@webiny/api-aco 5.43.0-beta.2 → 5.43.0-beta.3

package/flp/FolderLevelPermissions/useCases/GetDefaultPermissions/DefaultPermissionsMerger.d.ts

@@ -0,0 +1,6 @@
+import type { FolderPermission } from "../../../flp.types";
+import { Identity } from "@webiny/api-authentication/types";
+import { SecurityPermission } from "@webiny/api-security/types";
+export declare class DefaultPermissionsMerger {
+    static merge(identity: Identity, identityPermissions: SecurityPermission[], folderPermissions: FolderPermission[]): FolderPermission[];
+}

package/flp/FolderLevelPermissions/useCases/GetDefaultPermissions/DefaultPermissionsMerger.js

@@ -0,0 +1,77 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.DefaultPermissionsMerger = void 0;
+class DefaultPermissionsMerger {
+  static merge(identity, identityPermissions, folderPermissions) {
+    // If the user has full access permission, add a specific "owner" permission to the list.
+    // This ensures the user has complete control over the folder.
+    const hasFullAccess = identityPermissions.some(p => p.name === "*");
+    if (hasFullAccess) {
+      return [{
+        target: `admin:${identity.id}`,
+        level: "owner",
+        inheritedFrom: "role:full-access"
+      },
+      // Remove any permissions related to the full access user,
+      // as these are always superseded by the "owner" permission defined above.
+      ...folderPermissions.filter(p => p.target !== `admin:${identity.id}`)];
+    }
+    if (folderPermissions.length === 0) {
+      // No permissions provided. This means the folder is public.
+      // Add a specific "public" permission to the list to ensure the folder is accessible to everyone.
+      return [{
+        target: `admin:${identity.id}`,
+        level: "public",
+        inheritedFrom: "public"
+      }];
+    }
+
+    // If there are multiple `admin:${identity.id}` permissions in the array,
+    // we need to pick the one with the highest access level. We also remove
+    // other permissions for the same identity.
+
+    // Get permissions related to the current identity (admin).
+    const currentAdminPermissions = folderPermissions.filter(p => p.target === `admin:${identity.id}`);
+    if (currentAdminPermissions.length === 0) {
+      return folderPermissions;
+    }
+    const noAccessPermission = currentAdminPermissions.find(p => p.level === "no-access" && p.target === `admin:${identity.id}`);
+    if (noAccessPermission) {
+      // If one of the permissions is `no-access`, then we can immediately return it. This is
+      // because `no-access` is the ultimate level of access, and no other permission can override it.
+      // Remove all permissions for the current identity and add the winning one.
+      const filteredPermissions = folderPermissions.filter(p => p.target !== `admin:${identity.id}`);
+      return [...filteredPermissions, noAccessPermission];
+    }
+    const [firstAdminPermission, ...restAdminPermissions] = currentAdminPermissions;
+    const resultPermission = restAdminPermissions.reduce((winner, current) => {
+      const winnerInherits = winner.inheritedFrom?.startsWith("parent:");
+      const currentInherits = current.inheritedFrom?.startsWith("parent:");
+      if (winnerInherits && !currentInherits) {
+        return current;
+      }
+      if (currentInherits && !winnerInherits) {
+        return winner;
+      }
+
+      // At this point, we're either comparing two permissions with `inheritedFrom` or two without it.
+      // In other words, we're now at a point where we start comparing the levels (owner > editor > viewer).
+      if (current.level === "owner") {
+        return current;
+      }
+      if (current.level === "editor" && winner.level === "viewer") {
+        return current;
+      }
+      return winner;
+    }, firstAdminPermission);
+
+    // Remove all permissions for the current identity and add the winning one.
+    return [resultPermission, ...folderPermissions.filter(p => p.target !== `admin:${identity.id}`)];
+  }
+}
+exports.DefaultPermissionsMerger = DefaultPermissionsMerger;
+
+//# sourceMappingURL=DefaultPermissionsMerger.js.map

package/flp/FolderLevelPermissions/useCases/GetDefaultPermissions/DefaultPermissionsMerger.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["DefaultPermissionsMerger","merge","identity","identityPermissions","folderPermissions","hasFullAccess","some","p","name","target","id","level","inheritedFrom","filter","length","currentAdminPermissions","noAccessPermission","find","filteredPermissions","firstAdminPermission","restAdminPermissions","resultPermission","reduce","winner","current","winnerInherits","startsWith","currentInherits","exports"],"sources":["DefaultPermissionsMerger.ts"],"sourcesContent":["import type { FolderAccessLevel, FolderPermission } from \"~/flp/flp.types\";\nimport { Identity } from \"@webiny/api-authentication/types\";\nimport { SecurityPermission } from \"@webiny/api-security/types\";\n\nexport class DefaultPermissionsMerger {\n    static merge(\n        identity: Identity,\n        identityPermissions: SecurityPermission[],\n        folderPermissions: FolderPermission[]\n    ): FolderPermission[] {\n        // If the user has full access permission, add a specific \"owner\" permission to the list.\n        // This ensures the user has complete control over the folder.\n        const hasFullAccess = identityPermissions.some(p => p.name === \"*\");\n        if (hasFullAccess) {\n            return [\n                {\n                    target: `admin:${identity.id}`,\n                    level: \"owner\" as FolderAccessLevel,\n                    inheritedFrom: \"role:full-access\"\n                },\n\n                // Remove any permissions related to the full access user,\n                // as these are always superseded by the \"owner\" permission defined above.\n                ...folderPermissions.filter(p => p.target !== `admin:${identity.id}`)\n            ];\n        }\n\n        if (folderPermissions.length === 0) {\n            // No permissions provided. This means the folder is public.\n            // Add a specific \"public\" permission to the list to ensure the folder is accessible to everyone.\n            return [\n                {\n                    target: `admin:${identity.id}`,\n                    level: \"public\" as FolderAccessLevel,\n                    inheritedFrom: \"public\"\n                }\n            ];\n        }\n\n        // If there are multiple `admin:${identity.id}` permissions in the array,\n        // we need to pick the one with the highest access level. We also remove\n        // other permissions for the same identity.\n\n        // Get permissions related to the current identity (admin).\n        const currentAdminPermissions = folderPermissions.filter(\n            p => p.target === `admin:${identity.id}`\n        );\n\n        if (currentAdminPermissions.length === 0) {\n            return folderPermissions;\n        }\n\n        const noAccessPermission = currentAdminPermissions.find(\n            p => p.level === \"no-access\" && p.target === `admin:${identity.id}`\n        );\n\n        if (noAccessPermission) {\n            // If one of the permissions is `no-access`, then we can immediately return it. This is\n            // because `no-access` is the ultimate level of access, and no other permission can override it.\n            // Remove all permissions for the current identity and add the winning one.\n            const filteredPermissions = folderPermissions.filter(\n                p => p.target !== `admin:${identity.id}`\n            );\n\n            return [...filteredPermissions, noAccessPermission];\n        }\n\n        const [firstAdminPermission, ...restAdminPermissions] = currentAdminPermissions;\n\n        const resultPermission = restAdminPermissions.reduce((winner, current) => {\n            const winnerInherits = winner.inheritedFrom?.startsWith(\"parent:\");\n            const currentInherits = current.inheritedFrom?.startsWith(\"parent:\");\n\n            if (winnerInherits && !currentInherits) {\n                return current;\n            }\n            if (currentInherits && !winnerInherits) {\n                return winner;\n            }\n\n            // At this point, we're either comparing two permissions with `inheritedFrom` or two without it.\n            // In other words, we're now at a point where we start comparing the levels (owner > editor > viewer).\n            if (current.level === \"owner\") {\n                return current;\n            }\n\n            if (current.level === \"editor\" && winner.level === \"viewer\") {\n                return current;\n            }\n\n            return winner;\n        }, firstAdminPermission);\n\n        // Remove all permissions for the current identity and add the winning one.\n        return [\n            resultPermission,\n            ...folderPermissions.filter(p => p.target !== `admin:${identity.id}`)\n        ];\n    }\n}\n"],"mappings":";;;;;;AAIO,MAAMA,wBAAwB,CAAC;EAClC,OAAOC,KAAKA,CACRC,QAAkB,EAClBC,mBAAyC,EACzCC,iBAAqC,EACnB;IAClB;IACA;IACA,MAAMC,aAAa,GAAGF,mBAAmB,CAACG,IAAI,CAACC,CAAC,IAAIA,CAAC,CAACC,IAAI,KAAK,GAAG,CAAC;IACnE,IAAIH,aAAa,EAAE;MACf,OAAO,CACH;QACII,MAAM,EAAE,SAASP,QAAQ,CAACQ,EAAE,EAAE;QAC9BC,KAAK,EAAE,OAA4B;QACnCC,aAAa,EAAE;MACnB,CAAC;MAED;MACA;MACA,GAAGR,iBAAiB,CAACS,MAAM,CAACN,CAAC,IAAIA,CAAC,CAACE,MAAM,KAAK,SAASP,QAAQ,CAACQ,EAAE,EAAE,CAAC,CACxE;IACL;IAEA,IAAIN,iBAAiB,CAACU,MAAM,KAAK,CAAC,EAAE;MAChC;MACA;MACA,OAAO,CACH;QACIL,MAAM,EAAE,SAASP,QAAQ,CAACQ,EAAE,EAAE;QAC9BC,KAAK,EAAE,QAA6B;QACpCC,aAAa,EAAE;MACnB,CAAC,CACJ;IACL;;IAEA;IACA;IACA;;IAEA;IACA,MAAMG,uBAAuB,GAAGX,iBAAiB,CAACS,MAAM,CACpDN,CAAC,IAAIA,CAAC,CAACE,MAAM,KAAK,SAASP,QAAQ,CAACQ,EAAE,EAC1C,CAAC;IAED,IAAIK,uBAAuB,CAACD,MAAM,KAAK,CAAC,EAAE;MACtC,OAAOV,iBAAiB;IAC5B;IAEA,MAAMY,kBAAkB,GAAGD,uBAAuB,CAACE,IAAI,CACnDV,CAAC,IAAIA,CAAC,CAACI,KAAK,KAAK,WAAW,IAAIJ,CAAC,CAACE,MAAM,KAAK,SAASP,QAAQ,CAACQ,EAAE,EACrE,CAAC;IAED,IAAIM,kBAAkB,EAAE;MACpB;MACA;MACA;MACA,MAAME,mBAAmB,GAAGd,iBAAiB,CAACS,MAAM,CAChDN,CAAC,IAAIA,CAAC,CAACE,MAAM,KAAK,SAASP,QAAQ,CAACQ,EAAE,EAC1C,CAAC;MAED,OAAO,CAAC,GAAGQ,mBAAmB,EAAEF,kBAAkB,CAAC;IACvD;IAEA,MAAM,CAACG,oBAAoB,EAAE,GAAGC,oBAAoB,CAAC,GAAGL,uBAAuB;IAE/E,MAAMM,gBAAgB,GAAGD,oBAAoB,CAACE,MAAM,CAAC,CAACC,MAAM,EAAEC,OAAO,KAAK;MACtE,MAAMC,cAAc,GAAGF,MAAM,CAACX,aAAa,EAAEc,UAAU,CAAC,SAAS,CAAC;MAClE,MAAMC,eAAe,GAAGH,OAAO,CAACZ,aAAa,EAAEc,UAAU,CAAC,SAAS,CAAC;MAEpE,IAAID,cAAc,IAAI,CAACE,eAAe,EAAE;QACpC,OAAOH,OAAO;MAClB;MACA,IAAIG,eAAe,IAAI,CAACF,cAAc,EAAE;QACpC,OAAOF,MAAM;MACjB;;MAEA;MACA;MACA,IAAIC,OAAO,CAACb,KAAK,KAAK,OAAO,EAAE;QAC3B,OAAOa,OAAO;MAClB;MAEA,IAAIA,OAAO,CAACb,KAAK,KAAK,QAAQ,IAAIY,MAAM,CAACZ,KAAK,KAAK,QAAQ,EAAE;QACzD,OAAOa,OAAO;MAClB;MAEA,OAAOD,MAAM;IACjB,CAAC,EAAEJ,oBAAoB,CAAC;;IAExB;IACA,OAAO,CACHE,gBAAgB,EAChB,GAAGjB,iBAAiB,CAACS,MAAM,CAACN,CAAC,IAAIA,CAAC,CAACE,MAAM,KAAK,SAASP,QAAQ,CAACQ,EAAE,EAAE,CAAC,CACxE;EACL;AACJ;AAACkB,OAAA,CAAA5B,wBAAA,GAAAA,wBAAA","ignoreList":[]}

package/flp/FolderLevelPermissions/useCases/GetDefaultPermissions/GetDefaultPermissions.d.ts

@@ -6,5 +6,4 @@ export declare class GetDefaultPermissions implements IGetDefaultPermissions {
     private listPermissionsGateway;
     constructor(getIdentityGateway: IGetIdentityGateway, listPermissionsGateway: IListPermissionsGateway);
     execute(permissions: FolderPermission[]): Promise<FolderPermission[]>;
-    private hasFullAccess;
 }

package/flp/FolderLevelPermissions/useCases/GetDefaultPermissions/GetDefaultPermissions.js

@@ -4,48 +4,16 @@ Object.defineProperty(exports, "__esModule", {
   value: true
 });
 exports.GetDefaultPermissions = void 0;
+var _DefaultPermissionsMerger = require("./DefaultPermissionsMerger");
 class GetDefaultPermissions {
   constructor(getIdentityGateway, listPermissionsGateway) {
     this.getIdentityGateway = getIdentityGateway;
     this.listPermissionsGateway = listPermissionsGateway;
   }
   async execute(permissions) {
-    const hasFullAccess = await this.hasFullAccess();
     const identity = this.getIdentityGateway.execute();
-
-    /**
-     * If the user has full access to the application, add a specific "owner" permission to the list.
-     * This ensures the user has complete control over the folder.
-     */
-    if (hasFullAccess) {
-      return [{
-        target: `admin:${identity.id}`,
-        level: "owner",
-        inheritedFrom: "role:full-access"
-      },
-      /**
-       * Remove any permissions related to the full access user,
-       * as these are always superseded by the "owner" permission defined above.
-       */
-      ...permissions.filter(p => p.target !== `admin:${identity.id}`)];
-    }
-    if (permissions.length > 0) {
-      return permissions;
-    }
-
-    /**
-     * No permissions provided. This means the folder is public.
-     * Add a specific "public" permission to the list to ensure the folder is accessible to everyone.
-     */
-    return [{
-      target: `admin:${identity.id}`,
-      level: "public",
-      inheritedFrom: "public"
-    }];
-  }
-  async hasFullAccess() {
-    const permissions = await this.listPermissionsGateway.execute();
-    return permissions.some(p => p.name === "*");
+    const identityPermissions = await this.listPermissionsGateway.execute();
+    return _DefaultPermissionsMerger.DefaultPermissionsMerger.merge(identity, identityPermissions, permissions);
   }
 }
 exports.GetDefaultPermissions = GetDefaultPermissions;

package/flp/FolderLevelPermissions/useCases/GetDefaultPermissions/GetDefaultPermissions.js.map

@@ -1 +1 @@
-{"version":3,"names":["GetDefaultPermissions","constructor","getIdentityGateway","listPermissionsGateway","execute","permissions","hasFullAccess","identity","target","id","level","inheritedFrom","filter","p","length","some","name","exports"],"sources":["GetDefaultPermissions.ts"],"sourcesContent":["import type { IGetDefaultPermissions } from \"./IGetDefaultPermissions\";\nimport type { IGetIdentityGateway, IListPermissionsGateway } from \"../../gateways\";\nimport type { FolderAccessLevel, FolderPermission } from \"~/flp/flp.types\";\n\nexport class GetDefaultPermissions implements IGetDefaultPermissions {\n    private getIdentityGateway: IGetIdentityGateway;\n    private listPermissionsGateway: IListPermissionsGateway;\n\n    constructor(\n        getIdentityGateway: IGetIdentityGateway,\n        listPermissionsGateway: IListPermissionsGateway\n    ) {\n        this.getIdentityGateway = getIdentityGateway;\n        this.listPermissionsGateway = listPermissionsGateway;\n    }\n\n    async execute(permissions: FolderPermission[]) {\n        const hasFullAccess = await this.hasFullAccess();\n        const identity = this.getIdentityGateway.execute();\n\n        /**\n         * If the user has full access to the application, add a specific \"owner\" permission to the list.\n         * This ensures the user has complete control over the folder.\n         */\n        if (hasFullAccess) {\n            return [\n                {\n                    target: `admin:${identity.id}`,\n                    level: \"owner\" as FolderAccessLevel,\n                    inheritedFrom: \"role:full-access\"\n                },\n                /**\n                 * Remove any permissions related to the full access user,\n                 * as these are always superseded by the \"owner\" permission defined above.\n                 */\n                ...permissions.filter(p => p.target !== `admin:${identity.id}`)\n            ];\n        }\n\n        if (permissions.length > 0) {\n            return permissions;\n        }\n\n        /**\n         * No permissions provided. This means the folder is public.\n         * Add a specific \"public\" permission to the list to ensure the folder is accessible to everyone.\n         */\n        return [\n            {\n                target: `admin:${identity.id}`,\n                level: \"public\" as FolderAccessLevel,\n                inheritedFrom: \"public\"\n            }\n        ];\n    }\n\n    private async hasFullAccess(): Promise<boolean> {\n        const permissions = await this.listPermissionsGateway.execute();\n        return permissions.some(p => p.name === \"*\");\n    }\n}\n"],"mappings":";;;;;;AAIO,MAAMA,qBAAqB,CAAmC;EAIjEC,WAAWA,CACPC,kBAAuC,EACvCC,sBAA+C,EACjD;IACE,IAAI,CAACD,kBAAkB,GAAGA,kBAAkB;IAC5C,IAAI,CAACC,sBAAsB,GAAGA,sBAAsB;EACxD;EAEA,MAAMC,OAAOA,CAACC,WAA+B,EAAE;IAC3C,MAAMC,aAAa,GAAG,MAAM,IAAI,CAACA,aAAa,CAAC,CAAC;IAChD,MAAMC,QAAQ,GAAG,IAAI,CAACL,kBAAkB,CAACE,OAAO,CAAC,CAAC;;IAElD;AACR;AACA;AACA;IACQ,IAAIE,aAAa,EAAE;MACf,OAAO,CACH;QACIE,MAAM,EAAE,SAASD,QAAQ,CAACE,EAAE,EAAE;QAC9BC,KAAK,EAAE,OAA4B;QACnCC,aAAa,EAAE;MACnB,CAAC;MACD;AAChB;AACA;AACA;MACgB,GAAGN,WAAW,CAACO,MAAM,CAACC,CAAC,IAAIA,CAAC,CAACL,MAAM,KAAK,SAASD,QAAQ,CAACE,EAAE,EAAE,CAAC,CAClE;IACL;IAEA,IAAIJ,WAAW,CAACS,MAAM,GAAG,CAAC,EAAE;MACxB,OAAOT,WAAW;IACtB;;IAEA;AACR;AACA;AACA;IACQ,OAAO,CACH;MACIG,MAAM,EAAE,SAASD,QAAQ,CAACE,EAAE,EAAE;MAC9BC,KAAK,EAAE,QAA6B;MACpCC,aAAa,EAAE;IACnB,CAAC,CACJ;EACL;EAEA,MAAcL,aAAaA,CAAA,EAAqB;IAC5C,MAAMD,WAAW,GAAG,MAAM,IAAI,CAACF,sBAAsB,CAACC,OAAO,CAAC,CAAC;IAC/D,OAAOC,WAAW,CAACU,IAAI,CAACF,CAAC,IAAIA,CAAC,CAACG,IAAI,KAAK,GAAG,CAAC;EAChD;AACJ;AAACC,OAAA,CAAAjB,qBAAA,GAAAA,qBAAA","ignoreList":[]}
+{"version":3,"names":["_DefaultPermissionsMerger","require","GetDefaultPermissions","constructor","getIdentityGateway","listPermissionsGateway","execute","permissions","identity","identityPermissions","DefaultPermissionsMerger","merge","exports"],"sources":["GetDefaultPermissions.ts"],"sourcesContent":["import type { IGetDefaultPermissions } from \"./IGetDefaultPermissions\";\nimport type { IGetIdentityGateway, IListPermissionsGateway } from \"../../gateways\";\nimport type { FolderPermission } from \"~/flp/flp.types\";\nimport { DefaultPermissionsMerger } from \"./DefaultPermissionsMerger\";\n\nexport class GetDefaultPermissions implements IGetDefaultPermissions {\n    private getIdentityGateway: IGetIdentityGateway;\n    private listPermissionsGateway: IListPermissionsGateway;\n\n    constructor(\n        getIdentityGateway: IGetIdentityGateway,\n        listPermissionsGateway: IListPermissionsGateway\n    ) {\n        this.getIdentityGateway = getIdentityGateway;\n        this.listPermissionsGateway = listPermissionsGateway;\n    }\n\n    async execute(permissions: FolderPermission[]) {\n        const identity = this.getIdentityGateway.execute();\n        const identityPermissions = await this.listPermissionsGateway.execute();\n\n        return DefaultPermissionsMerger.merge(identity, identityPermissions, permissions);\n    }\n}\n"],"mappings":";;;;;;AAGA,IAAAA,yBAAA,GAAAC,OAAA;AAEO,MAAMC,qBAAqB,CAAmC;EAIjEC,WAAWA,CACPC,kBAAuC,EACvCC,sBAA+C,EACjD;IACE,IAAI,CAACD,kBAAkB,GAAGA,kBAAkB;IAC5C,IAAI,CAACC,sBAAsB,GAAGA,sBAAsB;EACxD;EAEA,MAAMC,OAAOA,CAACC,WAA+B,EAAE;IAC3C,MAAMC,QAAQ,GAAG,IAAI,CAACJ,kBAAkB,CAACE,OAAO,CAAC,CAAC;IAClD,MAAMG,mBAAmB,GAAG,MAAM,IAAI,CAACJ,sBAAsB,CAACC,OAAO,CAAC,CAAC;IAEvE,OAAOI,kDAAwB,CAACC,KAAK,CAACH,QAAQ,EAAEC,mBAAmB,EAAEF,WAAW,CAAC;EACrF;AACJ;AAACK,OAAA,CAAAV,qBAAA,GAAAA,qBAAA","ignoreList":[]}

package/flp/FolderLevelPermissions/useCases/GetDefaultPermissions/GetDefaultPermissionsWithTeams.d.ts

@@ -6,5 +6,5 @@ export declare class GetDefaultPermissionsWithTeams implements IGetDefaultPermis
     private listIdentityTeamsGateway;
     private decoretee;
     constructor(getIdentityGateway: IGetIdentityGateway, listIdentityTeamsGateway: IListIdentityTeamsGateway, decoretee: IGetDefaultPermissions);
-    execute(permissions: FolderPermission[]): Promise<FolderPermission[]>;
+    execute(originalPermissions: FolderPermission[]): Promise<FolderPermission[]>;
 }

package/flp/FolderLevelPermissions/useCases/GetDefaultPermissions/GetDefaultPermissionsWithTeams.js

@@ -10,7 +10,7 @@ class GetDefaultPermissionsWithTeams {
     this.listIdentityTeamsGateway = listIdentityTeamsGateway;
     this.decoretee = decoretee;
   }
-  async execute(permissions) {
+  async execute(originalPermissions) {
     /**
      * Retrieves the list of teams the current identity belongs to and checks if any of these teams
      * have permissions for the folder. If a team has permissions, the current identity is granted
@@ -18,6 +18,8 @@ class GetDefaultPermissionsWithTeams {
      */
     const identity = this.getIdentityGateway.execute();
     const identityTeams = (await this.listIdentityTeamsGateway.execute()) ?? [];
+    const permissions = [...originalPermissions]; // Clone the original permissions to avoid mutation.
+
     if (identityTeams.length) {
       for (const identityTeam of identityTeams) {
         // Check if the team has permissions for the folder.

package/flp/FolderLevelPermissions/useCases/GetDefaultPermissions/GetDefaultPermissionsWithTeams.js.map

@@ -1 +1 @@
-{"version":3,"names":["GetDefaultPermissionsWithTeams","constructor","getIdentityGateway","listIdentityTeamsGateway","decoretee","execute","permissions","identity","identityTeams","length","identityTeam","teamPermission","find","p","target","id","push","level","inheritedFrom","exports"],"sources":["GetDefaultPermissionsWithTeams.ts"],"sourcesContent":["import type { IGetDefaultPermissions } from \"./IGetDefaultPermissions\";\nimport type {\n    IGetIdentityGateway,\n    IListIdentityTeamsGateway\n} from \"~/flp/FolderLevelPermissions/gateways\";\nimport type { FolderPermission } from \"~/flp/flp.types\";\nimport { Team } from \"@webiny/api-security/types\";\n\nexport class GetDefaultPermissionsWithTeams implements IGetDefaultPermissions {\n    private getIdentityGateway: IGetIdentityGateway;\n    private listIdentityTeamsGateway: IListIdentityTeamsGateway;\n    private decoretee: IGetDefaultPermissions;\n\n    constructor(\n        getIdentityGateway: IGetIdentityGateway,\n        listIdentityTeamsGateway: IListIdentityTeamsGateway,\n        decoretee: IGetDefaultPermissions\n    ) {\n        this.getIdentityGateway = getIdentityGateway;\n        this.listIdentityTeamsGateway = listIdentityTeamsGateway;\n        this.decoretee = decoretee;\n    }\n\n    async execute(permissions: FolderPermission[]) {\n        /**\n         * Retrieves the list of teams the current identity belongs to and checks if any of these teams\n         * have permissions for the folder. If a team has permissions, the current identity is granted\n         * the same permissions, inheriting them from the team.\n         */\n        const identity = this.getIdentityGateway.execute();\n        const identityTeams: Team[] = (await this.listIdentityTeamsGateway.execute()) ?? [];\n\n        if (identityTeams.length) {\n            for (const identityTeam of identityTeams) {\n                // Check if the team has permissions for the folder.\n                const teamPermission = permissions.find(\n                    p => p.target === `team:${identityTeam.id}`\n                );\n\n                if (teamPermission) {\n                    // Grant the current identity the same permissions as the team, marking them as inherited.\n                    permissions.push({\n                        target: `admin:${identity.id}`,\n                        level: teamPermission.level,\n                        inheritedFrom: \"team:\" + identityTeam.id\n                    });\n                }\n            }\n        }\n\n        return await this.decoretee.execute(permissions);\n    }\n}\n"],"mappings":";;;;;;AAQO,MAAMA,8BAA8B,CAAmC;EAK1EC,WAAWA,CACPC,kBAAuC,EACvCC,wBAAmD,EACnDC,SAAiC,EACnC;IACE,IAAI,CAACF,kBAAkB,GAAGA,kBAAkB;IAC5C,IAAI,CAACC,wBAAwB,GAAGA,wBAAwB;IACxD,IAAI,CAACC,SAAS,GAAGA,SAAS;EAC9B;EAEA,MAAMC,OAAOA,CAACC,WAA+B,EAAE;IAC3C;AACR;AACA;AACA;AACA;IACQ,MAAMC,QAAQ,GAAG,IAAI,CAACL,kBAAkB,CAACG,OAAO,CAAC,CAAC;IAClD,MAAMG,aAAqB,GAAG,CAAC,MAAM,IAAI,CAACL,wBAAwB,CAACE,OAAO,CAAC,CAAC,KAAK,EAAE;IAEnF,IAAIG,aAAa,CAACC,MAAM,EAAE;MACtB,KAAK,MAAMC,YAAY,IAAIF,aAAa,EAAE;QACtC;QACA,MAAMG,cAAc,GAAGL,WAAW,CAACM,IAAI,CACnCC,CAAC,IAAIA,CAAC,CAACC,MAAM,KAAK,QAAQJ,YAAY,CAACK,EAAE,EAC7C,CAAC;QAED,IAAIJ,cAAc,EAAE;UAChB;UACAL,WAAW,CAACU,IAAI,CAAC;YACbF,MAAM,EAAE,SAASP,QAAQ,CAACQ,EAAE,EAAE;YAC9BE,KAAK,EAAEN,cAAc,CAACM,KAAK;YAC3BC,aAAa,EAAE,OAAO,GAAGR,YAAY,CAACK;UAC1C,CAAC,CAAC;QACN;MACJ;IACJ;IAEA,OAAO,MAAM,IAAI,CAACX,SAAS,CAACC,OAAO,CAACC,WAAW,CAAC;EACpD;AACJ;AAACa,OAAA,CAAAnB,8BAAA,GAAAA,8BAAA","ignoreList":[]}
+{"version":3,"names":["GetDefaultPermissionsWithTeams","constructor","getIdentityGateway","listIdentityTeamsGateway","decoretee","execute","originalPermissions","identity","identityTeams","permissions","length","identityTeam","teamPermission","find","p","target","id","push","level","inheritedFrom","exports"],"sources":["GetDefaultPermissionsWithTeams.ts"],"sourcesContent":["import type { IGetDefaultPermissions } from \"./IGetDefaultPermissions\";\nimport type {\n    IGetIdentityGateway,\n    IListIdentityTeamsGateway\n} from \"~/flp/FolderLevelPermissions/gateways\";\nimport type { FolderPermission } from \"~/flp/flp.types\";\nimport { Team } from \"@webiny/api-security/types\";\n\nexport class GetDefaultPermissionsWithTeams implements IGetDefaultPermissions {\n    private getIdentityGateway: IGetIdentityGateway;\n    private listIdentityTeamsGateway: IListIdentityTeamsGateway;\n    private decoretee: IGetDefaultPermissions;\n\n    constructor(\n        getIdentityGateway: IGetIdentityGateway,\n        listIdentityTeamsGateway: IListIdentityTeamsGateway,\n        decoretee: IGetDefaultPermissions\n    ) {\n        this.getIdentityGateway = getIdentityGateway;\n        this.listIdentityTeamsGateway = listIdentityTeamsGateway;\n        this.decoretee = decoretee;\n    }\n\n    async execute(originalPermissions: FolderPermission[]) {\n        /**\n         * Retrieves the list of teams the current identity belongs to and checks if any of these teams\n         * have permissions for the folder. If a team has permissions, the current identity is granted\n         * the same permissions, inheriting them from the team.\n         */\n        const identity = this.getIdentityGateway.execute();\n        const identityTeams: Team[] = (await this.listIdentityTeamsGateway.execute()) ?? [];\n\n        const permissions = [...originalPermissions]; // Clone the original permissions to avoid mutation.\n\n        if (identityTeams.length) {\n            for (const identityTeam of identityTeams) {\n                // Check if the team has permissions for the folder.\n                const teamPermission = permissions.find(\n                    p => p.target === `team:${identityTeam.id}`\n                );\n\n                if (teamPermission) {\n                    // Grant the current identity the same permissions as the team, marking them as inherited.\n                    permissions.push({\n                        target: `admin:${identity.id}`,\n                        level: teamPermission.level,\n                        inheritedFrom: \"team:\" + identityTeam.id\n                    });\n                }\n            }\n        }\n\n        return await this.decoretee.execute(permissions);\n    }\n}\n"],"mappings":";;;;;;AAQO,MAAMA,8BAA8B,CAAmC;EAK1EC,WAAWA,CACPC,kBAAuC,EACvCC,wBAAmD,EACnDC,SAAiC,EACnC;IACE,IAAI,CAACF,kBAAkB,GAAGA,kBAAkB;IAC5C,IAAI,CAACC,wBAAwB,GAAGA,wBAAwB;IACxD,IAAI,CAACC,SAAS,GAAGA,SAAS;EAC9B;EAEA,MAAMC,OAAOA,CAACC,mBAAuC,EAAE;IACnD;AACR;AACA;AACA;AACA;IACQ,MAAMC,QAAQ,GAAG,IAAI,CAACL,kBAAkB,CAACG,OAAO,CAAC,CAAC;IAClD,MAAMG,aAAqB,GAAG,CAAC,MAAM,IAAI,CAACL,wBAAwB,CAACE,OAAO,CAAC,CAAC,KAAK,EAAE;IAEnF,MAAMI,WAAW,GAAG,CAAC,GAAGH,mBAAmB,CAAC,CAAC,CAAC;;IAE9C,IAAIE,aAAa,CAACE,MAAM,EAAE;MACtB,KAAK,MAAMC,YAAY,IAAIH,aAAa,EAAE;QACtC;QACA,MAAMI,cAAc,GAAGH,WAAW,CAACI,IAAI,CACnCC,CAAC,IAAIA,CAAC,CAACC,MAAM,KAAK,QAAQJ,YAAY,CAACK,EAAE,EAC7C,CAAC;QAED,IAAIJ,cAAc,EAAE;UAChB;UACAH,WAAW,CAACQ,IAAI,CAAC;YACbF,MAAM,EAAE,SAASR,QAAQ,CAACS,EAAE,EAAE;YAC9BE,KAAK,EAAEN,cAAc,CAACM,KAAK;YAC3BC,aAAa,EAAE,OAAO,GAAGR,YAAY,CAACK;UAC1C,CAAC,CAAC;QACN;MACJ;IACJ;IAEA,OAAO,MAAM,IAAI,CAACZ,SAAS,CAACC,OAAO,CAACI,WAAW,CAAC;EACpD;AACJ;AAACW,OAAA,CAAApB,8BAAA,GAAAA,8BAAA","ignoreList":[]}

package/flp/useCases/Permissions.d.ts

@@ -1,4 +1,4 @@
-import type { FolderLevelPermission as IFolderLevelPermission, FolderPermission } from "../flp.types";
+import type { FolderLevelPermission, FolderPermission } from "../flp.types";
 export declare class Permissions {
-    static create(permissions?: FolderPermission[], parentFlp?: Pick<IFolderLevelPermission, "id" | "permissions"> | null): FolderPermission[];
+    static create(permissions?: FolderPermission[], parentFlp?: FolderLevelPermission | null): FolderPermission[];
 }

package/flp/useCases/Permissions.js

@@ -6,31 +6,40 @@ Object.defineProperty(exports, "__esModule", {
 exports.Permissions = void 0;
 class Permissions {
   static create(permissions, parentFlp) {
-    const folderPermissions = permissions ?? [];
-
-    // No permissions from the parent, let's return the permissions provided by the folder.
-    if (!parentFlp || !parentFlp.permissions?.length) {
-      return folderPermissions;
+    const parentFolderPermissions = parentFlp?.permissions || [];
+    const currentFolderPermissions = permissions?.filter(p => p.inheritedFrom !== `parent:${parentFlp?.id}`) || [];
+    if (!parentFolderPermissions.length) {
+      return currentFolderPermissions;
     }
-    const {
-      id: parentId,
-      permissions: parentPermissions
-    } = parentFlp;
-
-    // Remove all previously inherited permissions
-    const cleanedPermissions = folderPermissions.filter(p => p.inheritedFrom !== `parent:${parentId}`);
 
-    // Store the `target` values from the current cleaned permissions.
-    // These will be used to exclude inherited permissions that target the same entities as the current folder's permissions.
-    const permissionsTargets = new Set(cleanedPermissions.map(p => p.target));
+    // Merge parent and current folder permissions:
+    // - current folder permissions take precedence over parent permissions
+    // - only if parent permission's level is set to `no-access`, then we ignore the current folder permission
+    const permissionsInheritedFromParentFolder = [];
+    for (const parentFolderPermission of parentFolderPermissions) {
+      if (parentFolderPermission.level === "no-access") {
+        permissionsInheritedFromParentFolder.push({
+          ...parentFolderPermission,
+          inheritedFrom: `parent:${parentFlp.id}`
+        });
+        continue;
+      }
+      const currentFolderHasOverridePermission = currentFolderPermissions.some(permission => permission.target === parentFolderPermission.target);
+      if (currentFolderHasOverridePermission) {
+        continue;
+      }
+      permissionsInheritedFromParentFolder.push({
+        ...parentFolderPermission,
+        inheritedFrom: `parent:${parentFlp.id}`
+      });
+    }
 
-    // Get inherited permissions from parent, preserving the original inheritance chain
-    const inheritedPermissions = parentPermissions.filter(p => !permissionsTargets.has(p.target)).map(p => ({
-      ...p,
-      // If the permission was already inherited, keep its original source
-      inheritedFrom: `parent:${parentId}`
-    }));
-    return [...cleanedPermissions, ...inheritedPermissions];
+    // Add current folder permissions that are not present in the parent folder permissions.
+    const applicableCurrentFolderPermissions = currentFolderPermissions.filter(permission => {
+      const alreadyInInheritedPermissions = permissionsInheritedFromParentFolder.some(p => p.target === permission.target);
+      return !alreadyInInheritedPermissions;
+    });
+    return [...applicableCurrentFolderPermissions, ...permissionsInheritedFromParentFolder];
   }
 }
 exports.Permissions = Permissions;

package/flp/useCases/Permissions.js.map

@@ -1 +1 @@
-{"version":3,"names":["Permissions","create","permissions","parentFlp","folderPermissions","length","id","parentId","parentPermissions","cleanedPermissions","filter","p","inheritedFrom","permissionsTargets","Set","map","target","inheritedPermissions","has","exports"],"sources":["Permissions.ts"],"sourcesContent":["import type {\n    FolderLevelPermission as IFolderLevelPermission,\n    FolderPermission\n} from \"~/flp/flp.types\";\n\nexport class Permissions {\n    public static create(\n        permissions?: FolderPermission[],\n        parentFlp?: Pick<IFolderLevelPermission, \"id\" | \"permissions\"> | null\n    ): FolderPermission[] {\n        const folderPermissions = permissions ?? [];\n\n        // No permissions from the parent, let's return the permissions provided by the folder.\n        if (!parentFlp || !parentFlp.permissions?.length) {\n            return folderPermissions;\n        }\n\n        const { id: parentId, permissions: parentPermissions } = parentFlp;\n\n        // Remove all previously inherited permissions\n        const cleanedPermissions = folderPermissions.filter(\n            p => p.inheritedFrom !== `parent:${parentId}`\n        );\n\n        // Store the `target` values from the current cleaned permissions.\n        // These will be used to exclude inherited permissions that target the same entities as the current folder's permissions.\n        const permissionsTargets = new Set(cleanedPermissions.map(p => p.target));\n\n        // Get inherited permissions from parent, preserving the original inheritance chain\n        const inheritedPermissions = parentPermissions\n            .filter(p => !permissionsTargets.has(p.target))\n            .map(p => ({\n                ...p,\n                // If the permission was already inherited, keep its original source\n                inheritedFrom: `parent:${parentId}`\n            }));\n\n        return [...cleanedPermissions, ...inheritedPermissions];\n    }\n}\n"],"mappings":";;;;;;AAKO,MAAMA,WAAW,CAAC;EACrB,OAAcC,MAAMA,CAChBC,WAAgC,EAChCC,SAAqE,EACnD;IAClB,MAAMC,iBAAiB,GAAGF,WAAW,IAAI,EAAE;;IAE3C;IACA,IAAI,CAACC,SAAS,IAAI,CAACA,SAAS,CAACD,WAAW,EAAEG,MAAM,EAAE;MAC9C,OAAOD,iBAAiB;IAC5B;IAEA,MAAM;MAAEE,EAAE,EAAEC,QAAQ;MAAEL,WAAW,EAAEM;IAAkB,CAAC,GAAGL,SAAS;;IAElE;IACA,MAAMM,kBAAkB,GAAGL,iBAAiB,CAACM,MAAM,CAC/CC,CAAC,IAAIA,CAAC,CAACC,aAAa,KAAK,UAAUL,QAAQ,EAC/C,CAAC;;IAED;IACA;IACA,MAAMM,kBAAkB,GAAG,IAAIC,GAAG,CAACL,kBAAkB,CAACM,GAAG,CAACJ,CAAC,IAAIA,CAAC,CAACK,MAAM,CAAC,CAAC;;IAEzE;IACA,MAAMC,oBAAoB,GAAGT,iBAAiB,CACzCE,MAAM,CAACC,CAAC,IAAI,CAACE,kBAAkB,CAACK,GAAG,CAACP,CAAC,CAACK,MAAM,CAAC,CAAC,CAC9CD,GAAG,CAACJ,CAAC,KAAK;MACP,GAAGA,CAAC;MACJ;MACAC,aAAa,EAAE,UAAUL,QAAQ;IACrC,CAAC,CAAC,CAAC;IAEP,OAAO,CAAC,GAAGE,kBAAkB,EAAE,GAAGQ,oBAAoB,CAAC;EAC3D;AACJ;AAACE,OAAA,CAAAnB,WAAA,GAAAA,WAAA","ignoreList":[]}
+{"version":3,"names":["Permissions","create","permissions","parentFlp","parentFolderPermissions","currentFolderPermissions","filter","p","inheritedFrom","id","length","permissionsInheritedFromParentFolder","parentFolderPermission","level","push","currentFolderHasOverridePermission","some","permission","target","applicableCurrentFolderPermissions","alreadyInInheritedPermissions","exports"],"sources":["Permissions.ts"],"sourcesContent":["import type { FolderLevelPermission, FolderPermission } from \"~/flp/flp.types\";\n\nexport class Permissions {\n    public static create(\n        permissions?: FolderPermission[],\n        parentFlp?: FolderLevelPermission | null\n    ): FolderPermission[] {\n        const parentFolderPermissions = parentFlp?.permissions || [];\n        const currentFolderPermissions =\n            permissions?.filter(p => p.inheritedFrom !== `parent:${parentFlp?.id}`) || [];\n\n        if (!parentFolderPermissions.length) {\n            return currentFolderPermissions;\n        }\n\n        // Merge parent and current folder permissions:\n        // - current folder permissions take precedence over parent permissions\n        // - only if parent permission's level is set to `no-access`, then we ignore the current folder permission\n        const permissionsInheritedFromParentFolder: FolderPermission[] = [];\n\n        for (const parentFolderPermission of parentFolderPermissions) {\n            if (parentFolderPermission.level === \"no-access\") {\n                permissionsInheritedFromParentFolder.push({\n                    ...parentFolderPermission,\n                    inheritedFrom: `parent:${parentFlp!.id}`\n                });\n                continue;\n            }\n\n            const currentFolderHasOverridePermission = currentFolderPermissions.some(\n                permission => permission.target === parentFolderPermission.target\n            );\n\n            if (currentFolderHasOverridePermission) {\n                continue;\n            }\n\n            permissionsInheritedFromParentFolder.push({\n                ...parentFolderPermission,\n                inheritedFrom: `parent:${parentFlp!.id}`\n            });\n        }\n\n        // Add current folder permissions that are not present in the parent folder permissions.\n        const applicableCurrentFolderPermissions = currentFolderPermissions.filter(permission => {\n            const alreadyInInheritedPermissions = permissionsInheritedFromParentFolder.some(\n                p => p.target === permission.target\n            );\n\n            return !alreadyInInheritedPermissions;\n        });\n\n        return [...applicableCurrentFolderPermissions, ...permissionsInheritedFromParentFolder];\n    }\n}\n"],"mappings":";;;;;;AAEO,MAAMA,WAAW,CAAC;EACrB,OAAcC,MAAMA,CAChBC,WAAgC,EAChCC,SAAwC,EACtB;IAClB,MAAMC,uBAAuB,GAAGD,SAAS,EAAED,WAAW,IAAI,EAAE;IAC5D,MAAMG,wBAAwB,GAC1BH,WAAW,EAAEI,MAAM,CAACC,CAAC,IAAIA,CAAC,CAACC,aAAa,KAAK,UAAUL,SAAS,EAAEM,EAAE,EAAE,CAAC,IAAI,EAAE;IAEjF,IAAI,CAACL,uBAAuB,CAACM,MAAM,EAAE;MACjC,OAAOL,wBAAwB;IACnC;;IAEA;IACA;IACA;IACA,MAAMM,oCAAwD,GAAG,EAAE;IAEnE,KAAK,MAAMC,sBAAsB,IAAIR,uBAAuB,EAAE;MAC1D,IAAIQ,sBAAsB,CAACC,KAAK,KAAK,WAAW,EAAE;QAC9CF,oCAAoC,CAACG,IAAI,CAAC;UACtC,GAAGF,sBAAsB;UACzBJ,aAAa,EAAE,UAAUL,SAAS,CAAEM,EAAE;QAC1C,CAAC,CAAC;QACF;MACJ;MAEA,MAAMM,kCAAkC,GAAGV,wBAAwB,CAACW,IAAI,CACpEC,UAAU,IAAIA,UAAU,CAACC,MAAM,KAAKN,sBAAsB,CAACM,MAC/D,CAAC;MAED,IAAIH,kCAAkC,EAAE;QACpC;MACJ;MAEAJ,oCAAoC,CAACG,IAAI,CAAC;QACtC,GAAGF,sBAAsB;QACzBJ,aAAa,EAAE,UAAUL,SAAS,CAAEM,EAAE;MAC1C,CAAC,CAAC;IACN;;IAEA;IACA,MAAMU,kCAAkC,GAAGd,wBAAwB,CAACC,MAAM,CAACW,UAAU,IAAI;MACrF,MAAMG,6BAA6B,GAAGT,oCAAoC,CAACK,IAAI,CAC3ET,CAAC,IAAIA,CAAC,CAACW,MAAM,KAAKD,UAAU,CAACC,MACjC,CAAC;MAED,OAAO,CAACE,6BAA6B;IACzC,CAAC,CAAC;IAEF,OAAO,CAAC,GAAGD,kCAAkC,EAAE,GAAGR,oCAAoC,CAAC;EAC3F;AACJ;AAACU,OAAA,CAAArB,WAAA,GAAAA,WAAA","ignoreList":[]}

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@webiny/api-aco",
-	"version": "5.43.0-beta.2",
+	"version": "5.43.0-beta.3",
 	"main": "index.js",
 	"keywords": [
 		"aco:base"
@@ -22,38 +22,38 @@
 		"directory": "dist"
 	},
 	"dependencies": {
-		"@webiny/api": "5.43.0-beta.2",
-		"@webiny/api-authentication": "5.43.0-beta.2",
-		"@webiny/api-headless-cms": "5.43.0-beta.2",
-		"@webiny/api-i18n": "5.43.0-beta.2",
-		"@webiny/api-security": "5.43.0-beta.2",
-		"@webiny/api-tenancy": "5.43.0-beta.2",
-		"@webiny/aws-sdk": "5.43.0-beta.2",
-		"@webiny/db-dynamodb": "5.43.0-beta.2",
-		"@webiny/error": "5.43.0-beta.2",
-		"@webiny/handler": "5.43.0-beta.2",
-		"@webiny/handler-graphql": "5.43.0-beta.2",
-		"@webiny/pubsub": "5.43.0-beta.2",
-		"@webiny/tasks": "5.43.0-beta.2",
-		"@webiny/utils": "5.43.0-beta.2",
-		"@webiny/validation": "5.43.0-beta.2",
+		"@webiny/api": "5.43.0-beta.3",
+		"@webiny/api-authentication": "5.43.0-beta.3",
+		"@webiny/api-headless-cms": "5.43.0-beta.3",
+		"@webiny/api-i18n": "5.43.0-beta.3",
+		"@webiny/api-security": "5.43.0-beta.3",
+		"@webiny/api-tenancy": "5.43.0-beta.3",
+		"@webiny/aws-sdk": "5.43.0-beta.3",
+		"@webiny/db-dynamodb": "5.43.0-beta.3",
+		"@webiny/error": "5.43.0-beta.3",
+		"@webiny/handler": "5.43.0-beta.3",
+		"@webiny/handler-graphql": "5.43.0-beta.3",
+		"@webiny/pubsub": "5.43.0-beta.3",
+		"@webiny/tasks": "5.43.0-beta.3",
+		"@webiny/utils": "5.43.0-beta.3",
+		"@webiny/validation": "5.43.0-beta.3",
 		"lodash": "4.17.21"
 	},
 	"devDependencies": {
-		"@webiny/api-admin-users": "5.43.0-beta.2",
-		"@webiny/api-file-manager": "5.43.0-beta.2",
-		"@webiny/api-i18n-ddb": "5.43.0-beta.2",
-		"@webiny/api-security-so-ddb": "5.43.0-beta.2",
-		"@webiny/api-tenancy-so-ddb": "5.43.0-beta.2",
-		"@webiny/api-wcp": "5.43.0-beta.2",
-		"@webiny/handler-aws": "5.43.0-beta.2",
-		"@webiny/plugins": "5.43.0-beta.2",
-		"@webiny/project-utils": "5.43.0-beta.2",
-		"@webiny/wcp": "5.43.0-beta.2",
+		"@webiny/api-admin-users": "5.43.0-beta.3",
+		"@webiny/api-file-manager": "5.43.0-beta.3",
+		"@webiny/api-i18n-ddb": "5.43.0-beta.3",
+		"@webiny/api-security-so-ddb": "5.43.0-beta.3",
+		"@webiny/api-tenancy-so-ddb": "5.43.0-beta.3",
+		"@webiny/api-wcp": "5.43.0-beta.3",
+		"@webiny/handler-aws": "5.43.0-beta.3",
+		"@webiny/plugins": "5.43.0-beta.3",
+		"@webiny/project-utils": "5.43.0-beta.3",
+		"@webiny/wcp": "5.43.0-beta.3",
 		"graphql": "15.9.0",
 		"prettier": "2.8.8",
 		"rimraf": "6.0.1",
 		"typescript": "5.3.3"
 	},
-	"gitHead": "dbed8c263df662358aca18c3cf452cd280f2dfd9"
+	"gitHead": "bb3de95f65a48bc7264719fcd2d78bf78749fc69"
 }