@webiny/api-aco 5.38.0-beta.1 → 5.38.0-beta.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/createAcoContext.js +3 -0
  2. package/createAcoContext.js.map +1 -1
  3. package/folder/folder.gql.js +6 -0
  4. package/folder/folder.gql.js.map +1 -1
  5. package/package.json +25 -25
  6. package/utils/FolderLevelPermissions.d.ts +1 -0
  7. package/utils/FolderLevelPermissions.js +34 -56
  8. package/utils/FolderLevelPermissions.js.map +1 -1
  9. package/utils/decorators/CmsEntriesCrudDecorators.js.map +1 -1
package/createAcoContext.js CHANGED
@@ -54,6 +54,9 @@ const setupAcoContext = async context => {
54
54
  getIdentityTeam: async () => {
55
55
  return security.withoutAuthorization(async () => {
56
56
  const identity = security.getIdentity();
57
+ if (!identity) {
58
+ return null;
59
+ }
57
60
  const adminUser = await context.adminUsers.getUser({
58
61
  where: {
59
62
  id: identity.id
package/createAcoContext.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["_error","_interopRequireDefault","require","_api","_createAcoHooks","_createAcoStorageOperations","_isInstallationPending","_folder","_record","_apps","_record2","_plugins","_FolderLevelPermissions","_CmsEntriesCrudDecorators","_folder2","_createOperationsWrapper","_getFieldValues","_filter","setupAcoContext","context","tenancy","security","i18n","getLocale","locale","getContentLocale","WebinyError","getTenant","getCurrentTenant","storageOperations","createAcoStorageOperations","cms","getCmsContext","folderLevelPermissions","FolderLevelPermissions","getIdentity","getIdentityTeam","withoutAuthorization","identity","adminUser","adminUsers","getUser","where","id","team","getTeam","listPermissions","listAllFolders","type","withModel","createOperationsWrapper","modelName","FOLDER_MODEL_ID","model","results","entries","list","limit","latest","sort","items","map","entry","getFolderFieldValues","baseFields","canUseTeams","wcp","canUseFolderLevelPermissions","params","defaultRecordModel","getModel","SEARCH_RECORD_MODEL_ID","apps","AcoApps","plugins","byType","AcoAppRegisterPlugin","plugin","register","_objectSpread2","default","app","listAdminUsers","listUsers","listTeams","aco","folder","createFolderCrudMethods","search","createSearchRecordCrudMethods","filter","createFilterCrudMethods","getApp","name","get","listApps","registerApp","CmsEntriesCrudDecorators","decorate","createAcoContext","ContextPlugin","isInstallationPending","benchmark","measure","createAcoHooks","exports"],"sources":["createAcoContext.ts"],"sourcesContent":["import WebinyError from \"@webiny/error\";\nimport { ContextPlugin } from \"@webiny/api\";\nimport { I18NLocale } from \"@webiny/api-i18n/types\";\nimport { Tenant } from \"@webiny/api-tenancy/types\";\nimport { createAcoHooks } from \"~/createAcoHooks\";\nimport { baseFields, createAcoStorageOperations } from \"~/createAcoStorageOperations\";\nimport { isInstallationPending } from \"~/utils/isInstallationPending\";\nimport { AcoContext, CreateAcoParams, IAcoAppRegisterParams } from \"~/types\";\nimport { createFolderCrudMethods } from \"~/folder/folder.crud\";\nimport { createSearchRecordCrudMethods } from \"~/record/record.crud\";\nimport { AcoApps } from \"./apps\";\nimport { SEARCH_RECORD_MODEL_ID } from \"~/record/record.model\";\nimport { AcoAppRegisterPlugin } from \"~/plugins\";\nimport { FolderLevelPermissions } from \"~/utils/FolderLevelPermissions\";\nimport { CmsEntriesCrudDecorators } from \"~/utils/decorators/CmsEntriesCrudDecorators\";\nimport { FOLDER_MODEL_ID } from \"~/folder/folder.model\";\nimport { createOperationsWrapper } from \"~/utils/createOperationsWrapper\";\nimport { getFolderFieldValues } from \"~/utils/getFieldValues\";\nimport { createFilterCrudMethods } from \"~/filter/filter.crud\";\n\nconst setupAcoContext = async (context: AcoContext): Promise<void> => {\n const { tenancy, security, i18n } = context;\n\n const getLocale = (): I18NLocale => {\n const locale = i18n.getContentLocale();\n if (!locale) {\n throw new WebinyError(\n \"Missing content locale in api-aco/plugins/context.ts\",\n \"LOCALE_ERROR\"\n );\n }\n\n return locale;\n };\n\n const getTenant = (): Tenant => {\n return tenancy.getCurrentTenant();\n };\n\n const storageOperations = createAcoStorageOperations({\n /**\n * TODO: We need to figure out a way to pass \"cms\" from outside (e.g. apps/api/graphql)\n */\n cms: context.cms,\n /**\n * TODO: This is required for \"entryFieldFromStorageTransform\" which access plugins from context.\n */\n getCmsContext: () => context,\n security\n });\n\n const folderLevelPermissions = new FolderLevelPermissions({\n getIdentity: () => security.getIdentity(),\n getIdentityTeam: async () => {\n return security.withoutAuthorization(async () => {\n const identity = security.getIdentity();\n const adminUser = await context.adminUsers.getUser({ where: { id: identity.id } });\n if (!adminUser) {\n return null;\n }\n\n if (!adminUser.team) {\n return null;\n }\n\n return context.security.getTeam({ where: { id: adminUser.team } });\n });\n },\n listPermissions: () => security.listPermissions(),\n listAllFolders: type => {\n // When retrieving a list of all folders, we want to do it in the\n // fastest way and that is by directly using CMS's storage operations.\n const { withModel } = createOperationsWrapper({\n modelName: FOLDER_MODEL_ID,\n cms: context.cms,\n getCmsContext: () => context,\n security\n });\n\n return withModel(async model => {\n const results = await context.cms.storageOperations.entries.list(model, {\n limit: 100_000,\n where: {\n type,\n\n // Folders always work with latest entries. We never publish them.\n latest: true\n },\n sort: [\"title_ASC\"]\n });\n\n return results.items.map(entry => getFolderFieldValues(entry, baseFields));\n });\n },\n canUseTeams: () => context.wcp.canUseTeams(),\n canUseFolderLevelPermissions: () => context.wcp.canUseFolderLevelPermissions()\n });\n\n const params: CreateAcoParams = {\n getLocale,\n getTenant,\n storageOperations,\n folderLevelPermissions\n };\n\n const defaultRecordModel = await context.security.withoutAuthorization(async () => {\n return context.cms.getModel(SEARCH_RECORD_MODEL_ID);\n });\n\n if (!defaultRecordModel) {\n throw new WebinyError(`There is no default record model in ${SEARCH_RECORD_MODEL_ID}`);\n }\n\n /**\n * First we need to create all the apps.\n */\n const apps = new AcoApps(context, params);\n const plugins = context.plugins.byType<AcoAppRegisterPlugin>(AcoAppRegisterPlugin.type);\n for (const plugin of plugins) {\n await apps.register({\n model: defaultRecordModel,\n ...plugin.app\n });\n }\n\n const listAdminUsers = () => {\n return security.withoutAuthorization(async () => {\n return context.adminUsers.listUsers();\n });\n };\n const listTeams = () => {\n return security.withoutAuthorization(async () => {\n return context.security.listTeams();\n });\n };\n\n context.aco = {\n folder: createFolderCrudMethods({\n ...params,\n listAdminUsers,\n listTeams\n }),\n search: createSearchRecordCrudMethods(params),\n folderLevelPermissions,\n filter: createFilterCrudMethods(params),\n apps,\n getApp: (name: string) => apps.get(name),\n listApps: () => apps.list(),\n registerApp: async (params: IAcoAppRegisterParams) => {\n return apps.register({\n model: defaultRecordModel,\n ...params\n });\n }\n };\n\n if (context.wcp.canUseFolderLevelPermissions()) {\n new CmsEntriesCrudDecorators({ context }).decorate();\n\n // PB decorators registered here: packages/api-page-builder-aco/src/index.ts\n // new PageBuilderCrudDecorators({ context }).decorate();\n }\n};\n\nexport const createAcoContext = () => {\n const plugin = new ContextPlugin<AcoContext>(async context => {\n /**\n * We can skip the ACO initialization if the installation is pending.\n */\n if (isInstallationPending(context)) {\n return;\n }\n await context.benchmark.measure(\"aco.context.setup\", async () => {\n await setupAcoContext(context);\n });\n\n await context.benchmark.measure(\"aco.context.hooks\", async () => {\n await createAcoHooks(context);\n });\n });\n\n plugin.name = \"aco.createContext\";\n\n return plugin;\n};\n"],"mappings":";;;;;;;;AAAA,IAAAA,MAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,IAAA,GAAAD,OAAA;AAGA,IAAAE,eAAA,GAAAF,OAAA;AACA,IAAAG,2BAAA,GAAAH,OAAA;AACA,IAAAI,sBAAA,GAAAJ,OAAA;AAEA,IAAAK,OAAA,GAAAL,OAAA;AACA,IAAAM,OAAA,GAAAN,OAAA;AACA,IAAAO,KAAA,GAAAP,OAAA;AACA,IAAAQ,QAAA,GAAAR,OAAA;AACA,IAAAS,QAAA,GAAAT,OAAA;AACA,IAAAU,uBAAA,GAAAV,OAAA;AACA,IAAAW,yBAAA,GAAAX,OAAA;AACA,IAAAY,QAAA,GAAAZ,OAAA;AACA,IAAAa,wBAAA,GAAAb,OAAA;AACA,IAAAc,eAAA,GAAAd,OAAA;AACA,IAAAe,OAAA,GAAAf,OAAA;AAEA,MAAMgB,eAAe,GAAG,MAAOC,OAAmB,IAAoB;EAClE,MAAM;IAAEC,OAAO;IAAEC,QAAQ;IAAEC;EAAK,CAAC,GAAGH,OAAO;EAE3C,MAAMI,SAAS,GAAGA,CAAA,KAAkB;IAChC,MAAMC,MAAM,GAAGF,IAAI,CAACG,gBAAgB,CAAC,CAAC;IACtC,IAAI,CAACD,MAAM,EAAE;MACT,MAAM,IAAIE,cAAW,CACjB,sDAAsD,EACtD,cACJ,CAAC;IACL;IAEA,OAAOF,MAAM;EACjB,CAAC;EAED,MAAMG,SAAS,GAAGA,CAAA,KAAc;IAC5B,OAAOP,OAAO,CAACQ,gBAAgB,CAAC,CAAC;EACrC,CAAC;EAED,MAAMC,iBAAiB,GAAG,IAAAC,sDAA0B,EAAC;IACjD;AACR;AACA;IACQC,GAAG,EAAEZ,OAAO,CAACY,GAAG;IAChB;AACR;AACA;IACQC,aAAa,EAAEA,CAAA,KAAMb,OAAO;IAC5BE;EACJ,CAAC,CAAC;EAEF,MAAMY,sBAAsB,GAAG,IAAIC,8CAAsB,CAAC;IACtDC,WAAW,EAAEA,CAAA,KAAMd,QAAQ,CAACc,WAAW,CAAC,CAAC;IACzCC,eAAe,EAAE,MAAAA,CAAA,KAAY;MACzB,OAAOf,QAAQ,CAACgB,oBAAoB,CAAC,YAAY;QAC7C,MAAMC,QAAQ,GAAGjB,QAAQ,CAACc,WAAW,CAAC,CAAC;QACvC,MAAMI,SAAS,GAAG,MAAMpB,OAAO,CAACqB,UAAU,CAACC,OAAO,CAAC;UAAEC,KAAK,EAAE;YAAEC,EAAE,EAAEL,QAAQ,CAACK;UAAG;QAAE,CAAC,CAAC;QAClF,IAAI,CAACJ,SAAS,EAAE;UACZ,OAAO,IAAI;QACf;QAEA,IAAI,CAACA,SAAS,CAACK,IAAI,EAAE;UACjB,OAAO,IAAI;QACf;QAEA,OAAOzB,OAAO,CAACE,QAAQ,CAACwB,OAAO,CAAC;UAAEH,KAAK,EAAE;YAAEC,EAAE,EAAEJ,SAAS,CAACK;UAAK;QAAE,CAAC,CAAC;MACtE,CAAC,CAAC;IACN,CAAC;IACDE,eAAe,EAAEA,CAAA,KAAMzB,QAAQ,CAACyB,eAAe,CAAC,CAAC;IACjDC,cAAc,EAAEC,IAAI,IAAI;MACpB;MACA;MACA,MAAM;QAAEC;MAAU,CAAC,GAAG,IAAAC,gDAAuB,EAAC;QAC1CC,SAAS,EAAEC,wBAAe;QAC1BrB,GAAG,EAAEZ,OAAO,CAACY,GAAG;QAChBC,aAAa,EAAEA,CAAA,KAAMb,OAAO;QAC5BE;MACJ,CAAC,CAAC;MAEF,OAAO4B,SAAS,CAAC,MAAMI,KAAK,IAAI;QAC5B,MAAMC,OAAO,GAAG,MAAMnC,OAAO,CAACY,GAAG,CAACF,iBAAiB,CAAC0B,OAAO,CAACC,IAAI,CAACH,KAAK,EAAE;UACpEI,KAAK,EAAE,OAAO;UACdf,KAAK,EAAE;YACHM,IAAI;YAEJ;YACAU,MAAM,EAAE;UACZ,CAAC;UACDC,IAAI,EAAE,CAAC,WAAW;QACtB,CAAC,CAAC;QAEF,OAAOL,OAAO,CAACM,KAAK,CAACC,GAAG,CAACC,KAAK,IAAI,IAAAC,oCAAoB,EAACD,KAAK,EAAEE,sCAAU,CAAC,CAAC;MAC9E,CAAC,CAAC;IACN,CAAC;IACDC,WAAW,EAAEA,CAAA,KAAM9C,OAAO,CAAC+C,GAAG,CAACD,WAAW,CAAC,CAAC;IAC5CE,4BAA4B,EAAEA,CAAA,KAAMhD,OAAO,CAAC+C,GAAG,CAACC,4BAA4B,CAAC;EACjF,CAAC,CAAC;EAEF,MAAMC,MAAuB,GAAG;IAC5B7C,SAAS;IACTI,SAAS;IACTE,iBAAiB;IACjBI;EACJ,CAAC;EAED,MAAMoC,kBAAkB,GAAG,MAAMlD,OAAO,CAACE,QAAQ,CAACgB,oBAAoB,CAAC,YAAY;IAC/E,OAAOlB,OAAO,CAACY,GAAG,CAACuC,QAAQ,CAACC,+BAAsB,CAAC;EACvD,CAAC,CAAC;EAEF,IAAI,CAACF,kBAAkB,EAAE;IACrB,MAAM,IAAI3C,cAAW,CAAE,uCAAsC6C,+BAAuB,EAAC,CAAC;EAC1F;;EAEA;AACJ;AACA;EACI,MAAMC,IAAI,GAAG,IAAIC,aAAO,CAACtD,OAAO,EAAEiD,MAAM,CAAC;EACzC,MAAMM,OAAO,GAAGvD,OAAO,CAACuD,OAAO,CAACC,MAAM,CAAuBC,6BAAoB,CAAC5B,IAAI,CAAC;EACvF,KAAK,MAAM6B,MAAM,IAAIH,OAAO,EAAE;IAC1B,MAAMF,IAAI,CAACM,QAAQ,KAAAC,cAAA,CAAAC,OAAA;MACf3B,KAAK,EAAEgB;IAAkB,GACtBQ,MAAM,CAACI,GAAG,CAChB,CAAC;EACN;EAEA,MAAMC,cAAc,GAAGA,CAAA,KAAM;IACzB,OAAO7D,QAAQ,CAACgB,oBAAoB,CAAC,YAAY;MAC7C,OAAOlB,OAAO,CAACqB,UAAU,CAAC2C,SAAS,CAAC,CAAC;IACzC,CAAC,CAAC;EACN,CAAC;EACD,MAAMC,SAAS,GAAGA,CAAA,KAAM;IACpB,OAAO/D,QAAQ,CAACgB,oBAAoB,CAAC,YAAY;MAC7C,OAAOlB,OAAO,CAACE,QAAQ,CAAC+D,SAAS,CAAC,CAAC;IACvC,CAAC,CAAC;EACN,CAAC;EAEDjE,OAAO,CAACkE,GAAG,GAAG;IACVC,MAAM,EAAE,IAAAC,+BAAuB,MAAAR,cAAA,CAAAC,OAAA,MAAAD,cAAA,CAAAC,OAAA,MACxBZ,MAAM;MACTc,cAAc;MACdE;IAAS,EACZ,CAAC;IACFI,MAAM,EAAE,IAAAC,qCAA6B,EAACrB,MAAM,CAAC;IAC7CnC,sBAAsB;IACtByD,MAAM,EAAE,IAAAC,+BAAuB,EAACvB,MAAM,CAAC;IACvCI,IAAI;IACJoB,MAAM,EAAGC,IAAY,IAAKrB,IAAI,CAACsB,GAAG,CAACD,IAAI,CAAC;IACxCE,QAAQ,EAAEA,CAAA,KAAMvB,IAAI,CAAChB,IAAI,CAAC,CAAC;IAC3BwC,WAAW,EAAE,MAAO5B,MAA6B,IAAK;MAClD,OAAOI,IAAI,CAACM,QAAQ,KAAAC,cAAA,CAAAC,OAAA;QAChB3B,KAAK,EAAEgB;MAAkB,GACtBD,MAAM,CACZ,CAAC;IACN;EACJ,CAAC;EAED,IAAIjD,OAAO,CAAC+C,GAAG,CAACC,4BAA4B,CAAC,CAAC,EAAE;IAC5C,IAAI8B,kDAAwB,CAAC;MAAE9E;IAAQ,CAAC,CAAC,CAAC+E,QAAQ,CAAC,CAAC;;IAEpD;IACA;EACJ;AACJ,CAAC;;AAEM,MAAMC,gBAAgB,GAAGA,CAAA,KAAM;EAClC,MAAMtB,MAAM,GAAG,IAAIuB,kBAAa,CAAa,MAAMjF,OAAO,IAAI;IAC1D;AACR;AACA;IACQ,IAAI,IAAAkF,4CAAqB,EAAClF,OAAO,CAAC,EAAE;MAChC;IACJ;IACA,MAAMA,OAAO,CAACmF,SAAS,CAACC,OAAO,CAAC,mBAAmB,EAAE,YAAY;MAC7D,MAAMrF,eAAe,CAACC,OAAO,CAAC;IAClC,CAAC,CAAC;IAEF,MAAMA,OAAO,CAACmF,SAAS,CAACC,OAAO,CAAC,mBAAmB,EAAE,YAAY;MAC7D,MAAM,IAAAC,8BAAc,EAACrF,OAAO,CAAC;IACjC,CAAC,CAAC;EACN,CAAC,CAAC;EAEF0D,MAAM,CAACgB,IAAI,GAAG,mBAAmB;EAEjC,OAAOhB,MAAM;AACjB,CAAC;AAAC4B,OAAA,CAAAN,gBAAA,GAAAA,gBAAA"}
1
+ {"version":3,"names":["_error","_interopRequireDefault","require","_api","_createAcoHooks","_createAcoStorageOperations","_isInstallationPending","_folder","_record","_apps","_record2","_plugins","_FolderLevelPermissions","_CmsEntriesCrudDecorators","_folder2","_createOperationsWrapper","_getFieldValues","_filter","setupAcoContext","context","tenancy","security","i18n","getLocale","locale","getContentLocale","WebinyError","getTenant","getCurrentTenant","storageOperations","createAcoStorageOperations","cms","getCmsContext","folderLevelPermissions","FolderLevelPermissions","getIdentity","getIdentityTeam","withoutAuthorization","identity","adminUser","adminUsers","getUser","where","id","team","getTeam","listPermissions","listAllFolders","type","withModel","createOperationsWrapper","modelName","FOLDER_MODEL_ID","model","results","entries","list","limit","latest","sort","items","map","entry","getFolderFieldValues","baseFields","canUseTeams","wcp","canUseFolderLevelPermissions","params","defaultRecordModel","getModel","SEARCH_RECORD_MODEL_ID","apps","AcoApps","plugins","byType","AcoAppRegisterPlugin","plugin","register","_objectSpread2","default","app","listAdminUsers","listUsers","listTeams","aco","folder","createFolderCrudMethods","search","createSearchRecordCrudMethods","filter","createFilterCrudMethods","getApp","name","get","listApps","registerApp","CmsEntriesCrudDecorators","decorate","createAcoContext","ContextPlugin","isInstallationPending","benchmark","measure","createAcoHooks","exports"],"sources":["createAcoContext.ts"],"sourcesContent":["import WebinyError from \"@webiny/error\";\nimport { ContextPlugin } from \"@webiny/api\";\nimport { I18NLocale } from \"@webiny/api-i18n/types\";\nimport { Tenant } from \"@webiny/api-tenancy/types\";\nimport { createAcoHooks } from \"~/createAcoHooks\";\nimport { baseFields, createAcoStorageOperations } from \"~/createAcoStorageOperations\";\nimport { isInstallationPending } from \"~/utils/isInstallationPending\";\nimport { AcoContext, CreateAcoParams, IAcoAppRegisterParams } from \"~/types\";\nimport { createFolderCrudMethods } from \"~/folder/folder.crud\";\nimport { createSearchRecordCrudMethods } from \"~/record/record.crud\";\nimport { AcoApps } from \"./apps\";\nimport { SEARCH_RECORD_MODEL_ID } from \"~/record/record.model\";\nimport { AcoAppRegisterPlugin } from \"~/plugins\";\nimport { FolderLevelPermissions } from \"~/utils/FolderLevelPermissions\";\nimport { CmsEntriesCrudDecorators } from \"~/utils/decorators/CmsEntriesCrudDecorators\";\nimport { FOLDER_MODEL_ID } from \"~/folder/folder.model\";\nimport { createOperationsWrapper } from \"~/utils/createOperationsWrapper\";\nimport { getFolderFieldValues } from \"~/utils/getFieldValues\";\nimport { createFilterCrudMethods } from \"~/filter/filter.crud\";\n\nconst setupAcoContext = async (context: AcoContext): Promise<void> => {\n const { tenancy, security, i18n } = context;\n\n const getLocale = (): I18NLocale => {\n const locale = i18n.getContentLocale();\n if (!locale) {\n throw new WebinyError(\n \"Missing content locale in api-aco/plugins/context.ts\",\n \"LOCALE_ERROR\"\n );\n }\n\n return locale;\n };\n\n const getTenant = (): Tenant => {\n return tenancy.getCurrentTenant();\n };\n\n const storageOperations = createAcoStorageOperations({\n /**\n * TODO: We need to figure out a way to pass \"cms\" from outside (e.g. apps/api/graphql)\n */\n cms: context.cms,\n /**\n * TODO: This is required for \"entryFieldFromStorageTransform\" which access plugins from context.\n */\n getCmsContext: () => context,\n security\n });\n\n const folderLevelPermissions = new FolderLevelPermissions({\n getIdentity: () => security.getIdentity(),\n getIdentityTeam: async () => {\n return security.withoutAuthorization(async () => {\n const identity = security.getIdentity();\n if (!identity) {\n return null;\n }\n\n const adminUser = await context.adminUsers.getUser({ where: { id: identity.id } });\n if (!adminUser) {\n return null;\n }\n\n if (!adminUser.team) {\n return null;\n }\n\n return context.security.getTeam({ where: { id: adminUser.team } });\n });\n },\n listPermissions: () => security.listPermissions(),\n listAllFolders: type => {\n // When retrieving a list of all folders, we want to do it in the\n // fastest way and that is by directly using CMS's storage operations.\n const { withModel } = createOperationsWrapper({\n modelName: FOLDER_MODEL_ID,\n cms: context.cms,\n getCmsContext: () => context,\n security\n });\n\n return withModel(async model => {\n const results = await context.cms.storageOperations.entries.list(model, {\n limit: 100_000,\n where: {\n type,\n\n // Folders always work with latest entries. We never publish them.\n latest: true\n },\n sort: [\"title_ASC\"]\n });\n\n return results.items.map(entry => getFolderFieldValues(entry, baseFields));\n });\n },\n canUseTeams: () => context.wcp.canUseTeams(),\n canUseFolderLevelPermissions: () => context.wcp.canUseFolderLevelPermissions()\n });\n\n const params: CreateAcoParams = {\n getLocale,\n getTenant,\n storageOperations,\n folderLevelPermissions\n };\n\n const defaultRecordModel = await context.security.withoutAuthorization(async () => {\n return context.cms.getModel(SEARCH_RECORD_MODEL_ID);\n });\n\n if (!defaultRecordModel) {\n throw new WebinyError(`There is no default record model in ${SEARCH_RECORD_MODEL_ID}`);\n }\n\n /**\n * First we need to create all the apps.\n */\n const apps = new AcoApps(context, params);\n const plugins = context.plugins.byType<AcoAppRegisterPlugin>(AcoAppRegisterPlugin.type);\n for (const plugin of plugins) {\n await apps.register({\n model: defaultRecordModel,\n ...plugin.app\n });\n }\n\n const listAdminUsers = () => {\n return security.withoutAuthorization(async () => {\n return context.adminUsers.listUsers();\n });\n };\n const listTeams = () => {\n return security.withoutAuthorization(async () => {\n return context.security.listTeams();\n });\n };\n\n context.aco = {\n folder: createFolderCrudMethods({\n ...params,\n listAdminUsers,\n listTeams\n }),\n search: createSearchRecordCrudMethods(params),\n folderLevelPermissions,\n filter: createFilterCrudMethods(params),\n apps,\n getApp: (name: string) => apps.get(name),\n listApps: () => apps.list(),\n registerApp: async (params: IAcoAppRegisterParams) => {\n return apps.register({\n model: defaultRecordModel,\n ...params\n });\n }\n };\n\n if (context.wcp.canUseFolderLevelPermissions()) {\n new CmsEntriesCrudDecorators({ context }).decorate();\n\n // PB decorators registered here: packages/api-page-builder-aco/src/index.ts\n // new PageBuilderCrudDecorators({ context }).decorate();\n }\n};\n\nexport const createAcoContext = () => {\n const plugin = new ContextPlugin<AcoContext>(async context => {\n /**\n * We can skip the ACO initialization if the installation is pending.\n */\n if (isInstallationPending(context)) {\n return;\n }\n await context.benchmark.measure(\"aco.context.setup\", async () => {\n await setupAcoContext(context);\n });\n\n await context.benchmark.measure(\"aco.context.hooks\", async () => {\n await createAcoHooks(context);\n });\n });\n\n plugin.name = \"aco.createContext\";\n\n return plugin;\n};\n"],"mappings":";;;;;;;;AAAA,IAAAA,MAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,IAAA,GAAAD,OAAA;AAGA,IAAAE,eAAA,GAAAF,OAAA;AACA,IAAAG,2BAAA,GAAAH,OAAA;AACA,IAAAI,sBAAA,GAAAJ,OAAA;AAEA,IAAAK,OAAA,GAAAL,OAAA;AACA,IAAAM,OAAA,GAAAN,OAAA;AACA,IAAAO,KAAA,GAAAP,OAAA;AACA,IAAAQ,QAAA,GAAAR,OAAA;AACA,IAAAS,QAAA,GAAAT,OAAA;AACA,IAAAU,uBAAA,GAAAV,OAAA;AACA,IAAAW,yBAAA,GAAAX,OAAA;AACA,IAAAY,QAAA,GAAAZ,OAAA;AACA,IAAAa,wBAAA,GAAAb,OAAA;AACA,IAAAc,eAAA,GAAAd,OAAA;AACA,IAAAe,OAAA,GAAAf,OAAA;AAEA,MAAMgB,eAAe,GAAG,MAAOC,OAAmB,IAAoB;EAClE,MAAM;IAAEC,OAAO;IAAEC,QAAQ;IAAEC;EAAK,CAAC,GAAGH,OAAO;EAE3C,MAAMI,SAAS,GAAGA,CAAA,KAAkB;IAChC,MAAMC,MAAM,GAAGF,IAAI,CAACG,gBAAgB,CAAC,CAAC;IACtC,IAAI,CAACD,MAAM,EAAE;MACT,MAAM,IAAIE,cAAW,CACjB,sDAAsD,EACtD,cACJ,CAAC;IACL;IAEA,OAAOF,MAAM;EACjB,CAAC;EAED,MAAMG,SAAS,GAAGA,CAAA,KAAc;IAC5B,OAAOP,OAAO,CAACQ,gBAAgB,CAAC,CAAC;EACrC,CAAC;EAED,MAAMC,iBAAiB,GAAG,IAAAC,sDAA0B,EAAC;IACjD;AACR;AACA;IACQC,GAAG,EAAEZ,OAAO,CAACY,GAAG;IAChB;AACR;AACA;IACQC,aAAa,EAAEA,CAAA,KAAMb,OAAO;IAC5BE;EACJ,CAAC,CAAC;EAEF,MAAMY,sBAAsB,GAAG,IAAIC,8CAAsB,CAAC;IACtDC,WAAW,EAAEA,CAAA,KAAMd,QAAQ,CAACc,WAAW,CAAC,CAAC;IACzCC,eAAe,EAAE,MAAAA,CAAA,KAAY;MACzB,OAAOf,QAAQ,CAACgB,oBAAoB,CAAC,YAAY;QAC7C,MAAMC,QAAQ,GAAGjB,QAAQ,CAACc,WAAW,CAAC,CAAC;QACvC,IAAI,CAACG,QAAQ,EAAE;UACX,OAAO,IAAI;QACf;QAEA,MAAMC,SAAS,GAAG,MAAMpB,OAAO,CAACqB,UAAU,CAACC,OAAO,CAAC;UAAEC,KAAK,EAAE;YAAEC,EAAE,EAAEL,QAAQ,CAACK;UAAG;QAAE,CAAC,CAAC;QAClF,IAAI,CAACJ,SAAS,EAAE;UACZ,OAAO,IAAI;QACf;QAEA,IAAI,CAACA,SAAS,CAACK,IAAI,EAAE;UACjB,OAAO,IAAI;QACf;QAEA,OAAOzB,OAAO,CAACE,QAAQ,CAACwB,OAAO,CAAC;UAAEH,KAAK,EAAE;YAAEC,EAAE,EAAEJ,SAAS,CAACK;UAAK;QAAE,CAAC,CAAC;MACtE,CAAC,CAAC;IACN,CAAC;IACDE,eAAe,EAAEA,CAAA,KAAMzB,QAAQ,CAACyB,eAAe,CAAC,CAAC;IACjDC,cAAc,EAAEC,IAAI,IAAI;MACpB;MACA;MACA,MAAM;QAAEC;MAAU,CAAC,GAAG,IAAAC,gDAAuB,EAAC;QAC1CC,SAAS,EAAEC,wBAAe;QAC1BrB,GAAG,EAAEZ,OAAO,CAACY,GAAG;QAChBC,aAAa,EAAEA,CAAA,KAAMb,OAAO;QAC5BE;MACJ,CAAC,CAAC;MAEF,OAAO4B,SAAS,CAAC,MAAMI,KAAK,IAAI;QAC5B,MAAMC,OAAO,GAAG,MAAMnC,OAAO,CAACY,GAAG,CAACF,iBAAiB,CAAC0B,OAAO,CAACC,IAAI,CAACH,KAAK,EAAE;UACpEI,KAAK,EAAE,OAAO;UACdf,KAAK,EAAE;YACHM,IAAI;YAEJ;YACAU,MAAM,EAAE;UACZ,CAAC;UACDC,IAAI,EAAE,CAAC,WAAW;QACtB,CAAC,CAAC;QAEF,OAAOL,OAAO,CAACM,KAAK,CAACC,GAAG,CAACC,KAAK,IAAI,IAAAC,oCAAoB,EAACD,KAAK,EAAEE,sCAAU,CAAC,CAAC;MAC9E,CAAC,CAAC;IACN,CAAC;IACDC,WAAW,EAAEA,CAAA,KAAM9C,OAAO,CAAC+C,GAAG,CAACD,WAAW,CAAC,CAAC;IAC5CE,4BAA4B,EAAEA,CAAA,KAAMhD,OAAO,CAAC+C,GAAG,CAACC,4BAA4B,CAAC;EACjF,CAAC,CAAC;EAEF,MAAMC,MAAuB,GAAG;IAC5B7C,SAAS;IACTI,SAAS;IACTE,iBAAiB;IACjBI;EACJ,CAAC;EAED,MAAMoC,kBAAkB,GAAG,MAAMlD,OAAO,CAACE,QAAQ,CAACgB,oBAAoB,CAAC,YAAY;IAC/E,OAAOlB,OAAO,CAACY,GAAG,CAACuC,QAAQ,CAACC,+BAAsB,CAAC;EACvD,CAAC,CAAC;EAEF,IAAI,CAACF,kBAAkB,EAAE;IACrB,MAAM,IAAI3C,cAAW,CAAE,uCAAsC6C,+BAAuB,EAAC,CAAC;EAC1F;;EAEA;AACJ;AACA;EACI,MAAMC,IAAI,GAAG,IAAIC,aAAO,CAACtD,OAAO,EAAEiD,MAAM,CAAC;EACzC,MAAMM,OAAO,GAAGvD,OAAO,CAACuD,OAAO,CAACC,MAAM,CAAuBC,6BAAoB,CAAC5B,IAAI,CAAC;EACvF,KAAK,MAAM6B,MAAM,IAAIH,OAAO,EAAE;IAC1B,MAAMF,IAAI,CAACM,QAAQ,KAAAC,cAAA,CAAAC,OAAA;MACf3B,KAAK,EAAEgB;IAAkB,GACtBQ,MAAM,CAACI,GAAG,CAChB,CAAC;EACN;EAEA,MAAMC,cAAc,GAAGA,CAAA,KAAM;IACzB,OAAO7D,QAAQ,CAACgB,oBAAoB,CAAC,YAAY;MAC7C,OAAOlB,OAAO,CAACqB,UAAU,CAAC2C,SAAS,CAAC,CAAC;IACzC,CAAC,CAAC;EACN,CAAC;EACD,MAAMC,SAAS,GAAGA,CAAA,KAAM;IACpB,OAAO/D,QAAQ,CAACgB,oBAAoB,CAAC,YAAY;MAC7C,OAAOlB,OAAO,CAACE,QAAQ,CAAC+D,SAAS,CAAC,CAAC;IACvC,CAAC,CAAC;EACN,CAAC;EAEDjE,OAAO,CAACkE,GAAG,GAAG;IACVC,MAAM,EAAE,IAAAC,+BAAuB,MAAAR,cAAA,CAAAC,OAAA,MAAAD,cAAA,CAAAC,OAAA,MACxBZ,MAAM;MACTc,cAAc;MACdE;IAAS,EACZ,CAAC;IACFI,MAAM,EAAE,IAAAC,qCAA6B,EAACrB,MAAM,CAAC;IAC7CnC,sBAAsB;IACtByD,MAAM,EAAE,IAAAC,+BAAuB,EAACvB,MAAM,CAAC;IACvCI,IAAI;IACJoB,MAAM,EAAGC,IAAY,IAAKrB,IAAI,CAACsB,GAAG,CAACD,IAAI,CAAC;IACxCE,QAAQ,EAAEA,CAAA,KAAMvB,IAAI,CAAChB,IAAI,CAAC,CAAC;IAC3BwC,WAAW,EAAE,MAAO5B,MAA6B,IAAK;MAClD,OAAOI,IAAI,CAACM,QAAQ,KAAAC,cAAA,CAAAC,OAAA;QAChB3B,KAAK,EAAEgB;MAAkB,GACtBD,MAAM,CACZ,CAAC;IACN;EACJ,CAAC;EAED,IAAIjD,OAAO,CAAC+C,GAAG,CAACC,4BAA4B,CAAC,CAAC,EAAE;IAC5C,IAAI8B,kDAAwB,CAAC;MAAE9E;IAAQ,CAAC,CAAC,CAAC+E,QAAQ,CAAC,CAAC;;IAEpD;IACA;EACJ;AACJ,CAAC;;AAEM,MAAMC,gBAAgB,GAAGA,CAAA,KAAM;EAClC,MAAMtB,MAAM,GAAG,IAAIuB,kBAAa,CAAa,MAAMjF,OAAO,IAAI;IAC1D;AACR;AACA;IACQ,IAAI,IAAAkF,4CAAqB,EAAClF,OAAO,CAAC,EAAE;MAChC;IACJ;IACA,MAAMA,OAAO,CAACmF,SAAS,CAACC,OAAO,CAAC,mBAAmB,EAAE,YAAY;MAC7D,MAAMrF,eAAe,CAACC,OAAO,CAAC;IAClC,CAAC,CAAC;IAEF,MAAMA,OAAO,CAACmF,SAAS,CAACC,OAAO,CAAC,mBAAmB,EAAE,YAAY;MAC7D,MAAM,IAAAC,8BAAc,EAACrF,OAAO,CAAC;IACjC,CAAC,CAAC;EACN,CAAC,CAAC;EAEF0D,MAAM,CAACgB,IAAI,GAAG,mBAAmB;EAEjC,OAAOhB,MAAM;AACjB,CAAC;AAAC4B,OAAA,CAAAN,gBAAA,GAAAA,gBAAA"}
package/folder/folder.gql.js CHANGED
@@ -34,6 +34,9 @@ const folderSchema = new _GraphQLSchemaPlugin.GraphQLSchemaPlugin({
34
34
  # Tells us if the current user can manage folder permissions.
35
35
  canManagePermissions: Boolean
36
36
 
37
+ # Tells us if the current user can manage folder content.
38
+ canManageContent: Boolean
39
+
37
40
  # Tells us if the folder contains non-inherited permissions.
38
41
  hasNonInheritedPermissions: Boolean
39
42
 
@@ -122,6 +125,9 @@ const folderSchema = new _GraphQLSchemaPlugin.GraphQLSchemaPlugin({
122
125
  },
123
126
  canManagePermissions: (folder, _, context) => {
124
127
  return context.aco.folderLevelPermissions.canManageFolderPermissions(folder);
128
+ },
129
+ canManageContent: (folder, _, context) => {
130
+ return context.aco.folderLevelPermissions.canManageFolderContent(folder);
125
131
  }
126
132
  },
127
133
  AcoQuery: {
package/folder/folder.gql.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["_responses","require","_GraphQLSchemaPlugin","_ensureAuthentication","_resolve","folderSchema","GraphQLSchemaPlugin","typeDefs","resolvers","Folder","hasNonInheritedPermissions","folder","_","context","aco","folderLevelPermissions","permissionsIncludeNonInheritedPermissions","permissions","canManageStructure","canManageFolderStructure","canManagePermissions","canManageFolderPermissions","AcoQuery","getFolder","id","resolve","ensureAuthentication","get","listFolders","args","entries","meta","list","ListResponse","e","ErrorResponse","listFolderLevelPermissionsTargets","AcoMutation","createFolder","data","create","updateFolder","update","deleteFolder","delete","exports"],"sources":["folder.gql.ts"],"sourcesContent":["import { ErrorResponse, ListResponse } from \"@webiny/handler-graphql/responses\";\nimport { GraphQLSchemaPlugin } from \"@webiny/handler-graphql/plugins/GraphQLSchemaPlugin\";\n\nimport { ensureAuthentication } from \"~/utils/ensureAuthentication\";\nimport { resolve } from \"~/utils/resolve\";\n\nimport { AcoContext, Folder } from \"~/types\";\n\nexport const folderSchema = new GraphQLSchemaPlugin<AcoContext>({\n typeDefs: /* GraphQL */ `\n type FolderPermission {\n target: String!\n level: String!\n inheritedFrom: ID\n }\n\n input FolderPermissionInput {\n target: String!\n level: String!\n inheritedFrom: ID\n }\n\n type Folder {\n id: ID!\n title: String!\n slug: String!\n permissions: [FolderPermission]\n\n # Tells us if the current user can manage folder structure.\n canManageStructure: Boolean\n\n # Tells us if the current user can manage folder permissions.\n canManagePermissions: Boolean\n\n # Tells us if the folder contains non-inherited permissions.\n hasNonInheritedPermissions: Boolean\n\n type: String!\n parentId: ID\n savedOn: DateTime\n createdOn: DateTime\n createdBy: AcoUser\n }\n\n input FolderCreateInput {\n title: String!\n slug: String!\n permissions: [FolderPermissionInput]\n type: String!\n parentId: ID\n }\n\n input FolderUpdateInput {\n title: String\n slug: String\n permissions: [FolderPermissionInput]\n parentId: ID\n }\n\n input FoldersListWhereInput {\n type: String!\n parentId: String\n createdBy: ID\n }\n\n type FolderResponse {\n data: Folder\n error: AcoError\n }\n\n type FoldersListResponse {\n data: [Folder]\n error: AcoError\n meta: AcoMeta\n }\n\n type FolderLevelPermissionsTarget {\n id: ID!\n type: String!\n target: ID!\n name: String!\n meta: JSON\n }\n\n type FolderLevelPermissionsTargetsListMeta {\n totalCount: Int!\n }\n\n type FolderLevelPermissionsTargetsListResponse {\n data: [FolderLevelPermissionsTarget]\n meta: FolderLevelPermissionsTargetsListMeta\n error: AcoError\n }\n\n extend type AcoQuery {\n getFolder(id: ID!): FolderResponse\n listFolders(\n where: FoldersListWhereInput!\n limit: Int\n after: String\n sort: AcoSort\n ): FoldersListResponse\n\n listFolderLevelPermissionsTargets: FolderLevelPermissionsTargetsListResponse\n }\n\n extend type AcoMutation {\n createFolder(data: FolderCreateInput!): FolderResponse\n updateFolder(id: ID!, data: FolderUpdateInput!): FolderResponse\n deleteFolder(id: ID!): AcoBooleanResponse\n }\n `,\n resolvers: {\n Folder: {\n hasNonInheritedPermissions: (folder: Folder, _, context) => {\n return context.aco.folderLevelPermissions.permissionsIncludeNonInheritedPermissions(\n folder.permissions\n );\n },\n canManageStructure: (folder, _, context) => {\n return context.aco.folderLevelPermissions.canManageFolderStructure(folder);\n },\n canManagePermissions: (folder, _, context) => {\n return context.aco.folderLevelPermissions.canManageFolderPermissions(folder);\n }\n },\n AcoQuery: {\n getFolder: async (_, { id }, context) => {\n return resolve(() => {\n ensureAuthentication(context);\n return context.aco.folder.get(id);\n });\n },\n listFolders: async (_, args: any, context) => {\n try {\n ensureAuthentication(context);\n const [entries, meta] = await context.aco.folder.list(args);\n return new ListResponse(entries, meta);\n } catch (e) {\n return new ErrorResponse(e);\n }\n },\n listFolderLevelPermissionsTargets: async (_, args: any, context) => {\n try {\n ensureAuthentication(context);\n const [entries, meta] =\n await context.aco.folder.listFolderLevelPermissionsTargets();\n return new ListResponse(entries, meta);\n } catch (e) {\n return new ErrorResponse(e);\n }\n }\n },\n AcoMutation: {\n createFolder: async (_, { data }, context) => {\n return resolve(() => {\n ensureAuthentication(context);\n return context.aco.folder.create(data);\n });\n },\n updateFolder: async (_, { id, data }, context) => {\n return resolve(() => {\n ensureAuthentication(context);\n return context.aco.folder.update(id, data);\n });\n },\n deleteFolder: async (_, { id }, context) => {\n return resolve(() => {\n ensureAuthentication(context);\n return context.aco.folder.delete(id);\n });\n }\n }\n }\n});\n"],"mappings":";;;;;;AAAA,IAAAA,UAAA,GAAAC,OAAA;AACA,IAAAC,oBAAA,GAAAD,OAAA;AAEA,IAAAE,qBAAA,GAAAF,OAAA;AACA,IAAAG,QAAA,GAAAH,OAAA;AAIO,MAAMI,YAAY,GAAG,IAAIC,wCAAmB,CAAa;EAC5DC,QAAQ,EAAE,aAAe;AAC7B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;EACDC,SAAS,EAAE;IACPC,MAAM,EAAE;MACJC,0BAA0B,EAAEA,CAACC,MAAc,EAAEC,CAAC,EAAEC,OAAO,KAAK;QACxD,OAAOA,OAAO,CAACC,GAAG,CAACC,sBAAsB,CAACC,yCAAyC,CAC/EL,MAAM,CAACM,WACX,CAAC;MACL,CAAC;MACDC,kBAAkB,EAAEA,CAACP,MAAM,EAAEC,CAAC,EAAEC,OAAO,KAAK;QACxC,OAAOA,OAAO,CAACC,GAAG,CAACC,sBAAsB,CAACI,wBAAwB,CAACR,MAAM,CAAC;MAC9E,CAAC;MACDS,oBAAoB,EAAEA,CAACT,MAAM,EAAEC,CAAC,EAAEC,OAAO,KAAK;QAC1C,OAAOA,OAAO,CAACC,GAAG,CAACC,sBAAsB,CAACM,0BAA0B,CAACV,MAAM,CAAC;MAChF;IACJ,CAAC;IACDW,QAAQ,EAAE;MACNC,SAAS,EAAE,MAAAA,CAAOX,CAAC,EAAE;QAAEY;MAAG,CAAC,EAAEX,OAAO,KAAK;QACrC,OAAO,IAAAY,gBAAO,EAAC,MAAM;UACjB,IAAAC,0CAAoB,EAACb,OAAO,CAAC;UAC7B,OAAOA,OAAO,CAACC,GAAG,CAACH,MAAM,CAACgB,GAAG,CAACH,EAAE,CAAC;QACrC,CAAC,CAAC;MACN,CAAC;MACDI,WAAW,EAAE,MAAAA,CAAOhB,CAAC,EAAEiB,IAAS,EAAEhB,OAAO,KAAK;QAC1C,IAAI;UACA,IAAAa,0CAAoB,EAACb,OAAO,CAAC;UAC7B,MAAM,CAACiB,OAAO,EAAEC,IAAI,CAAC,GAAG,MAAMlB,OAAO,CAACC,GAAG,CAACH,MAAM,CAACqB,IAAI,CAACH,IAAI,CAAC;UAC3D,OAAO,IAAII,uBAAY,CAACH,OAAO,EAAEC,IAAI,CAAC;QAC1C,CAAC,CAAC,OAAOG,CAAC,EAAE;UACR,OAAO,IAAIC,wBAAa,CAACD,CAAC,CAAC;QAC/B;MACJ,CAAC;MACDE,iCAAiC,EAAE,MAAAA,CAAOxB,CAAC,EAAEiB,IAAS,EAAEhB,OAAO,KAAK;QAChE,IAAI;UACA,IAAAa,0CAAoB,EAACb,OAAO,CAAC;UAC7B,MAAM,CAACiB,OAAO,EAAEC,IAAI,CAAC,GACjB,MAAMlB,OAAO,CAACC,GAAG,CAACH,MAAM,CAACyB,iCAAiC,CAAC,CAAC;UAChE,OAAO,IAAIH,uBAAY,CAACH,OAAO,EAAEC,IAAI,CAAC;QAC1C,CAAC,CAAC,OAAOG,CAAC,EAAE;UACR,OAAO,IAAIC,wBAAa,CAACD,CAAC,CAAC;QAC/B;MACJ;IACJ,CAAC;IACDG,WAAW,EAAE;MACTC,YAAY,EAAE,MAAAA,CAAO1B,CAAC,EAAE;QAAE2B;MAAK,CAAC,EAAE1B,OAAO,KAAK;QAC1C,OAAO,IAAAY,gBAAO,EAAC,MAAM;UACjB,IAAAC,0CAAoB,EAACb,OAAO,CAAC;UAC7B,OAAOA,OAAO,CAACC,GAAG,CAACH,MAAM,CAAC6B,MAAM,CAACD,IAAI,CAAC;QAC1C,CAAC,CAAC;MACN,CAAC;MACDE,YAAY,EAAE,MAAAA,CAAO7B,CAAC,EAAE;QAAEY,EAAE;QAAEe;MAAK,CAAC,EAAE1B,OAAO,KAAK;QAC9C,OAAO,IAAAY,gBAAO,EAAC,MAAM;UACjB,IAAAC,0CAAoB,EAACb,OAAO,CAAC;UAC7B,OAAOA,OAAO,CAACC,GAAG,CAACH,MAAM,CAAC+B,MAAM,CAAClB,EAAE,EAAEe,IAAI,CAAC;QAC9C,CAAC,CAAC;MACN,CAAC;MACDI,YAAY,EAAE,MAAAA,CAAO/B,CAAC,EAAE;QAAEY;MAAG,CAAC,EAAEX,OAAO,KAAK;QACxC,OAAO,IAAAY,gBAAO,EAAC,MAAM;UACjB,IAAAC,0CAAoB,EAACb,OAAO,CAAC;UAC7B,OAAOA,OAAO,CAACC,GAAG,CAACH,MAAM,CAACiC,MAAM,CAACpB,EAAE,CAAC;QACxC,CAAC,CAAC;MACN;IACJ;EACJ;AACJ,CAAC,CAAC;AAACqB,OAAA,CAAAxC,YAAA,GAAAA,YAAA"}
1
+ {"version":3,"names":["_responses","require","_GraphQLSchemaPlugin","_ensureAuthentication","_resolve","folderSchema","GraphQLSchemaPlugin","typeDefs","resolvers","Folder","hasNonInheritedPermissions","folder","_","context","aco","folderLevelPermissions","permissionsIncludeNonInheritedPermissions","permissions","canManageStructure","canManageFolderStructure","canManagePermissions","canManageFolderPermissions","canManageContent","canManageFolderContent","AcoQuery","getFolder","id","resolve","ensureAuthentication","get","listFolders","args","entries","meta","list","ListResponse","e","ErrorResponse","listFolderLevelPermissionsTargets","AcoMutation","createFolder","data","create","updateFolder","update","deleteFolder","delete","exports"],"sources":["folder.gql.ts"],"sourcesContent":["import { ErrorResponse, ListResponse } from \"@webiny/handler-graphql/responses\";\nimport { GraphQLSchemaPlugin } from \"@webiny/handler-graphql/plugins/GraphQLSchemaPlugin\";\n\nimport { ensureAuthentication } from \"~/utils/ensureAuthentication\";\nimport { resolve } from \"~/utils/resolve\";\n\nimport { AcoContext, Folder } from \"~/types\";\n\nexport const folderSchema = new GraphQLSchemaPlugin<AcoContext>({\n typeDefs: /* GraphQL */ `\n type FolderPermission {\n target: String!\n level: String!\n inheritedFrom: ID\n }\n\n input FolderPermissionInput {\n target: String!\n level: String!\n inheritedFrom: ID\n }\n\n type Folder {\n id: ID!\n title: String!\n slug: String!\n permissions: [FolderPermission]\n\n # Tells us if the current user can manage folder structure.\n canManageStructure: Boolean\n\n # Tells us if the current user can manage folder permissions.\n canManagePermissions: Boolean\n\n # Tells us if the current user can manage folder content.\n canManageContent: Boolean\n\n # Tells us if the folder contains non-inherited permissions.\n hasNonInheritedPermissions: Boolean\n\n type: String!\n parentId: ID\n savedOn: DateTime\n createdOn: DateTime\n createdBy: AcoUser\n }\n\n input FolderCreateInput {\n title: String!\n slug: String!\n permissions: [FolderPermissionInput]\n type: String!\n parentId: ID\n }\n\n input FolderUpdateInput {\n title: String\n slug: String\n permissions: [FolderPermissionInput]\n parentId: ID\n }\n\n input FoldersListWhereInput {\n type: String!\n parentId: String\n createdBy: ID\n }\n\n type FolderResponse {\n data: Folder\n error: AcoError\n }\n\n type FoldersListResponse {\n data: [Folder]\n error: AcoError\n meta: AcoMeta\n }\n\n type FolderLevelPermissionsTarget {\n id: ID!\n type: String!\n target: ID!\n name: String!\n meta: JSON\n }\n\n type FolderLevelPermissionsTargetsListMeta {\n totalCount: Int!\n }\n\n type FolderLevelPermissionsTargetsListResponse {\n data: [FolderLevelPermissionsTarget]\n meta: FolderLevelPermissionsTargetsListMeta\n error: AcoError\n }\n\n extend type AcoQuery {\n getFolder(id: ID!): FolderResponse\n listFolders(\n where: FoldersListWhereInput!\n limit: Int\n after: String\n sort: AcoSort\n ): FoldersListResponse\n\n listFolderLevelPermissionsTargets: FolderLevelPermissionsTargetsListResponse\n }\n\n extend type AcoMutation {\n createFolder(data: FolderCreateInput!): FolderResponse\n updateFolder(id: ID!, data: FolderUpdateInput!): FolderResponse\n deleteFolder(id: ID!): AcoBooleanResponse\n }\n `,\n resolvers: {\n Folder: {\n hasNonInheritedPermissions: (folder: Folder, _, context) => {\n return context.aco.folderLevelPermissions.permissionsIncludeNonInheritedPermissions(\n folder.permissions\n );\n },\n canManageStructure: (folder, _, context) => {\n return context.aco.folderLevelPermissions.canManageFolderStructure(folder);\n },\n canManagePermissions: (folder, _, context) => {\n return context.aco.folderLevelPermissions.canManageFolderPermissions(folder);\n },\n canManageContent: (folder, _, context) => {\n return context.aco.folderLevelPermissions.canManageFolderContent(folder);\n }\n },\n AcoQuery: {\n getFolder: async (_, { id }, context) => {\n return resolve(() => {\n ensureAuthentication(context);\n return context.aco.folder.get(id);\n });\n },\n listFolders: async (_, args: any, context) => {\n try {\n ensureAuthentication(context);\n const [entries, meta] = await context.aco.folder.list(args);\n return new ListResponse(entries, meta);\n } catch (e) {\n return new ErrorResponse(e);\n }\n },\n listFolderLevelPermissionsTargets: async (_, args: any, context) => {\n try {\n ensureAuthentication(context);\n const [entries, meta] =\n await context.aco.folder.listFolderLevelPermissionsTargets();\n return new ListResponse(entries, meta);\n } catch (e) {\n return new ErrorResponse(e);\n }\n }\n },\n AcoMutation: {\n createFolder: async (_, { data }, context) => {\n return resolve(() => {\n ensureAuthentication(context);\n return context.aco.folder.create(data);\n });\n },\n updateFolder: async (_, { id, data }, context) => {\n return resolve(() => {\n ensureAuthentication(context);\n return context.aco.folder.update(id, data);\n });\n },\n deleteFolder: async (_, { id }, context) => {\n return resolve(() => {\n ensureAuthentication(context);\n return context.aco.folder.delete(id);\n });\n }\n }\n }\n});\n"],"mappings":";;;;;;AAAA,IAAAA,UAAA,GAAAC,OAAA;AACA,IAAAC,oBAAA,GAAAD,OAAA;AAEA,IAAAE,qBAAA,GAAAF,OAAA;AACA,IAAAG,QAAA,GAAAH,OAAA;AAIO,MAAMI,YAAY,GAAG,IAAIC,wCAAmB,CAAa;EAC5DC,QAAQ,EAAE,aAAe;AAC7B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;EACDC,SAAS,EAAE;IACPC,MAAM,EAAE;MACJC,0BAA0B,EAAEA,CAACC,MAAc,EAAEC,CAAC,EAAEC,OAAO,KAAK;QACxD,OAAOA,OAAO,CAACC,GAAG,CAACC,sBAAsB,CAACC,yCAAyC,CAC/EL,MAAM,CAACM,WACX,CAAC;MACL,CAAC;MACDC,kBAAkB,EAAEA,CAACP,MAAM,EAAEC,CAAC,EAAEC,OAAO,KAAK;QACxC,OAAOA,OAAO,CAACC,GAAG,CAACC,sBAAsB,CAACI,wBAAwB,CAACR,MAAM,CAAC;MAC9E,CAAC;MACDS,oBAAoB,EAAEA,CAACT,MAAM,EAAEC,CAAC,EAAEC,OAAO,KAAK;QAC1C,OAAOA,OAAO,CAACC,GAAG,CAACC,sBAAsB,CAACM,0BAA0B,CAACV,MAAM,CAAC;MAChF,CAAC;MACDW,gBAAgB,EAAEA,CAACX,MAAM,EAAEC,CAAC,EAAEC,OAAO,KAAK;QACtC,OAAOA,OAAO,CAACC,GAAG,CAACC,sBAAsB,CAACQ,sBAAsB,CAACZ,MAAM,CAAC;MAC5E;IACJ,CAAC;IACDa,QAAQ,EAAE;MACNC,SAAS,EAAE,MAAAA,CAAOb,CAAC,EAAE;QAAEc;MAAG,CAAC,EAAEb,OAAO,KAAK;QACrC,OAAO,IAAAc,gBAAO,EAAC,MAAM;UACjB,IAAAC,0CAAoB,EAACf,OAAO,CAAC;UAC7B,OAAOA,OAAO,CAACC,GAAG,CAACH,MAAM,CAACkB,GAAG,CAACH,EAAE,CAAC;QACrC,CAAC,CAAC;MACN,CAAC;MACDI,WAAW,EAAE,MAAAA,CAAOlB,CAAC,EAAEmB,IAAS,EAAElB,OAAO,KAAK;QAC1C,IAAI;UACA,IAAAe,0CAAoB,EAACf,OAAO,CAAC;UAC7B,MAAM,CAACmB,OAAO,EAAEC,IAAI,CAAC,GAAG,MAAMpB,OAAO,CAACC,GAAG,CAACH,MAAM,CAACuB,IAAI,CAACH,IAAI,CAAC;UAC3D,OAAO,IAAII,uBAAY,CAACH,OAAO,EAAEC,IAAI,CAAC;QAC1C,CAAC,CAAC,OAAOG,CAAC,EAAE;UACR,OAAO,IAAIC,wBAAa,CAACD,CAAC,CAAC;QAC/B;MACJ,CAAC;MACDE,iCAAiC,EAAE,MAAAA,CAAO1B,CAAC,EAAEmB,IAAS,EAAElB,OAAO,KAAK;QAChE,IAAI;UACA,IAAAe,0CAAoB,EAACf,OAAO,CAAC;UAC7B,MAAM,CAACmB,OAAO,EAAEC,IAAI,CAAC,GACjB,MAAMpB,OAAO,CAACC,GAAG,CAACH,MAAM,CAAC2B,iCAAiC,CAAC,CAAC;UAChE,OAAO,IAAIH,uBAAY,CAACH,OAAO,EAAEC,IAAI,CAAC;QAC1C,CAAC,CAAC,OAAOG,CAAC,EAAE;UACR,OAAO,IAAIC,wBAAa,CAACD,CAAC,CAAC;QAC/B;MACJ;IACJ,CAAC;IACDG,WAAW,EAAE;MACTC,YAAY,EAAE,MAAAA,CAAO5B,CAAC,EAAE;QAAE6B;MAAK,CAAC,EAAE5B,OAAO,KAAK;QAC1C,OAAO,IAAAc,gBAAO,EAAC,MAAM;UACjB,IAAAC,0CAAoB,EAACf,OAAO,CAAC;UAC7B,OAAOA,OAAO,CAACC,GAAG,CAACH,MAAM,CAAC+B,MAAM,CAACD,IAAI,CAAC;QAC1C,CAAC,CAAC;MACN,CAAC;MACDE,YAAY,EAAE,MAAAA,CAAO/B,CAAC,EAAE;QAAEc,EAAE;QAAEe;MAAK,CAAC,EAAE5B,OAAO,KAAK;QAC9C,OAAO,IAAAc,gBAAO,EAAC,MAAM;UACjB,IAAAC,0CAAoB,EAACf,OAAO,CAAC;UAC7B,OAAOA,OAAO,CAACC,GAAG,CAACH,MAAM,CAACiC,MAAM,CAAClB,EAAE,EAAEe,IAAI,CAAC;QAC9C,CAAC,CAAC;MACN,CAAC;MACDI,YAAY,EAAE,MAAAA,CAAOjC,CAAC,EAAE;QAAEc;MAAG,CAAC,EAAEb,OAAO,KAAK;QACxC,OAAO,IAAAc,gBAAO,EAAC,MAAM;UACjB,IAAAC,0CAAoB,EAACf,OAAO,CAAC;UAC7B,OAAOA,OAAO,CAACC,GAAG,CAACH,MAAM,CAACmC,MAAM,CAACpB,EAAE,CAAC;QACxC,CAAC,CAAC;MACN;IACJ;EACJ;AACJ,CAAC,CAAC;AAACqB,OAAA,CAAA1C,YAAA,GAAAA,YAAA"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@webiny/api-aco",
3
- "version": "5.38.0-beta.1",
3
+ "version": "5.38.0-beta.3",
4
4
  "main": "index.js",
5
5
  "keywords": [
6
6
  "aco:base"
@@ -23,18 +23,18 @@
23
23
  },
24
24
  "dependencies": {
25
25
  "@ungap/structured-clone": "1.2.0",
26
- "@webiny/api": "5.38.0-beta.1",
27
- "@webiny/api-authentication": "5.38.0-beta.1",
28
- "@webiny/api-headless-cms": "5.38.0-beta.1",
29
- "@webiny/api-i18n": "5.38.0-beta.1",
30
- "@webiny/api-security": "5.38.0-beta.1",
31
- "@webiny/api-tenancy": "5.38.0-beta.1",
32
- "@webiny/error": "5.38.0-beta.1",
33
- "@webiny/handler": "5.38.0-beta.1",
34
- "@webiny/handler-graphql": "5.38.0-beta.1",
35
- "@webiny/pubsub": "5.38.0-beta.1",
36
- "@webiny/utils": "5.38.0-beta.1",
37
- "@webiny/validation": "5.38.0-beta.1",
26
+ "@webiny/api": "5.38.0-beta.3",
27
+ "@webiny/api-authentication": "5.38.0-beta.3",
28
+ "@webiny/api-headless-cms": "5.38.0-beta.3",
29
+ "@webiny/api-i18n": "5.38.0-beta.3",
30
+ "@webiny/api-security": "5.38.0-beta.3",
31
+ "@webiny/api-tenancy": "5.38.0-beta.3",
32
+ "@webiny/error": "5.38.0-beta.3",
33
+ "@webiny/handler": "5.38.0-beta.3",
34
+ "@webiny/handler-graphql": "5.38.0-beta.3",
35
+ "@webiny/pubsub": "5.38.0-beta.3",
36
+ "@webiny/utils": "5.38.0-beta.3",
37
+ "@webiny/validation": "5.38.0-beta.3",
38
38
  "lodash": "4.17.21"
39
39
  },
40
40
  "devDependencies": {
@@ -44,22 +44,22 @@
44
44
  "@babel/preset-typescript": "7.22.5",
45
45
  "@babel/runtime": "7.22.6",
46
46
  "@types/ungap__structured-clone": "0.3.0",
47
- "@webiny/api-admin-users": "5.38.0-beta.1",
48
- "@webiny/api-file-manager": "5.38.0-beta.1",
49
- "@webiny/api-i18n-ddb": "5.38.0-beta.1",
50
- "@webiny/api-security-so-ddb": "5.38.0-beta.1",
51
- "@webiny/api-tenancy-so-ddb": "5.38.0-beta.1",
52
- "@webiny/api-wcp": "5.38.0-beta.1",
53
- "@webiny/cli": "5.38.0-beta.1",
54
- "@webiny/handler-aws": "5.38.0-beta.1",
55
- "@webiny/plugins": "5.38.0-beta.1",
56
- "@webiny/project-utils": "5.38.0-beta.1",
57
- "@webiny/wcp": "5.38.0-beta.1",
47
+ "@webiny/api-admin-users": "5.38.0-beta.3",
48
+ "@webiny/api-file-manager": "5.38.0-beta.3",
49
+ "@webiny/api-i18n-ddb": "5.38.0-beta.3",
50
+ "@webiny/api-security-so-ddb": "5.38.0-beta.3",
51
+ "@webiny/api-tenancy-so-ddb": "5.38.0-beta.3",
52
+ "@webiny/api-wcp": "5.38.0-beta.3",
53
+ "@webiny/cli": "5.38.0-beta.3",
54
+ "@webiny/handler-aws": "5.38.0-beta.3",
55
+ "@webiny/plugins": "5.38.0-beta.3",
56
+ "@webiny/project-utils": "5.38.0-beta.3",
57
+ "@webiny/wcp": "5.38.0-beta.3",
58
58
  "graphql": "15.8.0",
59
59
  "prettier": "2.8.8",
60
60
  "rimraf": "3.0.2",
61
61
  "ttypescript": "1.5.15",
62
62
  "typescript": "4.7.4"
63
63
  },
64
- "gitHead": "6daf38d3ed0c029a8fea005c2b6246e5b325a09c"
64
+ "gitHead": "fa1befb07e92cfe36928481333308d88c3348d6b"
65
65
  }
package/utils/FolderLevelPermissions.d.ts CHANGED
@@ -58,6 +58,7 @@ export declare class FolderLevelPermissions {
58
58
  ensureCanAccessFolder(params: CanAccessFolderParams): Promise<void>;
59
59
  canManageFolderPermissions(folder: Folder): false | Promise<boolean>;
60
60
  canManageFolderStructure(folder: Folder): true | Promise<boolean>;
61
+ canManageFolderContent(folder: Folder): true | Promise<boolean>;
61
62
  canAccessFolderContent(params: CanAccessFolderContentParams): Promise<boolean>;
62
63
  ensureCanAccessFolderContent(params: CanAccessFolderContentParams): Promise<void>;
63
64
  canCreateFolderInRoot(): Promise<boolean>;
package/utils/FolderLevelPermissions.js CHANGED
@@ -185,13 +185,9 @@ class FolderLevelPermissions {
185
185
  return folderPermissionsList.find(fp => fp.folderId === folder.id);
186
186
  }
187
187
  async canAccessFolder(params) {
188
- var _folderPermissions$pe;
189
188
  if (!this.canUseFolderLevelPermissions()) {
190
189
  return true;
191
190
  }
192
- if (params.managePermissions && params.rwd !== "w") {
193
- throw new Error(`Cannot check for "managePermissions" access without "w" access.`);
194
- }
195
191
  const {
196
192
  folder
197
193
  } = params;
@@ -217,36 +213,26 @@ class FolderLevelPermissions {
217
213
  folder,
218
214
  foldersList: params.foldersList
219
215
  });
220
-
221
- // If dealing with a public folder, we only care if we're checking for "managePermissions" access.
222
- // If we are, we can return false, because public folders cannot have permissions managed.
223
- const isPublicFolder = folderPermissions === null || folderPermissions === void 0 ? void 0 : folderPermissions.permissions.some(p => p.level === "public");
224
- if (isPublicFolder) {
225
- return !params.managePermissions;
226
- }
227
216
  const identity = this.getIdentity();
228
- const userAccessLevel = folderPermissions === null || folderPermissions === void 0 || (_folderPermissions$pe = folderPermissions.permissions.find(p => p.target === "admin:" + identity.id)) === null || _folderPermissions$pe === void 0 ? void 0 : _folderPermissions$pe.level;
229
- let teamAccessLevel;
230
- if (this.canUseTeams()) {
231
- const identityTeam = await this.getIdentityTeam();
232
- if (identityTeam) {
233
- var _folderPermissions$pe2;
234
- teamAccessLevel = folderPermissions === null || folderPermissions === void 0 || (_folderPermissions$pe2 = folderPermissions.permissions.find(p => p.target === "team:" + identityTeam.id)) === null || _folderPermissions$pe2 === void 0 ? void 0 : _folderPermissions$pe2.level;
235
- }
217
+ const currentIdentityPermission = folderPermissions === null || folderPermissions === void 0 ? void 0 : folderPermissions.permissions.find(p => {
218
+ return p.target === `admin:${identity.id}`;
219
+ });
220
+ if (!currentIdentityPermission) {
221
+ return false;
236
222
  }
237
- const accessLevels = [userAccessLevel, teamAccessLevel].filter(Boolean);
238
- if (params.rwd !== "r") {
239
- return accessLevels.includes("owner");
223
+ const {
224
+ level
225
+ } = currentIdentityPermission;
226
+ if (params.managePermissions) {
227
+ return level === "owner";
240
228
  }
241
229
 
242
- // If we are here, it means we are checking for "read" access.
243
- // For starters, let's check if the user has any access level.
244
- if (accessLevels.length > 0) {
245
- return true;
230
+ // Checking for "write" or "delete" access. Allow only if the
231
+ // user is an owner or the folder is public (no FLP assigned).
232
+ if (params.rwd !== "r") {
233
+ return level === "owner" || level === "public";
246
234
  }
247
-
248
- // No conditions were met, so we can return false.
249
- return false;
235
+ return true;
250
236
  }
251
237
  async ensureCanAccessFolder(params) {
252
238
  const canAccessFolder = await this.canAccessFolder(params);
@@ -273,8 +259,16 @@ class FolderLevelPermissions {
273
259
  rwd: "w"
274
260
  });
275
261
  }
262
+ canManageFolderContent(folder) {
263
+ if (!this.canUseFolderLevelPermissions()) {
264
+ return true;
265
+ }
266
+ return this.canAccessFolderContent({
267
+ folder,
268
+ rwd: "w"
269
+ });
270
+ }
276
271
  async canAccessFolderContent(params) {
277
- var _folderPermissions$pe3;
278
272
  if (!this.canUseFolderLevelPermissions()) {
279
273
  return true;
280
274
  }
@@ -286,39 +280,23 @@ class FolderLevelPermissions {
286
280
  folder,
287
281
  foldersList
288
282
  });
289
-
290
- // If dealing with a public folder, we only care if we're checking for "managePermissions" access.
291
- // If we are, we can return false, because public folders cannot have permissions managed.
292
- const isPublicFolder = folderPermissions === null || folderPermissions === void 0 ? void 0 : folderPermissions.permissions.some(p => p.level === "public");
293
- if (isPublicFolder) {
294
- return true;
295
- }
296
283
  const identity = this.getIdentity();
297
- const userAccessLevel = folderPermissions === null || folderPermissions === void 0 || (_folderPermissions$pe3 = folderPermissions.permissions.find(p => p.target === "admin:" + identity.id)) === null || _folderPermissions$pe3 === void 0 ? void 0 : _folderPermissions$pe3.level;
298
- let teamAccessLevel;
299
- if (this.canUseTeams()) {
300
- const identityTeam = await this.getIdentityTeam();
301
- if (identityTeam) {
302
- var _folderPermissions$pe4;
303
- teamAccessLevel = folderPermissions === null || folderPermissions === void 0 || (_folderPermissions$pe4 = folderPermissions.permissions.find(p => p.target === "team:" + identityTeam.id)) === null || _folderPermissions$pe4 === void 0 ? void 0 : _folderPermissions$pe4.level;
304
- }
284
+ const currentIdentityPermission = folderPermissions === null || folderPermissions === void 0 ? void 0 : folderPermissions.permissions.find(p => {
285
+ return p.target === `admin:${identity.id}`;
286
+ });
287
+ if (!currentIdentityPermission) {
288
+ return false;
305
289
  }
306
- const accessLevels = [userAccessLevel, teamAccessLevel].filter(Boolean);
307
290
 
308
291
  // If the user is not an owner and we're checking for "write" or
309
292
  // "delete" access, then we can immediately return false.
310
293
  if (params.rwd !== "r") {
311
- return accessLevels.includes("owner") || accessLevels.includes("editor");
312
- }
313
-
314
- // If we are here, it means we are checking for "read" access.
315
- // For starters, let's check if the user has any access level.
316
- if (accessLevels.length > 0) {
317
- return true;
294
+ const {
295
+ level
296
+ } = currentIdentityPermission;
297
+ return level !== "viewer";
318
298
  }
319
-
320
- // No conditions were met, so we can return false.
321
- return false;
299
+ return true;
322
300
  }
323
301
  async ensureCanAccessFolderContent(params) {
324
302
  const canAccessFolderContent = await this.canAccessFolderContent(params);
package/utils/FolderLevelPermissions.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["_apiSecurity","require","_structuredClone","_interopRequireDefault","FolderLevelPermissions","constructor","params","_defineProperty2","default","getIdentity","getIdentityTeam","listPermissions","listAllFoldersCallback","listAllFolders","canUseTeams","canUseFolderLevelPermissions","folderType","allFolders","structuredClone","listAllFoldersWithPermissions","folders","filteredFoldersWithPermissions","filterFolders","rwd","assignFolderPermissions","invalidateCache","listFoldersPermissions","foldersList","identity","permissions","identityTeam","processedFolderPermissions","processFolderPermissions","folder","_folder$permissions","some","fp","folderId","id","currentFolderPermissions","map","permission","_objectSpread2","parentId","parentFolder","find","f","processedParentFolderPermissions","isPublicParentFolder","p","level","mustInherit","length","inheritedPermissions","inheritedFrom","push","currentIdentityIncludedInPermissions","target","currentIdentityPermissionIndex","findIndex","currentIdentityPermission","splice","unshift","hasFullAccess","name","teamPermission","mustAddPublicPermission","i","getFolderPermissions","folderPermissionsList","type","canAccessFolder","_folderPermissions$pe","managePermissions","Error","canAccessParentFolder","folderPermissions","isPublicFolder","userAccessLevel","teamAccessLevel","_folderPermissions$pe2","accessLevels","filter","Boolean","includes","ensureCanAccessFolder","NotAuthorizedError","canManageFolderPermissions","canManageFolderStructure","canAccessFolderContent","_folderPermissions$pe3","_folderPermissions$pe4","ensureCanAccessFolderContent","canCreateFolderInRoot","filteredFolders","Array","isArray","permissionsIncludeNonInheritedPermissions","exports"],"sources":["FolderLevelPermissions.ts"],"sourcesContent":["import { Authentication } from \"@webiny/api-authentication/types\";\nimport { SecurityPermission, Team } from \"@webiny/api-security/types\";\nimport { Folder } from \"~/folder/folder.types\";\nimport { NotAuthorizedError } from \"@webiny/api-security\";\nimport structuredClone from \"@ungap/structured-clone\";\n\nexport type FolderAccessLevel = \"owner\" | \"viewer\" | \"editor\" | \"public\";\n\nexport interface FolderPermission {\n target: string;\n level: FolderAccessLevel;\n inheritedFrom?: string;\n}\n\nexport interface FolderPermissionsListItem {\n folderId: string;\n permissions: FolderPermission[];\n}\n\nexport type FolderPermissionsList = FolderPermissionsListItem[];\n\nexport interface CanAccessFolderContentParams {\n folder: Pick<Folder, \"id\" | \"type\" | \"parentId\">;\n rwd?: \"r\" | \"w\" | \"d\";\n foldersList?: Folder[];\n}\n\nexport interface CanAccessFolderParams extends CanAccessFolderContentParams {\n managePermissions?: boolean;\n}\n\ninterface FilterFoldersParams {\n folders: Array<Folder>;\n rwd?: \"r\" | \"w\" | \"d\";\n}\n\ninterface GetFolderPermissionsParams {\n folder: Pick<Folder, \"id\" | \"type\">;\n foldersList?: Folder[];\n}\n\ninterface ListFolderPermissionsParams {\n folderType: string;\n foldersList?: Folder[];\n}\n\nexport interface FolderLevelPermissionsParams {\n getIdentity: Authentication[\"getIdentity\"];\n getIdentityTeam: () => Promise<Team | null>;\n listPermissions: () => Promise<SecurityPermission[]>;\n listAllFolders: (folderType: string) => Promise<Folder[]>;\n canUseTeams: () => boolean;\n canUseFolderLevelPermissions: () => boolean;\n}\n\nexport class FolderLevelPermissions {\n private readonly getIdentity: Authentication[\"getIdentity\"];\n private readonly getIdentityTeam: () => Promise<Team | null>;\n private readonly listPermissions: () => Promise<SecurityPermission[]>;\n private readonly listAllFoldersCallback: (folderType: string) => Promise<Folder[]>;\n private readonly canUseTeams: () => boolean;\n private readonly canUseFolderLevelPermissions: () => boolean;\n private allFolders: Record<string, Folder[]> = {};\n\n constructor(params: FolderLevelPermissionsParams) {\n this.getIdentity = params.getIdentity;\n this.getIdentityTeam = params.getIdentityTeam;\n this.listPermissions = params.listPermissions;\n this.listAllFoldersCallback = params.listAllFolders;\n this.canUseTeams = params.canUseTeams;\n this.canUseFolderLevelPermissions = params.canUseFolderLevelPermissions;\n }\n\n async listAllFolders(folderType: string): Promise<Folder[]> {\n if (folderType in this.allFolders) {\n return structuredClone(this.allFolders[folderType]);\n }\n\n this.allFolders[folderType] = await this.listAllFoldersCallback(folderType);\n return structuredClone(this.allFolders[folderType]);\n }\n\n async listAllFoldersWithPermissions(folderType: string) {\n const folders = await this.listAllFolders(folderType);\n\n // Filter folders based on permissions and assign permissions to each folder.\n const filteredFoldersWithPermissions = await this.filterFolders({\n folders,\n rwd: \"r\"\n });\n\n await this.assignFolderPermissions(filteredFoldersWithPermissions);\n\n return filteredFoldersWithPermissions;\n }\n\n invalidateCache(folderType?: string) {\n if (folderType) {\n if (folderType in this.allFolders) {\n delete this.allFolders[folderType];\n }\n } else {\n this.allFolders = {};\n }\n }\n\n async listFoldersPermissions(\n params: ListFolderPermissionsParams\n ): Promise<FolderPermissionsList> {\n if (!this.canUseFolderLevelPermissions()) {\n return [];\n }\n\n const { folderType, foldersList } = params;\n\n const allFolders = foldersList || (await this.listAllFolders(folderType));\n const identity = this.getIdentity();\n const permissions = await this.listPermissions();\n\n let identityTeam: Team | null;\n if (this.canUseTeams()) {\n identityTeam = await this.getIdentityTeam();\n }\n\n const processedFolderPermissions: FolderPermissionsListItem[] = [];\n\n const processFolderPermissions = (folder: Folder) => {\n if (processedFolderPermissions.some(fp => fp.folderId === folder.id)) {\n return;\n }\n\n // Copy permissions, so we don't modify the original object.\n const currentFolderPermissions: FolderPermissionsListItem = {\n folderId: folder.id,\n // On new folders, permissions can be `null`. Guard against that.\n permissions: folder.permissions?.map(permission => ({ ...permission })) || []\n };\n\n // Check for permissions inherited from parent folder.\n if (folder.parentId) {\n const parentFolder = allFolders!.find(f => f.id === folder.parentId)!;\n if (parentFolder) {\n // First check if the parent folder has already been processed.\n let processedParentFolderPermissions = processedFolderPermissions.find(\n fp => fp.folderId === parentFolder.id\n );\n\n // If not, process the parent folder.\n if (!processedParentFolderPermissions) {\n processFolderPermissions(parentFolder);\n processedParentFolderPermissions = processedFolderPermissions.find(\n fp => fp.folderId === folder.parentId\n );\n }\n\n // If the parent folder has permissions, let's add them to the current folder.\n if (processedParentFolderPermissions) {\n const isPublicParentFolder =\n processedParentFolderPermissions.permissions.some(\n p => p.level === \"public\"\n );\n\n // We inherit parent permissions if:\n // 1. the parent folder is not public or...\n // 2. ...the parent folder is public, but the current folder doesn't have any permissions set\n const mustInherit =\n !isPublicParentFolder ||\n currentFolderPermissions.permissions.length === 0;\n\n if (mustInherit) {\n const inheritedPermissions =\n processedParentFolderPermissions.permissions.map(p => {\n return {\n ...p,\n inheritedFrom:\n \"parent:\" + processedParentFolderPermissions!.folderId\n };\n });\n\n currentFolderPermissions.permissions.push(...inheritedPermissions);\n }\n }\n }\n }\n\n // Let's ensure current identity's permission is included in the permissions array.\n // We first check if the current identity is already included in the permissions array.\n // If not, we check if the user has full access or if the team user belongs to has access.\n const currentIdentityIncludedInPermissions = currentFolderPermissions.permissions.some(\n p => p.target === `admin:${identity.id}`\n );\n\n if (currentIdentityIncludedInPermissions) {\n // Ensure existing identity permission is always the first one in the array.\n const currentIdentityPermissionIndex =\n currentFolderPermissions.permissions.findIndex(\n p => p.target === `admin:${identity.id}`\n );\n\n if (currentIdentityPermissionIndex > 0) {\n const [currentIdentityPermission] = currentFolderPermissions.permissions.splice(\n currentIdentityPermissionIndex,\n 1\n );\n currentFolderPermissions.permissions.unshift(currentIdentityPermission);\n }\n } else {\n // Current identity not included in permissions? Let's add it.\n let currentIdentityPermission: FolderPermission | null = null;\n\n // 1. Check if the user has full access.\n const hasFullAccess = permissions.some(p => p.name === \"*\");\n if (hasFullAccess) {\n currentIdentityPermission = {\n target: `admin:${identity.id}`,\n level: \"owner\",\n inheritedFrom: \"role:full-access\"\n };\n } else if (identityTeam) {\n // 2. Check the team user belongs to grants access to the folder.\n const teamPermission = currentFolderPermissions.permissions.find(\n p => p.target === `team:${identityTeam!.id}`\n );\n\n if (teamPermission) {\n currentIdentityPermission = {\n target: `admin:${identity.id}`,\n level: teamPermission.level,\n inheritedFrom: \"team:\" + identityTeam!.id\n };\n }\n }\n\n if (currentIdentityPermission) {\n // If permission is found, let's add it to the beginning of the array.\n // We're doing this just because it looks nicer in the UI.\n currentFolderPermissions.permissions.unshift(currentIdentityPermission);\n }\n }\n\n // Note that this can only happen with root folders. All other (child) folders will\n // always have at least one permission (inherited from parent).\n const mustAddPublicPermission = currentFolderPermissions.permissions.length === 0;\n if (mustAddPublicPermission) {\n currentFolderPermissions.permissions = [\n {\n target: `admin:${identity.id}`,\n level: \"public\",\n inheritedFrom: \"public\"\n }\n ];\n }\n\n processedFolderPermissions.push(currentFolderPermissions);\n };\n\n for (let i = 0; i < allFolders!.length; i++) {\n const folder = allFolders![i];\n processFolderPermissions(folder);\n }\n\n return processedFolderPermissions;\n }\n\n async getFolderPermissions(\n params: GetFolderPermissionsParams\n ): Promise<FolderPermissionsListItem | undefined> {\n const { folder, foldersList } = params;\n const folderPermissionsList = await this.listFoldersPermissions({\n folderType: folder.type,\n foldersList\n });\n\n return folderPermissionsList.find(fp => fp.folderId === folder.id);\n }\n\n async canAccessFolder(params: CanAccessFolderParams) {\n if (!this.canUseFolderLevelPermissions()) {\n return true;\n }\n\n if (params.managePermissions && params.rwd !== \"w\") {\n throw new Error(`Cannot check for \"managePermissions\" access without \"w\" access.`);\n }\n\n const { folder } = params;\n\n // We check for parent folder access first because the passed folder should be\n // inaccessible if the parent folder is inaccessible.\n if (folder.parentId) {\n let foldersList = params.foldersList;\n if (!foldersList) {\n foldersList = await this.listAllFolders(folder.type);\n }\n\n const parentFolder = foldersList.find(f => f.id === folder.parentId);\n if (parentFolder) {\n const canAccessParentFolder = await this.canAccessFolder({\n ...params,\n folder: parentFolder\n });\n\n if (!canAccessParentFolder) {\n return false;\n }\n }\n }\n\n const folderPermissions = await this.getFolderPermissions({\n folder,\n foldersList: params.foldersList\n });\n\n // If dealing with a public folder, we only care if we're checking for \"managePermissions\" access.\n // If we are, we can return false, because public folders cannot have permissions managed.\n const isPublicFolder = folderPermissions?.permissions.some(p => p.level === \"public\");\n if (isPublicFolder) {\n return !params.managePermissions;\n }\n\n const identity = this.getIdentity();\n\n const userAccessLevel = folderPermissions?.permissions.find(\n p => p.target === \"admin:\" + identity.id\n )?.level;\n\n let teamAccessLevel: FolderAccessLevel | undefined;\n\n if (this.canUseTeams()) {\n const identityTeam = await this.getIdentityTeam();\n if (identityTeam) {\n teamAccessLevel = folderPermissions?.permissions.find(\n p => p.target === \"team:\" + identityTeam.id\n )?.level;\n }\n }\n\n const accessLevels = [userAccessLevel, teamAccessLevel].filter(Boolean);\n\n if (params.rwd !== \"r\") {\n return accessLevels.includes(\"owner\");\n }\n\n // If we are here, it means we are checking for \"read\" access.\n // For starters, let's check if the user has any access level.\n if (accessLevels.length > 0) {\n return true;\n }\n\n // No conditions were met, so we can return false.\n return false;\n }\n\n async ensureCanAccessFolder(params: CanAccessFolderParams) {\n const canAccessFolder = await this.canAccessFolder(params);\n if (!canAccessFolder) {\n throw new NotAuthorizedError();\n }\n }\n\n canManageFolderPermissions(folder: Folder) {\n if (!this.canUseFolderLevelPermissions()) {\n return false;\n }\n\n return this.canAccessFolder({ folder, rwd: \"w\", managePermissions: true });\n }\n\n canManageFolderStructure(folder: Folder) {\n if (!this.canUseFolderLevelPermissions()) {\n return true;\n }\n\n return this.canAccessFolder({ folder, rwd: \"w\" });\n }\n\n async canAccessFolderContent(params: CanAccessFolderContentParams) {\n if (!this.canUseFolderLevelPermissions()) {\n return true;\n }\n\n const { folder, foldersList } = params;\n\n const folderPermissions = await this.getFolderPermissions({\n folder,\n foldersList\n });\n\n // If dealing with a public folder, we only care if we're checking for \"managePermissions\" access.\n // If we are, we can return false, because public folders cannot have permissions managed.\n const isPublicFolder = folderPermissions?.permissions.some(p => p.level === \"public\");\n if (isPublicFolder) {\n return true;\n }\n\n const identity = this.getIdentity();\n\n const userAccessLevel = folderPermissions?.permissions.find(\n p => p.target === \"admin:\" + identity.id\n )?.level;\n\n let teamAccessLevel: FolderAccessLevel | undefined;\n if (this.canUseTeams()) {\n const identityTeam = await this.getIdentityTeam();\n if (identityTeam) {\n teamAccessLevel = folderPermissions?.permissions.find(\n p => p.target === \"team:\" + identityTeam.id\n )?.level;\n }\n }\n\n const accessLevels = [userAccessLevel, teamAccessLevel].filter(Boolean);\n\n // If the user is not an owner and we're checking for \"write\" or\n // \"delete\" access, then we can immediately return false.\n if (params.rwd !== \"r\") {\n return accessLevels.includes(\"owner\") || accessLevels.includes(\"editor\");\n }\n\n // If we are here, it means we are checking for \"read\" access.\n // For starters, let's check if the user has any access level.\n if (accessLevels.length > 0) {\n return true;\n }\n\n // No conditions were met, so we can return false.\n return false;\n }\n\n async ensureCanAccessFolderContent(params: CanAccessFolderContentParams) {\n const canAccessFolderContent = await this.canAccessFolderContent(params);\n if (!canAccessFolderContent) {\n throw new NotAuthorizedError();\n }\n }\n\n async canCreateFolderInRoot() {\n return true;\n }\n\n async filterFolders(params: FilterFoldersParams) {\n const filteredFolders: Folder[] = [];\n\n const { folders, rwd } = params;\n for (let i = 0; i < folders.length; i++) {\n const folder = folders[i];\n const canAccessFolder = await this.canAccessFolder({ folder, rwd });\n if (canAccessFolder) {\n filteredFolders.push(folder);\n }\n }\n\n return filteredFolders;\n }\n\n async assignFolderPermissions(folder: Folder | Folder[]) {\n const folders = Array.isArray(folder) ? folder : [folder];\n\n for (let i = 0; i < folders.length; i++) {\n const folder = folders[i];\n const folderPermissions = await this.getFolderPermissions({ folder });\n if (folderPermissions) {\n folder.permissions = folderPermissions.permissions;\n } else {\n folder.permissions = [];\n }\n }\n }\n\n permissionsIncludeNonInheritedPermissions(folderPermissionsList?: FolderPermission[]) {\n return folderPermissionsList?.some(p => !p.inheritedFrom);\n }\n}\n"],"mappings":";;;;;;;;;AAGA,IAAAA,YAAA,GAAAC,OAAA;AACA,IAAAC,gBAAA,GAAAC,sBAAA,CAAAF,OAAA;AAmDO,MAAMG,sBAAsB,CAAC;EAShCC,WAAWA,CAACC,MAAoC,EAAE;IAAA,IAAAC,gBAAA,CAAAC,OAAA;IAAA,IAAAD,gBAAA,CAAAC,OAAA;IAAA,IAAAD,gBAAA,CAAAC,OAAA;IAAA,IAAAD,gBAAA,CAAAC,OAAA;IAAA,IAAAD,gBAAA,CAAAC,OAAA;IAAA,IAAAD,gBAAA,CAAAC,OAAA;IAAA,IAAAD,gBAAA,CAAAC,OAAA,sBAFH,CAAC,CAAC;IAG7C,IAAI,CAACC,WAAW,GAAGH,MAAM,CAACG,WAAW;IACrC,IAAI,CAACC,eAAe,GAAGJ,MAAM,CAACI,eAAe;IAC7C,IAAI,CAACC,eAAe,GAAGL,MAAM,CAACK,eAAe;IAC7C,IAAI,CAACC,sBAAsB,GAAGN,MAAM,CAACO,cAAc;IACnD,IAAI,CAACC,WAAW,GAAGR,MAAM,CAACQ,WAAW;IACrC,IAAI,CAACC,4BAA4B,GAAGT,MAAM,CAACS,4BAA4B;EAC3E;EAEA,MAAMF,cAAcA,CAACG,UAAkB,EAAqB;IACxD,IAAIA,UAAU,IAAI,IAAI,CAACC,UAAU,EAAE;MAC/B,OAAO,IAAAC,wBAAe,EAAC,IAAI,CAACD,UAAU,CAACD,UAAU,CAAC,CAAC;IACvD;IAEA,IAAI,CAACC,UAAU,CAACD,UAAU,CAAC,GAAG,MAAM,IAAI,CAACJ,sBAAsB,CAACI,UAAU,CAAC;IAC3E,OAAO,IAAAE,wBAAe,EAAC,IAAI,CAACD,UAAU,CAACD,UAAU,CAAC,CAAC;EACvD;EAEA,MAAMG,6BAA6BA,CAACH,UAAkB,EAAE;IACpD,MAAMI,OAAO,GAAG,MAAM,IAAI,CAACP,cAAc,CAACG,UAAU,CAAC;;IAErD;IACA,MAAMK,8BAA8B,GAAG,MAAM,IAAI,CAACC,aAAa,CAAC;MAC5DF,OAAO;MACPG,GAAG,EAAE;IACT,CAAC,CAAC;IAEF,MAAM,IAAI,CAACC,uBAAuB,CAACH,8BAA8B,CAAC;IAElE,OAAOA,8BAA8B;EACzC;EAEAI,eAAeA,CAACT,UAAmB,EAAE;IACjC,IAAIA,UAAU,EAAE;MACZ,IAAIA,UAAU,IAAI,IAAI,CAACC,UAAU,EAAE;QAC/B,OAAO,IAAI,CAACA,UAAU,CAACD,UAAU,CAAC;MACtC;IACJ,CAAC,MAAM;MACH,IAAI,CAACC,UAAU,GAAG,CAAC,CAAC;IACxB;EACJ;EAEA,MAAMS,sBAAsBA,CACxBpB,MAAmC,EACL;IAC9B,IAAI,CAAC,IAAI,CAACS,4BAA4B,CAAC,CAAC,EAAE;MACtC,OAAO,EAAE;IACb;IAEA,MAAM;MAAEC,UAAU;MAAEW;IAAY,CAAC,GAAGrB,MAAM;IAE1C,MAAMW,UAAU,GAAGU,WAAW,KAAK,MAAM,IAAI,CAACd,cAAc,CAACG,UAAU,CAAC,CAAC;IACzE,MAAMY,QAAQ,GAAG,IAAI,CAACnB,WAAW,CAAC,CAAC;IACnC,MAAMoB,WAAW,GAAG,MAAM,IAAI,CAAClB,eAAe,CAAC,CAAC;IAEhD,IAAImB,YAAyB;IAC7B,IAAI,IAAI,CAAChB,WAAW,CAAC,CAAC,EAAE;MACpBgB,YAAY,GAAG,MAAM,IAAI,CAACpB,eAAe,CAAC,CAAC;IAC/C;IAEA,MAAMqB,0BAAuD,GAAG,EAAE;IAElE,MAAMC,wBAAwB,GAAIC,MAAc,IAAK;MAAA,IAAAC,mBAAA;MACjD,IAAIH,0BAA0B,CAACI,IAAI,CAACC,EAAE,IAAIA,EAAE,CAACC,QAAQ,KAAKJ,MAAM,CAACK,EAAE,CAAC,EAAE;QAClE;MACJ;;MAEA;MACA,MAAMC,wBAAmD,GAAG;QACxDF,QAAQ,EAAEJ,MAAM,CAACK,EAAE;QACnB;QACAT,WAAW,EAAE,EAAAK,mBAAA,GAAAD,MAAM,CAACJ,WAAW,cAAAK,mBAAA,uBAAlBA,mBAAA,CAAoBM,GAAG,CAACC,UAAU,QAAAC,cAAA,CAAAlC,OAAA,MAAUiC,UAAU,CAAG,CAAC,KAAI;MAC/E,CAAC;;MAED;MACA,IAAIR,MAAM,CAACU,QAAQ,EAAE;QACjB,MAAMC,YAAY,GAAG3B,UAAU,CAAE4B,IAAI,CAACC,CAAC,IAAIA,CAAC,CAACR,EAAE,KAAKL,MAAM,CAACU,QAAQ,CAAE;QACrE,IAAIC,YAAY,EAAE;UACd;UACA,IAAIG,gCAAgC,GAAGhB,0BAA0B,CAACc,IAAI,CAClET,EAAE,IAAIA,EAAE,CAACC,QAAQ,KAAKO,YAAY,CAACN,EACvC,CAAC;;UAED;UACA,IAAI,CAACS,gCAAgC,EAAE;YACnCf,wBAAwB,CAACY,YAAY,CAAC;YACtCG,gCAAgC,GAAGhB,0BAA0B,CAACc,IAAI,CAC9DT,EAAE,IAAIA,EAAE,CAACC,QAAQ,KAAKJ,MAAM,CAACU,QACjC,CAAC;UACL;;UAEA;UACA,IAAII,gCAAgC,EAAE;YAClC,MAAMC,oBAAoB,GACtBD,gCAAgC,CAAClB,WAAW,CAACM,IAAI,CAC7Cc,CAAC,IAAIA,CAAC,CAACC,KAAK,KAAK,QACrB,CAAC;;YAEL;YACA;YACA;YACA,MAAMC,WAAW,GACb,CAACH,oBAAoB,IACrBT,wBAAwB,CAACV,WAAW,CAACuB,MAAM,KAAK,CAAC;YAErD,IAAID,WAAW,EAAE;cACb,MAAME,oBAAoB,GACtBN,gCAAgC,CAAClB,WAAW,CAACW,GAAG,CAACS,CAAC,IAAI;gBAClD,WAAAP,cAAA,CAAAlC,OAAA,MAAAkC,cAAA,CAAAlC,OAAA,MACOyC,CAAC;kBACJK,aAAa,EACT,SAAS,GAAGP,gCAAgC,CAAEV;gBAAQ;cAElE,CAAC,CAAC;cAENE,wBAAwB,CAACV,WAAW,CAAC0B,IAAI,CAAC,GAAGF,oBAAoB,CAAC;YACtE;UACJ;QACJ;MACJ;;MAEA;MACA;MACA;MACA,MAAMG,oCAAoC,GAAGjB,wBAAwB,CAACV,WAAW,CAACM,IAAI,CAClFc,CAAC,IAAIA,CAAC,CAACQ,MAAM,KAAM,SAAQ7B,QAAQ,CAACU,EAAG,EAC3C,CAAC;MAED,IAAIkB,oCAAoC,EAAE;QACtC;QACA,MAAME,8BAA8B,GAChCnB,wBAAwB,CAACV,WAAW,CAAC8B,SAAS,CAC1CV,CAAC,IAAIA,CAAC,CAACQ,MAAM,KAAM,SAAQ7B,QAAQ,CAACU,EAAG,EAC3C,CAAC;QAEL,IAAIoB,8BAA8B,GAAG,CAAC,EAAE;UACpC,MAAM,CAACE,yBAAyB,CAAC,GAAGrB,wBAAwB,CAACV,WAAW,CAACgC,MAAM,CAC3EH,8BAA8B,EAC9B,CACJ,CAAC;UACDnB,wBAAwB,CAACV,WAAW,CAACiC,OAAO,CAACF,yBAAyB,CAAC;QAC3E;MACJ,CAAC,MAAM;QACH;QACA,IAAIA,yBAAkD,GAAG,IAAI;;QAE7D;QACA,MAAMG,aAAa,GAAGlC,WAAW,CAACM,IAAI,CAACc,CAAC,IAAIA,CAAC,CAACe,IAAI,KAAK,GAAG,CAAC;QAC3D,IAAID,aAAa,EAAE;UACfH,yBAAyB,GAAG;YACxBH,MAAM,EAAG,SAAQ7B,QAAQ,CAACU,EAAG,EAAC;YAC9BY,KAAK,EAAE,OAAO;YACdI,aAAa,EAAE;UACnB,CAAC;QACL,CAAC,MAAM,IAAIxB,YAAY,EAAE;UACrB;UACA,MAAMmC,cAAc,GAAG1B,wBAAwB,CAACV,WAAW,CAACgB,IAAI,CAC5DI,CAAC,IAAIA,CAAC,CAACQ,MAAM,KAAM,QAAO3B,YAAY,CAAEQ,EAAG,EAC/C,CAAC;UAED,IAAI2B,cAAc,EAAE;YAChBL,yBAAyB,GAAG;cACxBH,MAAM,EAAG,SAAQ7B,QAAQ,CAACU,EAAG,EAAC;cAC9BY,KAAK,EAAEe,cAAc,CAACf,KAAK;cAC3BI,aAAa,EAAE,OAAO,GAAGxB,YAAY,CAAEQ;YAC3C,CAAC;UACL;QACJ;QAEA,IAAIsB,yBAAyB,EAAE;UAC3B;UACA;UACArB,wBAAwB,CAACV,WAAW,CAACiC,OAAO,CAACF,yBAAyB,CAAC;QAC3E;MACJ;;MAEA;MACA;MACA,MAAMM,uBAAuB,GAAG3B,wBAAwB,CAACV,WAAW,CAACuB,MAAM,KAAK,CAAC;MACjF,IAAIc,uBAAuB,EAAE;QACzB3B,wBAAwB,CAACV,WAAW,GAAG,CACnC;UACI4B,MAAM,EAAG,SAAQ7B,QAAQ,CAACU,EAAG,EAAC;UAC9BY,KAAK,EAAE,QAAQ;UACfI,aAAa,EAAE;QACnB,CAAC,CACJ;MACL;MAEAvB,0BAA0B,CAACwB,IAAI,CAAChB,wBAAwB,CAAC;IAC7D,CAAC;IAED,KAAK,IAAI4B,CAAC,GAAG,CAAC,EAAEA,CAAC,GAAGlD,UAAU,CAAEmC,MAAM,EAAEe,CAAC,EAAE,EAAE;MACzC,MAAMlC,MAAM,GAAGhB,UAAU,CAAEkD,CAAC,CAAC;MAC7BnC,wBAAwB,CAACC,MAAM,CAAC;IACpC;IAEA,OAAOF,0BAA0B;EACrC;EAEA,MAAMqC,oBAAoBA,CACtB9D,MAAkC,EACY;IAC9C,MAAM;MAAE2B,MAAM;MAAEN;IAAY,CAAC,GAAGrB,MAAM;IACtC,MAAM+D,qBAAqB,GAAG,MAAM,IAAI,CAAC3C,sBAAsB,CAAC;MAC5DV,UAAU,EAAEiB,MAAM,CAACqC,IAAI;MACvB3C;IACJ,CAAC,CAAC;IAEF,OAAO0C,qBAAqB,CAACxB,IAAI,CAACT,EAAE,IAAIA,EAAE,CAACC,QAAQ,KAAKJ,MAAM,CAACK,EAAE,CAAC;EACtE;EAEA,MAAMiC,eAAeA,CAACjE,MAA6B,EAAE;IAAA,IAAAkE,qBAAA;IACjD,IAAI,CAAC,IAAI,CAACzD,4BAA4B,CAAC,CAAC,EAAE;MACtC,OAAO,IAAI;IACf;IAEA,IAAIT,MAAM,CAACmE,iBAAiB,IAAInE,MAAM,CAACiB,GAAG,KAAK,GAAG,EAAE;MAChD,MAAM,IAAImD,KAAK,CAAE,iEAAgE,CAAC;IACtF;IAEA,MAAM;MAAEzC;IAAO,CAAC,GAAG3B,MAAM;;IAEzB;IACA;IACA,IAAI2B,MAAM,CAACU,QAAQ,EAAE;MACjB,IAAIhB,WAAW,GAAGrB,MAAM,CAACqB,WAAW;MACpC,IAAI,CAACA,WAAW,EAAE;QACdA,WAAW,GAAG,MAAM,IAAI,CAACd,cAAc,CAACoB,MAAM,CAACqC,IAAI,CAAC;MACxD;MAEA,MAAM1B,YAAY,GAAGjB,WAAW,CAACkB,IAAI,CAACC,CAAC,IAAIA,CAAC,CAACR,EAAE,KAAKL,MAAM,CAACU,QAAQ,CAAC;MACpE,IAAIC,YAAY,EAAE;QACd,MAAM+B,qBAAqB,GAAG,MAAM,IAAI,CAACJ,eAAe,KAAA7B,cAAA,CAAAlC,OAAA,MAAAkC,cAAA,CAAAlC,OAAA,MACjDF,MAAM;UACT2B,MAAM,EAAEW;QAAY,EACvB,CAAC;QAEF,IAAI,CAAC+B,qBAAqB,EAAE;UACxB,OAAO,KAAK;QAChB;MACJ;IACJ;IAEA,MAAMC,iBAAiB,GAAG,MAAM,IAAI,CAACR,oBAAoB,CAAC;MACtDnC,MAAM;MACNN,WAAW,EAAErB,MAAM,CAACqB;IACxB,CAAC,CAAC;;IAEF;IACA;IACA,MAAMkD,cAAc,GAAGD,iBAAiB,aAAjBA,iBAAiB,uBAAjBA,iBAAiB,CAAE/C,WAAW,CAACM,IAAI,CAACc,CAAC,IAAIA,CAAC,CAACC,KAAK,KAAK,QAAQ,CAAC;IACrF,IAAI2B,cAAc,EAAE;MAChB,OAAO,CAACvE,MAAM,CAACmE,iBAAiB;IACpC;IAEA,MAAM7C,QAAQ,GAAG,IAAI,CAACnB,WAAW,CAAC,CAAC;IAEnC,MAAMqE,eAAe,GAAGF,iBAAiB,aAAjBA,iBAAiB,gBAAAJ,qBAAA,GAAjBI,iBAAiB,CAAE/C,WAAW,CAACgB,IAAI,CACvDI,CAAC,IAAIA,CAAC,CAACQ,MAAM,KAAK,QAAQ,GAAG7B,QAAQ,CAACU,EAC1C,CAAC,cAAAkC,qBAAA,uBAFuBA,qBAAA,CAErBtB,KAAK;IAER,IAAI6B,eAA8C;IAElD,IAAI,IAAI,CAACjE,WAAW,CAAC,CAAC,EAAE;MACpB,MAAMgB,YAAY,GAAG,MAAM,IAAI,CAACpB,eAAe,CAAC,CAAC;MACjD,IAAIoB,YAAY,EAAE;QAAA,IAAAkD,sBAAA;QACdD,eAAe,GAAGH,iBAAiB,aAAjBA,iBAAiB,gBAAAI,sBAAA,GAAjBJ,iBAAiB,CAAE/C,WAAW,CAACgB,IAAI,CACjDI,CAAC,IAAIA,CAAC,CAACQ,MAAM,KAAK,OAAO,GAAG3B,YAAY,CAACQ,EAC7C,CAAC,cAAA0C,sBAAA,uBAFiBA,sBAAA,CAEf9B,KAAK;MACZ;IACJ;IAEA,MAAM+B,YAAY,GAAG,CAACH,eAAe,EAAEC,eAAe,CAAC,CAACG,MAAM,CAACC,OAAO,CAAC;IAEvE,IAAI7E,MAAM,CAACiB,GAAG,KAAK,GAAG,EAAE;MACpB,OAAO0D,YAAY,CAACG,QAAQ,CAAC,OAAO,CAAC;IACzC;;IAEA;IACA;IACA,IAAIH,YAAY,CAAC7B,MAAM,GAAG,CAAC,EAAE;MACzB,OAAO,IAAI;IACf;;IAEA;IACA,OAAO,KAAK;EAChB;EAEA,MAAMiC,qBAAqBA,CAAC/E,MAA6B,EAAE;IACvD,MAAMiE,eAAe,GAAG,MAAM,IAAI,CAACA,eAAe,CAACjE,MAAM,CAAC;IAC1D,IAAI,CAACiE,eAAe,EAAE;MAClB,MAAM,IAAIe,+BAAkB,CAAC,CAAC;IAClC;EACJ;EAEAC,0BAA0BA,CAACtD,MAAc,EAAE;IACvC,IAAI,CAAC,IAAI,CAAClB,4BAA4B,CAAC,CAAC,EAAE;MACtC,OAAO,KAAK;IAChB;IAEA,OAAO,IAAI,CAACwD,eAAe,CAAC;MAAEtC,MAAM;MAAEV,GAAG,EAAE,GAAG;MAAEkD,iBAAiB,EAAE;IAAK,CAAC,CAAC;EAC9E;EAEAe,wBAAwBA,CAACvD,MAAc,EAAE;IACrC,IAAI,CAAC,IAAI,CAAClB,4BAA4B,CAAC,CAAC,EAAE;MACtC,OAAO,IAAI;IACf;IAEA,OAAO,IAAI,CAACwD,eAAe,CAAC;MAAEtC,MAAM;MAAEV,GAAG,EAAE;IAAI,CAAC,CAAC;EACrD;EAEA,MAAMkE,sBAAsBA,CAACnF,MAAoC,EAAE;IAAA,IAAAoF,sBAAA;IAC/D,IAAI,CAAC,IAAI,CAAC3E,4BAA4B,CAAC,CAAC,EAAE;MACtC,OAAO,IAAI;IACf;IAEA,MAAM;MAAEkB,MAAM;MAAEN;IAAY,CAAC,GAAGrB,MAAM;IAEtC,MAAMsE,iBAAiB,GAAG,MAAM,IAAI,CAACR,oBAAoB,CAAC;MACtDnC,MAAM;MACNN;IACJ,CAAC,CAAC;;IAEF;IACA;IACA,MAAMkD,cAAc,GAAGD,iBAAiB,aAAjBA,iBAAiB,uBAAjBA,iBAAiB,CAAE/C,WAAW,CAACM,IAAI,CAACc,CAAC,IAAIA,CAAC,CAACC,KAAK,KAAK,QAAQ,CAAC;IACrF,IAAI2B,cAAc,EAAE;MAChB,OAAO,IAAI;IACf;IAEA,MAAMjD,QAAQ,GAAG,IAAI,CAACnB,WAAW,CAAC,CAAC;IAEnC,MAAMqE,eAAe,GAAGF,iBAAiB,aAAjBA,iBAAiB,gBAAAc,sBAAA,GAAjBd,iBAAiB,CAAE/C,WAAW,CAACgB,IAAI,CACvDI,CAAC,IAAIA,CAAC,CAACQ,MAAM,KAAK,QAAQ,GAAG7B,QAAQ,CAACU,EAC1C,CAAC,cAAAoD,sBAAA,uBAFuBA,sBAAA,CAErBxC,KAAK;IAER,IAAI6B,eAA8C;IAClD,IAAI,IAAI,CAACjE,WAAW,CAAC,CAAC,EAAE;MACpB,MAAMgB,YAAY,GAAG,MAAM,IAAI,CAACpB,eAAe,CAAC,CAAC;MACjD,IAAIoB,YAAY,EAAE;QAAA,IAAA6D,sBAAA;QACdZ,eAAe,GAAGH,iBAAiB,aAAjBA,iBAAiB,gBAAAe,sBAAA,GAAjBf,iBAAiB,CAAE/C,WAAW,CAACgB,IAAI,CACjDI,CAAC,IAAIA,CAAC,CAACQ,MAAM,KAAK,OAAO,GAAG3B,YAAY,CAACQ,EAC7C,CAAC,cAAAqD,sBAAA,uBAFiBA,sBAAA,CAEfzC,KAAK;MACZ;IACJ;IAEA,MAAM+B,YAAY,GAAG,CAACH,eAAe,EAAEC,eAAe,CAAC,CAACG,MAAM,CAACC,OAAO,CAAC;;IAEvE;IACA;IACA,IAAI7E,MAAM,CAACiB,GAAG,KAAK,GAAG,EAAE;MACpB,OAAO0D,YAAY,CAACG,QAAQ,CAAC,OAAO,CAAC,IAAIH,YAAY,CAACG,QAAQ,CAAC,QAAQ,CAAC;IAC5E;;IAEA;IACA;IACA,IAAIH,YAAY,CAAC7B,MAAM,GAAG,CAAC,EAAE;MACzB,OAAO,IAAI;IACf;;IAEA;IACA,OAAO,KAAK;EAChB;EAEA,MAAMwC,4BAA4BA,CAACtF,MAAoC,EAAE;IACrE,MAAMmF,sBAAsB,GAAG,MAAM,IAAI,CAACA,sBAAsB,CAACnF,MAAM,CAAC;IACxE,IAAI,CAACmF,sBAAsB,EAAE;MACzB,MAAM,IAAIH,+BAAkB,CAAC,CAAC;IAClC;EACJ;EAEA,MAAMO,qBAAqBA,CAAA,EAAG;IAC1B,OAAO,IAAI;EACf;EAEA,MAAMvE,aAAaA,CAAChB,MAA2B,EAAE;IAC7C,MAAMwF,eAAyB,GAAG,EAAE;IAEpC,MAAM;MAAE1E,OAAO;MAAEG;IAAI,CAAC,GAAGjB,MAAM;IAC/B,KAAK,IAAI6D,CAAC,GAAG,CAAC,EAAEA,CAAC,GAAG/C,OAAO,CAACgC,MAAM,EAAEe,CAAC,EAAE,EAAE;MACrC,MAAMlC,MAAM,GAAGb,OAAO,CAAC+C,CAAC,CAAC;MACzB,MAAMI,eAAe,GAAG,MAAM,IAAI,CAACA,eAAe,CAAC;QAAEtC,MAAM;QAAEV;MAAI,CAAC,CAAC;MACnE,IAAIgD,eAAe,EAAE;QACjBuB,eAAe,CAACvC,IAAI,CAACtB,MAAM,CAAC;MAChC;IACJ;IAEA,OAAO6D,eAAe;EAC1B;EAEA,MAAMtE,uBAAuBA,CAACS,MAAyB,EAAE;IACrD,MAAMb,OAAO,GAAG2E,KAAK,CAACC,OAAO,CAAC/D,MAAM,CAAC,GAAGA,MAAM,GAAG,CAACA,MAAM,CAAC;IAEzD,KAAK,IAAIkC,CAAC,GAAG,CAAC,EAAEA,CAAC,GAAG/C,OAAO,CAACgC,MAAM,EAAEe,CAAC,EAAE,EAAE;MACrC,MAAMlC,MAAM,GAAGb,OAAO,CAAC+C,CAAC,CAAC;MACzB,MAAMS,iBAAiB,GAAG,MAAM,IAAI,CAACR,oBAAoB,CAAC;QAAEnC;MAAO,CAAC,CAAC;MACrE,IAAI2C,iBAAiB,EAAE;QACnB3C,MAAM,CAACJ,WAAW,GAAG+C,iBAAiB,CAAC/C,WAAW;MACtD,CAAC,MAAM;QACHI,MAAM,CAACJ,WAAW,GAAG,EAAE;MAC3B;IACJ;EACJ;EAEAoE,yCAAyCA,CAAC5B,qBAA0C,EAAE;IAClF,OAAOA,qBAAqB,aAArBA,qBAAqB,uBAArBA,qBAAqB,CAAElC,IAAI,CAACc,CAAC,IAAI,CAACA,CAAC,CAACK,aAAa,CAAC;EAC7D;AACJ;AAAC4C,OAAA,CAAA9F,sBAAA,GAAAA,sBAAA"}
1
+ {"version":3,"names":["_apiSecurity","require","_structuredClone","_interopRequireDefault","FolderLevelPermissions","constructor","params","_defineProperty2","default","getIdentity","getIdentityTeam","listPermissions","listAllFoldersCallback","listAllFolders","canUseTeams","canUseFolderLevelPermissions","folderType","allFolders","structuredClone","listAllFoldersWithPermissions","folders","filteredFoldersWithPermissions","filterFolders","rwd","assignFolderPermissions","invalidateCache","listFoldersPermissions","foldersList","identity","permissions","identityTeam","processedFolderPermissions","processFolderPermissions","folder","_folder$permissions","some","fp","folderId","id","currentFolderPermissions","map","permission","_objectSpread2","parentId","parentFolder","find","f","processedParentFolderPermissions","isPublicParentFolder","p","level","mustInherit","length","inheritedPermissions","inheritedFrom","push","currentIdentityIncludedInPermissions","target","currentIdentityPermissionIndex","findIndex","currentIdentityPermission","splice","unshift","hasFullAccess","name","teamPermission","mustAddPublicPermission","i","getFolderPermissions","folderPermissionsList","type","canAccessFolder","canAccessParentFolder","folderPermissions","managePermissions","ensureCanAccessFolder","NotAuthorizedError","canManageFolderPermissions","canManageFolderStructure","canManageFolderContent","canAccessFolderContent","ensureCanAccessFolderContent","canCreateFolderInRoot","filteredFolders","Array","isArray","permissionsIncludeNonInheritedPermissions","exports"],"sources":["FolderLevelPermissions.ts"],"sourcesContent":["import { Authentication } from \"@webiny/api-authentication/types\";\nimport { SecurityPermission, Team } from \"@webiny/api-security/types\";\nimport { Folder } from \"~/folder/folder.types\";\nimport { NotAuthorizedError } from \"@webiny/api-security\";\nimport structuredClone from \"@ungap/structured-clone\";\n\nexport type FolderAccessLevel = \"owner\" | \"viewer\" | \"editor\" | \"public\";\n\nexport interface FolderPermission {\n target: string;\n level: FolderAccessLevel;\n inheritedFrom?: string;\n}\n\nexport interface FolderPermissionsListItem {\n folderId: string;\n permissions: FolderPermission[];\n}\n\nexport type FolderPermissionsList = FolderPermissionsListItem[];\n\nexport interface CanAccessFolderContentParams {\n folder: Pick<Folder, \"id\" | \"type\" | \"parentId\">;\n rwd?: \"r\" | \"w\" | \"d\";\n foldersList?: Folder[];\n}\n\nexport interface CanAccessFolderParams extends CanAccessFolderContentParams {\n managePermissions?: boolean;\n}\n\ninterface FilterFoldersParams {\n folders: Array<Folder>;\n rwd?: \"r\" | \"w\" | \"d\";\n}\n\ninterface GetFolderPermissionsParams {\n folder: Pick<Folder, \"id\" | \"type\">;\n foldersList?: Folder[];\n}\n\ninterface ListFolderPermissionsParams {\n folderType: string;\n foldersList?: Folder[];\n}\n\nexport interface FolderLevelPermissionsParams {\n getIdentity: Authentication[\"getIdentity\"];\n getIdentityTeam: () => Promise<Team | null>;\n listPermissions: () => Promise<SecurityPermission[]>;\n listAllFolders: (folderType: string) => Promise<Folder[]>;\n canUseTeams: () => boolean;\n canUseFolderLevelPermissions: () => boolean;\n}\n\nexport class FolderLevelPermissions {\n private readonly getIdentity: Authentication[\"getIdentity\"];\n private readonly getIdentityTeam: () => Promise<Team | null>;\n private readonly listPermissions: () => Promise<SecurityPermission[]>;\n private readonly listAllFoldersCallback: (folderType: string) => Promise<Folder[]>;\n private readonly canUseTeams: () => boolean;\n private readonly canUseFolderLevelPermissions: () => boolean;\n private allFolders: Record<string, Folder[]> = {};\n\n constructor(params: FolderLevelPermissionsParams) {\n this.getIdentity = params.getIdentity;\n this.getIdentityTeam = params.getIdentityTeam;\n this.listPermissions = params.listPermissions;\n this.listAllFoldersCallback = params.listAllFolders;\n this.canUseTeams = params.canUseTeams;\n this.canUseFolderLevelPermissions = params.canUseFolderLevelPermissions;\n }\n\n async listAllFolders(folderType: string): Promise<Folder[]> {\n if (folderType in this.allFolders) {\n return structuredClone(this.allFolders[folderType]);\n }\n\n this.allFolders[folderType] = await this.listAllFoldersCallback(folderType);\n return structuredClone(this.allFolders[folderType]);\n }\n\n async listAllFoldersWithPermissions(folderType: string) {\n const folders = await this.listAllFolders(folderType);\n\n // Filter folders based on permissions and assign permissions to each folder.\n const filteredFoldersWithPermissions = await this.filterFolders({\n folders,\n rwd: \"r\"\n });\n\n await this.assignFolderPermissions(filteredFoldersWithPermissions);\n\n return filteredFoldersWithPermissions;\n }\n\n invalidateCache(folderType?: string) {\n if (folderType) {\n if (folderType in this.allFolders) {\n delete this.allFolders[folderType];\n }\n } else {\n this.allFolders = {};\n }\n }\n\n async listFoldersPermissions(\n params: ListFolderPermissionsParams\n ): Promise<FolderPermissionsList> {\n if (!this.canUseFolderLevelPermissions()) {\n return [];\n }\n\n const { folderType, foldersList } = params;\n\n const allFolders = foldersList || (await this.listAllFolders(folderType));\n const identity = this.getIdentity();\n const permissions = await this.listPermissions();\n\n let identityTeam: Team | null;\n if (this.canUseTeams()) {\n identityTeam = await this.getIdentityTeam();\n }\n\n const processedFolderPermissions: FolderPermissionsListItem[] = [];\n\n const processFolderPermissions = (folder: Folder) => {\n if (processedFolderPermissions.some(fp => fp.folderId === folder.id)) {\n return;\n }\n\n // Copy permissions, so we don't modify the original object.\n const currentFolderPermissions: FolderPermissionsListItem = {\n folderId: folder.id,\n // On new folders, permissions can be `null`. Guard against that.\n permissions: folder.permissions?.map(permission => ({ ...permission })) || []\n };\n\n // Check for permissions inherited from parent folder.\n if (folder.parentId) {\n const parentFolder = allFolders!.find(f => f.id === folder.parentId)!;\n if (parentFolder) {\n // First check if the parent folder has already been processed.\n let processedParentFolderPermissions = processedFolderPermissions.find(\n fp => fp.folderId === parentFolder.id\n );\n\n // If not, process the parent folder.\n if (!processedParentFolderPermissions) {\n processFolderPermissions(parentFolder);\n processedParentFolderPermissions = processedFolderPermissions.find(\n fp => fp.folderId === folder.parentId\n );\n }\n\n // If the parent folder has permissions, let's add them to the current folder.\n if (processedParentFolderPermissions) {\n const isPublicParentFolder =\n processedParentFolderPermissions.permissions.some(\n p => p.level === \"public\"\n );\n\n // We inherit parent permissions if:\n // 1. the parent folder is not public or...\n // 2. ...the parent folder is public, but the current folder doesn't have any permissions set\n const mustInherit =\n !isPublicParentFolder ||\n currentFolderPermissions.permissions.length === 0;\n\n if (mustInherit) {\n const inheritedPermissions =\n processedParentFolderPermissions.permissions.map(p => {\n return {\n ...p,\n inheritedFrom:\n \"parent:\" + processedParentFolderPermissions!.folderId\n };\n });\n\n currentFolderPermissions.permissions.push(...inheritedPermissions);\n }\n }\n }\n }\n\n // Let's ensure current identity's permission is included in the permissions array.\n // We first check if the current identity is already included in the permissions array.\n // If not, we check if the user has full access or if the team user belongs to has access.\n const currentIdentityIncludedInPermissions = currentFolderPermissions.permissions.some(\n p => p.target === `admin:${identity.id}`\n );\n\n if (currentIdentityIncludedInPermissions) {\n // Ensure existing identity permission is always the first one in the array.\n const currentIdentityPermissionIndex =\n currentFolderPermissions.permissions.findIndex(\n p => p.target === `admin:${identity.id}`\n );\n\n if (currentIdentityPermissionIndex > 0) {\n const [currentIdentityPermission] = currentFolderPermissions.permissions.splice(\n currentIdentityPermissionIndex,\n 1\n );\n currentFolderPermissions.permissions.unshift(currentIdentityPermission);\n }\n } else {\n // Current identity not included in permissions? Let's add it.\n let currentIdentityPermission: FolderPermission | null = null;\n\n // 1. Check if the user has full access.\n const hasFullAccess = permissions.some(p => p.name === \"*\");\n if (hasFullAccess) {\n currentIdentityPermission = {\n target: `admin:${identity.id}`,\n level: \"owner\",\n inheritedFrom: \"role:full-access\"\n };\n } else if (identityTeam) {\n // 2. Check the team user belongs to grants access to the folder.\n const teamPermission = currentFolderPermissions.permissions.find(\n p => p.target === `team:${identityTeam!.id}`\n );\n\n if (teamPermission) {\n currentIdentityPermission = {\n target: `admin:${identity.id}`,\n level: teamPermission.level,\n inheritedFrom: \"team:\" + identityTeam!.id\n };\n }\n }\n\n if (currentIdentityPermission) {\n // If permission is found, let's add it to the beginning of the array.\n // We're doing this just because it looks nicer in the UI.\n currentFolderPermissions.permissions.unshift(currentIdentityPermission);\n }\n }\n\n // Note that this can only happen with root folders. All other (child) folders will\n // always have at least one permission (inherited from parent).\n const mustAddPublicPermission = currentFolderPermissions.permissions.length === 0;\n if (mustAddPublicPermission) {\n currentFolderPermissions.permissions = [\n {\n target: `admin:${identity.id}`,\n level: \"public\",\n inheritedFrom: \"public\"\n }\n ];\n }\n\n processedFolderPermissions.push(currentFolderPermissions);\n };\n\n for (let i = 0; i < allFolders!.length; i++) {\n const folder = allFolders![i];\n processFolderPermissions(folder);\n }\n\n return processedFolderPermissions;\n }\n\n async getFolderPermissions(\n params: GetFolderPermissionsParams\n ): Promise<FolderPermissionsListItem | undefined> {\n const { folder, foldersList } = params;\n const folderPermissionsList = await this.listFoldersPermissions({\n folderType: folder.type,\n foldersList\n });\n\n return folderPermissionsList.find(fp => fp.folderId === folder.id);\n }\n\n async canAccessFolder(params: CanAccessFolderParams) {\n if (!this.canUseFolderLevelPermissions()) {\n return true;\n }\n\n const { folder } = params;\n\n // We check for parent folder access first because the passed folder should be\n // inaccessible if the parent folder is inaccessible.\n if (folder.parentId) {\n let foldersList = params.foldersList;\n if (!foldersList) {\n foldersList = await this.listAllFolders(folder.type);\n }\n\n const parentFolder = foldersList.find(f => f.id === folder.parentId);\n if (parentFolder) {\n const canAccessParentFolder = await this.canAccessFolder({\n ...params,\n folder: parentFolder\n });\n\n if (!canAccessParentFolder) {\n return false;\n }\n }\n }\n\n const folderPermissions = await this.getFolderPermissions({\n folder,\n foldersList: params.foldersList\n });\n\n const identity = this.getIdentity();\n const currentIdentityPermission = folderPermissions?.permissions.find(p => {\n return p.target === `admin:${identity.id}`;\n });\n\n if (!currentIdentityPermission) {\n return false;\n }\n\n const { level } = currentIdentityPermission;\n\n if (params.managePermissions) {\n return level === \"owner\";\n }\n\n // Checking for \"write\" or \"delete\" access. Allow only if the\n // user is an owner or the folder is public (no FLP assigned).\n if (params.rwd !== \"r\") {\n return level === \"owner\" || level === \"public\";\n }\n\n return true;\n }\n\n async ensureCanAccessFolder(params: CanAccessFolderParams) {\n const canAccessFolder = await this.canAccessFolder(params);\n if (!canAccessFolder) {\n throw new NotAuthorizedError();\n }\n }\n\n canManageFolderPermissions(folder: Folder) {\n if (!this.canUseFolderLevelPermissions()) {\n return false;\n }\n\n return this.canAccessFolder({ folder, rwd: \"w\", managePermissions: true });\n }\n\n canManageFolderStructure(folder: Folder) {\n if (!this.canUseFolderLevelPermissions()) {\n return true;\n }\n\n return this.canAccessFolder({ folder, rwd: \"w\" });\n }\n\n canManageFolderContent(folder: Folder) {\n if (!this.canUseFolderLevelPermissions()) {\n return true;\n }\n\n return this.canAccessFolderContent({ folder, rwd: \"w\" });\n }\n\n async canAccessFolderContent(params: CanAccessFolderContentParams) {\n if (!this.canUseFolderLevelPermissions()) {\n return true;\n }\n\n const { folder, foldersList } = params;\n\n const folderPermissions = await this.getFolderPermissions({\n folder,\n foldersList\n });\n\n const identity = this.getIdentity();\n const currentIdentityPermission = folderPermissions?.permissions.find(p => {\n return p.target === `admin:${identity.id}`;\n });\n\n if (!currentIdentityPermission) {\n return false;\n }\n\n // If the user is not an owner and we're checking for \"write\" or\n // \"delete\" access, then we can immediately return false.\n if (params.rwd !== \"r\") {\n const { level } = currentIdentityPermission;\n return level !== \"viewer\";\n }\n\n return true;\n }\n\n async ensureCanAccessFolderContent(params: CanAccessFolderContentParams) {\n const canAccessFolderContent = await this.canAccessFolderContent(params);\n if (!canAccessFolderContent) {\n throw new NotAuthorizedError();\n }\n }\n\n async canCreateFolderInRoot() {\n return true;\n }\n\n async filterFolders(params: FilterFoldersParams) {\n const filteredFolders: Folder[] = [];\n\n const { folders, rwd } = params;\n for (let i = 0; i < folders.length; i++) {\n const folder = folders[i];\n const canAccessFolder = await this.canAccessFolder({ folder, rwd });\n if (canAccessFolder) {\n filteredFolders.push(folder);\n }\n }\n\n return filteredFolders;\n }\n\n async assignFolderPermissions(folder: Folder | Folder[]) {\n const folders = Array.isArray(folder) ? folder : [folder];\n\n for (let i = 0; i < folders.length; i++) {\n const folder = folders[i];\n const folderPermissions = await this.getFolderPermissions({ folder });\n if (folderPermissions) {\n folder.permissions = folderPermissions.permissions;\n } else {\n folder.permissions = [];\n }\n }\n }\n\n permissionsIncludeNonInheritedPermissions(folderPermissionsList?: FolderPermission[]) {\n return folderPermissionsList?.some(p => !p.inheritedFrom);\n }\n}\n"],"mappings":";;;;;;;;;AAGA,IAAAA,YAAA,GAAAC,OAAA;AACA,IAAAC,gBAAA,GAAAC,sBAAA,CAAAF,OAAA;AAmDO,MAAMG,sBAAsB,CAAC;EAShCC,WAAWA,CAACC,MAAoC,EAAE;IAAA,IAAAC,gBAAA,CAAAC,OAAA;IAAA,IAAAD,gBAAA,CAAAC,OAAA;IAAA,IAAAD,gBAAA,CAAAC,OAAA;IAAA,IAAAD,gBAAA,CAAAC,OAAA;IAAA,IAAAD,gBAAA,CAAAC,OAAA;IAAA,IAAAD,gBAAA,CAAAC,OAAA;IAAA,IAAAD,gBAAA,CAAAC,OAAA,sBAFH,CAAC,CAAC;IAG7C,IAAI,CAACC,WAAW,GAAGH,MAAM,CAACG,WAAW;IACrC,IAAI,CAACC,eAAe,GAAGJ,MAAM,CAACI,eAAe;IAC7C,IAAI,CAACC,eAAe,GAAGL,MAAM,CAACK,eAAe;IAC7C,IAAI,CAACC,sBAAsB,GAAGN,MAAM,CAACO,cAAc;IACnD,IAAI,CAACC,WAAW,GAAGR,MAAM,CAACQ,WAAW;IACrC,IAAI,CAACC,4BAA4B,GAAGT,MAAM,CAACS,4BAA4B;EAC3E;EAEA,MAAMF,cAAcA,CAACG,UAAkB,EAAqB;IACxD,IAAIA,UAAU,IAAI,IAAI,CAACC,UAAU,EAAE;MAC/B,OAAO,IAAAC,wBAAe,EAAC,IAAI,CAACD,UAAU,CAACD,UAAU,CAAC,CAAC;IACvD;IAEA,IAAI,CAACC,UAAU,CAACD,UAAU,CAAC,GAAG,MAAM,IAAI,CAACJ,sBAAsB,CAACI,UAAU,CAAC;IAC3E,OAAO,IAAAE,wBAAe,EAAC,IAAI,CAACD,UAAU,CAACD,UAAU,CAAC,CAAC;EACvD;EAEA,MAAMG,6BAA6BA,CAACH,UAAkB,EAAE;IACpD,MAAMI,OAAO,GAAG,MAAM,IAAI,CAACP,cAAc,CAACG,UAAU,CAAC;;IAErD;IACA,MAAMK,8BAA8B,GAAG,MAAM,IAAI,CAACC,aAAa,CAAC;MAC5DF,OAAO;MACPG,GAAG,EAAE;IACT,CAAC,CAAC;IAEF,MAAM,IAAI,CAACC,uBAAuB,CAACH,8BAA8B,CAAC;IAElE,OAAOA,8BAA8B;EACzC;EAEAI,eAAeA,CAACT,UAAmB,EAAE;IACjC,IAAIA,UAAU,EAAE;MACZ,IAAIA,UAAU,IAAI,IAAI,CAACC,UAAU,EAAE;QAC/B,OAAO,IAAI,CAACA,UAAU,CAACD,UAAU,CAAC;MACtC;IACJ,CAAC,MAAM;MACH,IAAI,CAACC,UAAU,GAAG,CAAC,CAAC;IACxB;EACJ;EAEA,MAAMS,sBAAsBA,CACxBpB,MAAmC,EACL;IAC9B,IAAI,CAAC,IAAI,CAACS,4BAA4B,CAAC,CAAC,EAAE;MACtC,OAAO,EAAE;IACb;IAEA,MAAM;MAAEC,UAAU;MAAEW;IAAY,CAAC,GAAGrB,MAAM;IAE1C,MAAMW,UAAU,GAAGU,WAAW,KAAK,MAAM,IAAI,CAACd,cAAc,CAACG,UAAU,CAAC,CAAC;IACzE,MAAMY,QAAQ,GAAG,IAAI,CAACnB,WAAW,CAAC,CAAC;IACnC,MAAMoB,WAAW,GAAG,MAAM,IAAI,CAAClB,eAAe,CAAC,CAAC;IAEhD,IAAImB,YAAyB;IAC7B,IAAI,IAAI,CAAChB,WAAW,CAAC,CAAC,EAAE;MACpBgB,YAAY,GAAG,MAAM,IAAI,CAACpB,eAAe,CAAC,CAAC;IAC/C;IAEA,MAAMqB,0BAAuD,GAAG,EAAE;IAElE,MAAMC,wBAAwB,GAAIC,MAAc,IAAK;MAAA,IAAAC,mBAAA;MACjD,IAAIH,0BAA0B,CAACI,IAAI,CAACC,EAAE,IAAIA,EAAE,CAACC,QAAQ,KAAKJ,MAAM,CAACK,EAAE,CAAC,EAAE;QAClE;MACJ;;MAEA;MACA,MAAMC,wBAAmD,GAAG;QACxDF,QAAQ,EAAEJ,MAAM,CAACK,EAAE;QACnB;QACAT,WAAW,EAAE,EAAAK,mBAAA,GAAAD,MAAM,CAACJ,WAAW,cAAAK,mBAAA,uBAAlBA,mBAAA,CAAoBM,GAAG,CAACC,UAAU,QAAAC,cAAA,CAAAlC,OAAA,MAAUiC,UAAU,CAAG,CAAC,KAAI;MAC/E,CAAC;;MAED;MACA,IAAIR,MAAM,CAACU,QAAQ,EAAE;QACjB,MAAMC,YAAY,GAAG3B,UAAU,CAAE4B,IAAI,CAACC,CAAC,IAAIA,CAAC,CAACR,EAAE,KAAKL,MAAM,CAACU,QAAQ,CAAE;QACrE,IAAIC,YAAY,EAAE;UACd;UACA,IAAIG,gCAAgC,GAAGhB,0BAA0B,CAACc,IAAI,CAClET,EAAE,IAAIA,EAAE,CAACC,QAAQ,KAAKO,YAAY,CAACN,EACvC,CAAC;;UAED;UACA,IAAI,CAACS,gCAAgC,EAAE;YACnCf,wBAAwB,CAACY,YAAY,CAAC;YACtCG,gCAAgC,GAAGhB,0BAA0B,CAACc,IAAI,CAC9DT,EAAE,IAAIA,EAAE,CAACC,QAAQ,KAAKJ,MAAM,CAACU,QACjC,CAAC;UACL;;UAEA;UACA,IAAII,gCAAgC,EAAE;YAClC,MAAMC,oBAAoB,GACtBD,gCAAgC,CAAClB,WAAW,CAACM,IAAI,CAC7Cc,CAAC,IAAIA,CAAC,CAACC,KAAK,KAAK,QACrB,CAAC;;YAEL;YACA;YACA;YACA,MAAMC,WAAW,GACb,CAACH,oBAAoB,IACrBT,wBAAwB,CAACV,WAAW,CAACuB,MAAM,KAAK,CAAC;YAErD,IAAID,WAAW,EAAE;cACb,MAAME,oBAAoB,GACtBN,gCAAgC,CAAClB,WAAW,CAACW,GAAG,CAACS,CAAC,IAAI;gBAClD,WAAAP,cAAA,CAAAlC,OAAA,MAAAkC,cAAA,CAAAlC,OAAA,MACOyC,CAAC;kBACJK,aAAa,EACT,SAAS,GAAGP,gCAAgC,CAAEV;gBAAQ;cAElE,CAAC,CAAC;cAENE,wBAAwB,CAACV,WAAW,CAAC0B,IAAI,CAAC,GAAGF,oBAAoB,CAAC;YACtE;UACJ;QACJ;MACJ;;MAEA;MACA;MACA;MACA,MAAMG,oCAAoC,GAAGjB,wBAAwB,CAACV,WAAW,CAACM,IAAI,CAClFc,CAAC,IAAIA,CAAC,CAACQ,MAAM,KAAM,SAAQ7B,QAAQ,CAACU,EAAG,EAC3C,CAAC;MAED,IAAIkB,oCAAoC,EAAE;QACtC;QACA,MAAME,8BAA8B,GAChCnB,wBAAwB,CAACV,WAAW,CAAC8B,SAAS,CAC1CV,CAAC,IAAIA,CAAC,CAACQ,MAAM,KAAM,SAAQ7B,QAAQ,CAACU,EAAG,EAC3C,CAAC;QAEL,IAAIoB,8BAA8B,GAAG,CAAC,EAAE;UACpC,MAAM,CAACE,yBAAyB,CAAC,GAAGrB,wBAAwB,CAACV,WAAW,CAACgC,MAAM,CAC3EH,8BAA8B,EAC9B,CACJ,CAAC;UACDnB,wBAAwB,CAACV,WAAW,CAACiC,OAAO,CAACF,yBAAyB,CAAC;QAC3E;MACJ,CAAC,MAAM;QACH;QACA,IAAIA,yBAAkD,GAAG,IAAI;;QAE7D;QACA,MAAMG,aAAa,GAAGlC,WAAW,CAACM,IAAI,CAACc,CAAC,IAAIA,CAAC,CAACe,IAAI,KAAK,GAAG,CAAC;QAC3D,IAAID,aAAa,EAAE;UACfH,yBAAyB,GAAG;YACxBH,MAAM,EAAG,SAAQ7B,QAAQ,CAACU,EAAG,EAAC;YAC9BY,KAAK,EAAE,OAAO;YACdI,aAAa,EAAE;UACnB,CAAC;QACL,CAAC,MAAM,IAAIxB,YAAY,EAAE;UACrB;UACA,MAAMmC,cAAc,GAAG1B,wBAAwB,CAACV,WAAW,CAACgB,IAAI,CAC5DI,CAAC,IAAIA,CAAC,CAACQ,MAAM,KAAM,QAAO3B,YAAY,CAAEQ,EAAG,EAC/C,CAAC;UAED,IAAI2B,cAAc,EAAE;YAChBL,yBAAyB,GAAG;cACxBH,MAAM,EAAG,SAAQ7B,QAAQ,CAACU,EAAG,EAAC;cAC9BY,KAAK,EAAEe,cAAc,CAACf,KAAK;cAC3BI,aAAa,EAAE,OAAO,GAAGxB,YAAY,CAAEQ;YAC3C,CAAC;UACL;QACJ;QAEA,IAAIsB,yBAAyB,EAAE;UAC3B;UACA;UACArB,wBAAwB,CAACV,WAAW,CAACiC,OAAO,CAACF,yBAAyB,CAAC;QAC3E;MACJ;;MAEA;MACA;MACA,MAAMM,uBAAuB,GAAG3B,wBAAwB,CAACV,WAAW,CAACuB,MAAM,KAAK,CAAC;MACjF,IAAIc,uBAAuB,EAAE;QACzB3B,wBAAwB,CAACV,WAAW,GAAG,CACnC;UACI4B,MAAM,EAAG,SAAQ7B,QAAQ,CAACU,EAAG,EAAC;UAC9BY,KAAK,EAAE,QAAQ;UACfI,aAAa,EAAE;QACnB,CAAC,CACJ;MACL;MAEAvB,0BAA0B,CAACwB,IAAI,CAAChB,wBAAwB,CAAC;IAC7D,CAAC;IAED,KAAK,IAAI4B,CAAC,GAAG,CAAC,EAAEA,CAAC,GAAGlD,UAAU,CAAEmC,MAAM,EAAEe,CAAC,EAAE,EAAE;MACzC,MAAMlC,MAAM,GAAGhB,UAAU,CAAEkD,CAAC,CAAC;MAC7BnC,wBAAwB,CAACC,MAAM,CAAC;IACpC;IAEA,OAAOF,0BAA0B;EACrC;EAEA,MAAMqC,oBAAoBA,CACtB9D,MAAkC,EACY;IAC9C,MAAM;MAAE2B,MAAM;MAAEN;IAAY,CAAC,GAAGrB,MAAM;IACtC,MAAM+D,qBAAqB,GAAG,MAAM,IAAI,CAAC3C,sBAAsB,CAAC;MAC5DV,UAAU,EAAEiB,MAAM,CAACqC,IAAI;MACvB3C;IACJ,CAAC,CAAC;IAEF,OAAO0C,qBAAqB,CAACxB,IAAI,CAACT,EAAE,IAAIA,EAAE,CAACC,QAAQ,KAAKJ,MAAM,CAACK,EAAE,CAAC;EACtE;EAEA,MAAMiC,eAAeA,CAACjE,MAA6B,EAAE;IACjD,IAAI,CAAC,IAAI,CAACS,4BAA4B,CAAC,CAAC,EAAE;MACtC,OAAO,IAAI;IACf;IAEA,MAAM;MAAEkB;IAAO,CAAC,GAAG3B,MAAM;;IAEzB;IACA;IACA,IAAI2B,MAAM,CAACU,QAAQ,EAAE;MACjB,IAAIhB,WAAW,GAAGrB,MAAM,CAACqB,WAAW;MACpC,IAAI,CAACA,WAAW,EAAE;QACdA,WAAW,GAAG,MAAM,IAAI,CAACd,cAAc,CAACoB,MAAM,CAACqC,IAAI,CAAC;MACxD;MAEA,MAAM1B,YAAY,GAAGjB,WAAW,CAACkB,IAAI,CAACC,CAAC,IAAIA,CAAC,CAACR,EAAE,KAAKL,MAAM,CAACU,QAAQ,CAAC;MACpE,IAAIC,YAAY,EAAE;QACd,MAAM4B,qBAAqB,GAAG,MAAM,IAAI,CAACD,eAAe,KAAA7B,cAAA,CAAAlC,OAAA,MAAAkC,cAAA,CAAAlC,OAAA,MACjDF,MAAM;UACT2B,MAAM,EAAEW;QAAY,EACvB,CAAC;QAEF,IAAI,CAAC4B,qBAAqB,EAAE;UACxB,OAAO,KAAK;QAChB;MACJ;IACJ;IAEA,MAAMC,iBAAiB,GAAG,MAAM,IAAI,CAACL,oBAAoB,CAAC;MACtDnC,MAAM;MACNN,WAAW,EAAErB,MAAM,CAACqB;IACxB,CAAC,CAAC;IAEF,MAAMC,QAAQ,GAAG,IAAI,CAACnB,WAAW,CAAC,CAAC;IACnC,MAAMmD,yBAAyB,GAAGa,iBAAiB,aAAjBA,iBAAiB,uBAAjBA,iBAAiB,CAAE5C,WAAW,CAACgB,IAAI,CAACI,CAAC,IAAI;MACvE,OAAOA,CAAC,CAACQ,MAAM,KAAM,SAAQ7B,QAAQ,CAACU,EAAG,EAAC;IAC9C,CAAC,CAAC;IAEF,IAAI,CAACsB,yBAAyB,EAAE;MAC5B,OAAO,KAAK;IAChB;IAEA,MAAM;MAAEV;IAAM,CAAC,GAAGU,yBAAyB;IAE3C,IAAItD,MAAM,CAACoE,iBAAiB,EAAE;MAC1B,OAAOxB,KAAK,KAAK,OAAO;IAC5B;;IAEA;IACA;IACA,IAAI5C,MAAM,CAACiB,GAAG,KAAK,GAAG,EAAE;MACpB,OAAO2B,KAAK,KAAK,OAAO,IAAIA,KAAK,KAAK,QAAQ;IAClD;IAEA,OAAO,IAAI;EACf;EAEA,MAAMyB,qBAAqBA,CAACrE,MAA6B,EAAE;IACvD,MAAMiE,eAAe,GAAG,MAAM,IAAI,CAACA,eAAe,CAACjE,MAAM,CAAC;IAC1D,IAAI,CAACiE,eAAe,EAAE;MAClB,MAAM,IAAIK,+BAAkB,CAAC,CAAC;IAClC;EACJ;EAEAC,0BAA0BA,CAAC5C,MAAc,EAAE;IACvC,IAAI,CAAC,IAAI,CAAClB,4BAA4B,CAAC,CAAC,EAAE;MACtC,OAAO,KAAK;IAChB;IAEA,OAAO,IAAI,CAACwD,eAAe,CAAC;MAAEtC,MAAM;MAAEV,GAAG,EAAE,GAAG;MAAEmD,iBAAiB,EAAE;IAAK,CAAC,CAAC;EAC9E;EAEAI,wBAAwBA,CAAC7C,MAAc,EAAE;IACrC,IAAI,CAAC,IAAI,CAAClB,4BAA4B,CAAC,CAAC,EAAE;MACtC,OAAO,IAAI;IACf;IAEA,OAAO,IAAI,CAACwD,eAAe,CAAC;MAAEtC,MAAM;MAAEV,GAAG,EAAE;IAAI,CAAC,CAAC;EACrD;EAEAwD,sBAAsBA,CAAC9C,MAAc,EAAE;IACnC,IAAI,CAAC,IAAI,CAAClB,4BAA4B,CAAC,CAAC,EAAE;MACtC,OAAO,IAAI;IACf;IAEA,OAAO,IAAI,CAACiE,sBAAsB,CAAC;MAAE/C,MAAM;MAAEV,GAAG,EAAE;IAAI,CAAC,CAAC;EAC5D;EAEA,MAAMyD,sBAAsBA,CAAC1E,MAAoC,EAAE;IAC/D,IAAI,CAAC,IAAI,CAACS,4BAA4B,CAAC,CAAC,EAAE;MACtC,OAAO,IAAI;IACf;IAEA,MAAM;MAAEkB,MAAM;MAAEN;IAAY,CAAC,GAAGrB,MAAM;IAEtC,MAAMmE,iBAAiB,GAAG,MAAM,IAAI,CAACL,oBAAoB,CAAC;MACtDnC,MAAM;MACNN;IACJ,CAAC,CAAC;IAEF,MAAMC,QAAQ,GAAG,IAAI,CAACnB,WAAW,CAAC,CAAC;IACnC,MAAMmD,yBAAyB,GAAGa,iBAAiB,aAAjBA,iBAAiB,uBAAjBA,iBAAiB,CAAE5C,WAAW,CAACgB,IAAI,CAACI,CAAC,IAAI;MACvE,OAAOA,CAAC,CAACQ,MAAM,KAAM,SAAQ7B,QAAQ,CAACU,EAAG,EAAC;IAC9C,CAAC,CAAC;IAEF,IAAI,CAACsB,yBAAyB,EAAE;MAC5B,OAAO,KAAK;IAChB;;IAEA;IACA;IACA,IAAItD,MAAM,CAACiB,GAAG,KAAK,GAAG,EAAE;MACpB,MAAM;QAAE2B;MAAM,CAAC,GAAGU,yBAAyB;MAC3C,OAAOV,KAAK,KAAK,QAAQ;IAC7B;IAEA,OAAO,IAAI;EACf;EAEA,MAAM+B,4BAA4BA,CAAC3E,MAAoC,EAAE;IACrE,MAAM0E,sBAAsB,GAAG,MAAM,IAAI,CAACA,sBAAsB,CAAC1E,MAAM,CAAC;IACxE,IAAI,CAAC0E,sBAAsB,EAAE;MACzB,MAAM,IAAIJ,+BAAkB,CAAC,CAAC;IAClC;EACJ;EAEA,MAAMM,qBAAqBA,CAAA,EAAG;IAC1B,OAAO,IAAI;EACf;EAEA,MAAM5D,aAAaA,CAAChB,MAA2B,EAAE;IAC7C,MAAM6E,eAAyB,GAAG,EAAE;IAEpC,MAAM;MAAE/D,OAAO;MAAEG;IAAI,CAAC,GAAGjB,MAAM;IAC/B,KAAK,IAAI6D,CAAC,GAAG,CAAC,EAAEA,CAAC,GAAG/C,OAAO,CAACgC,MAAM,EAAEe,CAAC,EAAE,EAAE;MACrC,MAAMlC,MAAM,GAAGb,OAAO,CAAC+C,CAAC,CAAC;MACzB,MAAMI,eAAe,GAAG,MAAM,IAAI,CAACA,eAAe,CAAC;QAAEtC,MAAM;QAAEV;MAAI,CAAC,CAAC;MACnE,IAAIgD,eAAe,EAAE;QACjBY,eAAe,CAAC5B,IAAI,CAACtB,MAAM,CAAC;MAChC;IACJ;IAEA,OAAOkD,eAAe;EAC1B;EAEA,MAAM3D,uBAAuBA,CAACS,MAAyB,EAAE;IACrD,MAAMb,OAAO,GAAGgE,KAAK,CAACC,OAAO,CAACpD,MAAM,CAAC,GAAGA,MAAM,GAAG,CAACA,MAAM,CAAC;IAEzD,KAAK,IAAIkC,CAAC,GAAG,CAAC,EAAEA,CAAC,GAAG/C,OAAO,CAACgC,MAAM,EAAEe,CAAC,EAAE,EAAE;MACrC,MAAMlC,MAAM,GAAGb,OAAO,CAAC+C,CAAC,CAAC;MACzB,MAAMM,iBAAiB,GAAG,MAAM,IAAI,CAACL,oBAAoB,CAAC;QAAEnC;MAAO,CAAC,CAAC;MACrE,IAAIwC,iBAAiB,EAAE;QACnBxC,MAAM,CAACJ,WAAW,GAAG4C,iBAAiB,CAAC5C,WAAW;MACtD,CAAC,MAAM;QACHI,MAAM,CAACJ,WAAW,GAAG,EAAE;MAC3B;IACJ;EACJ;EAEAyD,yCAAyCA,CAACjB,qBAA0C,EAAE;IAClF,OAAOA,qBAAqB,aAArBA,qBAAqB,uBAArBA,qBAAqB,CAAElC,IAAI,CAACc,CAAC,IAAI,CAACA,CAAC,CAACK,aAAa,CAAC;EAC7D;AACJ;AAACiC,OAAA,CAAAnF,sBAAA,GAAAA,sBAAA"}
package/utils/decorators/CmsEntriesCrudDecorators.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["_handlerGraphql","require","_where","_constants","isPageModel","model","modelId","createFolderType","filterEntriesByFolderFactory","context","permissions","entries","folders","aco","folder","listAll","where","type","results","Promise","all","map","entry","_entry$location","folderId","location","ROOT_FOLDER","find","id","NotFoundError","result","canAccessFolderContent","rwd","filter","CmsEntriesCrudDecorators","constructor","_defineProperty2","default","decorate","folderLevelPermissions","filterEntriesByFolder","originalCmsListEntries","cms","listEntries","bind","params","folderType","listAllFoldersWithPermissions","createWhere","_objectSpread2","originalCmsGetEntry","getEntry","_entry$location2","get","ensureCanAccessFolderContent","originalCmsGetEntryById","getEntryById","_entry$location3","originalGetLatestEntriesByIds","getLatestEntriesByIds","ids","originalGetPublishedEntriesByIds","getPublishedEntriesByIds","originalCmsCreateEntry","createEntry","options","_params$wbyAco_locati","_params$location","wbyAco_location","originalCmsCreateFromEntry","createEntryRevisionFrom","input","_entry$location4","storageOperations","getRevisionById","originalCmsUpdateEntry","updateEntry","meta","_entry$location5","originalCmsDeleteEntry","deleteEntry","_entry$location6","originalCmsDeleteEntryRevision","deleteEntryRevision","_entry$location7","originalCmsMoveEntry","moveEntry","targetFolderId","_entry$location8","exports"],"sources":["CmsEntriesCrudDecorators.ts"],"sourcesContent":["import { AcoContext } from \"~/types\";\nimport { CmsEntry, CmsModel } from \"@webiny/api-headless-cms/types\";\nimport { NotFoundError } from \"@webiny/handler-graphql\";\nimport { FolderLevelPermissions } from \"~/utils/FolderLevelPermissions\";\nimport { createWhere } from \"./where\";\nimport { ROOT_FOLDER } from \"./constants\";\n\ntype Context = Pick<AcoContext, \"aco\" | \"cms\">;\n/**\n * Keep this until we figure out how to fetch the folders.\n */\nconst isPageModel = (model: CmsModel): boolean => {\n if (model.modelId === \"pbPage\") {\n return true;\n } else if (model.modelId === \"acoSearchRecord-pbpage\") {\n return true;\n }\n return false;\n};\n\nconst createFolderType = (model: CmsModel): \"FmFile\" | \"PbPage\" | `cms:${string}` => {\n if (model.modelId === \"fmFile\") {\n return \"FmFile\";\n } else if (isPageModel(model)) {\n return \"PbPage\";\n }\n return `cms:${model.modelId}`;\n};\n\nconst filterEntriesByFolderFactory = (context: Context, permissions: FolderLevelPermissions) => {\n return async (model: CmsModel, entries: CmsEntry[]) => {\n const [folders] = await context.aco.folder.listAll({\n where: {\n type: createFolderType(model)\n }\n });\n\n const results = await Promise.all(\n entries.map(async entry => {\n const folderId = entry.location?.folderId;\n if (!folderId || folderId === ROOT_FOLDER) {\n return entry;\n }\n const folder = folders.find(folder => folder.id === folderId);\n if (!folder) {\n throw new NotFoundError(`Folder \"${folderId}\" not found.`);\n }\n const result = await permissions.canAccessFolderContent({\n folder,\n rwd: \"r\"\n });\n return result ? entry : null;\n })\n );\n\n return results.filter((entry): entry is CmsEntry => !!entry);\n };\n};\n\ninterface EntryManagerCrudDecoratorsParams {\n context: Context;\n}\n\nexport class CmsEntriesCrudDecorators {\n private readonly context: Context;\n\n public constructor({ context }: EntryManagerCrudDecoratorsParams) {\n this.context = context;\n }\n\n public decorate() {\n const context = this.context;\n const folderLevelPermissions = context.aco.folderLevelPermissions;\n\n const filterEntriesByFolder = filterEntriesByFolderFactory(context, folderLevelPermissions);\n\n const originalCmsListEntries = context.cms.listEntries.bind(context.cms);\n context.cms.listEntries = async (model, params) => {\n const folderType = createFolderType(model);\n const folders = await folderLevelPermissions.listAllFoldersWithPermissions(folderType);\n\n const where = createWhere({\n where: params.where,\n folders\n });\n return originalCmsListEntries(model, {\n ...params,\n where\n });\n };\n\n const originalCmsGetEntry = context.cms.getEntry.bind(context.cms);\n context.cms.getEntry = async (model, params) => {\n const entry = await originalCmsGetEntry(model, params);\n\n const folderId = entry?.location?.folderId;\n if (!folderId || folderId === ROOT_FOLDER) {\n return entry;\n }\n\n const folder = await context.aco.folder.get(folderId);\n await folderLevelPermissions.ensureCanAccessFolderContent({\n folder,\n rwd: \"r\"\n });\n\n return entry;\n };\n\n const originalCmsGetEntryById = context.cms.getEntryById.bind(context.cms);\n context.cms.getEntryById = async (model, params) => {\n const entry = await originalCmsGetEntryById(model, params);\n\n const folderId = entry?.location?.folderId;\n if (!folderId || folderId === ROOT_FOLDER) {\n return entry;\n }\n const folder = await context.aco.folder.get(folderId);\n await folderLevelPermissions.ensureCanAccessFolderContent({\n folder,\n rwd: \"r\"\n });\n return entry;\n };\n\n const originalGetLatestEntriesByIds = context.cms.getLatestEntriesByIds.bind(context.cms);\n context.cms.getLatestEntriesByIds = async (model, ids) => {\n const entries = await originalGetLatestEntriesByIds(model, ids);\n\n return filterEntriesByFolder(model, entries);\n };\n\n const originalGetPublishedEntriesByIds = context.cms.getPublishedEntriesByIds.bind(\n context.cms\n );\n context.cms.getPublishedEntriesByIds = async (model, ids) => {\n const entries = await originalGetPublishedEntriesByIds(model, ids);\n return filterEntriesByFolder(model, entries);\n };\n\n const originalCmsCreateEntry = context.cms.createEntry.bind(context.cms);\n context.cms.createEntry = async (model, params, options) => {\n const folderId = params.wbyAco_location?.folderId || params.location?.folderId;\n\n if (!folderId || folderId === ROOT_FOLDER) {\n return originalCmsCreateEntry(model, params, options);\n }\n\n const folder = await context.aco.folder.get(folderId);\n await folderLevelPermissions.ensureCanAccessFolderContent({\n folder,\n rwd: \"w\"\n });\n\n return originalCmsCreateEntry(model, params, options);\n };\n\n const originalCmsCreateFromEntry = context.cms.createEntryRevisionFrom.bind(context.cms);\n context.cms.createEntryRevisionFrom = async (model, id, input, options) => {\n const entry = await context.cms.storageOperations.entries.getRevisionById(model, {\n id\n });\n\n const folderId = entry?.location?.folderId;\n if (!folderId || folderId === ROOT_FOLDER) {\n return originalCmsCreateFromEntry(model, id, input, options);\n }\n\n const folder = await context.aco.folder.get(folderId);\n await folderLevelPermissions.ensureCanAccessFolderContent({\n folder,\n rwd: \"w\"\n });\n\n return originalCmsCreateFromEntry(model, id, input, options);\n };\n\n const originalCmsUpdateEntry = context.cms.updateEntry.bind(context.cms);\n context.cms.updateEntry = async (model, id, input, meta, options) => {\n const entry = await context.cms.storageOperations.entries.getRevisionById(model, {\n id\n });\n\n const folderId = entry?.location?.folderId;\n if (!folderId || folderId === ROOT_FOLDER) {\n return originalCmsUpdateEntry(model, id, input, meta, options);\n }\n\n const folder = await context.aco.folder.get(folderId);\n await folderLevelPermissions.ensureCanAccessFolderContent({\n folder,\n rwd: \"w\"\n });\n\n return originalCmsUpdateEntry(model, id, input, meta, options);\n };\n\n const originalCmsDeleteEntry = context.cms.deleteEntry.bind(context.cms);\n context.cms.deleteEntry = async (model, id, options) => {\n const entry = await context.cms.storageOperations.entries.getRevisionById(model, {\n id\n });\n\n const folderId = entry?.location?.folderId;\n if (!folderId || folderId === ROOT_FOLDER) {\n return originalCmsDeleteEntry(model, id, options);\n }\n\n const folder = await context.aco.folder.get(folderId);\n await folderLevelPermissions.ensureCanAccessFolderContent({\n folder,\n rwd: \"d\"\n });\n\n return originalCmsDeleteEntry(model, id, options);\n };\n\n const originalCmsDeleteEntryRevision = context.cms.deleteEntryRevision.bind(context.cms);\n context.cms.deleteEntryRevision = async (model, id) => {\n const entry = await context.cms.storageOperations.entries.getRevisionById(model, {\n id\n });\n\n const folderId = entry?.location?.folderId;\n if (!folderId || folderId === ROOT_FOLDER) {\n return originalCmsDeleteEntryRevision(model, id);\n }\n\n const folder = await context.aco.folder.get(folderId);\n await folderLevelPermissions.ensureCanAccessFolderContent({\n folder,\n rwd: \"d\"\n });\n\n return originalCmsDeleteEntryRevision(model, id);\n };\n\n const originalCmsMoveEntry = context.cms.moveEntry.bind(context.cms);\n context.cms.moveEntry = async (model, id, targetFolderId) => {\n /**\n * First we need to check if user has access to the entries existing folder.\n */\n const entry = await context.cms.storageOperations.entries.getRevisionById(model, {\n id\n });\n const folderId = entry?.location?.folderId || ROOT_FOLDER;\n /**\n * If the entry is in the same folder we are trying to move it to, just continue.\n */\n if (folderId === targetFolderId) {\n return originalCmsMoveEntry(model, id, targetFolderId);\n } else if (folderId !== ROOT_FOLDER) {\n /**\n * If entry current folder is not a root, check for access\n */\n const folder = await context.aco.folder.get(folderId);\n await folderLevelPermissions.ensureCanAccessFolderContent({\n folder,\n rwd: \"w\"\n });\n }\n /**\n * If target folder is not a ROOT_FOLDER, check for access.\n */\n if (targetFolderId !== ROOT_FOLDER) {\n const folder = await context.aco.folder.get(targetFolderId);\n await folderLevelPermissions.ensureCanAccessFolderContent({\n folder,\n rwd: \"w\"\n });\n }\n\n return originalCmsMoveEntry(model, id, targetFolderId);\n };\n }\n}\n"],"mappings":";;;;;;;;;AAEA,IAAAA,eAAA,GAAAC,OAAA;AAEA,IAAAC,MAAA,GAAAD,OAAA;AACA,IAAAE,UAAA,GAAAF,OAAA;AAGA;AACA;AACA;AACA,MAAMG,WAAW,GAAIC,KAAe,IAAc;EAC9C,IAAIA,KAAK,CAACC,OAAO,KAAK,QAAQ,EAAE;IAC5B,OAAO,IAAI;EACf,CAAC,MAAM,IAAID,KAAK,CAACC,OAAO,KAAK,wBAAwB,EAAE;IACnD,OAAO,IAAI;EACf;EACA,OAAO,KAAK;AAChB,CAAC;AAED,MAAMC,gBAAgB,GAAIF,KAAe,IAA4C;EACjF,IAAIA,KAAK,CAACC,OAAO,KAAK,QAAQ,EAAE;IAC5B,OAAO,QAAQ;EACnB,CAAC,MAAM,IAAIF,WAAW,CAACC,KAAK,CAAC,EAAE;IAC3B,OAAO,QAAQ;EACnB;EACA,OAAQ,OAAMA,KAAK,CAACC,OAAQ,EAAC;AACjC,CAAC;AAED,MAAME,4BAA4B,GAAGA,CAACC,OAAgB,EAAEC,WAAmC,KAAK;EAC5F,OAAO,OAAOL,KAAe,EAAEM,OAAmB,KAAK;IACnD,MAAM,CAACC,OAAO,CAAC,GAAG,MAAMH,OAAO,CAACI,GAAG,CAACC,MAAM,CAACC,OAAO,CAAC;MAC/CC,KAAK,EAAE;QACHC,IAAI,EAAEV,gBAAgB,CAACF,KAAK;MAChC;IACJ,CAAC,CAAC;IAEF,MAAMa,OAAO,GAAG,MAAMC,OAAO,CAACC,GAAG,CAC7BT,OAAO,CAACU,GAAG,CAAC,MAAMC,KAAK,IAAI;MAAA,IAAAC,eAAA;MACvB,MAAMC,QAAQ,IAAAD,eAAA,GAAGD,KAAK,CAACG,QAAQ,cAAAF,eAAA,uBAAdA,eAAA,CAAgBC,QAAQ;MACzC,IAAI,CAACA,QAAQ,IAAIA,QAAQ,KAAKE,sBAAW,EAAE;QACvC,OAAOJ,KAAK;MAChB;MACA,MAAMR,MAAM,GAAGF,OAAO,CAACe,IAAI,CAACb,MAAM,IAAIA,MAAM,CAACc,EAAE,KAAKJ,QAAQ,CAAC;MAC7D,IAAI,CAACV,MAAM,EAAE;QACT,MAAM,IAAIe,6BAAa,CAAE,WAAUL,QAAS,cAAa,CAAC;MAC9D;MACA,MAAMM,MAAM,GAAG,MAAMpB,WAAW,CAACqB,sBAAsB,CAAC;QACpDjB,MAAM;QACNkB,GAAG,EAAE;MACT,CAAC,CAAC;MACF,OAAOF,MAAM,GAAGR,KAAK,GAAG,IAAI;IAChC,CAAC,CACL,CAAC;IAED,OAAOJ,OAAO,CAACe,MAAM,CAAEX,KAAK,IAAwB,CAAC,CAACA,KAAK,CAAC;EAChE,CAAC;AACL,CAAC;AAMM,MAAMY,wBAAwB,CAAC;EAG3BC,WAAWA,CAAC;IAAE1B;EAA0C,CAAC,EAAE;IAAA,IAAA2B,gBAAA,CAAAC,OAAA;IAC9D,IAAI,CAAC5B,OAAO,GAAGA,OAAO;EAC1B;EAEO6B,QAAQA,CAAA,EAAG;IACd,MAAM7B,OAAO,GAAG,IAAI,CAACA,OAAO;IAC5B,MAAM8B,sBAAsB,GAAG9B,OAAO,CAACI,GAAG,CAAC0B,sBAAsB;IAEjE,MAAMC,qBAAqB,GAAGhC,4BAA4B,CAACC,OAAO,EAAE8B,sBAAsB,CAAC;IAE3F,MAAME,sBAAsB,GAAGhC,OAAO,CAACiC,GAAG,CAACC,WAAW,CAACC,IAAI,CAACnC,OAAO,CAACiC,GAAG,CAAC;IACxEjC,OAAO,CAACiC,GAAG,CAACC,WAAW,GAAG,OAAOtC,KAAK,EAAEwC,MAAM,KAAK;MAC/C,MAAMC,UAAU,GAAGvC,gBAAgB,CAACF,KAAK,CAAC;MAC1C,MAAMO,OAAO,GAAG,MAAM2B,sBAAsB,CAACQ,6BAA6B,CAACD,UAAU,CAAC;MAEtF,MAAM9B,KAAK,GAAG,IAAAgC,kBAAW,EAAC;QACtBhC,KAAK,EAAE6B,MAAM,CAAC7B,KAAK;QACnBJ;MACJ,CAAC,CAAC;MACF,OAAO6B,sBAAsB,CAACpC,KAAK,MAAA4C,cAAA,CAAAZ,OAAA,MAAAY,cAAA,CAAAZ,OAAA,MAC5BQ,MAAM;QACT7B;MAAK,EACR,CAAC;IACN,CAAC;IAED,MAAMkC,mBAAmB,GAAGzC,OAAO,CAACiC,GAAG,CAACS,QAAQ,CAACP,IAAI,CAACnC,OAAO,CAACiC,GAAG,CAAC;IAClEjC,OAAO,CAACiC,GAAG,CAACS,QAAQ,GAAG,OAAO9C,KAAK,EAAEwC,MAAM,KAAK;MAAA,IAAAO,gBAAA;MAC5C,MAAM9B,KAAK,GAAG,MAAM4B,mBAAmB,CAAC7C,KAAK,EAAEwC,MAAM,CAAC;MAEtD,MAAMrB,QAAQ,GAAGF,KAAK,aAALA,KAAK,gBAAA8B,gBAAA,GAAL9B,KAAK,CAAEG,QAAQ,cAAA2B,gBAAA,uBAAfA,gBAAA,CAAiB5B,QAAQ;MAC1C,IAAI,CAACA,QAAQ,IAAIA,QAAQ,KAAKE,sBAAW,EAAE;QACvC,OAAOJ,KAAK;MAChB;MAEA,MAAMR,MAAM,GAAG,MAAML,OAAO,CAACI,GAAG,CAACC,MAAM,CAACuC,GAAG,CAAC7B,QAAQ,CAAC;MACrD,MAAMe,sBAAsB,CAACe,4BAA4B,CAAC;QACtDxC,MAAM;QACNkB,GAAG,EAAE;MACT,CAAC,CAAC;MAEF,OAAOV,KAAK;IAChB,CAAC;IAED,MAAMiC,uBAAuB,GAAG9C,OAAO,CAACiC,GAAG,CAACc,YAAY,CAACZ,IAAI,CAACnC,OAAO,CAACiC,GAAG,CAAC;IAC1EjC,OAAO,CAACiC,GAAG,CAACc,YAAY,GAAG,OAAOnD,KAAK,EAAEwC,MAAM,KAAK;MAAA,IAAAY,gBAAA;MAChD,MAAMnC,KAAK,GAAG,MAAMiC,uBAAuB,CAAClD,KAAK,EAAEwC,MAAM,CAAC;MAE1D,MAAMrB,QAAQ,GAAGF,KAAK,aAALA,KAAK,gBAAAmC,gBAAA,GAALnC,KAAK,CAAEG,QAAQ,cAAAgC,gBAAA,uBAAfA,gBAAA,CAAiBjC,QAAQ;MAC1C,IAAI,CAACA,QAAQ,IAAIA,QAAQ,KAAKE,sBAAW,EAAE;QACvC,OAAOJ,KAAK;MAChB;MACA,MAAMR,MAAM,GAAG,MAAML,OAAO,CAACI,GAAG,CAACC,MAAM,CAACuC,GAAG,CAAC7B,QAAQ,CAAC;MACrD,MAAMe,sBAAsB,CAACe,4BAA4B,CAAC;QACtDxC,MAAM;QACNkB,GAAG,EAAE;MACT,CAAC,CAAC;MACF,OAAOV,KAAK;IAChB,CAAC;IAED,MAAMoC,6BAA6B,GAAGjD,OAAO,CAACiC,GAAG,CAACiB,qBAAqB,CAACf,IAAI,CAACnC,OAAO,CAACiC,GAAG,CAAC;IACzFjC,OAAO,CAACiC,GAAG,CAACiB,qBAAqB,GAAG,OAAOtD,KAAK,EAAEuD,GAAG,KAAK;MACtD,MAAMjD,OAAO,GAAG,MAAM+C,6BAA6B,CAACrD,KAAK,EAAEuD,GAAG,CAAC;MAE/D,OAAOpB,qBAAqB,CAACnC,KAAK,EAAEM,OAAO,CAAC;IAChD,CAAC;IAED,MAAMkD,gCAAgC,GAAGpD,OAAO,CAACiC,GAAG,CAACoB,wBAAwB,CAAClB,IAAI,CAC9EnC,OAAO,CAACiC,GACZ,CAAC;IACDjC,OAAO,CAACiC,GAAG,CAACoB,wBAAwB,GAAG,OAAOzD,KAAK,EAAEuD,GAAG,KAAK;MACzD,MAAMjD,OAAO,GAAG,MAAMkD,gCAAgC,CAACxD,KAAK,EAAEuD,GAAG,CAAC;MAClE,OAAOpB,qBAAqB,CAACnC,KAAK,EAAEM,OAAO,CAAC;IAChD,CAAC;IAED,MAAMoD,sBAAsB,GAAGtD,OAAO,CAACiC,GAAG,CAACsB,WAAW,CAACpB,IAAI,CAACnC,OAAO,CAACiC,GAAG,CAAC;IACxEjC,OAAO,CAACiC,GAAG,CAACsB,WAAW,GAAG,OAAO3D,KAAK,EAAEwC,MAAM,EAAEoB,OAAO,KAAK;MAAA,IAAAC,qBAAA,EAAAC,gBAAA;MACxD,MAAM3C,QAAQ,GAAG,EAAA0C,qBAAA,GAAArB,MAAM,CAACuB,eAAe,cAAAF,qBAAA,uBAAtBA,qBAAA,CAAwB1C,QAAQ,OAAA2C,gBAAA,GAAItB,MAAM,CAACpB,QAAQ,cAAA0C,gBAAA,uBAAfA,gBAAA,CAAiB3C,QAAQ;MAE9E,IAAI,CAACA,QAAQ,IAAIA,QAAQ,KAAKE,sBAAW,EAAE;QACvC,OAAOqC,sBAAsB,CAAC1D,KAAK,EAAEwC,MAAM,EAAEoB,OAAO,CAAC;MACzD;MAEA,MAAMnD,MAAM,GAAG,MAAML,OAAO,CAACI,GAAG,CAACC,MAAM,CAACuC,GAAG,CAAC7B,QAAQ,CAAC;MACrD,MAAMe,sBAAsB,CAACe,4BAA4B,CAAC;QACtDxC,MAAM;QACNkB,GAAG,EAAE;MACT,CAAC,CAAC;MAEF,OAAO+B,sBAAsB,CAAC1D,KAAK,EAAEwC,MAAM,EAAEoB,OAAO,CAAC;IACzD,CAAC;IAED,MAAMI,0BAA0B,GAAG5D,OAAO,CAACiC,GAAG,CAAC4B,uBAAuB,CAAC1B,IAAI,CAACnC,OAAO,CAACiC,GAAG,CAAC;IACxFjC,OAAO,CAACiC,GAAG,CAAC4B,uBAAuB,GAAG,OAAOjE,KAAK,EAAEuB,EAAE,EAAE2C,KAAK,EAAEN,OAAO,KAAK;MAAA,IAAAO,gBAAA;MACvE,MAAMlD,KAAK,GAAG,MAAMb,OAAO,CAACiC,GAAG,CAAC+B,iBAAiB,CAAC9D,OAAO,CAAC+D,eAAe,CAACrE,KAAK,EAAE;QAC7EuB;MACJ,CAAC,CAAC;MAEF,MAAMJ,QAAQ,GAAGF,KAAK,aAALA,KAAK,gBAAAkD,gBAAA,GAALlD,KAAK,CAAEG,QAAQ,cAAA+C,gBAAA,uBAAfA,gBAAA,CAAiBhD,QAAQ;MAC1C,IAAI,CAACA,QAAQ,IAAIA,QAAQ,KAAKE,sBAAW,EAAE;QACvC,OAAO2C,0BAA0B,CAAChE,KAAK,EAAEuB,EAAE,EAAE2C,KAAK,EAAEN,OAAO,CAAC;MAChE;MAEA,MAAMnD,MAAM,GAAG,MAAML,OAAO,CAACI,GAAG,CAACC,MAAM,CAACuC,GAAG,CAAC7B,QAAQ,CAAC;MACrD,MAAMe,sBAAsB,CAACe,4BAA4B,CAAC;QACtDxC,MAAM;QACNkB,GAAG,EAAE;MACT,CAAC,CAAC;MAEF,OAAOqC,0BAA0B,CAAChE,KAAK,EAAEuB,EAAE,EAAE2C,KAAK,EAAEN,OAAO,CAAC;IAChE,CAAC;IAED,MAAMU,sBAAsB,GAAGlE,OAAO,CAACiC,GAAG,CAACkC,WAAW,CAAChC,IAAI,CAACnC,OAAO,CAACiC,GAAG,CAAC;IACxEjC,OAAO,CAACiC,GAAG,CAACkC,WAAW,GAAG,OAAOvE,KAAK,EAAEuB,EAAE,EAAE2C,KAAK,EAAEM,IAAI,EAAEZ,OAAO,KAAK;MAAA,IAAAa,gBAAA;MACjE,MAAMxD,KAAK,GAAG,MAAMb,OAAO,CAACiC,GAAG,CAAC+B,iBAAiB,CAAC9D,OAAO,CAAC+D,eAAe,CAACrE,KAAK,EAAE;QAC7EuB;MACJ,CAAC,CAAC;MAEF,MAAMJ,QAAQ,GAAGF,KAAK,aAALA,KAAK,gBAAAwD,gBAAA,GAALxD,KAAK,CAAEG,QAAQ,cAAAqD,gBAAA,uBAAfA,gBAAA,CAAiBtD,QAAQ;MAC1C,IAAI,CAACA,QAAQ,IAAIA,QAAQ,KAAKE,sBAAW,EAAE;QACvC,OAAOiD,sBAAsB,CAACtE,KAAK,EAAEuB,EAAE,EAAE2C,KAAK,EAAEM,IAAI,EAAEZ,OAAO,CAAC;MAClE;MAEA,MAAMnD,MAAM,GAAG,MAAML,OAAO,CAACI,GAAG,CAACC,MAAM,CAACuC,GAAG,CAAC7B,QAAQ,CAAC;MACrD,MAAMe,sBAAsB,CAACe,4BAA4B,CAAC;QACtDxC,MAAM;QACNkB,GAAG,EAAE;MACT,CAAC,CAAC;MAEF,OAAO2C,sBAAsB,CAACtE,KAAK,EAAEuB,EAAE,EAAE2C,KAAK,EAAEM,IAAI,EAAEZ,OAAO,CAAC;IAClE,CAAC;IAED,MAAMc,sBAAsB,GAAGtE,OAAO,CAACiC,GAAG,CAACsC,WAAW,CAACpC,IAAI,CAACnC,OAAO,CAACiC,GAAG,CAAC;IACxEjC,OAAO,CAACiC,GAAG,CAACsC,WAAW,GAAG,OAAO3E,KAAK,EAAEuB,EAAE,EAAEqC,OAAO,KAAK;MAAA,IAAAgB,gBAAA;MACpD,MAAM3D,KAAK,GAAG,MAAMb,OAAO,CAACiC,GAAG,CAAC+B,iBAAiB,CAAC9D,OAAO,CAAC+D,eAAe,CAACrE,KAAK,EAAE;QAC7EuB;MACJ,CAAC,CAAC;MAEF,MAAMJ,QAAQ,GAAGF,KAAK,aAALA,KAAK,gBAAA2D,gBAAA,GAAL3D,KAAK,CAAEG,QAAQ,cAAAwD,gBAAA,uBAAfA,gBAAA,CAAiBzD,QAAQ;MAC1C,IAAI,CAACA,QAAQ,IAAIA,QAAQ,KAAKE,sBAAW,EAAE;QACvC,OAAOqD,sBAAsB,CAAC1E,KAAK,EAAEuB,EAAE,EAAEqC,OAAO,CAAC;MACrD;MAEA,MAAMnD,MAAM,GAAG,MAAML,OAAO,CAACI,GAAG,CAACC,MAAM,CAACuC,GAAG,CAAC7B,QAAQ,CAAC;MACrD,MAAMe,sBAAsB,CAACe,4BAA4B,CAAC;QACtDxC,MAAM;QACNkB,GAAG,EAAE;MACT,CAAC,CAAC;MAEF,OAAO+C,sBAAsB,CAAC1E,KAAK,EAAEuB,EAAE,EAAEqC,OAAO,CAAC;IACrD,CAAC;IAED,MAAMiB,8BAA8B,GAAGzE,OAAO,CAACiC,GAAG,CAACyC,mBAAmB,CAACvC,IAAI,CAACnC,OAAO,CAACiC,GAAG,CAAC;IACxFjC,OAAO,CAACiC,GAAG,CAACyC,mBAAmB,GAAG,OAAO9E,KAAK,EAAEuB,EAAE,KAAK;MAAA,IAAAwD,gBAAA;MACnD,MAAM9D,KAAK,GAAG,MAAMb,OAAO,CAACiC,GAAG,CAAC+B,iBAAiB,CAAC9D,OAAO,CAAC+D,eAAe,CAACrE,KAAK,EAAE;QAC7EuB;MACJ,CAAC,CAAC;MAEF,MAAMJ,QAAQ,GAAGF,KAAK,aAALA,KAAK,gBAAA8D,gBAAA,GAAL9D,KAAK,CAAEG,QAAQ,cAAA2D,gBAAA,uBAAfA,gBAAA,CAAiB5D,QAAQ;MAC1C,IAAI,CAACA,QAAQ,IAAIA,QAAQ,KAAKE,sBAAW,EAAE;QACvC,OAAOwD,8BAA8B,CAAC7E,KAAK,EAAEuB,EAAE,CAAC;MACpD;MAEA,MAAMd,MAAM,GAAG,MAAML,OAAO,CAACI,GAAG,CAACC,MAAM,CAACuC,GAAG,CAAC7B,QAAQ,CAAC;MACrD,MAAMe,sBAAsB,CAACe,4BAA4B,CAAC;QACtDxC,MAAM;QACNkB,GAAG,EAAE;MACT,CAAC,CAAC;MAEF,OAAOkD,8BAA8B,CAAC7E,KAAK,EAAEuB,EAAE,CAAC;IACpD,CAAC;IAED,MAAMyD,oBAAoB,GAAG5E,OAAO,CAACiC,GAAG,CAAC4C,SAAS,CAAC1C,IAAI,CAACnC,OAAO,CAACiC,GAAG,CAAC;IACpEjC,OAAO,CAACiC,GAAG,CAAC4C,SAAS,GAAG,OAAOjF,KAAK,EAAEuB,EAAE,EAAE2D,cAAc,KAAK;MAAA,IAAAC,gBAAA;MACzD;AACZ;AACA;MACY,MAAMlE,KAAK,GAAG,MAAMb,OAAO,CAACiC,GAAG,CAAC+B,iBAAiB,CAAC9D,OAAO,CAAC+D,eAAe,CAACrE,KAAK,EAAE;QAC7EuB;MACJ,CAAC,CAAC;MACF,MAAMJ,QAAQ,GAAG,CAAAF,KAAK,aAALA,KAAK,gBAAAkE,gBAAA,GAALlE,KAAK,CAAEG,QAAQ,cAAA+D,gBAAA,uBAAfA,gBAAA,CAAiBhE,QAAQ,KAAIE,sBAAW;MACzD;AACZ;AACA;MACY,IAAIF,QAAQ,KAAK+D,cAAc,EAAE;QAC7B,OAAOF,oBAAoB,CAAChF,KAAK,EAAEuB,EAAE,EAAE2D,cAAc,CAAC;MAC1D,CAAC,MAAM,IAAI/D,QAAQ,KAAKE,sBAAW,EAAE;QACjC;AAChB;AACA;QACgB,MAAMZ,MAAM,GAAG,MAAML,OAAO,CAACI,GAAG,CAACC,MAAM,CAACuC,GAAG,CAAC7B,QAAQ,CAAC;QACrD,MAAMe,sBAAsB,CAACe,4BAA4B,CAAC;UACtDxC,MAAM;UACNkB,GAAG,EAAE;QACT,CAAC,CAAC;MACN;MACA;AACZ;AACA;MACY,IAAIuD,cAAc,KAAK7D,sBAAW,EAAE;QAChC,MAAMZ,MAAM,GAAG,MAAML,OAAO,CAACI,GAAG,CAACC,MAAM,CAACuC,GAAG,CAACkC,cAAc,CAAC;QAC3D,MAAMhD,sBAAsB,CAACe,4BAA4B,CAAC;UACtDxC,MAAM;UACNkB,GAAG,EAAE;QACT,CAAC,CAAC;MACN;MAEA,OAAOqD,oBAAoB,CAAChF,KAAK,EAAEuB,EAAE,EAAE2D,cAAc,CAAC;IAC1D,CAAC;EACL;AACJ;AAACE,OAAA,CAAAvD,wBAAA,GAAAA,wBAAA"}
1
+ {"version":3,"names":["_handlerGraphql","require","_where","_constants","isPageModel","model","modelId","createFolderType","filterEntriesByFolderFactory","context","permissions","entries","folders","aco","folder","listAll","where","type","results","Promise","all","map","entry","_entry$location","folderId","location","ROOT_FOLDER","find","id","NotFoundError","result","canAccessFolderContent","rwd","filter","CmsEntriesCrudDecorators","constructor","_defineProperty2","default","decorate","folderLevelPermissions","filterEntriesByFolder","originalCmsListEntries","cms","listEntries","bind","params","folderType","listAllFoldersWithPermissions","createWhere","_objectSpread2","originalCmsGetEntry","getEntry","_entry$location2","get","ensureCanAccessFolderContent","originalCmsGetEntryById","getEntryById","_entry$location3","originalGetLatestEntriesByIds","getLatestEntriesByIds","ids","originalGetPublishedEntriesByIds","getPublishedEntriesByIds","originalCmsCreateEntry","createEntry","options","_params$wbyAco_locati","_params$location","wbyAco_location","originalCmsCreateFromEntry","createEntryRevisionFrom","input","_entry$location4","storageOperations","getRevisionById","originalCmsUpdateEntry","updateEntry","meta","_entry$location5","originalCmsDeleteEntry","deleteEntry","_entry$location6","originalCmsDeleteEntryRevision","deleteEntryRevision","_entry$location7","originalCmsMoveEntry","moveEntry","targetFolderId","_entry$location8","exports"],"sources":["CmsEntriesCrudDecorators.ts"],"sourcesContent":["import { AcoContext } from \"~/types\";\nimport { CmsEntry, CmsModel } from \"@webiny/api-headless-cms/types\";\nimport { NotFoundError } from \"@webiny/handler-graphql\";\nimport { FolderLevelPermissions } from \"~/utils/FolderLevelPermissions\";\nimport { createWhere } from \"./where\";\nimport { ROOT_FOLDER } from \"./constants\";\n\ntype Context = Pick<AcoContext, \"aco\" | \"cms\">;\n/**\n * Keep this until we figure out how to fetch the folders.\n */\nconst isPageModel = (model: CmsModel): boolean => {\n if (model.modelId === \"pbPage\") {\n return true;\n } else if (model.modelId === \"acoSearchRecord-pbpage\") {\n return true;\n }\n return false;\n};\n\nconst createFolderType = (model: CmsModel): \"FmFile\" | \"PbPage\" | `cms:${string}` => {\n if (model.modelId === \"fmFile\") {\n return \"FmFile\";\n } else if (isPageModel(model)) {\n return \"PbPage\";\n }\n return `cms:${model.modelId}`;\n};\n\nconst filterEntriesByFolderFactory = (context: Context, permissions: FolderLevelPermissions) => {\n return async (model: CmsModel, entries: CmsEntry[]) => {\n const [folders] = await context.aco.folder.listAll({\n where: {\n type: createFolderType(model)\n }\n });\n\n const results = await Promise.all(\n entries.map(async entry => {\n const folderId = entry.location?.folderId;\n if (!folderId || folderId === ROOT_FOLDER) {\n return entry;\n }\n\n const folder = folders.find(folder => folder.id === folderId);\n if (!folder) {\n throw new NotFoundError(`Folder \"${folderId}\" not found.`);\n }\n const result = await permissions.canAccessFolderContent({\n folder,\n rwd: \"r\"\n });\n return result ? entry : null;\n })\n );\n\n return results.filter((entry): entry is CmsEntry => !!entry);\n };\n};\n\ninterface EntryManagerCrudDecoratorsParams {\n context: Context;\n}\n\nexport class CmsEntriesCrudDecorators {\n private readonly context: Context;\n\n public constructor({ context }: EntryManagerCrudDecoratorsParams) {\n this.context = context;\n }\n\n public decorate() {\n const context = this.context;\n const folderLevelPermissions = context.aco.folderLevelPermissions;\n\n const filterEntriesByFolder = filterEntriesByFolderFactory(context, folderLevelPermissions);\n\n const originalCmsListEntries = context.cms.listEntries.bind(context.cms);\n context.cms.listEntries = async (model, params) => {\n const folderType = createFolderType(model);\n const folders = await folderLevelPermissions.listAllFoldersWithPermissions(folderType);\n\n const where = createWhere({\n where: params.where,\n folders\n });\n return originalCmsListEntries(model, {\n ...params,\n where\n });\n };\n\n const originalCmsGetEntry = context.cms.getEntry.bind(context.cms);\n context.cms.getEntry = async (model, params) => {\n const entry = await originalCmsGetEntry(model, params);\n\n const folderId = entry?.location?.folderId;\n if (!folderId || folderId === ROOT_FOLDER) {\n return entry;\n }\n\n const folder = await context.aco.folder.get(folderId);\n await folderLevelPermissions.ensureCanAccessFolderContent({\n folder,\n rwd: \"r\"\n });\n\n return entry;\n };\n\n const originalCmsGetEntryById = context.cms.getEntryById.bind(context.cms);\n context.cms.getEntryById = async (model, params) => {\n const entry = await originalCmsGetEntryById(model, params);\n\n const folderId = entry?.location?.folderId;\n if (!folderId || folderId === ROOT_FOLDER) {\n return entry;\n }\n const folder = await context.aco.folder.get(folderId);\n await folderLevelPermissions.ensureCanAccessFolderContent({\n folder,\n rwd: \"r\"\n });\n return entry;\n };\n\n const originalGetLatestEntriesByIds = context.cms.getLatestEntriesByIds.bind(context.cms);\n context.cms.getLatestEntriesByIds = async (model, ids) => {\n const entries = await originalGetLatestEntriesByIds(model, ids);\n\n return filterEntriesByFolder(model, entries);\n };\n\n const originalGetPublishedEntriesByIds = context.cms.getPublishedEntriesByIds.bind(\n context.cms\n );\n context.cms.getPublishedEntriesByIds = async (model, ids) => {\n const entries = await originalGetPublishedEntriesByIds(model, ids);\n return filterEntriesByFolder(model, entries);\n };\n\n const originalCmsCreateEntry = context.cms.createEntry.bind(context.cms);\n context.cms.createEntry = async (model, params, options) => {\n const folderId = params.wbyAco_location?.folderId || params.location?.folderId;\n\n if (!folderId || folderId === ROOT_FOLDER) {\n return originalCmsCreateEntry(model, params, options);\n }\n\n const folder = await context.aco.folder.get(folderId);\n await folderLevelPermissions.ensureCanAccessFolderContent({\n folder,\n rwd: \"w\"\n });\n\n return originalCmsCreateEntry(model, params, options);\n };\n\n const originalCmsCreateFromEntry = context.cms.createEntryRevisionFrom.bind(context.cms);\n context.cms.createEntryRevisionFrom = async (model, id, input, options) => {\n const entry = await context.cms.storageOperations.entries.getRevisionById(model, {\n id\n });\n\n const folderId = entry?.location?.folderId;\n if (!folderId || folderId === ROOT_FOLDER) {\n return originalCmsCreateFromEntry(model, id, input, options);\n }\n\n const folder = await context.aco.folder.get(folderId);\n await folderLevelPermissions.ensureCanAccessFolderContent({\n folder,\n rwd: \"w\"\n });\n\n return originalCmsCreateFromEntry(model, id, input, options);\n };\n\n const originalCmsUpdateEntry = context.cms.updateEntry.bind(context.cms);\n context.cms.updateEntry = async (model, id, input, meta, options) => {\n const entry = await context.cms.storageOperations.entries.getRevisionById(model, {\n id\n });\n\n const folderId = entry?.location?.folderId;\n if (!folderId || folderId === ROOT_FOLDER) {\n return originalCmsUpdateEntry(model, id, input, meta, options);\n }\n\n const folder = await context.aco.folder.get(folderId);\n await folderLevelPermissions.ensureCanAccessFolderContent({\n folder,\n rwd: \"w\"\n });\n\n return originalCmsUpdateEntry(model, id, input, meta, options);\n };\n\n const originalCmsDeleteEntry = context.cms.deleteEntry.bind(context.cms);\n context.cms.deleteEntry = async (model, id, options) => {\n const entry = await context.cms.storageOperations.entries.getRevisionById(model, {\n id\n });\n\n const folderId = entry?.location?.folderId;\n if (!folderId || folderId === ROOT_FOLDER) {\n return originalCmsDeleteEntry(model, id, options);\n }\n\n const folder = await context.aco.folder.get(folderId);\n await folderLevelPermissions.ensureCanAccessFolderContent({\n folder,\n rwd: \"d\"\n });\n\n return originalCmsDeleteEntry(model, id, options);\n };\n\n const originalCmsDeleteEntryRevision = context.cms.deleteEntryRevision.bind(context.cms);\n context.cms.deleteEntryRevision = async (model, id) => {\n const entry = await context.cms.storageOperations.entries.getRevisionById(model, {\n id\n });\n\n const folderId = entry?.location?.folderId;\n if (!folderId || folderId === ROOT_FOLDER) {\n return originalCmsDeleteEntryRevision(model, id);\n }\n\n const folder = await context.aco.folder.get(folderId);\n await folderLevelPermissions.ensureCanAccessFolderContent({\n folder,\n rwd: \"d\"\n });\n\n return originalCmsDeleteEntryRevision(model, id);\n };\n\n const originalCmsMoveEntry = context.cms.moveEntry.bind(context.cms);\n context.cms.moveEntry = async (model, id, targetFolderId) => {\n /**\n * First we need to check if user has access to the entries existing folder.\n */\n const entry = await context.cms.storageOperations.entries.getRevisionById(model, {\n id\n });\n const folderId = entry?.location?.folderId || ROOT_FOLDER;\n /**\n * If the entry is in the same folder we are trying to move it to, just continue.\n */\n if (folderId === targetFolderId) {\n return originalCmsMoveEntry(model, id, targetFolderId);\n } else if (folderId !== ROOT_FOLDER) {\n /**\n * If entry current folder is not a root, check for access\n */\n const folder = await context.aco.folder.get(folderId);\n await folderLevelPermissions.ensureCanAccessFolderContent({\n folder,\n rwd: \"w\"\n });\n }\n /**\n * If target folder is not a ROOT_FOLDER, check for access.\n */\n if (targetFolderId !== ROOT_FOLDER) {\n const folder = await context.aco.folder.get(targetFolderId);\n await folderLevelPermissions.ensureCanAccessFolderContent({\n folder,\n rwd: \"w\"\n });\n }\n\n return originalCmsMoveEntry(model, id, targetFolderId);\n };\n }\n}\n"],"mappings":";;;;;;;;;AAEA,IAAAA,eAAA,GAAAC,OAAA;AAEA,IAAAC,MAAA,GAAAD,OAAA;AACA,IAAAE,UAAA,GAAAF,OAAA;AAGA;AACA;AACA;AACA,MAAMG,WAAW,GAAIC,KAAe,IAAc;EAC9C,IAAIA,KAAK,CAACC,OAAO,KAAK,QAAQ,EAAE;IAC5B,OAAO,IAAI;EACf,CAAC,MAAM,IAAID,KAAK,CAACC,OAAO,KAAK,wBAAwB,EAAE;IACnD,OAAO,IAAI;EACf;EACA,OAAO,KAAK;AAChB,CAAC;AAED,MAAMC,gBAAgB,GAAIF,KAAe,IAA4C;EACjF,IAAIA,KAAK,CAACC,OAAO,KAAK,QAAQ,EAAE;IAC5B,OAAO,QAAQ;EACnB,CAAC,MAAM,IAAIF,WAAW,CAACC,KAAK,CAAC,EAAE;IAC3B,OAAO,QAAQ;EACnB;EACA,OAAQ,OAAMA,KAAK,CAACC,OAAQ,EAAC;AACjC,CAAC;AAED,MAAME,4BAA4B,GAAGA,CAACC,OAAgB,EAAEC,WAAmC,KAAK;EAC5F,OAAO,OAAOL,KAAe,EAAEM,OAAmB,KAAK;IACnD,MAAM,CAACC,OAAO,CAAC,GAAG,MAAMH,OAAO,CAACI,GAAG,CAACC,MAAM,CAACC,OAAO,CAAC;MAC/CC,KAAK,EAAE;QACHC,IAAI,EAAEV,gBAAgB,CAACF,KAAK;MAChC;IACJ,CAAC,CAAC;IAEF,MAAMa,OAAO,GAAG,MAAMC,OAAO,CAACC,GAAG,CAC7BT,OAAO,CAACU,GAAG,CAAC,MAAMC,KAAK,IAAI;MAAA,IAAAC,eAAA;MACvB,MAAMC,QAAQ,IAAAD,eAAA,GAAGD,KAAK,CAACG,QAAQ,cAAAF,eAAA,uBAAdA,eAAA,CAAgBC,QAAQ;MACzC,IAAI,CAACA,QAAQ,IAAIA,QAAQ,KAAKE,sBAAW,EAAE;QACvC,OAAOJ,KAAK;MAChB;MAEA,MAAMR,MAAM,GAAGF,OAAO,CAACe,IAAI,CAACb,MAAM,IAAIA,MAAM,CAACc,EAAE,KAAKJ,QAAQ,CAAC;MAC7D,IAAI,CAACV,MAAM,EAAE;QACT,MAAM,IAAIe,6BAAa,CAAE,WAAUL,QAAS,cAAa,CAAC;MAC9D;MACA,MAAMM,MAAM,GAAG,MAAMpB,WAAW,CAACqB,sBAAsB,CAAC;QACpDjB,MAAM;QACNkB,GAAG,EAAE;MACT,CAAC,CAAC;MACF,OAAOF,MAAM,GAAGR,KAAK,GAAG,IAAI;IAChC,CAAC,CACL,CAAC;IAED,OAAOJ,OAAO,CAACe,MAAM,CAAEX,KAAK,IAAwB,CAAC,CAACA,KAAK,CAAC;EAChE,CAAC;AACL,CAAC;AAMM,MAAMY,wBAAwB,CAAC;EAG3BC,WAAWA,CAAC;IAAE1B;EAA0C,CAAC,EAAE;IAAA,IAAA2B,gBAAA,CAAAC,OAAA;IAC9D,IAAI,CAAC5B,OAAO,GAAGA,OAAO;EAC1B;EAEO6B,QAAQA,CAAA,EAAG;IACd,MAAM7B,OAAO,GAAG,IAAI,CAACA,OAAO;IAC5B,MAAM8B,sBAAsB,GAAG9B,OAAO,CAACI,GAAG,CAAC0B,sBAAsB;IAEjE,MAAMC,qBAAqB,GAAGhC,4BAA4B,CAACC,OAAO,EAAE8B,sBAAsB,CAAC;IAE3F,MAAME,sBAAsB,GAAGhC,OAAO,CAACiC,GAAG,CAACC,WAAW,CAACC,IAAI,CAACnC,OAAO,CAACiC,GAAG,CAAC;IACxEjC,OAAO,CAACiC,GAAG,CAACC,WAAW,GAAG,OAAOtC,KAAK,EAAEwC,MAAM,KAAK;MAC/C,MAAMC,UAAU,GAAGvC,gBAAgB,CAACF,KAAK,CAAC;MAC1C,MAAMO,OAAO,GAAG,MAAM2B,sBAAsB,CAACQ,6BAA6B,CAACD,UAAU,CAAC;MAEtF,MAAM9B,KAAK,GAAG,IAAAgC,kBAAW,EAAC;QACtBhC,KAAK,EAAE6B,MAAM,CAAC7B,KAAK;QACnBJ;MACJ,CAAC,CAAC;MACF,OAAO6B,sBAAsB,CAACpC,KAAK,MAAA4C,cAAA,CAAAZ,OAAA,MAAAY,cAAA,CAAAZ,OAAA,MAC5BQ,MAAM;QACT7B;MAAK,EACR,CAAC;IACN,CAAC;IAED,MAAMkC,mBAAmB,GAAGzC,OAAO,CAACiC,GAAG,CAACS,QAAQ,CAACP,IAAI,CAACnC,OAAO,CAACiC,GAAG,CAAC;IAClEjC,OAAO,CAACiC,GAAG,CAACS,QAAQ,GAAG,OAAO9C,KAAK,EAAEwC,MAAM,KAAK;MAAA,IAAAO,gBAAA;MAC5C,MAAM9B,KAAK,GAAG,MAAM4B,mBAAmB,CAAC7C,KAAK,EAAEwC,MAAM,CAAC;MAEtD,MAAMrB,QAAQ,GAAGF,KAAK,aAALA,KAAK,gBAAA8B,gBAAA,GAAL9B,KAAK,CAAEG,QAAQ,cAAA2B,gBAAA,uBAAfA,gBAAA,CAAiB5B,QAAQ;MAC1C,IAAI,CAACA,QAAQ,IAAIA,QAAQ,KAAKE,sBAAW,EAAE;QACvC,OAAOJ,KAAK;MAChB;MAEA,MAAMR,MAAM,GAAG,MAAML,OAAO,CAACI,GAAG,CAACC,MAAM,CAACuC,GAAG,CAAC7B,QAAQ,CAAC;MACrD,MAAMe,sBAAsB,CAACe,4BAA4B,CAAC;QACtDxC,MAAM;QACNkB,GAAG,EAAE;MACT,CAAC,CAAC;MAEF,OAAOV,KAAK;IAChB,CAAC;IAED,MAAMiC,uBAAuB,GAAG9C,OAAO,CAACiC,GAAG,CAACc,YAAY,CAACZ,IAAI,CAACnC,OAAO,CAACiC,GAAG,CAAC;IAC1EjC,OAAO,CAACiC,GAAG,CAACc,YAAY,GAAG,OAAOnD,KAAK,EAAEwC,MAAM,KAAK;MAAA,IAAAY,gBAAA;MAChD,MAAMnC,KAAK,GAAG,MAAMiC,uBAAuB,CAAClD,KAAK,EAAEwC,MAAM,CAAC;MAE1D,MAAMrB,QAAQ,GAAGF,KAAK,aAALA,KAAK,gBAAAmC,gBAAA,GAALnC,KAAK,CAAEG,QAAQ,cAAAgC,gBAAA,uBAAfA,gBAAA,CAAiBjC,QAAQ;MAC1C,IAAI,CAACA,QAAQ,IAAIA,QAAQ,KAAKE,sBAAW,EAAE;QACvC,OAAOJ,KAAK;MAChB;MACA,MAAMR,MAAM,GAAG,MAAML,OAAO,CAACI,GAAG,CAACC,MAAM,CAACuC,GAAG,CAAC7B,QAAQ,CAAC;MACrD,MAAMe,sBAAsB,CAACe,4BAA4B,CAAC;QACtDxC,MAAM;QACNkB,GAAG,EAAE;MACT,CAAC,CAAC;MACF,OAAOV,KAAK;IAChB,CAAC;IAED,MAAMoC,6BAA6B,GAAGjD,OAAO,CAACiC,GAAG,CAACiB,qBAAqB,CAACf,IAAI,CAACnC,OAAO,CAACiC,GAAG,CAAC;IACzFjC,OAAO,CAACiC,GAAG,CAACiB,qBAAqB,GAAG,OAAOtD,KAAK,EAAEuD,GAAG,KAAK;MACtD,MAAMjD,OAAO,GAAG,MAAM+C,6BAA6B,CAACrD,KAAK,EAAEuD,GAAG,CAAC;MAE/D,OAAOpB,qBAAqB,CAACnC,KAAK,EAAEM,OAAO,CAAC;IAChD,CAAC;IAED,MAAMkD,gCAAgC,GAAGpD,OAAO,CAACiC,GAAG,CAACoB,wBAAwB,CAAClB,IAAI,CAC9EnC,OAAO,CAACiC,GACZ,CAAC;IACDjC,OAAO,CAACiC,GAAG,CAACoB,wBAAwB,GAAG,OAAOzD,KAAK,EAAEuD,GAAG,KAAK;MACzD,MAAMjD,OAAO,GAAG,MAAMkD,gCAAgC,CAACxD,KAAK,EAAEuD,GAAG,CAAC;MAClE,OAAOpB,qBAAqB,CAACnC,KAAK,EAAEM,OAAO,CAAC;IAChD,CAAC;IAED,MAAMoD,sBAAsB,GAAGtD,OAAO,CAACiC,GAAG,CAACsB,WAAW,CAACpB,IAAI,CAACnC,OAAO,CAACiC,GAAG,CAAC;IACxEjC,OAAO,CAACiC,GAAG,CAACsB,WAAW,GAAG,OAAO3D,KAAK,EAAEwC,MAAM,EAAEoB,OAAO,KAAK;MAAA,IAAAC,qBAAA,EAAAC,gBAAA;MACxD,MAAM3C,QAAQ,GAAG,EAAA0C,qBAAA,GAAArB,MAAM,CAACuB,eAAe,cAAAF,qBAAA,uBAAtBA,qBAAA,CAAwB1C,QAAQ,OAAA2C,gBAAA,GAAItB,MAAM,CAACpB,QAAQ,cAAA0C,gBAAA,uBAAfA,gBAAA,CAAiB3C,QAAQ;MAE9E,IAAI,CAACA,QAAQ,IAAIA,QAAQ,KAAKE,sBAAW,EAAE;QACvC,OAAOqC,sBAAsB,CAAC1D,KAAK,EAAEwC,MAAM,EAAEoB,OAAO,CAAC;MACzD;MAEA,MAAMnD,MAAM,GAAG,MAAML,OAAO,CAACI,GAAG,CAACC,MAAM,CAACuC,GAAG,CAAC7B,QAAQ,CAAC;MACrD,MAAMe,sBAAsB,CAACe,4BAA4B,CAAC;QACtDxC,MAAM;QACNkB,GAAG,EAAE;MACT,CAAC,CAAC;MAEF,OAAO+B,sBAAsB,CAAC1D,KAAK,EAAEwC,MAAM,EAAEoB,OAAO,CAAC;IACzD,CAAC;IAED,MAAMI,0BAA0B,GAAG5D,OAAO,CAACiC,GAAG,CAAC4B,uBAAuB,CAAC1B,IAAI,CAACnC,OAAO,CAACiC,GAAG,CAAC;IACxFjC,OAAO,CAACiC,GAAG,CAAC4B,uBAAuB,GAAG,OAAOjE,KAAK,EAAEuB,EAAE,EAAE2C,KAAK,EAAEN,OAAO,KAAK;MAAA,IAAAO,gBAAA;MACvE,MAAMlD,KAAK,GAAG,MAAMb,OAAO,CAACiC,GAAG,CAAC+B,iBAAiB,CAAC9D,OAAO,CAAC+D,eAAe,CAACrE,KAAK,EAAE;QAC7EuB;MACJ,CAAC,CAAC;MAEF,MAAMJ,QAAQ,GAAGF,KAAK,aAALA,KAAK,gBAAAkD,gBAAA,GAALlD,KAAK,CAAEG,QAAQ,cAAA+C,gBAAA,uBAAfA,gBAAA,CAAiBhD,QAAQ;MAC1C,IAAI,CAACA,QAAQ,IAAIA,QAAQ,KAAKE,sBAAW,EAAE;QACvC,OAAO2C,0BAA0B,CAAChE,KAAK,EAAEuB,EAAE,EAAE2C,KAAK,EAAEN,OAAO,CAAC;MAChE;MAEA,MAAMnD,MAAM,GAAG,MAAML,OAAO,CAACI,GAAG,CAACC,MAAM,CAACuC,GAAG,CAAC7B,QAAQ,CAAC;MACrD,MAAMe,sBAAsB,CAACe,4BAA4B,CAAC;QACtDxC,MAAM;QACNkB,GAAG,EAAE;MACT,CAAC,CAAC;MAEF,OAAOqC,0BAA0B,CAAChE,KAAK,EAAEuB,EAAE,EAAE2C,KAAK,EAAEN,OAAO,CAAC;IAChE,CAAC;IAED,MAAMU,sBAAsB,GAAGlE,OAAO,CAACiC,GAAG,CAACkC,WAAW,CAAChC,IAAI,CAACnC,OAAO,CAACiC,GAAG,CAAC;IACxEjC,OAAO,CAACiC,GAAG,CAACkC,WAAW,GAAG,OAAOvE,KAAK,EAAEuB,EAAE,EAAE2C,KAAK,EAAEM,IAAI,EAAEZ,OAAO,KAAK;MAAA,IAAAa,gBAAA;MACjE,MAAMxD,KAAK,GAAG,MAAMb,OAAO,CAACiC,GAAG,CAAC+B,iBAAiB,CAAC9D,OAAO,CAAC+D,eAAe,CAACrE,KAAK,EAAE;QAC7EuB;MACJ,CAAC,CAAC;MAEF,MAAMJ,QAAQ,GAAGF,KAAK,aAALA,KAAK,gBAAAwD,gBAAA,GAALxD,KAAK,CAAEG,QAAQ,cAAAqD,gBAAA,uBAAfA,gBAAA,CAAiBtD,QAAQ;MAC1C,IAAI,CAACA,QAAQ,IAAIA,QAAQ,KAAKE,sBAAW,EAAE;QACvC,OAAOiD,sBAAsB,CAACtE,KAAK,EAAEuB,EAAE,EAAE2C,KAAK,EAAEM,IAAI,EAAEZ,OAAO,CAAC;MAClE;MAEA,MAAMnD,MAAM,GAAG,MAAML,OAAO,CAACI,GAAG,CAACC,MAAM,CAACuC,GAAG,CAAC7B,QAAQ,CAAC;MACrD,MAAMe,sBAAsB,CAACe,4BAA4B,CAAC;QACtDxC,MAAM;QACNkB,GAAG,EAAE;MACT,CAAC,CAAC;MAEF,OAAO2C,sBAAsB,CAACtE,KAAK,EAAEuB,EAAE,EAAE2C,KAAK,EAAEM,IAAI,EAAEZ,OAAO,CAAC;IAClE,CAAC;IAED,MAAMc,sBAAsB,GAAGtE,OAAO,CAACiC,GAAG,CAACsC,WAAW,CAACpC,IAAI,CAACnC,OAAO,CAACiC,GAAG,CAAC;IACxEjC,OAAO,CAACiC,GAAG,CAACsC,WAAW,GAAG,OAAO3E,KAAK,EAAEuB,EAAE,EAAEqC,OAAO,KAAK;MAAA,IAAAgB,gBAAA;MACpD,MAAM3D,KAAK,GAAG,MAAMb,OAAO,CAACiC,GAAG,CAAC+B,iBAAiB,CAAC9D,OAAO,CAAC+D,eAAe,CAACrE,KAAK,EAAE;QAC7EuB;MACJ,CAAC,CAAC;MAEF,MAAMJ,QAAQ,GAAGF,KAAK,aAALA,KAAK,gBAAA2D,gBAAA,GAAL3D,KAAK,CAAEG,QAAQ,cAAAwD,gBAAA,uBAAfA,gBAAA,CAAiBzD,QAAQ;MAC1C,IAAI,CAACA,QAAQ,IAAIA,QAAQ,KAAKE,sBAAW,EAAE;QACvC,OAAOqD,sBAAsB,CAAC1E,KAAK,EAAEuB,EAAE,EAAEqC,OAAO,CAAC;MACrD;MAEA,MAAMnD,MAAM,GAAG,MAAML,OAAO,CAACI,GAAG,CAACC,MAAM,CAACuC,GAAG,CAAC7B,QAAQ,CAAC;MACrD,MAAMe,sBAAsB,CAACe,4BAA4B,CAAC;QACtDxC,MAAM;QACNkB,GAAG,EAAE;MACT,CAAC,CAAC;MAEF,OAAO+C,sBAAsB,CAAC1E,KAAK,EAAEuB,EAAE,EAAEqC,OAAO,CAAC;IACrD,CAAC;IAED,MAAMiB,8BAA8B,GAAGzE,OAAO,CAACiC,GAAG,CAACyC,mBAAmB,CAACvC,IAAI,CAACnC,OAAO,CAACiC,GAAG,CAAC;IACxFjC,OAAO,CAACiC,GAAG,CAACyC,mBAAmB,GAAG,OAAO9E,KAAK,EAAEuB,EAAE,KAAK;MAAA,IAAAwD,gBAAA;MACnD,MAAM9D,KAAK,GAAG,MAAMb,OAAO,CAACiC,GAAG,CAAC+B,iBAAiB,CAAC9D,OAAO,CAAC+D,eAAe,CAACrE,KAAK,EAAE;QAC7EuB;MACJ,CAAC,CAAC;MAEF,MAAMJ,QAAQ,GAAGF,KAAK,aAALA,KAAK,gBAAA8D,gBAAA,GAAL9D,KAAK,CAAEG,QAAQ,cAAA2D,gBAAA,uBAAfA,gBAAA,CAAiB5D,QAAQ;MAC1C,IAAI,CAACA,QAAQ,IAAIA,QAAQ,KAAKE,sBAAW,EAAE;QACvC,OAAOwD,8BAA8B,CAAC7E,KAAK,EAAEuB,EAAE,CAAC;MACpD;MAEA,MAAMd,MAAM,GAAG,MAAML,OAAO,CAACI,GAAG,CAACC,MAAM,CAACuC,GAAG,CAAC7B,QAAQ,CAAC;MACrD,MAAMe,sBAAsB,CAACe,4BAA4B,CAAC;QACtDxC,MAAM;QACNkB,GAAG,EAAE;MACT,CAAC,CAAC;MAEF,OAAOkD,8BAA8B,CAAC7E,KAAK,EAAEuB,EAAE,CAAC;IACpD,CAAC;IAED,MAAMyD,oBAAoB,GAAG5E,OAAO,CAACiC,GAAG,CAAC4C,SAAS,CAAC1C,IAAI,CAACnC,OAAO,CAACiC,GAAG,CAAC;IACpEjC,OAAO,CAACiC,GAAG,CAAC4C,SAAS,GAAG,OAAOjF,KAAK,EAAEuB,EAAE,EAAE2D,cAAc,KAAK;MAAA,IAAAC,gBAAA;MACzD;AACZ;AACA;MACY,MAAMlE,KAAK,GAAG,MAAMb,OAAO,CAACiC,GAAG,CAAC+B,iBAAiB,CAAC9D,OAAO,CAAC+D,eAAe,CAACrE,KAAK,EAAE;QAC7EuB;MACJ,CAAC,CAAC;MACF,MAAMJ,QAAQ,GAAG,CAAAF,KAAK,aAALA,KAAK,gBAAAkE,gBAAA,GAALlE,KAAK,CAAEG,QAAQ,cAAA+D,gBAAA,uBAAfA,gBAAA,CAAiBhE,QAAQ,KAAIE,sBAAW;MACzD;AACZ;AACA;MACY,IAAIF,QAAQ,KAAK+D,cAAc,EAAE;QAC7B,OAAOF,oBAAoB,CAAChF,KAAK,EAAEuB,EAAE,EAAE2D,cAAc,CAAC;MAC1D,CAAC,MAAM,IAAI/D,QAAQ,KAAKE,sBAAW,EAAE;QACjC;AAChB;AACA;QACgB,MAAMZ,MAAM,GAAG,MAAML,OAAO,CAACI,GAAG,CAACC,MAAM,CAACuC,GAAG,CAAC7B,QAAQ,CAAC;QACrD,MAAMe,sBAAsB,CAACe,4BAA4B,CAAC;UACtDxC,MAAM;UACNkB,GAAG,EAAE;QACT,CAAC,CAAC;MACN;MACA;AACZ;AACA;MACY,IAAIuD,cAAc,KAAK7D,sBAAW,EAAE;QAChC,MAAMZ,MAAM,GAAG,MAAML,OAAO,CAACI,GAAG,CAACC,MAAM,CAACuC,GAAG,CAACkC,cAAc,CAAC;QAC3D,MAAMhD,sBAAsB,CAACe,4BAA4B,CAAC;UACtDxC,MAAM;UACNkB,GAAG,EAAE;QACT,CAAC,CAAC;MACN;MAEA,OAAOqD,oBAAoB,CAAChF,KAAK,EAAEuB,EAAE,EAAE2D,cAAc,CAAC;IAC1D,CAAC;EACL;AACJ;AAACE,OAAA,CAAAvD,wBAAA,GAAAA,wBAAA"}