mirror of
https://github.com/hcengineering/platform.git
synced 2025-04-26 10:20:01 +00:00
92 lines
3.0 KiB
TypeScript
92 lines
3.0 KiB
TypeScript
//
|
|
// Copyright © 2022 Hardcore Engineering Inc.
|
|
//
|
|
// Licensed under the Eclipse Public License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License. You may
|
|
// obtain a copy of the License at https://www.eclipse.org/legal/epl-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
//
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
//
|
|
|
|
import core, {
|
|
Tx,
|
|
Doc,
|
|
Ref,
|
|
Class,
|
|
DocumentQuery,
|
|
FindOptions,
|
|
ServerStorage,
|
|
Account,
|
|
TxCUD
|
|
} from '@hcengineering/core'
|
|
import platform, { PlatformError, Severity, Status } from '@hcengineering/platform'
|
|
import { Middleware, SessionContext, TxMiddlewareResult, FindAllMiddlewareResult } from '@hcengineering/server-core'
|
|
import { DOMAIN_PREFERENCE } from '@hcengineering/server-preference'
|
|
import { BaseMiddleware } from './base'
|
|
|
|
/**
|
|
* @public
|
|
*/
|
|
export class PrivateMiddleware extends BaseMiddleware implements Middleware {
|
|
private readonly targetDomains = [DOMAIN_PREFERENCE]
|
|
|
|
private constructor (storage: ServerStorage, next?: Middleware) {
|
|
super(storage, next)
|
|
}
|
|
|
|
static create (storage: ServerStorage, next?: Middleware): PrivateMiddleware {
|
|
return new PrivateMiddleware(storage, next)
|
|
}
|
|
|
|
async tx (ctx: SessionContext, tx: Tx): Promise<TxMiddlewareResult> {
|
|
let target: string | undefined
|
|
if (this.storage.hierarchy.isDerived(tx._class, core.class.TxCUD)) {
|
|
const txCUD = tx as TxCUD<Doc>
|
|
const domain = this.storage.hierarchy.getDomain(txCUD.objectClass)
|
|
if (this.targetDomains.includes(domain)) {
|
|
const account = await this.getUser(ctx)
|
|
if (account !== tx.modifiedBy) {
|
|
throw new PlatformError(new Status(Severity.ERROR, platform.status.Forbidden, {}))
|
|
}
|
|
target = ctx.userEmail
|
|
}
|
|
}
|
|
const res = await this.provideTx(ctx, tx)
|
|
return [res[0], res[1], res[2] ?? target]
|
|
}
|
|
|
|
override async findAll<T extends Doc>(
|
|
ctx: SessionContext,
|
|
_class: Ref<Class<T>>,
|
|
query: DocumentQuery<T>,
|
|
options?: FindOptions<T>
|
|
): Promise<FindAllMiddlewareResult<T>> {
|
|
let newQuery = query
|
|
const domain = this.storage.hierarchy.getDomain(_class)
|
|
if (this.targetDomains.includes(domain)) {
|
|
const account = await this.getUser(ctx)
|
|
newQuery = {
|
|
...query,
|
|
modifiedBy: account
|
|
}
|
|
}
|
|
return await this.provideFindAll(ctx, _class, newQuery, options)
|
|
}
|
|
|
|
private async getUser (ctx: SessionContext): Promise<Ref<Account>> {
|
|
if (ctx.userEmail === undefined) {
|
|
throw new PlatformError(new Status(Severity.ERROR, platform.status.Forbidden, {}))
|
|
}
|
|
const account = (await this.storage.modelDb.findAll(core.class.Account, { email: ctx.userEmail }))[0]
|
|
if (account === undefined) {
|
|
throw new PlatformError(new Status(Severity.ERROR, platform.status.Forbidden, {}))
|
|
}
|
|
return account._id
|
|
}
|
|
}
|