@webiny/api-aco 5.43.2-beta.0 → 6.0.0-alpha.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -55,7 +55,7 @@ class UpdateFolderWithFolderLevelPermissions {
|
|
|
55
55
|
const parentPermissions = await this.folderLevelPermissions.getFolderLevelPermissions(params.parentId);
|
|
56
56
|
await this.folderLevelPermissions.ensureCanAccessFolder({
|
|
57
57
|
permissions: parentPermissions,
|
|
58
|
-
rwd: "
|
|
58
|
+
rwd: "r"
|
|
59
59
|
});
|
|
60
60
|
} catch (e) {
|
|
61
61
|
if (e instanceof _apiSecurity.NotAuthorizedError) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_apiSecurity","require","_error","_interopRequireDefault","UpdateFolderWithFolderLevelPermissions","constructor","folderLevelPermissions","getOperation","decoretee","execute","id","params","original","originalPermissions","getFolderLevelPermissions","ensureCanAccessFolder","permissions","rwd","getDefaultPermissions","stillHasAccess","canAccessFolder","WError","Array","isArray","forEach","permission","targetIsValid","target","startsWith","Error","inheritedFrom","parentId","parentPermissions","e","NotAuthorizedError","folder","exports"],"sources":["UpdateFolderWithFolderLevelPermissions.ts"],"sourcesContent":["import { NotAuthorizedError } from \"@webiny/api-security\";\nimport WError from \"@webiny/error\";\nimport type { AcoFolderStorageOperations, UpdateFolderParams } from \"~/folder/folder.types\";\nimport type { IUpdateFolder } from \"./IUpdateFolder\";\nimport { FolderLevelPermissions } from \"~/flp\";\n\nexport class UpdateFolderWithFolderLevelPermissions implements IUpdateFolder {\n private folderLevelPermissions: FolderLevelPermissions;\n private readonly getOperation: AcoFolderStorageOperations[\"getFolder\"];\n private readonly decoretee: IUpdateFolder;\n\n constructor(\n folderLevelPermissions: FolderLevelPermissions,\n getOperation: AcoFolderStorageOperations[\"getFolder\"],\n decoretee: IUpdateFolder\n ) {\n this.folderLevelPermissions = folderLevelPermissions;\n this.getOperation = getOperation;\n this.decoretee = decoretee;\n }\n\n async execute(id: string, params: UpdateFolderParams) {\n const original = await this.getOperation({ id });\n const originalPermissions = await this.folderLevelPermissions.getFolderLevelPermissions(id);\n\n // Let's ensure current identity's permission allows the update operation.\n await this.folderLevelPermissions.ensureCanAccessFolder({\n permissions: originalPermissions,\n rwd: \"w\"\n });\n\n const permissions = await this.folderLevelPermissions.getDefaultPermissions(\n params.permissions ?? []\n );\n\n // Check if the user still has access to the folder with the provided permissions.\n const stillHasAccess = await this.folderLevelPermissions.canAccessFolder({\n permissions,\n rwd: \"w\"\n });\n\n if (!stillHasAccess) {\n throw new WError(\n `Cannot continue because you would loose access to this folder.`,\n \"CANNOT_LOOSE_FOLDER_ACCESS\"\n );\n }\n\n // Validate data.\n if (Array.isArray(params.permissions)) {\n params.permissions.forEach(permission => {\n const targetIsValid =\n permission.target.startsWith(\"admin:\") || permission.target.startsWith(\"team:\");\n if (!targetIsValid) {\n throw new Error(`Permission target \"${permission.target}\" is not valid.`);\n }\n\n if (permission.inheritedFrom) {\n throw new Error(`Permission \"inheritedFrom\" cannot be set manually.`);\n }\n });\n }\n\n // Parent change is not allowed if the user doesn't have access to the new parent.\n if (params.parentId && params.parentId !== original.parentId) {\n try {\n // Getting the parent folder permissions will throw an error if the user doesn't have access.\n const parentPermissions =\n await this.folderLevelPermissions.getFolderLevelPermissions(params.parentId);\n\n await this.folderLevelPermissions.ensureCanAccessFolder({\n permissions: parentPermissions,\n rwd: \"
|
|
1
|
+
{"version":3,"names":["_apiSecurity","require","_error","_interopRequireDefault","UpdateFolderWithFolderLevelPermissions","constructor","folderLevelPermissions","getOperation","decoretee","execute","id","params","original","originalPermissions","getFolderLevelPermissions","ensureCanAccessFolder","permissions","rwd","getDefaultPermissions","stillHasAccess","canAccessFolder","WError","Array","isArray","forEach","permission","targetIsValid","target","startsWith","Error","inheritedFrom","parentId","parentPermissions","e","NotAuthorizedError","folder","exports"],"sources":["UpdateFolderWithFolderLevelPermissions.ts"],"sourcesContent":["import { NotAuthorizedError } from \"@webiny/api-security\";\nimport WError from \"@webiny/error\";\nimport type { AcoFolderStorageOperations, UpdateFolderParams } from \"~/folder/folder.types\";\nimport type { IUpdateFolder } from \"./IUpdateFolder\";\nimport { FolderLevelPermissions } from \"~/flp\";\n\nexport class UpdateFolderWithFolderLevelPermissions implements IUpdateFolder {\n private folderLevelPermissions: FolderLevelPermissions;\n private readonly getOperation: AcoFolderStorageOperations[\"getFolder\"];\n private readonly decoretee: IUpdateFolder;\n\n constructor(\n folderLevelPermissions: FolderLevelPermissions,\n getOperation: AcoFolderStorageOperations[\"getFolder\"],\n decoretee: IUpdateFolder\n ) {\n this.folderLevelPermissions = folderLevelPermissions;\n this.getOperation = getOperation;\n this.decoretee = decoretee;\n }\n\n async execute(id: string, params: UpdateFolderParams) {\n const original = await this.getOperation({ id });\n const originalPermissions = await this.folderLevelPermissions.getFolderLevelPermissions(id);\n\n // Let's ensure current identity's permission allows the update operation.\n await this.folderLevelPermissions.ensureCanAccessFolder({\n permissions: originalPermissions,\n rwd: \"w\"\n });\n\n const permissions = await this.folderLevelPermissions.getDefaultPermissions(\n params.permissions ?? []\n );\n\n // Check if the user still has access to the folder with the provided permissions.\n const stillHasAccess = await this.folderLevelPermissions.canAccessFolder({\n permissions,\n rwd: \"w\"\n });\n\n if (!stillHasAccess) {\n throw new WError(\n `Cannot continue because you would loose access to this folder.`,\n \"CANNOT_LOOSE_FOLDER_ACCESS\"\n );\n }\n\n // Validate data.\n if (Array.isArray(params.permissions)) {\n params.permissions.forEach(permission => {\n const targetIsValid =\n permission.target.startsWith(\"admin:\") || permission.target.startsWith(\"team:\");\n if (!targetIsValid) {\n throw new Error(`Permission target \"${permission.target}\" is not valid.`);\n }\n\n if (permission.inheritedFrom) {\n throw new Error(`Permission \"inheritedFrom\" cannot be set manually.`);\n }\n });\n }\n\n // Parent change is not allowed if the user doesn't have access to the new parent.\n if (params.parentId && params.parentId !== original.parentId) {\n try {\n // Getting the parent folder permissions will throw an error if the user doesn't have access.\n const parentPermissions =\n await this.folderLevelPermissions.getFolderLevelPermissions(params.parentId);\n\n await this.folderLevelPermissions.ensureCanAccessFolder({\n permissions: parentPermissions,\n rwd: \"r\"\n });\n } catch (e) {\n if (e instanceof NotAuthorizedError) {\n throw new WError(\n `Cannot move folder to a new parent because you don't have access to the new parent.`,\n \"CANNOT_MOVE_FOLDER_TO_NEW_PARENT\"\n );\n }\n\n // If we didn't receive the expected error, we still want to throw it.\n throw e;\n }\n }\n\n const folder = await this.decoretee.execute(id, params);\n\n return {\n ...folder,\n permissions\n };\n }\n}\n"],"mappings":";;;;;;;AAAA,IAAAA,YAAA,GAAAC,OAAA;AACA,IAAAC,MAAA,GAAAC,sBAAA,CAAAF,OAAA;AAKO,MAAMG,sCAAsC,CAA0B;EAKzEC,WAAWA,CACPC,sBAA8C,EAC9CC,YAAqD,EACrDC,SAAwB,EAC1B;IACE,IAAI,CAACF,sBAAsB,GAAGA,sBAAsB;IACpD,IAAI,CAACC,YAAY,GAAGA,YAAY;IAChC,IAAI,CAACC,SAAS,GAAGA,SAAS;EAC9B;EAEA,MAAMC,OAAOA,CAACC,EAAU,EAAEC,MAA0B,EAAE;IAClD,MAAMC,QAAQ,GAAG,MAAM,IAAI,CAACL,YAAY,CAAC;MAAEG;IAAG,CAAC,CAAC;IAChD,MAAMG,mBAAmB,GAAG,MAAM,IAAI,CAACP,sBAAsB,CAACQ,yBAAyB,CAACJ,EAAE,CAAC;;IAE3F;IACA,MAAM,IAAI,CAACJ,sBAAsB,CAACS,qBAAqB,CAAC;MACpDC,WAAW,EAAEH,mBAAmB;MAChCI,GAAG,EAAE;IACT,CAAC,CAAC;IAEF,MAAMD,WAAW,GAAG,MAAM,IAAI,CAACV,sBAAsB,CAACY,qBAAqB,CACvEP,MAAM,CAACK,WAAW,IAAI,EAC1B,CAAC;;IAED;IACA,MAAMG,cAAc,GAAG,MAAM,IAAI,CAACb,sBAAsB,CAACc,eAAe,CAAC;MACrEJ,WAAW;MACXC,GAAG,EAAE;IACT,CAAC,CAAC;IAEF,IAAI,CAACE,cAAc,EAAE;MACjB,MAAM,IAAIE,cAAM,CACZ,gEAAgE,EAChE,4BACJ,CAAC;IACL;;IAEA;IACA,IAAIC,KAAK,CAACC,OAAO,CAACZ,MAAM,CAACK,WAAW,CAAC,EAAE;MACnCL,MAAM,CAACK,WAAW,CAACQ,OAAO,CAACC,UAAU,IAAI;QACrC,MAAMC,aAAa,GACfD,UAAU,CAACE,MAAM,CAACC,UAAU,CAAC,QAAQ,CAAC,IAAIH,UAAU,CAACE,MAAM,CAACC,UAAU,CAAC,OAAO,CAAC;QACnF,IAAI,CAACF,aAAa,EAAE;UAChB,MAAM,IAAIG,KAAK,CAAC,sBAAsBJ,UAAU,CAACE,MAAM,iBAAiB,CAAC;QAC7E;QAEA,IAAIF,UAAU,CAACK,aAAa,EAAE;UAC1B,MAAM,IAAID,KAAK,CAAC,oDAAoD,CAAC;QACzE;MACJ,CAAC,CAAC;IACN;;IAEA;IACA,IAAIlB,MAAM,CAACoB,QAAQ,IAAIpB,MAAM,CAACoB,QAAQ,KAAKnB,QAAQ,CAACmB,QAAQ,EAAE;MAC1D,IAAI;QACA;QACA,MAAMC,iBAAiB,GACnB,MAAM,IAAI,CAAC1B,sBAAsB,CAACQ,yBAAyB,CAACH,MAAM,CAACoB,QAAQ,CAAC;QAEhF,MAAM,IAAI,CAACzB,sBAAsB,CAACS,qBAAqB,CAAC;UACpDC,WAAW,EAAEgB,iBAAiB;UAC9Bf,GAAG,EAAE;QACT,CAAC,CAAC;MACN,CAAC,CAAC,OAAOgB,CAAC,EAAE;QACR,IAAIA,CAAC,YAAYC,+BAAkB,EAAE;UACjC,MAAM,IAAIb,cAAM,CACZ,qFAAqF,EACrF,kCACJ,CAAC;QACL;;QAEA;QACA,MAAMY,CAAC;MACX;IACJ;IAEA,MAAME,MAAM,GAAG,MAAM,IAAI,CAAC3B,SAAS,CAACC,OAAO,CAACC,EAAE,EAAEC,MAAM,CAAC;IAEvD,OAAO;MACH,GAAGwB,MAAM;MACTnB;IACJ,CAAC;EACL;AACJ;AAACoB,OAAA,CAAAhC,sCAAA,GAAAA,sCAAA","ignoreList":[]}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@webiny/api-aco",
|
|
3
|
-
"version": "
|
|
3
|
+
"version": "6.0.0-alpha.0",
|
|
4
4
|
"main": "index.js",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"aco:base"
|
|
@@ -22,39 +22,39 @@
|
|
|
22
22
|
"directory": "dist"
|
|
23
23
|
},
|
|
24
24
|
"dependencies": {
|
|
25
|
-
"@webiny/api": "
|
|
26
|
-
"@webiny/api-authentication": "
|
|
27
|
-
"@webiny/api-headless-cms": "
|
|
28
|
-
"@webiny/api-i18n": "
|
|
29
|
-
"@webiny/api-security": "
|
|
30
|
-
"@webiny/api-tenancy": "
|
|
31
|
-
"@webiny/aws-sdk": "
|
|
32
|
-
"@webiny/db-dynamodb": "
|
|
33
|
-
"@webiny/error": "
|
|
34
|
-
"@webiny/handler": "
|
|
35
|
-
"@webiny/handler-graphql": "
|
|
36
|
-
"@webiny/pubsub": "
|
|
37
|
-
"@webiny/shared-aco": "
|
|
38
|
-
"@webiny/tasks": "
|
|
39
|
-
"@webiny/utils": "
|
|
40
|
-
"@webiny/validation": "
|
|
25
|
+
"@webiny/api": "6.0.0-alpha.0",
|
|
26
|
+
"@webiny/api-authentication": "6.0.0-alpha.0",
|
|
27
|
+
"@webiny/api-headless-cms": "6.0.0-alpha.0",
|
|
28
|
+
"@webiny/api-i18n": "6.0.0-alpha.0",
|
|
29
|
+
"@webiny/api-security": "6.0.0-alpha.0",
|
|
30
|
+
"@webiny/api-tenancy": "6.0.0-alpha.0",
|
|
31
|
+
"@webiny/aws-sdk": "6.0.0-alpha.0",
|
|
32
|
+
"@webiny/db-dynamodb": "6.0.0-alpha.0",
|
|
33
|
+
"@webiny/error": "6.0.0-alpha.0",
|
|
34
|
+
"@webiny/handler": "6.0.0-alpha.0",
|
|
35
|
+
"@webiny/handler-graphql": "6.0.0-alpha.0",
|
|
36
|
+
"@webiny/pubsub": "6.0.0-alpha.0",
|
|
37
|
+
"@webiny/shared-aco": "6.0.0-alpha.0",
|
|
38
|
+
"@webiny/tasks": "6.0.0-alpha.0",
|
|
39
|
+
"@webiny/utils": "6.0.0-alpha.0",
|
|
40
|
+
"@webiny/validation": "6.0.0-alpha.0",
|
|
41
41
|
"lodash": "4.17.21"
|
|
42
42
|
},
|
|
43
43
|
"devDependencies": {
|
|
44
|
-
"@webiny/api-admin-users": "
|
|
45
|
-
"@webiny/api-file-manager": "
|
|
46
|
-
"@webiny/api-i18n-ddb": "
|
|
47
|
-
"@webiny/api-security-so-ddb": "
|
|
48
|
-
"@webiny/api-tenancy-so-ddb": "
|
|
49
|
-
"@webiny/api-wcp": "
|
|
50
|
-
"@webiny/handler-aws": "
|
|
51
|
-
"@webiny/plugins": "
|
|
52
|
-
"@webiny/project-utils": "
|
|
53
|
-
"@webiny/wcp": "
|
|
44
|
+
"@webiny/api-admin-users": "6.0.0-alpha.0",
|
|
45
|
+
"@webiny/api-file-manager": "6.0.0-alpha.0",
|
|
46
|
+
"@webiny/api-i18n-ddb": "6.0.0-alpha.0",
|
|
47
|
+
"@webiny/api-security-so-ddb": "6.0.0-alpha.0",
|
|
48
|
+
"@webiny/api-tenancy-so-ddb": "6.0.0-alpha.0",
|
|
49
|
+
"@webiny/api-wcp": "6.0.0-alpha.0",
|
|
50
|
+
"@webiny/handler-aws": "6.0.0-alpha.0",
|
|
51
|
+
"@webiny/plugins": "6.0.0-alpha.0",
|
|
52
|
+
"@webiny/project-utils": "6.0.0-alpha.0",
|
|
53
|
+
"@webiny/wcp": "6.0.0-alpha.0",
|
|
54
54
|
"graphql": "15.9.0",
|
|
55
55
|
"prettier": "2.8.8",
|
|
56
56
|
"rimraf": "6.0.1",
|
|
57
57
|
"typescript": "5.3.3"
|
|
58
58
|
},
|
|
59
|
-
"gitHead": "
|
|
59
|
+
"gitHead": "a5b28fed7a242d8f56712197a8ea83aa6d2ed101"
|
|
60
60
|
}
|
package/utils/resolve.d.ts
CHANGED
|
@@ -1,3 +1,3 @@
|
|
|
1
1
|
import { ErrorResponse, ListResponse, Response } from "@webiny/handler-graphql";
|
|
2
|
-
export declare const resolve: (fn: () => Promise<any>) => Promise<Response<any
|
|
2
|
+
export declare const resolve: (fn: () => Promise<any>) => Promise<ErrorResponse | Response<any>>;
|
|
3
3
|
export declare const resolveList: (fn: () => Promise<any>) => Promise<ErrorResponse | ListResponse<unknown, any>>;
|