@webiny/api-aco 5.43.4 → 5.43.5-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/flp/FolderLevelPermissions/useCases/GetDefaultPermissions/GetDefaultPermissionsWithTeams.js +1 -1
  2. package/flp/FolderLevelPermissions/useCases/GetDefaultPermissions/GetDefaultPermissionsWithTeams.js.map +1 -1
  3. package/package.json +28 -28
  4. package/utils/decorators/ListEntriesFactory.js +2 -2
  5. package/utils/decorators/ListEntriesFactory.js.map +1 -1
package/flp/FolderLevelPermissions/useCases/GetDefaultPermissions/GetDefaultPermissionsWithTeams.js CHANGED
@@ -20,7 +20,7 @@ class GetDefaultPermissionsWithTeams {
20
20
  const identityTeams = (await this.listIdentityTeamsGateway.execute()) ?? [];
21
21
  const permissions = [...originalPermissions]; // Clone the original permissions to avoid mutation.
22
22
 
23
- if (identityTeams.length) {
23
+ if (identity && identityTeams.length) {
24
24
  for (const identityTeam of identityTeams) {
25
25
  // Check if the team has permissions for the folder.
26
26
  const teamPermission = permissions.find(p => p.target === `team:${identityTeam.id}`);
package/flp/FolderLevelPermissions/useCases/GetDefaultPermissions/GetDefaultPermissionsWithTeams.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["GetDefaultPermissionsWithTeams","constructor","getIdentityGateway","listIdentityTeamsGateway","decoretee","execute","originalPermissions","identity","identityTeams","permissions","length","identityTeam","teamPermission","find","p","target","id","push","level","inheritedFrom","exports"],"sources":["GetDefaultPermissionsWithTeams.ts"],"sourcesContent":["import type { IGetDefaultPermissions } from \"./IGetDefaultPermissions\";\nimport type {\n IGetIdentityGateway,\n IListIdentityTeamsGateway\n} from \"~/flp/FolderLevelPermissions/gateways\";\nimport type { FolderPermission } from \"~/flp/flp.types\";\nimport { Team } from \"@webiny/api-security/types\";\n\nexport class GetDefaultPermissionsWithTeams implements IGetDefaultPermissions {\n private getIdentityGateway: IGetIdentityGateway;\n private listIdentityTeamsGateway: IListIdentityTeamsGateway;\n private decoretee: IGetDefaultPermissions;\n\n constructor(\n getIdentityGateway: IGetIdentityGateway,\n listIdentityTeamsGateway: IListIdentityTeamsGateway,\n decoretee: IGetDefaultPermissions\n ) {\n this.getIdentityGateway = getIdentityGateway;\n this.listIdentityTeamsGateway = listIdentityTeamsGateway;\n this.decoretee = decoretee;\n }\n\n async execute(originalPermissions: FolderPermission[]) {\n /**\n * Retrieves the list of teams the current identity belongs to and checks if any of these teams\n * have permissions for the folder. If a team has permissions, the current identity is granted\n * the same permissions, inheriting them from the team.\n */\n const identity = this.getIdentityGateway.execute();\n const identityTeams: Team[] = (await this.listIdentityTeamsGateway.execute()) ?? [];\n\n const permissions = [...originalPermissions]; // Clone the original permissions to avoid mutation.\n\n if (identityTeams.length) {\n for (const identityTeam of identityTeams) {\n // Check if the team has permissions for the folder.\n const teamPermission = permissions.find(\n p => p.target === `team:${identityTeam.id}`\n );\n\n if (teamPermission) {\n // Grant the current identity the same permissions as the team, marking them as inherited.\n permissions.push({\n target: `admin:${identity.id}`,\n level: teamPermission.level,\n inheritedFrom: \"team:\" + identityTeam.id\n });\n }\n }\n }\n\n return await this.decoretee.execute(permissions);\n }\n}\n"],"mappings":";;;;;;AAQO,MAAMA,8BAA8B,CAAmC;EAK1EC,WAAWA,CACPC,kBAAuC,EACvCC,wBAAmD,EACnDC,SAAiC,EACnC;IACE,IAAI,CAACF,kBAAkB,GAAGA,kBAAkB;IAC5C,IAAI,CAACC,wBAAwB,GAAGA,wBAAwB;IACxD,IAAI,CAACC,SAAS,GAAGA,SAAS;EAC9B;EAEA,MAAMC,OAAOA,CAACC,mBAAuC,EAAE;IACnD;AACR;AACA;AACA;AACA;IACQ,MAAMC,QAAQ,GAAG,IAAI,CAACL,kBAAkB,CAACG,OAAO,CAAC,CAAC;IAClD,MAAMG,aAAqB,GAAG,CAAC,MAAM,IAAI,CAACL,wBAAwB,CAACE,OAAO,CAAC,CAAC,KAAK,EAAE;IAEnF,MAAMI,WAAW,GAAG,CAAC,GAAGH,mBAAmB,CAAC,CAAC,CAAC;;IAE9C,IAAIE,aAAa,CAACE,MAAM,EAAE;MACtB,KAAK,MAAMC,YAAY,IAAIH,aAAa,EAAE;QACtC;QACA,MAAMI,cAAc,GAAGH,WAAW,CAACI,IAAI,CACnCC,CAAC,IAAIA,CAAC,CAACC,MAAM,KAAK,QAAQJ,YAAY,CAACK,EAAE,EAC7C,CAAC;QAED,IAAIJ,cAAc,EAAE;UAChB;UACAH,WAAW,CAACQ,IAAI,CAAC;YACbF,MAAM,EAAE,SAASR,QAAQ,CAACS,EAAE,EAAE;YAC9BE,KAAK,EAAEN,cAAc,CAACM,KAAK;YAC3BC,aAAa,EAAE,OAAO,GAAGR,YAAY,CAACK;UAC1C,CAAC,CAAC;QACN;MACJ;IACJ;IAEA,OAAO,MAAM,IAAI,CAACZ,SAAS,CAACC,OAAO,CAACI,WAAW,CAAC;EACpD;AACJ;AAACW,OAAA,CAAApB,8BAAA,GAAAA,8BAAA","ignoreList":[]}
1
+ {"version":3,"names":["GetDefaultPermissionsWithTeams","constructor","getIdentityGateway","listIdentityTeamsGateway","decoretee","execute","originalPermissions","identity","identityTeams","permissions","length","identityTeam","teamPermission","find","p","target","id","push","level","inheritedFrom","exports"],"sources":["GetDefaultPermissionsWithTeams.ts"],"sourcesContent":["import type { IGetDefaultPermissions } from \"./IGetDefaultPermissions\";\nimport type {\n IGetIdentityGateway,\n IListIdentityTeamsGateway\n} from \"~/flp/FolderLevelPermissions/gateways\";\nimport type { FolderPermission } from \"~/flp/flp.types\";\nimport { Team } from \"@webiny/api-security/types\";\n\nexport class GetDefaultPermissionsWithTeams implements IGetDefaultPermissions {\n private getIdentityGateway: IGetIdentityGateway;\n private listIdentityTeamsGateway: IListIdentityTeamsGateway;\n private decoretee: IGetDefaultPermissions;\n\n constructor(\n getIdentityGateway: IGetIdentityGateway,\n listIdentityTeamsGateway: IListIdentityTeamsGateway,\n decoretee: IGetDefaultPermissions\n ) {\n this.getIdentityGateway = getIdentityGateway;\n this.listIdentityTeamsGateway = listIdentityTeamsGateway;\n this.decoretee = decoretee;\n }\n\n async execute(originalPermissions: FolderPermission[]) {\n /**\n * Retrieves the list of teams the current identity belongs to and checks if any of these teams\n * have permissions for the folder. If a team has permissions, the current identity is granted\n * the same permissions, inheriting them from the team.\n */\n const identity = this.getIdentityGateway.execute();\n const identityTeams: Team[] = (await this.listIdentityTeamsGateway.execute()) ?? [];\n\n const permissions = [...originalPermissions]; // Clone the original permissions to avoid mutation.\n\n if (identity && identityTeams.length) {\n for (const identityTeam of identityTeams) {\n // Check if the team has permissions for the folder.\n const teamPermission = permissions.find(\n p => p.target === `team:${identityTeam.id}`\n );\n\n if (teamPermission) {\n // Grant the current identity the same permissions as the team, marking them as inherited.\n permissions.push({\n target: `admin:${identity.id}`,\n level: teamPermission.level,\n inheritedFrom: \"team:\" + identityTeam.id\n });\n }\n }\n }\n\n return await this.decoretee.execute(permissions);\n }\n}\n"],"mappings":";;;;;;AAQO,MAAMA,8BAA8B,CAAmC;EAK1EC,WAAWA,CACPC,kBAAuC,EACvCC,wBAAmD,EACnDC,SAAiC,EACnC;IACE,IAAI,CAACF,kBAAkB,GAAGA,kBAAkB;IAC5C,IAAI,CAACC,wBAAwB,GAAGA,wBAAwB;IACxD,IAAI,CAACC,SAAS,GAAGA,SAAS;EAC9B;EAEA,MAAMC,OAAOA,CAACC,mBAAuC,EAAE;IACnD;AACR;AACA;AACA;AACA;IACQ,MAAMC,QAAQ,GAAG,IAAI,CAACL,kBAAkB,CAACG,OAAO,CAAC,CAAC;IAClD,MAAMG,aAAqB,GAAG,CAAC,MAAM,IAAI,CAACL,wBAAwB,CAACE,OAAO,CAAC,CAAC,KAAK,EAAE;IAEnF,MAAMI,WAAW,GAAG,CAAC,GAAGH,mBAAmB,CAAC,CAAC,CAAC;;IAE9C,IAAIC,QAAQ,IAAIC,aAAa,CAACE,MAAM,EAAE;MAClC,KAAK,MAAMC,YAAY,IAAIH,aAAa,EAAE;QACtC;QACA,MAAMI,cAAc,GAAGH,WAAW,CAACI,IAAI,CACnCC,CAAC,IAAIA,CAAC,CAACC,MAAM,KAAK,QAAQJ,YAAY,CAACK,EAAE,EAC7C,CAAC;QAED,IAAIJ,cAAc,EAAE;UAChB;UACAH,WAAW,CAACQ,IAAI,CAAC;YACbF,MAAM,EAAE,SAASR,QAAQ,CAACS,EAAE,EAAE;YAC9BE,KAAK,EAAEN,cAAc,CAACM,KAAK;YAC3BC,aAAa,EAAE,OAAO,GAAGR,YAAY,CAACK;UAC1C,CAAC,CAAC;QACN;MACJ;IACJ;IAEA,OAAO,MAAM,IAAI,CAACZ,SAAS,CAACC,OAAO,CAACI,WAAW,CAAC;EACpD;AACJ;AAACW,OAAA,CAAApB,8BAAA,GAAAA,8BAAA","ignoreList":[]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@webiny/api-aco",
3
- "version": "5.43.4",
3
+ "version": "5.43.5-beta.1",
4
4
  "main": "index.js",
5
5
  "keywords": [
6
6
  "aco:base"
@@ -22,39 +22,39 @@
22
22
  "directory": "dist"
23
23
  },
24
24
  "dependencies": {
25
- "@webiny/api": "5.43.4",
26
- "@webiny/api-authentication": "5.43.4",
27
- "@webiny/api-headless-cms": "5.43.4",
28
- "@webiny/api-i18n": "5.43.4",
29
- "@webiny/api-security": "5.43.4",
30
- "@webiny/api-tenancy": "5.43.4",
31
- "@webiny/aws-sdk": "5.43.4",
32
- "@webiny/db-dynamodb": "5.43.4",
33
- "@webiny/error": "5.43.4",
34
- "@webiny/handler": "5.43.4",
35
- "@webiny/handler-graphql": "5.43.4",
36
- "@webiny/pubsub": "5.43.4",
37
- "@webiny/shared-aco": "5.43.4",
38
- "@webiny/tasks": "5.43.4",
39
- "@webiny/utils": "5.43.4",
40
- "@webiny/validation": "5.43.4",
25
+ "@webiny/api": "5.43.5-beta.1",
26
+ "@webiny/api-authentication": "5.43.5-beta.1",
27
+ "@webiny/api-headless-cms": "5.43.5-beta.1",
28
+ "@webiny/api-i18n": "5.43.5-beta.1",
29
+ "@webiny/api-security": "5.43.5-beta.1",
30
+ "@webiny/api-tenancy": "5.43.5-beta.1",
31
+ "@webiny/aws-sdk": "5.43.5-beta.1",
32
+ "@webiny/db-dynamodb": "5.43.5-beta.1",
33
+ "@webiny/error": "5.43.5-beta.1",
34
+ "@webiny/handler": "5.43.5-beta.1",
35
+ "@webiny/handler-graphql": "5.43.5-beta.1",
36
+ "@webiny/pubsub": "5.43.5-beta.1",
37
+ "@webiny/shared-aco": "5.43.5-beta.1",
38
+ "@webiny/tasks": "5.43.5-beta.1",
39
+ "@webiny/utils": "5.43.5-beta.1",
40
+ "@webiny/validation": "5.43.5-beta.1",
41
41
  "lodash": "4.17.21"
42
42
  },
43
43
  "devDependencies": {
44
- "@webiny/api-admin-users": "5.43.4",
45
- "@webiny/api-file-manager": "5.43.4",
46
- "@webiny/api-i18n-ddb": "5.43.4",
47
- "@webiny/api-security-so-ddb": "5.43.4",
48
- "@webiny/api-tenancy-so-ddb": "5.43.4",
49
- "@webiny/api-wcp": "5.43.4",
50
- "@webiny/handler-aws": "5.43.4",
51
- "@webiny/plugins": "5.43.4",
52
- "@webiny/project-utils": "5.43.4",
53
- "@webiny/wcp": "5.43.4",
44
+ "@webiny/api-admin-users": "5.43.5-beta.1",
45
+ "@webiny/api-file-manager": "5.43.5-beta.1",
46
+ "@webiny/api-i18n-ddb": "5.43.5-beta.1",
47
+ "@webiny/api-security-so-ddb": "5.43.5-beta.1",
48
+ "@webiny/api-tenancy-so-ddb": "5.43.5-beta.1",
49
+ "@webiny/api-wcp": "5.43.5-beta.1",
50
+ "@webiny/handler-aws": "5.43.5-beta.1",
51
+ "@webiny/plugins": "5.43.5-beta.1",
52
+ "@webiny/project-utils": "5.43.5-beta.1",
53
+ "@webiny/wcp": "5.43.5-beta.1",
54
54
  "graphql": "15.9.0",
55
55
  "prettier": "2.8.8",
56
56
  "rimraf": "6.0.1",
57
57
  "typescript": "5.3.3"
58
58
  },
59
- "gitHead": "3db1bdbd80b3d7721a159f0e032c357d57c25b9d"
59
+ "gitHead": "14be514b21ee0029c2a3f2a5ca6ac119e29ca12b"
60
60
  }
package/utils/decorators/ListEntriesFactory.js CHANGED
@@ -26,8 +26,8 @@ class ListEntriesFactory {
26
26
  where
27
27
  });
28
28
 
29
- // If we're querying the root folder, skip permission checks
30
- if (hasRootFolder) {
29
+ // If FLP should be skipped, or we're querying the root folder, skip permission checks
30
+ if (!this.folderLevelPermissions.canUseFolderLevelPermissions() || hasRootFolder) {
31
31
  return await decoratee(model, params);
32
32
  }
33
33
  const resultEntries = [];
package/utils/decorators/ListEntriesFactory.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"names":["_hasRootFolderId","require","ListEntriesFactory","constructor","folderLevelPermissions","permissionsCache","Map","execute","decoratee","model","initialParams","limit","where","params","hasRootFolder","hasRootFolderId","resultEntries","totalCount","hasMoreItems","cursor","fetchedAll","afterCursor","after","queryParams","entries","currentMeta","entry","folderId","values","location","push","permissions","getPermissions","length","canAccessFolderContent","rwd","has","get","getFolderLevelPermissions","set","exports"],"sources":["ListEntriesFactory.ts"],"sourcesContent":["import { FolderLevelPermissions } from \"~/flp\";\nimport {\n CmsEntry,\n CmsEntryListParams,\n CmsEntryMeta,\n CmsEntryValues,\n type CmsModel\n} from \"@webiny/api-headless-cms/types\";\nimport { hasRootFolderId } from \"~/utils/decorators/hasRootFolderId\";\nimport type { FolderPermission } from \"~/flp/flp.types\";\n\ninterface ListEntriesFactoryCallbackParams {\n decoratee: <T extends CmsEntryValues = CmsEntryValues>(\n model: CmsModel,\n params: CmsEntryListParams\n ) => Promise<[CmsEntry<T>[], CmsEntryMeta]>;\n model: CmsModel;\n initialParams?: CmsEntryListParams;\n}\n\nexport class ListEntriesFactory {\n private readonly folderLevelPermissions: FolderLevelPermissions;\n private readonly permissionsCache: Map<string, FolderPermission[]>;\n\n constructor(folderLevelPermissions: FolderLevelPermissions) {\n this.folderLevelPermissions = folderLevelPermissions;\n this.permissionsCache = new Map();\n }\n\n public async execute({\n decoratee,\n model,\n initialParams = {}\n }: ListEntriesFactoryCallbackParams): Promise<[CmsEntry[], CmsEntryMeta]> {\n const limit = initialParams?.limit || 50;\n const where = initialParams?.where;\n const params = { ...initialParams, limit };\n const hasRootFolder = hasRootFolderId({ model, where });\n\n // If we're querying the root folder, skip permission checks\n if (hasRootFolder) {\n return await decoratee(model, params);\n }\n\n const resultEntries: CmsEntry[] = [];\n let totalCount = 0;\n let hasMoreItems = true;\n let cursor: string | null = null;\n let fetchedAll = false;\n let afterCursor = params.after;\n\n // Process entries in batches until we have enough results or reach the end\n while (!fetchedAll) {\n const queryParams: CmsEntryListParams = { ...params, after: afterCursor };\n const [entries, currentMeta] = await decoratee(model, queryParams);\n\n if (totalCount === 0) {\n totalCount = currentMeta.totalCount;\n }\n\n // Process each entry and check folder permissions\n for (const entry of entries) {\n const folderId = entry.values?.location?.folderId || entry.location?.folderId;\n\n // If entry has no folderId, it's not using ACO folders system\n // Include it in results as it's not subject to folder permissions\n if (!folderId) {\n resultEntries.push(entry);\n continue;\n }\n\n const permissions = await this.getPermissions(folderId);\n\n // If no FLP exists for the folder, the entry is accessible\n // This means the folder doesn't have any permission restrictions\n if (!permissions.length) {\n resultEntries.push(entry);\n continue;\n }\n\n // Check if user has read permission for the folder\n if (\n await this.folderLevelPermissions.canAccessFolderContent({\n permissions,\n rwd: \"r\"\n })\n ) {\n resultEntries.push(entry);\n } else {\n totalCount--;\n }\n }\n\n // Determine if we need to fetch more entries\n if (!currentMeta.hasMoreItems || resultEntries.length >= limit) {\n fetchedAll = true;\n hasMoreItems = currentMeta.hasMoreItems;\n cursor = currentMeta.cursor;\n } else {\n afterCursor = currentMeta.cursor;\n }\n }\n\n return [resultEntries, { totalCount, hasMoreItems, cursor } as CmsEntryMeta];\n }\n\n private async getPermissions(folderId: string): Promise<FolderPermission[]> {\n if (this.permissionsCache.has(folderId)) {\n return this.permissionsCache.get(folderId) ?? [];\n }\n\n const permissions = await this.folderLevelPermissions.getFolderLevelPermissions(folderId);\n this.permissionsCache.set(folderId, permissions);\n return permissions;\n }\n}\n"],"mappings":";;;;;;AAQA,IAAAA,gBAAA,GAAAC,OAAA;AAYO,MAAMC,kBAAkB,CAAC;EAI5BC,WAAWA,CAACC,sBAA8C,EAAE;IACxD,IAAI,CAACA,sBAAsB,GAAGA,sBAAsB;IACpD,IAAI,CAACC,gBAAgB,GAAG,IAAIC,GAAG,CAAC,CAAC;EACrC;EAEA,MAAaC,OAAOA,CAAC;IACjBC,SAAS;IACTC,KAAK;IACLC,aAAa,GAAG,CAAC;EACa,CAAC,EAAuC;IACtE,MAAMC,KAAK,GAAGD,aAAa,EAAEC,KAAK,IAAI,EAAE;IACxC,MAAMC,KAAK,GAAGF,aAAa,EAAEE,KAAK;IAClC,MAAMC,MAAM,GAAG;MAAE,GAAGH,aAAa;MAAEC;IAAM,CAAC;IAC1C,MAAMG,aAAa,GAAG,IAAAC,gCAAe,EAAC;MAAEN,KAAK;MAAEG;IAAM,CAAC,CAAC;;IAEvD;IACA,IAAIE,aAAa,EAAE;MACf,OAAO,MAAMN,SAAS,CAACC,KAAK,EAAEI,MAAM,CAAC;IACzC;IAEA,MAAMG,aAAyB,GAAG,EAAE;IACpC,IAAIC,UAAU,GAAG,CAAC;IAClB,IAAIC,YAAY,GAAG,IAAI;IACvB,IAAIC,MAAqB,GAAG,IAAI;IAChC,IAAIC,UAAU,GAAG,KAAK;IACtB,IAAIC,WAAW,GAAGR,MAAM,CAACS,KAAK;;IAE9B;IACA,OAAO,CAACF,UAAU,EAAE;MAChB,MAAMG,WAA+B,GAAG;QAAE,GAAGV,MAAM;QAAES,KAAK,EAAED;MAAY,CAAC;MACzE,MAAM,CAACG,OAAO,EAAEC,WAAW,CAAC,GAAG,MAAMjB,SAAS,CAACC,KAAK,EAAEc,WAAW,CAAC;MAElE,IAAIN,UAAU,KAAK,CAAC,EAAE;QAClBA,UAAU,GAAGQ,WAAW,CAACR,UAAU;MACvC;;MAEA;MACA,KAAK,MAAMS,KAAK,IAAIF,OAAO,EAAE;QACzB,MAAMG,QAAQ,GAAGD,KAAK,CAACE,MAAM,EAAEC,QAAQ,EAAEF,QAAQ,IAAID,KAAK,CAACG,QAAQ,EAAEF,QAAQ;;QAE7E;QACA;QACA,IAAI,CAACA,QAAQ,EAAE;UACXX,aAAa,CAACc,IAAI,CAACJ,KAAK,CAAC;UACzB;QACJ;QAEA,MAAMK,WAAW,GAAG,MAAM,IAAI,CAACC,cAAc,CAACL,QAAQ,CAAC;;QAEvD;QACA;QACA,IAAI,CAACI,WAAW,CAACE,MAAM,EAAE;UACrBjB,aAAa,CAACc,IAAI,CAACJ,KAAK,CAAC;UACzB;QACJ;;QAEA;QACA,IACI,MAAM,IAAI,CAACtB,sBAAsB,CAAC8B,sBAAsB,CAAC;UACrDH,WAAW;UACXI,GAAG,EAAE;QACT,CAAC,CAAC,EACJ;UACEnB,aAAa,CAACc,IAAI,CAACJ,KAAK,CAAC;QAC7B,CAAC,MAAM;UACHT,UAAU,EAAE;QAChB;MACJ;;MAEA;MACA,IAAI,CAACQ,WAAW,CAACP,YAAY,IAAIF,aAAa,CAACiB,MAAM,IAAItB,KAAK,EAAE;QAC5DS,UAAU,GAAG,IAAI;QACjBF,YAAY,GAAGO,WAAW,CAACP,YAAY;QACvCC,MAAM,GAAGM,WAAW,CAACN,MAAM;MAC/B,CAAC,MAAM;QACHE,WAAW,GAAGI,WAAW,CAACN,MAAM;MACpC;IACJ;IAEA,OAAO,CAACH,aAAa,EAAE;MAAEC,UAAU;MAAEC,YAAY;MAAEC;IAAO,CAAC,CAAiB;EAChF;EAEA,MAAca,cAAcA,CAACL,QAAgB,EAA+B;IACxE,IAAI,IAAI,CAACtB,gBAAgB,CAAC+B,GAAG,CAACT,QAAQ,CAAC,EAAE;MACrC,OAAO,IAAI,CAACtB,gBAAgB,CAACgC,GAAG,CAACV,QAAQ,CAAC,IAAI,EAAE;IACpD;IAEA,MAAMI,WAAW,GAAG,MAAM,IAAI,CAAC3B,sBAAsB,CAACkC,yBAAyB,CAACX,QAAQ,CAAC;IACzF,IAAI,CAACtB,gBAAgB,CAACkC,GAAG,CAACZ,QAAQ,EAAEI,WAAW,CAAC;IAChD,OAAOA,WAAW;EACtB;AACJ;AAACS,OAAA,CAAAtC,kBAAA,GAAAA,kBAAA","ignoreList":[]}
1
+ {"version":3,"names":["_hasRootFolderId","require","ListEntriesFactory","constructor","folderLevelPermissions","permissionsCache","Map","execute","decoratee","model","initialParams","limit","where","params","hasRootFolder","hasRootFolderId","canUseFolderLevelPermissions","resultEntries","totalCount","hasMoreItems","cursor","fetchedAll","afterCursor","after","queryParams","entries","currentMeta","entry","folderId","values","location","push","permissions","getPermissions","length","canAccessFolderContent","rwd","has","get","getFolderLevelPermissions","set","exports"],"sources":["ListEntriesFactory.ts"],"sourcesContent":["import { FolderLevelPermissions } from \"~/flp\";\nimport {\n CmsEntry,\n CmsEntryListParams,\n CmsEntryMeta,\n CmsEntryValues,\n type CmsModel\n} from \"@webiny/api-headless-cms/types\";\nimport { hasRootFolderId } from \"~/utils/decorators/hasRootFolderId\";\nimport type { FolderPermission } from \"~/flp/flp.types\";\n\ninterface ListEntriesFactoryCallbackParams {\n decoratee: <T extends CmsEntryValues = CmsEntryValues>(\n model: CmsModel,\n params: CmsEntryListParams\n ) => Promise<[CmsEntry<T>[], CmsEntryMeta]>;\n model: CmsModel;\n initialParams?: CmsEntryListParams;\n}\n\nexport class ListEntriesFactory {\n private readonly folderLevelPermissions: FolderLevelPermissions;\n private readonly permissionsCache: Map<string, FolderPermission[]>;\n\n constructor(folderLevelPermissions: FolderLevelPermissions) {\n this.folderLevelPermissions = folderLevelPermissions;\n this.permissionsCache = new Map();\n }\n\n public async execute({\n decoratee,\n model,\n initialParams = {}\n }: ListEntriesFactoryCallbackParams): Promise<[CmsEntry[], CmsEntryMeta]> {\n const limit = initialParams?.limit || 50;\n const where = initialParams?.where;\n const params = { ...initialParams, limit };\n const hasRootFolder = hasRootFolderId({ model, where });\n\n // If FLP should be skipped, or we're querying the root folder, skip permission checks\n if (!this.folderLevelPermissions.canUseFolderLevelPermissions() || hasRootFolder) {\n return await decoratee(model, params);\n }\n\n const resultEntries: CmsEntry[] = [];\n let totalCount = 0;\n let hasMoreItems = true;\n let cursor: string | null = null;\n let fetchedAll = false;\n let afterCursor = params.after;\n\n // Process entries in batches until we have enough results or reach the end\n while (!fetchedAll) {\n const queryParams: CmsEntryListParams = { ...params, after: afterCursor };\n const [entries, currentMeta] = await decoratee(model, queryParams);\n\n if (totalCount === 0) {\n totalCount = currentMeta.totalCount;\n }\n\n // Process each entry and check folder permissions\n for (const entry of entries) {\n const folderId = entry.values?.location?.folderId || entry.location?.folderId;\n\n // If entry has no folderId, it's not using ACO folders system\n // Include it in results as it's not subject to folder permissions\n if (!folderId) {\n resultEntries.push(entry);\n continue;\n }\n\n const permissions = await this.getPermissions(folderId);\n\n // If no FLP exists for the folder, the entry is accessible\n // This means the folder doesn't have any permission restrictions\n if (!permissions.length) {\n resultEntries.push(entry);\n continue;\n }\n\n // Check if user has read permission for the folder\n if (\n await this.folderLevelPermissions.canAccessFolderContent({\n permissions,\n rwd: \"r\"\n })\n ) {\n resultEntries.push(entry);\n } else {\n totalCount--;\n }\n }\n\n // Determine if we need to fetch more entries\n if (!currentMeta.hasMoreItems || resultEntries.length >= limit) {\n fetchedAll = true;\n hasMoreItems = currentMeta.hasMoreItems;\n cursor = currentMeta.cursor;\n } else {\n afterCursor = currentMeta.cursor;\n }\n }\n\n return [resultEntries, { totalCount, hasMoreItems, cursor } as CmsEntryMeta];\n }\n\n private async getPermissions(folderId: string): Promise<FolderPermission[]> {\n if (this.permissionsCache.has(folderId)) {\n return this.permissionsCache.get(folderId) ?? [];\n }\n\n const permissions = await this.folderLevelPermissions.getFolderLevelPermissions(folderId);\n this.permissionsCache.set(folderId, permissions);\n return permissions;\n }\n}\n"],"mappings":";;;;;;AAQA,IAAAA,gBAAA,GAAAC,OAAA;AAYO,MAAMC,kBAAkB,CAAC;EAI5BC,WAAWA,CAACC,sBAA8C,EAAE;IACxD,IAAI,CAACA,sBAAsB,GAAGA,sBAAsB;IACpD,IAAI,CAACC,gBAAgB,GAAG,IAAIC,GAAG,CAAC,CAAC;EACrC;EAEA,MAAaC,OAAOA,CAAC;IACjBC,SAAS;IACTC,KAAK;IACLC,aAAa,GAAG,CAAC;EACa,CAAC,EAAuC;IACtE,MAAMC,KAAK,GAAGD,aAAa,EAAEC,KAAK,IAAI,EAAE;IACxC,MAAMC,KAAK,GAAGF,aAAa,EAAEE,KAAK;IAClC,MAAMC,MAAM,GAAG;MAAE,GAAGH,aAAa;MAAEC;IAAM,CAAC;IAC1C,MAAMG,aAAa,GAAG,IAAAC,gCAAe,EAAC;MAAEN,KAAK;MAAEG;IAAM,CAAC,CAAC;;IAEvD;IACA,IAAI,CAAC,IAAI,CAACR,sBAAsB,CAACY,4BAA4B,CAAC,CAAC,IAAIF,aAAa,EAAE;MAC9E,OAAO,MAAMN,SAAS,CAACC,KAAK,EAAEI,MAAM,CAAC;IACzC;IAEA,MAAMI,aAAyB,GAAG,EAAE;IACpC,IAAIC,UAAU,GAAG,CAAC;IAClB,IAAIC,YAAY,GAAG,IAAI;IACvB,IAAIC,MAAqB,GAAG,IAAI;IAChC,IAAIC,UAAU,GAAG,KAAK;IACtB,IAAIC,WAAW,GAAGT,MAAM,CAACU,KAAK;;IAE9B;IACA,OAAO,CAACF,UAAU,EAAE;MAChB,MAAMG,WAA+B,GAAG;QAAE,GAAGX,MAAM;QAAEU,KAAK,EAAED;MAAY,CAAC;MACzE,MAAM,CAACG,OAAO,EAAEC,WAAW,CAAC,GAAG,MAAMlB,SAAS,CAACC,KAAK,EAAEe,WAAW,CAAC;MAElE,IAAIN,UAAU,KAAK,CAAC,EAAE;QAClBA,UAAU,GAAGQ,WAAW,CAACR,UAAU;MACvC;;MAEA;MACA,KAAK,MAAMS,KAAK,IAAIF,OAAO,EAAE;QACzB,MAAMG,QAAQ,GAAGD,KAAK,CAACE,MAAM,EAAEC,QAAQ,EAAEF,QAAQ,IAAID,KAAK,CAACG,QAAQ,EAAEF,QAAQ;;QAE7E;QACA;QACA,IAAI,CAACA,QAAQ,EAAE;UACXX,aAAa,CAACc,IAAI,CAACJ,KAAK,CAAC;UACzB;QACJ;QAEA,MAAMK,WAAW,GAAG,MAAM,IAAI,CAACC,cAAc,CAACL,QAAQ,CAAC;;QAEvD;QACA;QACA,IAAI,CAACI,WAAW,CAACE,MAAM,EAAE;UACrBjB,aAAa,CAACc,IAAI,CAACJ,KAAK,CAAC;UACzB;QACJ;;QAEA;QACA,IACI,MAAM,IAAI,CAACvB,sBAAsB,CAAC+B,sBAAsB,CAAC;UACrDH,WAAW;UACXI,GAAG,EAAE;QACT,CAAC,CAAC,EACJ;UACEnB,aAAa,CAACc,IAAI,CAACJ,KAAK,CAAC;QAC7B,CAAC,MAAM;UACHT,UAAU,EAAE;QAChB;MACJ;;MAEA;MACA,IAAI,CAACQ,WAAW,CAACP,YAAY,IAAIF,aAAa,CAACiB,MAAM,IAAIvB,KAAK,EAAE;QAC5DU,UAAU,GAAG,IAAI;QACjBF,YAAY,GAAGO,WAAW,CAACP,YAAY;QACvCC,MAAM,GAAGM,WAAW,CAACN,MAAM;MAC/B,CAAC,MAAM;QACHE,WAAW,GAAGI,WAAW,CAACN,MAAM;MACpC;IACJ;IAEA,OAAO,CAACH,aAAa,EAAE;MAAEC,UAAU;MAAEC,YAAY;MAAEC;IAAO,CAAC,CAAiB;EAChF;EAEA,MAAca,cAAcA,CAACL,QAAgB,EAA+B;IACxE,IAAI,IAAI,CAACvB,gBAAgB,CAACgC,GAAG,CAACT,QAAQ,CAAC,EAAE;MACrC,OAAO,IAAI,CAACvB,gBAAgB,CAACiC,GAAG,CAACV,QAAQ,CAAC,IAAI,EAAE;IACpD;IAEA,MAAMI,WAAW,GAAG,MAAM,IAAI,CAAC5B,sBAAsB,CAACmC,yBAAyB,CAACX,QAAQ,CAAC;IACzF,IAAI,CAACvB,gBAAgB,CAACmC,GAAG,CAACZ,QAAQ,EAAEI,WAAW,CAAC;IAChD,OAAOA,WAAW;EACtB;AACJ;AAACS,OAAA,CAAAvC,kBAAA,GAAAA,kBAAA","ignoreList":[]}