UNPKG

@speckle/shared

Version:

Shared code between various Speckle JS packages

89 lines 4.06 kB
import { err, ok } from 'true-myth/result'; import { ProjectNotEnoughPermissionsError, SavedViewGroupNotFoundError, SavedViewNoAccessError, SavedViewNotFoundError, UngroupedSavedViewGroupLockError } from '../domain/authErrors.js'; import { SavedViewVisibility } from '../domain/savedViews/types.js'; import { ensureCanUseProjectWorkspacePlanFeatureFragment, ensureImplicitProjectMemberWithWriteAccessFragment } from './projects.js'; import { Roles } from '../../core/constants.js'; import { WorkspacePlanFeatures } from '../../workspaces/index.js'; import { isUngroupedGroup } from '../../saved-views/index.js'; /** * Ensure the user can access the view */ export const ensureCanAccessSavedViewFragment = (loaders) => async ({ userId, projectId, savedViewId, access }) => { const canUseSavedViews = await ensureCanUseProjectWorkspacePlanFeatureFragment(loaders)({ projectId, feature: WorkspacePlanFeatures.SavedViews }); if (canUseSavedViews.isErr) return err(canUseSavedViews.error); const savedView = await loaders.getSavedView({ projectId, savedViewId }); if (!savedView) return err(new SavedViewNotFoundError()); const isPublic = savedView.visibility === SavedViewVisibility.public; if (isPublic && access === 'read') { return ok(); } const isAuthor = savedView.authorId === userId; if (isAuthor) { if (access === 'write') { // Check for write access to project first const ensuredWriteAccess = await ensureImplicitProjectMemberWithWriteAccessFragment(loaders)({ userId, projectId }); if (ensuredWriteAccess.isErr) { if (ensuredWriteAccess.error.code === ProjectNotEnoughPermissionsError.code) return err(new ProjectNotEnoughPermissionsError({ message: "Your role on this project doesn't give you permission to update saved views." })); return err(ensuredWriteAccess.error); } } return ok(); } return err(new SavedViewNoAccessError({ message: access === 'write' ? 'You do not have write access for this saved view' : 'You do not have read access for this saved view' })); }; /** * Ensure the user can access the view group */ export const ensureCanAccessSavedViewGroupFragment = (loaders) => async ({ userId, projectId, savedViewGroupId, access }) => { const canUseSavedViews = await ensureCanUseProjectWorkspacePlanFeatureFragment(loaders)({ projectId, feature: WorkspacePlanFeatures.SavedViews }); if (canUseSavedViews.isErr) return err(canUseSavedViews.error); const savedViewGroup = await loaders.getSavedViewGroup({ projectId, groupId: savedViewGroupId }); if (!savedViewGroup) return err(new SavedViewGroupNotFoundError()); if (access === 'read') { return ok(); // read access available to everyone who has access to project } // Prevent default group updates (as it doesnt exist) if (isUngroupedGroup(savedViewGroup.id)) { return err(new UngroupedSavedViewGroupLockError()); } // groups have no visibility (yet), so authors AND project owners can mutate const isAuthor = savedViewGroup.authorId === userId; const expectedProjectRole = isAuthor ? Roles.Stream.Contributor : Roles.Stream.Owner; const ensuredWriteAccess = await ensureImplicitProjectMemberWithWriteAccessFragment(loaders)({ userId, projectId, role: expectedProjectRole }); if (ensuredWriteAccess.isErr) { if (ensuredWriteAccess.error.code === ProjectNotEnoughPermissionsError.code) return err(new ProjectNotEnoughPermissionsError({ message: "Your role on this project doesn't give you permission to update saved view groups." })); return err(ensuredWriteAccess.error); } return ok(); }; //# sourceMappingURL=savedViews.js.map