@openinc/parse-server-opendash/dist/features/permissions/services/registerPermissions.js

Parse Server Cloud Code for open.INC Stack.

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.getAllPermissions = getAllPermissions;
exports.default = initPermissions;
const __1 = require("..");
const catchError_1 = require("../../../helper/catchError");
const types_1 = require("../../../types");
const config_1 = require("../../config");
/**
 * Returns all permissions defined in types/Permissions.ts as an array of Permission objects.
 * @returns all permissions
 */
function getAllPermissions() {
    const permissions = []; // stores all permissions
    for (const key in __1.Permissions) {
        // check if the feature is enabled, if not, skip it
        if (!(0, config_1.isFeatureEnabled)(key.toUpperCase())) {
            continue;
        }
        // iterate over the objects / enums of the Permissions namespace
        if (Object.prototype.hasOwnProperty.call(__1.Permissions, key)) {
            const element = __1.Permissions[key]; // get the object / enum
            console.log("[@openinc/parse-server-opendash] Registering permissions for feature: " +
                key);
            const createdPermissions = createPermission(element); // create Permission objects recursively
            permissions.push(...createdPermissions);
        }
    }
    return permissions;
}
/**
 * Recursively creates Permission objects from the input object.
 * @param input a string from an enum or an enum itself
 * @returns an array of Permission objects
 */
function createPermission(input) {
    const permissions = []; // all permission objects created from the input
    if (typeof input === "string") {
        // if the input is a string, create a Permission object from it
        permissions.push(new __1.RegisteredPermission(input, input + ".label", input + ".description"));
    }
    else {
        // if the input is an object, iterate over its keys and create Permission objects from the values
        for (const key in input) {
            if (Object.prototype.hasOwnProperty.call(input, key)) {
                const element = input[key];
                permissions.push(...createPermission(element));
            }
        }
    }
    return permissions;
}
/**
 * Register all permissions in the database, if not already registered.
 * This function checks if a permission with the same key already exists in the database.
 * If it does, it skips the registration process for that permission.
 * If it doesn't, it creates a new Permission object and saves it to the database.
 * @param tenant the tenant to register the permissions for
 * @returns {Promise<void>}
 */
async function registerPermissions(tenant) {
    console.log("[@openinc/parse-server-opendash] Register all permissions");
    const allPermissions = getAllPermissions().map(async (permission) => {
        const [resultError, result] = await (0, catchError_1.catchError)(new Parse.Query(types_1.Permission)
            .equalTo("key", permission.key)
            .equalTo("tenant", tenant)
            .first({ useMasterKey: true }));
        if (resultError) {
            console.error("[@openinc/parse-server-opendash] Error while checking permission", permission.key, resultError);
            return;
        }
        if (!result) {
            console.log("[@openinc/parse-server-opendash] Create permission", permission.key);
            const newPermission = new types_1.Permission();
            newPermission.set("key", permission.key);
            newPermission.set("label", permission.label);
            newPermission.set("tenant", tenant);
            newPermission.set("description", permission.description);
            await newPermission.save({}, { useMasterKey: true });
        }
    });
    await Promise.all(allPermissions);
    console.log("[@openinc/parse-server-opendash] All permissions registered successfully");
}
/**
 * Set read access for all admin roles to admin overview permission
 * @param tenant the tenant to set the permissions for
 * @returns {Promise<void>}
 */
async function ensureDefaultAdminAccess(tenant) {
    console.log("[@openinc/parse-server-opendash] Ensure default admin access permissions");
    const [resultError, result] = await (0, catchError_1.catchError)(new Parse.Query(types_1.Permission)
        .equalTo("key", __1.Permissions.CORE.adminoverview)
        .equalTo("tenant", tenant)
        .first({ useMasterKey: true }));
    if (resultError) {
        console.error("[@openinc/parse-server-opendash] Error while checking permission", __1.Permissions.CORE.adminoverview, resultError);
        return;
    }
    if (result) {
        const acl = result.getACL() || new Parse.ACL();
        acl.setRoleReadAccess(`od-tenant-admin-${tenant.id}`, true);
        acl.setRoleReadAccess(`od-tenant-admin`, true);
        acl.setRoleReadAccess(`od-admin`, true);
        acl.setRoleWriteAccess(`od-admin`, true);
        result.setACL(acl);
        await result.save(null, { useMasterKey: true });
    }
    else {
        console.log("[@openinc/parse-server-opendash] Permission not found", __1.Permissions.CORE.adminoverview);
    }
}
/**
 * Entry point for the permission registration process.
 * It retrieves all tenants and registers the permissions for each tenant.
 * It also ensures that the default admin access permissions are set for each tenant.
 * @returns {Promise<void>}
 */
async function initPermissions() {
    const tenants = await new Parse.Query(types_1.Tenant)
        .descending("createdAt")
        .find({ useMasterKey: true });
    if (tenants) {
        for await (const tenant of tenants) {
            await registerPermissions(tenant);
            await ensureDefaultAdminAccess(tenant);
        }
    }
}