domma-cms 0.10.0 → 0.13.0

package/server/services/userTypes.js

@@ -1,227 +0,0 @@
-/**
- * User Types Service
- * Preset Collection — seeds roles on first startup, caches them in memory.
- * Auth middleware calls getRoleMap() / getPermissionsFor() at request time.
- */
-import fs from 'fs/promises';
-import path from 'path';
-import {v4 as uuidv4} from 'uuid';
-import {config} from '../config.js';
-
-const COLLECTIONS_DIR = path.resolve(config.content.collectionsDir);
-const SLUG = 'user-types';
-const DIR = path.join(COLLECTIONS_DIR, SLUG);
-const SCHEMA_PATH = path.join(DIR, 'schema.json');
-const DATA_PATH = path.join(DIR, 'data.json');
-
-export const RESOURCES = ['pages', 'settings', 'navigation', 'layouts', 'media', 'users', 'plugins', 'collections', 'views', 'actions', 'blocks'];
-export const ACTIONS = ['read', 'create', 'update', 'delete'];
-
-const PRESET_SCHEMA = {
-    slug: SLUG,
-    title: 'User Types',
-    description: 'CMS role definitions — managed by the system.',
-    preset: true,
-    fields: [
-        {name: 'name', label: 'Name (slug)', type: 'text', required: true},
-        {name: 'label', label: 'Label', type: 'text', required: true},
-        {name: 'level', label: 'Level', type: 'number', required: true},
-        {
-            name: 'permissions',
-            label: 'Permissions',
-            type: 'multi-select',
-            options: RESOURCES.flatMap(r => [r, ...ACTIONS.map(a => `${r}.${a}`)])
-        },
-        {
-            name: 'badgeClass', label: 'Badge Class', type: 'select',
-            options: ['badge-danger', 'badge-warning', 'badge-info', 'badge-secondary', 'badge-success', 'badge-primary']
-        }
-    ],
-    api: {
-        create: {enabled: false, access: 'admin'},
-        read: {enabled: false, access: 'admin'},
-        update: {enabled: false, access: 'admin'},
-        delete: {enabled: false, access: 'admin'}
-    }
-};
-
-const SEED_ENTRIES = [
-    {name: 'admin', label: 'Admin', level: 0, permissions: RESOURCES, badgeClass: 'badge-danger'},
-    {
-        name: 'manager',
-        label: 'Manager',
-        level: 1,
-        permissions: ['pages', 'settings', 'navigation', 'layouts', 'media', 'users', 'collections', 'views', 'actions'],
-        badgeClass: 'badge-warning'
-    },
-    {
-        name: 'editor',
-        label: 'Editor',
-        level: 2,
-        permissions: ['pages.read', 'pages.create', 'pages.update', 'media'],
-        badgeClass: 'badge-info'
-    },
-    {name: 'subscriber', label: 'Subscriber', level: 3, permissions: [], badgeClass: 'badge-secondary'}
-];
-
-// ---------------------------------------------------------------------------
-// In-memory cache
-// ---------------------------------------------------------------------------
-
-/** @type {Map<string,{label:string,level:number,badgeClass:string}>} */
-let roleMap = new Map();
-
-/** @type {Map<string,string[]>} resource (and resource.action) → role names */
-let permissionsMap = new Map();
-
-/** @type {Map<string,string[]>} role name → raw permissions array */
-let rawPermissionsMap = new Map();
-
-/**
- * Build in-memory maps from an array of data entries.
- * Supports both bare resource names ('pages') and dotted action strings ('pages.read').
- * Bare names expand to all four actions for backward compatibility.
- *
- * @param {object[]} entries
- */
-function buildCache(entries) {
-    roleMap = new Map();
-    permissionsMap = new Map();
-    rawPermissionsMap = new Map();
-
-    const addTo = (key, role) => {
-        if (!permissionsMap.has(key)) permissionsMap.set(key, []);
-        if (!permissionsMap.get(key).includes(role)) permissionsMap.get(key).push(role);
-    };
-
-    for (const entry of entries) {
-        const d = entry.data;
-        roleMap.set(d.name, {label: d.label, level: d.level, badgeClass: d.badgeClass || ''});
-        rawPermissionsMap.set(d.name, d.permissions || []);
-        for (const perm of (d.permissions || [])) {
-            if (perm.includes('.')) {
-                const [res] = perm.split('.');
-                addTo(perm, d.name);          // 'pages.read' → [role]
-                addTo(res, d.name);          // 'pages'      → [role] (any-action union)
-            } else {
-                addTo(perm, d.name);          // 'pages' (bare) → [role]
-                for (const action of ACTIONS) {
-                    addTo(`${perm}.${action}`, d.name); // expand to all actions
-                }
-            }
-        }
-    }
-}
-
-// ---------------------------------------------------------------------------
-// Public API
-// ---------------------------------------------------------------------------
-
-/**
- * Seed the preset collection on first startup (no-op if data.json already exists).
- *
- * @returns {Promise<void>}
- */
-export async function seed() {
-    await fs.mkdir(DIR, {recursive: true});
-
-    // Always write schema (overwrite to keep in sync with code)
-    await fs.writeFile(SCHEMA_PATH, JSON.stringify(PRESET_SCHEMA, null, 2) + '\n', 'utf8');
-
-    // Only write data if it doesn't exist yet
-    try {
-        await fs.access(DATA_PATH);
-    } catch {
-        const entries = SEED_ENTRIES.map(data => ({
-            id: uuidv4(),
-            data,
-            createdAt: new Date().toISOString(),
-            updatedAt: new Date().toISOString()
-        }));
-        await fs.writeFile(DATA_PATH, JSON.stringify(entries, null, 2) + '\n', 'utf8');
-    }
-}
-
-/**
- * Load the collection from disk into the in-memory cache.
- *
- * @returns {Promise<void>}
- */
-export async function load() {
-    try {
-        const raw = await fs.readFile(DATA_PATH, 'utf8');
-        const entries = JSON.parse(raw);
-        buildCache(entries);
-    } catch (err) {
-        console.warn('[userTypes] Failed to load user-types collection:', err.message);
-    }
-}
-
-/**
- * Reload from disk — call after any CRUD on the user-types collection.
- *
- * @returns {Promise<void>}
- */
-export async function invalidate() {
-    await load();
-}
-
-/**
- * Return the full role map.
- *
- * @returns {Map<string,{label:string,level:number,badgeClass:string}>}
- */
-export function getRoleMap() {
-    return roleMap;
-}
-
-/**
- * Return the level for a named role, or Infinity if not found.
- *
- * @param {string} roleName
- * @returns {number}
- */
-export function getRoleLevel(roleName) {
-    return roleMap.get(roleName)?.level ?? Infinity;
-}
-
-/**
- * Return the role names allowed to access a resource (and optional action).
- * - getPermissionsFor('pages')          → roles with ANY action on pages (backward compat)
- * - getPermissionsFor('pages', 'delete')→ roles with delete on pages
- * - getPermissionsFor('pages.delete')   → same as above (dot-notation shorthand)
- *
- * @param {string}  resource - Resource key, or 'resource.action' dot notation
- * @param {string} [action]  - Optional action (read | create | update | delete)
- * @returns {string[]}
- */
-export function getPermissionsFor(resource, action) {
-    if (action) {
-        return permissionsMap.get(`${resource}.${action}`) ?? [];
-    }
-    if (resource.includes('.')) {
-        return permissionsMap.get(resource) ?? [];
-    }
-    return permissionsMap.get(resource) ?? [];
-}
-
-/**
- * Return the raw permissions array for a role — used by the /api/auth/permissions endpoint.
- *
- * @param {string} roleName
- * @returns {string[]}
- */
-export function getPermissionsForRole(roleName) {
-    return rawPermissionsMap.get(roleName) ?? [];
-}
-
-/**
- * Return role names ordered from most to least privileged.
- *
- * @returns {string[]}
- */
-export function getRoleHierarchy() {
-    return [...roleMap.entries()]
-        .sort((a, b) => a[1].level - b[1].level)
-        .map(([key]) => key);
-}