API tools faq
paste
Advertisement
djbob2000

Optimize preload

djbob2000
Dec 20th, 2024
50
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
TypeScript 31.11 KB | None | 0 0
raw download clone embed print report
  1. //server/fd/fd-toolbox-asp-net/permission-data-provider.ts
  2. /* eslint-disable max-lines */
  3. import { FdMemoryCacheOptions } from "@server/fd/fd-toolbox/cachings/fd-memory-cache-options";
  4. import { Permission } from "@/fd/fd-toolbox-asp-net-models/permissions/permission.resource";
  5. import { type Uuid } from "@server/fd/fd-toolbox/types/uuid";
  6. import { PermissionPackageToPermission } from "@/fd/fd-toolbox-asp-net-models/permissions/permission-package-to-permission.resource";
  7. import { PermissionDto } from "@server/auth/permission-dto";
  8. import {
  9.     PermissionLevel,
  10.     permissionType,
  11.     PermissionType,
  12. } from "@/fd/fd-toolbox-core/auth/permissions/permission-enums";
  13. import { setCoreCache, tryGetObjectFromCoreCache } from "@server/fd/fd-toolbox/cachings/core-memory-cache";
  14. import { addListValueToDictionary, addMapValueToMap } from "@server/fd/fd-toolbox/services/dictionaries";
  15. import { RoleToPermission } from "@server/auth/role-to-permission";
  16. import { getAllIncludingUserToRoles } from "@server/auth/role-db";
  17. import { resourceSchema, permissionSchema as permissionTable, roleToPermissionSchema } from "@plugin/schema";
  18. import { eq, getTableColumns } from "drizzle-orm";
  19. import { getQuery } from "@server/web/drizzle";
  20. import { UserRole } from "@/users/user-role.resource";
  21. import { getPermissionPackageToPermissions } from "../fd-toolbox-web/auth/permissions/permission-package-to-permission-db";
  22. import { getRoleToPermissionPackages } from "../fd-toolbox-web/models/roles/role-to-permission-package-db";
  23. import { getPermissionCacheKey, createShallowPermission } from "../fd-toolbox-web/permissions/permissions";
  24. import { fdCacheKeys } from "../fd-toolbox-web/constants/fd-cache-keys";
  25.  
  26. // Add permission cache
  27. const permissionCache = new Map<Uuid, Permission>();
  28.  
  29. export async function getUserRoleIdsToRoleLevels() {
  30.     const roles = await getAllIncludingUserToRoles();
  31.  
  32.     const userRoleIdsLevels = new Map<Uuid, Map<Uuid, PermissionLevel>>();
  33.  
  34.     for (const roleItem of roles) {
  35.         if (roleItem.userRoleList) {
  36.             for (const userRoleItem of roleItem.userRoleList.filter(
  37.                 (ur: UserRole) => ur.roleId === roleItem.id,
  38.             )) {
  39.                 addMapValueToMap(userRoleIdsLevels, userRoleItem.userId, userRoleItem.roleId, roleItem.level);
  40.             }
  41.         }
  42.     }
  43.  
  44.     return userRoleIdsLevels;
  45. }
  46.  
  47. export async function saveRoleToPermissionsToCache(
  48.     rolePackageToPermissions: Map<Uuid, Uuid[]>,
  49.     ids: Uuid[],
  50.     type: PermissionType,
  51. ) {
  52.     const cacheKeyPrefix = getCacheKeyPrefix(type);
  53.     const uncachedIds = [];
  54.  
  55.     // Check cache first
  56.     for (const id of ids) {
  57.         const cached = await tryGetFromCache(id, cacheKeyPrefix);
  58.         if (cached) {
  59.             rolePackageToPermissions.set(id, cached);
  60.         } else {
  61.             uncachedIds.push(id);
  62.         }
  63.     }
  64.  
  65.     // Batch fetch uncached data
  66.     if (uncachedIds.length) {
  67.         await saveRoleToPermissionsBatch(uncachedIds);
  68.  
  69.         for (const id of uncachedIds) {
  70.             const cached = await tryGetFromCache(id, cacheKeyPrefix);
  71.             if (cached) {
  72.                 rolePackageToPermissions.set(id, cached);
  73.             }
  74.         }
  75.     }
  76.  
  77.     return rolePackageToPermissions;
  78. }
  79.  
  80. export async function getRoleToPermissionList() {
  81.     return (await getQuery(roleToPermissionSchema)) as RoleToPermission[];
  82. }
  83.  
  84. export async function getUserPermissionCacheKey(type: PermissionType, userId: Uuid) {
  85.     return getPermissionCacheKey(type.toString(), userId);
  86. }
  87.  
  88. export async function getUserResourcePermissionCacheKey(
  89.     type: PermissionType,
  90.     resourceName: string,
  91.     userId: Uuid,
  92. ) {
  93.     return getPermissionCacheKey(await getPermissionCacheKey(type.toString(), resourceName), userId);
  94. }
  95.  
  96. export async function saveUserPermissionsToMemoryCache(
  97.     userPermissionKey: string,
  98.     type: PermissionType,
  99.     userPermissions: Map<string, PermissionDto>,
  100. ) {
  101.     const cacheKey = await getUserPermissionCacheKey(type, userPermissionKey);
  102.     await saveToMemoryCache(cacheKey, userPermissions);
  103. }
  104.  
  105. export async function getUserRoleIdsToRolePermissionLevels(userId: Uuid) {
  106.     const roleIdsLevels = new Map<Uuid, PermissionLevel>();
  107.     const memoryCacheKey = await getPermissionCacheKey(fdCacheKeys.userRolePermissionLevels, userId);
  108.  
  109.     const cachedUserRoleIdsLevels = tryGetObjectFromCoreCache<Map<Uuid, PermissionLevel>>(memoryCacheKey);
  110.  
  111.     if (cachedUserRoleIdsLevels) {
  112.         return cachedUserRoleIdsLevels;
  113.     } else {
  114.         await saveUserRoleIdsToRolePermissionLevelsToCache();
  115.         const rolesToLevels = tryGetObjectFromCoreCache<Map<Uuid, PermissionLevel>>(memoryCacheKey);
  116.         if (rolesToLevels) {
  117.             return rolesToLevels;
  118.         }
  119.     }
  120.  
  121.     return roleIdsLevels;
  122. }
  123.  
  124. export async function savePackageToPermissionsToCache(
  125.     rolePackageToPermissions: Map<Uuid, Uuid[]>,
  126.     ids: Uuid[],
  127.     type: PermissionType,
  128. ) {
  129.     let cacheKeyPrefix;
  130.  
  131.     switch (type) {
  132.         case permissionType.resource:
  133.             cacheKeyPrefix = fdCacheKeys.packagesToResourcePermissions;
  134.             break;
  135.         case permissionType.property:
  136.             cacheKeyPrefix = fdCacheKeys.packagesToPropertyPermissions;
  137.             break;
  138.         default:
  139.             cacheKeyPrefix = fdCacheKeys.packagesToDefaultPermissions;
  140.     }
  141.  
  142.     for (const id of ids) {
  143.         await addMapFromCache(rolePackageToPermissions, id, cacheKeyPrefix);
  144.         if (!rolePackageToPermissions.has(id)) {
  145.             await privateSavePackageToPermissionsToCache(id);
  146.  
  147.             await addMapFromCache(rolePackageToPermissions, id, cacheKeyPrefix);
  148.         }
  149.     }
  150.  
  151.     return rolePackageToPermissions;
  152. }
  153.  
  154. export async function getPermission(id: Uuid) {
  155.     // Check memory cache first
  156.     if (permissionCache.has(id)) {
  157.         return createShallowPermission(permissionCache.get(id)!);
  158.     }
  159.  
  160.     const cacheKey = await getPermissionCacheKey(fdCacheKeys.permission, id);
  161.     let permission = tryGetObjectFromCoreCache<Permission>(cacheKey);
  162.  
  163.     if (!permission) {
  164.         await savePermissionsToCache();
  165.         permission = tryGetObjectFromCoreCache(cacheKey);
  166.     }
  167.  
  168.     if (permission) {
  169.         permissionCache.set(id, permission);
  170.         return createShallowPermission(permission);
  171.     }
  172.  
  173.     return null;
  174. }
  175.  
  176. export async function addPackageToPermissions(
  177.     rolesToPermissions: Map<Uuid, Uuid[]>,
  178.     packageToPermissionList: PermissionPackageToPermission[],
  179.     type: PermissionType,
  180. ) {
  181.     for (const packageToPermission of packageToPermissionList) {
  182.         const permission = await getPermission(packageToPermission.permissionId);
  183.         if (permission?.type === type) {
  184.             addListValueToDictionary(
  185.                 rolesToPermissions,
  186.                 packageToPermission.permissionPackageId,
  187.                 packageToPermission.permissionId,
  188.             );
  189.         }
  190.     }
  191. }
  192.  
  193. export async function savePermissionsToCache() {
  194.     const query = getQuery(permissionTable, {
  195.         ...getTableColumns(permissionTable),
  196.         resource: getTableColumns(resourceSchema),
  197.     });
  198.  
  199.     const permissions = (await query.leftJoin(
  200.         resourceSchema,
  201.         eq(permissionTable.resourceId, resourceSchema.id),
  202.     )) as Permission[];
  203.  
  204.     for (const permission of permissions) {
  205.         const memoryKey = await getPermissionCacheKey(fdCacheKeys.permission, permission.id);
  206.         const newPermission = createShallowPermission(permission);
  207.  
  208.         saveToMemoryCache(memoryKey, newPermission);
  209.     }
  210. }
  211.  
  212. export async function getRoleToPackages(ids: Uuid[]) {
  213.     const roleToPackages = new Map<Uuid, Uuid[]>();
  214.  
  215.     for (const id of ids) {
  216.         await addMapFromCache(roleToPackages, id, fdCacheKeys.roleToPackages);
  217.         if (!roleToPackages.has(id)) {
  218.             await saveRoleToPermissionPackagesToCache();
  219.  
  220.             await addMapFromCache(roleToPackages, id, fdCacheKeys.roleToPackages);
  221.         }
  222.     }
  223.  
  224.     return roleToPackages;
  225. }
  226.  
  227. async function addMapFromCache<T>(map: Map<Uuid, T[]>, id: Uuid, cacheKeyPrefix: string) {
  228.     const memoryCacheKey = await getPermissionCacheKey(cacheKeyPrefix, id);
  229.     const cachedValue = tryGetObjectFromCoreCache<T[]>(memoryCacheKey);
  230.     if (cachedValue) {
  231.         map.set(id, cachedValue);
  232.     }
  233. }
  234.  
  235. export async function saveRoleToPermissionsToCacheById(id: Uuid) {
  236.     const rolesToResourcePermissions: Map<Uuid, Uuid[]> = new Map();
  237.     const rolesToDefaultPermissions: Map<Uuid, Uuid[]> = new Map();
  238.     const rolesToPropertyPermissions: Map<Uuid, Uuid[]> = new Map();
  239.  
  240.     const roleToPermissionList = await getRoleToPermissionList();
  241.     let roleIds = [id, ...roleToPermissionList.map((x) => x.roleId)];
  242.     roleIds = [...new Set(roleIds)];
  243.  
  244.     await addRoleToPermissions(rolesToResourcePermissions, roleToPermissionList, permissionType.resource);
  245.     await addRoleToPermissions(rolesToDefaultPermissions, roleToPermissionList, permissionType.default);
  246.     await addRoleToPermissions(rolesToPropertyPermissions, roleToPermissionList, permissionType.property);
  247.  
  248.     await saveToMemoryCacheByCacheKeyPrefix(
  249.         rolesToResourcePermissions,
  250.         fdCacheKeys.roleToResourcePermissions,
  251.     );
  252.     await saveToMemoryCacheByCacheKeyPrefix(rolesToDefaultPermissions, fdCacheKeys.roleToDefaultPermissions);
  253.     await saveToMemoryCacheByCacheKeyPrefix(
  254.         rolesToPropertyPermissions,
  255.         fdCacheKeys.roleToPropertyPermissions,
  256.     );
  257. }
  258.  
  259. async function addRoleToPermissions(
  260.     rolesToPermissions: Map<Uuid, Uuid[]>,
  261.     roleToPermissionList: RoleToPermission[],
  262.     type: PermissionType,
  263. ) {
  264.     for (const roleToPermissionItem of roleToPermissionList) {
  265.         const permission = await getPermission(roleToPermissionItem.permissionId);
  266.         if (permission?.type === type) {
  267.             addListValueToDictionary(
  268.                 rolesToPermissions,
  269.                 roleToPermissionItem.roleId,
  270.                 roleToPermissionItem.permissionId,
  271.             );
  272.         }
  273.     }
  274. }
  275.  
  276. async function applyPermissionsToPackages(
  277.     permissionMap: Map<Uuid, Uuid[]>,
  278.     permissionList: PermissionPackageToPermission[],
  279.     permissionTypeParam: PermissionType,
  280.     packageIds: Uuid[],
  281. ) {
  282.     await addPackageToPermissions(permissionMap, permissionList, permissionTypeParam);
  283.  
  284.     if (permissionMap.size === 0) {
  285.         for (const packId of packageIds) {
  286.             permissionMap.set(packId, []);
  287.         }
  288.     }
  289. }
  290.  
  291. async function privateSavePackageToPermissionsToCache(id: Uuid) {
  292.     const packagesToResourcePermissions = new Map<Uuid, Uuid[]>();
  293.     const packagesToDefaultPermissions = new Map<Uuid, Uuid[]>();
  294.     const packagesToPropertyPermissions = new Map<Uuid, Uuid[]>();
  295.  
  296.     const packageToPermissionList = await getPermissionPackageToPermissions();
  297.  
  298.     let permissionPackageIds = [id];
  299.  
  300.     permissionPackageIds = permissionPackageIds.concat(
  301.         packageToPermissionList.map((x) => x.permissionPackageId),
  302.     );
  303.     permissionPackageIds = Array.from(new Set(permissionPackageIds));
  304.  
  305.     await applyPermissionsToPackages(
  306.         packagesToResourcePermissions,
  307.         packageToPermissionList,
  308.         permissionType.resource,
  309.         permissionPackageIds,
  310.     );
  311.  
  312.     await applyPermissionsToPackages(
  313.         packagesToDefaultPermissions,
  314.         packageToPermissionList,
  315.         permissionType.default,
  316.         permissionPackageIds,
  317.     );
  318.  
  319.     await applyPermissionsToPackages(
  320.         packagesToPropertyPermissions,
  321.         packageToPermissionList,
  322.         permissionType.property,
  323.         permissionPackageIds,
  324.     );
  325.  
  326.     await saveToMemoryCacheByCacheKeyPrefix(
  327.         packagesToResourcePermissions,
  328.         fdCacheKeys.packagesToResourcePermissions,
  329.     );
  330.     await saveToMemoryCacheByCacheKeyPrefix(
  331.         packagesToDefaultPermissions,
  332.         fdCacheKeys.packagesToDefaultPermissions,
  333.     );
  334.     await saveToMemoryCacheByCacheKeyPrefix(
  335.         packagesToPropertyPermissions,
  336.         fdCacheKeys.packagesToPropertyPermissions,
  337.     );
  338. }
  339.  
  340. async function saveRoleToPermissionPackagesToCache() {
  341.     const rolesToPackages = new Map<Uuid, Uuid[]>();
  342.  
  343.     const roleToPermissionPackageList = await getRoleToPermissionPackages();
  344.  
  345.     for (const roleToPermissionPackage of roleToPermissionPackageList) {
  346.         addListValueToDictionary(
  347.             rolesToPackages,
  348.             roleToPermissionPackage.roleId,
  349.             roleToPermissionPackage.permissionPackageId,
  350.         );
  351.     }
  352.  
  353.     await saveToMemoryCacheByCacheKeyPrefix(rolesToPackages, fdCacheKeys.roleToPackages);
  354. }
  355.  
  356. async function saveToMemoryCacheByCacheKeyPrefix(
  357.     idsToPermissions: Map<Uuid, Uuid[]>,
  358.     cacheKeyPrefix: string,
  359. ) {
  360.     for (const [key, value] of idsToPermissions) {
  361.         const newKey = await getPermissionCacheKey(cacheKeyPrefix, key);
  362.         await saveToMemoryCache(newKey, value);
  363.     }
  364. }
  365.  
  366. async function saveUserRoleIdsToRolePermissionLevelsToCache() {
  367.     const userIdRoleIdsToRolePermissionLevels = await getUserRoleIdsToRoleLevels();
  368.  
  369.     for (const [userId, rolePermissionLevels] of userIdRoleIdsToRolePermissionLevels.entries()) {
  370.         const key = await getPermissionCacheKey(fdCacheKeys.userRolePermissionLevels, userId);
  371.         await saveToMemoryCache(key, rolePermissionLevels);
  372.     }
  373. }
  374.  
  375. async function saveToMemoryCache<T extends object>(key: string, value: T) {
  376.     const fdMemoryCacheOptions: FdMemoryCacheOptions = {
  377.         absoluteExpirationRelativeToNowSeconds: 24 * fdCacheKeys.secondsInAHour,
  378.     };
  379.  
  380.     setCoreCache(key, value, fdMemoryCacheOptions);
  381. }
  382.  
  383. // Helper functions
  384. function getCacheKeyPrefix(type: PermissionType) {
  385.     switch (type) {
  386.         case permissionType.resource:
  387.             return fdCacheKeys.roleToResourcePermissions;
  388.         case permissionType.property:
  389.             return fdCacheKeys.roleToPropertyPermissions;
  390.         default:
  391.             return fdCacheKeys.roleToDefaultPermissions;
  392.     }
  393. }
  394.  
  395. async function tryGetFromCache(id: Uuid, cacheKeyPrefix: string) {
  396.     const memoryCacheKey = await getPermissionCacheKey(cacheKeyPrefix, id);
  397.     return tryGetObjectFromCoreCache<Uuid[]>(memoryCacheKey);
  398. }
  399.  
  400. async function saveRoleToPermissionsBatch(roleIds: Uuid[]) {
  401.     const roleToPermissionList = await getRoleToPermissionList();
  402.     const rolesToResourcePermissions: Map<Uuid, Uuid[]> = new Map();
  403.     const rolesToDefaultPermissions: Map<Uuid, Uuid[]> = new Map();
  404.     const rolesToPropertyPermissions: Map<Uuid, Uuid[]> = new Map();
  405.  
  406.     // Process all roles in one pass
  407.     await Promise.all([
  408.         addRoleToPermissions(rolesToResourcePermissions, roleToPermissionList, permissionType.resource),
  409.         addRoleToPermissions(rolesToDefaultPermissions, roleToPermissionList, permissionType.default),
  410.         addRoleToPermissions(rolesToPropertyPermissions, roleToPermissionList, permissionType.property),
  411.     ]);
  412.  
  413.     // Save all to cache in parallel
  414.     await Promise.all([
  415.         saveToMemoryCacheByCacheKeyPrefix(rolesToResourcePermissions, fdCacheKeys.roleToResourcePermissions),
  416.         saveToMemoryCacheByCacheKeyPrefix(rolesToDefaultPermissions, fdCacheKeys.roleToDefaultPermissions),
  417.         saveToMemoryCacheByCacheKeyPrefix(rolesToPropertyPermissions, fdCacheKeys.roleToPropertyPermissions),
  418.     ]);
  419. }
  420.  
  421.  
  422. //server/fd/fd-toolbox-web/permissions/permission-checker.ts
  423. /* eslint-disable max-lines */
  424. import { PermissionCheckConfig } from "@server/fd/fd-toolbox/auth/permissions/permission-check-config";
  425. import { PermissionDto } from "@server/auth/permission-dto";
  426. import {
  427.     PermissionLevel,
  428.     permissionType,
  429.     PermissionType,
  430. } from "@/fd/fd-toolbox-core/auth/permissions/permission-enums";
  431. import { ResourceMeta } from "@/fd/fd-toolbox/fd-meta/resource-meta";
  432. import { getResourceMeta } from "@server/meta/fd-meta/services/metas";
  433. import { getResourcePermissionChecker } from "@server/meta/fd-meta/auth/permissions/resource-permission-checker-provider";
  434. import { crudAction, CrudAction } from "@/fd/fd-toolbox-core/enums/enums";
  435. import { createError } from "@/fd/fd-toolbox/errors/errors";
  436. import { getPermissionCheckConfig } from "@server/meta/fd-meta/services/permission-check-config-provider";
  437. import { type Uuid } from "@server/fd/fd-toolbox/types/uuid";
  438. import {
  439.     getPermission,
  440.     getRoleToPackages,
  441.     getUserPermissionCacheKey,
  442.     getUserResourcePermissionCacheKey,
  443.     getUserRoleIdsToRolePermissionLevels,
  444.     savePackageToPermissionsToCache,
  445.     saveRoleToPermissionsToCache,
  446.     saveUserPermissionsToMemoryCache,
  447. } from "@server/fd/fd-toolbox-asp-net/permission-data-provider";
  448. import { WithIndexer } from "@server/fd/fd-toolbox/types/with-indexer";
  449. import { Permission } from "@/fd/fd-toolbox-asp-net-models/permissions/permission.resource";
  450. import { getEmptyUuid, isValidUuid } from "@/fd/fd-toolbox/uuids";
  451. import { setCoreCache, tryGetObjectFromCoreCache } from "@server/fd/fd-toolbox/cachings/core-memory-cache";
  452. import { isNullOrUndefined } from "@/fd/fd-toolbox/functions/value-checking-functions";
  453. import { UserPermissionList } from "@server/users/user-permission";
  454. import { withUserIdProps } from "@server/fd/fd-toolbox-core/base-resources/props/with-user-id-props";
  455. import { WithId } from "@server/fd/fd-toolbox-core/base-resources/with-id";
  456. import { WithUserId } from "@server/fd/fd-toolbox-core/base-resources/with-user-id";
  457. import {
  458.     getPermissionNameFromCrud,
  459.     convertCrudActionToPermissionAction,
  460.     createPermissionDto,
  461. } from "./permissions";
  462.  
  463. const minPermissionLevel = 0;
  464.  
  465. // Add new cache for request-level data
  466. const requestCache = new Map<
  467.     string,
  468.     {
  469.         roleIdsLevels: Map<Uuid, PermissionLevel>;
  470.         rolesToPackages: Map<Uuid, Uuid[]>;
  471.     }
  472. >();
  473.  
  474. export async function hasPermissionByPermissionCheckConfig(permissionCheckConfig: PermissionCheckConfig) {
  475.     if (permissionCheckConfig.resourceName && !isNullOrUndefined(permissionCheckConfig.crudAction)) {
  476.         permissionCheckConfig.permissionName = getPermissionNameFromCrud(
  477.             permissionCheckConfig.resourceName,
  478.             permissionCheckConfig.crudAction!,
  479.         );
  480.     }
  481.  
  482.     if (!permissionCheckConfig.permissionName) {
  483.         throw createError(`${permissionCheckConfig.permissionName} is empty`);
  484.     }
  485.  
  486.     const userHasPermission = await checkUserPermission(permissionCheckConfig);
  487.  
  488.     if (permissionCheckConfig.throwIfNoPermission && !userHasPermission) {
  489.         throw createError(
  490.             `No permission ${permissionCheckConfig.permissionName} for ${permissionCheckConfig.userId}`,
  491.         );
  492.     }
  493.     return userHasPermission;
  494. }
  495.  
  496. export async function hasPermissionByUserId(resourceName: string, action: CrudAction, userId: string) {
  497.     const resourceMeta: ResourceMeta = await getResourceMeta(resourceName);
  498.  
  499.     const permissionCheckConfig: PermissionCheckConfig = getPermissionCheckConfig(
  500.         userId,
  501.         resourceMeta,
  502.         undefined,
  503.         action,
  504.     );
  505.  
  506.     return hasPermissionByPermissionCheckConfig(permissionCheckConfig);
  507. }
  508.  
  509. export async function hasPropertyPermission(propertyId: Uuid, permissionCheckConfig: PermissionCheckConfig) {
  510.     if (!permissionCheckConfig.resourceId || !permissionCheckConfig.crudAction) {
  511.         return false;
  512.     }
  513.  
  514.     const userPermission = await getUserPermission(
  515.         permissionCheckConfig.userId,
  516.         permissionType.property,
  517.         propertyId,
  518.     );
  519.  
  520.     if (
  521.         userPermission &&
  522.         userPermission.action &&
  523.         convertCrudActionToPermissionAction(userPermission.action).includes(permissionCheckConfig.crudAction)
  524.     ) {
  525.         return true;
  526.     }
  527.  
  528.     return true;
  529. }
  530.  
  531. async function checkUserPermission(permissionCheckConfig: PermissionCheckConfig) {
  532.     let userHasPermission = await hasDefaultOrResourcePermission(permissionCheckConfig);
  533.  
  534.     if (permissionCheckConfig.resource && permissionCheckConfig.resourceName) {
  535.         const resourceMeta: ResourceMeta = await getResourceMeta(permissionCheckConfig.resourceName);
  536.  
  537.         if (!userHasPermission) {
  538.             userHasPermission = checkBelowLevelAllowedCrudByUserId(resourceMeta, permissionCheckConfig);
  539.         }
  540.  
  541.         const resourcePermissionChecker = getResourcePermissionChecker(resourceMeta.resourceName);
  542.  
  543.         if (resourcePermissionChecker) {
  544.             const result = await resourcePermissionChecker(
  545.                 permissionCheckConfig.resource,
  546.                 permissionCheckConfig.userId,
  547.                 permissionCheckConfig.crudAction ?? crudAction.view,
  548.             );
  549.  
  550.             if (result) {
  551.                 userHasPermission = result;
  552.             }
  553.         }
  554.     }
  555.     return userHasPermission;
  556. }
  557.  
  558. function mapToWithIndexer<T>(map: Map<string, T>): WithIndexer<T> {
  559.     const result: WithIndexer<T> = {};
  560.  
  561.     map.forEach((value, key) => {
  562.         result[key] = value;
  563.     });
  564.  
  565.     return result;
  566. }
  567.  
  568. export async function getUserPermissions(userId: Uuid) {
  569.     // Cache role data at request level
  570.     const roleData = await cacheRoleData(userId);
  571.  
  572.     if (!roleData) {
  573.         throw createError("Role data not found");
  574.     }
  575.     const [resourcePermissions, propertyPermissions, defaultPermissions] = await Promise.all([
  576.         getUserPermissionsByPermissionType(userId, permissionType.resource, roleData),
  577.         getUserPermissionsByPermissionType(userId, permissionType.property, roleData),
  578.         getUserPermissionsByPermissionType(userId, permissionType.default, roleData),
  579.     ]);
  580.  
  581.     const userPermissions: UserPermissionList = {
  582.         resourcePermissions: mapToWithIndexer(resourcePermissions),
  583.         propertyPermissions: mapToWithIndexer(propertyPermissions),
  584.         defaultPermissions: mapToWithIndexer(defaultPermissions),
  585.     };
  586.  
  587.     // Clear request cache after use
  588.     requestCache.clear();
  589.     return userPermissions;
  590. }
  591.  
  592. async function getUserPermissionsByPermissionType(
  593.     userId: Uuid,
  594.     type: PermissionType,
  595.     roleData: {
  596.         roleIdsLevels: Map<Uuid, PermissionLevel>;
  597.         rolesToPackages: Map<Uuid, Uuid[]>;
  598.     },
  599. ) {
  600.     if (!roleData?.roleIdsLevels || !roleData?.rolesToPackages) {
  601.         throw createError("Invalid role data provided");
  602.     }
  603.  
  604.     const cacheKey = await getUserPermissionCacheKey(type, userId);
  605.     const cached = tryGetObjectFromCoreCache<Map<string, PermissionDto>>(cacheKey);
  606.     if (cached !== null) return cached;
  607.  
  608.     const { roleIdsLevels, rolesToPackages } = roleData;
  609.     const roleIds = [...roleIdsLevels.keys()];
  610.     const maxPermissionRoleLevel = Math.max(...[...roleIdsLevels.values()], minPermissionLevel);
  611.  
  612.     const [rolesToPermissions, packagesToPermissions] = await Promise.all([
  613.         getRolePermissions(roleIds, type),
  614.         getPackagePermissions(rolesToPackages, type),
  615.     ]);
  616.  
  617.     const userPermissions = await buildUserPermissions(
  618.         roleIds,
  619.         rolesToPermissions,
  620.         packagesToPermissions,
  621.         rolesToPackages,
  622.         maxPermissionRoleLevel,
  623.     );
  624.  
  625.     const userPermissionsMap = convertWithIndexerToMap(userPermissions);
  626.     await saveUserPermissionsToMemoryCache(userId, type, userPermissionsMap);
  627.  
  628.     return userPermissionsMap;
  629. }
  630.  
  631. // Cache role data at request level
  632. async function cacheRoleData(userId: Uuid) {
  633.     const cacheKey = `roleData_${userId}`;
  634.  
  635.     if (requestCache.has(cacheKey)) {
  636.         return requestCache.get(cacheKey);
  637.     }
  638.  
  639.     const roleIdsLevels = await getUserRoleIdsToRolePermissionLevels(userId);
  640.     const roleIds = [...roleIdsLevels.keys()];
  641.     const rolesToPackages = await getRoleToPackages(roleIds);
  642.  
  643.     const data = { roleIdsLevels, rolesToPackages };
  644.     requestCache.set(cacheKey, data);
  645.  
  646.     return data;
  647. }
  648.  
  649. // Optimize permission fetching with batch operations
  650. async function getRolePermissions(roleIds: Uuid[], type: PermissionType) {
  651.     const rolesToPermissions = new Map<Uuid, Uuid[]>();
  652.     await saveRoleToPermissionsToCache(rolesToPermissions, roleIds, type);
  653.     return rolesToPermissions;
  654. }
  655.  
  656. async function getPackagePermissions(rolesToPackages: Map<Uuid, Uuid[]>, type: PermissionType) {
  657.     const packageIds = [...new Set([...rolesToPackages.values()].flat())];
  658.     const packagesToPermissions = new Map<Uuid, Uuid[]>();
  659.     await savePackageToPermissionsToCache(packagesToPermissions, packageIds, type);
  660.     return packagesToPermissions;
  661. }
  662.  
  663. function checkBelowLevelAllowedCrudByUserId(
  664.     resourceMeta: ResourceMeta,
  665.     permissionCheckConfig: PermissionCheckConfig,
  666. ) {
  667.     if (!permissionCheckConfig.resource) return false;
  668.  
  669.     const resource: WithId = permissionCheckConfig.resource;
  670.     let withUserId;
  671.  
  672.     if (withUserIdProps.userId in resourceMeta.properties) {
  673.         withUserId = resource as unknown as WithUserId;
  674.     }
  675.  
  676.     if (
  677.         withUserId &&
  678.         permissionCheckConfig.crudAction !== undefined &&
  679.         resourceMeta.auth.belowLevelAllowedCrudByUserId.includes(permissionCheckConfig.crudAction)
  680.     ) {
  681.         if (withUserId && permissionCheckConfig.userId === withUserId.userId) {
  682.             return true;
  683.         }
  684.     }
  685.  
  686.     return false;
  687. }
  688.  
  689. async function addHigherPermission<TKey>(
  690.     permissions: Map<TKey, PermissionDto>,
  691.     key: TKey,
  692.     permission: Permission,
  693.     permissionRoleLevel: PermissionLevel,
  694. ) {
  695.     if (!permissions.has(key)) {
  696.         permissions.set(key, await createPermissionDto(permission, permissionRoleLevel));
  697.     } else {
  698.         const permissionDto = permissions.get(key)!;
  699.  
  700.         if (permissionDto.id !== permission.id) {
  701.             if (permissionDto.action && permission.action) {
  702.                 permission.id = getEmptyUuid();
  703.                 permission.action |= permissionDto.action;
  704.  
  705.                 const newPermissionDto = await createPermissionDto(permission, permissionRoleLevel);
  706.                 permissions.set(key, newPermissionDto);
  707.             } else {
  708.                 const newPermissionDto = await createPermissionDto(permission, permissionRoleLevel);
  709.                 permissions.set(key, newPermissionDto);
  710.             }
  711.         }
  712.     }
  713. }
  714.  
  715. async function hasDefaultOrResourcePermission(permissionCheckConfig: PermissionCheckConfig) {
  716.     let userHasPermission = false;
  717.  
  718.     if (permissionCheckConfig.resourceId) {
  719.         const userPermission = await getUserPermission(
  720.             permissionCheckConfig.userId,
  721.             permissionType.resource,
  722.             permissionCheckConfig.resourceId,
  723.         );
  724.  
  725.         if (
  726.             userPermission &&
  727.             userPermission.action &&
  728.             permissionCheckConfig.crudAction !== undefined &&
  729.             convertCrudActionToPermissionAction(userPermission.action).includes(
  730.                 permissionCheckConfig.crudAction,
  731.             )
  732.         ) {
  733.             userHasPermission = true;
  734.         }
  735.     } else {
  736.         if (permissionCheckConfig.permissionName) {
  737.             const userPermission = await getUserPermission(
  738.                 permissionCheckConfig.userId,
  739.                 permissionType.default,
  740.                 permissionCheckConfig.permissionName,
  741.             );
  742.  
  743.             if (userPermission && userPermission.name === permissionCheckConfig.permissionName) {
  744.                 userHasPermission = true;
  745.             }
  746.         }
  747.     }
  748.  
  749.     return userHasPermission;
  750. }
  751.  
  752. async function addUserPermissions(
  753.     roleIds: Uuid[],
  754.     rolesToPermissions: Map<Uuid, Uuid[]>,
  755.     packagesToPermissions: Map<Uuid, Uuid[]>,
  756.     rolesToPackages: Map<Uuid, Uuid[]>,
  757.     maxPermissionRoleLevel: PermissionLevel,
  758.     userPermissions: WithIndexer<PermissionDto>,
  759. ) {
  760.     for (const role of roleIds) {
  761.         if (rolesToPermissions.has(role)) {
  762.             for (const permissionId of rolesToPermissions.get(role)!) {
  763.                 await addPermissionIfNeeded(permissionId, userPermissions, maxPermissionRoleLevel);
  764.             }
  765.         }
  766.  
  767.         if (rolesToPackages.has(role)) {
  768.             for (const rolePackageName of rolesToPackages.get(role)!) {
  769.                 if (packagesToPermissions.has(rolePackageName)) {
  770.                     for (const permissionId of packagesToPermissions.get(rolePackageName)!) {
  771.                         await addPermissionIfNeeded(permissionId, userPermissions, maxPermissionRoleLevel);
  772.                     }
  773.                 }
  774.             }
  775.         }
  776.     }
  777. }
  778.  
  779. async function addPermissionIfNeeded(
  780.     permissionId: Uuid,
  781.     userPermissions: WithIndexer<PermissionDto>,
  782.     maxPermissionRoleLevel: PermissionLevel,
  783. ) {
  784.     const permission = await getPermission(permissionId);
  785.  
  786.     if (permission) {
  787.         const userPermissionsMap = convertWithIndexerToMap<PermissionDto>(userPermissions);
  788.  
  789.         if (permission.type === permissionType.resource || permission.type === permissionType.property) {
  790.             const key =
  791.                 permission.type === permissionType.resource
  792.                     ? permission.resourceId!
  793.                     : permission.resourcePropertyId!;
  794.             await addHigherPermission(userPermissionsMap, key, permission, maxPermissionRoleLevel);
  795.         } else if (permission.type === permissionType.default) {
  796.             await addHigherPermission(
  797.                 userPermissionsMap,
  798.                 permission.name!,
  799.                 permission,
  800.                 maxPermissionRoleLevel,
  801.             );
  802.         }
  803.         userPermissionsMap.forEach((value, key) => {
  804.             userPermissions[key] = value;
  805.         });
  806.     }
  807. }
  808.  
  809. function convertWithIndexerToMap<T>(obj: WithIndexer<T>) {
  810.     return new Map(Object.entries(obj));
  811. }
  812.  
  813. async function getUserPermission(userId: Uuid, type: PermissionType, resourceIdOrPropertyIdOrName: Uuid) {
  814.     const cacheKey = await getUserResourcePermissionCacheKey(type, resourceIdOrPropertyIdOrName, userId);
  815.     let userPermission = tryGetObjectFromCoreCache<PermissionDto>(cacheKey);
  816.  
  817.     if (userPermission !== null) {
  818.         return userPermission;
  819.     }
  820.     const roleData = await cacheRoleData(userId);
  821.     if (!roleData) {
  822.         throw createError("Role data not found");
  823.     }
  824.     const userPermissions = await getUserPermissionsByPermissionType(userId, type, roleData);
  825.  
  826.     userPermission = null;
  827.  
  828.     if (type === permissionType.resource || type === permissionType.property) {
  829.         if (isValidUuid(resourceIdOrPropertyIdOrName) && userPermissions.has(resourceIdOrPropertyIdOrName)) {
  830.             userPermission = userPermissions.get(resourceIdOrPropertyIdOrName)!;
  831.         }
  832.     } else if (type === permissionType.default) {
  833.         const permissionName = resourceIdOrPropertyIdOrName.toString();
  834.         if (userPermissions.has(permissionName)) {
  835.             userPermission = userPermissions.get(permissionName)!;
  836.         }
  837.     }
  838.  
  839.     if (userPermission) {
  840.         setCoreCache(cacheKey, userPermission);
  841.     }
  842.  
  843.     return userPermission;
  844. }
  845.  
  846. async function buildUserPermissions(
  847.     roleIds: Uuid[],
  848.     rolesToPermissions: Map<Uuid, Uuid[]>,
  849.     packagesToPermissions: Map<Uuid, Uuid[]>,
  850.     rolesToPackages: Map<Uuid, Uuid[]>,
  851.     maxPermissionRoleLevel: PermissionLevel,
  852. ): Promise<WithIndexer<PermissionDto>> {
  853.     const userPermissions: WithIndexer<PermissionDto> = {};
  854.  
  855.     await addUserPermissions(
  856.         roleIds,
  857.         rolesToPermissions,
  858.         packagesToPermissions,
  859.         rolesToPackages,
  860.         maxPermissionRoleLevel,
  861.         userPermissions,
  862.     );
  863.  
  864.     return userPermissions;
  865. }
  866.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!