@webiny/api-headless-cms 0.0.0-unstable.c59b9cc5b9 → 0.0.0-unstable.c7dec08bb0

package/constants.d.ts

@@ -0,0 +1 @@
+export declare const ROOT_FOLDER = "root";

package/constants.js

@@ -0,0 +1,8 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.ROOT_FOLDER = void 0;
+const ROOT_FOLDER = "root";
+exports.ROOT_FOLDER = ROOT_FOLDER;

package/constants.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["ROOT_FOLDER"],"sources":["constants.ts"],"sourcesContent":["export const ROOT_FOLDER = \"root\";\n"],"mappings":";;;;;;AAAO,MAAMA,WAAW,GAAG,MAAM;AAAC"}

package/context.js

@@ -16,6 +16,10 @@ var _contentModel = require("./crud/contentModel.crud");
 var _contentEntry = require("./crud/contentEntry.crud");
 var _plugins = require("./plugins");
 var _valueKeyStorageConverter = require("./utils/converters/valueKeyStorageConverter");
+var _ModelsPermissions = require("./utils/permissions/ModelsPermissions");
+var _ModelGroupsPermissions = require("./utils/permissions/ModelGroupsPermissions");
+var _EntriesPermissions = require("./utils/permissions/EntriesPermissions");
+var _SettingsPermissions = require("./utils/permissions/SettingsPermissions");
 const getParameters = async context => {
   const plugins = context.plugins.byType(_CmsParametersPlugin.CmsParametersPlugin.type);
   for (const plugin of plugins) {
@@ -29,7 +33,7 @@ const getParameters = async context => {
 const createContextPlugin = ({
   storageOperations
 }) => {
-  return new _api.ContextPlugin(async context => {
+  const plugin = new _api.ContextPlugin(async context => {
     const {
       type,
       locale
@@ -50,6 +54,27 @@ const createContextPlugin = ({
     context.plugins.register(new _plugins.StorageOperationsCmsModelPlugin((0, _valueKeyStorageConverter.createCmsModelFieldConvertersAttachFactory)(context.plugins)));
     await context.benchmark.measure("headlessCms.createContext", async () => {
       await storageOperations.beforeInit(context);
+      const modelGroupsPermissions = new _ModelGroupsPermissions.ModelGroupsPermissions({
+        getIdentity: context.security.getIdentity,
+        getPermissions: () => context.security.getPermissions("cms.contentModelGroup"),
+        fullAccessPermissionName: "cms.*"
+      });
+      const modelsPermissions = new _ModelsPermissions.ModelsPermissions({
+        getIdentity: context.security.getIdentity,
+        getPermissions: () => context.security.getPermissions("cms.contentModel"),
+        fullAccessPermissionName: "cms.*",
+        modelGroupsPermissions
+      });
+      const entriesPermissions = new _EntriesPermissions.EntriesPermissions({
+        getIdentity: context.security.getIdentity,
+        getPermissions: () => context.security.getPermissions("cms.contentEntry"),
+        fullAccessPermissionName: "cms.*"
+      });
+      const settingsPermissions = new _SettingsPermissions.SettingsPermissions({
+        getIdentity: context.security.getIdentity,
+        getPermissions: () => context.security.getPermissions("cms.settings"),
+        fullAccessPermissionName: "cms.*"
+      });
       context.cms = (0, _objectSpread2.default)((0, _objectSpread2.default)((0, _objectSpread2.default)((0, _objectSpread2.default)((0, _objectSpread2.default)({
         type,
         locale,
@@ -68,25 +93,30 @@ const createContextPlugin = ({
         context,
         getTenant,
         getLocale,
-        storageOperations
+        storageOperations,
+        settingsPermissions
       })), (0, _contentModelGroup.createModelGroupsCrud)({
         context,
         getTenant,
         getLocale,
         getIdentity,
-        storageOperations
+        storageOperations,
+        modelGroupsPermissions
       })), (0, _contentModel.createModelsCrud)({
         context,
         getLocale,
         getTenant,
         getIdentity,
-        storageOperations
+        storageOperations,
+        modelsPermissions
       })), (0, _contentEntry.createContentEntryCrud)({
         context,
         getIdentity,
         getTenant,
         getLocale,
-        storageOperations
+        storageOperations,
+        entriesPermissions,
+        modelsPermissions
       }));
       if (!storageOperations.init) {
         return;
@@ -94,5 +124,7 @@ const createContextPlugin = ({
       await storageOperations.init(context);
     });
   });
+  plugin.name = "cms.createContext";
+  return plugin;
 };
 exports.createContextPlugin = createContextPlugin;

package/context.js.map

@@ -1 +1 @@
-{"version":3,"names":["getParameters","context","plugins","byType","CmsParametersPlugin","type","plugin","result","WebinyError","createContextPlugin","storageOperations","ContextPlugin","locale","getLocale","systemLocale","i18n","getIdentity","security","getTenant","tenancy","getCurrentTenant","register","StorageOperationsCmsModelPlugin","createCmsModelFieldConvertersAttachFactory","benchmark","measure","beforeInit","cms","READ","PREVIEW","MANAGE","createSystemCrud","createSettingsCrud","createModelGroupsCrud","createModelsCrud","createContentEntryCrud","init"],"sources":["context.ts"],"sourcesContent":["import { CmsContext, HeadlessCmsStorageOperations } from \"~/types\";\nimport WebinyError from \"@webiny/error\";\nimport { ContextPlugin } from \"@webiny/api\";\nimport { CmsParametersPlugin, CmsParametersPluginResponse } from \"~/plugins/CmsParametersPlugin\";\nimport { createSystemCrud } from \"~/crud/system.crud\";\nimport { createSettingsCrud } from \"~/crud/settings.crud\";\nimport { createModelGroupsCrud } from \"~/crud/contentModelGroup.crud\";\nimport { createModelsCrud } from \"~/crud/contentModel.crud\";\nimport { createContentEntryCrud } from \"~/crud/contentEntry.crud\";\nimport { StorageOperationsCmsModelPlugin } from \"~/plugins\";\nimport { createCmsModelFieldConvertersAttachFactory } from \"~/utils/converters/valueKeyStorageConverter\";\n\nconst getParameters = async (context: CmsContext): Promise<CmsParametersPluginResponse> => {\n    const plugins = context.plugins.byType<CmsParametersPlugin>(CmsParametersPlugin.type);\n\n    for (const plugin of plugins) {\n        const result = await plugin.getParameters(context);\n        if (result !== null) {\n            return result;\n        }\n    }\n    throw new WebinyError(\n        \"Could not determine locale and/or type of the CMS.\",\n        \"CMS_LOCALE_AND_TYPE_ERROR\"\n    );\n};\n\nexport interface CrudParams {\n    storageOperations: HeadlessCmsStorageOperations;\n}\n\nexport const createContextPlugin = ({ storageOperations }: CrudParams) => {\n    return new ContextPlugin<CmsContext>(async context => {\n        const { type, locale } = await getParameters(context);\n\n        const getLocale = () => {\n            const systemLocale = context.i18n.getLocale(locale);\n            if (!systemLocale) {\n                throw new WebinyError(`There is no locale \"${locale}\" in the system.`);\n            }\n            return systemLocale;\n        };\n\n        const getIdentity = () => {\n            return context.security.getIdentity();\n        };\n\n        const getTenant = () => {\n            return context.tenancy.getCurrentTenant();\n        };\n\n        context.plugins.register(\n            new StorageOperationsCmsModelPlugin(\n                createCmsModelFieldConvertersAttachFactory(context.plugins)\n            )\n        );\n\n        await context.benchmark.measure(\"headlessCms.createContext\", async () => {\n            await storageOperations.beforeInit(context);\n\n            context.cms = {\n                type,\n                locale,\n                getLocale,\n                READ: type === \"read\",\n                PREVIEW: type === \"preview\",\n                MANAGE: type === \"manage\",\n                storageOperations,\n                ...createSystemCrud({\n                    context,\n                    getTenant,\n                    getLocale,\n                    getIdentity,\n                    storageOperations\n                }),\n                ...createSettingsCrud({\n                    context,\n                    getTenant,\n                    getLocale,\n                    storageOperations\n                }),\n                ...createModelGroupsCrud({\n                    context,\n                    getTenant,\n                    getLocale,\n                    getIdentity,\n                    storageOperations\n                }),\n                ...createModelsCrud({\n                    context,\n                    getLocale,\n                    getTenant,\n                    getIdentity,\n                    storageOperations\n                }),\n                ...createContentEntryCrud({\n                    context,\n                    getIdentity,\n                    getTenant,\n                    getLocale,\n                    storageOperations\n                })\n            };\n\n            if (!storageOperations.init) {\n                return;\n            }\n            await storageOperations.init(context);\n        });\n    });\n};\n"],"mappings":";;;;;;;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA,MAAMA,aAAa,GAAG,MAAOC,OAAmB,IAA2C;EACvF,MAAMC,OAAO,GAAGD,OAAO,CAACC,OAAO,CAACC,MAAM,CAAsBC,wCAAmB,CAACC,IAAI,CAAC;EAErF,KAAK,MAAMC,MAAM,IAAIJ,OAAO,EAAE;IAC1B,MAAMK,MAAM,GAAG,MAAMD,MAAM,CAACN,aAAa,CAACC,OAAO,CAAC;IAClD,IAAIM,MAAM,KAAK,IAAI,EAAE;MACjB,OAAOA,MAAM;IACjB;EACJ;EACA,MAAM,IAAIC,cAAW,CACjB,oDAAoD,EACpD,2BAA2B,CAC9B;AACL,CAAC;AAMM,MAAMC,mBAAmB,GAAG,CAAC;EAAEC;AAA8B,CAAC,KAAK;EACtE,OAAO,IAAIC,kBAAa,CAAa,MAAMV,OAAO,IAAI;IAClD,MAAM;MAAEI,IAAI;MAAEO;IAAO,CAAC,GAAG,MAAMZ,aAAa,CAACC,OAAO,CAAC;IAErD,MAAMY,SAAS,GAAG,MAAM;MACpB,MAAMC,YAAY,GAAGb,OAAO,CAACc,IAAI,CAACF,SAAS,CAACD,MAAM,CAAC;MACnD,IAAI,CAACE,YAAY,EAAE;QACf,MAAM,IAAIN,cAAW,CAAE,uBAAsBI,MAAO,kBAAiB,CAAC;MAC1E;MACA,OAAOE,YAAY;IACvB,CAAC;IAED,MAAME,WAAW,GAAG,MAAM;MACtB,OAAOf,OAAO,CAACgB,QAAQ,CAACD,WAAW,EAAE;IACzC,CAAC;IAED,MAAME,SAAS,GAAG,MAAM;MACpB,OAAOjB,OAAO,CAACkB,OAAO,CAACC,gBAAgB,EAAE;IAC7C,CAAC;IAEDnB,OAAO,CAACC,OAAO,CAACmB,QAAQ,CACpB,IAAIC,wCAA+B,CAC/B,IAAAC,oEAA0C,EAACtB,OAAO,CAACC,OAAO,CAAC,CAC9D,CACJ;IAED,MAAMD,OAAO,CAACuB,SAAS,CAACC,OAAO,CAAC,2BAA2B,EAAE,YAAY;MACrE,MAAMf,iBAAiB,CAACgB,UAAU,CAACzB,OAAO,CAAC;MAE3CA,OAAO,CAAC0B,GAAG;QACPtB,IAAI;QACJO,MAAM;QACNC,SAAS;QACTe,IAAI,EAAEvB,IAAI,KAAK,MAAM;QACrBwB,OAAO,EAAExB,IAAI,KAAK,SAAS;QAC3ByB,MAAM,EAAEzB,IAAI,KAAK,QAAQ;QACzBK;MAAiB,GACd,IAAAqB,wBAAgB,EAAC;QAChB9B,OAAO;QACPiB,SAAS;QACTL,SAAS;QACTG,WAAW;QACXN;MACJ,CAAC,CAAC,GACC,IAAAsB,4BAAkB,EAAC;QAClB/B,OAAO;QACPiB,SAAS;QACTL,SAAS;QACTH;MACJ,CAAC,CAAC,GACC,IAAAuB,wCAAqB,EAAC;QACrBhC,OAAO;QACPiB,SAAS;QACTL,SAAS;QACTG,WAAW;QACXN;MACJ,CAAC,CAAC,GACC,IAAAwB,8BAAgB,EAAC;QAChBjC,OAAO;QACPY,SAAS;QACTK,SAAS;QACTF,WAAW;QACXN;MACJ,CAAC,CAAC,GACC,IAAAyB,oCAAsB,EAAC;QACtBlC,OAAO;QACPe,WAAW;QACXE,SAAS;QACTL,SAAS;QACTH;MACJ,CAAC,CAAC,CACL;MAED,IAAI,CAACA,iBAAiB,CAAC0B,IAAI,EAAE;QACzB;MACJ;MACA,MAAM1B,iBAAiB,CAAC0B,IAAI,CAACnC,OAAO,CAAC;IACzC,CAAC,CAAC;EACN,CAAC,CAAC;AACN,CAAC;AAAC"}
+{"version":3,"names":["getParameters","context","plugins","byType","CmsParametersPlugin","type","plugin","result","WebinyError","createContextPlugin","storageOperations","ContextPlugin","locale","getLocale","systemLocale","i18n","getIdentity","security","getTenant","tenancy","getCurrentTenant","register","StorageOperationsCmsModelPlugin","createCmsModelFieldConvertersAttachFactory","benchmark","measure","beforeInit","modelGroupsPermissions","ModelGroupsPermissions","getPermissions","fullAccessPermissionName","modelsPermissions","ModelsPermissions","entriesPermissions","EntriesPermissions","settingsPermissions","SettingsPermissions","cms","READ","PREVIEW","MANAGE","createSystemCrud","createSettingsCrud","createModelGroupsCrud","createModelsCrud","createContentEntryCrud","init","name"],"sources":["context.ts"],"sourcesContent":["import { CmsContext, HeadlessCmsStorageOperations } from \"~/types\";\nimport WebinyError from \"@webiny/error\";\nimport { ContextPlugin } from \"@webiny/api\";\nimport { CmsParametersPlugin, CmsParametersPluginResponse } from \"~/plugins/CmsParametersPlugin\";\nimport { createSystemCrud } from \"~/crud/system.crud\";\nimport { createSettingsCrud } from \"~/crud/settings.crud\";\nimport { createModelGroupsCrud } from \"~/crud/contentModelGroup.crud\";\nimport { createModelsCrud } from \"~/crud/contentModel.crud\";\nimport { createContentEntryCrud } from \"~/crud/contentEntry.crud\";\nimport { StorageOperationsCmsModelPlugin } from \"~/plugins\";\nimport { createCmsModelFieldConvertersAttachFactory } from \"~/utils/converters/valueKeyStorageConverter\";\nimport { ModelsPermissions } from \"~/utils/permissions/ModelsPermissions\";\nimport { ModelGroupsPermissions } from \"./utils/permissions/ModelGroupsPermissions\";\nimport { EntriesPermissions } from \"./utils/permissions/EntriesPermissions\";\nimport { SettingsPermissions } from \"./utils/permissions/SettingsPermissions\";\n\nconst getParameters = async (context: CmsContext): Promise<CmsParametersPluginResponse> => {\n    const plugins = context.plugins.byType<CmsParametersPlugin>(CmsParametersPlugin.type);\n\n    for (const plugin of plugins) {\n        const result = await plugin.getParameters(context);\n        if (result !== null) {\n            return result;\n        }\n    }\n    throw new WebinyError(\n        \"Could not determine locale and/or type of the CMS.\",\n        \"CMS_LOCALE_AND_TYPE_ERROR\"\n    );\n};\n\nexport interface CrudParams {\n    storageOperations: HeadlessCmsStorageOperations;\n}\n\nexport const createContextPlugin = ({ storageOperations }: CrudParams) => {\n    const plugin = new ContextPlugin<CmsContext>(async context => {\n        const { type, locale } = await getParameters(context);\n\n        const getLocale = () => {\n            const systemLocale = context.i18n.getLocale(locale);\n            if (!systemLocale) {\n                throw new WebinyError(`There is no locale \"${locale}\" in the system.`);\n            }\n            return systemLocale;\n        };\n\n        const getIdentity = () => {\n            return context.security.getIdentity();\n        };\n\n        const getTenant = () => {\n            return context.tenancy.getCurrentTenant();\n        };\n\n        context.plugins.register(\n            new StorageOperationsCmsModelPlugin(\n                createCmsModelFieldConvertersAttachFactory(context.plugins)\n            )\n        );\n\n        await context.benchmark.measure(\"headlessCms.createContext\", async () => {\n            await storageOperations.beforeInit(context);\n\n            const modelGroupsPermissions = new ModelGroupsPermissions({\n                getIdentity: context.security.getIdentity,\n                getPermissions: () => context.security.getPermissions(\"cms.contentModelGroup\"),\n                fullAccessPermissionName: \"cms.*\"\n            });\n\n            const modelsPermissions = new ModelsPermissions({\n                getIdentity: context.security.getIdentity,\n                getPermissions: () => context.security.getPermissions(\"cms.contentModel\"),\n                fullAccessPermissionName: \"cms.*\",\n                modelGroupsPermissions\n            });\n\n            const entriesPermissions = new EntriesPermissions({\n                getIdentity: context.security.getIdentity,\n                getPermissions: () => context.security.getPermissions(\"cms.contentEntry\"),\n                fullAccessPermissionName: \"cms.*\"\n            });\n\n            const settingsPermissions = new SettingsPermissions({\n                getIdentity: context.security.getIdentity,\n                getPermissions: () => context.security.getPermissions(\"cms.settings\"),\n                fullAccessPermissionName: \"cms.*\"\n            });\n\n            context.cms = {\n                type,\n                locale,\n                getLocale,\n                READ: type === \"read\",\n                PREVIEW: type === \"preview\",\n                MANAGE: type === \"manage\",\n                storageOperations,\n                ...createSystemCrud({\n                    context,\n                    getTenant,\n                    getLocale,\n                    getIdentity,\n                    storageOperations\n                }),\n                ...createSettingsCrud({\n                    context,\n                    getTenant,\n                    getLocale,\n                    storageOperations,\n                    settingsPermissions\n                }),\n                ...createModelGroupsCrud({\n                    context,\n                    getTenant,\n                    getLocale,\n                    getIdentity,\n                    storageOperations,\n                    modelGroupsPermissions\n                }),\n                ...createModelsCrud({\n                    context,\n                    getLocale,\n                    getTenant,\n                    getIdentity,\n                    storageOperations,\n                    modelsPermissions\n                }),\n                ...createContentEntryCrud({\n                    context,\n                    getIdentity,\n                    getTenant,\n                    getLocale,\n                    storageOperations,\n                    entriesPermissions,\n                    modelsPermissions\n                })\n            };\n\n            if (!storageOperations.init) {\n                return;\n            }\n            await storageOperations.init(context);\n        });\n    });\n\n    plugin.name = \"cms.createContext\";\n\n    return plugin;\n};\n"],"mappings":";;;;;;;;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAEA,MAAMA,aAAa,GAAG,MAAOC,OAAmB,IAA2C;EACvF,MAAMC,OAAO,GAAGD,OAAO,CAACC,OAAO,CAACC,MAAM,CAAsBC,wCAAmB,CAACC,IAAI,CAAC;EAErF,KAAK,MAAMC,MAAM,IAAIJ,OAAO,EAAE;IAC1B,MAAMK,MAAM,GAAG,MAAMD,MAAM,CAACN,aAAa,CAACC,OAAO,CAAC;IAClD,IAAIM,MAAM,KAAK,IAAI,EAAE;MACjB,OAAOA,MAAM;IACjB;EACJ;EACA,MAAM,IAAIC,cAAW,CACjB,oDAAoD,EACpD,2BAA2B,CAC9B;AACL,CAAC;AAMM,MAAMC,mBAAmB,GAAG,CAAC;EAAEC;AAA8B,CAAC,KAAK;EACtE,MAAMJ,MAAM,GAAG,IAAIK,kBAAa,CAAa,MAAMV,OAAO,IAAI;IAC1D,MAAM;MAAEI,IAAI;MAAEO;IAAO,CAAC,GAAG,MAAMZ,aAAa,CAACC,OAAO,CAAC;IAErD,MAAMY,SAAS,GAAG,MAAM;MACpB,MAAMC,YAAY,GAAGb,OAAO,CAACc,IAAI,CAACF,SAAS,CAACD,MAAM,CAAC;MACnD,IAAI,CAACE,YAAY,EAAE;QACf,MAAM,IAAIN,cAAW,CAAE,uBAAsBI,MAAO,kBAAiB,CAAC;MAC1E;MACA,OAAOE,YAAY;IACvB,CAAC;IAED,MAAME,WAAW,GAAG,MAAM;MACtB,OAAOf,OAAO,CAACgB,QAAQ,CAACD,WAAW,EAAE;IACzC,CAAC;IAED,MAAME,SAAS,GAAG,MAAM;MACpB,OAAOjB,OAAO,CAACkB,OAAO,CAACC,gBAAgB,EAAE;IAC7C,CAAC;IAEDnB,OAAO,CAACC,OAAO,CAACmB,QAAQ,CACpB,IAAIC,wCAA+B,CAC/B,IAAAC,oEAA0C,EAACtB,OAAO,CAACC,OAAO,CAAC,CAC9D,CACJ;IAED,MAAMD,OAAO,CAACuB,SAAS,CAACC,OAAO,CAAC,2BAA2B,EAAE,YAAY;MACrE,MAAMf,iBAAiB,CAACgB,UAAU,CAACzB,OAAO,CAAC;MAE3C,MAAM0B,sBAAsB,GAAG,IAAIC,8CAAsB,CAAC;QACtDZ,WAAW,EAAEf,OAAO,CAACgB,QAAQ,CAACD,WAAW;QACzCa,cAAc,EAAE,MAAM5B,OAAO,CAACgB,QAAQ,CAACY,cAAc,CAAC,uBAAuB,CAAC;QAC9EC,wBAAwB,EAAE;MAC9B,CAAC,CAAC;MAEF,MAAMC,iBAAiB,GAAG,IAAIC,oCAAiB,CAAC;QAC5ChB,WAAW,EAAEf,OAAO,CAACgB,QAAQ,CAACD,WAAW;QACzCa,cAAc,EAAE,MAAM5B,OAAO,CAACgB,QAAQ,CAACY,cAAc,CAAC,kBAAkB,CAAC;QACzEC,wBAAwB,EAAE,OAAO;QACjCH;MACJ,CAAC,CAAC;MAEF,MAAMM,kBAAkB,GAAG,IAAIC,sCAAkB,CAAC;QAC9ClB,WAAW,EAAEf,OAAO,CAACgB,QAAQ,CAACD,WAAW;QACzCa,cAAc,EAAE,MAAM5B,OAAO,CAACgB,QAAQ,CAACY,cAAc,CAAC,kBAAkB,CAAC;QACzEC,wBAAwB,EAAE;MAC9B,CAAC,CAAC;MAEF,MAAMK,mBAAmB,GAAG,IAAIC,wCAAmB,CAAC;QAChDpB,WAAW,EAAEf,OAAO,CAACgB,QAAQ,CAACD,WAAW;QACzCa,cAAc,EAAE,MAAM5B,OAAO,CAACgB,QAAQ,CAACY,cAAc,CAAC,cAAc,CAAC;QACrEC,wBAAwB,EAAE;MAC9B,CAAC,CAAC;MAEF7B,OAAO,CAACoC,GAAG;QACPhC,IAAI;QACJO,MAAM;QACNC,SAAS;QACTyB,IAAI,EAAEjC,IAAI,KAAK,MAAM;QACrBkC,OAAO,EAAElC,IAAI,KAAK,SAAS;QAC3BmC,MAAM,EAAEnC,IAAI,KAAK,QAAQ;QACzBK;MAAiB,GACd,IAAA+B,wBAAgB,EAAC;QAChBxC,OAAO;QACPiB,SAAS;QACTL,SAAS;QACTG,WAAW;QACXN;MACJ,CAAC,CAAC,GACC,IAAAgC,4BAAkB,EAAC;QAClBzC,OAAO;QACPiB,SAAS;QACTL,SAAS;QACTH,iBAAiB;QACjByB;MACJ,CAAC,CAAC,GACC,IAAAQ,wCAAqB,EAAC;QACrB1C,OAAO;QACPiB,SAAS;QACTL,SAAS;QACTG,WAAW;QACXN,iBAAiB;QACjBiB;MACJ,CAAC,CAAC,GACC,IAAAiB,8BAAgB,EAAC;QAChB3C,OAAO;QACPY,SAAS;QACTK,SAAS;QACTF,WAAW;QACXN,iBAAiB;QACjBqB;MACJ,CAAC,CAAC,GACC,IAAAc,oCAAsB,EAAC;QACtB5C,OAAO;QACPe,WAAW;QACXE,SAAS;QACTL,SAAS;QACTH,iBAAiB;QACjBuB,kBAAkB;QAClBF;MACJ,CAAC,CAAC,CACL;MAED,IAAI,CAACrB,iBAAiB,CAACoC,IAAI,EAAE;QACzB;MACJ;MACA,MAAMpC,iBAAiB,CAACoC,IAAI,CAAC7C,OAAO,CAAC;IACzC,CAAC,CAAC;EACN,CAAC,CAAC;EAEFK,MAAM,CAACyC,IAAI,GAAG,mBAAmB;EAEjC,OAAOzC,MAAM;AACjB,CAAC;AAAC"}

package/crud/contentEntry.crud.d.ts

@@ -2,11 +2,15 @@ import { CmsContext, CmsEntryContext, CONTENT_ENTRY_STATUS, HeadlessCmsStorageOp
 import { SecurityIdentity } from "@webiny/api-security/types";
 import { Tenant } from "@webiny/api-tenancy/types";
 import { I18NLocale } from "@webiny/api-i18n/types";
+import { EntriesPermissions } from "../utils/permissions/EntriesPermissions";
+import { ModelsPermissions } from "../utils/permissions/ModelsPermissions";
 export declare const STATUS_DRAFT = CONTENT_ENTRY_STATUS.DRAFT;
 export declare const STATUS_PUBLISHED = CONTENT_ENTRY_STATUS.PUBLISHED;
 export declare const STATUS_UNPUBLISHED = CONTENT_ENTRY_STATUS.UNPUBLISHED;
 interface CreateContentEntryCrudParams {
     storageOperations: HeadlessCmsStorageOperations;
+    entriesPermissions: EntriesPermissions;
+    modelsPermissions: ModelsPermissions;
     context: CmsContext;
     getIdentity: () => SecurityIdentity;
     getTenant: () => Tenant;

package/crud/contentEntry.crud.js

@@ -17,12 +17,11 @@ var _beforeCreate = require("./contentEntry/beforeCreate");
 var _beforeUpdate = require("./contentEntry/beforeUpdate");
 var _afterDelete = require("./contentEntry/afterDelete");
 var _referenceFieldsMapping = require("./contentEntry/referenceFieldsMapping");
-var _permissions = require("../utils/permissions");
-var _access = require("../utils/access");
-var _ownership = require("../utils/ownership");
 var _entryStorage = require("../utils/entryStorage");
 var _searchableFields = require("./contentEntry/searchableFields");
 var _filterAsync = require("../utils/filterAsync");
+var _apiSecurity = require("@webiny/api-security/");
+var _constants = require("../constants");
 const STATUS_DRAFT = _types.CONTENT_ENTRY_STATUS.DRAFT;
 exports.STATUS_DRAFT = STATUS_DRAFT;
 const STATUS_PUBLISHED = _types.CONTENT_ENTRY_STATUS.PUBLISHED;
@@ -171,9 +170,19 @@ const allowedEntryStatus = ["draft", "published", "unpublished"];
 const transformEntryStatus = status => {
   return allowedEntryStatus.includes(status) ? status : "draft";
 };
+const createSort = sort => {
+  if (!Array.isArray(sort)) {
+    return ["createdOn_DESC"];
+  } else if (sort.filter(s => !!s).length === 0) {
+    return ["createdOn_DESC"];
+  }
+  return sort;
+};
 const createContentEntryCrud = params => {
   const {
     storageOperations,
+    entriesPermissions,
+    modelsPermissions,
     context,
     getIdentity,
     getTenant,
@@ -275,9 +284,6 @@ const createContentEntryCrud = params => {
     context,
     onEntryAfterDelete
   });
-  const checkEntryPermissions = check => {
-    return (0, _permissions.checkPermissions)(context, "cms.contentEntry", check);
-  };
 
   /**
    * A helper to delete the entire entry.
@@ -317,14 +323,23 @@ const createContentEntryCrud = params => {
    */
   const getEntriesByIds = async (model, ids) => {
     return context.benchmark.measure("headlessCms.crud.entries.getEntriesByIds", async () => {
-      const permission = await checkEntryPermissions({
+      await entriesPermissions.ensure({
         rwd: "r"
       });
-      await (0, _access.checkModelAccess)(context, model);
+      await modelsPermissions.ensureCanAccessModel({
+        model,
+        locale: getLocale().code
+      });
       const entries = await storageOperations.entries.getByIds(model, {
         ids
       });
-      return entries.filter(entry => (0, _ownership.validateOwnership)(context, permission, entry));
+      return (0, _filterAsync.filterAsync)(entries, async entry => {
+        return entriesPermissions.ensure({
+          owns: entry.createdBy
+        }, {
+          throw: false
+        });
+      });
     });
   };
   const getEntryById = async (model, id) => {
@@ -342,27 +357,45 @@ const createContentEntryCrud = params => {
     return entry;
   };
   const getPublishedEntriesByIds = async (model, ids) => {
-    const permission = await checkEntryPermissions({
+    await entriesPermissions.ensure({
       rwd: "r"
     });
-    await (0, _access.checkModelAccess)(context, model);
+    await modelsPermissions.ensureCanAccessModel({
+      model,
+      locale: getLocale().code
+    });
     const entries = await storageOperations.entries.getPublishedByIds(model, {
       ids
     });
-    return entries.filter(entry => (0, _ownership.validateOwnership)(context, permission, entry));
+    return (0, _filterAsync.filterAsync)(entries, async entry => {
+      return entriesPermissions.ensure({
+        owns: entry.createdBy
+      }, {
+        throw: false
+      });
+    });
   };
   const getLatestEntriesByIds = async (model, ids) => {
-    const permission = await checkEntryPermissions({
+    await entriesPermissions.ensure({
       rwd: "r"
     });
-    await (0, _access.checkModelAccess)(context, model);
+    await modelsPermissions.ensureCanAccessModel({
+      model,
+      locale: getLocale().code
+    });
     const entries = await storageOperations.entries.getLatestByIds(model, {
       ids
     });
-    return entries.filter(entry => (0, _ownership.validateOwnership)(context, permission, entry));
+    return (0, _filterAsync.filterAsync)(entries, async entry => {
+      return entriesPermissions.ensure({
+        owns: entry.createdBy
+      }, {
+        throw: false
+      });
+    });
   };
   const getEntry = async (model, params) => {
-    await checkEntryPermissions({
+    await entriesPermissions.ensure({
       rwd: "r"
     });
     const {
@@ -390,10 +423,21 @@ const createContentEntryCrud = params => {
     });
   };
   const listEntries = async (model, params) => {
-    const permission = await checkEntryPermissions({
-      rwd: "r"
+    try {
+      await entriesPermissions.ensure({
+        rwd: "r"
+      });
+    } catch {
+      throw new _apiSecurity.NotAuthorizedError({
+        data: {
+          reason: 'Not allowed to perform "read" on "cms.contentEntry".'
+        }
+      });
+    }
+    await modelsPermissions.ensureCanAccessModel({
+      model,
+      locale: getLocale().code
     });
-    await (0, _access.checkModelAccess)(context, model);
     const {
       where: initialWhere,
       limit: initialLimit
@@ -404,10 +448,10 @@ const createContentEntryCrud = params => {
      * Possibly only get records which are owned by current user.
      * Or if searching for the owner set that value - in the case that user can see other entries than their own.
      */
-    const ownedBy = permission.own ? getIdentity().id : where.ownedBy;
-    if (ownedBy !== undefined) {
-      where.ownedBy = ownedBy;
+    if (await entriesPermissions.canAccessOnlyOwnRecords()) {
+      where.ownedBy = getIdentity().id;
     }
+
     /**
      * Where must contain either latest or published keys.
      * We cannot list entries without one of those
@@ -437,6 +481,7 @@ const createContentEntryCrud = params => {
         cursor,
         items
       } = await storageOperations.entries.list(model, (0, _objectSpread2.default)((0, _objectSpread2.default)({}, params), {}, {
+        sort: createSort(params.sort),
         limit,
         where,
         fields
@@ -465,10 +510,14 @@ const createContentEntryCrud = params => {
     }
   };
   const createEntry = async (model, inputData) => {
-    await checkEntryPermissions({
+    var _inputData$wbyAco_loc;
+    await entriesPermissions.ensure({
       rwd: "w"
     });
-    await (0, _access.checkModelAccess)(context, model);
+    await modelsPermissions.ensureCanAccessModel({
+      model,
+      locale: getLocale().code
+    });
 
     /**
      * Make sure we only work with fields that are defined in the model.
@@ -511,7 +560,10 @@ const createContentEntryCrud = params => {
       version,
       locked: false,
       status: STATUS_DRAFT,
-      values: input
+      values: input,
+      location: {
+        folderId: ((_inputData$wbyAco_loc = inputData.wbyAco_location) === null || _inputData$wbyAco_loc === void 0 ? void 0 : _inputData$wbyAco_loc.folderId) || _constants.ROOT_FOLDER
+      }
     };
     let storageEntry = null;
     try {
@@ -548,10 +600,13 @@ const createContentEntryCrud = params => {
     }
   };
   const createEntryRevisionFrom = async (model, sourceId, inputData) => {
-    const permission = await checkEntryPermissions({
+    await entriesPermissions.ensure({
       rwd: "w"
     });
-    await (0, _access.checkModelAccess)(context, model);
+    await modelsPermissions.ensureCanAccessModel({
+      model,
+      locale: getLocale().code
+    });
 
     /**
      * Make sure we only work with fields that are defined in the model.
@@ -591,7 +646,9 @@ const createContentEntryCrud = params => {
       input: initialValues,
       validateEntries: false
     });
-    (0, _ownership.checkOwnership)(context, permission, originalEntry);
+    await entriesPermissions.ensure({
+      owns: originalEntry.createdBy
+    });
     const identity = getIdentity();
     const latestId = latestStorageEntry ? latestStorageEntry.id : sourceId;
     const {
@@ -653,10 +710,14 @@ const createContentEntryCrud = params => {
     }
   };
   const updateEntry = async (model, id, inputData, metaInput) => {
-    const permission = await checkEntryPermissions({
+    var _inputData$wbyAco_loc2;
+    await entriesPermissions.ensure({
       rwd: "w"
     });
-    await (0, _access.checkModelAccess)(context, model);
+    await modelsPermissions.ensureCanAccessModel({
+      model,
+      locale: getLocale().code
+    });
 
     /**
      * Make sure we only work with fields that are defined in the model.
@@ -682,7 +743,9 @@ const createContentEntryCrud = params => {
       data: input,
       entry: originalEntry
     });
-    (0, _ownership.checkOwnership)(context, permission, originalEntry);
+    await entriesPermissions.ensure({
+      owns: originalEntry.createdBy
+    });
     const initialValues = (0, _objectSpread2.default)((0, _objectSpread2.default)({}, originalEntry.values), input);
     const values = await (0, _referenceFieldsMapping.referenceFieldsMapping)({
       context,
@@ -704,6 +767,12 @@ const createContentEntryCrud = params => {
       meta,
       status: transformEntryStatus(originalEntry.status)
     });
+    const folderId = (_inputData$wbyAco_loc2 = inputData.wbyAco_location) === null || _inputData$wbyAco_loc2 === void 0 ? void 0 : _inputData$wbyAco_loc2.folderId;
+    if (folderId) {
+      entry.location = {
+        folderId
+      };
+    }
     let storageEntry = null;
     try {
       await onEntryBeforeUpdate.publish({
@@ -742,10 +811,14 @@ const createContentEntryCrud = params => {
     }
   };
   const republishEntry = async (model, id) => {
-    await checkEntryPermissions({
+    await entriesPermissions.ensure({
       rwd: "w"
     });
-    await (0, _access.checkModelAccess)(context, model);
+    await modelsPermissions.ensureCanAccessModel({
+      model,
+      locale: getLocale().code
+    });
+
     /**
      * Fetch the entry from the storage.
      */
@@ -820,10 +893,13 @@ const createContentEntryCrud = params => {
     }
   };
   const deleteEntryRevision = async (model, revisionId) => {
-    const permission = await checkEntryPermissions({
+    await entriesPermissions.ensure({
       rwd: "d"
     });
-    await (0, _access.checkModelAccess)(context, model);
+    await modelsPermissions.ensureCanAccessModel({
+      model,
+      locale: getLocale().code
+    });
     const {
       id: entryId,
       version
@@ -841,7 +917,9 @@ const createContentEntryCrud = params => {
     if (!storageEntryToDelete) {
       throw new _handlerGraphql.NotFoundError(`Entry "${revisionId}" was not found!`);
     }
-    (0, _ownership.checkOwnership)(context, permission, storageEntryToDelete);
+    await entriesPermissions.ensure({
+      owns: storageEntryToDelete.createdBy
+    });
     const latestEntryRevisionId = latestStorageEntry ? latestStorageEntry.id : null;
     const entryToDelete = await (0, _entryStorage.entryFromStorageTransform)(context, model, storageEntryToDelete);
     /**
@@ -911,10 +989,13 @@ const createContentEntryCrud = params => {
         entries: ids
       });
     }
-    const permission = await checkEntryPermissions({
+    await entriesPermissions.ensure({
       rwd: "d"
     });
-    await (0, _access.checkModelAccess)(context, model);
+    await modelsPermissions.ensureCanAccessModel({
+      model,
+      locale: getLocale().code
+    });
     const {
       items: entries
     } = await storageOperations.entries.list(model, {
@@ -928,7 +1009,11 @@ const createContentEntryCrud = params => {
      * We do not want to allow deleting entries that user does not own or cannot access.
      */
     const items = (await (0, _filterAsync.filterAsync)(entries, async entry => {
-      return (0, _ownership.validateOwnership)(context, permission, entry);
+      return entriesPermissions.ensure({
+        owns: entry.createdBy
+      }, {
+        throw: false
+      });
     })).map(entry => entry.id);
     try {
       await onEntryBeforeDeleteMultiple.publish({
@@ -963,10 +1048,13 @@ const createContentEntryCrud = params => {
     }
   };
   const deleteEntry = async (model, id, options) => {
-    const permission = await checkEntryPermissions({
+    await entriesPermissions.ensure({
       rwd: "d"
     });
-    await (0, _access.checkModelAccess)(context, model);
+    await modelsPermissions.ensureCanAccessModel({
+      model,
+      locale: getLocale().code
+    });
     const {
       force
     } = options || {};
@@ -998,7 +1086,9 @@ const createContentEntryCrud = params => {
         }
       });
     }
-    (0, _ownership.checkOwnership)(context, permission, storageEntry);
+    await entriesPermissions.ensure({
+      owns: storageEntry.createdBy
+    });
     const entry = await (0, _entryStorage.entryFromStorageTransform)(context, model, storageEntry);
     return await deleteEntryHelper({
       model,
@@ -1006,17 +1096,22 @@ const createContentEntryCrud = params => {
     });
   };
   const publishEntry = async (model, id) => {
-    const permission = await checkEntryPermissions({
+    await entriesPermissions.ensure({
       pw: "p"
     });
-    await (0, _access.checkModelAccess)(context, model);
+    await modelsPermissions.ensureCanAccessModel({
+      model,
+      locale: getLocale().code
+    });
     const originalStorageEntry = await storageOperations.entries.getRevisionById(model, {
       id
     });
     if (!originalStorageEntry) {
       throw new _handlerGraphql.NotFoundError(`Entry "${id}" in the model "${model.modelId}" was not found.`);
     }
-    (0, _ownership.checkOwnership)(context, permission, originalStorageEntry);
+    await entriesPermissions.ensure({
+      owns: originalStorageEntry.createdBy
+    });
     const originalEntry = await (0, _entryStorage.entryFromStorageTransform)(context, model, originalStorageEntry);
     const currentDate = new Date().toISOString();
     const entry = (0, _objectSpread2.default)((0, _objectSpread2.default)({}, originalEntry), {}, {
@@ -1058,7 +1153,7 @@ const createContentEntryCrud = params => {
     }
   };
   const unpublishEntry = async (model, id) => {
-    const permission = await checkEntryPermissions({
+    await entriesPermissions.ensure({
       pw: "u"
     });
     const {
@@ -1075,7 +1170,9 @@ const createContentEntryCrud = params => {
         entry: originalStorageEntry
       });
     }
-    (0, _ownership.checkOwnership)(context, permission, originalStorageEntry);
+    await entriesPermissions.ensure({
+      owns: originalStorageEntry.createdBy
+    });
     const originalEntry = await (0, _entryStorage.entryFromStorageTransform)(context, model, originalStorageEntry);
     const entry = (0, _objectSpread2.default)((0, _objectSpread2.default)({}, originalEntry), {}, {
       status: STATUS_UNPUBLISHED
@@ -1112,10 +1209,13 @@ const createContentEntryCrud = params => {
     }
   };
   const getUniqueFieldValues = async (model, params) => {
-    const permission = await checkEntryPermissions({
+    await entriesPermissions.ensure({
       rwd: "r"
     });
-    await (0, _access.checkModelAccess)(context, model);
+    await modelsPermissions.ensureCanAccessModel({
+      model,
+      locale: getLocale().code
+    });
     const {
       where: initialWhere,
       fieldId
@@ -1125,10 +1225,10 @@ const createContentEntryCrud = params => {
      * Possibly only get records which are owned by current user.
      * Or if searching for the owner set that value - in the case that user can see other entries than their own.
      */
-    const ownedBy = permission.own ? getIdentity().id : where.ownedBy;
-    if (ownedBy !== undefined) {
-      where.ownedBy = ownedBy;
+    if (await entriesPermissions.canAccessOnlyOwnRecords()) {
+      where.ownedBy = getIdentity().id;
     }
+
     /**
      * Where must contain either latest or published keys.
      * We cannot list entries without one of those
@@ -1150,7 +1250,7 @@ const createContentEntryCrud = params => {
       plugins: context.plugins,
       input: []
     });
-    if (fields.includes(fieldId) === false) {
+    if (!fields.includes(fieldId)) {
       throw new _error.default("Cannot list unique entry field values if the field is not searchable.", "LIST_UNIQUE_ENTRY_VALUES_ERROR", {
         fieldId
       });
@@ -1347,9 +1447,9 @@ const createContentEntryCrud = params => {
         return deleteEntryRevision(model, id);
       });
     },
-    async deleteEntry(model, entryId) {
+    async deleteEntry(model, entryId, options) {
       return context.benchmark.measure("headlessCms.crud.entries.deleteEntry", async () => {
-        return deleteEntry(model, entryId);
+        return deleteEntry(model, entryId, options);
       });
     },
     async deleteMultipleEntries(model, ids) {