@speckle/shared
Version:
Shared code between various Speckle JS packages
94 lines • 4.64 kB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.ensureCanAccessSavedViewGroupFragment = exports.ensureCanAccessSavedViewFragment = void 0;
const result_1 = require("true-myth/result");
const authErrors_js_1 = require("../domain/authErrors.js");
const types_js_1 = require("../domain/savedViews/types.js");
const projects_js_1 = require("./projects.js");
const constants_js_1 = require("../../core/constants.js");
const index_js_1 = require("../../workspaces/index.js");
const index_js_2 = require("../../saved-views/index.js");
/**
* Ensure the user can access the view
*/
const ensureCanAccessSavedViewFragment = (loaders) => async ({ userId, projectId, savedViewId, access }) => {
const canUseSavedViews = await (0, projects_js_1.ensureCanUseProjectWorkspacePlanFeatureFragment)(loaders)({
projectId,
feature: index_js_1.WorkspacePlanFeatures.SavedViews
});
if (canUseSavedViews.isErr)
return (0, result_1.err)(canUseSavedViews.error);
const savedView = await loaders.getSavedView({ projectId, savedViewId });
if (!savedView)
return (0, result_1.err)(new authErrors_js_1.SavedViewNotFoundError());
const isPublic = savedView.visibility === types_js_1.SavedViewVisibility.public;
if (isPublic && access === 'read') {
return (0, result_1.ok)();
}
const isAuthor = savedView.authorId === userId;
if (isAuthor) {
if (access === 'write') {
// Check for write access to project first
const ensuredWriteAccess = await (0, projects_js_1.ensureImplicitProjectMemberWithWriteAccessFragment)(loaders)({
userId,
projectId
});
if (ensuredWriteAccess.isErr) {
if (ensuredWriteAccess.error.code === authErrors_js_1.ProjectNotEnoughPermissionsError.code)
return (0, result_1.err)(new authErrors_js_1.ProjectNotEnoughPermissionsError({
message: "Your role on this project doesn't give you permission to update saved views."
}));
return (0, result_1.err)(ensuredWriteAccess.error);
}
}
return (0, result_1.ok)();
}
return (0, result_1.err)(new authErrors_js_1.SavedViewNoAccessError({
message: access === 'write'
? 'You do not have write access for this saved view'
: 'You do not have read access for this saved view'
}));
};
exports.ensureCanAccessSavedViewFragment = ensureCanAccessSavedViewFragment;
/**
* Ensure the user can access the view group
*/
const ensureCanAccessSavedViewGroupFragment = (loaders) => async ({ userId, projectId, savedViewGroupId, access }) => {
const canUseSavedViews = await (0, projects_js_1.ensureCanUseProjectWorkspacePlanFeatureFragment)(loaders)({
projectId,
feature: index_js_1.WorkspacePlanFeatures.SavedViews
});
if (canUseSavedViews.isErr)
return (0, result_1.err)(canUseSavedViews.error);
const savedViewGroup = await loaders.getSavedViewGroup({
projectId,
groupId: savedViewGroupId
});
if (!savedViewGroup)
return (0, result_1.err)(new authErrors_js_1.SavedViewGroupNotFoundError());
if (access === 'read') {
return (0, result_1.ok)(); // read access available to everyone who has access to project
}
// Prevent default group updates (as it doesnt exist)
if ((0, index_js_2.isUngroupedGroup)(savedViewGroup.id)) {
return (0, result_1.err)(new authErrors_js_1.UngroupedSavedViewGroupLockError());
}
// groups have no visibility (yet), so authors AND project owners can mutate
const isAuthor = savedViewGroup.authorId === userId;
const expectedProjectRole = isAuthor ? constants_js_1.Roles.Stream.Contributor : constants_js_1.Roles.Stream.Owner;
const ensuredWriteAccess = await (0, projects_js_1.ensureImplicitProjectMemberWithWriteAccessFragment)(loaders)({
userId,
projectId,
role: expectedProjectRole
});
if (ensuredWriteAccess.isErr) {
if (ensuredWriteAccess.error.code === authErrors_js_1.ProjectNotEnoughPermissionsError.code)
return (0, result_1.err)(new authErrors_js_1.ProjectNotEnoughPermissionsError({
message: "Your role on this project doesn't give you permission to update saved view groups."
}));
return (0, result_1.err)(ensuredWriteAccess.error);
}
return (0, result_1.ok)();
};
exports.ensureCanAccessSavedViewGroupFragment = ensureCanAccessSavedViewGroupFragment;
//# sourceMappingURL=savedViews.js.map