136 lines
5.6 KiB
JavaScript
136 lines
5.6 KiB
JavaScript
"use strict";
|
|
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
return new (P || (P = Promise))(function (resolve, reject) {
|
|
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
});
|
|
};
|
|
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
};
|
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
exports.isRemovingBuilder = exports.isAddingBuilder = exports.handleSaveEvents = exports.handleDeleteEvents = void 0;
|
|
const environment_1 = __importDefault(require("../../environment"));
|
|
const backend_core_1 = require("@budibase/backend-core");
|
|
const handleDeleteEvents = (user) => __awaiter(void 0, void 0, void 0, function* () {
|
|
yield backend_core_1.events.user.deleted(user);
|
|
if (isBuilder(user)) {
|
|
yield backend_core_1.events.user.permissionBuilderRemoved(user);
|
|
}
|
|
if (isAdmin(user)) {
|
|
yield backend_core_1.events.user.permissionAdminRemoved(user);
|
|
}
|
|
});
|
|
exports.handleDeleteEvents = handleDeleteEvents;
|
|
const assignAppRoleEvents = (user, roles, existingRoles) => __awaiter(void 0, void 0, void 0, function* () {
|
|
for (const [appId, role] of Object.entries(roles)) {
|
|
// app role in existing is not same as new
|
|
if (!existingRoles || existingRoles[appId] !== role) {
|
|
yield backend_core_1.events.role.assigned(user, role);
|
|
}
|
|
}
|
|
});
|
|
const unassignAppRoleEvents = (user, roles, existingRoles) => __awaiter(void 0, void 0, void 0, function* () {
|
|
if (!existingRoles) {
|
|
return;
|
|
}
|
|
for (const [appId, role] of Object.entries(existingRoles)) {
|
|
// app role in new is not same as existing
|
|
if (!roles || roles[appId] !== role) {
|
|
yield backend_core_1.events.role.unassigned(user, role);
|
|
}
|
|
}
|
|
});
|
|
const handleAppRoleEvents = (user, existingUser) => __awaiter(void 0, void 0, void 0, function* () {
|
|
const roles = user.roles;
|
|
const existingRoles = existingUser === null || existingUser === void 0 ? void 0 : existingUser.roles;
|
|
yield assignAppRoleEvents(user, roles, existingRoles);
|
|
yield unassignAppRoleEvents(user, roles, existingRoles);
|
|
});
|
|
const handleSaveEvents = (user, existingUser) => __awaiter(void 0, void 0, void 0, function* () {
|
|
const tenantId = backend_core_1.tenancy.getTenantId();
|
|
let tenantAccount;
|
|
if (!environment_1.default.SELF_HOSTED && !environment_1.default.DISABLE_ACCOUNT_PORTAL) {
|
|
tenantAccount = yield backend_core_1.accounts.getAccountByTenantId(tenantId);
|
|
}
|
|
yield backend_core_1.events.identification.identifyUser(user, tenantAccount);
|
|
if (existingUser) {
|
|
yield backend_core_1.events.user.updated(user);
|
|
if ((0, exports.isRemovingBuilder)(user, existingUser)) {
|
|
yield backend_core_1.events.user.permissionBuilderRemoved(user);
|
|
}
|
|
if (isRemovingAdmin(user, existingUser)) {
|
|
yield backend_core_1.events.user.permissionAdminRemoved(user);
|
|
}
|
|
if (!existingUser.forceResetPassword &&
|
|
user.forceResetPassword &&
|
|
user.password) {
|
|
yield backend_core_1.events.user.passwordForceReset(user);
|
|
}
|
|
}
|
|
else {
|
|
yield backend_core_1.events.user.created(user);
|
|
}
|
|
if ((0, exports.isAddingBuilder)(user, existingUser)) {
|
|
yield backend_core_1.events.user.permissionBuilderAssigned(user);
|
|
}
|
|
if (isAddingAdmin(user, existingUser)) {
|
|
yield backend_core_1.events.user.permissionAdminAssigned(user);
|
|
}
|
|
yield handleAppRoleEvents(user, existingUser);
|
|
});
|
|
exports.handleSaveEvents = handleSaveEvents;
|
|
const isBuilder = (user) => user.builder && user.builder.global;
|
|
const isAdmin = (user) => user.admin && user.admin.global;
|
|
const isAddingBuilder = (user, existingUser) => {
|
|
return isAddingPermission(user, existingUser, isBuilder);
|
|
};
|
|
exports.isAddingBuilder = isAddingBuilder;
|
|
const isRemovingBuilder = (user, existingUser) => {
|
|
return isRemovingPermission(user, existingUser, isBuilder);
|
|
};
|
|
exports.isRemovingBuilder = isRemovingBuilder;
|
|
const isAddingAdmin = (user, existingUser) => {
|
|
return isAddingPermission(user, existingUser, isAdmin);
|
|
};
|
|
const isRemovingAdmin = (user, existingUser) => {
|
|
return isRemovingPermission(user, existingUser, isAdmin);
|
|
};
|
|
/**
|
|
* Check if a permission is being added to a new or existing user.
|
|
*/
|
|
const isAddingPermission = (user, existingUser, hasPermission) => {
|
|
// new user doesn't have the permission
|
|
if (!hasPermission(user)) {
|
|
return false;
|
|
}
|
|
// existing user has the permission
|
|
if (existingUser && hasPermission(existingUser)) {
|
|
return false;
|
|
}
|
|
// permission is being added
|
|
return true;
|
|
};
|
|
/**
|
|
* Check if a permission is being removed from an existing user.
|
|
*/
|
|
const isRemovingPermission = (user, existingUser, hasPermission) => {
|
|
// new user has the permission
|
|
if (hasPermission(user)) {
|
|
return false;
|
|
}
|
|
// no existing user or existing user doesn't have the permission
|
|
if (!existingUser) {
|
|
return false;
|
|
}
|
|
// existing user doesn't have the permission
|
|
if (!hasPermission(existingUser)) {
|
|
return false;
|
|
}
|
|
// permission is being removed
|
|
return true;
|
|
};
|