@trailmix-cms/cms 0.4.4 → 0.7.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth.guard.d.ts +5 -13
- package/dist/auth.guard.d.ts.map +1 -1
- package/dist/auth.guard.js +24 -95
- package/dist/auth.guard.js.map +1 -1
- package/dist/collections/account.collection.d.ts +5 -3
- package/dist/collections/account.collection.d.ts.map +1 -1
- package/dist/collections/account.collection.js +15 -8
- package/dist/collections/account.collection.js.map +1 -1
- package/dist/collections/api-key.collection.d.ts +54 -0
- package/dist/collections/api-key.collection.d.ts.map +1 -0
- package/dist/collections/api-key.collection.js +142 -0
- package/dist/collections/api-key.collection.js.map +1 -0
- package/dist/collections/index.d.ts +4 -2
- package/dist/collections/index.d.ts.map +1 -1
- package/dist/collections/index.js +9 -5
- package/dist/collections/index.js.map +1 -1
- package/dist/collections/organization.collection.d.ts +20 -0
- package/dist/collections/organization.collection.d.ts.map +1 -0
- package/dist/collections/{file.collection.js → organization.collection.js} +17 -17
- package/dist/collections/organization.collection.js.map +1 -0
- package/dist/collections/role.collection.d.ts +32 -0
- package/dist/collections/role.collection.d.ts.map +1 -0
- package/dist/collections/role.collection.js +90 -0
- package/dist/collections/role.collection.js.map +1 -0
- package/dist/collections/security-audit.collection.d.ts +30 -0
- package/dist/collections/security-audit.collection.d.ts.map +1 -0
- package/dist/collections/security-audit.collection.js +79 -0
- package/dist/collections/security-audit.collection.js.map +1 -0
- package/dist/constants/cms-collection-names.d.ts +4 -2
- package/dist/constants/cms-collection-names.d.ts.map +1 -1
- package/dist/constants/cms-collection-names.js +4 -2
- package/dist/constants/cms-collection-names.js.map +1 -1
- package/dist/constants/provider-symbols.d.ts +10 -12
- package/dist/constants/provider-symbols.d.ts.map +1 -1
- package/dist/constants/provider-symbols.js +10 -12
- package/dist/constants/provider-symbols.js.map +1 -1
- package/dist/controllers/account.controller.d.ts +11 -15
- package/dist/controllers/account.controller.d.ts.map +1 -1
- package/dist/controllers/account.controller.js +69 -13
- package/dist/controllers/account.controller.js.map +1 -1
- package/dist/controllers/api-keys.controller.d.ts +13 -0
- package/dist/controllers/api-keys.controller.d.ts.map +1 -0
- package/dist/controllers/api-keys.controller.js +125 -0
- package/dist/controllers/api-keys.controller.js.map +1 -0
- package/dist/controllers/audit.controller.d.ts.map +1 -1
- package/dist/controllers/audit.controller.js +3 -3
- package/dist/controllers/audit.controller.js.map +1 -1
- package/dist/controllers/audits.controller.d.ts +10 -0
- package/dist/controllers/audits.controller.d.ts.map +1 -0
- package/dist/controllers/audits.controller.js +107 -0
- package/dist/controllers/audits.controller.js.map +1 -0
- package/dist/controllers/global-roles.controller.d.ts +16 -0
- package/dist/controllers/global-roles.controller.d.ts.map +1 -0
- package/dist/controllers/global-roles.controller.js +137 -0
- package/dist/controllers/global-roles.controller.js.map +1 -0
- package/dist/controllers/index.d.ts +6 -1
- package/dist/controllers/index.d.ts.map +1 -1
- package/dist/controllers/index.js +6 -1
- package/dist/controllers/index.js.map +1 -1
- package/dist/controllers/organization-roles.controller.d.ts +16 -0
- package/dist/controllers/organization-roles.controller.d.ts.map +1 -0
- package/dist/controllers/organization-roles.controller.js +145 -0
- package/dist/controllers/organization-roles.controller.js.map +1 -0
- package/dist/controllers/organizations.controller.d.ts +65 -0
- package/dist/controllers/organizations.controller.d.ts.map +1 -0
- package/dist/controllers/organizations.controller.js +140 -0
- package/dist/controllers/organizations.controller.js.map +1 -0
- package/dist/controllers/security-audits.controller.d.ts +11 -0
- package/dist/controllers/security-audits.controller.d.ts.map +1 -0
- package/dist/controllers/security-audits.controller.js +130 -0
- package/dist/controllers/security-audits.controller.js.map +1 -0
- package/dist/decorators/account.decorator.d.ts +1 -3
- package/dist/decorators/account.decorator.d.ts.map +1 -1
- package/dist/decorators/account.decorator.js +3 -10
- package/dist/decorators/account.decorator.js.map +1 -1
- package/dist/decorators/audit-context.decorator.d.ts +6 -0
- package/dist/decorators/audit-context.decorator.d.ts.map +1 -1
- package/dist/decorators/audit-context.decorator.js +12 -3
- package/dist/decorators/audit-context.decorator.js.map +1 -1
- package/dist/decorators/auth.decorator.d.ts +7 -6
- package/dist/decorators/auth.decorator.d.ts.map +1 -1
- package/dist/decorators/auth.decorator.js +38 -5
- package/dist/decorators/auth.decorator.js.map +1 -1
- package/dist/decorators/index.d.ts +4 -0
- package/dist/decorators/index.d.ts.map +1 -0
- package/dist/decorators/index.js +20 -0
- package/dist/decorators/index.js.map +1 -0
- package/dist/dto/account.dto.d.ts +33 -0
- package/dist/dto/account.dto.d.ts.map +1 -0
- package/dist/dto/account.dto.js +14 -0
- package/dist/dto/account.dto.js.map +1 -0
- package/dist/dto/api-key.dto.d.ts +89 -0
- package/dist/dto/api-key.dto.d.ts.map +1 -0
- package/dist/dto/api-key.dto.js +27 -0
- package/dist/dto/api-key.dto.js.map +1 -0
- package/dist/dto/audit.dto.d.ts +11 -5
- package/dist/dto/audit.dto.d.ts.map +1 -1
- package/dist/dto/audit.dto.js +1 -1
- package/dist/dto/audit.dto.js.map +1 -1
- package/dist/dto/global-role.dto.d.ts +99 -0
- package/dist/dto/global-role.dto.d.ts.map +1 -0
- package/dist/dto/global-role.dto.js +26 -0
- package/dist/dto/global-role.dto.js.map +1 -0
- package/dist/dto/organization-role.dto.d.ts +107 -0
- package/dist/dto/organization-role.dto.d.ts.map +1 -0
- package/dist/dto/organization-role.dto.js +26 -0
- package/dist/dto/organization-role.dto.js.map +1 -0
- package/dist/dto/organization.dto.d.ts +57 -0
- package/dist/dto/organization.dto.d.ts.map +1 -0
- package/dist/dto/organization.dto.js +32 -0
- package/dist/dto/organization.dto.js.map +1 -0
- package/dist/dto/security-audit.dto.d.ts +95 -0
- package/dist/dto/security-audit.dto.d.ts.map +1 -0
- package/dist/dto/security-audit.dto.js +26 -0
- package/dist/dto/security-audit.dto.js.map +1 -0
- package/dist/index.d.ts +7 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +8 -3
- package/dist/index.js.map +1 -1
- package/dist/managers/global-role.manager.d.ts +42 -0
- package/dist/managers/global-role.manager.d.ts.map +1 -0
- package/dist/managers/global-role.manager.js +117 -0
- package/dist/managers/global-role.manager.js.map +1 -0
- package/dist/managers/index.d.ts +4 -0
- package/dist/managers/index.d.ts.map +1 -0
- package/dist/managers/index.js +20 -0
- package/dist/managers/index.js.map +1 -0
- package/dist/managers/organization-role.manager.d.ts +47 -0
- package/dist/managers/organization-role.manager.d.ts.map +1 -0
- package/dist/managers/organization-role.manager.js +218 -0
- package/dist/managers/organization-role.manager.js.map +1 -0
- package/dist/managers/organization.manager.d.ts +39 -0
- package/dist/managers/organization.manager.d.ts.map +1 -0
- package/dist/managers/organization.manager.js +196 -0
- package/dist/managers/organization.manager.js.map +1 -0
- package/dist/module.d.ts +92 -0
- package/dist/module.d.ts.map +1 -0
- package/dist/module.js +137 -0
- package/dist/module.js.map +1 -0
- package/dist/pipes/api-key.pipe.d.ts +8 -0
- package/dist/pipes/api-key.pipe.d.ts.map +1 -0
- package/dist/pipes/api-key.pipe.js +28 -0
- package/dist/pipes/api-key.pipe.js.map +1 -0
- package/dist/pipes/organization.pipe.d.ts +8 -0
- package/dist/pipes/organization.pipe.d.ts.map +1 -0
- package/dist/pipes/organization.pipe.js +28 -0
- package/dist/pipes/organization.pipe.js.map +1 -0
- package/dist/pipes/role.pipe.d.ts +8 -0
- package/dist/pipes/{file.pipe.d.ts.map → role.pipe.d.ts.map} +1 -1
- package/dist/pipes/{file.pipe.js → role.pipe.js} +8 -8
- package/dist/pipes/{file.pipe.js.map → role.pipe.js.map} +1 -1
- package/dist/services/account.service.d.ts +0 -2
- package/dist/services/account.service.d.ts.map +1 -1
- package/dist/services/account.service.js +1 -37
- package/dist/services/account.service.js.map +1 -1
- package/dist/services/api-key.service.d.ts +42 -0
- package/dist/services/api-key.service.d.ts.map +1 -0
- package/dist/services/api-key.service.js +306 -0
- package/dist/services/api-key.service.js.map +1 -0
- package/dist/services/auth.service.d.ts +50 -0
- package/dist/services/auth.service.d.ts.map +1 -0
- package/dist/services/auth.service.js +259 -0
- package/dist/services/auth.service.js.map +1 -0
- package/dist/services/authorization.service.d.ts +44 -9
- package/dist/services/authorization.service.d.ts.map +1 -1
- package/dist/services/authorization.service.js +107 -41
- package/dist/services/authorization.service.js.map +1 -1
- package/dist/services/feature.service.d.ts +23 -0
- package/dist/services/feature.service.d.ts.map +1 -0
- package/dist/services/feature.service.js +49 -0
- package/dist/services/feature.service.js.map +1 -0
- package/dist/services/global-role.service.d.ts +17 -0
- package/dist/services/global-role.service.d.ts.map +1 -0
- package/dist/services/global-role.service.js +99 -0
- package/dist/services/global-role.service.js.map +1 -0
- package/dist/services/index.d.ts +9 -0
- package/dist/services/index.d.ts.map +1 -0
- package/dist/services/index.js +25 -0
- package/dist/services/index.js.map +1 -0
- package/dist/services/organization-role.service.d.ts +33 -0
- package/dist/services/organization-role.service.d.ts.map +1 -0
- package/dist/services/organization-role.service.js +102 -0
- package/dist/services/organization-role.service.js.map +1 -0
- package/dist/services/organization.service.d.ts +29 -0
- package/dist/services/organization.service.d.ts.map +1 -0
- package/dist/services/organization.service.js +95 -0
- package/dist/services/organization.service.js.map +1 -0
- package/dist/types/feature-config.d.ts +9 -0
- package/dist/types/feature-config.d.ts.map +1 -0
- package/dist/types/feature-config.js +3 -0
- package/dist/types/feature-config.js.map +1 -0
- package/dist/types/hooks/auth-guard-hook.d.ts.map +1 -0
- package/dist/types/hooks/auth-guard-hook.js.map +1 -0
- package/dist/types/hooks/index.d.ts +3 -0
- package/dist/types/hooks/index.d.ts.map +1 -0
- package/dist/types/hooks/index.js +19 -0
- package/dist/types/hooks/index.js.map +1 -0
- package/dist/types/hooks/organization-delete-hook.d.ts +20 -0
- package/dist/types/hooks/organization-delete-hook.d.ts.map +1 -0
- package/dist/types/hooks/organization-delete-hook.js +3 -0
- package/dist/types/hooks/organization-delete-hook.js.map +1 -0
- package/dist/types/index.d.ts +5 -0
- package/dist/types/index.d.ts.map +1 -0
- package/dist/types/index.js +21 -0
- package/dist/types/index.js.map +1 -0
- package/dist/types/request-principal.d.ts +9 -0
- package/dist/types/request-principal.d.ts.map +1 -0
- package/dist/types/request-principal.js +3 -0
- package/dist/types/request-principal.js.map +1 -0
- package/dist/utils/provider-helpers.d.ts +6 -1
- package/dist/utils/provider-helpers.d.ts.map +1 -1
- package/dist/utils/provider-helpers.js +11 -1
- package/dist/utils/provider-helpers.js.map +1 -1
- package/package.json +52 -17
- package/test/unit/auth.guard.spec.ts +355 -0
- package/test/unit/collections/api-key.collection.spec.ts +416 -0
- package/test/unit/managers/global-role.manager.spec.ts +269 -0
- package/test/unit/managers/organization-role.manager.spec.ts +632 -0
- package/test/unit/managers/organization.manager.spec.ts +395 -0
- package/test/unit/module.spec.ts +596 -0
- package/test/unit/services/account.service.spec.ts +90 -0
- package/test/unit/services/api-key.service.spec.ts +1244 -0
- package/test/unit/services/auth.service.spec.ts +1036 -0
- package/test/unit/services/authorization.service.spec.ts +636 -0
- package/test/unit/services/feature.service.spec.ts +56 -0
- package/test/unit/services/global-role.service.spec.ts +289 -0
- package/test/unit/services/organization-role.service.spec.ts +300 -0
- package/test/unit/services/organization.service.spec.ts +385 -0
- package/test/utils/auth-guard.ts +114 -0
- package/test/utils/base.ts +16 -0
- package/test/utils/entities/account.ts +13 -0
- package/test/utils/entities/api-key.ts +15 -0
- package/test/utils/entities/audit.ts +18 -0
- package/test/utils/entities/index.ts +6 -0
- package/test/utils/entities/mapping.ts +20 -0
- package/test/utils/entities/organization.ts +13 -0
- package/test/utils/entities/role.ts +21 -0
- package/test/utils/entities/security-audit.ts +16 -0
- package/test/utils/index.ts +4 -0
- package/test/utils/models/audit-context.ts +10 -0
- package/test/utils/models/authorization.ts +7 -0
- package/test/utils/models/global-role.ts +22 -0
- package/test/utils/models/index.ts +5 -0
- package/test/utils/models/organization-role.ts +23 -0
- package/test/utils/models/publishable.ts +7 -0
- package/tsconfig.build.json +36 -0
- package/tsconfig.build.tsbuildinfo +1 -0
- package/dist/auth-guard-hook.d.ts.map +0 -1
- package/dist/auth-guard-hook.js.map +0 -1
- package/dist/cms.module.d.ts +0 -8
- package/dist/cms.module.d.ts.map +0 -1
- package/dist/cms.module.js +0 -44
- package/dist/cms.module.js.map +0 -1
- package/dist/cms.providers.d.ts +0 -120
- package/dist/cms.providers.d.ts.map +0 -1
- package/dist/cms.providers.js +0 -126
- package/dist/cms.providers.js.map +0 -1
- package/dist/collections/file.collection.d.ts +0 -21
- package/dist/collections/file.collection.d.ts.map +0 -1
- package/dist/collections/file.collection.js.map +0 -1
- package/dist/collections/text.collection.d.ts +0 -20
- package/dist/collections/text.collection.d.ts.map +0 -1
- package/dist/collections/text.collection.js +0 -56
- package/dist/collections/text.collection.js.map +0 -1
- package/dist/pipes/file.pipe.d.ts +0 -8
- /package/dist/{auth-guard-hook.d.ts → types/hooks/auth-guard-hook.d.ts} +0 -0
- /package/dist/{auth-guard-hook.js → types/hooks/auth-guard-hook.js} +0 -0
|
@@ -0,0 +1,218 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
19
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
20
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
21
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
22
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
23
|
+
};
|
|
24
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
25
|
+
var ownKeys = function(o) {
|
|
26
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
27
|
+
var ar = [];
|
|
28
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
29
|
+
return ar;
|
|
30
|
+
};
|
|
31
|
+
return ownKeys(o);
|
|
32
|
+
};
|
|
33
|
+
return function (mod) {
|
|
34
|
+
if (mod && mod.__esModule) return mod;
|
|
35
|
+
var result = {};
|
|
36
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
37
|
+
__setModuleDefault(result, mod);
|
|
38
|
+
return result;
|
|
39
|
+
};
|
|
40
|
+
})();
|
|
41
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
42
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
43
|
+
};
|
|
44
|
+
var OrganizationRoleManager_1;
|
|
45
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
46
|
+
exports.OrganizationRoleManager = void 0;
|
|
47
|
+
const common_1 = require("@nestjs/common");
|
|
48
|
+
const models = __importStar(require("@trailmix-cms/models"));
|
|
49
|
+
const services_1 = require("../services");
|
|
50
|
+
const collections_1 = require("../collections");
|
|
51
|
+
let OrganizationRoleManager = OrganizationRoleManager_1 = class OrganizationRoleManager {
|
|
52
|
+
organizationRoleService;
|
|
53
|
+
authorizationService;
|
|
54
|
+
organizationCollection;
|
|
55
|
+
securityAuditCollection;
|
|
56
|
+
logger = new common_1.Logger(OrganizationRoleManager_1.name);
|
|
57
|
+
constructor(organizationRoleService, authorizationService, organizationCollection, securityAuditCollection) {
|
|
58
|
+
this.organizationRoleService = organizationRoleService;
|
|
59
|
+
this.authorizationService = authorizationService;
|
|
60
|
+
this.organizationCollection = organizationCollection;
|
|
61
|
+
this.securityAuditCollection = securityAuditCollection;
|
|
62
|
+
}
|
|
63
|
+
async verifyOrganizationExists(organizationId) {
|
|
64
|
+
const organization = await this.organizationCollection.get(organizationId);
|
|
65
|
+
if (!organization) {
|
|
66
|
+
throw new common_1.BadRequestException('Organization not found');
|
|
67
|
+
}
|
|
68
|
+
}
|
|
69
|
+
async authorizeOrganizationAdmin(params) {
|
|
70
|
+
const { organizationId, principal } = params;
|
|
71
|
+
const accessResult = await this.authorizationService.resolveOrganizationAuthorization({
|
|
72
|
+
principal,
|
|
73
|
+
rolesAllowList: [
|
|
74
|
+
models.RoleValue.Admin,
|
|
75
|
+
models.RoleValue.Owner,
|
|
76
|
+
],
|
|
77
|
+
principalTypeAllowList: [models.Principal.Account, models.Principal.ApiKey],
|
|
78
|
+
organizationId: organizationId,
|
|
79
|
+
});
|
|
80
|
+
if (!accessResult.hasAccess) {
|
|
81
|
+
await this.securityAuditCollection.insertOne({
|
|
82
|
+
event_type: models.SecurityAuditEventType.UnauthorizedAccess,
|
|
83
|
+
principal_id: principal.entity._id,
|
|
84
|
+
principal_type: principal.principal_type,
|
|
85
|
+
message: `Insufficient permissions to access organization roles for organization ${organizationId}`,
|
|
86
|
+
source: OrganizationRoleManager_1.name,
|
|
87
|
+
});
|
|
88
|
+
// If the principal has at least reader organization role, throw a forbidden exception since they have access to the organization
|
|
89
|
+
if (accessResult.organizationRoles.some(role => [
|
|
90
|
+
models.RoleValue.Admin,
|
|
91
|
+
models.RoleValue.Owner,
|
|
92
|
+
models.RoleValue.User,
|
|
93
|
+
models.RoleValue.Reader,
|
|
94
|
+
].includes(role.role))) {
|
|
95
|
+
throw new common_1.ForbiddenException(`Insufficient permissions to access organization roles for organization ${organizationId}`);
|
|
96
|
+
}
|
|
97
|
+
throw new common_1.BadRequestException(`Organization ${organizationId} not found`);
|
|
98
|
+
}
|
|
99
|
+
return accessResult;
|
|
100
|
+
}
|
|
101
|
+
async insertOne(params, principal, auditContext) {
|
|
102
|
+
this.logger.log(`Assigning organization role ${params.role} to principal ${params.principal_id} (${params.principal_type}) in organization ${params.organization_id}`);
|
|
103
|
+
// Verify organization exists
|
|
104
|
+
await this.verifyOrganizationExists(params.organization_id);
|
|
105
|
+
// Check authorization - must be global admin or organization admin
|
|
106
|
+
await this.authorizeOrganizationAdmin({
|
|
107
|
+
organizationId: params.organization_id,
|
|
108
|
+
principal: principal
|
|
109
|
+
});
|
|
110
|
+
// Check if role already exists
|
|
111
|
+
const existing = await this.organizationRoleService.findOne(params);
|
|
112
|
+
if (existing) {
|
|
113
|
+
throw new common_1.BadRequestException('Organization role already assigned to this principal in this organization');
|
|
114
|
+
}
|
|
115
|
+
// Create the role
|
|
116
|
+
return await this.organizationRoleService.insertOne(params, auditContext);
|
|
117
|
+
}
|
|
118
|
+
async find(params, principal) {
|
|
119
|
+
this.logger.log(`Getting organization role assignments for query: ${JSON.stringify(params)}`);
|
|
120
|
+
const { organization_id } = params;
|
|
121
|
+
// Global admin can find all organization roles
|
|
122
|
+
if (!organization_id) {
|
|
123
|
+
const isGlobalAdmin = await this.authorizationService.isGlobalAdmin(principal.entity._id, principal.principal_type);
|
|
124
|
+
if (!isGlobalAdmin) {
|
|
125
|
+
throw new common_1.BadRequestException('organization_id is required');
|
|
126
|
+
}
|
|
127
|
+
return await this.organizationRoleService.find(params);
|
|
128
|
+
}
|
|
129
|
+
await this.verifyOrganizationExists(organization_id);
|
|
130
|
+
// Check authorization - must be global admin or organization admin
|
|
131
|
+
const accessResult = await this.authorizationService.resolveOrganizationAuthorization({
|
|
132
|
+
principal,
|
|
133
|
+
rolesAllowList: [
|
|
134
|
+
models.RoleValue.Admin,
|
|
135
|
+
models.RoleValue.Owner,
|
|
136
|
+
],
|
|
137
|
+
principalTypeAllowList: [models.Principal.Account, models.Principal.ApiKey],
|
|
138
|
+
organizationId: organization_id,
|
|
139
|
+
});
|
|
140
|
+
if (accessResult.hasAccess) {
|
|
141
|
+
return await this.organizationRoleService.find(params);
|
|
142
|
+
}
|
|
143
|
+
// Principal (non admin) is not trying to view their own organization roles (non admin)
|
|
144
|
+
if (params.principal_id &&
|
|
145
|
+
!params.principal_id.equals(principal.entity._id)) {
|
|
146
|
+
throw new common_1.BadRequestException('You cannot view organization roles for other principals');
|
|
147
|
+
}
|
|
148
|
+
// Principal (non admin) is not trying to view other principal types
|
|
149
|
+
if (params.principal_type &&
|
|
150
|
+
params.principal_type !== principal.principal_type) {
|
|
151
|
+
throw new common_1.BadRequestException('You cannot view organization roles for other principal types');
|
|
152
|
+
}
|
|
153
|
+
return accessResult.organizationRoles;
|
|
154
|
+
}
|
|
155
|
+
async get(id, principal) {
|
|
156
|
+
const role = await this.organizationRoleService.findOne({ _id: id });
|
|
157
|
+
if (!role) {
|
|
158
|
+
throw new common_1.NotFoundException('Organization role not found');
|
|
159
|
+
}
|
|
160
|
+
const accessResult = await this.authorizationService.resolveOrganizationAuthorization({
|
|
161
|
+
principal,
|
|
162
|
+
rolesAllowList: [
|
|
163
|
+
models.RoleValue.Admin,
|
|
164
|
+
models.RoleValue.Owner,
|
|
165
|
+
],
|
|
166
|
+
principalTypeAllowList: [models.Principal.Account, models.Principal.ApiKey],
|
|
167
|
+
organizationId: role.organization_id,
|
|
168
|
+
});
|
|
169
|
+
// If the principal is not org admin and does not have access to the organization
|
|
170
|
+
if (!accessResult.hasAccess &&
|
|
171
|
+
!accessResult.organizationRoles.some(role => [
|
|
172
|
+
models.RoleValue.Admin,
|
|
173
|
+
models.RoleValue.Owner,
|
|
174
|
+
models.RoleValue.User,
|
|
175
|
+
models.RoleValue.Reader,
|
|
176
|
+
].includes(role.role))) {
|
|
177
|
+
await this.securityAuditCollection.insertOne({
|
|
178
|
+
event_type: models.SecurityAuditEventType.UnauthorizedAccess,
|
|
179
|
+
principal_id: principal.entity._id,
|
|
180
|
+
principal_type: principal.principal_type,
|
|
181
|
+
message: `Insufficient permissions to access organization role ${role._id} for organization ${role.organization_id}`,
|
|
182
|
+
source: OrganizationRoleManager_1.name,
|
|
183
|
+
});
|
|
184
|
+
throw new common_1.BadRequestException(`Organization role ${role._id} not found for organization ${role.organization_id}`);
|
|
185
|
+
}
|
|
186
|
+
// Check to see if the role is assigned to the principal
|
|
187
|
+
if (!role.principal_id.equals(principal.entity._id) ||
|
|
188
|
+
role.principal_type !== principal.principal_type) {
|
|
189
|
+
throw new common_1.NotFoundException('Organization role not found');
|
|
190
|
+
}
|
|
191
|
+
return role;
|
|
192
|
+
}
|
|
193
|
+
async deleteOne(roleId, principal, auditContext) {
|
|
194
|
+
this.logger.log(`Removing organization role assignment ${roleId}`);
|
|
195
|
+
// Get the role to check its organization and validate it's an organization role
|
|
196
|
+
const role = await this.organizationRoleService.findOne({ _id: roleId });
|
|
197
|
+
if (!role) {
|
|
198
|
+
throw new common_1.NotFoundException('Organization role not found');
|
|
199
|
+
}
|
|
200
|
+
// Check authorization - user must be global admin or organization admin
|
|
201
|
+
await this.authorizeOrganizationAdmin({
|
|
202
|
+
organizationId: role.organization_id,
|
|
203
|
+
principal: principal,
|
|
204
|
+
});
|
|
205
|
+
// Delete the role
|
|
206
|
+
await this.organizationRoleService.deleteOne(roleId, auditContext);
|
|
207
|
+
this.logger.log(`Removed organization role ${roleId}`);
|
|
208
|
+
}
|
|
209
|
+
};
|
|
210
|
+
exports.OrganizationRoleManager = OrganizationRoleManager;
|
|
211
|
+
exports.OrganizationRoleManager = OrganizationRoleManager = OrganizationRoleManager_1 = __decorate([
|
|
212
|
+
(0, common_1.Injectable)(),
|
|
213
|
+
__metadata("design:paramtypes", [services_1.OrganizationRoleService,
|
|
214
|
+
services_1.AuthorizationService,
|
|
215
|
+
collections_1.OrganizationCollection,
|
|
216
|
+
collections_1.SecurityAuditCollection])
|
|
217
|
+
], OrganizationRoleManager);
|
|
218
|
+
//# sourceMappingURL=organization-role.manager.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"organization-role.manager.js","sourceRoot":"","sources":["../../src/managers/organization-role.manager.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAAgH;AAEhH,6DAA+C;AAG/C,0CAA4E;AAC5E,gDAAiF;AAO1E,IAAM,uBAAuB,+BAA7B,MAAM,uBAAuB;IAIX;IACA;IACA;IACA;IANJ,MAAM,GAAG,IAAI,eAAM,CAAC,yBAAuB,CAAC,IAAI,CAAC,CAAC;IAEnE,YACqB,uBAAgD,EAChD,oBAA0C,EAC1C,sBAA8C,EAC9C,uBAAgD;QAHhD,4BAAuB,GAAvB,uBAAuB,CAAyB;QAChD,yBAAoB,GAApB,oBAAoB,CAAsB;QAC1C,2BAAsB,GAAtB,sBAAsB,CAAwB;QAC9C,4BAAuB,GAAvB,uBAAuB,CAAyB;IACjE,CAAC;IAEG,KAAK,CAAC,wBAAwB,CAAC,cAAwB;QAC3D,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QAC3E,IAAI,CAAC,YAAY,EAAE,CAAC;YAChB,MAAM,IAAI,4BAAmB,CAAC,wBAAwB,CAAC,CAAC;QAC5D,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,0BAA0B,CAAC,MAGxC;QACG,MAAM,EAAE,cAAc,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC;QAC7C,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,gCAAgC,CAAC;YAClF,SAAS;YACT,cAAc,EAAE;gBACZ,MAAM,CAAC,SAAS,CAAC,KAAK;gBACtB,MAAM,CAAC,SAAS,CAAC,KAAK;aACzB;YACD,sBAAsB,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC;YAC3E,cAAc,EAAE,cAAc;SACjC,CAAC,CAAC;QAEH,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,CAAC;YAC1B,MAAM,IAAI,CAAC,uBAAuB,CAAC,SAAS,CAAC;gBACzC,UAAU,EAAE,MAAM,CAAC,sBAAsB,CAAC,kBAAkB;gBAC5D,YAAY,EAAE,SAAS,CAAC,MAAM,CAAC,GAAG;gBAClC,cAAc,EAAE,SAAS,CAAC,cAAc;gBACxC,OAAO,EAAE,0EAA0E,cAAc,EAAE;gBACnG,MAAM,EAAE,yBAAuB,CAAC,IAAI;aACvC,CAAC,CAAC;YACH,iIAAiI;YACjI,IAAI,YAAY,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC1C;gBACG,MAAM,CAAC,SAAS,CAAC,KAAK;gBACtB,MAAM,CAAC,SAAS,CAAC,KAAK;gBACtB,MAAM,CAAC,SAAS,CAAC,IAAI;gBACrB,MAAM,CAAC,SAAS,CAAC,MAAM;aAE1B,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;gBACzB,MAAM,IAAI,2BAAkB,CAAC,0EAA0E,cAAc,EAAE,CAAC,CAAC;YAC7H,CAAC;YACD,MAAM,IAAI,4BAAmB,CAAC,gBAAgB,cAAc,YAAY,CAAC,CAAC;QAC9E,CAAC;QAED,OAAO,YAAY,CAAC;IACxB,CAAC;IAED,KAAK,CAAC,SAAS,CACX,MAAoC,EACpC,SAA2B,EAC3B,YAAuC;QAEvC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,+BAA+B,MAAM,CAAC,IAAI,iBAAiB,MAAM,CAAC,YAAY,KAAK,MAAM,CAAC,cAAc,qBAAqB,MAAM,CAAC,eAAe,EAAE,CAAC,CAAC;QAEvK,6BAA6B;QAC7B,MAAM,IAAI,CAAC,wBAAwB,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;QAE5D,mEAAmE;QACnE,MAAM,IAAI,CAAC,0BAA0B,CAAC;YAClC,cAAc,EAAE,MAAM,CAAC,eAAe;YACtC,SAAS,EAAE,SAAS;SACvB,CAAC,CAAC;QAEH,+BAA+B;QAC/B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACpE,IAAI,QAAQ,EAAE,CAAC;YACX,MAAM,IAAI,4BAAmB,CAAC,2EAA2E,CAAC,CAAC;QAC/G,CAAC;QAED,kBAAkB;QAClB,OAAO,MAAM,IAAI,CAAC,uBAAuB,CAAC,SAAS,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;IAC9E,CAAC;IAED,KAAK,CAAC,IAAI,CACN,MAAkC,EAClC,SAA2B;QAE3B,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,oDAAoD,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC9F,MAAM,EAAE,eAAe,EAAE,GAAG,MAAM,CAAC;QACnC,+CAA+C;QAC/C,IAAI,CAAC,eAAe,EAAE,CAAC;YACnB,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,aAAa,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,EAAE,SAAS,CAAC,cAAc,CAAC,CAAC;YACpH,IAAI,CAAC,aAAa,EAAE,CAAC;gBACjB,MAAM,IAAI,4BAAmB,CAAC,6BAA6B,CAAC,CAAC;YACjE,CAAC;YACD,OAAO,MAAM,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC3D,CAAC;QAED,MAAM,IAAI,CAAC,wBAAwB,CAAC,eAAe,CAAC,CAAC;QAErD,mEAAmE;QACnE,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,gCAAgC,CAAC;YAClF,SAAS;YACT,cAAc,EAAE;gBACZ,MAAM,CAAC,SAAS,CAAC,KAAK;gBACtB,MAAM,CAAC,SAAS,CAAC,KAAK;aACzB;YACD,sBAAsB,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC;YAC3E,cAAc,EAAE,eAAe;SAClC,CAAC,CAAC;QACH,IAAI,YAAY,CAAC,SAAS,EAAE,CAAC;YACzB,OAAO,MAAM,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC3D,CAAC;QAED,uFAAuF;QACvF,IAAI,MAAM,CAAC,YAAY;YACnB,CAAC,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;YACpD,MAAM,IAAI,4BAAmB,CAAC,yDAAyD,CAAC,CAAC;QAC7F,CAAC;QAED,oEAAoE;QACpE,IAAI,MAAM,CAAC,cAAc;YACrB,MAAM,CAAC,cAAc,KAAK,SAAS,CAAC,cAAc,EAAE,CAAC;YACrD,MAAM,IAAI,4BAAmB,CAAC,8DAA8D,CAAC,CAAC;QAClG,CAAC;QAED,OAAO,YAAY,CAAC,iBAAiB,CAAC;IAC1C,CAAC;IAED,KAAK,CAAC,GAAG,CACL,EAAY,EACZ,SAA2B;QAE3B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC,CAAC;QACrE,IAAI,CAAC,IAAI,EAAE,CAAC;YACR,MAAM,IAAI,0BAAiB,CAAC,6BAA6B,CAAC,CAAC;QAC/D,CAAC;QAED,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,gCAAgC,CAAC;YAClF,SAAS;YACT,cAAc,EAAE;gBACZ,MAAM,CAAC,SAAS,CAAC,KAAK;gBACtB,MAAM,CAAC,SAAS,CAAC,KAAK;aACzB;YACD,sBAAsB,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC;YAC3E,cAAc,EAAE,IAAI,CAAC,eAAe;SACvC,CAAC,CAAC;QAEH,iFAAiF;QACjF,IAAI,CAAC,YAAY,CAAC,SAAS;YACvB,CAAC,YAAY,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACvC;gBACG,MAAM,CAAC,SAAS,CAAC,KAAK;gBACtB,MAAM,CAAC,SAAS,CAAC,KAAK;gBACtB,MAAM,CAAC,SAAS,CAAC,IAAI;gBACrB,MAAM,CAAC,SAAS,CAAC,MAAM;aACb,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EACzC,CAAC;YACC,MAAM,IAAI,CAAC,uBAAuB,CAAC,SAAS,CAAC;gBACzC,UAAU,EAAE,MAAM,CAAC,sBAAsB,CAAC,kBAAkB;gBAC5D,YAAY,EAAE,SAAS,CAAC,MAAM,CAAC,GAAG;gBAClC,cAAc,EAAE,SAAS,CAAC,cAAc;gBACxC,OAAO,EAAE,wDAAwD,IAAI,CAAC,GAAG,qBAAqB,IAAI,CAAC,eAAe,EAAE;gBACpH,MAAM,EAAE,yBAAuB,CAAC,IAAI;aACvC,CAAC,CAAC;YAEH,MAAM,IAAI,4BAAmB,CAAC,qBAAqB,IAAI,CAAC,GAAG,+BAA+B,IAAI,CAAC,eAAe,EAAE,CAAC,CAAC;QACtH,CAAC;QAED,wDAAwD;QACxD,IACI,CAAC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,CAAC;YAC/C,IAAI,CAAC,cAAc,KAAK,SAAS,CAAC,cAAc,EAClD,CAAC;YACC,MAAM,IAAI,0BAAiB,CAAC,6BAA6B,CAAC,CAAC;QAC/D,CAAC;QAED,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,SAAS,CACX,MAAgB,EAChB,SAA2B,EAC3B,YAAuC;QAEvC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,yCAAyC,MAAM,EAAE,CAAC,CAAC;QAEnE,gFAAgF;QAChF,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,CAAC,CAAC;QACzE,IAAI,CAAC,IAAI,EAAE,CAAC;YACR,MAAM,IAAI,0BAAiB,CAAC,6BAA6B,CAAC,CAAC;QAC/D,CAAC;QAED,wEAAwE;QACxE,MAAM,IAAI,CAAC,0BAA0B,CAAC;YAClC,cAAc,EAAE,IAAI,CAAC,eAAe;YACpC,SAAS,EAAE,SAAS;SACvB,CAAC,CAAC;QAEH,kBAAkB;QAClB,MAAM,IAAI,CAAC,uBAAuB,CAAC,SAAS,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;QACnE,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,6BAA6B,MAAM,EAAE,CAAC,CAAC;IAC3D,CAAC;CACJ,CAAA;AA3MY,0DAAuB;kCAAvB,uBAAuB;IADnC,IAAA,mBAAU,GAAE;qCAKqC,kCAAuB;QAC1B,+BAAoB;QAClB,oCAAsB;QACrB,qCAAuB;GAP5D,uBAAuB,CA2MnC"}
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
import { ObjectId } from 'mongodb';
|
|
2
|
+
import * as models from '@trailmix-cms/models';
|
|
3
|
+
import { Utils } from '@trailmix-cms/db';
|
|
4
|
+
import { OrganizationCollection, SecurityAuditCollection } from '../collections';
|
|
5
|
+
import { AuthorizationService, OrganizationRoleService, OrganizationService } from '../services';
|
|
6
|
+
import { RequestPrincipal } from '../types';
|
|
7
|
+
export type UpdateOrganizationParams = Partial<Utils.Creatable<models.Organization.Entity>>;
|
|
8
|
+
export type FindOrganizationsParams = Partial<Utils.Creatable<models.Organization.Entity>>;
|
|
9
|
+
export declare class OrganizationManager {
|
|
10
|
+
private readonly organizationCollection;
|
|
11
|
+
private readonly authorizationService;
|
|
12
|
+
private readonly organizationRoleService;
|
|
13
|
+
private readonly organizationService;
|
|
14
|
+
private readonly securityAuditCollection;
|
|
15
|
+
private readonly logger;
|
|
16
|
+
constructor(organizationCollection: OrganizationCollection, authorizationService: AuthorizationService, organizationRoleService: OrganizationRoleService, organizationService: OrganizationService, securityAuditCollection: SecurityAuditCollection);
|
|
17
|
+
private authorizeAdminOrganizationAccess;
|
|
18
|
+
private authorizeReaderOrganizationAccess;
|
|
19
|
+
find(filter: FindOrganizationsParams, principal: RequestPrincipal): Promise<import("mongodb").WithId<{
|
|
20
|
+
_id: ObjectId;
|
|
21
|
+
created_at: Date;
|
|
22
|
+
name: string;
|
|
23
|
+
updated_at?: Date | undefined;
|
|
24
|
+
}>[]>;
|
|
25
|
+
get(organization: models.Organization.Entity, principal: RequestPrincipal): Promise<{
|
|
26
|
+
_id: ObjectId;
|
|
27
|
+
created_at: Date;
|
|
28
|
+
name: string;
|
|
29
|
+
updated_at?: Date | undefined;
|
|
30
|
+
}>;
|
|
31
|
+
update(organization: models.Organization.Entity, update: UpdateOrganizationParams, principal: RequestPrincipal, auditContext: models.AuditContext.Model): Promise<import("mongodb").WithId<{
|
|
32
|
+
_id: ObjectId;
|
|
33
|
+
created_at: Date;
|
|
34
|
+
name: string;
|
|
35
|
+
updated_at?: Date | undefined;
|
|
36
|
+
}>>;
|
|
37
|
+
delete(organization: models.Organization.Entity, principal: RequestPrincipal, auditContext: models.AuditContext.Model): Promise<void>;
|
|
38
|
+
}
|
|
39
|
+
//# sourceMappingURL=organization.manager.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"organization.manager.d.ts","sourceRoot":"","sources":["../../src/managers/organization.manager.ts"],"names":[],"mappings":"AACA,OAAO,EAAU,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC3C,OAAO,KAAK,MAAM,MAAM,sBAAsB,CAAC;AAC/C,OAAO,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAC;AAEzC,OAAO,EAAE,sBAAsB,EAAE,uBAAuB,EAAE,MAAM,gBAAgB,CAAC;AACjF,OAAO,EAAE,oBAAoB,EAAE,uBAAuB,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AACjG,OAAO,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAG5C,MAAM,MAAM,wBAAwB,GAAG,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC;AAC5F,MAAM,MAAM,uBAAuB,GAAG,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC;AAE3F,qBACa,mBAAmB;IAIxB,OAAO,CAAC,QAAQ,CAAC,sBAAsB;IACvC,OAAO,CAAC,QAAQ,CAAC,oBAAoB;IACrC,OAAO,CAAC,QAAQ,CAAC,uBAAuB;IACxC,OAAO,CAAC,QAAQ,CAAC,mBAAmB;IACpC,OAAO,CAAC,QAAQ,CAAC,uBAAuB;IAP5C,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAwC;gBAG1C,sBAAsB,EAAE,sBAAsB,EAC9C,oBAAoB,EAAE,oBAAoB,EAC1C,uBAAuB,EAAE,uBAAuB,EAChD,mBAAmB,EAAE,mBAAmB,EACxC,uBAAuB,EAAE,uBAAuB;YAGvD,gCAAgC;YAwChC,iCAAiC;IAiCzC,IAAI,CACN,MAAM,EAAE,uBAAuB,EAC/B,SAAS,EAAE,gBAAgB;;;;;;IAwCzB,GAAG,CACL,YAAY,EAAE,MAAM,CAAC,YAAY,CAAC,MAAM,EACxC,SAAS,EAAE,gBAAgB;;;;;;IAYzB,MAAM,CACR,YAAY,EAAE,MAAM,CAAC,YAAY,CAAC,MAAM,EACxC,MAAM,EAAE,wBAAwB,EAChC,SAAS,EAAE,gBAAgB,EAC3B,YAAY,EAAE,MAAM,CAAC,YAAY,CAAC,KAAK;;;;;;IAwBrC,MAAM,CACR,YAAY,EAAE,MAAM,CAAC,YAAY,CAAC,MAAM,EACxC,SAAS,EAAE,gBAAgB,EAC3B,YAAY,EAAE,MAAM,CAAC,YAAY,CAAC,KAAK,GACxC,OAAO,CAAC,IAAI,CAAC;CAcnB"}
|
|
@@ -0,0 +1,196 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
19
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
20
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
21
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
22
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
23
|
+
};
|
|
24
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
25
|
+
var ownKeys = function(o) {
|
|
26
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
27
|
+
var ar = [];
|
|
28
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
29
|
+
return ar;
|
|
30
|
+
};
|
|
31
|
+
return ownKeys(o);
|
|
32
|
+
};
|
|
33
|
+
return function (mod) {
|
|
34
|
+
if (mod && mod.__esModule) return mod;
|
|
35
|
+
var result = {};
|
|
36
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
37
|
+
__setModuleDefault(result, mod);
|
|
38
|
+
return result;
|
|
39
|
+
};
|
|
40
|
+
})();
|
|
41
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
42
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
43
|
+
};
|
|
44
|
+
var OrganizationManager_1;
|
|
45
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
46
|
+
exports.OrganizationManager = void 0;
|
|
47
|
+
const common_1 = require("@nestjs/common");
|
|
48
|
+
const models = __importStar(require("@trailmix-cms/models"));
|
|
49
|
+
const collections_1 = require("../collections");
|
|
50
|
+
const services_1 = require("../services");
|
|
51
|
+
let OrganizationManager = OrganizationManager_1 = class OrganizationManager {
|
|
52
|
+
organizationCollection;
|
|
53
|
+
authorizationService;
|
|
54
|
+
organizationRoleService;
|
|
55
|
+
organizationService;
|
|
56
|
+
securityAuditCollection;
|
|
57
|
+
logger = new common_1.Logger(OrganizationManager_1.name);
|
|
58
|
+
constructor(organizationCollection, authorizationService, organizationRoleService, organizationService, securityAuditCollection) {
|
|
59
|
+
this.organizationCollection = organizationCollection;
|
|
60
|
+
this.authorizationService = authorizationService;
|
|
61
|
+
this.organizationRoleService = organizationRoleService;
|
|
62
|
+
this.organizationService = organizationService;
|
|
63
|
+
this.securityAuditCollection = securityAuditCollection;
|
|
64
|
+
}
|
|
65
|
+
async authorizeAdminOrganizationAccess(params) {
|
|
66
|
+
const { organizationId, principal, securityAuditMessage } = params;
|
|
67
|
+
const accessResult = await this.authorizationService.resolveOrganizationAuthorization({
|
|
68
|
+
principal,
|
|
69
|
+
rolesAllowList: [
|
|
70
|
+
models.RoleValue.Admin,
|
|
71
|
+
models.RoleValue.Owner,
|
|
72
|
+
],
|
|
73
|
+
principalTypeAllowList: [models.Principal.Account, models.Principal.ApiKey],
|
|
74
|
+
organizationId: organizationId,
|
|
75
|
+
});
|
|
76
|
+
if (!accessResult.hasAccess) {
|
|
77
|
+
await this.securityAuditCollection.insertOne({
|
|
78
|
+
event_type: models.SecurityAuditEventType.UnauthorizedAccess,
|
|
79
|
+
principal_id: principal.entity._id,
|
|
80
|
+
principal_type: principal.principal_type,
|
|
81
|
+
message: securityAuditMessage,
|
|
82
|
+
source: OrganizationManager_1.name,
|
|
83
|
+
});
|
|
84
|
+
// If the principal has at least reader organization role, throw a forbidden exception since they have access to the organization
|
|
85
|
+
if (accessResult.organizationRoles.some(role => [
|
|
86
|
+
models.RoleValue.Owner,
|
|
87
|
+
models.RoleValue.Admin,
|
|
88
|
+
models.RoleValue.User,
|
|
89
|
+
models.RoleValue.Reader,
|
|
90
|
+
].includes(role.role))) {
|
|
91
|
+
throw new common_1.ForbiddenException(`Insufficient permissions to perform this action on organization ${organizationId}`);
|
|
92
|
+
}
|
|
93
|
+
throw new common_1.NotFoundException(`Organization ${organizationId} not found`);
|
|
94
|
+
}
|
|
95
|
+
}
|
|
96
|
+
async authorizeReaderOrganizationAccess(params) {
|
|
97
|
+
const { organizationId, principal, securityAuditMessage } = params;
|
|
98
|
+
const accessResult = await this.authorizationService.resolveOrganizationAuthorization({
|
|
99
|
+
principal,
|
|
100
|
+
rolesAllowList: [
|
|
101
|
+
models.RoleValue.Owner,
|
|
102
|
+
models.RoleValue.Admin,
|
|
103
|
+
models.RoleValue.User,
|
|
104
|
+
models.RoleValue.Reader,
|
|
105
|
+
],
|
|
106
|
+
principalTypeAllowList: [models.Principal.Account, models.Principal.ApiKey],
|
|
107
|
+
organizationId: organizationId,
|
|
108
|
+
});
|
|
109
|
+
if (!accessResult.hasAccess) {
|
|
110
|
+
await this.securityAuditCollection.insertOne({
|
|
111
|
+
event_type: models.SecurityAuditEventType.UnauthorizedAccess,
|
|
112
|
+
principal_id: principal.entity._id,
|
|
113
|
+
principal_type: principal.principal_type,
|
|
114
|
+
message: securityAuditMessage,
|
|
115
|
+
source: OrganizationManager_1.name,
|
|
116
|
+
});
|
|
117
|
+
throw new common_1.NotFoundException(`Organization ${organizationId} not found`);
|
|
118
|
+
}
|
|
119
|
+
return accessResult;
|
|
120
|
+
}
|
|
121
|
+
async find(filter, principal) {
|
|
122
|
+
this.logger.log(`Finding organizations with filter: ${JSON.stringify(filter)}`);
|
|
123
|
+
// Global admins can see all organizations
|
|
124
|
+
const isGlobalAdmin = await this.authorizationService.isGlobalAdmin(principal.entity._id, principal.principal_type);
|
|
125
|
+
if (isGlobalAdmin) {
|
|
126
|
+
return await this.organizationCollection.find(filter);
|
|
127
|
+
}
|
|
128
|
+
// Non-global admins can only see organizations they belong to
|
|
129
|
+
const organizationRoles = await this.organizationRoleService.find({
|
|
130
|
+
principal_id: principal.entity._id,
|
|
131
|
+
principal_type: principal.principal_type,
|
|
132
|
+
role: {
|
|
133
|
+
$in: [
|
|
134
|
+
models.RoleValue.Owner,
|
|
135
|
+
models.RoleValue.Admin,
|
|
136
|
+
models.RoleValue.User,
|
|
137
|
+
models.RoleValue.Reader,
|
|
138
|
+
]
|
|
139
|
+
},
|
|
140
|
+
});
|
|
141
|
+
const organizationIds = organizationRoles.map(role => role.organization_id);
|
|
142
|
+
if (organizationIds.length === 0) {
|
|
143
|
+
return [];
|
|
144
|
+
}
|
|
145
|
+
const query = {
|
|
146
|
+
...filter,
|
|
147
|
+
_id: { $in: organizationIds },
|
|
148
|
+
};
|
|
149
|
+
return await this.organizationCollection.find(query);
|
|
150
|
+
}
|
|
151
|
+
async get(organization, principal) {
|
|
152
|
+
// Check authorization - user must be global admin or organization member
|
|
153
|
+
await this.authorizeReaderOrganizationAccess({
|
|
154
|
+
organizationId: organization._id,
|
|
155
|
+
principal,
|
|
156
|
+
securityAuditMessage: `Insufficient permissions to access organization ${organization._id}`,
|
|
157
|
+
});
|
|
158
|
+
return organization;
|
|
159
|
+
}
|
|
160
|
+
async update(organization, update, principal, auditContext) {
|
|
161
|
+
this.logger.log(`Updating organization ${organization._id}`);
|
|
162
|
+
// Check authorization - user must be global admin or organization admin
|
|
163
|
+
await this.authorizeAdminOrganizationAccess({
|
|
164
|
+
organizationId: organization._id,
|
|
165
|
+
principal,
|
|
166
|
+
securityAuditMessage: `Unauthorized attempt to update organization ${organization._id}`,
|
|
167
|
+
});
|
|
168
|
+
const updatedOrganization = await this.organizationCollection.findOneAndUpdate({ _id: organization._id }, update, auditContext);
|
|
169
|
+
if (!updatedOrganization) {
|
|
170
|
+
throw new common_1.InternalServerErrorException('Organization not found after update');
|
|
171
|
+
}
|
|
172
|
+
return updatedOrganization;
|
|
173
|
+
}
|
|
174
|
+
async delete(organization, principal, auditContext) {
|
|
175
|
+
this.logger.log(`Deleting organization ${organization._id}`);
|
|
176
|
+
// Check authorization - user must be global admin or organization admin
|
|
177
|
+
await this.authorizeAdminOrganizationAccess({
|
|
178
|
+
organizationId: organization._id,
|
|
179
|
+
principal,
|
|
180
|
+
securityAuditMessage: `Unauthorized attempt to delete organization ${organization._id}`,
|
|
181
|
+
});
|
|
182
|
+
// Use the service's deleteOrganization method which handles cascade delete with transactions
|
|
183
|
+
await this.organizationService.deleteOrganization(organization._id, auditContext);
|
|
184
|
+
this.logger.log(`Deleted organization ${organization._id}`);
|
|
185
|
+
}
|
|
186
|
+
};
|
|
187
|
+
exports.OrganizationManager = OrganizationManager;
|
|
188
|
+
exports.OrganizationManager = OrganizationManager = OrganizationManager_1 = __decorate([
|
|
189
|
+
(0, common_1.Injectable)(),
|
|
190
|
+
__metadata("design:paramtypes", [collections_1.OrganizationCollection,
|
|
191
|
+
services_1.AuthorizationService,
|
|
192
|
+
services_1.OrganizationRoleService,
|
|
193
|
+
services_1.OrganizationService,
|
|
194
|
+
collections_1.SecurityAuditCollection])
|
|
195
|
+
], OrganizationManager);
|
|
196
|
+
//# sourceMappingURL=organization.manager.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"organization.manager.js","sourceRoot":"","sources":["../../src/managers/organization.manager.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAAyH;AAEzH,6DAA+C;AAG/C,gDAAiF;AACjF,0CAAiG;AAQ1F,IAAM,mBAAmB,2BAAzB,MAAM,mBAAmB;IAIP;IACA;IACA;IACA;IACA;IAPJ,MAAM,GAAG,IAAI,eAAM,CAAC,qBAAmB,CAAC,IAAI,CAAC,CAAC;IAE/D,YACqB,sBAA8C,EAC9C,oBAA0C,EAC1C,uBAAgD,EAChD,mBAAwC,EACxC,uBAAgD;QAJhD,2BAAsB,GAAtB,sBAAsB,CAAwB;QAC9C,yBAAoB,GAApB,oBAAoB,CAAsB;QAC1C,4BAAuB,GAAvB,uBAAuB,CAAyB;QAChD,wBAAmB,GAAnB,mBAAmB,CAAqB;QACxC,4BAAuB,GAAvB,uBAAuB,CAAyB;IACjE,CAAC;IAEG,KAAK,CAAC,gCAAgC,CAAC,MAI9C;QACG,MAAM,EAAE,cAAc,EAAE,SAAS,EAAE,oBAAoB,EAAE,GAAG,MAAM,CAAC;QAEnE,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,gCAAgC,CAAC;YAClF,SAAS;YACT,cAAc,EAAE;gBACZ,MAAM,CAAC,SAAS,CAAC,KAAK;gBACtB,MAAM,CAAC,SAAS,CAAC,KAAK;aACzB;YACD,sBAAsB,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC;YAC3E,cAAc,EAAE,cAAc;SACjC,CAAC,CAAC;QAEH,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,CAAC;YAC1B,MAAM,IAAI,CAAC,uBAAuB,CAAC,SAAS,CAAC;gBACzC,UAAU,EAAE,MAAM,CAAC,sBAAsB,CAAC,kBAAkB;gBAC5D,YAAY,EAAE,SAAS,CAAC,MAAM,CAAC,GAAG;gBAClC,cAAc,EAAE,SAAS,CAAC,cAAc;gBACxC,OAAO,EAAE,oBAAoB;gBAC7B,MAAM,EAAE,qBAAmB,CAAC,IAAI;aACnC,CAAC,CAAC;YACH,iIAAiI;YACjI,IAAI,YAAY,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC1C;gBACG,MAAM,CAAC,SAAS,CAAC,KAAK;gBACtB,MAAM,CAAC,SAAS,CAAC,KAAK;gBACtB,MAAM,CAAC,SAAS,CAAC,IAAI;gBACrB,MAAM,CAAC,SAAS,CAAC,MAAM;aAE1B,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;gBACzB,MAAM,IAAI,2BAAkB,CAAC,mEAAmE,cAAc,EAAE,CAAC,CAAC;YACtH,CAAC;YACD,MAAM,IAAI,0BAAiB,CAAC,gBAAgB,cAAc,YAAY,CAAC,CAAC;QAC5E,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,iCAAiC,CAAC,MAI/C;QACG,MAAM,EAAE,cAAc,EAAE,SAAS,EAAE,oBAAoB,EAAE,GAAG,MAAM,CAAC;QAEnE,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,gCAAgC,CAAC;YAClF,SAAS;YACT,cAAc,EAAE;gBACZ,MAAM,CAAC,SAAS,CAAC,KAAK;gBACtB,MAAM,CAAC,SAAS,CAAC,KAAK;gBACtB,MAAM,CAAC,SAAS,CAAC,IAAI;gBACrB,MAAM,CAAC,SAAS,CAAC,MAAM;aAC1B;YACD,sBAAsB,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC;YAC3E,cAAc,EAAE,cAAc;SACjC,CAAC,CAAC;QAEH,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,CAAC;YAC1B,MAAM,IAAI,CAAC,uBAAuB,CAAC,SAAS,CAAC;gBACzC,UAAU,EAAE,MAAM,CAAC,sBAAsB,CAAC,kBAAkB;gBAC5D,YAAY,EAAE,SAAS,CAAC,MAAM,CAAC,GAAG;gBAClC,cAAc,EAAE,SAAS,CAAC,cAAc;gBACxC,OAAO,EAAE,oBAAoB;gBAC7B,MAAM,EAAE,qBAAmB,CAAC,IAAI;aACnC,CAAC,CAAC;YACH,MAAM,IAAI,0BAAiB,CAAC,gBAAgB,cAAc,YAAY,CAAC,CAAC;QAC5E,CAAC;QAED,OAAO,YAAY,CAAC;IACxB,CAAC;IAED,KAAK,CAAC,IAAI,CACN,MAA+B,EAC/B,SAA2B;QAE3B,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,sCAAsC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAEhF,0CAA0C;QAC1C,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,aAAa,CAC/D,SAAS,CAAC,MAAM,CAAC,GAAG,EACpB,SAAS,CAAC,cAAc,CAC3B,CAAC;QACF,IAAI,aAAa,EAAE,CAAC;YAChB,OAAO,MAAM,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC1D,CAAC;QAED,8DAA8D;QAC9D,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC;YAC9D,YAAY,EAAE,SAAS,CAAC,MAAM,CAAC,GAAG;YAClC,cAAc,EAAE,SAAS,CAAC,cAAc;YACxC,IAAI,EAAE;gBACF,GAAG,EAAE;oBACD,MAAM,CAAC,SAAS,CAAC,KAAK;oBACtB,MAAM,CAAC,SAAS,CAAC,KAAK;oBACtB,MAAM,CAAC,SAAS,CAAC,IAAI;oBACrB,MAAM,CAAC,SAAS,CAAC,MAAM;iBAC1B;aACJ;SACqC,CAAC,CAAC;QAE5C,MAAM,eAAe,GAAG,iBAAiB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAC5E,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/B,OAAO,EAAE,CAAC;QACd,CAAC;QAED,MAAM,KAAK,GAAuC;YAC9C,GAAG,MAAM;YACT,GAAG,EAAE,EAAE,GAAG,EAAE,eAAe,EAAE;SAChC,CAAC;QAEF,OAAO,MAAM,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACzD,CAAC;IAED,KAAK,CAAC,GAAG,CACL,YAAwC,EACxC,SAA2B;QAE3B,yEAAyE;QACzE,MAAM,IAAI,CAAC,iCAAiC,CAAC;YACzC,cAAc,EAAE,YAAY,CAAC,GAAG;YAChC,SAAS;YACT,oBAAoB,EAAE,mDAAmD,YAAY,CAAC,GAAG,EAAE;SAC9F,CAAC,CAAC;QAEH,OAAO,YAAY,CAAC;IACxB,CAAC;IAED,KAAK,CAAC,MAAM,CACR,YAAwC,EACxC,MAAgC,EAChC,SAA2B,EAC3B,YAAuC;QAEvC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,yBAAyB,YAAY,CAAC,GAAG,EAAE,CAAC,CAAC;QAE7D,wEAAwE;QACxE,MAAM,IAAI,CAAC,gCAAgC,CAAC;YACxC,cAAc,EAAE,YAAY,CAAC,GAAG;YAChC,SAAS;YACT,oBAAoB,EAAE,+CAA+C,YAAY,CAAC,GAAG,EAAE;SAC1F,CAAC,CAAC;QAEH,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,gBAAgB,CAC1E,EAAE,GAAG,EAAE,YAAY,CAAC,GAAG,EAAE,EACzB,MAAM,EACN,YAAY,CACf,CAAC;QAEF,IAAI,CAAC,mBAAmB,EAAE,CAAC;YACvB,MAAM,IAAI,qCAA4B,CAAC,qCAAqC,CAAC,CAAC;QAClF,CAAC;QAED,OAAO,mBAAmB,CAAC;IAC/B,CAAC;IAED,KAAK,CAAC,MAAM,CACR,YAAwC,EACxC,SAA2B,EAC3B,YAAuC;QAEvC,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,yBAAyB,YAAY,CAAC,GAAG,EAAE,CAAC,CAAC;QAE7D,wEAAwE;QACxE,MAAM,IAAI,CAAC,gCAAgC,CAAC;YACxC,cAAc,EAAE,YAAY,CAAC,GAAG;YAChC,SAAS;YACT,oBAAoB,EAAE,+CAA+C,YAAY,CAAC,GAAG,EAAE;SAC1F,CAAC,CAAC;QAEH,6FAA6F;QAC7F,MAAM,IAAI,CAAC,mBAAmB,CAAC,kBAAkB,CAAC,YAAY,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC;QAClF,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,wBAAwB,YAAY,CAAC,GAAG,EAAE,CAAC,CAAC;IAChE,CAAC;CACJ,CAAA;AA1LY,kDAAmB;8BAAnB,mBAAmB;IAD/B,IAAA,mBAAU,GAAE;qCAKoC,oCAAsB;QACxB,+BAAoB;QACjB,kCAAuB;QAC3B,8BAAmB;QACf,qCAAuB;GAR5D,mBAAmB,CA0L/B"}
|
package/dist/module.d.ts
ADDED
|
@@ -0,0 +1,92 @@
|
|
|
1
|
+
import { OptionalUnlessRequiredId, Collection } from 'mongodb';
|
|
2
|
+
import { ZodType } from 'zod';
|
|
3
|
+
import * as models from '@trailmix-cms/models';
|
|
4
|
+
import { type CollectionConfig } from './types';
|
|
5
|
+
import * as Collections from './collections';
|
|
6
|
+
import * as Services from './services';
|
|
7
|
+
import * as Managers from './managers';
|
|
8
|
+
import { type FeatureConfig } from './types';
|
|
9
|
+
export interface TrailmixCMSOptions<AccountEntity extends models.Account.Entity = models.Account.Entity, AccountDtoEntity = AccountEntity, OrganizationEntity extends models.Organization.Entity = models.Organization.Entity, OrganizationDtoEntity = OrganizationEntity> {
|
|
10
|
+
entities?: {
|
|
11
|
+
accountSchema?: ZodType<OptionalUnlessRequiredId<AccountEntity>>;
|
|
12
|
+
accountSetup?: (collection: Collection<AccountEntity>) => Promise<void>;
|
|
13
|
+
accountDtoSchema?: ZodType<OptionalUnlessRequiredId<AccountDtoEntity>>;
|
|
14
|
+
accountMapEntity?: (entity: AccountEntity) => AccountDtoEntity;
|
|
15
|
+
accountConfig?: CollectionConfig;
|
|
16
|
+
organizationSchema?: ZodType<OptionalUnlessRequiredId<OrganizationEntity>>;
|
|
17
|
+
organizationSetup?: (collection: Collection<OrganizationEntity>) => Promise<void>;
|
|
18
|
+
organizationDtoSchema?: ZodType<OptionalUnlessRequiredId<OrganizationDtoEntity>>;
|
|
19
|
+
organizationMapEntity?: (entity: OrganizationEntity) => OrganizationDtoEntity;
|
|
20
|
+
organizationConfig?: CollectionConfig;
|
|
21
|
+
};
|
|
22
|
+
features?: FeatureConfig;
|
|
23
|
+
}
|
|
24
|
+
export declare function setupTrailmixCMS<AccountEntity extends models.Account.Entity = models.Account.Entity, AccountDtoEntity = AccountEntity, OrganizationEntity extends models.Organization.Entity = models.Organization.Entity, OrganizationDtoEntity = OrganizationEntity>(options?: TrailmixCMSOptions<AccountEntity, AccountDtoEntity, OrganizationEntity, OrganizationDtoEntity>): {
|
|
25
|
+
providers: (typeof Collections.AccountCollection | typeof Collections.OrganizationCollection | typeof Collections.RoleCollection | typeof Collections.SecurityAuditCollection | typeof Collections.ApiKeyCollection | typeof Services.AccountService | typeof Services.GlobalRoleService | typeof Services.AuthService | typeof Services.OrganizationRoleService | typeof Services.AuthorizationService | typeof Services.ApiKeyService | typeof Services.OrganizationService | typeof Managers.GlobalRoleManager | typeof Managers.OrganizationRoleManager | typeof Managers.OrganizationManager | typeof import("@trailmix-cms/db/dist/collections").AuditCollection | {
|
|
26
|
+
provide: string;
|
|
27
|
+
inject: {
|
|
28
|
+
new (internalConfig?: Record<string, any>): import("@nestjs/config").ConfigService<{
|
|
29
|
+
onModuleInit: boolean;
|
|
30
|
+
MONGODB_CONNECTION_STRING: string;
|
|
31
|
+
MONGODB_DATABASE_NAME: string;
|
|
32
|
+
GENERATE_SPEC: boolean;
|
|
33
|
+
isDevelopment: boolean;
|
|
34
|
+
isDev: boolean;
|
|
35
|
+
isTest: boolean;
|
|
36
|
+
isProduction: boolean;
|
|
37
|
+
isProd: boolean;
|
|
38
|
+
}, false>;
|
|
39
|
+
}[];
|
|
40
|
+
useFactory: (configService: import("@nestjs/config").ConfigService<import("@trailmix-cms/db").AppConfig>) => Promise<{
|
|
41
|
+
client: import("mongodb").MongoClient;
|
|
42
|
+
db: import("mongodb").Db;
|
|
43
|
+
}>;
|
|
44
|
+
} | typeof import("@trailmix-cms/db").DatabaseService | {
|
|
45
|
+
provide: string;
|
|
46
|
+
useFactory: (databaseService: import("@trailmix-cms/db").DatabaseService) => Promise<import("mongodb").Collection<import("bson").Document>>;
|
|
47
|
+
inject: (typeof import("@trailmix-cms/db").DatabaseService)[];
|
|
48
|
+
} | {
|
|
49
|
+
provide: string;
|
|
50
|
+
useFactory: (databaseService: import("@trailmix-cms/db").DatabaseService) => Promise<Collection<import("bson").Document>>;
|
|
51
|
+
inject: (typeof import("@trailmix-cms/db").DatabaseService)[];
|
|
52
|
+
} | {
|
|
53
|
+
provide: typeof Services.FeatureService;
|
|
54
|
+
useValue: Services.FeatureService;
|
|
55
|
+
} | {
|
|
56
|
+
provide: "TRAILMIXCMS_CMS_ACCOUNT_SCHEMA";
|
|
57
|
+
useValue: import("zod").ZodObject<{
|
|
58
|
+
_id: import("zod").ZodCodec<import("zod").ZodString, import("zod").ZodCustom<import("bson").ObjectId, import("bson").ObjectId>>;
|
|
59
|
+
created_at: import("zod").ZodCodec<import("zod").ZodISODateTime, import("zod").ZodDate>;
|
|
60
|
+
updated_at: import("zod").ZodOptional<import("zod").ZodCodec<import("zod").ZodISODateTime, import("zod").ZodDate>>;
|
|
61
|
+
user_id: import("zod").ZodString;
|
|
62
|
+
}, import("zod/v4/core").$strip> | ZodType<OptionalUnlessRequiredId<AccountEntity>, unknown, import("zod/v4/core").$ZodTypeInternals<OptionalUnlessRequiredId<AccountEntity>, unknown>>;
|
|
63
|
+
} | {
|
|
64
|
+
provide: "TRAILMIXCMS_CMS_ACCOUNT_SETUP";
|
|
65
|
+
useValue: (collection: Collection<AccountEntity>) => Promise<void>;
|
|
66
|
+
} | {
|
|
67
|
+
provide: "TRAILMIXCMS_CMS_ACCOUNT_CONFIG";
|
|
68
|
+
useValue: CollectionConfig;
|
|
69
|
+
} | {
|
|
70
|
+
provide: "TRAILMIXCMS_CMS_ACCOUNT_MAP_ENTITY";
|
|
71
|
+
useValue: ((entity: AccountEntity) => AccountDtoEntity) | ((entity: AccountEntity) => AccountEntity);
|
|
72
|
+
} | {
|
|
73
|
+
provide: "TRAILMIXCMS_CMS_ORGANIZATION_SCHEMA";
|
|
74
|
+
useValue: import("zod").ZodObject<{
|
|
75
|
+
_id: import("zod").ZodCodec<import("zod").ZodString, import("zod").ZodCustom<import("bson").ObjectId, import("bson").ObjectId>>;
|
|
76
|
+
created_at: import("zod").ZodCodec<import("zod").ZodISODateTime, import("zod").ZodDate>;
|
|
77
|
+
updated_at: import("zod").ZodOptional<import("zod").ZodCodec<import("zod").ZodISODateTime, import("zod").ZodDate>>;
|
|
78
|
+
name: import("zod").ZodString;
|
|
79
|
+
}, import("zod/v4/core").$strip> | ZodType<OptionalUnlessRequiredId<OrganizationEntity>, unknown, import("zod/v4/core").$ZodTypeInternals<OptionalUnlessRequiredId<OrganizationEntity>, unknown>>;
|
|
80
|
+
} | {
|
|
81
|
+
provide: "TRAILMIXCMS_CMS_ORGANIZATION_SETUP";
|
|
82
|
+
useValue: (collection: Collection<OrganizationEntity>) => Promise<void>;
|
|
83
|
+
} | {
|
|
84
|
+
provide: "TRAILMIXCMS_CMS_ORGANIZATION_CONFIG";
|
|
85
|
+
useValue: CollectionConfig;
|
|
86
|
+
} | {
|
|
87
|
+
provide: "TRAILMIXCMS_CMS_ORGANIZATION_MAP_ENTITY";
|
|
88
|
+
useValue: ((entity: OrganizationEntity) => OrganizationDtoEntity) | ((entity: OrganizationEntity) => OrganizationEntity);
|
|
89
|
+
})[];
|
|
90
|
+
controllers: any[];
|
|
91
|
+
};
|
|
92
|
+
//# sourceMappingURL=module.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"module.d.ts","sourceRoot":"","sources":["../src/module.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,wBAAwB,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAC/D,OAAO,EAAE,OAAO,EAAE,MAAM,KAAK,CAAC;AAC9B,OAAO,KAAK,MAAM,MAAM,sBAAsB,CAAC;AAK/C,OAAO,EAAE,KAAK,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAEhD,OAAO,KAAK,WAAW,MAAM,eAAe,CAAC;AAC7C,OAAO,KAAK,QAAQ,MAAM,YAAY,CAAC;AACvC,OAAO,KAAK,QAAQ,MAAM,YAAY,CAAC;AACvC,OAAO,EAAE,KAAK,aAAa,EAAE,MAAM,SAAS,CAAC;AAO7C,MAAM,WAAW,kBAAkB,CAC/B,aAAa,SAAS,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,EACnE,gBAAgB,GAAG,aAAa,EAEhC,kBAAkB,SAAS,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,EAClF,qBAAqB,GAAG,kBAAkB;IAE1C,QAAQ,CAAC,EAAE;QACP,aAAa,CAAC,EAAE,OAAO,CAAC,wBAAwB,CAAC,aAAa,CAAC,CAAC,CAAC;QACjE,YAAY,CAAC,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC,aAAa,CAAC,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;QACxE,gBAAgB,CAAC,EAAE,OAAO,CAAC,wBAAwB,CAAC,gBAAgB,CAAC,CAAC,CAAC;QACvE,gBAAgB,CAAC,EAAE,CAAC,MAAM,EAAE,aAAa,KAAK,gBAAgB,CAAC;QAC/D,aAAa,CAAC,EAAE,gBAAgB,CAAC;QAEjC,kBAAkB,CAAC,EAAE,OAAO,CAAC,wBAAwB,CAAC,kBAAkB,CAAC,CAAC,CAAC;QAC3E,iBAAiB,CAAC,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC,kBAAkB,CAAC,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;QAClF,qBAAqB,CAAC,EAAE,OAAO,CAAC,wBAAwB,CAAC,qBAAqB,CAAC,CAAC,CAAC;QACjF,qBAAqB,CAAC,EAAE,CAAC,MAAM,EAAE,kBAAkB,KAAK,qBAAqB,CAAC;QAC9E,kBAAkB,CAAC,EAAE,gBAAgB,CAAC;KACzC,CAAC;IACF,QAAQ,CAAC,EAAE,aAAa,CAAA;CAC3B;AAED,wBAAgB,gBAAgB,CAC5B,aAAa,SAAS,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,EACnE,gBAAgB,GAAG,aAAa,EAEhC,kBAAkB,SAAS,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,MAAM,CAAC,YAAY,CAAC,MAAM,EAClF,qBAAqB,GAAG,kBAAkB,EAE5C,OAAO,CAAC,EAAE,kBAAkB,CAC1B,aAAa,EACb,gBAAgB,EAChB,kBAAkB,EAClB,qBAAqB,CACxB;;;;+BAlDe,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;6DAwBiD,OAAO,CAAC,IAAI,CAAC;;;;;;;;;;;;;;;;;kEAMH,OAAO,CAAC,IAAI,CAAC;;;;;;;;;EAkHxF"}
|