UNPKG

@openinc/parse-server-opendash

Version:

Parse Server Cloud Code for open.INC Stack.

github.com/open-inc/node-parse-server-opendash

open-inc/node-parse-server-opendash

92 lines (91 loc) 4.12 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.init = init; const __1 = require(".."); const types_1 = require("../types"); async function init() { (0, __1.beforeSaveHook)(types_1.Source, async (request) => { const { object, original, user } = request; await (0, __1.defaultHandler)(request); // ACL start let acl = object.getACL(); if (!acl) { acl = new Parse.ACL(); } if (object.get("tag") && object.get("tag") !== original?.get("tag")) { // Handle group: regex tags, which require special permission if (object.get("tag")?.startsWith("group:")) { await (0, __1.requirePermission)(request, "opendash:source:write-tag-group", "User is not allowed to write sources with a tag starting with 'group:'"); } // Handle tenant prefix, which requires special permission const tenant = await object.get("tenant")?.fetch({ useMasterKey: true }); if (tenant && tenant.get("tagPrefix")) { if (!object.get("tag")?.startsWith(tenant.get("tagPrefix"))) { await (0, __1.requirePermission)(request, "opendash:source:write-tag-ignore-tenant-prefix", "User is not allowed to use tag which ignores tenant prefix"); } } // Handle duplicates, which require special permission const duplicates = await new Parse.Query(types_1.Source) .notEqualTo("id", object.id) .equalTo("tag", object.get("tag")) .find({ useMasterKey: true }); if (duplicates.length > 0) { await (0, __1.requirePermission)(request, "opendash:source:write-tag-duplicate", "User is not allowed to write sources with a duplicate tag"); } } acl.setRoleReadAccess("od-admin", true); acl.setRoleWriteAccess("od-admin", true); const tenant = object.get("tenant"); if (tenant?.id) { acl.setRoleReadAccess(`od-tenant-admin-${tenant?.id}`, true); acl.setRoleWriteAccess(`od-tenant-admin-${tenant?.id}`, true); } object.setACL(acl); // ACL end }); (0, __1.afterSaveHook)(types_1.Source, async ({ object, original, user }) => { try { const permissions = await new Parse.Query("AccessPermissions") .equalTo("source", object) .find({ useMasterKey: true }); if (object.get("tag") && permissions.length === 0) { permissions.push(new Parse.Object("AccessPermissions", { source: object, read: ".*", write: ".*", delete: ".*", ownerGroup: false, })); } if (object.get("tag")) { for (const permission of permissions) { permission.set("owner", object.get("tag")); permission.setACL(object.getACL()); await permission.save(null, { useMasterKey: true, cascadeSave: false, }); } } else { await Parse.Object.destroyAll(permissions, { useMasterKey: true }); } } catch (error) { console.log("[@openinc/parse-server-opendash][Source] open.WARE AccessPermissions were not saved."); console.log(error); } }); (0, __1.beforeDeleteHook)(types_1.Source, async ({ object, original, user }) => { try { const permissions = await new Parse.Query("AccessPermissions") .equalTo("source", object) .find({ useMasterKey: true }); await Parse.Object.destroyAll(permissions, { useMasterKey: true }); } catch (error) { console.log("[@openinc/parse-server-opendash][Source] open.WARE AccessPermissions were not saved."); console.log(error); } }); }