@terreno/api 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +202 -0
- package/README.md +170 -0
- package/biome.jsonc +22 -0
- package/bunfig.toml +4 -0
- package/dist/api.d.ts +227 -0
- package/dist/api.js +1024 -0
- package/dist/api.test.d.ts +1 -0
- package/dist/api.test.js +2143 -0
- package/dist/auth.d.ts +50 -0
- package/dist/auth.js +512 -0
- package/dist/auth.test.d.ts +1 -0
- package/dist/auth.test.js +778 -0
- package/dist/errors.d.ts +75 -0
- package/dist/errors.js +216 -0
- package/dist/example.d.ts +1 -0
- package/dist/example.js +118 -0
- package/dist/expressServer.d.ts +35 -0
- package/dist/expressServer.js +436 -0
- package/dist/index.d.ts +14 -0
- package/dist/index.js +30 -0
- package/dist/logger.d.ts +23 -0
- package/dist/logger.js +249 -0
- package/dist/middleware.d.ts +10 -0
- package/dist/middleware.js +52 -0
- package/dist/notifiers/googleChatNotifier.d.ts +5 -0
- package/dist/notifiers/googleChatNotifier.js +130 -0
- package/dist/notifiers/googleChatNotifier.test.d.ts +1 -0
- package/dist/notifiers/googleChatNotifier.test.js +260 -0
- package/dist/notifiers/index.d.ts +3 -0
- package/dist/notifiers/index.js +19 -0
- package/dist/notifiers/slackNotifier.d.ts +5 -0
- package/dist/notifiers/slackNotifier.js +130 -0
- package/dist/notifiers/slackNotifier.test.d.ts +1 -0
- package/dist/notifiers/slackNotifier.test.js +259 -0
- package/dist/notifiers/zoomNotifier.d.ts +34 -0
- package/dist/notifiers/zoomNotifier.js +181 -0
- package/dist/notifiers/zoomNotifier.test.d.ts +1 -0
- package/dist/notifiers/zoomNotifier.test.js +370 -0
- package/dist/openApi.d.ts +60 -0
- package/dist/openApi.js +441 -0
- package/dist/openApi.test.d.ts +1 -0
- package/dist/openApi.test.js +445 -0
- package/dist/openApiBuilder.d.ts +419 -0
- package/dist/openApiBuilder.js +424 -0
- package/dist/openApiBuilder.test.d.ts +1 -0
- package/dist/openApiBuilder.test.js +509 -0
- package/dist/openApiEtag.d.ts +7 -0
- package/dist/openApiEtag.js +38 -0
- package/dist/permissions.d.ts +26 -0
- package/dist/permissions.js +331 -0
- package/dist/permissions.test.d.ts +1 -0
- package/dist/permissions.test.js +413 -0
- package/dist/plugins.d.ts +67 -0
- package/dist/plugins.js +315 -0
- package/dist/plugins.test.d.ts +1 -0
- package/dist/plugins.test.js +639 -0
- package/dist/populate.d.ts +14 -0
- package/dist/populate.js +315 -0
- package/dist/populate.test.d.ts +1 -0
- package/dist/populate.test.js +133 -0
- package/dist/response.d.ts +0 -0
- package/dist/response.js +1 -0
- package/dist/tests/bunSetup.d.ts +1 -0
- package/dist/tests/bunSetup.js +297 -0
- package/dist/tests/index.d.ts +1 -0
- package/dist/tests/index.js +17 -0
- package/dist/tests.d.ts +99 -0
- package/dist/tests.js +273 -0
- package/dist/transformers.d.ts +25 -0
- package/dist/transformers.js +217 -0
- package/dist/transformers.test.d.ts +1 -0
- package/dist/transformers.test.js +370 -0
- package/dist/utils.d.ts +11 -0
- package/dist/utils.js +143 -0
- package/dist/utils.test.d.ts +1 -0
- package/dist/utils.test.js +14 -0
- package/index.ts +1 -0
- package/package.json +88 -0
- package/src/__snapshots__/openApi.test.ts.snap +4814 -0
- package/src/__snapshots__/openApiBuilder.test.ts.snap +1485 -0
- package/src/api.test.ts +1661 -0
- package/src/api.ts +1036 -0
- package/src/auth.test.ts +550 -0
- package/src/auth.ts +408 -0
- package/src/errors.ts +225 -0
- package/src/example.ts +99 -0
- package/src/express.d.ts +5 -0
- package/src/expressServer.ts +387 -0
- package/src/index.ts +14 -0
- package/src/logger.ts +190 -0
- package/src/middleware.ts +18 -0
- package/src/notifiers/googleChatNotifier.test.ts +114 -0
- package/src/notifiers/googleChatNotifier.ts +47 -0
- package/src/notifiers/index.ts +3 -0
- package/src/notifiers/slackNotifier.test.ts +113 -0
- package/src/notifiers/slackNotifier.ts +55 -0
- package/src/notifiers/zoomNotifier.test.ts +207 -0
- package/src/notifiers/zoomNotifier.ts +111 -0
- package/src/openApi.test.ts +331 -0
- package/src/openApi.ts +494 -0
- package/src/openApiBuilder.test.ts +442 -0
- package/src/openApiBuilder.ts +636 -0
- package/src/openApiEtag.ts +40 -0
- package/src/permissions.test.ts +219 -0
- package/src/permissions.ts +228 -0
- package/src/plugins.test.ts +390 -0
- package/src/plugins.ts +289 -0
- package/src/populate.test.ts +65 -0
- package/src/populate.ts +258 -0
- package/src/response.ts +0 -0
- package/src/tests/bunSetup.ts +234 -0
- package/src/tests/index.ts +1 -0
- package/src/tests.ts +218 -0
- package/src/transformers.test.ts +202 -0
- package/src/transformers.ts +170 -0
- package/src/utils.test.ts +14 -0
- package/src/utils.ts +47 -0
- package/tsconfig.json +60 -0
- package/types.d.ts +17 -0
|
@@ -0,0 +1,331 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
35
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
36
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
37
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
38
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
39
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
40
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
41
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
42
|
+
});
|
|
43
|
+
};
|
|
44
|
+
var __generator = (this && this.__generator) || function (thisArg, body) {
|
|
45
|
+
var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype);
|
|
46
|
+
return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
|
|
47
|
+
function verb(n) { return function (v) { return step([n, v]); }; }
|
|
48
|
+
function step(op) {
|
|
49
|
+
if (f) throw new TypeError("Generator is already executing.");
|
|
50
|
+
while (g && (g = 0, op[0] && (_ = 0)), _) try {
|
|
51
|
+
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
|
|
52
|
+
if (y = 0, t) op = [op[0] & 2, t.value];
|
|
53
|
+
switch (op[0]) {
|
|
54
|
+
case 0: case 1: t = op; break;
|
|
55
|
+
case 4: _.label++; return { value: op[1], done: false };
|
|
56
|
+
case 5: _.label++; y = op[1]; op = [0]; continue;
|
|
57
|
+
case 7: op = _.ops.pop(); _.trys.pop(); continue;
|
|
58
|
+
default:
|
|
59
|
+
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
|
|
60
|
+
if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
|
|
61
|
+
if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
|
|
62
|
+
if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
|
|
63
|
+
if (t[2]) _.ops.pop();
|
|
64
|
+
_.trys.pop(); continue;
|
|
65
|
+
}
|
|
66
|
+
op = body.call(thisArg, _);
|
|
67
|
+
} catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
|
|
68
|
+
if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
|
|
69
|
+
}
|
|
70
|
+
};
|
|
71
|
+
var __values = (this && this.__values) || function(o) {
|
|
72
|
+
var s = typeof Symbol === "function" && Symbol.iterator, m = s && o[s], i = 0;
|
|
73
|
+
if (m) return m.call(o);
|
|
74
|
+
if (o && typeof o.length === "number") return {
|
|
75
|
+
next: function () {
|
|
76
|
+
if (o && i >= o.length) o = void 0;
|
|
77
|
+
return { value: o && o[i++], done: !o };
|
|
78
|
+
}
|
|
79
|
+
};
|
|
80
|
+
throw new TypeError(s ? "Object is not iterable." : "Symbol.iterator is not defined.");
|
|
81
|
+
};
|
|
82
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
83
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
84
|
+
};
|
|
85
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
86
|
+
exports.Permissions = exports.OwnerQueryFilter = void 0;
|
|
87
|
+
exports.checkPermissions = checkPermissions;
|
|
88
|
+
exports.permissionMiddleware = permissionMiddleware;
|
|
89
|
+
// Defaults closed
|
|
90
|
+
var Sentry = __importStar(require("@sentry/node"));
|
|
91
|
+
var mongoose_1 = __importDefault(require("mongoose"));
|
|
92
|
+
var api_1 = require("./api");
|
|
93
|
+
var errors_1 = require("./errors");
|
|
94
|
+
var logger_1 = require("./logger");
|
|
95
|
+
var OwnerQueryFilter = function (user) {
|
|
96
|
+
if (user) {
|
|
97
|
+
return { ownerId: user === null || user === void 0 ? void 0 : user.id };
|
|
98
|
+
}
|
|
99
|
+
// Return a null, so we know to return no results.
|
|
100
|
+
return null;
|
|
101
|
+
};
|
|
102
|
+
exports.OwnerQueryFilter = OwnerQueryFilter;
|
|
103
|
+
exports.Permissions = {
|
|
104
|
+
IsAdmin: function (_method, user) {
|
|
105
|
+
return Boolean(user === null || user === void 0 ? void 0 : user.admin);
|
|
106
|
+
},
|
|
107
|
+
IsAny: function () {
|
|
108
|
+
return true;
|
|
109
|
+
},
|
|
110
|
+
IsAuthenticated: function (_method, user) {
|
|
111
|
+
if (!user) {
|
|
112
|
+
return false;
|
|
113
|
+
}
|
|
114
|
+
return Boolean(user.id);
|
|
115
|
+
},
|
|
116
|
+
IsAuthenticatedOrReadOnly: function (method, user) {
|
|
117
|
+
if ((user === null || user === void 0 ? void 0 : user.id) && !(user === null || user === void 0 ? void 0 : user.isAnonymous)) {
|
|
118
|
+
return true;
|
|
119
|
+
}
|
|
120
|
+
return method === "list" || method === "read";
|
|
121
|
+
},
|
|
122
|
+
IsOwner: function (_method, user, obj) {
|
|
123
|
+
var _a;
|
|
124
|
+
// When checking if we can possibly perform the action, return true.
|
|
125
|
+
if (!obj) {
|
|
126
|
+
return true;
|
|
127
|
+
}
|
|
128
|
+
if (!user) {
|
|
129
|
+
return false;
|
|
130
|
+
}
|
|
131
|
+
if (user === null || user === void 0 ? void 0 : user.admin) {
|
|
132
|
+
return true;
|
|
133
|
+
}
|
|
134
|
+
var ownerId = ((_a = obj === null || obj === void 0 ? void 0 : obj.ownerId) === null || _a === void 0 ? void 0 : _a._id) || (obj === null || obj === void 0 ? void 0 : obj.ownerId);
|
|
135
|
+
return (user === null || user === void 0 ? void 0 : user.id) && ownerId && String(ownerId) === String(user === null || user === void 0 ? void 0 : user.id);
|
|
136
|
+
},
|
|
137
|
+
IsOwnerOrReadOnly: function (method, user, obj) {
|
|
138
|
+
// When checking if we can possibly perform the action, return true.
|
|
139
|
+
if (!obj) {
|
|
140
|
+
return true;
|
|
141
|
+
}
|
|
142
|
+
if (user === null || user === void 0 ? void 0 : user.admin) {
|
|
143
|
+
return true;
|
|
144
|
+
}
|
|
145
|
+
if ((user === null || user === void 0 ? void 0 : user.id) && (obj === null || obj === void 0 ? void 0 : obj.ownerId) && String(obj === null || obj === void 0 ? void 0 : obj.ownerId) === String(user === null || user === void 0 ? void 0 : user.id)) {
|
|
146
|
+
return true;
|
|
147
|
+
}
|
|
148
|
+
return method === "list" || method === "read";
|
|
149
|
+
},
|
|
150
|
+
};
|
|
151
|
+
function checkPermissions(method, permissions, user, obj) {
|
|
152
|
+
return __awaiter(this, void 0, void 0, function () {
|
|
153
|
+
var anyTrue, permissions_1, permissions_1_1, perm, e_1_1;
|
|
154
|
+
var e_1, _a;
|
|
155
|
+
return __generator(this, function (_b) {
|
|
156
|
+
switch (_b.label) {
|
|
157
|
+
case 0:
|
|
158
|
+
anyTrue = false;
|
|
159
|
+
_b.label = 1;
|
|
160
|
+
case 1:
|
|
161
|
+
_b.trys.push([1, 6, 7, 8]);
|
|
162
|
+
permissions_1 = __values(permissions), permissions_1_1 = permissions_1.next();
|
|
163
|
+
_b.label = 2;
|
|
164
|
+
case 2:
|
|
165
|
+
if (!!permissions_1_1.done) return [3 /*break*/, 5];
|
|
166
|
+
perm = permissions_1_1.value;
|
|
167
|
+
return [4 /*yield*/, perm(method, user, obj)];
|
|
168
|
+
case 3:
|
|
169
|
+
// May or may not be a promise.
|
|
170
|
+
if (!(_b.sent())) {
|
|
171
|
+
return [2 /*return*/, false];
|
|
172
|
+
}
|
|
173
|
+
anyTrue = true;
|
|
174
|
+
_b.label = 4;
|
|
175
|
+
case 4:
|
|
176
|
+
permissions_1_1 = permissions_1.next();
|
|
177
|
+
return [3 /*break*/, 2];
|
|
178
|
+
case 5: return [3 /*break*/, 8];
|
|
179
|
+
case 6:
|
|
180
|
+
e_1_1 = _b.sent();
|
|
181
|
+
e_1 = { error: e_1_1 };
|
|
182
|
+
return [3 /*break*/, 8];
|
|
183
|
+
case 7:
|
|
184
|
+
try {
|
|
185
|
+
if (permissions_1_1 && !permissions_1_1.done && (_a = permissions_1.return)) _a.call(permissions_1);
|
|
186
|
+
}
|
|
187
|
+
finally { if (e_1) throw e_1.error; }
|
|
188
|
+
return [7 /*endfinally*/];
|
|
189
|
+
case 8: return [2 /*return*/, anyTrue];
|
|
190
|
+
}
|
|
191
|
+
});
|
|
192
|
+
});
|
|
193
|
+
}
|
|
194
|
+
// Check the permissions for a given model and method. If the method is a read, update, or delete,
|
|
195
|
+
// finds the relevant object, checks the permissions, and attaches the object to the request as
|
|
196
|
+
// req.obj.
|
|
197
|
+
function permissionMiddleware(baseModel, options) {
|
|
198
|
+
var _this = this;
|
|
199
|
+
return function (req, _res, next) { return __awaiter(_this, void 0, void 0, function () {
|
|
200
|
+
var method, reqMethod, model, builtQuery, populatedQuery, data, error_1, hiddenDoc, error, reason, error, error_2;
|
|
201
|
+
var _a, _b, _c, _d;
|
|
202
|
+
return __generator(this, function (_e) {
|
|
203
|
+
switch (_e.label) {
|
|
204
|
+
case 0:
|
|
205
|
+
if (req.method === "OPTIONS") {
|
|
206
|
+
return [2 /*return*/, next()];
|
|
207
|
+
}
|
|
208
|
+
_e.label = 1;
|
|
209
|
+
case 1:
|
|
210
|
+
_e.trys.push([1, 10, , 11]);
|
|
211
|
+
method = void 0;
|
|
212
|
+
reqMethod = req.method.toLowerCase();
|
|
213
|
+
if (reqMethod === "post") {
|
|
214
|
+
method = "create";
|
|
215
|
+
}
|
|
216
|
+
else if (reqMethod === "get") {
|
|
217
|
+
if (req.params.id) {
|
|
218
|
+
method = "read";
|
|
219
|
+
}
|
|
220
|
+
else {
|
|
221
|
+
method = "list";
|
|
222
|
+
}
|
|
223
|
+
}
|
|
224
|
+
else if (reqMethod === "patch") {
|
|
225
|
+
method = "update";
|
|
226
|
+
}
|
|
227
|
+
else if (reqMethod === "delete") {
|
|
228
|
+
method = "delete";
|
|
229
|
+
}
|
|
230
|
+
else {
|
|
231
|
+
throw new errors_1.APIError({
|
|
232
|
+
status: 405,
|
|
233
|
+
title: "Method ".concat(req.method, " not allowed"),
|
|
234
|
+
});
|
|
235
|
+
}
|
|
236
|
+
model = (0, api_1.getModel)(baseModel, req.body, options);
|
|
237
|
+
return [4 /*yield*/, checkPermissions(method, options.permissions[method], req.user)];
|
|
238
|
+
case 2:
|
|
239
|
+
// All methods check for permissions.
|
|
240
|
+
if (!(_e.sent())) {
|
|
241
|
+
throw new errors_1.APIError({
|
|
242
|
+
status: 405,
|
|
243
|
+
title: "Access to ".concat(method.toUpperCase(), " on ").concat(model.modelName, " ") +
|
|
244
|
+
"denied for ".concat((_a = req.user) === null || _a === void 0 ? void 0 : _a.id),
|
|
245
|
+
});
|
|
246
|
+
}
|
|
247
|
+
if (method === "create" || method === "list") {
|
|
248
|
+
return [2 /*return*/, next()];
|
|
249
|
+
}
|
|
250
|
+
builtQuery = model.findById(req.params.id);
|
|
251
|
+
populatedQuery = (0, api_1.addPopulateToQuery)(builtQuery, options.populatePaths);
|
|
252
|
+
data = void 0;
|
|
253
|
+
_e.label = 3;
|
|
254
|
+
case 3:
|
|
255
|
+
_e.trys.push([3, 5, , 6]);
|
|
256
|
+
return [4 /*yield*/, populatedQuery.exec()];
|
|
257
|
+
case 4:
|
|
258
|
+
data = _e.sent();
|
|
259
|
+
return [3 /*break*/, 6];
|
|
260
|
+
case 5:
|
|
261
|
+
error_1 = _e.sent();
|
|
262
|
+
throw new errors_1.APIError({
|
|
263
|
+
error: error_1,
|
|
264
|
+
status: 500,
|
|
265
|
+
title: "GET failed on ".concat(req.params.id),
|
|
266
|
+
});
|
|
267
|
+
case 6:
|
|
268
|
+
if (!(!data || (["update", "delete"].includes(method) && (data === null || data === void 0 ? void 0 : data.__t) && !((_b = req.body) === null || _b === void 0 ? void 0 : _b.__t)))) return [3 /*break*/, 8];
|
|
269
|
+
// For discriminated models, return 404 without checking hidden state
|
|
270
|
+
if (["update", "delete"].includes(method) && (data === null || data === void 0 ? void 0 : data.__t) && !((_c = req.body) === null || _c === void 0 ? void 0 : _c.__t)) {
|
|
271
|
+
throw new errors_1.APIError({
|
|
272
|
+
status: 404,
|
|
273
|
+
title: "Document ".concat(req.params.id, " not found for model ").concat(model.modelName),
|
|
274
|
+
});
|
|
275
|
+
}
|
|
276
|
+
return [4 /*yield*/, model.collection.findOne({
|
|
277
|
+
_id: new mongoose_1.default.Types.ObjectId(req.params.id),
|
|
278
|
+
})];
|
|
279
|
+
case 7:
|
|
280
|
+
hiddenDoc = _e.sent();
|
|
281
|
+
if (!hiddenDoc) {
|
|
282
|
+
Sentry.captureMessage("Document ".concat(req.params.id, " not found for model ").concat(model.modelName));
|
|
283
|
+
error = new errors_1.APIError({
|
|
284
|
+
status: 404,
|
|
285
|
+
title: "Document ".concat(req.params.id, " not found for model ").concat(model.modelName),
|
|
286
|
+
});
|
|
287
|
+
error.meta = undefined;
|
|
288
|
+
throw error;
|
|
289
|
+
}
|
|
290
|
+
reason = hiddenDoc.deleted
|
|
291
|
+
? { deleted: "true" }
|
|
292
|
+
: hiddenDoc.disabled
|
|
293
|
+
? { disabled: "true" }
|
|
294
|
+
: hiddenDoc.archived
|
|
295
|
+
? { archived: "true" }
|
|
296
|
+
: null;
|
|
297
|
+
// If no reason found, treat as not found
|
|
298
|
+
if (!reason) {
|
|
299
|
+
error = new errors_1.APIError({
|
|
300
|
+
status: 404,
|
|
301
|
+
title: "Document ".concat(req.params.id, " not found for model ").concat(model.modelName),
|
|
302
|
+
});
|
|
303
|
+
error.meta = undefined;
|
|
304
|
+
throw error;
|
|
305
|
+
}
|
|
306
|
+
throw new errors_1.APIError({
|
|
307
|
+
// We don't want to send this to Sentry because it's expected behavior.
|
|
308
|
+
disableExternalErrorTracking: true,
|
|
309
|
+
meta: reason,
|
|
310
|
+
status: 404,
|
|
311
|
+
title: "Document ".concat(req.params.id, " not found for model ").concat(model.modelName),
|
|
312
|
+
});
|
|
313
|
+
case 8: return [4 /*yield*/, checkPermissions(method, options.permissions[method], req.user, data)];
|
|
314
|
+
case 9:
|
|
315
|
+
if (!(_e.sent())) {
|
|
316
|
+
throw new errors_1.APIError({
|
|
317
|
+
status: 403,
|
|
318
|
+
title: "Access to GET on ".concat(model.modelName, ":").concat(req.params.id, " denied for ").concat((_d = req.user) === null || _d === void 0 ? void 0 : _d.id),
|
|
319
|
+
});
|
|
320
|
+
}
|
|
321
|
+
req.obj = data;
|
|
322
|
+
return [2 /*return*/, next()];
|
|
323
|
+
case 10:
|
|
324
|
+
error_2 = _e.sent();
|
|
325
|
+
logger_1.logger.error("Permissions error: ".concat(error_2 instanceof Error ? error_2.message : error_2));
|
|
326
|
+
return [2 /*return*/, next(error_2)];
|
|
327
|
+
case 11: return [2 /*return*/];
|
|
328
|
+
}
|
|
329
|
+
});
|
|
330
|
+
}); };
|
|
331
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|