@trailmix-cms/cms 0.7.3 → 0.7.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/services/authorization.service.d.ts +2 -2
- package/dist/services/authorization.service.d.ts.map +1 -1
- package/dist/services/authorization.service.js +12 -5
- package/dist/services/authorization.service.js.map +1 -1
- package/package.json +7 -7
- package/test/unit/services/authorization.service.spec.ts +33 -0
- package/tsconfig.build.tsbuildinfo +1 -1
|
@@ -7,10 +7,10 @@ import * as trailmixModels from '@trailmix-cms/models';
|
|
|
7
7
|
import { SecurityAuditCollection } from '../collections/security-audit.collection';
|
|
8
8
|
export declare class AuthorizationService {
|
|
9
9
|
private readonly globalRoleService;
|
|
10
|
-
private readonly organizationRoleService;
|
|
11
10
|
private readonly securityAuditCollection;
|
|
11
|
+
private readonly organizationRoleService?;
|
|
12
12
|
private readonly logger;
|
|
13
|
-
constructor(globalRoleService: GlobalRoleService,
|
|
13
|
+
constructor(globalRoleService: GlobalRoleService, securityAuditCollection: SecurityAuditCollection, organizationRoleService?: OrganizationRoleService | undefined);
|
|
14
14
|
/**
|
|
15
15
|
* Check if a principal is a global admin
|
|
16
16
|
* @param principalId - The principal's ID
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization.service.d.ts","sourceRoot":"","sources":["../../src/services/authorization.service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACnC,OAAO,KAAK,MAAM,MAAM,sBAAsB,CAAC;AAC/C,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,uBAAuB,EAAE,MAAM,6BAA6B,CAAC;AACtE,OAAO,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAC5C,OAAO,KAAK,cAAc,MAAM,sBAAsB,CAAC;AACvD,OAAO,EAAE,uBAAuB,EAAE,MAAM,0CAA0C,CAAC;AAEnF,qBACa,oBAAoB;IAIzB,OAAO,CAAC,QAAQ,CAAC,iBAAiB;IAClC,OAAO,CAAC,QAAQ,CAAC,uBAAuB;
|
|
1
|
+
{"version":3,"file":"authorization.service.d.ts","sourceRoot":"","sources":["../../src/services/authorization.service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACnC,OAAO,KAAK,MAAM,MAAM,sBAAsB,CAAC;AAC/C,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,uBAAuB,EAAE,MAAM,6BAA6B,CAAC;AACtE,OAAO,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAC5C,OAAO,KAAK,cAAc,MAAM,sBAAsB,CAAC;AACvD,OAAO,EAAE,uBAAuB,EAAE,MAAM,0CAA0C,CAAC;AAEnF,qBACa,oBAAoB;IAIzB,OAAO,CAAC,QAAQ,CAAC,iBAAiB;IAClC,OAAO,CAAC,QAAQ,CAAC,uBAAuB;IAC5B,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAC;IALzD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAyC;gBAG3C,iBAAiB,EAAE,iBAAiB,EACpC,uBAAuB,EAAE,uBAAuB,EACpC,uBAAuB,CAAC,EAAE,uBAAuB,YAAA;IAGlF;;;;;OAKG;IACG,aAAa,CAAC,WAAW,EAAE,QAAQ,EAAE,aAAa,EAAE,MAAM,CAAC,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC;IAUvF,gCAAgC,CAAC,MAAM,EAAE;QAC3C,SAAS,EAAE,gBAAgB,CAAC;QAC5B,cAAc,EAAE,MAAM,EAAE,CAAC;QACzB,sBAAsB,EAAE,MAAM,CAAC,SAAS,EAAE,CAAC;QAC3C,cAAc,EAAE,QAAQ,CAAC;KAC5B;;;;;;;;;;;;;;;;;;;;;IAiCK,iCAAiC,CAAC,SAAS,EAAE,gBAAgB,EAAE,eAAe,EAAE,cAAc,CAAC,WAAW,EAAE,aAAa,CAAC,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC;CA8DhK"}
|
|
@@ -41,6 +41,9 @@ var __importStar = (this && this.__importStar) || (function () {
|
|
|
41
41
|
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
42
42
|
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
43
43
|
};
|
|
44
|
+
var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
45
|
+
return function (target, key) { decorator(target, key, paramIndex); }
|
|
46
|
+
};
|
|
44
47
|
var AuthorizationService_1;
|
|
45
48
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
46
49
|
exports.AuthorizationService = void 0;
|
|
@@ -52,13 +55,13 @@ const trailmixModels = __importStar(require("@trailmix-cms/models"));
|
|
|
52
55
|
const security_audit_collection_1 = require("../collections/security-audit.collection");
|
|
53
56
|
let AuthorizationService = AuthorizationService_1 = class AuthorizationService {
|
|
54
57
|
globalRoleService;
|
|
55
|
-
organizationRoleService;
|
|
56
58
|
securityAuditCollection;
|
|
59
|
+
organizationRoleService;
|
|
57
60
|
logger = new common_1.Logger(AuthorizationService_1.name);
|
|
58
|
-
constructor(globalRoleService,
|
|
61
|
+
constructor(globalRoleService, securityAuditCollection, organizationRoleService) {
|
|
59
62
|
this.globalRoleService = globalRoleService;
|
|
60
|
-
this.organizationRoleService = organizationRoleService;
|
|
61
63
|
this.securityAuditCollection = securityAuditCollection;
|
|
64
|
+
this.organizationRoleService = organizationRoleService;
|
|
62
65
|
}
|
|
63
66
|
/**
|
|
64
67
|
* Check if a principal is a global admin
|
|
@@ -83,6 +86,9 @@ let AuthorizationService = AuthorizationService_1 = class AuthorizationService {
|
|
|
83
86
|
principal_type
|
|
84
87
|
});
|
|
85
88
|
const isGlobalAdmin = globalRoles.some(role => role.role === models.RoleValue.Admin);
|
|
89
|
+
if (!this.organizationRoleService) {
|
|
90
|
+
throw new Error('OrganizationRoleService is not available. Organizations feature must be enabled to use resolveOrganizationAuthorization.');
|
|
91
|
+
}
|
|
86
92
|
const organizationRoles = await this.organizationRoleService.find({
|
|
87
93
|
principal_id,
|
|
88
94
|
principal_type,
|
|
@@ -160,8 +166,9 @@ let AuthorizationService = AuthorizationService_1 = class AuthorizationService {
|
|
|
160
166
|
exports.AuthorizationService = AuthorizationService;
|
|
161
167
|
exports.AuthorizationService = AuthorizationService = AuthorizationService_1 = __decorate([
|
|
162
168
|
(0, common_1.Injectable)(),
|
|
169
|
+
__param(2, (0, common_1.Optional)()),
|
|
163
170
|
__metadata("design:paramtypes", [global_role_service_1.GlobalRoleService,
|
|
164
|
-
|
|
165
|
-
|
|
171
|
+
security_audit_collection_1.SecurityAuditCollection,
|
|
172
|
+
organization_role_service_1.OrganizationRoleService])
|
|
166
173
|
], AuthorizationService);
|
|
167
174
|
//# sourceMappingURL=authorization.service.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"authorization.service.js","sourceRoot":"","sources":["../../src/services/authorization.service.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"authorization.service.js","sourceRoot":"","sources":["../../src/services/authorization.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAAmF;AAEnF,6DAA+C;AAC/C,+DAA0D;AAC1D,2EAAsE;AAEtE,qEAAuD;AACvD,wFAAmF;AAG5E,IAAM,oBAAoB,4BAA1B,MAAM,oBAAoB;IAIR;IACA;IACY;IALhB,MAAM,GAAG,IAAI,eAAM,CAAC,sBAAoB,CAAC,IAAI,CAAC,CAAC;IAEhE,YACqB,iBAAoC,EACpC,uBAAgD,EACpC,uBAAiD;QAF7D,sBAAiB,GAAjB,iBAAiB,CAAmB;QACpC,4BAAuB,GAAvB,uBAAuB,CAAyB;QACpC,4BAAuB,GAAvB,uBAAuB,CAA0B;IAC9E,CAAC;IAEL;;;;;OAKG;IACH,KAAK,CAAC,aAAa,CAAC,WAAqB,EAAE,aAA+B;QACtE,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC;YACrD,YAAY,EAAE,WAAW;YACzB,cAAc,EAAE,aAAa;YAC7B,IAAI,EAAE,MAAM,CAAC,SAAS,CAAC,KAAK;SAC/B,CAAC,CAAC;QACH,OAAO,CAAC,CAAC,WAAW,CAAC;IACzB,CAAC;IAGD,KAAK,CAAC,gCAAgC,CAAC,MAKtC;QACG,MAAM,EAAE,SAAS,EAAE,cAAc,EAAE,sBAAsB,EAAE,cAAc,EAAE,GAAG,MAAM,CAAC;QAErF,MAAM,YAAY,GAAG,SAAS,CAAC,MAAM,CAAC,GAAG,CAAC;QAC1C,MAAM,cAAc,GAAG,SAAS,CAAC,cAAc,CAAC;QAChD,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC;YAClD,YAAY;YACZ,cAAc;SACjB,CAAC,CAAC;QACH,MAAM,aAAa,GAAG,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,KAAK,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAErF,IAAI,CAAC,IAAI,CAAC,uBAAuB,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,0HAA0H,CAAC,CAAC;QAChJ,CAAC;QAED,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,IAAI,CAAC;YAC9D,YAAY;YACZ,cAAc;YACd,eAAe,EAAE,cAAc;SAClC,CAAC,CAAC;QAEH,MAAM,SAAS,GAAG,aAAa;YAC3B,CACI,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;gBAC1B,OAAO,cAAc,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC9C,CAAC,CAAC;gBACF,sBAAsB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAClD,CAAC;QAEN,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,WAAW,EAAE,iBAAiB,EAAE,CAAC;IACxE,CAAC;IAGD,KAAK,CAAC,iCAAiC,CAAC,SAA2B,EAAE,eAA2C,EAAE,aAAwB;QACtI,4CAA4C;QAC5C,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,EAAE,SAAS,CAAC,cAAc,CAAC,CAAC;QAC/F,IAAI,aAAa,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC;QAChB,CAAC;QAED,QAAQ,eAAe,EAAE,CAAC;YACtB,KAAK,cAAc,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC;gBACrC,MAAM,IAAI,CAAC,uBAAuB,CAAC,SAAS,CAAC;oBACzC,UAAU,EAAE,cAAc,CAAC,sBAAsB,CAAC,kBAAkB;oBACpE,YAAY,EAAE,SAAS,CAAC,MAAM,CAAC,GAAG;oBAClC,cAAc,EAAE,SAAS,CAAC,cAAc;oBACxC,OAAO,EAAE,yEAAyE;oBAClF,MAAM,EAAE,sBAAoB,CAAC,IAAI;iBACpC,CAAC,CAAC;gBACH,OAAO,KAAK,CAAC;YACjB,CAAC;YACD,KAAK,cAAc,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC;gBACtC,IAAI,CAAC,aAAa,EAAE,CAAC;oBACjB,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;gBAChF,CAAC;gBACD,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;oBAC9C,MAAM,IAAI,CAAC,uBAAuB,CAAC,SAAS,CAAC;wBACzC,UAAU,EAAE,cAAc,CAAC,sBAAsB,CAAC,kBAAkB;wBACpE,YAAY,EAAE,SAAS,CAAC,MAAM,CAAC,GAAG;wBAClC,cAAc,EAAE,SAAS,CAAC,cAAc;wBACxC,OAAO,EAAE,0EAA0E;wBACnF,MAAM,EAAE,sBAAoB,CAAC,IAAI;qBACpC,CAAC,CAAC;oBACH,OAAO,KAAK,CAAC;gBACjB,CAAC;gBACD,OAAO,IAAI,CAAC;YAChB,CAAC;YACD,KAAK,cAAc,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC,CAAC;gBAC3C,IAAI,CAAC,aAAa,EAAE,CAAC;oBACjB,MAAM,IAAI,KAAK,CAAC,+DAA+D,CAAC,CAAC;gBACrF,CAAC;gBACD,MAAM,aAAa,GAAG,CAAC,cAAc,CAAC,SAAS,CAAC,KAAK,EAAE,cAAc,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;gBACvF,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,gCAAgC,CAAC;oBAC7D,SAAS;oBACT,cAAc,EAAE,aAAa;oBAC7B,sBAAsB,EAAE,CAAC,cAAc,CAAC,SAAS,CAAC,OAAO,CAAC;oBAC1D,cAAc,EAAE,aAAc;iBACjC,CAAC,CAAC;gBACH,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,CAAC;oBAC1B,MAAM,IAAI,CAAC,uBAAuB,CAAC,SAAS,CAAC;wBACzC,UAAU,EAAE,cAAc,CAAC,sBAAsB,CAAC,kBAAkB;wBACpE,YAAY,EAAE,SAAS,CAAC,MAAM,CAAC,GAAG;wBAClC,cAAc,EAAE,SAAS,CAAC,cAAc;wBACxC,OAAO,EAAE,mEAAmE,aAAa,6BAA6B,aAAa,EAAE;wBACrI,MAAM,EAAE,sBAAoB,CAAC,IAAI;qBACpC,CAAC,CAAC;oBACH,OAAO,KAAK,CAAC;gBACjB,CAAC;gBACD,OAAO,IAAI,CAAC;YAChB,CAAC;YACD,OAAO,CAAC,CAAC,CAAC;gBACN,MAAM,IAAI,KAAK,CAAC,uBAAuB,eAAe,EAAE,CAAC,CAAC;YAC9D,CAAC;QACL,CAAC;IACL,CAAC;CACJ,CAAA;AA7HY,oDAAoB;+BAApB,oBAAoB;IADhC,IAAA,mBAAU,GAAE;IAOJ,WAAA,IAAA,iBAAQ,GAAE,CAAA;qCAFyB,uCAAiB;QACX,mDAAuB;QACV,mDAAuB;GANzE,oBAAoB,CA6HhC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@trailmix-cms/cms",
|
|
3
|
-
"version": "0.7.
|
|
3
|
+
"version": "0.7.4",
|
|
4
4
|
"main": "./dist/index.js",
|
|
5
5
|
"types": "./dist/index.d.ts",
|
|
6
6
|
"repository": {
|
|
@@ -22,9 +22,9 @@
|
|
|
22
22
|
"@nestjs/config": "^4.0.2",
|
|
23
23
|
"@nestjs/core": "^11.1.12",
|
|
24
24
|
"@nestjs/swagger": "^11.2.3",
|
|
25
|
-
"@trailmix-cms/db": "0.7.
|
|
26
|
-
"@trailmix-cms/models": "0.7.
|
|
27
|
-
"@trailmix-cms/utils": "0.7.
|
|
25
|
+
"@trailmix-cms/db": "0.7.4",
|
|
26
|
+
"@trailmix-cms/models": "0.7.4",
|
|
27
|
+
"@trailmix-cms/utils": "0.7.4",
|
|
28
28
|
"envalid": "^8.1.1",
|
|
29
29
|
"mongodb": "^7.0.0",
|
|
30
30
|
"nestjs-zod": "^5.1.1",
|
|
@@ -51,9 +51,9 @@
|
|
|
51
51
|
"@clerk/fastify": "^2.6.8",
|
|
52
52
|
"@nestjs/common": "^11.1.12",
|
|
53
53
|
"@nestjs/config": "^4.0.2",
|
|
54
|
-
"@trailmix-cms/db": "0.7.
|
|
55
|
-
"@trailmix-cms/models": "0.7.
|
|
56
|
-
"@trailmix-cms/utils": "0.7.
|
|
54
|
+
"@trailmix-cms/db": "0.7.4",
|
|
55
|
+
"@trailmix-cms/models": "0.7.4",
|
|
56
|
+
"@trailmix-cms/utils": "0.7.4",
|
|
57
57
|
"mongodb": "^7.0.0",
|
|
58
58
|
"nestjs-zod": "^5.1.1",
|
|
59
59
|
"reflect-metadata": "^0.2.2",
|
|
@@ -172,6 +172,39 @@ describe('AuthorizationService', () => {
|
|
|
172
172
|
};
|
|
173
173
|
const organizationId = new ObjectId();
|
|
174
174
|
|
|
175
|
+
it('throws error when OrganizationRoleService is not available (ensuring organizations feature must be enabled)', async () => {
|
|
176
|
+
// Create a service instance without OrganizationRoleService
|
|
177
|
+
const moduleWithoutOrgService: TestingModule = await Test.createTestingModule({
|
|
178
|
+
providers: [
|
|
179
|
+
AuthorizationService,
|
|
180
|
+
{
|
|
181
|
+
provide: GlobalRoleService,
|
|
182
|
+
useValue: {
|
|
183
|
+
findOne: jest.fn(),
|
|
184
|
+
find: jest.fn().mockResolvedValue([]),
|
|
185
|
+
},
|
|
186
|
+
},
|
|
187
|
+
{
|
|
188
|
+
provide: SecurityAuditCollection,
|
|
189
|
+
useValue: {
|
|
190
|
+
insertOne: jest.fn().mockResolvedValue(undefined),
|
|
191
|
+
},
|
|
192
|
+
},
|
|
193
|
+
],
|
|
194
|
+
}).compile();
|
|
195
|
+
|
|
196
|
+
const serviceWithoutOrgService = moduleWithoutOrgService.get<AuthorizationService>(AuthorizationService);
|
|
197
|
+
|
|
198
|
+
await expect(
|
|
199
|
+
serviceWithoutOrgService.resolveOrganizationAuthorization({
|
|
200
|
+
principal: accountPrincipal,
|
|
201
|
+
rolesAllowList: [trailmixModels.RoleValue.Admin],
|
|
202
|
+
principalTypeAllowList: [trailmixModels.Principal.Account],
|
|
203
|
+
organizationId,
|
|
204
|
+
})
|
|
205
|
+
).rejects.toThrow('OrganizationRoleService is not available. Organizations feature must be enabled to use resolveOrganizationAuthorization.');
|
|
206
|
+
});
|
|
207
|
+
|
|
175
208
|
it('returns hasAccess true when principal is a global admin (ensuring global admins have access to all organizations)', async () => {
|
|
176
209
|
const adminGlobalRole = TestUtils.Models.createGlobalRoleModel({
|
|
177
210
|
principal_id: principalId,
|