backendless-console-sdk/es/security.js

Backendless Console SDK for Node.js and browser

"use strict";

var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
Object.defineProperty(exports, "__esModule", {
  value: true
});
exports["default"] = void 0;
var _defineProperty2 = _interopRequireDefault(require("@babel/runtime/helpers/defineProperty"));
var _sortBy2 = _interopRequireDefault(require("lodash/sortBy"));
var _totalRows = _interopRequireDefault(require("./utils/total-rows"));
var _securityUrlBuilder = require("./security-url-builder");
var _security = require("./constants/security");
var _urls = _interopRequireDefault(require("./urls"));
function ownKeys(object, enumerableOnly) { var keys = Object.keys(object); if (Object.getOwnPropertySymbols) { var symbols = Object.getOwnPropertySymbols(object); enumerableOnly && (symbols = symbols.filter(function (sym) { return Object.getOwnPropertyDescriptor(object, sym).enumerable; })), keys.push.apply(keys, symbols); } return keys; }
function _objectSpread(target) { for (var i = 1; i < arguments.length; i++) { var source = null != arguments[i] ? arguments[i] : {}; i % 2 ? ownKeys(Object(source), !0).forEach(function (key) { (0, _defineProperty2["default"])(target, key, source[key]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(target, Object.getOwnPropertyDescriptors(source)) : ownKeys(Object(source)).forEach(function (key) { Object.defineProperty(target, key, Object.getOwnPropertyDescriptor(source, key)); }); } return target; }
var emptyResponse = {
  data: []
};
var sortEntitiesByName = function sortEntitiesByName(response) {
  response.data = (0, _sortBy2["default"])(response.data, 'name');
  return response;
};
var castArray = function castArray(items) {
  return Array.isArray(items) ? items : [items];
};
var transformOwnerResponse = function transformOwnerResponse(response) {
  return {
    data: [{
      permissions: response
    }]
  };
};
var transformRolesResponse = function transformRolesResponse(response) {
  return {
    data: response
  };
};
var transformUsersResponse = function transformUsersResponse(response) {
  return {
    data: response
  };
};
var transformColumnsResponse = function transformColumnsResponse(response) {
  return {
    data: response.map(function (item) {
      return {
        name: item.roleName,
        roleId: item.roleId,
        permissions: item.permissions
      };
    })
  };
};

/**
 * Transforms
 *      [{operationName, operationId, roles: [{roleId, roleName, access}, ...]}, ...]
 * into
 *      { data: [ { roleId, name, permissions: [{operation, access}, ..] }] }
 *
 * @param {Array} response
 * @returns {{data: Array}}
 */
var transformAclRolesResponse = function transformAclRolesResponse(response) {
  var rolesMap = {};
  response.forEach(function (operation) {
    operation.roles.forEach(function (role) {
      if (!rolesMap[role.roleId]) {
        rolesMap[role.roleId] = {
          roleId: role.roleId,
          name: role.roleName,
          permissions: []
        };
      }
      rolesMap[role.roleId].permissions.push({
        operation: operation.operationName,
        access: role.access
      });
    });
  });
  return transformRolesResponse(Object.keys(rolesMap).map(function (roleId) {
    return rolesMap[roleId];
  }));
};

/**
 * Here is the situation :
 *
 * for users the response is { data: [ { permissions: [{operation, access}, ..] }] }
 * for roles the response is [ {permissions: [{operation, access}, ...]} ]
 * for owner the response is [{ operation, access }, ...]
 *
 * for acl roles the response is absolute EVIL in absolutely CRAZY form :
 *      [{operationName, operationId, [roles: [{roleId, roleName, access}]]}]
 *
 *
 * Since, we want to store, handle and render all permissions using the same set of classes/components
 * we need to have the response to be the same for all policies :
 *
 * { data: [ { permissions: [{operation, access}, ..] }] }
 *
 * This method does exactly this
 *
 * @param {*} response
 * @returns {{data: Array.<{permissions: Array}>}}
 */
var alignGetResponseShape = function alignGetResponseShape(response) {
  if (response.data) {
    return response; //a normal response, nothing to do here
  }

  var empty = !response.length;
  var columnsResponse = !empty && !!response[0].permissions && !!response[0].permissions[0].columnId;
  var rolesResponse = !empty && !!response[0].permissions;
  var aclRolesResponse = !empty && !!response[0].operationId;
  var usersResponse = !empty && !!response[0].userId;
  return empty && emptyResponse || columnsResponse && transformColumnsResponse(response) || rolesResponse && transformRolesResponse(response) || aclRolesResponse && transformAclRolesResponse(response) || usersResponse && transformUsersResponse(response) || transformOwnerResponse(response);
};
var enrichPermissions = function enrichPermissions(result) {
  var _result$data$;
  var columnsResponse = !!((_result$data$ = result.data[0]) !== null && _result$data$ !== void 0 && (_result$data$ = _result$data$.permissions[0]) !== null && _result$data$ !== void 0 && _result$data$.columnId);
  result.data.forEach(function (item) {
    item.permissions = toPermissionsMap(item.permissions, columnsResponse);
  });
  return result;
};
var enrichEntities = function enrichEntities(result) {
  result.data.forEach(function (item) {
    item.id = item.userId || item.roleId || 'owner';
  });
  return result;
};

/**
 * For owner the response is 'GRANT_INHERIT'
 * for roles acl the response is complete GET response
 * for all other types the response is array of objects with two fields {operation, access}
 * possibly wrapped into 'permissions' field..  ︻デ═一
 *
 * We want to cast all these responses to the following structure
 *
 * {
 *  [policyItemId]: {
 *      [operation] : {access},
 *      ...
 *  },
 *  ...
 * }
 */
var alignModifyResponseShape = function alignModifyResponseShape(appId, policy, policyItemId, service, serviceItemId, serviceItemName, objectId, operation) {
  return function (response) {
    if (!response) {
      return {};
    }
    var isOwnerPolicy = policy === _security.PermissionPolicies.OWNER;
    var isRolesPolicy = policy === _security.PermissionPolicies.ROLES;
    var isColumnsPolicy = policy === _security.PermissionPolicies.COLUMNS;
    var isObjectACL = objectId !== _security.ALL_OBJECTS;
    var result = {};
    if (isOwnerPolicy) {
      result.owner = (0, _defineProperty2["default"])({}, operation, response);
    } else if (isObjectACL && isRolesPolicy) {
      response.forEach(function (operation) {
        operation.roles.forEach(function (role) {
          result[role.roleId] = result[role.roleId] || {};
          result[role.roleId][operation.operationName] = role.access;
        });
      });
    } else if (isColumnsPolicy) {
      return response;
    } else {
      if (response.permissions) {
        response = response.permissions;
      }
      var permissions = result[policyItemId] = {};
      response.forEach(function (permission) {
        return permissions[permission.operation] = permission.access;
      });
    }
    return result;
  };
};

/**
 * Converts permissions object to permissions map where key is operation and value is access
 * E.q.
 *     [{operation: 'Update', access: 'Grant}, {operation: 'Find', access: 'Deny'}]
 *     =>
 *     {Update: 'Grant', Find: 'Deny'}
 * @param permissions
 * @param columnsResponse
 * @returns {{}}
 */
var toPermissionsMap = function toPermissionsMap(permissions, columnsResponse) {
  var map = {};
  if (permissions) {
    permissions.forEach(function (permission) {
      if (columnsResponse) {
        map[permission.columnId] = permission.access;
      } else {
        map[permission.operation] = permission.access;
      }
    });
  }
  return map;
};

//TODO it will be removed when the server will be ready (CONSOLE-307)
var normalizeRolePropsNames = function normalizeRolePropsNames(role) {
  return _objectSpread({
    id: role.roleId,
    name: role.rolename
  }, role);
};
//TODO it will be removed when the server will be ready (CONSOLE-307)
var normalizeRolesPropsNames = function normalizeRolesPropsNames(roles) {
  return roles.map(normalizeRolePropsNames);
};
//TODO it will be removed when the server will be ready to provide this info (CONSOLE-307)

var enrichRolesProps = function enrichRolesProps(roles) {
  return roles.map(function (role) {
    return _objectSpread({
      system: _security.SYSTEM_ROLES.includes(role.name)
    }, role);
  });
};
var _default = function _default(req) {
  var loadPermissions = function loadPermissions(appId, policy, service, serviceItemId, serviceItemName, objectId) {
    var filterParams = arguments.length > 6 && arguments[6] !== undefined ? arguments[6] : {};
    var identityColumnName = arguments.length > 7 ? arguments[7] : undefined;
    var url = (0, _securityUrlBuilder.buildGetUrl)(appId, policy, service, serviceItemId, serviceItemName, objectId, filterParams);
    var addTotalRows = function addTotalRows(response) {
      if (policy === _security.PermissionPolicies.USERS) {
        filterParams.identity = filterParams.identity || filterParams.name;
        var usersCountReq = req.get(_urls["default"].dataTable(appId, 'Users')).query({
          where: filterParams.identity ? "".concat(identityColumnName, " like '%").concat(filterParams.identity, "%'") : undefined
        });
        return (0, _totalRows["default"])(req).getFor(usersCountReq).then(function (totalRows) {
          return _objectSpread(_objectSpread({}, response), {}, {
            totalRows: totalRows
          });
        });
      }
      return response;
    };
    return req.get(url).then(alignGetResponseShape) //transform all policies responses to the same shape with 'data' prop
    .then(enrichPermissions) //transform permissions array into permissions map
    .then(enrichEntities) //transform users and roles entities to the shape with 'id' property
    .then(addTotalRows) //resolve totalRows property
    .then(sortEntitiesByName);
  };
  var setPermission = function setPermission(appId, policy, policyItemId, service, serviceItemId, serviceItemName, objectId, permission) {
    var isOwnerPolicy = policy === _security.PermissionPolicies.OWNER;
    var isColumnPolicy = policy === _security.PermissionPolicies.COLUMNS;
    var isObjectACL = objectId !== _security.ALL_OBJECTS;

    //for owner and object acl the body should contain just {access, permission} object
    //for all other cases it must be wrapped into an array and object :
    //{ permissions: [{access,permission}, ...] }
    var body = isOwnerPolicy || isColumnPolicy || isObjectACL ? permission : {
      permissions: castArray(permission)
    };
    var url = (0, _securityUrlBuilder.buildPutUrl)(appId, policy, service, serviceItemId, serviceItemName, objectId, policyItemId, permission);
    return req.put(url, body).then(alignModifyResponseShape(appId, policy, policyItemId, service, serviceItemId, serviceItemName, objectId, permission));
  };
  var dropPermissions = function dropPermissions() {
    var url = _securityUrlBuilder.buildDeleteUrl.apply(void 0, arguments);
    return req["delete"](url).then(alignModifyResponseShape.apply(void 0, arguments));
  };
  var searchDataACLUsers = function searchDataACLUsers(appId, tableName, objectId, query) {
    return req.get("".concat(_urls["default"].security(appId), "/data/").concat(tableName, "/objectAcl/").concat(objectId, "/users/search/").concat(query)).then(function (result) {
      return {
        data: result
      };
    }).then(enrichPermissions).then(enrichEntities).then(sortEntitiesByName);
  };
  var loadRoles = function loadRoles(appId) {
    return req.get(_urls["default"].securityRoles(appId)).then(normalizeRolesPropsNames) //TODO it will be removed when the server will be ready (CONSOLE-307)
    .then(enrichRolesProps);
  }; //TODO it will be removed when the server will be ready (CONSOLE-307)

  var createRole = function createRole(appId, name) {
    return req.put("".concat(_urls["default"].securityRoles(appId), "/").concat(encodeURIComponent(name))).then(normalizeRolePropsNames);
  };
  var deleteRole = function deleteRole(appId, id) {
    return req["delete"]("".concat(_urls["default"].securityRoles(appId), "/").concat(id));
  };
  var loadRolePermissions = function loadRolePermissions(appId, id) {
    return req.get("".concat(_urls["default"].securityRoles(appId), "/permissions/").concat(id));
  };
  var setRolePermission = function setRolePermission(appId, id, permission) {
    return req.put("".concat(_urls["default"].securityRoles(appId), "/permissions/").concat(id), permission);
  };
  var loadColumnPermissions = function loadColumnPermissions(appId, tableId) {
    return req.get("".concat(_urls["default"].security(appId), "/data/").concat(tableId, "/columns/permissions"));
  };
  var loadAuditLogs = function loadAuditLogs(appId) {
    return req.get("".concat(_urls["default"].security(appId), "/audit-logs"));
  };
  var deleteAuditLogs = function deleteAuditLogs(appId) {
    return req["delete"]("".concat(_urls["default"].security(appId), "/audit-logs"));
  };
  var downloadAuditLogs = function downloadAuditLogs(appId, fromDate, toDate) {
    return req.get("".concat(_urls["default"].security(appId), "/audit-logs/download")).query({
      fromDate: fromDate,
      toDate: toDate
    });
  };
  var activatePanicMode = function activatePanicMode(appId, settings) {
    return req.put("".concat(_urls["default"].appConsole(appId), "/panic/enable"), settings);
  };
  var deactivatePanicMode = function deactivatePanicMode(appId, settings) {
    return req.put("".concat(_urls["default"].appConsole(appId), "/panic/disable"), settings);
  };
  var loadUsers = function loadUsers(appId, _ref) {
    var identityOrUserId = _ref.identityOrUserId,
      offset = _ref.offset,
      pageSize = _ref.pageSize,
      sortBy = _ref.sortBy;
    return req.get("".concat(_urls["default"].appConsole(appId), "/user/sessions/users")).query({
      identityOrUserId: identityOrUserId,
      offset: offset,
      pageSize: pageSize,
      sortBy: sortBy
    });
  };
  var loadUsersWithSessions = function loadUsersWithSessions(appId, _ref2) {
    var cursor = _ref2.cursor,
      pageSize = _ref2.pageSize;
    return req.get("".concat(_urls["default"].appConsole(appId), "/user/sessions/users-with-sessions")).query({
      pageSize: pageSize,
      cursor: cursor
    });
  };
  var loadUserSessions = function loadUserSessions(appId, userId, _ref3) {
    var cursor = _ref3.cursor,
      pageSize = _ref3.pageSize;
    return req.get("".concat(_urls["default"].appConsole(appId), "/user/sessions/").concat(userId)).query({
      pageSize: pageSize,
      cursor: cursor
    });
  };
  var logoutUserSessions = function logoutUserSessions(appId, userId) {
    return req.put("".concat(_urls["default"].appConsole(appId), "/user/sessions/logout"), userId);
  };
  var activateHIPAACompliance = function activateHIPAACompliance(appId) {
    return req.put("".concat(_urls["default"].appConsole(appId), "/compliance/hipaa/enable"));
  };
  var deactivateHIPAACompliance = function deactivateHIPAACompliance(appId) {
    return req.put("".concat(_urls["default"].appConsole(appId), "/compliance/hipaa/disable"));
  };
  return {
    loadRoles: loadRoles,
    createRole: createRole,
    deleteRole: deleteRole,
    loadRolePermissions: loadRolePermissions,
    loadPermissions: loadPermissions,
    setRolePermission: setRolePermission,
    setPermission: setPermission,
    dropPermissions: dropPermissions,
    searchDataACLUsers: searchDataACLUsers,
    loadColumnPermissions: loadColumnPermissions,
    loadAuditLogs: loadAuditLogs,
    deleteAuditLogs: deleteAuditLogs,
    downloadAuditLogs: downloadAuditLogs,
    activatePanicMode: activatePanicMode,
    deactivatePanicMode: deactivatePanicMode,
    loadUsers: loadUsers,
    loadUsersWithSessions: loadUsersWithSessions,
    loadUserSessions: loadUserSessions,
    logoutUserSessions: logoutUserSessions,
    activateHIPAACompliance: activateHIPAACompliance,
    deactivateHIPAACompliance: deactivateHIPAACompliance
  };
};
exports["default"] = _default;