identity-admin 1.26.7 → 1.26.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/lib/controllers/ActionController.js +5 -0
  2. package/lib/controllers/DashboardController.js +13 -6
  3. package/lib/helpers/Permissions/PermissionResource.d.ts +3 -2
  4. package/lib/helpers/Permissions/PermissionResource.js +33 -2
  5. package/package.json +1 -1
package/lib/controllers/ActionController.js CHANGED
@@ -28,6 +28,7 @@ const StringUtils_1 = __importDefault(require("../utils/StringUtils"));
28
28
  const Repository_1 = __importDefault(require("../repositories/Repository"));
29
29
  const ResourceUtils_1 = require("../utils/ResourceUtils");
30
30
  const UserActionsLog_1 = __importDefault(require("../models/userActionsLog/UserActionsLog"));
31
+ const PermissionResource_1 = require("../helpers/Permissions/PermissionResource");
31
32
  let ActionController = class ActionController {
32
33
  constructor(resources) {
33
34
  this.resources = resources;
@@ -55,6 +56,10 @@ let ActionController = class ActionController {
55
56
  }
56
57
  };
57
58
  const extraActions = (_b = (_a = resource.properties.actions) === null || _a === void 0 ? void 0 : _a.extras) !== null && _b !== void 0 ? _b : [];
59
+ const havePermission = yield PermissionResource_1.PermissionResource.havePermission(currentUser.permissionGroupId, actionKey);
60
+ if (!havePermission) {
61
+ return ResponseUtils_1.default.forbidden(res);
62
+ }
58
63
  for (var i = 0; i < extraActions.length; i++) {
59
64
  const extraAction = extraActions[i];
60
65
  if (extraAction.key === actionKey) {
package/lib/controllers/DashboardController.js CHANGED
@@ -40,6 +40,7 @@ const PopulationHelper_1 = require("../helpers/PopulationHelper");
40
40
  const ReportsGenerator_1 = __importDefault(require("../helpers/ReportsGenerator"));
41
41
  const IUserActionsLog_1 = require("../models/userActionsLog/IUserActionsLog");
42
42
  const UserActionsLog_1 = __importDefault(require("../models/userActionsLog/UserActionsLog"));
43
+ const PermissionResource_1 = require("../helpers/Permissions/PermissionResource");
43
44
  let DashboardController = DashboardController_1 = class DashboardController {
44
45
  constructor(resource, repository, resources, modelConfigurations) {
45
46
  this.resource = resource;
@@ -108,7 +109,8 @@ let DashboardController = DashboardController_1 = class DashboardController {
108
109
  continue;
109
110
  }
110
111
  const isVisible = yield extraAction.isVisible(data);
111
- if (isVisible) {
112
+ const havePermission = yield PermissionResource_1.PermissionResource.havePermission(currentUser.permissionGroupId, extraAction.key);
113
+ if (isVisible && havePermission) {
112
114
  extraActionsArray.push(extraAction.key);
113
115
  }
114
116
  }
@@ -146,7 +148,8 @@ let DashboardController = DashboardController_1 = class DashboardController {
146
148
  return ResponseUtils_1.default.unauthorized(res);
147
149
  }
148
150
  const permissionCheck = resource.properties.isAllowed ? yield resource.properties.isAllowed(currentUser) : true;
149
- if (!permissionCheck) {
151
+ const havePermission = yield PermissionResource_1.PermissionResource.havePermission(currentUser.permissionGroupId, `${StringUtils_1.default.lowerCaseFirstLetter(resource.properties.modelName)}_view`);
152
+ if (!permissionCheck || !havePermission) {
150
153
  return ResponseUtils_1.default.forbidden(res);
151
154
  }
152
155
  const repository = (_c = this.repository) !== null && _c !== void 0 ? _c : new Repository_1.default(resource.properties.resource);
@@ -248,7 +251,8 @@ let DashboardController = DashboardController_1 = class DashboardController {
248
251
  return ResponseUtils_1.default.unauthorized(res);
249
252
  }
250
253
  const permissionCheck = resource.properties.isAllowed ? yield resource.properties.isAllowed(currentUser) : true;
251
- if (!permissionCheck) {
254
+ const havePermission = yield PermissionResource_1.PermissionResource.havePermission(currentUser.permissionGroupId, `${StringUtils_1.default.lowerCaseFirstLetter(resource.properties.modelName)}_create`);
255
+ if (!permissionCheck || !havePermission) {
252
256
  return ResponseUtils_1.default.forbidden(res);
253
257
  }
254
258
  const actions = ActionsGenerator_1.default.generateActions(resource.properties.actions, resource, currentUser, (_c = this.modelConfigurations) === null || _c === void 0 ? void 0 : _c.get(resource.properties.modelName));
@@ -321,7 +325,8 @@ let DashboardController = DashboardController_1 = class DashboardController {
321
325
  return ResponseUtils_1.default.unauthorized(res);
322
326
  }
323
327
  const permissionCheck = resource.properties.isAllowed ? yield resource.properties.isAllowed(currentUser) : true;
324
- if (!permissionCheck) {
328
+ const havePermission = yield PermissionResource_1.PermissionResource.havePermission(currentUser.permissionGroupId, `${StringUtils_1.default.lowerCaseFirstLetter(resource.properties.modelName)}_edit`);
329
+ if (!permissionCheck || !havePermission) {
325
330
  return ResponseUtils_1.default.forbidden(res);
326
331
  }
327
332
  const actions = ActionsGenerator_1.default.generateActions(resource.properties.actions, resource, currentUser, (_c = this.modelConfigurations) === null || _c === void 0 ? void 0 : _c.get(resource.properties.modelName));
@@ -492,7 +497,8 @@ let DashboardController = DashboardController_1 = class DashboardController {
492
497
  return ResponseUtils_1.default.unauthorized(res);
493
498
  }
494
499
  const permissionCheck = resource.properties.isAllowed ? yield resource.properties.isAllowed(currentUser) : true;
495
- if (!permissionCheck) {
500
+ const havePermission = yield PermissionResource_1.PermissionResource.havePermission(currentUser.permissionGroupId, `${StringUtils_1.default.lowerCaseFirstLetter(resource.properties.modelName)}_view`);
501
+ if (!permissionCheck || !havePermission) {
496
502
  return ResponseUtils_1.default.forbidden(res);
497
503
  }
498
504
  const repository = (_c = this.repository) !== null && _c !== void 0 ? _c : new Repository_1.default(resource.properties.resource);
@@ -575,7 +581,8 @@ let DashboardController = DashboardController_1 = class DashboardController {
575
581
  return ResponseUtils_1.default.unauthorized(res);
576
582
  }
577
583
  const permissionCheck = resource.properties.isAllowed ? yield resource.properties.isAllowed(currentUser) : true;
578
- if (!permissionCheck) {
584
+ const havePermission = yield PermissionResource_1.PermissionResource.havePermission(currentUser.permissionGroupId, `${StringUtils_1.default.lowerCaseFirstLetter(resource.properties.modelName)}_delete`);
585
+ if (!permissionCheck || !havePermission) {
579
586
  return ResponseUtils_1.default.forbidden(res);
580
587
  }
581
588
  const actions = ActionsGenerator_1.default.generateActions(resource.properties.actions, resource, currentUser, (_c = this.modelConfigurations) === null || _c === void 0 ? void 0 : _c.get(resource.properties.modelName));
package/lib/helpers/Permissions/PermissionResource.d.ts CHANGED
@@ -1,5 +1,6 @@
1
- import { Model } from "mongoose";
2
- import { IPermissionData } from "./types";
1
+ import { Model } from 'mongoose';
2
+ import { IPermissionData } from './types';
3
3
  export declare class PermissionResource {
4
4
  static get(permissionGroupId: string, PermissionModel: Model<any, any>): Promise<IPermissionData>;
5
+ static havePermission(permissionGroupId: string, permissionName: string): Promise<boolean>;
5
6
  }
package/lib/helpers/Permissions/PermissionResource.js CHANGED
@@ -8,8 +8,12 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
8
8
  step((generator = generator.apply(thisArg, _arguments || [])).next());
9
9
  });
10
10
  };
11
+ var __importDefault = (this && this.__importDefault) || function (mod) {
12
+ return (mod && mod.__esModule) ? mod : { "default": mod };
13
+ };
11
14
  Object.defineProperty(exports, "__esModule", { value: true });
12
15
  exports.PermissionResource = void 0;
16
+ const mongoose_1 = __importDefault(require("mongoose"));
13
17
  const PermissionFetcher_1 = require("./PermissionFetcher");
14
18
  class PermissionResource {
15
19
  static get(permissionGroupId, PermissionModel) {
@@ -20,12 +24,39 @@ class PermissionResource {
20
24
  permissions.forEach((permission) => {
21
25
  mappedPermissions[permission.modelName] = {};
22
26
  permission.permissions.forEach((singlePermissionData) => {
23
- mappedPermissions[permission.modelName][singlePermissionData.key] =
24
- singlePermissionData.checked;
27
+ mappedPermissions[permission.modelName][singlePermissionData.key] = singlePermissionData.checked;
25
28
  });
26
29
  });
27
30
  return mappedPermissions;
28
31
  });
29
32
  }
33
+ static havePermission(permissionGroupId, permissionName) {
34
+ return __awaiter(this, void 0, void 0, function* () {
35
+ if (!permissionGroupId) {
36
+ return true;
37
+ }
38
+ const AdminPermission = mongoose_1.default.models['AdminPermission'];
39
+ const Permission = mongoose_1.default.models['Permission'];
40
+ const permission = yield Permission.findOne({ name: permissionName });
41
+ if (!permission) {
42
+ return true;
43
+ }
44
+ const matchPermission = yield AdminPermission.aggregate()
45
+ .match({
46
+ permissionGroupId,
47
+ })
48
+ .lookup({
49
+ from: 'permissions',
50
+ localField: 'permissionId',
51
+ foreignField: '_id',
52
+ as: 'permission',
53
+ })
54
+ .unwind('permission')
55
+ .match({
56
+ 'permission.name': permissionName,
57
+ });
58
+ return matchPermission.length !== 0;
59
+ });
60
+ }
30
61
  }
31
62
  exports.PermissionResource = PermissionResource;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "identity-admin",
3
- "version": "1.26.7",
3
+ "version": "1.26.8",
4
4
  "description": "",
5
5
  "main": "lib/Dashboard.js",
6
6
  "types": "lib/Dashbord.d.ts",