@things-factory/integration-base 6.2.15 → 6.2.24

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@things-factory/integration-base",
-  "version": "6.2.15",
+  "version": "6.2.24",
   "main": "dist-server/index.js",
   "browser": "client/index.js",
   "things-factory": true,
@@ -26,12 +26,12 @@
   },
   "dependencies": {
     "@apollo/client": "^3.6.9",
-    "@things-factory/api": "^6.2.15",
-    "@things-factory/auth-base": "^6.2.15",
+    "@things-factory/api": "^6.2.24",
+    "@things-factory/auth-base": "^6.2.24",
     "@things-factory/env": "^6.2.0",
-    "@things-factory/oauth2-client": "^6.2.15",
-    "@things-factory/scheduler-client": "^6.2.15",
-    "@things-factory/shell": "^6.2.15",
+    "@things-factory/oauth2-client": "^6.2.24",
+    "@things-factory/scheduler-client": "^6.2.24",
+    "@things-factory/shell": "^6.2.24",
     "async-mqtt": "^2.5.0",
     "chance": "^1.1.11",
     "cross-fetch": "^3.0.4",
@@ -46,5 +46,5 @@
   "devDependencies": {
     "@types/cron": "^2.0.1"
   },
-  "gitHead": "262fa72c069ac8745dd16acd695d0e87331fbc14"
+  "gitHead": "f407983563cca529ba87ea8febb5be751ad3229e"
 }

package/server/service/scenario/scenario-type.ts

@@ -11,50 +11,65 @@ import {
   UpdateDateColumn
 } from 'typeorm'
 
-import { User } from '@things-factory/auth-base'
+import { Privilege, User } from '@things-factory/auth-base'
 import { Domain } from '@things-factory/shell'
 
 import { ScenarioEngine } from '../../engine'
 import { Step, StepPatch } from '../step/step-type'
 
+@ObjectType()
+export class PrivilegeObject {
+  @Field({ nullable: true })
+  privilege?: string
+
+  @Field({ nullable: true })
+  category?: string
+
+  @Field({ nullable: true })
+  owner?: boolean
+
+  @Field({ nullable: true })
+  super?: boolean
+}
+
 @Entity()
 @Index('ix_scenario_0', (scenario: Scenario) => [scenario.domain, scenario.name], { unique: true })
 @ObjectType()
 export class Scenario {
   @PrimaryGeneratedColumn('uuid')
   @Field(type => ID)
-  id: string
+  id?: string
 
   @ManyToOne(type => Domain)
   @Field({ nullable: true })
-  domain: Domain
+  domain?: Domain
 
   @RelationId((scenario: Scenario) => scenario.domain)
-  domainId: string
+  domainId?: string
 
   @Column()
   @Field()
-  name: string
+  name?: string
 
   @Column({ nullable: true })
   @Field({ nullable: true })
-  description: string
+  description?: string
 
   @Column({ nullable: true })
   @Field({ nullable: true })
-  type: string
+  type?: string
 
   @Column({ nullable: true })
   @Field({ nullable: true, description: 'accessible and executable system-wide' })
-  public: boolean
+  public?: boolean
 
   @Column({ nullable: true })
   @Field({ nullable: true, description: '[will be deprecated] automatically be started when this server start' })
-  active: boolean
+  active?: boolean
 
   @Column({ nullable: true })
   @Field({ nullable: true })
-  schedule: string
+  schedule?: string
 
   @Column({ nullable: true })
   @Field({ nullable: true })
@@ -62,33 +77,37 @@ export class Scenario {
 
   @Column({ nullable: true })
   @Field({ nullable: true })
-  timezone: string
+  timezone?: string
 
   @OneToMany(type => Step, step => step.scenario)
   @Field(type => [Step], { nullable: true })
-  steps: Step[]
+  steps?: Step[]
+
+  @Column({ type: 'simple-json', nullable: true })
+  @Field(type => PrivilegeObject, { nullable: true })
+  privilege?: PrivilegeObject
 
   @CreateDateColumn()
   @Field({ nullable: true })
-  createdAt: Date
+  createdAt?: Date
 
   @UpdateDateColumn()
   @Field({ nullable: true })
-  updatedAt: Date
+  updatedAt?: Date
 
   @ManyToOne(type => User, { nullable: true })
   @Field({ nullable: true })
-  creator: User
+  creator?: User
 
   @RelationId((scenario: Scenario) => scenario.creator)
-  creatorId: string
+  creatorId?: string
 
   @ManyToOne(type => User, { nullable: true })
   @Field({ nullable: true })
-  updater: User
+  updater?: User
 
   @RelationId((scenario: Scenario) => scenario.updater)
-  updaterId: string
+  updaterId?: string
 
   async start(instanceName, variables?: any) {
     try {
@@ -104,6 +123,21 @@ export class Scenario {
   }
 }
 
+@InputType()
+export class PrivilegeInput {
+  @Field({ nullable: true })
+  privilege?: string
+
+  @Field({ nullable: true })
+  category?: string
+
+  @Field({ nullable: true })
+  owner?: boolean
+
+  @Field({ nullable: true })
+  super?: boolean
+}
+
 @InputType()
 export class NewScenario {
   @Field()
@@ -123,6 +157,9 @@ export class NewScenario {
 
   @Field({ nullable: true })
   active?: boolean
+
+  @Field({ nullable: true })
+  privilege?: PrivilegeInput
 }
 
 @InputType()
@@ -151,6 +188,9 @@ export class ScenarioPatch {
   @Field(type => [StepPatch], { nullable: true })
   steps?: StepPatch[]
 
+  @Field({ nullable: true })
+  privilege?: PrivilegeInput
+
   @Field({ nullable: true })
   cuFlag?: string
 }

package/server/service/scenario-instance/scenario-instance-mutation.ts

@@ -3,12 +3,17 @@ import { Arg, Ctx, Mutation, Resolver } from 'type-graphql'
 import { getRepository, Domain, GraphqlLocalClient, ScalarObject } from '@things-factory/shell'
 
 import { ScenarioEngine } from '../../engine'
-import { Scenario } from '../scenario/scenario-type'
+import { PrivilegeObject, Scenario } from '../scenario/scenario-type'
 import { ScenarioInstance } from './scenario-instance-type'
+import { User } from '@things-factory/auth-base'
+import { Step } from '../step/step-type'
 
 const debug = require('debug')('things-factory:integration-base:scenario-instance-mutation')
 
-async function findScenario(scenarioName: string, domain: Domain) {
+async function findScenario(
+  scenarioName: string,
+  domain: Domain
+): Promise<{ name: string; steps: Step[]; domain: Domain; privilege?: PrivilegeObject }> {
   var repository = getRepository(Scenario)
 
   var scenario = await repository.findOne({
@@ -23,7 +28,21 @@ async function findScenario(scenarioName: string, domain: Domain) {
     })
   }
 
-  return scenario
+  return scenario as any
+}
+
+async function checkPermission(privilegeObject: PrivilegeObject, user: User, domain: Domain): Promise<boolean> {
+  if (!privilegeObject || !privilegeObject.privilege || !privilegeObject.category) {
+    return true
+  }
+
+  const { owner: domainOwnerGranted, super: superUserGranted, category, privilege } = privilegeObject
+
+  return (
+    (domainOwnerGranted && (await process.domainOwnerGranted(domain, user))) ||
+    (superUserGranted && (await process.superUserGranted(domain, user))) ||
+    (category && privilege && (await User.hasPrivilege(privilege, category, domain, user)))
+  )
 }
 
 @Resolver(ScenarioInstance)
@@ -37,7 +56,7 @@ export class ScenarioInstanceMutation {
     @Arg('variables', type => ScalarObject, { nullable: true }) variables: any,
     @Ctx() context: ResolverContext
   ): Promise<ScenarioInstance> {
-    const { domain } = context.state
+    const { domain, user } = context.state
 
     debug('runScenario', scenarioName, instanceName, variables)
 
@@ -51,6 +70,10 @@ export class ScenarioInstanceMutation {
       )
     }
 
+    if (!(await checkPermission(scenario.privilege, user, domain))) {
+      throw new Error(`Unauthorized!`)
+    }
+
     /* 시나리오 인스턴스를 생성한다. */
     instanceName = instanceName || scenarioName + '-' + String(Date.now())
     var instance = new ScenarioInstance(instanceName, scenario, {
@@ -85,6 +108,10 @@ export class ScenarioInstanceMutation {
       )
     }
 
+    if (!(await checkPermission(scenario.privilege, user, domain))) {
+      throw new Error(`Unauthorized!`)
+    }
+
     instanceName = instanceName || scenarioName
     return await ScenarioEngine.load(instanceName, scenario, { domain, user, lng, variables })
   }
@@ -94,7 +121,7 @@ export class ScenarioInstanceMutation {
     @Arg('instanceName', { nullable: true }) instanceName: string,
     @Ctx() context: ResolverContext
   ): Promise<ScenarioInstance | undefined> {
-    const { domain } = context.state
+    const { domain, user } = context.state
 
     debug('stopScenario', instanceName)
 
@@ -107,7 +134,12 @@ export class ScenarioInstanceMutation {
           instance: instanceName
         })
       )
-      return
+    }
+
+    var scenario = await findScenario(scenarioInstance.scenarioName, domain)
+
+    if (!(await checkPermission(scenario.privilege, user, domain))) {
+      throw new Error(`Unauthorized!`)
     }
 
     await ScenarioEngine.unload(domain, instanceName)

package/translations/ms.json

@@ -1,6 +1,6 @@
 {
-  "error.scenario not found": "[ms] scenario '{scenario}' not found.",
-  "error.schedule is not set": "schedule should be set for the scenario '{scenario}' in order to register as a schedule",
-  "error.timezone is not set": "timezone should be set for the scenario '{scenario}' in order to register as a schedule",
-  "error.scenario instance not found": "[ms] scenario instance '{instance}' not found."
+  "error.scenario not found": "Tidak dapat mencari senario '{scenario}'.",
+  "error.schedule is not set": "Untuk mendaftarkan sebagai jadual, maklumat jadual mesti diset dalam senario '{scenario}'.",
+  "error.timezone is not set": "Untuk mendaftarkan sebagai jadual, maklumat zon masa mesti diset dalam senario '{scenario}'.",
+  "error.scenario instance not found": "Tidak dapat mencari instans senario '{instance}'. Mungkin telah berakhir."
 }

package/translations/zh.json

@@ -1,6 +1,6 @@
 {
-  "error.scenario not found": "未找到场景'{scenario}'",
-  "error.schedule is not set": "schedule should be set for the scenario '{scenario}' in order to register as a schedule",
-  "error.timezone is not set": "timezone should be set for the scenario '{scenario}' in order to register as a schedule",
-  "error.scenario instance not found": "[zh] scenario instance '{instance}' not found."
+  "error.scenario not found": "无法找到场景 '{scenario}'。",
+  "error.schedule is not set": "要注册为计划，场景 '{scenario}' 需要设置计划信息。",
+  "error.timezone is not set": "要注册为计划，场景 '{scenario}' 需要设置时区信息。",
+  "error.scenario instance not found": "无法找到场景实例 '{instance}'。它可能已经结束。"
 }