npm - @webiny/api-aco - Versions diffs - 5.43.0-beta.0 → 5.43.0-beta.2 - Mend

@webiny/api-aco 5.43.0-beta.0 → 5.43.0-beta.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (384) hide show

package/utils/FolderLevelPermissions.d.ts DELETED Viewed

@@ -1,75 +0,0 @@
-import { Authentication } from "@webiny/api-authentication/types";
-import { SecurityPermission, Team } from "@webiny/api-security/types";
-import { Folder, ListFoldersParams } from "../folder/folder.types";
-import { ListMeta } from "../types";
-export type FolderAccessLevel = "owner" | "viewer" | "editor" | "public";
-export interface FolderPermission {
-    target: string;
-    level: FolderAccessLevel;
-    inheritedFrom?: string;
-}
-export interface FolderPermissionsListItem {
-    folderId: string;
-    permissions: FolderPermission[];
-}
-export type FolderPermissionsList = FolderPermissionsListItem[];
-export interface CanAccessFolderContentParams {
-    folder: Pick<Folder, "id" | "type" | "parentId">;
-    rwd?: "r" | "w" | "d";
-    foldersList?: Folder[];
-}
-export interface CanAccessFolderParams extends CanAccessFolderContentParams {
-    managePermissions?: boolean;
-}
-interface FilterFoldersParams {
-    folders: Array<Folder>;
-    rwd?: "r" | "w" | "d";
-}
-interface GetFolderPermissionsParams {
-    folder: Pick<Folder, "id" | "type">;
-    foldersList?: Folder[];
-}
-interface ListFolderPermissionsParams {
-    folderType: string;
-    foldersList?: Folder[];
-}
-export interface FolderLevelPermissionsParams {
-    getIdentity: Authentication["getIdentity"];
-    listIdentityTeams: () => Promise<Team[]>;
-    listPermissions: () => Promise<SecurityPermission[]>;
-    listAllFolders: (params: ListFoldersParams) => Promise<[Folder[], ListMeta]>;
-    canUseTeams: () => boolean;
-    canUseFolderLevelPermissions: () => boolean;
-    isAuthorizationEnabled: () => boolean;
-}
-export declare class FolderLevelPermissions {
-    canUseFolderLevelPermissions: () => boolean;
-    private readonly getIdentity;
-    private readonly listIdentityTeams;
-    private readonly listPermissions;
-    private readonly canUseTeams;
-    private readonly isAuthorizationEnabled;
-    private foldersPermissionsLists;
-    private foldersLoader;
-    constructor(params: FolderLevelPermissionsParams);
-    listAllFolders(folderType: string): Promise<Folder[]>;
-    listAllFoldersWithPermissions(folderType: string): Promise<Folder[]>;
-    invalidateFoldersCache(folderType?: string): void;
-    invalidateFoldersPermissionsListCache(folderType?: string): void;
-    addFolderToCache(folderType: string, folder: Folder): void;
-    updateFoldersCache(folderType: string, modifier: (folder: Folder) => Folder): void;
-    listFoldersPermissions(params: ListFolderPermissionsParams): Promise<FolderPermissionsList>;
-    getFolderPermissions(params: GetFolderPermissionsParams): Promise<FolderPermissionsListItem | undefined>;
-    canAccessFolder(params: CanAccessFolderParams): Promise<boolean>;
-    ensureCanAccessFolder(params: CanAccessFolderParams): Promise<void>;
-    canManageFolderPermissions(folder: Folder): boolean | Promise<boolean>;
-    canManageFolderStructure(folder: Folder): true | Promise<boolean>;
-    canManageFolderContent(folder: Folder): true | Promise<boolean>;
-    canAccessFolderContent(params: CanAccessFolderContentParams): Promise<boolean>;
-    ensureCanAccessFolderContent(params: CanAccessFolderContentParams): Promise<void>;
-    canCreateFolderInRoot(): Promise<boolean>;
-    filterFolders(params: FilterFoldersParams): Promise<Folder[]>;
-    assignFolderPermissions(folder: Folder | Folder[]): Promise<void>;
-    permissionsIncludeNonInheritedPermissions(folderPermissionsList?: FolderPermission[]): boolean | undefined;
-}
-export {};

package/utils/FolderLevelPermissions.js DELETED Viewed

@@ -1,390 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.FolderLevelPermissions = void 0;
-var _apiSecurity = require("@webiny/api-security");
-var _ListFoldersRepository = require("./ListFoldersRepository");
-var _FoldersCacheFactory = require("./FoldersCacheFactory");
-class FolderLevelPermissions {
-  foldersPermissionsLists = {};
-  constructor(params) {
-    this.getIdentity = params.getIdentity;
-    this.listIdentityTeams = params.listIdentityTeams;
-    this.listPermissions = params.listPermissions;
-    this.canUseTeams = params.canUseTeams;
-    this.canUseFolderLevelPermissions = () => {
-      const identity = this.getIdentity();
-      // FLPs only work with authenticated identities (logged-in users).
-      if (!identity) {
-        return false;
-      }
-      // At the moment, we only want FLP to be used with identities of type "admin".
-      // This temporarily addresses the issue of API keys not being able to access content, because
-      // FLPs doesn't work with them. Once we start adding FLPs to API keys, we can remove this check.
-      if (identity.type !== "admin") {
-        return false;
-      }
-      return params.canUseFolderLevelPermissions();
-    };
-    this.isAuthorizationEnabled = params.isAuthorizationEnabled;
-    // Delete the cache on constructor to avoid duplicated permissions lists,
-    // especially when calculating permissions based on folder parents.
-    _FoldersCacheFactory.folderCacheFactory.deleteCache();
-    this.foldersLoader = new _ListFoldersRepository.ListFoldersRepository({
-      gateway: params.listAllFolders
-    });
-  }
-  async listAllFolders(folderType) {
-    return await this.foldersLoader.execute(folderType);
-  }
-  async listAllFoldersWithPermissions(folderType) {
-    const folders = await this.listAllFolders(folderType);
-    // Filter folders based on permissions and assign permissions to each folder.
-    const filteredFoldersWithPermissions = await this.filterFolders({
-      folders,
-      rwd: "r"
-    });
-    await this.assignFolderPermissions(filteredFoldersWithPermissions);
-    return filteredFoldersWithPermissions;
-  }
-  invalidateFoldersCache(folderType) {
-    if (folderType) {
-      _FoldersCacheFactory.folderCacheFactory.getCache(folderType).clear();
-    } else {
-      _FoldersCacheFactory.folderCacheFactory.deleteCache();
-    }
-  }
-  invalidateFoldersPermissionsListCache(folderType) {
-    if (folderType) {
-      if (folderType in this.foldersPermissionsLists) {
-        delete this.foldersPermissionsLists[folderType];
-      }
-    } else {
-      _FoldersCacheFactory.folderCacheFactory.deleteCache();
-    }
-  }
-  addFolderToCache(folderType, folder) {
-    _FoldersCacheFactory.folderCacheFactory.getCache(folderType).addItems([folder]);
-  }
-  updateFoldersCache(folderType, modifier) {
-    _FoldersCacheFactory.folderCacheFactory.getCache(folderType).updateItems(modifier);
-  }
-  async listFoldersPermissions(params) {
-    const existingFoldersPermissionsList = this.foldersPermissionsLists[params.folderType];
-    if (existingFoldersPermissionsList) {
-      return existingFoldersPermissionsList;
-    }
-    this.foldersPermissionsLists[params.folderType] = new Promise(async resolve => {
-      if (!this.canUseFolderLevelPermissions() || !this.isAuthorizationEnabled()) {
-        resolve([]);
-        return;
-      }
-      const {
-        folderType,
-        foldersList
-      } = params;
-      const allFolders = foldersList || (await this.listAllFolders(folderType));
-      const identity = this.getIdentity();
-      const permissions = await this.listPermissions();
-      let identityTeams;
-      if (this.canUseTeams()) {
-        identityTeams = await this.listIdentityTeams();
-      }
-      const processedFolderPermissions = [];
-      const processFolderPermissions = folder => {
-        if (processedFolderPermissions.some(fp => fp.folderId === folder.id)) {
-          return;
-        }
-        // Copy permissions, so we don't modify the original object.
-        const currentFolderPermissions = {
-          folderId: folder.id,
-          // On new folders, permissions can be `null`. Guard against that.
-          permissions: folder.permissions?.map(permission => ({
-            ...permission
-          })) || []
-        };
-        // Check for permissions inherited from parent folder.
-        if (folder.parentId) {
-          const parentFolder = allFolders.find(f => f.id === folder.parentId);
-          if (parentFolder) {
-            // First check if the parent folder has already been processed.
-            let processedParentFolderPermissions = processedFolderPermissions.find(fp => fp.folderId === parentFolder.id);
-            // If not, process the parent folder.
-            if (!processedParentFolderPermissions) {
-              processFolderPermissions(parentFolder);
-              processedParentFolderPermissions = processedFolderPermissions.find(fp => fp.folderId === folder.parentId);
-            }
-            // If the parent folder has permissions, let's add them to the current folder.
-            if (processedParentFolderPermissions) {
-              const isPublicParentFolder = processedParentFolderPermissions.permissions.some(p => p.level === "public");
-              // We inherit parent permissions if:
-              // 1. the parent folder is not public or...
-              // 2. ...the parent folder is public, but the current folder doesn't have any permissions set
-              const mustInherit = !isPublicParentFolder || currentFolderPermissions.permissions.length === 0;
-              if (mustInherit) {
-                const inheritedPermissions = processedParentFolderPermissions.permissions.map(p => {
-                  return {
-                    ...p,
-                    inheritedFrom: "parent:" + processedParentFolderPermissions.folderId
-                  };
-                });
-                currentFolderPermissions.permissions.push(...inheritedPermissions);
-              }
-            }
-          }
-        }
-        // Let's ensure current identity's permission is included in the permissions array.
-        // We first check if the current identity is already included in the permissions array.
-        // If not, we check if the user has full access or if the team user belongs to has access.
-        const currentIdentityIncludedInPermissions = currentFolderPermissions.permissions.some(p => p.target === `admin:${identity.id}`);
-        const hasFullAccess = permissions.some(p => p.name === "*");
-        if (currentIdentityIncludedInPermissions) {
-          // 1. Ensure existing identity permission is always the first one in the array.
-          const currentIdentityPermissionIndex = currentFolderPermissions.permissions.findIndex(p => p.target === `admin:${identity.id}`);
-          if (currentIdentityPermissionIndex > 0) {
-            const [currentIdentityPermission] = currentFolderPermissions.permissions.splice(currentIdentityPermissionIndex, 1);
-            currentFolderPermissions.permissions.unshift(currentIdentityPermission);
-          }
-          // 2. We must ensure current identity has the "owner" level if they possess full access
-          // based on security permissions. This protects us from non-full-access users restricting
-          // access to full-access users. This should not happen. Full-access users should always
-          // be in control of the permissions for a folder.
-          if (hasFullAccess) {
-            const accessInheritedFrom = currentFolderPermissions.permissions[0].inheritedFrom;
-            // Why are we checking for non-existence of `accessInheritedFrom`?
-            // Because if it doesn't exist, it means the permission is not inherited from
-            // a parent folder, which means it's a direct permission set on the folder.
-            // In this case, we must ensure the permission is set to "owner".
-            if (!accessInheritedFrom) {
-              currentFolderPermissions.permissions[0] = {
-                target: `admin:${identity.id}`,
-                level: "owner",
-                inheritedFrom: "role:full-access"
-              };
-            }
-          }
-        } else {
-          // Current identity not included in permissions? Let's add it.
-          let currentIdentityPermission = null;
-          // 1. Check if the user has full access.
-          if (hasFullAccess) {
-            currentIdentityPermission = {
-              target: `admin:${identity.id}`,
-              level: "owner",
-              inheritedFrom: "role:full-access"
-            };
-          } else if (identityTeams.length) {
-            // 2. Check the teams user belongs to and that grant access to the folder.
-            for (const identityTeam of identityTeams) {
-              const teamPermission = currentFolderPermissions.permissions.find(p => p.target === `team:${identityTeam.id}`);
-              if (teamPermission) {
-                currentIdentityPermission = {
-                  target: `admin:${identity.id}`,
-                  level: teamPermission.level,
-                  inheritedFrom: "team:" + identityTeam.id
-                };
-              }
-            }
-          }
-          if (currentIdentityPermission) {
-            // If permission is found, let's add it to the beginning of the array.
-            // We're doing this just because it looks nicer in the UI.
-            currentFolderPermissions.permissions.unshift(currentIdentityPermission);
-          }
-        }
-        // Note that this can only happen with root folders. All other (child) folders will
-        // always have at least one permission (inherited from parent).
-        const mustAddPublicPermission = currentFolderPermissions.permissions.length === 0;
-        if (mustAddPublicPermission) {
-          currentFolderPermissions.permissions = [{
-            target: `admin:${identity.id}`,
-            level: "public",
-            inheritedFrom: "public"
-          }];
-        }
-        processedFolderPermissions.push(currentFolderPermissions);
-      };
-      for (let i = 0; i < allFolders.length; i++) {
-        const folder = allFolders[i];
-        processFolderPermissions(folder);
-      }
-      resolve(processedFolderPermissions);
-      return;
-      //return processedFolderPermissions;
-    });
-    return this.foldersPermissionsLists[params.folderType];
-  }
-  async getFolderPermissions(params) {
-    const {
-      folder,
-      foldersList
-    } = params;
-    const folderPermissionsList = await this.listFoldersPermissions({
-      folderType: folder.type,
-      foldersList
-    });
-    return folderPermissionsList.find(fp => fp.folderId === folder.id);
-  }
-  async canAccessFolder(params) {
-    if (!this.canUseFolderLevelPermissions() || !this.isAuthorizationEnabled()) {
-      return true;
-    }
-    const {
-      folder
-    } = params;
-    const folderPermissions = await this.getFolderPermissions({
-      folder,
-      foldersList: params.foldersList
-    });
-    const identity = this.getIdentity();
-    const currentIdentityPermission = folderPermissions?.permissions.find(p => {
-      return p.target === `admin:${identity.id}`;
-    });
-    if (!currentIdentityPermission) {
-      return false;
-    }
-    const {
-      level
-    } = currentIdentityPermission;
-    if (params.managePermissions) {
-      return level === "owner";
-    }
-    // Checking for "write" or "delete" access. Allow only if the
-    // user is an owner or the folder is public (no FLP assigned).
-    if (params.rwd !== "r") {
-      return level === "owner" || level === "public";
-    }
-    return true;
-  }
-  async ensureCanAccessFolder(params) {
-    const canAccessFolder = await this.canAccessFolder(params);
-    if (!canAccessFolder) {
-      throw new _apiSecurity.NotAuthorizedError();
-    }
-  }
-  canManageFolderPermissions(folder) {
-    if (!this.canUseFolderLevelPermissions()) {
-      return false;
-    }
-    if (!this.isAuthorizationEnabled()) {
-      return true;
-    }
-    return this.canAccessFolder({
-      folder,
-      rwd: "w",
-      managePermissions: true
-    });
-  }
-  canManageFolderStructure(folder) {
-    if (!this.canUseFolderLevelPermissions() || !this.isAuthorizationEnabled()) {
-      return true;
-    }
-    return this.canAccessFolder({
-      folder,
-      rwd: "w"
-    });
-  }
-  canManageFolderContent(folder) {
-    if (!this.canUseFolderLevelPermissions() || !this.isAuthorizationEnabled()) {
-      return true;
-    }
-    return this.canAccessFolderContent({
-      folder,
-      rwd: "w"
-    });
-  }
-  async canAccessFolderContent(params) {
-    if (!this.canUseFolderLevelPermissions() || !this.isAuthorizationEnabled()) {
-      return true;
-    }
-    const {
-      folder,
-      foldersList
-    } = params;
-    const folderPermissions = await this.getFolderPermissions({
-      folder,
-      foldersList
-    });
-    const identity = this.getIdentity();
-    const currentIdentityPermission = folderPermissions?.permissions.find(p => {
-      return p.target === `admin:${identity.id}`;
-    });
-    if (!currentIdentityPermission) {
-      return false;
-    }
-    // If the user is not an owner and we're checking for "write" or
-    // "delete" access, then we can immediately return false.
-    if (params.rwd !== "r") {
-      const {
-        level
-      } = currentIdentityPermission;
-      return level !== "viewer";
-    }
-    return true;
-  }
-  async ensureCanAccessFolderContent(params) {
-    const canAccessFolderContent = await this.canAccessFolderContent(params);
-    if (!canAccessFolderContent) {
-      throw new _apiSecurity.NotAuthorizedError();
-    }
-  }
-  async canCreateFolderInRoot() {
-    return true;
-  }
-  async filterFolders(params) {
-    const filteredFolders = [];
-    const {
-      folders,
-      rwd
-    } = params;
-    for (let i = 0; i < folders.length; i++) {
-      const folder = folders[i];
-      const canAccessFolder = await this.canAccessFolder({
-        folder,
-        rwd
-      });
-      if (canAccessFolder) {
-        filteredFolders.push(folder);
-      }
-    }
-    return filteredFolders;
-  }
-  async assignFolderPermissions(folder) {
-    const folders = Array.isArray(folder) ? folder : [folder];
-    for (let i = 0; i < folders.length; i++) {
-      const folder = folders[i];
-      const folderPermissions = await this.getFolderPermissions({
-        folder
-      });
-      if (folderPermissions) {
-        folder.permissions = folderPermissions.permissions;
-      } else {
-        folder.permissions = [];
-      }
-    }
-  }
-  permissionsIncludeNonInheritedPermissions(folderPermissionsList) {
-    return folderPermissionsList?.some(p => !p.inheritedFrom);
-  }
-}
-exports.FolderLevelPermissions = FolderLevelPermissions;
-//# sourceMappingURL=FolderLevelPermissions.js.map

package/utils/FolderLevelPermissions.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["_apiSecurity","require","_ListFoldersRepository","_FoldersCacheFactory","FolderLevelPermissions","foldersPermissionsLists","constructor","params","getIdentity","listIdentityTeams","listPermissions","canUseTeams","canUseFolderLevelPermissions","identity","type","isAuthorizationEnabled","folderCacheFactory","deleteCache","foldersLoader","ListFoldersRepository","gateway","listAllFolders","folderType","execute","listAllFoldersWithPermissions","folders","filteredFoldersWithPermissions","filterFolders","rwd","assignFolderPermissions","invalidateFoldersCache","getCache","clear","invalidateFoldersPermissionsListCache","addFolderToCache","folder","addItems","updateFoldersCache","modifier","updateItems","listFoldersPermissions","existingFoldersPermissionsList","Promise","resolve","foldersList","allFolders","permissions","identityTeams","processedFolderPermissions","processFolderPermissions","some","fp","folderId","id","currentFolderPermissions","map","permission","parentId","parentFolder","find","f","processedParentFolderPermissions","isPublicParentFolder","p","level","mustInherit","length","inheritedPermissions","inheritedFrom","push","currentIdentityIncludedInPermissions","target","hasFullAccess","name","currentIdentityPermissionIndex","findIndex","currentIdentityPermission","splice","unshift","accessInheritedFrom","identityTeam","teamPermission","mustAddPublicPermission","i","getFolderPermissions","folderPermissionsList","canAccessFolder","folderPermissions","managePermissions","ensureCanAccessFolder","NotAuthorizedError","canManageFolderPermissions","canManageFolderStructure","canManageFolderContent","canAccessFolderContent","ensureCanAccessFolderContent","canCreateFolderInRoot","filteredFolders","Array","isArray","permissionsIncludeNonInheritedPermissions","exports"],"sources":["FolderLevelPermissions.ts"],"sourcesContent":["import { Authentication } from \"@webiny/api-authentication/types\";\nimport { SecurityPermission, Team } from \"@webiny/api-security/types\";\nimport { Folder, ListFoldersParams } from \"~/folder/folder.types\";\nimport { NotAuthorizedError } from \"@webiny/api-security\";\nimport { ListFoldersRepository } from \"~/utils/ListFoldersRepository\";\nimport { ListMeta } from \"~/types\";\nimport { folderCacheFactory } from \"~/utils/FoldersCacheFactory\";\n\nexport type FolderAccessLevel = \"owner\" | \"viewer\" | \"editor\" | \"public\";\n\nexport interface FolderPermission {\n target: string;\n level: FolderAccessLevel;\n inheritedFrom?: string;\n}\n\nexport interface FolderPermissionsListItem {\n folderId: string;\n permissions: FolderPermission[];\n}\n\nexport type FolderPermissionsList = FolderPermissionsListItem[];\n\nexport interface CanAccessFolderContentParams {\n folder: Pick<Folder, \"id\" | \"type\" | \"parentId\">;\n rwd?: \"r\" | \"w\" | \"d\";\n foldersList?: Folder[];\n}\n\nexport interface CanAccessFolderParams extends CanAccessFolderContentParams {\n managePermissions?: boolean;\n}\n\ninterface FilterFoldersParams {\n folders: Array<Folder>;\n rwd?: \"r\" | \"w\" | \"d\";\n}\n\ninterface GetFolderPermissionsParams {\n folder: Pick<Folder, \"id\" | \"type\">;\n foldersList?: Folder[];\n}\n\ninterface ListFolderPermissionsParams {\n folderType: string;\n foldersList?: Folder[];\n}\n\nexport interface FolderLevelPermissionsParams {\n getIdentity: Authentication[\"getIdentity\"];\n listIdentityTeams: () => Promise<Team[]>;\n listPermissions: () => Promise<SecurityPermission[]>;\n listAllFolders: (params: ListFoldersParams) => Promise<[Folder[], ListMeta]>;\n canUseTeams: () => boolean;\n canUseFolderLevelPermissions: () => boolean;\n isAuthorizationEnabled: () => boolean;\n}\n\nexport class FolderLevelPermissions {\n canUseFolderLevelPermissions: () => boolean;\n\n private readonly getIdentity: Authentication[\"getIdentity\"];\n private readonly listIdentityTeams: () => Promise<Team[]>;\n private readonly listPermissions: () => Promise<SecurityPermission[]>;\n private readonly canUseTeams: () => boolean;\n private readonly isAuthorizationEnabled: () => boolean;\n private foldersPermissionsLists: Record<string, Promise<FolderPermissionsList> | null> = {};\n private foldersLoader: ListFoldersRepository;\n\n constructor(params: FolderLevelPermissionsParams) {\n this.getIdentity = params.getIdentity;\n this.listIdentityTeams = params.listIdentityTeams;\n this.listPermissions = params.listPermissions;\n this.canUseTeams = params.canUseTeams;\n this.canUseFolderLevelPermissions = () => {\n const identity = this.getIdentity();\n\n // FLPs only work with authenticated identities (logged-in users).\n if (!identity) {\n return false;\n }\n\n // At the moment, we only want FLP to be used with identities of type \"admin\".\n // This temporarily addresses the issue of API keys not being able to access content, because\n // FLPs doesn't work with them. Once we start adding FLPs to API keys, we can remove this check.\n if (identity.type !== \"admin\") {\n return false;\n }\n\n return params.canUseFolderLevelPermissions();\n };\n\n this.isAuthorizationEnabled = params.isAuthorizationEnabled;\n\n // Delete the cache on constructor to avoid duplicated permissions lists,\n // especially when calculating permissions based on folder parents.\n folderCacheFactory.deleteCache();\n this.foldersLoader = new ListFoldersRepository({\n gateway: params.listAllFolders\n });\n }\n\n async listAllFolders(folderType: string): Promise<Folder[]> {\n return await this.foldersLoader.execute(folderType);\n }\n\n async listAllFoldersWithPermissions(folderType: string) {\n const folders = await this.listAllFolders(folderType);\n\n // Filter folders based on permissions and assign permissions to each folder.\n const filteredFoldersWithPermissions = await this.filterFolders({\n folders,\n rwd: \"r\"\n });\n\n await this.assignFolderPermissions(filteredFoldersWithPermissions);\n\n return filteredFoldersWithPermissions;\n }\n\n invalidateFoldersCache(folderType?: string) {\n if (folderType) {\n folderCacheFactory.getCache(folderType).clear();\n } else {\n folderCacheFactory.deleteCache();\n }\n }\n\n invalidateFoldersPermissionsListCache(folderType?: string) {\n if (folderType) {\n if (folderType in this.foldersPermissionsLists) {\n delete this.foldersPermissionsLists[folderType];\n }\n } else {\n folderCacheFactory.deleteCache();\n }\n }\n\n addFolderToCache(folderType: string, folder: Folder) {\n folderCacheFactory.getCache(folderType).addItems([folder]);\n }\n\n updateFoldersCache(folderType: string, modifier: (folder: Folder) => Folder) {\n folderCacheFactory.getCache(folderType).updateItems(modifier);\n }\n\n async listFoldersPermissions(\n params: ListFolderPermissionsParams\n ): Promise<FolderPermissionsList> {\n const existingFoldersPermissionsList = this.foldersPermissionsLists[params.folderType];\n if (existingFoldersPermissionsList) {\n return existingFoldersPermissionsList;\n }\n\n this.foldersPermissionsLists[params.folderType] = new Promise(async resolve => {\n if (!this.canUseFolderLevelPermissions() || !this.isAuthorizationEnabled()) {\n resolve([]);\n return;\n }\n\n const { folderType, foldersList } = params;\n\n const allFolders = foldersList || (await this.listAllFolders(folderType));\n const identity = this.getIdentity();\n const permissions = await this.listPermissions();\n\n let identityTeams: Team[];\n if (this.canUseTeams()) {\n identityTeams = await this.listIdentityTeams();\n }\n\n const processedFolderPermissions: FolderPermissionsListItem[] = [];\n\n const processFolderPermissions = (folder: Folder) => {\n if (processedFolderPermissions.some(fp => fp.folderId === folder.id)) {\n return;\n }\n\n // Copy permissions, so we don't modify the original object.\n const currentFolderPermissions: FolderPermissionsListItem = {\n folderId: folder.id,\n // On new folders, permissions can be `null`. Guard against that.\n permissions: folder.permissions?.map(permission => ({ ...permission })) || []\n };\n\n // Check for permissions inherited from parent folder.\n if (folder.parentId) {\n const parentFolder = allFolders!.find(f => f.id === folder.parentId)!;\n if (parentFolder) {\n // First check if the parent folder has already been processed.\n let processedParentFolderPermissions = processedFolderPermissions.find(\n fp => fp.folderId === parentFolder.id\n );\n\n // If not, process the parent folder.\n if (!processedParentFolderPermissions) {\n processFolderPermissions(parentFolder);\n processedParentFolderPermissions = processedFolderPermissions.find(\n fp => fp.folderId === folder.parentId\n );\n }\n\n // If the parent folder has permissions, let's add them to the current folder.\n if (processedParentFolderPermissions) {\n const isPublicParentFolder =\n processedParentFolderPermissions.permissions.some(\n p => p.level === \"public\"\n );\n\n // We inherit parent permissions if:\n // 1. the parent folder is not public or...\n // 2. ...the parent folder is public, but the current folder doesn't have any permissions set\n const mustInherit =\n !isPublicParentFolder ||\n currentFolderPermissions.permissions.length === 0;\n\n if (mustInherit) {\n const inheritedPermissions =\n processedParentFolderPermissions.permissions.map(p => {\n return {\n ...p,\n inheritedFrom:\n \"parent:\" +\n processedParentFolderPermissions!.folderId\n };\n });\n\n currentFolderPermissions.permissions.push(...inheritedPermissions);\n }\n }\n }\n }\n\n // Let's ensure current identity's permission is included in the permissions array.\n // We first check if the current identity is already included in the permissions array.\n // If not, we check if the user has full access or if the team user belongs to has access.\n const currentIdentityIncludedInPermissions =\n currentFolderPermissions.permissions.some(\n p => p.target === `admin:${identity.id}`\n );\n\n const hasFullAccess = permissions.some(p => p.name === \"*\");\n\n if (currentIdentityIncludedInPermissions) {\n // 1. Ensure existing identity permission is always the first one in the array.\n const currentIdentityPermissionIndex =\n currentFolderPermissions.permissions.findIndex(\n p => p.target === `admin:${identity.id}`\n );\n\n if (currentIdentityPermissionIndex > 0) {\n const [currentIdentityPermission] =\n currentFolderPermissions.permissions.splice(\n currentIdentityPermissionIndex,\n 1\n );\n currentFolderPermissions.permissions.unshift(currentIdentityPermission);\n }\n\n // 2. We must ensure current identity has the \"owner\" level if they possess full access\n // based on security permissions. This protects us from non-full-access users restricting\n // access to full-access users. This should not happen. Full-access users should always\n // be in control of the permissions for a folder.\n if (hasFullAccess) {\n const accessInheritedFrom =\n currentFolderPermissions.permissions[0].inheritedFrom;\n\n // Why are we checking for non-existence of `accessInheritedFrom`?\n // Because if it doesn't exist, it means the permission is not inherited from\n // a parent folder, which means it's a direct permission set on the folder.\n // In this case, we must ensure the permission is set to \"owner\".\n if (!accessInheritedFrom) {\n currentFolderPermissions.permissions[0] = {\n target: `admin:${identity.id}`,\n level: \"owner\",\n inheritedFrom: \"role:full-access\"\n };\n }\n }\n } else {\n // Current identity not included in permissions? Let's add it.\n let currentIdentityPermission: FolderPermission | null = null;\n\n // 1. Check if the user has full access.\n if (hasFullAccess) {\n currentIdentityPermission = {\n target: `admin:${identity.id}`,\n level: \"owner\",\n inheritedFrom: \"role:full-access\"\n };\n } else if (identityTeams.length) {\n // 2. Check the teams user belongs to and that grant access to the folder.\n for (const identityTeam of identityTeams) {\n const teamPermission = currentFolderPermissions.permissions.find(\n p => p.target === `team:${identityTeam!.id}`\n );\n\n if (teamPermission) {\n currentIdentityPermission = {\n target: `admin:${identity.id}`,\n level: teamPermission.level,\n inheritedFrom: \"team:\" + identityTeam!.id\n };\n }\n }\n }\n\n if (currentIdentityPermission) {\n // If permission is found, let's add it to the beginning of the array.\n // We're doing this just because it looks nicer in the UI.\n currentFolderPermissions.permissions.unshift(currentIdentityPermission);\n }\n }\n\n // Note that this can only happen with root folders. All other (child) folders will\n // always have at least one permission (inherited from parent).\n const mustAddPublicPermission = currentFolderPermissions.permissions.length === 0;\n if (mustAddPublicPermission) {\n currentFolderPermissions.permissions = [\n {\n target: `admin:${identity.id}`,\n level: \"public\",\n inheritedFrom: \"public\"\n }\n ];\n }\n\n processedFolderPermissions.push(currentFolderPermissions);\n };\n\n for (let i = 0; i < allFolders!.length; i++) {\n const folder = allFolders![i];\n processFolderPermissions(folder);\n }\n\n resolve(processedFolderPermissions);\n return;\n //return processedFolderPermissions;\n });\n\n return this.foldersPermissionsLists[params.folderType]!;\n }\n\n async getFolderPermissions(\n params: GetFolderPermissionsParams\n ): Promise<FolderPermissionsListItem | undefined> {\n const { folder, foldersList } = params;\n const folderPermissionsList = await this.listFoldersPermissions({\n folderType: folder.type,\n foldersList\n });\n\n return folderPermissionsList.find(fp => fp.folderId === folder.id);\n }\n\n async canAccessFolder(params: CanAccessFolderParams) {\n if (!this.canUseFolderLevelPermissions() || !this.isAuthorizationEnabled()) {\n return true;\n }\n\n const { folder } = params;\n\n const folderPermissions = await this.getFolderPermissions({\n folder,\n foldersList: params.foldersList\n });\n\n const identity = this.getIdentity();\n const currentIdentityPermission = folderPermissions?.permissions.find(p => {\n return p.target === `admin:${identity.id}`;\n });\n\n if (!currentIdentityPermission) {\n return false;\n }\n\n const { level } = currentIdentityPermission;\n\n if (params.managePermissions) {\n return level === \"owner\";\n }\n\n // Checking for \"write\" or \"delete\" access. Allow only if the\n // user is an owner or the folder is public (no FLP assigned).\n if (params.rwd !== \"r\") {\n return level === \"owner\" || level === \"public\";\n }\n\n return true;\n }\n\n async ensureCanAccessFolder(params: CanAccessFolderParams) {\n const canAccessFolder = await this.canAccessFolder(params);\n if (!canAccessFolder) {\n throw new NotAuthorizedError();\n }\n }\n\n canManageFolderPermissions(folder: Folder) {\n if (!this.canUseFolderLevelPermissions()) {\n return false;\n }\n\n if (!this.isAuthorizationEnabled()) {\n return true;\n }\n\n return this.canAccessFolder({ folder, rwd: \"w\", managePermissions: true });\n }\n\n canManageFolderStructure(folder: Folder) {\n if (!this.canUseFolderLevelPermissions() || !this.isAuthorizationEnabled()) {\n return true;\n }\n\n return this.canAccessFolder({ folder, rwd: \"w\" });\n }\n\n canManageFolderContent(folder: Folder) {\n if (!this.canUseFolderLevelPermissions() || !this.isAuthorizationEnabled()) {\n return true;\n }\n\n return this.canAccessFolderContent({ folder, rwd: \"w\" });\n }\n\n async canAccessFolderContent(params: CanAccessFolderContentParams) {\n if (!this.canUseFolderLevelPermissions() || !this.isAuthorizationEnabled()) {\n return true;\n }\n\n const { folder, foldersList } = params;\n\n const folderPermissions = await this.getFolderPermissions({\n folder,\n foldersList\n });\n\n const identity = this.getIdentity();\n const currentIdentityPermission = folderPermissions?.permissions.find(p => {\n return p.target === `admin:${identity.id}`;\n });\n\n if (!currentIdentityPermission) {\n return false;\n }\n\n // If the user is not an owner and we're checking for \"write\" or\n // \"delete\" access, then we can immediately return false.\n if (params.rwd !== \"r\") {\n const { level } = currentIdentityPermission;\n return level !== \"viewer\";\n }\n\n return true;\n }\n\n async ensureCanAccessFolderContent(params: CanAccessFolderContentParams) {\n const canAccessFolderContent = await this.canAccessFolderContent(params);\n if (!canAccessFolderContent) {\n throw new NotAuthorizedError();\n }\n }\n\n async canCreateFolderInRoot() {\n return true;\n }\n\n async filterFolders(params: FilterFoldersParams) {\n const filteredFolders: Folder[] = [];\n\n const { folders, rwd } = params;\n for (let i = 0; i < folders.length; i++) {\n const folder = folders[i];\n const canAccessFolder = await this.canAccessFolder({ folder, rwd });\n if (canAccessFolder) {\n filteredFolders.push(folder);\n }\n }\n\n return filteredFolders;\n }\n\n async assignFolderPermissions(folder: Folder | Folder[]) {\n const folders = Array.isArray(folder) ? folder : [folder];\n\n for (let i = 0; i < folders.length; i++) {\n const folder = folders[i];\n const folderPermissions = await this.getFolderPermissions({ folder });\n if (folderPermissions) {\n folder.permissions = folderPermissions.permissions;\n } else {\n folder.permissions = [];\n }\n }\n }\n\n permissionsIncludeNonInheritedPermissions(folderPermissionsList?: FolderPermission[]) {\n return folderPermissionsList?.some(p => !p.inheritedFrom);\n }\n}\n"],"mappings":";;;;;;AAGA,IAAAA,YAAA,GAAAC,OAAA;AACA,IAAAC,sBAAA,GAAAD,OAAA;AAEA,IAAAE,oBAAA,GAAAF,OAAA;AAoDO,MAAMG,sBAAsB,CAAC;EAQxBC,uBAAuB,GAA0D,CAAC,CAAC;EAG3FC,WAAWA,CAACC,MAAoC,EAAE;IAC9C,IAAI,CAACC,WAAW,GAAGD,MAAM,CAACC,WAAW;IACrC,IAAI,CAACC,iBAAiB,GAAGF,MAAM,CAACE,iBAAiB;IACjD,IAAI,CAACC,eAAe,GAAGH,MAAM,CAACG,eAAe;IAC7C,IAAI,CAACC,WAAW,GAAGJ,MAAM,CAACI,WAAW;IACrC,IAAI,CAACC,4BAA4B,GAAG,MAAM;MACtC,MAAMC,QAAQ,GAAG,IAAI,CAACL,WAAW,CAAC,CAAC;;MAEnC;MACA,IAAI,CAACK,QAAQ,EAAE;QACX,OAAO,KAAK;MAChB;;MAEA;MACA;MACA;MACA,IAAIA,QAAQ,CAACC,IAAI,KAAK,OAAO,EAAE;QAC3B,OAAO,KAAK;MAChB;MAEA,OAAOP,MAAM,CAACK,4BAA4B,CAAC,CAAC;IAChD,CAAC;IAED,IAAI,CAACG,sBAAsB,GAAGR,MAAM,CAACQ,sBAAsB;;IAE3D;IACA;IACAC,uCAAkB,CAACC,WAAW,CAAC,CAAC;IAChC,IAAI,CAACC,aAAa,GAAG,IAAIC,4CAAqB,CAAC;MAC3CC,OAAO,EAAEb,MAAM,CAACc;IACpB,CAAC,CAAC;EACN;EAEA,MAAMA,cAAcA,CAACC,UAAkB,EAAqB;IACxD,OAAO,MAAM,IAAI,CAACJ,aAAa,CAACK,OAAO,CAACD,UAAU,CAAC;EACvD;EAEA,MAAME,6BAA6BA,CAACF,UAAkB,EAAE;IACpD,MAAMG,OAAO,GAAG,MAAM,IAAI,CAACJ,cAAc,CAACC,UAAU,CAAC;;IAErD;IACA,MAAMI,8BAA8B,GAAG,MAAM,IAAI,CAACC,aAAa,CAAC;MAC5DF,OAAO;MACPG,GAAG,EAAE;IACT,CAAC,CAAC;IAEF,MAAM,IAAI,CAACC,uBAAuB,CAACH,8BAA8B,CAAC;IAElE,OAAOA,8BAA8B;EACzC;EAEAI,sBAAsBA,CAACR,UAAmB,EAAE;IACxC,IAAIA,UAAU,EAAE;MACZN,uCAAkB,CAACe,QAAQ,CAACT,UAAU,CAAC,CAACU,KAAK,CAAC,CAAC;IACnD,CAAC,MAAM;MACHhB,uCAAkB,CAACC,WAAW,CAAC,CAAC;IACpC;EACJ;EAEAgB,qCAAqCA,CAACX,UAAmB,EAAE;IACvD,IAAIA,UAAU,EAAE;MACZ,IAAIA,UAAU,IAAI,IAAI,CAACjB,uBAAuB,EAAE;QAC5C,OAAO,IAAI,CAACA,uBAAuB,CAACiB,UAAU,CAAC;MACnD;IACJ,CAAC,MAAM;MACHN,uCAAkB,CAACC,WAAW,CAAC,CAAC;IACpC;EACJ;EAEAiB,gBAAgBA,CAACZ,UAAkB,EAAEa,MAAc,EAAE;IACjDnB,uCAAkB,CAACe,QAAQ,CAACT,UAAU,CAAC,CAACc,QAAQ,CAAC,CAACD,MAAM,CAAC,CAAC;EAC9D;EAEAE,kBAAkBA,CAACf,UAAkB,EAAEgB,QAAoC,EAAE;IACzEtB,uCAAkB,CAACe,QAAQ,CAACT,UAAU,CAAC,CAACiB,WAAW,CAACD,QAAQ,CAAC;EACjE;EAEA,MAAME,sBAAsBA,CACxBjC,MAAmC,EACL;IAC9B,MAAMkC,8BAA8B,GAAG,IAAI,CAACpC,uBAAuB,CAACE,MAAM,CAACe,UAAU,CAAC;IACtF,IAAImB,8BAA8B,EAAE;MAChC,OAAOA,8BAA8B;IACzC;IAEA,IAAI,CAACpC,uBAAuB,CAACE,MAAM,CAACe,UAAU,CAAC,GAAG,IAAIoB,OAAO,CAAC,MAAMC,OAAO,IAAI;MAC3E,IAAI,CAAC,IAAI,CAAC/B,4BAA4B,CAAC,CAAC,IAAI,CAAC,IAAI,CAACG,sBAAsB,CAAC,CAAC,EAAE;QACxE4B,OAAO,CAAC,EAAE,CAAC;QACX;MACJ;MAEA,MAAM;QAAErB,UAAU;QAAEsB;MAAY,CAAC,GAAGrC,MAAM;MAE1C,MAAMsC,UAAU,GAAGD,WAAW,KAAK,MAAM,IAAI,CAACvB,cAAc,CAACC,UAAU,CAAC,CAAC;MACzE,MAAMT,QAAQ,GAAG,IAAI,CAACL,WAAW,CAAC,CAAC;MACnC,MAAMsC,WAAW,GAAG,MAAM,IAAI,CAACpC,eAAe,CAAC,CAAC;MAEhD,IAAIqC,aAAqB;MACzB,IAAI,IAAI,CAACpC,WAAW,CAAC,CAAC,EAAE;QACpBoC,aAAa,GAAG,MAAM,IAAI,CAACtC,iBAAiB,CAAC,CAAC;MAClD;MAEA,MAAMuC,0BAAuD,GAAG,EAAE;MAElE,MAAMC,wBAAwB,GAAId,MAAc,IAAK;QACjD,IAAIa,0BAA0B,CAACE,IAAI,CAACC,EAAE,IAAIA,EAAE,CAACC,QAAQ,KAAKjB,MAAM,CAACkB,EAAE,CAAC,EAAE;UAClE;QACJ;;QAEA;QACA,MAAMC,wBAAmD,GAAG;UACxDF,QAAQ,EAAEjB,MAAM,CAACkB,EAAE;UACnB;UACAP,WAAW,EAAEX,MAAM,CAACW,WAAW,EAAES,GAAG,CAACC,UAAU,KAAK;YAAE,GAAGA;UAAW,CAAC,CAAC,CAAC,IAAI;QAC/E,CAAC;;QAED;QACA,IAAIrB,MAAM,CAACsB,QAAQ,EAAE;UACjB,MAAMC,YAAY,GAAGb,UAAU,CAAEc,IAAI,CAACC,CAAC,IAAIA,CAAC,CAACP,EAAE,KAAKlB,MAAM,CAACsB,QAAQ,CAAE;UACrE,IAAIC,YAAY,EAAE;YACd;YACA,IAAIG,gCAAgC,GAAGb,0BAA0B,CAACW,IAAI,CAClER,EAAE,IAAIA,EAAE,CAACC,QAAQ,KAAKM,YAAY,CAACL,EACvC,CAAC;;YAED;YACA,IAAI,CAACQ,gCAAgC,EAAE;cACnCZ,wBAAwB,CAACS,YAAY,CAAC;cACtCG,gCAAgC,GAAGb,0BAA0B,CAACW,IAAI,CAC9DR,EAAE,IAAIA,EAAE,CAACC,QAAQ,KAAKjB,MAAM,CAACsB,QACjC,CAAC;YACL;;YAEA;YACA,IAAII,gCAAgC,EAAE;cAClC,MAAMC,oBAAoB,GACtBD,gCAAgC,CAACf,WAAW,CAACI,IAAI,CAC7Ca,CAAC,IAAIA,CAAC,CAACC,KAAK,KAAK,QACrB,CAAC;;cAEL;cACA;cACA;cACA,MAAMC,WAAW,GACb,CAACH,oBAAoB,IACrBR,wBAAwB,CAACR,WAAW,CAACoB,MAAM,KAAK,CAAC;cAErD,IAAID,WAAW,EAAE;gBACb,MAAME,oBAAoB,GACtBN,gCAAgC,CAACf,WAAW,CAACS,GAAG,CAACQ,CAAC,IAAI;kBAClD,OAAO;oBACH,GAAGA,CAAC;oBACJK,aAAa,EACT,SAAS,GACTP,gCAAgC,CAAET;kBAC1C,CAAC;gBACL,CAAC,CAAC;gBAENE,wBAAwB,CAACR,WAAW,CAACuB,IAAI,CAAC,GAAGF,oBAAoB,CAAC;cACtE;YACJ;UACJ;QACJ;;QAEA;QACA;QACA;QACA,MAAMG,oCAAoC,GACtChB,wBAAwB,CAACR,WAAW,CAACI,IAAI,CACrCa,CAAC,IAAIA,CAAC,CAACQ,MAAM,KAAK,SAAS1D,QAAQ,CAACwC,EAAE,EAC1C,CAAC;QAEL,MAAMmB,aAAa,GAAG1B,WAAW,CAACI,IAAI,CAACa,CAAC,IAAIA,CAAC,CAACU,IAAI,KAAK,GAAG,CAAC;QAE3D,IAAIH,oCAAoC,EAAE;UACtC;UACA,MAAMI,8BAA8B,GAChCpB,wBAAwB,CAACR,WAAW,CAAC6B,SAAS,CAC1CZ,CAAC,IAAIA,CAAC,CAACQ,MAAM,KAAK,SAAS1D,QAAQ,CAACwC,EAAE,EAC1C,CAAC;UAEL,IAAIqB,8BAA8B,GAAG,CAAC,EAAE;YACpC,MAAM,CAACE,yBAAyB,CAAC,GAC7BtB,wBAAwB,CAACR,WAAW,CAAC+B,MAAM,CACvCH,8BAA8B,EAC9B,CACJ,CAAC;YACLpB,wBAAwB,CAACR,WAAW,CAACgC,OAAO,CAACF,yBAAyB,CAAC;UAC3E;;UAEA;UACA;UACA;UACA;UACA,IAAIJ,aAAa,EAAE;YACf,MAAMO,mBAAmB,GACrBzB,wBAAwB,CAACR,WAAW,CAAC,CAAC,CAAC,CAACsB,aAAa;;YAEzD;YACA;YACA;YACA;YACA,IAAI,CAACW,mBAAmB,EAAE;cACtBzB,wBAAwB,CAACR,WAAW,CAAC,CAAC,CAAC,GAAG;gBACtCyB,MAAM,EAAE,SAAS1D,QAAQ,CAACwC,EAAE,EAAE;gBAC9BW,KAAK,EAAE,OAAO;gBACdI,aAAa,EAAE;cACnB,CAAC;YACL;UACJ;QACJ,CAAC,MAAM;UACH;UACA,IAAIQ,yBAAkD,GAAG,IAAI;;UAE7D;UACA,IAAIJ,aAAa,EAAE;YACfI,yBAAyB,GAAG;cACxBL,MAAM,EAAE,SAAS1D,QAAQ,CAACwC,EAAE,EAAE;cAC9BW,KAAK,EAAE,OAAO;cACdI,aAAa,EAAE;YACnB,CAAC;UACL,CAAC,MAAM,IAAIrB,aAAa,CAACmB,MAAM,EAAE;YAC7B;YACA,KAAK,MAAMc,YAAY,IAAIjC,aAAa,EAAE;cACtC,MAAMkC,cAAc,GAAG3B,wBAAwB,CAACR,WAAW,CAACa,IAAI,CAC5DI,CAAC,IAAIA,CAAC,CAACQ,MAAM,KAAK,QAAQS,YAAY,CAAE3B,EAAE,EAC9C,CAAC;cAED,IAAI4B,cAAc,EAAE;gBAChBL,yBAAyB,GAAG;kBACxBL,MAAM,EAAE,SAAS1D,QAAQ,CAACwC,EAAE,EAAE;kBAC9BW,KAAK,EAAEiB,cAAc,CAACjB,KAAK;kBAC3BI,aAAa,EAAE,OAAO,GAAGY,YAAY,CAAE3B;gBAC3C,CAAC;cACL;YACJ;UACJ;UAEA,IAAIuB,yBAAyB,EAAE;YAC3B;YACA;YACAtB,wBAAwB,CAACR,WAAW,CAACgC,OAAO,CAACF,yBAAyB,CAAC;UAC3E;QACJ;;QAEA;QACA;QACA,MAAMM,uBAAuB,GAAG5B,wBAAwB,CAACR,WAAW,CAACoB,MAAM,KAAK,CAAC;QACjF,IAAIgB,uBAAuB,EAAE;UACzB5B,wBAAwB,CAACR,WAAW,GAAG,CACnC;YACIyB,MAAM,EAAE,SAAS1D,QAAQ,CAACwC,EAAE,EAAE;YAC9BW,KAAK,EAAE,QAAQ;YACfI,aAAa,EAAE;UACnB,CAAC,CACJ;QACL;QAEApB,0BAA0B,CAACqB,IAAI,CAACf,wBAAwB,CAAC;MAC7D,CAAC;MAED,KAAK,IAAI6B,CAAC,GAAG,CAAC,EAAEA,CAAC,GAAGtC,UAAU,CAAEqB,MAAM,EAAEiB,CAAC,EAAE,EAAE;QACzC,MAAMhD,MAAM,GAAGU,UAAU,CAAEsC,CAAC,CAAC;QAC7BlC,wBAAwB,CAACd,MAAM,CAAC;MACpC;MAEAQ,OAAO,CAACK,0BAA0B,CAAC;MACnC;MACA;IACJ,CAAC,CAAC;IAEF,OAAO,IAAI,CAAC3C,uBAAuB,CAACE,MAAM,CAACe,UAAU,CAAC;EAC1D;EAEA,MAAM8D,oBAAoBA,CACtB7E,MAAkC,EACY;IAC9C,MAAM;MAAE4B,MAAM;MAAES;IAAY,CAAC,GAAGrC,MAAM;IACtC,MAAM8E,qBAAqB,GAAG,MAAM,IAAI,CAAC7C,sBAAsB,CAAC;MAC5DlB,UAAU,EAAEa,MAAM,CAACrB,IAAI;MACvB8B;IACJ,CAAC,CAAC;IAEF,OAAOyC,qBAAqB,CAAC1B,IAAI,CAACR,EAAE,IAAIA,EAAE,CAACC,QAAQ,KAAKjB,MAAM,CAACkB,EAAE,CAAC;EACtE;EAEA,MAAMiC,eAAeA,CAAC/E,MAA6B,EAAE;IACjD,IAAI,CAAC,IAAI,CAACK,4BAA4B,CAAC,CAAC,IAAI,CAAC,IAAI,CAACG,sBAAsB,CAAC,CAAC,EAAE;MACxE,OAAO,IAAI;IACf;IAEA,MAAM;MAAEoB;IAAO,CAAC,GAAG5B,MAAM;IAEzB,MAAMgF,iBAAiB,GAAG,MAAM,IAAI,CAACH,oBAAoB,CAAC;MACtDjD,MAAM;MACNS,WAAW,EAAErC,MAAM,CAACqC;IACxB,CAAC,CAAC;IAEF,MAAM/B,QAAQ,GAAG,IAAI,CAACL,WAAW,CAAC,CAAC;IACnC,MAAMoE,yBAAyB,GAAGW,iBAAiB,EAAEzC,WAAW,CAACa,IAAI,CAACI,CAAC,IAAI;MACvE,OAAOA,CAAC,CAACQ,MAAM,KAAK,SAAS1D,QAAQ,CAACwC,EAAE,EAAE;IAC9C,CAAC,CAAC;IAEF,IAAI,CAACuB,yBAAyB,EAAE;MAC5B,OAAO,KAAK;IAChB;IAEA,MAAM;MAAEZ;IAAM,CAAC,GAAGY,yBAAyB;IAE3C,IAAIrE,MAAM,CAACiF,iBAAiB,EAAE;MAC1B,OAAOxB,KAAK,KAAK,OAAO;IAC5B;;IAEA;IACA;IACA,IAAIzD,MAAM,CAACqB,GAAG,KAAK,GAAG,EAAE;MACpB,OAAOoC,KAAK,KAAK,OAAO,IAAIA,KAAK,KAAK,QAAQ;IAClD;IAEA,OAAO,IAAI;EACf;EAEA,MAAMyB,qBAAqBA,CAAClF,MAA6B,EAAE;IACvD,MAAM+E,eAAe,GAAG,MAAM,IAAI,CAACA,eAAe,CAAC/E,MAAM,CAAC;IAC1D,IAAI,CAAC+E,eAAe,EAAE;MAClB,MAAM,IAAII,+BAAkB,CAAC,CAAC;IAClC;EACJ;EAEAC,0BAA0BA,CAACxD,MAAc,EAAE;IACvC,IAAI,CAAC,IAAI,CAACvB,4BAA4B,CAAC,CAAC,EAAE;MACtC,OAAO,KAAK;IAChB;IAEA,IAAI,CAAC,IAAI,CAACG,sBAAsB,CAAC,CAAC,EAAE;MAChC,OAAO,IAAI;IACf;IAEA,OAAO,IAAI,CAACuE,eAAe,CAAC;MAAEnD,MAAM;MAAEP,GAAG,EAAE,GAAG;MAAE4D,iBAAiB,EAAE;IAAK,CAAC,CAAC;EAC9E;EAEAI,wBAAwBA,CAACzD,MAAc,EAAE;IACrC,IAAI,CAAC,IAAI,CAACvB,4BAA4B,CAAC,CAAC,IAAI,CAAC,IAAI,CAACG,sBAAsB,CAAC,CAAC,EAAE;MACxE,OAAO,IAAI;IACf;IAEA,OAAO,IAAI,CAACuE,eAAe,CAAC;MAAEnD,MAAM;MAAEP,GAAG,EAAE;IAAI,CAAC,CAAC;EACrD;EAEAiE,sBAAsBA,CAAC1D,MAAc,EAAE;IACnC,IAAI,CAAC,IAAI,CAACvB,4BAA4B,CAAC,CAAC,IAAI,CAAC,IAAI,CAACG,sBAAsB,CAAC,CAAC,EAAE;MACxE,OAAO,IAAI;IACf;IAEA,OAAO,IAAI,CAAC+E,sBAAsB,CAAC;MAAE3D,MAAM;MAAEP,GAAG,EAAE;IAAI,CAAC,CAAC;EAC5D;EAEA,MAAMkE,sBAAsBA,CAACvF,MAAoC,EAAE;IAC/D,IAAI,CAAC,IAAI,CAACK,4BAA4B,CAAC,CAAC,IAAI,CAAC,IAAI,CAACG,sBAAsB,CAAC,CAAC,EAAE;MACxE,OAAO,IAAI;IACf;IAEA,MAAM;MAAEoB,MAAM;MAAES;IAAY,CAAC,GAAGrC,MAAM;IAEtC,MAAMgF,iBAAiB,GAAG,MAAM,IAAI,CAACH,oBAAoB,CAAC;MACtDjD,MAAM;MACNS;IACJ,CAAC,CAAC;IAEF,MAAM/B,QAAQ,GAAG,IAAI,CAACL,WAAW,CAAC,CAAC;IACnC,MAAMoE,yBAAyB,GAAGW,iBAAiB,EAAEzC,WAAW,CAACa,IAAI,CAACI,CAAC,IAAI;MACvE,OAAOA,CAAC,CAACQ,MAAM,KAAK,SAAS1D,QAAQ,CAACwC,EAAE,EAAE;IAC9C,CAAC,CAAC;IAEF,IAAI,CAACuB,yBAAyB,EAAE;MAC5B,OAAO,KAAK;IAChB;;IAEA;IACA;IACA,IAAIrE,MAAM,CAACqB,GAAG,KAAK,GAAG,EAAE;MACpB,MAAM;QAAEoC;MAAM,CAAC,GAAGY,yBAAyB;MAC3C,OAAOZ,KAAK,KAAK,QAAQ;IAC7B;IAEA,OAAO,IAAI;EACf;EAEA,MAAM+B,4BAA4BA,CAACxF,MAAoC,EAAE;IACrE,MAAMuF,sBAAsB,GAAG,MAAM,IAAI,CAACA,sBAAsB,CAACvF,MAAM,CAAC;IACxE,IAAI,CAACuF,sBAAsB,EAAE;MACzB,MAAM,IAAIJ,+BAAkB,CAAC,CAAC;IAClC;EACJ;EAEA,MAAMM,qBAAqBA,CAAA,EAAG;IAC1B,OAAO,IAAI;EACf;EAEA,MAAMrE,aAAaA,CAACpB,MAA2B,EAAE;IAC7C,MAAM0F,eAAyB,GAAG,EAAE;IAEpC,MAAM;MAAExE,OAAO;MAAEG;IAAI,CAAC,GAAGrB,MAAM;IAC/B,KAAK,IAAI4E,CAAC,GAAG,CAAC,EAAEA,CAAC,GAAG1D,OAAO,CAACyC,MAAM,EAAEiB,CAAC,EAAE,EAAE;MACrC,MAAMhD,MAAM,GAAGV,OAAO,CAAC0D,CAAC,CAAC;MACzB,MAAMG,eAAe,GAAG,MAAM,IAAI,CAACA,eAAe,CAAC;QAAEnD,MAAM;QAAEP;MAAI,CAAC,CAAC;MACnE,IAAI0D,eAAe,EAAE;QACjBW,eAAe,CAAC5B,IAAI,CAAClC,MAAM,CAAC;MAChC;IACJ;IAEA,OAAO8D,eAAe;EAC1B;EAEA,MAAMpE,uBAAuBA,CAACM,MAAyB,EAAE;IACrD,MAAMV,OAAO,GAAGyE,KAAK,CAACC,OAAO,CAAChE,MAAM,CAAC,GAAGA,MAAM,GAAG,CAACA,MAAM,CAAC;IAEzD,KAAK,IAAIgD,CAAC,GAAG,CAAC,EAAEA,CAAC,GAAG1D,OAAO,CAACyC,MAAM,EAAEiB,CAAC,EAAE,EAAE;MACrC,MAAMhD,MAAM,GAAGV,OAAO,CAAC0D,CAAC,CAAC;MACzB,MAAMI,iBAAiB,GAAG,MAAM,IAAI,CAACH,oBAAoB,CAAC;QAAEjD;MAAO,CAAC,CAAC;MACrE,IAAIoD,iBAAiB,EAAE;QACnBpD,MAAM,CAACW,WAAW,GAAGyC,iBAAiB,CAACzC,WAAW;MACtD,CAAC,MAAM;QACHX,MAAM,CAACW,WAAW,GAAG,EAAE;MAC3B;IACJ;EACJ;EAEAsD,yCAAyCA,CAACf,qBAA0C,EAAE;IAClF,OAAOA,qBAAqB,EAAEnC,IAAI,CAACa,CAAC,IAAI,CAACA,CAAC,CAACK,aAAa,CAAC;EAC7D;AACJ;AAACiC,OAAA,CAAAjG,sBAAA,GAAAA,sBAAA","ignoreList":[]}

package/utils/decorators/constants.d.ts DELETED Viewed

	@@ -1 +0,0 @@
1	- export declare const ROOT_FOLDER = "root";

package/utils/decorators/constants.js DELETED Viewed

@@ -1,9 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.ROOT_FOLDER = void 0;
-const ROOT_FOLDER = exports.ROOT_FOLDER = "root";
-//# sourceMappingURL=constants.js.map

package/utils/decorators/constants.js.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"names":["ROOT_FOLDER","exports"],"sources":["constants.ts"],"sourcesContent":["export const ROOT_FOLDER = \"root\";\n"],"mappings":";;;;;;AAAO,MAAMA,WAAW,GAAAC,OAAA,CAAAD,WAAA,GAAG,MAAM","ignoreList":[]}

package/utils/decorators/createFolderType.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- import { CmsModel } from "@webiny/api-headless-cms/types";
2	- export declare const createFolderType: (model: CmsModel) => "FmFile" \| "PbPage" \| `cms:${string}`;

package/utils/decorators/createFolderType.js DELETED Viewed

@@ -1,18 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.createFolderType = void 0;
-var _isPageModel = require("./isPageModel");
-const createFolderType = model => {
-  if (model.modelId === "fmFile") {
-    return "FmFile";
-  } else if ((0, _isPageModel.isPageModel)(model)) {
-    return "PbPage";
-  }
-  return `cms:${model.modelId}`;
-};
-exports.createFolderType = createFolderType;
-//# sourceMappingURL=createFolderType.js.map

package/utils/decorators/createFolderType.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["_isPageModel","require","createFolderType","model","modelId","isPageModel","exports"],"sources":["createFolderType.ts"],"sourcesContent":["import { CmsModel } from \"@webiny/api-headless-cms/types\";\nimport { isPageModel } from \"./isPageModel\";\n\nexport const createFolderType = (model: CmsModel): \"FmFile\" | \"PbPage\" | `cms:${string}` => {\n if (model.modelId === \"fmFile\") {\n return \"FmFile\";\n } else if (isPageModel(model)) {\n return \"PbPage\";\n }\n return `cms:${model.modelId}`;\n};\n"],"mappings":";;;;;;AACA,IAAAA,YAAA,GAAAC,OAAA;AAEO,MAAMC,gBAAgB,GAAIC,KAAe,IAA4C;EACxF,IAAIA,KAAK,CAACC,OAAO,KAAK,QAAQ,EAAE;IAC5B,OAAO,QAAQ;EACnB,CAAC,MAAM,IAAI,IAAAC,wBAAW,EAACF,KAAK,CAAC,EAAE;IAC3B,OAAO,QAAQ;EACnB;EACA,OAAO,OAAOA,KAAK,CAACC,OAAO,EAAE;AACjC,CAAC;AAACE,OAAA,CAAAJ,gBAAA,GAAAA,gBAAA","ignoreList":[]}

package/utils/decorators/filterEntriesByFolderFactory.d.ts DELETED Viewed

@@ -1,6 +0,0 @@
-import { AcoContext } from "../../types";
-import { CmsEntry, CmsModel } from "@webiny/api-headless-cms/types";
-import { FolderLevelPermissions } from "../FolderLevelPermissions";
-type Context = Pick<AcoContext, "aco" | "cms">;
-export declare const filterEntriesByFolderFactory: (context: Context, permissions: FolderLevelPermissions) => (model: CmsModel, entries: CmsEntry[]) => Promise<CmsEntry<import("@webiny/api-headless-cms/types").CmsEntryValues>[]>;
-export {};

package/utils/decorators/filterEntriesByFolderFactory.js DELETED Viewed

@@ -1,37 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.filterEntriesByFolderFactory = void 0;
-var _handlerGraphql = require("@webiny/handler-graphql");
-var _constants = require("./constants");
-var _createFolderType = require("./createFolderType");
-const filterEntriesByFolderFactory = (context, permissions) => {
-  return async (model, entries) => {
-    const [folders] = await context.aco.folder.listAll({
-      where: {
-        type: (0, _createFolderType.createFolderType)(model)
-      }
-    });
-    const results = await Promise.all(entries.map(async entry => {
-      const folderId = entry.location?.folderId;
-      if (!folderId || folderId === _constants.ROOT_FOLDER) {
-        return entry;
-      }
-      const folder = folders.find(folder => folder.id === folderId);
-      if (!folder) {
-        throw new _handlerGraphql.NotFoundError(`Folder "${folderId}" not found.`);
-      }
-      const result = await permissions.canAccessFolderContent({
-        folder,
-        rwd: "r"
-      });
-      return result ? entry : null;
-    }));
-    return results.filter(entry => !!entry);
-  };
-};
-exports.filterEntriesByFolderFactory = filterEntriesByFolderFactory;
-//# sourceMappingURL=filterEntriesByFolderFactory.js.map

package/utils/decorators/filterEntriesByFolderFactory.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"names":["_handlerGraphql","require","_constants","_createFolderType","filterEntriesByFolderFactory","context","permissions","model","entries","folders","aco","folder","listAll","where","type","createFolderType","results","Promise","all","map","entry","folderId","location","ROOT_FOLDER","find","id","NotFoundError","result","canAccessFolderContent","rwd","filter","exports"],"sources":["filterEntriesByFolderFactory.ts"],"sourcesContent":["import { AcoContext } from \"~/types\";\nimport { CmsEntry, CmsModel } from \"@webiny/api-headless-cms/types\";\nimport { NotFoundError } from \"@webiny/handler-graphql\";\nimport { FolderLevelPermissions } from \"~/utils/FolderLevelPermissions\";\nimport { ROOT_FOLDER } from \"./constants\";\n\ntype Context = Pick<AcoContext, \"aco\" | \"cms\">;\n\nimport { createFolderType } from \"./createFolderType\";\n\nexport const filterEntriesByFolderFactory = (\n context: Context,\n permissions: FolderLevelPermissions\n) => {\n return async (model: CmsModel, entries: CmsEntry[]) => {\n const [folders] = await context.aco.folder.listAll({\n where: {\n type: createFolderType(model)\n }\n });\n\n const results = await Promise.all(\n entries.map(async entry => {\n const folderId = entry.location?.folderId;\n if (!folderId || folderId === ROOT_FOLDER) {\n return entry;\n }\n\n const folder = folders.find(folder => folder.id === folderId);\n if (!folder) {\n throw new NotFoundError(`Folder \"${folderId}\" not found.`);\n }\n const result = await permissions.canAccessFolderContent({\n folder,\n rwd: \"r\"\n });\n return result ? entry : null;\n })\n );\n\n return results.filter((entry): entry is CmsEntry => !!entry);\n };\n};\n"],"mappings":";;;;;;AAEA,IAAAA,eAAA,GAAAC,OAAA;AAEA,IAAAC,UAAA,GAAAD,OAAA;AAIA,IAAAE,iBAAA,GAAAF,OAAA;AAEO,MAAMG,4BAA4B,GAAGA,CACxCC,OAAgB,EAChBC,WAAmC,KAClC;EACD,OAAO,OAAOC,KAAe,EAAEC,OAAmB,KAAK;IACnD,MAAM,CAACC,OAAO,CAAC,GAAG,MAAMJ,OAAO,CAACK,GAAG,CAACC,MAAM,CAACC,OAAO,CAAC;MAC/CC,KAAK,EAAE;QACHC,IAAI,EAAE,IAAAC,kCAAgB,EAACR,KAAK;MAChC;IACJ,CAAC,CAAC;IAEF,MAAMS,OAAO,GAAG,MAAMC,OAAO,CAACC,GAAG,CAC7BV,OAAO,CAACW,GAAG,CAAC,MAAMC,KAAK,IAAI;MACvB,MAAMC,QAAQ,GAAGD,KAAK,CAACE,QAAQ,EAAED,QAAQ;MACzC,IAAI,CAACA,QAAQ,IAAIA,QAAQ,KAAKE,sBAAW,EAAE;QACvC,OAAOH,KAAK;MAChB;MAEA,MAAMT,MAAM,GAAGF,OAAO,CAACe,IAAI,CAACb,MAAM,IAAIA,MAAM,CAACc,EAAE,KAAKJ,QAAQ,CAAC;MAC7D,IAAI,CAACV,MAAM,EAAE;QACT,MAAM,IAAIe,6BAAa,CAAC,WAAWL,QAAQ,cAAc,CAAC;MAC9D;MACA,MAAMM,MAAM,GAAG,MAAMrB,WAAW,CAACsB,sBAAsB,CAAC;QACpDjB,MAAM;QACNkB,GAAG,EAAE;MACT,CAAC,CAAC;MACF,OAAOF,MAAM,GAAGP,KAAK,GAAG,IAAI;IAChC,CAAC,CACL,CAAC;IAED,OAAOJ,OAAO,CAACc,MAAM,CAAEV,KAAK,IAAwB,CAAC,CAACA,KAAK,CAAC;EAChE,CAAC;AACL,CAAC;AAACW,OAAA,CAAA3B,4BAAA,GAAAA,4BAAA","ignoreList":[]}

package/utils/decorators/where.d.ts DELETED Viewed

@@ -1,15 +0,0 @@
-import { CmsEntryListWhere, CmsModel } from "@webiny/api-headless-cms/types";
-import { Folder } from "../../folder/folder.types";
-interface Params {
-    model: CmsModel;
-    where: CmsEntryListWhere | undefined;
-    folders: Folder[];
-}
-/**
- * There are multiple cases that we need to handle:
- * * existing location with no AND conditional
- * * existing location with AND conditional
- * * no existing location with no AND conditional + with AND conditional
- */
-export declare const createWhere: (params: Params) => CmsEntryListWhere | undefined;
-export {};