@stamhoofd/structures 2.22.0 → 2.24.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +28 -20
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +28 -20
- package/dist/index.js.map +1 -1
- package/dist/src/AccessRight.d.ts +34 -0
- package/dist/src/AccessRight.d.ts.map +1 -0
- package/dist/src/AccessRight.js +104 -0
- package/dist/src/AccessRight.js.map +1 -0
- package/dist/src/Group.d.ts +9 -22
- package/dist/src/Group.d.ts.map +1 -1
- package/dist/src/Group.js +14 -29
- package/dist/src/Group.js.map +1 -1
- package/dist/src/GroupCategory.d.ts +5 -4
- package/dist/src/GroupCategory.d.ts.map +1 -1
- package/dist/src/GroupCategory.js +10 -9
- package/dist/src/GroupCategory.js.map +1 -1
- package/dist/src/GroupPrivateSettings.d.ts +1 -1
- package/dist/src/GroupPrivateSettings.d.ts.map +1 -1
- package/dist/src/GroupPrivateSettings.js +3 -3
- package/dist/src/GroupPrivateSettings.js.map +1 -1
- package/dist/src/GroupType.d.ts +15 -0
- package/dist/src/GroupType.d.ts.map +1 -0
- package/dist/src/GroupType.js +21 -0
- package/dist/src/GroupType.js.map +1 -0
- package/dist/src/LoadedPermissions.d.ts +32 -0
- package/dist/src/LoadedPermissions.d.ts.map +1 -0
- package/dist/src/LoadedPermissions.js +230 -0
- package/dist/src/LoadedPermissions.js.map +1 -0
- package/dist/src/MemberResponsibility.d.ts +2 -1
- package/dist/src/MemberResponsibility.d.ts.map +1 -1
- package/dist/src/MemberResponsibility.js +13 -10
- package/dist/src/MemberResponsibility.js.map +1 -1
- package/dist/src/Organization.d.ts +2 -3
- package/dist/src/Organization.d.ts.map +1 -1
- package/dist/src/Organization.js.map +1 -1
- package/dist/src/OrganizationMetaData.d.ts +2 -2
- package/dist/src/OrganizationMetaData.d.ts.map +1 -1
- package/dist/src/OrganizationMetaData.js +2 -2
- package/dist/src/OrganizationMetaData.js.map +1 -1
- package/dist/src/OrganizationPrivateMetaData.d.ts +1 -1
- package/dist/src/OrganizationPrivateMetaData.d.ts.map +1 -1
- package/dist/src/OrganizationPrivateMetaData.js +3 -3
- package/dist/src/OrganizationPrivateMetaData.js.map +1 -1
- package/dist/src/PermissionLevel.d.ts +18 -0
- package/dist/src/PermissionLevel.d.ts.map +1 -0
- package/dist/src/PermissionLevel.js +64 -0
- package/dist/src/PermissionLevel.js.map +1 -0
- package/dist/src/PermissionRole.d.ts +34 -0
- package/dist/src/PermissionRole.d.ts.map +1 -0
- package/dist/src/PermissionRole.js +212 -0
- package/dist/src/PermissionRole.js.map +1 -0
- package/dist/src/Permissions.d.ts +7 -159
- package/dist/src/Permissions.d.ts.map +1 -1
- package/dist/src/Permissions.js +13 -770
- package/dist/src/Permissions.js.map +1 -1
- package/dist/src/PermissionsByRole.d.ts +24 -0
- package/dist/src/PermissionsByRole.d.ts.map +1 -0
- package/dist/src/PermissionsByRole.js +97 -0
- package/dist/src/PermissionsByRole.js.map +1 -0
- package/dist/src/PermissionsResourceType.d.ts +12 -0
- package/dist/src/PermissionsResourceType.d.ts.map +1 -0
- package/dist/src/PermissionsResourceType.js +25 -0
- package/dist/src/PermissionsResourceType.js.map +1 -0
- package/dist/src/Platform.d.ts +14 -1
- package/dist/src/Platform.d.ts.map +1 -1
- package/dist/src/Platform.js +48 -4
- package/dist/src/Platform.js.map +1 -1
- package/dist/src/RegistrationPeriod.d.ts +3 -2
- package/dist/src/RegistrationPeriod.d.ts.map +1 -1
- package/dist/src/RegistrationPeriod.js +45 -2
- package/dist/src/RegistrationPeriod.js.map +1 -1
- package/dist/src/ResourcePermissions.d.ts +29 -0
- package/dist/src/ResourcePermissions.d.ts.map +1 -0
- package/dist/src/ResourcePermissions.js +77 -0
- package/dist/src/ResourcePermissions.js.map +1 -0
- package/dist/src/SetupSteps.d.ts +4 -2
- package/dist/src/SetupSteps.d.ts.map +1 -1
- package/dist/src/SetupSteps.js +2 -0
- package/dist/src/SetupSteps.js.map +1 -1
- package/dist/src/UserPermissions.d.ts +3 -1
- package/dist/src/UserPermissions.d.ts.map +1 -1
- package/dist/src/UserPermissions.js +9 -6
- package/dist/src/UserPermissions.js.map +1 -1
- package/dist/src/Version.d.ts +1 -1
- package/dist/src/Version.js +1 -1
- package/dist/src/email/EmailTemplate.d.ts +2 -1
- package/dist/src/email/EmailTemplate.d.ts.map +1 -1
- package/dist/src/email/EmailTemplate.js +16 -8
- package/dist/src/email/EmailTemplate.js.map +1 -1
- package/dist/src/members/Member.d.ts +1 -1
- package/dist/src/members/MemberResponsibilityRecord.d.ts +5 -1
- package/dist/src/members/MemberResponsibilityRecord.d.ts.map +1 -1
- package/dist/src/members/MemberResponsibilityRecord.js +21 -10
- package/dist/src/members/MemberResponsibilityRecord.js.map +1 -1
- package/dist/src/members/MemberWithRegistrationsBlob.d.ts +1 -1
- package/dist/src/members/MemberWithRegistrationsBlob.d.ts.map +1 -1
- package/dist/src/members/MemberWithRegistrationsBlob.js +1 -1
- package/dist/src/members/MemberWithRegistrationsBlob.js.map +1 -1
- package/dist/src/members/OrganizationRecordsConfiguration.d.ts +1 -1
- package/dist/src/members/OrganizationRecordsConfiguration.d.ts.map +1 -1
- package/dist/src/members/OrganizationRecordsConfiguration.js +4 -4
- package/dist/src/members/OrganizationRecordsConfiguration.js.map +1 -1
- package/dist/src/members/PlatformMember.d.ts +4 -3
- package/dist/src/members/PlatformMember.d.ts.map +1 -1
- package/dist/src/members/PlatformMember.js +10 -26
- package/dist/src/members/PlatformMember.js.map +1 -1
- package/dist/src/members/checkout/RegisterCart.d.ts +2 -2
- package/dist/src/members/checkout/RegisterCart.d.ts.map +1 -1
- package/dist/src/members/checkout/RegisterCart.js +33 -3
- package/dist/src/members/checkout/RegisterCart.js.map +1 -1
- package/dist/src/members/checkout/RegisterCheckout.d.ts +1 -0
- package/dist/src/members/checkout/RegisterCheckout.d.ts.map +1 -1
- package/dist/src/members/checkout/RegisterCheckout.js +5 -1
- package/dist/src/members/checkout/RegisterCheckout.js.map +1 -1
- package/dist/src/members/checkout/RegisterItem.d.ts +1 -0
- package/dist/src/members/checkout/RegisterItem.d.ts.map +1 -1
- package/dist/src/members/checkout/RegisterItem.js +27 -6
- package/dist/src/members/checkout/RegisterItem.js.map +1 -1
- package/dist/src/members/records/RecordAnswer.d.ts +1 -0
- package/dist/src/members/records/RecordAnswer.d.ts.map +1 -1
- package/dist/src/members/records/RecordAnswer.js +6 -0
- package/dist/src/members/records/RecordAnswer.js.map +1 -1
- package/dist/src/members/records/RecordSettings.d.ts +2 -3
- package/dist/src/members/records/RecordSettings.d.ts.map +1 -1
- package/dist/src/members/records/RecordSettings.js +0 -7
- package/dist/src/members/records/RecordSettings.js.map +1 -1
- package/dist/src/webshops/WebshopMetaData.d.ts +2 -2
- package/dist/src/webshops/WebshopMetaData.d.ts.map +1 -1
- package/dist/src/webshops/WebshopMetaData.js +5 -5
- package/dist/src/webshops/WebshopMetaData.js.map +1 -1
- package/esm/dist/index.d.ts +28 -20
- package/esm/dist/index.d.ts.map +1 -1
- package/esm/dist/index.js +28 -20
- package/esm/dist/index.js.map +1 -1
- package/esm/dist/src/AccessRight.d.ts +34 -0
- package/esm/dist/src/AccessRight.d.ts.map +1 -0
- package/esm/dist/src/AccessRight.js +100 -0
- package/esm/dist/src/AccessRight.js.map +1 -0
- package/esm/dist/src/Group.d.ts +9 -22
- package/esm/dist/src/Group.d.ts.map +1 -1
- package/esm/dist/src/Group.js +5 -20
- package/esm/dist/src/Group.js.map +1 -1
- package/esm/dist/src/GroupCategory.d.ts +5 -4
- package/esm/dist/src/GroupCategory.d.ts.map +1 -1
- package/esm/dist/src/GroupCategory.js +4 -3
- package/esm/dist/src/GroupCategory.js.map +1 -1
- package/esm/dist/src/GroupPrivateSettings.d.ts +1 -1
- package/esm/dist/src/GroupPrivateSettings.d.ts.map +1 -1
- package/esm/dist/src/GroupPrivateSettings.js +1 -1
- package/esm/dist/src/GroupPrivateSettings.js.map +1 -1
- package/esm/dist/src/GroupType.d.ts +15 -0
- package/esm/dist/src/GroupType.d.ts.map +1 -0
- package/esm/dist/src/GroupType.js +18 -0
- package/esm/dist/src/GroupType.js.map +1 -0
- package/esm/dist/src/LoadedPermissions.d.ts +32 -0
- package/esm/dist/src/LoadedPermissions.d.ts.map +1 -0
- package/esm/dist/src/LoadedPermissions.js +226 -0
- package/esm/dist/src/LoadedPermissions.js.map +1 -0
- package/esm/dist/src/MemberResponsibility.d.ts +2 -1
- package/esm/dist/src/MemberResponsibility.d.ts.map +1 -1
- package/esm/dist/src/MemberResponsibility.js +4 -1
- package/esm/dist/src/MemberResponsibility.js.map +1 -1
- package/esm/dist/src/Organization.d.ts +2 -3
- package/esm/dist/src/Organization.d.ts.map +1 -1
- package/esm/dist/src/Organization.js.map +1 -1
- package/esm/dist/src/OrganizationMetaData.d.ts +2 -2
- package/esm/dist/src/OrganizationMetaData.d.ts.map +1 -1
- package/esm/dist/src/OrganizationMetaData.js +2 -2
- package/esm/dist/src/OrganizationMetaData.js.map +1 -1
- package/esm/dist/src/OrganizationPrivateMetaData.d.ts +1 -1
- package/esm/dist/src/OrganizationPrivateMetaData.d.ts.map +1 -1
- package/esm/dist/src/OrganizationPrivateMetaData.js +1 -1
- package/esm/dist/src/OrganizationPrivateMetaData.js.map +1 -1
- package/esm/dist/src/PermissionLevel.d.ts +18 -0
- package/esm/dist/src/PermissionLevel.d.ts.map +1 -0
- package/esm/dist/src/PermissionLevel.js +57 -0
- package/esm/dist/src/PermissionLevel.js.map +1 -0
- package/esm/dist/src/PermissionRole.d.ts +34 -0
- package/esm/dist/src/PermissionRole.d.ts.map +1 -0
- package/esm/dist/src/PermissionRole.js +206 -0
- package/esm/dist/src/PermissionRole.js.map +1 -0
- package/esm/dist/src/Permissions.d.ts +7 -159
- package/esm/dist/src/Permissions.d.ts.map +1 -1
- package/esm/dist/src/Permissions.js +7 -752
- package/esm/dist/src/Permissions.js.map +1 -1
- package/esm/dist/src/PermissionsByRole.d.ts +24 -0
- package/esm/dist/src/PermissionsByRole.d.ts.map +1 -0
- package/esm/dist/src/PermissionsByRole.js +93 -0
- package/esm/dist/src/PermissionsByRole.js.map +1 -0
- package/esm/dist/src/PermissionsResourceType.d.ts +12 -0
- package/esm/dist/src/PermissionsResourceType.d.ts.map +1 -0
- package/esm/dist/src/PermissionsResourceType.js +21 -0
- package/esm/dist/src/PermissionsResourceType.js.map +1 -0
- package/esm/dist/src/Platform.d.ts +14 -1
- package/esm/dist/src/Platform.d.ts.map +1 -1
- package/esm/dist/src/Platform.js +44 -2
- package/esm/dist/src/Platform.js.map +1 -1
- package/esm/dist/src/RegistrationPeriod.d.ts +3 -2
- package/esm/dist/src/RegistrationPeriod.d.ts.map +1 -1
- package/esm/dist/src/RegistrationPeriod.js +45 -2
- package/esm/dist/src/RegistrationPeriod.js.map +1 -1
- package/esm/dist/src/ResourcePermissions.d.ts +29 -0
- package/esm/dist/src/ResourcePermissions.d.ts.map +1 -0
- package/esm/dist/src/ResourcePermissions.js +73 -0
- package/esm/dist/src/ResourcePermissions.js.map +1 -0
- package/esm/dist/src/SetupSteps.d.ts +4 -2
- package/esm/dist/src/SetupSteps.d.ts.map +1 -1
- package/esm/dist/src/SetupSteps.js +2 -0
- package/esm/dist/src/SetupSteps.js.map +1 -1
- package/esm/dist/src/UserPermissions.d.ts +3 -1
- package/esm/dist/src/UserPermissions.d.ts.map +1 -1
- package/esm/dist/src/UserPermissions.js +4 -1
- package/esm/dist/src/UserPermissions.js.map +1 -1
- package/esm/dist/src/Version.d.ts +1 -1
- package/esm/dist/src/Version.js +1 -1
- package/esm/dist/src/email/EmailTemplate.d.ts +2 -1
- package/esm/dist/src/email/EmailTemplate.d.ts.map +1 -1
- package/esm/dist/src/email/EmailTemplate.js +16 -8
- package/esm/dist/src/email/EmailTemplate.js.map +1 -1
- package/esm/dist/src/members/Member.d.ts +1 -1
- package/esm/dist/src/members/MemberResponsibilityRecord.d.ts +5 -1
- package/esm/dist/src/members/MemberResponsibilityRecord.d.ts.map +1 -1
- package/esm/dist/src/members/MemberResponsibilityRecord.js +18 -8
- package/esm/dist/src/members/MemberResponsibilityRecord.js.map +1 -1
- package/esm/dist/src/members/MemberWithRegistrationsBlob.d.ts +1 -1
- package/esm/dist/src/members/MemberWithRegistrationsBlob.d.ts.map +1 -1
- package/esm/dist/src/members/MemberWithRegistrationsBlob.js +1 -1
- package/esm/dist/src/members/MemberWithRegistrationsBlob.js.map +1 -1
- package/esm/dist/src/members/OrganizationRecordsConfiguration.d.ts +1 -1
- package/esm/dist/src/members/OrganizationRecordsConfiguration.d.ts.map +1 -1
- package/esm/dist/src/members/OrganizationRecordsConfiguration.js +2 -2
- package/esm/dist/src/members/OrganizationRecordsConfiguration.js.map +1 -1
- package/esm/dist/src/members/PlatformMember.d.ts +4 -3
- package/esm/dist/src/members/PlatformMember.d.ts.map +1 -1
- package/esm/dist/src/members/PlatformMember.js +6 -22
- package/esm/dist/src/members/PlatformMember.js.map +1 -1
- package/esm/dist/src/members/checkout/RegisterCart.d.ts +2 -2
- package/esm/dist/src/members/checkout/RegisterCart.d.ts.map +1 -1
- package/esm/dist/src/members/checkout/RegisterCart.js +33 -3
- package/esm/dist/src/members/checkout/RegisterCart.js.map +1 -1
- package/esm/dist/src/members/checkout/RegisterCheckout.d.ts +1 -0
- package/esm/dist/src/members/checkout/RegisterCheckout.d.ts.map +1 -1
- package/esm/dist/src/members/checkout/RegisterCheckout.js +5 -1
- package/esm/dist/src/members/checkout/RegisterCheckout.js.map +1 -1
- package/esm/dist/src/members/checkout/RegisterItem.d.ts +1 -0
- package/esm/dist/src/members/checkout/RegisterItem.d.ts.map +1 -1
- package/esm/dist/src/members/checkout/RegisterItem.js +23 -2
- package/esm/dist/src/members/checkout/RegisterItem.js.map +1 -1
- package/esm/dist/src/members/records/RecordAnswer.d.ts +1 -0
- package/esm/dist/src/members/records/RecordAnswer.d.ts.map +1 -1
- package/esm/dist/src/members/records/RecordAnswer.js +6 -0
- package/esm/dist/src/members/records/RecordAnswer.js.map +1 -1
- package/esm/dist/src/members/records/RecordSettings.d.ts +2 -3
- package/esm/dist/src/members/records/RecordSettings.d.ts.map +1 -1
- package/esm/dist/src/members/records/RecordSettings.js +0 -7
- package/esm/dist/src/members/records/RecordSettings.js.map +1 -1
- package/esm/dist/src/webshops/WebshopMetaData.d.ts +2 -2
- package/esm/dist/src/webshops/WebshopMetaData.d.ts.map +1 -1
- package/esm/dist/src/webshops/WebshopMetaData.js +1 -1
- package/esm/dist/src/webshops/WebshopMetaData.js.map +1 -1
- package/package.json +2 -2
package/dist/src/Permissions.js
CHANGED
|
@@ -1,549 +1,13 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.
|
|
4
|
-
exports.getPermissionLevelNumber = getPermissionLevelNumber;
|
|
5
|
-
exports.maximumPermissionlevel = maximumPermissionlevel;
|
|
6
|
-
exports.minimumPermissionLevel = minimumPermissionLevel;
|
|
7
|
-
exports.getPermissionLevelName = getPermissionLevelName;
|
|
8
|
-
exports.getPermissionResourceTypeName = getPermissionResourceTypeName;
|
|
3
|
+
exports.Permissions = void 0;
|
|
9
4
|
const tslib_1 = require("tslib");
|
|
10
5
|
const simple_encoding_1 = require("@simonbackx/simple-encoding");
|
|
11
|
-
const utility_1 = require("@stamhoofd/utility");
|
|
12
|
-
const uuid_1 = require("uuid");
|
|
13
6
|
const MemberResponsibilityRecord_1 = require("./members/MemberResponsibilityRecord");
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
(function (PermissionLevel) {
|
|
19
|
-
/** No access */
|
|
20
|
-
PermissionLevel["None"] = "None";
|
|
21
|
-
/** Read all data, but not allowed to write */
|
|
22
|
-
PermissionLevel["Read"] = "Read";
|
|
23
|
-
/** Read, write, add, delete child data, but not allowed to modify settings */
|
|
24
|
-
PermissionLevel["Write"] = "Write";
|
|
25
|
-
/** Full access */
|
|
26
|
-
PermissionLevel["Full"] = "Full";
|
|
27
|
-
})(PermissionLevel || (exports.PermissionLevel = PermissionLevel = {}));
|
|
28
|
-
/**
|
|
29
|
-
* More granular access rights to specific things in the system
|
|
30
|
-
*/
|
|
31
|
-
var AccessRight;
|
|
32
|
-
(function (AccessRight) {
|
|
33
|
-
// Platform level permissions
|
|
34
|
-
/**
|
|
35
|
-
* Allows the user to log in as a full-access admin to a specific organization
|
|
36
|
-
*/
|
|
37
|
-
AccessRight["PlatformLoginAs"] = "PlatformLoginAs";
|
|
38
|
-
// Organization level permissions
|
|
39
|
-
AccessRight["OrganizationCreateWebshops"] = "OrganizationCreateWebshops";
|
|
40
|
-
AccessRight["OrganizationManagePayments"] = "OrganizationManagePayments";
|
|
41
|
-
AccessRight["OrganizationFinanceDirector"] = "OrganizationFinanceDirector";
|
|
42
|
-
AccessRight["OrganizationCreateGroups"] = "OrganizationCreateGroups";
|
|
43
|
-
// Member data access rights
|
|
44
|
-
// Note: in order to read or write any data at all, a user first needs to have normal resource access to a group, category or organization
|
|
45
|
-
// So general data (name, birthday, gender, address, email, parents, emergency contacts) access can be controlled in that way (this doesn't have a separate access right).
|
|
46
|
-
AccessRight["MemberReadFinancialData"] = "MemberReadFinancialData";
|
|
47
|
-
AccessRight["MemberWriteFinancialData"] = "MemberWriteFinancialData";
|
|
48
|
-
// Webshop level permissions
|
|
49
|
-
AccessRight["WebshopScanTickets"] = "WebshopScanTickets";
|
|
50
|
-
})(AccessRight || (exports.AccessRight = AccessRight = {}));
|
|
51
|
-
class AccessRightHelper {
|
|
52
|
-
static getName(right) {
|
|
53
|
-
switch (right) {
|
|
54
|
-
case AccessRight.PlatformLoginAs: return 'Inloggen als hoofdbeheerder';
|
|
55
|
-
case AccessRight.OrganizationFinanceDirector: return 'Toegang tot volledige boekhouding';
|
|
56
|
-
case AccessRight.OrganizationManagePayments: return 'Overschrijvingen beheren';
|
|
57
|
-
case AccessRight.OrganizationCreateWebshops: return 'Webshops maken';
|
|
58
|
-
case AccessRight.OrganizationCreateGroups: return 'Groepen maken';
|
|
59
|
-
case AccessRight.WebshopScanTickets: return 'Tickets scannen';
|
|
60
|
-
// Member data
|
|
61
|
-
case AccessRight.MemberReadFinancialData: return 'Bekijk rekening leden';
|
|
62
|
-
case AccessRight.MemberWriteFinancialData: return 'Bewerk rekening leden';
|
|
63
|
-
}
|
|
64
|
-
}
|
|
65
|
-
static getNameShort(right) {
|
|
66
|
-
switch (right) {
|
|
67
|
-
case AccessRight.PlatformLoginAs: return 'Inloggen';
|
|
68
|
-
case AccessRight.OrganizationFinanceDirector: return 'Boekhouding';
|
|
69
|
-
case AccessRight.OrganizationManagePayments: return 'Overschrijvingen';
|
|
70
|
-
case AccessRight.OrganizationCreateWebshops: return 'Maken';
|
|
71
|
-
case AccessRight.OrganizationCreateGroups: return 'Maken';
|
|
72
|
-
case AccessRight.WebshopScanTickets: return 'Scannen';
|
|
73
|
-
// Member data
|
|
74
|
-
case AccessRight.MemberReadFinancialData: return 'Lidgeld bekijken';
|
|
75
|
-
case AccessRight.MemberWriteFinancialData: return 'Lidgeld bewerken';
|
|
76
|
-
}
|
|
77
|
-
}
|
|
78
|
-
static getDescription(right) {
|
|
79
|
-
switch (right) {
|
|
80
|
-
case AccessRight.PlatformLoginAs: return 'inloggen als hoofdbeheerder';
|
|
81
|
-
case AccessRight.OrganizationFinanceDirector: return 'volledige boekhouding';
|
|
82
|
-
case AccessRight.OrganizationManagePayments: return 'overschrijvingen';
|
|
83
|
-
case AccessRight.OrganizationCreateWebshops: return 'webshops maken';
|
|
84
|
-
case AccessRight.OrganizationCreateGroups: return 'groepen maken';
|
|
85
|
-
case AccessRight.WebshopScanTickets: return 'scannen van tickets';
|
|
86
|
-
// Member data
|
|
87
|
-
case AccessRight.MemberReadFinancialData: return 'Openstaande bedragen bekijken';
|
|
88
|
-
case AccessRight.MemberWriteFinancialData: return 'Openstaande bedragen bewerken';
|
|
89
|
-
}
|
|
90
|
-
}
|
|
91
|
-
static getLongDescription(right) {
|
|
92
|
-
switch (right) {
|
|
93
|
-
case AccessRight.OrganizationFinanceDirector: return 'Beheerders met deze toegang krijgen toegang tot alle financiële gegevens van de organisatie, en kunnen overschrijvingen als betaald markeren.';
|
|
94
|
-
case AccessRight.OrganizationManagePayments: return 'Beheerders met deze toegang kunnen openstaande overschrijvingen bekijken en markeren als betaald.';
|
|
95
|
-
// Member data
|
|
96
|
-
case AccessRight.MemberReadFinancialData: return 'Bekijk hoeveel een lid precies heeft betaald of nog moet betalen, en bekijk of het lid recht heeft op een verlaagd tarief.';
|
|
97
|
-
case AccessRight.MemberWriteFinancialData: return 'Voeg openstaande bedragen toe of verwijder ze, en pas de betaalstatus van een lid aan.';
|
|
98
|
-
}
|
|
99
|
-
return null;
|
|
100
|
-
}
|
|
101
|
-
/**
|
|
102
|
-
* If a user has a certain permission level, automatically grant the specific access right
|
|
103
|
-
* By default only full permissions gives all access rights, but you can tweak it:
|
|
104
|
-
* E.g., give webshop scan rights if you also have write access to that webshop
|
|
105
|
-
*/
|
|
106
|
-
static autoGrantRightForLevel(right) {
|
|
107
|
-
switch (right) {
|
|
108
|
-
case AccessRight.WebshopScanTickets: return PermissionLevel.Write;
|
|
109
|
-
}
|
|
110
|
-
return PermissionLevel.Full;
|
|
111
|
-
}
|
|
112
|
-
/**
|
|
113
|
-
* Automatically grant a user access rights if they have a certain right
|
|
114
|
-
*/
|
|
115
|
-
static autoInheritFrom(right) {
|
|
116
|
-
switch (right) {
|
|
117
|
-
// Finance director also has manage payments permissions automatically
|
|
118
|
-
case AccessRight.OrganizationManagePayments: return [AccessRight.OrganizationFinanceDirector];
|
|
119
|
-
// Finance director also can view and edit member financial data
|
|
120
|
-
case AccessRight.MemberReadFinancialData: return [AccessRight.OrganizationFinanceDirector, AccessRight.MemberWriteFinancialData];
|
|
121
|
-
case AccessRight.MemberWriteFinancialData: return [AccessRight.OrganizationFinanceDirector];
|
|
122
|
-
}
|
|
123
|
-
return [];
|
|
124
|
-
}
|
|
125
|
-
}
|
|
126
|
-
exports.AccessRightHelper = AccessRightHelper;
|
|
127
|
-
function getPermissionLevelNumber(level) {
|
|
128
|
-
switch (level) {
|
|
129
|
-
case PermissionLevel.None: return 0;
|
|
130
|
-
case PermissionLevel.Read: return 1;
|
|
131
|
-
case PermissionLevel.Write: return 2;
|
|
132
|
-
case PermissionLevel.Full: return 3;
|
|
133
|
-
default: {
|
|
134
|
-
const l = level; // will throw compile error if new levels are added without editing this method
|
|
135
|
-
throw new Error("Unknown permission level " + l);
|
|
136
|
-
}
|
|
137
|
-
}
|
|
138
|
-
}
|
|
139
|
-
function maximumPermissionlevel(...levels) {
|
|
140
|
-
let max = PermissionLevel.None;
|
|
141
|
-
for (const level of levels) {
|
|
142
|
-
if (getPermissionLevelNumber(level) > getPermissionLevelNumber(max)) {
|
|
143
|
-
max = level;
|
|
144
|
-
}
|
|
145
|
-
}
|
|
146
|
-
return max;
|
|
147
|
-
}
|
|
148
|
-
function minimumPermissionLevel(...levels) {
|
|
149
|
-
let min = levels[0];
|
|
150
|
-
for (const level of levels) {
|
|
151
|
-
if (getPermissionLevelNumber(level) < getPermissionLevelNumber(min)) {
|
|
152
|
-
min = level;
|
|
153
|
-
}
|
|
154
|
-
}
|
|
155
|
-
return min;
|
|
156
|
-
}
|
|
157
|
-
function getPermissionLevelName(level) {
|
|
158
|
-
switch (level) {
|
|
159
|
-
case PermissionLevel.None: return 'Geen basistoegang';
|
|
160
|
-
case PermissionLevel.Read: return 'Lezen';
|
|
161
|
-
case PermissionLevel.Write: return 'Bewerken';
|
|
162
|
-
case PermissionLevel.Full: return 'Volledige toegang';
|
|
163
|
-
default: {
|
|
164
|
-
const l = level; // will throw compile error if new levels are added without editing this method
|
|
165
|
-
throw new Error("Unknown permission level " + l);
|
|
166
|
-
}
|
|
167
|
-
}
|
|
168
|
-
}
|
|
169
|
-
class PermissionRole extends simple_encoding_1.AutoEncoder {
|
|
170
|
-
constructor() {
|
|
171
|
-
super(...arguments);
|
|
172
|
-
this.name = "";
|
|
173
|
-
}
|
|
174
|
-
}
|
|
175
|
-
exports.PermissionRole = PermissionRole;
|
|
176
|
-
tslib_1.__decorate([
|
|
177
|
-
(0, simple_encoding_1.field)({ decoder: simple_encoding_1.StringDecoder, defaultValue: () => (0, uuid_1.v4)() })
|
|
178
|
-
], PermissionRole.prototype, "id", void 0);
|
|
179
|
-
tslib_1.__decorate([
|
|
180
|
-
(0, simple_encoding_1.field)({ decoder: simple_encoding_1.StringDecoder })
|
|
181
|
-
], PermissionRole.prototype, "name", void 0);
|
|
182
|
-
/**
|
|
183
|
-
* More granular access rights to specific things in the system
|
|
184
|
-
*/
|
|
185
|
-
var PermissionsResourceType;
|
|
186
|
-
(function (PermissionsResourceType) {
|
|
187
|
-
PermissionsResourceType["Webshops"] = "Webshops";
|
|
188
|
-
PermissionsResourceType["Groups"] = "Groups";
|
|
189
|
-
PermissionsResourceType["GroupCategories"] = "GroupCategories";
|
|
190
|
-
PermissionsResourceType["OrganizationTags"] = "OrganizationTags";
|
|
191
|
-
PermissionsResourceType["RecordCategories"] = "RecordCategory";
|
|
192
|
-
})(PermissionsResourceType || (exports.PermissionsResourceType = PermissionsResourceType = {}));
|
|
193
|
-
function getPermissionResourceTypeName(type, plural = true) {
|
|
194
|
-
switch (type) {
|
|
195
|
-
case PermissionsResourceType.Webshops: return plural ? 'webshops' : 'webshop';
|
|
196
|
-
case PermissionsResourceType.Groups: return plural ? 'inschrijvingsgroepen' : 'inschrijvingsgroep';
|
|
197
|
-
case PermissionsResourceType.GroupCategories: return plural ? 'categorieën' : 'categorie';
|
|
198
|
-
case PermissionsResourceType.OrganizationTags: return plural ? 'tags' : 'tag';
|
|
199
|
-
case PermissionsResourceType.RecordCategories: return plural ? 'vragenlijsten' : 'vragenlijst';
|
|
200
|
-
}
|
|
201
|
-
}
|
|
202
|
-
/**
|
|
203
|
-
* More granular access rights to specific things in the system
|
|
204
|
-
*/
|
|
205
|
-
class ResourcePermissions extends simple_encoding_1.AutoEncoder {
|
|
206
|
-
constructor() {
|
|
207
|
-
super(...arguments);
|
|
208
|
-
/**
|
|
209
|
-
* This is a cache so we can display the role description without fetching all resources
|
|
210
|
-
*/
|
|
211
|
-
this.resourceName = "";
|
|
212
|
-
/**
|
|
213
|
-
* Setting it to full gives all possible permissions for the resource
|
|
214
|
-
* Read/Write depends on resource
|
|
215
|
-
*/
|
|
216
|
-
this.level = PermissionLevel.None;
|
|
217
|
-
/**
|
|
218
|
-
* More granular permissions related to this resource
|
|
219
|
-
*/
|
|
220
|
-
this.accessRights = [];
|
|
221
|
-
}
|
|
222
|
-
hasAccess(level) {
|
|
223
|
-
return getPermissionLevelNumber(this.level) >= getPermissionLevelNumber(level);
|
|
224
|
-
}
|
|
225
|
-
hasAccessRight(right) {
|
|
226
|
-
const gl = AccessRightHelper.autoGrantRightForLevel(right);
|
|
227
|
-
return (gl && this.hasAccess(gl)) || this.accessRights.includes(right);
|
|
228
|
-
}
|
|
229
|
-
createInsertPatch(type, resourceId, roleOrPermissions) {
|
|
230
|
-
const patch = roleOrPermissions.static.patch({});
|
|
231
|
-
// First check if we need to insert the type
|
|
232
|
-
if (roleOrPermissions.resources.get(type)) {
|
|
233
|
-
// We need to patch
|
|
234
|
-
const p = new simple_encoding_1.PatchMap();
|
|
235
|
-
p.set(resourceId, this);
|
|
236
|
-
patch.resources.set(type, p);
|
|
237
|
-
}
|
|
238
|
-
else {
|
|
239
|
-
// No resources with this type yet
|
|
240
|
-
const p = new Map();
|
|
241
|
-
p.set(resourceId, this);
|
|
242
|
-
patch.resources.set(type, p);
|
|
243
|
-
}
|
|
244
|
-
return patch;
|
|
245
|
-
}
|
|
246
|
-
merge(other) {
|
|
247
|
-
const p = new ResourcePermissions();
|
|
248
|
-
p.level = this.level;
|
|
249
|
-
p.accessRights = this.accessRights.slice();
|
|
250
|
-
if (getPermissionLevelNumber(other.level) > getPermissionLevelNumber(p.level)) {
|
|
251
|
-
p.level = other.level;
|
|
252
|
-
}
|
|
253
|
-
for (const right of other.accessRights) {
|
|
254
|
-
if (!p.accessRights.includes(right)) {
|
|
255
|
-
p.accessRights.push(right);
|
|
256
|
-
}
|
|
257
|
-
}
|
|
258
|
-
return p;
|
|
259
|
-
}
|
|
260
|
-
}
|
|
261
|
-
exports.ResourcePermissions = ResourcePermissions;
|
|
262
|
-
tslib_1.__decorate([
|
|
263
|
-
(0, simple_encoding_1.field)({ decoder: simple_encoding_1.StringDecoder, field: 'n' })
|
|
264
|
-
], ResourcePermissions.prototype, "resourceName", void 0);
|
|
265
|
-
tslib_1.__decorate([
|
|
266
|
-
(0, simple_encoding_1.field)({ decoder: new simple_encoding_1.EnumDecoder(PermissionLevel), field: "l" })
|
|
267
|
-
], ResourcePermissions.prototype, "level", void 0);
|
|
268
|
-
tslib_1.__decorate([
|
|
269
|
-
(0, simple_encoding_1.field)({ decoder: new simple_encoding_1.ArrayDecoder(new simple_encoding_1.EnumDecoder(AccessRight)), field: "r" })
|
|
270
|
-
], ResourcePermissions.prototype, "accessRights", void 0);
|
|
271
|
-
class PermissionRoleDetailed extends PermissionRole {
|
|
272
|
-
constructor() {
|
|
273
|
-
super(...arguments);
|
|
274
|
-
/**
|
|
275
|
-
* Generic access to all resources
|
|
276
|
-
*/
|
|
277
|
-
this.level = PermissionLevel.None;
|
|
278
|
-
this.accessRights = [];
|
|
279
|
-
this.resources = new Map();
|
|
280
|
-
this.legacyManagePayments = false;
|
|
281
|
-
this.legacyFinanceDirector = false;
|
|
282
|
-
this.legacyCreateWebshops = false;
|
|
283
|
-
}
|
|
284
|
-
getDescription() {
|
|
285
|
-
const stack = [];
|
|
286
|
-
if (this.level === PermissionLevel.Read) {
|
|
287
|
-
stack.push("alles lezen");
|
|
288
|
-
}
|
|
289
|
-
if (this.level === PermissionLevel.Write) {
|
|
290
|
-
stack.push("alles bewerken");
|
|
291
|
-
}
|
|
292
|
-
if (this.level === PermissionLevel.Full) {
|
|
293
|
-
stack.push("volledige toegang");
|
|
294
|
-
}
|
|
295
|
-
for (const right of this.accessRights) {
|
|
296
|
-
stack.push(AccessRightHelper.getDescription(right));
|
|
297
|
-
}
|
|
298
|
-
for (const [type, resources] of this.resources) {
|
|
299
|
-
let count = 0;
|
|
300
|
-
if (resources.has('')) {
|
|
301
|
-
stack.push("alle " + getPermissionResourceTypeName(type, true));
|
|
302
|
-
continue;
|
|
303
|
-
}
|
|
304
|
-
for (const resource of resources.values()) {
|
|
305
|
-
if (resource.hasAccess(PermissionLevel.Read) || resource.accessRights.length > 0) {
|
|
306
|
-
count += 1;
|
|
307
|
-
}
|
|
308
|
-
}
|
|
309
|
-
if (count > 0) {
|
|
310
|
-
stack.push(count + " " + getPermissionResourceTypeName(type, count > 1));
|
|
311
|
-
}
|
|
312
|
-
}
|
|
313
|
-
if (stack.length === 0) {
|
|
314
|
-
return "geen rechten";
|
|
315
|
-
}
|
|
316
|
-
return utility_1.Formatter.capitalizeFirstLetter(utility_1.Formatter.joinLast(stack, ', ', ' en '));
|
|
317
|
-
}
|
|
318
|
-
hasAccess(level) {
|
|
319
|
-
return getPermissionLevelNumber(this.level) >= getPermissionLevelNumber(level);
|
|
320
|
-
}
|
|
321
|
-
hasAccessRight(right) {
|
|
322
|
-
const gl = AccessRightHelper.autoGrantRightForLevel(right);
|
|
323
|
-
if ((gl && this.hasAccess(gl)) || this.accessRights.includes(right)) {
|
|
324
|
-
return true;
|
|
325
|
-
}
|
|
326
|
-
const autoInherit = AccessRightHelper.autoInheritFrom(right);
|
|
327
|
-
for (const r of autoInherit) {
|
|
328
|
-
if (this.hasAccessRight(r)) {
|
|
329
|
-
return true;
|
|
330
|
-
}
|
|
331
|
-
}
|
|
332
|
-
return false;
|
|
333
|
-
}
|
|
334
|
-
getResourcePermissions(type, id) {
|
|
335
|
-
const resource = this.resources.get(type);
|
|
336
|
-
if (!resource) {
|
|
337
|
-
return null;
|
|
338
|
-
}
|
|
339
|
-
const rInstance = resource.get(id);
|
|
340
|
-
const allInstance = resource.get('');
|
|
341
|
-
if (!rInstance) {
|
|
342
|
-
if (allInstance) {
|
|
343
|
-
return allInstance;
|
|
344
|
-
}
|
|
345
|
-
return null;
|
|
346
|
-
}
|
|
347
|
-
if (allInstance) {
|
|
348
|
-
return rInstance.merge(allInstance);
|
|
349
|
-
}
|
|
350
|
-
return rInstance;
|
|
351
|
-
}
|
|
352
|
-
getMergedResourcePermissions(type, id) {
|
|
353
|
-
var _a;
|
|
354
|
-
let base = this.getResourcePermissions(type, id);
|
|
355
|
-
if (getPermissionLevelNumber(this.level) > getPermissionLevelNumber((_a = base === null || base === void 0 ? void 0 : base.level) !== null && _a !== void 0 ? _a : PermissionLevel.None)) {
|
|
356
|
-
if (!base) {
|
|
357
|
-
base = ResourcePermissions.create({ level: this.level });
|
|
358
|
-
}
|
|
359
|
-
base.level = this.level;
|
|
360
|
-
}
|
|
361
|
-
return base;
|
|
362
|
-
}
|
|
363
|
-
hasResourceAccess(type, id, level) {
|
|
364
|
-
var _a, _b;
|
|
365
|
-
if (this.hasAccess(level)) {
|
|
366
|
-
return true;
|
|
367
|
-
}
|
|
368
|
-
return (_b = (_a = this.getResourcePermissions(type, id)) === null || _a === void 0 ? void 0 : _a.hasAccess(level)) !== null && _b !== void 0 ? _b : false;
|
|
369
|
-
}
|
|
370
|
-
hasResourceAccessRight(type, id, right) {
|
|
371
|
-
var _a, _b;
|
|
372
|
-
if (this.hasAccessRight(right)) {
|
|
373
|
-
return true;
|
|
374
|
-
}
|
|
375
|
-
return (_b = (_a = this.getResourcePermissions(type, id)) === null || _a === void 0 ? void 0 : _a.hasAccessRight(right)) !== null && _b !== void 0 ? _b : false;
|
|
376
|
-
}
|
|
377
|
-
add(other) {
|
|
378
|
-
if (getPermissionLevelNumber(this.level) < getPermissionLevelNumber(other.level)) {
|
|
379
|
-
this.level = other.level;
|
|
380
|
-
}
|
|
381
|
-
for (const right of other.accessRights) {
|
|
382
|
-
if (!this.accessRights.includes(right)) {
|
|
383
|
-
this.accessRights.push(right);
|
|
384
|
-
}
|
|
385
|
-
}
|
|
386
|
-
for (const [type, r] of other.resources) {
|
|
387
|
-
for (const [id, resource] of r) {
|
|
388
|
-
if (!this.resources.has(type)) {
|
|
389
|
-
this.resources.set(type, new Map());
|
|
390
|
-
}
|
|
391
|
-
const current = this.resources.get(type).get(id);
|
|
392
|
-
if (!current) {
|
|
393
|
-
this.resources.get(type).set(id, resource);
|
|
394
|
-
}
|
|
395
|
-
else {
|
|
396
|
-
this.resources.get(type).set(id, current.merge(resource));
|
|
397
|
-
}
|
|
398
|
-
}
|
|
399
|
-
}
|
|
400
|
-
}
|
|
401
|
-
get isEmpty() {
|
|
402
|
-
return this.level === PermissionLevel.None && this.accessRights.length === 0 && this.resources.size === 0;
|
|
403
|
-
}
|
|
404
|
-
}
|
|
405
|
-
exports.PermissionRoleDetailed = PermissionRoleDetailed;
|
|
406
|
-
tslib_1.__decorate([
|
|
407
|
-
(0, simple_encoding_1.field)({ decoder: new simple_encoding_1.EnumDecoder(PermissionLevel), version: 201 })
|
|
408
|
-
], PermissionRoleDetailed.prototype, "level", void 0);
|
|
409
|
-
tslib_1.__decorate([
|
|
410
|
-
(0, simple_encoding_1.field)({
|
|
411
|
-
decoder: new simple_encoding_1.ArrayDecoder(new simple_encoding_1.EnumDecoder(AccessRight)),
|
|
412
|
-
version: 246,
|
|
413
|
-
upgrade: function () {
|
|
414
|
-
const base = [];
|
|
415
|
-
if (this.legacyManagePayments) {
|
|
416
|
-
base.push(AccessRight.OrganizationManagePayments);
|
|
417
|
-
}
|
|
418
|
-
if (this.legacyFinanceDirector) {
|
|
419
|
-
base.push(AccessRight.OrganizationFinanceDirector);
|
|
420
|
-
}
|
|
421
|
-
if (this.legacyCreateWebshops) {
|
|
422
|
-
base.push(AccessRight.OrganizationCreateWebshops);
|
|
423
|
-
}
|
|
424
|
-
return base;
|
|
425
|
-
}
|
|
426
|
-
})
|
|
427
|
-
], PermissionRoleDetailed.prototype, "accessRights", void 0);
|
|
428
|
-
tslib_1.__decorate([
|
|
429
|
-
(0, simple_encoding_1.field)({
|
|
430
|
-
decoder: new simple_encoding_1.MapDecoder(new simple_encoding_1.EnumDecoder(PermissionsResourceType), new simple_encoding_1.MapDecoder(
|
|
431
|
-
// ID
|
|
432
|
-
simple_encoding_1.StringDecoder, ResourcePermissions)),
|
|
433
|
-
version: 248
|
|
434
|
-
})
|
|
435
|
-
], PermissionRoleDetailed.prototype, "resources", void 0);
|
|
436
|
-
tslib_1.__decorate([
|
|
437
|
-
(0, simple_encoding_1.field)({ decoder: simple_encoding_1.BooleanDecoder, field: 'managePayments', optional: true })
|
|
438
|
-
], PermissionRoleDetailed.prototype, "legacyManagePayments", void 0);
|
|
439
|
-
tslib_1.__decorate([
|
|
440
|
-
(0, simple_encoding_1.field)({ decoder: simple_encoding_1.BooleanDecoder, version: 199, field: 'financeDirector', optional: true })
|
|
441
|
-
], PermissionRoleDetailed.prototype, "legacyFinanceDirector", void 0);
|
|
442
|
-
tslib_1.__decorate([
|
|
443
|
-
(0, simple_encoding_1.field)({ decoder: simple_encoding_1.BooleanDecoder, field: 'createWebshops', optional: true })
|
|
444
|
-
], PermissionRoleDetailed.prototype, "legacyCreateWebshops", void 0);
|
|
445
|
-
class PermissionRoleForResponsibility extends PermissionRoleDetailed {
|
|
446
|
-
constructor() {
|
|
447
|
-
super(...arguments);
|
|
448
|
-
this.responsibilityGroupId = null;
|
|
449
|
-
}
|
|
450
|
-
}
|
|
451
|
-
exports.PermissionRoleForResponsibility = PermissionRoleForResponsibility;
|
|
452
|
-
tslib_1.__decorate([
|
|
453
|
-
(0, simple_encoding_1.field)({ decoder: simple_encoding_1.StringDecoder })
|
|
454
|
-
], PermissionRoleForResponsibility.prototype, "responsibilityId", void 0);
|
|
455
|
-
tslib_1.__decorate([
|
|
456
|
-
(0, simple_encoding_1.field)({ decoder: simple_encoding_1.StringDecoder, nullable: true })
|
|
457
|
-
], PermissionRoleForResponsibility.prototype, "responsibilityGroupId", void 0);
|
|
458
|
-
/**
|
|
459
|
-
* @deprecated
|
|
460
|
-
* Use resource types
|
|
461
|
-
* Give access to a given resouce based by the roles of a user
|
|
462
|
-
*/
|
|
463
|
-
class PermissionsByRole extends simple_encoding_1.AutoEncoder {
|
|
464
|
-
constructor() {
|
|
465
|
-
super(...arguments);
|
|
466
|
-
this.read = [];
|
|
467
|
-
this.write = [];
|
|
468
|
-
this.full = [];
|
|
469
|
-
}
|
|
470
|
-
getPermissionLevel(permissions) {
|
|
471
|
-
if (permissions.hasFullAccess()) {
|
|
472
|
-
return PermissionLevel.Full;
|
|
473
|
-
}
|
|
474
|
-
for (const role of this.full) {
|
|
475
|
-
if (permissions.roles.find(r => r.id === role.id)) {
|
|
476
|
-
return PermissionLevel.Full;
|
|
477
|
-
}
|
|
478
|
-
}
|
|
479
|
-
if (permissions.hasWriteAccess()) {
|
|
480
|
-
return PermissionLevel.Write;
|
|
481
|
-
}
|
|
482
|
-
for (const role of this.write) {
|
|
483
|
-
if (permissions.roles.find(r => r.id === role.id)) {
|
|
484
|
-
return PermissionLevel.Write;
|
|
485
|
-
}
|
|
486
|
-
}
|
|
487
|
-
if (permissions.hasReadAccess()) {
|
|
488
|
-
return PermissionLevel.Read;
|
|
489
|
-
}
|
|
490
|
-
for (const role of this.read) {
|
|
491
|
-
if (permissions.roles.find(r => r.id === role.id)) {
|
|
492
|
-
return PermissionLevel.Read;
|
|
493
|
-
}
|
|
494
|
-
}
|
|
495
|
-
return PermissionLevel.None;
|
|
496
|
-
}
|
|
497
|
-
/**
|
|
498
|
-
* Whetever a given user has access to the members in this group.
|
|
499
|
-
*/
|
|
500
|
-
getRolePermissionLevel(role) {
|
|
501
|
-
for (const r of this.full) {
|
|
502
|
-
if (r.id === role.id) {
|
|
503
|
-
return PermissionLevel.Full;
|
|
504
|
-
}
|
|
505
|
-
}
|
|
506
|
-
for (const r of this.write) {
|
|
507
|
-
if (r.id === role.id) {
|
|
508
|
-
return PermissionLevel.Write;
|
|
509
|
-
}
|
|
510
|
-
}
|
|
511
|
-
for (const r of this.read) {
|
|
512
|
-
if (r.id === role.id) {
|
|
513
|
-
return PermissionLevel.Read;
|
|
514
|
-
}
|
|
515
|
-
}
|
|
516
|
-
return PermissionLevel.None;
|
|
517
|
-
}
|
|
518
|
-
hasAccess(permissions, level) {
|
|
519
|
-
if (!permissions) {
|
|
520
|
-
return false;
|
|
521
|
-
}
|
|
522
|
-
return getPermissionLevelNumber(this.getPermissionLevel(permissions)) >= getPermissionLevelNumber(level);
|
|
523
|
-
}
|
|
524
|
-
roleHasAccess(role, level = PermissionLevel.Read) {
|
|
525
|
-
return getPermissionLevelNumber(this.getRolePermissionLevel(role)) >= getPermissionLevelNumber(level);
|
|
526
|
-
}
|
|
527
|
-
hasFullAccess(permissions) {
|
|
528
|
-
return this.hasAccess(permissions, PermissionLevel.Full);
|
|
529
|
-
}
|
|
530
|
-
hasWriteAccess(permissions) {
|
|
531
|
-
return this.hasAccess(permissions, PermissionLevel.Write);
|
|
532
|
-
}
|
|
533
|
-
hasReadAccess(permissions) {
|
|
534
|
-
return this.hasAccess(permissions, PermissionLevel.Read);
|
|
535
|
-
}
|
|
536
|
-
}
|
|
537
|
-
exports.PermissionsByRole = PermissionsByRole;
|
|
538
|
-
tslib_1.__decorate([
|
|
539
|
-
(0, simple_encoding_1.field)({ decoder: new simple_encoding_1.ArrayDecoder(PermissionRole) })
|
|
540
|
-
], PermissionsByRole.prototype, "read", void 0);
|
|
541
|
-
tslib_1.__decorate([
|
|
542
|
-
(0, simple_encoding_1.field)({ decoder: new simple_encoding_1.ArrayDecoder(PermissionRole) })
|
|
543
|
-
], PermissionsByRole.prototype, "write", void 0);
|
|
544
|
-
tslib_1.__decorate([
|
|
545
|
-
(0, simple_encoding_1.field)({ decoder: new simple_encoding_1.ArrayDecoder(PermissionRole) })
|
|
546
|
-
], PermissionsByRole.prototype, "full", void 0);
|
|
7
|
+
const PermissionLevel_1 = require("./PermissionLevel");
|
|
8
|
+
const PermissionRole_1 = require("./PermissionRole");
|
|
9
|
+
const PermissionsResourceType_1 = require("./PermissionsResourceType");
|
|
10
|
+
const ResourcePermissions_1 = require("./ResourcePermissions");
|
|
547
11
|
class Permissions extends simple_encoding_1.AutoEncoder {
|
|
548
12
|
constructor() {
|
|
549
13
|
super(...arguments);
|
|
@@ -551,7 +15,7 @@ class Permissions extends simple_encoding_1.AutoEncoder {
|
|
|
551
15
|
* Automatically have all permissions (e.g. when someone created a new group)
|
|
552
16
|
* Also allows creating new groups
|
|
553
17
|
*/
|
|
554
|
-
this.level = PermissionLevel.None;
|
|
18
|
+
this.level = PermissionLevel_1.PermissionLevel.None;
|
|
555
19
|
this.roles = [];
|
|
556
20
|
this.responsibilities = [];
|
|
557
21
|
/**
|
|
@@ -563,7 +27,7 @@ class Permissions extends simple_encoding_1.AutoEncoder {
|
|
|
563
27
|
return this.roles.find(r => r.id === role.id) !== undefined;
|
|
564
28
|
}
|
|
565
29
|
add(other) {
|
|
566
|
-
if (getPermissionLevelNumber(this.level) < getPermissionLevelNumber(other.level)) {
|
|
30
|
+
if ((0, PermissionLevel_1.getPermissionLevelNumber)(this.level) < (0, PermissionLevel_1.getPermissionLevelNumber)(other.level)) {
|
|
567
31
|
this.level = other.level;
|
|
568
32
|
}
|
|
569
33
|
for (const role of other.roles) {
|
|
@@ -578,246 +42,25 @@ class Permissions extends simple_encoding_1.AutoEncoder {
|
|
|
578
42
|
}
|
|
579
43
|
}
|
|
580
44
|
get isEmpty() {
|
|
581
|
-
return this.level === PermissionLevel.None && this.roles.length === 0 && this.responsibilities.length === 0 && this.resources.size === 0;
|
|
45
|
+
return this.level === PermissionLevel_1.PermissionLevel.None && this.roles.length === 0 && this.responsibilities.length === 0 && this.resources.size === 0;
|
|
582
46
|
}
|
|
583
47
|
}
|
|
584
48
|
exports.Permissions = Permissions;
|
|
585
49
|
tslib_1.__decorate([
|
|
586
|
-
(0, simple_encoding_1.field)({ decoder: new simple_encoding_1.EnumDecoder(PermissionLevel) })
|
|
50
|
+
(0, simple_encoding_1.field)({ decoder: new simple_encoding_1.EnumDecoder(PermissionLevel_1.PermissionLevel) })
|
|
587
51
|
], Permissions.prototype, "level", void 0);
|
|
588
52
|
tslib_1.__decorate([
|
|
589
|
-
(0, simple_encoding_1.field)({ decoder: new simple_encoding_1.ArrayDecoder(PermissionRole), version: 60 })
|
|
53
|
+
(0, simple_encoding_1.field)({ decoder: new simple_encoding_1.ArrayDecoder(PermissionRole_1.PermissionRole), version: 60 })
|
|
590
54
|
], Permissions.prototype, "roles", void 0);
|
|
591
55
|
tslib_1.__decorate([
|
|
592
|
-
(0, simple_encoding_1.field)({ decoder: new simple_encoding_1.ArrayDecoder(MemberResponsibilityRecord_1.
|
|
56
|
+
(0, simple_encoding_1.field)({ decoder: new simple_encoding_1.ArrayDecoder(MemberResponsibilityRecord_1.MemberResponsibilityRecordBase), version: 274 })
|
|
593
57
|
], Permissions.prototype, "responsibilities", void 0);
|
|
594
58
|
tslib_1.__decorate([
|
|
595
59
|
(0, simple_encoding_1.field)({
|
|
596
|
-
decoder: new simple_encoding_1.MapDecoder(new simple_encoding_1.EnumDecoder(PermissionsResourceType), new simple_encoding_1.MapDecoder(
|
|
60
|
+
decoder: new simple_encoding_1.MapDecoder(new simple_encoding_1.EnumDecoder(PermissionsResourceType_1.PermissionsResourceType), new simple_encoding_1.MapDecoder(
|
|
597
61
|
// ID
|
|
598
|
-
simple_encoding_1.StringDecoder, ResourcePermissions)),
|
|
62
|
+
simple_encoding_1.StringDecoder, ResourcePermissions_1.ResourcePermissions)),
|
|
599
63
|
version: 249
|
|
600
64
|
})
|
|
601
65
|
], Permissions.prototype, "resources", void 0);
|
|
602
|
-
/**
|
|
603
|
-
* Identical to Permissions but with detailed roles, loaded from the organization or platform
|
|
604
|
-
*/
|
|
605
|
-
class LoadedPermissions {
|
|
606
|
-
constructor(data) {
|
|
607
|
-
this.level = PermissionLevel.None;
|
|
608
|
-
this.roles = [];
|
|
609
|
-
this.resources = new Map();
|
|
610
|
-
Object.assign(this, data);
|
|
611
|
-
}
|
|
612
|
-
static create(data) {
|
|
613
|
-
return new LoadedPermissions(data);
|
|
614
|
-
}
|
|
615
|
-
static buildRoleForResponsibility(groupId, responsibilityData, inheritedResponsibilityRoles) {
|
|
616
|
-
var _a, _b;
|
|
617
|
-
const role = inheritedResponsibilityRoles.find(r => r.responsibilityId === responsibilityData.id && r.responsibilityGroupId === groupId);
|
|
618
|
-
const r = (_b = (_a = responsibilityData.permissions) === null || _a === void 0 ? void 0 : _a.clone()) !== null && _b !== void 0 ? _b : PermissionRoleForResponsibility.create({
|
|
619
|
-
id: responsibilityData.id,
|
|
620
|
-
name: responsibilityData.name,
|
|
621
|
-
level: PermissionLevel.None,
|
|
622
|
-
responsibilityId: responsibilityData.id,
|
|
623
|
-
responsibilityGroupId: groupId,
|
|
624
|
-
resources: new Map()
|
|
625
|
-
});
|
|
626
|
-
r.name = responsibilityData.name;
|
|
627
|
-
r.id = responsibilityData.id + (groupId ? '-' + groupId : '');
|
|
628
|
-
r.responsibilityId = responsibilityData.id;
|
|
629
|
-
r.responsibilityGroupId = groupId;
|
|
630
|
-
if (groupId && responsibilityData.groupPermissionLevel !== PermissionLevel.None) {
|
|
631
|
-
const map = new Map();
|
|
632
|
-
map.set(groupId, ResourcePermissions.create({ level: responsibilityData.groupPermissionLevel }));
|
|
633
|
-
r.resources.set(PermissionsResourceType.Groups, map);
|
|
634
|
-
}
|
|
635
|
-
if (role) {
|
|
636
|
-
r.id = role.id;
|
|
637
|
-
r.add(role);
|
|
638
|
-
}
|
|
639
|
-
return r;
|
|
640
|
-
}
|
|
641
|
-
static from(permissions, allRoles, inheritedResponsibilityRoles, allResponsibilites) {
|
|
642
|
-
const roles = permissions.roles.flatMap(role => {
|
|
643
|
-
const d = allRoles.find(a => a.id === role.id);
|
|
644
|
-
if (d) {
|
|
645
|
-
return [d];
|
|
646
|
-
}
|
|
647
|
-
return [];
|
|
648
|
-
});
|
|
649
|
-
for (const responsibility of permissions.responsibilities) {
|
|
650
|
-
if (responsibility.endDate !== null && responsibility.endDate < new Date()) {
|
|
651
|
-
continue;
|
|
652
|
-
}
|
|
653
|
-
if (responsibility.startDate > new Date()) {
|
|
654
|
-
continue;
|
|
655
|
-
}
|
|
656
|
-
const responsibilityData = allResponsibilites.find(r => r.id === responsibility.responsibilityId);
|
|
657
|
-
if (!responsibilityData) {
|
|
658
|
-
continue;
|
|
659
|
-
}
|
|
660
|
-
const r = this.buildRoleForResponsibility(responsibility.groupId, responsibilityData, inheritedResponsibilityRoles);
|
|
661
|
-
roles.push(r);
|
|
662
|
-
}
|
|
663
|
-
const result = this.create({
|
|
664
|
-
level: permissions.level,
|
|
665
|
-
roles,
|
|
666
|
-
resources: permissions.resources
|
|
667
|
-
});
|
|
668
|
-
return result;
|
|
669
|
-
}
|
|
670
|
-
getResourcePermissions(type, id) {
|
|
671
|
-
const resource = this.resources.get(type);
|
|
672
|
-
if (!resource) {
|
|
673
|
-
return null;
|
|
674
|
-
}
|
|
675
|
-
const rInstance = resource.get(id);
|
|
676
|
-
const allInstance = resource.get('');
|
|
677
|
-
if (!rInstance) {
|
|
678
|
-
if (allInstance) {
|
|
679
|
-
return allInstance;
|
|
680
|
-
}
|
|
681
|
-
return null;
|
|
682
|
-
}
|
|
683
|
-
if (allInstance) {
|
|
684
|
-
return rInstance.merge(allInstance);
|
|
685
|
-
}
|
|
686
|
-
return rInstance;
|
|
687
|
-
}
|
|
688
|
-
getMergedResourcePermissions(type, id) {
|
|
689
|
-
var _a;
|
|
690
|
-
let base = this.getResourcePermissions(type, id);
|
|
691
|
-
for (const role of this.roles) {
|
|
692
|
-
const r = role.getMergedResourcePermissions(type, id);
|
|
693
|
-
if (r) {
|
|
694
|
-
if (base) {
|
|
695
|
-
base.merge(r);
|
|
696
|
-
}
|
|
697
|
-
else {
|
|
698
|
-
base = r;
|
|
699
|
-
}
|
|
700
|
-
}
|
|
701
|
-
}
|
|
702
|
-
if (getPermissionLevelNumber(this.level) > getPermissionLevelNumber((_a = base === null || base === void 0 ? void 0 : base.level) !== null && _a !== void 0 ? _a : PermissionLevel.None)) {
|
|
703
|
-
if (!base) {
|
|
704
|
-
base = ResourcePermissions.create({ level: this.level });
|
|
705
|
-
}
|
|
706
|
-
base.level = this.level;
|
|
707
|
-
}
|
|
708
|
-
return base;
|
|
709
|
-
}
|
|
710
|
-
hasRole(role) {
|
|
711
|
-
return this.roles.find(r => r.id === role.id) !== undefined;
|
|
712
|
-
}
|
|
713
|
-
hasAccess(level) {
|
|
714
|
-
if (getPermissionLevelNumber(this.level) >= getPermissionLevelNumber(level)) {
|
|
715
|
-
// Someone with read / write access for the whole organization, also the same access for each group
|
|
716
|
-
return true;
|
|
717
|
-
}
|
|
718
|
-
for (const f of this.roles) {
|
|
719
|
-
if (f.hasAccess(level)) {
|
|
720
|
-
return true;
|
|
721
|
-
}
|
|
722
|
-
}
|
|
723
|
-
return false;
|
|
724
|
-
}
|
|
725
|
-
hasResourceAccess(type, id, level) {
|
|
726
|
-
var _a, _b;
|
|
727
|
-
if (this.hasAccess(level)) {
|
|
728
|
-
return true;
|
|
729
|
-
}
|
|
730
|
-
if ((_b = (_a = this.getResourcePermissions(type, id)) === null || _a === void 0 ? void 0 : _a.hasAccess(level)) !== null && _b !== void 0 ? _b : false) {
|
|
731
|
-
return true;
|
|
732
|
-
}
|
|
733
|
-
for (const r of this.roles) {
|
|
734
|
-
if (r.hasResourceAccess(type, id, level)) {
|
|
735
|
-
return true;
|
|
736
|
-
}
|
|
737
|
-
}
|
|
738
|
-
return false;
|
|
739
|
-
}
|
|
740
|
-
hasResourceAccessRight(type, id, right) {
|
|
741
|
-
var _a, _b;
|
|
742
|
-
if (this.hasAccessRight(right)) {
|
|
743
|
-
return true;
|
|
744
|
-
}
|
|
745
|
-
if ((_b = (_a = this.getResourcePermissions(type, id)) === null || _a === void 0 ? void 0 : _a.hasAccessRight(right)) !== null && _b !== void 0 ? _b : false) {
|
|
746
|
-
return true;
|
|
747
|
-
}
|
|
748
|
-
for (const r of this.roles) {
|
|
749
|
-
if (r.hasResourceAccessRight(type, id, right)) {
|
|
750
|
-
return true;
|
|
751
|
-
}
|
|
752
|
-
}
|
|
753
|
-
const autoInherit = AccessRightHelper.autoInheritFrom(right);
|
|
754
|
-
for (const r of autoInherit) {
|
|
755
|
-
if (this.hasResourceAccessRight(type, id, r)) {
|
|
756
|
-
return true;
|
|
757
|
-
}
|
|
758
|
-
}
|
|
759
|
-
return false;
|
|
760
|
-
}
|
|
761
|
-
hasReadAccess() {
|
|
762
|
-
return this.hasAccess(PermissionLevel.Read);
|
|
763
|
-
}
|
|
764
|
-
hasWriteAccess() {
|
|
765
|
-
return this.hasAccess(PermissionLevel.Write);
|
|
766
|
-
}
|
|
767
|
-
hasFullAccess() {
|
|
768
|
-
return this.hasAccess(PermissionLevel.Full);
|
|
769
|
-
}
|
|
770
|
-
hasAccessRight(right) {
|
|
771
|
-
const gl = AccessRightHelper.autoGrantRightForLevel(right);
|
|
772
|
-
if (gl && this.hasAccess(gl)) {
|
|
773
|
-
return true;
|
|
774
|
-
}
|
|
775
|
-
for (const f of this.roles) {
|
|
776
|
-
if (f.hasAccessRight(right)) {
|
|
777
|
-
return true;
|
|
778
|
-
}
|
|
779
|
-
}
|
|
780
|
-
const autoInherit = AccessRightHelper.autoInheritFrom(right);
|
|
781
|
-
for (const r of autoInherit) {
|
|
782
|
-
if (this.hasAccessRight(r)) {
|
|
783
|
-
return true;
|
|
784
|
-
}
|
|
785
|
-
}
|
|
786
|
-
return false;
|
|
787
|
-
}
|
|
788
|
-
merge(other) {
|
|
789
|
-
const p = LoadedPermissions.create({});
|
|
790
|
-
p.level = this.level;
|
|
791
|
-
p.roles = this.roles.slice();
|
|
792
|
-
p.resources = new Map(this.resources);
|
|
793
|
-
if (getPermissionLevelNumber(other.level) > getPermissionLevelNumber(p.level)) {
|
|
794
|
-
p.level = other.level;
|
|
795
|
-
}
|
|
796
|
-
for (const [type, r] of other.resources) {
|
|
797
|
-
for (const [id, resource] of r) {
|
|
798
|
-
if (!p.resources.has(type)) {
|
|
799
|
-
p.resources.set(type, new Map());
|
|
800
|
-
}
|
|
801
|
-
const current = p.resources.get(type).get(id);
|
|
802
|
-
if (!current) {
|
|
803
|
-
p.resources.get(type).set(id, resource);
|
|
804
|
-
}
|
|
805
|
-
else {
|
|
806
|
-
p.resources.get(type).set(id, current.merge(resource));
|
|
807
|
-
}
|
|
808
|
-
}
|
|
809
|
-
}
|
|
810
|
-
for (const role of other.roles) {
|
|
811
|
-
const current = p.roles.find(r => r.id === role.id);
|
|
812
|
-
if (!current) {
|
|
813
|
-
p.roles.push(role);
|
|
814
|
-
}
|
|
815
|
-
}
|
|
816
|
-
return p;
|
|
817
|
-
}
|
|
818
|
-
get isEmpty() {
|
|
819
|
-
return this.level === PermissionLevel.None && (this.roles.length === 0 || this.roles.every(r => r.isEmpty)) && this.resources.size === 0;
|
|
820
|
-
}
|
|
821
|
-
}
|
|
822
|
-
exports.LoadedPermissions = LoadedPermissions;
|
|
823
66
|
//# sourceMappingURL=Permissions.js.map
|