@trailmix-cms/cms 0.4.4 → 0.7.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth.guard.d.ts +5 -13
- package/dist/auth.guard.d.ts.map +1 -1
- package/dist/auth.guard.js +24 -95
- package/dist/auth.guard.js.map +1 -1
- package/dist/collections/account.collection.d.ts +5 -3
- package/dist/collections/account.collection.d.ts.map +1 -1
- package/dist/collections/account.collection.js +15 -8
- package/dist/collections/account.collection.js.map +1 -1
- package/dist/collections/api-key.collection.d.ts +54 -0
- package/dist/collections/api-key.collection.d.ts.map +1 -0
- package/dist/collections/api-key.collection.js +142 -0
- package/dist/collections/api-key.collection.js.map +1 -0
- package/dist/collections/index.d.ts +4 -2
- package/dist/collections/index.d.ts.map +1 -1
- package/dist/collections/index.js +9 -5
- package/dist/collections/index.js.map +1 -1
- package/dist/collections/organization.collection.d.ts +20 -0
- package/dist/collections/organization.collection.d.ts.map +1 -0
- package/dist/collections/{file.collection.js → organization.collection.js} +17 -17
- package/dist/collections/organization.collection.js.map +1 -0
- package/dist/collections/role.collection.d.ts +32 -0
- package/dist/collections/role.collection.d.ts.map +1 -0
- package/dist/collections/role.collection.js +90 -0
- package/dist/collections/role.collection.js.map +1 -0
- package/dist/collections/security-audit.collection.d.ts +30 -0
- package/dist/collections/security-audit.collection.d.ts.map +1 -0
- package/dist/collections/security-audit.collection.js +79 -0
- package/dist/collections/security-audit.collection.js.map +1 -0
- package/dist/constants/cms-collection-names.d.ts +4 -2
- package/dist/constants/cms-collection-names.d.ts.map +1 -1
- package/dist/constants/cms-collection-names.js +4 -2
- package/dist/constants/cms-collection-names.js.map +1 -1
- package/dist/constants/provider-symbols.d.ts +10 -12
- package/dist/constants/provider-symbols.d.ts.map +1 -1
- package/dist/constants/provider-symbols.js +10 -12
- package/dist/constants/provider-symbols.js.map +1 -1
- package/dist/controllers/account.controller.d.ts +11 -15
- package/dist/controllers/account.controller.d.ts.map +1 -1
- package/dist/controllers/account.controller.js +69 -13
- package/dist/controllers/account.controller.js.map +1 -1
- package/dist/controllers/api-keys.controller.d.ts +13 -0
- package/dist/controllers/api-keys.controller.d.ts.map +1 -0
- package/dist/controllers/api-keys.controller.js +125 -0
- package/dist/controllers/api-keys.controller.js.map +1 -0
- package/dist/controllers/audit.controller.d.ts.map +1 -1
- package/dist/controllers/audit.controller.js +3 -3
- package/dist/controllers/audit.controller.js.map +1 -1
- package/dist/controllers/audits.controller.d.ts +10 -0
- package/dist/controllers/audits.controller.d.ts.map +1 -0
- package/dist/controllers/audits.controller.js +107 -0
- package/dist/controllers/audits.controller.js.map +1 -0
- package/dist/controllers/global-roles.controller.d.ts +16 -0
- package/dist/controllers/global-roles.controller.d.ts.map +1 -0
- package/dist/controllers/global-roles.controller.js +137 -0
- package/dist/controllers/global-roles.controller.js.map +1 -0
- package/dist/controllers/index.d.ts +6 -1
- package/dist/controllers/index.d.ts.map +1 -1
- package/dist/controllers/index.js +6 -1
- package/dist/controllers/index.js.map +1 -1
- package/dist/controllers/organization-roles.controller.d.ts +16 -0
- package/dist/controllers/organization-roles.controller.d.ts.map +1 -0
- package/dist/controllers/organization-roles.controller.js +145 -0
- package/dist/controllers/organization-roles.controller.js.map +1 -0
- package/dist/controllers/organizations.controller.d.ts +65 -0
- package/dist/controllers/organizations.controller.d.ts.map +1 -0
- package/dist/controllers/organizations.controller.js +140 -0
- package/dist/controllers/organizations.controller.js.map +1 -0
- package/dist/controllers/security-audits.controller.d.ts +11 -0
- package/dist/controllers/security-audits.controller.d.ts.map +1 -0
- package/dist/controllers/security-audits.controller.js +130 -0
- package/dist/controllers/security-audits.controller.js.map +1 -0
- package/dist/decorators/account.decorator.d.ts +1 -3
- package/dist/decorators/account.decorator.d.ts.map +1 -1
- package/dist/decorators/account.decorator.js +3 -10
- package/dist/decorators/account.decorator.js.map +1 -1
- package/dist/decorators/audit-context.decorator.d.ts +6 -0
- package/dist/decorators/audit-context.decorator.d.ts.map +1 -1
- package/dist/decorators/audit-context.decorator.js +12 -3
- package/dist/decorators/audit-context.decorator.js.map +1 -1
- package/dist/decorators/auth.decorator.d.ts +7 -6
- package/dist/decorators/auth.decorator.d.ts.map +1 -1
- package/dist/decorators/auth.decorator.js +38 -5
- package/dist/decorators/auth.decorator.js.map +1 -1
- package/dist/decorators/index.d.ts +4 -0
- package/dist/decorators/index.d.ts.map +1 -0
- package/dist/decorators/index.js +20 -0
- package/dist/decorators/index.js.map +1 -0
- package/dist/dto/account.dto.d.ts +33 -0
- package/dist/dto/account.dto.d.ts.map +1 -0
- package/dist/dto/account.dto.js +14 -0
- package/dist/dto/account.dto.js.map +1 -0
- package/dist/dto/api-key.dto.d.ts +89 -0
- package/dist/dto/api-key.dto.d.ts.map +1 -0
- package/dist/dto/api-key.dto.js +27 -0
- package/dist/dto/api-key.dto.js.map +1 -0
- package/dist/dto/audit.dto.d.ts +11 -5
- package/dist/dto/audit.dto.d.ts.map +1 -1
- package/dist/dto/audit.dto.js +1 -1
- package/dist/dto/audit.dto.js.map +1 -1
- package/dist/dto/global-role.dto.d.ts +99 -0
- package/dist/dto/global-role.dto.d.ts.map +1 -0
- package/dist/dto/global-role.dto.js +26 -0
- package/dist/dto/global-role.dto.js.map +1 -0
- package/dist/dto/organization-role.dto.d.ts +107 -0
- package/dist/dto/organization-role.dto.d.ts.map +1 -0
- package/dist/dto/organization-role.dto.js +26 -0
- package/dist/dto/organization-role.dto.js.map +1 -0
- package/dist/dto/organization.dto.d.ts +57 -0
- package/dist/dto/organization.dto.d.ts.map +1 -0
- package/dist/dto/organization.dto.js +32 -0
- package/dist/dto/organization.dto.js.map +1 -0
- package/dist/dto/security-audit.dto.d.ts +95 -0
- package/dist/dto/security-audit.dto.d.ts.map +1 -0
- package/dist/dto/security-audit.dto.js +26 -0
- package/dist/dto/security-audit.dto.js.map +1 -0
- package/dist/index.d.ts +7 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +8 -3
- package/dist/index.js.map +1 -1
- package/dist/managers/global-role.manager.d.ts +42 -0
- package/dist/managers/global-role.manager.d.ts.map +1 -0
- package/dist/managers/global-role.manager.js +117 -0
- package/dist/managers/global-role.manager.js.map +1 -0
- package/dist/managers/index.d.ts +4 -0
- package/dist/managers/index.d.ts.map +1 -0
- package/dist/managers/index.js +20 -0
- package/dist/managers/index.js.map +1 -0
- package/dist/managers/organization-role.manager.d.ts +47 -0
- package/dist/managers/organization-role.manager.d.ts.map +1 -0
- package/dist/managers/organization-role.manager.js +218 -0
- package/dist/managers/organization-role.manager.js.map +1 -0
- package/dist/managers/organization.manager.d.ts +39 -0
- package/dist/managers/organization.manager.d.ts.map +1 -0
- package/dist/managers/organization.manager.js +196 -0
- package/dist/managers/organization.manager.js.map +1 -0
- package/dist/module.d.ts +92 -0
- package/dist/module.d.ts.map +1 -0
- package/dist/module.js +137 -0
- package/dist/module.js.map +1 -0
- package/dist/pipes/api-key.pipe.d.ts +8 -0
- package/dist/pipes/api-key.pipe.d.ts.map +1 -0
- package/dist/pipes/api-key.pipe.js +28 -0
- package/dist/pipes/api-key.pipe.js.map +1 -0
- package/dist/pipes/organization.pipe.d.ts +8 -0
- package/dist/pipes/organization.pipe.d.ts.map +1 -0
- package/dist/pipes/organization.pipe.js +28 -0
- package/dist/pipes/organization.pipe.js.map +1 -0
- package/dist/pipes/role.pipe.d.ts +8 -0
- package/dist/pipes/{file.pipe.d.ts.map → role.pipe.d.ts.map} +1 -1
- package/dist/pipes/{file.pipe.js → role.pipe.js} +8 -8
- package/dist/pipes/{file.pipe.js.map → role.pipe.js.map} +1 -1
- package/dist/services/account.service.d.ts +0 -2
- package/dist/services/account.service.d.ts.map +1 -1
- package/dist/services/account.service.js +1 -37
- package/dist/services/account.service.js.map +1 -1
- package/dist/services/api-key.service.d.ts +42 -0
- package/dist/services/api-key.service.d.ts.map +1 -0
- package/dist/services/api-key.service.js +306 -0
- package/dist/services/api-key.service.js.map +1 -0
- package/dist/services/auth.service.d.ts +50 -0
- package/dist/services/auth.service.d.ts.map +1 -0
- package/dist/services/auth.service.js +259 -0
- package/dist/services/auth.service.js.map +1 -0
- package/dist/services/authorization.service.d.ts +44 -9
- package/dist/services/authorization.service.d.ts.map +1 -1
- package/dist/services/authorization.service.js +107 -41
- package/dist/services/authorization.service.js.map +1 -1
- package/dist/services/feature.service.d.ts +23 -0
- package/dist/services/feature.service.d.ts.map +1 -0
- package/dist/services/feature.service.js +49 -0
- package/dist/services/feature.service.js.map +1 -0
- package/dist/services/global-role.service.d.ts +17 -0
- package/dist/services/global-role.service.d.ts.map +1 -0
- package/dist/services/global-role.service.js +99 -0
- package/dist/services/global-role.service.js.map +1 -0
- package/dist/services/index.d.ts +9 -0
- package/dist/services/index.d.ts.map +1 -0
- package/dist/services/index.js +25 -0
- package/dist/services/index.js.map +1 -0
- package/dist/services/organization-role.service.d.ts +33 -0
- package/dist/services/organization-role.service.d.ts.map +1 -0
- package/dist/services/organization-role.service.js +102 -0
- package/dist/services/organization-role.service.js.map +1 -0
- package/dist/services/organization.service.d.ts +29 -0
- package/dist/services/organization.service.d.ts.map +1 -0
- package/dist/services/organization.service.js +95 -0
- package/dist/services/organization.service.js.map +1 -0
- package/dist/types/feature-config.d.ts +9 -0
- package/dist/types/feature-config.d.ts.map +1 -0
- package/dist/types/feature-config.js +3 -0
- package/dist/types/feature-config.js.map +1 -0
- package/dist/types/hooks/auth-guard-hook.d.ts.map +1 -0
- package/dist/types/hooks/auth-guard-hook.js.map +1 -0
- package/dist/types/hooks/index.d.ts +3 -0
- package/dist/types/hooks/index.d.ts.map +1 -0
- package/dist/types/hooks/index.js +19 -0
- package/dist/types/hooks/index.js.map +1 -0
- package/dist/types/hooks/organization-delete-hook.d.ts +20 -0
- package/dist/types/hooks/organization-delete-hook.d.ts.map +1 -0
- package/dist/types/hooks/organization-delete-hook.js +3 -0
- package/dist/types/hooks/organization-delete-hook.js.map +1 -0
- package/dist/types/index.d.ts +5 -0
- package/dist/types/index.d.ts.map +1 -0
- package/dist/types/index.js +21 -0
- package/dist/types/index.js.map +1 -0
- package/dist/types/request-principal.d.ts +9 -0
- package/dist/types/request-principal.d.ts.map +1 -0
- package/dist/types/request-principal.js +3 -0
- package/dist/types/request-principal.js.map +1 -0
- package/dist/utils/provider-helpers.d.ts +6 -1
- package/dist/utils/provider-helpers.d.ts.map +1 -1
- package/dist/utils/provider-helpers.js +11 -1
- package/dist/utils/provider-helpers.js.map +1 -1
- package/package.json +52 -17
- package/test/unit/auth.guard.spec.ts +355 -0
- package/test/unit/collections/api-key.collection.spec.ts +416 -0
- package/test/unit/managers/global-role.manager.spec.ts +269 -0
- package/test/unit/managers/organization-role.manager.spec.ts +632 -0
- package/test/unit/managers/organization.manager.spec.ts +395 -0
- package/test/unit/module.spec.ts +596 -0
- package/test/unit/services/account.service.spec.ts +90 -0
- package/test/unit/services/api-key.service.spec.ts +1244 -0
- package/test/unit/services/auth.service.spec.ts +1036 -0
- package/test/unit/services/authorization.service.spec.ts +636 -0
- package/test/unit/services/feature.service.spec.ts +56 -0
- package/test/unit/services/global-role.service.spec.ts +289 -0
- package/test/unit/services/organization-role.service.spec.ts +300 -0
- package/test/unit/services/organization.service.spec.ts +385 -0
- package/test/utils/auth-guard.ts +114 -0
- package/test/utils/base.ts +16 -0
- package/test/utils/entities/account.ts +13 -0
- package/test/utils/entities/api-key.ts +15 -0
- package/test/utils/entities/audit.ts +18 -0
- package/test/utils/entities/index.ts +6 -0
- package/test/utils/entities/mapping.ts +20 -0
- package/test/utils/entities/organization.ts +13 -0
- package/test/utils/entities/role.ts +21 -0
- package/test/utils/entities/security-audit.ts +16 -0
- package/test/utils/index.ts +4 -0
- package/test/utils/models/audit-context.ts +10 -0
- package/test/utils/models/authorization.ts +7 -0
- package/test/utils/models/global-role.ts +22 -0
- package/test/utils/models/index.ts +5 -0
- package/test/utils/models/organization-role.ts +23 -0
- package/test/utils/models/publishable.ts +7 -0
- package/tsconfig.build.json +36 -0
- package/tsconfig.build.tsbuildinfo +1 -0
- package/dist/auth-guard-hook.d.ts.map +0 -1
- package/dist/auth-guard-hook.js.map +0 -1
- package/dist/cms.module.d.ts +0 -8
- package/dist/cms.module.d.ts.map +0 -1
- package/dist/cms.module.js +0 -44
- package/dist/cms.module.js.map +0 -1
- package/dist/cms.providers.d.ts +0 -120
- package/dist/cms.providers.d.ts.map +0 -1
- package/dist/cms.providers.js +0 -126
- package/dist/cms.providers.js.map +0 -1
- package/dist/collections/file.collection.d.ts +0 -21
- package/dist/collections/file.collection.d.ts.map +0 -1
- package/dist/collections/file.collection.js.map +0 -1
- package/dist/collections/text.collection.d.ts +0 -20
- package/dist/collections/text.collection.d.ts.map +0 -1
- package/dist/collections/text.collection.js +0 -56
- package/dist/collections/text.collection.js.map +0 -1
- package/dist/pipes/file.pipe.d.ts +0 -8
- /package/dist/{auth-guard-hook.d.ts → types/hooks/auth-guard-hook.d.ts} +0 -0
- /package/dist/{auth-guard-hook.js → types/hooks/auth-guard-hook.js} +0 -0
|
@@ -1,14 +1,49 @@
|
|
|
1
|
+
import { ObjectId } from 'mongodb';
|
|
1
2
|
import * as models from '@trailmix-cms/models';
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
3
|
+
import { GlobalRoleService } from './global-role.service';
|
|
4
|
+
import { OrganizationRoleService } from './organization-role.service';
|
|
5
|
+
import { RequestPrincipal } from '../types';
|
|
6
|
+
import * as trailmixModels from '@trailmix-cms/models';
|
|
7
|
+
import { SecurityAuditCollection } from '../collections/security-audit.collection';
|
|
7
8
|
export declare class AuthorizationService {
|
|
9
|
+
private readonly globalRoleService;
|
|
10
|
+
private readonly organizationRoleService;
|
|
11
|
+
private readonly securityAuditCollection;
|
|
8
12
|
private readonly logger;
|
|
9
|
-
constructor();
|
|
10
|
-
|
|
11
|
-
|
|
13
|
+
constructor(globalRoleService: GlobalRoleService, organizationRoleService: OrganizationRoleService, securityAuditCollection: SecurityAuditCollection);
|
|
14
|
+
/**
|
|
15
|
+
* Check if a principal is a global admin
|
|
16
|
+
* @param principalId - The principal's ID
|
|
17
|
+
* @param principalType - The principal's type (Account or ApiKey)
|
|
18
|
+
* @returns True if the principal is a global admin, false otherwise
|
|
19
|
+
*/
|
|
20
|
+
isGlobalAdmin(principalId: ObjectId, principalType: models.Principal): Promise<boolean>;
|
|
21
|
+
resolveOrganizationAuthorization(params: {
|
|
22
|
+
principal: RequestPrincipal;
|
|
23
|
+
rolesAllowList: string[];
|
|
24
|
+
principalTypeAllowList: models.Principal[];
|
|
25
|
+
organizationId: ObjectId;
|
|
26
|
+
}): Promise<{
|
|
27
|
+
hasAccess: boolean;
|
|
28
|
+
isGlobalAdmin: boolean;
|
|
29
|
+
globalRoles: {
|
|
30
|
+
_id: ObjectId;
|
|
31
|
+
created_at: Date;
|
|
32
|
+
principal_id: ObjectId;
|
|
33
|
+
principal_type: "account" | "api_key";
|
|
34
|
+
role: string;
|
|
35
|
+
updated_at?: Date | undefined;
|
|
36
|
+
}[];
|
|
37
|
+
organizationRoles: {
|
|
38
|
+
_id: ObjectId;
|
|
39
|
+
created_at: Date;
|
|
40
|
+
principal_id: ObjectId;
|
|
41
|
+
principal_type: "account" | "api_key";
|
|
42
|
+
role: string;
|
|
43
|
+
organization_id: ObjectId;
|
|
44
|
+
updated_at?: Date | undefined;
|
|
45
|
+
}[];
|
|
46
|
+
}>;
|
|
47
|
+
authorizeApiKeyAccessForPrincipal(principal: RequestPrincipal, apiKeyScopeType: trailmixModels.ApiKeyScope, apiKeyScopeId?: ObjectId): Promise<boolean>;
|
|
12
48
|
}
|
|
13
|
-
export declare const AccountAuthorization: (...dataOrPipes: unknown[]) => ParameterDecorator;
|
|
14
49
|
//# sourceMappingURL=authorization.service.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization.service.d.ts","sourceRoot":"","sources":["../../src/services/authorization.service.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"authorization.service.d.ts","sourceRoot":"","sources":["../../src/services/authorization.service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACnC,OAAO,KAAK,MAAM,MAAM,sBAAsB,CAAC;AAC/C,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,uBAAuB,EAAE,MAAM,6BAA6B,CAAC;AACtE,OAAO,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAC5C,OAAO,KAAK,cAAc,MAAM,sBAAsB,CAAC;AACvD,OAAO,EAAE,uBAAuB,EAAE,MAAM,0CAA0C,CAAC;AAEnF,qBACa,oBAAoB;IAIzB,OAAO,CAAC,QAAQ,CAAC,iBAAiB;IAClC,OAAO,CAAC,QAAQ,CAAC,uBAAuB;IACxC,OAAO,CAAC,QAAQ,CAAC,uBAAuB;IAL5C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAyC;gBAG3C,iBAAiB,EAAE,iBAAiB,EACpC,uBAAuB,EAAE,uBAAuB,EAChD,uBAAuB,EAAE,uBAAuB;IAGrE;;;;;OAKG;IACG,aAAa,CAAC,WAAW,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,CAAC,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC;IAUvF,gCAAgC,CAAC,MAAM,EAAE;QAC3C,SAAS,EAAE,gBAAgB,CAAC;QAC5B,cAAc,EAAE,MAAM,EAAE,CAAC;QACzB,sBAAsB,EAAE,MAAM,CAAC,SAAS,EAAE,CAAC;QAC3C,cAAc,EAAE,QAAQ,CAAC;KAC5B;;;;;;;;;;;;;;;;;;;;;IA6BK,iCAAiC,CAAC,SAAS,EAAE,gBAAgB,EAAE,eAAe,EAAE,cAAc,CAAC,WAAW,EAAE,aAAa,CAAC,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;CA8DhK"}
|
|
@@ -43,59 +43,125 @@ var __metadata = (this && this.__metadata) || function (k, v) {
|
|
|
43
43
|
};
|
|
44
44
|
var AuthorizationService_1;
|
|
45
45
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
46
|
-
exports.
|
|
46
|
+
exports.AuthorizationService = void 0;
|
|
47
47
|
const common_1 = require("@nestjs/common");
|
|
48
48
|
const models = __importStar(require("@trailmix-cms/models"));
|
|
49
|
+
const global_role_service_1 = require("./global-role.service");
|
|
50
|
+
const organization_role_service_1 = require("./organization-role.service");
|
|
51
|
+
const trailmixModels = __importStar(require("@trailmix-cms/models"));
|
|
52
|
+
const security_audit_collection_1 = require("../collections/security-audit.collection");
|
|
49
53
|
let AuthorizationService = AuthorizationService_1 = class AuthorizationService {
|
|
54
|
+
globalRoleService;
|
|
55
|
+
organizationRoleService;
|
|
56
|
+
securityAuditCollection;
|
|
50
57
|
logger = new common_1.Logger(AuthorizationService_1.name);
|
|
51
|
-
constructor() {
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
// TODO: security audit
|
|
56
|
-
throw new common_1.NotFoundException('Entity not found');
|
|
57
|
-
}
|
|
58
|
-
return result;
|
|
58
|
+
constructor(globalRoleService, organizationRoleService, securityAuditCollection) {
|
|
59
|
+
this.globalRoleService = globalRoleService;
|
|
60
|
+
this.organizationRoleService = organizationRoleService;
|
|
61
|
+
this.securityAuditCollection = securityAuditCollection;
|
|
59
62
|
}
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
}
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
}
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
63
|
+
/**
|
|
64
|
+
* Check if a principal is a global admin
|
|
65
|
+
* @param principalId - The principal's ID
|
|
66
|
+
* @param principalType - The principal's type (Account or ApiKey)
|
|
67
|
+
* @returns True if the principal is a global admin, false otherwise
|
|
68
|
+
*/
|
|
69
|
+
async isGlobalAdmin(principalId, principalType) {
|
|
70
|
+
const globalRoles = await this.globalRoleService.findOne({
|
|
71
|
+
principal_id: principalId,
|
|
72
|
+
principal_type: principalType,
|
|
73
|
+
role: models.RoleValue.Admin,
|
|
74
|
+
});
|
|
75
|
+
return !!globalRoles;
|
|
76
|
+
}
|
|
77
|
+
async resolveOrganizationAuthorization(params) {
|
|
78
|
+
const { principal, rolesAllowList, principalTypeAllowList, organizationId } = params;
|
|
79
|
+
const principal_id = principal.entity._id;
|
|
80
|
+
const principal_type = principal.principal_type;
|
|
81
|
+
const globalRoles = await this.globalRoleService.find({
|
|
82
|
+
principal_id,
|
|
83
|
+
principal_type
|
|
84
|
+
});
|
|
85
|
+
const isGlobalAdmin = globalRoles.some(role => role.role === models.RoleValue.Admin);
|
|
86
|
+
const organizationRoles = await this.organizationRoleService.find({
|
|
87
|
+
principal_id,
|
|
88
|
+
principal_type,
|
|
89
|
+
organization_id: organizationId,
|
|
90
|
+
});
|
|
91
|
+
const hasAccess = isGlobalAdmin ||
|
|
92
|
+
(organizationRoles.some(role => {
|
|
93
|
+
return rolesAllowList.includes(role.role);
|
|
94
|
+
}) &&
|
|
95
|
+
principalTypeAllowList.includes(principal_type));
|
|
96
|
+
return { hasAccess, isGlobalAdmin, globalRoles, organizationRoles };
|
|
97
|
+
}
|
|
98
|
+
async authorizeApiKeyAccessForPrincipal(principal, apiKeyScopeType, apiKeyScopeId) {
|
|
99
|
+
// Global admins have access to all API keys
|
|
100
|
+
const isGlobalAdmin = await this.isGlobalAdmin(principal.entity._id, principal.principal_type);
|
|
101
|
+
if (isGlobalAdmin) {
|
|
80
102
|
return true;
|
|
81
103
|
}
|
|
82
|
-
|
|
83
|
-
|
|
104
|
+
switch (apiKeyScopeType) {
|
|
105
|
+
case trailmixModels.ApiKeyScope.Global: {
|
|
106
|
+
await this.securityAuditCollection.insertOne({
|
|
107
|
+
event_type: trailmixModels.SecurityAuditEventType.UnauthorizedAccess,
|
|
108
|
+
principal_id: principal.entity._id,
|
|
109
|
+
principal_type: principal.principal_type,
|
|
110
|
+
message: 'Unauthorized attempt to get global-scoped API key for non-global admins',
|
|
111
|
+
source: AuthorizationService_1.name,
|
|
112
|
+
});
|
|
113
|
+
return false;
|
|
114
|
+
}
|
|
115
|
+
case trailmixModels.ApiKeyScope.Account: {
|
|
116
|
+
if (!apiKeyScopeId) {
|
|
117
|
+
throw new Error('API key scope ID is required for account-scoped API keys');
|
|
118
|
+
}
|
|
119
|
+
if (!apiKeyScopeId.equals(principal.entity._id)) {
|
|
120
|
+
await this.securityAuditCollection.insertOne({
|
|
121
|
+
event_type: trailmixModels.SecurityAuditEventType.UnauthorizedAccess,
|
|
122
|
+
principal_id: principal.entity._id,
|
|
123
|
+
principal_type: principal.principal_type,
|
|
124
|
+
message: 'Unauthorized attempt to get account-scoped API key for another principal',
|
|
125
|
+
source: AuthorizationService_1.name,
|
|
126
|
+
});
|
|
127
|
+
return false;
|
|
128
|
+
}
|
|
129
|
+
return true;
|
|
130
|
+
}
|
|
131
|
+
case trailmixModels.ApiKeyScope.Organization: {
|
|
132
|
+
if (!apiKeyScopeId) {
|
|
133
|
+
throw new Error('API key scope ID is required for organization-scoped API keys');
|
|
134
|
+
}
|
|
135
|
+
const requiredRoles = [trailmixModels.RoleValue.Admin, trailmixModels.RoleValue.Owner];
|
|
136
|
+
const accessResult = await this.resolveOrganizationAuthorization({
|
|
137
|
+
principal,
|
|
138
|
+
rolesAllowList: requiredRoles,
|
|
139
|
+
principalTypeAllowList: [trailmixModels.Principal.Account],
|
|
140
|
+
organizationId: apiKeyScopeId,
|
|
141
|
+
});
|
|
142
|
+
if (!accessResult.hasAccess) {
|
|
143
|
+
await this.securityAuditCollection.insertOne({
|
|
144
|
+
event_type: trailmixModels.SecurityAuditEventType.UnauthorizedAccess,
|
|
145
|
+
principal_id: principal.entity._id,
|
|
146
|
+
principal_type: principal.principal_type,
|
|
147
|
+
message: `Unauthorized attempt to get organization-scoped API key without ${requiredRoles} role on the organization ${apiKeyScopeId}`,
|
|
148
|
+
source: AuthorizationService_1.name,
|
|
149
|
+
});
|
|
150
|
+
return false;
|
|
151
|
+
}
|
|
152
|
+
return true;
|
|
153
|
+
}
|
|
154
|
+
default: {
|
|
155
|
+
throw new Error(`Invalid scope type: ${apiKeyScopeType}`);
|
|
156
|
+
}
|
|
84
157
|
}
|
|
85
|
-
return false;
|
|
86
158
|
}
|
|
87
159
|
};
|
|
88
160
|
exports.AuthorizationService = AuthorizationService;
|
|
89
161
|
exports.AuthorizationService = AuthorizationService = AuthorizationService_1 = __decorate([
|
|
90
162
|
(0, common_1.Injectable)(),
|
|
91
|
-
__metadata("design:paramtypes", [
|
|
163
|
+
__metadata("design:paramtypes", [global_role_service_1.GlobalRoleService,
|
|
164
|
+
organization_role_service_1.OrganizationRoleService,
|
|
165
|
+
security_audit_collection_1.SecurityAuditCollection])
|
|
92
166
|
], AuthorizationService);
|
|
93
|
-
exports.AccountAuthorization = (0, common_1.createParamDecorator)((data, ctx) => {
|
|
94
|
-
const request = ctx.switchToHttp().getRequest();
|
|
95
|
-
const accountAuthorization = {
|
|
96
|
-
account: request.account,
|
|
97
|
-
roles: request.account?.roles ? request.account.roles.map(role => role) : [],
|
|
98
|
-
};
|
|
99
|
-
return accountAuthorization;
|
|
100
|
-
});
|
|
101
167
|
//# sourceMappingURL=authorization.service.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization.service.js","sourceRoot":"","sources":["../../src/services/authorization.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,
|
|
1
|
+
{"version":3,"file":"authorization.service.js","sourceRoot":"","sources":["../../src/services/authorization.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAAyE;AAEzE,6DAA+C;AAC/C,+DAA0D;AAC1D,2EAAsE;AAEtE,qEAAuD;AACvD,wFAAmF;AAG5E,IAAM,oBAAoB,4BAA1B,MAAM,oBAAoB;IAIR;IACA;IACA;IALJ,MAAM,GAAG,IAAI,eAAM,CAAC,sBAAoB,CAAC,IAAI,CAAC,CAAC;IAEhE,YACqB,iBAAoC,EACpC,uBAAgD,EAChD,uBAAgD;QAFhD,sBAAiB,GAAjB,iBAAiB,CAAmB;QACpC,4BAAuB,GAAvB,uBAAuB,CAAyB;QAChD,4BAAuB,GAAvB,uBAAuB,CAAyB;IACjE,CAAC;IAEL;;;;;OAKG;IACH,KAAK,CAAC,aAAa,CAAC,WAAqB,EAAE,aAA+B;QACtE,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC;YACrD,YAAY,EAAE,WAAW;YACzB,cAAc,EAAE,aAAa;YAC7B,IAAI,EAAE,MAAM,CAAC,SAAS,CAAC,KAAK;SAC/B,CAAC,CAAC;QACH,OAAO,CAAC,CAAC,WAAW,CAAC;IACzB,CAAC;IAGD,KAAK,CAAC,gCAAgC,CAAC,MAKtC;QACG,MAAM,EAAE,SAAS,EAAE,cAAc,EAAE,sBAAsB,EAAE,cAAc,EAAE,GAAG,MAAM,CAAC;QAErF,MAAM,YAAY,GAAG,SAAS,CAAC,MAAM,CAAC,GAAG,CAAC;QAC1C,MAAM,cAAc,GAAG,SAAS,CAAC,cAAc,CAAC;QAChD,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC;YAClD,YAAY;YACZ,cAAc;SACjB,CAAC,CAAC;QACH,MAAM,aAAa,GAAG,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,KAAK,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAErF,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC;YAC9D,YAAY;YACZ,cAAc;YACd,eAAe,EAAE,cAAc;SAClC,CAAC,CAAC;QAEH,MAAM,SAAS,GAAG,aAAa;YAC3B,CACI,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;gBAC1B,OAAO,cAAc,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC9C,CAAC,CAAC;gBACF,sBAAsB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAClD,CAAC;QAEN,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,WAAW,EAAE,iBAAiB,EAAE,CAAC;IACxE,CAAC;IAGD,KAAK,CAAC,iCAAiC,CAAC,SAA2B,EAAE,eAA2C,EAAE,aAAwB;QACtI,4CAA4C;QAC5C,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,EAAE,SAAS,CAAC,cAAc,CAAC,CAAC;QAC/F,IAAI,aAAa,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC;QAChB,CAAC;QAED,QAAQ,eAAe,EAAE,CAAC;YACtB,KAAK,cAAc,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC;gBACrC,MAAM,IAAI,CAAC,uBAAuB,CAAC,SAAS,CAAC;oBACzC,UAAU,EAAE,cAAc,CAAC,sBAAsB,CAAC,kBAAkB;oBACpE,YAAY,EAAE,SAAS,CAAC,MAAM,CAAC,GAAG;oBAClC,cAAc,EAAE,SAAS,CAAC,cAAc;oBACxC,OAAO,EAAE,yEAAyE;oBAClF,MAAM,EAAE,sBAAoB,CAAC,IAAI;iBACpC,CAAC,CAAC;gBACH,OAAO,KAAK,CAAC;YACjB,CAAC;YACD,KAAK,cAAc,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC;gBACtC,IAAI,CAAC,aAAa,EAAE,CAAC;oBACjB,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;gBAChF,CAAC;gBACD,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC9C,MAAM,IAAI,CAAC,uBAAuB,CAAC,SAAS,CAAC;wBACzC,UAAU,EAAE,cAAc,CAAC,sBAAsB,CAAC,kBAAkB;wBACpE,YAAY,EAAE,SAAS,CAAC,MAAM,CAAC,GAAG;wBAClC,cAAc,EAAE,SAAS,CAAC,cAAc;wBACxC,OAAO,EAAE,0EAA0E;wBACnF,MAAM,EAAE,sBAAoB,CAAC,IAAI;qBACpC,CAAC,CAAC;oBACH,OAAO,KAAK,CAAC;gBACjB,CAAC;gBACD,OAAO,IAAI,CAAC;YAChB,CAAC;YACD,KAAK,cAAc,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC,CAAC;gBAC3C,IAAI,CAAC,aAAa,EAAE,CAAC;oBACjB,MAAM,IAAI,KAAK,CAAC,+DAA+D,CAAC,CAAC;gBACrF,CAAC;gBACD,MAAM,aAAa,GAAG,CAAC,cAAc,CAAC,SAAS,CAAC,KAAK,EAAE,cAAc,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;gBACvF,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,gCAAgC,CAAC;oBAC7D,SAAS;oBACT,cAAc,EAAE,aAAa;oBAC7B,sBAAsB,EAAE,CAAC,cAAc,CAAC,SAAS,CAAC,OAAO,CAAC;oBAC1D,cAAc,EAAE,aAAc;iBACjC,CAAC,CAAC;gBACH,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,CAAC;oBAC1B,MAAM,IAAI,CAAC,uBAAuB,CAAC,SAAS,CAAC;wBACzC,UAAU,EAAE,cAAc,CAAC,sBAAsB,CAAC,kBAAkB;wBACpE,YAAY,EAAE,SAAS,CAAC,MAAM,CAAC,GAAG;wBAClC,cAAc,EAAE,SAAS,CAAC,cAAc;wBACxC,OAAO,EAAE,mEAAmE,aAAa,6BAA6B,aAAa,EAAE;wBACrI,MAAM,EAAE,sBAAoB,CAAC,IAAI;qBACpC,CAAC,CAAC;oBACH,OAAO,KAAK,CAAC;gBACjB,CAAC;gBACD,OAAO,IAAI,CAAC;YAChB,CAAC;YACD,OAAO,CAAC,CAAC,CAAC;gBACN,MAAM,IAAI,KAAK,CAAC,uBAAuB,eAAe,EAAE,CAAC,CAAC;YAC9D,CAAC;QACL,CAAC;IACL,CAAC;CACJ,CAAA;AAzHY,oDAAoB;+BAApB,oBAAoB;IADhC,IAAA,mBAAU,GAAE;qCAK+B,uCAAiB;QACX,mDAAuB;QACvB,mDAAuB;GAN5D,oBAAoB,CAyHhC"}
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
import { ApiKeyScope } from '@trailmix-cms/models';
|
|
2
|
+
import { type FeatureConfig } from '../types';
|
|
3
|
+
export declare class FeatureService {
|
|
4
|
+
private readonly features;
|
|
5
|
+
constructor(features?: FeatureConfig);
|
|
6
|
+
/**
|
|
7
|
+
* Check if the organizations feature is enabled
|
|
8
|
+
*/
|
|
9
|
+
isOrganizationsEnabled(): boolean;
|
|
10
|
+
/**
|
|
11
|
+
* Check if the API keys feature is enabled
|
|
12
|
+
*/
|
|
13
|
+
isApiKeysEnabled(): boolean;
|
|
14
|
+
/**
|
|
15
|
+
* Get the allowed API key scopes
|
|
16
|
+
*/
|
|
17
|
+
getApiKeyScopes(): ApiKeyScope[];
|
|
18
|
+
/**
|
|
19
|
+
* Get all feature configurations
|
|
20
|
+
*/
|
|
21
|
+
getFeatures(): FeatureConfig;
|
|
22
|
+
}
|
|
23
|
+
//# sourceMappingURL=feature.service.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"feature.service.d.ts","sourceRoot":"","sources":["../../src/services/feature.service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AACnD,OAAO,EAAE,KAAK,aAAa,EAAE,MAAM,UAAU,CAAC;AAE9C,qBACa,cAAc;IACvB,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAgB;gBAE7B,QAAQ,GAAE,aAAkB;IAIxC;;OAEG;IACH,sBAAsB,IAAI,OAAO;IAIjC;;OAEG;IACH,gBAAgB,IAAI,OAAO;IAI3B;;OAEG;IACH,eAAe,IAAI,WAAW,EAAE;IAIhC;;OAEG;IACH,WAAW,IAAI,aAAa;CAG/B"}
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
3
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
4
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
5
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
6
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
7
|
+
};
|
|
8
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
9
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
|
+
};
|
|
11
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
+
exports.FeatureService = void 0;
|
|
13
|
+
const common_1 = require("@nestjs/common");
|
|
14
|
+
let FeatureService = class FeatureService {
|
|
15
|
+
features;
|
|
16
|
+
constructor(features = {}) {
|
|
17
|
+
this.features = features;
|
|
18
|
+
}
|
|
19
|
+
/**
|
|
20
|
+
* Check if the organizations feature is enabled
|
|
21
|
+
*/
|
|
22
|
+
isOrganizationsEnabled() {
|
|
23
|
+
return this.features.enableOrganizations === true;
|
|
24
|
+
}
|
|
25
|
+
/**
|
|
26
|
+
* Check if the API keys feature is enabled
|
|
27
|
+
*/
|
|
28
|
+
isApiKeysEnabled() {
|
|
29
|
+
return this.features.apiKeys?.enabled === true;
|
|
30
|
+
}
|
|
31
|
+
/**
|
|
32
|
+
* Get the allowed API key scopes
|
|
33
|
+
*/
|
|
34
|
+
getApiKeyScopes() {
|
|
35
|
+
return this.features.apiKeys?.scopes ?? [];
|
|
36
|
+
}
|
|
37
|
+
/**
|
|
38
|
+
* Get all feature configurations
|
|
39
|
+
*/
|
|
40
|
+
getFeatures() {
|
|
41
|
+
return { ...this.features };
|
|
42
|
+
}
|
|
43
|
+
};
|
|
44
|
+
exports.FeatureService = FeatureService;
|
|
45
|
+
exports.FeatureService = FeatureService = __decorate([
|
|
46
|
+
(0, common_1.Injectable)(),
|
|
47
|
+
__metadata("design:paramtypes", [Object])
|
|
48
|
+
], FeatureService);
|
|
49
|
+
//# sourceMappingURL=feature.service.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"feature.service.js","sourceRoot":"","sources":["../../src/services/feature.service.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAA4C;AAKrC,IAAM,cAAc,GAApB,MAAM,cAAc;IACN,QAAQ,CAAgB;IAEzC,YAAY,WAA0B,EAAE;QACpC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,sBAAsB;QAClB,OAAO,IAAI,CAAC,QAAQ,CAAC,mBAAmB,KAAK,IAAI,CAAC;IACtD,CAAC;IAED;;OAEG;IACH,gBAAgB;QACZ,OAAO,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,OAAO,KAAK,IAAI,CAAC;IACnD,CAAC;IAED;;OAEG;IACH,eAAe;QACX,OAAO,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,MAAM,IAAI,EAAE,CAAC;IAC/C,CAAC;IAED;;OAEG;IACH,WAAW;QACP,OAAO,EAAE,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;IAChC,CAAC;CACJ,CAAA;AAlCY,wCAAc;yBAAd,cAAc;IAD1B,IAAA,mBAAU,GAAE;;GACA,cAAc,CAkC1B"}
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
import { ObjectId, Filter } from 'mongodb';
|
|
2
|
+
import * as models from '@trailmix-cms/models';
|
|
3
|
+
import { RoleCollection } from '../collections/role.collection';
|
|
4
|
+
import { Utils } from '@trailmix-cms/db';
|
|
5
|
+
type GlobalRoleModel = models.GlobalRole.Model;
|
|
6
|
+
export declare class GlobalRoleService {
|
|
7
|
+
private readonly roleCollection;
|
|
8
|
+
private readonly logger;
|
|
9
|
+
constructor(roleCollection: RoleCollection);
|
|
10
|
+
insertOne(params: Utils.Creatable<GlobalRoleModel>, auditContext: models.AuditContext.Model): Promise<GlobalRoleModel>;
|
|
11
|
+
find(filter?: Filter<GlobalRoleModel>): Promise<GlobalRoleModel[]>;
|
|
12
|
+
findOne(params: Filter<GlobalRoleModel>): Promise<GlobalRoleModel | null>;
|
|
13
|
+
deleteOne(id: ObjectId, auditContext: models.AuditContext.Model): Promise<void>;
|
|
14
|
+
private mapToModel;
|
|
15
|
+
}
|
|
16
|
+
export {};
|
|
17
|
+
//# sourceMappingURL=global-role.service.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"global-role.service.d.ts","sourceRoot":"","sources":["../../src/services/global-role.service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAC3C,OAAO,KAAK,MAAM,MAAM,sBAAsB,CAAC;AAC/C,OAAO,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAC;AAChE,OAAO,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AAEzC,KAAK,eAAe,GAAG,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC;AAG/C,qBACa,iBAAiB;IAItB,OAAO,CAAC,QAAQ,CAAC,cAAc;IAHnC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAsC;gBAGxC,cAAc,EAAE,cAAc;IAG7C,SAAS,CACX,MAAM,EAAE,KAAK,CAAC,SAAS,CAAC,eAAe,CAAC,EACxC,YAAY,EAAE,MAAM,CAAC,YAAY,CAAC,KAAK,GACxC,OAAO,CAAC,eAAe,CAAC;IAUrB,IAAI,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC,eAAe,CAAC,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IASlE,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC,eAAe,CAAC,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAazE,SAAS,CACX,EAAE,EAAE,QAAQ,EACZ,YAAY,EAAE,MAAM,CAAC,YAAY,CAAC,KAAK,GACxC,OAAO,CAAC,IAAI,CAAC;IAIhB,OAAO,CAAC,UAAU;CAQrB"}
|
|
@@ -0,0 +1,99 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
19
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
20
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
21
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
22
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
23
|
+
};
|
|
24
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
25
|
+
var ownKeys = function(o) {
|
|
26
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
27
|
+
var ar = [];
|
|
28
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
29
|
+
return ar;
|
|
30
|
+
};
|
|
31
|
+
return ownKeys(o);
|
|
32
|
+
};
|
|
33
|
+
return function (mod) {
|
|
34
|
+
if (mod && mod.__esModule) return mod;
|
|
35
|
+
var result = {};
|
|
36
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
37
|
+
__setModuleDefault(result, mod);
|
|
38
|
+
return result;
|
|
39
|
+
};
|
|
40
|
+
})();
|
|
41
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
42
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
43
|
+
};
|
|
44
|
+
var GlobalRoleService_1;
|
|
45
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
46
|
+
exports.GlobalRoleService = void 0;
|
|
47
|
+
const common_1 = require("@nestjs/common");
|
|
48
|
+
const models = __importStar(require("@trailmix-cms/models"));
|
|
49
|
+
const role_collection_1 = require("../collections/role.collection");
|
|
50
|
+
let GlobalRoleService = GlobalRoleService_1 = class GlobalRoleService {
|
|
51
|
+
roleCollection;
|
|
52
|
+
logger = new common_1.Logger(GlobalRoleService_1.name);
|
|
53
|
+
constructor(roleCollection) {
|
|
54
|
+
this.roleCollection = roleCollection;
|
|
55
|
+
}
|
|
56
|
+
async insertOne(params, auditContext) {
|
|
57
|
+
const insertParams = {
|
|
58
|
+
...params,
|
|
59
|
+
type: models.RoleType.Global,
|
|
60
|
+
};
|
|
61
|
+
const entity = await this.roleCollection.insertOne(insertParams, auditContext);
|
|
62
|
+
return this.mapToModel(entity);
|
|
63
|
+
}
|
|
64
|
+
async find(filter) {
|
|
65
|
+
const query = {
|
|
66
|
+
...filter,
|
|
67
|
+
type: models.RoleType.Global,
|
|
68
|
+
};
|
|
69
|
+
const entities = await this.roleCollection.find(query);
|
|
70
|
+
return entities.map(entity => this.mapToModel(entity));
|
|
71
|
+
}
|
|
72
|
+
async findOne(params) {
|
|
73
|
+
const query = {
|
|
74
|
+
...params,
|
|
75
|
+
type: models.RoleType.Global,
|
|
76
|
+
};
|
|
77
|
+
const entity = await this.roleCollection.findOne(query);
|
|
78
|
+
if (!entity) {
|
|
79
|
+
return null;
|
|
80
|
+
}
|
|
81
|
+
return this.mapToModel(entity);
|
|
82
|
+
}
|
|
83
|
+
async deleteOne(id, auditContext) {
|
|
84
|
+
await this.roleCollection.deleteOne(id, auditContext);
|
|
85
|
+
}
|
|
86
|
+
mapToModel(entity) {
|
|
87
|
+
if (entity.type !== models.RoleType.Global) {
|
|
88
|
+
throw new Error('Entity is not a global role');
|
|
89
|
+
}
|
|
90
|
+
// TODO: Add mapping logic here
|
|
91
|
+
return entity;
|
|
92
|
+
}
|
|
93
|
+
};
|
|
94
|
+
exports.GlobalRoleService = GlobalRoleService;
|
|
95
|
+
exports.GlobalRoleService = GlobalRoleService = GlobalRoleService_1 = __decorate([
|
|
96
|
+
(0, common_1.Injectable)(),
|
|
97
|
+
__metadata("design:paramtypes", [role_collection_1.RoleCollection])
|
|
98
|
+
], GlobalRoleService);
|
|
99
|
+
//# sourceMappingURL=global-role.service.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"global-role.service.js","sourceRoot":"","sources":["../../src/services/global-role.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAAuE;AAEvE,6DAA+C;AAC/C,oEAAgE;AAOzD,IAAM,iBAAiB,yBAAvB,MAAM,iBAAiB;IAIL;IAHJ,MAAM,GAAG,IAAI,eAAM,CAAC,mBAAiB,CAAC,IAAI,CAAC,CAAC;IAE7D,YACqB,cAA8B;QAA9B,mBAAc,GAAd,cAAc,CAAgB;IAC/C,CAAC;IAEL,KAAK,CAAC,SAAS,CACX,MAAwC,EACxC,YAAuC;QAEvC,MAAM,YAAY,GAAgC;YAC9C,GAAG,MAAM;YACT,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM;SAC/B,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;QAC/E,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IACnC,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,MAAgC;QACvC,MAAM,KAAK,GAAuB;YAC9B,GAAG,MAAM;YACT,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM;SAC/B,CAAC;QACF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACvD,OAAO,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;IAC3D,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,MAA+B;QACzC,MAAM,KAAK,GAAuB;YAC9B,GAAG,MAAM;YACT,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM;SAC/B,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QACxD,IAAI,CAAC,MAAM,EAAE,CAAC;YACV,OAAO,IAAI,CAAC;QAChB,CAAC;QACD,OAAO,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;IACnC,CAAC;IAGD,KAAK,CAAC,SAAS,CACX,EAAY,EACZ,YAAuC;QAEvC,MAAM,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,EAAE,EAAE,YAAY,CAAC,CAAC;IAC1D,CAAC;IAEO,UAAU,CAAC,MAAkB;QACjC,IAAI,MAAM,CAAC,IAAI,KAAK,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;YACzC,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;QACnD,CAAC;QAED,+BAA+B;QAC/B,OAAO,MAAyB,CAAC;IACrC,CAAC;CACJ,CAAA;AAzDY,8CAAiB;4BAAjB,iBAAiB;IAD7B,IAAA,mBAAU,GAAE;qCAK4B,gCAAc;GAJ1C,iBAAiB,CAyD7B"}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
export * from './account.service';
|
|
2
|
+
export * from './api-key.service';
|
|
3
|
+
export * from './auth.service';
|
|
4
|
+
export * from './authorization.service';
|
|
5
|
+
export * from './feature.service';
|
|
6
|
+
export * from './global-role.service';
|
|
7
|
+
export * from './organization.service';
|
|
8
|
+
export * from './organization-role.service';
|
|
9
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/services/index.ts"],"names":[],"mappings":"AAAA,cAAc,mBAAmB,CAAC;AAClC,cAAc,mBAAmB,CAAC;AAClC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,yBAAyB,CAAC;AACxC,cAAc,mBAAmB,CAAC;AAClC,cAAc,uBAAuB,CAAC;AACtC,cAAc,wBAAwB,CAAC;AACvC,cAAc,6BAA6B,CAAC"}
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
+
};
|
|
16
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
__exportStar(require("./account.service"), exports);
|
|
18
|
+
__exportStar(require("./api-key.service"), exports);
|
|
19
|
+
__exportStar(require("./auth.service"), exports);
|
|
20
|
+
__exportStar(require("./authorization.service"), exports);
|
|
21
|
+
__exportStar(require("./feature.service"), exports);
|
|
22
|
+
__exportStar(require("./global-role.service"), exports);
|
|
23
|
+
__exportStar(require("./organization.service"), exports);
|
|
24
|
+
__exportStar(require("./organization-role.service"), exports);
|
|
25
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/services/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,oDAAkC;AAClC,oDAAkC;AAClC,iDAA+B;AAC/B,0DAAwC;AACxC,oDAAkC;AAClC,wDAAsC;AACtC,yDAAuC;AACvC,8DAA4C"}
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
import { Filter, ObjectId } from 'mongodb';
|
|
2
|
+
import * as models from '@trailmix-cms/models';
|
|
3
|
+
import { RoleCollection } from '../collections/role.collection';
|
|
4
|
+
import { Utils } from '@trailmix-cms/db';
|
|
5
|
+
type OrganizationRoleModel = models.OrganizationRole.Model;
|
|
6
|
+
export declare class OrganizationRoleService {
|
|
7
|
+
private readonly roleCollection;
|
|
8
|
+
private readonly logger;
|
|
9
|
+
constructor(roleCollection: RoleCollection);
|
|
10
|
+
insertOne(params: Utils.Creatable<OrganizationRoleModel>, auditContext: models.AuditContext.Model): Promise<OrganizationRoleModel>;
|
|
11
|
+
find(filter: Filter<OrganizationRoleModel>): Promise<{
|
|
12
|
+
_id: ObjectId;
|
|
13
|
+
created_at: Date;
|
|
14
|
+
principal_id: ObjectId;
|
|
15
|
+
principal_type: "account" | "api_key";
|
|
16
|
+
role: string;
|
|
17
|
+
organization_id: ObjectId;
|
|
18
|
+
updated_at?: Date | undefined;
|
|
19
|
+
}[]>;
|
|
20
|
+
findOne(params: Filter<OrganizationRoleModel>): Promise<{
|
|
21
|
+
_id: ObjectId;
|
|
22
|
+
created_at: Date;
|
|
23
|
+
principal_id: ObjectId;
|
|
24
|
+
principal_type: "account" | "api_key";
|
|
25
|
+
role: string;
|
|
26
|
+
organization_id: ObjectId;
|
|
27
|
+
updated_at?: Date | undefined;
|
|
28
|
+
} | null>;
|
|
29
|
+
deleteOne(id: ObjectId, auditContext: models.AuditContext.Model): Promise<void>;
|
|
30
|
+
private mapToModel;
|
|
31
|
+
}
|
|
32
|
+
export {};
|
|
33
|
+
//# sourceMappingURL=organization-role.service.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"organization-role.service.d.ts","sourceRoot":"","sources":["../../src/services/organization-role.service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC3C,OAAO,KAAK,MAAM,MAAM,sBAAsB,CAAC;AAC/C,OAAO,EAAE,cAAc,EAAE,MAAM,gCAAgC,CAAC;AAChE,OAAO,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AAEzC,KAAK,qBAAqB,GAAG,MAAM,CAAC,gBAAgB,CAAC,KAAK,CAAC;AAG3D,qBACa,uBAAuB;IAI5B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAHnC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAA4C;gBAG9C,cAAc,EAAE,cAAc;IAG7C,SAAS,CACX,MAAM,EAAE,KAAK,CAAC,SAAS,CAAC,qBAAqB,CAAC,EAC9C,YAAY,EAAE,MAAM,CAAC,YAAY,CAAC,KAAK,GACxC,OAAO,CAAC,qBAAqB,CAAC;IAU3B,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,qBAAqB,CAAC;;;;;;;;;IAS1C,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC,qBAAqB,CAAC;;;;;;;;;IAY7C,SAAS,CACX,EAAE,EAAE,QAAQ,EACZ,YAAY,EAAE,MAAM,CAAC,YAAY,CAAC,KAAK,GACxC,OAAO,CAAC,IAAI,CAAC;IAIhB,OAAO,CAAC,UAAU;CAYrB"}
|