UNPKG

@speckle/shared

Version:

Shared code between various Speckle JS packages

speckle.systems

specklesystems/speckle-server

91 lines (82 loc) 3 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
import { err, ok } from 'true-myth/result' import { DashboardNotFoundError, DashboardProjectsNotEnoughPermissionsError, DashboardsNotEnabledError, WorkspacePlanNoFeatureAccessError } from '../domain/authErrors.js' import { Loaders } from '../domain/loaders.js' import { AuthPolicyEnsureFragment } from '../domain/policies.js' import { DashboardContext, UserContext, WorkspaceContext } from '../domain/context.js' import { isWorkspaceFeatureFlagOn, WorkspaceFeatureFlags } from '../../workspaces/index.js' import { ensureMinimumProjectRoleFragment } from './projects.js' export const ensureDashboardsEnabledFragment: AuthPolicyEnsureFragment< typeof Loaders.getEnv, // eslint-disable-next-line @typescript-eslint/no-empty-object-type {}, InstanceType<typeof DashboardsNotEnabledError> > = (loaders) => async () => { const env = await loaders.getEnv() if (!env.FF_DASHBOARDS_MODULE_ENABLED) return err(new DashboardsNotEnabledError()) return ok() } export const ensureWorkspaceDashboardsFeatureAccessFragment: AuthPolicyEnsureFragment< typeof Loaders.getWorkspacePlan, WorkspaceContext, InstanceType<typeof WorkspacePlanNoFeatureAccessError> > = (loaders) => async ({ workspaceId }) => { const plan = await loaders.getWorkspacePlan({ workspaceId }) if (!plan) return err(new WorkspacePlanNoFeatureAccessError()) const isFlagOn = isWorkspaceFeatureFlagOn({ workspaceFeatureFlags: plan.featureFlags, feature: WorkspaceFeatureFlags.dashboards }) if (!isFlagOn) return err(new WorkspacePlanNoFeatureAccessError()) return ok() } export const ensureDashboardProjectsReadAccess: AuthPolicyEnsureFragment< | typeof Loaders.getDashboard | typeof Loaders.getProjectRole | typeof Loaders.getProject | typeof Loaders.getServerRole | typeof Loaders.getEnv | typeof Loaders.getWorkspaceRole | typeof Loaders.getWorkspace | typeof Loaders.getWorkspaceSsoProvider | typeof Loaders.getWorkspaceSsoSession, DashboardContext & UserContext, InstanceType< typeof DashboardNotFoundError | typeof DashboardProjectsNotEnoughPermissionsError > > = (loaders) => async ({ userId, dashboardId }) => { const dashboard = await loaders.getDashboard({ dashboardId }) if (!dashboard) return err(new DashboardNotFoundError()) const allProjectResults: [ string, Awaited<ReturnType<ReturnType<typeof ensureMinimumProjectRoleFragment>>> ][] = await Promise.all( dashboard.projectIds.map(async (projectId) => { return [ projectId, await ensureMinimumProjectRoleFragment(loaders)({ projectId, userId }) ] }) ) const projectAccessErrors = allProjectResults.filter(([, e]) => e.isErr) return projectAccessErrors.length ? err( new DashboardProjectsNotEnoughPermissionsError({ payload: { projectIds: projectAccessErrors.map(([projectId]) => projectId) } }) ) : ok() }