@webiny/api-headless-cms 5.37.0 → 5.37.1-beta.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/context.js +7 -1
- package/context.js.map +1 -1
- package/crud/contentEntry.crud.js +38 -54
- package/crud/contentEntry.crud.js.map +1 -1
- package/crud/contentModel.crud.js +2 -4
- package/crud/contentModel.crud.js.map +1 -1
- package/crud/contentModelGroup.crud.d.ts +1 -1
- package/crud/contentModelGroup.crud.js +2 -4
- package/crud/contentModelGroup.crud.js.map +1 -1
- package/index.d.ts +1 -0
- package/index.js +12 -0
- package/index.js.map +1 -1
- package/package.json +18 -18
- package/types.d.ts +16 -0
- package/types.js.map +1 -1
- package/utils/access.d.ts +10 -0
- package/utils/access.js +33 -0
- package/utils/access.js.map +1 -0
- package/utils/permissions/ModelGroupsPermissions.d.ts +3 -5
- package/utils/permissions/ModelGroupsPermissions.js +5 -5
- package/utils/permissions/ModelGroupsPermissions.js.map +1 -1
- package/utils/permissions/ModelsPermissions.d.ts +9 -7
- package/utils/permissions/ModelsPermissions.js +2 -2
- package/utils/permissions/ModelsPermissions.js.map +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_apiSecurity","require","ModelsPermissions","AppPermissions","constructor","params","_defineProperty2","default","modelGroupsPermissions","canAccessModel","model","
|
|
1
|
+
{"version":3,"names":["_apiSecurity","require","ModelsPermissions","AppPermissions","constructor","params","_defineProperty2","default","modelGroupsPermissions","canAccessModel","model","hasFullAccess","modelsPermissions","canReadGroups","ensure","rwd","throw","canReadModels","modelGroupsPermissionsList","getPermissions","modelsPermissionsList","locale","i","length","modelGroupPermission","groups","j","modelPermission","models","Array","isArray","includes","group","id","modelId","ensureCanAccessModel","NotAuthorizedError","data","reason","exports"],"sources":["ModelsPermissions.ts"],"sourcesContent":["import { AppPermissions, AppPermissionsParams, NotAuthorizedError } from \"@webiny/api-security\";\nimport {\n CmsGroupPermission,\n CmsModel as BaseCmsModel,\n CmsModelGroup as BaseCmsModelGroup,\n CmsModelPermission\n} from \"~/types\";\nimport { ModelGroupsPermissions } from \"~/utils/permissions/ModelGroupsPermissions\";\n\nexport interface ModelsPermissionsParams extends AppPermissionsParams<CmsGroupPermission> {\n modelGroupsPermissions: ModelGroupsPermissions;\n}\n\ninterface PickedCmsModel extends Pick<BaseCmsModel, \"modelId\" | \"locale\"> {\n group: Pick<BaseCmsModelGroup, \"id\">;\n}\n\nexport interface CanAccessModelParams {\n model: PickedCmsModel;\n}\n\nexport interface EnsureModelAccessParams {\n model: PickedCmsModel;\n}\n\nexport class ModelsPermissions extends AppPermissions<CmsModelPermission> {\n private readonly modelGroupsPermissions: ModelGroupsPermissions;\n\n public constructor(params: ModelsPermissionsParams) {\n super(params);\n this.modelGroupsPermissions = params.modelGroupsPermissions;\n }\n\n public async canAccessModel({ model }: CanAccessModelParams) {\n if (await this.hasFullAccess()) {\n return true;\n }\n\n const modelGroupsPermissions = this.modelGroupsPermissions;\n\n // eslint-disable-next-line\n const modelsPermissions = this;\n\n const canReadGroups = await modelGroupsPermissions.ensure({ rwd: \"r\" }, { throw: false });\n if (!canReadGroups) {\n return false;\n }\n\n const canReadModels = await modelsPermissions.ensure({ rwd: \"r\" }, { throw: false });\n if (!canReadModels) {\n return false;\n }\n\n const modelGroupsPermissionsList = await modelGroupsPermissions.getPermissions();\n const modelsPermissionsList = await this.getPermissions();\n\n const locale = model.locale;\n\n for (let i = 0; i < modelGroupsPermissionsList.length; i++) {\n const modelGroupPermission = modelGroupsPermissionsList[i];\n\n const { groups } = modelGroupPermission;\n\n for (let j = 0; j < modelsPermissionsList.length; j++) {\n const modelPermission = modelsPermissionsList[j];\n\n const { models } = modelPermission;\n // when no models or groups defined on permission\n // it means user has access to everything\n if (!models && !groups) {\n return true;\n }\n\n // Does the model belong to a group for which user has permission?\n if (groups) {\n if (\n Array.isArray(groups[locale]) === false ||\n groups[locale].includes(model.group.id) === false\n ) {\n continue;\n }\n }\n\n // Does the user have access to the specific model?\n if (models) {\n if (\n Array.isArray(models[locale]) === false ||\n models[locale].includes(model.modelId) === false\n ) {\n continue;\n }\n }\n\n return true;\n }\n }\n\n return false;\n }\n\n public async ensureCanAccessModel(params: EnsureModelAccessParams) {\n const canAccessModel = await this.canAccessModel(params);\n if (canAccessModel) {\n return;\n }\n\n throw new NotAuthorizedError({\n data: {\n reason: `Not allowed to access model \"${params.model.modelId}\".`\n }\n });\n }\n}\n"],"mappings":";;;;;;;;AAAA,IAAAA,YAAA,GAAAC,OAAA;AAyBO,MAAMC,iBAAiB,SAASC,2BAAc,CAAqB;EAG/DC,WAAWA,CAACC,MAA+B,EAAE;IAChD,KAAK,CAACA,MAAM,CAAC;IAAC,IAAAC,gBAAA,CAAAC,OAAA;IACd,IAAI,CAACC,sBAAsB,GAAGH,MAAM,CAACG,sBAAsB;EAC/D;EAEA,MAAaC,cAAcA,CAAC;IAAEC;EAA4B,CAAC,EAAE;IACzD,IAAI,MAAM,IAAI,CAACC,aAAa,CAAC,CAAC,EAAE;MAC5B,OAAO,IAAI;IACf;IAEA,MAAMH,sBAAsB,GAAG,IAAI,CAACA,sBAAsB;;IAE1D;IACA,MAAMI,iBAAiB,GAAG,IAAI;IAE9B,MAAMC,aAAa,GAAG,MAAML,sBAAsB,CAACM,MAAM,CAAC;MAAEC,GAAG,EAAE;IAAI,CAAC,EAAE;MAAEC,KAAK,EAAE;IAAM,CAAC,CAAC;IACzF,IAAI,CAACH,aAAa,EAAE;MAChB,OAAO,KAAK;IAChB;IAEA,MAAMI,aAAa,GAAG,MAAML,iBAAiB,CAACE,MAAM,CAAC;MAAEC,GAAG,EAAE;IAAI,CAAC,EAAE;MAAEC,KAAK,EAAE;IAAM,CAAC,CAAC;IACpF,IAAI,CAACC,aAAa,EAAE;MAChB,OAAO,KAAK;IAChB;IAEA,MAAMC,0BAA0B,GAAG,MAAMV,sBAAsB,CAACW,cAAc,CAAC,CAAC;IAChF,MAAMC,qBAAqB,GAAG,MAAM,IAAI,CAACD,cAAc,CAAC,CAAC;IAEzD,MAAME,MAAM,GAAGX,KAAK,CAACW,MAAM;IAE3B,KAAK,IAAIC,CAAC,GAAG,CAAC,EAAEA,CAAC,GAAGJ,0BAA0B,CAACK,MAAM,EAAED,CAAC,EAAE,EAAE;MACxD,MAAME,oBAAoB,GAAGN,0BAA0B,CAACI,CAAC,CAAC;MAE1D,MAAM;QAAEG;MAAO,CAAC,GAAGD,oBAAoB;MAEvC,KAAK,IAAIE,CAAC,GAAG,CAAC,EAAEA,CAAC,GAAGN,qBAAqB,CAACG,MAAM,EAAEG,CAAC,EAAE,EAAE;QACnD,MAAMC,eAAe,GAAGP,qBAAqB,CAACM,CAAC,CAAC;QAEhD,MAAM;UAAEE;QAAO,CAAC,GAAGD,eAAe;QAClC;QACA;QACA,IAAI,CAACC,MAAM,IAAI,CAACH,MAAM,EAAE;UACpB,OAAO,IAAI;QACf;;QAEA;QACA,IAAIA,MAAM,EAAE;UACR,IACII,KAAK,CAACC,OAAO,CAACL,MAAM,CAACJ,MAAM,CAAC,CAAC,KAAK,KAAK,IACvCI,MAAM,CAACJ,MAAM,CAAC,CAACU,QAAQ,CAACrB,KAAK,CAACsB,KAAK,CAACC,EAAE,CAAC,KAAK,KAAK,EACnD;YACE;UACJ;QACJ;;QAEA;QACA,IAAIL,MAAM,EAAE;UACR,IACIC,KAAK,CAACC,OAAO,CAACF,MAAM,CAACP,MAAM,CAAC,CAAC,KAAK,KAAK,IACvCO,MAAM,CAACP,MAAM,CAAC,CAACU,QAAQ,CAACrB,KAAK,CAACwB,OAAO,CAAC,KAAK,KAAK,EAClD;YACE;UACJ;QACJ;QAEA,OAAO,IAAI;MACf;IACJ;IAEA,OAAO,KAAK;EAChB;EAEA,MAAaC,oBAAoBA,CAAC9B,MAA+B,EAAE;IAC/D,MAAMI,cAAc,GAAG,MAAM,IAAI,CAACA,cAAc,CAACJ,MAAM,CAAC;IACxD,IAAII,cAAc,EAAE;MAChB;IACJ;IAEA,MAAM,IAAI2B,+BAAkB,CAAC;MACzBC,IAAI,EAAE;QACFC,MAAM,EAAG,gCAA+BjC,MAAM,CAACK,KAAK,CAACwB,OAAQ;MACjE;IACJ,CAAC,CAAC;EACN;AACJ;AAACK,OAAA,CAAArC,iBAAA,GAAAA,iBAAA"}
|