@topgroup/diginext
Version:
A BUILD SERVER & CLI to deploy apps to any Kubernetes clusters.
143 lines (142 loc) • 8.41 kB
JavaScript
;
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
__setModuleDefault(result, mod);
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.seedDefaultRoles = void 0;
const app_config_1 = require("../app.config");
const SystemTypes_1 = require("../interfaces/SystemTypes");
const mongodb_1 = require("../plugins/mongodb");
// seed default roles of a workspace
const seedDefaultRoles = async (workspace, owner) => {
var _a, _b, _c, _d;
// console.log("Seeding default roles...");
const { DB } = await Promise.resolve().then(() => __importStar(require("../modules/api/DB")));
// ADMIN
let adminRole = await DB.findOne("role", { type: "admin", workspace: workspace._id }, { ignorable: true });
let adminMaskedFields = [];
if (!app_config_1.Config.SHARE_RESOURCE_CREDENTIAL)
adminMaskedFields = [...SystemTypes_1.credentialFields];
if (!adminRole) {
const adminRoleDto = {};
adminRoleDto.name = "Administrator";
adminRoleDto.routes = [{ path: "*", permissions: ["full"] }];
adminRoleDto.workspace = workspace._id;
adminRoleDto.type = "admin";
adminRoleDto.maskedFields = adminMaskedFields;
adminRole = await DB.create("role", adminRoleDto);
}
else {
if (((_a = adminRole.maskedFields) === null || _a === void 0 ? void 0 : _a.join(",")) !== adminMaskedFields.join(",")) {
adminRole = await DB.updateOne("role", { _id: adminRole._id }, { maskedFields: adminMaskedFields }, { ignorable: true });
}
}
// assign admin role to the "owner" user
const fullOwner = await DB.findOne("user", { _id: owner._id }, { populate: ["roles", "activeWorkspace"], ignorable: true });
let ownerRoles = ((fullOwner === null || fullOwner === void 0 ? void 0 : fullOwner.roles) || []);
const ownerHasAdminRole = ownerRoles.map((role) => role._id).includes(mongodb_1.MongoDB.toString(adminRole._id));
if (!ownerHasAdminRole) {
ownerRoles = ownerRoles.filter((role) => mongodb_1.MongoDB.toString(role.workspace) !== mongodb_1.MongoDB.toString(workspace._id));
ownerRoles.push(adminRole);
// update role ids
const roleIds = ownerRoles.map((role) => role._id);
const [user] = await DB.update("user", { _id: owner._id }, { roles: roleIds });
}
// MEMBER
let memberRole = await DB.findOne("role", { type: "member", workspace: workspace._id }, { ignorable: true });
const memberRoleMaskedFields = ["email", ...SystemTypes_1.credentialFields];
if (!memberRole) {
const memberRoleDto = {};
memberRoleDto.name = "Member";
memberRoleDto.routes = SystemTypes_1.memberRoleRoutes;
memberRoleDto.workspace = workspace._id;
memberRoleDto.type = "member";
memberRoleDto.maskedFields = memberRoleMaskedFields;
memberRole = await DB.create("role", memberRoleDto);
}
else {
// Update maskFields if it's not correct
if (((_b = memberRole.maskedFields) === null || _b === void 0 ? void 0 : _b.join(",")) !== memberRoleMaskedFields.join(",")) {
memberRole = await DB.updateOne("role", { _id: memberRole._id }, { maskedFields: memberRoleMaskedFields }, { ignorable: true });
}
// compare routes & permissions, if it doesn't match -> update!
const defaultMemberRoleRoutes = SystemTypes_1.memberRoleRoutes.map((r) => { var _a; return `${r.path}:${(_a = r.permissions) === null || _a === void 0 ? void 0 : _a.join(",")}`; }).join("|");
const dbMemberRoleRoutes = memberRole.routes.map((r) => { var _a; return `${r.path}:${(_a = r.permissions) === null || _a === void 0 ? void 0 : _a.join(",")}`; }).join("|");
// console.log("defaultMemberRoleRoutes :>> ", defaultMemberRoleRoutes);
// console.log("dbMemberRoleRoutes :>> ", dbMemberRoleRoutes);
if (defaultMemberRoleRoutes !== dbMemberRoleRoutes) {
memberRole = await DB.updateOne("role", { _id: memberRole._id }, { routes: SystemTypes_1.memberRoleRoutes }, { ignorable: true });
}
}
// MODERATOR
let moderatorRole = await DB.findOne("role", { type: "moderator", workspace: workspace._id }, { ignorable: true });
if (!moderatorRole) {
const moderatorRoleDto = {};
moderatorRoleDto.name = "Moderator";
moderatorRoleDto.routes = SystemTypes_1.moderatorRoleRoutes;
moderatorRoleDto.workspace = workspace._id;
moderatorRoleDto.type = "moderator";
moderatorRoleDto.maskedFields = adminMaskedFields;
moderatorRole = await DB.create("role", moderatorRoleDto);
}
else {
// Update maskedFields if it is incorrect
if (((_c = moderatorRole.maskedFields) === null || _c === void 0 ? void 0 : _c.join(",")) !== adminMaskedFields.join(",")) {
moderatorRole = await DB.updateOne("role", { _id: moderatorRole._id }, { maskedFields: adminMaskedFields }, { ignorable: true });
}
// compare routes & permissions, if it doesn't match -> update!
const defaultModRoleRoutes = SystemTypes_1.moderatorRoleRoutes.map((r) => { var _a; return `${r.path}:${(_a = r.permissions) === null || _a === void 0 ? void 0 : _a.join(",")}`; }).join("|");
const dbModRoleRoutes = moderatorRole.routes.map((r) => { var _a; return `${r.path}:${(_a = r.permissions) === null || _a === void 0 ? void 0 : _a.join(",")}`; }).join("|");
if (defaultModRoleRoutes !== dbModRoleRoutes) {
moderatorRole = await DB.updateOne("role", { _id: moderatorRole._id }, { routes: SystemTypes_1.moderatorRoleRoutes }, { ignorable: true });
}
}
// GUEST
let guestRole = await DB.findOne("role", { type: "guest", workspace: workspace._id }, { ignorable: true });
if (!guestRole) {
const guestRoleDto = {};
guestRoleDto.name = "Guest";
guestRoleDto.routes = SystemTypes_1.guestRoleRoutes;
guestRoleDto.workspace = workspace._id;
guestRoleDto.type = "guest";
guestRoleDto.maskedFields = adminMaskedFields;
guestRole = await DB.create("role", guestRoleDto);
}
else {
// Update maskedFields if it is incorrect
if (((_d = guestRole.maskedFields) === null || _d === void 0 ? void 0 : _d.join(",")) !== adminMaskedFields.join(",")) {
guestRole = await DB.updateOne("role", { _id: guestRole._id }, { maskedFields: adminMaskedFields }, { ignorable: true });
}
// compare name, if it doesn't match -> update!
if (guestRole.name !== "Guest")
guestRole = await DB.updateOne("role", { _id: guestRole._id }, { name: "Guest" }, { ignorable: true });
// compare routes & permissions, if it doesn't match -> update!
const defaultGuestRoleRoutes = SystemTypes_1.guestRoleRoutes.map((r) => { var _a; return `${r.path}:${(_a = r.permissions) === null || _a === void 0 ? void 0 : _a.join(",")}`; }).join("|");
const dbGuestRoleRoutes = guestRole.routes.map((r) => { var _a; return `${r.path}:${(_a = r.permissions) === null || _a === void 0 ? void 0 : _a.join(",")}`; }).join("|");
if (defaultGuestRoleRoutes !== dbGuestRoleRoutes) {
guestRole = await DB.updateOne("role", { _id: guestRole._id }, { routes: SystemTypes_1.guestRoleRoutes }, { ignorable: true });
}
}
return [adminRole, memberRole, moderatorRole, guestRole];
};
exports.seedDefaultRoles = seedDefaultRoles;