@speckle/shared
Version:
Shared code between various Speckle JS packages
89 lines • 4.06 kB
JavaScript
import { err, ok } from 'true-myth/result';
import { ProjectNotEnoughPermissionsError, SavedViewGroupNotFoundError, SavedViewNoAccessError, SavedViewNotFoundError, UngroupedSavedViewGroupLockError } from '../domain/authErrors.js';
import { SavedViewVisibility } from '../domain/savedViews/types.js';
import { ensureCanUseProjectWorkspacePlanFeatureFragment, ensureImplicitProjectMemberWithWriteAccessFragment } from './projects.js';
import { Roles } from '../../core/constants.js';
import { WorkspacePlanFeatures } from '../../workspaces/index.js';
import { isUngroupedGroup } from '../../saved-views/index.js';
/**
* Ensure the user can access the view
*/
export const ensureCanAccessSavedViewFragment = (loaders) => async ({ userId, projectId, savedViewId, access }) => {
const canUseSavedViews = await ensureCanUseProjectWorkspacePlanFeatureFragment(loaders)({
projectId,
feature: WorkspacePlanFeatures.SavedViews
});
if (canUseSavedViews.isErr)
return err(canUseSavedViews.error);
const savedView = await loaders.getSavedView({ projectId, savedViewId });
if (!savedView)
return err(new SavedViewNotFoundError());
const isPublic = savedView.visibility === SavedViewVisibility.public;
if (isPublic && access === 'read') {
return ok();
}
const isAuthor = savedView.authorId === userId;
if (isAuthor) {
if (access === 'write') {
// Check for write access to project first
const ensuredWriteAccess = await ensureImplicitProjectMemberWithWriteAccessFragment(loaders)({
userId,
projectId
});
if (ensuredWriteAccess.isErr) {
if (ensuredWriteAccess.error.code === ProjectNotEnoughPermissionsError.code)
return err(new ProjectNotEnoughPermissionsError({
message: "Your role on this project doesn't give you permission to update saved views."
}));
return err(ensuredWriteAccess.error);
}
}
return ok();
}
return err(new SavedViewNoAccessError({
message: access === 'write'
? 'You do not have write access for this saved view'
: 'You do not have read access for this saved view'
}));
};
/**
* Ensure the user can access the view group
*/
export const ensureCanAccessSavedViewGroupFragment = (loaders) => async ({ userId, projectId, savedViewGroupId, access }) => {
const canUseSavedViews = await ensureCanUseProjectWorkspacePlanFeatureFragment(loaders)({
projectId,
feature: WorkspacePlanFeatures.SavedViews
});
if (canUseSavedViews.isErr)
return err(canUseSavedViews.error);
const savedViewGroup = await loaders.getSavedViewGroup({
projectId,
groupId: savedViewGroupId
});
if (!savedViewGroup)
return err(new SavedViewGroupNotFoundError());
if (access === 'read') {
return ok(); // read access available to everyone who has access to project
}
// Prevent default group updates (as it doesnt exist)
if (isUngroupedGroup(savedViewGroup.id)) {
return err(new UngroupedSavedViewGroupLockError());
}
// groups have no visibility (yet), so authors AND project owners can mutate
const isAuthor = savedViewGroup.authorId === userId;
const expectedProjectRole = isAuthor ? Roles.Stream.Contributor : Roles.Stream.Owner;
const ensuredWriteAccess = await ensureImplicitProjectMemberWithWriteAccessFragment(loaders)({
userId,
projectId,
role: expectedProjectRole
});
if (ensuredWriteAccess.isErr) {
if (ensuredWriteAccess.error.code === ProjectNotEnoughPermissionsError.code)
return err(new ProjectNotEnoughPermissionsError({
message: "Your role on this project doesn't give you permission to update saved view groups."
}));
return err(ensuredWriteAccess.error);
}
return ok();
};
//# sourceMappingURL=savedViews.js.map