corebasic 1.0.150 → 1.0.152
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/libs/elabase.js +4 -0
- package/libs/session.js +4 -3
- package/package.json +1 -1
- package/libs/privileges.js +0 -104
package/libs/elabase.js
CHANGED
|
@@ -84,6 +84,7 @@ export function transactionCommit(arg) {
|
|
|
84
84
|
}
|
|
85
85
|
|
|
86
86
|
export const insert = async (meta, collection, value, _id) => {
|
|
87
|
+
if (typeof collection !== "string") throw {message: "Error: collection type is not string in Dip.insert()"}
|
|
87
88
|
// Multi Company Support
|
|
88
89
|
if (Utils.isEmpty(meta?.company)) throw {message: "Error: meta argument not provided in Dip.insert()"}
|
|
89
90
|
collection = `${meta.company}.${collection}`
|
|
@@ -123,6 +124,7 @@ export const insert = async (meta, collection, value, _id) => {
|
|
|
123
124
|
}
|
|
124
125
|
|
|
125
126
|
export const query = async (meta, collection, query, options) => {
|
|
127
|
+
if (typeof collection !== "string") throw {message: "Error: collection type is not string in Dip.query()"}
|
|
126
128
|
if (meta?.USE_EMPTY_COMPANY) {
|
|
127
129
|
|
|
128
130
|
} else {
|
|
@@ -172,6 +174,7 @@ function collectionArray(col) {
|
|
|
172
174
|
export const update = async (meta, collection, query, update, options) => {
|
|
173
175
|
// Multi Company Support
|
|
174
176
|
if (Utils.isEmpty(meta?.company)) throw {message: "Error: meta argument not provided in Dip.update()"}
|
|
177
|
+
if (typeof collection !== "string") throw {message: "Error: collection type is not string in Dip.update()"}
|
|
175
178
|
collection = `${meta.company}.${collection}`
|
|
176
179
|
if (meta.company !== "GLOBAL") {
|
|
177
180
|
query.company = meta.company
|
|
@@ -215,6 +218,7 @@ export const update = async (meta, collection, query, update, options) => {
|
|
|
215
218
|
export const remove = async (meta, collection, query) => {
|
|
216
219
|
// Multi Company Support
|
|
217
220
|
if (Utils.isEmpty(meta?.company)) throw {message: "Error: meta argument not provided in Dip.remove()"}
|
|
221
|
+
if (typeof collection !== "string") throw {message: "Error: collection type is not string in Dip.remove()"}
|
|
218
222
|
collection = `${meta.company}.${collection}`
|
|
219
223
|
if (meta.company !== "GLOBAL")
|
|
220
224
|
query.company = meta.company
|
package/libs/session.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import jwt from 'jsonwebtoken'
|
|
2
|
-
import * as Privilege from './privileges.js'
|
|
3
2
|
import * as Utils from './utils.js'
|
|
3
|
+
import * as Features from './features.js'
|
|
4
4
|
let app
|
|
5
5
|
|
|
6
6
|
|
|
@@ -17,7 +17,6 @@ export const start = (expressApp, allowedUrls) => {
|
|
|
17
17
|
urlsAllowed = ["/refreshToken", "/login"].concat(allowedUrls ?? [])
|
|
18
18
|
app = expressApp
|
|
19
19
|
|
|
20
|
-
Privilege.start()
|
|
21
20
|
|
|
22
21
|
app.use(async (req, res, next) => {
|
|
23
22
|
|
|
@@ -28,12 +27,14 @@ export const start = (expressApp, allowedUrls) => {
|
|
|
28
27
|
if (urlsAllowed.includes(req.path))
|
|
29
28
|
return next()
|
|
30
29
|
|
|
30
|
+
const checkPrivilege = async req => (await Features.send({company: req.body.company, outlet: req.body.outlet}, "privileges.query.check", {feature: req.body.feature }, {id: req.body.staff})).data.granted
|
|
31
|
+
|
|
31
32
|
try {
|
|
32
33
|
const token = req.header('JWT'); // 'Authorization' for Spring Boot, 'x-access-token' for Node.js Express back-end
|
|
33
34
|
const service = req.header('SERVICE'); // Case insensitive search
|
|
34
35
|
if (service && jwt.verify(token, DEPLOY_TOKEN_SECRET))
|
|
35
36
|
return next()
|
|
36
|
-
else if (jwt.verify(token, ACCESS_TOKEN_SECRET) && (process.env.GRANT_FULL_ACCESS || allowedDefaults || await
|
|
37
|
+
else if (jwt.verify(token, ACCESS_TOKEN_SECRET) && (process.env.GRANT_FULL_ACCESS || allowedDefaults || await checkPrivilege(req)))
|
|
37
38
|
return next()
|
|
38
39
|
throw null;
|
|
39
40
|
} catch (error) {
|
package/package.json
CHANGED
package/libs/privileges.js
DELETED
|
@@ -1,104 +0,0 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
import * as Dip from './dip.js'
|
|
4
|
-
|
|
5
|
-
let DIP_URL = process.env.PRIVELEGE_DIP_URL
|
|
6
|
-
let DIP_DB = process.env.PRIVELEGE_DIP_DB
|
|
7
|
-
|
|
8
|
-
let PRIVILEGES_CACHE = {
|
|
9
|
-
|
|
10
|
-
// "<company>": {
|
|
11
|
-
// "Sales Man": {
|
|
12
|
-
// "products.query.list": { type: "Feature" }
|
|
13
|
-
// },
|
|
14
|
-
// "Accountant": {
|
|
15
|
-
// "Sales Man": { type: "Role" },
|
|
16
|
-
// "accounts.query.list": { type: "Feature" },
|
|
17
|
-
// },
|
|
18
|
-
// "Cashier": {
|
|
19
|
-
// "Sales Man": { type: "Role" },
|
|
20
|
-
// "cash.query.list": { type: "Feature" },
|
|
21
|
-
// },
|
|
22
|
-
// }
|
|
23
|
-
}
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
const get = async (company) => {
|
|
27
|
-
PRIVILEGES_CACHE[company] = {}
|
|
28
|
-
let meta = {company, outlet: "GLOBAL", DIP_URL, DIP_DB}
|
|
29
|
-
let privileges = await Dip.query(meta, "privileges", { })
|
|
30
|
-
privileges.forEach(privilege => PRIVILEGES_CACHE[company][privilege.name] = privilege)
|
|
31
|
-
|
|
32
|
-
// Format
|
|
33
|
-
for (let role in PRIVILEGES_CACHE[company])
|
|
34
|
-
PRIVILEGES_CACHE[company][role] = PRIVILEGES_CACHE[company][role].items.reduce( (obj, item) => ({...obj, [item.name]: {type: item.type} }), {})
|
|
35
|
-
|
|
36
|
-
return PRIVILEGES_CACHE[company]
|
|
37
|
-
}
|
|
38
|
-
|
|
39
|
-
export const start = async () => {
|
|
40
|
-
let meta = {company: "GLOBAL", outlet: "GLOBAL", DIP_URL, DIP_DB}
|
|
41
|
-
let companies = await Dip.query(meta, "companies", { })
|
|
42
|
-
for (let company of companies)
|
|
43
|
-
await get(company._id)
|
|
44
|
-
}
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
function rolesToFeatures(company, roles) {
|
|
48
|
-
let features = []
|
|
49
|
-
|
|
50
|
-
let privileges = PRIVILEGES_CACHE[company]
|
|
51
|
-
|
|
52
|
-
roles.forEach(role => {
|
|
53
|
-
for (let key in privileges[role]) {
|
|
54
|
-
let isFeature = privileges[role][key].type === "Feature"
|
|
55
|
-
let isRole = privileges[role][key].type === "Role"
|
|
56
|
-
if (isFeature)
|
|
57
|
-
features.push(key)
|
|
58
|
-
else if (isRole)
|
|
59
|
-
features.push(...(rolesToFeatures(company, [key])))
|
|
60
|
-
}
|
|
61
|
-
})
|
|
62
|
-
return features
|
|
63
|
-
}
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
const getAllowedFeatures = (company, roles) => {
|
|
71
|
-
return [...new Set(rolesToFeatures(company, roles))]
|
|
72
|
-
}
|
|
73
|
-
|
|
74
|
-
const check = async (company, user, feature, req) => {
|
|
75
|
-
let roles = await getRoles(company, user, req)
|
|
76
|
-
return roles.includes(feature)
|
|
77
|
-
}
|
|
78
|
-
|
|
79
|
-
export const checkRequest = async (req) => {
|
|
80
|
-
let meta = {...req.body, data: undefined, DIP_URL, DIP_DB}
|
|
81
|
-
req.meta = meta
|
|
82
|
-
if (req.body.feature === 'outlets.query.list') // Starting point for atleast selecting an outlet. (This is a Special Case)
|
|
83
|
-
return true
|
|
84
|
-
if (req.body.app === "Slyp")
|
|
85
|
-
return true
|
|
86
|
-
|
|
87
|
-
return await check(req.body.company, req.body.user, req.body.feature, req)
|
|
88
|
-
}
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
const getRoles = async (company, user, req) => {
|
|
94
|
-
let staff = (await Dip.query(req.meta, "staff", { user: user }))[0]
|
|
95
|
-
if (staff?._id === `${company}_DEFAULT`) // Company Creator Admin Access
|
|
96
|
-
return [req.body.feature]
|
|
97
|
-
let roles = (await Dip.query(req.meta, "privileges.staff", { _id: staff._id }))[0].items.map(item => item._id)
|
|
98
|
-
return getAllowedFeatures(company, roles)
|
|
99
|
-
}
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|