@webiny/api-aco 6.3.0 → 6.4.0-beta.1

package/features/flp/FolderLevelPermissions/FolderLevelPermissions.js.map

@@ -1 +1 @@
-{"version":3,"names":["createImplementation","IdentityContext","WcpContext","ListUserTeamsUseCase","NotAuthorizedError","CanAccessFolder","CanAccessFolderContent","CanCreateFolderInRoot","CheckNotInheritedPermissions","GetDefaultPermissions","GetDefaultPermissionsWithTeams","FolderLevelPermissions","FolderLevelPermissionsAbstraction","ListFlpsUseCase","GetFlpUseCase","FolderLevelPermissionsImpl","constructor","identityContext","wcpContext","listUserTeamsUseCase","getFlpUseCase","listFlpsUseCase","canUseFolderLevelPermissions","enabled","identity","getIdentity","type","canUseTeams","canCreateFolderInRoot","canCreateFolderInRootUseCase","execute","permissionsIncludeNonInheritedPermissions","permissions","checkNotInheritedPermissionsUseCase","canAccessFolder","params","isAuthorizationEnabled","canAccessFolderUseCase","canAccessFolderContent","canUseFlp","authEnabled","canAccessFolderContentUseCase","ensureCanAccessFolder","result","ensureCanAccessFolderContent","canManageFolderContent","flp","rwd","canManageFolderStructure","canManageFolderPermissions","managePermissions","getDefaultPermissions","getDefaultPermissionsUseCase","getDefaultPermissionsWithTeams","listFolderLevelPermissions","flps","Promise","all","map","id","getFolderLevelPermissions","abstraction","implementation","dependencies"],"sources":["FolderLevelPermissions.ts"],"sourcesContent":["import { createImplementation } from \"@webiny/di\";\nimport { IdentityContext } from \"@webiny/api-core/features/security/IdentityContext/index.js\";\nimport { WcpContext } from \"@webiny/api-core/features/wcp/WcpContext/index.js\";\nimport { ListUserTeamsUseCase } from \"@webiny/api-core/features/users/ListUserTeams/index.js\";\nimport { NotAuthorizedError } from \"@webiny/api-core/features/security/shared/index.js\";\nimport {\n    CanAccessFolder,\n    CanAccessFolderContent,\n    type CanAccessFolderContentParams,\n    type CanAccessFolderParams,\n    CanCreateFolderInRoot,\n    CheckNotInheritedPermissions,\n    GetDefaultPermissions,\n    GetDefaultPermissionsWithTeams\n} from \"./useCases/index.js\";\nimport { FolderLevelPermissions as FolderLevelPermissionsAbstraction } from \"./abstractions.js\";\nimport type { FolderLevelPermission, FolderPermission, ListFlpsParams } from \"~/types.js\";\nimport { ListFlpsUseCase } from \"~/features/flp/ListFlps/index.js\";\nimport { GetFlpUseCase } from \"~/features/flp/GetFlp/index.js\";\n\nclass FolderLevelPermissionsImpl implements FolderLevelPermissionsAbstraction.Interface {\n    constructor(\n        private identityContext: IdentityContext.Interface,\n        private wcpContext: WcpContext.Interface,\n        private listUserTeamsUseCase: ListUserTeamsUseCase.Interface,\n        private getFlpUseCase: GetFlpUseCase.Interface,\n        private listFlpsUseCase: ListFlpsUseCase.Interface\n    ) {}\n\n    public canUseFolderLevelPermissions(enabled?: boolean): boolean {\n        if (enabled === false) {\n            return false;\n        }\n\n        const identity = this.identityContext.getIdentity();\n\n        // FLPs only work with authenticated identities (logged-in users).\n        if (!identity) {\n            return false;\n        }\n\n        // At the moment, we only want FLP to be used with identities of type \"admin\".\n        // This temporarily addresses the issue of API keys not being able to access content, because\n        // FLPs doesn't work with them. Once we start adding FLPs to API keys, we can remove this check.\n        if (identity.type !== \"admin\") {\n            return false;\n        }\n\n        return this.wcpContext.canUseFolderLevelPermissions();\n    }\n\n    public canUseTeams(): boolean {\n        return this.wcpContext.canUseTeams();\n    }\n\n    public canCreateFolderInRoot(): boolean {\n        const canCreateFolderInRootUseCase = new CanCreateFolderInRoot();\n        return canCreateFolderInRootUseCase.execute();\n    }\n\n    public permissionsIncludeNonInheritedPermissions(permissions: FolderPermission[]): boolean {\n        const checkNotInheritedPermissionsUseCase = new CheckNotInheritedPermissions();\n        return checkNotInheritedPermissionsUseCase.execute(permissions);\n    }\n\n    public async canAccessFolder(params: CanAccessFolderParams): Promise<boolean> {\n        if (\n            !this.canUseFolderLevelPermissions() ||\n            !this.identityContext.isAuthorizationEnabled()\n        ) {\n            return true;\n        }\n\n        const canAccessFolderUseCase = new CanAccessFolder(this.identityContext);\n        return await canAccessFolderUseCase.execute(params);\n    }\n\n    public async canAccessFolderContent(params: CanAccessFolderContentParams): Promise<boolean> {\n        const canUseFlp = this.canUseFolderLevelPermissions();\n        const authEnabled = this.identityContext.isAuthorizationEnabled();\n\n        if (!canUseFlp || !authEnabled) {\n            return true;\n        }\n\n        const canAccessFolderContentUseCase = new CanAccessFolderContent(this.identityContext);\n        return await canAccessFolderContentUseCase.execute(params);\n    }\n\n    public async ensureCanAccessFolder(params: CanAccessFolderParams): Promise<void> {\n        const result = await this.canAccessFolder(params);\n        if (!result) {\n            throw new NotAuthorizedError();\n        }\n    }\n\n    public async ensureCanAccessFolderContent(params: CanAccessFolderContentParams): Promise<void> {\n        const result = await this.canAccessFolderContent(params);\n        if (!result) {\n            throw new NotAuthorizedError();\n        }\n    }\n\n    public async canManageFolderContent(flp: FolderLevelPermission): Promise<boolean> {\n        if (\n            !this.canUseFolderLevelPermissions() ||\n            !this.identityContext.isAuthorizationEnabled()\n        ) {\n            return true;\n        }\n\n        return await this.canAccessFolderContent({ permissions: flp.permissions, rwd: \"w\" });\n    }\n\n    public async canManageFolderStructure(flp: FolderLevelPermission): Promise<boolean> {\n        if (\n            !this.canUseFolderLevelPermissions() ||\n            !this.identityContext.isAuthorizationEnabled()\n        ) {\n            return true;\n        }\n\n        return await this.canAccessFolder({ permissions: flp.permissions, rwd: \"w\" });\n    }\n\n    public async canManageFolderPermissions(flp: FolderLevelPermission): Promise<boolean> {\n        if (!this.canUseFolderLevelPermissions()) {\n            return false;\n        }\n\n        if (!this.identityContext.isAuthorizationEnabled()) {\n            return true;\n        }\n\n        return await this.canAccessFolder({\n            permissions: flp.permissions,\n            rwd: \"w\",\n            managePermissions: true\n        });\n    }\n\n    public getDefaultPermissions(permissions: FolderPermission[]): Promise<FolderPermission[]> {\n        const getDefaultPermissionsUseCase = new GetDefaultPermissions(this.identityContext);\n\n        if (this.canUseTeams()) {\n            const getDefaultPermissionsWithTeams = new GetDefaultPermissionsWithTeams(\n                this.identityContext,\n                this.listUserTeamsUseCase,\n                getDefaultPermissionsUseCase\n            );\n\n            return getDefaultPermissionsWithTeams.execute(permissions);\n        }\n\n        return getDefaultPermissionsUseCase.execute(permissions);\n    }\n\n    public async listFolderLevelPermissions(params: ListFlpsParams): Promise<\n        Array<{\n            id: string;\n            permissions: FolderPermission[];\n        }>\n    > {\n        const flps = await this.listFlpsUseCase.execute(params);\n\n        return Promise.all(\n            flps.map(async flp => ({\n                id: flp.id,\n                permissions: await this.getDefaultPermissions(flp.permissions)\n            }))\n        );\n    }\n\n    public async getFolderLevelPermissions(id: string): Promise<FolderPermission[]> {\n        const flp = await this.getFlpUseCase.execute(id);\n        return await this.getDefaultPermissions(flp?.permissions ?? []);\n    }\n}\n\nexport const FolderLevelPermissions = createImplementation({\n    abstraction: FolderLevelPermissionsAbstraction,\n    implementation: FolderLevelPermissionsImpl,\n    dependencies: [\n        IdentityContext,\n        WcpContext,\n        ListUserTeamsUseCase,\n        GetFlpUseCase,\n        ListFlpsUseCase\n    ]\n});\n"],"mappings":"AAAA,SAASA,oBAAoB,QAAQ,YAAY;AACjD,SAASC,eAAe,QAAQ,6DAA6D;AAC7F,SAASC,UAAU,QAAQ,mDAAmD;AAC9E,SAASC,oBAAoB,QAAQ,wDAAwD;AAC7F,SAASC,kBAAkB,QAAQ,oDAAoD;AACvF,SACIC,eAAe,EACfC,sBAAsB,EAGtBC,qBAAqB,EACrBC,4BAA4B,EAC5BC,qBAAqB,EACrBC,8BAA8B;AAElC,SAASC,sBAAsB,IAAIC,iCAAiC;AAEpE,SAASC,eAAe;AACxB,SAASC,aAAa;AAEtB,MAAMC,0BAA0B,CAAwD;EACpFC,WAAWA,CACCC,eAA0C,EAC1CC,UAAgC,EAChCC,oBAAoD,EACpDC,aAAsC,EACtCC,eAA0C,EACpD;IAAA,KALUJ,eAA0C,GAA1CA,eAA0C;IAAA,KAC1CC,UAAgC,GAAhCA,UAAgC;IAAA,KAChCC,oBAAoD,GAApDA,oBAAoD;IAAA,KACpDC,aAAsC,GAAtCA,aAAsC;IAAA,KACtCC,eAA0C,GAA1CA,eAA0C;EACnD;EAEIC,4BAA4BA,CAACC,OAAiB,EAAW;IAC5D,IAAIA,OAAO,KAAK,KAAK,EAAE;MACnB,OAAO,KAAK;IAChB;IAEA,MAAMC,QAAQ,GAAG,IAAI,CAACP,eAAe,CAACQ,WAAW,CAAC,CAAC;;IAEnD;IACA,IAAI,CAACD,QAAQ,EAAE;MACX,OAAO,KAAK;IAChB;;IAEA;IACA;IACA;IACA,IAAIA,QAAQ,CAACE,IAAI,KAAK,OAAO,EAAE;MAC3B,OAAO,KAAK;IAChB;IAEA,OAAO,IAAI,CAACR,UAAU,CAACI,4BAA4B,CAAC,CAAC;EACzD;EAEOK,WAAWA,CAAA,EAAY;IAC1B,OAAO,IAAI,CAACT,UAAU,CAACS,WAAW,CAAC,CAAC;EACxC;EAEOC,qBAAqBA,CAAA,EAAY;IACpC,MAAMC,4BAA4B,GAAG,IAAItB,qBAAqB,CAAC,CAAC;IAChE,OAAOsB,4BAA4B,CAACC,OAAO,CAAC,CAAC;EACjD;EAEOC,yCAAyCA,CAACC,WAA+B,EAAW;IACvF,MAAMC,mCAAmC,GAAG,IAAIzB,4BAA4B,CAAC,CAAC;IAC9E,OAAOyB,mCAAmC,CAACH,OAAO,CAACE,WAAW,CAAC;EACnE;EAEA,MAAaE,eAAeA,CAACC,MAA6B,EAAoB;IAC1E,IACI,CAAC,IAAI,CAACb,4BAA4B,CAAC,CAAC,IACpC,CAAC,IAAI,CAACL,eAAe,CAACmB,sBAAsB,CAAC,CAAC,EAChD;MACE,OAAO,IAAI;IACf;IAEA,MAAMC,sBAAsB,GAAG,IAAIhC,eAAe,CAAC,IAAI,CAACY,eAAe,CAAC;IACxE,OAAO,MAAMoB,sBAAsB,CAACP,OAAO,CAACK,MAAM,CAAC;EACvD;EAEA,MAAaG,sBAAsBA,CAACH,MAAoC,EAAoB;IACxF,MAAMI,SAAS,GAAG,IAAI,CAACjB,4BAA4B,CAAC,CAAC;IACrD,MAAMkB,WAAW,GAAG,IAAI,CAACvB,eAAe,CAACmB,sBAAsB,CAAC,CAAC;IAEjE,IAAI,CAACG,SAAS,IAAI,CAACC,WAAW,EAAE;MAC5B,OAAO,IAAI;IACf;IAEA,MAAMC,6BAA6B,GAAG,IAAInC,sBAAsB,CAAC,IAAI,CAACW,eAAe,CAAC;IACtF,OAAO,MAAMwB,6BAA6B,CAACX,OAAO,CAACK,MAAM,CAAC;EAC9D;EAEA,MAAaO,qBAAqBA,CAACP,MAA6B,EAAiB;IAC7E,MAAMQ,MAAM,GAAG,MAAM,IAAI,CAACT,eAAe,CAACC,MAAM,CAAC;IACjD,IAAI,CAACQ,MAAM,EAAE;MACT,MAAM,IAAIvC,kBAAkB,CAAC,CAAC;IAClC;EACJ;EAEA,MAAawC,4BAA4BA,CAACT,MAAoC,EAAiB;IAC3F,MAAMQ,MAAM,GAAG,MAAM,IAAI,CAACL,sBAAsB,CAACH,MAAM,CAAC;IACxD,IAAI,CAACQ,MAAM,EAAE;MACT,MAAM,IAAIvC,kBAAkB,CAAC,CAAC;IAClC;EACJ;EAEA,MAAayC,sBAAsBA,CAACC,GAA0B,EAAoB;IAC9E,IACI,CAAC,IAAI,CAACxB,4BAA4B,CAAC,CAAC,IACpC,CAAC,IAAI,CAACL,eAAe,CAACmB,sBAAsB,CAAC,CAAC,EAChD;MACE,OAAO,IAAI;IACf;IAEA,OAAO,MAAM,IAAI,CAACE,sBAAsB,CAAC;MAAEN,WAAW,EAAEc,GAAG,CAACd,WAAW;MAAEe,GAAG,EAAE;IAAI,CAAC,CAAC;EACxF;EAEA,MAAaC,wBAAwBA,CAACF,GAA0B,EAAoB;IAChF,IACI,CAAC,IAAI,CAACxB,4BAA4B,CAAC,CAAC,IACpC,CAAC,IAAI,CAACL,eAAe,CAACmB,sBAAsB,CAAC,CAAC,EAChD;MACE,OAAO,IAAI;IACf;IAEA,OAAO,MAAM,IAAI,CAACF,eAAe,CAAC;MAAEF,WAAW,EAAEc,GAAG,CAACd,WAAW;MAAEe,GAAG,EAAE;IAAI,CAAC,CAAC;EACjF;EAEA,MAAaE,0BAA0BA,CAACH,GAA0B,EAAoB;IAClF,IAAI,CAAC,IAAI,CAACxB,4BAA4B,CAAC,CAAC,EAAE;MACtC,OAAO,KAAK;IAChB;IAEA,IAAI,CAAC,IAAI,CAACL,eAAe,CAACmB,sBAAsB,CAAC,CAAC,EAAE;MAChD,OAAO,IAAI;IACf;IAEA,OAAO,MAAM,IAAI,CAACF,eAAe,CAAC;MAC9BF,WAAW,EAAEc,GAAG,CAACd,WAAW;MAC5Be,GAAG,EAAE,GAAG;MACRG,iBAAiB,EAAE;IACvB,CAAC,CAAC;EACN;EAEOC,qBAAqBA,CAACnB,WAA+B,EAA+B;IACvF,MAAMoB,4BAA4B,GAAG,IAAI3C,qBAAqB,CAAC,IAAI,CAACQ,eAAe,CAAC;IAEpF,IAAI,IAAI,CAACU,WAAW,CAAC,CAAC,EAAE;MACpB,MAAM0B,8BAA8B,GAAG,IAAI3C,8BAA8B,CACrE,IAAI,CAACO,eAAe,EACpB,IAAI,CAACE,oBAAoB,EACzBiC,4BACJ,CAAC;MAED,OAAOC,8BAA8B,CAACvB,OAAO,CAACE,WAAW,CAAC;IAC9D;IAEA,OAAOoB,4BAA4B,CAACtB,OAAO,CAACE,WAAW,CAAC;EAC5D;EAEA,MAAasB,0BAA0BA,CAACnB,MAAsB,EAK5D;IACE,MAAMoB,IAAI,GAAG,MAAM,IAAI,CAAClC,eAAe,CAACS,OAAO,CAACK,MAAM,CAAC;IAEvD,OAAOqB,OAAO,CAACC,GAAG,CACdF,IAAI,CAACG,GAAG,CAAC,MAAMZ,GAAG,KAAK;MACnBa,EAAE,EAAEb,GAAG,CAACa,EAAE;MACV3B,WAAW,EAAE,MAAM,IAAI,CAACmB,qBAAqB,CAACL,GAAG,CAACd,WAAW;IACjE,CAAC,CAAC,CACN,CAAC;EACL;EAEA,MAAa4B,yBAAyBA,CAACD,EAAU,EAA+B;IAC5E,MAAMb,GAAG,GAAG,MAAM,IAAI,CAAC1B,aAAa,CAACU,OAAO,CAAC6B,EAAE,CAAC;IAChD,OAAO,MAAM,IAAI,CAACR,qBAAqB,CAACL,GAAG,EAAEd,WAAW,IAAI,EAAE,CAAC;EACnE;AACJ;AAEA,OAAO,MAAMrB,sBAAsB,GAAGX,oBAAoB,CAAC;EACvD6D,WAAW,EAAEjD,iCAAiC;EAC9CkD,cAAc,EAAE/C,0BAA0B;EAC1CgD,YAAY,EAAE,CACV9D,eAAe,EACfC,UAAU,EACVC,oBAAoB,EACpBW,aAAa,EACbD,eAAe;AAEvB,CAAC,CAAC","ignoreList":[]}
+{"version":3,"file":"features/flp/FolderLevelPermissions/FolderLevelPermissions.js","sources":["../../../../src/features/flp/FolderLevelPermissions/FolderLevelPermissions.ts"],"sourcesContent":["import { createImplementation } from \"@webiny/di\";\nimport { IdentityContext } from \"@webiny/api-core/features/security/IdentityContext/index.js\";\nimport { WcpContext } from \"@webiny/api-core/features/wcp/WcpContext/index.js\";\nimport { ListUserTeamsUseCase } from \"@webiny/api-core/features/users/ListUserTeams/index.js\";\nimport { NotAuthorizedError } from \"@webiny/api-core/features/security/shared/index.js\";\nimport {\n    CanAccessFolder,\n    CanAccessFolderContent,\n    type CanAccessFolderContentParams,\n    type CanAccessFolderParams,\n    CanCreateFolderInRoot,\n    CheckNotInheritedPermissions,\n    GetDefaultPermissions,\n    GetDefaultPermissionsWithTeams\n} from \"./useCases/index.js\";\nimport { FolderLevelPermissions as FolderLevelPermissionsAbstraction } from \"./abstractions.js\";\nimport type { FolderLevelPermission, FolderPermission, ListFlpsParams } from \"~/types.js\";\nimport { ListFlpsUseCase } from \"~/features/flp/ListFlps/index.js\";\nimport { GetFlpUseCase } from \"~/features/flp/GetFlp/index.js\";\n\nclass FolderLevelPermissionsImpl implements FolderLevelPermissionsAbstraction.Interface {\n    constructor(\n        private identityContext: IdentityContext.Interface,\n        private wcpContext: WcpContext.Interface,\n        private listUserTeamsUseCase: ListUserTeamsUseCase.Interface,\n        private getFlpUseCase: GetFlpUseCase.Interface,\n        private listFlpsUseCase: ListFlpsUseCase.Interface\n    ) {}\n\n    public canUseFolderLevelPermissions(enabled?: boolean): boolean {\n        if (enabled === false) {\n            return false;\n        }\n\n        const identity = this.identityContext.getIdentity();\n\n        // FLPs only work with authenticated identities (logged-in users).\n        if (!identity) {\n            return false;\n        }\n\n        // At the moment, we only want FLP to be used with identities of type \"admin\".\n        // This temporarily addresses the issue of API keys not being able to access content, because\n        // FLPs doesn't work with them. Once we start adding FLPs to API keys, we can remove this check.\n        if (identity.type !== \"admin\") {\n            return false;\n        }\n\n        return this.wcpContext.canUseFolderLevelPermissions();\n    }\n\n    public canUseTeams(): boolean {\n        return this.wcpContext.canUseTeams();\n    }\n\n    public canCreateFolderInRoot(): boolean {\n        const canCreateFolderInRootUseCase = new CanCreateFolderInRoot();\n        return canCreateFolderInRootUseCase.execute();\n    }\n\n    public permissionsIncludeNonInheritedPermissions(permissions: FolderPermission[]): boolean {\n        const checkNotInheritedPermissionsUseCase = new CheckNotInheritedPermissions();\n        return checkNotInheritedPermissionsUseCase.execute(permissions);\n    }\n\n    public async canAccessFolder(params: CanAccessFolderParams): Promise<boolean> {\n        if (\n            !this.canUseFolderLevelPermissions() ||\n            !this.identityContext.isAuthorizationEnabled()\n        ) {\n            return true;\n        }\n\n        const canAccessFolderUseCase = new CanAccessFolder(this.identityContext);\n        return await canAccessFolderUseCase.execute(params);\n    }\n\n    public async canAccessFolderContent(params: CanAccessFolderContentParams): Promise<boolean> {\n        const canUseFlp = this.canUseFolderLevelPermissions();\n        const authEnabled = this.identityContext.isAuthorizationEnabled();\n\n        if (!canUseFlp || !authEnabled) {\n            return true;\n        }\n\n        const canAccessFolderContentUseCase = new CanAccessFolderContent(this.identityContext);\n        return await canAccessFolderContentUseCase.execute(params);\n    }\n\n    public async ensureCanAccessFolder(params: CanAccessFolderParams): Promise<void> {\n        const result = await this.canAccessFolder(params);\n        if (!result) {\n            throw new NotAuthorizedError();\n        }\n    }\n\n    public async ensureCanAccessFolderContent(params: CanAccessFolderContentParams): Promise<void> {\n        const result = await this.canAccessFolderContent(params);\n        if (!result) {\n            throw new NotAuthorizedError();\n        }\n    }\n\n    public async canManageFolderContent(flp: FolderLevelPermission): Promise<boolean> {\n        if (\n            !this.canUseFolderLevelPermissions() ||\n            !this.identityContext.isAuthorizationEnabled()\n        ) {\n            return true;\n        }\n\n        return await this.canAccessFolderContent({ permissions: flp.permissions, rwd: \"w\" });\n    }\n\n    public async canManageFolderStructure(flp: FolderLevelPermission): Promise<boolean> {\n        if (\n            !this.canUseFolderLevelPermissions() ||\n            !this.identityContext.isAuthorizationEnabled()\n        ) {\n            return true;\n        }\n\n        return await this.canAccessFolder({ permissions: flp.permissions, rwd: \"w\" });\n    }\n\n    public async canManageFolderPermissions(flp: FolderLevelPermission): Promise<boolean> {\n        if (!this.canUseFolderLevelPermissions()) {\n            return false;\n        }\n\n        if (!this.identityContext.isAuthorizationEnabled()) {\n            return true;\n        }\n\n        return await this.canAccessFolder({\n            permissions: flp.permissions,\n            rwd: \"w\",\n            managePermissions: true\n        });\n    }\n\n    public getDefaultPermissions(permissions: FolderPermission[]): Promise<FolderPermission[]> {\n        const getDefaultPermissionsUseCase = new GetDefaultPermissions(this.identityContext);\n\n        if (this.canUseTeams()) {\n            const getDefaultPermissionsWithTeams = new GetDefaultPermissionsWithTeams(\n                this.identityContext,\n                this.listUserTeamsUseCase,\n                getDefaultPermissionsUseCase\n            );\n\n            return getDefaultPermissionsWithTeams.execute(permissions);\n        }\n\n        return getDefaultPermissionsUseCase.execute(permissions);\n    }\n\n    public async listFolderLevelPermissions(params: ListFlpsParams): Promise<\n        Array<{\n            id: string;\n            permissions: FolderPermission[];\n        }>\n    > {\n        const flps = await this.listFlpsUseCase.execute(params);\n\n        return Promise.all(\n            flps.map(async flp => ({\n                id: flp.id,\n                permissions: await this.getDefaultPermissions(flp.permissions)\n            }))\n        );\n    }\n\n    public async getFolderLevelPermissions(id: string): Promise<FolderPermission[]> {\n        const flp = await this.getFlpUseCase.execute(id);\n        return await this.getDefaultPermissions(flp?.permissions ?? []);\n    }\n}\n\nexport const FolderLevelPermissions = createImplementation({\n    abstraction: FolderLevelPermissionsAbstraction,\n    implementation: FolderLevelPermissionsImpl,\n    dependencies: [\n        IdentityContext,\n        WcpContext,\n        ListUserTeamsUseCase,\n        GetFlpUseCase,\n        ListFlpsUseCase\n    ]\n});\n"],"names":["FolderLevelPermissionsImpl","identityContext","wcpContext","listUserTeamsUseCase","getFlpUseCase","listFlpsUseCase","enabled","identity","canCreateFolderInRootUseCase","CanCreateFolderInRoot","permissions","checkNotInheritedPermissionsUseCase","CheckNotInheritedPermissions","params","canAccessFolderUseCase","CanAccessFolder","canUseFlp","authEnabled","canAccessFolderContentUseCase","CanAccessFolderContent","result","NotAuthorizedError","flp","getDefaultPermissionsUseCase","GetDefaultPermissions","getDefaultPermissionsWithTeams","GetDefaultPermissionsWithTeams","flps","Promise","id","FolderLevelPermissions","createImplementation","FolderLevelPermissionsAbstraction","IdentityContext","WcpContext","ListUserTeamsUseCase","GetFlpUseCase","ListFlpsUseCase"],"mappings":";;;;;;;;;AAoBA,MAAMA;IACF,YACYC,eAA0C,EAC1CC,UAAgC,EAChCC,oBAAoD,EACpDC,aAAsC,EACtCC,eAA0C,CACpD;aALUJ,eAAe,GAAfA;aACAC,UAAU,GAAVA;aACAC,oBAAoB,GAApBA;aACAC,aAAa,GAAbA;aACAC,eAAe,GAAfA;IACT;IAEI,6BAA6BC,OAAiB,EAAW;QAC5D,IAAIA,AAAY,UAAZA,SACA,OAAO;QAGX,MAAMC,WAAW,IAAI,CAAC,eAAe,CAAC,WAAW;QAGjD,IAAI,CAACA,UACD,OAAO;QAMX,IAAIA,AAAkB,YAAlBA,SAAS,IAAI,EACb,OAAO;QAGX,OAAO,IAAI,CAAC,UAAU,CAAC,4BAA4B;IACvD;IAEO,cAAuB;QAC1B,OAAO,IAAI,CAAC,UAAU,CAAC,WAAW;IACtC;IAEO,wBAAiC;QACpC,MAAMC,+BAA+B,IAAIC;QACzC,OAAOD,6BAA6B,OAAO;IAC/C;IAEO,0CAA0CE,WAA+B,EAAW;QACvF,MAAMC,sCAAsC,IAAIC;QAChD,OAAOD,oCAAoC,OAAO,CAACD;IACvD;IAEA,MAAa,gBAAgBG,MAA6B,EAAoB;QAC1E,IACI,CAAC,IAAI,CAAC,4BAA4B,MAClC,CAAC,IAAI,CAAC,eAAe,CAAC,sBAAsB,IAE5C,OAAO;QAGX,MAAMC,yBAAyB,IAAIC,gBAAgB,IAAI,CAAC,eAAe;QACvE,OAAO,MAAMD,uBAAuB,OAAO,CAACD;IAChD;IAEA,MAAa,uBAAuBA,MAAoC,EAAoB;QACxF,MAAMG,YAAY,IAAI,CAAC,4BAA4B;QACnD,MAAMC,cAAc,IAAI,CAAC,eAAe,CAAC,sBAAsB;QAE/D,IAAI,CAACD,aAAa,CAACC,aACf,OAAO;QAGX,MAAMC,gCAAgC,IAAIC,uBAAuB,IAAI,CAAC,eAAe;QACrF,OAAO,MAAMD,8BAA8B,OAAO,CAACL;IACvD;IAEA,MAAa,sBAAsBA,MAA6B,EAAiB;QAC7E,MAAMO,SAAS,MAAM,IAAI,CAAC,eAAe,CAACP;QAC1C,IAAI,CAACO,QACD,MAAM,IAAIC;IAElB;IAEA,MAAa,6BAA6BR,MAAoC,EAAiB;QAC3F,MAAMO,SAAS,MAAM,IAAI,CAAC,sBAAsB,CAACP;QACjD,IAAI,CAACO,QACD,MAAM,IAAIC;IAElB;IAEA,MAAa,uBAAuBC,GAA0B,EAAoB;QAC9E,IACI,CAAC,IAAI,CAAC,4BAA4B,MAClC,CAAC,IAAI,CAAC,eAAe,CAAC,sBAAsB,IAE5C,OAAO;QAGX,OAAO,MAAM,IAAI,CAAC,sBAAsB,CAAC;YAAE,aAAaA,IAAI,WAAW;YAAE,KAAK;QAAI;IACtF;IAEA,MAAa,yBAAyBA,GAA0B,EAAoB;QAChF,IACI,CAAC,IAAI,CAAC,4BAA4B,MAClC,CAAC,IAAI,CAAC,eAAe,CAAC,sBAAsB,IAE5C,OAAO;QAGX,OAAO,MAAM,IAAI,CAAC,eAAe,CAAC;YAAE,aAAaA,IAAI,WAAW;YAAE,KAAK;QAAI;IAC/E;IAEA,MAAa,2BAA2BA,GAA0B,EAAoB;QAClF,IAAI,CAAC,IAAI,CAAC,4BAA4B,IAClC,OAAO;QAGX,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,sBAAsB,IAC5C,OAAO;QAGX,OAAO,MAAM,IAAI,CAAC,eAAe,CAAC;YAC9B,aAAaA,IAAI,WAAW;YAC5B,KAAK;YACL,mBAAmB;QACvB;IACJ;IAEO,sBAAsBZ,WAA+B,EAA+B;QACvF,MAAMa,+BAA+B,IAAIC,sBAAsB,IAAI,CAAC,eAAe;QAEnF,IAAI,IAAI,CAAC,WAAW,IAAI;YACpB,MAAMC,iCAAiC,IAAIC,+BACvC,IAAI,CAAC,eAAe,EACpB,IAAI,CAAC,oBAAoB,EACzBH;YAGJ,OAAOE,+BAA+B,OAAO,CAACf;QAClD;QAEA,OAAOa,6BAA6B,OAAO,CAACb;IAChD;IAEA,MAAa,2BAA2BG,MAAsB,EAK5D;QACE,MAAMc,OAAO,MAAM,IAAI,CAAC,eAAe,CAAC,OAAO,CAACd;QAEhD,OAAOe,QAAQ,GAAG,CACdD,KAAK,GAAG,CAAC,OAAML,MAAQ;gBACnB,IAAIA,IAAI,EAAE;gBACV,aAAa,MAAM,IAAI,CAAC,qBAAqB,CAACA,IAAI,WAAW;YACjE;IAER;IAEA,MAAa,0BAA0BO,EAAU,EAA+B;QAC5E,MAAMP,MAAM,MAAM,IAAI,CAAC,aAAa,CAAC,OAAO,CAACO;QAC7C,OAAO,MAAM,IAAI,CAAC,qBAAqB,CAACP,KAAK,eAAe,EAAE;IAClE;AACJ;AAEO,MAAMQ,gDAAyBC,qBAAqB;IACvD,aAAaC;IACb,gBAAgBhC;IAChB,cAAc;QACViC;QACAC;QACAC;QACAC;QACAC;KACH;AACL"}

package/features/flp/FolderLevelPermissions/abstractions.js

@@ -1,5 +1,5 @@
 import { createAbstraction } from "@webiny/feature/api";
-/** Manage folder-level access control. */
-export const FolderLevelPermissions = createAbstraction("FolderLevelPermissions");
+const FolderLevelPermissions = createAbstraction("FolderLevelPermissions");
+export { FolderLevelPermissions };
 
 //# sourceMappingURL=abstractions.js.map

package/features/flp/FolderLevelPermissions/abstractions.js.map

@@ -1 +1 @@
-{"version":3,"names":["createAbstraction","FolderLevelPermissions"],"sources":["abstractions.ts"],"sourcesContent":["import { createAbstraction } from \"@webiny/feature/api\";\nimport type { CanAccessFolderContentParams, CanAccessFolderParams } from \"./useCases/index.js\";\nimport type { FolderLevelPermission, FolderPermission, ListFlpsParams } from \"~/types.js\";\n\nexport interface IFolderLevelPermissions {\n    canUseFolderLevelPermissions(enabled?: boolean): boolean;\n    canUseTeams(): boolean;\n    canCreateFolderInRoot(): boolean;\n    permissionsIncludeNonInheritedPermissions(permissions: FolderPermission[]): boolean;\n    canAccessFolder(params: CanAccessFolderParams): Promise<boolean>;\n    canAccessFolderContent(params: CanAccessFolderContentParams): Promise<boolean>;\n    ensureCanAccessFolder(params: CanAccessFolderParams): Promise<void>;\n    ensureCanAccessFolderContent(params: CanAccessFolderContentParams): Promise<void>;\n    canManageFolderContent(flp: FolderLevelPermission): Promise<boolean>;\n    canManageFolderStructure(flp: FolderLevelPermission): Promise<boolean>;\n    canManageFolderPermissions(flp: FolderLevelPermission): Promise<boolean>;\n    getDefaultPermissions(permissions: FolderPermission[]): Promise<FolderPermission[]>;\n    listFolderLevelPermissions(params: ListFlpsParams): Promise<\n        Array<{\n            id: string;\n            permissions: FolderPermission[];\n        }>\n    >;\n    getFolderLevelPermissions(id: string): Promise<FolderPermission[]>;\n}\n\n/** Manage folder-level access control. */\nexport const FolderLevelPermissions =\n    createAbstraction<IFolderLevelPermissions>(\"FolderLevelPermissions\");\n\nexport namespace FolderLevelPermissions {\n    export type Interface = IFolderLevelPermissions;\n}\n"],"mappings":"AAAA,SAASA,iBAAiB,QAAQ,qBAAqB;AA0BvD;AACA,OAAO,MAAMC,sBAAsB,GAC/BD,iBAAiB,CAA0B,wBAAwB,CAAC","ignoreList":[]}
+{"version":3,"file":"features/flp/FolderLevelPermissions/abstractions.js","sources":["../../../../src/features/flp/FolderLevelPermissions/abstractions.ts"],"sourcesContent":["import { createAbstraction } from \"@webiny/feature/api\";\nimport type { CanAccessFolderContentParams, CanAccessFolderParams } from \"./useCases/index.js\";\nimport type { FolderLevelPermission, FolderPermission, ListFlpsParams } from \"~/types.js\";\n\nexport interface IFolderLevelPermissions {\n    canUseFolderLevelPermissions(enabled?: boolean): boolean;\n    canUseTeams(): boolean;\n    canCreateFolderInRoot(): boolean;\n    permissionsIncludeNonInheritedPermissions(permissions: FolderPermission[]): boolean;\n    canAccessFolder(params: CanAccessFolderParams): Promise<boolean>;\n    canAccessFolderContent(params: CanAccessFolderContentParams): Promise<boolean>;\n    ensureCanAccessFolder(params: CanAccessFolderParams): Promise<void>;\n    ensureCanAccessFolderContent(params: CanAccessFolderContentParams): Promise<void>;\n    canManageFolderContent(flp: FolderLevelPermission): Promise<boolean>;\n    canManageFolderStructure(flp: FolderLevelPermission): Promise<boolean>;\n    canManageFolderPermissions(flp: FolderLevelPermission): Promise<boolean>;\n    getDefaultPermissions(permissions: FolderPermission[]): Promise<FolderPermission[]>;\n    listFolderLevelPermissions(params: ListFlpsParams): Promise<\n        Array<{\n            id: string;\n            permissions: FolderPermission[];\n        }>\n    >;\n    getFolderLevelPermissions(id: string): Promise<FolderPermission[]>;\n}\n\n/** Manage folder-level access control. */\nexport const FolderLevelPermissions =\n    createAbstraction<IFolderLevelPermissions>(\"FolderLevelPermissions\");\n\nexport namespace FolderLevelPermissions {\n    export type Interface = IFolderLevelPermissions;\n}\n"],"names":["FolderLevelPermissions","createAbstraction"],"mappings":";AA2BO,MAAMA,yBACTC,kBAA2C"}

package/features/flp/FolderLevelPermissions/feature.js

@@ -1,10 +1,11 @@
 import { createFeature } from "@webiny/feature/api";
 import { FolderLevelPermissions } from "./FolderLevelPermissions.js";
-export const FolderLevelPermissionsFeature = createFeature({
-  name: "FolderLevelPermissions",
-  register(container) {
-    container.register(FolderLevelPermissions);
-  }
+const FolderLevelPermissionsFeature = createFeature({
+    name: "FolderLevelPermissions",
+    register (container) {
+        container.register(FolderLevelPermissions);
+    }
 });
+export { FolderLevelPermissionsFeature };
 
 //# sourceMappingURL=feature.js.map

package/features/flp/FolderLevelPermissions/feature.js.map

@@ -1 +1 @@
-{"version":3,"names":["createFeature","FolderLevelPermissions","FolderLevelPermissionsFeature","name","register","container"],"sources":["feature.ts"],"sourcesContent":["import { createFeature } from \"@webiny/feature/api\";\nimport type { Container } from \"@webiny/di\";\nimport { FolderLevelPermissions } from \"./FolderLevelPermissions.js\";\n\nexport const FolderLevelPermissionsFeature = createFeature({\n    name: \"FolderLevelPermissions\",\n    register(container: Container) {\n        container.register(FolderLevelPermissions);\n    }\n});\n"],"mappings":"AAAA,SAASA,aAAa,QAAQ,qBAAqB;AAEnD,SAASC,sBAAsB;AAE/B,OAAO,MAAMC,6BAA6B,GAAGF,aAAa,CAAC;EACvDG,IAAI,EAAE,wBAAwB;EAC9BC,QAAQA,CAACC,SAAoB,EAAE;IAC3BA,SAAS,CAACD,QAAQ,CAACH,sBAAsB,CAAC;EAC9C;AACJ,CAAC,CAAC","ignoreList":[]}
+{"version":3,"file":"features/flp/FolderLevelPermissions/feature.js","sources":["../../../../src/features/flp/FolderLevelPermissions/feature.ts"],"sourcesContent":["import { createFeature } from \"@webiny/feature/api\";\nimport type { Container } from \"@webiny/di\";\nimport { FolderLevelPermissions } from \"./FolderLevelPermissions.js\";\n\nexport const FolderLevelPermissionsFeature = createFeature({\n    name: \"FolderLevelPermissions\",\n    register(container: Container) {\n        container.register(FolderLevelPermissions);\n    }\n});\n"],"names":["FolderLevelPermissionsFeature","createFeature","container","FolderLevelPermissions"],"mappings":";;AAIO,MAAMA,gCAAgCC,cAAc;IACvD,MAAM;IACN,UAASC,SAAoB;QACzBA,UAAU,QAAQ,CAACC;IACvB;AACJ"}

package/features/flp/FolderLevelPermissions/index.js

@@ -1,4 +1,2 @@
 export { FolderLevelPermissionsFeature } from "./feature.js";
 export { FolderLevelPermissions } from "./abstractions.js";
-
-//# sourceMappingURL=index.js.map

package/features/flp/FolderLevelPermissions/useCases/CanAccessFolder/CanAccessFolder.js

@@ -1,41 +1,19 @@
-export class CanAccessFolder {
-  constructor(identityContext) {
-    this.identityContext = identityContext;
-  }
-  async execute({
-    permissions = [],
-    rwd,
-    managePermissions
-  }) {
-    if (!permissions.length) {
-      return true;
+class CanAccessFolder {
+    constructor(identityContext){
+        this.identityContext = identityContext;
     }
-    const identity = this.identityContext.getIdentity();
-    const currentIdentityPermission = permissions.find(p => {
-      return p.target === `admin:${identity.id}`;
-    });
-    if (!currentIdentityPermission) {
-      return false;
+    async execute({ permissions = [], rwd, managePermissions }) {
+        if (!permissions.length) return true;
+        const identity = this.identityContext.getIdentity();
+        const currentIdentityPermission = permissions.find((p)=>p.target === `admin:${identity.id}`);
+        if (!currentIdentityPermission) return false;
+        const { level } = currentIdentityPermission;
+        if (managePermissions) return "owner" === level;
+        if ("no-access" === level) return false;
+        if ("r" !== rwd) return "owner" === level || "editor" === level || "public" === level;
+        return true;
     }
-    const {
-      level
-    } = currentIdentityPermission;
-    if (managePermissions) {
-      return level === "owner";
-    }
-
-    // If the user has a `no-access` level, they are explicitly denied access to the current folder.
-    if (level === "no-access") {
-      return false;
-    }
-
-    // Checking for "write" or "delete" access. Allow only if the
-    // user is has `owner` or `editor` level or the folder is public (no FLP assigned).
-    if (rwd !== "r") {
-      return level === "owner" || level === "editor" || level === "public";
-    }
-    return true;
-  }
 }
+export { CanAccessFolder };
 
 //# sourceMappingURL=CanAccessFolder.js.map

package/features/flp/FolderLevelPermissions/useCases/CanAccessFolder/CanAccessFolder.js.map

@@ -1 +1 @@
-{"version":3,"names":["CanAccessFolder","constructor","identityContext","execute","permissions","rwd","managePermissions","length","identity","getIdentity","currentIdentityPermission","find","p","target","id","level"],"sources":["CanAccessFolder.ts"],"sourcesContent":["import { IdentityContext } from \"@webiny/api-core/features/security/IdentityContext/index.js\";\nimport type { CanAccessFolderParams, ICanAccessFolder } from \"./ICanAccessFolder.js\";\n\nexport class CanAccessFolder implements ICanAccessFolder {\n    constructor(private identityContext: IdentityContext.Interface) {}\n\n    async execute({ permissions = [], rwd, managePermissions }: CanAccessFolderParams) {\n        if (!permissions.length) {\n            return true;\n        }\n\n        const identity = this.identityContext.getIdentity();\n        const currentIdentityPermission = permissions.find(p => {\n            return p.target === `admin:${identity.id}`;\n        });\n\n        if (!currentIdentityPermission) {\n            return false;\n        }\n\n        const { level } = currentIdentityPermission;\n\n        if (managePermissions) {\n            return level === \"owner\";\n        }\n\n        // If the user has a `no-access` level, they are explicitly denied access to the current folder.\n        if (level === \"no-access\") {\n            return false;\n        }\n\n        // Checking for \"write\" or \"delete\" access. Allow only if the\n        // user is has `owner` or `editor` level or the folder is public (no FLP assigned).\n        if (rwd !== \"r\") {\n            return level === \"owner\" || level === \"editor\" || level === \"public\";\n        }\n\n        return true;\n    }\n}\n"],"mappings":"AAGA,OAAO,MAAMA,eAAe,CAA6B;EACrDC,WAAWA,CAASC,eAA0C,EAAE;IAAA,KAA5CA,eAA0C,GAA1CA,eAA0C;EAAG;EAEjE,MAAMC,OAAOA,CAAC;IAAEC,WAAW,GAAG,EAAE;IAAEC,GAAG;IAAEC;EAAyC,CAAC,EAAE;IAC/E,IAAI,CAACF,WAAW,CAACG,MAAM,EAAE;MACrB,OAAO,IAAI;IACf;IAEA,MAAMC,QAAQ,GAAG,IAAI,CAACN,eAAe,CAACO,WAAW,CAAC,CAAC;IACnD,MAAMC,yBAAyB,GAAGN,WAAW,CAACO,IAAI,CAACC,CAAC,IAAI;MACpD,OAAOA,CAAC,CAACC,MAAM,KAAK,SAASL,QAAQ,CAACM,EAAE,EAAE;IAC9C,CAAC,CAAC;IAEF,IAAI,CAACJ,yBAAyB,EAAE;MAC5B,OAAO,KAAK;IAChB;IAEA,MAAM;MAAEK;IAAM,CAAC,GAAGL,yBAAyB;IAE3C,IAAIJ,iBAAiB,EAAE;MACnB,OAAOS,KAAK,KAAK,OAAO;IAC5B;;IAEA;IACA,IAAIA,KAAK,KAAK,WAAW,EAAE;MACvB,OAAO,KAAK;IAChB;;IAEA;IACA;IACA,IAAIV,GAAG,KAAK,GAAG,EAAE;MACb,OAAOU,KAAK,KAAK,OAAO,IAAIA,KAAK,KAAK,QAAQ,IAAIA,KAAK,KAAK,QAAQ;IACxE;IAEA,OAAO,IAAI;EACf;AACJ","ignoreList":[]}
+{"version":3,"file":"features/flp/FolderLevelPermissions/useCases/CanAccessFolder/CanAccessFolder.js","sources":["../../../../../../src/features/flp/FolderLevelPermissions/useCases/CanAccessFolder/CanAccessFolder.ts"],"sourcesContent":["import { IdentityContext } from \"@webiny/api-core/features/security/IdentityContext/index.js\";\nimport type { CanAccessFolderParams, ICanAccessFolder } from \"./ICanAccessFolder.js\";\n\nexport class CanAccessFolder implements ICanAccessFolder {\n    constructor(private identityContext: IdentityContext.Interface) {}\n\n    async execute({ permissions = [], rwd, managePermissions }: CanAccessFolderParams) {\n        if (!permissions.length) {\n            return true;\n        }\n\n        const identity = this.identityContext.getIdentity();\n        const currentIdentityPermission = permissions.find(p => {\n            return p.target === `admin:${identity.id}`;\n        });\n\n        if (!currentIdentityPermission) {\n            return false;\n        }\n\n        const { level } = currentIdentityPermission;\n\n        if (managePermissions) {\n            return level === \"owner\";\n        }\n\n        // If the user has a `no-access` level, they are explicitly denied access to the current folder.\n        if (level === \"no-access\") {\n            return false;\n        }\n\n        // Checking for \"write\" or \"delete\" access. Allow only if the\n        // user is has `owner` or `editor` level or the folder is public (no FLP assigned).\n        if (rwd !== \"r\") {\n            return level === \"owner\" || level === \"editor\" || level === \"public\";\n        }\n\n        return true;\n    }\n}\n"],"names":["CanAccessFolder","identityContext","permissions","rwd","managePermissions","identity","currentIdentityPermission","p","level"],"mappings":"AAGO,MAAMA;IACT,YAAoBC,eAA0C,CAAE;aAA5CA,eAAe,GAAfA;IAA6C;IAEjE,MAAM,QAAQ,EAAEC,cAAc,EAAE,EAAEC,GAAG,EAAEC,iBAAiB,EAAyB,EAAE;QAC/E,IAAI,CAACF,YAAY,MAAM,EACnB,OAAO;QAGX,MAAMG,WAAW,IAAI,CAAC,eAAe,CAAC,WAAW;QACjD,MAAMC,4BAA4BJ,YAAY,IAAI,CAACK,CAAAA,IACxCA,EAAE,MAAM,KAAK,CAAC,MAAM,EAAEF,SAAS,EAAE,EAAE;QAG9C,IAAI,CAACC,2BACD,OAAO;QAGX,MAAM,EAAEE,KAAK,EAAE,GAAGF;QAElB,IAAIF,mBACA,OAAOI,AAAU,YAAVA;QAIX,IAAIA,AAAU,gBAAVA,OACA,OAAO;QAKX,IAAIL,AAAQ,QAARA,KACA,OAAOK,AAAU,YAAVA,SAAqBA,AAAU,aAAVA,SAAsBA,AAAU,aAAVA;QAGtD,OAAO;IACX;AACJ"}

package/features/flp/FolderLevelPermissions/useCases/CanAccessFolder/ICanAccessFolder.js

@@ -1,3 +0,0 @@
-export {};
-
-//# sourceMappingURL=ICanAccessFolder.js.map

package/features/flp/FolderLevelPermissions/useCases/CanAccessFolder/index.js

@@ -1,3 +1 @@
 export * from "./CanAccessFolder.js";
-
-//# sourceMappingURL=index.js.map

package/features/flp/FolderLevelPermissions/useCases/CanAccessFolderContent/CanAccessFolderContent.js

@@ -1,34 +1,17 @@
-export class CanAccessFolderContent {
-  constructor(identityContext) {
-    this.identityContext = identityContext;
-  }
-  async execute({
-    permissions = [],
-    rwd
-  }) {
-    const identity = this.identityContext.getIdentity();
-    const currentIdentityPermission = permissions.find(p => {
-      return p.target === `admin:${identity.id}`;
-    });
-    if (!currentIdentityPermission) {
-      return false;
+class CanAccessFolderContent {
+    constructor(identityContext){
+        this.identityContext = identityContext;
     }
-    const {
-      level
-    } = currentIdentityPermission;
-
-    // If the user has a `no-access` level, they are explicitly denied access to the current folder.
-    if (level === "no-access") {
-      return false;
-    }
-
-    // If the user is not an owner and we're checking for "write" or
-    // "delete" access, then we can immediately return false.
-    if (rwd !== "r") {
-      return level !== "viewer";
+    async execute({ permissions = [], rwd }) {
+        const identity = this.identityContext.getIdentity();
+        const currentIdentityPermission = permissions.find((p)=>p.target === `admin:${identity.id}`);
+        if (!currentIdentityPermission) return false;
+        const { level } = currentIdentityPermission;
+        if ("no-access" === level) return false;
+        if ("r" !== rwd) return "viewer" !== level;
+        return true;
     }
-    return true;
-  }
 }
+export { CanAccessFolderContent };
 
 //# sourceMappingURL=CanAccessFolderContent.js.map

package/features/flp/FolderLevelPermissions/useCases/CanAccessFolderContent/CanAccessFolderContent.js.map

@@ -1 +1 @@
-{"version":3,"names":["CanAccessFolderContent","constructor","identityContext","execute","permissions","rwd","identity","getIdentity","currentIdentityPermission","find","p","target","id","level"],"sources":["CanAccessFolderContent.ts"],"sourcesContent":["import type { IdentityContext } from \"@webiny/api-core/features/security/IdentityContext/index.js\";\nimport type {\n    CanAccessFolderContentParams,\n    ICanAccessFolderContent\n} from \"./ICanAccessFolderContent.js\";\n\nexport class CanAccessFolderContent implements ICanAccessFolderContent {\n    constructor(private identityContext: IdentityContext.Interface) {}\n\n    async execute({ permissions = [], rwd }: CanAccessFolderContentParams) {\n        const identity = this.identityContext.getIdentity();\n\n        const currentIdentityPermission = permissions.find(p => {\n            return p.target === `admin:${identity.id}`;\n        });\n\n        if (!currentIdentityPermission) {\n            return false;\n        }\n\n        const { level } = currentIdentityPermission;\n\n        // If the user has a `no-access` level, they are explicitly denied access to the current folder.\n        if (level === \"no-access\") {\n            return false;\n        }\n\n        // If the user is not an owner and we're checking for \"write\" or\n        // \"delete\" access, then we can immediately return false.\n        if (rwd !== \"r\") {\n            return level !== \"viewer\";\n        }\n\n        return true;\n    }\n}\n"],"mappings":"AAMA,OAAO,MAAMA,sBAAsB,CAAoC;EACnEC,WAAWA,CAASC,eAA0C,EAAE;IAAA,KAA5CA,eAA0C,GAA1CA,eAA0C;EAAG;EAEjE,MAAMC,OAAOA,CAAC;IAAEC,WAAW,GAAG,EAAE;IAAEC;EAAkC,CAAC,EAAE;IACnE,MAAMC,QAAQ,GAAG,IAAI,CAACJ,eAAe,CAACK,WAAW,CAAC,CAAC;IAEnD,MAAMC,yBAAyB,GAAGJ,WAAW,CAACK,IAAI,CAACC,CAAC,IAAI;MACpD,OAAOA,CAAC,CAACC,MAAM,KAAK,SAASL,QAAQ,CAACM,EAAE,EAAE;IAC9C,CAAC,CAAC;IAEF,IAAI,CAACJ,yBAAyB,EAAE;MAC5B,OAAO,KAAK;IAChB;IAEA,MAAM;MAAEK;IAAM,CAAC,GAAGL,yBAAyB;;IAE3C;IACA,IAAIK,KAAK,KAAK,WAAW,EAAE;MACvB,OAAO,KAAK;IAChB;;IAEA;IACA;IACA,IAAIR,GAAG,KAAK,GAAG,EAAE;MACb,OAAOQ,KAAK,KAAK,QAAQ;IAC7B;IAEA,OAAO,IAAI;EACf;AACJ","ignoreList":[]}
+{"version":3,"file":"features/flp/FolderLevelPermissions/useCases/CanAccessFolderContent/CanAccessFolderContent.js","sources":["../../../../../../src/features/flp/FolderLevelPermissions/useCases/CanAccessFolderContent/CanAccessFolderContent.ts"],"sourcesContent":["import type { IdentityContext } from \"@webiny/api-core/features/security/IdentityContext/index.js\";\nimport type {\n    CanAccessFolderContentParams,\n    ICanAccessFolderContent\n} from \"./ICanAccessFolderContent.js\";\n\nexport class CanAccessFolderContent implements ICanAccessFolderContent {\n    constructor(private identityContext: IdentityContext.Interface) {}\n\n    async execute({ permissions = [], rwd }: CanAccessFolderContentParams) {\n        const identity = this.identityContext.getIdentity();\n\n        const currentIdentityPermission = permissions.find(p => {\n            return p.target === `admin:${identity.id}`;\n        });\n\n        if (!currentIdentityPermission) {\n            return false;\n        }\n\n        const { level } = currentIdentityPermission;\n\n        // If the user has a `no-access` level, they are explicitly denied access to the current folder.\n        if (level === \"no-access\") {\n            return false;\n        }\n\n        // If the user is not an owner and we're checking for \"write\" or\n        // \"delete\" access, then we can immediately return false.\n        if (rwd !== \"r\") {\n            return level !== \"viewer\";\n        }\n\n        return true;\n    }\n}\n"],"names":["CanAccessFolderContent","identityContext","permissions","rwd","identity","currentIdentityPermission","p","level"],"mappings":"AAMO,MAAMA;IACT,YAAoBC,eAA0C,CAAE;aAA5CA,eAAe,GAAfA;IAA6C;IAEjE,MAAM,QAAQ,EAAEC,cAAc,EAAE,EAAEC,GAAG,EAAgC,EAAE;QACnE,MAAMC,WAAW,IAAI,CAAC,eAAe,CAAC,WAAW;QAEjD,MAAMC,4BAA4BH,YAAY,IAAI,CAACI,CAAAA,IACxCA,EAAE,MAAM,KAAK,CAAC,MAAM,EAAEF,SAAS,EAAE,EAAE;QAG9C,IAAI,CAACC,2BACD,OAAO;QAGX,MAAM,EAAEE,KAAK,EAAE,GAAGF;QAGlB,IAAIE,AAAU,gBAAVA,OACA,OAAO;QAKX,IAAIJ,AAAQ,QAARA,KACA,OAAOI,AAAU,aAAVA;QAGX,OAAO;IACX;AACJ"}

package/features/flp/FolderLevelPermissions/useCases/CanAccessFolderContent/ICanAccessFolderContent.js

@@ -1,3 +0,0 @@
-export {};
-
-//# sourceMappingURL=ICanAccessFolderContent.js.map

package/features/flp/FolderLevelPermissions/useCases/CanAccessFolderContent/index.js

@@ -1,3 +1 @@
 export * from "./CanAccessFolderContent.js";
-
-//# sourceMappingURL=index.js.map

package/features/flp/FolderLevelPermissions/useCases/CanCreateFolderInRoot/CanCreateFolderInRoot.js

@@ -1,7 +1,8 @@
-export class CanCreateFolderInRoot {
-  execute() {
-    return true;
-  }
+class CanCreateFolderInRoot {
+    execute() {
+        return true;
+    }
 }
+export { CanCreateFolderInRoot };
 
 //# sourceMappingURL=CanCreateFolderInRoot.js.map

package/features/flp/FolderLevelPermissions/useCases/CanCreateFolderInRoot/CanCreateFolderInRoot.js.map

@@ -1 +1 @@
-{"version":3,"names":["CanCreateFolderInRoot","execute"],"sources":["CanCreateFolderInRoot.ts"],"sourcesContent":["import type { ICanCreateFolderInRoot } from \"./ICanCreateFolderInRoot.js\";\n\nexport class CanCreateFolderInRoot implements ICanCreateFolderInRoot {\n    execute() {\n        return true;\n    }\n}\n"],"mappings":"AAEA,OAAO,MAAMA,qBAAqB,CAAmC;EACjEC,OAAOA,CAAA,EAAG;IACN,OAAO,IAAI;EACf;AACJ","ignoreList":[]}
+{"version":3,"file":"features/flp/FolderLevelPermissions/useCases/CanCreateFolderInRoot/CanCreateFolderInRoot.js","sources":["../../../../../../src/features/flp/FolderLevelPermissions/useCases/CanCreateFolderInRoot/CanCreateFolderInRoot.ts"],"sourcesContent":["import type { ICanCreateFolderInRoot } from \"./ICanCreateFolderInRoot.js\";\n\nexport class CanCreateFolderInRoot implements ICanCreateFolderInRoot {\n    execute() {\n        return true;\n    }\n}\n"],"names":["CanCreateFolderInRoot"],"mappings":"AAEO,MAAMA;IACT,UAAU;QACN,OAAO;IACX;AACJ"}

package/features/flp/FolderLevelPermissions/useCases/CanCreateFolderInRoot/ICanCreateFolderInRoot.js

@@ -1,3 +0,0 @@
-export {};
-
-//# sourceMappingURL=ICanCreateFolderInRoot.js.map

package/features/flp/FolderLevelPermissions/useCases/CanCreateFolderInRoot/index.js

@@ -1,3 +1 @@
 export * from "./CanCreateFolderInRoot.js";
-
-//# sourceMappingURL=index.js.map

package/features/flp/FolderLevelPermissions/useCases/CheckNotInheritedPermissions/CheckNotInheritedPermissions.js

@@ -1,7 +1,8 @@
-export class CheckNotInheritedPermissions {
-  execute(permissions) {
-    return permissions.some(p => !p.inheritedFrom);
-  }
+class CheckNotInheritedPermissions {
+    execute(permissions) {
+        return permissions.some((p)=>!p.inheritedFrom);
+    }
 }
+export { CheckNotInheritedPermissions };
 
 //# sourceMappingURL=CheckNotInheritedPermissions.js.map

package/features/flp/FolderLevelPermissions/useCases/CheckNotInheritedPermissions/CheckNotInheritedPermissions.js.map

@@ -1 +1 @@
-{"version":3,"names":["CheckNotInheritedPermissions","execute","permissions","some","p","inheritedFrom"],"sources":["CheckNotInheritedPermissions.ts"],"sourcesContent":["import type { ICheckNotInheritedPermissions } from \"./ICheckNotInheritedPermissions.js\";\nimport type { FolderPermission } from \"~/flp/flp.types.js\";\n\nexport class CheckNotInheritedPermissions implements ICheckNotInheritedPermissions {\n    execute(permissions: FolderPermission[]) {\n        return permissions.some(p => !p.inheritedFrom);\n    }\n}\n"],"mappings":"AAGA,OAAO,MAAMA,4BAA4B,CAA0C;EAC/EC,OAAOA,CAACC,WAA+B,EAAE;IACrC,OAAOA,WAAW,CAACC,IAAI,CAACC,CAAC,IAAI,CAACA,CAAC,CAACC,aAAa,CAAC;EAClD;AACJ","ignoreList":[]}
+{"version":3,"file":"features/flp/FolderLevelPermissions/useCases/CheckNotInheritedPermissions/CheckNotInheritedPermissions.js","sources":["../../../../../../src/features/flp/FolderLevelPermissions/useCases/CheckNotInheritedPermissions/CheckNotInheritedPermissions.ts"],"sourcesContent":["import type { ICheckNotInheritedPermissions } from \"./ICheckNotInheritedPermissions.js\";\nimport type { FolderPermission } from \"~/flp/flp.types.js\";\n\nexport class CheckNotInheritedPermissions implements ICheckNotInheritedPermissions {\n    execute(permissions: FolderPermission[]) {\n        return permissions.some(p => !p.inheritedFrom);\n    }\n}\n"],"names":["CheckNotInheritedPermissions","permissions","p"],"mappings":"AAGO,MAAMA;IACT,QAAQC,WAA+B,EAAE;QACrC,OAAOA,YAAY,IAAI,CAACC,CAAAA,IAAK,CAACA,EAAE,aAAa;IACjD;AACJ"}

package/features/flp/FolderLevelPermissions/useCases/CheckNotInheritedPermissions/ICheckNotInheritedPermissions.js

@@ -1,3 +0,0 @@
-export {};
-
-//# sourceMappingURL=ICheckNotInheritedPermissions.js.map

package/features/flp/FolderLevelPermissions/useCases/CheckNotInheritedPermissions/index.js

@@ -1,3 +1 @@
 export * from "./CheckNotInheritedPermissions.js";
-
-//# sourceMappingURL=index.js.map

package/features/flp/FolderLevelPermissions/useCases/GetDefaultPermissions/DefaultPermissionsMerger.js

@@ -1,70 +1,47 @@
-export class DefaultPermissionsMerger {
-  static merge(identity, identityPermissions, folderPermissions) {
-    // If the user has full access permission, add a specific "owner" permission to the list.
-    // This ensures the user has complete control over the folder.
-    const hasFullAccess = identityPermissions.some(p => p.name === "*");
-    if (hasFullAccess) {
-      return [{
-        target: `admin:${identity.id}`,
-        level: "owner",
-        inheritedFrom: "role:full-access"
-      },
-      // Remove any permissions related to the full access user,
-      // as these are always superseded by the "owner" permission defined above.
-      ...folderPermissions.filter(p => p.target !== `admin:${identity.id}`)];
+class DefaultPermissionsMerger {
+    static merge(identity, identityPermissions, folderPermissions) {
+        const hasFullAccess = identityPermissions.some((p)=>"*" === p.name);
+        if (hasFullAccess) return [
+            {
+                target: `admin:${identity.id}`,
+                level: "owner",
+                inheritedFrom: "role:full-access"
+            },
+            ...folderPermissions.filter((p)=>p.target !== `admin:${identity.id}`)
+        ];
+        if (0 === folderPermissions.length) return [
+            {
+                target: `admin:${identity.id}`,
+                level: "public",
+                inheritedFrom: "public"
+            }
+        ];
+        const currentAdminPermissions = folderPermissions.filter((p)=>p.target === `admin:${identity.id}`);
+        if (0 === currentAdminPermissions.length) return folderPermissions;
+        const noAccessPermission = currentAdminPermissions.find((p)=>"no-access" === p.level && p.target === `admin:${identity.id}`);
+        if (noAccessPermission) {
+            const filteredPermissions = folderPermissions.filter((p)=>p.target !== `admin:${identity.id}`);
+            return [
+                ...filteredPermissions,
+                noAccessPermission
+            ];
+        }
+        const [firstAdminPermission, ...restAdminPermissions] = currentAdminPermissions;
+        const resultPermission = restAdminPermissions.reduce((winner, current)=>{
+            const winnerInherits = winner.inheritedFrom?.startsWith("parent:");
+            const currentInherits = current.inheritedFrom?.startsWith("parent:");
+            if (winnerInherits && !currentInherits) return current;
+            if (currentInherits && !winnerInherits) return winner;
+            if ("owner" === current.level) return current;
+            if ("editor" === current.level && "viewer" === winner.level) return current;
+            return winner;
+        }, firstAdminPermission);
+        return [
+            resultPermission,
+            ...folderPermissions.filter((p)=>p.target !== `admin:${identity.id}`)
+        ];
     }
-    if (folderPermissions.length === 0) {
-      // No permissions provided. This means the folder is public.
-      // Add a specific "public" permission to the list to ensure the folder is accessible to everyone.
-      return [{
-        target: `admin:${identity.id}`,
-        level: "public",
-        inheritedFrom: "public"
-      }];
-    }
-
-    // If there are multiple `admin:${identity.id}` permissions in the array,
-    // we need to pick the one with the highest access level. We also remove
-    // other permissions for the same identity.
-
-    // Get permissions related to the current identity (admin).
-    const currentAdminPermissions = folderPermissions.filter(p => p.target === `admin:${identity.id}`);
-    if (currentAdminPermissions.length === 0) {
-      return folderPermissions;
-    }
-    const noAccessPermission = currentAdminPermissions.find(p => p.level === "no-access" && p.target === `admin:${identity.id}`);
-    if (noAccessPermission) {
-      // If one of the permissions is `no-access`, then we can immediately return it. This is
-      // because `no-access` is the ultimate level of access, and no other permission can override it.
-      // Remove all permissions for the current identity and add the winning one.
-      const filteredPermissions = folderPermissions.filter(p => p.target !== `admin:${identity.id}`);
-      return [...filteredPermissions, noAccessPermission];
-    }
-    const [firstAdminPermission, ...restAdminPermissions] = currentAdminPermissions;
-    const resultPermission = restAdminPermissions.reduce((winner, current) => {
-      const winnerInherits = winner.inheritedFrom?.startsWith("parent:");
-      const currentInherits = current.inheritedFrom?.startsWith("parent:");
-      if (winnerInherits && !currentInherits) {
-        return current;
-      }
-      if (currentInherits && !winnerInherits) {
-        return winner;
-      }
-
-      // At this point, we're either comparing two permissions with `inheritedFrom` or two without it.
-      // In other words, we're now at a point where we start comparing the levels (owner > editor > viewer).
-      if (current.level === "owner") {
-        return current;
-      }
-      if (current.level === "editor" && winner.level === "viewer") {
-        return current;
-      }
-      return winner;
-    }, firstAdminPermission);
-
-    // Remove all permissions for the current identity and add the winning one.
-    return [resultPermission, ...folderPermissions.filter(p => p.target !== `admin:${identity.id}`)];
-  }
 }
+export { DefaultPermissionsMerger };
 
 //# sourceMappingURL=DefaultPermissionsMerger.js.map

package/features/flp/FolderLevelPermissions/useCases/GetDefaultPermissions/DefaultPermissionsMerger.js.map

@@ -1 +1 @@
-{"version":3,"names":["DefaultPermissionsMerger","merge","identity","identityPermissions","folderPermissions","hasFullAccess","some","p","name","target","id","level","inheritedFrom","filter","length","currentAdminPermissions","noAccessPermission","find","filteredPermissions","firstAdminPermission","restAdminPermissions","resultPermission","reduce","winner","current","winnerInherits","startsWith","currentInherits"],"sources":["DefaultPermissionsMerger.ts"],"sourcesContent":["import { SecurityIdentity, SecurityPermission } from \"@webiny/api-core/types/security.js\";\nimport type { FolderAccessLevel, FolderPermission } from \"~/flp/flp.types.js\";\n\nexport class DefaultPermissionsMerger {\n    static merge(\n        identity: SecurityIdentity,\n        identityPermissions: SecurityPermission[],\n        folderPermissions: FolderPermission[]\n    ): FolderPermission[] {\n        // If the user has full access permission, add a specific \"owner\" permission to the list.\n        // This ensures the user has complete control over the folder.\n        const hasFullAccess = identityPermissions.some(p => p.name === \"*\");\n        if (hasFullAccess) {\n            return [\n                {\n                    target: `admin:${identity.id}`,\n                    level: \"owner\" as FolderAccessLevel,\n                    inheritedFrom: \"role:full-access\"\n                },\n\n                // Remove any permissions related to the full access user,\n                // as these are always superseded by the \"owner\" permission defined above.\n                ...folderPermissions.filter(p => p.target !== `admin:${identity.id}`)\n            ];\n        }\n\n        if (folderPermissions.length === 0) {\n            // No permissions provided. This means the folder is public.\n            // Add a specific \"public\" permission to the list to ensure the folder is accessible to everyone.\n            return [\n                {\n                    target: `admin:${identity.id}`,\n                    level: \"public\" as FolderAccessLevel,\n                    inheritedFrom: \"public\"\n                }\n            ];\n        }\n\n        // If there are multiple `admin:${identity.id}` permissions in the array,\n        // we need to pick the one with the highest access level. We also remove\n        // other permissions for the same identity.\n\n        // Get permissions related to the current identity (admin).\n        const currentAdminPermissions = folderPermissions.filter(\n            p => p.target === `admin:${identity.id}`\n        );\n\n        if (currentAdminPermissions.length === 0) {\n            return folderPermissions;\n        }\n\n        const noAccessPermission = currentAdminPermissions.find(\n            p => p.level === \"no-access\" && p.target === `admin:${identity.id}`\n        );\n\n        if (noAccessPermission) {\n            // If one of the permissions is `no-access`, then we can immediately return it. This is\n            // because `no-access` is the ultimate level of access, and no other permission can override it.\n            // Remove all permissions for the current identity and add the winning one.\n            const filteredPermissions = folderPermissions.filter(\n                p => p.target !== `admin:${identity.id}`\n            );\n\n            return [...filteredPermissions, noAccessPermission];\n        }\n\n        const [firstAdminPermission, ...restAdminPermissions] = currentAdminPermissions;\n\n        const resultPermission = restAdminPermissions.reduce((winner, current) => {\n            const winnerInherits = winner.inheritedFrom?.startsWith(\"parent:\");\n            const currentInherits = current.inheritedFrom?.startsWith(\"parent:\");\n\n            if (winnerInherits && !currentInherits) {\n                return current;\n            }\n            if (currentInherits && !winnerInherits) {\n                return winner;\n            }\n\n            // At this point, we're either comparing two permissions with `inheritedFrom` or two without it.\n            // In other words, we're now at a point where we start comparing the levels (owner > editor > viewer).\n            if (current.level === \"owner\") {\n                return current;\n            }\n\n            if (current.level === \"editor\" && winner.level === \"viewer\") {\n                return current;\n            }\n\n            return winner;\n        }, firstAdminPermission);\n\n        // Remove all permissions for the current identity and add the winning one.\n        return [\n            resultPermission,\n            ...folderPermissions.filter(p => p.target !== `admin:${identity.id}`)\n        ];\n    }\n}\n"],"mappings":"AAGA,OAAO,MAAMA,wBAAwB,CAAC;EAClC,OAAOC,KAAKA,CACRC,QAA0B,EAC1BC,mBAAyC,EACzCC,iBAAqC,EACnB;IAClB;IACA;IACA,MAAMC,aAAa,GAAGF,mBAAmB,CAACG,IAAI,CAACC,CAAC,IAAIA,CAAC,CAACC,IAAI,KAAK,GAAG,CAAC;IACnE,IAAIH,aAAa,EAAE;MACf,OAAO,CACH;QACII,MAAM,EAAE,SAASP,QAAQ,CAACQ,EAAE,EAAE;QAC9BC,KAAK,EAAE,OAA4B;QACnCC,aAAa,EAAE;MACnB,CAAC;MAED;MACA;MACA,GAAGR,iBAAiB,CAACS,MAAM,CAACN,CAAC,IAAIA,CAAC,CAACE,MAAM,KAAK,SAASP,QAAQ,CAACQ,EAAE,EAAE,CAAC,CACxE;IACL;IAEA,IAAIN,iBAAiB,CAACU,MAAM,KAAK,CAAC,EAAE;MAChC;MACA;MACA,OAAO,CACH;QACIL,MAAM,EAAE,SAASP,QAAQ,CAACQ,EAAE,EAAE;QAC9BC,KAAK,EAAE,QAA6B;QACpCC,aAAa,EAAE;MACnB,CAAC,CACJ;IACL;;IAEA;IACA;IACA;;IAEA;IACA,MAAMG,uBAAuB,GAAGX,iBAAiB,CAACS,MAAM,CACpDN,CAAC,IAAIA,CAAC,CAACE,MAAM,KAAK,SAASP,QAAQ,CAACQ,EAAE,EAC1C,CAAC;IAED,IAAIK,uBAAuB,CAACD,MAAM,KAAK,CAAC,EAAE;MACtC,OAAOV,iBAAiB;IAC5B;IAEA,MAAMY,kBAAkB,GAAGD,uBAAuB,CAACE,IAAI,CACnDV,CAAC,IAAIA,CAAC,CAACI,KAAK,KAAK,WAAW,IAAIJ,CAAC,CAACE,MAAM,KAAK,SAASP,QAAQ,CAACQ,EAAE,EACrE,CAAC;IAED,IAAIM,kBAAkB,EAAE;MACpB;MACA;MACA;MACA,MAAME,mBAAmB,GAAGd,iBAAiB,CAACS,MAAM,CAChDN,CAAC,IAAIA,CAAC,CAACE,MAAM,KAAK,SAASP,QAAQ,CAACQ,EAAE,EAC1C,CAAC;MAED,OAAO,CAAC,GAAGQ,mBAAmB,EAAEF,kBAAkB,CAAC;IACvD;IAEA,MAAM,CAACG,oBAAoB,EAAE,GAAGC,oBAAoB,CAAC,GAAGL,uBAAuB;IAE/E,MAAMM,gBAAgB,GAAGD,oBAAoB,CAACE,MAAM,CAAC,CAACC,MAAM,EAAEC,OAAO,KAAK;MACtE,MAAMC,cAAc,GAAGF,MAAM,CAACX,aAAa,EAAEc,UAAU,CAAC,SAAS,CAAC;MAClE,MAAMC,eAAe,GAAGH,OAAO,CAACZ,aAAa,EAAEc,UAAU,CAAC,SAAS,CAAC;MAEpE,IAAID,cAAc,IAAI,CAACE,eAAe,EAAE;QACpC,OAAOH,OAAO;MAClB;MACA,IAAIG,eAAe,IAAI,CAACF,cAAc,EAAE;QACpC,OAAOF,MAAM;MACjB;;MAEA;MACA;MACA,IAAIC,OAAO,CAACb,KAAK,KAAK,OAAO,EAAE;QAC3B,OAAOa,OAAO;MAClB;MAEA,IAAIA,OAAO,CAACb,KAAK,KAAK,QAAQ,IAAIY,MAAM,CAACZ,KAAK,KAAK,QAAQ,EAAE;QACzD,OAAOa,OAAO;MAClB;MAEA,OAAOD,MAAM;IACjB,CAAC,EAAEJ,oBAAoB,CAAC;;IAExB;IACA,OAAO,CACHE,gBAAgB,EAChB,GAAGjB,iBAAiB,CAACS,MAAM,CAACN,CAAC,IAAIA,CAAC,CAACE,MAAM,KAAK,SAASP,QAAQ,CAACQ,EAAE,EAAE,CAAC,CACxE;EACL;AACJ","ignoreList":[]}
+{"version":3,"file":"features/flp/FolderLevelPermissions/useCases/GetDefaultPermissions/DefaultPermissionsMerger.js","sources":["../../../../../../src/features/flp/FolderLevelPermissions/useCases/GetDefaultPermissions/DefaultPermissionsMerger.ts"],"sourcesContent":["import { SecurityIdentity, SecurityPermission } from \"@webiny/api-core/types/security.js\";\nimport type { FolderAccessLevel, FolderPermission } from \"~/flp/flp.types.js\";\n\nexport class DefaultPermissionsMerger {\n    static merge(\n        identity: SecurityIdentity,\n        identityPermissions: SecurityPermission[],\n        folderPermissions: FolderPermission[]\n    ): FolderPermission[] {\n        // If the user has full access permission, add a specific \"owner\" permission to the list.\n        // This ensures the user has complete control over the folder.\n        const hasFullAccess = identityPermissions.some(p => p.name === \"*\");\n        if (hasFullAccess) {\n            return [\n                {\n                    target: `admin:${identity.id}`,\n                    level: \"owner\" as FolderAccessLevel,\n                    inheritedFrom: \"role:full-access\"\n                },\n\n                // Remove any permissions related to the full access user,\n                // as these are always superseded by the \"owner\" permission defined above.\n                ...folderPermissions.filter(p => p.target !== `admin:${identity.id}`)\n            ];\n        }\n\n        if (folderPermissions.length === 0) {\n            // No permissions provided. This means the folder is public.\n            // Add a specific \"public\" permission to the list to ensure the folder is accessible to everyone.\n            return [\n                {\n                    target: `admin:${identity.id}`,\n                    level: \"public\" as FolderAccessLevel,\n                    inheritedFrom: \"public\"\n                }\n            ];\n        }\n\n        // If there are multiple `admin:${identity.id}` permissions in the array,\n        // we need to pick the one with the highest access level. We also remove\n        // other permissions for the same identity.\n\n        // Get permissions related to the current identity (admin).\n        const currentAdminPermissions = folderPermissions.filter(\n            p => p.target === `admin:${identity.id}`\n        );\n\n        if (currentAdminPermissions.length === 0) {\n            return folderPermissions;\n        }\n\n        const noAccessPermission = currentAdminPermissions.find(\n            p => p.level === \"no-access\" && p.target === `admin:${identity.id}`\n        );\n\n        if (noAccessPermission) {\n            // If one of the permissions is `no-access`, then we can immediately return it. This is\n            // because `no-access` is the ultimate level of access, and no other permission can override it.\n            // Remove all permissions for the current identity and add the winning one.\n            const filteredPermissions = folderPermissions.filter(\n                p => p.target !== `admin:${identity.id}`\n            );\n\n            return [...filteredPermissions, noAccessPermission];\n        }\n\n        const [firstAdminPermission, ...restAdminPermissions] = currentAdminPermissions;\n\n        const resultPermission = restAdminPermissions.reduce((winner, current) => {\n            const winnerInherits = winner.inheritedFrom?.startsWith(\"parent:\");\n            const currentInherits = current.inheritedFrom?.startsWith(\"parent:\");\n\n            if (winnerInherits && !currentInherits) {\n                return current;\n            }\n            if (currentInherits && !winnerInherits) {\n                return winner;\n            }\n\n            // At this point, we're either comparing two permissions with `inheritedFrom` or two without it.\n            // In other words, we're now at a point where we start comparing the levels (owner > editor > viewer).\n            if (current.level === \"owner\") {\n                return current;\n            }\n\n            if (current.level === \"editor\" && winner.level === \"viewer\") {\n                return current;\n            }\n\n            return winner;\n        }, firstAdminPermission);\n\n        // Remove all permissions for the current identity and add the winning one.\n        return [\n            resultPermission,\n            ...folderPermissions.filter(p => p.target !== `admin:${identity.id}`)\n        ];\n    }\n}\n"],"names":["DefaultPermissionsMerger","identity","identityPermissions","folderPermissions","hasFullAccess","p","currentAdminPermissions","noAccessPermission","filteredPermissions","firstAdminPermission","restAdminPermissions","resultPermission","winner","current","winnerInherits","currentInherits"],"mappings":"AAGO,MAAMA;IACT,OAAO,MACHC,QAA0B,EAC1BC,mBAAyC,EACzCC,iBAAqC,EACnB;QAGlB,MAAMC,gBAAgBF,oBAAoB,IAAI,CAACG,CAAAA,IAAKA,AAAW,QAAXA,EAAE,IAAI;QAC1D,IAAID,eACA,OAAO;YACH;gBACI,QAAQ,CAAC,MAAM,EAAEH,SAAS,EAAE,EAAE;gBAC9B,OAAO;gBACP,eAAe;YACnB;eAIGE,kBAAkB,MAAM,CAACE,CAAAA,IAAKA,EAAE,MAAM,KAAK,CAAC,MAAM,EAAEJ,SAAS,EAAE,EAAE;SACvE;QAGL,IAAIE,AAA6B,MAA7BA,kBAAkB,MAAM,EAGxB,OAAO;YACH;gBACI,QAAQ,CAAC,MAAM,EAAEF,SAAS,EAAE,EAAE;gBAC9B,OAAO;gBACP,eAAe;YACnB;SACH;QAQL,MAAMK,0BAA0BH,kBAAkB,MAAM,CACpDE,CAAAA,IAAKA,EAAE,MAAM,KAAK,CAAC,MAAM,EAAEJ,SAAS,EAAE,EAAE;QAG5C,IAAIK,AAAmC,MAAnCA,wBAAwB,MAAM,EAC9B,OAAOH;QAGX,MAAMI,qBAAqBD,wBAAwB,IAAI,CACnDD,CAAAA,IAAKA,AAAY,gBAAZA,EAAE,KAAK,IAAoBA,EAAE,MAAM,KAAK,CAAC,MAAM,EAAEJ,SAAS,EAAE,EAAE;QAGvE,IAAIM,oBAAoB;YAIpB,MAAMC,sBAAsBL,kBAAkB,MAAM,CAChDE,CAAAA,IAAKA,EAAE,MAAM,KAAK,CAAC,MAAM,EAAEJ,SAAS,EAAE,EAAE;YAG5C,OAAO;mBAAIO;gBAAqBD;aAAmB;QACvD;QAEA,MAAM,CAACE,sBAAsB,GAAGC,qBAAqB,GAAGJ;QAExD,MAAMK,mBAAmBD,qBAAqB,MAAM,CAAC,CAACE,QAAQC;YAC1D,MAAMC,iBAAiBF,OAAO,aAAa,EAAE,WAAW;YACxD,MAAMG,kBAAkBF,QAAQ,aAAa,EAAE,WAAW;YAE1D,IAAIC,kBAAkB,CAACC,iBACnB,OAAOF;YAEX,IAAIE,mBAAmB,CAACD,gBACpB,OAAOF;YAKX,IAAIC,AAAkB,YAAlBA,QAAQ,KAAK,EACb,OAAOA;YAGX,IAAIA,AAAkB,aAAlBA,QAAQ,KAAK,IAAiBD,AAAiB,aAAjBA,OAAO,KAAK,EAC1C,OAAOC;YAGX,OAAOD;QACX,GAAGH;QAGH,OAAO;YACHE;eACGR,kBAAkB,MAAM,CAACE,CAAAA,IAAKA,EAAE,MAAM,KAAK,CAAC,MAAM,EAAEJ,SAAS,EAAE,EAAE;SACvE;IACL;AACJ"}

package/features/flp/FolderLevelPermissions/useCases/GetDefaultPermissions/GetDefaultPermissions.js

@@ -1,13 +1,14 @@
 import { DefaultPermissionsMerger } from "./DefaultPermissionsMerger.js";
-export class GetDefaultPermissions {
-  constructor(identityContext) {
-    this.identityContext = identityContext;
-  }
-  async execute(permissions) {
-    const identity = this.identityContext.getIdentity();
-    const identityPermissions = await this.identityContext.listPermissions();
-    return DefaultPermissionsMerger.merge(identity, identityPermissions, permissions);
-  }
+class GetDefaultPermissions {
+    constructor(identityContext){
+        this.identityContext = identityContext;
+    }
+    async execute(permissions) {
+        const identity = this.identityContext.getIdentity();
+        const identityPermissions = await this.identityContext.listPermissions();
+        return DefaultPermissionsMerger.merge(identity, identityPermissions, permissions);
+    }
 }
+export { GetDefaultPermissions };
 
 //# sourceMappingURL=GetDefaultPermissions.js.map

package/features/flp/FolderLevelPermissions/useCases/GetDefaultPermissions/GetDefaultPermissions.js.map

@@ -1 +1 @@
-{"version":3,"names":["DefaultPermissionsMerger","GetDefaultPermissions","constructor","identityContext","execute","permissions","identity","getIdentity","identityPermissions","listPermissions","merge"],"sources":["GetDefaultPermissions.ts"],"sourcesContent":["import type { IdentityContext } from \"@webiny/api-core/features/security/IdentityContext/index.js\";\nimport type { IGetDefaultPermissions } from \"./IGetDefaultPermissions.js\";\nimport type { FolderPermission } from \"~/flp/flp.types.js\";\nimport { DefaultPermissionsMerger } from \"./DefaultPermissionsMerger.js\";\n\nexport class GetDefaultPermissions implements IGetDefaultPermissions {\n    constructor(private identityContext: IdentityContext.Interface) {}\n\n    async execute(permissions: FolderPermission[]) {\n        const identity = this.identityContext.getIdentity();\n        const identityPermissions = await this.identityContext.listPermissions();\n\n        return DefaultPermissionsMerger.merge(identity, identityPermissions, permissions);\n    }\n}\n"],"mappings":"AAGA,SAASA,wBAAwB;AAEjC,OAAO,MAAMC,qBAAqB,CAAmC;EACjEC,WAAWA,CAASC,eAA0C,EAAE;IAAA,KAA5CA,eAA0C,GAA1CA,eAA0C;EAAG;EAEjE,MAAMC,OAAOA,CAACC,WAA+B,EAAE;IAC3C,MAAMC,QAAQ,GAAG,IAAI,CAACH,eAAe,CAACI,WAAW,CAAC,CAAC;IACnD,MAAMC,mBAAmB,GAAG,MAAM,IAAI,CAACL,eAAe,CAACM,eAAe,CAAC,CAAC;IAExE,OAAOT,wBAAwB,CAACU,KAAK,CAACJ,QAAQ,EAAEE,mBAAmB,EAAEH,WAAW,CAAC;EACrF;AACJ","ignoreList":[]}
+{"version":3,"file":"features/flp/FolderLevelPermissions/useCases/GetDefaultPermissions/GetDefaultPermissions.js","sources":["../../../../../../src/features/flp/FolderLevelPermissions/useCases/GetDefaultPermissions/GetDefaultPermissions.ts"],"sourcesContent":["import type { IdentityContext } from \"@webiny/api-core/features/security/IdentityContext/index.js\";\nimport type { IGetDefaultPermissions } from \"./IGetDefaultPermissions.js\";\nimport type { FolderPermission } from \"~/flp/flp.types.js\";\nimport { DefaultPermissionsMerger } from \"./DefaultPermissionsMerger.js\";\n\nexport class GetDefaultPermissions implements IGetDefaultPermissions {\n    constructor(private identityContext: IdentityContext.Interface) {}\n\n    async execute(permissions: FolderPermission[]) {\n        const identity = this.identityContext.getIdentity();\n        const identityPermissions = await this.identityContext.listPermissions();\n\n        return DefaultPermissionsMerger.merge(identity, identityPermissions, permissions);\n    }\n}\n"],"names":["GetDefaultPermissions","identityContext","permissions","identity","identityPermissions","DefaultPermissionsMerger"],"mappings":";AAKO,MAAMA;IACT,YAAoBC,eAA0C,CAAE;aAA5CA,eAAe,GAAfA;IAA6C;IAEjE,MAAM,QAAQC,WAA+B,EAAE;QAC3C,MAAMC,WAAW,IAAI,CAAC,eAAe,CAAC,WAAW;QACjD,MAAMC,sBAAsB,MAAM,IAAI,CAAC,eAAe,CAAC,eAAe;QAEtE,OAAOC,yBAAyB,KAAK,CAACF,UAAUC,qBAAqBF;IACzE;AACJ"}

package/features/flp/FolderLevelPermissions/useCases/GetDefaultPermissions/GetDefaultPermissionsWithTeams.js

@@ -1,38 +1,27 @@
-export class GetDefaultPermissionsWithTeams {
-  constructor(identityContext, listUserTeamsUseCase, decoretee) {
-    this.identityContext = identityContext;
-    this.listUserTeamsUseCase = listUserTeamsUseCase;
-    this.decoretee = decoretee;
-  }
-  async execute(originalPermissions) {
-    /**
-     * Retrieves the list of teams the current identity belongs to and checks if any of these teams
-     * have permissions for the folder. If a team has permissions, the current identity is granted
-     * the same permissions, inheriting them from the team.
-     */
-    const identity = this.identityContext.getIdentity();
-
-    // Get teams for current identity
-    const listTeamsResult = await this.listUserTeamsUseCase.execute(identity.id);
-    const identityTeams = listTeamsResult.isOk() ? listTeamsResult.value : [];
-    const permissions = [...originalPermissions]; // Clone the original permissions to avoid mutation.
-
-    if (identity && identityTeams.length) {
-      for (const identityTeam of identityTeams) {
-        // Check if the team has permissions for the folder.
-        const teamPermission = permissions.find(p => p.target === `team:${identityTeam.slug}`);
-        if (teamPermission) {
-          // Grant the current identity the same permissions as the team, marking them as inherited.
-          permissions.push({
-            target: `admin:${identity.id}`,
-            level: teamPermission.level,
-            inheritedFrom: "team:" + identityTeam.slug
-          });
+class GetDefaultPermissionsWithTeams {
+    constructor(identityContext, listUserTeamsUseCase, decoretee){
+        this.identityContext = identityContext;
+        this.listUserTeamsUseCase = listUserTeamsUseCase;
+        this.decoretee = decoretee;
+    }
+    async execute(originalPermissions) {
+        const identity = this.identityContext.getIdentity();
+        const listTeamsResult = await this.listUserTeamsUseCase.execute(identity.id);
+        const identityTeams = listTeamsResult.isOk() ? listTeamsResult.value : [];
+        const permissions = [
+            ...originalPermissions
+        ];
+        if (identity && identityTeams.length) for (const identityTeam of identityTeams){
+            const teamPermission = permissions.find((p)=>p.target === `team:${identityTeam.slug}`);
+            if (teamPermission) permissions.push({
+                target: `admin:${identity.id}`,
+                level: teamPermission.level,
+                inheritedFrom: "team:" + identityTeam.slug
+            });
         }
-      }
+        return await this.decoretee.execute(permissions);
     }
-    return await this.decoretee.execute(permissions);
-  }
 }
+export { GetDefaultPermissionsWithTeams };
 
 //# sourceMappingURL=GetDefaultPermissionsWithTeams.js.map