@tiledesk/tiledesk-server 2.17.3 → 2.18.1

package/CHANGELOG.md

@@ -5,6 +5,13 @@
 🚀        IN PRODUCTION                        🚀
 (https://www.npmjs.com/package/@tiledesk/tiledesk-server/v/2.3.77) 
 
+# 2.18.1
+- Added permissions logic
+- Added custom roles support
+
+# 2.17.4
+- Refactor error handling and code structure in webhook.js
+
 # 2.17.3
 - Added missing import path on kb route
 

package/app.js

@@ -149,6 +149,7 @@ var property = require('./routes/property');
 var segment = require('./routes/segment');
 var webhook = require('./routes/webhook');
 var webhooks = require('./routes/webhooks');
+var roles = require('./routes/roles');
 var copilot = require('./routes/copilot');
 var mcp = require('./routes/mcp');
 
@@ -648,6 +649,7 @@ app.use('/:projectid/logs', [passport.authenticate(['basic', 'jwt'], { session:
 
 app.use('/:projectid/webhooks', [passport.authenticate(['basic', 'jwt'], { session: false }), validtoken, roleChecker.hasRole('admin')], webhooks);
 app.use('/:projectid/copilot', [passport.authenticate(['basic', 'jwt'], { session: false }), validtoken, roleChecker.hasRole('agent')], copilot);
+app.use('/:projectid/roles', [passport.authenticate(['basic', 'jwt'], { session: false }), validtoken, roleChecker.hasRole('agent')], roles);
 
 app.use('/:projectid/files', filesp);
 

package/archive.sh

@@ -0,0 +1,92 @@
+#!/bin/bash
+
+# ================================
+# Script interattivo per archiviare branch
+# ================================
+# Usage: ./archive-branch.sh [mode]
+# mode: tag (default) | rename
+# ================================
+
+REMOTE="tiledesk-server"
+MODE="${1:-tag}"   # default mode = tag
+
+PROTECTED_BRANCHES=("master" "master-PRE" "master-COLLAUDO" "master-STAGE")
+
+# Funzione per scegliere un branch valido
+get_branch_to_archive() {
+  local branch="$1"
+
+  while true; do
+    # Se branch protetto, avvisa
+    if [[ " ${PROTECTED_BRANCHES[@]} " =~ " ${branch} " ]]; then
+      echo "❌ Il branch '$branch' è protetto e non può essere archiviato."
+    fi
+
+    # Controlla che il branch locale esista
+    if git show-ref --verify --quiet refs/heads/"$branch"; then
+      break  # branch valido trovato
+    fi
+
+    # Richiedi input all’utente
+    read -p "Inserisci un branch locale valido da archiviare (oppure 'quit' per annullare): " branch
+    if [[ "$branch" == "quit" || "$branch" == "q" ]]; then
+      echo "Operazione annullata."
+      exit 0
+    fi
+  done
+
+  echo "$branch"
+}
+
+# Branch corrente
+CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD)
+
+# Se branch corrente non è protetto, chiedi conferma
+if [[ ! " ${PROTECTED_BRANCHES[@]} " =~ " ${CURRENT_BRANCH} " ]]; then
+  echo "⚡ Branch corrente: $CURRENT_BRANCH"
+  read -p "Vuoi archiviare questo branch? (y/n): " CONFIRM
+  if [[ "$CONFIRM" != "y" ]]; then
+    read -p "Inserisci il branch da archiviare (oppure 'quit' per annullare): " USER_BRANCH
+    if [[ "$USER_BRANCH" == "quit" || "$USER_BRANCH" == "q" ]]; then
+      echo "Operazione annullata."
+      exit 0
+    fi
+    CURRENT_BRANCH=$(get_branch_to_archive "$USER_BRANCH")
+  fi
+else
+  # Branch corrente è protetto, chiedi un branch alternativo
+  CURRENT_BRANCH=$(get_branch_to_archive "$CURRENT_BRANCH")
+fi
+
+# Operazione di archiviazione
+if [ "$MODE" == "tag" ]; then
+  ARCHIVE_TAG="archive/$(echo $CURRENT_BRANCH | tr '/' '-')"
+  echo "Creando tag di archivio: $ARCHIVE_TAG"
+  git tag "$ARCHIVE_TAG" "$CURRENT_BRANCH"
+  git push "$REMOTE" "$ARCHIVE_TAG"
+
+  echo "Eliminando branch remoto $CURRENT_BRANCH"
+  git push "$REMOTE" --delete "$CURRENT_BRANCH"
+
+  echo "Eliminando branch locale $CURRENT_BRANCH"
+  git branch -d "$CURRENT_BRANCH"
+
+  echo "✅ Branch '$CURRENT_BRANCH' archiviato con tag '$ARCHIVE_TAG'"
+
+elif [ "$MODE" == "rename" ]; then
+  ARCHIVE_BRANCH="archive/$CURRENT_BRANCH"
+  echo "Rinomino branch locale in: $ARCHIVE_BRANCH"
+  git branch -m "$CURRENT_BRANCH" "$ARCHIVE_BRANCH"
+
+  echo "Pusho nuovo branch su remote $REMOTE"
+  git push "$REMOTE" "$ARCHIVE_BRANCH"
+
+  echo "Eliminando branch remoto vecchio $CURRENT_BRANCH"
+  git push "$REMOTE" --delete "$CURRENT_BRANCH"
+
+  echo "✅ Branch '$CURRENT_BRANCH' archiviato come '$ARCHIVE_BRANCH'"
+
+else
+  echo "❌ Modalità non valida. Usa 'tag' o 'rename'."
+  exit 1
+fi

package/channels/chat21/chat21WebHook.js

@@ -307,7 +307,12 @@ router.post('/', function (req, res) {
                 // TODO se stato = 50 e scrive visitatotre sposto a stato 100 poi queuue lo smista
 
                 // TOOD update also request attributes and sourcePage
-                
+                if (message.sender !== 'system') {
+                  Request.findOneAndUpdate({request_id: request.request_id, id_project: request.id_project}, { "attributes.last_message": savedMessage}).catch((err) => {
+                    winston.error("Create message - saving last message in request error: ", err);
+                  })
+                }
+
                     // return requestService.incrementMessagesCountByRequestId(request.request_id, request.id_project).then(function(savedRequest) {
                       // winston.debug("savedRequest.participants.indexOf(message.sender)", savedRequest.participants.indexOf(message.sender));
                       winston.debug("before updateWaitingTimeByRequestId*******",request.participants, message.sender);

package/event/authEvent.js

@@ -1,4 +1,5 @@
 const EventEmitter = require('events');
+var RoleConstants = require("../models/roleConstants");
 
 class AuthEvent extends EventEmitter {
     constructor() {
@@ -9,6 +10,21 @@ class AuthEvent extends EventEmitter {
 
 const authEvent = new AuthEvent();
 
+ var projectuserUpdateKey = 'project_user.update';
+if (process.env.QUEUE_ENABLED === "true") {
+  projectuserUpdateKey = 'project_user.update.queue';
+}
+
+authEvent.on(projectuserUpdateKey,  function(event) { 
+      if (event.updatedProject_userPopulated) {
+        var pu = event.updatedProject_userPopulated;
+        if (pu.roleType === RoleConstants.TYPE_AGENTS) {          
+          authEvent.emit("project_user.update.agent", event);
+        } else {
+          authEvent.emit("project_user.update.user", event);
+        }
+      }
+});
 
 //listen for sigin and signup event
 

package/event/projectUserEvent.js

@@ -0,0 +1,39 @@
+const EventEmitter = require('events');
+const winston = require('../config/winston');
+const Group = require("../models/group");
+
+class ProjectUserEvent extends EventEmitter {
+    constructor() {
+        super();
+        this.registerListeners();
+    }
+
+    registerListeners() {
+
+        this.on('project_user.deleted', async (pu) => {
+
+            try {
+                winston.debug('[project_user.deleted] Event catched:', pu);
+    
+                const id_project = pu.id_project;
+                let id_user = pu.id_user.toString();
+                if (typeof id_user === 'object' && id_user._id) {
+                    id_user = id_user._id.toString();
+                }
+    
+                const result = await Group.updateMany({ id_project: id_project }, { $pull: { members: id_user }});
+                winston.verbose(`Event project_user.deleted: User ${id_user} removed from ${result?.nModified} groups.`)
+
+            } catch (err) {
+                winston.verbose(`Event project_user.deleted: Error removing user ${id_user} from groups: `, err);
+            }
+
+        });
+
+    }
+}
+
+// Istanza singleton
+const puEvent = new ProjectUserEvent();
+
+module.exports = puEvent;

package/event/roleEvent.js

@@ -0,0 +1,9 @@
+const EventEmitter = require('events');
+
+class RoleEvent extends EventEmitter {}
+
+const roleEvent = new RoleEvent();
+
+
+
+module.exports = roleEvent;

package/middleware/has-role.js

@@ -1,18 +1,16 @@
-var Project_user = require("../models/project_user");
 var Faq_kb = require("../models/faq_kb");
 var Subscription = require("../models/subscription");
 var winston = require('../config/winston');
 
-var cacheUtil = require('../utils/cacheUtil');
-var cacheEnabler = require("../services/cacheEnabler");
-
+var projectUserService = require("../services/projectUserService");
 class RoleChecker {
     
 
     
     constructor() {
+      winston.debug("RoleChecker");
 
-        this.ROLES =  {
+      this.ROLES =  {
             "guest":        ["guest"],
             "user":         ["guest","user"],
             "teammate":     ["guest","user","teammate"],
@@ -20,7 +18,7 @@ class RoleChecker {
             "supervisor":   ["guest","user","teammate","agent","supervisor"],
             "admin":        ["guest","user","teammate","agent", "supervisor", "admin"],
             "owner":        ["guest","user","teammate","agent", "supervisor", "admin", "owner"],
-        }
+      }
     }
       
     isType(type) {        
@@ -87,18 +85,90 @@ class RoleChecker {
       }    
         
   
+      hasPermission(permission) {
+        var that = this;
+        return async(req, res, next) => {
+          if (!req.params.projectid && !req.projectid) {
+            return res.status(400).send({success: false, msg: 'req.params.projectid is not defined.'});
+          }
+
+          let projectid = req.params.projectid || req.projectid;
+
+          var project_user = req.projectuser;
+          winston.debug("hasPermission project_user hasPermission", project_user);
+
+          if (!project_user) {
+
+            try {
+              project_user = await projectUserService.getWithPermissions(req.user._id, projectid, req.user.sub);            
+            } catch(err) {
+              winston.error("Error getting project_user for hasrole",err);
+              return next(err);
+            }
+            winston.debug("project_user: ", JSON.stringify(project_user));
+          }     
+
+          if (project_user) {
+            
+            req.projectuser = project_user;
+            winston.debug("hasPermission req.projectuser", req.projectuser);
+
+            var permissions = project_user._doc.rolePermissions;
+           
+            winston.debug("hasPermission permissions", permissions);
+  
+            winston.debug("hasPermission permission: "+ permission);
+
+            if (permission==undefined) {
+                winston.debug("permission is empty go next");
+                return next();
+            }
+
+            if (permissions!=undefined && permissions.length>0) {
+              if (permissions.includes(permission)) {
+                next();
+              }else {                         
+                res.status(403).send({success: false, msg: 'you dont have the required permission.'});                
+              }
+            } else { 
+              res.status(403).send({success: false, msg: 'you dont have the required permission. Is is empty'});                       
+            }
+          } else {
+          
+            /**
+            * Updated by Johnny - 29mar2024 - START
+            */
+            // console.log("req.user: ", req.user);
+            if (req.user.email === process.env.ADMIN_EMAIL) {
+              req.user.attributes = { isSuperadmin: true };
+              next();
+            } else {
+              res.status(403).send({success: false, msg: 'you dont belong to the project.'});
+            }
+            /**
+            * Updated by Johnny - 29mar2024 - END
+            */
+          
+          }
+       
+       
+         
+          
+        }
+      }
       
 
       hasRole(role) {
         return this.hasRoleOrTypes(role);
       }
 
-       hasRoleOrTypes(role, types) {
-           
+       hasRoleOrTypes(role, types, permission) {
+        // console.log("hasRoleOrTypes",role,types);
+
         var that = this;
 
         // winston.debug("HasRole");
-        return function(req, res, next) {
+        return async(req, res, next) => {
           
           // winston.debug("req.originalUrl" + req.originalUrl);
           // winston.debug("req.params" + JSON.stringify(req.params));
@@ -111,7 +181,7 @@ class RoleChecker {
 
           let projectid = req.params.projectid || req.projectid;
 
-        //  winston.info("req.user._id: " + req.user._id);
+          //  winston.info("req.user._id: " + req.user._id);
 
           // winston.info("req.projectuser: " + req.projectuser);
           //winston.debug("req.user", req.user);
@@ -135,138 +205,107 @@ class RoleChecker {
           //   res.status(403).send({success: false, msg: 'req.user._id not defined.'});
           // }
           winston.debug("hasRoleOrType req.user._id " +req.user._id);
-          // project_user_qui_importante
-
-          // JWT_HERE
-          var query = { id_project: projectid, id_user: req.user._id, status: "active"};
-          let cache_key = projectid+":project_users:iduser:"+req.user._id
-
-          if (req.user.sub && (req.user.sub=="userexternal" || req.user.sub=="guest")) {
-            query = { id_project: projectid, uuid_user: req.user._id, status: "active"};
-            cache_key = projectid+":project_users:uuid_user:"+req.user._id
+          // project_user_qui_importante         
+
+          var project_user = req.projectuser;
+          winston.debug("hasRoleOrTypes project_user hasRoleOrTypes", project_user);
+
+          if (!project_user) {
+            winston.debug("load project_user");
+            try {
+              project_user = await projectUserService.getWithPermissions(req.user._id, projectid, req.user.sub);            
+            } catch(err) {
+              winston.error("Error getting project_user for hasrole",err);
+              return next(err);
+            }
+                    
+            winston.debug("project_user: ", JSON.stringify(project_user));
+            
           }
-          winston.debug("hasRoleOrType query " + JSON.stringify(query));
 
-          let q = Project_user.findOne(query);
-          if (cacheEnabler.project_user) { 
-            q.cache(cacheUtil.defaultTTL, cache_key);
-            winston.debug("cacheEnabler.project_user enabled");
+          if (project_user) {
+            
+            req.projectuser = project_user;
+            winston.debug("hasRoleOrTypes req.projectuser", req.projectuser.toJSON());
 
-          }
-            q.exec(function (err, project_user) {
-              if (err) {
-                winston.error("Error on Request path: " + req.originalUrl);
-                winston.error("Error getting project_user for hasrole",err);
-                return next(err);
-              }
-              winston.debug("project_user: ", JSON.stringify(project_user));
-              
-              
-      
-              if (project_user) {
-                
-                req.projectuser = project_user;
-                winston.debug("req.projectuser", req.projectuser);
+            var userRole = project_user.role;
+            winston.debug("userRole", userRole);
 
-                var userRole = project_user.role;
-                winston.debug("userRole", userRole);
-      
-                if (!role) {
-                  next();
-                }else {
-      
-                  var hierarchicalRoles = that.ROLES[userRole];
-                  winston.debug("hierarchicalRoles", hierarchicalRoles);
-      
-                  if ( hierarchicalRoles && hierarchicalRoles.includes(role)) {
-                    next();
-                  }else {
-                    res.status(403).send({success: false, msg: 'you dont have the required role.'});
-                  }
-                }
-              } else {
-              
-                /**
-                 * Updated by Johnny - 29mar2024 - START
-                 */
-                // console.log("req.user: ", req.user);
-                if (req.user.email === process.env.ADMIN_EMAIL) {
-                  req.user.attributes = { isSuperadmin: true };
+  
+            if (!role) { //????
+              next();
+            }else {
+  
+              var hierarchicalRoles = that.ROLES[userRole];
+              winston.debug("hierarchicalRoles", hierarchicalRoles);
+  
+              if ( hierarchicalRoles ) {  //standard role
+                winston.debug("standard role: "+ userRole);
+                if (hierarchicalRoles.includes(role)) {
                   next();
                 } else {
-                  res.status(403).send({success: false, msg: 'you dont belong to the project.'});
+                  res.status(403).send({success: false, msg: 'you dont have the required role.'});
                 }
-                /**
-                 * Updated by Johnny - 29mar2024 - END
-                 */
+              } else { //custom role
+                
+                winston.debug("custom role: "+ userRole);
+                return that.hasPermission(permission)(req, res, next);
 
-                // if (req.user) equals super admin next()
-                //res.status(403).send({success: false, msg: 'you dont belong to the project.'});
-              }
-      
-          });
-      
-        }
-        
-      }
+                // if (permission==undefined) {
+                //   winston.debug("permission is empty go next");
+                //   return next();
+                // }
 
-// unused
-      hasRoleAsPromise(role, user_id, projectid) {
+                // // invece di questo codice richiama hasPermission()
+                // var permissions = project_user._doc.rolePermissions;
            
-        var that = this;
+                // winston.debug("hasPermission permissions", permissions);
+      
+                // winston.debug("hasPermission permission: "+ permission);               
 
-        return new Promise(function (resolve, reject) {              
-          // project_user_qui_importante
+                // if (permissions!=undefined && permissions.length>0) {
+                //   if (permissions.includes(permission)) {
+                //     next();
+                //   }else {                         
+                //     res.status(403).send({success: false, msg: 'you dont have the required permission.'});                
+                //   }
+                // } else { 
+                //   res.status(403).send({success: false, msg: 'you dont have the required permission. Is is empty'});                       
+                // }
 
-           // JWT_HERE
-          var query = { id_project: req.params.projectid, id_user: req.user._id, status: "active"};
-          if (req.user.sub && (req.user.sub=="userexternal" || req.user.sub=="guest")) {
-            query = { id_project: req.params.projectid, uuid_user: req.user._id};
-          }
 
-          Project_user.find(query).
-            exec(function (err, project_users) {
-              if (err) {
-                winston.error(err);
-                return reject(err);
               }
-
-      
-              if (project_users && project_users.length>0) {
                 
-                var project_user= project_users[0];
+            }
+          
+          } else {
+          
+            /**
+             * Updated by Johnny - 29mar2024 - START
+             */
+            // console.log("req.user: ", req.user);
+            if (req.user.email === process.env.ADMIN_EMAIL) {
+              req.user.attributes = { isSuperadmin: true };
+              next();
+            } else {
+              res.status(403).send({success: false, msg: 'you dont belong to the project.'});
+            }
+            /**
+             * Updated by Johnny - 29mar2024 - END
+             */
 
-                var userRole = project_user.role;
-                // winston.debug("userRole", userRole);
-      
-                if (!role) {
-                  resolve(project_user);
-                }else {
-      
-                  var hierarchicalRoles = that.ROLES[userRole];
-                  // winston.debug("hierarchicalRoles", hierarchicalRoles);
-      
-                  if ( hierarchicalRoles.includes(role)) {
-                    resolve(project_user);
-                  }else {
-                    reject({success: false, msg: 'you dont have the required role.'});
-                  }
-                }
-              } else {
-              
-                // if (req.user) equals super admin next()
-                reject({success: false, msg: 'you dont belong to the project.'});
-              }
-      
-          });
+            // if (req.user) equals super admin next()
+            //res.status(403).send({success: false, msg: 'you dont belong to the project.'});
+          }
       
-        });
       
-    }
-
+        }
+      }
+        
 }
 
 
+
 var roleChecker = new RoleChecker();
 module.exports = roleChecker;