npm - @things-factory/integration-base - Versions diffs - 7.1.29 → 7.1.34 - Mend

@things-factory/integration-base 7.1.29 → 7.1.34

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (26) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@things-factory/integration-base",
-  "version": "7.1.29",
+  "version": "7.1.34",
   "main": "dist-server/index.js",
   "browser": "client/index.js",
   "things-factory": true,
@@ -27,12 +27,12 @@
   "dependencies": {
     "@apollo/client": "^3.6.9",
     "@operato/moment-timezone-es": "^7.0.0",
-    "@things-factory/api": "^7.1.24",
-    "@things-factory/auth-base": "^7.1.24",
-    "@things-factory/cache-service": "^7.1.24",
+    "@things-factory/api": "^7.1.33",
+    "@things-factory/auth-base": "^7.1.33",
+    "@things-factory/cache-service": "^7.1.33",
     "@things-factory/env": "^7.1.16",
-    "@things-factory/oauth2-client": "^7.1.24",
-    "@things-factory/scheduler-client": "^7.1.24",
+    "@things-factory/oauth2-client": "^7.1.33",
+    "@things-factory/scheduler-client": "^7.1.34",
     "@things-factory/shell": "^7.1.24",
     "@things-factory/utils": "^7.1.24",
     "async-mqtt": "^2.5.0",
@@ -44,5 +44,5 @@
     "readline": "^1.3.0",
     "ses": "^1.5.0"
   },
-  "gitHead": "f207892ca9a9d0811b62232810c875fdb278f14e"
+  "gitHead": "22830c9e51c9fffb3c95d1d1f8cacc7706f7d2d1"
 }

package/server/controllers/scenario-controller.ts CHANGED Viewed

@@ -1,14 +1,10 @@
 import { getRepository, Domain, GraphqlLocalClient } from '@things-factory/shell'
-import { PrivilegeObject, User, checkPermission } from '@things-factory/auth-base'
+import { checkUserHasRole } from '@things-factory/auth-base'
 import { cacheService } from '@things-factory/cache-service'
 import { ScenarioEngine } from '../engine/scenario-engine'
 import { Scenario } from '../service/scenario/scenario'
-import {
-  ScenarioInstance,
-  ScenarioInstanceRunResult,
-  ScenarioInstanceStatus
-} from '../service/scenario-instance/scenario-instance-type'
+import { ScenarioInstance, ScenarioInstanceRunResult } from '../service/scenario-instance/scenario-instance-type'
 import { Step } from '../service/step/step-type'
 const debug = require('debug')('things-factory:integration-base:controller:run-scenario')
@@ -16,31 +12,48 @@ const debug = require('debug')('things-factory:integration-base:controller:run-s
 async function findScenario(
   scenarioName: string,
   domain: Domain
-): Promise<{ id: string; name: string; steps: Step[]; domain: Domain; privilege?: PrivilegeObject; ttl?: number }> {
+): Promise<{
+  id: string
+  ttl: number
+  name: string
+  steps: Step[]
+  domain: Domain
+}> {
   var repository = getRepository(Scenario)
   var scenario = await repository.findOne({
     where: { domain: { id: domain.id }, name: scenarioName },
-    relations: ['domain', 'steps', 'creator', 'updater']
+    relations: ['domain', 'steps', 'role', 'creator', 'updater']
   })
   if (!scenario && domain.parentId) {
     scenario = await repository.findOne({
       where: { domain: { id: domain.parentId }, name: scenarioName },
-      relations: ['domain', 'steps', 'creator', 'updater']
+      relations: ['domain', 'steps', 'role', 'creator', 'updater']
     })
   }
   return scenario as any
 }
+export async function checkHasRole(scenario: Partial<Scenario>, context: ResolverContext): Promise<void> {
+  const { domain, user } = context.state
+  if (!(await checkUserHasRole(scenario.roleId, domain, user))) {
+    throw new Error(
+      context.t('error.scenario run unauthorized', {
+        scenario: scenario.name
+      })
+    )
+  }
+}
 export async function runScenario(
   instanceName: string,
   scenarioName: string,
   variables: any,
   context: ResolverContext
 ): Promise<ScenarioInstanceRunResult> {
-  const { domain, user, lng, unsafeIP, prohibitedPrivileges } = context.state
+  const { domain, user, lng } = context.state
   debug('runScenario', scenarioName, instanceName, variables)
@@ -54,19 +67,7 @@ export async function runScenario(
     )
   }
-  if (!(await checkPermission(scenario.privilege, user, domain, unsafeIP, prohibitedPrivileges))) {
-    const { category, privilege } = scenario.privilege || {}
-    console.error(
-      `Unauthorized! ${category && privilege ? category + ':' + privilege + ' privilege' : 'ownership granted'} required`
-    )
-    throw new Error(
-      context.t('error.scenario run unauthorized', {
-        scenario: scenarioName
-      })
-    )
-  }
+  await checkHasRole(scenario, context)
   if (scenario.ttl > 0) {
     const cachedValue = await cacheService.getFromCache(scenario.id, { domain: domain.id, variables: variables || {} })
@@ -104,7 +105,7 @@ export async function startScenario(
   variables: any,
   context: ResolverContext
 ): Promise<ScenarioInstance> {
-  const { domain, user, lng, unsafeIP, prohibitedPrivileges } = context.state
+  const { domain, user, lng } = context.state
   debug('startScenario', instanceName, scenarioName, variables)
@@ -118,12 +119,7 @@ export async function startScenario(
     )
   }
-  if (!(await checkPermission(scenario.privilege, user, domain, unsafeIP, prohibitedPrivileges))) {
-    const { category, privilege } = scenario.privilege || {}
-    throw new Error(
-      `Unauthorized! ${category && privilege ? category + ':' + privilege + ' privilege' : 'ownership granted'} required`
-    )
-  }
+  await checkHasRole(scenario, context)
   instanceName = instanceName || scenarioName
   return await ScenarioEngine.load(instanceName, scenario, { domain, user, lng, variables })
@@ -152,12 +148,7 @@ export async function stopScenario(
   var scenario = await findScenario(scenarioInstance.scenarioName, domain)
-  if (!(await checkPermission(scenario.privilege, user, domain, unsafeIP, prohibitedPrivileges))) {
-    const { category, privilege } = scenario.privilege || {}
-    throw new Error(
-      `Unauthorized! ${category && privilege ? category + ':' + privilege + ' privilege' : 'ownership granted'} required`
-    )
-  }
+  await checkHasRole(scenario, context)
   await ScenarioEngine.unload(domain, instanceName)

package/server/engine/connector/operato-connector.ts CHANGED Viewed

@@ -17,7 +17,7 @@ import { Scenario } from '../../service/scenario/scenario'
 import { ScenarioInstance } from '../../service/scenario-instance/scenario-instance-type'
 import { getRepository, GraphqlLocalClient, Domain } from '@things-factory/shell'
-import { User, checkPermission } from '@things-factory/auth-base'
+import { User, checkUserHasRole } from '@things-factory/auth-base'
 const debug = require('debug')('things-factory:integration-base:operato-connector')
@@ -198,7 +198,7 @@ export class OperatoConnector implements Connector {
   }
   async runScenario(subscriptions: SubscriberData[], variables: any): Promise<ScenarioInstance> {
-    const { domain, user, unsafeIP, prohibitedPrivileges } = this.context
+    const { domain, user } = this.context
     const { tag } = variables
     if (!tag) {
@@ -210,11 +210,8 @@ export class OperatoConnector implements Connector {
       throw new Error(`scenario is not found - ${tag}`)
     }
-    if (!(await checkPermission(scenario.privilege, user, domain, unsafeIP, prohibitedPrivileges))) {
-      const { category, privilege } = scenario.privilege || {}
-      throw new Error(
-        `Unauthorized! ${category && privilege ? category + ':' + privilege + ' privilege' : 'ownership granted'} required`
-      )
+    if (!(await checkUserHasRole(scenario.roleId, domain, user))) {
+      throw new Error(`Unauthorized! ${scenario.name} doesn't have required role.`)
     }
     /* create a scenario instance */

package/server/service/scenario/scenario-query.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 import { Arg, Args, Ctx, Directive, FieldResolver, Query, Resolver, Root } from 'type-graphql'
 import { Not, IsNull } from 'typeorm'
-import { User } from '@things-factory/auth-base'
+import { User, Role } from '@things-factory/auth-base'
 import { Domain, getQueryBuilderFromListParams, getRepository, ListParam } from '@things-factory/shell'
 import { ScenarioEngine } from '../../engine'
@@ -101,4 +101,9 @@ export class ScenarioQuery {
     return ScenarioEngine.getScenarioInstances(domain, scenario.name)
   }
+  @FieldResolver(type => Role)
+  async role(@Root() scenario: Scenario) {
+    return scenario.roleId && (await getRepository(Role).findOneBy({ id: scenario.roleId }))
+  }
 }

package/server/service/scenario/scenario-type.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 import { Field, ID, InputType, Int, ObjectType } from 'type-graphql'
-import { PrivilegeInput } from '@things-factory/auth-base'
+import { ObjectRef } from '@things-factory/shell'
 import { Scenario } from './scenario'
 import { StepPatch } from '../step/step-type'
@@ -28,8 +28,8 @@ export class NewScenario {
   @Field({ nullable: true })
   active?: boolean
-  @Field({ nullable: true })
-  privilege?: PrivilegeInput
+  @Field(type => ObjectRef, { nullable: true })
+  role?: ObjectRef
 }
 @InputType()
@@ -61,8 +61,8 @@ export class ScenarioPatch {
   @Field(type => [StepPatch], { nullable: true })
   steps?: StepPatch[]
-  @Field({ nullable: true })
-  privilege?: PrivilegeInput
+  @Field(type => ObjectRef, { nullable: true })
+  role?: ObjectRef
   @Field({ nullable: true })
   cuFlag?: string

package/server/service/scenario/scenario.ts CHANGED Viewed

@@ -11,7 +11,7 @@ import {
   UpdateDateColumn
 } from 'typeorm'
-import { PrivilegeObject, PrivilegeInput, User } from '@things-factory/auth-base'
+import { PrivilegeObject, Role, User } from '@things-factory/auth-base'
 import { Domain } from '@things-factory/shell'
 import { ScenarioEngine } from '../../engine'
@@ -76,6 +76,13 @@ export class Scenario {
   @Field(type => PrivilegeObject, { nullable: true })
   privilege?: PrivilegeObject
+  @ManyToOne(type => Role)
+  @Field(type => Role, { nullable: true })
+  role?: Role
+  @RelationId((scenario: Scenario) => scenario.role)
+  roleId?: string
   @CreateDateColumn()
   @Field({ nullable: true })
   createdAt?: Date
@@ -98,28 +105,17 @@ export class Scenario {
   @RelationId((scenario: Scenario) => scenario.updater)
   updaterId?: string
-  async start(options?: {
-    instanceName?: string;
-    domain?: Domain;
-    user?: User;
-    variables?: any;
-  }) {
+  async start(options?: { instanceName?: string; domain?: Domain; user?: User; variables?: any }) {
     try {
-      await ScenarioEngine.load(options?.instanceName || this.name,
-        this,
-        {
-          domain: options?.domain || this.domain,
-          user: options?.user || this.updater,
-          variables: options?.variables
-        })
+      await ScenarioEngine.load(options?.instanceName || this.name, this, {
+        domain: options?.domain || this.domain,
+        user: options?.user || this.updater,
+        variables: options?.variables
+      })
     } catch (ex) {}
   }
-  async stop(options?: {
-    instanceName?: string;
-    domain?: Domain,
-    user?: User
-  }) {
+  async stop(options?: { instanceName?: string; domain?: Domain; user?: User }) {
     try {
       await ScenarioEngine.unload(options?.domain || this.domain, options?.instanceName || this.name)
     } finally {

package/translations/en.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "error.scenario not found": "scenario '{scenario}' not found.",
   "error.scenario run error": "an error occurred while processing the '{scenario}' request. please contact the administrator.",
-  "error.scenario run unauthorized": "you do not have permission to run the {scenario} scenario. please contact the administrator.",
+  "error.scenario run unauthorized": "you do not have permission to run the '{scenario}' scenario. please contact the administrator.",
   "error.schedule is not set": "schedule should be set for the scenario '{scenario}' in order to register as a schedule",
   "error.timezone is not set": "timezone should be set for the scenario '{scenario}' in order to register as a schedule",
   "error.scenario instance not found": "scenario instance '{instance}' not found.",

package/translations/ja.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "error.scenario not found": "シナリオ'{scenario}'が見つかりません.",
   "error.scenario run error": "シナリオ '{scenario}' のリクエストを処理中にエラーが発生しました。管理者に連絡してください。",
-  "error.scenario run unauthorized": "シナリオ {scenario} を実行する権限がありません。管理者に連絡してください。",
+  "error.scenario run unauthorized": "シナリオ '{scenario}' を実行する権限がありません。管理者に連絡してください。",
   "error.schedule is not set": "スケジュールとして登録するためにはシナリオ'{scenario}'にスケジュール情報が設定される必要があります.",
   "error.timezone is not set": "スケジュールとして登録するためにはシナリオ'{scenario}'にタイム ゾーン情報が設定される必要があります.",
   "error.scenario instance not found": "シナリオ インスタンス'{instance}'が見つかりません. 既に終了している可能性があります.",

package/translations/ko.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "error.scenario not found": "시나리오 '{scenario}'를 찾을 수 없습니다.",
   "error.scenario run error": "시나리오 '{scenario}' 요청을 처리하는 중 오류가 발생했습니다. 관리자에게 문의하십시오.",
-  "error.scenario run unauthorized": "시나리오 {scenario}를 실행할 권한이 없습니다. 관리자에게 문의하십히오.",
+  "error.scenario run unauthorized": "시나리오 '{scenario}'를 실행할 권한이 없습니다. 관리자에게 문의하십히오.",
   "error.schedule is not set": "스케쥴로 등록하기 위해서는 시나리오 '{scenario}'에 스케쥴 정보가 설정되어야 합니다.",
   "error.timezone is not set": "스케쥴로 등록하기 위해서는 시나리오 '{scenario}'에 타임존 정보가 설정되어야 합니다.",
   "error.scenario instance not found": "시나리오 인스턴스 '{instance}'를 찾을 수 없습니다. 이미 종료되었을 수 있습니다.",

package/translations/ms.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "error.scenario not found": "Tidak dapat mencari senario '{scenario}'.",
   "error.scenario run error": "Ralat berlaku semasa memproses permintaan senario '{scenario}'. Sila hubungi pentadbir.",
-  "error.scenario run unauthorized": "Anda tidak mempunyai kebenaran untuk menjalankan senario {scenario}. Sila hubungi pentadbir.",
+  "error.scenario run unauthorized": "Anda tidak mempunyai kebenaran untuk menjalankan senario '{scenario}'. Sila hubungi pentadbir.",
   "error.schedule is not set": "Untuk mendaftarkan sebagai jadual, maklumat jadual mesti diset dalam senario '{scenario}'.",
   "error.timezone is not set": "Untuk mendaftarkan sebagai jadual, maklumat zon masa mesti diset dalam senario '{scenario}'.",
   "error.scenario instance not found": "Tidak dapat mencari instans senario '{instance}'. Mungkin telah berakhir.",

package/translations/zh.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "error.scenario not found": "无法找到场景 '{scenario}'。",
   "error.scenario run error": "处理场景 '{scenario}' 请求时发生错误。请联系管理员。",
-  "error.scenario run unauthorized": "没有执行场景 {scenario} 的权限。请联系管理员。",
+  "error.scenario run unauthorized": "没有执行场景 '{scenario}' 的权限。请联系管理员。",
   "error.schedule is not set": "要注册为计划，场景 '{scenario}' 需要设置计划信息。",
   "error.timezone is not set": "要注册为计划，场景 '{scenario}' 需要设置时区信息。",
   "error.scenario instance not found": "无法找到场景实例 '{instance}'。它可能已经结束。",