@topgroup/diginext
Version:
A BUILD SERVER & CLI to deploy apps to any Kubernetes clusters.
359 lines (358 loc) • 16.9 kB
JavaScript
;
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.checkPermissionsByFilter = exports.checkPermissions = exports.checkPermissionsById = exports.checkProjectAndAppPermissions = exports.checkAppPermissionsByFilter = exports.checkAppPermissions = exports.checkAppPermissionsById = exports.checkProjectPermissionsByFilter = exports.checkProjectPermissions = exports.checkProjectPermissionsById = exports.filterUsersByWorkspaceRole = exports.filterSensitiveInfo = exports.makeWorkspaceActive = exports.assignRoleByID = exports.assignRoleByUserID = exports.assignRoleByRoleID = exports.assignRole = exports.assignRoleWithoutCheckingPermissions = exports.getActiveWorkspace = exports.getActiveRoleByUserId = exports.getActiveRole = exports.addRoleToUser = exports.addUserToWorkspace = void 0;
const lodash_1 = require("lodash");
const services_1 = require("../services");
const mongodb_1 = require("./mongodb");
const addUserToWorkspace = async (userId, workspace, roleType = "member") => {
const { DB } = await Promise.resolve().then(() => __importStar(require("../modules/api/DB")));
let user = await DB.findOne("user", { id: userId });
if (!user)
throw new Error(`User not found.`);
// find role (default: "member")
let role = await DB.findOne("role", { type: roleType, workspace: workspace._id });
if (!role)
throw new Error(`Role "${roleType}" not found.`);
// assign role
const roles = user.roles || [];
const hasRole = roles.includes(role._id);
if (!hasRole)
roles.push(role._id);
// assign workspace
const workspaces = user.workspaces || [];
const isUserInThisWorkspace = workspaces.includes(workspace._id);
if (!isUserInThisWorkspace)
workspaces.push(workspace._id);
// update user data
user = await DB.updateOne("user", { _id: user._id }, { workspaces, roles, activeRole: role._id });
return user;
};
exports.addUserToWorkspace = addUserToWorkspace;
const addRoleToUser = async (roleType, userId, workspace) => {
const { DB } = await Promise.resolve().then(() => __importStar(require("../modules/api/DB")));
// find user
let user = await DB.findOne("user", { id: userId }, { populate: ["roles"] });
if (!user)
throw new Error(`User not found.`);
// find role
const role = await DB.findOne("role", { type: roleType, workspace: workspace._id });
if (!role)
throw new Error(`Role "${roleType}" not found.`);
// remove old roles
const roles = (user.roles || [])
.filter((_role) => mongodb_1.MongoDB.toString(_role.workspace) !== mongodb_1.MongoDB.toString(workspace._id))
.map((_role) => _role._id);
// push new role
roles.push(role._id);
// update database
user = await DB.updateOne("user", { _id: user._id }, { roles });
return { user, role };
};
exports.addRoleToUser = addRoleToUser;
const getActiveRole = async (user, workspace, options) => {
const { DB } = await Promise.resolve().then(() => __importStar(require("../modules/api/DB")));
const userId = mongodb_1.MongoDB.toString(user._id);
const wsId = mongodb_1.MongoDB.toString(workspace._id);
let activeRole;
if (!user.roles)
user.roles = [];
// check if "roles" has not been populated:
let roles = [];
user.roles.map((r) => {
if (r._id)
roles.push(r);
});
// populate user's roles if needed
if (roles.length === 0) {
user = await DB.findOne("user", { _id: userId }, { populate: ["roles"] });
user.roles.map((r) => {
if (r._id)
roles.push(r);
});
}
// check again if this user have no roles -> assign member role
if (roles.length === 0) {
const addRoleRes = await (0, exports.addRoleToUser)("member", userId, workspace);
roles.push(addRoleRes.role);
}
// get active role
activeRole = roles.find((_role) => _role.workspace === wsId);
// if this user doesn't have any role in this workspace
if (!activeRole) {
if (!(options === null || options === void 0 ? void 0 : options.assignMember))
throw new Error(`Permissions denied.`);
// assign "member" role if needed:
const memberRole = await DB.findOne("role", { type: "member", workspace: wsId });
roles.push(memberRole);
activeRole = memberRole;
user = await DB.updateOne("user", { _id: user._id }, {
roles: roles.map((role) => role._id),
activeRole: activeRole._id,
});
}
// update database
if (!user.activeRole && (options === null || options === void 0 ? void 0 : options.makeActive))
user = await DB.updateOne("user", { _id: user._id }, { activeRole: activeRole._id });
return activeRole;
};
exports.getActiveRole = getActiveRole;
const getActiveRoleByUserId = async (userId, workspace) => {
const { DB } = await Promise.resolve().then(() => __importStar(require("../modules/api/DB")));
// find user
let user = await DB.findOne("user", { id: userId }, { populate: ["roles"] });
if (!user)
throw new Error(`User not found.`);
return (0, exports.getActiveRole)(user, workspace);
};
exports.getActiveRoleByUserId = getActiveRoleByUserId;
async function getActiveWorkspace(user) {
const { DB } = await Promise.resolve().then(() => __importStar(require("../modules/api/DB")));
let workspace = user.activeWorkspace._id ? user.activeWorkspace : undefined;
if (!workspace && mongodb_1.MongoDB.isValidObjectId(user.activeWorkspace)) {
workspace = await DB.findOne("workspace", { _id: user.activeWorkspace });
}
return workspace;
}
exports.getActiveWorkspace = getActiveWorkspace;
async function assignRoleWithoutCheckingPermissions(roleId, toUser, ownership) {
const roleSvc = new services_1.RoleService();
const toBeUpdatedRole = await roleSvc.findOne({ _id: roleId });
const roleWorkspaceId = mongodb_1.MongoDB.toString(toBeUpdatedRole.workspace);
// filter: same role & same workspace roles
const roles = toUser.roles
.map((role) => role)
.filter((role) => mongodb_1.MongoDB.toString(role.workspace) !== roleWorkspaceId)
.filter((role) => mongodb_1.MongoDB.toString(role._id) !== mongodb_1.MongoDB.toString(roleId))
.map((role) => role._id);
// push new role id
roles.push(mongodb_1.MongoDB.toObjectId(roleId));
// update user
const userSvc = new services_1.UserService(ownership);
return userSvc.updateOne({ _id: toUser._id }, { roles });
}
exports.assignRoleWithoutCheckingPermissions = assignRoleWithoutCheckingPermissions;
async function assignRole(role, user, options) {
const userSvc = new services_1.UserService();
// validate
if (!user.activeRole || !user.activeWorkspace)
throw new Error(`Permissions denied.`);
const activeWorkspace = await getActiveWorkspace(user);
if (!activeWorkspace)
throw new Error(`Permissions denied.`);
const activeRole = await (0, exports.getActiveRole)(user, activeWorkspace);
// current role "member" -> cannot assign any roles to others
if (!activeRole || activeRole.type === "member")
throw new Error(`Permissions denied.`);
// current role "moderator" -> cannot assign "admin" role to others
if (!activeRole || (activeRole.type === "moderator" && role.type === "admin"))
throw new Error(`Permissions denied.`);
// remove old roles
const roles = (user.roles || [])
.filter((_role) => mongodb_1.MongoDB.toString(_role.workspace) !== mongodb_1.MongoDB.toString(activeWorkspace._id))
.map((_role) => _role._id);
// push a new role
roles.push(role._id);
console.log("assignRole > new roles :>> ", roles);
// update database
const updateData = { roles };
if (options === null || options === void 0 ? void 0 : options.makeActive)
updateData.activeRole = role;
user = await userSvc.updateOne({ _id: user._id }, { roles });
// return
return { user, role };
}
exports.assignRole = assignRole;
async function assignRoleByRoleID(roleId, user, options) {
const roleSvc = new services_1.RoleService();
const role = await roleSvc.findOne({ _id: roleId });
if (!role)
throw new Error(`Role not found.`);
return assignRole(role, user, options);
}
exports.assignRoleByRoleID = assignRoleByRoleID;
async function assignRoleByUserID(role, userId, options) {
const user = await this.findOne({ _id: userId });
if (!user)
throw new Error(`User not found.`);
return assignRole(role, user, options);
}
exports.assignRoleByUserID = assignRoleByUserID;
async function assignRoleByID(roleId, userId, options) {
const roleSvc = new services_1.RoleService();
const role = await roleSvc.findOne({ _id: roleId });
if (!role)
throw new Error(`Role not found.`);
const user = await this.findOne({ _id: userId });
if (!user)
throw new Error(`User not found.`);
return assignRole(role, user, options);
}
exports.assignRoleByID = assignRoleByID;
const makeWorkspaceActive = async (userId, workspaceId) => {
const { DB } = await Promise.resolve().then(() => __importStar(require("../modules/api/DB")));
const user = await DB.updateOne("user", { _id: userId }, { activeWorkspace: workspaceId });
return user;
};
exports.makeWorkspaceActive = makeWorkspaceActive;
function filterSensitiveInfo(list = []) {
return list.map((item) => {
if (item.token)
delete item.token;
if (item.providers && item.providers.length > 0)
item.providers.map((provider) => {
delete provider.access_token;
delete provider.user_id;
return provider;
});
return item;
});
}
exports.filterSensitiveInfo = filterSensitiveInfo;
async function filterUsersByWorkspaceRole(workspaceId, list = []) {
const wsId = workspaceId;
const roleSvc = new services_1.RoleService();
const wsRoles = await roleSvc.find({ workspace: workspaceId });
// console.log("wsRoles :>> ", wsRoles);
// console.log("list :>> ", list);
return list
.map((user) => {
if (user && user.roles && user.roles.length > 0) {
user.roles = user.roles.filter((role) => {
if (mongodb_1.MongoDB.isValidObjectId(role)) {
return wsRoles.map((r) => mongodb_1.MongoDB.toString(r._id)).includes(mongodb_1.MongoDB.toString(role));
}
else if (role._id) {
return wsRoles.map((r) => mongodb_1.MongoDB.toString(r._id)).includes(mongodb_1.MongoDB.toString(role._id));
}
else {
return false;
}
});
}
if (user && user.workspaces && user.workspaces.length > 0) {
user.workspaces = user.workspaces.filter((ws) => {
if (mongodb_1.MongoDB.isValidObjectId(ws)) {
return wsId === mongodb_1.MongoDB.toString(ws);
}
else if (ws._id) {
return wsId === mongodb_1.MongoDB.toString(ws._id);
}
else {
return false;
}
});
}
// console.log("user.workspaces :>> ", user?.workspaces);
// console.log("user.roles :>> ", user?.roles);
return user;
})
.filter((user) => typeof user !== "undefined" && user !== null);
}
exports.filterUsersByWorkspaceRole = filterUsersByWorkspaceRole;
function checkProjectPermissionsById(projectId, user) {
var _a, _b, _c, _d;
if (!mongodb_1.MongoDB.isValidObjectId(projectId))
throw new Error(`Project ID is invalid: "${projectId}"`);
if (user && ((_b = (_a = user.allowAccess) === null || _a === void 0 ? void 0 : _a.projects) === null || _b === void 0 ? void 0 : _b.length) > 0) {
if (!((_d = (_c = user.allowAccess) === null || _c === void 0 ? void 0 : _c.projects) === null || _d === void 0 ? void 0 : _d.map((p) => mongodb_1.MongoDB.toString(p)).includes(mongodb_1.MongoDB.toString(projectId))))
throw new Error(`You don't have permissions in this project.`);
}
}
exports.checkProjectPermissionsById = checkProjectPermissionsById;
function checkProjectPermissions(project, user) {
checkProjectPermissionsById(project._id, user);
}
exports.checkProjectPermissions = checkProjectPermissions;
async function checkProjectPermissionsByFilter(svc, filter, user) {
if (user && user.allowAccess) {
const projects = await svc.find(filter);
projects.forEach((project) => {
// check APP access permissions
checkProjectPermissions(project, user);
});
}
}
exports.checkProjectPermissionsByFilter = checkProjectPermissionsByFilter;
function checkAppPermissionsById(appId, user) {
var _a, _b, _c, _d;
if (!mongodb_1.MongoDB.isValidObjectId(appId))
throw new Error(`App ID is invalid: "${appId}"`);
if (user && ((_b = (_a = user === null || user === void 0 ? void 0 : user.allowAccess) === null || _a === void 0 ? void 0 : _a.apps) === null || _b === void 0 ? void 0 : _b.length) > 0) {
if (!((_d = (_c = user === null || user === void 0 ? void 0 : user.allowAccess) === null || _c === void 0 ? void 0 : _c.apps) === null || _d === void 0 ? void 0 : _d.map((p) => mongodb_1.MongoDB.toString(p)).includes(mongodb_1.MongoDB.toString(appId)))) {
throw new Error(`Permission denied.`);
}
}
}
exports.checkAppPermissionsById = checkAppPermissionsById;
function checkAppPermissions(app, user) {
checkAppPermissionsById(app._id, user);
}
exports.checkAppPermissions = checkAppPermissions;
async function checkAppPermissionsByFilter(svc, filter, user) {
if (user && user.allowAccess) {
const apps = await svc.find(filter);
apps.forEach((app) => {
// check APP access permissions
checkAppPermissions(app, user);
});
}
}
exports.checkAppPermissionsByFilter = checkAppPermissionsByFilter;
async function checkProjectAndAppPermissions(svc, filter, user) {
if (user && user.allowAccess) {
const apps = await svc.find(filter);
apps.forEach((app) => {
// check PROJECT access permissions
checkProjectPermissionsById(app.project, user);
// check APP access permissions
checkAppPermissions(app, user);
});
}
}
exports.checkProjectAndAppPermissions = checkProjectAndAppPermissions;
function checkPermissionsById(resource, id, user) {
if (!mongodb_1.MongoDB.isValidObjectId(id))
throw new Error(`${(0, lodash_1.upperFirst)(resource)} ID is invalid: "${id}"`);
if (user && user.allowAccess && user.allowAccess[resource] && user.allowAccess[resource].length > 0) {
const allowedResources = user.allowAccess[resource];
if (!(allowedResources === null || allowedResources === void 0 ? void 0 : allowedResources.map((item) => mongodb_1.MongoDB.toString(item)).includes(mongodb_1.MongoDB.toString(id))))
throw new Error(`You don't have permissions in this ${resource}.`);
}
}
exports.checkPermissionsById = checkPermissionsById;
function checkPermissions(resource, item, user) {
checkPermissionsById(resource, item._id, user);
}
exports.checkPermissions = checkPermissions;
async function checkPermissionsByFilter(resource, svc, filter, user) {
if (user && user.allowAccess && user.allowAccess[resource] && user.allowAccess[resource].length > 0) {
const items = await svc.find(filter);
items.forEach((item) => {
checkPermissions(resource, item, user);
});
}
}
exports.checkPermissionsByFilter = checkPermissionsByFilter;