UNPKG

@topgroup/diginext

Version:

A BUILD SERVER & CLI to deploy apps to any Kubernetes clusters.

143 lines (142 loc) 8.41 kB
"use strict"; var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { if (k2 === undefined) k2 = k; var desc = Object.getOwnPropertyDescriptor(m, k); if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { desc = { enumerable: true, get: function() { return m[k]; } }; } Object.defineProperty(o, k2, desc); }) : (function(o, m, k, k2) { if (k2 === undefined) k2 = k; o[k2] = m[k]; })); var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { Object.defineProperty(o, "default", { enumerable: true, value: v }); }) : function(o, v) { o["default"] = v; }); var __importStar = (this && this.__importStar) || function (mod) { if (mod && mod.__esModule) return mod; var result = {}; if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); __setModuleDefault(result, mod); return result; }; Object.defineProperty(exports, "__esModule", { value: true }); exports.seedDefaultRoles = void 0; const app_config_1 = require("../app.config"); const SystemTypes_1 = require("../interfaces/SystemTypes"); const mongodb_1 = require("../plugins/mongodb"); // seed default roles of a workspace const seedDefaultRoles = async (workspace, owner) => { var _a, _b, _c, _d; // console.log("Seeding default roles..."); const { DB } = await Promise.resolve().then(() => __importStar(require("../modules/api/DB"))); // ADMIN let adminRole = await DB.findOne("role", { type: "admin", workspace: workspace._id }, { ignorable: true }); let adminMaskedFields = []; if (!app_config_1.Config.SHARE_RESOURCE_CREDENTIAL) adminMaskedFields = [...SystemTypes_1.credentialFields]; if (!adminRole) { const adminRoleDto = {}; adminRoleDto.name = "Administrator"; adminRoleDto.routes = [{ path: "*", permissions: ["full"] }]; adminRoleDto.workspace = workspace._id; adminRoleDto.type = "admin"; adminRoleDto.maskedFields = adminMaskedFields; adminRole = await DB.create("role", adminRoleDto); } else { if (((_a = adminRole.maskedFields) === null || _a === void 0 ? void 0 : _a.join(",")) !== adminMaskedFields.join(",")) { adminRole = await DB.updateOne("role", { _id: adminRole._id }, { maskedFields: adminMaskedFields }, { ignorable: true }); } } // assign admin role to the "owner" user const fullOwner = await DB.findOne("user", { _id: owner._id }, { populate: ["roles", "activeWorkspace"], ignorable: true }); let ownerRoles = ((fullOwner === null || fullOwner === void 0 ? void 0 : fullOwner.roles) || []); const ownerHasAdminRole = ownerRoles.map((role) => role._id).includes(mongodb_1.MongoDB.toString(adminRole._id)); if (!ownerHasAdminRole) { ownerRoles = ownerRoles.filter((role) => mongodb_1.MongoDB.toString(role.workspace) !== mongodb_1.MongoDB.toString(workspace._id)); ownerRoles.push(adminRole); // update role ids const roleIds = ownerRoles.map((role) => role._id); const [user] = await DB.update("user", { _id: owner._id }, { roles: roleIds }); } // MEMBER let memberRole = await DB.findOne("role", { type: "member", workspace: workspace._id }, { ignorable: true }); const memberRoleMaskedFields = ["email", ...SystemTypes_1.credentialFields]; if (!memberRole) { const memberRoleDto = {}; memberRoleDto.name = "Member"; memberRoleDto.routes = SystemTypes_1.memberRoleRoutes; memberRoleDto.workspace = workspace._id; memberRoleDto.type = "member"; memberRoleDto.maskedFields = memberRoleMaskedFields; memberRole = await DB.create("role", memberRoleDto); } else { // Update maskFields if it's not correct if (((_b = memberRole.maskedFields) === null || _b === void 0 ? void 0 : _b.join(",")) !== memberRoleMaskedFields.join(",")) { memberRole = await DB.updateOne("role", { _id: memberRole._id }, { maskedFields: memberRoleMaskedFields }, { ignorable: true }); } // compare routes & permissions, if it doesn't match -> update! const defaultMemberRoleRoutes = SystemTypes_1.memberRoleRoutes.map((r) => { var _a; return `${r.path}:${(_a = r.permissions) === null || _a === void 0 ? void 0 : _a.join(",")}`; }).join("|"); const dbMemberRoleRoutes = memberRole.routes.map((r) => { var _a; return `${r.path}:${(_a = r.permissions) === null || _a === void 0 ? void 0 : _a.join(",")}`; }).join("|"); // console.log("defaultMemberRoleRoutes :>> ", defaultMemberRoleRoutes); // console.log("dbMemberRoleRoutes :>> ", dbMemberRoleRoutes); if (defaultMemberRoleRoutes !== dbMemberRoleRoutes) { memberRole = await DB.updateOne("role", { _id: memberRole._id }, { routes: SystemTypes_1.memberRoleRoutes }, { ignorable: true }); } } // MODERATOR let moderatorRole = await DB.findOne("role", { type: "moderator", workspace: workspace._id }, { ignorable: true }); if (!moderatorRole) { const moderatorRoleDto = {}; moderatorRoleDto.name = "Moderator"; moderatorRoleDto.routes = SystemTypes_1.moderatorRoleRoutes; moderatorRoleDto.workspace = workspace._id; moderatorRoleDto.type = "moderator"; moderatorRoleDto.maskedFields = adminMaskedFields; moderatorRole = await DB.create("role", moderatorRoleDto); } else { // Update maskedFields if it is incorrect if (((_c = moderatorRole.maskedFields) === null || _c === void 0 ? void 0 : _c.join(",")) !== adminMaskedFields.join(",")) { moderatorRole = await DB.updateOne("role", { _id: moderatorRole._id }, { maskedFields: adminMaskedFields }, { ignorable: true }); } // compare routes & permissions, if it doesn't match -> update! const defaultModRoleRoutes = SystemTypes_1.moderatorRoleRoutes.map((r) => { var _a; return `${r.path}:${(_a = r.permissions) === null || _a === void 0 ? void 0 : _a.join(",")}`; }).join("|"); const dbModRoleRoutes = moderatorRole.routes.map((r) => { var _a; return `${r.path}:${(_a = r.permissions) === null || _a === void 0 ? void 0 : _a.join(",")}`; }).join("|"); if (defaultModRoleRoutes !== dbModRoleRoutes) { moderatorRole = await DB.updateOne("role", { _id: moderatorRole._id }, { routes: SystemTypes_1.moderatorRoleRoutes }, { ignorable: true }); } } // GUEST let guestRole = await DB.findOne("role", { type: "guest", workspace: workspace._id }, { ignorable: true }); if (!guestRole) { const guestRoleDto = {}; guestRoleDto.name = "Guest"; guestRoleDto.routes = SystemTypes_1.guestRoleRoutes; guestRoleDto.workspace = workspace._id; guestRoleDto.type = "guest"; guestRoleDto.maskedFields = adminMaskedFields; guestRole = await DB.create("role", guestRoleDto); } else { // Update maskedFields if it is incorrect if (((_d = guestRole.maskedFields) === null || _d === void 0 ? void 0 : _d.join(",")) !== adminMaskedFields.join(",")) { guestRole = await DB.updateOne("role", { _id: guestRole._id }, { maskedFields: adminMaskedFields }, { ignorable: true }); } // compare name, if it doesn't match -> update! if (guestRole.name !== "Guest") guestRole = await DB.updateOne("role", { _id: guestRole._id }, { name: "Guest" }, { ignorable: true }); // compare routes & permissions, if it doesn't match -> update! const defaultGuestRoleRoutes = SystemTypes_1.guestRoleRoutes.map((r) => { var _a; return `${r.path}:${(_a = r.permissions) === null || _a === void 0 ? void 0 : _a.join(",")}`; }).join("|"); const dbGuestRoleRoutes = guestRole.routes.map((r) => { var _a; return `${r.path}:${(_a = r.permissions) === null || _a === void 0 ? void 0 : _a.join(",")}`; }).join("|"); if (defaultGuestRoleRoutes !== dbGuestRoleRoutes) { guestRole = await DB.updateOne("role", { _id: guestRole._id }, { routes: SystemTypes_1.guestRoleRoutes }, { ignorable: true }); } } return [adminRole, memberRole, moderatorRole, guestRole]; }; exports.seedDefaultRoles = seedDefaultRoles;