@stamhoofd/structures 2.23.0 → 2.25.0

package/esm/dist/src/Permissions.js

@@ -1,535 +1,10 @@
 import { __decorate } from "tslib";
-import { ArrayDecoder, AutoEncoder, BooleanDecoder, EnumDecoder, field, MapDecoder, PatchMap, StringDecoder } from '@simonbackx/simple-encoding';
-import { Formatter } from '@stamhoofd/utility';
-import { v4 as uuidv4 } from "uuid";
-import { MemberResponsibilityRecord } from './members/MemberResponsibilityRecord';
-/**
- * PermissionLevels are used to grant permissions to specific resources or system wide
- */
-export var PermissionLevel;
-(function (PermissionLevel) {
-    /** No access */
-    PermissionLevel["None"] = "None";
-    /** Read all data, but not allowed to write */
-    PermissionLevel["Read"] = "Read";
-    /** Read, write, add, delete child data, but not allowed to modify settings */
-    PermissionLevel["Write"] = "Write";
-    /** Full access */
-    PermissionLevel["Full"] = "Full";
-})(PermissionLevel || (PermissionLevel = {}));
-/**
- * More granular access rights to specific things in the system
- */
-export var AccessRight;
-(function (AccessRight) {
-    // Platform level permissions
-    /**
-     * Allows the user to log in as a full-access admin to a specific organization
-     */
-    AccessRight["PlatformLoginAs"] = "PlatformLoginAs";
-    // Organization level permissions
-    AccessRight["OrganizationCreateWebshops"] = "OrganizationCreateWebshops";
-    AccessRight["OrganizationManagePayments"] = "OrganizationManagePayments";
-    AccessRight["OrganizationFinanceDirector"] = "OrganizationFinanceDirector";
-    AccessRight["OrganizationCreateGroups"] = "OrganizationCreateGroups";
-    // Member data access rights
-    // Note: in order to read or write any data at all, a user first needs to have normal resource access to a group, category or organization
-    // So general data (name, birthday, gender, address, email, parents, emergency contacts) access can be controlled in that way (this doesn't have a separate access right).
-    AccessRight["MemberReadFinancialData"] = "MemberReadFinancialData";
-    AccessRight["MemberWriteFinancialData"] = "MemberWriteFinancialData";
-    // Webshop level permissions
-    AccessRight["WebshopScanTickets"] = "WebshopScanTickets";
-})(AccessRight || (AccessRight = {}));
-export class AccessRightHelper {
-    static getName(right) {
-        switch (right) {
-            case AccessRight.PlatformLoginAs: return 'Inloggen als hoofdbeheerder';
-            case AccessRight.OrganizationFinanceDirector: return 'Toegang tot volledige boekhouding';
-            case AccessRight.OrganizationManagePayments: return 'Overschrijvingen beheren';
-            case AccessRight.OrganizationCreateWebshops: return 'Webshops maken';
-            case AccessRight.OrganizationCreateGroups: return 'Groepen maken';
-            case AccessRight.WebshopScanTickets: return 'Tickets scannen';
-            // Member data
-            case AccessRight.MemberReadFinancialData: return 'Bekijk rekening leden';
-            case AccessRight.MemberWriteFinancialData: return 'Bewerk rekening leden';
-        }
-    }
-    static getNameShort(right) {
-        switch (right) {
-            case AccessRight.PlatformLoginAs: return 'Inloggen';
-            case AccessRight.OrganizationFinanceDirector: return 'Boekhouding';
-            case AccessRight.OrganizationManagePayments: return 'Overschrijvingen';
-            case AccessRight.OrganizationCreateWebshops: return 'Maken';
-            case AccessRight.OrganizationCreateGroups: return 'Maken';
-            case AccessRight.WebshopScanTickets: return 'Scannen';
-            // Member data
-            case AccessRight.MemberReadFinancialData: return 'Lidgeld bekijken';
-            case AccessRight.MemberWriteFinancialData: return 'Lidgeld bewerken';
-        }
-    }
-    static getDescription(right) {
-        switch (right) {
-            case AccessRight.PlatformLoginAs: return 'inloggen als hoofdbeheerder';
-            case AccessRight.OrganizationFinanceDirector: return 'volledige boekhouding';
-            case AccessRight.OrganizationManagePayments: return 'overschrijvingen';
-            case AccessRight.OrganizationCreateWebshops: return 'webshops maken';
-            case AccessRight.OrganizationCreateGroups: return 'groepen maken';
-            case AccessRight.WebshopScanTickets: return 'scannen van tickets';
-            // Member data
-            case AccessRight.MemberReadFinancialData: return 'Openstaande bedragen bekijken';
-            case AccessRight.MemberWriteFinancialData: return 'Openstaande bedragen bewerken';
-        }
-    }
-    static getLongDescription(right) {
-        switch (right) {
-            case AccessRight.OrganizationFinanceDirector: return 'Beheerders met deze toegang krijgen toegang tot alle financiële gegevens van de organisatie, en kunnen overschrijvingen als betaald markeren.';
-            case AccessRight.OrganizationManagePayments: return 'Beheerders met deze toegang kunnen openstaande overschrijvingen bekijken en markeren als betaald.';
-            // Member data
-            case AccessRight.MemberReadFinancialData: return 'Bekijk hoeveel een lid precies heeft betaald of nog moet betalen, en bekijk of het lid recht heeft op een verlaagd tarief.';
-            case AccessRight.MemberWriteFinancialData: return 'Voeg openstaande bedragen toe of verwijder ze, en pas de betaalstatus van een lid aan.';
-        }
-        return null;
-    }
-    /**
-     * If a user has a certain permission level, automatically grant the specific access right
-     * By default only full permissions gives all access rights, but you can tweak it:
-     * E.g., give webshop scan rights if you also have write access to that webshop
-     */
-    static autoGrantRightForLevel(right) {
-        switch (right) {
-            case AccessRight.WebshopScanTickets: return PermissionLevel.Write;
-        }
-        return PermissionLevel.Full;
-    }
-    /**
-     * Automatically grant a user access rights if they have a certain right
-     */
-    static autoInheritFrom(right) {
-        switch (right) {
-            // Finance director also has manage payments permissions automatically
-            case AccessRight.OrganizationManagePayments: return [AccessRight.OrganizationFinanceDirector];
-            // Finance director also can view and edit member financial data
-            case AccessRight.MemberReadFinancialData: return [AccessRight.OrganizationFinanceDirector, AccessRight.MemberWriteFinancialData];
-            case AccessRight.MemberWriteFinancialData: return [AccessRight.OrganizationFinanceDirector];
-        }
-        return [];
-    }
-}
-export function getPermissionLevelNumber(level) {
-    switch (level) {
-        case PermissionLevel.None: return 0;
-        case PermissionLevel.Read: return 1;
-        case PermissionLevel.Write: return 2;
-        case PermissionLevel.Full: return 3;
-        default: {
-            const l = level; // will throw compile error if new levels are added without editing this method
-            throw new Error("Unknown permission level " + l);
-        }
-    }
-}
-export function maximumPermissionlevel(...levels) {
-    let max = PermissionLevel.None;
-    for (const level of levels) {
-        if (getPermissionLevelNumber(level) > getPermissionLevelNumber(max)) {
-            max = level;
-        }
-    }
-    return max;
-}
-export function minimumPermissionLevel(...levels) {
-    let min = levels[0];
-    for (const level of levels) {
-        if (getPermissionLevelNumber(level) < getPermissionLevelNumber(min)) {
-            min = level;
-        }
-    }
-    return min;
-}
-export function getPermissionLevelName(level) {
-    switch (level) {
-        case PermissionLevel.None: return 'Geen basistoegang';
-        case PermissionLevel.Read: return 'Lezen';
-        case PermissionLevel.Write: return 'Bewerken';
-        case PermissionLevel.Full: return 'Volledige toegang';
-        default: {
-            const l = level; // will throw compile error if new levels are added without editing this method
-            throw new Error("Unknown permission level " + l);
-        }
-    }
-}
-export class PermissionRole extends AutoEncoder {
-    constructor() {
-        super(...arguments);
-        this.name = "";
-    }
-}
-__decorate([
-    field({ decoder: StringDecoder, defaultValue: () => uuidv4() })
-], PermissionRole.prototype, "id", void 0);
-__decorate([
-    field({ decoder: StringDecoder })
-], PermissionRole.prototype, "name", void 0);
-/**
- * More granular access rights to specific things in the system
- */
-export var PermissionsResourceType;
-(function (PermissionsResourceType) {
-    PermissionsResourceType["Webshops"] = "Webshops";
-    PermissionsResourceType["Groups"] = "Groups";
-    PermissionsResourceType["GroupCategories"] = "GroupCategories";
-    PermissionsResourceType["OrganizationTags"] = "OrganizationTags";
-    PermissionsResourceType["RecordCategories"] = "RecordCategory";
-})(PermissionsResourceType || (PermissionsResourceType = {}));
-export function getPermissionResourceTypeName(type, plural = true) {
-    switch (type) {
-        case PermissionsResourceType.Webshops: return plural ? 'webshops' : 'webshop';
-        case PermissionsResourceType.Groups: return plural ? 'inschrijvingsgroepen' : 'inschrijvingsgroep';
-        case PermissionsResourceType.GroupCategories: return plural ? 'categorieën' : 'categorie';
-        case PermissionsResourceType.OrganizationTags: return plural ? 'tags' : 'tag';
-        case PermissionsResourceType.RecordCategories: return plural ? 'vragenlijsten' : 'vragenlijst';
-    }
-}
-/**
- * More granular access rights to specific things in the system
- */
-export class ResourcePermissions extends AutoEncoder {
-    constructor() {
-        super(...arguments);
-        /**
-         * This is a cache so we can display the role description without fetching all resources
-         */
-        this.resourceName = "";
-        /**
-         * Setting it to full gives all possible permissions for the resource
-         * Read/Write depends on resource
-         */
-        this.level = PermissionLevel.None;
-        /**
-         * More granular permissions related to this resource
-         */
-        this.accessRights = [];
-    }
-    hasAccess(level) {
-        return getPermissionLevelNumber(this.level) >= getPermissionLevelNumber(level);
-    }
-    hasAccessRight(right) {
-        const gl = AccessRightHelper.autoGrantRightForLevel(right);
-        return (gl && this.hasAccess(gl)) || this.accessRights.includes(right);
-    }
-    createInsertPatch(type, resourceId, roleOrPermissions) {
-        const patch = roleOrPermissions.static.patch({});
-        // First check if we need to insert the type
-        if (roleOrPermissions.resources.get(type)) {
-            // We need to patch
-            const p = new PatchMap();
-            p.set(resourceId, this);
-            patch.resources.set(type, p);
-        }
-        else {
-            // No resources with this type yet
-            const p = new Map();
-            p.set(resourceId, this);
-            patch.resources.set(type, p);
-        }
-        return patch;
-    }
-    merge(other) {
-        const p = new ResourcePermissions();
-        p.level = this.level;
-        p.accessRights = this.accessRights.slice();
-        if (getPermissionLevelNumber(other.level) > getPermissionLevelNumber(p.level)) {
-            p.level = other.level;
-        }
-        for (const right of other.accessRights) {
-            if (!p.accessRights.includes(right)) {
-                p.accessRights.push(right);
-            }
-        }
-        return p;
-    }
-}
-__decorate([
-    field({ decoder: StringDecoder, field: 'n' })
-], ResourcePermissions.prototype, "resourceName", void 0);
-__decorate([
-    field({ decoder: new EnumDecoder(PermissionLevel), field: "l" })
-], ResourcePermissions.prototype, "level", void 0);
-__decorate([
-    field({ decoder: new ArrayDecoder(new EnumDecoder(AccessRight)), field: "r" })
-], ResourcePermissions.prototype, "accessRights", void 0);
-export class PermissionRoleDetailed extends PermissionRole {
-    constructor() {
-        super(...arguments);
-        /**
-         * Generic access to all resources
-         */
-        this.level = PermissionLevel.None;
-        this.accessRights = [];
-        this.resources = new Map();
-        this.legacyManagePayments = false;
-        this.legacyFinanceDirector = false;
-        this.legacyCreateWebshops = false;
-    }
-    getDescription() {
-        const stack = [];
-        if (this.level === PermissionLevel.Read) {
-            stack.push("alles lezen");
-        }
-        if (this.level === PermissionLevel.Write) {
-            stack.push("alles bewerken");
-        }
-        if (this.level === PermissionLevel.Full) {
-            stack.push("volledige toegang");
-        }
-        for (const right of this.accessRights) {
-            stack.push(AccessRightHelper.getDescription(right));
-        }
-        for (const [type, resources] of this.resources) {
-            let count = 0;
-            if (resources.has('')) {
-                stack.push("alle " + getPermissionResourceTypeName(type, true));
-                continue;
-            }
-            for (const resource of resources.values()) {
-                if (resource.hasAccess(PermissionLevel.Read) || resource.accessRights.length > 0) {
-                    count += 1;
-                }
-            }
-            if (count > 0) {
-                stack.push(count + " " + getPermissionResourceTypeName(type, count > 1));
-            }
-        }
-        if (stack.length === 0) {
-            return "geen rechten";
-        }
-        return Formatter.capitalizeFirstLetter(Formatter.joinLast(stack, ', ', ' en '));
-    }
-    hasAccess(level) {
-        return getPermissionLevelNumber(this.level) >= getPermissionLevelNumber(level);
-    }
-    hasAccessRight(right) {
-        const gl = AccessRightHelper.autoGrantRightForLevel(right);
-        if ((gl && this.hasAccess(gl)) || this.accessRights.includes(right)) {
-            return true;
-        }
-        const autoInherit = AccessRightHelper.autoInheritFrom(right);
-        for (const r of autoInherit) {
-            if (this.hasAccessRight(r)) {
-                return true;
-            }
-        }
-        return false;
-    }
-    getResourcePermissions(type, id) {
-        const resource = this.resources.get(type);
-        if (!resource) {
-            return null;
-        }
-        const rInstance = resource.get(id);
-        const allInstance = resource.get('');
-        if (!rInstance) {
-            if (allInstance) {
-                return allInstance;
-            }
-            return null;
-        }
-        if (allInstance) {
-            return rInstance.merge(allInstance);
-        }
-        return rInstance;
-    }
-    getMergedResourcePermissions(type, id) {
-        var _a;
-        let base = this.getResourcePermissions(type, id);
-        if (getPermissionLevelNumber(this.level) > getPermissionLevelNumber((_a = base === null || base === void 0 ? void 0 : base.level) !== null && _a !== void 0 ? _a : PermissionLevel.None)) {
-            if (!base) {
-                base = ResourcePermissions.create({ level: this.level });
-            }
-            base.level = this.level;
-        }
-        return base;
-    }
-    hasResourceAccess(type, id, level) {
-        var _a, _b;
-        if (this.hasAccess(level)) {
-            return true;
-        }
-        return (_b = (_a = this.getResourcePermissions(type, id)) === null || _a === void 0 ? void 0 : _a.hasAccess(level)) !== null && _b !== void 0 ? _b : false;
-    }
-    hasResourceAccessRight(type, id, right) {
-        var _a, _b;
-        if (this.hasAccessRight(right)) {
-            return true;
-        }
-        return (_b = (_a = this.getResourcePermissions(type, id)) === null || _a === void 0 ? void 0 : _a.hasAccessRight(right)) !== null && _b !== void 0 ? _b : false;
-    }
-    add(other) {
-        if (getPermissionLevelNumber(this.level) < getPermissionLevelNumber(other.level)) {
-            this.level = other.level;
-        }
-        for (const right of other.accessRights) {
-            if (!this.accessRights.includes(right)) {
-                this.accessRights.push(right);
-            }
-        }
-        for (const [type, r] of other.resources) {
-            for (const [id, resource] of r) {
-                if (!this.resources.has(type)) {
-                    this.resources.set(type, new Map());
-                }
-                const current = this.resources.get(type).get(id);
-                if (!current) {
-                    this.resources.get(type).set(id, resource);
-                }
-                else {
-                    this.resources.get(type).set(id, current.merge(resource));
-                }
-            }
-        }
-    }
-    get isEmpty() {
-        return this.level === PermissionLevel.None && this.accessRights.length === 0 && this.resources.size === 0;
-    }
-}
-__decorate([
-    field({ decoder: new EnumDecoder(PermissionLevel), version: 201 })
-], PermissionRoleDetailed.prototype, "level", void 0);
-__decorate([
-    field({
-        decoder: new ArrayDecoder(new EnumDecoder(AccessRight)),
-        version: 246,
-        upgrade: function () {
-            const base = [];
-            if (this.legacyManagePayments) {
-                base.push(AccessRight.OrganizationManagePayments);
-            }
-            if (this.legacyFinanceDirector) {
-                base.push(AccessRight.OrganizationFinanceDirector);
-            }
-            if (this.legacyCreateWebshops) {
-                base.push(AccessRight.OrganizationCreateWebshops);
-            }
-            return base;
-        }
-    })
-], PermissionRoleDetailed.prototype, "accessRights", void 0);
-__decorate([
-    field({
-        decoder: new MapDecoder(new EnumDecoder(PermissionsResourceType), new MapDecoder(
-        // ID
-        StringDecoder, ResourcePermissions)),
-        version: 248
-    })
-], PermissionRoleDetailed.prototype, "resources", void 0);
-__decorate([
-    field({ decoder: BooleanDecoder, field: 'managePayments', optional: true })
-], PermissionRoleDetailed.prototype, "legacyManagePayments", void 0);
-__decorate([
-    field({ decoder: BooleanDecoder, version: 199, field: 'financeDirector', optional: true })
-], PermissionRoleDetailed.prototype, "legacyFinanceDirector", void 0);
-__decorate([
-    field({ decoder: BooleanDecoder, field: 'createWebshops', optional: true })
-], PermissionRoleDetailed.prototype, "legacyCreateWebshops", void 0);
-export class PermissionRoleForResponsibility extends PermissionRoleDetailed {
-    constructor() {
-        super(...arguments);
-        this.responsibilityGroupId = null;
-    }
-}
-__decorate([
-    field({ decoder: StringDecoder })
-], PermissionRoleForResponsibility.prototype, "responsibilityId", void 0);
-__decorate([
-    field({ decoder: StringDecoder, nullable: true })
-], PermissionRoleForResponsibility.prototype, "responsibilityGroupId", void 0);
-/**
- * @deprecated
- * Use resource types
- * Give access to a given resouce based by the roles of a user
- */
-export class PermissionsByRole extends AutoEncoder {
-    constructor() {
-        super(...arguments);
-        this.read = [];
-        this.write = [];
-        this.full = [];
-    }
-    getPermissionLevel(permissions) {
-        if (permissions.hasFullAccess()) {
-            return PermissionLevel.Full;
-        }
-        for (const role of this.full) {
-            if (permissions.roles.find(r => r.id === role.id)) {
-                return PermissionLevel.Full;
-            }
-        }
-        if (permissions.hasWriteAccess()) {
-            return PermissionLevel.Write;
-        }
-        for (const role of this.write) {
-            if (permissions.roles.find(r => r.id === role.id)) {
-                return PermissionLevel.Write;
-            }
-        }
-        if (permissions.hasReadAccess()) {
-            return PermissionLevel.Read;
-        }
-        for (const role of this.read) {
-            if (permissions.roles.find(r => r.id === role.id)) {
-                return PermissionLevel.Read;
-            }
-        }
-        return PermissionLevel.None;
-    }
-    /**
-    * Whetever a given user has access to the members in this group.
-    */
-    getRolePermissionLevel(role) {
-        for (const r of this.full) {
-            if (r.id === role.id) {
-                return PermissionLevel.Full;
-            }
-        }
-        for (const r of this.write) {
-            if (r.id === role.id) {
-                return PermissionLevel.Write;
-            }
-        }
-        for (const r of this.read) {
-            if (r.id === role.id) {
-                return PermissionLevel.Read;
-            }
-        }
-        return PermissionLevel.None;
-    }
-    hasAccess(permissions, level) {
-        if (!permissions) {
-            return false;
-        }
-        return getPermissionLevelNumber(this.getPermissionLevel(permissions)) >= getPermissionLevelNumber(level);
-    }
-    roleHasAccess(role, level = PermissionLevel.Read) {
-        return getPermissionLevelNumber(this.getRolePermissionLevel(role)) >= getPermissionLevelNumber(level);
-    }
-    hasFullAccess(permissions) {
-        return this.hasAccess(permissions, PermissionLevel.Full);
-    }
-    hasWriteAccess(permissions) {
-        return this.hasAccess(permissions, PermissionLevel.Write);
-    }
-    hasReadAccess(permissions) {
-        return this.hasAccess(permissions, PermissionLevel.Read);
-    }
-}
-__decorate([
-    field({ decoder: new ArrayDecoder(PermissionRole) })
-], PermissionsByRole.prototype, "read", void 0);
-__decorate([
-    field({ decoder: new ArrayDecoder(PermissionRole) })
-], PermissionsByRole.prototype, "write", void 0);
-__decorate([
-    field({ decoder: new ArrayDecoder(PermissionRole) })
-], PermissionsByRole.prototype, "full", void 0);
+import { ArrayDecoder, AutoEncoder, EnumDecoder, field, MapDecoder, StringDecoder } from '@simonbackx/simple-encoding';
+import { MemberResponsibilityRecordBase } from './members/MemberResponsibilityRecord';
+import { getPermissionLevelNumber, PermissionLevel } from './PermissionLevel';
+import { PermissionRole } from './PermissionRole';
+import { PermissionsResourceType } from './PermissionsResourceType';
+import { ResourcePermissions } from './ResourcePermissions';
 export class Permissions extends AutoEncoder {
     constructor() {
         super(...arguments);
@@ -574,7 +49,7 @@ __decorate([
     field({ decoder: new ArrayDecoder(PermissionRole), version: 60 })
 ], Permissions.prototype, "roles", void 0);
 __decorate([
-    field({ decoder: new ArrayDecoder(MemberResponsibilityRecord), version: 274 })
+    field({ decoder: new ArrayDecoder(MemberResponsibilityRecordBase), version: 274 })
 ], Permissions.prototype, "responsibilities", void 0);
 __decorate([
     field({
@@ -584,224 +59,4 @@ __decorate([
         version: 249
     })
 ], Permissions.prototype, "resources", void 0);
-/**
- * Identical to Permissions but with detailed roles, loaded from the organization or platform
- */
-export class LoadedPermissions {
-    constructor(data) {
-        this.level = PermissionLevel.None;
-        this.roles = [];
-        this.resources = new Map();
-        Object.assign(this, data);
-    }
-    static create(data) {
-        return new LoadedPermissions(data);
-    }
-    static buildRoleForResponsibility(groupId, responsibilityData, inheritedResponsibilityRoles) {
-        var _a, _b;
-        const role = inheritedResponsibilityRoles.find(r => r.responsibilityId === responsibilityData.id && r.responsibilityGroupId === groupId);
-        const r = (_b = (_a = responsibilityData.permissions) === null || _a === void 0 ? void 0 : _a.clone()) !== null && _b !== void 0 ? _b : PermissionRoleForResponsibility.create({
-            id: responsibilityData.id,
-            name: responsibilityData.name,
-            level: PermissionLevel.None,
-            responsibilityId: responsibilityData.id,
-            responsibilityGroupId: groupId,
-            resources: new Map()
-        });
-        r.name = responsibilityData.name;
-        r.id = responsibilityData.id + (groupId ? '-' + groupId : '');
-        r.responsibilityId = responsibilityData.id;
-        r.responsibilityGroupId = groupId;
-        if (groupId && responsibilityData.groupPermissionLevel !== PermissionLevel.None) {
-            const map = new Map();
-            map.set(groupId, ResourcePermissions.create({ level: responsibilityData.groupPermissionLevel }));
-            r.resources.set(PermissionsResourceType.Groups, map);
-        }
-        if (role) {
-            r.id = role.id;
-            r.add(role);
-        }
-        return r;
-    }
-    static from(permissions, allRoles, inheritedResponsibilityRoles, allResponsibilites) {
-        const roles = permissions.roles.flatMap(role => {
-            const d = allRoles.find(a => a.id === role.id);
-            if (d) {
-                return [d];
-            }
-            return [];
-        });
-        for (const responsibility of permissions.responsibilities) {
-            if (responsibility.endDate !== null && responsibility.endDate < new Date()) {
-                continue;
-            }
-            if (responsibility.startDate > new Date()) {
-                continue;
-            }
-            const responsibilityData = allResponsibilites.find(r => r.id === responsibility.responsibilityId);
-            if (!responsibilityData) {
-                continue;
-            }
-            const r = this.buildRoleForResponsibility(responsibility.groupId, responsibilityData, inheritedResponsibilityRoles);
-            roles.push(r);
-        }
-        const result = this.create({
-            level: permissions.level,
-            roles,
-            resources: permissions.resources
-        });
-        return result;
-    }
-    getResourcePermissions(type, id) {
-        const resource = this.resources.get(type);
-        if (!resource) {
-            return null;
-        }
-        const rInstance = resource.get(id);
-        const allInstance = resource.get('');
-        if (!rInstance) {
-            if (allInstance) {
-                return allInstance;
-            }
-            return null;
-        }
-        if (allInstance) {
-            return rInstance.merge(allInstance);
-        }
-        return rInstance;
-    }
-    getMergedResourcePermissions(type, id) {
-        var _a;
-        let base = this.getResourcePermissions(type, id);
-        for (const role of this.roles) {
-            const r = role.getMergedResourcePermissions(type, id);
-            if (r) {
-                if (base) {
-                    base.merge(r);
-                }
-                else {
-                    base = r;
-                }
-            }
-        }
-        if (getPermissionLevelNumber(this.level) > getPermissionLevelNumber((_a = base === null || base === void 0 ? void 0 : base.level) !== null && _a !== void 0 ? _a : PermissionLevel.None)) {
-            if (!base) {
-                base = ResourcePermissions.create({ level: this.level });
-            }
-            base.level = this.level;
-        }
-        return base;
-    }
-    hasRole(role) {
-        return this.roles.find(r => r.id === role.id) !== undefined;
-    }
-    hasAccess(level) {
-        if (getPermissionLevelNumber(this.level) >= getPermissionLevelNumber(level)) {
-            // Someone with read / write access for the whole organization, also the same access for each group
-            return true;
-        }
-        for (const f of this.roles) {
-            if (f.hasAccess(level)) {
-                return true;
-            }
-        }
-        return false;
-    }
-    hasResourceAccess(type, id, level) {
-        var _a, _b;
-        if (this.hasAccess(level)) {
-            return true;
-        }
-        if ((_b = (_a = this.getResourcePermissions(type, id)) === null || _a === void 0 ? void 0 : _a.hasAccess(level)) !== null && _b !== void 0 ? _b : false) {
-            return true;
-        }
-        for (const r of this.roles) {
-            if (r.hasResourceAccess(type, id, level)) {
-                return true;
-            }
-        }
-        return false;
-    }
-    hasResourceAccessRight(type, id, right) {
-        var _a, _b;
-        if (this.hasAccessRight(right)) {
-            return true;
-        }
-        if ((_b = (_a = this.getResourcePermissions(type, id)) === null || _a === void 0 ? void 0 : _a.hasAccessRight(right)) !== null && _b !== void 0 ? _b : false) {
-            return true;
-        }
-        for (const r of this.roles) {
-            if (r.hasResourceAccessRight(type, id, right)) {
-                return true;
-            }
-        }
-        const autoInherit = AccessRightHelper.autoInheritFrom(right);
-        for (const r of autoInherit) {
-            if (this.hasResourceAccessRight(type, id, r)) {
-                return true;
-            }
-        }
-        return false;
-    }
-    hasReadAccess() {
-        return this.hasAccess(PermissionLevel.Read);
-    }
-    hasWriteAccess() {
-        return this.hasAccess(PermissionLevel.Write);
-    }
-    hasFullAccess() {
-        return this.hasAccess(PermissionLevel.Full);
-    }
-    hasAccessRight(right) {
-        const gl = AccessRightHelper.autoGrantRightForLevel(right);
-        if (gl && this.hasAccess(gl)) {
-            return true;
-        }
-        for (const f of this.roles) {
-            if (f.hasAccessRight(right)) {
-                return true;
-            }
-        }
-        const autoInherit = AccessRightHelper.autoInheritFrom(right);
-        for (const r of autoInherit) {
-            if (this.hasAccessRight(r)) {
-                return true;
-            }
-        }
-        return false;
-    }
-    merge(other) {
-        const p = LoadedPermissions.create({});
-        p.level = this.level;
-        p.roles = this.roles.slice();
-        p.resources = new Map(this.resources);
-        if (getPermissionLevelNumber(other.level) > getPermissionLevelNumber(p.level)) {
-            p.level = other.level;
-        }
-        for (const [type, r] of other.resources) {
-            for (const [id, resource] of r) {
-                if (!p.resources.has(type)) {
-                    p.resources.set(type, new Map());
-                }
-                const current = p.resources.get(type).get(id);
-                if (!current) {
-                    p.resources.get(type).set(id, resource);
-                }
-                else {
-                    p.resources.get(type).set(id, current.merge(resource));
-                }
-            }
-        }
-        for (const role of other.roles) {
-            const current = p.roles.find(r => r.id === role.id);
-            if (!current) {
-                p.roles.push(role);
-            }
-        }
-        return p;
-    }
-    get isEmpty() {
-        return this.level === PermissionLevel.None && (this.roles.length === 0 || this.roles.every(r => r.isEmpty)) && this.resources.size === 0;
-    }
-}
 //# sourceMappingURL=Permissions.js.map