mirror of
https://github.com/hcengineering/platform.git
synced 2025-04-24 17:30:03 +00:00
104 lines
3.5 KiB
TypeScript
104 lines
3.5 KiB
TypeScript
//
|
|
// Copyright © 2022 Hardcore Engineering Inc.
|
|
//
|
|
// Licensed under the Eclipse Public License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License. You may
|
|
// obtain a copy of the License at https://www.eclipse.org/legal/epl-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
//
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
//
|
|
|
|
import core, {
|
|
Account,
|
|
AccountRole,
|
|
Class,
|
|
Doc,
|
|
DocumentQuery,
|
|
DOMAIN_CONFIGURATION,
|
|
FindOptions,
|
|
FindResult,
|
|
MeasureContext,
|
|
Ref,
|
|
ServerStorage,
|
|
Tx,
|
|
TxCUD
|
|
} from '@hcengineering/core'
|
|
import platform, { PlatformError, Severity, Status } from '@hcengineering/platform'
|
|
import { BroadcastFunc, Middleware, SessionContext, TxMiddlewareResult } from '@hcengineering/server-core'
|
|
import { BaseMiddleware } from './base'
|
|
|
|
const configurationAccountEmail = '#configurator@hc.engineering'
|
|
/**
|
|
* @public
|
|
*/
|
|
export class ConfigurationMiddleware extends BaseMiddleware implements Middleware {
|
|
private readonly targetDomains = [DOMAIN_CONFIGURATION]
|
|
|
|
private constructor (storage: ServerStorage, next?: Middleware) {
|
|
super(storage, next)
|
|
}
|
|
|
|
static async create (
|
|
ctx: MeasureContext,
|
|
broadcast: BroadcastFunc,
|
|
storage: ServerStorage,
|
|
next?: Middleware
|
|
): Promise<ConfigurationMiddleware> {
|
|
return new ConfigurationMiddleware(storage, next)
|
|
}
|
|
|
|
async tx (ctx: SessionContext, tx: Tx): Promise<TxMiddlewareResult> {
|
|
if (this.storage.hierarchy.isDerived(tx._class, core.class.TxCUD)) {
|
|
const txCUD = tx as TxCUD<Doc>
|
|
const domain = this.storage.hierarchy.getDomain(txCUD.objectClass)
|
|
if (this.targetDomains.includes(domain)) {
|
|
if (ctx.userEmail !== configurationAccountEmail) {
|
|
const account = await this.getUser(ctx)
|
|
if (account.role !== AccountRole.Owner && ctx.admin !== true) {
|
|
throw new PlatformError(new Status(Severity.ERROR, platform.status.Forbidden, {}))
|
|
}
|
|
}
|
|
}
|
|
}
|
|
return await this.provideTx(ctx, tx)
|
|
}
|
|
|
|
handleBroadcast (tx: Tx[], targets?: string[]): Tx[] {
|
|
return this.provideHandleBroadcast(tx, targets)
|
|
}
|
|
|
|
override async findAll<T extends Doc>(
|
|
ctx: SessionContext,
|
|
_class: Ref<Class<T>>,
|
|
query: DocumentQuery<T>,
|
|
options?: FindOptions<T>
|
|
): Promise<FindResult<T>> {
|
|
const domain = this.storage.hierarchy.getDomain(_class)
|
|
if (this.targetDomains.includes(domain)) {
|
|
if (ctx.userEmail !== configurationAccountEmail) {
|
|
const account = await this.getUser(ctx)
|
|
if (account.role !== AccountRole.Owner && account._id !== core.account.System && ctx.admin !== true) {
|
|
throw new PlatformError(new Status(Severity.ERROR, platform.status.Forbidden, {}))
|
|
}
|
|
}
|
|
}
|
|
return await this.provideFindAll(ctx, _class, query, options)
|
|
}
|
|
|
|
private async getUser (ctx: SessionContext): Promise<Account> {
|
|
if (ctx.userEmail === undefined) {
|
|
throw new PlatformError(new Status(Severity.ERROR, platform.status.Forbidden, {}))
|
|
}
|
|
const account = (await this.storage.modelDb.findAll(core.class.Account, { email: ctx.userEmail }))[0]
|
|
if (account === undefined) {
|
|
throw new PlatformError(new Status(Severity.ERROR, platform.status.Forbidden, {}))
|
|
}
|
|
return account
|
|
}
|
|
}
|