
+        if (isAdmin) return true;
 
         return false;
     }

package/src/sharing/entities/types/organization.type.ts

@@ -0,0 +1,10 @@
+export interface OrganizationType {
+  orgid: string;
+  name: string;
+  parentorgid: string | null;
+  org_path: string;
+  contentprivacy: boolean;
+  effectivecontentprivacy: boolean;
+  createdat: string;
+  updatedat: string;
+}

package/src/sharing/implementations/admin.repository.ts

@@ -0,0 +1,66 @@
+import { AdminRepositoryInterface } from '../interfaces/adminRepository.interface';
+import { ENVIRONMENT } from '../../common/constants';
+import { getAttribute } from '@qrvey/utils';
+
+export class AdminRepository implements AdminRepositoryInterface{
+    async getApplicationInfo(body: { appId: string; userId: string }) {
+        const url = `${ENVIRONMENT.DOMAIN}/devapi/v4/user/${body.userId}/app/${body.appId}`;
+
+        const headers = {
+            'x-api-key': ENVIRONMENT.API_KEY as string,
+        };
+
+        const requestOptions: RequestInit = {
+            method: 'GET',
+            headers,
+        };
+
+        const response = await fetch(url, requestOptions);
+
+        const data = (await response.json()) as {
+            userid?: string;
+            appId?: string;
+            userEmail?: string;
+        };
+
+        return {
+            status: response.status,
+            data: {
+                userId: data?.userid ?? body.userId,
+                appId: getAttribute(data, 'appId'),
+                userEmail: getAttribute(data, 'userEmail'),
+            },
+        };
+    }
+
+        async getPlatformConfiguration(): Promise<{
+        status: number;
+        legacyMode: boolean;
+    }> {
+        const url = `${ENVIRONMENT.DOMAIN}/admin/api/v5/customization/features/platform`;
+
+        const headers = {
+            'x-api-key': ENVIRONMENT.API_KEY as string,
+        };
+
+        const requestOptions: RequestInit = {
+            method: 'GET',
+            headers,
+        };
+
+        const response = await fetch(url, requestOptions);
+
+        const data = (await response.json()) as {
+            Item: {
+                settings: {
+                    legacyMode: boolean;
+                };
+            };
+        };
+        return {
+            status: response.status,
+            legacyMode: data?.Item?.settings?.legacyMode ?? true,
+        };
+    }
+
+}

package/src/sharing/implementations/organization.model.ts

@@ -0,0 +1,28 @@
+import { CrudSchema } from '@qrvey/data-persistence';
+import { DATABASE_INFO } from '../../common/constants';
+
+export default class OrganizationModel extends CrudSchema {
+  static readonly table = {
+    name: 'qv_organization',
+    alias: `${DATABASE_INFO.TABLE_PREFIX}_organization`,
+  };
+
+  static readonly columns = {
+    orgid: { type: 'string', primary: true },
+    name: { type: 'string' },
+    parentorgid: { type: 'string' },
+    org_path: { type: 'string' },
+    contentprivacy: { type: 'boolean' },
+    effectivecontentprivacy: { type: 'boolean' },
+    createdat: { type: 'string' },
+    updatedat: { type: 'string' },
+  };
+
+  static readonly indexes = {
+    org_path: { name: 'idx_qv_orgs_org_path_gist', columns: ['org_path'] },
+    parentorgid: { name: 'idx_qv_orgs_parent', columns: ['parentorgid'] },
+  };
+
+  static readonly schema = DATABASE_INFO.DATA_PERSISTENCE_SCHEMA;
+  static readonly usePool = true;
+}