@webiny/api-aco 5.39.0 → 5.39.1-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -110,7 +110,11 @@ const createFolderCrudMethods = ({
110
110
  const folder = await storageOperations.createFolder({
111
111
  data
112
112
  });
113
- folderLevelPermissions.invalidateCache();
113
+
114
+ // We need to add the newly created folder to FLP's internal cache.
115
+ folderLevelPermissions.updateCache(folder.type, cachedFolders => {
116
+ return [...cachedFolders, folder];
117
+ });
114
118
  await folderLevelPermissions.assignFolderPermissions(folder);
115
119
  await onFolderAfterCreate.publish({
116
120
  folder
@@ -197,7 +201,16 @@ const createFolderCrudMethods = ({
197
201
  },
198
202
  folder
199
203
  });
200
- folderLevelPermissions.invalidateCache();
204
+
205
+ // We need to update the folder in FLP's internal cache.
206
+ folderLevelPermissions.updateCache(folder.type, cachedFolders => {
207
+ return cachedFolders.map(currentFolder => {
208
+ if (currentFolder.id === folder.id) {
209
+ return folder;
210
+ }
211
+ return currentFolder;
212
+ });
213
+ });
201
214
  await folderLevelPermissions.assignFolderPermissions(folder);
202
215
  return folder;
203
216
  },
@@ -1 +1 @@
1
- {"version":3,"names":["_pubsub","require","_validation","_getFolderAndItsAncestors","_NotAuthorizedError","_interopRequireDefault","_error","FIXED_FOLDER_LISTING_LIMIT","createFolderCrudMethods","storageOperations","folderLevelPermissions","listAdminUsers","listTeams","onFolderBeforeCreate","createTopic","onFolderAfterCreate","onFolderBeforeUpdate","onFolderAfterUpdate","onFolderBeforeDelete","onFolderAfterDelete","get","id","folder","getFolder","ensureCanAccessFolder","rwd","assignFolderPermissions","list","params","filteredFolders","listAllFoldersWithPermissions","where","type","then","parentId","filter","totalCount","length","hasMoreItems","cursor","after","afterListItemIndex","findIndex","splice","limit","listAll","create","data","canCreateFolder","parentFolder","canAccessFolder","canCreateFolderInRoot","NotAuthorizedError","publish","input","createFolder","invalidateCache","update","original","canUpdateFolder","Array","isArray","permissions","forEach","permission","targetIsValid","target","startsWith","Error","inheritedFrom","e","WError","customFoldersList","listAllFolders","folders","foldersClone","structuredClone","map","Object","assign","stillHasAccess","foldersList","updateFolder","delete","deleteFolder","getAncestors","getFolderAndItsAncestors","getFolderWithAncestors","listFolderLevelPermissionsTargets","adminUsers","teams","teamTargets","team","name","meta","adminUserTargets","user","displayName","firstName","lastName","Boolean","join","email","validation","validateSync","image","avatar","src","results","exports"],"sources":["folder.crud.ts"],"sourcesContent":["import { createTopic } from \"@webiny/pubsub\";\nimport { validation } from \"@webiny/validation\";\nimport { CreateAcoParams, Folder } from \"~/types\";\nimport {\n AcoFolderCrud,\n OnFolderAfterCreateTopicParams,\n OnFolderAfterDeleteTopicParams,\n OnFolderAfterUpdateTopicParams,\n OnFolderBeforeCreateTopicParams,\n OnFolderBeforeDeleteTopicParams,\n OnFolderBeforeUpdateTopicParams\n} from \"./folder.types\";\n\nimport { getFolderAndItsAncestors } from \"~/utils/getFolderAndItsAncestors\";\nimport NotAuthorizedError from \"@webiny/api-security/NotAuthorizedError\";\nimport { AdminUser } from \"@webiny/api-admin-users/types\";\nimport { Team } from \"@webiny/api-security/types\";\nimport WError from \"@webiny/error\";\n\nconst FIXED_FOLDER_LISTING_LIMIT = 10_000;\n\ninterface CreateFolderCrudMethodsParams extends CreateAcoParams {\n listAdminUsers: () => Promise<AdminUser[]>;\n listTeams: () => Promise<Team[]>;\n}\n\nexport const createFolderCrudMethods = ({\n storageOperations,\n folderLevelPermissions,\n listAdminUsers,\n listTeams\n}: CreateFolderCrudMethodsParams): AcoFolderCrud => {\n // create\n const onFolderBeforeCreate = createTopic<OnFolderBeforeCreateTopicParams>(\n \"aco.onFolderBeforeCreate\"\n );\n const onFolderAfterCreate =\n createTopic<OnFolderAfterCreateTopicParams>(\"aco.onFolderAfterCreate\");\n // update\n const onFolderBeforeUpdate = createTopic<OnFolderBeforeUpdateTopicParams>(\n \"aco.onFolderBeforeUpdate\"\n );\n const onFolderAfterUpdate =\n createTopic<OnFolderAfterUpdateTopicParams>(\"aco.onFolderAfterUpdate\");\n // delete\n const onFolderBeforeDelete = createTopic<OnFolderBeforeDeleteTopicParams>(\n \"aco.onFolderBeforeDelete\"\n );\n const onFolderAfterDelete =\n createTopic<OnFolderAfterDeleteTopicParams>(\"aco.onFolderAfterDelete\");\n\n return {\n /**\n * Lifecycle events\n */\n onFolderBeforeCreate,\n onFolderAfterCreate,\n onFolderBeforeUpdate,\n onFolderAfterUpdate,\n onFolderBeforeDelete,\n onFolderAfterDelete,\n\n async get(id) {\n const folder = await storageOperations.getFolder({ id });\n\n await folderLevelPermissions.ensureCanAccessFolder({\n folder,\n rwd: \"r\"\n });\n\n await folderLevelPermissions.assignFolderPermissions(folder);\n return folder;\n },\n async list(params) {\n // No matter what was the limit set in the params, initially, we always retrieve\n // all folders. The limit is then applied with the filtered folders list below.\n const filteredFolders = await folderLevelPermissions\n .listAllFoldersWithPermissions(params.where.type)\n .then(filteredFolders => {\n // If `parentId` was included in the `where` clause, we need to filter the folders.\n // TODO: we might want to incorporate this into the `listAllFoldersWithPermissions` method.\n if (params.where.parentId) {\n // Filter by parent ID.\n return filteredFolders.filter(\n folder => folder.parentId === params.where.parentId\n );\n }\n return filteredFolders;\n });\n\n const totalCount = filteredFolders.length;\n let hasMoreItems = false;\n let cursor: string | null = null;\n\n // Apply cursor/limit params.\n if (params.after) {\n const afterListItemIndex = filteredFolders.findIndex(\n folder => folder.id === params.after\n );\n if (afterListItemIndex >= 0) {\n // Remove all items below the \"after\" item.\n filteredFolders.splice(0, afterListItemIndex + 1);\n }\n }\n\n hasMoreItems = !!params.limit && filteredFolders.length > params.limit;\n\n if (hasMoreItems) {\n cursor = filteredFolders[params.limit! - 1]?.id || null;\n filteredFolders.splice(params.limit!);\n }\n\n return [filteredFolders, { totalCount, hasMoreItems, cursor }];\n },\n\n async listAll(params) {\n return this.list({ ...params, limit: FIXED_FOLDER_LISTING_LIMIT });\n },\n\n async create(data) {\n let canCreateFolder = false;\n if (data.parentId) {\n const parentFolder = await storageOperations.getFolder({ id: data.parentId });\n canCreateFolder = await folderLevelPermissions.canAccessFolder({\n folder: parentFolder,\n rwd: \"w\"\n });\n } else {\n canCreateFolder = await folderLevelPermissions.canCreateFolderInRoot();\n }\n\n if (!canCreateFolder) {\n throw new NotAuthorizedError();\n }\n\n await onFolderBeforeCreate.publish({ input: data });\n const folder = await storageOperations.createFolder({ data });\n\n folderLevelPermissions.invalidateCache();\n await folderLevelPermissions.assignFolderPermissions(folder);\n\n await onFolderAfterCreate.publish({ folder });\n\n return folder;\n },\n\n async update(id, data) {\n const original = await storageOperations.getFolder({ id });\n\n const canUpdateFolder = await folderLevelPermissions.canAccessFolder({\n folder: original,\n rwd: \"w\"\n });\n\n if (!canUpdateFolder) {\n throw new NotAuthorizedError();\n }\n\n // Validate data.\n if (Array.isArray(data.permissions)) {\n data.permissions.forEach(permission => {\n const targetIsValid =\n permission.target.startsWith(\"admin:\") ||\n permission.target.startsWith(\"team:\");\n if (!targetIsValid) {\n throw new Error(`Permission target \"${permission.target}\" is not valid.`);\n }\n\n if (permission.inheritedFrom) {\n throw new Error(`Permission \"inheritedFrom\" cannot be set manually.`);\n }\n });\n }\n\n // Parent change is not allowed if the user doesn't have access to the new parent.\n if (data.parentId && data.parentId !== original.parentId) {\n try {\n // Getting the parent folder will throw an error if the user doesn't have access.\n await this.get(data.parentId);\n } catch (e) {\n if (e instanceof NotAuthorizedError) {\n throw new WError(\n `Cannot move folder to a new parent because you don't have access to the new parent.`,\n \"CANNOT_MOVE_FOLDER_TO_NEW_PARENT\"\n );\n }\n\n // If we didn't receive the expected error, we still want to throw it.\n throw e;\n }\n }\n\n // Let's prepare a custom folder permissions list, where the folder contains the updated data.\n const customFoldersList = await folderLevelPermissions\n .listAllFolders(original.type)\n .then(folders => {\n const foldersClone = structuredClone<Folder[]>(folders);\n return foldersClone.map(folder => {\n if (folder.id === id) {\n Object.assign(folder, data);\n }\n return folder;\n });\n });\n\n const stillHasAccess = await folderLevelPermissions.canAccessFolder({\n folder: { id, type: original.type },\n rwd: \"w\",\n foldersList: customFoldersList\n });\n\n if (!stillHasAccess) {\n throw new WError(\n `Cannot continue because you would loose access to this folder.`,\n \"CANNOT_LOOSE_FOLDER_ACCESS\"\n );\n }\n\n await onFolderBeforeUpdate.publish({ original, input: { id, data } });\n const folder = await storageOperations.updateFolder({ id, data });\n await onFolderAfterUpdate.publish({ original, input: { id, data }, folder });\n\n folderLevelPermissions.invalidateCache();\n await folderLevelPermissions.assignFolderPermissions(folder);\n return folder;\n },\n\n async delete(id: string) {\n const folder = await storageOperations.getFolder({ id });\n\n await folderLevelPermissions.ensureCanAccessFolder({\n folder,\n rwd: \"d\"\n });\n\n await onFolderBeforeDelete.publish({ folder });\n await storageOperations.deleteFolder({ id });\n await onFolderAfterDelete.publish({ folder });\n return true;\n },\n\n async getAncestors(folder: Folder) {\n const [folders] = await this.listAll({ where: { type: folder.type } });\n return getFolderAndItsAncestors({ folder, folders });\n },\n\n /**\n * @deprecated use `getAncestors` instead\n */\n async getFolderWithAncestors(id: string) {\n const folder = await this.get(id);\n return this.getAncestors(folder);\n },\n\n async listFolderLevelPermissionsTargets() {\n const adminUsers = await listAdminUsers();\n const teams = await listTeams();\n\n const teamTargets = teams.map(team => ({\n id: team.id,\n type: \"team\",\n target: `team:${team.id}`,\n name: team.name || \"\",\n meta: {}\n }));\n\n const adminUserTargets = adminUsers.map(user => {\n let name = user.displayName;\n if (!name) {\n // For backwards compatibility, we also want to try concatenating first and last name.\n name = [user.firstName, user.lastName].filter(Boolean).join(\" \");\n }\n\n // We're doing the validation because, with non-Cognito IdPs (Okta, Auth0), the email\n // field might actually contain a non-email value: `id:${IdP_Identity_ID}`. In that case,\n // let's not assign anything to the `email` field.\n let email: string | null = user.email;\n try {\n validation.validateSync(email, \"email\");\n } catch {\n email = null;\n }\n\n const image = user.avatar?.src || null;\n\n return {\n id: user.id,\n type: \"admin\",\n target: `admin:${user.id}`,\n name,\n meta: {\n email,\n image\n }\n };\n });\n\n const results = [...teamTargets, ...adminUserTargets];\n const meta = { totalCount: results.length };\n\n return [results, meta];\n }\n };\n};\n"],"mappings":";;;;;;;AAAA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,WAAA,GAAAD,OAAA;AAYA,IAAAE,yBAAA,GAAAF,OAAA;AACA,IAAAG,mBAAA,GAAAC,sBAAA,CAAAJ,OAAA;AAGA,IAAAK,MAAA,GAAAD,sBAAA,CAAAJ,OAAA;AAEA,MAAMM,0BAA0B,GAAG,MAAM;AAOlC,MAAMC,uBAAuB,GAAGA,CAAC;EACpCC,iBAAiB;EACjBC,sBAAsB;EACtBC,cAAc;EACdC;AAC2B,CAAC,KAAoB;EAChD;EACA,MAAMC,oBAAoB,GAAG,IAAAC,mBAAW,EACpC,0BACJ,CAAC;EACD,MAAMC,mBAAmB,GACrB,IAAAD,mBAAW,EAAiC,yBAAyB,CAAC;EAC1E;EACA,MAAME,oBAAoB,GAAG,IAAAF,mBAAW,EACpC,0BACJ,CAAC;EACD,MAAMG,mBAAmB,GACrB,IAAAH,mBAAW,EAAiC,yBAAyB,CAAC;EAC1E;EACA,MAAMI,oBAAoB,GAAG,IAAAJ,mBAAW,EACpC,0BACJ,CAAC;EACD,MAAMK,mBAAmB,GACrB,IAAAL,mBAAW,EAAiC,yBAAyB,CAAC;EAE1E,OAAO;IACH;AACR;AACA;IACQD,oBAAoB;IACpBE,mBAAmB;IACnBC,oBAAoB;IACpBC,mBAAmB;IACnBC,oBAAoB;IACpBC,mBAAmB;IAEnB,MAAMC,GAAGA,CAACC,EAAE,EAAE;MACV,MAAMC,MAAM,GAAG,MAAMb,iBAAiB,CAACc,SAAS,CAAC;QAAEF;MAAG,CAAC,CAAC;MAExD,MAAMX,sBAAsB,CAACc,qBAAqB,CAAC;QAC/CF,MAAM;QACNG,GAAG,EAAE;MACT,CAAC,CAAC;MAEF,MAAMf,sBAAsB,CAACgB,uBAAuB,CAACJ,MAAM,CAAC;MAC5D,OAAOA,MAAM;IACjB,CAAC;IACD,MAAMK,IAAIA,CAACC,MAAM,EAAE;MACf;MACA;MACA,MAAMC,eAAe,GAAG,MAAMnB,sBAAsB,CAC/CoB,6BAA6B,CAACF,MAAM,CAACG,KAAK,CAACC,IAAI,CAAC,CAChDC,IAAI,CAACJ,eAAe,IAAI;QACrB;QACA;QACA,IAAID,MAAM,CAACG,KAAK,CAACG,QAAQ,EAAE;UACvB;UACA,OAAOL,eAAe,CAACM,MAAM,CACzBb,MAAM,IAAIA,MAAM,CAACY,QAAQ,KAAKN,MAAM,CAACG,KAAK,CAACG,QAC/C,CAAC;QACL;QACA,OAAOL,eAAe;MAC1B,CAAC,CAAC;MAEN,MAAMO,UAAU,GAAGP,eAAe,CAACQ,MAAM;MACzC,IAAIC,YAAY,GAAG,KAAK;MACxB,IAAIC,MAAqB,GAAG,IAAI;;MAEhC;MACA,IAAIX,MAAM,CAACY,KAAK,EAAE;QACd,MAAMC,kBAAkB,GAAGZ,eAAe,CAACa,SAAS,CAChDpB,MAAM,IAAIA,MAAM,CAACD,EAAE,KAAKO,MAAM,CAACY,KACnC,CAAC;QACD,IAAIC,kBAAkB,IAAI,CAAC,EAAE;UACzB;UACAZ,eAAe,CAACc,MAAM,CAAC,CAAC,EAAEF,kBAAkB,GAAG,CAAC,CAAC;QACrD;MACJ;MAEAH,YAAY,GAAG,CAAC,CAACV,MAAM,CAACgB,KAAK,IAAIf,eAAe,CAACQ,MAAM,GAAGT,MAAM,CAACgB,KAAK;MAEtE,IAAIN,YAAY,EAAE;QACdC,MAAM,GAAGV,eAAe,CAACD,MAAM,CAACgB,KAAK,GAAI,CAAC,CAAC,EAAEvB,EAAE,IAAI,IAAI;QACvDQ,eAAe,CAACc,MAAM,CAACf,MAAM,CAACgB,KAAM,CAAC;MACzC;MAEA,OAAO,CAACf,eAAe,EAAE;QAAEO,UAAU;QAAEE,YAAY;QAAEC;MAAO,CAAC,CAAC;IAClE,CAAC;IAED,MAAMM,OAAOA,CAACjB,MAAM,EAAE;MAClB,OAAO,IAAI,CAACD,IAAI,CAAC;QAAE,GAAGC,MAAM;QAAEgB,KAAK,EAAErC;MAA2B,CAAC,CAAC;IACtE,CAAC;IAED,MAAMuC,MAAMA,CAACC,IAAI,EAAE;MACf,IAAIC,eAAe,GAAG,KAAK;MAC3B,IAAID,IAAI,CAACb,QAAQ,EAAE;QACf,MAAMe,YAAY,GAAG,MAAMxC,iBAAiB,CAACc,SAAS,CAAC;UAAEF,EAAE,EAAE0B,IAAI,CAACb;QAAS,CAAC,CAAC;QAC7Ec,eAAe,GAAG,MAAMtC,sBAAsB,CAACwC,eAAe,CAAC;UAC3D5B,MAAM,EAAE2B,YAAY;UACpBxB,GAAG,EAAE;QACT,CAAC,CAAC;MACN,CAAC,MAAM;QACHuB,eAAe,GAAG,MAAMtC,sBAAsB,CAACyC,qBAAqB,CAAC,CAAC;MAC1E;MAEA,IAAI,CAACH,eAAe,EAAE;QAClB,MAAM,IAAII,2BAAkB,CAAC,CAAC;MAClC;MAEA,MAAMvC,oBAAoB,CAACwC,OAAO,CAAC;QAAEC,KAAK,EAAEP;MAAK,CAAC,CAAC;MACnD,MAAMzB,MAAM,GAAG,MAAMb,iBAAiB,CAAC8C,YAAY,CAAC;QAAER;MAAK,CAAC,CAAC;MAE7DrC,sBAAsB,CAAC8C,eAAe,CAAC,CAAC;MACxC,MAAM9C,sBAAsB,CAACgB,uBAAuB,CAACJ,MAAM,CAAC;MAE5D,MAAMP,mBAAmB,CAACsC,OAAO,CAAC;QAAE/B;MAAO,CAAC,CAAC;MAE7C,OAAOA,MAAM;IACjB,CAAC;IAED,MAAMmC,MAAMA,CAACpC,EAAE,EAAE0B,IAAI,EAAE;MACnB,MAAMW,QAAQ,GAAG,MAAMjD,iBAAiB,CAACc,SAAS,CAAC;QAAEF;MAAG,CAAC,CAAC;MAE1D,MAAMsC,eAAe,GAAG,MAAMjD,sBAAsB,CAACwC,eAAe,CAAC;QACjE5B,MAAM,EAAEoC,QAAQ;QAChBjC,GAAG,EAAE;MACT,CAAC,CAAC;MAEF,IAAI,CAACkC,eAAe,EAAE;QAClB,MAAM,IAAIP,2BAAkB,CAAC,CAAC;MAClC;;MAEA;MACA,IAAIQ,KAAK,CAACC,OAAO,CAACd,IAAI,CAACe,WAAW,CAAC,EAAE;QACjCf,IAAI,CAACe,WAAW,CAACC,OAAO,CAACC,UAAU,IAAI;UACnC,MAAMC,aAAa,GACfD,UAAU,CAACE,MAAM,CAACC,UAAU,CAAC,QAAQ,CAAC,IACtCH,UAAU,CAACE,MAAM,CAACC,UAAU,CAAC,OAAO,CAAC;UACzC,IAAI,CAACF,aAAa,EAAE;YAChB,MAAM,IAAIG,KAAK,CAAE,sBAAqBJ,UAAU,CAACE,MAAO,iBAAgB,CAAC;UAC7E;UAEA,IAAIF,UAAU,CAACK,aAAa,EAAE;YAC1B,MAAM,IAAID,KAAK,CAAE,oDAAmD,CAAC;UACzE;QACJ,CAAC,CAAC;MACN;;MAEA;MACA,IAAIrB,IAAI,CAACb,QAAQ,IAAIa,IAAI,CAACb,QAAQ,KAAKwB,QAAQ,CAACxB,QAAQ,EAAE;QACtD,IAAI;UACA;UACA,MAAM,IAAI,CAACd,GAAG,CAAC2B,IAAI,CAACb,QAAQ,CAAC;QACjC,CAAC,CAAC,OAAOoC,CAAC,EAAE;UACR,IAAIA,CAAC,YAAYlB,2BAAkB,EAAE;YACjC,MAAM,IAAImB,cAAM,CACX,qFAAoF,EACrF,kCACJ,CAAC;UACL;;UAEA;UACA,MAAMD,CAAC;QACX;MACJ;;MAEA;MACA,MAAME,iBAAiB,GAAG,MAAM9D,sBAAsB,CACjD+D,cAAc,CAACf,QAAQ,CAAC1B,IAAI,CAAC,CAC7BC,IAAI,CAACyC,OAAO,IAAI;QACb,MAAMC,YAAY,GAAGC,eAAe,CAAWF,OAAO,CAAC;QACvD,OAAOC,YAAY,CAACE,GAAG,CAACvD,MAAM,IAAI;UAC9B,IAAIA,MAAM,CAACD,EAAE,KAAKA,EAAE,EAAE;YAClByD,MAAM,CAACC,MAAM,CAACzD,MAAM,EAAEyB,IAAI,CAAC;UAC/B;UACA,OAAOzB,MAAM;QACjB,CAAC,CAAC;MACN,CAAC,CAAC;MAEN,MAAM0D,cAAc,GAAG,MAAMtE,sBAAsB,CAACwC,eAAe,CAAC;QAChE5B,MAAM,EAAE;UAAED,EAAE;UAAEW,IAAI,EAAE0B,QAAQ,CAAC1B;QAAK,CAAC;QACnCP,GAAG,EAAE,GAAG;QACRwD,WAAW,EAAET;MACjB,CAAC,CAAC;MAEF,IAAI,CAACQ,cAAc,EAAE;QACjB,MAAM,IAAIT,cAAM,CACX,gEAA+D,EAChE,4BACJ,CAAC;MACL;MAEA,MAAMvD,oBAAoB,CAACqC,OAAO,CAAC;QAAEK,QAAQ;QAAEJ,KAAK,EAAE;UAAEjC,EAAE;UAAE0B;QAAK;MAAE,CAAC,CAAC;MACrE,MAAMzB,MAAM,GAAG,MAAMb,iBAAiB,CAACyE,YAAY,CAAC;QAAE7D,EAAE;QAAE0B;MAAK,CAAC,CAAC;MACjE,MAAM9B,mBAAmB,CAACoC,OAAO,CAAC;QAAEK,QAAQ;QAAEJ,KAAK,EAAE;UAAEjC,EAAE;UAAE0B;QAAK,CAAC;QAAEzB;MAAO,CAAC,CAAC;MAE5EZ,sBAAsB,CAAC8C,eAAe,CAAC,CAAC;MACxC,MAAM9C,sBAAsB,CAACgB,uBAAuB,CAACJ,MAAM,CAAC;MAC5D,OAAOA,MAAM;IACjB,CAAC;IAED,MAAM6D,MAAMA,CAAC9D,EAAU,EAAE;MACrB,MAAMC,MAAM,GAAG,MAAMb,iBAAiB,CAACc,SAAS,CAAC;QAAEF;MAAG,CAAC,CAAC;MAExD,MAAMX,sBAAsB,CAACc,qBAAqB,CAAC;QAC/CF,MAAM;QACNG,GAAG,EAAE;MACT,CAAC,CAAC;MAEF,MAAMP,oBAAoB,CAACmC,OAAO,CAAC;QAAE/B;MAAO,CAAC,CAAC;MAC9C,MAAMb,iBAAiB,CAAC2E,YAAY,CAAC;QAAE/D;MAAG,CAAC,CAAC;MAC5C,MAAMF,mBAAmB,CAACkC,OAAO,CAAC;QAAE/B;MAAO,CAAC,CAAC;MAC7C,OAAO,IAAI;IACf,CAAC;IAED,MAAM+D,YAAYA,CAAC/D,MAAc,EAAE;MAC/B,MAAM,CAACoD,OAAO,CAAC,GAAG,MAAM,IAAI,CAAC7B,OAAO,CAAC;QAAEd,KAAK,EAAE;UAAEC,IAAI,EAAEV,MAAM,CAACU;QAAK;MAAE,CAAC,CAAC;MACtE,OAAO,IAAAsD,kDAAwB,EAAC;QAAEhE,MAAM;QAAEoD;MAAQ,CAAC,CAAC;IACxD,CAAC;IAED;AACR;AACA;IACQ,MAAMa,sBAAsBA,CAAClE,EAAU,EAAE;MACrC,MAAMC,MAAM,GAAG,MAAM,IAAI,CAACF,GAAG,CAACC,EAAE,CAAC;MACjC,OAAO,IAAI,CAACgE,YAAY,CAAC/D,MAAM,CAAC;IACpC,CAAC;IAED,MAAMkE,iCAAiCA,CAAA,EAAG;MACtC,MAAMC,UAAU,GAAG,MAAM9E,cAAc,CAAC,CAAC;MACzC,MAAM+E,KAAK,GAAG,MAAM9E,SAAS,CAAC,CAAC;MAE/B,MAAM+E,WAAW,GAAGD,KAAK,CAACb,GAAG,CAACe,IAAI,KAAK;QACnCvE,EAAE,EAAEuE,IAAI,CAACvE,EAAE;QACXW,IAAI,EAAE,MAAM;QACZkC,MAAM,EAAG,QAAO0B,IAAI,CAACvE,EAAG,EAAC;QACzBwE,IAAI,EAAED,IAAI,CAACC,IAAI,IAAI,EAAE;QACrBC,IAAI,EAAE,CAAC;MACX,CAAC,CAAC,CAAC;MAEH,MAAMC,gBAAgB,GAAGN,UAAU,CAACZ,GAAG,CAACmB,IAAI,IAAI;QAC5C,IAAIH,IAAI,GAAGG,IAAI,CAACC,WAAW;QAC3B,IAAI,CAACJ,IAAI,EAAE;UACP;UACAA,IAAI,GAAG,CAACG,IAAI,CAACE,SAAS,EAAEF,IAAI,CAACG,QAAQ,CAAC,CAAChE,MAAM,CAACiE,OAAO,CAAC,CAACC,IAAI,CAAC,GAAG,CAAC;QACpE;;QAEA;QACA;QACA;QACA,IAAIC,KAAoB,GAAGN,IAAI,CAACM,KAAK;QACrC,IAAI;UACAC,sBAAU,CAACC,YAAY,CAACF,KAAK,EAAE,OAAO,CAAC;QAC3C,CAAC,CAAC,MAAM;UACJA,KAAK,GAAG,IAAI;QAChB;QAEA,MAAMG,KAAK,GAAGT,IAAI,CAACU,MAAM,EAAEC,GAAG,IAAI,IAAI;QAEtC,OAAO;UACHtF,EAAE,EAAE2E,IAAI,CAAC3E,EAAE;UACXW,IAAI,EAAE,OAAO;UACbkC,MAAM,EAAG,SAAQ8B,IAAI,CAAC3E,EAAG,EAAC;UAC1BwE,IAAI;UACJC,IAAI,EAAE;YACFQ,KAAK;YACLG;UACJ;QACJ,CAAC;MACL,CAAC,CAAC;MAEF,MAAMG,OAAO,GAAG,CAAC,GAAGjB,WAAW,EAAE,GAAGI,gBAAgB,CAAC;MACrD,MAAMD,IAAI,GAAG;QAAE1D,UAAU,EAAEwE,OAAO,CAACvE;MAAO,CAAC;MAE3C,OAAO,CAACuE,OAAO,EAAEd,IAAI,CAAC;IAC1B;EACJ,CAAC;AACL,CAAC;AAACe,OAAA,CAAArG,uBAAA,GAAAA,uBAAA"}
1
+ {"version":3,"names":["_pubsub","require","_validation","_getFolderAndItsAncestors","_NotAuthorizedError","_interopRequireDefault","_error","FIXED_FOLDER_LISTING_LIMIT","createFolderCrudMethods","storageOperations","folderLevelPermissions","listAdminUsers","listTeams","onFolderBeforeCreate","createTopic","onFolderAfterCreate","onFolderBeforeUpdate","onFolderAfterUpdate","onFolderBeforeDelete","onFolderAfterDelete","get","id","folder","getFolder","ensureCanAccessFolder","rwd","assignFolderPermissions","list","params","filteredFolders","listAllFoldersWithPermissions","where","type","then","parentId","filter","totalCount","length","hasMoreItems","cursor","after","afterListItemIndex","findIndex","splice","limit","listAll","create","data","canCreateFolder","parentFolder","canAccessFolder","canCreateFolderInRoot","NotAuthorizedError","publish","input","createFolder","updateCache","cachedFolders","update","original","canUpdateFolder","Array","isArray","permissions","forEach","permission","targetIsValid","target","startsWith","Error","inheritedFrom","e","WError","customFoldersList","listAllFolders","folders","foldersClone","structuredClone","map","Object","assign","stillHasAccess","foldersList","updateFolder","currentFolder","delete","deleteFolder","getAncestors","getFolderAndItsAncestors","getFolderWithAncestors","listFolderLevelPermissionsTargets","adminUsers","teams","teamTargets","team","name","meta","adminUserTargets","user","displayName","firstName","lastName","Boolean","join","email","validation","validateSync","image","avatar","src","results","exports"],"sources":["folder.crud.ts"],"sourcesContent":["import { createTopic } from \"@webiny/pubsub\";\nimport { validation } from \"@webiny/validation\";\nimport { CreateAcoParams, Folder } from \"~/types\";\nimport {\n AcoFolderCrud,\n OnFolderAfterCreateTopicParams,\n OnFolderAfterDeleteTopicParams,\n OnFolderAfterUpdateTopicParams,\n OnFolderBeforeCreateTopicParams,\n OnFolderBeforeDeleteTopicParams,\n OnFolderBeforeUpdateTopicParams\n} from \"./folder.types\";\n\nimport { getFolderAndItsAncestors } from \"~/utils/getFolderAndItsAncestors\";\nimport NotAuthorizedError from \"@webiny/api-security/NotAuthorizedError\";\nimport { AdminUser } from \"@webiny/api-admin-users/types\";\nimport { Team } from \"@webiny/api-security/types\";\nimport WError from \"@webiny/error\";\n\nconst FIXED_FOLDER_LISTING_LIMIT = 10_000;\n\ninterface CreateFolderCrudMethodsParams extends CreateAcoParams {\n listAdminUsers: () => Promise<AdminUser[]>;\n listTeams: () => Promise<Team[]>;\n}\n\nexport const createFolderCrudMethods = ({\n storageOperations,\n folderLevelPermissions,\n listAdminUsers,\n listTeams\n}: CreateFolderCrudMethodsParams): AcoFolderCrud => {\n // create\n const onFolderBeforeCreate = createTopic<OnFolderBeforeCreateTopicParams>(\n \"aco.onFolderBeforeCreate\"\n );\n const onFolderAfterCreate =\n createTopic<OnFolderAfterCreateTopicParams>(\"aco.onFolderAfterCreate\");\n // update\n const onFolderBeforeUpdate = createTopic<OnFolderBeforeUpdateTopicParams>(\n \"aco.onFolderBeforeUpdate\"\n );\n const onFolderAfterUpdate =\n createTopic<OnFolderAfterUpdateTopicParams>(\"aco.onFolderAfterUpdate\");\n // delete\n const onFolderBeforeDelete = createTopic<OnFolderBeforeDeleteTopicParams>(\n \"aco.onFolderBeforeDelete\"\n );\n const onFolderAfterDelete =\n createTopic<OnFolderAfterDeleteTopicParams>(\"aco.onFolderAfterDelete\");\n\n return {\n /**\n * Lifecycle events\n */\n onFolderBeforeCreate,\n onFolderAfterCreate,\n onFolderBeforeUpdate,\n onFolderAfterUpdate,\n onFolderBeforeDelete,\n onFolderAfterDelete,\n\n async get(id) {\n const folder = await storageOperations.getFolder({ id });\n\n await folderLevelPermissions.ensureCanAccessFolder({\n folder,\n rwd: \"r\"\n });\n\n await folderLevelPermissions.assignFolderPermissions(folder);\n return folder;\n },\n async list(params) {\n // No matter what was the limit set in the params, initially, we always retrieve\n // all folders. The limit is then applied with the filtered folders list below.\n const filteredFolders = await folderLevelPermissions\n .listAllFoldersWithPermissions(params.where.type)\n .then(filteredFolders => {\n // If `parentId` was included in the `where` clause, we need to filter the folders.\n // TODO: we might want to incorporate this into the `listAllFoldersWithPermissions` method.\n if (params.where.parentId) {\n // Filter by parent ID.\n return filteredFolders.filter(\n folder => folder.parentId === params.where.parentId\n );\n }\n return filteredFolders;\n });\n\n const totalCount = filteredFolders.length;\n let hasMoreItems = false;\n let cursor: string | null = null;\n\n // Apply cursor/limit params.\n if (params.after) {\n const afterListItemIndex = filteredFolders.findIndex(\n folder => folder.id === params.after\n );\n if (afterListItemIndex >= 0) {\n // Remove all items below the \"after\" item.\n filteredFolders.splice(0, afterListItemIndex + 1);\n }\n }\n\n hasMoreItems = !!params.limit && filteredFolders.length > params.limit;\n\n if (hasMoreItems) {\n cursor = filteredFolders[params.limit! - 1]?.id || null;\n filteredFolders.splice(params.limit!);\n }\n\n return [filteredFolders, { totalCount, hasMoreItems, cursor }];\n },\n\n async listAll(params) {\n return this.list({ ...params, limit: FIXED_FOLDER_LISTING_LIMIT });\n },\n\n async create(data) {\n let canCreateFolder = false;\n if (data.parentId) {\n const parentFolder = await storageOperations.getFolder({ id: data.parentId });\n canCreateFolder = await folderLevelPermissions.canAccessFolder({\n folder: parentFolder,\n rwd: \"w\"\n });\n } else {\n canCreateFolder = await folderLevelPermissions.canCreateFolderInRoot();\n }\n\n if (!canCreateFolder) {\n throw new NotAuthorizedError();\n }\n\n await onFolderBeforeCreate.publish({ input: data });\n const folder = await storageOperations.createFolder({ data });\n\n // We need to add the newly created folder to FLP's internal cache.\n folderLevelPermissions.updateCache(folder.type, cachedFolders => {\n return [...cachedFolders, folder];\n });\n\n await folderLevelPermissions.assignFolderPermissions(folder);\n\n await onFolderAfterCreate.publish({ folder });\n\n return folder;\n },\n\n async update(id, data) {\n const original = await storageOperations.getFolder({ id });\n\n const canUpdateFolder = await folderLevelPermissions.canAccessFolder({\n folder: original,\n rwd: \"w\"\n });\n\n if (!canUpdateFolder) {\n throw new NotAuthorizedError();\n }\n\n // Validate data.\n if (Array.isArray(data.permissions)) {\n data.permissions.forEach(permission => {\n const targetIsValid =\n permission.target.startsWith(\"admin:\") ||\n permission.target.startsWith(\"team:\");\n if (!targetIsValid) {\n throw new Error(`Permission target \"${permission.target}\" is not valid.`);\n }\n\n if (permission.inheritedFrom) {\n throw new Error(`Permission \"inheritedFrom\" cannot be set manually.`);\n }\n });\n }\n\n // Parent change is not allowed if the user doesn't have access to the new parent.\n if (data.parentId && data.parentId !== original.parentId) {\n try {\n // Getting the parent folder will throw an error if the user doesn't have access.\n await this.get(data.parentId);\n } catch (e) {\n if (e instanceof NotAuthorizedError) {\n throw new WError(\n `Cannot move folder to a new parent because you don't have access to the new parent.`,\n \"CANNOT_MOVE_FOLDER_TO_NEW_PARENT\"\n );\n }\n\n // If we didn't receive the expected error, we still want to throw it.\n throw e;\n }\n }\n\n // Let's prepare a custom folder permissions list, where the folder contains the updated data.\n const customFoldersList = await folderLevelPermissions\n .listAllFolders(original.type)\n .then(folders => {\n const foldersClone = structuredClone<Folder[]>(folders);\n return foldersClone.map(folder => {\n if (folder.id === id) {\n Object.assign(folder, data);\n }\n return folder;\n });\n });\n\n const stillHasAccess = await folderLevelPermissions.canAccessFolder({\n folder: { id, type: original.type },\n rwd: \"w\",\n foldersList: customFoldersList\n });\n\n if (!stillHasAccess) {\n throw new WError(\n `Cannot continue because you would loose access to this folder.`,\n \"CANNOT_LOOSE_FOLDER_ACCESS\"\n );\n }\n\n await onFolderBeforeUpdate.publish({ original, input: { id, data } });\n const folder = await storageOperations.updateFolder({ id, data });\n await onFolderAfterUpdate.publish({ original, input: { id, data }, folder });\n\n // We need to update the folder in FLP's internal cache.\n folderLevelPermissions.updateCache(folder.type, cachedFolders => {\n return cachedFolders.map(currentFolder => {\n if (currentFolder.id === folder.id) {\n return folder;\n }\n return currentFolder;\n });\n });\n\n await folderLevelPermissions.assignFolderPermissions(folder);\n return folder;\n },\n\n async delete(id: string) {\n const folder = await storageOperations.getFolder({ id });\n\n await folderLevelPermissions.ensureCanAccessFolder({\n folder,\n rwd: \"d\"\n });\n\n await onFolderBeforeDelete.publish({ folder });\n await storageOperations.deleteFolder({ id });\n await onFolderAfterDelete.publish({ folder });\n return true;\n },\n\n async getAncestors(folder: Folder) {\n const [folders] = await this.listAll({ where: { type: folder.type } });\n return getFolderAndItsAncestors({ folder, folders });\n },\n\n /**\n * @deprecated use `getAncestors` instead\n */\n async getFolderWithAncestors(id: string) {\n const folder = await this.get(id);\n return this.getAncestors(folder);\n },\n\n async listFolderLevelPermissionsTargets() {\n const adminUsers = await listAdminUsers();\n const teams = await listTeams();\n\n const teamTargets = teams.map(team => ({\n id: team.id,\n type: \"team\",\n target: `team:${team.id}`,\n name: team.name || \"\",\n meta: {}\n }));\n\n const adminUserTargets = adminUsers.map(user => {\n let name = user.displayName;\n if (!name) {\n // For backwards compatibility, we also want to try concatenating first and last name.\n name = [user.firstName, user.lastName].filter(Boolean).join(\" \");\n }\n\n // We're doing the validation because, with non-Cognito IdPs (Okta, Auth0), the email\n // field might actually contain a non-email value: `id:${IdP_Identity_ID}`. In that case,\n // let's not assign anything to the `email` field.\n let email: string | null = user.email;\n try {\n validation.validateSync(email, \"email\");\n } catch {\n email = null;\n }\n\n const image = user.avatar?.src || null;\n\n return {\n id: user.id,\n type: \"admin\",\n target: `admin:${user.id}`,\n name,\n meta: {\n email,\n image\n }\n };\n });\n\n const results = [...teamTargets, ...adminUserTargets];\n const meta = { totalCount: results.length };\n\n return [results, meta];\n }\n };\n};\n"],"mappings":";;;;;;;AAAA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,WAAA,GAAAD,OAAA;AAYA,IAAAE,yBAAA,GAAAF,OAAA;AACA,IAAAG,mBAAA,GAAAC,sBAAA,CAAAJ,OAAA;AAGA,IAAAK,MAAA,GAAAD,sBAAA,CAAAJ,OAAA;AAEA,MAAMM,0BAA0B,GAAG,MAAM;AAOlC,MAAMC,uBAAuB,GAAGA,CAAC;EACpCC,iBAAiB;EACjBC,sBAAsB;EACtBC,cAAc;EACdC;AAC2B,CAAC,KAAoB;EAChD;EACA,MAAMC,oBAAoB,GAAG,IAAAC,mBAAW,EACpC,0BACJ,CAAC;EACD,MAAMC,mBAAmB,GACrB,IAAAD,mBAAW,EAAiC,yBAAyB,CAAC;EAC1E;EACA,MAAME,oBAAoB,GAAG,IAAAF,mBAAW,EACpC,0BACJ,CAAC;EACD,MAAMG,mBAAmB,GACrB,IAAAH,mBAAW,EAAiC,yBAAyB,CAAC;EAC1E;EACA,MAAMI,oBAAoB,GAAG,IAAAJ,mBAAW,EACpC,0BACJ,CAAC;EACD,MAAMK,mBAAmB,GACrB,IAAAL,mBAAW,EAAiC,yBAAyB,CAAC;EAE1E,OAAO;IACH;AACR;AACA;IACQD,oBAAoB;IACpBE,mBAAmB;IACnBC,oBAAoB;IACpBC,mBAAmB;IACnBC,oBAAoB;IACpBC,mBAAmB;IAEnB,MAAMC,GAAGA,CAACC,EAAE,EAAE;MACV,MAAMC,MAAM,GAAG,MAAMb,iBAAiB,CAACc,SAAS,CAAC;QAAEF;MAAG,CAAC,CAAC;MAExD,MAAMX,sBAAsB,CAACc,qBAAqB,CAAC;QAC/CF,MAAM;QACNG,GAAG,EAAE;MACT,CAAC,CAAC;MAEF,MAAMf,sBAAsB,CAACgB,uBAAuB,CAACJ,MAAM,CAAC;MAC5D,OAAOA,MAAM;IACjB,CAAC;IACD,MAAMK,IAAIA,CAACC,MAAM,EAAE;MACf;MACA;MACA,MAAMC,eAAe,GAAG,MAAMnB,sBAAsB,CAC/CoB,6BAA6B,CAACF,MAAM,CAACG,KAAK,CAACC,IAAI,CAAC,CAChDC,IAAI,CAACJ,eAAe,IAAI;QACrB;QACA;QACA,IAAID,MAAM,CAACG,KAAK,CAACG,QAAQ,EAAE;UACvB;UACA,OAAOL,eAAe,CAACM,MAAM,CACzBb,MAAM,IAAIA,MAAM,CAACY,QAAQ,KAAKN,MAAM,CAACG,KAAK,CAACG,QAC/C,CAAC;QACL;QACA,OAAOL,eAAe;MAC1B,CAAC,CAAC;MAEN,MAAMO,UAAU,GAAGP,eAAe,CAACQ,MAAM;MACzC,IAAIC,YAAY,GAAG,KAAK;MACxB,IAAIC,MAAqB,GAAG,IAAI;;MAEhC;MACA,IAAIX,MAAM,CAACY,KAAK,EAAE;QACd,MAAMC,kBAAkB,GAAGZ,eAAe,CAACa,SAAS,CAChDpB,MAAM,IAAIA,MAAM,CAACD,EAAE,KAAKO,MAAM,CAACY,KACnC,CAAC;QACD,IAAIC,kBAAkB,IAAI,CAAC,EAAE;UACzB;UACAZ,eAAe,CAACc,MAAM,CAAC,CAAC,EAAEF,kBAAkB,GAAG,CAAC,CAAC;QACrD;MACJ;MAEAH,YAAY,GAAG,CAAC,CAACV,MAAM,CAACgB,KAAK,IAAIf,eAAe,CAACQ,MAAM,GAAGT,MAAM,CAACgB,KAAK;MAEtE,IAAIN,YAAY,EAAE;QACdC,MAAM,GAAGV,eAAe,CAACD,MAAM,CAACgB,KAAK,GAAI,CAAC,CAAC,EAAEvB,EAAE,IAAI,IAAI;QACvDQ,eAAe,CAACc,MAAM,CAACf,MAAM,CAACgB,KAAM,CAAC;MACzC;MAEA,OAAO,CAACf,eAAe,EAAE;QAAEO,UAAU;QAAEE,YAAY;QAAEC;MAAO,CAAC,CAAC;IAClE,CAAC;IAED,MAAMM,OAAOA,CAACjB,MAAM,EAAE;MAClB,OAAO,IAAI,CAACD,IAAI,CAAC;QAAE,GAAGC,MAAM;QAAEgB,KAAK,EAAErC;MAA2B,CAAC,CAAC;IACtE,CAAC;IAED,MAAMuC,MAAMA,CAACC,IAAI,EAAE;MACf,IAAIC,eAAe,GAAG,KAAK;MAC3B,IAAID,IAAI,CAACb,QAAQ,EAAE;QACf,MAAMe,YAAY,GAAG,MAAMxC,iBAAiB,CAACc,SAAS,CAAC;UAAEF,EAAE,EAAE0B,IAAI,CAACb;QAAS,CAAC,CAAC;QAC7Ec,eAAe,GAAG,MAAMtC,sBAAsB,CAACwC,eAAe,CAAC;UAC3D5B,MAAM,EAAE2B,YAAY;UACpBxB,GAAG,EAAE;QACT,CAAC,CAAC;MACN,CAAC,MAAM;QACHuB,eAAe,GAAG,MAAMtC,sBAAsB,CAACyC,qBAAqB,CAAC,CAAC;MAC1E;MAEA,IAAI,CAACH,eAAe,EAAE;QAClB,MAAM,IAAII,2BAAkB,CAAC,CAAC;MAClC;MAEA,MAAMvC,oBAAoB,CAACwC,OAAO,CAAC;QAAEC,KAAK,EAAEP;MAAK,CAAC,CAAC;MACnD,MAAMzB,MAAM,GAAG,MAAMb,iBAAiB,CAAC8C,YAAY,CAAC;QAAER;MAAK,CAAC,CAAC;;MAE7D;MACArC,sBAAsB,CAAC8C,WAAW,CAAClC,MAAM,CAACU,IAAI,EAAEyB,aAAa,IAAI;QAC7D,OAAO,CAAC,GAAGA,aAAa,EAAEnC,MAAM,CAAC;MACrC,CAAC,CAAC;MAEF,MAAMZ,sBAAsB,CAACgB,uBAAuB,CAACJ,MAAM,CAAC;MAE5D,MAAMP,mBAAmB,CAACsC,OAAO,CAAC;QAAE/B;MAAO,CAAC,CAAC;MAE7C,OAAOA,MAAM;IACjB,CAAC;IAED,MAAMoC,MAAMA,CAACrC,EAAE,EAAE0B,IAAI,EAAE;MACnB,MAAMY,QAAQ,GAAG,MAAMlD,iBAAiB,CAACc,SAAS,CAAC;QAAEF;MAAG,CAAC,CAAC;MAE1D,MAAMuC,eAAe,GAAG,MAAMlD,sBAAsB,CAACwC,eAAe,CAAC;QACjE5B,MAAM,EAAEqC,QAAQ;QAChBlC,GAAG,EAAE;MACT,CAAC,CAAC;MAEF,IAAI,CAACmC,eAAe,EAAE;QAClB,MAAM,IAAIR,2BAAkB,CAAC,CAAC;MAClC;;MAEA;MACA,IAAIS,KAAK,CAACC,OAAO,CAACf,IAAI,CAACgB,WAAW,CAAC,EAAE;QACjChB,IAAI,CAACgB,WAAW,CAACC,OAAO,CAACC,UAAU,IAAI;UACnC,MAAMC,aAAa,GACfD,UAAU,CAACE,MAAM,CAACC,UAAU,CAAC,QAAQ,CAAC,IACtCH,UAAU,CAACE,MAAM,CAACC,UAAU,CAAC,OAAO,CAAC;UACzC,IAAI,CAACF,aAAa,EAAE;YAChB,MAAM,IAAIG,KAAK,CAAE,sBAAqBJ,UAAU,CAACE,MAAO,iBAAgB,CAAC;UAC7E;UAEA,IAAIF,UAAU,CAACK,aAAa,EAAE;YAC1B,MAAM,IAAID,KAAK,CAAE,oDAAmD,CAAC;UACzE;QACJ,CAAC,CAAC;MACN;;MAEA;MACA,IAAItB,IAAI,CAACb,QAAQ,IAAIa,IAAI,CAACb,QAAQ,KAAKyB,QAAQ,CAACzB,QAAQ,EAAE;QACtD,IAAI;UACA;UACA,MAAM,IAAI,CAACd,GAAG,CAAC2B,IAAI,CAACb,QAAQ,CAAC;QACjC,CAAC,CAAC,OAAOqC,CAAC,EAAE;UACR,IAAIA,CAAC,YAAYnB,2BAAkB,EAAE;YACjC,MAAM,IAAIoB,cAAM,CACX,qFAAoF,EACrF,kCACJ,CAAC;UACL;;UAEA;UACA,MAAMD,CAAC;QACX;MACJ;;MAEA;MACA,MAAME,iBAAiB,GAAG,MAAM/D,sBAAsB,CACjDgE,cAAc,CAACf,QAAQ,CAAC3B,IAAI,CAAC,CAC7BC,IAAI,CAAC0C,OAAO,IAAI;QACb,MAAMC,YAAY,GAAGC,eAAe,CAAWF,OAAO,CAAC;QACvD,OAAOC,YAAY,CAACE,GAAG,CAACxD,MAAM,IAAI;UAC9B,IAAIA,MAAM,CAACD,EAAE,KAAKA,EAAE,EAAE;YAClB0D,MAAM,CAACC,MAAM,CAAC1D,MAAM,EAAEyB,IAAI,CAAC;UAC/B;UACA,OAAOzB,MAAM;QACjB,CAAC,CAAC;MACN,CAAC,CAAC;MAEN,MAAM2D,cAAc,GAAG,MAAMvE,sBAAsB,CAACwC,eAAe,CAAC;QAChE5B,MAAM,EAAE;UAAED,EAAE;UAAEW,IAAI,EAAE2B,QAAQ,CAAC3B;QAAK,CAAC;QACnCP,GAAG,EAAE,GAAG;QACRyD,WAAW,EAAET;MACjB,CAAC,CAAC;MAEF,IAAI,CAACQ,cAAc,EAAE;QACjB,MAAM,IAAIT,cAAM,CACX,gEAA+D,EAChE,4BACJ,CAAC;MACL;MAEA,MAAMxD,oBAAoB,CAACqC,OAAO,CAAC;QAAEM,QAAQ;QAAEL,KAAK,EAAE;UAAEjC,EAAE;UAAE0B;QAAK;MAAE,CAAC,CAAC;MACrE,MAAMzB,MAAM,GAAG,MAAMb,iBAAiB,CAAC0E,YAAY,CAAC;QAAE9D,EAAE;QAAE0B;MAAK,CAAC,CAAC;MACjE,MAAM9B,mBAAmB,CAACoC,OAAO,CAAC;QAAEM,QAAQ;QAAEL,KAAK,EAAE;UAAEjC,EAAE;UAAE0B;QAAK,CAAC;QAAEzB;MAAO,CAAC,CAAC;;MAE5E;MACAZ,sBAAsB,CAAC8C,WAAW,CAAClC,MAAM,CAACU,IAAI,EAAEyB,aAAa,IAAI;QAC7D,OAAOA,aAAa,CAACqB,GAAG,CAACM,aAAa,IAAI;UACtC,IAAIA,aAAa,CAAC/D,EAAE,KAAKC,MAAM,CAACD,EAAE,EAAE;YAChC,OAAOC,MAAM;UACjB;UACA,OAAO8D,aAAa;QACxB,CAAC,CAAC;MACN,CAAC,CAAC;MAEF,MAAM1E,sBAAsB,CAACgB,uBAAuB,CAACJ,MAAM,CAAC;MAC5D,OAAOA,MAAM;IACjB,CAAC;IAED,MAAM+D,MAAMA,CAAChE,EAAU,EAAE;MACrB,MAAMC,MAAM,GAAG,MAAMb,iBAAiB,CAACc,SAAS,CAAC;QAAEF;MAAG,CAAC,CAAC;MAExD,MAAMX,sBAAsB,CAACc,qBAAqB,CAAC;QAC/CF,MAAM;QACNG,GAAG,EAAE;MACT,CAAC,CAAC;MAEF,MAAMP,oBAAoB,CAACmC,OAAO,CAAC;QAAE/B;MAAO,CAAC,CAAC;MAC9C,MAAMb,iBAAiB,CAAC6E,YAAY,CAAC;QAAEjE;MAAG,CAAC,CAAC;MAC5C,MAAMF,mBAAmB,CAACkC,OAAO,CAAC;QAAE/B;MAAO,CAAC,CAAC;MAC7C,OAAO,IAAI;IACf,CAAC;IAED,MAAMiE,YAAYA,CAACjE,MAAc,EAAE;MAC/B,MAAM,CAACqD,OAAO,CAAC,GAAG,MAAM,IAAI,CAAC9B,OAAO,CAAC;QAAEd,KAAK,EAAE;UAAEC,IAAI,EAAEV,MAAM,CAACU;QAAK;MAAE,CAAC,CAAC;MACtE,OAAO,IAAAwD,kDAAwB,EAAC;QAAElE,MAAM;QAAEqD;MAAQ,CAAC,CAAC;IACxD,CAAC;IAED;AACR;AACA;IACQ,MAAMc,sBAAsBA,CAACpE,EAAU,EAAE;MACrC,MAAMC,MAAM,GAAG,MAAM,IAAI,CAACF,GAAG,CAACC,EAAE,CAAC;MACjC,OAAO,IAAI,CAACkE,YAAY,CAACjE,MAAM,CAAC;IACpC,CAAC;IAED,MAAMoE,iCAAiCA,CAAA,EAAG;MACtC,MAAMC,UAAU,GAAG,MAAMhF,cAAc,CAAC,CAAC;MACzC,MAAMiF,KAAK,GAAG,MAAMhF,SAAS,CAAC,CAAC;MAE/B,MAAMiF,WAAW,GAAGD,KAAK,CAACd,GAAG,CAACgB,IAAI,KAAK;QACnCzE,EAAE,EAAEyE,IAAI,CAACzE,EAAE;QACXW,IAAI,EAAE,MAAM;QACZmC,MAAM,EAAG,QAAO2B,IAAI,CAACzE,EAAG,EAAC;QACzB0E,IAAI,EAAED,IAAI,CAACC,IAAI,IAAI,EAAE;QACrBC,IAAI,EAAE,CAAC;MACX,CAAC,CAAC,CAAC;MAEH,MAAMC,gBAAgB,GAAGN,UAAU,CAACb,GAAG,CAACoB,IAAI,IAAI;QAC5C,IAAIH,IAAI,GAAGG,IAAI,CAACC,WAAW;QAC3B,IAAI,CAACJ,IAAI,EAAE;UACP;UACAA,IAAI,GAAG,CAACG,IAAI,CAACE,SAAS,EAAEF,IAAI,CAACG,QAAQ,CAAC,CAAClE,MAAM,CAACmE,OAAO,CAAC,CAACC,IAAI,CAAC,GAAG,CAAC;QACpE;;QAEA;QACA;QACA;QACA,IAAIC,KAAoB,GAAGN,IAAI,CAACM,KAAK;QACrC,IAAI;UACAC,sBAAU,CAACC,YAAY,CAACF,KAAK,EAAE,OAAO,CAAC;QAC3C,CAAC,CAAC,MAAM;UACJA,KAAK,GAAG,IAAI;QAChB;QAEA,MAAMG,KAAK,GAAGT,IAAI,CAACU,MAAM,EAAEC,GAAG,IAAI,IAAI;QAEtC,OAAO;UACHxF,EAAE,EAAE6E,IAAI,CAAC7E,EAAE;UACXW,IAAI,EAAE,OAAO;UACbmC,MAAM,EAAG,SAAQ+B,IAAI,CAAC7E,EAAG,EAAC;UAC1B0E,IAAI;UACJC,IAAI,EAAE;YACFQ,KAAK;YACLG;UACJ;QACJ,CAAC;MACL,CAAC,CAAC;MAEF,MAAMG,OAAO,GAAG,CAAC,GAAGjB,WAAW,EAAE,GAAGI,gBAAgB,CAAC;MACrD,MAAMD,IAAI,GAAG;QAAE5D,UAAU,EAAE0E,OAAO,CAACzE;MAAO,CAAC;MAE3C,OAAO,CAACyE,OAAO,EAAEd,IAAI,CAAC;IAC1B;EACJ,CAAC;AACL,CAAC;AAACe,OAAA,CAAAvG,uBAAA,GAAAA,uBAAA"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@webiny/api-aco",
3
- "version": "5.39.0",
3
+ "version": "5.39.1-beta.1",
4
4
  "main": "index.js",
5
5
  "keywords": [
6
6
  "aco:base"
@@ -22,18 +22,18 @@
22
22
  "directory": "dist"
23
23
  },
24
24
  "dependencies": {
25
- "@webiny/api": "5.39.0",
26
- "@webiny/api-authentication": "5.39.0",
27
- "@webiny/api-headless-cms": "5.39.0",
28
- "@webiny/api-i18n": "5.39.0",
29
- "@webiny/api-security": "5.39.0",
30
- "@webiny/api-tenancy": "5.39.0",
31
- "@webiny/error": "5.39.0",
32
- "@webiny/handler": "5.39.0",
33
- "@webiny/handler-graphql": "5.39.0",
34
- "@webiny/pubsub": "5.39.0",
35
- "@webiny/utils": "5.39.0",
36
- "@webiny/validation": "5.39.0",
25
+ "@webiny/api": "5.39.1-beta.1",
26
+ "@webiny/api-authentication": "5.39.1-beta.1",
27
+ "@webiny/api-headless-cms": "5.39.1-beta.1",
28
+ "@webiny/api-i18n": "5.39.1-beta.1",
29
+ "@webiny/api-security": "5.39.1-beta.1",
30
+ "@webiny/api-tenancy": "5.39.1-beta.1",
31
+ "@webiny/error": "5.39.1-beta.1",
32
+ "@webiny/handler": "5.39.1-beta.1",
33
+ "@webiny/handler-graphql": "5.39.1-beta.1",
34
+ "@webiny/pubsub": "5.39.1-beta.1",
35
+ "@webiny/utils": "5.39.1-beta.1",
36
+ "@webiny/validation": "5.39.1-beta.1",
37
37
  "lodash": "4.17.21"
38
38
  },
39
39
  "devDependencies": {
@@ -43,22 +43,22 @@
43
43
  "@babel/preset-typescript": "7.22.5",
44
44
  "@babel/runtime": "7.22.6",
45
45
  "@types/ungap__structured-clone": "0.3.0",
46
- "@webiny/api-admin-users": "5.39.0",
47
- "@webiny/api-file-manager": "5.39.0",
48
- "@webiny/api-i18n-ddb": "5.39.0",
49
- "@webiny/api-security-so-ddb": "5.39.0",
50
- "@webiny/api-tenancy-so-ddb": "5.39.0",
51
- "@webiny/api-wcp": "5.39.0",
52
- "@webiny/cli": "5.39.0",
53
- "@webiny/handler-aws": "5.39.0",
54
- "@webiny/plugins": "5.39.0",
55
- "@webiny/project-utils": "5.39.0",
56
- "@webiny/wcp": "5.39.0",
46
+ "@webiny/api-admin-users": "5.39.1-beta.1",
47
+ "@webiny/api-file-manager": "5.39.1-beta.1",
48
+ "@webiny/api-i18n-ddb": "5.39.1-beta.1",
49
+ "@webiny/api-security-so-ddb": "5.39.1-beta.1",
50
+ "@webiny/api-tenancy-so-ddb": "5.39.1-beta.1",
51
+ "@webiny/api-wcp": "5.39.1-beta.1",
52
+ "@webiny/cli": "5.39.1-beta.1",
53
+ "@webiny/handler-aws": "5.39.1-beta.1",
54
+ "@webiny/plugins": "5.39.1-beta.1",
55
+ "@webiny/project-utils": "5.39.1-beta.1",
56
+ "@webiny/wcp": "5.39.1-beta.1",
57
57
  "graphql": "15.8.0",
58
58
  "prettier": "2.8.8",
59
59
  "rimraf": "3.0.2",
60
60
  "ttypescript": "1.5.15",
61
61
  "typescript": "4.7.4"
62
62
  },
63
- "gitHead": "3846541fd9c1764e6a8041f0b4208d720eb9c314"
63
+ "gitHead": "6fc74b45740bd4123dcf9b5890bfacee594208bf"
64
64
  }
@@ -54,6 +54,7 @@ export declare class FolderLevelPermissions {
54
54
  listAllFolders(folderType: string): Promise<Folder[]>;
55
55
  listAllFoldersWithPermissions(folderType: string): Promise<Folder[]>;
56
56
  invalidateCache(folderType?: string): void;
57
+ updateCache(folderType: string, modifier: (folders: Folder[]) => Folder[]): void;
57
58
  listFoldersPermissions(params: ListFolderPermissionsParams): Promise<FolderPermissionsList>;
58
59
  getFolderPermissions(params: GetFolderPermissionsParams): Promise<FolderPermissionsListItem | undefined>;
59
60
  canAccessFolder(params: CanAccessFolderParams): Promise<boolean>;
@@ -51,6 +51,10 @@ class FolderLevelPermissions {
51
51
  this.allFolders = {};
52
52
  }
53
53
  }
54
+ updateCache(folderType, modifier) {
55
+ const foldersClone = structuredClone(this.allFolders[folderType]) || [];
56
+ this.allFolders[folderType] = modifier(foldersClone);
57
+ }
54
58
  async listFoldersPermissions(params) {
55
59
  if (!this.canUseFolderLevelPermissions() || !this.isAuthorizationEnabled()) {
56
60
  return [];
@@ -1 +1 @@
1
- {"version":3,"names":["_apiSecurity","require","FolderLevelPermissions","allFolders","constructor","params","getIdentity","getIdentityTeam","listPermissions","listAllFoldersCallback","listAllFolders","canUseTeams","canUseFolderLevelPermissions","isAuthorizationEnabled","folderType","structuredClone","listAllFoldersWithPermissions","folders","filteredFoldersWithPermissions","filterFolders","rwd","assignFolderPermissions","invalidateCache","listFoldersPermissions","foldersList","identity","permissions","identityTeam","processedFolderPermissions","processFolderPermissions","folder","some","fp","folderId","id","currentFolderPermissions","map","permission","parentId","parentFolder","find","f","processedParentFolderPermissions","isPublicParentFolder","p","level","mustInherit","length","inheritedPermissions","inheritedFrom","push","currentIdentityIncludedInPermissions","target","currentIdentityPermissionIndex","findIndex","currentIdentityPermission","splice","unshift","hasFullAccess","name","teamPermission","mustAddPublicPermission","i","getFolderPermissions","folderPermissionsList","type","canAccessFolder","canAccessParentFolder","folderPermissions","managePermissions","ensureCanAccessFolder","NotAuthorizedError","canManageFolderPermissions","canManageFolderStructure","canManageFolderContent","canAccessFolderContent","ensureCanAccessFolderContent","canCreateFolderInRoot","filteredFolders","Array","isArray","permissionsIncludeNonInheritedPermissions","exports"],"sources":["FolderLevelPermissions.ts"],"sourcesContent":["import { Authentication } from \"@webiny/api-authentication/types\";\nimport { SecurityPermission, Team } from \"@webiny/api-security/types\";\nimport { Folder } from \"~/folder/folder.types\";\nimport { NotAuthorizedError } from \"@webiny/api-security\";\n\nexport type FolderAccessLevel = \"owner\" | \"viewer\" | \"editor\" | \"public\";\n\nexport interface FolderPermission {\n target: string;\n level: FolderAccessLevel;\n inheritedFrom?: string;\n}\n\nexport interface FolderPermissionsListItem {\n folderId: string;\n permissions: FolderPermission[];\n}\n\nexport type FolderPermissionsList = FolderPermissionsListItem[];\n\nexport interface CanAccessFolderContentParams {\n folder: Pick<Folder, \"id\" | \"type\" | \"parentId\">;\n rwd?: \"r\" | \"w\" | \"d\";\n foldersList?: Folder[];\n}\n\nexport interface CanAccessFolderParams extends CanAccessFolderContentParams {\n managePermissions?: boolean;\n}\n\ninterface FilterFoldersParams {\n folders: Array<Folder>;\n rwd?: \"r\" | \"w\" | \"d\";\n}\n\ninterface GetFolderPermissionsParams {\n folder: Pick<Folder, \"id\" | \"type\">;\n foldersList?: Folder[];\n}\n\ninterface ListFolderPermissionsParams {\n folderType: string;\n foldersList?: Folder[];\n}\n\nexport interface FolderLevelPermissionsParams {\n getIdentity: Authentication[\"getIdentity\"];\n getIdentityTeam: () => Promise<Team | null>;\n listPermissions: () => Promise<SecurityPermission[]>;\n listAllFolders: (folderType: string) => Promise<Folder[]>;\n canUseTeams: () => boolean;\n canUseFolderLevelPermissions: () => boolean;\n isAuthorizationEnabled: () => boolean;\n}\n\nexport class FolderLevelPermissions {\n private readonly getIdentity: Authentication[\"getIdentity\"];\n private readonly getIdentityTeam: () => Promise<Team | null>;\n private readonly listPermissions: () => Promise<SecurityPermission[]>;\n private readonly listAllFoldersCallback: (folderType: string) => Promise<Folder[]>;\n private readonly canUseTeams: () => boolean;\n private readonly canUseFolderLevelPermissions: () => boolean;\n private readonly isAuthorizationEnabled: () => boolean;\n private allFolders: Record<string, Folder[]> = {};\n\n constructor(params: FolderLevelPermissionsParams) {\n this.getIdentity = params.getIdentity;\n this.getIdentityTeam = params.getIdentityTeam;\n this.listPermissions = params.listPermissions;\n this.listAllFoldersCallback = params.listAllFolders;\n this.canUseTeams = params.canUseTeams;\n this.canUseFolderLevelPermissions = params.canUseFolderLevelPermissions;\n\n this.isAuthorizationEnabled = params.isAuthorizationEnabled;\n\n // TODO: resolve this issue.\n // We immediately enable authorization, because, at the moment, the rest of the system\n // requires us to have FLP always enabled. We must now disable it, even if the security's\n // `isAuthorizationEnabled` is set to false. To resolve this, we'll need to refactor CMS-based\n // CRUD files and have them use CMS storage operations instead of CMS CRUD methods.\n // We'll be handling this in the near future.\n this.isAuthorizationEnabled = () => true;\n }\n\n async listAllFolders(folderType: string): Promise<Folder[]> {\n if (folderType in this.allFolders) {\n return structuredClone(this.allFolders[folderType]);\n }\n\n this.allFolders[folderType] = await this.listAllFoldersCallback(folderType);\n return structuredClone(this.allFolders[folderType]);\n }\n\n async listAllFoldersWithPermissions(folderType: string) {\n const folders = await this.listAllFolders(folderType);\n\n // Filter folders based on permissions and assign permissions to each folder.\n const filteredFoldersWithPermissions = await this.filterFolders({\n folders,\n rwd: \"r\"\n });\n\n await this.assignFolderPermissions(filteredFoldersWithPermissions);\n\n return filteredFoldersWithPermissions;\n }\n\n invalidateCache(folderType?: string) {\n if (folderType) {\n if (folderType in this.allFolders) {\n delete this.allFolders[folderType];\n }\n } else {\n this.allFolders = {};\n }\n }\n\n async listFoldersPermissions(\n params: ListFolderPermissionsParams\n ): Promise<FolderPermissionsList> {\n if (!this.canUseFolderLevelPermissions() || !this.isAuthorizationEnabled()) {\n return [];\n }\n\n const { folderType, foldersList } = params;\n\n const allFolders = foldersList || (await this.listAllFolders(folderType));\n const identity = this.getIdentity();\n const permissions = await this.listPermissions();\n\n let identityTeam: Team | null;\n if (this.canUseTeams()) {\n identityTeam = await this.getIdentityTeam();\n }\n\n const processedFolderPermissions: FolderPermissionsListItem[] = [];\n\n const processFolderPermissions = (folder: Folder) => {\n if (processedFolderPermissions.some(fp => fp.folderId === folder.id)) {\n return;\n }\n\n // Copy permissions, so we don't modify the original object.\n const currentFolderPermissions: FolderPermissionsListItem = {\n folderId: folder.id,\n // On new folders, permissions can be `null`. Guard against that.\n permissions: folder.permissions?.map(permission => ({ ...permission })) || []\n };\n\n // Check for permissions inherited from parent folder.\n if (folder.parentId) {\n const parentFolder = allFolders!.find(f => f.id === folder.parentId)!;\n if (parentFolder) {\n // First check if the parent folder has already been processed.\n let processedParentFolderPermissions = processedFolderPermissions.find(\n fp => fp.folderId === parentFolder.id\n );\n\n // If not, process the parent folder.\n if (!processedParentFolderPermissions) {\n processFolderPermissions(parentFolder);\n processedParentFolderPermissions = processedFolderPermissions.find(\n fp => fp.folderId === folder.parentId\n );\n }\n\n // If the parent folder has permissions, let's add them to the current folder.\n if (processedParentFolderPermissions) {\n const isPublicParentFolder =\n processedParentFolderPermissions.permissions.some(\n p => p.level === \"public\"\n );\n\n // We inherit parent permissions if:\n // 1. the parent folder is not public or...\n // 2. ...the parent folder is public, but the current folder doesn't have any permissions set\n const mustInherit =\n !isPublicParentFolder ||\n currentFolderPermissions.permissions.length === 0;\n\n if (mustInherit) {\n const inheritedPermissions =\n processedParentFolderPermissions.permissions.map(p => {\n return {\n ...p,\n inheritedFrom:\n \"parent:\" + processedParentFolderPermissions!.folderId\n };\n });\n\n currentFolderPermissions.permissions.push(...inheritedPermissions);\n }\n }\n }\n }\n\n // Let's ensure current identity's permission is included in the permissions array.\n // We first check if the current identity is already included in the permissions array.\n // If not, we check if the user has full access or if the team user belongs to has access.\n const currentIdentityIncludedInPermissions = currentFolderPermissions.permissions.some(\n p => p.target === `admin:${identity.id}`\n );\n\n if (currentIdentityIncludedInPermissions) {\n // Ensure existing identity permission is always the first one in the array.\n const currentIdentityPermissionIndex =\n currentFolderPermissions.permissions.findIndex(\n p => p.target === `admin:${identity.id}`\n );\n\n if (currentIdentityPermissionIndex > 0) {\n const [currentIdentityPermission] = currentFolderPermissions.permissions.splice(\n currentIdentityPermissionIndex,\n 1\n );\n currentFolderPermissions.permissions.unshift(currentIdentityPermission);\n }\n } else {\n // Current identity not included in permissions? Let's add it.\n let currentIdentityPermission: FolderPermission | null = null;\n\n // 1. Check if the user has full access.\n const hasFullAccess = permissions.some(p => p.name === \"*\");\n if (hasFullAccess) {\n currentIdentityPermission = {\n target: `admin:${identity.id}`,\n level: \"owner\",\n inheritedFrom: \"role:full-access\"\n };\n } else if (identityTeam) {\n // 2. Check the team user belongs to grants access to the folder.\n const teamPermission = currentFolderPermissions.permissions.find(\n p => p.target === `team:${identityTeam!.id}`\n );\n\n if (teamPermission) {\n currentIdentityPermission = {\n target: `admin:${identity.id}`,\n level: teamPermission.level,\n inheritedFrom: \"team:\" + identityTeam!.id\n };\n }\n }\n\n if (currentIdentityPermission) {\n // If permission is found, let's add it to the beginning of the array.\n // We're doing this just because it looks nicer in the UI.\n currentFolderPermissions.permissions.unshift(currentIdentityPermission);\n }\n }\n\n // Note that this can only happen with root folders. All other (child) folders will\n // always have at least one permission (inherited from parent).\n const mustAddPublicPermission = currentFolderPermissions.permissions.length === 0;\n if (mustAddPublicPermission) {\n currentFolderPermissions.permissions = [\n {\n target: `admin:${identity.id}`,\n level: \"public\",\n inheritedFrom: \"public\"\n }\n ];\n }\n\n processedFolderPermissions.push(currentFolderPermissions);\n };\n\n for (let i = 0; i < allFolders!.length; i++) {\n const folder = allFolders![i];\n processFolderPermissions(folder);\n }\n\n return processedFolderPermissions;\n }\n\n async getFolderPermissions(\n params: GetFolderPermissionsParams\n ): Promise<FolderPermissionsListItem | undefined> {\n const { folder, foldersList } = params;\n const folderPermissionsList = await this.listFoldersPermissions({\n folderType: folder.type,\n foldersList\n });\n\n return folderPermissionsList.find(fp => fp.folderId === folder.id);\n }\n\n async canAccessFolder(params: CanAccessFolderParams) {\n if (!this.canUseFolderLevelPermissions() || !this.isAuthorizationEnabled()) {\n return true;\n }\n\n const { folder } = params;\n\n // We check for parent folder access first because the passed folder should be\n // inaccessible if the parent folder is inaccessible.\n if (folder.parentId) {\n let foldersList = params.foldersList;\n if (!foldersList) {\n foldersList = await this.listAllFolders(folder.type);\n }\n\n const parentFolder = foldersList.find(f => f.id === folder.parentId);\n if (parentFolder) {\n const canAccessParentFolder = await this.canAccessFolder({\n ...params,\n folder: parentFolder\n });\n\n if (!canAccessParentFolder) {\n return false;\n }\n }\n }\n\n const folderPermissions = await this.getFolderPermissions({\n folder,\n foldersList: params.foldersList\n });\n\n const identity = this.getIdentity();\n const currentIdentityPermission = folderPermissions?.permissions.find(p => {\n return p.target === `admin:${identity.id}`;\n });\n\n if (!currentIdentityPermission) {\n return false;\n }\n\n const { level } = currentIdentityPermission;\n\n if (params.managePermissions) {\n return level === \"owner\";\n }\n\n // Checking for \"write\" or \"delete\" access. Allow only if the\n // user is an owner or the folder is public (no FLP assigned).\n if (params.rwd !== \"r\") {\n return level === \"owner\" || level === \"public\";\n }\n\n return true;\n }\n\n async ensureCanAccessFolder(params: CanAccessFolderParams) {\n const canAccessFolder = await this.canAccessFolder(params);\n if (!canAccessFolder) {\n throw new NotAuthorizedError();\n }\n }\n\n canManageFolderPermissions(folder: Folder) {\n if (!this.canUseFolderLevelPermissions()) {\n return false;\n }\n\n if (!this.isAuthorizationEnabled()) {\n return true;\n }\n\n return this.canAccessFolder({ folder, rwd: \"w\", managePermissions: true });\n }\n\n canManageFolderStructure(folder: Folder) {\n if (!this.canUseFolderLevelPermissions() || !this.isAuthorizationEnabled()) {\n return true;\n }\n\n return this.canAccessFolder({ folder, rwd: \"w\" });\n }\n\n canManageFolderContent(folder: Folder) {\n if (!this.canUseFolderLevelPermissions() || !this.isAuthorizationEnabled()) {\n return true;\n }\n\n return this.canAccessFolderContent({ folder, rwd: \"w\" });\n }\n\n async canAccessFolderContent(params: CanAccessFolderContentParams) {\n if (!this.canUseFolderLevelPermissions() || !this.isAuthorizationEnabled()) {\n return true;\n }\n\n const { folder, foldersList } = params;\n\n const folderPermissions = await this.getFolderPermissions({\n folder,\n foldersList\n });\n\n const identity = this.getIdentity();\n const currentIdentityPermission = folderPermissions?.permissions.find(p => {\n return p.target === `admin:${identity.id}`;\n });\n\n if (!currentIdentityPermission) {\n return false;\n }\n\n // If the user is not an owner and we're checking for \"write\" or\n // \"delete\" access, then we can immediately return false.\n if (params.rwd !== \"r\") {\n const { level } = currentIdentityPermission;\n return level !== \"viewer\";\n }\n\n return true;\n }\n\n async ensureCanAccessFolderContent(params: CanAccessFolderContentParams) {\n const canAccessFolderContent = await this.canAccessFolderContent(params);\n if (!canAccessFolderContent) {\n throw new NotAuthorizedError();\n }\n }\n\n async canCreateFolderInRoot() {\n return true;\n }\n\n async filterFolders(params: FilterFoldersParams) {\n const filteredFolders: Folder[] = [];\n\n const { folders, rwd } = params;\n for (let i = 0; i < folders.length; i++) {\n const folder = folders[i];\n const canAccessFolder = await this.canAccessFolder({ folder, rwd });\n if (canAccessFolder) {\n filteredFolders.push(folder);\n }\n }\n\n return filteredFolders;\n }\n\n async assignFolderPermissions(folder: Folder | Folder[]) {\n const folders = Array.isArray(folder) ? folder : [folder];\n\n for (let i = 0; i < folders.length; i++) {\n const folder = folders[i];\n const folderPermissions = await this.getFolderPermissions({ folder });\n if (folderPermissions) {\n folder.permissions = folderPermissions.permissions;\n } else {\n folder.permissions = [];\n }\n }\n }\n\n permissionsIncludeNonInheritedPermissions(folderPermissionsList?: FolderPermission[]) {\n return folderPermissionsList?.some(p => !p.inheritedFrom);\n }\n}\n"],"mappings":";;;;;;AAGA,IAAAA,YAAA,GAAAC,OAAA;AAoDO,MAAMC,sBAAsB,CAAC;EAQxBC,UAAU,GAA6B,CAAC,CAAC;EAEjDC,WAAWA,CAACC,MAAoC,EAAE;IAC9C,IAAI,CAACC,WAAW,GAAGD,MAAM,CAACC,WAAW;IACrC,IAAI,CAACC,eAAe,GAAGF,MAAM,CAACE,eAAe;IAC7C,IAAI,CAACC,eAAe,GAAGH,MAAM,CAACG,eAAe;IAC7C,IAAI,CAACC,sBAAsB,GAAGJ,MAAM,CAACK,cAAc;IACnD,IAAI,CAACC,WAAW,GAAGN,MAAM,CAACM,WAAW;IACrC,IAAI,CAACC,4BAA4B,GAAGP,MAAM,CAACO,4BAA4B;IAEvE,IAAI,CAACC,sBAAsB,GAAGR,MAAM,CAACQ,sBAAsB;;IAE3D;IACA;IACA;IACA;IACA;IACA;IACA,IAAI,CAACA,sBAAsB,GAAG,MAAM,IAAI;EAC5C;EAEA,MAAMH,cAAcA,CAACI,UAAkB,EAAqB;IACxD,IAAIA,UAAU,IAAI,IAAI,CAACX,UAAU,EAAE;MAC/B,OAAOY,eAAe,CAAC,IAAI,CAACZ,UAAU,CAACW,UAAU,CAAC,CAAC;IACvD;IAEA,IAAI,CAACX,UAAU,CAACW,UAAU,CAAC,GAAG,MAAM,IAAI,CAACL,sBAAsB,CAACK,UAAU,CAAC;IAC3E,OAAOC,eAAe,CAAC,IAAI,CAACZ,UAAU,CAACW,UAAU,CAAC,CAAC;EACvD;EAEA,MAAME,6BAA6BA,CAACF,UAAkB,EAAE;IACpD,MAAMG,OAAO,GAAG,MAAM,IAAI,CAACP,cAAc,CAACI,UAAU,CAAC;;IAErD;IACA,MAAMI,8BAA8B,GAAG,MAAM,IAAI,CAACC,aAAa,CAAC;MAC5DF,OAAO;MACPG,GAAG,EAAE;IACT,CAAC,CAAC;IAEF,MAAM,IAAI,CAACC,uBAAuB,CAACH,8BAA8B,CAAC;IAElE,OAAOA,8BAA8B;EACzC;EAEAI,eAAeA,CAACR,UAAmB,EAAE;IACjC,IAAIA,UAAU,EAAE;MACZ,IAAIA,UAAU,IAAI,IAAI,CAACX,UAAU,EAAE;QAC/B,OAAO,IAAI,CAACA,UAAU,CAACW,UAAU,CAAC;MACtC;IACJ,CAAC,MAAM;MACH,IAAI,CAACX,UAAU,GAAG,CAAC,CAAC;IACxB;EACJ;EAEA,MAAMoB,sBAAsBA,CACxBlB,MAAmC,EACL;IAC9B,IAAI,CAAC,IAAI,CAACO,4BAA4B,CAAC,CAAC,IAAI,CAAC,IAAI,CAACC,sBAAsB,CAAC,CAAC,EAAE;MACxE,OAAO,EAAE;IACb;IAEA,MAAM;MAAEC,UAAU;MAAEU;IAAY,CAAC,GAAGnB,MAAM;IAE1C,MAAMF,UAAU,GAAGqB,WAAW,KAAK,MAAM,IAAI,CAACd,cAAc,CAACI,UAAU,CAAC,CAAC;IACzE,MAAMW,QAAQ,GAAG,IAAI,CAACnB,WAAW,CAAC,CAAC;IACnC,MAAMoB,WAAW,GAAG,MAAM,IAAI,CAAClB,eAAe,CAAC,CAAC;IAEhD,IAAImB,YAAyB;IAC7B,IAAI,IAAI,CAAChB,WAAW,CAAC,CAAC,EAAE;MACpBgB,YAAY,GAAG,MAAM,IAAI,CAACpB,eAAe,CAAC,CAAC;IAC/C;IAEA,MAAMqB,0BAAuD,GAAG,EAAE;IAElE,MAAMC,wBAAwB,GAAIC,MAAc,IAAK;MACjD,IAAIF,0BAA0B,CAACG,IAAI,CAACC,EAAE,IAAIA,EAAE,CAACC,QAAQ,KAAKH,MAAM,CAACI,EAAE,CAAC,EAAE;QAClE;MACJ;;MAEA;MACA,MAAMC,wBAAmD,GAAG;QACxDF,QAAQ,EAAEH,MAAM,CAACI,EAAE;QACnB;QACAR,WAAW,EAAEI,MAAM,CAACJ,WAAW,EAAEU,GAAG,CAACC,UAAU,KAAK;UAAE,GAAGA;QAAW,CAAC,CAAC,CAAC,IAAI;MAC/E,CAAC;;MAED;MACA,IAAIP,MAAM,CAACQ,QAAQ,EAAE;QACjB,MAAMC,YAAY,GAAGpC,UAAU,CAAEqC,IAAI,CAACC,CAAC,IAAIA,CAAC,CAACP,EAAE,KAAKJ,MAAM,CAACQ,QAAQ,CAAE;QACrE,IAAIC,YAAY,EAAE;UACd;UACA,IAAIG,gCAAgC,GAAGd,0BAA0B,CAACY,IAAI,CAClER,EAAE,IAAIA,EAAE,CAACC,QAAQ,KAAKM,YAAY,CAACL,EACvC,CAAC;;UAED;UACA,IAAI,CAACQ,gCAAgC,EAAE;YACnCb,wBAAwB,CAACU,YAAY,CAAC;YACtCG,gCAAgC,GAAGd,0BAA0B,CAACY,IAAI,CAC9DR,EAAE,IAAIA,EAAE,CAACC,QAAQ,KAAKH,MAAM,CAACQ,QACjC,CAAC;UACL;;UAEA;UACA,IAAII,gCAAgC,EAAE;YAClC,MAAMC,oBAAoB,GACtBD,gCAAgC,CAAChB,WAAW,CAACK,IAAI,CAC7Ca,CAAC,IAAIA,CAAC,CAACC,KAAK,KAAK,QACrB,CAAC;;YAEL;YACA;YACA;YACA,MAAMC,WAAW,GACb,CAACH,oBAAoB,IACrBR,wBAAwB,CAACT,WAAW,CAACqB,MAAM,KAAK,CAAC;YAErD,IAAID,WAAW,EAAE;cACb,MAAME,oBAAoB,GACtBN,gCAAgC,CAAChB,WAAW,CAACU,GAAG,CAACQ,CAAC,IAAI;gBAClD,OAAO;kBACH,GAAGA,CAAC;kBACJK,aAAa,EACT,SAAS,GAAGP,gCAAgC,CAAET;gBACtD,CAAC;cACL,CAAC,CAAC;cAENE,wBAAwB,CAACT,WAAW,CAACwB,IAAI,CAAC,GAAGF,oBAAoB,CAAC;YACtE;UACJ;QACJ;MACJ;;MAEA;MACA;MACA;MACA,MAAMG,oCAAoC,GAAGhB,wBAAwB,CAACT,WAAW,CAACK,IAAI,CAClFa,CAAC,IAAIA,CAAC,CAACQ,MAAM,KAAM,SAAQ3B,QAAQ,CAACS,EAAG,EAC3C,CAAC;MAED,IAAIiB,oCAAoC,EAAE;QACtC;QACA,MAAME,8BAA8B,GAChClB,wBAAwB,CAACT,WAAW,CAAC4B,SAAS,CAC1CV,CAAC,IAAIA,CAAC,CAACQ,MAAM,KAAM,SAAQ3B,QAAQ,CAACS,EAAG,EAC3C,CAAC;QAEL,IAAImB,8BAA8B,GAAG,CAAC,EAAE;UACpC,MAAM,CAACE,yBAAyB,CAAC,GAAGpB,wBAAwB,CAACT,WAAW,CAAC8B,MAAM,CAC3EH,8BAA8B,EAC9B,CACJ,CAAC;UACDlB,wBAAwB,CAACT,WAAW,CAAC+B,OAAO,CAACF,yBAAyB,CAAC;QAC3E;MACJ,CAAC,MAAM;QACH;QACA,IAAIA,yBAAkD,GAAG,IAAI;;QAE7D;QACA,MAAMG,aAAa,GAAGhC,WAAW,CAACK,IAAI,CAACa,CAAC,IAAIA,CAAC,CAACe,IAAI,KAAK,GAAG,CAAC;QAC3D,IAAID,aAAa,EAAE;UACfH,yBAAyB,GAAG;YACxBH,MAAM,EAAG,SAAQ3B,QAAQ,CAACS,EAAG,EAAC;YAC9BW,KAAK,EAAE,OAAO;YACdI,aAAa,EAAE;UACnB,CAAC;QACL,CAAC,MAAM,IAAItB,YAAY,EAAE;UACrB;UACA,MAAMiC,cAAc,GAAGzB,wBAAwB,CAACT,WAAW,CAACc,IAAI,CAC5DI,CAAC,IAAIA,CAAC,CAACQ,MAAM,KAAM,QAAOzB,YAAY,CAAEO,EAAG,EAC/C,CAAC;UAED,IAAI0B,cAAc,EAAE;YAChBL,yBAAyB,GAAG;cACxBH,MAAM,EAAG,SAAQ3B,QAAQ,CAACS,EAAG,EAAC;cAC9BW,KAAK,EAAEe,cAAc,CAACf,KAAK;cAC3BI,aAAa,EAAE,OAAO,GAAGtB,YAAY,CAAEO;YAC3C,CAAC;UACL;QACJ;QAEA,IAAIqB,yBAAyB,EAAE;UAC3B;UACA;UACApB,wBAAwB,CAACT,WAAW,CAAC+B,OAAO,CAACF,yBAAyB,CAAC;QAC3E;MACJ;;MAEA;MACA;MACA,MAAMM,uBAAuB,GAAG1B,wBAAwB,CAACT,WAAW,CAACqB,MAAM,KAAK,CAAC;MACjF,IAAIc,uBAAuB,EAAE;QACzB1B,wBAAwB,CAACT,WAAW,GAAG,CACnC;UACI0B,MAAM,EAAG,SAAQ3B,QAAQ,CAACS,EAAG,EAAC;UAC9BW,KAAK,EAAE,QAAQ;UACfI,aAAa,EAAE;QACnB,CAAC,CACJ;MACL;MAEArB,0BAA0B,CAACsB,IAAI,CAACf,wBAAwB,CAAC;IAC7D,CAAC;IAED,KAAK,IAAI2B,CAAC,GAAG,CAAC,EAAEA,CAAC,GAAG3D,UAAU,CAAE4C,MAAM,EAAEe,CAAC,EAAE,EAAE;MACzC,MAAMhC,MAAM,GAAG3B,UAAU,CAAE2D,CAAC,CAAC;MAC7BjC,wBAAwB,CAACC,MAAM,CAAC;IACpC;IAEA,OAAOF,0BAA0B;EACrC;EAEA,MAAMmC,oBAAoBA,CACtB1D,MAAkC,EACY;IAC9C,MAAM;MAAEyB,MAAM;MAAEN;IAAY,CAAC,GAAGnB,MAAM;IACtC,MAAM2D,qBAAqB,GAAG,MAAM,IAAI,CAACzC,sBAAsB,CAAC;MAC5DT,UAAU,EAAEgB,MAAM,CAACmC,IAAI;MACvBzC;IACJ,CAAC,CAAC;IAEF,OAAOwC,qBAAqB,CAACxB,IAAI,CAACR,EAAE,IAAIA,EAAE,CAACC,QAAQ,KAAKH,MAAM,CAACI,EAAE,CAAC;EACtE;EAEA,MAAMgC,eAAeA,CAAC7D,MAA6B,EAAE;IACjD,IAAI,CAAC,IAAI,CAACO,4BAA4B,CAAC,CAAC,IAAI,CAAC,IAAI,CAACC,sBAAsB,CAAC,CAAC,EAAE;MACxE,OAAO,IAAI;IACf;IAEA,MAAM;MAAEiB;IAAO,CAAC,GAAGzB,MAAM;;IAEzB;IACA;IACA,IAAIyB,MAAM,CAACQ,QAAQ,EAAE;MACjB,IAAId,WAAW,GAAGnB,MAAM,CAACmB,WAAW;MACpC,IAAI,CAACA,WAAW,EAAE;QACdA,WAAW,GAAG,MAAM,IAAI,CAACd,cAAc,CAACoB,MAAM,CAACmC,IAAI,CAAC;MACxD;MAEA,MAAM1B,YAAY,GAAGf,WAAW,CAACgB,IAAI,CAACC,CAAC,IAAIA,CAAC,CAACP,EAAE,KAAKJ,MAAM,CAACQ,QAAQ,CAAC;MACpE,IAAIC,YAAY,EAAE;QACd,MAAM4B,qBAAqB,GAAG,MAAM,IAAI,CAACD,eAAe,CAAC;UACrD,GAAG7D,MAAM;UACTyB,MAAM,EAAES;QACZ,CAAC,CAAC;QAEF,IAAI,CAAC4B,qBAAqB,EAAE;UACxB,OAAO,KAAK;QAChB;MACJ;IACJ;IAEA,MAAMC,iBAAiB,GAAG,MAAM,IAAI,CAACL,oBAAoB,CAAC;MACtDjC,MAAM;MACNN,WAAW,EAAEnB,MAAM,CAACmB;IACxB,CAAC,CAAC;IAEF,MAAMC,QAAQ,GAAG,IAAI,CAACnB,WAAW,CAAC,CAAC;IACnC,MAAMiD,yBAAyB,GAAGa,iBAAiB,EAAE1C,WAAW,CAACc,IAAI,CAACI,CAAC,IAAI;MACvE,OAAOA,CAAC,CAACQ,MAAM,KAAM,SAAQ3B,QAAQ,CAACS,EAAG,EAAC;IAC9C,CAAC,CAAC;IAEF,IAAI,CAACqB,yBAAyB,EAAE;MAC5B,OAAO,KAAK;IAChB;IAEA,MAAM;MAAEV;IAAM,CAAC,GAAGU,yBAAyB;IAE3C,IAAIlD,MAAM,CAACgE,iBAAiB,EAAE;MAC1B,OAAOxB,KAAK,KAAK,OAAO;IAC5B;;IAEA;IACA;IACA,IAAIxC,MAAM,CAACe,GAAG,KAAK,GAAG,EAAE;MACpB,OAAOyB,KAAK,KAAK,OAAO,IAAIA,KAAK,KAAK,QAAQ;IAClD;IAEA,OAAO,IAAI;EACf;EAEA,MAAMyB,qBAAqBA,CAACjE,MAA6B,EAAE;IACvD,MAAM6D,eAAe,GAAG,MAAM,IAAI,CAACA,eAAe,CAAC7D,MAAM,CAAC;IAC1D,IAAI,CAAC6D,eAAe,EAAE;MAClB,MAAM,IAAIK,+BAAkB,CAAC,CAAC;IAClC;EACJ;EAEAC,0BAA0BA,CAAC1C,MAAc,EAAE;IACvC,IAAI,CAAC,IAAI,CAAClB,4BAA4B,CAAC,CAAC,EAAE;MACtC,OAAO,KAAK;IAChB;IAEA,IAAI,CAAC,IAAI,CAACC,sBAAsB,CAAC,CAAC,EAAE;MAChC,OAAO,IAAI;IACf;IAEA,OAAO,IAAI,CAACqD,eAAe,CAAC;MAAEpC,MAAM;MAAEV,GAAG,EAAE,GAAG;MAAEiD,iBAAiB,EAAE;IAAK,CAAC,CAAC;EAC9E;EAEAI,wBAAwBA,CAAC3C,MAAc,EAAE;IACrC,IAAI,CAAC,IAAI,CAAClB,4BAA4B,CAAC,CAAC,IAAI,CAAC,IAAI,CAACC,sBAAsB,CAAC,CAAC,EAAE;MACxE,OAAO,IAAI;IACf;IAEA,OAAO,IAAI,CAACqD,eAAe,CAAC;MAAEpC,MAAM;MAAEV,GAAG,EAAE;IAAI,CAAC,CAAC;EACrD;EAEAsD,sBAAsBA,CAAC5C,MAAc,EAAE;IACnC,IAAI,CAAC,IAAI,CAAClB,4BAA4B,CAAC,CAAC,IAAI,CAAC,IAAI,CAACC,sBAAsB,CAAC,CAAC,EAAE;MACxE,OAAO,IAAI;IACf;IAEA,OAAO,IAAI,CAAC8D,sBAAsB,CAAC;MAAE7C,MAAM;MAAEV,GAAG,EAAE;IAAI,CAAC,CAAC;EAC5D;EAEA,MAAMuD,sBAAsBA,CAACtE,MAAoC,EAAE;IAC/D,IAAI,CAAC,IAAI,CAACO,4BAA4B,CAAC,CAAC,IAAI,CAAC,IAAI,CAACC,sBAAsB,CAAC,CAAC,EAAE;MACxE,OAAO,IAAI;IACf;IAEA,MAAM;MAAEiB,MAAM;MAAEN;IAAY,CAAC,GAAGnB,MAAM;IAEtC,MAAM+D,iBAAiB,GAAG,MAAM,IAAI,CAACL,oBAAoB,CAAC;MACtDjC,MAAM;MACNN;IACJ,CAAC,CAAC;IAEF,MAAMC,QAAQ,GAAG,IAAI,CAACnB,WAAW,CAAC,CAAC;IACnC,MAAMiD,yBAAyB,GAAGa,iBAAiB,EAAE1C,WAAW,CAACc,IAAI,CAACI,CAAC,IAAI;MACvE,OAAOA,CAAC,CAACQ,MAAM,KAAM,SAAQ3B,QAAQ,CAACS,EAAG,EAAC;IAC9C,CAAC,CAAC;IAEF,IAAI,CAACqB,yBAAyB,EAAE;MAC5B,OAAO,KAAK;IAChB;;IAEA;IACA;IACA,IAAIlD,MAAM,CAACe,GAAG,KAAK,GAAG,EAAE;MACpB,MAAM;QAAEyB;MAAM,CAAC,GAAGU,yBAAyB;MAC3C,OAAOV,KAAK,KAAK,QAAQ;IAC7B;IAEA,OAAO,IAAI;EACf;EAEA,MAAM+B,4BAA4BA,CAACvE,MAAoC,EAAE;IACrE,MAAMsE,sBAAsB,GAAG,MAAM,IAAI,CAACA,sBAAsB,CAACtE,MAAM,CAAC;IACxE,IAAI,CAACsE,sBAAsB,EAAE;MACzB,MAAM,IAAIJ,+BAAkB,CAAC,CAAC;IAClC;EACJ;EAEA,MAAMM,qBAAqBA,CAAA,EAAG;IAC1B,OAAO,IAAI;EACf;EAEA,MAAM1D,aAAaA,CAACd,MAA2B,EAAE;IAC7C,MAAMyE,eAAyB,GAAG,EAAE;IAEpC,MAAM;MAAE7D,OAAO;MAAEG;IAAI,CAAC,GAAGf,MAAM;IAC/B,KAAK,IAAIyD,CAAC,GAAG,CAAC,EAAEA,CAAC,GAAG7C,OAAO,CAAC8B,MAAM,EAAEe,CAAC,EAAE,EAAE;MACrC,MAAMhC,MAAM,GAAGb,OAAO,CAAC6C,CAAC,CAAC;MACzB,MAAMI,eAAe,GAAG,MAAM,IAAI,CAACA,eAAe,CAAC;QAAEpC,MAAM;QAAEV;MAAI,CAAC,CAAC;MACnE,IAAI8C,eAAe,EAAE;QACjBY,eAAe,CAAC5B,IAAI,CAACpB,MAAM,CAAC;MAChC;IACJ;IAEA,OAAOgD,eAAe;EAC1B;EAEA,MAAMzD,uBAAuBA,CAACS,MAAyB,EAAE;IACrD,MAAMb,OAAO,GAAG8D,KAAK,CAACC,OAAO,CAAClD,MAAM,CAAC,GAAGA,MAAM,GAAG,CAACA,MAAM,CAAC;IAEzD,KAAK,IAAIgC,CAAC,GAAG,CAAC,EAAEA,CAAC,GAAG7C,OAAO,CAAC8B,MAAM,EAAEe,CAAC,EAAE,EAAE;MACrC,MAAMhC,MAAM,GAAGb,OAAO,CAAC6C,CAAC,CAAC;MACzB,MAAMM,iBAAiB,GAAG,MAAM,IAAI,CAACL,oBAAoB,CAAC;QAAEjC;MAAO,CAAC,CAAC;MACrE,IAAIsC,iBAAiB,EAAE;QACnBtC,MAAM,CAACJ,WAAW,GAAG0C,iBAAiB,CAAC1C,WAAW;MACtD,CAAC,MAAM;QACHI,MAAM,CAACJ,WAAW,GAAG,EAAE;MAC3B;IACJ;EACJ;EAEAuD,yCAAyCA,CAACjB,qBAA0C,EAAE;IAClF,OAAOA,qBAAqB,EAAEjC,IAAI,CAACa,CAAC,IAAI,CAACA,CAAC,CAACK,aAAa,CAAC;EAC7D;AACJ;AAACiC,OAAA,CAAAhF,sBAAA,GAAAA,sBAAA"}
1
+ {"version":3,"names":["_apiSecurity","require","FolderLevelPermissions","allFolders","constructor","params","getIdentity","getIdentityTeam","listPermissions","listAllFoldersCallback","listAllFolders","canUseTeams","canUseFolderLevelPermissions","isAuthorizationEnabled","folderType","structuredClone","listAllFoldersWithPermissions","folders","filteredFoldersWithPermissions","filterFolders","rwd","assignFolderPermissions","invalidateCache","updateCache","modifier","foldersClone","listFoldersPermissions","foldersList","identity","permissions","identityTeam","processedFolderPermissions","processFolderPermissions","folder","some","fp","folderId","id","currentFolderPermissions","map","permission","parentId","parentFolder","find","f","processedParentFolderPermissions","isPublicParentFolder","p","level","mustInherit","length","inheritedPermissions","inheritedFrom","push","currentIdentityIncludedInPermissions","target","currentIdentityPermissionIndex","findIndex","currentIdentityPermission","splice","unshift","hasFullAccess","name","teamPermission","mustAddPublicPermission","i","getFolderPermissions","folderPermissionsList","type","canAccessFolder","canAccessParentFolder","folderPermissions","managePermissions","ensureCanAccessFolder","NotAuthorizedError","canManageFolderPermissions","canManageFolderStructure","canManageFolderContent","canAccessFolderContent","ensureCanAccessFolderContent","canCreateFolderInRoot","filteredFolders","Array","isArray","permissionsIncludeNonInheritedPermissions","exports"],"sources":["FolderLevelPermissions.ts"],"sourcesContent":["import { Authentication } from \"@webiny/api-authentication/types\";\nimport { SecurityPermission, Team } from \"@webiny/api-security/types\";\nimport { Folder } from \"~/folder/folder.types\";\nimport { NotAuthorizedError } from \"@webiny/api-security\";\n\nexport type FolderAccessLevel = \"owner\" | \"viewer\" | \"editor\" | \"public\";\n\nexport interface FolderPermission {\n target: string;\n level: FolderAccessLevel;\n inheritedFrom?: string;\n}\n\nexport interface FolderPermissionsListItem {\n folderId: string;\n permissions: FolderPermission[];\n}\n\nexport type FolderPermissionsList = FolderPermissionsListItem[];\n\nexport interface CanAccessFolderContentParams {\n folder: Pick<Folder, \"id\" | \"type\" | \"parentId\">;\n rwd?: \"r\" | \"w\" | \"d\";\n foldersList?: Folder[];\n}\n\nexport interface CanAccessFolderParams extends CanAccessFolderContentParams {\n managePermissions?: boolean;\n}\n\ninterface FilterFoldersParams {\n folders: Array<Folder>;\n rwd?: \"r\" | \"w\" | \"d\";\n}\n\ninterface GetFolderPermissionsParams {\n folder: Pick<Folder, \"id\" | \"type\">;\n foldersList?: Folder[];\n}\n\ninterface ListFolderPermissionsParams {\n folderType: string;\n foldersList?: Folder[];\n}\n\nexport interface FolderLevelPermissionsParams {\n getIdentity: Authentication[\"getIdentity\"];\n getIdentityTeam: () => Promise<Team | null>;\n listPermissions: () => Promise<SecurityPermission[]>;\n listAllFolders: (folderType: string) => Promise<Folder[]>;\n canUseTeams: () => boolean;\n canUseFolderLevelPermissions: () => boolean;\n isAuthorizationEnabled: () => boolean;\n}\n\nexport class FolderLevelPermissions {\n private readonly getIdentity: Authentication[\"getIdentity\"];\n private readonly getIdentityTeam: () => Promise<Team | null>;\n private readonly listPermissions: () => Promise<SecurityPermission[]>;\n private readonly listAllFoldersCallback: (folderType: string) => Promise<Folder[]>;\n private readonly canUseTeams: () => boolean;\n private readonly canUseFolderLevelPermissions: () => boolean;\n private readonly isAuthorizationEnabled: () => boolean;\n private allFolders: Record<string, Folder[]> = {};\n\n constructor(params: FolderLevelPermissionsParams) {\n this.getIdentity = params.getIdentity;\n this.getIdentityTeam = params.getIdentityTeam;\n this.listPermissions = params.listPermissions;\n this.listAllFoldersCallback = params.listAllFolders;\n this.canUseTeams = params.canUseTeams;\n this.canUseFolderLevelPermissions = params.canUseFolderLevelPermissions;\n\n this.isAuthorizationEnabled = params.isAuthorizationEnabled;\n\n // TODO: resolve this issue.\n // We immediately enable authorization, because, at the moment, the rest of the system\n // requires us to have FLP always enabled. We must now disable it, even if the security's\n // `isAuthorizationEnabled` is set to false. To resolve this, we'll need to refactor CMS-based\n // CRUD files and have them use CMS storage operations instead of CMS CRUD methods.\n // We'll be handling this in the near future.\n this.isAuthorizationEnabled = () => true;\n }\n\n async listAllFolders(folderType: string): Promise<Folder[]> {\n if (folderType in this.allFolders) {\n return structuredClone(this.allFolders[folderType]);\n }\n\n this.allFolders[folderType] = await this.listAllFoldersCallback(folderType);\n return structuredClone(this.allFolders[folderType]);\n }\n\n async listAllFoldersWithPermissions(folderType: string) {\n const folders = await this.listAllFolders(folderType);\n\n // Filter folders based on permissions and assign permissions to each folder.\n const filteredFoldersWithPermissions = await this.filterFolders({\n folders,\n rwd: \"r\"\n });\n\n await this.assignFolderPermissions(filteredFoldersWithPermissions);\n\n return filteredFoldersWithPermissions;\n }\n\n invalidateCache(folderType?: string) {\n if (folderType) {\n if (folderType in this.allFolders) {\n delete this.allFolders[folderType];\n }\n } else {\n this.allFolders = {};\n }\n }\n\n updateCache(folderType: string, modifier: (folders: Folder[]) => Folder[]) {\n const foldersClone = structuredClone(this.allFolders[folderType]) || [];\n this.allFolders[folderType] = modifier(foldersClone);\n }\n\n async listFoldersPermissions(\n params: ListFolderPermissionsParams\n ): Promise<FolderPermissionsList> {\n if (!this.canUseFolderLevelPermissions() || !this.isAuthorizationEnabled()) {\n return [];\n }\n\n const { folderType, foldersList } = params;\n\n const allFolders = foldersList || (await this.listAllFolders(folderType));\n const identity = this.getIdentity();\n const permissions = await this.listPermissions();\n\n let identityTeam: Team | null;\n if (this.canUseTeams()) {\n identityTeam = await this.getIdentityTeam();\n }\n\n const processedFolderPermissions: FolderPermissionsListItem[] = [];\n\n const processFolderPermissions = (folder: Folder) => {\n if (processedFolderPermissions.some(fp => fp.folderId === folder.id)) {\n return;\n }\n\n // Copy permissions, so we don't modify the original object.\n const currentFolderPermissions: FolderPermissionsListItem = {\n folderId: folder.id,\n // On new folders, permissions can be `null`. Guard against that.\n permissions: folder.permissions?.map(permission => ({ ...permission })) || []\n };\n\n // Check for permissions inherited from parent folder.\n if (folder.parentId) {\n const parentFolder = allFolders!.find(f => f.id === folder.parentId)!;\n if (parentFolder) {\n // First check if the parent folder has already been processed.\n let processedParentFolderPermissions = processedFolderPermissions.find(\n fp => fp.folderId === parentFolder.id\n );\n\n // If not, process the parent folder.\n if (!processedParentFolderPermissions) {\n processFolderPermissions(parentFolder);\n processedParentFolderPermissions = processedFolderPermissions.find(\n fp => fp.folderId === folder.parentId\n );\n }\n\n // If the parent folder has permissions, let's add them to the current folder.\n if (processedParentFolderPermissions) {\n const isPublicParentFolder =\n processedParentFolderPermissions.permissions.some(\n p => p.level === \"public\"\n );\n\n // We inherit parent permissions if:\n // 1. the parent folder is not public or...\n // 2. ...the parent folder is public, but the current folder doesn't have any permissions set\n const mustInherit =\n !isPublicParentFolder ||\n currentFolderPermissions.permissions.length === 0;\n\n if (mustInherit) {\n const inheritedPermissions =\n processedParentFolderPermissions.permissions.map(p => {\n return {\n ...p,\n inheritedFrom:\n \"parent:\" + processedParentFolderPermissions!.folderId\n };\n });\n\n currentFolderPermissions.permissions.push(...inheritedPermissions);\n }\n }\n }\n }\n\n // Let's ensure current identity's permission is included in the permissions array.\n // We first check if the current identity is already included in the permissions array.\n // If not, we check if the user has full access or if the team user belongs to has access.\n const currentIdentityIncludedInPermissions = currentFolderPermissions.permissions.some(\n p => p.target === `admin:${identity.id}`\n );\n\n if (currentIdentityIncludedInPermissions) {\n // Ensure existing identity permission is always the first one in the array.\n const currentIdentityPermissionIndex =\n currentFolderPermissions.permissions.findIndex(\n p => p.target === `admin:${identity.id}`\n );\n\n if (currentIdentityPermissionIndex > 0) {\n const [currentIdentityPermission] = currentFolderPermissions.permissions.splice(\n currentIdentityPermissionIndex,\n 1\n );\n currentFolderPermissions.permissions.unshift(currentIdentityPermission);\n }\n } else {\n // Current identity not included in permissions? Let's add it.\n let currentIdentityPermission: FolderPermission | null = null;\n\n // 1. Check if the user has full access.\n const hasFullAccess = permissions.some(p => p.name === \"*\");\n if (hasFullAccess) {\n currentIdentityPermission = {\n target: `admin:${identity.id}`,\n level: \"owner\",\n inheritedFrom: \"role:full-access\"\n };\n } else if (identityTeam) {\n // 2. Check the team user belongs to grants access to the folder.\n const teamPermission = currentFolderPermissions.permissions.find(\n p => p.target === `team:${identityTeam!.id}`\n );\n\n if (teamPermission) {\n currentIdentityPermission = {\n target: `admin:${identity.id}`,\n level: teamPermission.level,\n inheritedFrom: \"team:\" + identityTeam!.id\n };\n }\n }\n\n if (currentIdentityPermission) {\n // If permission is found, let's add it to the beginning of the array.\n // We're doing this just because it looks nicer in the UI.\n currentFolderPermissions.permissions.unshift(currentIdentityPermission);\n }\n }\n\n // Note that this can only happen with root folders. All other (child) folders will\n // always have at least one permission (inherited from parent).\n const mustAddPublicPermission = currentFolderPermissions.permissions.length === 0;\n if (mustAddPublicPermission) {\n currentFolderPermissions.permissions = [\n {\n target: `admin:${identity.id}`,\n level: \"public\",\n inheritedFrom: \"public\"\n }\n ];\n }\n\n processedFolderPermissions.push(currentFolderPermissions);\n };\n\n for (let i = 0; i < allFolders!.length; i++) {\n const folder = allFolders![i];\n processFolderPermissions(folder);\n }\n\n return processedFolderPermissions;\n }\n\n async getFolderPermissions(\n params: GetFolderPermissionsParams\n ): Promise<FolderPermissionsListItem | undefined> {\n const { folder, foldersList } = params;\n const folderPermissionsList = await this.listFoldersPermissions({\n folderType: folder.type,\n foldersList\n });\n\n return folderPermissionsList.find(fp => fp.folderId === folder.id);\n }\n\n async canAccessFolder(params: CanAccessFolderParams) {\n if (!this.canUseFolderLevelPermissions() || !this.isAuthorizationEnabled()) {\n return true;\n }\n\n const { folder } = params;\n\n // We check for parent folder access first because the passed folder should be\n // inaccessible if the parent folder is inaccessible.\n if (folder.parentId) {\n let foldersList = params.foldersList;\n if (!foldersList) {\n foldersList = await this.listAllFolders(folder.type);\n }\n\n const parentFolder = foldersList.find(f => f.id === folder.parentId);\n if (parentFolder) {\n const canAccessParentFolder = await this.canAccessFolder({\n ...params,\n folder: parentFolder\n });\n\n if (!canAccessParentFolder) {\n return false;\n }\n }\n }\n\n const folderPermissions = await this.getFolderPermissions({\n folder,\n foldersList: params.foldersList\n });\n\n const identity = this.getIdentity();\n const currentIdentityPermission = folderPermissions?.permissions.find(p => {\n return p.target === `admin:${identity.id}`;\n });\n\n if (!currentIdentityPermission) {\n return false;\n }\n\n const { level } = currentIdentityPermission;\n\n if (params.managePermissions) {\n return level === \"owner\";\n }\n\n // Checking for \"write\" or \"delete\" access. Allow only if the\n // user is an owner or the folder is public (no FLP assigned).\n if (params.rwd !== \"r\") {\n return level === \"owner\" || level === \"public\";\n }\n\n return true;\n }\n\n async ensureCanAccessFolder(params: CanAccessFolderParams) {\n const canAccessFolder = await this.canAccessFolder(params);\n if (!canAccessFolder) {\n throw new NotAuthorizedError();\n }\n }\n\n canManageFolderPermissions(folder: Folder) {\n if (!this.canUseFolderLevelPermissions()) {\n return false;\n }\n\n if (!this.isAuthorizationEnabled()) {\n return true;\n }\n\n return this.canAccessFolder({ folder, rwd: \"w\", managePermissions: true });\n }\n\n canManageFolderStructure(folder: Folder) {\n if (!this.canUseFolderLevelPermissions() || !this.isAuthorizationEnabled()) {\n return true;\n }\n\n return this.canAccessFolder({ folder, rwd: \"w\" });\n }\n\n canManageFolderContent(folder: Folder) {\n if (!this.canUseFolderLevelPermissions() || !this.isAuthorizationEnabled()) {\n return true;\n }\n\n return this.canAccessFolderContent({ folder, rwd: \"w\" });\n }\n\n async canAccessFolderContent(params: CanAccessFolderContentParams) {\n if (!this.canUseFolderLevelPermissions() || !this.isAuthorizationEnabled()) {\n return true;\n }\n\n const { folder, foldersList } = params;\n\n const folderPermissions = await this.getFolderPermissions({\n folder,\n foldersList\n });\n\n const identity = this.getIdentity();\n const currentIdentityPermission = folderPermissions?.permissions.find(p => {\n return p.target === `admin:${identity.id}`;\n });\n\n if (!currentIdentityPermission) {\n return false;\n }\n\n // If the user is not an owner and we're checking for \"write\" or\n // \"delete\" access, then we can immediately return false.\n if (params.rwd !== \"r\") {\n const { level } = currentIdentityPermission;\n return level !== \"viewer\";\n }\n\n return true;\n }\n\n async ensureCanAccessFolderContent(params: CanAccessFolderContentParams) {\n const canAccessFolderContent = await this.canAccessFolderContent(params);\n if (!canAccessFolderContent) {\n throw new NotAuthorizedError();\n }\n }\n\n async canCreateFolderInRoot() {\n return true;\n }\n\n async filterFolders(params: FilterFoldersParams) {\n const filteredFolders: Folder[] = [];\n\n const { folders, rwd } = params;\n for (let i = 0; i < folders.length; i++) {\n const folder = folders[i];\n const canAccessFolder = await this.canAccessFolder({ folder, rwd });\n if (canAccessFolder) {\n filteredFolders.push(folder);\n }\n }\n\n return filteredFolders;\n }\n\n async assignFolderPermissions(folder: Folder | Folder[]) {\n const folders = Array.isArray(folder) ? folder : [folder];\n\n for (let i = 0; i < folders.length; i++) {\n const folder = folders[i];\n const folderPermissions = await this.getFolderPermissions({ folder });\n if (folderPermissions) {\n folder.permissions = folderPermissions.permissions;\n } else {\n folder.permissions = [];\n }\n }\n }\n\n permissionsIncludeNonInheritedPermissions(folderPermissionsList?: FolderPermission[]) {\n return folderPermissionsList?.some(p => !p.inheritedFrom);\n }\n}\n"],"mappings":";;;;;;AAGA,IAAAA,YAAA,GAAAC,OAAA;AAoDO,MAAMC,sBAAsB,CAAC;EAQxBC,UAAU,GAA6B,CAAC,CAAC;EAEjDC,WAAWA,CAACC,MAAoC,EAAE;IAC9C,IAAI,CAACC,WAAW,GAAGD,MAAM,CAACC,WAAW;IACrC,IAAI,CAACC,eAAe,GAAGF,MAAM,CAACE,eAAe;IAC7C,IAAI,CAACC,eAAe,GAAGH,MAAM,CAACG,eAAe;IAC7C,IAAI,CAACC,sBAAsB,GAAGJ,MAAM,CAACK,cAAc;IACnD,IAAI,CAACC,WAAW,GAAGN,MAAM,CAACM,WAAW;IACrC,IAAI,CAACC,4BAA4B,GAAGP,MAAM,CAACO,4BAA4B;IAEvE,IAAI,CAACC,sBAAsB,GAAGR,MAAM,CAACQ,sBAAsB;;IAE3D;IACA;IACA;IACA;IACA;IACA;IACA,IAAI,CAACA,sBAAsB,GAAG,MAAM,IAAI;EAC5C;EAEA,MAAMH,cAAcA,CAACI,UAAkB,EAAqB;IACxD,IAAIA,UAAU,IAAI,IAAI,CAACX,UAAU,EAAE;MAC/B,OAAOY,eAAe,CAAC,IAAI,CAACZ,UAAU,CAACW,UAAU,CAAC,CAAC;IACvD;IAEA,IAAI,CAACX,UAAU,CAACW,UAAU,CAAC,GAAG,MAAM,IAAI,CAACL,sBAAsB,CAACK,UAAU,CAAC;IAC3E,OAAOC,eAAe,CAAC,IAAI,CAACZ,UAAU,CAACW,UAAU,CAAC,CAAC;EACvD;EAEA,MAAME,6BAA6BA,CAACF,UAAkB,EAAE;IACpD,MAAMG,OAAO,GAAG,MAAM,IAAI,CAACP,cAAc,CAACI,UAAU,CAAC;;IAErD;IACA,MAAMI,8BAA8B,GAAG,MAAM,IAAI,CAACC,aAAa,CAAC;MAC5DF,OAAO;MACPG,GAAG,EAAE;IACT,CAAC,CAAC;IAEF,MAAM,IAAI,CAACC,uBAAuB,CAACH,8BAA8B,CAAC;IAElE,OAAOA,8BAA8B;EACzC;EAEAI,eAAeA,CAACR,UAAmB,EAAE;IACjC,IAAIA,UAAU,EAAE;MACZ,IAAIA,UAAU,IAAI,IAAI,CAACX,UAAU,EAAE;QAC/B,OAAO,IAAI,CAACA,UAAU,CAACW,UAAU,CAAC;MACtC;IACJ,CAAC,MAAM;MACH,IAAI,CAACX,UAAU,GAAG,CAAC,CAAC;IACxB;EACJ;EAEAoB,WAAWA,CAACT,UAAkB,EAAEU,QAAyC,EAAE;IACvE,MAAMC,YAAY,GAAGV,eAAe,CAAC,IAAI,CAACZ,UAAU,CAACW,UAAU,CAAC,CAAC,IAAI,EAAE;IACvE,IAAI,CAACX,UAAU,CAACW,UAAU,CAAC,GAAGU,QAAQ,CAACC,YAAY,CAAC;EACxD;EAEA,MAAMC,sBAAsBA,CACxBrB,MAAmC,EACL;IAC9B,IAAI,CAAC,IAAI,CAACO,4BAA4B,CAAC,CAAC,IAAI,CAAC,IAAI,CAACC,sBAAsB,CAAC,CAAC,EAAE;MACxE,OAAO,EAAE;IACb;IAEA,MAAM;MAAEC,UAAU;MAAEa;IAAY,CAAC,GAAGtB,MAAM;IAE1C,MAAMF,UAAU,GAAGwB,WAAW,KAAK,MAAM,IAAI,CAACjB,cAAc,CAACI,UAAU,CAAC,CAAC;IACzE,MAAMc,QAAQ,GAAG,IAAI,CAACtB,WAAW,CAAC,CAAC;IACnC,MAAMuB,WAAW,GAAG,MAAM,IAAI,CAACrB,eAAe,CAAC,CAAC;IAEhD,IAAIsB,YAAyB;IAC7B,IAAI,IAAI,CAACnB,WAAW,CAAC,CAAC,EAAE;MACpBmB,YAAY,GAAG,MAAM,IAAI,CAACvB,eAAe,CAAC,CAAC;IAC/C;IAEA,MAAMwB,0BAAuD,GAAG,EAAE;IAElE,MAAMC,wBAAwB,GAAIC,MAAc,IAAK;MACjD,IAAIF,0BAA0B,CAACG,IAAI,CAACC,EAAE,IAAIA,EAAE,CAACC,QAAQ,KAAKH,MAAM,CAACI,EAAE,CAAC,EAAE;QAClE;MACJ;;MAEA;MACA,MAAMC,wBAAmD,GAAG;QACxDF,QAAQ,EAAEH,MAAM,CAACI,EAAE;QACnB;QACAR,WAAW,EAAEI,MAAM,CAACJ,WAAW,EAAEU,GAAG,CAACC,UAAU,KAAK;UAAE,GAAGA;QAAW,CAAC,CAAC,CAAC,IAAI;MAC/E,CAAC;;MAED;MACA,IAAIP,MAAM,CAACQ,QAAQ,EAAE;QACjB,MAAMC,YAAY,GAAGvC,UAAU,CAAEwC,IAAI,CAACC,CAAC,IAAIA,CAAC,CAACP,EAAE,KAAKJ,MAAM,CAACQ,QAAQ,CAAE;QACrE,IAAIC,YAAY,EAAE;UACd;UACA,IAAIG,gCAAgC,GAAGd,0BAA0B,CAACY,IAAI,CAClER,EAAE,IAAIA,EAAE,CAACC,QAAQ,KAAKM,YAAY,CAACL,EACvC,CAAC;;UAED;UACA,IAAI,CAACQ,gCAAgC,EAAE;YACnCb,wBAAwB,CAACU,YAAY,CAAC;YACtCG,gCAAgC,GAAGd,0BAA0B,CAACY,IAAI,CAC9DR,EAAE,IAAIA,EAAE,CAACC,QAAQ,KAAKH,MAAM,CAACQ,QACjC,CAAC;UACL;;UAEA;UACA,IAAII,gCAAgC,EAAE;YAClC,MAAMC,oBAAoB,GACtBD,gCAAgC,CAAChB,WAAW,CAACK,IAAI,CAC7Ca,CAAC,IAAIA,CAAC,CAACC,KAAK,KAAK,QACrB,CAAC;;YAEL;YACA;YACA;YACA,MAAMC,WAAW,GACb,CAACH,oBAAoB,IACrBR,wBAAwB,CAACT,WAAW,CAACqB,MAAM,KAAK,CAAC;YAErD,IAAID,WAAW,EAAE;cACb,MAAME,oBAAoB,GACtBN,gCAAgC,CAAChB,WAAW,CAACU,GAAG,CAACQ,CAAC,IAAI;gBAClD,OAAO;kBACH,GAAGA,CAAC;kBACJK,aAAa,EACT,SAAS,GAAGP,gCAAgC,CAAET;gBACtD,CAAC;cACL,CAAC,CAAC;cAENE,wBAAwB,CAACT,WAAW,CAACwB,IAAI,CAAC,GAAGF,oBAAoB,CAAC;YACtE;UACJ;QACJ;MACJ;;MAEA;MACA;MACA;MACA,MAAMG,oCAAoC,GAAGhB,wBAAwB,CAACT,WAAW,CAACK,IAAI,CAClFa,CAAC,IAAIA,CAAC,CAACQ,MAAM,KAAM,SAAQ3B,QAAQ,CAACS,EAAG,EAC3C,CAAC;MAED,IAAIiB,oCAAoC,EAAE;QACtC;QACA,MAAME,8BAA8B,GAChClB,wBAAwB,CAACT,WAAW,CAAC4B,SAAS,CAC1CV,CAAC,IAAIA,CAAC,CAACQ,MAAM,KAAM,SAAQ3B,QAAQ,CAACS,EAAG,EAC3C,CAAC;QAEL,IAAImB,8BAA8B,GAAG,CAAC,EAAE;UACpC,MAAM,CAACE,yBAAyB,CAAC,GAAGpB,wBAAwB,CAACT,WAAW,CAAC8B,MAAM,CAC3EH,8BAA8B,EAC9B,CACJ,CAAC;UACDlB,wBAAwB,CAACT,WAAW,CAAC+B,OAAO,CAACF,yBAAyB,CAAC;QAC3E;MACJ,CAAC,MAAM;QACH;QACA,IAAIA,yBAAkD,GAAG,IAAI;;QAE7D;QACA,MAAMG,aAAa,GAAGhC,WAAW,CAACK,IAAI,CAACa,CAAC,IAAIA,CAAC,CAACe,IAAI,KAAK,GAAG,CAAC;QAC3D,IAAID,aAAa,EAAE;UACfH,yBAAyB,GAAG;YACxBH,MAAM,EAAG,SAAQ3B,QAAQ,CAACS,EAAG,EAAC;YAC9BW,KAAK,EAAE,OAAO;YACdI,aAAa,EAAE;UACnB,CAAC;QACL,CAAC,MAAM,IAAItB,YAAY,EAAE;UACrB;UACA,MAAMiC,cAAc,GAAGzB,wBAAwB,CAACT,WAAW,CAACc,IAAI,CAC5DI,CAAC,IAAIA,CAAC,CAACQ,MAAM,KAAM,QAAOzB,YAAY,CAAEO,EAAG,EAC/C,CAAC;UAED,IAAI0B,cAAc,EAAE;YAChBL,yBAAyB,GAAG;cACxBH,MAAM,EAAG,SAAQ3B,QAAQ,CAACS,EAAG,EAAC;cAC9BW,KAAK,EAAEe,cAAc,CAACf,KAAK;cAC3BI,aAAa,EAAE,OAAO,GAAGtB,YAAY,CAAEO;YAC3C,CAAC;UACL;QACJ;QAEA,IAAIqB,yBAAyB,EAAE;UAC3B;UACA;UACApB,wBAAwB,CAACT,WAAW,CAAC+B,OAAO,CAACF,yBAAyB,CAAC;QAC3E;MACJ;;MAEA;MACA;MACA,MAAMM,uBAAuB,GAAG1B,wBAAwB,CAACT,WAAW,CAACqB,MAAM,KAAK,CAAC;MACjF,IAAIc,uBAAuB,EAAE;QACzB1B,wBAAwB,CAACT,WAAW,GAAG,CACnC;UACI0B,MAAM,EAAG,SAAQ3B,QAAQ,CAACS,EAAG,EAAC;UAC9BW,KAAK,EAAE,QAAQ;UACfI,aAAa,EAAE;QACnB,CAAC,CACJ;MACL;MAEArB,0BAA0B,CAACsB,IAAI,CAACf,wBAAwB,CAAC;IAC7D,CAAC;IAED,KAAK,IAAI2B,CAAC,GAAG,CAAC,EAAEA,CAAC,GAAG9D,UAAU,CAAE+C,MAAM,EAAEe,CAAC,EAAE,EAAE;MACzC,MAAMhC,MAAM,GAAG9B,UAAU,CAAE8D,CAAC,CAAC;MAC7BjC,wBAAwB,CAACC,MAAM,CAAC;IACpC;IAEA,OAAOF,0BAA0B;EACrC;EAEA,MAAMmC,oBAAoBA,CACtB7D,MAAkC,EACY;IAC9C,MAAM;MAAE4B,MAAM;MAAEN;IAAY,CAAC,GAAGtB,MAAM;IACtC,MAAM8D,qBAAqB,GAAG,MAAM,IAAI,CAACzC,sBAAsB,CAAC;MAC5DZ,UAAU,EAAEmB,MAAM,CAACmC,IAAI;MACvBzC;IACJ,CAAC,CAAC;IAEF,OAAOwC,qBAAqB,CAACxB,IAAI,CAACR,EAAE,IAAIA,EAAE,CAACC,QAAQ,KAAKH,MAAM,CAACI,EAAE,CAAC;EACtE;EAEA,MAAMgC,eAAeA,CAAChE,MAA6B,EAAE;IACjD,IAAI,CAAC,IAAI,CAACO,4BAA4B,CAAC,CAAC,IAAI,CAAC,IAAI,CAACC,sBAAsB,CAAC,CAAC,EAAE;MACxE,OAAO,IAAI;IACf;IAEA,MAAM;MAAEoB;IAAO,CAAC,GAAG5B,MAAM;;IAEzB;IACA;IACA,IAAI4B,MAAM,CAACQ,QAAQ,EAAE;MACjB,IAAId,WAAW,GAAGtB,MAAM,CAACsB,WAAW;MACpC,IAAI,CAACA,WAAW,EAAE;QACdA,WAAW,GAAG,MAAM,IAAI,CAACjB,cAAc,CAACuB,MAAM,CAACmC,IAAI,CAAC;MACxD;MAEA,MAAM1B,YAAY,GAAGf,WAAW,CAACgB,IAAI,CAACC,CAAC,IAAIA,CAAC,CAACP,EAAE,KAAKJ,MAAM,CAACQ,QAAQ,CAAC;MACpE,IAAIC,YAAY,EAAE;QACd,MAAM4B,qBAAqB,GAAG,MAAM,IAAI,CAACD,eAAe,CAAC;UACrD,GAAGhE,MAAM;UACT4B,MAAM,EAAES;QACZ,CAAC,CAAC;QAEF,IAAI,CAAC4B,qBAAqB,EAAE;UACxB,OAAO,KAAK;QAChB;MACJ;IACJ;IAEA,MAAMC,iBAAiB,GAAG,MAAM,IAAI,CAACL,oBAAoB,CAAC;MACtDjC,MAAM;MACNN,WAAW,EAAEtB,MAAM,CAACsB;IACxB,CAAC,CAAC;IAEF,MAAMC,QAAQ,GAAG,IAAI,CAACtB,WAAW,CAAC,CAAC;IACnC,MAAMoD,yBAAyB,GAAGa,iBAAiB,EAAE1C,WAAW,CAACc,IAAI,CAACI,CAAC,IAAI;MACvE,OAAOA,CAAC,CAACQ,MAAM,KAAM,SAAQ3B,QAAQ,CAACS,EAAG,EAAC;IAC9C,CAAC,CAAC;IAEF,IAAI,CAACqB,yBAAyB,EAAE;MAC5B,OAAO,KAAK;IAChB;IAEA,MAAM;MAAEV;IAAM,CAAC,GAAGU,yBAAyB;IAE3C,IAAIrD,MAAM,CAACmE,iBAAiB,EAAE;MAC1B,OAAOxB,KAAK,KAAK,OAAO;IAC5B;;IAEA;IACA;IACA,IAAI3C,MAAM,CAACe,GAAG,KAAK,GAAG,EAAE;MACpB,OAAO4B,KAAK,KAAK,OAAO,IAAIA,KAAK,KAAK,QAAQ;IAClD;IAEA,OAAO,IAAI;EACf;EAEA,MAAMyB,qBAAqBA,CAACpE,MAA6B,EAAE;IACvD,MAAMgE,eAAe,GAAG,MAAM,IAAI,CAACA,eAAe,CAAChE,MAAM,CAAC;IAC1D,IAAI,CAACgE,eAAe,EAAE;MAClB,MAAM,IAAIK,+BAAkB,CAAC,CAAC;IAClC;EACJ;EAEAC,0BAA0BA,CAAC1C,MAAc,EAAE;IACvC,IAAI,CAAC,IAAI,CAACrB,4BAA4B,CAAC,CAAC,EAAE;MACtC,OAAO,KAAK;IAChB;IAEA,IAAI,CAAC,IAAI,CAACC,sBAAsB,CAAC,CAAC,EAAE;MAChC,OAAO,IAAI;IACf;IAEA,OAAO,IAAI,CAACwD,eAAe,CAAC;MAAEpC,MAAM;MAAEb,GAAG,EAAE,GAAG;MAAEoD,iBAAiB,EAAE;IAAK,CAAC,CAAC;EAC9E;EAEAI,wBAAwBA,CAAC3C,MAAc,EAAE;IACrC,IAAI,CAAC,IAAI,CAACrB,4BAA4B,CAAC,CAAC,IAAI,CAAC,IAAI,CAACC,sBAAsB,CAAC,CAAC,EAAE;MACxE,OAAO,IAAI;IACf;IAEA,OAAO,IAAI,CAACwD,eAAe,CAAC;MAAEpC,MAAM;MAAEb,GAAG,EAAE;IAAI,CAAC,CAAC;EACrD;EAEAyD,sBAAsBA,CAAC5C,MAAc,EAAE;IACnC,IAAI,CAAC,IAAI,CAACrB,4BAA4B,CAAC,CAAC,IAAI,CAAC,IAAI,CAACC,sBAAsB,CAAC,CAAC,EAAE;MACxE,OAAO,IAAI;IACf;IAEA,OAAO,IAAI,CAACiE,sBAAsB,CAAC;MAAE7C,MAAM;MAAEb,GAAG,EAAE;IAAI,CAAC,CAAC;EAC5D;EAEA,MAAM0D,sBAAsBA,CAACzE,MAAoC,EAAE;IAC/D,IAAI,CAAC,IAAI,CAACO,4BAA4B,CAAC,CAAC,IAAI,CAAC,IAAI,CAACC,sBAAsB,CAAC,CAAC,EAAE;MACxE,OAAO,IAAI;IACf;IAEA,MAAM;MAAEoB,MAAM;MAAEN;IAAY,CAAC,GAAGtB,MAAM;IAEtC,MAAMkE,iBAAiB,GAAG,MAAM,IAAI,CAACL,oBAAoB,CAAC;MACtDjC,MAAM;MACNN;IACJ,CAAC,CAAC;IAEF,MAAMC,QAAQ,GAAG,IAAI,CAACtB,WAAW,CAAC,CAAC;IACnC,MAAMoD,yBAAyB,GAAGa,iBAAiB,EAAE1C,WAAW,CAACc,IAAI,CAACI,CAAC,IAAI;MACvE,OAAOA,CAAC,CAACQ,MAAM,KAAM,SAAQ3B,QAAQ,CAACS,EAAG,EAAC;IAC9C,CAAC,CAAC;IAEF,IAAI,CAACqB,yBAAyB,EAAE;MAC5B,OAAO,KAAK;IAChB;;IAEA;IACA;IACA,IAAIrD,MAAM,CAACe,GAAG,KAAK,GAAG,EAAE;MACpB,MAAM;QAAE4B;MAAM,CAAC,GAAGU,yBAAyB;MAC3C,OAAOV,KAAK,KAAK,QAAQ;IAC7B;IAEA,OAAO,IAAI;EACf;EAEA,MAAM+B,4BAA4BA,CAAC1E,MAAoC,EAAE;IACrE,MAAMyE,sBAAsB,GAAG,MAAM,IAAI,CAACA,sBAAsB,CAACzE,MAAM,CAAC;IACxE,IAAI,CAACyE,sBAAsB,EAAE;MACzB,MAAM,IAAIJ,+BAAkB,CAAC,CAAC;IAClC;EACJ;EAEA,MAAMM,qBAAqBA,CAAA,EAAG;IAC1B,OAAO,IAAI;EACf;EAEA,MAAM7D,aAAaA,CAACd,MAA2B,EAAE;IAC7C,MAAM4E,eAAyB,GAAG,EAAE;IAEpC,MAAM;MAAEhE,OAAO;MAAEG;IAAI,CAAC,GAAGf,MAAM;IAC/B,KAAK,IAAI4D,CAAC,GAAG,CAAC,EAAEA,CAAC,GAAGhD,OAAO,CAACiC,MAAM,EAAEe,CAAC,EAAE,EAAE;MACrC,MAAMhC,MAAM,GAAGhB,OAAO,CAACgD,CAAC,CAAC;MACzB,MAAMI,eAAe,GAAG,MAAM,IAAI,CAACA,eAAe,CAAC;QAAEpC,MAAM;QAAEb;MAAI,CAAC,CAAC;MACnE,IAAIiD,eAAe,EAAE;QACjBY,eAAe,CAAC5B,IAAI,CAACpB,MAAM,CAAC;MAChC;IACJ;IAEA,OAAOgD,eAAe;EAC1B;EAEA,MAAM5D,uBAAuBA,CAACY,MAAyB,EAAE;IACrD,MAAMhB,OAAO,GAAGiE,KAAK,CAACC,OAAO,CAAClD,MAAM,CAAC,GAAGA,MAAM,GAAG,CAACA,MAAM,CAAC;IAEzD,KAAK,IAAIgC,CAAC,GAAG,CAAC,EAAEA,CAAC,GAAGhD,OAAO,CAACiC,MAAM,EAAEe,CAAC,EAAE,EAAE;MACrC,MAAMhC,MAAM,GAAGhB,OAAO,CAACgD,CAAC,CAAC;MACzB,MAAMM,iBAAiB,GAAG,MAAM,IAAI,CAACL,oBAAoB,CAAC;QAAEjC;MAAO,CAAC,CAAC;MACrE,IAAIsC,iBAAiB,EAAE;QACnBtC,MAAM,CAACJ,WAAW,GAAG0C,iBAAiB,CAAC1C,WAAW;MACtD,CAAC,MAAM;QACHI,MAAM,CAACJ,WAAW,GAAG,EAAE;MAC3B;IACJ;EACJ;EAEAuD,yCAAyCA,CAACjB,qBAA0C,EAAE;IAClF,OAAOA,qBAAqB,EAAEjC,IAAI,CAACa,CAAC,IAAI,CAACA,CAAC,CAACK,aAAa,CAAC;EAC7D;AACJ;AAACiC,OAAA,CAAAnF,sBAAA,GAAAA,sBAAA"}
@@ -1,3 +1,3 @@
1
1
  import { ErrorResponse, ListResponse, Response } from "@webiny/handler-graphql";
2
- export declare const resolve: (fn: () => Promise<any>) => Promise<ErrorResponse | Response<any>>;
2
+ export declare const resolve: (fn: () => Promise<any>) => Promise<Response<any> | ErrorResponse>;
3
3
  export declare const resolveList: (fn: () => Promise<any>) => Promise<ErrorResponse | ListResponse<unknown, any>>;