@webiny/api-headless-cms 0.0.0-unstable.aa00eecd97 → 0.0.0-unstable.acacc54f0e

package/crud/contentEntry.crud.js

@@ -17,12 +17,11 @@ var _beforeCreate = require("./contentEntry/beforeCreate");
 var _beforeUpdate = require("./contentEntry/beforeUpdate");
 var _afterDelete = require("./contentEntry/afterDelete");
 var _referenceFieldsMapping = require("./contentEntry/referenceFieldsMapping");
-var _permissions = require("../utils/permissions");
-var _access = require("../utils/access");
-var _ownership = require("../utils/ownership");
 var _entryStorage = require("../utils/entryStorage");
 var _searchableFields = require("./contentEntry/searchableFields");
 var _filterAsync = require("../utils/filterAsync");
+var _apiSecurity = require("@webiny/api-security/");
+var _constants = require("../constants");
 const STATUS_DRAFT = _types.CONTENT_ENTRY_STATUS.DRAFT;
 exports.STATUS_DRAFT = STATUS_DRAFT;
 const STATUS_PUBLISHED = _types.CONTENT_ENTRY_STATUS.PUBLISHED;
@@ -171,9 +170,19 @@ const allowedEntryStatus = ["draft", "published", "unpublished"];
 const transformEntryStatus = status => {
   return allowedEntryStatus.includes(status) ? status : "draft";
 };
+const createSort = sort => {
+  if (!Array.isArray(sort)) {
+    return ["createdOn_DESC"];
+  } else if (sort.filter(s => !!s).length === 0) {
+    return ["createdOn_DESC"];
+  }
+  return sort;
+};
 const createContentEntryCrud = params => {
   const {
     storageOperations,
+    entriesPermissions,
+    modelsPermissions,
     context,
     getIdentity,
     getTenant,
@@ -209,6 +218,13 @@ const createContentEntryCrud = params => {
   const onEntryAfterUpdate = (0, _pubsub.createTopic)("cms.onEntryAfterUpdate");
   const onEntryUpdateError = (0, _pubsub.createTopic)("cms.onEntryUpdateError");
 
+  /**
+   * Move
+   */
+  const onEntryBeforeMove = (0, _pubsub.createTopic)("cms.onEntryBeforeMove");
+  const onEntryAfterMove = (0, _pubsub.createTopic)("cms.onEntryAfterMove");
+  const onEntryMoveError = (0, _pubsub.createTopic)("cms.onEntryMoveError");
+
   /**
    * Publish
    */
@@ -275,9 +291,6 @@ const createContentEntryCrud = params => {
     context,
     onEntryAfterDelete
   });
-  const checkEntryPermissions = check => {
-    return (0, _permissions.checkPermissions)(context, "cms.contentEntry", check);
-  };
 
   /**
    * A helper to delete the entire entry.
@@ -317,14 +330,23 @@ const createContentEntryCrud = params => {
    */
   const getEntriesByIds = async (model, ids) => {
     return context.benchmark.measure("headlessCms.crud.entries.getEntriesByIds", async () => {
-      const permission = await checkEntryPermissions({
+      await entriesPermissions.ensure({
         rwd: "r"
       });
-      await (0, _access.checkModelAccess)(context, model);
+      await modelsPermissions.ensureCanAccessModel({
+        model,
+        locale: getLocale().code
+      });
       const entries = await storageOperations.entries.getByIds(model, {
         ids
       });
-      return entries.filter(entry => (0, _ownership.validateOwnership)(context, permission, entry));
+      return (0, _filterAsync.filterAsync)(entries, async entry => {
+        return entriesPermissions.ensure({
+          owns: entry.createdBy
+        }, {
+          throw: false
+        });
+      });
     });
   };
   const getEntryById = async (model, id) => {
@@ -342,27 +364,45 @@ const createContentEntryCrud = params => {
     return entry;
   };
   const getPublishedEntriesByIds = async (model, ids) => {
-    const permission = await checkEntryPermissions({
+    await entriesPermissions.ensure({
       rwd: "r"
     });
-    await (0, _access.checkModelAccess)(context, model);
+    await modelsPermissions.ensureCanAccessModel({
+      model,
+      locale: getLocale().code
+    });
     const entries = await storageOperations.entries.getPublishedByIds(model, {
       ids
     });
-    return entries.filter(entry => (0, _ownership.validateOwnership)(context, permission, entry));
+    return (0, _filterAsync.filterAsync)(entries, async entry => {
+      return entriesPermissions.ensure({
+        owns: entry.createdBy
+      }, {
+        throw: false
+      });
+    });
   };
   const getLatestEntriesByIds = async (model, ids) => {
-    const permission = await checkEntryPermissions({
+    await entriesPermissions.ensure({
       rwd: "r"
     });
-    await (0, _access.checkModelAccess)(context, model);
+    await modelsPermissions.ensureCanAccessModel({
+      model,
+      locale: getLocale().code
+    });
     const entries = await storageOperations.entries.getLatestByIds(model, {
       ids
     });
-    return entries.filter(entry => (0, _ownership.validateOwnership)(context, permission, entry));
+    return (0, _filterAsync.filterAsync)(entries, async entry => {
+      return entriesPermissions.ensure({
+        owns: entry.createdBy
+      }, {
+        throw: false
+      });
+    });
   };
   const getEntry = async (model, params) => {
-    await checkEntryPermissions({
+    await entriesPermissions.ensure({
       rwd: "r"
     });
     const {
@@ -390,10 +430,21 @@ const createContentEntryCrud = params => {
     });
   };
   const listEntries = async (model, params) => {
-    const permission = await checkEntryPermissions({
-      rwd: "r"
+    try {
+      await entriesPermissions.ensure({
+        rwd: "r"
+      });
+    } catch {
+      throw new _apiSecurity.NotAuthorizedError({
+        data: {
+          reason: 'Not allowed to perform "read" on "cms.contentEntry".'
+        }
+      });
+    }
+    await modelsPermissions.ensureCanAccessModel({
+      model,
+      locale: getLocale().code
     });
-    await (0, _access.checkModelAccess)(context, model);
     const {
       where: initialWhere,
       limit: initialLimit
@@ -404,10 +455,10 @@ const createContentEntryCrud = params => {
      * Possibly only get records which are owned by current user.
      * Or if searching for the owner set that value - in the case that user can see other entries than their own.
      */
-    const ownedBy = permission.own ? getIdentity().id : where.ownedBy;
-    if (ownedBy !== undefined) {
-      where.ownedBy = ownedBy;
+    if (await entriesPermissions.canAccessOnlyOwnRecords()) {
+      where.ownedBy = getIdentity().id;
     }
+
     /**
      * Where must contain either latest or published keys.
      * We cannot list entries without one of those
@@ -437,6 +488,7 @@ const createContentEntryCrud = params => {
         cursor,
         items
       } = await storageOperations.entries.list(model, (0, _objectSpread2.default)((0, _objectSpread2.default)({}, params), {}, {
+        sort: createSort(params.sort),
         limit,
         where,
         fields
@@ -465,10 +517,14 @@ const createContentEntryCrud = params => {
     }
   };
   const createEntry = async (model, inputData) => {
-    await checkEntryPermissions({
+    var _inputData$wbyAco_loc;
+    await entriesPermissions.ensure({
       rwd: "w"
     });
-    await (0, _access.checkModelAccess)(context, model);
+    await modelsPermissions.ensureCanAccessModel({
+      model,
+      locale: getLocale().code
+    });
 
     /**
      * Make sure we only work with fields that are defined in the model.
@@ -511,7 +567,10 @@ const createContentEntryCrud = params => {
       version,
       locked: false,
       status: STATUS_DRAFT,
-      values: input
+      values: input,
+      location: {
+        folderId: ((_inputData$wbyAco_loc = inputData.wbyAco_location) === null || _inputData$wbyAco_loc === void 0 ? void 0 : _inputData$wbyAco_loc.folderId) || _constants.ROOT_FOLDER
+      }
     };
     let storageEntry = null;
     try {
@@ -548,10 +607,13 @@ const createContentEntryCrud = params => {
     }
   };
   const createEntryRevisionFrom = async (model, sourceId, inputData) => {
-    const permission = await checkEntryPermissions({
+    await entriesPermissions.ensure({
       rwd: "w"
     });
-    await (0, _access.checkModelAccess)(context, model);
+    await modelsPermissions.ensureCanAccessModel({
+      model,
+      locale: getLocale().code
+    });
 
     /**
      * Make sure we only work with fields that are defined in the model.
@@ -591,7 +653,9 @@ const createContentEntryCrud = params => {
       input: initialValues,
       validateEntries: false
     });
-    (0, _ownership.checkOwnership)(context, permission, originalEntry);
+    await entriesPermissions.ensure({
+      owns: originalEntry.createdBy
+    });
     const identity = getIdentity();
     const latestId = latestStorageEntry ? latestStorageEntry.id : sourceId;
     const {
@@ -653,10 +717,14 @@ const createContentEntryCrud = params => {
     }
   };
   const updateEntry = async (model, id, inputData, metaInput) => {
-    const permission = await checkEntryPermissions({
+    var _inputData$wbyAco_loc2;
+    await entriesPermissions.ensure({
       rwd: "w"
     });
-    await (0, _access.checkModelAccess)(context, model);
+    await modelsPermissions.ensureCanAccessModel({
+      model,
+      locale: getLocale().code
+    });
 
     /**
      * Make sure we only work with fields that are defined in the model.
@@ -682,7 +750,9 @@ const createContentEntryCrud = params => {
       data: input,
       entry: originalEntry
     });
-    (0, _ownership.checkOwnership)(context, permission, originalEntry);
+    await entriesPermissions.ensure({
+      owns: originalEntry.createdBy
+    });
     const initialValues = (0, _objectSpread2.default)((0, _objectSpread2.default)({}, originalEntry.values), input);
     const values = await (0, _referenceFieldsMapping.referenceFieldsMapping)({
       context,
@@ -704,6 +774,12 @@ const createContentEntryCrud = params => {
       meta,
       status: transformEntryStatus(originalEntry.status)
     });
+    const folderId = (_inputData$wbyAco_loc2 = inputData.wbyAco_location) === null || _inputData$wbyAco_loc2 === void 0 ? void 0 : _inputData$wbyAco_loc2.folderId;
+    if (folderId) {
+      entry.location = {
+        folderId
+      };
+    }
     let storageEntry = null;
     try {
       await onEntryBeforeUpdate.publish({
@@ -741,11 +817,59 @@ const createContentEntryCrud = params => {
       });
     }
   };
+  const moveEntry = async (model, id, folderId) => {
+    await entriesPermissions.ensure({
+      rwd: "w"
+    });
+    await modelsPermissions.ensureCanAccessModel({
+      model,
+      locale: getLocale().code
+    });
+    /**
+     * The entry we are going to move to another folder.
+     */
+    const originalStorageEntry = await storageOperations.entries.getRevisionById(model, {
+      id
+    });
+    if (!originalStorageEntry) {
+      throw new _handlerGraphql.NotFoundError(`Entry "${id}" of model "${model.modelId}" was not found.`);
+    }
+    const entry = await (0, _entryStorage.entryFromStorageTransform)(context, model, originalStorageEntry);
+    try {
+      await onEntryBeforeMove.publish({
+        entry,
+        model,
+        folderId
+      });
+      await storageOperations.entries.move(model, id, folderId);
+      await onEntryAfterMove.publish({
+        entry,
+        model,
+        folderId
+      });
+      return entry;
+    } catch (ex) {
+      await onEntryMoveError.publish({
+        entry,
+        model,
+        folderId,
+        error: ex
+      });
+      throw _error.default.from(ex, {
+        message: `Could not move entry "${id}" of model "${model.modelId}".`,
+        code: "MOVE_ENTRY_ERROR"
+      });
+    }
+  };
   const republishEntry = async (model, id) => {
-    await checkEntryPermissions({
+    await entriesPermissions.ensure({
       rwd: "w"
     });
-    await (0, _access.checkModelAccess)(context, model);
+    await modelsPermissions.ensureCanAccessModel({
+      model,
+      locale: getLocale().code
+    });
+
     /**
      * Fetch the entry from the storage.
      */
@@ -820,10 +944,13 @@ const createContentEntryCrud = params => {
     }
   };
   const deleteEntryRevision = async (model, revisionId) => {
-    const permission = await checkEntryPermissions({
+    await entriesPermissions.ensure({
       rwd: "d"
     });
-    await (0, _access.checkModelAccess)(context, model);
+    await modelsPermissions.ensureCanAccessModel({
+      model,
+      locale: getLocale().code
+    });
     const {
       id: entryId,
       version
@@ -841,7 +968,9 @@ const createContentEntryCrud = params => {
     if (!storageEntryToDelete) {
       throw new _handlerGraphql.NotFoundError(`Entry "${revisionId}" was not found!`);
     }
-    (0, _ownership.checkOwnership)(context, permission, storageEntryToDelete);
+    await entriesPermissions.ensure({
+      owns: storageEntryToDelete.createdBy
+    });
     const latestEntryRevisionId = latestStorageEntry ? latestStorageEntry.id : null;
     const entryToDelete = await (0, _entryStorage.entryFromStorageTransform)(context, model, storageEntryToDelete);
     /**
@@ -911,10 +1040,13 @@ const createContentEntryCrud = params => {
         entries: ids
       });
     }
-    const permission = await checkEntryPermissions({
+    await entriesPermissions.ensure({
       rwd: "d"
     });
-    await (0, _access.checkModelAccess)(context, model);
+    await modelsPermissions.ensureCanAccessModel({
+      model,
+      locale: getLocale().code
+    });
     const {
       items: entries
     } = await storageOperations.entries.list(model, {
@@ -928,7 +1060,11 @@ const createContentEntryCrud = params => {
      * We do not want to allow deleting entries that user does not own or cannot access.
      */
     const items = (await (0, _filterAsync.filterAsync)(entries, async entry => {
-      return (0, _ownership.validateOwnership)(context, permission, entry);
+      return entriesPermissions.ensure({
+        owns: entry.createdBy
+      }, {
+        throw: false
+      });
     })).map(entry => entry.id);
     try {
       await onEntryBeforeDeleteMultiple.publish({
@@ -963,10 +1099,13 @@ const createContentEntryCrud = params => {
     }
   };
   const deleteEntry = async (model, id, options) => {
-    const permission = await checkEntryPermissions({
+    await entriesPermissions.ensure({
       rwd: "d"
     });
-    await (0, _access.checkModelAccess)(context, model);
+    await modelsPermissions.ensureCanAccessModel({
+      model,
+      locale: getLocale().code
+    });
     const {
       force
     } = options || {};
@@ -998,7 +1137,9 @@ const createContentEntryCrud = params => {
         }
       });
     }
-    (0, _ownership.checkOwnership)(context, permission, storageEntry);
+    await entriesPermissions.ensure({
+      owns: storageEntry.createdBy
+    });
     const entry = await (0, _entryStorage.entryFromStorageTransform)(context, model, storageEntry);
     return await deleteEntryHelper({
       model,
@@ -1006,17 +1147,22 @@ const createContentEntryCrud = params => {
     });
   };
   const publishEntry = async (model, id) => {
-    const permission = await checkEntryPermissions({
+    await entriesPermissions.ensure({
       pw: "p"
     });
-    await (0, _access.checkModelAccess)(context, model);
+    await modelsPermissions.ensureCanAccessModel({
+      model,
+      locale: getLocale().code
+    });
     const originalStorageEntry = await storageOperations.entries.getRevisionById(model, {
       id
     });
     if (!originalStorageEntry) {
       throw new _handlerGraphql.NotFoundError(`Entry "${id}" in the model "${model.modelId}" was not found.`);
     }
-    (0, _ownership.checkOwnership)(context, permission, originalStorageEntry);
+    await entriesPermissions.ensure({
+      owns: originalStorageEntry.createdBy
+    });
     const originalEntry = await (0, _entryStorage.entryFromStorageTransform)(context, model, originalStorageEntry);
     const currentDate = new Date().toISOString();
     const entry = (0, _objectSpread2.default)((0, _objectSpread2.default)({}, originalEntry), {}, {
@@ -1058,7 +1204,7 @@ const createContentEntryCrud = params => {
     }
   };
   const unpublishEntry = async (model, id) => {
-    const permission = await checkEntryPermissions({
+    await entriesPermissions.ensure({
       pw: "u"
     });
     const {
@@ -1075,7 +1221,9 @@ const createContentEntryCrud = params => {
         entry: originalStorageEntry
       });
     }
-    (0, _ownership.checkOwnership)(context, permission, originalStorageEntry);
+    await entriesPermissions.ensure({
+      owns: originalStorageEntry.createdBy
+    });
     const originalEntry = await (0, _entryStorage.entryFromStorageTransform)(context, model, originalStorageEntry);
     const entry = (0, _objectSpread2.default)((0, _objectSpread2.default)({}, originalEntry), {}, {
       status: STATUS_UNPUBLISHED
@@ -1112,10 +1260,13 @@ const createContentEntryCrud = params => {
     }
   };
   const getUniqueFieldValues = async (model, params) => {
-    const permission = await checkEntryPermissions({
+    await entriesPermissions.ensure({
       rwd: "r"
     });
-    await (0, _access.checkModelAccess)(context, model);
+    await modelsPermissions.ensureCanAccessModel({
+      model,
+      locale: getLocale().code
+    });
     const {
       where: initialWhere,
       fieldId
@@ -1125,10 +1276,10 @@ const createContentEntryCrud = params => {
      * Possibly only get records which are owned by current user.
      * Or if searching for the owner set that value - in the case that user can see other entries than their own.
      */
-    const ownedBy = permission.own ? getIdentity().id : where.ownedBy;
-    if (ownedBy !== undefined) {
-      where.ownedBy = ownedBy;
+    if (await entriesPermissions.canAccessOnlyOwnRecords()) {
+      where.ownedBy = getIdentity().id;
     }
+
     /**
      * Where must contain either latest or published keys.
      * We cannot list entries without one of those
@@ -1150,7 +1301,7 @@ const createContentEntryCrud = params => {
       plugins: context.plugins,
       input: []
     });
-    if (fields.includes(fieldId) === false) {
+    if (!fields.includes(fieldId)) {
       throw new _error.default("Cannot list unique entry field values if the field is not searchable.", "LIST_UNIQUE_ENTRY_VALUES_ERROR", {
         fieldId
       });
@@ -1213,6 +1364,12 @@ const createContentEntryCrud = params => {
     onEntryBeforeUpdate,
     onEntryAfterUpdate,
     onEntryUpdateError,
+    /**
+     * Move
+     */
+    onEntryBeforeMove,
+    onEntryAfterMove,
+    onEntryMoveError,
     /**
      * Delete whole entry
      */
@@ -1333,6 +1490,11 @@ const createContentEntryCrud = params => {
         return updateEntry(model, id, input, meta);
       });
     },
+    async moveEntry(model, id, folderId) {
+      return context.benchmark.measure("headlessCms.crud.entries.moveEntry", async () => {
+        return moveEntry(model, id, folderId);
+      });
+    },
     /**
      * Method used internally. Not documented and should not be used in users systems.
      * @internal
@@ -1347,9 +1509,9 @@ const createContentEntryCrud = params => {
         return deleteEntryRevision(model, id);
       });
     },
-    async deleteEntry(model, entryId) {
+    async deleteEntry(model, entryId, options) {
       return context.benchmark.measure("headlessCms.crud.entries.deleteEntry", async () => {
-        return deleteEntry(model, entryId);
+        return deleteEntry(model, entryId, options);
       });
     },
     async deleteMultipleEntries(model, ids) {