npm - @webiny/api-aco - Versions diffs - 5.37.8 → 5.38.0-beta.0 - Mend

@webiny/api-aco 5.37.8 → 5.38.0-beta.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (102) hide show

package/apps/AcoApp.d.ts +4 -0
package/apps/AcoApp.js +44 -5
package/apps/AcoApp.js.map +1 -1
package/apps/AcoApps.js +3 -1
package/apps/app.gql.js +6 -4
package/apps/app.gql.js.map +1 -1
package/apps/index.js +3 -1
package/createAcoContext.js +90 -15
package/createAcoContext.js.map +1 -1
package/createAcoGraphQL.js +5 -2
package/createAcoGraphQL.js.map +1 -1
package/createAcoHooks.js +9 -3
package/createAcoHooks.js.map +1 -1
package/createAcoModels.js +5 -2
package/createAcoModels.js.map +1 -1
package/createAcoStorageOperations.js +5 -2
package/createAcoStorageOperations.js.map +1 -1
package/fields/index.js +3 -1
package/fields/location.js +3 -1
package/filter/filter.crud.d.ts +3 -0
package/filter/filter.crud.js +94 -0
package/filter/filter.crud.js.map +1 -0
package/filter/filter.gql.d.ts +3 -0
package/filter/filter.gql.js +150 -0
package/filter/filter.gql.js.map +1 -0
package/filter/filter.model.d.ts +4 -0
package/filter/filter.model.js +127 -0
package/filter/filter.model.js.map +1 -0
package/filter/filter.so.d.ts +3 -0
package/filter/filter.so.js +96 -0
package/filter/filter.so.js.map +1 -0
package/filter/filter.types.d.ts +95 -0
package/filter/filter.types.js +14 -0
package/filter/filter.types.js.map +1 -0
package/folder/folder.crud.d.ts +8 -1
package/folder/folder.crud.js +197 -15
package/folder/folder.crud.js.map +1 -1
package/folder/folder.gql.js +75 -7
package/folder/folder.gql.js.map +1 -1
package/folder/folder.model.js +49 -3
package/folder/folder.model.js.map +1 -1
package/folder/folder.so.js +12 -4
package/folder/folder.so.js.map +1 -1
package/folder/folder.types.d.ts +23 -0
package/folder/folder.types.js +3 -1
package/folder/folder.types.js.map +1 -1
package/folder/onFolderBeforeDeleteAco.hook.d.ts +2 -0
package/folder/{onFolderBeforeDelete.hook.js → onFolderBeforeDeleteAco.hook.js} +8 -6
package/folder/onFolderBeforeDeleteAco.hook.js.map +1 -0
package/folder/onFolderBeforeDeleteFm.hook.d.ts +2 -0
package/folder/onFolderBeforeDeleteFm.hook.js +49 -0
package/folder/onFolderBeforeDeleteFm.hook.js.map +1 -0
package/folder/onFolderBeforeDeleteHcms.hook.d.ts +2 -0
package/folder/onFolderBeforeDeleteHcms.hook.js +56 -0
package/folder/onFolderBeforeDeleteHcms.hook.js.map +1 -0
package/index.d.ts +1 -0
package/index.js +12 -2
package/index.js.map +1 -1
package/package.json +25 -20
package/plugins/AcoAppModifierPlugin.js +3 -1
package/plugins/AcoAppRegisterPlugin.js +3 -1
package/plugins/index.js +3 -1
package/record/graphql/createAppResolvers.js +11 -9
package/record/graphql/createAppResolvers.js.map +1 -1
package/record/graphql/createAppSchema.js +3 -1
package/record/record.crud.js +3 -1
package/record/record.gql.js +3 -1
package/record/record.model.js +3 -1
package/record/record.so.js +3 -1
package/record/record.types.d.ts +2 -1
package/record/record.types.js +3 -1
package/record/record.types.js.map +1 -1
package/types.d.ts +19 -5
package/types.js +16 -1
package/types.js.map +1 -1
package/utils/FolderLevelPermissions.d.ts +65 -0
package/utils/FolderLevelPermissions.js +355 -0
package/utils/FolderLevelPermissions.js.map +1 -0
package/utils/acoRecordId.js +3 -1
package/utils/createListSort.js +3 -1
package/utils/createModelField.js +3 -1
package/utils/createOperationsWrapper.js +3 -1
package/utils/decorators/CmsEntriesCrudDecorators.d.ts +11 -0
package/utils/decorators/CmsEntriesCrudDecorators.js +175 -0
package/utils/decorators/CmsEntriesCrudDecorators.js.map +1 -0
package/utils/ensureAuthentication.d.ts +2 -0
package/utils/{checkPermissions.js → ensureAuthentication.js} +5 -3
package/utils/ensureAuthentication.js.map +1 -0
package/utils/fieldResolver.js +3 -1
package/utils/getFieldValues.d.ts +2 -0
package/utils/getFieldValues.js +9 -1
package/utils/getFieldValues.js.map +1 -1
package/utils/getFolderAndItsAncestors.d.ts +2 -2
package/utils/getFolderAndItsAncestors.js +16 -11
package/utils/getFolderAndItsAncestors.js.map +1 -1
package/utils/isInstallationPending.js +3 -1
package/utils/modelFactory.js +3 -1
package/utils/resolve.js +3 -1
package/folder/onFolderBeforeDelete.hook.d.ts +0 -2
package/folder/onFolderBeforeDelete.hook.js.map +0 -1
package/utils/checkPermissions.d.ts +0 -2
package/utils/checkPermissions.js.map +0 -1

package/utils/FolderLevelPermissions.js ADDED Viewed

@@ -0,0 +1,355 @@
+"use strict";
+var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault").default;
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.FolderLevelPermissions = void 0;
+var _objectSpread2 = _interopRequireDefault(require("@babel/runtime/helpers/objectSpread2"));
+var _defineProperty2 = _interopRequireDefault(require("@babel/runtime/helpers/defineProperty"));
+var _apiSecurity = require("@webiny/api-security");
+var _structuredClone = _interopRequireDefault(require("@ungap/structured-clone"));
+class FolderLevelPermissions {
+  constructor(params) {
+    (0, _defineProperty2.default)(this, "getIdentity", void 0);
+    (0, _defineProperty2.default)(this, "getIdentityTeam", void 0);
+    (0, _defineProperty2.default)(this, "listPermissions", void 0);
+    (0, _defineProperty2.default)(this, "listAllFoldersCallback", void 0);
+    (0, _defineProperty2.default)(this, "canUseTeams", void 0);
+    (0, _defineProperty2.default)(this, "canUseFolderLevelPermissions", void 0);
+    (0, _defineProperty2.default)(this, "allFolders", {});
+    this.getIdentity = params.getIdentity;
+    this.getIdentityTeam = params.getIdentityTeam;
+    this.listPermissions = params.listPermissions;
+    this.listAllFoldersCallback = params.listAllFolders;
+    this.canUseTeams = params.canUseTeams;
+    this.canUseFolderLevelPermissions = params.canUseFolderLevelPermissions;
+  }
+  async listAllFolders(folderType) {
+    if (folderType in this.allFolders) {
+      return (0, _structuredClone.default)(this.allFolders[folderType]);
+    }
+    this.allFolders[folderType] = await this.listAllFoldersCallback(folderType);
+    return (0, _structuredClone.default)(this.allFolders[folderType]);
+  }
+  async listAllFoldersWithPermissions(folderType) {
+    const folders = await this.listAllFolders(folderType);
+    // Filter folders based on permissions and assign permissions to each folder.
+    const filteredFoldersWithPermissions = await this.filterFolders({
+      folders,
+      rwd: "r"
+    });
+    await this.assignFolderPermissions(filteredFoldersWithPermissions);
+    return filteredFoldersWithPermissions;
+  }
+  invalidateCache(folderType) {
+    if (folderType) {
+      if (folderType in this.allFolders) {
+        delete this.allFolders[folderType];
+      }
+    } else {
+      this.allFolders = {};
+    }
+  }
+  async listFoldersPermissions(params) {
+    if (!this.canUseFolderLevelPermissions()) {
+      return [];
+    }
+    const {
+      folderType,
+      foldersList
+    } = params;
+    const allFolders = foldersList || (await this.listAllFolders(folderType));
+    const identity = this.getIdentity();
+    const permissions = await this.listPermissions();
+    const processedFolderPermissions = [];
+    let identityTeam;
+    if (this.canUseTeams()) {
+      identityTeam = await this.getIdentityTeam();
+    }
+    const processFolderPermissions = folder => {
+      var _folder$permissions;
+      if (processedFolderPermissions.some(fp => fp.folderId === folder.id)) {
+        return;
+      }
+      // Copy permissions, so we don't modify the original object.
+      const currentFolderPermissions = {
+        folderId: folder.id,
+        // On new folders, permissions can be `null`. Guard against that.
+        permissions: ((_folder$permissions = folder.permissions) === null || _folder$permissions === void 0 ? void 0 : _folder$permissions.map(permission => (0, _objectSpread2.default)({}, permission))) || []
+      };
+      // Check for permissions inherited from parent folder.
+      if (folder.parentId) {
+        const parentFolder = allFolders.find(f => f.id === folder.parentId);
+        if (parentFolder) {
+          // First check if the parent folder has already been processed.
+          let processedParentFolderPermissions = processedFolderPermissions.find(fp => fp.folderId === parentFolder.id);
+          // If not, process the parent folder.
+          if (!processedParentFolderPermissions) {
+            processFolderPermissions(parentFolder);
+            processedParentFolderPermissions = processedFolderPermissions.find(fp => fp.folderId === folder.parentId);
+          }
+          // If the parent folder has permissions, let's add them to the current folder.
+          if (processedParentFolderPermissions) {
+            const inheritedPermissions = processedParentFolderPermissions.permissions.map(p => {
+              return (0, _objectSpread2.default)((0, _objectSpread2.default)({}, p), {}, {
+                inheritedFrom: "parent:" + processedParentFolderPermissions.folderId
+              });
+            });
+            currentFolderPermissions.permissions.push(...inheritedPermissions);
+          }
+        }
+      }
+      // Finally, let's also ensure that the current user is included in the permissions,
+      // if not already. Let's also ensure the user is the first item in the array.
+      const [firstPermission] = currentFolderPermissions.permissions;
+      let identityFirstPermission;
+      // If current identity is already listed as the first permission, we don't need to do anything.
+      if ((firstPermission === null || firstPermission === void 0 ? void 0 : firstPermission.target) === `admin:${identity.id}`) {
+        identityFirstPermission = firstPermission;
+      }
+      if (!identityFirstPermission) {
+        const currentIdentityPermissionIndex = currentFolderPermissions.permissions.findIndex(p => p.target === `admin:${identity.id}`);
+        if (currentIdentityPermissionIndex >= 0) {
+          const [identityPermission] = currentFolderPermissions.permissions.splice(currentIdentityPermissionIndex, 1);
+          currentFolderPermissions.permissions.unshift(identityPermission);
+          identityFirstPermission = identityPermission;
+        } else {
+          // If the current identity is not in the permissions, let's add it.
+          // If the user has full access, we'll add it as "owner".
+          const hasFullAccess = permissions.some(p => p.name === "*");
+          if (hasFullAccess) {
+            identityFirstPermission = {
+              target: `admin:${identity.id}`,
+              level: "owner",
+              inheritedFrom: "role:full-access"
+            };
+            currentFolderPermissions.permissions.unshift(identityFirstPermission);
+          }
+        }
+      }
+      // Let's check if there is a team associated with the current identity.
+      if (!identityFirstPermission) {
+        if (identityTeam) {
+          const teamPermission = currentFolderPermissions.permissions.find(p => p.target === `team:${identityTeam.id}`);
+          if (teamPermission) {
+            identityFirstPermission = {
+              target: `admin:${identity.id}`,
+              level: teamPermission.level,
+              inheritedFrom: "team:" + identityTeam.id
+            };
+            currentFolderPermissions.permissions.unshift(identityFirstPermission);
+          }
+        }
+      }
+      processedFolderPermissions.push(currentFolderPermissions);
+    };
+    for (let i = 0; i < allFolders.length; i++) {
+      const folder = allFolders[i];
+      processFolderPermissions(folder);
+    }
+    return processedFolderPermissions;
+  }
+  async getFolderPermissions(params) {
+    const {
+      folder,
+      foldersList
+    } = params;
+    const folderPermissionsList = await this.listFoldersPermissions({
+      folderType: folder.type,
+      foldersList
+    });
+    return folderPermissionsList.find(fp => fp.folderId === folder.id);
+  }
+  async canAccessFolder(params) {
+    var _folderPermissions$pe;
+    if (!this.canUseFolderLevelPermissions()) {
+      return true;
+    }
+    const {
+      folder
+    } = params;
+    // We check for parent folder access first because the passed folder should be
+    // inaccessible if the parent folder is inaccessible.
+    if (folder.parentId) {
+      let foldersList = params.foldersList;
+      if (!foldersList) {
+        foldersList = await this.listAllFolders(folder.type);
+      }
+      const parentFolder = foldersList.find(f => f.id === folder.parentId);
+      if (parentFolder) {
+        const canAccessParentFolder = await this.canAccessFolder((0, _objectSpread2.default)((0, _objectSpread2.default)({}, params), {}, {
+          folder: parentFolder
+        }));
+        if (!canAccessParentFolder) {
+          return false;
+        }
+      }
+    }
+    const folderPermissions = await this.getFolderPermissions({
+      folder,
+      foldersList: params.foldersList
+    });
+    const identity = this.getIdentity();
+    const userAccessLevel = folderPermissions === null || folderPermissions === void 0 || (_folderPermissions$pe = folderPermissions.permissions.find(p => p.target === "admin:" + identity.id)) === null || _folderPermissions$pe === void 0 ? void 0 : _folderPermissions$pe.level;
+    let teamAccessLevel;
+    if (this.canUseTeams()) {
+      const identityTeam = await this.getIdentityTeam();
+      if (identityTeam) {
+        var _folderPermissions$pe2;
+        teamAccessLevel = folderPermissions === null || folderPermissions === void 0 || (_folderPermissions$pe2 = folderPermissions.permissions.find(p => p.target === "team:" + identityTeam.id)) === null || _folderPermissions$pe2 === void 0 ? void 0 : _folderPermissions$pe2.level;
+      }
+    }
+    const accessLevels = [userAccessLevel, teamAccessLevel].filter(Boolean);
+    if (params.rwd !== "r") {
+      return accessLevels.includes("owner");
+    }
+    // If we are here, it means we are checking for "read" access.
+    // For starters, let's check if the user has any access level.
+    if (accessLevels.length > 0) {
+      return true;
+    }
+    // If the user doesn't have any access level, let's check if the folder has any permissions set.
+    // Folders that don't have any permissions set are considered "public".
+    const hasPermissions = folderPermissions && folderPermissions.permissions.length > 0;
+    if (!hasPermissions) {
+      return true;
+    }
+    // No conditions were met, so we can return false.
+    return false;
+  }
+  async ensureCanAccessFolder(params) {
+    const canAccessFolder = await this.canAccessFolder(params);
+    if (!canAccessFolder) {
+      throw new _apiSecurity.NotAuthorizedError();
+    }
+  }
+  canManageFolderPermissions(folder) {
+    if (!this.canUseFolderLevelPermissions()) {
+      return false;
+    }
+    return this.canAccessFolder({
+      folder,
+      rwd: "w"
+    });
+  }
+  canManageFolderStructure(folder) {
+    if (!this.canUseFolderLevelPermissions()) {
+      return true;
+    }
+    return this.canAccessFolder({
+      folder,
+      rwd: "w"
+    });
+  }
+  async canAccessFolderContent(params) {
+    var _folderPermissions$pe3;
+    if (!this.canUseFolderLevelPermissions()) {
+      return true;
+    }
+    const {
+      folder,
+      foldersList
+    } = params;
+    const folderPermissions = await this.getFolderPermissions({
+      folder,
+      foldersList
+    });
+    const identity = this.getIdentity();
+    const userAccessLevel = folderPermissions === null || folderPermissions === void 0 || (_folderPermissions$pe3 = folderPermissions.permissions.find(p => p.target === "admin:" + identity.id)) === null || _folderPermissions$pe3 === void 0 ? void 0 : _folderPermissions$pe3.level;
+    let teamAccessLevel;
+    if (this.canUseTeams()) {
+      const identityTeam = await this.getIdentityTeam();
+      if (identityTeam) {
+        var _folderPermissions$pe4;
+        teamAccessLevel = folderPermissions === null || folderPermissions === void 0 || (_folderPermissions$pe4 = folderPermissions.permissions.find(p => p.target === "team:" + identityTeam.id)) === null || _folderPermissions$pe4 === void 0 ? void 0 : _folderPermissions$pe4.level;
+      }
+    }
+    const accessLevels = [userAccessLevel, teamAccessLevel].filter(Boolean);
+    // If the user is not an owner and we're checking for "write" or
+    // "delete" access, then we can immediately return false.
+    if (params.rwd !== "r") {
+      return accessLevels.includes("owner") || accessLevels.includes("editor");
+    }
+    // If we are here, it means we are checking for "read" access.
+    // For starters, let's check if the user has any access level.
+    if (accessLevels.length > 0) {
+      return true;
+    }
+    // If the user doesn't have any access level, let's check if the folder has any permissions set.
+    // Folders that don't have any permissions set are considered "public".
+    const hasPermissions = folderPermissions && folderPermissions.permissions.length > 0;
+    if (!hasPermissions) {
+      return true;
+    }
+    // No conditions were met, so we can return false.
+    return false;
+  }
+  async ensureCanAccessFolderContent(params) {
+    const canAccessFolderContent = await this.canAccessFolderContent(params);
+    if (!canAccessFolderContent) {
+      throw new _apiSecurity.NotAuthorizedError();
+    }
+  }
+  async canCreateFolderInRoot() {
+    if (!this.canUseFolderLevelPermissions()) {
+      return true;
+    }
+    const permissions = await this.listPermissions();
+    return permissions.some(p => p.name === "*");
+  }
+  async filterFolders(params) {
+    const filteredFolders = [];
+    const {
+      folders,
+      rwd
+    } = params;
+    for (let i = 0; i < folders.length; i++) {
+      const folder = folders[i];
+      const canAccessFolder = await this.canAccessFolder({
+        folder,
+        rwd
+      });
+      if (canAccessFolder) {
+        filteredFolders.push(folder);
+      }
+    }
+    return filteredFolders;
+  }
+  async assignFolderPermissions(folder) {
+    const folders = Array.isArray(folder) ? folder : [folder];
+    for (let i = 0; i < folders.length; i++) {
+      const folder = folders[i];
+      const folderPermissions = await this.getFolderPermissions({
+        folder
+      });
+      if (folderPermissions) {
+        folder.permissions = folderPermissions.permissions;
+      } else {
+        folder.permissions = [];
+      }
+    }
+  }
+  permissionsIncludeNonInheritedPermissions(folderPermissionsList) {
+    return folderPermissionsList === null || folderPermissionsList === void 0 ? void 0 : folderPermissionsList.some(p => !p.inheritedFrom);
+  }
+}
+exports.FolderLevelPermissions = FolderLevelPermissions;
+//# sourceMappingURL=FolderLevelPermissions.js.map

package/utils/FolderLevelPermissions.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"names":["_apiSecurity","require","_structuredClone","_interopRequireDefault","FolderLevelPermissions","constructor","params","_defineProperty2","default","getIdentity","getIdentityTeam","listPermissions","listAllFoldersCallback","listAllFolders","canUseTeams","canUseFolderLevelPermissions","folderType","allFolders","structuredClone","listAllFoldersWithPermissions","folders","filteredFoldersWithPermissions","filterFolders","rwd","assignFolderPermissions","invalidateCache","listFoldersPermissions","foldersList","identity","permissions","processedFolderPermissions","identityTeam","processFolderPermissions","folder","_folder$permissions","some","fp","folderId","id","currentFolderPermissions","map","permission","_objectSpread2","parentId","parentFolder","find","f","processedParentFolderPermissions","inheritedPermissions","p","inheritedFrom","push","firstPermission","identityFirstPermission","target","currentIdentityPermissionIndex","findIndex","identityPermission","splice","unshift","hasFullAccess","name","level","teamPermission","i","length","getFolderPermissions","folderPermissionsList","type","canAccessFolder","_folderPermissions$pe","canAccessParentFolder","folderPermissions","userAccessLevel","teamAccessLevel","_folderPermissions$pe2","accessLevels","filter","Boolean","includes","hasPermissions","ensureCanAccessFolder","NotAuthorizedError","canManageFolderPermissions","canManageFolderStructure","canAccessFolderContent","_folderPermissions$pe3","_folderPermissions$pe4","ensureCanAccessFolderContent","canCreateFolderInRoot","filteredFolders","Array","isArray","permissionsIncludeNonInheritedPermissions","exports"],"sources":["FolderLevelPermissions.ts"],"sourcesContent":["import { Authentication } from \"@webiny/api-authentication/types\";\nimport { SecurityPermission, Team } from \"@webiny/api-security/types\";\nimport { Folder } from \"~/folder/folder.types\";\nimport { NotAuthorizedError } from \"@webiny/api-security\";\nimport structuredClone from \"@ungap/structured-clone\";\n\nexport type FolderAccessLevel = \"owner\" | \"viewer\" | \"editor\";\n\nexport interface FolderPermission {\n target: string;\n level: FolderAccessLevel;\n inheritedFrom?: string;\n}\n\nexport interface FolderPermissionsListItem {\n folderId: string;\n permissions: FolderPermission[];\n}\n\nexport type FolderPermissionsList = FolderPermissionsListItem[];\n\nexport interface CanAccessFolderParams {\n folder: Pick<Folder, \"id\" | \"type\" | \"parentId\">;\n rwd?: \"r\" | \"w\" | \"d\";\n foldersList?: Folder[];\n}\n\ninterface FilterFoldersParams {\n folders: Array<Folder>;\n rwd?: \"r\" | \"w\" | \"d\";\n}\n\ninterface GetFolderPermissionsParams {\n folder: Pick<Folder, \"id\" | \"type\">;\n foldersList?: Folder[];\n}\n\ninterface ListFolderPermissionsParams {\n folderType: string;\n foldersList?: Folder[];\n}\n\nexport interface FolderLevelPermissionsParams {\n getIdentity: Authentication[\"getIdentity\"];\n getIdentityTeam: () => Promise<Team | null>;\n listPermissions: () => Promise<SecurityPermission[]>;\n listAllFolders: (folderType: string) => Promise<Folder[]>;\n canUseTeams: () => boolean;\n canUseFolderLevelPermissions: () => boolean;\n}\n\nexport class FolderLevelPermissions {\n private readonly getIdentity: Authentication[\"getIdentity\"];\n private readonly getIdentityTeam: () => Promise<Team | null>;\n private readonly listPermissions: () => Promise<SecurityPermission[]>;\n private readonly listAllFoldersCallback: (folderType: string) => Promise<Folder[]>;\n private readonly canUseTeams: () => boolean;\n private readonly canUseFolderLevelPermissions: () => boolean;\n private allFolders: Record<string, Folder[]> = {};\n\n constructor(params: FolderLevelPermissionsParams) {\n this.getIdentity = params.getIdentity;\n this.getIdentityTeam = params.getIdentityTeam;\n this.listPermissions = params.listPermissions;\n this.listAllFoldersCallback = params.listAllFolders;\n this.canUseTeams = params.canUseTeams;\n this.canUseFolderLevelPermissions = params.canUseFolderLevelPermissions;\n }\n\n async listAllFolders(folderType: string): Promise<Folder[]> {\n if (folderType in this.allFolders) {\n return structuredClone(this.allFolders[folderType]);\n }\n\n this.allFolders[folderType] = await this.listAllFoldersCallback(folderType);\n return structuredClone(this.allFolders[folderType]);\n }\n\n async listAllFoldersWithPermissions(folderType: string) {\n const folders = await this.listAllFolders(folderType);\n\n // Filter folders based on permissions and assign permissions to each folder.\n const filteredFoldersWithPermissions = await this.filterFolders({\n folders,\n rwd: \"r\"\n });\n\n await this.assignFolderPermissions(filteredFoldersWithPermissions);\n\n return filteredFoldersWithPermissions;\n }\n\n invalidateCache(folderType?: string) {\n if (folderType) {\n if (folderType in this.allFolders) {\n delete this.allFolders[folderType];\n }\n } else {\n this.allFolders = {};\n }\n }\n\n async listFoldersPermissions(\n params: ListFolderPermissionsParams\n ): Promise<FolderPermissionsList> {\n if (!this.canUseFolderLevelPermissions()) {\n return [];\n }\n\n const { folderType, foldersList } = params;\n\n const allFolders = foldersList || (await this.listAllFolders(folderType));\n const identity = this.getIdentity();\n const permissions = await this.listPermissions();\n\n const processedFolderPermissions: FolderPermissionsListItem[] = [];\n\n let identityTeam: Team | null;\n if (this.canUseTeams()) {\n identityTeam = await this.getIdentityTeam();\n }\n\n const processFolderPermissions = (folder: Folder) => {\n if (processedFolderPermissions.some(fp => fp.folderId === folder.id)) {\n return;\n }\n\n // Copy permissions, so we don't modify the original object.\n const currentFolderPermissions: FolderPermissionsListItem = {\n folderId: folder.id,\n // On new folders, permissions can be `null`. Guard against that.\n permissions: folder.permissions?.map(permission => ({ ...permission })) || []\n };\n\n // Check for permissions inherited from parent folder.\n if (folder.parentId) {\n const parentFolder = allFolders!.find(f => f.id === folder.parentId)!;\n if (parentFolder) {\n // First check if the parent folder has already been processed.\n let processedParentFolderPermissions = processedFolderPermissions.find(\n fp => fp.folderId === parentFolder.id\n );\n\n // If not, process the parent folder.\n if (!processedParentFolderPermissions) {\n processFolderPermissions(parentFolder);\n processedParentFolderPermissions = processedFolderPermissions.find(\n fp => fp.folderId === folder.parentId\n );\n }\n\n // If the parent folder has permissions, let's add them to the current folder.\n if (processedParentFolderPermissions) {\n const inheritedPermissions =\n processedParentFolderPermissions.permissions.map(p => {\n return {\n ...p,\n inheritedFrom:\n \"parent:\" + processedParentFolderPermissions!.folderId\n };\n });\n\n currentFolderPermissions.permissions.push(...inheritedPermissions);\n }\n }\n }\n\n // Finally, let's also ensure that the current user is included in the permissions,\n // if not already. Let's also ensure the user is the first item in the array.\n const [firstPermission] = currentFolderPermissions.permissions;\n\n let identityFirstPermission: FolderPermission | undefined;\n\n // If current identity is already listed as the first permission, we don't need to do anything.\n if (firstPermission?.target === `admin:${identity.id}`) {\n identityFirstPermission = firstPermission;\n }\n\n if (!identityFirstPermission) {\n const currentIdentityPermissionIndex =\n currentFolderPermissions.permissions.findIndex(\n p => p.target === `admin:${identity.id}`\n );\n\n if (currentIdentityPermissionIndex >= 0) {\n const [identityPermission] = currentFolderPermissions.permissions.splice(\n currentIdentityPermissionIndex,\n 1\n );\n currentFolderPermissions.permissions.unshift(identityPermission);\n identityFirstPermission = identityPermission;\n } else {\n // If the current identity is not in the permissions, let's add it.\n // If the user has full access, we'll add it as \"owner\".\n const hasFullAccess = permissions.some(p => p.name === \"*\");\n if (hasFullAccess) {\n identityFirstPermission = {\n target: `admin:${identity.id}`,\n level: \"owner\",\n inheritedFrom: \"role:full-access\"\n };\n currentFolderPermissions.permissions.unshift(identityFirstPermission);\n }\n }\n }\n\n // Let's check if there is a team associated with the current identity.\n if (!identityFirstPermission) {\n if (identityTeam) {\n const teamPermission = currentFolderPermissions.permissions.find(\n p => p.target === `team:${identityTeam!.id}`\n );\n\n if (teamPermission) {\n identityFirstPermission = {\n target: `admin:${identity.id}`,\n level: teamPermission.level,\n inheritedFrom: \"team:\" + identityTeam!.id\n };\n\n currentFolderPermissions.permissions.unshift(identityFirstPermission);\n }\n }\n }\n\n processedFolderPermissions.push(currentFolderPermissions);\n };\n\n for (let i = 0; i < allFolders!.length; i++) {\n const folder = allFolders![i];\n processFolderPermissions(folder);\n }\n\n return processedFolderPermissions;\n }\n\n async getFolderPermissions(\n params: GetFolderPermissionsParams\n ): Promise<FolderPermissionsListItem | undefined> {\n const { folder, foldersList } = params;\n const folderPermissionsList = await this.listFoldersPermissions({\n folderType: folder.type,\n foldersList\n });\n\n return folderPermissionsList.find(fp => fp.folderId === folder.id);\n }\n\n async canAccessFolder(params: CanAccessFolderParams) {\n if (!this.canUseFolderLevelPermissions()) {\n return true;\n }\n\n const { folder } = params;\n\n // We check for parent folder access first because the passed folder should be\n // inaccessible if the parent folder is inaccessible.\n if (folder.parentId) {\n let foldersList = params.foldersList;\n if (!foldersList) {\n foldersList = await this.listAllFolders(folder.type);\n }\n\n const parentFolder = foldersList.find(f => f.id === folder.parentId);\n if (parentFolder) {\n const canAccessParentFolder = await this.canAccessFolder({\n ...params,\n folder: parentFolder\n });\n\n if (!canAccessParentFolder) {\n return false;\n }\n }\n }\n\n const folderPermissions = await this.getFolderPermissions({\n folder,\n foldersList: params.foldersList\n });\n\n const identity = this.getIdentity();\n\n const userAccessLevel = folderPermissions?.permissions.find(\n p => p.target === \"admin:\" + identity.id\n )?.level;\n\n let teamAccessLevel: FolderAccessLevel | undefined;\n\n if (this.canUseTeams()) {\n const identityTeam = await this.getIdentityTeam();\n if (identityTeam) {\n teamAccessLevel = folderPermissions?.permissions.find(\n p => p.target === \"team:\" + identityTeam.id\n )?.level;\n }\n }\n\n const accessLevels = [userAccessLevel, teamAccessLevel].filter(Boolean);\n\n if (params.rwd !== \"r\") {\n return accessLevels.includes(\"owner\");\n }\n\n // If we are here, it means we are checking for \"read\" access.\n // For starters, let's check if the user has any access level.\n if (accessLevels.length > 0) {\n return true;\n }\n\n // If the user doesn't have any access level, let's check if the folder has any permissions set.\n // Folders that don't have any permissions set are considered \"public\".\n const hasPermissions = folderPermissions && folderPermissions.permissions.length > 0;\n if (!hasPermissions) {\n return true;\n }\n\n // No conditions were met, so we can return false.\n return false;\n }\n\n async ensureCanAccessFolder(params: CanAccessFolderParams) {\n const canAccessFolder = await this.canAccessFolder(params);\n if (!canAccessFolder) {\n throw new NotAuthorizedError();\n }\n }\n\n canManageFolderPermissions(folder: Folder) {\n if (!this.canUseFolderLevelPermissions()) {\n return false;\n }\n\n return this.canAccessFolder({ folder, rwd: \"w\" });\n }\n\n canManageFolderStructure(folder: Folder) {\n if (!this.canUseFolderLevelPermissions()) {\n return true;\n }\n\n return this.canAccessFolder({ folder, rwd: \"w\" });\n }\n\n async canAccessFolderContent(params: CanAccessFolderParams) {\n if (!this.canUseFolderLevelPermissions()) {\n return true;\n }\n\n const { folder, foldersList } = params;\n\n const folderPermissions = await this.getFolderPermissions({\n folder,\n foldersList\n });\n\n const identity = this.getIdentity();\n\n const userAccessLevel = folderPermissions?.permissions.find(\n p => p.target === \"admin:\" + identity.id\n )?.level;\n\n let teamAccessLevel: FolderAccessLevel | undefined;\n if (this.canUseTeams()) {\n const identityTeam = await this.getIdentityTeam();\n if (identityTeam) {\n teamAccessLevel = folderPermissions?.permissions.find(\n p => p.target === \"team:\" + identityTeam.id\n )?.level;\n }\n }\n\n const accessLevels = [userAccessLevel, teamAccessLevel].filter(Boolean);\n\n // If the user is not an owner and we're checking for \"write\" or\n // \"delete\" access, then we can immediately return false.\n if (params.rwd !== \"r\") {\n return accessLevels.includes(\"owner\") || accessLevels.includes(\"editor\");\n }\n\n // If we are here, it means we are checking for \"read\" access.\n // For starters, let's check if the user has any access level.\n if (accessLevels.length > 0) {\n return true;\n }\n\n // If the user doesn't have any access level, let's check if the folder has any permissions set.\n // Folders that don't have any permissions set are considered \"public\".\n const hasPermissions = folderPermissions && folderPermissions.permissions.length > 0;\n if (!hasPermissions) {\n return true;\n }\n\n // No conditions were met, so we can return false.\n return false;\n }\n\n async ensureCanAccessFolderContent(params: CanAccessFolderParams) {\n const canAccessFolderContent = await this.canAccessFolderContent(params);\n if (!canAccessFolderContent) {\n throw new NotAuthorizedError();\n }\n }\n\n async canCreateFolderInRoot() {\n if (!this.canUseFolderLevelPermissions()) {\n return true;\n }\n\n const permissions = await this.listPermissions();\n return permissions.some(p => p.name === \"*\");\n }\n\n async filterFolders(params: FilterFoldersParams) {\n const filteredFolders: Folder[] = [];\n\n const { folders, rwd } = params;\n for (let i = 0; i < folders.length; i++) {\n const folder = folders[i];\n const canAccessFolder = await this.canAccessFolder({ folder, rwd });\n if (canAccessFolder) {\n filteredFolders.push(folder);\n }\n }\n\n return filteredFolders;\n }\n\n async assignFolderPermissions(folder: Folder | Folder[]) {\n const folders = Array.isArray(folder) ? folder : [folder];\n\n for (let i = 0; i < folders.length; i++) {\n const folder = folders[i];\n const folderPermissions = await this.getFolderPermissions({ folder });\n if (folderPermissions) {\n folder.permissions = folderPermissions.permissions;\n } else {\n folder.permissions = [];\n }\n }\n }\n\n permissionsIncludeNonInheritedPermissions(folderPermissionsList?: FolderPermission[]) {\n return folderPermissionsList?.some(p => !p.inheritedFrom);\n }\n}\n"],"mappings":";;;;;;;;;AAGA,IAAAA,YAAA,GAAAC,OAAA;AACA,IAAAC,gBAAA,GAAAC,sBAAA,CAAAF,OAAA;AA+CO,MAAMG,sBAAsB,CAAC;EAShCC,WAAWA,CAACC,MAAoC,EAAE;IAAA,IAAAC,gBAAA,CAAAC,OAAA;IAAA,IAAAD,gBAAA,CAAAC,OAAA;IAAA,IAAAD,gBAAA,CAAAC,OAAA;IAAA,IAAAD,gBAAA,CAAAC,OAAA;IAAA,IAAAD,gBAAA,CAAAC,OAAA;IAAA,IAAAD,gBAAA,CAAAC,OAAA;IAAA,IAAAD,gBAAA,CAAAC,OAAA,sBAFH,CAAC,CAAC;IAG7C,IAAI,CAACC,WAAW,GAAGH,MAAM,CAACG,WAAW;IACrC,IAAI,CAACC,eAAe,GAAGJ,MAAM,CAACI,eAAe;IAC7C,IAAI,CAACC,eAAe,GAAGL,MAAM,CAACK,eAAe;IAC7C,IAAI,CAACC,sBAAsB,GAAGN,MAAM,CAACO,cAAc;IACnD,IAAI,CAACC,WAAW,GAAGR,MAAM,CAACQ,WAAW;IACrC,IAAI,CAACC,4BAA4B,GAAGT,MAAM,CAACS,4BAA4B;EAC3E;EAEA,MAAMF,cAAcA,CAACG,UAAkB,EAAqB;IACxD,IAAIA,UAAU,IAAI,IAAI,CAACC,UAAU,EAAE;MAC/B,OAAO,IAAAC,wBAAe,EAAC,IAAI,CAACD,UAAU,CAACD,UAAU,CAAC,CAAC;IACvD;IAEA,IAAI,CAACC,UAAU,CAACD,UAAU,CAAC,GAAG,MAAM,IAAI,CAACJ,sBAAsB,CAACI,UAAU,CAAC;IAC3E,OAAO,IAAAE,wBAAe,EAAC,IAAI,CAACD,UAAU,CAACD,UAAU,CAAC,CAAC;EACvD;EAEA,MAAMG,6BAA6BA,CAACH,UAAkB,EAAE;IACpD,MAAMI,OAAO,GAAG,MAAM,IAAI,CAACP,cAAc,CAACG,UAAU,CAAC;;IAErD;IACA,MAAMK,8BAA8B,GAAG,MAAM,IAAI,CAACC,aAAa,CAAC;MAC5DF,OAAO;MACPG,GAAG,EAAE;IACT,CAAC,CAAC;IAEF,MAAM,IAAI,CAACC,uBAAuB,CAACH,8BAA8B,CAAC;IAElE,OAAOA,8BAA8B;EACzC;EAEAI,eAAeA,CAACT,UAAmB,EAAE;IACjC,IAAIA,UAAU,EAAE;MACZ,IAAIA,UAAU,IAAI,IAAI,CAACC,UAAU,EAAE;QAC/B,OAAO,IAAI,CAACA,UAAU,CAACD,UAAU,CAAC;MACtC;IACJ,CAAC,MAAM;MACH,IAAI,CAACC,UAAU,GAAG,CAAC,CAAC;IACxB;EACJ;EAEA,MAAMS,sBAAsBA,CACxBpB,MAAmC,EACL;IAC9B,IAAI,CAAC,IAAI,CAACS,4BAA4B,CAAC,CAAC,EAAE;MACtC,OAAO,EAAE;IACb;IAEA,MAAM;MAAEC,UAAU;MAAEW;IAAY,CAAC,GAAGrB,MAAM;IAE1C,MAAMW,UAAU,GAAGU,WAAW,KAAK,MAAM,IAAI,CAACd,cAAc,CAACG,UAAU,CAAC,CAAC;IACzE,MAAMY,QAAQ,GAAG,IAAI,CAACnB,WAAW,CAAC,CAAC;IACnC,MAAMoB,WAAW,GAAG,MAAM,IAAI,CAAClB,eAAe,CAAC,CAAC;IAEhD,MAAMmB,0BAAuD,GAAG,EAAE;IAElE,IAAIC,YAAyB;IAC7B,IAAI,IAAI,CAACjB,WAAW,CAAC,CAAC,EAAE;MACpBiB,YAAY,GAAG,MAAM,IAAI,CAACrB,eAAe,CAAC,CAAC;IAC/C;IAEA,MAAMsB,wBAAwB,GAAIC,MAAc,IAAK;MAAA,IAAAC,mBAAA;MACjD,IAAIJ,0BAA0B,CAACK,IAAI,CAACC,EAAE,IAAIA,EAAE,CAACC,QAAQ,KAAKJ,MAAM,CAACK,EAAE,CAAC,EAAE;QAClE;MACJ;;MAEA;MACA,MAAMC,wBAAmD,GAAG;QACxDF,QAAQ,EAAEJ,MAAM,CAACK,EAAE;QACnB;QACAT,WAAW,EAAE,EAAAK,mBAAA,GAAAD,MAAM,CAACJ,WAAW,cAAAK,mBAAA,uBAAlBA,mBAAA,CAAoBM,GAAG,CAACC,UAAU,QAAAC,cAAA,CAAAlC,OAAA,MAAUiC,UAAU,CAAG,CAAC,KAAI;MAC/E,CAAC;;MAED;MACA,IAAIR,MAAM,CAACU,QAAQ,EAAE;QACjB,MAAMC,YAAY,GAAG3B,UAAU,CAAE4B,IAAI,CAACC,CAAC,IAAIA,CAAC,CAACR,EAAE,KAAKL,MAAM,CAACU,QAAQ,CAAE;QACrE,IAAIC,YAAY,EAAE;UACd;UACA,IAAIG,gCAAgC,GAAGjB,0BAA0B,CAACe,IAAI,CAClET,EAAE,IAAIA,EAAE,CAACC,QAAQ,KAAKO,YAAY,CAACN,EACvC,CAAC;;UAED;UACA,IAAI,CAACS,gCAAgC,EAAE;YACnCf,wBAAwB,CAACY,YAAY,CAAC;YACtCG,gCAAgC,GAAGjB,0BAA0B,CAACe,IAAI,CAC9DT,EAAE,IAAIA,EAAE,CAACC,QAAQ,KAAKJ,MAAM,CAACU,QACjC,CAAC;UACL;;UAEA;UACA,IAAII,gCAAgC,EAAE;YAClC,MAAMC,oBAAoB,GACtBD,gCAAgC,CAAClB,WAAW,CAACW,GAAG,CAACS,CAAC,IAAI;cAClD,WAAAP,cAAA,CAAAlC,OAAA,MAAAkC,cAAA,CAAAlC,OAAA,MACOyC,CAAC;gBACJC,aAAa,EACT,SAAS,GAAGH,gCAAgC,CAAEV;cAAQ;YAElE,CAAC,CAAC;YAENE,wBAAwB,CAACV,WAAW,CAACsB,IAAI,CAAC,GAAGH,oBAAoB,CAAC;UACtE;QACJ;MACJ;;MAEA;MACA;MACA,MAAM,CAACI,eAAe,CAAC,GAAGb,wBAAwB,CAACV,WAAW;MAE9D,IAAIwB,uBAAqD;;MAEzD;MACA,IAAI,CAAAD,eAAe,aAAfA,eAAe,uBAAfA,eAAe,CAAEE,MAAM,MAAM,SAAQ1B,QAAQ,CAACU,EAAG,EAAC,EAAE;QACpDe,uBAAuB,GAAGD,eAAe;MAC7C;MAEA,IAAI,CAACC,uBAAuB,EAAE;QAC1B,MAAME,8BAA8B,GAChChB,wBAAwB,CAACV,WAAW,CAAC2B,SAAS,CAC1CP,CAAC,IAAIA,CAAC,CAACK,MAAM,KAAM,SAAQ1B,QAAQ,CAACU,EAAG,EAC3C,CAAC;QAEL,IAAIiB,8BAA8B,IAAI,CAAC,EAAE;UACrC,MAAM,CAACE,kBAAkB,CAAC,GAAGlB,wBAAwB,CAACV,WAAW,CAAC6B,MAAM,CACpEH,8BAA8B,EAC9B,CACJ,CAAC;UACDhB,wBAAwB,CAACV,WAAW,CAAC8B,OAAO,CAACF,kBAAkB,CAAC;UAChEJ,uBAAuB,GAAGI,kBAAkB;QAChD,CAAC,MAAM;UACH;UACA;UACA,MAAMG,aAAa,GAAG/B,WAAW,CAACM,IAAI,CAACc,CAAC,IAAIA,CAAC,CAACY,IAAI,KAAK,GAAG,CAAC;UAC3D,IAAID,aAAa,EAAE;YACfP,uBAAuB,GAAG;cACtBC,MAAM,EAAG,SAAQ1B,QAAQ,CAACU,EAAG,EAAC;cAC9BwB,KAAK,EAAE,OAAO;cACdZ,aAAa,EAAE;YACnB,CAAC;YACDX,wBAAwB,CAACV,WAAW,CAAC8B,OAAO,CAACN,uBAAuB,CAAC;UACzE;QACJ;MACJ;;MAEA;MACA,IAAI,CAACA,uBAAuB,EAAE;QAC1B,IAAItB,YAAY,EAAE;UACd,MAAMgC,cAAc,GAAGxB,wBAAwB,CAACV,WAAW,CAACgB,IAAI,CAC5DI,CAAC,IAAIA,CAAC,CAACK,MAAM,KAAM,QAAOvB,YAAY,CAAEO,EAAG,EAC/C,CAAC;UAED,IAAIyB,cAAc,EAAE;YAChBV,uBAAuB,GAAG;cACtBC,MAAM,EAAG,SAAQ1B,QAAQ,CAACU,EAAG,EAAC;cAC9BwB,KAAK,EAAEC,cAAc,CAACD,KAAK;cAC3BZ,aAAa,EAAE,OAAO,GAAGnB,YAAY,CAAEO;YAC3C,CAAC;YAEDC,wBAAwB,CAACV,WAAW,CAAC8B,OAAO,CAACN,uBAAuB,CAAC;UACzE;QACJ;MACJ;MAEAvB,0BAA0B,CAACqB,IAAI,CAACZ,wBAAwB,CAAC;IAC7D,CAAC;IAED,KAAK,IAAIyB,CAAC,GAAG,CAAC,EAAEA,CAAC,GAAG/C,UAAU,CAAEgD,MAAM,EAAED,CAAC,EAAE,EAAE;MACzC,MAAM/B,MAAM,GAAGhB,UAAU,CAAE+C,CAAC,CAAC;MAC7BhC,wBAAwB,CAACC,MAAM,CAAC;IACpC;IAEA,OAAOH,0BAA0B;EACrC;EAEA,MAAMoC,oBAAoBA,CACtB5D,MAAkC,EACY;IAC9C,MAAM;MAAE2B,MAAM;MAAEN;IAAY,CAAC,GAAGrB,MAAM;IACtC,MAAM6D,qBAAqB,GAAG,MAAM,IAAI,CAACzC,sBAAsB,CAAC;MAC5DV,UAAU,EAAEiB,MAAM,CAACmC,IAAI;MACvBzC;IACJ,CAAC,CAAC;IAEF,OAAOwC,qBAAqB,CAACtB,IAAI,CAACT,EAAE,IAAIA,EAAE,CAACC,QAAQ,KAAKJ,MAAM,CAACK,EAAE,CAAC;EACtE;EAEA,MAAM+B,eAAeA,CAAC/D,MAA6B,EAAE;IAAA,IAAAgE,qBAAA;IACjD,IAAI,CAAC,IAAI,CAACvD,4BAA4B,CAAC,CAAC,EAAE;MACtC,OAAO,IAAI;IACf;IAEA,MAAM;MAAEkB;IAAO,CAAC,GAAG3B,MAAM;;IAEzB;IACA;IACA,IAAI2B,MAAM,CAACU,QAAQ,EAAE;MACjB,IAAIhB,WAAW,GAAGrB,MAAM,CAACqB,WAAW;MACpC,IAAI,CAACA,WAAW,EAAE;QACdA,WAAW,GAAG,MAAM,IAAI,CAACd,cAAc,CAACoB,MAAM,CAACmC,IAAI,CAAC;MACxD;MAEA,MAAMxB,YAAY,GAAGjB,WAAW,CAACkB,IAAI,CAACC,CAAC,IAAIA,CAAC,CAACR,EAAE,KAAKL,MAAM,CAACU,QAAQ,CAAC;MACpE,IAAIC,YAAY,EAAE;QACd,MAAM2B,qBAAqB,GAAG,MAAM,IAAI,CAACF,eAAe,KAAA3B,cAAA,CAAAlC,OAAA,MAAAkC,cAAA,CAAAlC,OAAA,MACjDF,MAAM;UACT2B,MAAM,EAAEW;QAAY,EACvB,CAAC;QAEF,IAAI,CAAC2B,qBAAqB,EAAE;UACxB,OAAO,KAAK;QAChB;MACJ;IACJ;IAEA,MAAMC,iBAAiB,GAAG,MAAM,IAAI,CAACN,oBAAoB,CAAC;MACtDjC,MAAM;MACNN,WAAW,EAAErB,MAAM,CAACqB;IACxB,CAAC,CAAC;IAEF,MAAMC,QAAQ,GAAG,IAAI,CAACnB,WAAW,CAAC,CAAC;IAEnC,MAAMgE,eAAe,GAAGD,iBAAiB,aAAjBA,iBAAiB,gBAAAF,qBAAA,GAAjBE,iBAAiB,CAAE3C,WAAW,CAACgB,IAAI,CACvDI,CAAC,IAAIA,CAAC,CAACK,MAAM,KAAK,QAAQ,GAAG1B,QAAQ,CAACU,EAC1C,CAAC,cAAAgC,qBAAA,uBAFuBA,qBAAA,CAErBR,KAAK;IAER,IAAIY,eAA8C;IAElD,IAAI,IAAI,CAAC5D,WAAW,CAAC,CAAC,EAAE;MACpB,MAAMiB,YAAY,GAAG,MAAM,IAAI,CAACrB,eAAe,CAAC,CAAC;MACjD,IAAIqB,YAAY,EAAE;QAAA,IAAA4C,sBAAA;QACdD,eAAe,GAAGF,iBAAiB,aAAjBA,iBAAiB,gBAAAG,sBAAA,GAAjBH,iBAAiB,CAAE3C,WAAW,CAACgB,IAAI,CACjDI,CAAC,IAAIA,CAAC,CAACK,MAAM,KAAK,OAAO,GAAGvB,YAAY,CAACO,EAC7C,CAAC,cAAAqC,sBAAA,uBAFiBA,sBAAA,CAEfb,KAAK;MACZ;IACJ;IAEA,MAAMc,YAAY,GAAG,CAACH,eAAe,EAAEC,eAAe,CAAC,CAACG,MAAM,CAACC,OAAO,CAAC;IAEvE,IAAIxE,MAAM,CAACiB,GAAG,KAAK,GAAG,EAAE;MACpB,OAAOqD,YAAY,CAACG,QAAQ,CAAC,OAAO,CAAC;IACzC;;IAEA;IACA;IACA,IAAIH,YAAY,CAACX,MAAM,GAAG,CAAC,EAAE;MACzB,OAAO,IAAI;IACf;;IAEA;IACA;IACA,MAAMe,cAAc,GAAGR,iBAAiB,IAAIA,iBAAiB,CAAC3C,WAAW,CAACoC,MAAM,GAAG,CAAC;IACpF,IAAI,CAACe,cAAc,EAAE;MACjB,OAAO,IAAI;IACf;;IAEA;IACA,OAAO,KAAK;EAChB;EAEA,MAAMC,qBAAqBA,CAAC3E,MAA6B,EAAE;IACvD,MAAM+D,eAAe,GAAG,MAAM,IAAI,CAACA,eAAe,CAAC/D,MAAM,CAAC;IAC1D,IAAI,CAAC+D,eAAe,EAAE;MAClB,MAAM,IAAIa,+BAAkB,CAAC,CAAC;IAClC;EACJ;EAEAC,0BAA0BA,CAAClD,MAAc,EAAE;IACvC,IAAI,CAAC,IAAI,CAAClB,4BAA4B,CAAC,CAAC,EAAE;MACtC,OAAO,KAAK;IAChB;IAEA,OAAO,IAAI,CAACsD,eAAe,CAAC;MAAEpC,MAAM;MAAEV,GAAG,EAAE;IAAI,CAAC,CAAC;EACrD;EAEA6D,wBAAwBA,CAACnD,MAAc,EAAE;IACrC,IAAI,CAAC,IAAI,CAAClB,4BAA4B,CAAC,CAAC,EAAE;MACtC,OAAO,IAAI;IACf;IAEA,OAAO,IAAI,CAACsD,eAAe,CAAC;MAAEpC,MAAM;MAAEV,GAAG,EAAE;IAAI,CAAC,CAAC;EACrD;EAEA,MAAM8D,sBAAsBA,CAAC/E,MAA6B,EAAE;IAAA,IAAAgF,sBAAA;IACxD,IAAI,CAAC,IAAI,CAACvE,4BAA4B,CAAC,CAAC,EAAE;MACtC,OAAO,IAAI;IACf;IAEA,MAAM;MAAEkB,MAAM;MAAEN;IAAY,CAAC,GAAGrB,MAAM;IAEtC,MAAMkE,iBAAiB,GAAG,MAAM,IAAI,CAACN,oBAAoB,CAAC;MACtDjC,MAAM;MACNN;IACJ,CAAC,CAAC;IAEF,MAAMC,QAAQ,GAAG,IAAI,CAACnB,WAAW,CAAC,CAAC;IAEnC,MAAMgE,eAAe,GAAGD,iBAAiB,aAAjBA,iBAAiB,gBAAAc,sBAAA,GAAjBd,iBAAiB,CAAE3C,WAAW,CAACgB,IAAI,CACvDI,CAAC,IAAIA,CAAC,CAACK,MAAM,KAAK,QAAQ,GAAG1B,QAAQ,CAACU,EAC1C,CAAC,cAAAgD,sBAAA,uBAFuBA,sBAAA,CAErBxB,KAAK;IAER,IAAIY,eAA8C;IAClD,IAAI,IAAI,CAAC5D,WAAW,CAAC,CAAC,EAAE;MACpB,MAAMiB,YAAY,GAAG,MAAM,IAAI,CAACrB,eAAe,CAAC,CAAC;MACjD,IAAIqB,YAAY,EAAE;QAAA,IAAAwD,sBAAA;QACdb,eAAe,GAAGF,iBAAiB,aAAjBA,iBAAiB,gBAAAe,sBAAA,GAAjBf,iBAAiB,CAAE3C,WAAW,CAACgB,IAAI,CACjDI,CAAC,IAAIA,CAAC,CAACK,MAAM,KAAK,OAAO,GAAGvB,YAAY,CAACO,EAC7C,CAAC,cAAAiD,sBAAA,uBAFiBA,sBAAA,CAEfzB,KAAK;MACZ;IACJ;IAEA,MAAMc,YAAY,GAAG,CAACH,eAAe,EAAEC,eAAe,CAAC,CAACG,MAAM,CAACC,OAAO,CAAC;;IAEvE;IACA;IACA,IAAIxE,MAAM,CAACiB,GAAG,KAAK,GAAG,EAAE;MACpB,OAAOqD,YAAY,CAACG,QAAQ,CAAC,OAAO,CAAC,IAAIH,YAAY,CAACG,QAAQ,CAAC,QAAQ,CAAC;IAC5E;;IAEA;IACA;IACA,IAAIH,YAAY,CAACX,MAAM,GAAG,CAAC,EAAE;MACzB,OAAO,IAAI;IACf;;IAEA;IACA;IACA,MAAMe,cAAc,GAAGR,iBAAiB,IAAIA,iBAAiB,CAAC3C,WAAW,CAACoC,MAAM,GAAG,CAAC;IACpF,IAAI,CAACe,cAAc,EAAE;MACjB,OAAO,IAAI;IACf;;IAEA;IACA,OAAO,KAAK;EAChB;EAEA,MAAMQ,4BAA4BA,CAAClF,MAA6B,EAAE;IAC9D,MAAM+E,sBAAsB,GAAG,MAAM,IAAI,CAACA,sBAAsB,CAAC/E,MAAM,CAAC;IACxE,IAAI,CAAC+E,sBAAsB,EAAE;MACzB,MAAM,IAAIH,+BAAkB,CAAC,CAAC;IAClC;EACJ;EAEA,MAAMO,qBAAqBA,CAAA,EAAG;IAC1B,IAAI,CAAC,IAAI,CAAC1E,4BAA4B,CAAC,CAAC,EAAE;MACtC,OAAO,IAAI;IACf;IAEA,MAAMc,WAAW,GAAG,MAAM,IAAI,CAAClB,eAAe,CAAC,CAAC;IAChD,OAAOkB,WAAW,CAACM,IAAI,CAACc,CAAC,IAAIA,CAAC,CAACY,IAAI,KAAK,GAAG,CAAC;EAChD;EAEA,MAAMvC,aAAaA,CAAChB,MAA2B,EAAE;IAC7C,MAAMoF,eAAyB,GAAG,EAAE;IAEpC,MAAM;MAAEtE,OAAO;MAAEG;IAAI,CAAC,GAAGjB,MAAM;IAC/B,KAAK,IAAI0D,CAAC,GAAG,CAAC,EAAEA,CAAC,GAAG5C,OAAO,CAAC6C,MAAM,EAAED,CAAC,EAAE,EAAE;MACrC,MAAM/B,MAAM,GAAGb,OAAO,CAAC4C,CAAC,CAAC;MACzB,MAAMK,eAAe,GAAG,MAAM,IAAI,CAACA,eAAe,CAAC;QAAEpC,MAAM;QAAEV;MAAI,CAAC,CAAC;MACnE,IAAI8C,eAAe,EAAE;QACjBqB,eAAe,CAACvC,IAAI,CAAClB,MAAM,CAAC;MAChC;IACJ;IAEA,OAAOyD,eAAe;EAC1B;EAEA,MAAMlE,uBAAuBA,CAACS,MAAyB,EAAE;IACrD,MAAMb,OAAO,GAAGuE,KAAK,CAACC,OAAO,CAAC3D,MAAM,CAAC,GAAGA,MAAM,GAAG,CAACA,MAAM,CAAC;IAEzD,KAAK,IAAI+B,CAAC,GAAG,CAAC,EAAEA,CAAC,GAAG5C,OAAO,CAAC6C,MAAM,EAAED,CAAC,EAAE,EAAE;MACrC,MAAM/B,MAAM,GAAGb,OAAO,CAAC4C,CAAC,CAAC;MACzB,MAAMQ,iBAAiB,GAAG,MAAM,IAAI,CAACN,oBAAoB,CAAC;QAAEjC;MAAO,CAAC,CAAC;MACrE,IAAIuC,iBAAiB,EAAE;QACnBvC,MAAM,CAACJ,WAAW,GAAG2C,iBAAiB,CAAC3C,WAAW;MACtD,CAAC,MAAM;QACHI,MAAM,CAACJ,WAAW,GAAG,EAAE;MAC3B;IACJ;EACJ;EAEAgE,yCAAyCA,CAAC1B,qBAA0C,EAAE;IAClF,OAAOA,qBAAqB,aAArBA,qBAAqB,uBAArBA,qBAAqB,CAAEhC,IAAI,CAACc,CAAC,IAAI,CAACA,CAAC,CAACC,aAAa,CAAC;EAC7D;AACJ;AAAC4C,OAAA,CAAA1F,sBAAA,GAAAA,sBAAA"}

package/utils/acoRecordId.js CHANGED Viewed

@@ -30,4 +30,6 @@ const removeAcoRecordPrefix = id => {
   }
   return id.substring(WBY_ACO_PREFIX.length);
 };
-exports.removeAcoRecordPrefix = removeAcoRecordPrefix;
+exports.removeAcoRecordPrefix = removeAcoRecordPrefix;
+//# sourceMappingURL=acoRecordId.js.map

package/utils/createListSort.js CHANGED Viewed

@@ -10,4 +10,6 @@ const createListSort = sort => {
   }
   return Object.keys(sort).map(key => `${key}_${sort[key]}`);
 };
-exports.createListSort = createListSort;
+exports.createListSort = createListSort;
+//# sourceMappingURL=createListSort.js.map

package/utils/createModelField.js CHANGED Viewed

@@ -34,4 +34,6 @@ const createModelField = params => {
     predefinedValues
   };
 };
-exports.createModelField = createModelField;
+exports.createModelField = createModelField;
+//# sourceMappingURL=createModelField.js.map

package/utils/createOperationsWrapper.js CHANGED Viewed

@@ -26,4 +26,6 @@ const createOperationsWrapper = params => {
     withModel
   };
 };
-exports.createOperationsWrapper = createOperationsWrapper;
+exports.createOperationsWrapper = createOperationsWrapper;
+//# sourceMappingURL=createOperationsWrapper.js.map

package/utils/decorators/CmsEntriesCrudDecorators.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+import { AcoContext } from "../../types";
+declare type Context = Pick<AcoContext, "aco" | "cms">;
+interface EntryManagerCrudDecoratorsParams {
+    context: Context;
+}
+export declare class CmsEntriesCrudDecorators {
+    private readonly context;
+    constructor({ context }: EntryManagerCrudDecoratorsParams);
+    decorate(): void;
+}
+export {};

package/utils/decorators/CmsEntriesCrudDecorators.js ADDED Viewed

@@ -0,0 +1,175 @@
+"use strict";
+var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault").default;
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.CmsEntriesCrudDecorators = void 0;
+var _objectSpread2 = _interopRequireDefault(require("@babel/runtime/helpers/objectSpread2"));
+var _defineProperty2 = _interopRequireDefault(require("@babel/runtime/helpers/defineProperty"));
+var _handlerGraphql = require("@webiny/handler-graphql");
+const ROOT_FOLDER = "root";
+const createFolderType = model => {
+  return `cms:${model.modelId}`;
+};
+const filterEntriesByFolderFactory = (context, permissions) => {
+  return async (model, entries) => {
+    const [folders] = await context.aco.folder.listAll({
+      where: {
+        type: createFolderType(model)
+      }
+    });
+    const results = await Promise.all(entries.map(async entry => {
+      var _entry$location;
+      const folderId = (_entry$location = entry.location) === null || _entry$location === void 0 ? void 0 : _entry$location.folderId;
+      if (!folderId || folderId === ROOT_FOLDER) {
+        return entry;
+      }
+      const folder = folders.find(folder => folder.id === folderId);
+      if (!folder) {
+        throw new _handlerGraphql.NotFoundError(`Folder "${folderId}" not found.`);
+      }
+      const result = await permissions.canAccessFolderContent({
+        folder,
+        rwd: "r"
+      });
+      return result ? entry : null;
+    }));
+    return results.filter(entry => !!entry);
+  };
+};
+class CmsEntriesCrudDecorators {
+  constructor({
+    context
+  }) {
+    (0, _defineProperty2.default)(this, "context", void 0);
+    this.context = context;
+  }
+  decorate() {
+    const context = this.context;
+    const folderLevelPermissions = context.aco.folderLevelPermissions;
+    const filterEntriesByFolder = filterEntriesByFolderFactory(context, folderLevelPermissions);
+    const originalCmsListEntries = context.cms.listEntries.bind(context.cms);
+    context.cms.listEntries = async (model, params) => {
+      const folderType = model.modelId === "fmFile" ? "FmFile" : `cms:${model.modelId}`;
+      const allFolders = await folderLevelPermissions.listAllFoldersWithPermissions(folderType);
+      return originalCmsListEntries(model, (0, _objectSpread2.default)((0, _objectSpread2.default)({}, params), {}, {
+        where: (0, _objectSpread2.default)((0, _objectSpread2.default)({}, (params === null || params === void 0 ? void 0 : params.where) || {}), {}, {
+          wbyAco_location: {
+            // At the moment, all users can access entries in the root folder.
+            // Root folder level permissions cannot be set yet.
+            folderId_in: [ROOT_FOLDER, ...allFolders.map(folder => folder.id)]
+          }
+        })
+      }));
+    };
+    const originalCmsGetEntry = context.cms.getEntry.bind(context.cms);
+    context.cms.getEntry = async (model, params) => {
+      var _entry$location2;
+      const entry = await originalCmsGetEntry(model, params);
+      const folderId = entry === null || entry === void 0 || (_entry$location2 = entry.location) === null || _entry$location2 === void 0 ? void 0 : _entry$location2.folderId;
+      if (!folderId || folderId === ROOT_FOLDER) {
+        return entry;
+      }
+      const folder = await context.aco.folder.get(folderId);
+      await folderLevelPermissions.ensureCanAccessFolderContent({
+        folder,
+        rwd: "r"
+      });
+      return entry;
+    };
+    const originalCmsGetEntryById = context.cms.getEntryById.bind(context.cms);
+    context.cms.getEntryById = async (model, params) => {
+      var _entry$location3;
+      const entry = await originalCmsGetEntryById(model, params);
+      const folderId = entry === null || entry === void 0 || (_entry$location3 = entry.location) === null || _entry$location3 === void 0 ? void 0 : _entry$location3.folderId;
+      if (!folderId || folderId === ROOT_FOLDER) {
+        return entry;
+      }
+      const folder = await context.aco.folder.get(folderId);
+      await folderLevelPermissions.ensureCanAccessFolderContent({
+        folder,
+        rwd: "r"
+      });
+      return entry;
+    };
+    const originalGetLatestEntriesByIds = context.cms.getLatestEntriesByIds.bind(context.cms);
+    context.cms.getLatestEntriesByIds = async (model, ids) => {
+      const entries = await originalGetLatestEntriesByIds(model, ids);
+      return filterEntriesByFolder(model, entries);
+    };
+    const originalGetPublishedEntriesByIds = context.cms.getPublishedEntriesByIds.bind(context.cms);
+    context.cms.getPublishedEntriesByIds = async (model, ids) => {
+      const entries = await originalGetPublishedEntriesByIds(model, ids);
+      return filterEntriesByFolder(model, entries);
+    };
+    const originalCmsCreateEntry = context.cms.createEntry.bind(context.cms);
+    context.cms.createEntry = async (model, params) => {
+      var _params$wbyAco_locati, _params$location;
+      const folderId = ((_params$wbyAco_locati = params.wbyAco_location) === null || _params$wbyAco_locati === void 0 ? void 0 : _params$wbyAco_locati.folderId) || ((_params$location = params.location) === null || _params$location === void 0 ? void 0 : _params$location.folderId);
+      if (!folderId || folderId === ROOT_FOLDER) {
+        return originalCmsCreateEntry(model, params);
+      }
+      const folder = await context.aco.folder.get(folderId);
+      await folderLevelPermissions.ensureCanAccessFolderContent({
+        folder,
+        rwd: "w"
+      });
+      return originalCmsCreateEntry(model, params);
+    };
+    const originalCmsUpdateEntry = context.cms.updateEntry.bind(context.cms);
+    context.cms.updateEntry = async (model, id, input, meta) => {
+      var _entry$location4;
+      const entry = await context.cms.storageOperations.entries.getRevisionById(model, {
+        id
+      });
+      const folderId = entry === null || entry === void 0 || (_entry$location4 = entry.location) === null || _entry$location4 === void 0 ? void 0 : _entry$location4.folderId;
+      if (!folderId || folderId === ROOT_FOLDER) {
+        return originalCmsUpdateEntry(model, id, input, meta);
+      }
+      const folder = await context.aco.folder.get(folderId);
+      await folderLevelPermissions.ensureCanAccessFolderContent({
+        folder,
+        rwd: "w"
+      });
+      return originalCmsUpdateEntry(model, id, input, meta);
+    };
+    const originalCmsDeleteEntry = context.cms.deleteEntry.bind(context.cms);
+    context.cms.deleteEntry = async (model, id) => {
+      var _entry$location5;
+      const entry = await context.cms.storageOperations.entries.getRevisionById(model, {
+        id
+      });
+      const folderId = entry === null || entry === void 0 || (_entry$location5 = entry.location) === null || _entry$location5 === void 0 ? void 0 : _entry$location5.folderId;
+      if (!folderId || folderId === ROOT_FOLDER) {
+        return originalCmsDeleteEntry(model, id);
+      }
+      const folder = await context.aco.folder.get(folderId);
+      await folderLevelPermissions.ensureCanAccessFolderContent({
+        folder,
+        rwd: "d"
+      });
+      return originalCmsDeleteEntry(model, id);
+    };
+    const originalCmsDeleteEntryRevision = context.cms.deleteEntryRevision.bind(context.cms);
+    context.cms.deleteEntryRevision = async (model, id) => {
+      var _entry$location6;
+      const entry = await context.cms.storageOperations.entries.getRevisionById(model, {
+        id
+      });
+      const folderId = entry === null || entry === void 0 || (_entry$location6 = entry.location) === null || _entry$location6 === void 0 ? void 0 : _entry$location6.folderId;
+      if (!folderId || folderId === ROOT_FOLDER) {
+        return originalCmsDeleteEntryRevision(model, id);
+      }
+      const folder = await context.aco.folder.get(folderId);
+      await folderLevelPermissions.ensureCanAccessFolderContent({
+        folder,
+        rwd: "d"
+      });
+      return originalCmsDeleteEntryRevision(model, id);
+    };
+  }
+}
+exports.CmsEntriesCrudDecorators = CmsEntriesCrudDecorators;
+//# sourceMappingURL=CmsEntriesCrudDecorators.js.map