@webiny/api-headless-cms 5.37.0 → 5.37.1-beta.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/context.js +7 -1
- package/context.js.map +1 -1
- package/crud/contentEntry.crud.js +47 -70
- package/crud/contentEntry.crud.js.map +1 -1
- package/crud/contentModel/validation.d.ts +56 -56
- package/crud/contentModel.crud.js +2 -4
- package/crud/contentModel.crud.js.map +1 -1
- package/crud/contentModelGroup/validation.d.ts +1 -1
- package/crud/contentModelGroup.crud.d.ts +1 -1
- package/crud/contentModelGroup.crud.js +2 -4
- package/crud/contentModelGroup.crud.js.map +1 -1
- package/graphql/index.d.ts +1 -1
- package/graphqlFields/dynamicZone/dynamicZoneStorage.js +43 -10
- package/graphqlFields/dynamicZone/dynamicZoneStorage.js.map +1 -1
- package/index.d.ts +2 -1
- package/index.js +12 -0
- package/index.js.map +1 -1
- package/package.json +18 -18
- package/types.d.ts +16 -0
- package/types.js.map +1 -1
- package/utils/access.d.ts +10 -0
- package/utils/access.js +33 -0
- package/utils/access.js.map +1 -0
- package/utils/entryStorage.d.ts +4 -4
- package/utils/entryStorage.js.map +1 -1
- package/utils/permissions/ModelGroupsPermissions.d.ts +3 -5
- package/utils/permissions/ModelGroupsPermissions.js +5 -5
- package/utils/permissions/ModelGroupsPermissions.js.map +1 -1
- package/utils/permissions/ModelsPermissions.d.ts +9 -7
- package/utils/permissions/ModelsPermissions.js +2 -2
- package/utils/permissions/ModelsPermissions.js.map +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_error","_interopRequireDefault","require","_StorageTransformPlugin","_getBaseFieldType","getStoragePluginFactory","context","defaultStoragePlugin","plugins","byType","StorageTransformPlugin","type","reverse","reduce","collection","plugin","fieldType","entryStorageTransform","model","operation","entry","getStoragePlugin","transformedValues","field","fields","baseType","getBaseFieldType","WebinyError","name","fieldId","value","values","_objectSpread2","default","entryToStorageTransform","exports","entryFromStorageTransform","entryFieldFromStorageTransform","params","fromStorage"],"sources":["entryStorage.ts"],"sourcesContent":["import WebinyError from \"@webiny/error\";\nimport { StorageTransformPlugin } from \"~/plugins/StorageTransformPlugin\";\nimport { CmsEntry, CmsModel, CmsModelField
|
|
1
|
+
{"version":3,"names":["_error","_interopRequireDefault","require","_StorageTransformPlugin","_getBaseFieldType","getStoragePluginFactory","context","defaultStoragePlugin","plugins","byType","StorageTransformPlugin","type","reverse","reduce","collection","plugin","fieldType","entryStorageTransform","model","operation","entry","getStoragePlugin","transformedValues","field","fields","baseType","getBaseFieldType","WebinyError","name","fieldId","value","values","_objectSpread2","default","entryToStorageTransform","exports","entryFromStorageTransform","entryFieldFromStorageTransform","params","fromStorage"],"sources":["entryStorage.ts"],"sourcesContent":["import WebinyError from \"@webiny/error\";\nimport { StorageTransformPlugin } from \"~/plugins/StorageTransformPlugin\";\nimport { CmsContext, CmsEntry, CmsModel, CmsModelField } from \"~/types\";\nimport { getBaseFieldType } from \"~/utils/getBaseFieldType\";\n\ninterface GetStoragePluginFactory {\n (context: Pick<CmsContext, \"plugins\">): (fieldType: string) => StorageTransformPlugin<any>;\n}\n\nconst getStoragePluginFactory: GetStoragePluginFactory = context => {\n let defaultStoragePlugin: StorageTransformPlugin;\n\n const plugins = context.plugins\n .byType<StorageTransformPlugin>(StorageTransformPlugin.type)\n // we reverse plugins because we want to get latest added only\n .reverse()\n .reduce((collection, plugin) => {\n /**\n * Check if it's a default plugin and set it - always override the previous one.\n */\n if (plugin.fieldType === \"*\") {\n defaultStoragePlugin = plugin;\n return collection;\n }\n\n /**\n * We will just set the plugin for given type.\n * The last one will override existing one - so users can override our default ones.\n */\n collection[plugin.fieldType] = plugin;\n\n return collection;\n }, {} as Record<string, StorageTransformPlugin>);\n\n return (fieldType: string) => {\n return plugins[fieldType] || defaultStoragePlugin;\n };\n};\n\n/**\n * This should be used when transforming the whole entry.\n */\nconst entryStorageTransform = async (\n context: Pick<CmsContext, \"plugins\">,\n model: CmsModel,\n operation: \"toStorage\" | \"fromStorage\",\n entry: CmsEntry\n): Promise<CmsEntry> => {\n const getStoragePlugin = getStoragePluginFactory(context);\n\n const transformedValues: Record<string, any> = {};\n for (const field of model.fields) {\n const baseType = getBaseFieldType(field);\n const plugin = getStoragePlugin(baseType);\n // TODO: remove this once plugins are converted into classes\n if (typeof plugin[operation] !== \"function\") {\n throw new WebinyError(\n `Missing \"${operation}\" function in storage plugin \"${plugin.name}\" for field type \"${baseType}\"`\n );\n }\n\n transformedValues[field.fieldId] = await plugin[operation]({\n plugins: context.plugins,\n model,\n field,\n value: entry.values[field.fieldId],\n getStoragePlugin\n });\n }\n\n return { ...entry, values: transformedValues };\n};\n\n/**\n * A function that is used in crud to transform entry into the storage type.\n */\nexport const entryToStorageTransform = async (\n context: Pick<CmsContext, \"plugins\">,\n model: CmsModel,\n entry: CmsEntry\n): Promise<CmsEntry> => {\n return entryStorageTransform(context, model, \"toStorage\", entry);\n};\n\n/**\n * A function that is used to transform the whole entry from storage into its native form.\n */\nexport const entryFromStorageTransform = async (\n context: Pick<CmsContext, \"plugins\">,\n model: CmsModel,\n entry: CmsEntry\n): Promise<CmsEntry> => {\n return entryStorageTransform(context, model, \"fromStorage\", entry);\n};\n\ninterface EntryFieldFromStorageTransformParams {\n context: Pick<CmsContext, \"plugins\">;\n model: CmsModel;\n field: CmsModelField;\n value: any;\n}\n/*\n * A function that is used to transform a single field from storage\n */\nexport const entryFieldFromStorageTransform = async <T = any>(\n params: EntryFieldFromStorageTransformParams\n): Promise<T> => {\n const { context, model, field, value } = params;\n const getStoragePlugin = getStoragePluginFactory(context);\n\n const baseType = getBaseFieldType(field);\n const plugin = getStoragePlugin(baseType);\n\n // TODO: remove this once plugins are converted into classes\n if (typeof plugin.fromStorage !== \"function\") {\n throw new WebinyError(\n `Missing \"fromStorage\" function in storage plugin \"${plugin.name}\" for field type \"${baseType}\"`\n );\n }\n\n return plugin.fromStorage({\n plugins: context.plugins,\n model,\n field,\n value,\n getStoragePlugin\n });\n};\n"],"mappings":";;;;;;;;AAAA,IAAAA,MAAA,GAAAC,sBAAA,CAAAC,OAAA;AACA,IAAAC,uBAAA,GAAAD,OAAA;AAEA,IAAAE,iBAAA,GAAAF,OAAA;AAMA,MAAMG,uBAAgD,GAAGC,OAAO,IAAI;EAChE,IAAIC,oBAA4C;EAEhD,MAAMC,OAAO,GAAGF,OAAO,CAACE,OAAO,CAC1BC,MAAM,CAAyBC,8CAAsB,CAACC,IAAI;EAC3D;EAAA,CACCC,OAAO,CAAC,CAAC,CACTC,MAAM,CAAC,CAACC,UAAU,EAAEC,MAAM,KAAK;IAC5B;AACZ;AACA;IACY,IAAIA,MAAM,CAACC,SAAS,KAAK,GAAG,EAAE;MAC1BT,oBAAoB,GAAGQ,MAAM;MAC7B,OAAOD,UAAU;IACrB;;IAEA;AACZ;AACA;AACA;IACYA,UAAU,CAACC,MAAM,CAACC,SAAS,CAAC,GAAGD,MAAM;IAErC,OAAOD,UAAU;EACrB,CAAC,EAAE,CAAC,CAA2C,CAAC;EAEpD,OAAQE,SAAiB,IAAK;IAC1B,OAAOR,OAAO,CAACQ,SAAS,CAAC,IAAIT,oBAAoB;EACrD,CAAC;AACL,CAAC;;AAED;AACA;AACA;AACA,MAAMU,qBAAqB,GAAG,MAAAA,CAC1BX,OAAoC,EACpCY,KAAe,EACfC,SAAsC,EACtCC,KAAe,KACK;EACpB,MAAMC,gBAAgB,GAAGhB,uBAAuB,CAACC,OAAO,CAAC;EAEzD,MAAMgB,iBAAsC,GAAG,CAAC,CAAC;EACjD,KAAK,MAAMC,KAAK,IAAIL,KAAK,CAACM,MAAM,EAAE;IAC9B,MAAMC,QAAQ,GAAG,IAAAC,kCAAgB,EAACH,KAAK,CAAC;IACxC,MAAMR,MAAM,GAAGM,gBAAgB,CAACI,QAAQ,CAAC;IACzC;IACA,IAAI,OAAOV,MAAM,CAACI,SAAS,CAAC,KAAK,UAAU,EAAE;MACzC,MAAM,IAAIQ,cAAW,CAChB,YAAWR,SAAU,iCAAgCJ,MAAM,CAACa,IAAK,qBAAoBH,QAAS,GACnG,CAAC;IACL;IAEAH,iBAAiB,CAACC,KAAK,CAACM,OAAO,CAAC,GAAG,MAAMd,MAAM,CAACI,SAAS,CAAC,CAAC;MACvDX,OAAO,EAAEF,OAAO,CAACE,OAAO;MACxBU,KAAK;MACLK,KAAK;MACLO,KAAK,EAAEV,KAAK,CAACW,MAAM,CAACR,KAAK,CAACM,OAAO,CAAC;MAClCR;IACJ,CAAC,CAAC;EACN;EAEA,WAAAW,cAAA,CAAAC,OAAA,MAAAD,cAAA,CAAAC,OAAA,MAAYb,KAAK;IAAEW,MAAM,EAAET;EAAiB;AAChD,CAAC;;AAED;AACA;AACA;AACO,MAAMY,uBAAuB,GAAG,MAAAA,CACnC5B,OAAoC,EACpCY,KAAe,EACfE,KAAe,KACK;EACpB,OAAOH,qBAAqB,CAACX,OAAO,EAAEY,KAAK,EAAE,WAAW,EAAEE,KAAK,CAAC;AACpE,CAAC;;AAED;AACA;AACA;AAFAe,OAAA,CAAAD,uBAAA,GAAAA,uBAAA;AAGO,MAAME,yBAAyB,GAAG,MAAAA,CACrC9B,OAAoC,EACpCY,KAAe,EACfE,KAAe,KACK;EACpB,OAAOH,qBAAqB,CAACX,OAAO,EAAEY,KAAK,EAAE,aAAa,EAAEE,KAAK,CAAC;AACtE,CAAC;AAACe,OAAA,CAAAC,yBAAA,GAAAA,yBAAA;AAQF;AACA;AACA;AACO,MAAMC,8BAA8B,GAAG,MAC1CC,MAA4C,IAC/B;EACb,MAAM;IAAEhC,OAAO;IAAEY,KAAK;IAAEK,KAAK;IAAEO;EAAM,CAAC,GAAGQ,MAAM;EAC/C,MAAMjB,gBAAgB,GAAGhB,uBAAuB,CAACC,OAAO,CAAC;EAEzD,MAAMmB,QAAQ,GAAG,IAAAC,kCAAgB,EAACH,KAAK,CAAC;EACxC,MAAMR,MAAM,GAAGM,gBAAgB,CAACI,QAAQ,CAAC;;EAEzC;EACA,IAAI,OAAOV,MAAM,CAACwB,WAAW,KAAK,UAAU,EAAE;IAC1C,MAAM,IAAIZ,cAAW,CAChB,qDAAoDZ,MAAM,CAACa,IAAK,qBAAoBH,QAAS,GAClG,CAAC;EACL;EAEA,OAAOV,MAAM,CAACwB,WAAW,CAAC;IACtB/B,OAAO,EAAEF,OAAO,CAACE,OAAO;IACxBU,KAAK;IACLK,KAAK;IACLO,KAAK;IACLT;EACJ,CAAC,CAAC;AACN,CAAC;AAACc,OAAA,CAAAE,8BAAA,GAAAA,8BAAA"}
|
|
@@ -1,11 +1,9 @@
|
|
|
1
1
|
import { AppPermissions } from "@webiny/api-security";
|
|
2
2
|
import { CmsGroup, CmsGroupPermission } from "../../types";
|
|
3
|
-
interface CanAccessGroupParams {
|
|
4
|
-
group: CmsGroup
|
|
5
|
-
locale: string;
|
|
3
|
+
export interface CanAccessGroupParams {
|
|
4
|
+
group: Pick<CmsGroup, "id" | "locale">;
|
|
6
5
|
}
|
|
7
6
|
export declare class ModelGroupsPermissions extends AppPermissions<CmsGroupPermission> {
|
|
8
|
-
canAccessGroup({ group
|
|
7
|
+
canAccessGroup({ group }: CanAccessGroupParams): Promise<boolean>;
|
|
9
8
|
ensureCanAccessGroup(params: CanAccessGroupParams): Promise<void>;
|
|
10
9
|
}
|
|
11
|
-
export {};
|
|
@@ -7,18 +7,18 @@ exports.ModelGroupsPermissions = void 0;
|
|
|
7
7
|
var _apiSecurity = require("@webiny/api-security");
|
|
8
8
|
class ModelGroupsPermissions extends _apiSecurity.AppPermissions {
|
|
9
9
|
async canAccessGroup({
|
|
10
|
-
group
|
|
11
|
-
locale
|
|
10
|
+
group
|
|
12
11
|
}) {
|
|
13
12
|
if (await this.hasFullAccess()) {
|
|
14
13
|
return true;
|
|
15
14
|
}
|
|
16
15
|
const permissions = await this.getPermissions();
|
|
17
|
-
|
|
18
|
-
|
|
16
|
+
const locale = group.locale;
|
|
17
|
+
for (const permission of permissions) {
|
|
19
18
|
const {
|
|
20
19
|
groups
|
|
21
20
|
} = permission;
|
|
21
|
+
|
|
22
22
|
// When no groups defined on permission it means user has access to everything.
|
|
23
23
|
if (!groups) {
|
|
24
24
|
return true;
|
|
@@ -27,7 +27,7 @@ class ModelGroupsPermissions extends _apiSecurity.AppPermissions {
|
|
|
27
27
|
// when there is no locale in groups, it means that no access was given
|
|
28
28
|
// this happens when access control was set but no models or groups were added
|
|
29
29
|
if (Array.isArray(groups[locale]) === false || groups[locale].includes(group.id) === false) {
|
|
30
|
-
|
|
30
|
+
continue;
|
|
31
31
|
}
|
|
32
32
|
return true;
|
|
33
33
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_apiSecurity","require","ModelGroupsPermissions","AppPermissions","canAccessGroup","group","
|
|
1
|
+
{"version":3,"names":["_apiSecurity","require","ModelGroupsPermissions","AppPermissions","canAccessGroup","group","hasFullAccess","permissions","getPermissions","locale","permission","groups","Array","isArray","includes","id","ensureCanAccessGroup","params","canAccessModel","NotAuthorizedError","data","reason","exports"],"sources":["ModelGroupsPermissions.ts"],"sourcesContent":["import { AppPermissions, NotAuthorizedError } from \"@webiny/api-security\";\nimport { CmsGroup, CmsGroupPermission } from \"~/types\";\n\nexport interface CanAccessGroupParams {\n group: Pick<CmsGroup, \"id\" | \"locale\">;\n}\n\nexport class ModelGroupsPermissions extends AppPermissions<CmsGroupPermission> {\n async canAccessGroup({ group }: CanAccessGroupParams) {\n if (await this.hasFullAccess()) {\n return true;\n }\n\n const permissions = await this.getPermissions();\n\n const locale = group.locale;\n\n for (const permission of permissions) {\n const { groups } = permission;\n\n // When no groups defined on permission it means user has access to everything.\n if (!groups) {\n return true;\n }\n\n // when there is no locale in groups, it means that no access was given\n // this happens when access control was set but no models or groups were added\n if (\n Array.isArray(groups[locale]) === false ||\n groups[locale].includes(group.id) === false\n ) {\n continue;\n }\n return true;\n }\n\n return false;\n }\n\n async ensureCanAccessGroup(params: CanAccessGroupParams) {\n const canAccessModel = await this.canAccessGroup(params);\n if (canAccessModel) {\n return;\n }\n\n throw new NotAuthorizedError({\n data: {\n reason: `Not allowed to access group \"${params.group.id}\".`\n }\n });\n }\n}\n"],"mappings":";;;;;;AAAA,IAAAA,YAAA,GAAAC,OAAA;AAOO,MAAMC,sBAAsB,SAASC,2BAAc,CAAqB;EAC3E,MAAMC,cAAcA,CAAC;IAAEC;EAA4B,CAAC,EAAE;IAClD,IAAI,MAAM,IAAI,CAACC,aAAa,CAAC,CAAC,EAAE;MAC5B,OAAO,IAAI;IACf;IAEA,MAAMC,WAAW,GAAG,MAAM,IAAI,CAACC,cAAc,CAAC,CAAC;IAE/C,MAAMC,MAAM,GAAGJ,KAAK,CAACI,MAAM;IAE3B,KAAK,MAAMC,UAAU,IAAIH,WAAW,EAAE;MAClC,MAAM;QAAEI;MAAO,CAAC,GAAGD,UAAU;;MAE7B;MACA,IAAI,CAACC,MAAM,EAAE;QACT,OAAO,IAAI;MACf;;MAEA;MACA;MACA,IACIC,KAAK,CAACC,OAAO,CAACF,MAAM,CAACF,MAAM,CAAC,CAAC,KAAK,KAAK,IACvCE,MAAM,CAACF,MAAM,CAAC,CAACK,QAAQ,CAACT,KAAK,CAACU,EAAE,CAAC,KAAK,KAAK,EAC7C;QACE;MACJ;MACA,OAAO,IAAI;IACf;IAEA,OAAO,KAAK;EAChB;EAEA,MAAMC,oBAAoBA,CAACC,MAA4B,EAAE;IACrD,MAAMC,cAAc,GAAG,MAAM,IAAI,CAACd,cAAc,CAACa,MAAM,CAAC;IACxD,IAAIC,cAAc,EAAE;MAChB;IACJ;IAEA,MAAM,IAAIC,+BAAkB,CAAC;MACzBC,IAAI,EAAE;QACFC,MAAM,EAAG,gCAA+BJ,MAAM,CAACZ,KAAK,CAACU,EAAG;MAC5D;IACJ,CAAC,CAAC;EACN;AACJ;AAACO,OAAA,CAAApB,sBAAA,GAAAA,sBAAA"}
|
|
@@ -1,20 +1,22 @@
|
|
|
1
1
|
import { AppPermissions, AppPermissionsParams } from "@webiny/api-security";
|
|
2
|
-
import { CmsGroupPermission, CmsModel, CmsModelPermission } from "../../types";
|
|
2
|
+
import { CmsGroupPermission, CmsModel as BaseCmsModel, CmsModelGroup as BaseCmsModelGroup, CmsModelPermission } from "../../types";
|
|
3
3
|
import { ModelGroupsPermissions } from "./ModelGroupsPermissions";
|
|
4
4
|
export interface ModelsPermissionsParams extends AppPermissionsParams<CmsGroupPermission> {
|
|
5
5
|
modelGroupsPermissions: ModelGroupsPermissions;
|
|
6
6
|
}
|
|
7
|
+
interface PickedCmsModel extends Pick<BaseCmsModel, "modelId" | "locale"> {
|
|
8
|
+
group: Pick<BaseCmsModelGroup, "id">;
|
|
9
|
+
}
|
|
7
10
|
export interface CanAccessModelParams {
|
|
8
|
-
model:
|
|
9
|
-
locale: string;
|
|
11
|
+
model: PickedCmsModel;
|
|
10
12
|
}
|
|
11
13
|
export interface EnsureModelAccessParams {
|
|
12
|
-
model:
|
|
13
|
-
locale: string;
|
|
14
|
+
model: PickedCmsModel;
|
|
14
15
|
}
|
|
15
16
|
export declare class ModelsPermissions extends AppPermissions<CmsModelPermission> {
|
|
16
|
-
private modelGroupsPermissions;
|
|
17
|
+
private readonly modelGroupsPermissions;
|
|
17
18
|
constructor(params: ModelsPermissionsParams);
|
|
18
|
-
canAccessModel({ model
|
|
19
|
+
canAccessModel({ model }: CanAccessModelParams): Promise<boolean>;
|
|
19
20
|
ensureCanAccessModel(params: EnsureModelAccessParams): Promise<void>;
|
|
20
21
|
}
|
|
22
|
+
export {};
|
|
@@ -14,8 +14,7 @@ class ModelsPermissions extends _apiSecurity.AppPermissions {
|
|
|
14
14
|
this.modelGroupsPermissions = params.modelGroupsPermissions;
|
|
15
15
|
}
|
|
16
16
|
async canAccessModel({
|
|
17
|
-
model
|
|
18
|
-
locale
|
|
17
|
+
model
|
|
19
18
|
}) {
|
|
20
19
|
if (await this.hasFullAccess()) {
|
|
21
20
|
return true;
|
|
@@ -42,6 +41,7 @@ class ModelsPermissions extends _apiSecurity.AppPermissions {
|
|
|
42
41
|
}
|
|
43
42
|
const modelGroupsPermissionsList = await modelGroupsPermissions.getPermissions();
|
|
44
43
|
const modelsPermissionsList = await this.getPermissions();
|
|
44
|
+
const locale = model.locale;
|
|
45
45
|
for (let i = 0; i < modelGroupsPermissionsList.length; i++) {
|
|
46
46
|
const modelGroupPermission = modelGroupsPermissionsList[i];
|
|
47
47
|
const {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"names":["_apiSecurity","require","ModelsPermissions","AppPermissions","constructor","params","_defineProperty2","default","modelGroupsPermissions","canAccessModel","model","
|
|
1
|
+
{"version":3,"names":["_apiSecurity","require","ModelsPermissions","AppPermissions","constructor","params","_defineProperty2","default","modelGroupsPermissions","canAccessModel","model","hasFullAccess","modelsPermissions","canReadGroups","ensure","rwd","throw","canReadModels","modelGroupsPermissionsList","getPermissions","modelsPermissionsList","locale","i","length","modelGroupPermission","groups","j","modelPermission","models","Array","isArray","includes","group","id","modelId","ensureCanAccessModel","NotAuthorizedError","data","reason","exports"],"sources":["ModelsPermissions.ts"],"sourcesContent":["import { AppPermissions, AppPermissionsParams, NotAuthorizedError } from \"@webiny/api-security\";\nimport {\n CmsGroupPermission,\n CmsModel as BaseCmsModel,\n CmsModelGroup as BaseCmsModelGroup,\n CmsModelPermission\n} from \"~/types\";\nimport { ModelGroupsPermissions } from \"~/utils/permissions/ModelGroupsPermissions\";\n\nexport interface ModelsPermissionsParams extends AppPermissionsParams<CmsGroupPermission> {\n modelGroupsPermissions: ModelGroupsPermissions;\n}\n\ninterface PickedCmsModel extends Pick<BaseCmsModel, \"modelId\" | \"locale\"> {\n group: Pick<BaseCmsModelGroup, \"id\">;\n}\n\nexport interface CanAccessModelParams {\n model: PickedCmsModel;\n}\n\nexport interface EnsureModelAccessParams {\n model: PickedCmsModel;\n}\n\nexport class ModelsPermissions extends AppPermissions<CmsModelPermission> {\n private readonly modelGroupsPermissions: ModelGroupsPermissions;\n\n public constructor(params: ModelsPermissionsParams) {\n super(params);\n this.modelGroupsPermissions = params.modelGroupsPermissions;\n }\n\n public async canAccessModel({ model }: CanAccessModelParams) {\n if (await this.hasFullAccess()) {\n return true;\n }\n\n const modelGroupsPermissions = this.modelGroupsPermissions;\n\n // eslint-disable-next-line\n const modelsPermissions = this;\n\n const canReadGroups = await modelGroupsPermissions.ensure({ rwd: \"r\" }, { throw: false });\n if (!canReadGroups) {\n return false;\n }\n\n const canReadModels = await modelsPermissions.ensure({ rwd: \"r\" }, { throw: false });\n if (!canReadModels) {\n return false;\n }\n\n const modelGroupsPermissionsList = await modelGroupsPermissions.getPermissions();\n const modelsPermissionsList = await this.getPermissions();\n\n const locale = model.locale;\n\n for (let i = 0; i < modelGroupsPermissionsList.length; i++) {\n const modelGroupPermission = modelGroupsPermissionsList[i];\n\n const { groups } = modelGroupPermission;\n\n for (let j = 0; j < modelsPermissionsList.length; j++) {\n const modelPermission = modelsPermissionsList[j];\n\n const { models } = modelPermission;\n // when no models or groups defined on permission\n // it means user has access to everything\n if (!models && !groups) {\n return true;\n }\n\n // Does the model belong to a group for which user has permission?\n if (groups) {\n if (\n Array.isArray(groups[locale]) === false ||\n groups[locale].includes(model.group.id) === false\n ) {\n continue;\n }\n }\n\n // Does the user have access to the specific model?\n if (models) {\n if (\n Array.isArray(models[locale]) === false ||\n models[locale].includes(model.modelId) === false\n ) {\n continue;\n }\n }\n\n return true;\n }\n }\n\n return false;\n }\n\n public async ensureCanAccessModel(params: EnsureModelAccessParams) {\n const canAccessModel = await this.canAccessModel(params);\n if (canAccessModel) {\n return;\n }\n\n throw new NotAuthorizedError({\n data: {\n reason: `Not allowed to access model \"${params.model.modelId}\".`\n }\n });\n }\n}\n"],"mappings":";;;;;;;;AAAA,IAAAA,YAAA,GAAAC,OAAA;AAyBO,MAAMC,iBAAiB,SAASC,2BAAc,CAAqB;EAG/DC,WAAWA,CAACC,MAA+B,EAAE;IAChD,KAAK,CAACA,MAAM,CAAC;IAAC,IAAAC,gBAAA,CAAAC,OAAA;IACd,IAAI,CAACC,sBAAsB,GAAGH,MAAM,CAACG,sBAAsB;EAC/D;EAEA,MAAaC,cAAcA,CAAC;IAAEC;EAA4B,CAAC,EAAE;IACzD,IAAI,MAAM,IAAI,CAACC,aAAa,CAAC,CAAC,EAAE;MAC5B,OAAO,IAAI;IACf;IAEA,MAAMH,sBAAsB,GAAG,IAAI,CAACA,sBAAsB;;IAE1D;IACA,MAAMI,iBAAiB,GAAG,IAAI;IAE9B,MAAMC,aAAa,GAAG,MAAML,sBAAsB,CAACM,MAAM,CAAC;MAAEC,GAAG,EAAE;IAAI,CAAC,EAAE;MAAEC,KAAK,EAAE;IAAM,CAAC,CAAC;IACzF,IAAI,CAACH,aAAa,EAAE;MAChB,OAAO,KAAK;IAChB;IAEA,MAAMI,aAAa,GAAG,MAAML,iBAAiB,CAACE,MAAM,CAAC;MAAEC,GAAG,EAAE;IAAI,CAAC,EAAE;MAAEC,KAAK,EAAE;IAAM,CAAC,CAAC;IACpF,IAAI,CAACC,aAAa,EAAE;MAChB,OAAO,KAAK;IAChB;IAEA,MAAMC,0BAA0B,GAAG,MAAMV,sBAAsB,CAACW,cAAc,CAAC,CAAC;IAChF,MAAMC,qBAAqB,GAAG,MAAM,IAAI,CAACD,cAAc,CAAC,CAAC;IAEzD,MAAME,MAAM,GAAGX,KAAK,CAACW,MAAM;IAE3B,KAAK,IAAIC,CAAC,GAAG,CAAC,EAAEA,CAAC,GAAGJ,0BAA0B,CAACK,MAAM,EAAED,CAAC,EAAE,EAAE;MACxD,MAAME,oBAAoB,GAAGN,0BAA0B,CAACI,CAAC,CAAC;MAE1D,MAAM;QAAEG;MAAO,CAAC,GAAGD,oBAAoB;MAEvC,KAAK,IAAIE,CAAC,GAAG,CAAC,EAAEA,CAAC,GAAGN,qBAAqB,CAACG,MAAM,EAAEG,CAAC,EAAE,EAAE;QACnD,MAAMC,eAAe,GAAGP,qBAAqB,CAACM,CAAC,CAAC;QAEhD,MAAM;UAAEE;QAAO,CAAC,GAAGD,eAAe;QAClC;QACA;QACA,IAAI,CAACC,MAAM,IAAI,CAACH,MAAM,EAAE;UACpB,OAAO,IAAI;QACf;;QAEA;QACA,IAAIA,MAAM,EAAE;UACR,IACII,KAAK,CAACC,OAAO,CAACL,MAAM,CAACJ,MAAM,CAAC,CAAC,KAAK,KAAK,IACvCI,MAAM,CAACJ,MAAM,CAAC,CAACU,QAAQ,CAACrB,KAAK,CAACsB,KAAK,CAACC,EAAE,CAAC,KAAK,KAAK,EACnD;YACE;UACJ;QACJ;;QAEA;QACA,IAAIL,MAAM,EAAE;UACR,IACIC,KAAK,CAACC,OAAO,CAACF,MAAM,CAACP,MAAM,CAAC,CAAC,KAAK,KAAK,IACvCO,MAAM,CAACP,MAAM,CAAC,CAACU,QAAQ,CAACrB,KAAK,CAACwB,OAAO,CAAC,KAAK,KAAK,EAClD;YACE;UACJ;QACJ;QAEA,OAAO,IAAI;MACf;IACJ;IAEA,OAAO,KAAK;EAChB;EAEA,MAAaC,oBAAoBA,CAAC9B,MAA+B,EAAE;IAC/D,MAAMI,cAAc,GAAG,MAAM,IAAI,CAACA,cAAc,CAACJ,MAAM,CAAC;IACxD,IAAII,cAAc,EAAE;MAChB;IACJ;IAEA,MAAM,IAAI2B,+BAAkB,CAAC;MACzBC,IAAI,EAAE;QACFC,MAAM,EAAG,gCAA+BjC,MAAM,CAACK,KAAK,CAACwB,OAAQ;MACjE;IACJ,CAAC,CAAC;EACN;AACJ;AAACK,OAAA,CAAArC,iBAAA,GAAAA,iBAAA"}
|