@rockster/core 0.0.4 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (318) hide show
  1. package/access/access.module.js +3 -7
  2. package/access/access.module.js.map +1 -1
  3. package/access/constants.d.ts +2 -0
  4. package/access/constants.js +6 -0
  5. package/access/constants.js.map +1 -0
  6. package/access/controllers/controllers.d.ts +2 -1
  7. package/access/controllers/controllers.js +3 -1
  8. package/access/controllers/controllers.js.map +1 -1
  9. package/access/controllers/scope-access-profile.controller.d.ts +17 -0
  10. package/access/controllers/scope-access-profile.controller.js +111 -0
  11. package/access/controllers/scope-access-profile.controller.js.map +1 -0
  12. package/access/controllers/scope-group-user.controller.d.ts +11 -4
  13. package/access/controllers/scope-group-user.controller.js +57 -9
  14. package/access/controllers/scope-group-user.controller.js.map +1 -1
  15. package/access/controllers/scope-group.controller.d.ts +8 -5
  16. package/access/controllers/scope-group.controller.js +66 -12
  17. package/access/controllers/scope-group.controller.js.map +1 -1
  18. package/access/controllers/scope-owner.controller.d.ts +3 -2
  19. package/access/controllers/scope-owner.controller.js +18 -4
  20. package/access/controllers/scope-owner.controller.js.map +1 -1
  21. package/access/controllers/scope-user.controller.d.ts +2 -2
  22. package/access/controllers/scope-user.controller.js +19 -5
  23. package/access/controllers/scope-user.controller.js.map +1 -1
  24. package/access/decorators/context-params.decorator.d.ts +2 -0
  25. package/access/decorators/context-params.decorator.js +13 -0
  26. package/access/decorators/context-params.decorator.js.map +1 -0
  27. package/access/decorators/index.d.ts +2 -0
  28. package/access/decorators/index.js +19 -0
  29. package/access/decorators/index.js.map +1 -0
  30. package/access/decorators/scope-context-id-resolver.decorator.d.ts +10 -0
  31. package/access/decorators/scope-context-id-resolver.decorator.js +22 -0
  32. package/access/decorators/scope-context-id-resolver.decorator.js.map +1 -0
  33. package/access/entities/entities.d.ts +3 -1
  34. package/access/entities/entities.js +4 -0
  35. package/access/entities/entities.js.map +1 -1
  36. package/access/entities/index.d.ts +2 -0
  37. package/access/entities/index.js +2 -0
  38. package/access/entities/index.js.map +1 -1
  39. package/access/entities/scope-access-profile-key.d.ts +6 -0
  40. package/access/entities/scope-access-profile-key.js +40 -0
  41. package/access/entities/scope-access-profile-key.js.map +1 -0
  42. package/access/entities/scope-access-profile.d.ts +6 -0
  43. package/access/entities/scope-access-profile.js +37 -0
  44. package/access/entities/scope-access-profile.js.map +1 -0
  45. package/access/entities/scope-group.d.ts +3 -0
  46. package/access/entities/scope-group.js +16 -0
  47. package/access/entities/scope-group.js.map +1 -1
  48. package/access/functions/assert-context-admin-access.d.ts +15 -0
  49. package/access/functions/assert-context-admin-access.js +62 -0
  50. package/access/functions/assert-context-admin-access.js.map +1 -0
  51. package/access/functions/assert-master-or-owner.d.ts +9 -0
  52. package/access/functions/assert-master-or-owner.js +40 -0
  53. package/access/functions/assert-master-or-owner.js.map +1 -0
  54. package/access/functions/assert-scope-action-access.d.ts +32 -0
  55. package/access/functions/assert-scope-action-access.js +189 -0
  56. package/access/functions/assert-scope-action-access.js.map +1 -0
  57. package/access/functions/build-scope-resolver-initial-data.d.ts +4 -0
  58. package/access/functions/build-scope-resolver-initial-data.js +17 -0
  59. package/access/functions/build-scope-resolver-initial-data.js.map +1 -0
  60. package/access/functions/describe-action-scope.d.ts +9 -0
  61. package/access/functions/describe-action-scope.js +27 -0
  62. package/access/functions/describe-action-scope.js.map +1 -0
  63. package/access/functions/index.d.ts +5 -0
  64. package/access/functions/index.js +5 -0
  65. package/access/functions/index.js.map +1 -1
  66. package/access/functions/init-scope-service-executors.d.ts +3 -0
  67. package/access/functions/init-scope-service-executors.js +38 -0
  68. package/access/functions/init-scope-service-executors.js.map +1 -0
  69. package/access/functions/normalize-scope-keys.d.ts +4 -0
  70. package/access/functions/normalize-scope-keys.js +17 -0
  71. package/access/functions/normalize-scope-keys.js.map +1 -0
  72. package/access/functions/register-scope.d.ts +16 -5
  73. package/access/functions/register-scope.js +57 -45
  74. package/access/functions/register-scope.js.map +1 -1
  75. package/access/functions/resolve-scope-context-id.d.ts +9 -0
  76. package/access/functions/resolve-scope-context-id.js +71 -0
  77. package/access/functions/resolve-scope-context-id.js.map +1 -0
  78. package/access/functions/warn-if-public.d.ts +12 -0
  79. package/access/functions/warn-if-public.js +20 -0
  80. package/access/functions/warn-if-public.js.map +1 -0
  81. package/access/index.d.ts +2 -0
  82. package/access/index.js +2 -0
  83. package/access/index.js.map +1 -1
  84. package/access/interfaces/index.d.ts +1 -0
  85. package/access/interfaces/index.js +1 -0
  86. package/access/interfaces/index.js.map +1 -1
  87. package/access/interfaces/resolve-scope-context-id.d.ts +21 -0
  88. package/access/interfaces/resolve-scope-context-id.js +3 -0
  89. package/access/interfaces/resolve-scope-context-id.js.map +1 -0
  90. package/access/interfaces/scope-service-registry.d.ts +16 -1
  91. package/access/interfaces/scope-service.d.ts +6 -7
  92. package/access/models/scope-access-profile-keys-update.d.ts +5 -0
  93. package/access/models/scope-access-profile-keys-update.js +27 -0
  94. package/access/models/scope-access-profile-keys-update.js.map +1 -0
  95. package/access/models/scope-group-apply-access-profile.d.ts +6 -0
  96. package/access/models/scope-group-apply-access-profile.js +32 -0
  97. package/access/models/scope-group-apply-access-profile.js.map +1 -0
  98. package/access/models/scope-user-mapped.d.ts +1 -0
  99. package/access/models/scope-user-mapped.js +6 -0
  100. package/access/models/scope-user-mapped.js.map +1 -1
  101. package/access/models/scope-user.js +4 -2
  102. package/access/models/scope-user.js.map +1 -1
  103. package/access/queries/scope-access-profile.query.d.ts +1 -0
  104. package/access/queries/scope-access-profile.query.js +10 -0
  105. package/access/queries/scope-access-profile.query.js.map +1 -0
  106. package/access/queries/scope-group.query.js +9 -2
  107. package/access/queries/scope-group.query.js.map +1 -1
  108. package/access/services/index.d.ts +1 -0
  109. package/access/services/index.js +1 -0
  110. package/access/services/index.js.map +1 -1
  111. package/access/services/scope-access-profile.service.d.ts +13 -0
  112. package/access/services/scope-access-profile.service.js +75 -0
  113. package/access/services/scope-access-profile.service.js.map +1 -0
  114. package/access/services/scope-access.service.js +4 -2
  115. package/access/services/scope-access.service.js.map +1 -1
  116. package/access/services/scope-group-user.service.js +2 -2
  117. package/access/services/scope-group-user.service.js.map +1 -1
  118. package/access/services/scope-group.service.d.ts +10 -0
  119. package/access/services/scope-group.service.js +38 -1
  120. package/access/services/scope-group.service.js.map +1 -1
  121. package/access/services/scope-owner.service.d.ts +3 -0
  122. package/access/services/scope-owner.service.js +26 -1
  123. package/access/services/scope-owner.service.js.map +1 -1
  124. package/command/services/post-action-builder.js +19 -17
  125. package/command/services/post-action-builder.js.map +1 -1
  126. package/command/services/remove-action-builder.js +30 -22
  127. package/command/services/remove-action-builder.js.map +1 -1
  128. package/controllers/interfaces/controller-property.d.ts +7 -1
  129. package/controllers/services/default-action-builder.js +12 -30
  130. package/controllers/services/default-action-builder.js.map +1 -1
  131. package/controllers/services/restful-action-builder.js +25 -1
  132. package/controllers/services/restful-action-builder.js.map +1 -1
  133. package/core/contexts/request-context.d.ts +5 -0
  134. package/core/contexts/request-context.js +6 -0
  135. package/core/contexts/request-context.js.map +1 -0
  136. package/core/core.controller.js +6 -1
  137. package/core/core.controller.js.map +1 -1
  138. package/core/interfaces/action-docs.d.ts +15 -0
  139. package/core/interfaces/request-context.d.ts +5 -0
  140. package/core/services/request-router.js +2 -1
  141. package/core/services/request-router.js.map +1 -1
  142. package/database/database.controller.d.ts +1 -3
  143. package/database/database.controller.js +1 -5
  144. package/database/database.controller.js.map +1 -1
  145. package/database/decorators/protect-entity.decorator.d.ts +1 -0
  146. package/database/decorators/protect-entity.decorator.js +2 -3
  147. package/database/decorators/protect-entity.decorator.js.map +1 -1
  148. package/database/decorators/protected-entity.decorator.d.ts +1 -0
  149. package/database/decorators/protected-entity.decorator.js +2 -16
  150. package/database/decorators/protected-entity.decorator.js.map +1 -1
  151. package/database/functions/inject-repository-handle.js +4 -3
  152. package/database/functions/inject-repository-handle.js.map +1 -1
  153. package/database/interfaces/entity-object.d.ts +0 -6
  154. package/database/interfaces/index.d.ts +0 -1
  155. package/database/interfaces/index.js +0 -1
  156. package/database/interfaces/index.js.map +1 -1
  157. package/database/interfaces/repository.d.ts +8 -8
  158. package/docs/docs.module.js +3 -1
  159. package/docs/docs.module.js.map +1 -1
  160. package/docs/migrations/1747584000000-CreateDocsTables.d.ts +5 -0
  161. package/docs/migrations/1747584000000-CreateDocsTables.js +90 -0
  162. package/docs/migrations/1747584000000-CreateDocsTables.js.map +1 -0
  163. package/docs/migrations/migrations.d.ts +2 -0
  164. package/docs/migrations/migrations.js +8 -0
  165. package/docs/migrations/migrations.js.map +1 -0
  166. package/global.d.ts +2 -0
  167. package/global.js +1 -0
  168. package/global.js.map +1 -1
  169. package/index.d.ts +2 -1
  170. package/index.js +2 -1
  171. package/index.js.map +1 -1
  172. package/jobs/jobs.controller.d.ts +2 -0
  173. package/jobs/jobs.controller.js +20 -16
  174. package/jobs/jobs.controller.js.map +1 -1
  175. package/package.json +70 -70
  176. package/query/functions/add-join.js +2 -13
  177. package/query/functions/add-join.js.map +1 -1
  178. package/query/functions/create-query-builder.js +0 -10
  179. package/query/functions/create-query-builder.js.map +1 -1
  180. package/query/functions/execute-query.js +34 -0
  181. package/query/functions/execute-query.js.map +1 -1
  182. package/query/functions/load-properties.js +73 -5
  183. package/query/functions/load-properties.js.map +1 -1
  184. package/query/services/query-action-builder.js +12 -18
  185. package/query/services/query-action-builder.js.map +1 -1
  186. package/remote-logs/dtos/index.d.ts +2 -0
  187. package/remote-logs/dtos/index.js +19 -0
  188. package/remote-logs/dtos/index.js.map +1 -0
  189. package/remote-logs/dtos/remote-log-hooks.dto.d.ts +72 -0
  190. package/remote-logs/dtos/remote-log-hooks.dto.js +280 -0
  191. package/remote-logs/dtos/remote-log-hooks.dto.js.map +1 -0
  192. package/remote-logs/dtos/remote-log-search.dto.d.ts +34 -0
  193. package/remote-logs/dtos/remote-log-search.dto.js +146 -0
  194. package/remote-logs/dtos/remote-log-search.dto.js.map +1 -0
  195. package/remote-logs/environment.d.ts +4 -0
  196. package/remote-logs/environment.js +5 -0
  197. package/remote-logs/environment.js.map +1 -0
  198. package/remote-logs/index.d.ts +3 -0
  199. package/remote-logs/index.js +20 -0
  200. package/remote-logs/index.js.map +1 -0
  201. package/remote-logs/interfaces/index.d.ts +1 -0
  202. package/remote-logs/interfaces/index.js +18 -0
  203. package/remote-logs/interfaces/index.js.map +1 -0
  204. package/remote-logs/interfaces/remote-logs-module-options.d.ts +8 -0
  205. package/remote-logs/interfaces/remote-logs-module-options.js +3 -0
  206. package/remote-logs/interfaces/remote-logs-module-options.js.map +1 -0
  207. package/remote-logs/remote-logs-hooks.controller.d.ts +60 -0
  208. package/remote-logs/remote-logs-hooks.controller.js +331 -0
  209. package/remote-logs/remote-logs-hooks.controller.js.map +1 -0
  210. package/remote-logs/remote-logs.controller.d.ts +8 -0
  211. package/remote-logs/remote-logs.controller.js +41 -0
  212. package/remote-logs/remote-logs.controller.js.map +1 -0
  213. package/remote-logs/remote-logs.module.d.ts +12 -0
  214. package/remote-logs/remote-logs.module.js +107 -0
  215. package/remote-logs/remote-logs.module.js.map +1 -0
  216. package/remote-logs/services/opensearch.service.d.ts +13 -0
  217. package/remote-logs/services/opensearch.service.js +167 -0
  218. package/remote-logs/services/opensearch.service.js.map +1 -0
  219. package/security/auth.controller.js +4 -4
  220. package/security/auth.controller.js.map +1 -1
  221. package/security/functions/add-protected.d.ts +2 -2
  222. package/security/functions/add-protected.js +8 -5
  223. package/security/functions/add-protected.js.map +1 -1
  224. package/security/functions/create-authentication-interceptor.d.ts +44 -0
  225. package/security/functions/create-authentication-interceptor.js +114 -0
  226. package/security/functions/create-authentication-interceptor.js.map +1 -0
  227. package/security/functions/find-auth-context.d.ts +1 -2
  228. package/security/functions/find-auth-context.js +6 -11
  229. package/security/functions/find-auth-context.js.map +1 -1
  230. package/security/index.d.ts +1 -0
  231. package/security/index.js +1 -0
  232. package/security/index.js.map +1 -1
  233. package/security/interfaces/authorization-schema.d.ts +3 -1
  234. package/security/services/authorization.service.d.ts +5 -3
  235. package/security/services/authorization.service.js +56 -37
  236. package/security/services/authorization.service.js.map +1 -1
  237. package/storage/services/routes.service.js +1 -1
  238. package/storage/services/routes.service.js.map +1 -1
  239. package/tasks/constants.d.ts +3 -0
  240. package/tasks/constants.js +2 -1
  241. package/tasks/constants.js.map +1 -1
  242. package/tasks/controllers/task.controller.d.ts +3 -2
  243. package/tasks/controllers/task.controller.js +11 -40
  244. package/tasks/controllers/task.controller.js.map +1 -1
  245. package/tasks/decorators/index.d.ts +1 -0
  246. package/tasks/decorators/index.js +1 -0
  247. package/tasks/decorators/index.js.map +1 -1
  248. package/tasks/decorators/task-payload.decorator.d.ts +1 -0
  249. package/tasks/decorators/task-payload.decorator.js +12 -0
  250. package/tasks/decorators/task-payload.decorator.js.map +1 -0
  251. package/tasks/decorators/task.decorator.js +3 -0
  252. package/tasks/decorators/task.decorator.js.map +1 -1
  253. package/tasks/functions/compile-all-task-post-hooks.d.ts +1 -0
  254. package/tasks/functions/compile-all-task-post-hooks.js +27 -0
  255. package/tasks/functions/compile-all-task-post-hooks.js.map +1 -0
  256. package/tasks/functions/compile-task-hook-handle.d.ts +6 -0
  257. package/tasks/functions/compile-task-hook-handle.js +67 -0
  258. package/tasks/functions/compile-task-hook-handle.js.map +1 -0
  259. package/tasks/functions/create-task-hook.d.ts +9 -0
  260. package/tasks/functions/create-task-hook.js +13 -0
  261. package/tasks/functions/create-task-hook.js.map +1 -0
  262. package/tasks/functions/create-task-message-post.js +2 -0
  263. package/tasks/functions/create-task-message-post.js.map +1 -1
  264. package/tasks/functions/register-task-post-hook-interceptors.d.ts +3 -0
  265. package/tasks/functions/register-task-post-hook-interceptors.js +86 -0
  266. package/tasks/functions/register-task-post-hook-interceptors.js.map +1 -0
  267. package/tasks/functions/run-task-post-hooks.d.ts +11 -0
  268. package/tasks/functions/run-task-post-hooks.js +18 -0
  269. package/tasks/functions/run-task-post-hooks.js.map +1 -0
  270. package/tasks/functions/task-message-operations.d.ts +18 -0
  271. package/tasks/functions/task-message-operations.js +100 -0
  272. package/tasks/functions/task-message-operations.js.map +1 -0
  273. package/tasks/functions/validate-task-payload.d.ts +2 -0
  274. package/tasks/functions/validate-task-payload.js +19 -0
  275. package/tasks/functions/validate-task-payload.js.map +1 -0
  276. package/tasks/hook-constants.d.ts +2 -0
  277. package/tasks/hook-constants.js +6 -0
  278. package/tasks/hook-constants.js.map +1 -0
  279. package/tasks/index.d.ts +3 -0
  280. package/tasks/index.js +3 -0
  281. package/tasks/index.js.map +1 -1
  282. package/tasks/interfaces/compiled-task-post-hooks.d.ts +17 -0
  283. package/tasks/interfaces/compiled-task-post-hooks.js +3 -0
  284. package/tasks/interfaces/compiled-task-post-hooks.js.map +1 -0
  285. package/tasks/interfaces/index.d.ts +3 -0
  286. package/tasks/interfaces/index.js +3 -0
  287. package/tasks/interfaces/index.js.map +1 -1
  288. package/tasks/interfaces/task-hook.d.ts +16 -0
  289. package/tasks/interfaces/task-hook.js +8 -0
  290. package/tasks/interfaces/task-hook.js.map +1 -0
  291. package/tasks/interfaces/task-object.d.ts +4 -0
  292. package/tasks/interfaces/task-post-hook.d.ts +2 -0
  293. package/{database/interfaces/protector.js → tasks/interfaces/task-post-hook.js} +1 -1
  294. package/tasks/interfaces/task-post-hook.js.map +1 -0
  295. package/tasks/interfaces/task-settings.d.ts +5 -0
  296. package/tasks/services/task-runner.service.d.ts +24 -3
  297. package/tasks/services/task-runner.service.js +66 -28
  298. package/tasks/services/task-runner.service.js.map +1 -1
  299. package/translations/controllers/translation.controller.d.ts +3 -1
  300. package/translations/controllers/translation.controller.js +17 -3
  301. package/translations/controllers/translation.controller.js.map +1 -1
  302. package/translations/services/translations.service.d.ts +1 -0
  303. package/translations/services/translations.service.js +25 -6
  304. package/translations/services/translations.service.js.map +1 -1
  305. package/translations/services/translator.service.d.ts +1 -0
  306. package/translations/services/translator.service.js +6 -0
  307. package/translations/services/translator.service.js.map +1 -1
  308. package/database/functions/use-protector.d.ts +0 -2
  309. package/database/functions/use-protector.js +0 -11
  310. package/database/functions/use-protector.js.map +0 -1
  311. package/database/interfaces/protector.d.ts +0 -51
  312. package/database/interfaces/protector.js.map +0 -1
  313. package/database/services/protect-builder.d.ts +0 -60
  314. package/database/services/protect-builder.js +0 -524
  315. package/database/services/protect-builder.js.map +0 -1
  316. package/security/functions/add-protect.d.ts +0 -2
  317. package/security/functions/add-protect.js +0 -11
  318. package/security/functions/add-protect.js.map +0 -1
package/access/controllers/scope-owner.controller.js CHANGED
@@ -16,13 +16,20 @@ exports.ScopeOwnerController = void 0;
16
16
  const action_content_decorator_1 = require("../../controllers/decorators/actions/action-content.decorator");
17
17
  const action_decorator_1 = require("../../controllers/decorators/actions/action.decorator");
18
18
  const controller_decorator_1 = require("../../controllers/decorators/controller.decorator");
19
+ const request_context_decorator_1 = require("../../controllers/decorators/request-context.decorator");
19
20
  const scope_owner_1 = require("../models/scope-owner");
20
21
  const scope_owner_service_1 = require("../services/scope-owner.service");
22
+ const assert_context_admin_access_1 = require("../functions/assert-context-admin-access");
21
23
  let ScopeOwnerController = class ScopeOwnerController {
22
24
  constructor(scopeOwnerService) {
23
25
  this.scopeOwnerService = scopeOwnerService;
24
26
  }
25
- async add(content) {
27
+ async add(content, requestContext) {
28
+ await (0, assert_context_admin_access_1.assertContextAdminAccess)({
29
+ contextName: content.contextName,
30
+ contextId: content.contextId,
31
+ userId: requestContext.session?.userId,
32
+ });
26
33
  const owner = await this.scopeOwnerService.getOneBy({
27
34
  contextName: content.contextName,
28
35
  contextId: content.contextId,
@@ -36,7 +43,12 @@ let ScopeOwnerController = class ScopeOwnerController {
36
43
  contextId: content.contextId
37
44
  });
38
45
  }
39
- async remove(content) {
46
+ async remove(content, requestContext) {
47
+ await (0, assert_context_admin_access_1.assertContextAdminAccess)({
48
+ contextName: content.contextName,
49
+ contextId: content.contextId,
50
+ userId: requestContext.session?.userId,
51
+ });
40
52
  await this.scopeOwnerService.removeBy({
41
53
  contextId: content.contextId,
42
54
  contextName: content.contextName,
@@ -48,15 +60,17 @@ exports.ScopeOwnerController = ScopeOwnerController;
48
60
  __decorate([
49
61
  (0, action_decorator_1.Action)(),
50
62
  __param(0, (0, action_content_decorator_1.ActionContent)()),
63
+ __param(1, (0, request_context_decorator_1.RequestContext)()),
51
64
  __metadata("design:type", Function),
52
- __metadata("design:paramtypes", [scope_owner_1.ScopeOwner]),
65
+ __metadata("design:paramtypes", [scope_owner_1.ScopeOwner, Object]),
53
66
  __metadata("design:returntype", Promise)
54
67
  ], ScopeOwnerController.prototype, "add", null);
55
68
  __decorate([
56
69
  (0, action_decorator_1.Action)(),
57
70
  __param(0, (0, action_content_decorator_1.ActionContent)()),
71
+ __param(1, (0, request_context_decorator_1.RequestContext)()),
58
72
  __metadata("design:type", Function),
59
- __metadata("design:paramtypes", [scope_owner_1.ScopeOwner]),
73
+ __metadata("design:paramtypes", [scope_owner_1.ScopeOwner, Object]),
60
74
  __metadata("design:returntype", Promise)
61
75
  ], ScopeOwnerController.prototype, "remove", null);
62
76
  exports.ScopeOwnerController = ScopeOwnerController = __decorate([
package/access/controllers/scope-owner.controller.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"scope-owner.controller.js","sourceRoot":"./","sources":["access/controllers/scope-owner.controller.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,4GAA8F;AAC9F,4FAA+E;AAC/E,4FAA+E;AAC/E,uDAAmD;AACnD,yEAAoE;AAG7D,IAAM,oBAAoB,GAA1B,MAAM,oBAAoB;IAE9B,YAA+B,iBAAoC;QAApC,sBAAiB,GAAjB,iBAAiB,CAAmB;IAAG,CAAC;IAGjE,AAAN,KAAK,CAAC,GAAG,CAAkB,OAAmB;QAC3C,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC;YACjD,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;SACxB,CAAC,CAAC;QAEH,IAAI,KAAK;YAAE,OAAO;QAElB,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC;YAC/B,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,SAAS,EAAE,OAAO,CAAC,SAAS;SAC9B,CAAC,CAAC;IACN,CAAC;IAGK,AAAN,KAAK,CAAC,MAAM,CAAkB,OAAmB;QAC9C,MAAM,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC;YACnC,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,MAAM,EAAE,OAAO,CAAC,MAAM;SACxB,CAAC,CAAC;IACN,CAAC;CACH,CAAA;AA7BY,oDAAoB;AAKxB;IADL,IAAA,yBAAM,GAAE;IACE,WAAA,IAAA,wCAAa,GAAE,CAAA;;qCAAU,wBAAU;;+CAc7C;AAGK;IADL,IAAA,yBAAM,GAAE;IACK,WAAA,IAAA,wCAAa,GAAE,CAAA;;qCAAU,wBAAU;;kDAMhD;+BA5BS,oBAAoB;IADhC,IAAA,iCAAU,GAAE;qCAGwC,uCAAiB;GAFzD,oBAAoB,CA6BhC"}
1
+ {"version":3,"file":"scope-owner.controller.js","sourceRoot":"./","sources":["access/controllers/scope-owner.controller.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,4GAA8F;AAC9F,4FAA+E;AAC/E,4FAA+E;AAC/E,sGAAwF;AAExF,uDAAmD;AACnD,yEAAoE;AACpE,0FAAoF;AAG7E,IAAM,oBAAoB,GAA1B,MAAM,oBAAoB;IAE9B,YAA+B,iBAAoC;QAApC,sBAAiB,GAAjB,iBAAiB,CAAmB;IAAG,CAAC;IAGjE,AAAN,KAAK,CAAC,GAAG,CACW,OAAmB,EAClB,cAA+B;QAEjD,MAAM,IAAA,sDAAwB,EAAC;YAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,MAAM,EAAE,cAAc,CAAC,OAAO,EAAE,MAAM;SACxC,CAAC,CAAC;QAEH,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC;YACjD,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;SACxB,CAAC,CAAC;QAEH,IAAI,KAAK;YAAE,OAAO;QAElB,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC;YAC/B,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,SAAS,EAAE,OAAO,CAAC,SAAS;SAC9B,CAAC,CAAC;IACN,CAAC;IAGK,AAAN,KAAK,CAAC,MAAM,CACQ,OAAmB,EAClB,cAA+B;QAEjD,MAAM,IAAA,sDAAwB,EAAC;YAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,MAAM,EAAE,cAAc,CAAC,OAAO,EAAE,MAAM;SACxC,CAAC,CAAC;QAEH,MAAM,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC;YACnC,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,MAAM,EAAE,OAAO,CAAC,MAAM;SACxB,CAAC,CAAC;IACN,CAAC;CACH,CAAA;AA/CY,oDAAoB;AAKxB;IADL,IAAA,yBAAM,GAAE;IAEL,WAAA,IAAA,wCAAa,GAAE,CAAA;IACf,WAAA,IAAA,0CAAc,GAAE,CAAA;;qCADS,wBAAU;;+CAsBtC;AAGK;IADL,IAAA,yBAAM,GAAE;IAEL,WAAA,IAAA,wCAAa,GAAE,CAAA;IACf,WAAA,IAAA,0CAAc,GAAE,CAAA;;qCADS,wBAAU;;kDActC;+BA9CS,oBAAoB;IADhC,IAAA,iCAAU,GAAE;qCAGwC,uCAAiB;GAFzD,oBAAoB,CA+ChC"}
package/access/controllers/scope-user.controller.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import { IRequestContext } from "../../core/interfaces/request-context";
1
+ import { CurrentSession, IRequestContext } from "../../core/interfaces/request-context";
2
2
  import { ScopeKeysUpdate } from "../models/scope-keys-update";
3
3
  import { ScopeUser } from "../models/scope-user";
4
4
  import { ScopeAccessService } from "../services/scope-access.service";
@@ -10,5 +10,5 @@ export declare class ScopeUserController {
10
10
  protected readonly scopeGroupService: ScopeGroupService;
11
11
  constructor(scopeOwnerService: ScopeOwnerService, scopeAccessService: ScopeAccessService, scopeGroupService: ScopeGroupService);
12
12
  updateKeys(content: ScopeKeysUpdate, requestContext: IRequestContext): Promise<void>;
13
- get(userId: string, contextName: string, contextId: string): Promise<ScopeUser>;
13
+ get(userId: string, contextName: string, contextId: string, session: CurrentSession): Promise<ScopeUser>;
14
14
  }
package/access/controllers/scope-user.controller.js CHANGED
@@ -22,11 +22,14 @@ const from_query_decorator_1 = require("../../controllers/decorators/http-method
22
22
  const get_decorator_1 = require("../../controllers/decorators/http-methods/get.decorator");
23
23
  const response_type_decorator_1 = require("../../controllers/decorators/http-methods/response-type.decorator");
24
24
  const request_context_decorator_1 = require("../../controllers/decorators/request-context.decorator");
25
+ const session_decorator_1 = require("../../controllers/decorators/session.decorator");
25
26
  const scope_keys_update_1 = require("../models/scope-keys-update");
26
27
  const scope_user_1 = require("../models/scope-user");
27
28
  const scope_access_service_1 = require("../services/scope-access.service");
28
29
  const scope_owner_service_1 = require("../services/scope-owner.service");
29
30
  const scope_group_service_1 = require("../services/scope-group.service");
31
+ const normalize_scope_keys_1 = require("../functions/normalize-scope-keys");
32
+ const assert_context_admin_access_1 = require("../functions/assert-context-admin-access");
30
33
  let ScopeUserController = class ScopeUserController {
31
34
  constructor(scopeOwnerService, scopeAccessService, scopeGroupService) {
32
35
  this.scopeOwnerService = scopeOwnerService;
@@ -39,12 +42,22 @@ let ScopeUserController = class ScopeUserController {
39
42
  message: 'A user cannot edit their own permissions'
40
43
  });
41
44
  }
42
- return this.scopeAccessService.updateKeys('user', content.contextName, content.contextId, content.targetId, content.keys);
45
+ await (0, assert_context_admin_access_1.assertContextAdminAccess)({
46
+ contextName: content.contextName,
47
+ contextId: content.contextId,
48
+ userId: requestContext.session?.userId,
49
+ });
50
+ return this.scopeAccessService.updateKeys('user', content.contextName, content.contextId, content.targetId, (0, normalize_scope_keys_1.normalizeScopeKeys)(content.keys));
43
51
  }
44
- async get(userId, contextName, contextId) {
52
+ async get(userId, contextName, contextId, session) {
53
+ await (0, assert_context_admin_access_1.assertContextAdminAccess)({
54
+ contextName,
55
+ contextId,
56
+ userId: session?.userId,
57
+ });
45
58
  const isOwner = await this
46
59
  .scopeOwnerService
47
- .getIsOwner(contextName, userId, !contextId ? null : contextId);
60
+ .getIsOwner(contextName, userId, contextId);
48
61
  const groups = await this
49
62
  .scopeGroupService
50
63
  .getUserGroups(userId, contextName, contextId);
@@ -62,7 +75,7 @@ let ScopeUserController = class ScopeUserController {
62
75
  userId: userId,
63
76
  contextId: contextId,
64
77
  groups: groups,
65
- keys: keys,
78
+ keys: (0, normalize_scope_keys_1.filterScopeAccessRows)(keys),
66
79
  isOwner
67
80
  };
68
81
  }
@@ -82,8 +95,9 @@ __decorate([
82
95
  __param(0, (0, from_params_decorator_1.FromParams)('userId')),
83
96
  __param(1, (0, from_params_decorator_1.FromParams)('contextName')),
84
97
  __param(2, (0, from_query_decorator_1.FromQuery)('contextId')),
98
+ __param(3, (0, session_decorator_1.Session)()),
85
99
  __metadata("design:type", Function),
86
- __metadata("design:paramtypes", [String, String, String]),
100
+ __metadata("design:paramtypes", [String, String, String, Object]),
87
101
  __metadata("design:returntype", Promise)
88
102
  ], ScopeUserController.prototype, "get", null);
89
103
  exports.ScopeUserController = ScopeUserController = __decorate([
package/access/controllers/scope-user.controller.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"scope-user.controller.js","sourceRoot":"./","sources":["access/controllers/scope-user.controller.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,6CAAkD;AAClD,4GAA8F;AAC9F,4FAA+E;AAC/E,4FAA+E;AAC/E,2GAA6F;AAC7F,yGAA2F;AAC3F,2FAA8E;AAC9E,+GAAiG;AACjG,sGAAwF;AAExF,mEAA8D;AAC9D,qDAAiD;AACjD,2EAAsE;AACtE,yEAAoE;AACpE,yEAAoE;AAG7D,IAAM,mBAAmB,GAAzB,MAAM,mBAAmB;IAE7B,YACsB,iBAAoC,EACpC,kBAAsC,EACtC,iBAAoC;QAFpC,sBAAiB,GAAjB,iBAAiB,CAAmB;QACpC,uBAAkB,GAAlB,kBAAkB,CAAoB;QACtC,sBAAiB,GAAjB,iBAAiB,CAAmB;IACvD,CAAC;IAGE,AAAN,KAAK,CAAC,UAAU,CACI,OAAwB,EACvB,cAA+B;QAEjD,IAAI,cAAc,CAAC,OAAO,CAAC,MAAM,KAAK,OAAO,CAAC,QAAQ,EAAE,CAAC;YACtD,MAAM,IAAI,uBAAc,CAAC;gBACtB,OAAO,EAAE,0CAA0C;aACrD,CAAC,CAAC;QACN,CAAC;QAED,OAAO,IAAI,CAAC,kBAAkB,CAAC,UAAU,CACtC,MAAM,EACN,OAAO,CAAC,WAAW,EACnB,OAAO,CAAC,SAAS,EACjB,OAAO,CAAC,QAAQ,EAChB,OAAO,CAAC,IAAI,CACd,CAAC;IACL,CAAC;IAIK,AAAN,KAAK,CAAC,GAAG,CACgB,MAAc,EACT,WAAmB,EACtB,SAAiB;QAEzC,MAAM,OAAO,GAAG,MAAM,IAAI;aACtB,iBAAiB;aACjB,UAAU,CACR,WAAW,EACX,MAAM,EACN,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAC/B,CAAC;QAEL,MAAM,MAAM,GAAG,MAAM,IAAI;aACrB,iBAAiB;aACjB,aAAa,CACX,MAAM,EACN,WAAW,EACX,SAAS,CACX,CAAC;QAEL,MAAM,IAAI,GAAG,MAAM,IAAI;aACnB,kBAAkB;aAClB,OAAO,CAAC;YACN,KAAK,EAAE;gBACJ,SAAS,EAAE,SAAS;gBACpB,WAAW,EAAE,WAAW;gBACxB,MAAM,EAAE,MAAM;aAChB;SACH,CAAC,CAAC;QAEN,OAAO;YACJ,WAAW,EAAE,WAAW;YACxB,MAAM,EAAE,MAAM;YACd,SAAS,EAAE,SAAS;YACpB,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,IAAI;YACV,OAAO;SACI,CAAC;IAClB,CAAC;CACH,CAAA;AAtEY,kDAAmB;AASvB;IADL,IAAA,yBAAM,GAAE;IAEL,WAAA,IAAA,wCAAa,GAAE,CAAA;IACf,WAAA,IAAA,0CAAc,GAAE,CAAA;;qCADS,mCAAe;;qDAgB3C;AAIK;IAFL,IAAA,sCAAY,EAAC,GAAG,EAAE,CAAC,sBAAS,CAAC;IAC7B,IAAA,mBAAG,EAAC,8BAA8B,CAAC;IAEhC,WAAA,IAAA,kCAAU,EAAC,QAAQ,CAAC,CAAA;IACpB,WAAA,IAAA,kCAAU,EAAC,aAAa,CAAC,CAAA;IACzB,WAAA,IAAA,gCAAS,EAAC,WAAW,CAAC,CAAA;;;;8CAoCzB;8BArES,mBAAmB;IAD/B,IAAA,iCAAU,GAAE;qCAI+B,uCAAiB;QAChB,yCAAkB;QACnB,uCAAiB;GALhD,mBAAmB,CAsE/B"}
1
+ {"version":3,"file":"scope-user.controller.js","sourceRoot":"./","sources":["access/controllers/scope-user.controller.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,6CAAkD;AAClD,4GAA8F;AAC9F,4FAA+E;AAC/E,4FAA+E;AAC/E,2GAA6F;AAC7F,yGAA2F;AAC3F,2FAA8E;AAC9E,+GAAiG;AACjG,sGAAwF;AACxF,sFAAyE;AAEzE,mEAA8D;AAC9D,qDAAiD;AACjD,2EAAsE;AACtE,yEAAoE;AACpE,yEAAoE;AACpE,4EAG2C;AAC3C,0FAAoF;AAG7E,IAAM,mBAAmB,GAAzB,MAAM,mBAAmB;IAE7B,YACsB,iBAAoC,EACpC,kBAAsC,EACtC,iBAAoC;QAFpC,sBAAiB,GAAjB,iBAAiB,CAAmB;QACpC,uBAAkB,GAAlB,kBAAkB,CAAoB;QACtC,sBAAiB,GAAjB,iBAAiB,CAAmB;IACvD,CAAC;IAGE,AAAN,KAAK,CAAC,UAAU,CACI,OAAwB,EACvB,cAA+B;QAEjD,IAAI,cAAc,CAAC,OAAO,CAAC,MAAM,KAAK,OAAO,CAAC,QAAQ,EAAE,CAAC;YACtD,MAAM,IAAI,uBAAc,CAAC;gBACtB,OAAO,EAAE,0CAA0C;aACrD,CAAC,CAAC;QACN,CAAC;QAED,MAAM,IAAA,sDAAwB,EAAC;YAC5B,WAAW,EAAE,OAAO,CAAC,WAAW;YAChC,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,MAAM,EAAE,cAAc,CAAC,OAAO,EAAE,MAAM;SACxC,CAAC,CAAC;QAEH,OAAO,IAAI,CAAC,kBAAkB,CAAC,UAAU,CACtC,MAAM,EACN,OAAO,CAAC,WAAW,EACnB,OAAO,CAAC,SAAS,EACjB,OAAO,CAAC,QAAQ,EAChB,IAAA,yCAAkB,EAAC,OAAO,CAAC,IAAI,CAAC,CAClC,CAAC;IACL,CAAC;IAIK,AAAN,KAAK,CAAC,GAAG,CACgB,MAAc,EACT,WAAmB,EACtB,SAAiB,EAC9B,OAAuB;QAElC,MAAM,IAAA,sDAAwB,EAAC;YAC5B,WAAW;YACX,SAAS;YACT,MAAM,EAAE,OAAO,EAAE,MAAM;SACzB,CAAC,CAAC;QAEH,MAAM,OAAO,GAAG,MAAM,IAAI;aACtB,iBAAiB;aACjB,UAAU,CACR,WAAW,EACX,MAAM,EACN,SAAS,CACX,CAAC;QAEL,MAAM,MAAM,GAAG,MAAM,IAAI;aACrB,iBAAiB;aACjB,aAAa,CACX,MAAM,EACN,WAAW,EACX,SAAS,CACX,CAAC;QAEL,MAAM,IAAI,GAAG,MAAM,IAAI;aACnB,kBAAkB;aAClB,OAAO,CAAC;YACN,KAAK,EAAE;gBACJ,SAAS,EAAE,SAAS;gBACpB,WAAW,EAAE,WAAW;gBACxB,MAAM,EAAE,MAAM;aAChB;SACH,CAAC,CAAC;QAEN,OAAO;YACJ,WAAW,EAAE,WAAW;YACxB,MAAM,EAAE,MAAM;YACd,SAAS,EAAE,SAAS;YACpB,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,IAAA,4CAAqB,EAAC,IAAI,CAAC;YACjC,OAAO;SACI,CAAC;IAClB,CAAC;CACH,CAAA;AAnFY,kDAAmB;AASvB;IADL,IAAA,yBAAM,GAAE;IAEL,WAAA,IAAA,wCAAa,GAAE,CAAA;IACf,WAAA,IAAA,0CAAc,GAAE,CAAA;;qCADS,mCAAe;;qDAsB3C;AAIK;IAFL,IAAA,sCAAY,EAAC,GAAG,EAAE,CAAC,sBAAS,CAAC;IAC7B,IAAA,mBAAG,EAAC,8BAA8B,CAAC;IAEhC,WAAA,IAAA,kCAAU,EAAC,QAAQ,CAAC,CAAA;IACpB,WAAA,IAAA,kCAAU,EAAC,aAAa,CAAC,CAAA;IACzB,WAAA,IAAA,gCAAS,EAAC,WAAW,CAAC,CAAA;IACtB,WAAA,IAAA,2BAAO,GAAE,CAAA;;;;8CA0CZ;8BAlFS,mBAAmB;IAD/B,IAAA,iCAAU,GAAE;qCAI+B,uCAAiB;QAChB,yCAAkB;QACnB,uCAAiB;GALhD,mBAAmB,CAmF/B"}
package/access/decorators/context-params.decorator.d.ts ADDED
@@ -0,0 +1,2 @@
1
+ /** Injects scope context resolve params for the current action. */
2
+ export declare const ContextParams: () => (target: any, propertyKey: string, index: number) => void;
package/access/decorators/context-params.decorator.js ADDED
@@ -0,0 +1,13 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.ContextParams = void 0;
4
+ const class_injector_1 = require("@rockster/class-injector");
5
+ const constants_1 = require("../constants");
6
+ /** Injects scope context resolve params for the current action. */
7
+ const ContextParams = () => {
8
+ return (target, propertyKey, index) => {
9
+ (0, class_injector_1.Inject)(constants_1.SCOPE_CONTEXT_PARAMS_KEY)(target, propertyKey, index);
10
+ };
11
+ };
12
+ exports.ContextParams = ContextParams;
13
+ //# sourceMappingURL=context-params.decorator.js.map
package/access/decorators/context-params.decorator.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"context-params.decorator.js","sourceRoot":"./","sources":["access/decorators/context-params.decorator.ts"],"names":[],"mappings":";;;AAAA,6DAAkD;AAClD,4CAAwD;AAExD,mEAAmE;AAC5D,MAAM,aAAa,GAAG,GAAG,EAAE;IAC/B,OAAO,CAAC,MAAM,EAAE,WAAmB,EAAE,KAAa,EAAE,EAAE;QACnD,IAAA,uBAAM,EAAC,oCAAwB,CAAC,CAAC,MAAM,EAAE,WAAW,EAAE,KAAK,CAAC,CAAC;IAChE,CAAC,CAAC;AACL,CAAC,CAAC;AAJW,QAAA,aAAa,iBAIxB"}
package/access/decorators/index.d.ts ADDED
@@ -0,0 +1,2 @@
1
+ export * from "./context-params.decorator";
2
+ export * from "./scope-context-id-resolver.decorator";
package/access/decorators/index.js ADDED
@@ -0,0 +1,19 @@
1
+ "use strict";
2
+ var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
3
+ if (k2 === undefined) k2 = k;
4
+ var desc = Object.getOwnPropertyDescriptor(m, k);
5
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
6
+ desc = { enumerable: true, get: function() { return m[k]; } };
7
+ }
8
+ Object.defineProperty(o, k2, desc);
9
+ }) : (function(o, m, k, k2) {
10
+ if (k2 === undefined) k2 = k;
11
+ o[k2] = m[k];
12
+ }));
13
+ var __exportStar = (this && this.__exportStar) || function(m, exports) {
14
+ for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
15
+ };
16
+ Object.defineProperty(exports, "__esModule", { value: true });
17
+ __exportStar(require("./context-params.decorator"), exports);
18
+ __exportStar(require("./scope-context-id-resolver.decorator"), exports);
19
+ //# sourceMappingURL=index.js.map
package/access/decorators/index.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"./","sources":["access/decorators/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,6DAA2C;AAC3C,wEAAsD"}
package/access/decorators/scope-context-id-resolver.decorator.d.ts ADDED
@@ -0,0 +1,10 @@
1
+ export type ScopeContextIdResolverOptions = {
2
+ /** Marks this method as the default resolver (resolveContextId). */
3
+ default?: boolean;
4
+ };
5
+ /**
6
+ * Marks a scope service method as a context id resolver.
7
+ * Executor name is always the method name (propertyKey).
8
+ * Use with @ContextParams() and optional action decorators (@QueryContent, @PostContent, …).
9
+ */
10
+ export declare function ScopeContextIdResolver(options?: ScopeContextIdResolverOptions): (target: any, propertyKey: string) => void;
package/access/decorators/scope-context-id-resolver.decorator.js ADDED
@@ -0,0 +1,22 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.ScopeContextIdResolver = ScopeContextIdResolver;
4
+ const class_injector_1 = require("@rockster/class-injector");
5
+ /**
6
+ * Marks a scope service method as a context id resolver.
7
+ * Executor name is always the method name (propertyKey).
8
+ * Use with @ContextParams() and optional action decorators (@QueryContent, @PostContent, …).
9
+ */
10
+ function ScopeContextIdResolver(options) {
11
+ return (target, propertyKey) => {
12
+ (0, class_injector_1.markExecutable)(target, propertyKey);
13
+ const property = classInjector
14
+ .storage
15
+ .createProperty(target, propertyKey);
16
+ property.scopeContextIdResolver = true;
17
+ if (options?.default === true) {
18
+ property.defaultScopeContextIdResolver = true;
19
+ }
20
+ };
21
+ }
22
+ //# sourceMappingURL=scope-context-id-resolver.decorator.js.map
package/access/decorators/scope-context-id-resolver.decorator.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"scope-context-id-resolver.decorator.js","sourceRoot":"./","sources":["access/decorators/scope-context-id-resolver.decorator.ts"],"names":[],"mappings":";;AAYA,wDAeC;AA3BD,6DAA0D;AAO1D;;;;GAIG;AACH,SAAgB,sBAAsB,CACnC,OAAuC;IAEvC,OAAO,CAAC,MAAM,EAAE,WAAmB,EAAE,EAAE;QACpC,IAAA,+BAAc,EAAC,MAAM,EAAE,WAAW,CAAC,CAAC;QACpC,MAAM,QAAQ,GAAG,aAAa;aAC1B,OAAO;aACP,cAAc,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;QAExC,QAAQ,CAAC,sBAAsB,GAAG,IAAI,CAAC;QAEvC,IAAI,OAAO,EAAE,OAAO,KAAK,IAAI,EAAE,CAAC;YAC7B,QAAQ,CAAC,6BAA6B,GAAG,IAAI,CAAC;QACjD,CAAC;IACJ,CAAC,CAAC;AACL,CAAC"}
package/access/entities/entities.d.ts CHANGED
@@ -1,6 +1,8 @@
1
1
  import { ScopeUserMapped } from "../models/scope-user-mapped";
2
2
  import { ScopeAccess } from "./scope-access";
3
+ import { ScopeAccessProfile } from "./scope-access-profile";
4
+ import { ScopeAccessProfileKey } from "./scope-access-profile-key";
3
5
  import { ScopeGroupUser } from "./scope-group-user";
4
6
  import { ScopeKey } from "./scope-key";
5
7
  import { ScopeOwner } from "./scope-owner";
6
- export declare const entities: (typeof ScopeKey | typeof ScopeAccess | typeof ScopeOwner | typeof ScopeUserMapped | typeof ScopeGroupUser)[];
8
+ export declare const entities: (typeof ScopeKey | typeof ScopeAccessProfileKey | typeof ScopeAccessProfile | typeof ScopeAccess | typeof ScopeOwner | typeof ScopeUserMapped | typeof ScopeGroupUser)[];
package/access/entities/entities.js CHANGED
@@ -3,12 +3,16 @@ Object.defineProperty(exports, "__esModule", { value: true });
3
3
  exports.entities = void 0;
4
4
  const scope_user_mapped_1 = require("../models/scope-user-mapped");
5
5
  const scope_access_1 = require("./scope-access");
6
+ const scope_access_profile_1 = require("./scope-access-profile");
7
+ const scope_access_profile_key_1 = require("./scope-access-profile-key");
6
8
  const scope_group_1 = require("./scope-group");
7
9
  const scope_group_user_1 = require("./scope-group-user");
8
10
  const scope_key_1 = require("./scope-key");
9
11
  const scope_owner_1 = require("./scope-owner");
10
12
  exports.entities = [
11
13
  scope_access_1.ScopeAccess,
14
+ scope_access_profile_1.ScopeAccessProfile,
15
+ scope_access_profile_key_1.ScopeAccessProfileKey,
12
16
  scope_group_user_1.ScopeGroupUser,
13
17
  scope_group_1.ScopeGroup,
14
18
  scope_key_1.ScopeKey,
package/access/entities/entities.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"entities.js","sourceRoot":"./","sources":["access/entities/entities.ts"],"names":[],"mappings":";;;AAAA,mEAA8D;AAC9D,iDAA6C;AAC7C,+CAA2C;AAC3C,yDAAoD;AACpD,2CAAuC;AACvC,+CAA2C;AAE9B,QAAA,QAAQ,GAAG;IACrB,0BAAW;IACX,iCAAc;IACd,wBAAU;IACV,oBAAQ;IACR,wBAAU;IACV,mCAAe;CACjB,CAAC"}
1
+ {"version":3,"file":"entities.js","sourceRoot":"./","sources":["access/entities/entities.ts"],"names":[],"mappings":";;;AAAA,mEAA8D;AAC9D,iDAA6C;AAC7C,iEAA4D;AAC5D,yEAAmE;AACnE,+CAA2C;AAC3C,yDAAoD;AACpD,2CAAuC;AACvC,+CAA2C;AAE9B,QAAA,QAAQ,GAAG;IACrB,0BAAW;IACX,yCAAkB;IAClB,gDAAqB;IACrB,iCAAc;IACd,wBAAU;IACV,oBAAQ;IACR,wBAAU;IACV,mCAAe;CACjB,CAAC"}
package/access/entities/index.d.ts CHANGED
@@ -1,4 +1,6 @@
1
1
  export * from './scope-access';
2
+ export * from './scope-access-profile';
3
+ export * from './scope-access-profile-key';
2
4
  export * from './scope-group-user';
3
5
  export * from './scope-group';
4
6
  export * from './scope-key';
package/access/entities/index.js CHANGED
@@ -15,6 +15,8 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
15
15
  };
16
16
  Object.defineProperty(exports, "__esModule", { value: true });
17
17
  __exportStar(require("./scope-access"), exports);
18
+ __exportStar(require("./scope-access-profile"), exports);
19
+ __exportStar(require("./scope-access-profile-key"), exports);
18
20
  __exportStar(require("./scope-group-user"), exports);
19
21
  __exportStar(require("./scope-group"), exports);
20
22
  __exportStar(require("./scope-key"), exports);
package/access/entities/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"./","sources":["access/entities/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,iDAA+B;AAC/B,qDAAmC;AACnC,gDAA8B;AAC9B,8CAA4B;AAC5B,gDAA8B"}
1
+ {"version":3,"file":"index.js","sourceRoot":"./","sources":["access/entities/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,iDAA+B;AAC/B,yDAAuC;AACvC,6DAA2C;AAC3C,qDAAmC;AACnC,gDAA8B;AAC9B,8CAA4B;AAC5B,gDAA8B"}
package/access/entities/scope-access-profile-key.d.ts ADDED
@@ -0,0 +1,6 @@
1
+ import { IScopeAccessProfileKey } from "@rockster/common/access";
2
+ import { BaseEntity } from "../../common/entities/base-entity";
3
+ export declare class ScopeAccessProfileKey extends BaseEntity implements IScopeAccessProfileKey {
4
+ scopeAccessProfileId: string;
5
+ key?: string;
6
+ }
package/access/entities/scope-access-profile-key.js ADDED
@@ -0,0 +1,40 @@
1
+ "use strict";
2
+ var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
3
+ var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
4
+ if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
5
+ else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
6
+ return c > 3 && r && Object.defineProperty(target, key, r), r;
7
+ };
8
+ var __metadata = (this && this.__metadata) || function (k, v) {
9
+ if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
10
+ };
11
+ Object.defineProperty(exports, "__esModule", { value: true });
12
+ exports.ScopeAccessProfileKey = void 0;
13
+ const base_entity_1 = require("../../common/entities/base-entity");
14
+ const entity_decorator_1 = require("../../database/decorators/entity.decorator");
15
+ const class_pipe_1 = require("@rockster/class-pipe");
16
+ const relation_decorator_1 = require("../../database/decorators/relation.decorator");
17
+ const scope_key_1 = require("./scope-key");
18
+ const scope_access_profile_1 = require("./scope-access-profile");
19
+ const typeorm_1 = require("typeorm");
20
+ let ScopeAccessProfileKey = class ScopeAccessProfileKey extends base_entity_1.BaseEntity {
21
+ };
22
+ exports.ScopeAccessProfileKey = ScopeAccessProfileKey;
23
+ __decorate([
24
+ (0, class_pipe_1.Expose)(),
25
+ (0, class_pipe_1.IsRequired)(),
26
+ (0, class_pipe_1.IsString)(),
27
+ (0, typeorm_1.Index)(),
28
+ (0, relation_decorator_1.Relation)(() => scope_access_profile_1.ScopeAccessProfile),
29
+ __metadata("design:type", String)
30
+ ], ScopeAccessProfileKey.prototype, "scopeAccessProfileId", void 0);
31
+ __decorate([
32
+ (0, class_pipe_1.Expose)(),
33
+ (0, class_pipe_1.IsString)(),
34
+ (0, relation_decorator_1.Relation)(() => scope_key_1.ScopeKey, { nullable: true }),
35
+ __metadata("design:type", String)
36
+ ], ScopeAccessProfileKey.prototype, "key", void 0);
37
+ exports.ScopeAccessProfileKey = ScopeAccessProfileKey = __decorate([
38
+ (0, entity_decorator_1.Entity)()
39
+ ], ScopeAccessProfileKey);
40
+ //# sourceMappingURL=scope-access-profile-key.js.map
package/access/entities/scope-access-profile-key.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"scope-access-profile-key.js","sourceRoot":"./","sources":["access/entities/scope-access-profile-key.ts"],"names":[],"mappings":";;;;;;;;;;;;AACA,mEAA+D;AAC/D,iFAAoE;AACpE,qDAAoE;AAEpE,qFAAwE;AACxE,2CAAuC;AACvC,iEAA4D;AAC5D,qCAAgC;AAGzB,IAAM,qBAAqB,GAA3B,MAAM,qBACV,SAAQ,wBAAU;CAepB,CAAA;AAhBY,sDAAqB;AAU/B;IALC,IAAA,mBAAM,GAAE;IACR,IAAA,uBAAU,GAAE;IACZ,IAAA,qBAAQ,GAAE;IACV,IAAA,eAAK,GAAE;IACP,IAAA,6BAAQ,EAAC,GAAG,EAAE,CAAC,yCAAkB,CAAC;;mEACN;AAK7B;IAHC,IAAA,mBAAM,GAAE;IACR,IAAA,qBAAQ,GAAE;IACV,IAAA,6BAAQ,EAAC,GAAG,EAAE,CAAC,oBAAQ,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;kDAChC;gCAfH,qBAAqB;IADjC,IAAA,yBAAM,GAAE;GACI,qBAAqB,CAgBjC"}
package/access/entities/scope-access-profile.d.ts ADDED
@@ -0,0 +1,6 @@
1
+ import { IScopeAccessProfile, IScopeAccessProfileKey } from "@rockster/common/access";
2
+ import { BaseEntity } from "../../common/entities/base-entity";
3
+ export declare class ScopeAccessProfile extends BaseEntity implements IScopeAccessProfile {
4
+ name: string;
5
+ keys?: IScopeAccessProfileKey[];
6
+ }
package/access/entities/scope-access-profile.js ADDED
@@ -0,0 +1,37 @@
1
+ "use strict";
2
+ var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
3
+ var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
4
+ if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
5
+ else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
6
+ return c > 3 && r && Object.defineProperty(target, key, r), r;
7
+ };
8
+ var __metadata = (this && this.__metadata) || function (k, v) {
9
+ if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
10
+ };
11
+ Object.defineProperty(exports, "__esModule", { value: true });
12
+ exports.ScopeAccessProfile = void 0;
13
+ const base_entity_1 = require("../../common/entities/base-entity");
14
+ const entity_decorator_1 = require("../../database/decorators/entity.decorator");
15
+ const column_decorator_1 = require("../../database/decorators/column.decorator");
16
+ const class_pipe_1 = require("@rockster/class-pipe");
17
+ const scope_access_profile_key_1 = require("./scope-access-profile-key");
18
+ let ScopeAccessProfile = class ScopeAccessProfile extends base_entity_1.BaseEntity {
19
+ };
20
+ exports.ScopeAccessProfile = ScopeAccessProfile;
21
+ __decorate([
22
+ (0, class_pipe_1.Expose)(),
23
+ (0, class_pipe_1.IsRequired)(),
24
+ (0, class_pipe_1.IsString)(),
25
+ (0, column_decorator_1.Column)(),
26
+ __metadata("design:type", String)
27
+ ], ScopeAccessProfile.prototype, "name", void 0);
28
+ __decorate([
29
+ (0, class_pipe_1.Expose)(),
30
+ (0, class_pipe_1.IsArray)(),
31
+ (0, class_pipe_1.IsType)(() => scope_access_profile_key_1.ScopeAccessProfileKey),
32
+ __metadata("design:type", Array)
33
+ ], ScopeAccessProfile.prototype, "keys", void 0);
34
+ exports.ScopeAccessProfile = ScopeAccessProfile = __decorate([
35
+ (0, entity_decorator_1.Entity)()
36
+ ], ScopeAccessProfile);
37
+ //# sourceMappingURL=scope-access-profile.js.map
package/access/entities/scope-access-profile.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"scope-access-profile.js","sourceRoot":"./","sources":["access/entities/scope-access-profile.ts"],"names":[],"mappings":";;;;;;;;;;;;AAIA,mEAA+D;AAC/D,iFAAoE;AACpE,iFAAoE;AACpE,qDAM8B;AAC9B,yEAAmE;AAG5D,IAAM,kBAAkB,GAAxB,MAAM,kBACV,SAAQ,wBAAU;CAepB,CAAA;AAhBY,gDAAkB;AAS5B;IAJC,IAAA,mBAAM,GAAE;IACR,IAAA,uBAAU,GAAE;IACZ,IAAA,qBAAQ,GAAE;IACV,IAAA,yBAAM,GAAE;;gDACI;AAMb;IAHC,IAAA,mBAAM,GAAE;IACR,IAAA,oBAAO,GAAE;IACT,IAAA,mBAAM,EAAC,GAAG,EAAE,CAAC,gDAAqB,CAAC;;gDACJ;6BAftB,kBAAkB;IAD9B,IAAA,yBAAM,GAAE;GACI,kBAAkB,CAgB9B"}
package/access/entities/scope-group.d.ts CHANGED
@@ -1,9 +1,12 @@
1
1
  import { IScopeAccess, IScopeGroup } from "@rockster/common/access";
2
2
  import { BaseEntity } from "../../common/entities/base-entity";
3
+ import { ScopeAccessProfile } from "./scope-access-profile";
3
4
  export declare class ScopeGroup extends BaseEntity implements IScopeGroup {
4
5
  contextName: string;
5
6
  contextId?: string;
6
7
  isReadOnly?: boolean;
7
8
  name: string;
9
+ scopeAccessProfileId?: string;
8
10
  keys?: IScopeAccess[];
11
+ scopeAccessProfile?: ScopeAccessProfile;
9
12
  }
package/access/entities/scope-group.js CHANGED
@@ -14,7 +14,9 @@ const base_entity_1 = require("../../common/entities/base-entity");
14
14
  const entity_decorator_1 = require("../../database/decorators/entity.decorator");
15
15
  const column_decorator_1 = require("../../database/decorators/column.decorator");
16
16
  const class_pipe_1 = require("@rockster/class-pipe");
17
+ const relation_decorator_1 = require("../../database/decorators/relation.decorator");
17
18
  const scope_access_1 = require("./scope-access");
19
+ const scope_access_profile_1 = require("./scope-access-profile");
18
20
  let ScopeGroup = class ScopeGroup extends base_entity_1.BaseEntity {
19
21
  };
20
22
  exports.ScopeGroup = ScopeGroup;
@@ -47,9 +49,23 @@ __decorate([
47
49
  ], ScopeGroup.prototype, "name", void 0);
48
50
  __decorate([
49
51
  (0, class_pipe_1.Expose)(),
52
+ (0, class_pipe_1.IsOptional)(),
53
+ (0, class_pipe_1.IsString)(),
54
+ (0, relation_decorator_1.Relation)(() => scope_access_profile_1.ScopeAccessProfile, { nullable: true }),
55
+ __metadata("design:type", String)
56
+ ], ScopeGroup.prototype, "scopeAccessProfileId", void 0);
57
+ __decorate([
58
+ (0, class_pipe_1.Expose)(),
59
+ (0, class_pipe_1.IsArray)(),
50
60
  (0, class_pipe_1.IsType)(() => scope_access_1.ScopeAccess),
51
61
  __metadata("design:type", Array)
52
62
  ], ScopeGroup.prototype, "keys", void 0);
63
+ __decorate([
64
+ (0, class_pipe_1.Expose)(),
65
+ (0, class_pipe_1.IsOptional)(),
66
+ (0, class_pipe_1.IsType)(() => scope_access_profile_1.ScopeAccessProfile),
67
+ __metadata("design:type", scope_access_profile_1.ScopeAccessProfile)
68
+ ], ScopeGroup.prototype, "scopeAccessProfile", void 0);
53
69
  exports.ScopeGroup = ScopeGroup = __decorate([
54
70
  (0, entity_decorator_1.Entity)()
55
71
  ], ScopeGroup);
package/access/entities/scope-group.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"scope-group.js","sourceRoot":"./","sources":["access/entities/scope-group.ts"],"names":[],"mappings":";;;;;;;;;;;;AAIA,mEAA+D;AAC/D,iFAAoE;AACpE,iFAAoE;AACpE,qDAO8B;AAC9B,iDAA6C;AAGtC,IAAM,UAAU,GAAhB,MAAM,UACV,SAAQ,wBAAU;CA+BpB,CAAA;AAhCY,gCAAU;AASpB;IAJC,IAAA,mBAAM,GAAE;IACR,IAAA,uBAAU,GAAE;IACZ,IAAA,qBAAQ,GAAE;IACV,IAAA,yBAAM,GAAE;;+CACW;AAMpB;IAJC,IAAA,mBAAM,GAAE;IACR,IAAA,uBAAU,GAAE;IACZ,IAAA,qBAAQ,GAAE;IACV,IAAA,yBAAM,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;6CACR;AAKnB;IAHC,IAAA,mBAAM,GAAE;IACR,IAAA,sBAAS,GAAE;IACX,IAAA,yBAAM,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;8CACN;AAMrB;IAJC,IAAA,mBAAM,GAAE;IACR,IAAA,uBAAU,GAAE;IACZ,IAAA,qBAAQ,GAAE;IACV,IAAA,yBAAM,GAAE;;wCACI;AAKb;IAFC,IAAA,mBAAM,GAAE;IACR,IAAA,mBAAM,EAAC,GAAG,EAAE,CAAC,0BAAW,CAAC;;wCACJ;qBA/BZ,UAAU;IADtB,IAAA,yBAAM,GAAE;GACI,UAAU,CAgCtB"}
1
+ {"version":3,"file":"scope-group.js","sourceRoot":"./","sources":["access/entities/scope-group.ts"],"names":[],"mappings":";;;;;;;;;;;;AAIA,mEAA+D;AAC/D,iFAAoE;AACpE,iFAAoE;AACpE,qDAQ8B;AAC9B,qFAAwE;AACxE,iDAA6C;AAC7C,iEAA4D;AAGrD,IAAM,UAAU,GAAhB,MAAM,UACV,SAAQ,wBAAU;CA2CpB,CAAA;AA5CY,gCAAU;AASpB;IAJC,IAAA,mBAAM,GAAE;IACR,IAAA,uBAAU,GAAE;IACZ,IAAA,qBAAQ,GAAE;IACV,IAAA,yBAAM,GAAE;;+CACW;AAMpB;IAJC,IAAA,mBAAM,GAAE;IACR,IAAA,uBAAU,GAAE;IACZ,IAAA,qBAAQ,GAAE;IACV,IAAA,yBAAM,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;6CACR;AAKnB;IAHC,IAAA,mBAAM,GAAE;IACR,IAAA,sBAAS,GAAE;IACX,IAAA,yBAAM,EAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;8CACN;AAMrB;IAJC,IAAA,mBAAM,GAAE;IACR,IAAA,uBAAU,GAAE;IACZ,IAAA,qBAAQ,GAAE;IACV,IAAA,yBAAM,GAAE;;wCACI;AAMb;IAJC,IAAA,mBAAM,GAAE;IACR,IAAA,uBAAU,GAAE;IACZ,IAAA,qBAAQ,GAAE;IACV,IAAA,6BAAQ,EAAC,GAAG,EAAE,CAAC,yCAAkB,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;;wDACzB;AAM9B;IAHC,IAAA,mBAAM,GAAE;IACR,IAAA,oBAAO,GAAE;IACT,IAAA,mBAAM,EAAC,GAAG,EAAE,CAAC,0BAAW,CAAC;;wCACJ;AAKtB;IAHC,IAAA,mBAAM,GAAE;IACR,IAAA,uBAAU,GAAE;IACZ,IAAA,mBAAM,EAAC,GAAG,EAAE,CAAC,yCAAkB,CAAC;8BACZ,yCAAkB;sDAAC;qBA3C9B,UAAU;IADtB,IAAA,yBAAM,GAAE;GACI,UAAU,CA4CtB"}
package/access/functions/assert-context-admin-access.d.ts ADDED
@@ -0,0 +1,15 @@
1
+ /**
2
+ * Gate for IAM-management actions (the access controllers: scope keys, groups,
3
+ * owners, access profiles). For the given context it requires the caller to be
4
+ * the **owner**, hold the context **admin** key, or hold the platform **master**
5
+ * key at the hierarchy root.
6
+ *
7
+ * Back-compat: a context that was NOT registered with an admin hierarchy
8
+ * (no `root` / `rootScope` / `adminKey` via `registerScope`) is left ungated, so
9
+ * apps that don't use this hierarchy keep their previous behavior.
10
+ */
11
+ export declare function assertContextAdminAccess(options: {
12
+ contextName: string;
13
+ contextId?: string;
14
+ userId?: string;
15
+ }): Promise<void>;
package/access/functions/assert-context-admin-access.js ADDED
@@ -0,0 +1,62 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.assertContextAdminAccess = assertContextAdminAccess;
4
+ const common_1 = require("@rockster/common");
5
+ const env_1 = require("../env");
6
+ const get_is_owner_1 = require("./get-is-owner");
7
+ const get_user_keys_1 = require("./get-user-keys");
8
+ /**
9
+ * Gate for IAM-management actions (the access controllers: scope keys, groups,
10
+ * owners, access profiles). For the given context it requires the caller to be
11
+ * the **owner**, hold the context **admin** key, or hold the platform **master**
12
+ * key at the hierarchy root.
13
+ *
14
+ * Back-compat: a context that was NOT registered with an admin hierarchy
15
+ * (no `root` / `rootScope` / `adminKey` via `registerScope`) is left ungated, so
16
+ * apps that don't use this hierarchy keep their previous behavior.
17
+ */
18
+ async function assertContextAdminAccess(options) {
19
+ const { contextName, contextId, userId } = options;
20
+ const registry = env_1.env.scopeServiceRegistry.get(contextName);
21
+ const hasHierarchy = !!(registry?.adminKey || registry?.root || registry?.rootScope);
22
+ if (!hasHierarchy) {
23
+ return;
24
+ }
25
+ if (!userId) {
26
+ throw new common_1.UnauthorizedError();
27
+ }
28
+ // Owner of the context.
29
+ if (await (0, get_is_owner_1.getIsOwner)(contextName, userId, contextId)) {
30
+ return;
31
+ }
32
+ const userKeys = contextId
33
+ ? await (0, get_user_keys_1.getUserKeys)(userId, contextId)
34
+ : await (0, get_user_keys_1.getUserKeys)(userId);
35
+ // Context admin.
36
+ if (registry?.adminKey && userKeys.includes(registry.adminKey)) {
37
+ return;
38
+ }
39
+ // Platform master at the hierarchy root.
40
+ let rootContextId;
41
+ let masterKey;
42
+ if (registry?.root) {
43
+ rootContextId = contextId;
44
+ masterKey = registry.masterKey;
45
+ }
46
+ else if (registry?.rootScope) {
47
+ masterKey = env_1.env.scopeServiceRegistry.get(registry.rootScope)?.masterKey;
48
+ rootContextId = contextId
49
+ ? await registry.instance?.resolveRootContextId?.(contextId)
50
+ : undefined;
51
+ }
52
+ if (masterKey && rootContextId) {
53
+ const rootKeys = await (0, get_user_keys_1.getUserKeys)(userId, rootContextId);
54
+ if (rootKeys.includes(masterKey)) {
55
+ return;
56
+ }
57
+ }
58
+ throw new common_1.ForbiddenError({
59
+ message: "Requires owner, admin or master access for this context",
60
+ });
61
+ }
62
+ //# sourceMappingURL=assert-context-admin-access.js.map
package/access/functions/assert-context-admin-access.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"assert-context-admin-access.js","sourceRoot":"./","sources":["access/functions/assert-context-admin-access.ts"],"names":[],"mappings":";;AAeA,4DAwDC;AAvED,6CAAqE;AACrE,gCAA6B;AAC7B,iDAA4C;AAC5C,mDAA8C;AAE9C;;;;;;;;;GASG;AACI,KAAK,UAAU,wBAAwB,CAAC,OAI9C;IACE,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;IACnD,MAAM,QAAQ,GAAG,SAAG,CAAC,oBAAoB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IAE3D,MAAM,YAAY,GAAG,CAAC,CAAC,CACpB,QAAQ,EAAE,QAAQ,IAAI,QAAQ,EAAE,IAAI,IAAI,QAAQ,EAAE,SAAS,CAC7D,CAAC;IACF,IAAI,CAAC,YAAY,EAAE,CAAC;QACjB,OAAO;IACV,CAAC;IAED,IAAI,CAAC,MAAM,EAAE,CAAC;QACX,MAAM,IAAI,0BAAiB,EAAE,CAAC;IACjC,CAAC;IAED,wBAAwB;IACxB,IAAI,MAAM,IAAA,yBAAU,EAAC,WAAW,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,CAAC;QACpD,OAAO;IACV,CAAC;IAED,MAAM,QAAQ,GAAG,SAAS;QACvB,CAAC,CAAC,MAAM,IAAA,2BAAW,EAAC,MAAM,EAAE,SAAS,CAAC;QACtC,CAAC,CAAC,MAAM,IAAA,2BAAW,EAAC,MAAM,CAAC,CAAC;IAE/B,iBAAiB;IACjB,IAAI,QAAQ,EAAE,QAAQ,IAAI,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC9D,OAAO;IACV,CAAC;IAED,yCAAyC;IACzC,IAAI,aAAiC,CAAC;IACtC,IAAI,SAA6B,CAAC;IAClC,IAAI,QAAQ,EAAE,IAAI,EAAE,CAAC;QAClB,aAAa,GAAG,SAAS,CAAC;QAC1B,SAAS,GAAG,QAAQ,CAAC,SAAS,CAAC;IAClC,CAAC;SAAM,IAAI,QAAQ,EAAE,SAAS,EAAE,CAAC;QAC9B,SAAS,GAAG,SAAG,CAAC,oBAAoB,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,SAAS,CAAC;QACxE,aAAa,GAAG,SAAS;YACtB,CAAC,CAAC,MAAM,QAAQ,CAAC,QAAQ,EAAE,oBAAoB,EAAE,CAAC,SAAS,CAAC;YAC5D,CAAC,CAAC,SAAS,CAAC;IAClB,CAAC;IAED,IAAI,SAAS,IAAI,aAAa,EAAE,CAAC;QAC9B,MAAM,QAAQ,GAAG,MAAM,IAAA,2BAAW,EAAC,MAAM,EAAE,aAAa,CAAC,CAAC;QAC1D,IAAI,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;YAChC,OAAO;QACV,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,uBAAc,CAAC;QACtB,OAAO,EAAE,yDAAyD;KACpE,CAAC,CAAC;AACN,CAAC"}
package/access/functions/assert-master-or-owner.d.ts ADDED
@@ -0,0 +1,9 @@
1
+ /**
2
+ * Gate for GLOBAL IAM resources that have no context (e.g. access profiles).
3
+ * Allows the platform **master** (holds any registered master key, granted at
4
+ * any context) or any **owner**. Context admins do NOT pass.
5
+ *
6
+ * Back-compat: if no scope registered a master key, the master branch is simply
7
+ * skipped — only owners pass.
8
+ */
9
+ export declare function assertMasterOrOwner(userId?: string): Promise<void>;
package/access/functions/assert-master-or-owner.js ADDED
@@ -0,0 +1,40 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.assertMasterOrOwner = assertMasterOrOwner;
4
+ const common_1 = require("@rockster/common");
5
+ const env_1 = require("../env");
6
+ const get_user_keys_1 = require("./get-user-keys");
7
+ /**
8
+ * Gate for GLOBAL IAM resources that have no context (e.g. access profiles).
9
+ * Allows the platform **master** (holds any registered master key, granted at
10
+ * any context) or any **owner**. Context admins do NOT pass.
11
+ *
12
+ * Back-compat: if no scope registered a master key, the master branch is simply
13
+ * skipped — only owners pass.
14
+ */
15
+ async function assertMasterOrOwner(userId) {
16
+ if (!userId) {
17
+ throw new common_1.UnauthorizedError();
18
+ }
19
+ // Master: holds any registered master key.
20
+ const masterKeys = new Set();
21
+ for (const registry of env_1.env.scopeServiceRegistry.values()) {
22
+ if (registry.masterKey) {
23
+ masterKeys.add(registry.masterKey);
24
+ }
25
+ }
26
+ if (masterKeys.size > 0) {
27
+ const userKeys = await (0, get_user_keys_1.getUserKeys)(userId);
28
+ if (userKeys.some((key) => masterKeys.has(key))) {
29
+ return;
30
+ }
31
+ }
32
+ // Owner of any context.
33
+ if (await env_1.env.scopeOwnerService.getHasAnyOwnership(userId)) {
34
+ return;
35
+ }
36
+ throw new common_1.ForbiddenError({
37
+ message: "Requires master or owner access",
38
+ });
39
+ }
40
+ //# sourceMappingURL=assert-master-or-owner.js.map
package/access/functions/assert-master-or-owner.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"assert-master-or-owner.js","sourceRoot":"./","sources":["access/functions/assert-master-or-owner.ts"],"names":[],"mappings":";;AAYA,kDA2BC;AAvCD,6CAAqE;AACrE,gCAA6B;AAC7B,mDAA8C;AAE9C;;;;;;;GAOG;AACI,KAAK,UAAU,mBAAmB,CAAC,MAAe;IACtD,IAAI,CAAC,MAAM,EAAE,CAAC;QACX,MAAM,IAAI,0BAAiB,EAAE,CAAC;IACjC,CAAC;IAED,2CAA2C;IAC3C,MAAM,UAAU,GAAG,IAAI,GAAG,EAAU,CAAC;IACrC,KAAK,MAAM,QAAQ,IAAI,SAAG,CAAC,oBAAoB,CAAC,MAAM,EAAE,EAAE,CAAC;QACxD,IAAI,QAAQ,CAAC,SAAS,EAAE,CAAC;YACtB,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;QACtC,CAAC;IACJ,CAAC;IACD,IAAI,UAAU,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;QACvB,MAAM,QAAQ,GAAG,MAAM,IAAA,2BAAW,EAAC,MAAM,CAAC,CAAC;QAC3C,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;YAC/C,OAAO;QACV,CAAC;IACJ,CAAC;IAED,wBAAwB;IACxB,IAAI,MAAM,SAAG,CAAC,iBAAiB,CAAC,kBAAkB,CAAC,MAAM,CAAC,EAAE,CAAC;QAC1D,OAAO;IACV,CAAC;IAED,MAAM,IAAI,uBAAc,CAAC;QACtB,OAAO,EAAE,iCAAiC;KAC5C,CAAC,CAAC;AACN,CAAC"}