diff --git a/packages/server/src/utilities/accessLevels.js b/packages/server/src/utilities/accessLevels.js index bc8ae4cb77..8e318d03d3 100644 --- a/packages/server/src/utilities/accessLevels.js +++ b/packages/server/src/utilities/accessLevels.js @@ -1,106 +1,29 @@ -const viewController = require("../api/controllers/view") -const modelController = require("../api/controllers/model") -const workflowController = require("../api/controllers/workflow") - -// Access Level IDs -const ADMIN_LEVEL_ID = "ADMIN" -const POWERUSER_LEVEL_ID = "POWER_USER" -const BUILDER_LEVEL_ID = "BUILDER" -const ANON_LEVEL_ID = "ANON" - // Permissions -const READ_MODEL = "read-model" -const WRITE_MODEL = "write-model" -const READ_VIEW = "read-view" -const EXECUTE_WORKFLOW = "execute-workflow" -const USER_MANAGEMENT = "user-management" -const BUILDER = "builder" -const LIST_USERS = "list-users" - -const adminPermissions = [ +module.exports.READ_MODEL = "read-model" +module.exports.WRITE_MODEL = "write-model" +module.exports.READ_VIEW = "read-view" +module.exports.EXECUTE_WORKFLOW = "execute-workflow" +module.exports.USER_MANAGEMENT = "user-management" +module.exports.BUILDER = "builder" +module.exports.LIST_USERS = "list-users" +// Access Level IDs +module.exports.ADMIN_LEVEL_ID = "ADMIN" +module.exports.POWERUSER_LEVEL_ID = "POWER_USER" +module.exports.BUILDER_LEVEL_ID = "BUILDER" +module.exports.ANON_LEVEL_ID = "ANON" +module.exports.ACCESS_LEVELS = [ + module.exports.ADMIN_LEVEL_ID, + module.exports.POWERUSER_LEVEL_ID, + module.exports.BUILDER_LEVEL_ID, + module.exports.ANON_LEVEL_ID, +] +module.exports.adminPermissions = [ { - name: USER_MANAGEMENT, + name: module.exports.USER_MANAGEMENT, }, ] -const generateAdminPermissions = async instanceId => [ - ...adminPermissions, - ...(await generatePowerUserPermissions(instanceId)), -] - -const generatePowerUserPermissions = async instanceId => { - const fetchModelsCtx = { - user: { - instanceId, - }, - } - await modelController.fetch(fetchModelsCtx) - const models = fetchModelsCtx.body - - const fetchViewsCtx = { - user: { - instanceId, - }, - } - await viewController.fetch(fetchViewsCtx) - const views = fetchViewsCtx.body - - const fetchWorkflowsCtx = { - user: { - instanceId, - }, - } - await workflowController.fetch(fetchWorkflowsCtx) - const workflows = fetchWorkflowsCtx.body - - const readModelPermissions = models.map(m => ({ - itemId: m._id, - name: READ_MODEL, - })) - - const writeModelPermissions = models.map(m => ({ - itemId: m._id, - name: WRITE_MODEL, - })) - - const viewPermissions = views.map(v => ({ - itemId: v.name, - name: READ_VIEW, - })) - - const executeWorkflowPermissions = workflows.map(w => ({ - itemId: w._id, - name: EXECUTE_WORKFLOW, - })) - - return [ - ...readModelPermissions, - ...writeModelPermissions, - ...viewPermissions, - ...executeWorkflowPermissions, - { name: LIST_USERS }, - ] -} - -module.exports = { - ADMIN_LEVEL_ID, - POWERUSER_LEVEL_ID, - BUILDER_LEVEL_ID, - ANON_LEVEL_ID, - ACCESS_LEVELS: [ - ADMIN_LEVEL_ID, - POWERUSER_LEVEL_ID, - BUILDER_LEVEL_ID, - ANON_LEVEL_ID, - ], - READ_MODEL, - WRITE_MODEL, - READ_VIEW, - EXECUTE_WORKFLOW, - USER_MANAGEMENT, - BUILDER, - LIST_USERS, - adminPermissions, - generateAdminPermissions, - generatePowerUserPermissions, -} +// to avoid circular dependencies this is included later, after exporting all enums +const permissions = require("./permissions") +module.exports.generateAdminPermissions = permissions.generateAdminPermissions +module.exports.generatePowerUserPermissions = permissions.generatePowerUserPermissions diff --git a/packages/server/src/utilities/permissions.js b/packages/server/src/utilities/permissions.js new file mode 100644 index 0000000000..0c5b2603f3 --- /dev/null +++ b/packages/server/src/utilities/permissions.js @@ -0,0 +1,66 @@ +const viewController = require("../api/controllers/view") +const modelController = require("../api/controllers/model") +const workflowController = require("../api/controllers/workflow") +const accessLevels = require("./accessLevels") + +// this has been broken out to reduce risk of circular dependency from utilities, no enums defined here +const generateAdminPermissions = async instanceId => [ + ...accessLevels.adminPermissions, + ...(await generatePowerUserPermissions(instanceId)), +] + +const generatePowerUserPermissions = async instanceId => { + const fetchModelsCtx = { + user: { + instanceId, + }, + } + await modelController.fetch(fetchModelsCtx) + const models = fetchModelsCtx.body + + const fetchViewsCtx = { + user: { + instanceId, + }, + } + await viewController.fetch(fetchViewsCtx) + const views = fetchViewsCtx.body + + const fetchWorkflowsCtx = { + user: { + instanceId, + }, + } + await workflowController.fetch(fetchWorkflowsCtx) + const workflows = fetchWorkflowsCtx.body + + const readModelPermissions = models.map(m => ({ + itemId: m._id, + name: accessLevels.READ_MODEL, + })) + + const writeModelPermissions = models.map(m => ({ + itemId: m._id, + name: accessLevels.WRITE_MODEL, + })) + + const viewPermissions = views.map(v => ({ + itemId: v.name, + name: accessLevels.READ_VIEW, + })) + + const executeWorkflowPermissions = workflows.map(w => ({ + itemId: w._id, + name: accessLevels.EXECUTE_WORKFLOW, + })) + + return [ + ...readModelPermissions, + ...writeModelPermissions, + ...viewPermissions, + ...executeWorkflowPermissions, + { name: accessLevels.LIST_USERS }, + ] +} +module.exports.generateAdminPermissions = generateAdminPermissions +module.exports.generatePowerUserPermissions = generatePowerUserPermissions diff --git a/packages/server/src/workflows/steps/createUser.js b/packages/server/src/workflows/steps/createUser.js index 35aa9bd31c..8b7d47ed09 100644 --- a/packages/server/src/workflows/steps/createUser.js +++ b/packages/server/src/workflows/steps/createUser.js @@ -1,5 +1,5 @@ +const accessLevels = require("../../utilities/accessLevels") const userController = require("../../api/controllers/user") -let accessLevels = require("../../utilities/accessLevels") module.exports.definition = { description: "Create a new user",