@webiny/api-headless-cms 0.0.0-unstable.c59b9cc5b9 → 0.0.0-unstable.c7dec08bb0

package/utils/permissions/ModelsPermissions.js

@@ -0,0 +1,91 @@
+"use strict";
+
+var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault").default;
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.ModelsPermissions = void 0;
+var _defineProperty2 = _interopRequireDefault(require("@babel/runtime/helpers/defineProperty"));
+var _apiSecurity = require("@webiny/api-security");
+class ModelsPermissions extends _apiSecurity.AppPermissions {
+  constructor(params) {
+    super(params);
+    (0, _defineProperty2.default)(this, "modelGroupsPermissions", void 0);
+    this.modelGroupsPermissions = params.modelGroupsPermissions;
+  }
+  async canAccessModel({
+    model,
+    locale
+  }) {
+    if (await this.hasFullAccess()) {
+      return true;
+    }
+    const modelGroupsPermissions = this.modelGroupsPermissions;
+
+    // eslint-disable-next-line
+    const modelsPermissions = this;
+    const canReadGroups = await modelGroupsPermissions.ensure({
+      rwd: "r"
+    }, {
+      throw: false
+    });
+    if (!canReadGroups) {
+      return false;
+    }
+    const canReadModels = await modelsPermissions.ensure({
+      rwd: "r"
+    }, {
+      throw: false
+    });
+    if (!canReadModels) {
+      return false;
+    }
+    const modelGroupsPermissionsList = await modelGroupsPermissions.getPermissions();
+    const modelsPermissionsList = await this.getPermissions();
+    for (let i = 0; i < modelGroupsPermissionsList.length; i++) {
+      const modelGroupPermission = modelGroupsPermissionsList[i];
+      const {
+        groups
+      } = modelGroupPermission;
+      for (let j = 0; j < modelsPermissionsList.length; j++) {
+        const modelPermission = modelsPermissionsList[j];
+        const {
+          models
+        } = modelPermission;
+        // when no models or groups defined on permission
+        // it means user has access to everything
+        if (!models && !groups) {
+          return true;
+        }
+
+        // Does the model belong to a group for which user has permission?
+        if (groups) {
+          if (Array.isArray(groups[locale]) === false || groups[locale].includes(model.group.id) === false) {
+            continue;
+          }
+        }
+
+        // Does the user have access to the specific model?
+        if (models) {
+          if (Array.isArray(models[locale]) === false || models[locale].includes(model.modelId) === false) {
+            continue;
+          }
+        }
+        return true;
+      }
+    }
+    return false;
+  }
+  async ensureCanAccessModel(params) {
+    const canAccessModel = await this.canAccessModel(params);
+    if (canAccessModel) {
+      return;
+    }
+    throw new _apiSecurity.NotAuthorizedError({
+      data: {
+        reason: `Not allowed to access model "${params.model.modelId}".`
+      }
+    });
+  }
+}
+exports.ModelsPermissions = ModelsPermissions;

package/utils/permissions/ModelsPermissions.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["ModelsPermissions","AppPermissions","constructor","params","modelGroupsPermissions","canAccessModel","model","locale","hasFullAccess","modelsPermissions","canReadGroups","ensure","rwd","throw","canReadModels","modelGroupsPermissionsList","getPermissions","modelsPermissionsList","i","length","modelGroupPermission","groups","j","modelPermission","models","Array","isArray","includes","group","id","modelId","ensureCanAccessModel","NotAuthorizedError","data","reason"],"sources":["ModelsPermissions.ts"],"sourcesContent":["import { AppPermissions, AppPermissionsParams, NotAuthorizedError } from \"@webiny/api-security\";\nimport { CmsGroupPermission, CmsModel, CmsModelPermission } from \"~/types\";\nimport { ModelGroupsPermissions } from \"~/utils/permissions/ModelGroupsPermissions\";\n\nexport interface ModelsPermissionsParams extends AppPermissionsParams<CmsGroupPermission> {\n    modelGroupsPermissions: ModelGroupsPermissions;\n}\n\nexport interface CanAccessModelParams {\n    model: CmsModel;\n    locale: string;\n}\n\nexport interface EnsureModelAccessParams {\n    model: CmsModel;\n    locale: string;\n}\n\nexport class ModelsPermissions extends AppPermissions<CmsModelPermission> {\n    private modelGroupsPermissions: ModelGroupsPermissions;\n\n    constructor(params: ModelsPermissionsParams) {\n        super(params);\n        this.modelGroupsPermissions = params.modelGroupsPermissions;\n    }\n\n    async canAccessModel({ model, locale }: CanAccessModelParams) {\n        if (await this.hasFullAccess()) {\n            return true;\n        }\n\n        const modelGroupsPermissions = this.modelGroupsPermissions;\n\n        // eslint-disable-next-line\n        const modelsPermissions = this;\n\n        const canReadGroups = await modelGroupsPermissions.ensure({ rwd: \"r\" }, { throw: false });\n        if (!canReadGroups) {\n            return false;\n        }\n\n        const canReadModels = await modelsPermissions.ensure({ rwd: \"r\" }, { throw: false });\n        if (!canReadModels) {\n            return false;\n        }\n\n        const modelGroupsPermissionsList = await modelGroupsPermissions.getPermissions();\n        const modelsPermissionsList = await this.getPermissions();\n\n        for (let i = 0; i < modelGroupsPermissionsList.length; i++) {\n            const modelGroupPermission = modelGroupsPermissionsList[i];\n\n            const { groups } = modelGroupPermission;\n\n            for (let j = 0; j < modelsPermissionsList.length; j++) {\n                const modelPermission = modelsPermissionsList[j];\n\n                const { models } = modelPermission;\n                // when no models or groups defined on permission\n                // it means user has access to everything\n                if (!models && !groups) {\n                    return true;\n                }\n\n                // Does the model belong to a group for which user has permission?\n                if (groups) {\n                    if (\n                        Array.isArray(groups[locale]) === false ||\n                        groups[locale].includes(model.group.id) === false\n                    ) {\n                        continue;\n                    }\n                }\n\n                // Does the user have access to the specific model?\n                if (models) {\n                    if (\n                        Array.isArray(models[locale]) === false ||\n                        models[locale].includes(model.modelId) === false\n                    ) {\n                        continue;\n                    }\n                }\n\n                return true;\n            }\n        }\n\n        return false;\n    }\n\n    async ensureCanAccessModel(params: EnsureModelAccessParams) {\n        const canAccessModel = await this.canAccessModel(params);\n        if (canAccessModel) {\n            return;\n        }\n\n        throw new NotAuthorizedError({\n            data: {\n                reason: `Not allowed to access model \"${params.model.modelId}\".`\n            }\n        });\n    }\n}\n"],"mappings":";;;;;;;;AAAA;AAkBO,MAAMA,iBAAiB,SAASC,2BAAc,CAAqB;EAGtEC,WAAW,CAACC,MAA+B,EAAE;IACzC,KAAK,CAACA,MAAM,CAAC;IAAC;IACd,IAAI,CAACC,sBAAsB,GAAGD,MAAM,CAACC,sBAAsB;EAC/D;EAEA,MAAMC,cAAc,CAAC;IAAEC,KAAK;IAAEC;EAA6B,CAAC,EAAE;IAC1D,IAAI,MAAM,IAAI,CAACC,aAAa,EAAE,EAAE;MAC5B,OAAO,IAAI;IACf;IAEA,MAAMJ,sBAAsB,GAAG,IAAI,CAACA,sBAAsB;;IAE1D;IACA,MAAMK,iBAAiB,GAAG,IAAI;IAE9B,MAAMC,aAAa,GAAG,MAAMN,sBAAsB,CAACO,MAAM,CAAC;MAAEC,GAAG,EAAE;IAAI,CAAC,EAAE;MAAEC,KAAK,EAAE;IAAM,CAAC,CAAC;IACzF,IAAI,CAACH,aAAa,EAAE;MAChB,OAAO,KAAK;IAChB;IAEA,MAAMI,aAAa,GAAG,MAAML,iBAAiB,CAACE,MAAM,CAAC;MAAEC,GAAG,EAAE;IAAI,CAAC,EAAE;MAAEC,KAAK,EAAE;IAAM,CAAC,CAAC;IACpF,IAAI,CAACC,aAAa,EAAE;MAChB,OAAO,KAAK;IAChB;IAEA,MAAMC,0BAA0B,GAAG,MAAMX,sBAAsB,CAACY,cAAc,EAAE;IAChF,MAAMC,qBAAqB,GAAG,MAAM,IAAI,CAACD,cAAc,EAAE;IAEzD,KAAK,IAAIE,CAAC,GAAG,CAAC,EAAEA,CAAC,GAAGH,0BAA0B,CAACI,MAAM,EAAED,CAAC,EAAE,EAAE;MACxD,MAAME,oBAAoB,GAAGL,0BAA0B,CAACG,CAAC,CAAC;MAE1D,MAAM;QAAEG;MAAO,CAAC,GAAGD,oBAAoB;MAEvC,KAAK,IAAIE,CAAC,GAAG,CAAC,EAAEA,CAAC,GAAGL,qBAAqB,CAACE,MAAM,EAAEG,CAAC,EAAE,EAAE;QACnD,MAAMC,eAAe,GAAGN,qBAAqB,CAACK,CAAC,CAAC;QAEhD,MAAM;UAAEE;QAAO,CAAC,GAAGD,eAAe;QAClC;QACA;QACA,IAAI,CAACC,MAAM,IAAI,CAACH,MAAM,EAAE;UACpB,OAAO,IAAI;QACf;;QAEA;QACA,IAAIA,MAAM,EAAE;UACR,IACII,KAAK,CAACC,OAAO,CAACL,MAAM,CAACd,MAAM,CAAC,CAAC,KAAK,KAAK,IACvCc,MAAM,CAACd,MAAM,CAAC,CAACoB,QAAQ,CAACrB,KAAK,CAACsB,KAAK,CAACC,EAAE,CAAC,KAAK,KAAK,EACnD;YACE;UACJ;QACJ;;QAEA;QACA,IAAIL,MAAM,EAAE;UACR,IACIC,KAAK,CAACC,OAAO,CAACF,MAAM,CAACjB,MAAM,CAAC,CAAC,KAAK,KAAK,IACvCiB,MAAM,CAACjB,MAAM,CAAC,CAACoB,QAAQ,CAACrB,KAAK,CAACwB,OAAO,CAAC,KAAK,KAAK,EAClD;YACE;UACJ;QACJ;QAEA,OAAO,IAAI;MACf;IACJ;IAEA,OAAO,KAAK;EAChB;EAEA,MAAMC,oBAAoB,CAAC5B,MAA+B,EAAE;IACxD,MAAME,cAAc,GAAG,MAAM,IAAI,CAACA,cAAc,CAACF,MAAM,CAAC;IACxD,IAAIE,cAAc,EAAE;MAChB;IACJ;IAEA,MAAM,IAAI2B,+BAAkB,CAAC;MACzBC,IAAI,EAAE;QACFC,MAAM,EAAG,gCAA+B/B,MAAM,CAACG,KAAK,CAACwB,OAAQ;MACjE;IACJ,CAAC,CAAC;EACN;AACJ;AAAC"}

package/utils/permissions/SettingsPermissions.d.ts

@@ -0,0 +1,4 @@
+import { CmsSettingsPermission } from "../../types";
+import { AppPermissions } from "@webiny/api-security";
+export declare class SettingsPermissions extends AppPermissions<CmsSettingsPermission> {
+}

package/utils/permissions/SettingsPermissions.js

@@ -0,0 +1,9 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.SettingsPermissions = void 0;
+var _apiSecurity = require("@webiny/api-security");
+class SettingsPermissions extends _apiSecurity.AppPermissions {}
+exports.SettingsPermissions = SettingsPermissions;

package/utils/permissions/SettingsPermissions.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["SettingsPermissions","AppPermissions"],"sources":["SettingsPermissions.ts"],"sourcesContent":["import { CmsSettingsPermission } from \"~/types\";\nimport { AppPermissions } from \"@webiny/api-security\";\n\nexport class SettingsPermissions extends AppPermissions<CmsSettingsPermission> {}\n"],"mappings":";;;;;;AACA;AAEO,MAAMA,mBAAmB,SAASC,2BAAc,CAAwB;AAAE"}

package/utils/renderListFilterFields.d.ts

@@ -4,6 +4,7 @@ interface RenderListFilterFieldsParams {
     fields: CmsModelField[];
     type: ApiEndpoint;
     fieldTypePlugins: CmsFieldTypePlugins;
+    excludeFields?: string[];
 }
 interface RenderListFilterFields {
     (params: RenderListFilterFieldsParams): string;

package/utils/renderListFilterFields.js

@@ -10,15 +10,21 @@ const renderListFilterFields = params => {
     model,
     fields,
     type,
-    fieldTypePlugins
+    fieldTypePlugins,
+    excludeFields = []
   } = params;
-  const result = [["id: ID", "id_not: ID", "id_in: [ID!]", "id_not_in: [ID!]", "entryId: String", "entryId_not: String", "entryId_in: [String!]", "entryId_not_in: [String!]", "createdOn: DateTime", "createdOn_gt: DateTime", "createdOn_gte: DateTime", "createdOn_lt: DateTime", "createdOn_lte: DateTime", "createdOn_between: [DateTime!]", "createdOn_not_between: [DateTime!]", "savedOn: DateTime", "savedOn_gt: DateTime", "savedOn_gte: DateTime", "savedOn_lt: DateTime", "savedOn_lte: DateTime", "savedOn_between: [DateTime!]", "savedOn_not_between: [DateTime!]", "createdBy: String", "createdBy_not: String", "createdBy_in: [String!]", "createdBy_not_in: [String!]", "ownedBy: String", "ownedBy_not: String", "ownedBy_in: [String!]", "ownedBy_not_in: [String!]"].join("\n")];
+  const result = ["id: ID", "id_not: ID", "id_in: [ID!]", "id_not_in: [ID!]", "entryId: String", "entryId_not: String", "entryId_in: [String!]", "entryId_not_in: [String!]", "createdOn: DateTime", "createdOn_gt: DateTime", "createdOn_gte: DateTime", "createdOn_lt: DateTime", "createdOn_lte: DateTime", "createdOn_between: [DateTime!]", "createdOn_not_between: [DateTime!]", "savedOn: DateTime", "savedOn_gt: DateTime", "savedOn_gte: DateTime", "savedOn_lt: DateTime", "savedOn_lte: DateTime", "savedOn_between: [DateTime!]", "savedOn_not_between: [DateTime!]", "createdBy: String", "createdBy_not: String", "createdBy_in: [String!]", "createdBy_not_in: [String!]", "ownedBy: String", "ownedBy_not: String", "ownedBy_in: [String!]", "ownedBy_not_in: [String!]"];
   /**
    * We can find different statuses only in the manage API endpoint.
    */
   if (type === "manage") {
     result.push("status: String", "status_not: String", "status_in: [String!]", "status_not_in: [String!]");
   }
+  const finalFields = result.filter(field => {
+    return !excludeFields.some(excl => {
+      return field.startsWith(`${excl}_`) || field.startsWith(`${excl}: `);
+    });
+  });
   for (const field of fields) {
     var _fieldTypePlugins$bas, _fieldTypePlugins$bas2;
     // Every time a client updates content model's fields, we check the type of each field. If a field plugin
@@ -31,12 +37,12 @@ const renderListFilterFields = params => {
     if (typeof createListFilters !== "function") {
       continue;
     }
-    result.push(createListFilters({
+    finalFields.push(createListFilters({
       model,
       field,
       plugins: fieldTypePlugins
     }));
   }
-  return result.filter(Boolean).join("\n");
+  return finalFields.filter(Boolean).join("\n");
 };
 exports.renderListFilterFields = renderListFilterFields;

package/utils/renderListFilterFields.js.map

@@ -1 +1 @@
-{"version":3,"names":["renderListFilterFields","params","model","fields","type","fieldTypePlugins","result","join","push","field","baseType","getBaseFieldType","createListFilters","plugins","filter","Boolean"],"sources":["renderListFilterFields.ts"],"sourcesContent":["import {\n    ApiEndpoint,\n    CmsFieldTypePlugins,\n    CmsModel,\n    CmsModelField,\n    CmsModelFieldToGraphQLPlugin\n} from \"~/types\";\nimport { getBaseFieldType } from \"~/utils/getBaseFieldType\";\n\ninterface RenderListFilterFieldsParams {\n    model: CmsModel;\n    fields: CmsModelField[];\n    type: ApiEndpoint;\n    fieldTypePlugins: CmsFieldTypePlugins;\n}\ninterface RenderListFilterFields {\n    (params: RenderListFilterFieldsParams): string;\n}\n\ntype CreateListFiltersType =\n    | CmsModelFieldToGraphQLPlugin[\"read\"][\"createListFilters\"]\n    | CmsModelFieldToGraphQLPlugin[\"manage\"][\"createListFilters\"];\n\nexport const renderListFilterFields: RenderListFilterFields = (params): string => {\n    const { model, fields, type, fieldTypePlugins } = params;\n    const result: string[] = [\n        [\n            \"id: ID\",\n            \"id_not: ID\",\n            \"id_in: [ID!]\",\n            \"id_not_in: [ID!]\",\n            \"entryId: String\",\n            \"entryId_not: String\",\n            \"entryId_in: [String!]\",\n            \"entryId_not_in: [String!]\",\n            \"createdOn: DateTime\",\n            \"createdOn_gt: DateTime\",\n            \"createdOn_gte: DateTime\",\n            \"createdOn_lt: DateTime\",\n            \"createdOn_lte: DateTime\",\n            \"createdOn_between: [DateTime!]\",\n            \"createdOn_not_between: [DateTime!]\",\n            \"savedOn: DateTime\",\n            \"savedOn_gt: DateTime\",\n            \"savedOn_gte: DateTime\",\n            \"savedOn_lt: DateTime\",\n            \"savedOn_lte: DateTime\",\n            \"savedOn_between: [DateTime!]\",\n            \"savedOn_not_between: [DateTime!]\",\n            \"createdBy: String\",\n            \"createdBy_not: String\",\n            \"createdBy_in: [String!]\",\n            \"createdBy_not_in: [String!]\",\n            \"ownedBy: String\",\n            \"ownedBy_not: String\",\n            \"ownedBy_in: [String!]\",\n            \"ownedBy_not_in: [String!]\"\n        ].join(\"\\n\")\n    ];\n    /**\n     * We can find different statuses only in the manage API endpoint.\n     */\n    if (type === \"manage\") {\n        result.push(\n            \"status: String\",\n            \"status_not: String\",\n            \"status_in: [String!]\",\n            \"status_not_in: [String!]\"\n        );\n    }\n\n    for (const field of fields) {\n        // Every time a client updates content model's fields, we check the type of each field. If a field plugin\n        // for a particular \"field.type\" doesn't exist on the backend yet, we throw an error. But still, we also\n        // want to be careful when accessing the field plugin here too. It is still possible to have a content model\n        // that contains a field, for which we don't have a plugin registered on the backend. For example, user\n        // could've just removed the plugin from the backend.\n        const baseType = getBaseFieldType(field);\n        const createListFilters: CreateListFiltersType | undefined =\n            fieldTypePlugins[baseType]?.[type]?.createListFilters;\n        if (typeof createListFilters !== \"function\") {\n            continue;\n        }\n        result.push(createListFilters({ model, field, plugins: fieldTypePlugins }));\n    }\n\n    return result.filter(Boolean).join(\"\\n\");\n};\n"],"mappings":";;;;;;AAOA;AAgBO,MAAMA,sBAA8C,GAAIC,MAAM,IAAa;EAC9E,MAAM;IAAEC,KAAK;IAAEC,MAAM;IAAEC,IAAI;IAAEC;EAAiB,CAAC,GAAGJ,MAAM;EACxD,MAAMK,MAAgB,GAAG,CACrB,CACI,QAAQ,EACR,YAAY,EACZ,cAAc,EACd,kBAAkB,EAClB,iBAAiB,EACjB,qBAAqB,EACrB,uBAAuB,EACvB,2BAA2B,EAC3B,qBAAqB,EACrB,wBAAwB,EACxB,yBAAyB,EACzB,wBAAwB,EACxB,yBAAyB,EACzB,gCAAgC,EAChC,oCAAoC,EACpC,mBAAmB,EACnB,sBAAsB,EACtB,uBAAuB,EACvB,sBAAsB,EACtB,uBAAuB,EACvB,8BAA8B,EAC9B,kCAAkC,EAClC,mBAAmB,EACnB,uBAAuB,EACvB,yBAAyB,EACzB,6BAA6B,EAC7B,iBAAiB,EACjB,qBAAqB,EACrB,uBAAuB,EACvB,2BAA2B,CAC9B,CAACC,IAAI,CAAC,IAAI,CAAC,CACf;EACD;AACJ;AACA;EACI,IAAIH,IAAI,KAAK,QAAQ,EAAE;IACnBE,MAAM,CAACE,IAAI,CACP,gBAAgB,EAChB,oBAAoB,EACpB,sBAAsB,EACtB,0BAA0B,CAC7B;EACL;EAEA,KAAK,MAAMC,KAAK,IAAIN,MAAM,EAAE;IAAA;IACxB;IACA;IACA;IACA;IACA;IACA,MAAMO,QAAQ,GAAG,IAAAC,kCAAgB,EAACF,KAAK,CAAC;IACxC,MAAMG,iBAAoD,4BACtDP,gBAAgB,CAACK,QAAQ,CAAC,oFAA1B,sBAA6BN,IAAI,CAAC,2DAAlC,uBAAoCQ,iBAAiB;IACzD,IAAI,OAAOA,iBAAiB,KAAK,UAAU,EAAE;MACzC;IACJ;IACAN,MAAM,CAACE,IAAI,CAACI,iBAAiB,CAAC;MAAEV,KAAK;MAAEO,KAAK;MAAEI,OAAO,EAAER;IAAiB,CAAC,CAAC,CAAC;EAC/E;EAEA,OAAOC,MAAM,CAACQ,MAAM,CAACC,OAAO,CAAC,CAACR,IAAI,CAAC,IAAI,CAAC;AAC5C,CAAC;AAAC"}
+{"version":3,"names":["renderListFilterFields","params","model","fields","type","fieldTypePlugins","excludeFields","result","push","finalFields","filter","field","some","excl","startsWith","baseType","getBaseFieldType","createListFilters","plugins","Boolean","join"],"sources":["renderListFilterFields.ts"],"sourcesContent":["import {\n    ApiEndpoint,\n    CmsFieldTypePlugins,\n    CmsModel,\n    CmsModelField,\n    CmsModelFieldToGraphQLPlugin\n} from \"~/types\";\nimport { getBaseFieldType } from \"~/utils/getBaseFieldType\";\n\ninterface RenderListFilterFieldsParams {\n    model: CmsModel;\n    fields: CmsModelField[];\n    type: ApiEndpoint;\n    fieldTypePlugins: CmsFieldTypePlugins;\n    excludeFields?: string[];\n}\ninterface RenderListFilterFields {\n    (params: RenderListFilterFieldsParams): string;\n}\n\ntype CreateListFiltersType =\n    | CmsModelFieldToGraphQLPlugin[\"read\"][\"createListFilters\"]\n    | CmsModelFieldToGraphQLPlugin[\"manage\"][\"createListFilters\"];\n\nexport const renderListFilterFields: RenderListFilterFields = (params): string => {\n    const { model, fields, type, fieldTypePlugins, excludeFields = [] } = params;\n    const result: string[] = [\n        \"id: ID\",\n        \"id_not: ID\",\n        \"id_in: [ID!]\",\n        \"id_not_in: [ID!]\",\n        \"entryId: String\",\n        \"entryId_not: String\",\n        \"entryId_in: [String!]\",\n        \"entryId_not_in: [String!]\",\n        \"createdOn: DateTime\",\n        \"createdOn_gt: DateTime\",\n        \"createdOn_gte: DateTime\",\n        \"createdOn_lt: DateTime\",\n        \"createdOn_lte: DateTime\",\n        \"createdOn_between: [DateTime!]\",\n        \"createdOn_not_between: [DateTime!]\",\n        \"savedOn: DateTime\",\n        \"savedOn_gt: DateTime\",\n        \"savedOn_gte: DateTime\",\n        \"savedOn_lt: DateTime\",\n        \"savedOn_lte: DateTime\",\n        \"savedOn_between: [DateTime!]\",\n        \"savedOn_not_between: [DateTime!]\",\n        \"createdBy: String\",\n        \"createdBy_not: String\",\n        \"createdBy_in: [String!]\",\n        \"createdBy_not_in: [String!]\",\n        \"ownedBy: String\",\n        \"ownedBy_not: String\",\n        \"ownedBy_in: [String!]\",\n        \"ownedBy_not_in: [String!]\"\n    ];\n    /**\n     * We can find different statuses only in the manage API endpoint.\n     */\n    if (type === \"manage\") {\n        result.push(\n            \"status: String\",\n            \"status_not: String\",\n            \"status_in: [String!]\",\n            \"status_not_in: [String!]\"\n        );\n    }\n\n    const finalFields = result.filter(field => {\n        return !excludeFields.some(excl => {\n            return field.startsWith(`${excl}_`) || field.startsWith(`${excl}: `);\n        });\n    });\n\n    for (const field of fields) {\n        // Every time a client updates content model's fields, we check the type of each field. If a field plugin\n        // for a particular \"field.type\" doesn't exist on the backend yet, we throw an error. But still, we also\n        // want to be careful when accessing the field plugin here too. It is still possible to have a content model\n        // that contains a field, for which we don't have a plugin registered on the backend. For example, user\n        // could've just removed the plugin from the backend.\n        const baseType = getBaseFieldType(field);\n        const createListFilters: CreateListFiltersType | undefined =\n            fieldTypePlugins[baseType]?.[type]?.createListFilters;\n        if (typeof createListFilters !== \"function\") {\n            continue;\n        }\n        finalFields.push(createListFilters({ model, field, plugins: fieldTypePlugins }));\n    }\n\n    return finalFields.filter(Boolean).join(\"\\n\");\n};\n"],"mappings":";;;;;;AAOA;AAiBO,MAAMA,sBAA8C,GAAIC,MAAM,IAAa;EAC9E,MAAM;IAAEC,KAAK;IAAEC,MAAM;IAAEC,IAAI;IAAEC,gBAAgB;IAAEC,aAAa,GAAG;EAAG,CAAC,GAAGL,MAAM;EAC5E,MAAMM,MAAgB,GAAG,CACrB,QAAQ,EACR,YAAY,EACZ,cAAc,EACd,kBAAkB,EAClB,iBAAiB,EACjB,qBAAqB,EACrB,uBAAuB,EACvB,2BAA2B,EAC3B,qBAAqB,EACrB,wBAAwB,EACxB,yBAAyB,EACzB,wBAAwB,EACxB,yBAAyB,EACzB,gCAAgC,EAChC,oCAAoC,EACpC,mBAAmB,EACnB,sBAAsB,EACtB,uBAAuB,EACvB,sBAAsB,EACtB,uBAAuB,EACvB,8BAA8B,EAC9B,kCAAkC,EAClC,mBAAmB,EACnB,uBAAuB,EACvB,yBAAyB,EACzB,6BAA6B,EAC7B,iBAAiB,EACjB,qBAAqB,EACrB,uBAAuB,EACvB,2BAA2B,CAC9B;EACD;AACJ;AACA;EACI,IAAIH,IAAI,KAAK,QAAQ,EAAE;IACnBG,MAAM,CAACC,IAAI,CACP,gBAAgB,EAChB,oBAAoB,EACpB,sBAAsB,EACtB,0BAA0B,CAC7B;EACL;EAEA,MAAMC,WAAW,GAAGF,MAAM,CAACG,MAAM,CAACC,KAAK,IAAI;IACvC,OAAO,CAACL,aAAa,CAACM,IAAI,CAACC,IAAI,IAAI;MAC/B,OAAOF,KAAK,CAACG,UAAU,CAAE,GAAED,IAAK,GAAE,CAAC,IAAIF,KAAK,CAACG,UAAU,CAAE,GAAED,IAAK,IAAG,CAAC;IACxE,CAAC,CAAC;EACN,CAAC,CAAC;EAEF,KAAK,MAAMF,KAAK,IAAIR,MAAM,EAAE;IAAA;IACxB;IACA;IACA;IACA;IACA;IACA,MAAMY,QAAQ,GAAG,IAAAC,kCAAgB,EAACL,KAAK,CAAC;IACxC,MAAMM,iBAAoD,4BACtDZ,gBAAgB,CAACU,QAAQ,CAAC,oFAA1B,sBAA6BX,IAAI,CAAC,2DAAlC,uBAAoCa,iBAAiB;IACzD,IAAI,OAAOA,iBAAiB,KAAK,UAAU,EAAE;MACzC;IACJ;IACAR,WAAW,CAACD,IAAI,CAACS,iBAAiB,CAAC;MAAEf,KAAK;MAAES,KAAK;MAAEO,OAAO,EAAEb;IAAiB,CAAC,CAAC,CAAC;EACpF;EAEA,OAAOI,WAAW,CAACC,MAAM,CAACS,OAAO,CAAC,CAACC,IAAI,CAAC,IAAI,CAAC;AACjD,CAAC;AAAC"}

package/utils/renderSortEnum.d.ts

@@ -4,7 +4,7 @@ interface RenderSortEnumParams {
     model: CmsModel;
     fields: CmsModelField[];
     fieldTypePlugins: CmsFieldTypePlugins;
-    sorterPlugins: CmsGraphQLSchemaSorterPlugin[];
+    sorterPlugins?: CmsGraphQLSchemaSorterPlugin[];
 }
 interface RenderSortEnum {
     (params: RenderSortEnumParams): string;

package/utils/renderSortEnum.js

@@ -33,6 +33,9 @@ const renderSortEnum = ({
     sorters.push(`${field.fieldId}_ASC`);
     sorters.push(`${field.fieldId}_DESC`);
   }
+  if (!sorterPlugins) {
+    return sorters.join("\n");
+  }
   return sorterPlugins.reduce((result, plugin) => {
     return plugin.createSorter({
       model,

package/utils/renderSortEnum.js.map

@@ -1 +1 @@
-{"version":3,"names":["renderSortEnum","model","fields","fieldTypePlugins","sorterPlugins","sorters","field","plugin","getBaseFieldType","createSorters","result","isSortable","push","fieldId","reduce","createSorter","join"],"sources":["renderSortEnum.ts"],"sourcesContent":["import { CmsFieldTypePlugins, CmsModel, CmsModelField } from \"~/types\";\nimport { getBaseFieldType } from \"~/utils/getBaseFieldType\";\nimport { CmsGraphQLSchemaSorterPlugin } from \"~/plugins/CmsGraphQLSchemaSorterPlugin\";\n\ninterface RenderSortEnumParams {\n    model: CmsModel;\n    fields: CmsModelField[];\n    fieldTypePlugins: CmsFieldTypePlugins;\n    sorterPlugins: CmsGraphQLSchemaSorterPlugin[];\n}\ninterface RenderSortEnum {\n    (params: RenderSortEnumParams): string;\n}\n\nexport const renderSortEnum: RenderSortEnum = ({\n    model,\n    fields,\n    fieldTypePlugins,\n    sorterPlugins\n}): string => {\n    let sorters: string[] = [\n        `id_ASC`,\n        `id_DESC`,\n        \"savedOn_ASC\",\n        \"savedOn_DESC\",\n        \"createdOn_ASC\",\n        \"createdOn_DESC\"\n    ];\n\n    for (const field of fields) {\n        const plugin = fieldTypePlugins[getBaseFieldType(field)];\n        if (!plugin) {\n            continue;\n        } else if (plugin.createSorters) {\n            const result = plugin.createSorters({\n                model,\n                field,\n                sorters\n            });\n            if (result) {\n                sorters = result;\n                continue;\n            }\n        }\n        if (!plugin.isSortable) {\n            continue;\n        }\n        sorters.push(`${field.fieldId}_ASC`);\n        sorters.push(`${field.fieldId}_DESC`);\n    }\n\n    return sorterPlugins\n        .reduce((result, plugin) => {\n            return plugin.createSorter({\n                model,\n                sorters: result\n            });\n        }, sorters)\n        .join(\"\\n\");\n};\n"],"mappings":";;;;;;AACA;AAaO,MAAMA,cAA8B,GAAG,CAAC;EAC3CC,KAAK;EACLC,MAAM;EACNC,gBAAgB;EAChBC;AACJ,CAAC,KAAa;EACV,IAAIC,OAAiB,GAAG,CACnB,QAAO,EACP,SAAQ,EACT,aAAa,EACb,cAAc,EACd,eAAe,EACf,gBAAgB,CACnB;EAED,KAAK,MAAMC,KAAK,IAAIJ,MAAM,EAAE;IACxB,MAAMK,MAAM,GAAGJ,gBAAgB,CAAC,IAAAK,kCAAgB,EAACF,KAAK,CAAC,CAAC;IACxD,IAAI,CAACC,MAAM,EAAE;MACT;IACJ,CAAC,MAAM,IAAIA,MAAM,CAACE,aAAa,EAAE;MAC7B,MAAMC,MAAM,GAAGH,MAAM,CAACE,aAAa,CAAC;QAChCR,KAAK;QACLK,KAAK;QACLD;MACJ,CAAC,CAAC;MACF,IAAIK,MAAM,EAAE;QACRL,OAAO,GAAGK,MAAM;QAChB;MACJ;IACJ;IACA,IAAI,CAACH,MAAM,CAACI,UAAU,EAAE;MACpB;IACJ;IACAN,OAAO,CAACO,IAAI,CAAE,GAAEN,KAAK,CAACO,OAAQ,MAAK,CAAC;IACpCR,OAAO,CAACO,IAAI,CAAE,GAAEN,KAAK,CAACO,OAAQ,OAAM,CAAC;EACzC;EAEA,OAAOT,aAAa,CACfU,MAAM,CAAC,CAACJ,MAAM,EAAEH,MAAM,KAAK;IACxB,OAAOA,MAAM,CAACQ,YAAY,CAAC;MACvBd,KAAK;MACLI,OAAO,EAAEK;IACb,CAAC,CAAC;EACN,CAAC,EAAEL,OAAO,CAAC,CACVW,IAAI,CAAC,IAAI,CAAC;AACnB,CAAC;AAAC"}
+{"version":3,"names":["renderSortEnum","model","fields","fieldTypePlugins","sorterPlugins","sorters","field","plugin","getBaseFieldType","createSorters","result","isSortable","push","fieldId","join","reduce","createSorter"],"sources":["renderSortEnum.ts"],"sourcesContent":["import { CmsFieldTypePlugins, CmsModel, CmsModelField } from \"~/types\";\nimport { getBaseFieldType } from \"~/utils/getBaseFieldType\";\nimport { CmsGraphQLSchemaSorterPlugin } from \"~/plugins/CmsGraphQLSchemaSorterPlugin\";\n\ninterface RenderSortEnumParams {\n    model: CmsModel;\n    fields: CmsModelField[];\n    fieldTypePlugins: CmsFieldTypePlugins;\n    sorterPlugins?: CmsGraphQLSchemaSorterPlugin[];\n}\ninterface RenderSortEnum {\n    (params: RenderSortEnumParams): string;\n}\n\nexport const renderSortEnum: RenderSortEnum = ({\n    model,\n    fields,\n    fieldTypePlugins,\n    sorterPlugins\n}): string => {\n    let sorters: string[] = [\n        `id_ASC`,\n        `id_DESC`,\n        \"savedOn_ASC\",\n        \"savedOn_DESC\",\n        \"createdOn_ASC\",\n        \"createdOn_DESC\"\n    ];\n\n    for (const field of fields) {\n        const plugin = fieldTypePlugins[getBaseFieldType(field)];\n        if (!plugin) {\n            continue;\n        } else if (plugin.createSorters) {\n            const result = plugin.createSorters({\n                model,\n                field,\n                sorters\n            });\n            if (result) {\n                sorters = result;\n                continue;\n            }\n        }\n        if (!plugin.isSortable) {\n            continue;\n        }\n        sorters.push(`${field.fieldId}_ASC`);\n        sorters.push(`${field.fieldId}_DESC`);\n    }\n    if (!sorterPlugins) {\n        return sorters.join(\"\\n\");\n    }\n\n    return sorterPlugins\n        .reduce((result, plugin) => {\n            return plugin.createSorter({\n                model,\n                sorters: result\n            });\n        }, sorters)\n        .join(\"\\n\");\n};\n"],"mappings":";;;;;;AACA;AAaO,MAAMA,cAA8B,GAAG,CAAC;EAC3CC,KAAK;EACLC,MAAM;EACNC,gBAAgB;EAChBC;AACJ,CAAC,KAAa;EACV,IAAIC,OAAiB,GAAG,CACnB,QAAO,EACP,SAAQ,EACT,aAAa,EACb,cAAc,EACd,eAAe,EACf,gBAAgB,CACnB;EAED,KAAK,MAAMC,KAAK,IAAIJ,MAAM,EAAE;IACxB,MAAMK,MAAM,GAAGJ,gBAAgB,CAAC,IAAAK,kCAAgB,EAACF,KAAK,CAAC,CAAC;IACxD,IAAI,CAACC,MAAM,EAAE;MACT;IACJ,CAAC,MAAM,IAAIA,MAAM,CAACE,aAAa,EAAE;MAC7B,MAAMC,MAAM,GAAGH,MAAM,CAACE,aAAa,CAAC;QAChCR,KAAK;QACLK,KAAK;QACLD;MACJ,CAAC,CAAC;MACF,IAAIK,MAAM,EAAE;QACRL,OAAO,GAAGK,MAAM;QAChB;MACJ;IACJ;IACA,IAAI,CAACH,MAAM,CAACI,UAAU,EAAE;MACpB;IACJ;IACAN,OAAO,CAACO,IAAI,CAAE,GAAEN,KAAK,CAACO,OAAQ,MAAK,CAAC;IACpCR,OAAO,CAACO,IAAI,CAAE,GAAEN,KAAK,CAACO,OAAQ,OAAM,CAAC;EACzC;EACA,IAAI,CAACT,aAAa,EAAE;IAChB,OAAOC,OAAO,CAACS,IAAI,CAAC,IAAI,CAAC;EAC7B;EAEA,OAAOV,aAAa,CACfW,MAAM,CAAC,CAACL,MAAM,EAAEH,MAAM,KAAK;IACxB,OAAOA,MAAM,CAACS,YAAY,CAAC;MACvBf,KAAK;MACLI,OAAO,EAAEK;IACb,CAAC,CAAC;EACN,CAAC,EAAEL,OAAO,CAAC,CACVS,IAAI,CAAC,IAAI,CAAC;AACnB,CAAC;AAAC"}

package/utils/access.d.ts

@@ -1,8 +0,0 @@
-import { CmsContext, CmsGroup, CmsGroupPermission, CmsModel } from "../types";
-export declare const validateGroupAccess: (context: CmsContext, permission: CmsGroupPermission, group: CmsGroup) => boolean;
-export declare const validateModelAccess: (context: CmsContext, model: CmsModel) => Promise<boolean>;
-/**
- * model access is checking for both specific model or group access
- * if permission has specific models set as access pattern then groups will not matter (although both can be set)
- */
-export declare const checkModelAccess: (context: CmsContext, model: CmsModel) => Promise<void>;

package/utils/access.js

@@ -1,76 +0,0 @@
-"use strict";
-
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.validateModelAccess = exports.validateGroupAccess = exports.checkModelAccess = void 0;
-var _apiSecurity = require("@webiny/api-security");
-var _permissions = require("./permissions");
-const validateGroupAccess = (context, permission, group) => {
-  const {
-    groups
-  } = permission;
-  // when no groups defined on permission
-  // it means user has access to everything
-  if (!groups) {
-    return true;
-  }
-  const locale = context.cms.getLocale().code;
-  // when there is no locale in groups, it means that no access was given
-  // this happens when access control was set but no models or groups were added
-  if (Array.isArray(groups[locale]) === false || groups[locale].includes(group.id) === false) {
-    return false;
-  }
-  return true;
-};
-exports.validateGroupAccess = validateGroupAccess;
-const validateModelAccess = async (context, model) => {
-  const modelGroupPermission = await (0, _permissions.checkPermissions)(context, "cms.contentModelGroup", {
-    rwd: "r"
-  });
-  const {
-    groups
-  } = modelGroupPermission;
-  const modelPermission = await (0, _permissions.checkPermissions)(context, "cms.contentModel", {
-    rwd: "r"
-  });
-  const {
-    models
-  } = modelPermission;
-  // when no models or groups defined on permission
-  // it means user has access to everything
-  if (!models && !groups) {
-    return true;
-  }
-  const locale = context.cms.getLocale().code;
-  // Check whether the model is question belongs to "content model groups" for which user has permission.
-  if (groups) {
-    if (Array.isArray(groups[locale]) === false || groups[locale].includes(model.group.id) === false) {
-      return false;
-    }
-  }
-  // Check whether the model is question belongs to "content models" for which user has permission.
-  if (models) {
-    if (Array.isArray(models[locale]) === false || models[locale].includes(model.modelId) === false) {
-      return false;
-    }
-  }
-  return true;
-};
-
-/**
- * model access is checking for both specific model or group access
- * if permission has specific models set as access pattern then groups will not matter (although both can be set)
- */
-exports.validateModelAccess = validateModelAccess;
-const checkModelAccess = async (context, model) => {
-  if (await validateModelAccess(context, model)) {
-    return;
-  }
-  throw new _apiSecurity.NotAuthorizedError({
-    data: {
-      reason: `Not allowed to access model "${model.modelId}".`
-    }
-  });
-};
-exports.checkModelAccess = checkModelAccess;

package/utils/access.js.map

@@ -1 +0,0 @@
-{"version":3,"names":["validateGroupAccess","context","permission","group","groups","locale","cms","getLocale","code","Array","isArray","includes","id","validateModelAccess","model","modelGroupPermission","checkPermissions","rwd","modelPermission","models","modelId","checkModelAccess","NotAuthorizedError","data","reason"],"sources":["access.ts"],"sourcesContent":["import { NotAuthorizedError } from \"@webiny/api-security\";\nimport { CmsContext, CmsGroup, CmsGroupPermission, CmsModel, CmsModelPermission } from \"~/types\";\nimport { checkPermissions } from \"./permissions\";\n\nexport const validateGroupAccess = (\n    context: CmsContext,\n    permission: CmsGroupPermission,\n    group: CmsGroup\n): boolean => {\n    const { groups } = permission;\n    // when no groups defined on permission\n    // it means user has access to everything\n    if (!groups) {\n        return true;\n    }\n    const locale = context.cms.getLocale().code;\n    // when there is no locale in groups, it means that no access was given\n    // this happens when access control was set but no models or groups were added\n    if (Array.isArray(groups[locale]) === false || groups[locale].includes(group.id) === false) {\n        return false;\n    }\n    return true;\n};\n\nexport const validateModelAccess = async (\n    context: CmsContext,\n    model: CmsModel\n): Promise<boolean> => {\n    const modelGroupPermission: CmsGroupPermission = await checkPermissions(\n        context,\n        \"cms.contentModelGroup\",\n        { rwd: \"r\" }\n    );\n    const { groups } = modelGroupPermission;\n\n    const modelPermission: CmsModelPermission = await checkPermissions(\n        context,\n        \"cms.contentModel\",\n        {\n            rwd: \"r\"\n        }\n    );\n    const { models } = modelPermission;\n    // when no models or groups defined on permission\n    // it means user has access to everything\n    if (!models && !groups) {\n        return true;\n    }\n    const locale = context.cms.getLocale().code;\n    // Check whether the model is question belongs to \"content model groups\" for which user has permission.\n    if (groups) {\n        if (\n            Array.isArray(groups[locale]) === false ||\n            groups[locale].includes(model.group.id) === false\n        ) {\n            return false;\n        }\n    }\n    // Check whether the model is question belongs to \"content models\" for which user has permission.\n    if (models) {\n        if (\n            Array.isArray(models[locale]) === false ||\n            models[locale].includes(model.modelId) === false\n        ) {\n            return false;\n        }\n    }\n\n    return true;\n};\n\n/**\n * model access is checking for both specific model or group access\n * if permission has specific models set as access pattern then groups will not matter (although both can be set)\n */\nexport const checkModelAccess = async (context: CmsContext, model: CmsModel): Promise<void> => {\n    if (await validateModelAccess(context, model)) {\n        return;\n    }\n    throw new NotAuthorizedError({\n        data: {\n            reason: `Not allowed to access model \"${model.modelId}\".`\n        }\n    });\n};\n"],"mappings":";;;;;;AAAA;AAEA;AAEO,MAAMA,mBAAmB,GAAG,CAC/BC,OAAmB,EACnBC,UAA8B,EAC9BC,KAAe,KACL;EACV,MAAM;IAAEC;EAAO,CAAC,GAAGF,UAAU;EAC7B;EACA;EACA,IAAI,CAACE,MAAM,EAAE;IACT,OAAO,IAAI;EACf;EACA,MAAMC,MAAM,GAAGJ,OAAO,CAACK,GAAG,CAACC,SAAS,EAAE,CAACC,IAAI;EAC3C;EACA;EACA,IAAIC,KAAK,CAACC,OAAO,CAACN,MAAM,CAACC,MAAM,CAAC,CAAC,KAAK,KAAK,IAAID,MAAM,CAACC,MAAM,CAAC,CAACM,QAAQ,CAACR,KAAK,CAACS,EAAE,CAAC,KAAK,KAAK,EAAE;IACxF,OAAO,KAAK;EAChB;EACA,OAAO,IAAI;AACf,CAAC;AAAC;AAEK,MAAMC,mBAAmB,GAAG,OAC/BZ,OAAmB,EACnBa,KAAe,KACI;EACnB,MAAMC,oBAAwC,GAAG,MAAM,IAAAC,6BAAgB,EACnEf,OAAO,EACP,uBAAuB,EACvB;IAAEgB,GAAG,EAAE;EAAI,CAAC,CACf;EACD,MAAM;IAAEb;EAAO,CAAC,GAAGW,oBAAoB;EAEvC,MAAMG,eAAmC,GAAG,MAAM,IAAAF,6BAAgB,EAC9Df,OAAO,EACP,kBAAkB,EAClB;IACIgB,GAAG,EAAE;EACT,CAAC,CACJ;EACD,MAAM;IAAEE;EAAO,CAAC,GAAGD,eAAe;EAClC;EACA;EACA,IAAI,CAACC,MAAM,IAAI,CAACf,MAAM,EAAE;IACpB,OAAO,IAAI;EACf;EACA,MAAMC,MAAM,GAAGJ,OAAO,CAACK,GAAG,CAACC,SAAS,EAAE,CAACC,IAAI;EAC3C;EACA,IAAIJ,MAAM,EAAE;IACR,IACIK,KAAK,CAACC,OAAO,CAACN,MAAM,CAACC,MAAM,CAAC,CAAC,KAAK,KAAK,IACvCD,MAAM,CAACC,MAAM,CAAC,CAACM,QAAQ,CAACG,KAAK,CAACX,KAAK,CAACS,EAAE,CAAC,KAAK,KAAK,EACnD;MACE,OAAO,KAAK;IAChB;EACJ;EACA;EACA,IAAIO,MAAM,EAAE;IACR,IACIV,KAAK,CAACC,OAAO,CAACS,MAAM,CAACd,MAAM,CAAC,CAAC,KAAK,KAAK,IACvCc,MAAM,CAACd,MAAM,CAAC,CAACM,QAAQ,CAACG,KAAK,CAACM,OAAO,CAAC,KAAK,KAAK,EAClD;MACE,OAAO,KAAK;IAChB;EACJ;EAEA,OAAO,IAAI;AACf,CAAC;;AAED;AACA;AACA;AACA;AAHA;AAIO,MAAMC,gBAAgB,GAAG,OAAOpB,OAAmB,EAAEa,KAAe,KAAoB;EAC3F,IAAI,MAAMD,mBAAmB,CAACZ,OAAO,EAAEa,KAAK,CAAC,EAAE;IAC3C;EACJ;EACA,MAAM,IAAIQ,+BAAkB,CAAC;IACzBC,IAAI,EAAE;MACFC,MAAM,EAAG,gCAA+BV,KAAK,CAACM,OAAQ;IAC1D;EACJ,CAAC,CAAC;AACN,CAAC;AAAC"}

package/utils/ownership.d.ts

@@ -1,8 +0,0 @@
-import { BaseCmsSecurityPermission, CmsContext, CmsIdentity } from "../types";
-interface OwnableRecord {
-    createdBy?: CmsIdentity;
-    ownedBy?: CmsIdentity;
-}
-export declare const checkOwnership: (context: CmsContext, permission: BaseCmsSecurityPermission, record: OwnableRecord) => void;
-export declare const validateOwnership: (context: CmsContext, permission: BaseCmsSecurityPermission, record: OwnableRecord) => boolean;
-export {};

package/utils/ownership.js

@@ -1,33 +0,0 @@
-"use strict";
-
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.validateOwnership = exports.checkOwnership = void 0;
-var _apiSecurity = require("@webiny/api-security");
-const checkOwnership = (context, permission, record) => {
-  var _record$ownedBy, _record$createdBy;
-  if (!permission.own) {
-    return;
-  }
-  const identity = context.security.getIdentity();
-  const owner = identity && ((_record$ownedBy = record.ownedBy) === null || _record$ownedBy === void 0 ? void 0 : _record$ownedBy.id) === identity.id;
-  const creator = identity && ((_record$createdBy = record.createdBy) === null || _record$createdBy === void 0 ? void 0 : _record$createdBy.id) === identity.id;
-  if (!owner && !creator) {
-    throw new _apiSecurity.NotAuthorizedError({
-      data: {
-        reason: `You are not the owner of the record.`
-      }
-    });
-  }
-};
-exports.checkOwnership = checkOwnership;
-const validateOwnership = (context, permission, record) => {
-  try {
-    checkOwnership(context, permission, record);
-    return true;
-  } catch {
-    return false;
-  }
-};
-exports.validateOwnership = validateOwnership;

package/utils/ownership.js.map

@@ -1 +0,0 @@
-{"version":3,"names":["checkOwnership","context","permission","record","own","identity","security","getIdentity","owner","ownedBy","id","creator","createdBy","NotAuthorizedError","data","reason","validateOwnership"],"sources":["ownership.ts"],"sourcesContent":["import { BaseCmsSecurityPermission, CmsContext, CmsIdentity } from \"~/types\";\nimport { NotAuthorizedError } from \"@webiny/api-security\";\n\ninterface OwnableRecord {\n    createdBy?: CmsIdentity;\n    ownedBy?: CmsIdentity;\n}\n\nexport const checkOwnership = (\n    context: CmsContext,\n    permission: BaseCmsSecurityPermission,\n    record: OwnableRecord\n): void => {\n    if (!permission.own) {\n        return;\n    }\n\n    const identity = context.security.getIdentity();\n    const owner = identity && record.ownedBy?.id === identity.id;\n    const creator = identity && record.createdBy?.id === identity.id;\n\n    if (!owner && !creator) {\n        throw new NotAuthorizedError({\n            data: {\n                reason: `You are not the owner of the record.`\n            }\n        });\n    }\n};\n\nexport const validateOwnership = (\n    context: CmsContext,\n    permission: BaseCmsSecurityPermission,\n    record: OwnableRecord\n): boolean => {\n    try {\n        checkOwnership(context, permission, record);\n        return true;\n    } catch {\n        return false;\n    }\n};\n"],"mappings":";;;;;;AACA;AAOO,MAAMA,cAAc,GAAG,CAC1BC,OAAmB,EACnBC,UAAqC,EACrCC,MAAqB,KACd;EAAA;EACP,IAAI,CAACD,UAAU,CAACE,GAAG,EAAE;IACjB;EACJ;EAEA,MAAMC,QAAQ,GAAGJ,OAAO,CAACK,QAAQ,CAACC,WAAW,EAAE;EAC/C,MAAMC,KAAK,GAAGH,QAAQ,IAAI,oBAAAF,MAAM,CAACM,OAAO,oDAAd,gBAAgBC,EAAE,MAAKL,QAAQ,CAACK,EAAE;EAC5D,MAAMC,OAAO,GAAGN,QAAQ,IAAI,sBAAAF,MAAM,CAACS,SAAS,sDAAhB,kBAAkBF,EAAE,MAAKL,QAAQ,CAACK,EAAE;EAEhE,IAAI,CAACF,KAAK,IAAI,CAACG,OAAO,EAAE;IACpB,MAAM,IAAIE,+BAAkB,CAAC;MACzBC,IAAI,EAAE;QACFC,MAAM,EAAG;MACb;IACJ,CAAC,CAAC;EACN;AACJ,CAAC;AAAC;AAEK,MAAMC,iBAAiB,GAAG,CAC7Bf,OAAmB,EACnBC,UAAqC,EACrCC,MAAqB,KACX;EACV,IAAI;IACAH,cAAc,CAACC,OAAO,EAAEC,UAAU,EAAEC,MAAM,CAAC;IAC3C,OAAO,IAAI;EACf,CAAC,CAAC,MAAM;IACJ,OAAO,KAAK;EAChB;AACJ,CAAC;AAAC"}

package/utils/permissions.d.ts

@@ -1,7 +0,0 @@
-import { BaseCmsSecurityPermission, CmsContext, CmsEntryPermission } from "../types";
-export declare const hasRwd: (permission: BaseCmsSecurityPermission, rwd: string) => boolean;
-export declare const hasPw: (permission: CmsEntryPermission, pw: string) => boolean;
-export declare const checkPermissions: <TPermission extends BaseCmsSecurityPermission = BaseCmsSecurityPermission>(context: CmsContext, name: string, check?: {
-    rwd?: string;
-    pw?: string;
-}) => Promise<TPermission>;

package/utils/permissions.js

@@ -1,91 +0,0 @@
-"use strict";
-
-Object.defineProperty(exports, "__esModule", {
-  value: true
-});
-exports.hasRwd = exports.hasPw = exports.checkPermissions = void 0;
-var _apiSecurity = require("@webiny/api-security");
-const hasRwd = (permission, rwd) => {
-  if (typeof permission.rwd !== "string") {
-    return true;
-  }
-  return permission.rwd.includes(rwd);
-};
-exports.hasRwd = hasRwd;
-const hasPw = (permission, pw) => {
-  const isCustom = Object.keys(permission).length > 1; // "name" key is always present
-
-  if (!isCustom) {
-    // Means it's a "full-access" permission.
-    return true;
-  }
-  if (typeof permission.pw !== "string") {
-    return false;
-  }
-  return permission.pw.includes(pw);
-};
-exports.hasPw = hasPw;
-const PW = {
-  p: "publish",
-  u: "unpublish"
-};
-const RWD = {
-  r: "read",
-  w: "write",
-  d: "delete"
-};
-const checkPermissions = async (context, name, check) => {
-  // Check if user is allowed to edit content in current language
-  const contentPermission = await context.security.getPermission("content.i18n");
-  if (!contentPermission) {
-    throw new _apiSecurity.NotAuthorizedError({
-      data: {
-        reason: "Missing access to content in any locale."
-      }
-    });
-  }
-
-  // We need to check this manually as CMS locale comes from the URL and not the default i18n app.
-  const code = context.cms.getLocale().code;
-  const locales = contentPermission.locales;
-
-  // IMPORTANT: If we have a `contentPermission`, and `locales` key is NOT SET - it means the user has access to all locales.
-  // However, if the the `locales` IS SET - check that it contains the required locale.
-  if (Array.isArray(locales) && !locales.includes(code)) {
-    throw new _apiSecurity.NotAuthorizedError({
-      data: {
-        reason: `Not allowed to access content in "${code}."`
-      }
-    });
-  }
-  const permission = await context.security.getPermission(name);
-  if (!permission) {
-    throw new _apiSecurity.NotAuthorizedError({
-      data: {
-        reason: `Missing permission "${name}".`
-      }
-    });
-  }
-  if (!check) {
-    return permission;
-  }
-  if (check.rwd && !hasRwd(permission, check.rwd)) {
-    throw new _apiSecurity.NotAuthorizedError({
-      data: {
-        reason: `Not allowed to perform "${RWD[check.rwd]}" on "${name}".`
-      }
-    });
-  }
-
-  // p = publish
-  // u = unpublish
-  if (check.pw && !hasPw(permission, check.pw)) {
-    throw new _apiSecurity.NotAuthorizedError({
-      data: {
-        reason: `Not allowed to perform "${PW[check.pw]}" on "${name}".`
-      }
-    });
-  }
-  return permission;
-};
-exports.checkPermissions = checkPermissions;

package/utils/permissions.js.map

@@ -1 +0,0 @@
-{"version":3,"names":["hasRwd","permission","rwd","includes","hasPw","pw","isCustom","Object","keys","length","PW","p","u","RWD","r","w","d","checkPermissions","context","name","check","contentPermission","security","getPermission","NotAuthorizedError","data","reason","code","cms","getLocale","locales","Array","isArray"],"sources":["permissions.ts"],"sourcesContent":["import { BaseCmsSecurityPermission, CmsContext, CmsEntryPermission } from \"~/types\";\nimport { NotAuthorizedError } from \"@webiny/api-security\";\n\nexport const hasRwd = (permission: BaseCmsSecurityPermission, rwd: string): boolean => {\n    if (typeof permission.rwd !== \"string\") {\n        return true;\n    }\n\n    return permission.rwd.includes(rwd);\n};\n\nexport const hasPw = (permission: CmsEntryPermission, pw: string): boolean => {\n    const isCustom = Object.keys(permission).length > 1; // \"name\" key is always present\n\n    if (!isCustom) {\n        // Means it's a \"full-access\" permission.\n        return true;\n    }\n\n    if (typeof permission.pw !== \"string\") {\n        return false;\n    }\n\n    return permission.pw.includes(pw);\n};\n\nconst PW: Record<string, string> = {\n    p: \"publish\",\n    u: \"unpublish\"\n};\n\nconst RWD: Record<string, string> = {\n    r: \"read\",\n    w: \"write\",\n    d: \"delete\"\n};\n\nexport const checkPermissions = async <\n    TPermission extends BaseCmsSecurityPermission = BaseCmsSecurityPermission\n>(\n    context: CmsContext,\n    name: string,\n    check?: { rwd?: string; pw?: string }\n): Promise<TPermission> => {\n    // Check if user is allowed to edit content in current language\n    const contentPermission = await context.security.getPermission(\"content.i18n\");\n\n    if (!contentPermission) {\n        throw new NotAuthorizedError({\n            data: {\n                reason: \"Missing access to content in any locale.\"\n            }\n        });\n    }\n\n    // We need to check this manually as CMS locale comes from the URL and not the default i18n app.\n    const code = context.cms.getLocale().code;\n\n    const locales: string[] = contentPermission.locales;\n\n    // IMPORTANT: If we have a `contentPermission`, and `locales` key is NOT SET - it means the user has access to all locales.\n    // However, if the the `locales` IS SET - check that it contains the required locale.\n    if (Array.isArray(locales) && !locales.includes(code)) {\n        throw new NotAuthorizedError({\n            data: {\n                reason: `Not allowed to access content in \"${code}.\"`\n            }\n        });\n    }\n\n    const permission = await context.security.getPermission<TPermission>(name);\n\n    if (!permission) {\n        throw new NotAuthorizedError({\n            data: {\n                reason: `Missing permission \"${name}\".`\n            }\n        });\n    }\n\n    if (!check) {\n        return permission;\n    }\n\n    if (check.rwd && !hasRwd(permission, check.rwd)) {\n        throw new NotAuthorizedError({\n            data: {\n                reason: `Not allowed to perform \"${RWD[check.rwd]}\" on \"${name}\".`\n            }\n        });\n    }\n\n    // p = publish\n    // u = unpublish\n    if (check.pw && !hasPw(permission, check.pw)) {\n        throw new NotAuthorizedError({\n            data: {\n                reason: `Not allowed to perform \"${PW[check.pw]}\" on \"${name}\".`\n            }\n        });\n    }\n\n    return permission;\n};\n"],"mappings":";;;;;;AACA;AAEO,MAAMA,MAAM,GAAG,CAACC,UAAqC,EAAEC,GAAW,KAAc;EACnF,IAAI,OAAOD,UAAU,CAACC,GAAG,KAAK,QAAQ,EAAE;IACpC,OAAO,IAAI;EACf;EAEA,OAAOD,UAAU,CAACC,GAAG,CAACC,QAAQ,CAACD,GAAG,CAAC;AACvC,CAAC;AAAC;AAEK,MAAME,KAAK,GAAG,CAACH,UAA8B,EAAEI,EAAU,KAAc;EAC1E,MAAMC,QAAQ,GAAGC,MAAM,CAACC,IAAI,CAACP,UAAU,CAAC,CAACQ,MAAM,GAAG,CAAC,CAAC,CAAC;;EAErD,IAAI,CAACH,QAAQ,EAAE;IACX;IACA,OAAO,IAAI;EACf;EAEA,IAAI,OAAOL,UAAU,CAACI,EAAE,KAAK,QAAQ,EAAE;IACnC,OAAO,KAAK;EAChB;EAEA,OAAOJ,UAAU,CAACI,EAAE,CAACF,QAAQ,CAACE,EAAE,CAAC;AACrC,CAAC;AAAC;AAEF,MAAMK,EAA0B,GAAG;EAC/BC,CAAC,EAAE,SAAS;EACZC,CAAC,EAAE;AACP,CAAC;AAED,MAAMC,GAA2B,GAAG;EAChCC,CAAC,EAAE,MAAM;EACTC,CAAC,EAAE,OAAO;EACVC,CAAC,EAAE;AACP,CAAC;AAEM,MAAMC,gBAAgB,GAAG,OAG5BC,OAAmB,EACnBC,IAAY,EACZC,KAAqC,KACd;EACvB;EACA,MAAMC,iBAAiB,GAAG,MAAMH,OAAO,CAACI,QAAQ,CAACC,aAAa,CAAC,cAAc,CAAC;EAE9E,IAAI,CAACF,iBAAiB,EAAE;IACpB,MAAM,IAAIG,+BAAkB,CAAC;MACzBC,IAAI,EAAE;QACFC,MAAM,EAAE;MACZ;IACJ,CAAC,CAAC;EACN;;EAEA;EACA,MAAMC,IAAI,GAAGT,OAAO,CAACU,GAAG,CAACC,SAAS,EAAE,CAACF,IAAI;EAEzC,MAAMG,OAAiB,GAAGT,iBAAiB,CAACS,OAAO;;EAEnD;EACA;EACA,IAAIC,KAAK,CAACC,OAAO,CAACF,OAAO,CAAC,IAAI,CAACA,OAAO,CAAC3B,QAAQ,CAACwB,IAAI,CAAC,EAAE;IACnD,MAAM,IAAIH,+BAAkB,CAAC;MACzBC,IAAI,EAAE;QACFC,MAAM,EAAG,qCAAoCC,IAAK;MACtD;IACJ,CAAC,CAAC;EACN;EAEA,MAAM1B,UAAU,GAAG,MAAMiB,OAAO,CAACI,QAAQ,CAACC,aAAa,CAAcJ,IAAI,CAAC;EAE1E,IAAI,CAAClB,UAAU,EAAE;IACb,MAAM,IAAIuB,+BAAkB,CAAC;MACzBC,IAAI,EAAE;QACFC,MAAM,EAAG,uBAAsBP,IAAK;MACxC;IACJ,CAAC,CAAC;EACN;EAEA,IAAI,CAACC,KAAK,EAAE;IACR,OAAOnB,UAAU;EACrB;EAEA,IAAImB,KAAK,CAAClB,GAAG,IAAI,CAACF,MAAM,CAACC,UAAU,EAAEmB,KAAK,CAAClB,GAAG,CAAC,EAAE;IAC7C,MAAM,IAAIsB,+BAAkB,CAAC;MACzBC,IAAI,EAAE;QACFC,MAAM,EAAG,2BAA0Bb,GAAG,CAACO,KAAK,CAAClB,GAAG,CAAE,SAAQiB,IAAK;MACnE;IACJ,CAAC,CAAC;EACN;;EAEA;EACA;EACA,IAAIC,KAAK,CAACf,EAAE,IAAI,CAACD,KAAK,CAACH,UAAU,EAAEmB,KAAK,CAACf,EAAE,CAAC,EAAE;IAC1C,MAAM,IAAImB,+BAAkB,CAAC;MACzBC,IAAI,EAAE;QACFC,MAAM,EAAG,2BAA0BhB,EAAE,CAACU,KAAK,CAACf,EAAE,CAAE,SAAQc,IAAK;MACjE;IACJ,CAAC,CAAC;EACN;EAEA,OAAOlB,UAAU;AACrB,CAAC;AAAC"}