UNPKG

@speckle/shared

Version:

Shared code between various Speckle JS packages

94 lines 4.64 kB
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.ensureCanAccessSavedViewGroupFragment = exports.ensureCanAccessSavedViewFragment = void 0; const result_1 = require("true-myth/result"); const authErrors_js_1 = require("../domain/authErrors.js"); const types_js_1 = require("../domain/savedViews/types.js"); const projects_js_1 = require("./projects.js"); const constants_js_1 = require("../../core/constants.js"); const index_js_1 = require("../../workspaces/index.js"); const index_js_2 = require("../../saved-views/index.js"); /** * Ensure the user can access the view */ const ensureCanAccessSavedViewFragment = (loaders) => async ({ userId, projectId, savedViewId, access }) => { const canUseSavedViews = await (0, projects_js_1.ensureCanUseProjectWorkspacePlanFeatureFragment)(loaders)({ projectId, feature: index_js_1.WorkspacePlanFeatures.SavedViews }); if (canUseSavedViews.isErr) return (0, result_1.err)(canUseSavedViews.error); const savedView = await loaders.getSavedView({ projectId, savedViewId }); if (!savedView) return (0, result_1.err)(new authErrors_js_1.SavedViewNotFoundError()); const isPublic = savedView.visibility === types_js_1.SavedViewVisibility.public; if (isPublic && access === 'read') { return (0, result_1.ok)(); } const isAuthor = savedView.authorId === userId; if (isAuthor) { if (access === 'write') { // Check for write access to project first const ensuredWriteAccess = await (0, projects_js_1.ensureImplicitProjectMemberWithWriteAccessFragment)(loaders)({ userId, projectId }); if (ensuredWriteAccess.isErr) { if (ensuredWriteAccess.error.code === authErrors_js_1.ProjectNotEnoughPermissionsError.code) return (0, result_1.err)(new authErrors_js_1.ProjectNotEnoughPermissionsError({ message: "Your role on this project doesn't give you permission to update saved views." })); return (0, result_1.err)(ensuredWriteAccess.error); } } return (0, result_1.ok)(); } return (0, result_1.err)(new authErrors_js_1.SavedViewNoAccessError({ message: access === 'write' ? 'You do not have write access for this saved view' : 'You do not have read access for this saved view' })); }; exports.ensureCanAccessSavedViewFragment = ensureCanAccessSavedViewFragment; /** * Ensure the user can access the view group */ const ensureCanAccessSavedViewGroupFragment = (loaders) => async ({ userId, projectId, savedViewGroupId, access }) => { const canUseSavedViews = await (0, projects_js_1.ensureCanUseProjectWorkspacePlanFeatureFragment)(loaders)({ projectId, feature: index_js_1.WorkspacePlanFeatures.SavedViews }); if (canUseSavedViews.isErr) return (0, result_1.err)(canUseSavedViews.error); const savedViewGroup = await loaders.getSavedViewGroup({ projectId, groupId: savedViewGroupId }); if (!savedViewGroup) return (0, result_1.err)(new authErrors_js_1.SavedViewGroupNotFoundError()); if (access === 'read') { return (0, result_1.ok)(); // read access available to everyone who has access to project } // Prevent default group updates (as it doesnt exist) if ((0, index_js_2.isUngroupedGroup)(savedViewGroup.id)) { return (0, result_1.err)(new authErrors_js_1.UngroupedSavedViewGroupLockError()); } // groups have no visibility (yet), so authors AND project owners can mutate const isAuthor = savedViewGroup.authorId === userId; const expectedProjectRole = isAuthor ? constants_js_1.Roles.Stream.Contributor : constants_js_1.Roles.Stream.Owner; const ensuredWriteAccess = await (0, projects_js_1.ensureImplicitProjectMemberWithWriteAccessFragment)(loaders)({ userId, projectId, role: expectedProjectRole }); if (ensuredWriteAccess.isErr) { if (ensuredWriteAccess.error.code === authErrors_js_1.ProjectNotEnoughPermissionsError.code) return (0, result_1.err)(new authErrors_js_1.ProjectNotEnoughPermissionsError({ message: "Your role on this project doesn't give you permission to update saved view groups." })); return (0, result_1.err)(ensuredWriteAccess.error); } return (0, result_1.ok)(); }; exports.ensureCanAccessSavedViewGroupFragment = ensureCanAccessSavedViewGroupFragment; //# sourceMappingURL=savedViews.js.map