npm - @stoker-platform/utils - Versions diffs - 0.2.1 - Mend

@stoker-platform/utils 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (126) hide show

package/lib/src/access/collection.d.ts +9 -0
package/lib/src/access/collection.js +59 -0
package/lib/src/access/document.d.ts +3 -0
package/lib/src/access/document.js +191 -0
package/lib/src/access/getCollectionRestrictions.d.ts +7 -0
package/lib/src/access/getCollectionRestrictions.js +71 -0
package/lib/src/access/getRecordSubcollections.d.ts +2 -0
package/lib/src/access/getRecordSubcollections.js +15 -0
package/lib/src/access/getRelatedCollections.d.ts +2 -0
package/lib/src/access/getRelatedCollections.js +24 -0
package/lib/src/access/hasDependencyAccess.d.ts +2 -0
package/lib/src/access/hasDependencyAccess.js +24 -0
package/lib/src/access/isPaginationEnabled.d.ts +2 -0
package/lib/src/access/isPaginationEnabled.js +35 -0
package/lib/src/access/permissions.d.ts +2 -0
package/lib/src/access/permissions.js +543 -0
package/lib/src/access/read/getOne.d.ts +2 -0
package/lib/src/access/read/getOne.js +19 -0
package/lib/src/access/read/getSome.d.ts +2 -0
package/lib/src/access/read/getSome.js +21 -0
package/lib/src/access/roleHasOperationAccess.d.ts +2 -0
package/lib/src/access/roleHasOperationAccess.js +7 -0
package/lib/src/access/write/addRecord.d.ts +2 -0
package/lib/src/access/write/addRecord.js +40 -0
package/lib/src/access/write/deleteRecord.d.ts +2 -0
package/lib/src/access/write/deleteRecord.js +26 -0
package/lib/src/access/write/updateRecord.d.ts +2 -0
package/lib/src/access/write/updateRecord.js +61 -0
package/lib/src/getConfigValue.d.ts +12 -0
package/lib/src/getConfigValue.js +83 -0
package/lib/src/getCustomization.d.ts +4 -0
package/lib/src/getCustomization.js +29 -0
package/lib/src/getFieldCustomization.d.ts +7 -0
package/lib/src/getFieldCustomization.js +3 -0
package/lib/src/main.d.ts +60 -0
package/lib/src/main.js +60 -0
package/lib/src/operations/addInitialValues.d.ts +2 -0
package/lib/src/operations/addInitialValues.js +27 -0
package/lib/src/operations/addLowercaseFields.d.ts +2 -0
package/lib/src/operations/addLowercaseFields.js +12 -0
package/lib/src/operations/addRelationArrays.d.ts +2 -0
package/lib/src/operations/addRelationArrays.js +60 -0
package/lib/src/operations/addSystemFields.d.ts +2 -0
package/lib/src/operations/addSystemFields.js +17 -0
package/lib/src/operations/getDateRange.d.ts +5 -0
package/lib/src/operations/getDateRange.js +56 -0
package/lib/src/operations/getExtendedSchema.d.ts +2 -0
package/lib/src/operations/getExtendedSchema.js +23 -0
package/lib/src/operations/getFinalRecord.d.ts +1 -0
package/lib/src/operations/getFinalRecord.js +11 -0
package/lib/src/operations/getInputSchema.d.ts +15 -0
package/lib/src/operations/getInputSchema.js +352 -0
package/lib/src/operations/getLowercaseFields.d.ts +2 -0
package/lib/src/operations/getLowercaseFields.js +15 -0
package/lib/src/operations/getSingleFieldRelations.d.ts +2 -0
package/lib/src/operations/getSingleFieldRelations.js +27 -0
package/lib/src/operations/getZodSchema.d.ts +15 -0
package/lib/src/operations/getZodSchema.js +303 -0
package/lib/src/operations/isDeleteSentinel.d.ts +1 -0
package/lib/src/operations/isDeleteSentinel.js +4 -0
package/lib/src/operations/isSortingEnabled.d.ts +2 -0
package/lib/src/operations/isSortingEnabled.js +7 -0
package/lib/src/operations/isValidUniqueFieldValue.d.ts +1 -0
package/lib/src/operations/isValidUniqueFieldValue.js +25 -0
package/lib/src/operations/parseDate.d.ts +1 -0
package/lib/src/operations/parseDate.js +4 -0
package/lib/src/operations/prepareDenormalized.d.ts +8 -0
package/lib/src/operations/prepareDenormalized.js +312 -0
package/lib/src/operations/removeDeleteSentinels.d.ts +2 -0
package/lib/src/operations/removeDeleteSentinels.js +15 -0
package/lib/src/operations/removeDeletedFields.d.ts +2 -0
package/lib/src/operations/removeDeletedFields.js +14 -0
package/lib/src/operations/removeEmptyStrings.d.ts +2 -0
package/lib/src/operations/removeEmptyStrings.js +14 -0
package/lib/src/operations/removePrivateFields.d.ts +2 -0
package/lib/src/operations/removePrivateFields.js +14 -0
package/lib/src/operations/removeUndefined.d.ts +2 -0
package/lib/src/operations/removeUndefined.js +14 -0
package/lib/src/operations/retryOperation.d.ts +1 -0
package/lib/src/operations/retryOperation.js +21 -0
package/lib/src/operations/runHooks.d.ts +17 -0
package/lib/src/operations/runHooks.js +18 -0
package/lib/src/operations/sanitizeDownloadFilename.d.ts +1 -0
package/lib/src/operations/sanitizeDownloadFilename.js +18 -0
package/lib/src/operations/sanitizeEmailInput.d.ts +5 -0
package/lib/src/operations/sanitizeEmailInput.js +73 -0
package/lib/src/operations/updateFieldReference.d.ts +2 -0
package/lib/src/operations/updateFieldReference.js +14 -0
package/lib/src/operations/validateRecord.d.ts +2 -0
package/lib/src/operations/validateRecord.js +18 -0
package/lib/src/operations/validateStorageName.d.ts +1 -0
package/lib/src/operations/validateStorageName.js +19 -0
package/lib/src/schema/getAccessFields.d.ts +2 -0
package/lib/src/schema/getAccessFields.js +62 -0
package/lib/src/schema/getCollection.d.ts +2 -0
package/lib/src/schema/getCollection.js +3 -0
package/lib/src/schema/getDependencyFields.d.ts +6 -0
package/lib/src/schema/getDependencyFields.js +22 -0
package/lib/src/schema/getField.d.ts +2 -0
package/lib/src/schema/getField.js +3 -0
package/lib/src/schema/getFieldNames.d.ts +2 -0
package/lib/src/schema/getFieldNames.js +3 -0
package/lib/src/schema/getIndexFields.d.ts +9 -0
package/lib/src/schema/getIndexFields.js +184 -0
package/lib/src/schema/getInverseRelationType.d.ts +1 -0
package/lib/src/schema/getInverseRelationType.js +15 -0
package/lib/src/schema/getPathCollections.d.ts +2 -0
package/lib/src/schema/getPathCollections.js +12 -0
package/lib/src/schema/getRecordSystemFields.d.ts +2 -0
package/lib/src/schema/getRecordSystemFields.js +11 -0
package/lib/src/schema/getRelationLists.d.ts +5 -0
package/lib/src/schema/getRelationLists.js +13 -0
package/lib/src/schema/getSubcollections.d.ts +2 -0
package/lib/src/schema/getSubcollections.js +9 -0
package/lib/src/schema/getSystemFieldsSchema.d.ts +2 -0
package/lib/src/schema/getSystemFieldsSchema.js +52 -0
package/lib/src/schema/isDependencyField.d.ts +2 -0
package/lib/src/schema/isDependencyField.js +18 -0
package/lib/src/schema/isIncludedField.d.ts +2 -0
package/lib/src/schema/isIncludedField.js +18 -0
package/lib/src/schema/isRelationField.d.ts +2 -0
package/lib/src/schema/isRelationField.js +3 -0
package/lib/src/schema/system-fields.d.ts +2 -0
package/lib/src/schema/system-fields.js +13 -0
package/lib/tsconfig.tsbuildinfo +1 -0
package/package.json +35 -0

package/lib/src/access/collection.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+import { CollectionField, CollectionPermissions, CollectionSchema, StokerPermissions } from "@stoker-platform/types";
+export declare const collectionAuthAccess: (permissions: CollectionPermissions) => boolean;
+export declare const collectionAccess: (operation: "Read" | "Create" | "Update" | "Delete", permissions: CollectionPermissions) => boolean | undefined;
+export declare const collectionSomeWriteAccess: (permissions: CollectionPermissions) => boolean | undefined;
+export declare const collectionAllWriteAccess: (permissions: CollectionPermissions) => boolean | undefined;
+export declare const privateFieldAccess: (field: CollectionField, permissions?: StokerPermissions) => boolean | undefined;
+export declare const restrictCreateAccess: (field: CollectionField, permissions?: StokerPermissions) => boolean;
+export declare const restrictUpdateAccess: (field: CollectionField, permissions?: StokerPermissions) => boolean;
+export declare const canUpdateField: (collection: CollectionSchema, field: CollectionField, permissions: StokerPermissions) => boolean | undefined;

package/lib/src/access/collection.js ADDED Viewed

@@ -0,0 +1,59 @@
+export const collectionAuthAccess = (permissions) => {
+    return !!permissions.auth;
+};
+export const collectionAccess = (operation, permissions) => {
+    if (permissions?.operations) {
+        return permissions.operations.includes(operation);
+    }
+    return;
+};
+export const collectionSomeWriteAccess = (permissions) => {
+    if (permissions?.operations) {
+        return permissions.operations.some((operation) => operation === "Create" || operation === "Update" || operation === "Delete");
+    }
+    return;
+};
+export const collectionAllWriteAccess = (permissions) => {
+    if (permissions?.operations) {
+        return permissions.operations.every((operation) => operation === "Create" || operation === "Update" || operation === "Delete");
+    }
+    return;
+};
+export const privateFieldAccess = (field, permissions) => {
+    if (!permissions)
+        return true;
+    if (!permissions.Role)
+        return false;
+    return field.access?.includes(permissions.Role);
+};
+export const restrictCreateAccess = (field, permissions) => {
+    if (field.restrictCreate === true)
+        return false;
+    else if (permissions && typeof field.restrictCreate === "object") {
+        if (!permissions.Role)
+            return false;
+        return field.restrictCreate?.includes(permissions.Role);
+    }
+    return true;
+};
+export const restrictUpdateAccess = (field, permissions) => {
+    if (field.restrictUpdate === true)
+        return false;
+    else if (permissions && typeof field.restrictUpdate === "object") {
+        if (!permissions.Role)
+            return false;
+        return field.restrictUpdate?.includes(permissions.Role);
+    }
+    return true;
+};
+export const canUpdateField = (collection, field, permissions) => {
+    const { labels } = collection;
+    return (permissions.collections &&
+        // eslint-disable-next-line security/detect-object-injection
+        collectionAccess("Update", permissions.collections[labels.collection]) &&
+        (!field.access || privateFieldAccess(field, permissions)) &&
+        restrictUpdateAccess(field, permissions) &&
+        !(collection.auth &&
+            !permissions.collections?.[labels.collection].auth &&
+            ["Enabled", "Role", "Name", "Email", "Photo_URL"].includes(field.name)));
+};

package/lib/src/access/document.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import { CollectionSchema, CollectionsSchema, StokerPermissions, StokerRecord } from "@stoker-platform/types";
+export declare const documentAccess: (operation: "Read" | "Create" | "Update" | "Delete", collectionSchema: CollectionSchema, schema: CollectionsSchema, userId: string, permissions: StokerPermissions, record: StokerRecord) => boolean;
+export declare const dependencyAccess: (collectionSchema: CollectionSchema, schema: CollectionsSchema, userId: string, permissions: StokerPermissions, record: StokerRecord) => boolean;

package/lib/src/access/document.js ADDED Viewed

@@ -0,0 +1,191 @@
+import { getField } from "../schema/getField.js";
+import { collectionAccess } from "./collection.js";
+import { getAttributeRestrictions, getEntityRestrictions, getEntityParentFilters, } from "../access/getCollectionRestrictions.js";
+import { hasDependencyAccess } from "./hasDependencyAccess.js";
+const filterAccess = (operation, collectionSchema, schema, userId, permissions, record) => {
+    const { fields } = collectionSchema;
+    const collectionPermissions = permissions.collections?.[collectionSchema.labels.collection];
+    let granted = true;
+    if (!collectionPermissions) {
+        granted = false;
+        return;
+    }
+    const hasAttributeRestrictions = getAttributeRestrictions(collectionSchema, permissions);
+    const hasEntityRestrictions = getEntityRestrictions(collectionSchema, permissions);
+    const hasEntityParentFilters = getEntityParentFilters(collectionSchema, schema, permissions);
+    hasAttributeRestrictions
+        ?.filter((attributeRestriction) => attributeRestriction.type === "Record_Owner")
+        .forEach((attributeRestriction) => {
+        if ("operations" in attributeRestriction &&
+            attributeRestriction.operations &&
+            !attributeRestriction.operations.includes(operation))
+            return;
+        if (record.Created_By !== userId)
+            granted = false;
+    });
+    hasAttributeRestrictions
+        ?.filter((attributeRestriction) => attributeRestriction.type === "Record_User")
+        .forEach((attributeRestriction) => {
+        if ("operations" in attributeRestriction &&
+            attributeRestriction.operations &&
+            !attributeRestriction.operations.includes(operation))
+            return;
+        const field = getField(fields, attributeRestriction.collectionField);
+        if (!record[`${field.name}_Array`]?.includes(permissions.Doc_ID))
+            granted = false;
+    });
+    hasAttributeRestrictions
+        ?.filter((attributeRestriction) => attributeRestriction.type === "Record_Property")
+        .forEach((attributeRestriction) => {
+        if ("operations" in attributeRestriction &&
+            attributeRestriction.operations &&
+            !attributeRestriction.operations.includes(operation))
+            return;
+        const field = getField(fields, attributeRestriction.propertyField);
+        // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+        const recordPropertyRole = attributeRestriction.roles.find((role) => role.role === permissions.Role);
+        if (field.type === "Array") {
+            if (!recordPropertyRole.values?.some((value) => record[field.name].includes(value)))
+                granted = false;
+        }
+        else if (!recordPropertyRole.values?.includes(record[field.name]))
+            granted = false;
+    });
+    let individualEntityRestrictionPassed = true;
+    let hasIndividualEntityRestriction = false;
+    hasEntityRestrictions
+        ?.filter((entityRestriction) => entityRestriction.type === "Individual")
+        .forEach(() => {
+        hasIndividualEntityRestriction = true;
+        if (!collectionPermissions.individualEntities?.includes(record.id))
+            individualEntityRestrictionPassed = false;
+    });
+    let parentEntityRestrictionPassed = true;
+    let hasParentEntityRestriction = false;
+    hasEntityRestrictions
+        ?.filter((entityRestriction) => entityRestriction.type === "Parent")
+        .forEach((entityRestriction) => {
+        hasParentEntityRestriction = true;
+        // eslint-disable-next-line @typescript-eslint/no-non-null-assertion
+        const field = getField(fields, entityRestriction.collectionField);
+        if (!collectionPermissions.parentEntities?.some((entity) => record[`${field.name}_Array`].includes(entity)))
+            parentEntityRestrictionPassed = false;
+    });
+    hasEntityRestrictions
+        ?.filter((entityRestriction) => entityRestriction.type === "Parent_Property")
+        .forEach((entityRestriction) => {
+        hasParentEntityRestriction = true;
+        const collectionField = getField(fields, entityRestriction.collectionField);
+        const propertyField = getField(fields, entityRestriction.propertyField);
+        if (!Object.entries(collectionPermissions.parentPropertyEntities || {}).some((property) => {
+            const [propertyKey, entities] = property;
+            return (propertyKey === record[propertyField.name] &&
+                record[`${collectionField.name}_Array`].some((entity) => entities.includes(entity)));
+        }))
+            parentEntityRestrictionPassed = false;
+    });
+    if (hasIndividualEntityRestriction && hasParentEntityRestriction) {
+        if (!(individualEntityRestrictionPassed || parentEntityRestrictionPassed)) {
+            granted = false;
+            return;
+        }
+    }
+    else if (!individualEntityRestrictionPassed || !parentEntityRestrictionPassed) {
+        granted = false;
+        return;
+    }
+    let individualParentFilterPassed = true;
+    let hasIndividualParentFilter = false;
+    hasEntityParentFilters
+        ?.filter((entityParentFilter) => entityParentFilter.parentFilter.type === "Individual")
+        .forEach((entityParentFilter) => {
+        hasIndividualParentFilter = true;
+        const { parentFilter } = entityParentFilter;
+        const collectionField = getField(fields, parentFilter.collectionField);
+        const parentCollectionPermissions = permissions.collections?.[collectionField.collection];
+        if (!parentCollectionPermissions) {
+            granted = false;
+            return;
+        }
+        if (!parentCollectionPermissions.individualEntities?.some((entity) => record[`${collectionField.name}_Array`].includes(entity)))
+            individualParentFilterPassed = false;
+    });
+    let parentParentFilterPassed = true;
+    let hasParentParentFilter = false;
+    hasEntityParentFilters
+        ?.filter((entityParentFilter) => entityParentFilter.parentFilter.type === "Parent")
+        .forEach((entityParentFilter) => {
+        hasParentParentFilter = true;
+        const { parentFilter } = entityParentFilter;
+        const collectionField = getField(fields, parentFilter.collectionField);
+        const parentCollectionField = getField(fields, parentFilter.parentCollectionField);
+        const parentCollectionPermissions = permissions.collections?.[collectionField.collection];
+        if (!parentCollectionPermissions) {
+            granted = false;
+            return;
+        }
+        if (!parentCollectionPermissions.parentEntities?.some((entity) => record[`${parentCollectionField.name}_Array`].includes(entity)))
+            parentParentFilterPassed = false;
+    });
+    hasEntityParentFilters
+        ?.filter((entityParentFilter) => entityParentFilter.parentFilter.type === "Parent_Property")
+        .forEach((entityParentFilter) => {
+        hasParentParentFilter = true;
+        const { parentFilter } = entityParentFilter;
+        const collectionField = getField(fields, parentFilter.collectionField);
+        const parentPropertyField = getField(fields, parentFilter.parentPropertyField);
+        const parentCollectionField = getField(fields, parentFilter.parentCollectionField);
+        const parentCollectionPermissions = permissions.collections?.[collectionField.collection];
+        if (!parentCollectionPermissions) {
+            granted = false;
+            return;
+        }
+        if (!Object.entries(parentCollectionPermissions.parentPropertyEntities || {}).some((property) => {
+            const [propertyKey, entities] = property;
+            return (propertyKey === record[parentPropertyField.name] &&
+                record[`${parentCollectionField.name}_Array`].some((entity) => entities.includes(entity)));
+        }))
+            parentParentFilterPassed = false;
+    });
+    if (hasIndividualParentFilter && hasParentParentFilter) {
+        if (!(individualParentFilterPassed || parentParentFilterPassed)) {
+            granted = false;
+            return;
+        }
+    }
+    else if (!individualParentFilterPassed || !parentParentFilterPassed) {
+        granted = false;
+        return;
+    }
+    return granted;
+};
+export const documentAccess = (operation, collectionSchema, schema, userId, permissions, record) => {
+    const { labels } = collectionSchema;
+    const collectionPermissions = permissions.collections?.[labels.collection];
+    let granted = true;
+    if (!collectionPermissions || !permissions.Role) {
+        granted = false;
+        return granted;
+    }
+    if (!collectionAccess(operation, collectionPermissions))
+        granted = false;
+    const hasEntityRestrictions = getEntityRestrictions(collectionSchema, permissions);
+    const hasIndividualEntityRestriction = hasEntityRestrictions?.filter((entityRestriction) => entityRestriction.type === "Individual").length > 0;
+    if (operation === "Create" && hasIndividualEntityRestriction)
+        granted = false;
+    if (!filterAccess(operation, collectionSchema, schema, userId, permissions, record))
+        granted = false;
+    return granted;
+};
+export const dependencyAccess = (collectionSchema, schema, userId, permissions, record) => {
+    let granted = true;
+    if (!permissions.Role) {
+        granted = false;
+        return granted;
+    }
+    if (hasDependencyAccess(collectionSchema, schema, permissions).length === 0)
+        granted = false;
+    if (!filterAccess("Read", collectionSchema, schema, userId, permissions, record))
+        granted = false;
+    return granted;
+};

package/lib/src/access/getCollectionRestrictions.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import { AttributeRestriction, CollectionSchema, CollectionsSchema, EntityParentFilter, EntityRestriction, StokerPermissions } from "@stoker-platform/types";
+export declare const getAttributeRestrictions: (collection: CollectionSchema, permissions: StokerPermissions) => AttributeRestriction[];
+export declare const getEntityRestrictions: (collection: CollectionSchema, permissions: StokerPermissions) => EntityRestriction[];
+export declare const getEntityParentFilters: (collection: CollectionSchema, schema: CollectionsSchema, permissions: StokerPermissions) => {
+    parentFilter: EntityParentFilter;
+    parentRestriction: EntityRestriction;
+}[];

package/lib/src/access/getCollectionRestrictions.js ADDED Viewed

@@ -0,0 +1,71 @@
+import { getField } from "../schema/getField.js";
+import { isRelationField } from "../schema/isRelationField.js";
+export const getAttributeRestrictions = (collection, permissions) => {
+    const restrictionKeys = {
+        Record_Owner: "recordOwner",
+        Record_User: "recordUser",
+        Record_Property: "recordProperty",
+    };
+    const restrictions = [];
+    const { labels, access } = collection;
+    const { attributeRestrictions } = access;
+    const collectionPermissions = permissions.collections?.[labels.collection];
+    attributeRestrictions?.forEach((attributeRestriction) => {
+        if ("roles" in attributeRestriction) {
+            attributeRestriction.roles.forEach((role) => {
+                const permissionRestriction = collectionPermissions?.[restrictionKeys[attributeRestriction.type]];
+                if (role.role === permissions.Role && (!role.assignable || permissionRestriction?.active))
+                    restrictions.push(attributeRestriction);
+            });
+        }
+    });
+    return restrictions;
+};
+export const getEntityRestrictions = (collection, permissions) => {
+    const restrictions = [];
+    const { labels, access } = collection;
+    const { entityRestrictions } = access;
+    const collectionPermissions = permissions.collections?.[labels.collection];
+    entityRestrictions?.restrictions?.forEach((entityRestriction) => {
+        if ("roles" in entityRestriction) {
+            entityRestriction.roles.forEach((role) => {
+                if (role.role === permissions.Role &&
+                    (!entityRestrictions.assignable?.includes(permissions.Role) ||
+                        collectionPermissions?.restrictEntities))
+                    restrictions.push(entityRestriction);
+            });
+        }
+    });
+    return restrictions;
+};
+export const getEntityParentFilters = (collection, schema, permissions) => {
+    const parentFilters = [];
+    const { access } = collection;
+    const { entityRestrictions } = access;
+    entityRestrictions?.parentFilters?.forEach((entityParentFilter) => {
+        if (!entityParentFilter.roles.some((role) => role.role === permissions.Role))
+            return;
+        const collectionField = entityParentFilter.collectionField;
+        const collectionFieldSchema = getField(collection.fields, collectionField);
+        if (!isRelationField(collectionFieldSchema))
+            throw new Error("PERMISSION_DENIED");
+        // eslint-disable-next-line security/detect-object-injection
+        const parentPermissions = permissions.collections?.[collectionFieldSchema.collection];
+        const parentCollection = schema.collections[collectionFieldSchema.collection];
+        const parentEntityRestrictions = parentCollection.access.entityRestrictions;
+        if (!parentEntityRestrictions)
+            throw new Error("PERMISSION_DENIED");
+        const parentRestriction = parentEntityRestrictions.restrictions?.find((restriction) => restriction.type === entityParentFilter.type &&
+            restriction.roles.some((role) => role.role === permissions.Role));
+        if (!parentRestriction)
+            throw new Error("PERMISSION_DENIED");
+        parentRestriction.roles.forEach((role) => {
+            if (role.role === permissions.Role &&
+                (!parentEntityRestrictions.assignable?.includes(permissions.Role) ||
+                    parentPermissions?.restrictEntities)) {
+                parentFilters.push({ parentFilter: entityParentFilter, parentRestriction });
+            }
+        });
+    });
+    return parentFilters;
+};

package/lib/src/access/getRecordSubcollections.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import { CollectionSchema, CollectionsSchema, StokerPermissions } from "@stoker-platform/types";
2	+ export declare const getRecordSubcollections: (collectionSchema: CollectionSchema, schema: CollectionsSchema, permissions?: StokerPermissions) => CollectionSchema[];

package/lib/src/access/getRecordSubcollections.js ADDED Viewed

@@ -0,0 +1,15 @@
+import { collectionAccess } from "./collection.js";
+export const getRecordSubcollections = (collectionSchema, schema, permissions) => {
+    const { labels } = collectionSchema;
+    const subcollections = [];
+    for (const collection of Object.values(schema.collections)) {
+        const collectionPermissions = permissions?.collections?.[collection.labels.collection];
+        if (!collectionPermissions)
+            continue;
+        if (collection.parentCollection === labels.collection &&
+            (!permissions || collectionAccess("Read", collectionPermissions))) {
+            subcollections.push(collection);
+        }
+    }
+    return subcollections;
+};

package/lib/src/access/getRelatedCollections.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import { CollectionSchema, CollectionsSchema, StokerPermissions } from "@stoker-platform/types";
2	+ export declare const getRelatedCollections: (collectionSchema: CollectionSchema, schema: CollectionsSchema, permissions?: StokerPermissions) => string[];

package/lib/src/access/getRelatedCollections.js ADDED Viewed

@@ -0,0 +1,24 @@
+import { isRelationField } from "../schema/isRelationField.js";
+import { collectionAccess, privateFieldAccess } from "../access/collection.js";
+import { hasDependencyAccess } from "./hasDependencyAccess.js";
+export const getRelatedCollections = (collectionSchema, schema, permissions) => {
+    const relatedCollections = [];
+    for (const field of collectionSchema.fields) {
+        if (isRelationField(field)) {
+            if (field.access && (!permissions || !privateFieldAccess(field, permissions)))
+                continue;
+            const relatedCollection = schema.collections[field.collection];
+            if (!relatedCollection)
+                continue;
+            const relatedCollectionPermissions = permissions?.collections?.[field.collection];
+            if (!relatedCollectionPermissions)
+                continue;
+            if (!permissions ||
+                collectionAccess("Read", relatedCollectionPermissions) ||
+                hasDependencyAccess(collectionSchema, schema, permissions)) {
+                relatedCollections.push(field.collection);
+            }
+        }
+    }
+    return Array.from(new Set(relatedCollections));
+};

package/lib/src/access/hasDependencyAccess.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import { CollectionSchema, CollectionsSchema, DependencyField, StokerPermissions } from "@stoker-platform/types";
2	+ export declare const hasDependencyAccess: (collection: CollectionSchema, schema: CollectionsSchema, permissions: StokerPermissions) => DependencyField[];

package/lib/src/access/hasDependencyAccess.js ADDED Viewed

@@ -0,0 +1,24 @@
+import { privateFieldAccess } from "./collection.js";
+import { isRelationField } from "../schema/isRelationField.js";
+export const hasDependencyAccess = (collection, schema, permissions) => {
+    const collections = Object.values(schema.collections);
+    const { labels } = collection;
+    const hasDependencyAccess = [];
+    for (const collectionSchema of collections) {
+        const { fields: dependencyFields } = collectionSchema;
+        for (const field of dependencyFields) {
+            if (field.access && !privateFieldAccess(field, permissions))
+                continue;
+            if (!permissions.Role)
+                continue;
+            if (isRelationField(field) && field.collection === labels.collection && field.dependencyFields) {
+                for (const dependencyField of field.dependencyFields) {
+                    const existingField = hasDependencyAccess.find((field) => field.field === dependencyField.field);
+                    if (!existingField && dependencyField.roles.includes(permissions.Role))
+                        hasDependencyAccess.push(dependencyField);
+                }
+            }
+        }
+    }
+    return hasDependencyAccess;
+};

package/lib/src/access/isPaginationEnabled.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import { CollectionSchema, CollectionsSchema, StokerRole } from "@stoker-platform/types";
2	+ export declare const isPaginationEnabled: (role: StokerRole, collectionSchema: CollectionSchema, schema: CollectionsSchema) => string \| true;

package/lib/src/access/isPaginationEnabled.js ADDED Viewed

@@ -0,0 +1,35 @@
+import { getField } from "../schema/getField.js";
+import { isRelationField } from "../schema/isRelationField.js";
+export const isPaginationEnabled = (role, collectionSchema, schema) => {
+    const { access } = collectionSchema;
+    const { entityRestrictions } = access;
+    if (entityRestrictions?.restrictions) {
+        for (const restriction of entityRestrictions.restrictions) {
+            if (restriction.roles?.some((accessRole) => accessRole.role === role)) {
+                if (!("singleQuery" in restriction && restriction.singleQuery)) {
+                    return `${restriction.type} entity restriction`;
+                }
+            }
+        }
+    }
+    if (entityRestrictions?.parentFilters) {
+        for (const parentFilter of entityRestrictions.parentFilters) {
+            if (!parentFilter.roles.some((accessRole) => accessRole.role === role))
+                continue;
+            const collectionFieldSchema = getField(collectionSchema.fields, parentFilter.collectionField);
+            if (!isRelationField(collectionFieldSchema))
+                throw new Error("PERMISSION_DENIED");
+            const parentCollection = schema.collections[collectionFieldSchema.collection];
+            const parentRestriction = parentCollection.access.entityRestrictions?.restrictions?.find((restriction) => restriction.type === parentFilter.type &&
+                restriction.roles.some((accessRole) => accessRole.role === role));
+            if (!parentRestriction)
+                throw new Error("PERMISSION_DENIED");
+            if (parentRestriction.type !== parentFilter.type)
+                throw new Error("PERMISSION_DENIED");
+            if (!("singleQuery" in parentRestriction && parentRestriction.singleQuery)) {
+                return `${parentFilter.type} parent filter`;
+            }
+        }
+    }
+    return true;
+};

package/lib/src/access/permissions.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import { CollectionSchema, CollectionsSchema, StokerPermissions, StokerRecord } from "@stoker-platform/types";
2	+ export declare const permissionsWriteAccess: (operation: "create" \| "update" \| "delete", record: StokerRecord, docId: string, collectionSchema: CollectionSchema, schema: CollectionsSchema, currentUserId?: string, currentUserPermissions?: StokerPermissions, permissions?: StokerPermissions, originalPermissions?: StokerPermissions, originalRecord?: StokerRecord, userOperation?: string) => boolean;