@speckle/shared/dist/commonjs/authz/policies/dashboard/canCreateToken.js

Shared code between various Speckle JS packages

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.canCreateDashboardTokenPolicy = void 0;
const result_1 = require("true-myth/result");
const authErrors_js_1 = require("../../domain/authErrors.js");
const dashboards_js_1 = require("../../fragments/dashboards.js");
const workspaceRole_js_1 = require("../../checks/workspaceRole.js");
const constants_js_1 = require("../../../core/constants.js");
const workspaceSeat_js_1 = require("../../checks/workspaceSeat.js");
const canCreateDashboardTokenPolicy = (loaders) => async ({ userId, dashboardId }) => {
    const isDashboardsEnabled = await (0, dashboards_js_1.ensureDashboardsEnabledFragment)(loaders)({});
    if (isDashboardsEnabled.isErr)
        return (0, result_1.err)(isDashboardsEnabled.error);
    const dashboard = await loaders.getDashboard({ dashboardId });
    if (!dashboard)
        return (0, result_1.err)(new authErrors_js_1.DashboardNotFoundError());
    const { workspaceId } = dashboard;
    const ensuredFeatureAccess = await (0, dashboards_js_1.ensureWorkspaceDashboardsFeatureAccessFragment)(loaders)({ workspaceId });
    if (ensuredFeatureAccess.isErr)
        return (0, result_1.err)(ensuredFeatureAccess.error);
    const isWorkspaceMember = await (0, workspaceRole_js_1.hasMinimumWorkspaceRole)(loaders)({
        userId: userId,
        workspaceId,
        role: constants_js_1.Roles.Workspace.Member
    });
    if (!isWorkspaceMember)
        return (0, result_1.err)(new authErrors_js_1.WorkspaceNotEnoughPermissionsError());
    const isWorkspaceEditorSeat = await (0, workspaceSeat_js_1.hasEditorSeat)(loaders)({
        userId: userId,
        workspaceId
    });
    if (!isWorkspaceEditorSeat)
        return (0, result_1.err)(new authErrors_js_1.WorkspaceNoEditorSeatError());
    if (!dashboard.projectIds.length)
        return (0, result_1.err)(new authErrors_js_1.DashboardNoProjectsError());
    const ensuredProjectAccess = await (0, dashboards_js_1.ensureDashboardProjectsReadAccess)(loaders)({
        userId: userId,
        dashboardId
    });
    if (ensuredProjectAccess.isErr)
        return (0, result_1.err)(ensuredProjectAccess.error);
    return (0, result_1.ok)();
};
exports.canCreateDashboardTokenPolicy = canCreateDashboardTokenPolicy;
//# sourceMappingURL=canCreateToken.js.map