UNPKG

@forestadmin/forestadmin-client

Version:

This package contains the logic to use the ForestAdmin API inside an agent.

github.com/ForestAdmin/agent-nodejs

ForestAdmin/agent-nodejs

79 lines 7.35 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
"use strict"; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); const generate_actions_from_permissions_1 = __importDefault(require("./generate-actions-from-permissions")); const ttl_cache_1 = __importDefault(require("../utils/ttl-cache")); class ActionPermissionService { constructor(options, forestAdminServerInterface) { this.options = options; this.forestAdminServerInterface = forestAdminServerInterface; this.permissionsCache = new ttl_cache_1.default(this.fetchEnvironmentPermissions.bind(this), this.options.permissionsCacheDurationInSeconds * 1000); } async isDevelopmentPermission() { const permissions = await this.getPermissions(); // isDevelopment is true only for development environment return permissions.isDevelopment; } can(roleId, actionName) { return this.hasPermissionOrRefetch({ roleId, actionName, // Only allow refetch when not using server events allowRefetch: !this.options.instantCacheRefresh, }); } async hasPermissionOrRefetch({ roleId, actionName, allowRefetch, }) { const permissions = await this.getPermissions(); const isAllowed = this.isAllowed({ permissions, actionName, roleId }); if (!isAllowed && allowRefetch) { this.invalidateCache(); return this.hasPermissionOrRefetch({ roleId, actionName, allowRefetch: false, }); } this.options.logger('Debug', `User ${roleId} is ${isAllowed ? '' : 'not '}allowed to perform ${actionName}`); return isAllowed; } isAllowed({ permissions, actionName, roleId, }) { // In development everything is allowed return Boolean(permissions.isDevelopment || permissions.actionsGloballyAllowed.has(actionName) || permissions.actionsByRole.get(actionName)?.allowedRoles.has(roleId)); } async getPermissions() { return this.permissionsCache.fetch('currentEnvironment'); } async fetchEnvironmentPermissions() { this.options.logger('Debug', 'Fetching environment permissions'); const rawPermissions = await this.forestAdminServerInterface.getEnvironmentPermissions(this.options); return (0, generate_actions_from_permissions_1.default)(rawPermissions); } async getCustomActionCondition(roleId, actionName) { const permissions = await this.getPermissions(); const conditionFilter = permissions.actionsByRole.get(actionName)?.conditionsByRole.get(roleId); return conditionFilter; } async getAllCustomActionConditions(actionName) { const permissions = await this.getPermissions(); return permissions.actionsByRole.get(actionName)?.conditionsByRole; } async getRoleIdsAllowedToApproveWithoutConditions(actionName) { const permissions = await this.getPermissions(); const approvalPermission = permissions.actionsByRole.get(actionName); if (!approvalPermission) { return []; } // All allowed roles excluding the one with conditions return Array.from(approvalPermission.allowedRoles).filter(roleId => !approvalPermission.conditionsByRole?.has(roleId)); } invalidateCache() { this.options.logger('Debug', 'Invalidating roles permissions cache..'); this.permissionsCache.clear(); } } exports.default = ActionPermissionService; //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWN0aW9uLXBlcm1pc3Npb24uanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvcGVybWlzc2lvbnMvYWN0aW9uLXBlcm1pc3Npb24udHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFHQSw0R0FFNkM7QUFFN0MsbUVBQTBDO0FBRTFDLE1BQXFCLHVCQUF1QjtJQUcxQyxZQUNtQixPQUE2QyxFQUM3QywwQkFBc0Q7UUFEdEQsWUFBTyxHQUFQLE9BQU8sQ0FBc0M7UUFDN0MsK0JBQTBCLEdBQTFCLDBCQUEwQixDQUE0QjtRQUV2RSxJQUFJLENBQUMsZ0JBQWdCLEdBQUcsSUFBSSxtQkFBUSxDQUNsQyxJQUFJLENBQUMsMkJBQTJCLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxFQUMzQyxJQUFJLENBQUMsT0FBTyxDQUFDLGlDQUFpQyxHQUFHLElBQUksQ0FDdEQsQ0FBQztJQUNKLENBQUM7SUFFTSxLQUFLLENBQUMsdUJBQXVCO1FBQ2xDLE1BQU0sV0FBVyxHQUFHLE1BQU0sSUFBSSxDQUFDLGNBQWMsRUFBRSxDQUFDO1FBRWhELHlEQUF5RDtRQUN6RCxPQUFPLFdBQVcsQ0FBQyxhQUFhLENBQUM7SUFDbkMsQ0FBQztJQUVNLEdBQUcsQ0FBQyxNQUFjLEVBQUUsVUFBa0I7UUFDM0MsT0FBTyxJQUFJLENBQUMsc0JBQXNCLENBQUM7WUFDakMsTUFBTTtZQUNOLFVBQVU7WUFDVixrREFBa0Q7WUFDbEQsWUFBWSxFQUFFLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxtQkFBbUI7U0FDaEQsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVPLEtBQUssQ0FBQyxzQkFBc0IsQ0FBQyxFQUNuQyxNQUFNLEVBQ04sVUFBVSxFQUNWLFlBQVksR0FLYjtRQUNDLE1BQU0sV0FBVyxHQUFHLE1BQU0sSUFBSSxDQUFDLGNBQWMsRUFBRSxDQUFDO1FBQ2hELE1BQU0sU0FBUyxHQUFHLElBQUksQ0FBQyxTQUFTLENBQUMsRUFBRSxXQUFXLEVBQUUsVUFBVSxFQUFFLE1BQU0sRUFBRSxDQUFDLENBQUM7UUFFdEUsSUFBSSxDQUFDLFNBQVMsSUFBSSxZQUFZLEVBQUU7WUFDOUIsSUFBSSxDQUFDLGVBQWUsRUFBRSxDQUFDO1lBRXZCLE9BQU8sSUFBSSxDQUFDLHNCQUFzQixDQUFDO2dCQUNqQyxNQUFNO2dCQUNOLFVBQVU7Z0JBQ1YsWUFBWSxFQUFFLEtBQUs7YUFDcEIsQ0FBQyxDQUFDO1NBQ0o7UUFFRCxJQUFJLENBQUMsT0FBTyxDQUFDLE1BQU0sQ0FDakIsT0FBTyxFQUNQLFFBQVEsTUFBTSxPQUFPLFNBQVMsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxNQUFNLHNCQUFzQixVQUFVLEVBQUUsQ0FDL0UsQ0FBQztRQUVGLE9BQU8sU0FBUyxDQUFDO0lBQ25CLENBQUM7SUFFTyxTQUFTLENBQUMsRUFDaEIsV0FBVyxFQUNYLFVBQVUsRUFDVixNQUFNLEdBS1A7UUFDQyx1Q0FBdUM7UUFDdkMsT0FBTyxPQUFPLENBQ1osV0FBVyxDQUFDLGFBQWE7WUFDdkIsV0FBVyxDQUFDLHNCQUFzQixDQUFDLEdBQUcsQ0FBQyxVQUFVLENBQUM7WUFDbEQsV0FBVyxDQUFDLGFBQWEsQ0FBQyxHQUFHLENBQUMsVUFBVSxDQUFDLEVBQUUsWUFBWSxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsQ0FDdEUsQ0FBQztJQUNKLENBQUM7SUFFTyxLQUFLLENBQUMsY0FBYztRQUMxQixPQUFPLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxLQUFLLENBQUMsb0JBQW9CLENBQUMsQ0FBQztJQUMzRCxDQUFDO0lBRU8sS0FBSyxDQUFDLDJCQUEyQjtRQUN2QyxJQUFJLENBQUMsT0FBTyxDQUFDLE1BQU0sQ0FBQyxPQUFPLEVBQUUsa0NBQWtDLENBQUMsQ0FBQztRQUVqRSxNQUFNLGNBQWMsR0FBRyxNQUFNLElBQUksQ0FBQywwQkFBMEIsQ0FBQyx5QkFBeUIsQ0FDcEYsSUFBSSxDQUFDLE9BQU8sQ0FDYixDQUFDO1FBRUYsT0FBTyxJQUFBLDJDQUE4QixFQUFDLGNBQWMsQ0FBQyxDQUFDO0lBQ3hELENBQUM7SUFFTSxLQUFLLENBQUMsd0JBQXdCLENBQ25DLE1BQWMsRUFDZCxVQUFrQjtRQUVsQixNQUFNLFdBQVcsR0FBRyxNQUFNLElBQUksQ0FBQyxjQUFjLEVBQUUsQ0FBQztRQUVoRCxNQUFNLGVBQWUsR0FBRyxXQUFXLENBQUMsYUFBYSxDQUFDLEdBQUcsQ0FBQyxVQUFVLENBQUMsRUFBRSxnQkFBZ0IsQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLENBQUM7UUFFaEcsT0FBTyxlQUFlLENBQUM7SUFDekIsQ0FBQztJQUVNLEtBQUssQ0FBQyw0QkFBNEIsQ0FDdkMsVUFBa0I7UUFFbEIsTUFBTSxXQUFXLEdBQUcsTUFBTSxJQUFJLENBQUMsY0FBYyxFQUFFLENBQUM7UUFFaEQsT0FBTyxXQUFXLENBQUMsYUFBYSxDQUFDLEdBQUcsQ0FBQyxVQUFVLENBQUMsRUFBRSxnQkFBZ0IsQ0FBQztJQUNyRSxDQUFDO0lBRU0sS0FBSyxDQUFDLDJDQUEyQyxDQUN0RCxVQUFrQjtRQUVsQixNQUFNLFdBQVcsR0FBRyxNQUFNLElBQUksQ0FBQyxjQUFjLEVBQUUsQ0FBQztRQUVoRCxNQUFNLGtCQUFrQixHQUFHLFdBQVcsQ0FBQyxhQUFhLENBQUMsR0FBRyxDQUFDLFVBQVUsQ0FBQyxDQUFDO1FBRXJFLElBQUksQ0FBQyxrQkFBa0IsRUFBRTtZQUN2QixPQUFPLEVBQUUsQ0FBQztTQUNYO1FBRUQsc0RBQXNEO1FBQ3RELE9BQU8sS0FBSyxDQUFDLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxZQUFZLENBQUMsQ0FBQyxNQUFNLENBQ3ZELE1BQU0sQ0FBQyxFQUFFLENBQUMsQ0FBQyxrQkFBa0IsQ0FBQyxnQkFBZ0IsRUFBRSxHQUFHLENBQUMsTUFBTSxDQUFDLENBQzVELENBQUM7SUFDSixDQUFDO0lBRU0sZUFBZTtRQUNwQixJQUFJLENBQUMsT0FBTyxDQUFDLE1BQU0sQ0FBQyxPQUFPLEVBQUUsd0NBQXdDLENBQUMsQ0FBQztRQUV2RSxJQUFJLENBQUMsZ0JBQWdCLENBQUMsS0FBSyxFQUFFLENBQUM7SUFDaEMsQ0FBQztDQUNGO0FBbklELDBDQW1JQyJ9