wip: fix type errors

bbc · Oct 15, 2024 · feb3cbb · feb3cbb
1 parent 1d96d5e
commit feb3cbb
Show file tree

Hide file tree

Showing 8 changed files with 63 additions and 63 deletions.
diff --git a/meteor/server/Connections.ts b/meteor/server/Connections.ts
@@ -4,8 +4,8 @@ import { logger } from './logging'
 import { sendTrace } from './api/integration/influx'
 import { PeripheralDevices } from './collections'
 import { MetricsGauge } from '@sofie-automation/corelib/dist/prometheus'
-import { parseUserLevel, USER_LEVEL_HEADER } from '../lib/userLevel'
-import { Settings } from '../lib/Settings'
+import { parseUserPermissions, USER_PERMISSIONS_HEADER } from '@sofie-automation/meteor-lib/dist/userPermissions'
+import { Settings } from './Settings'
 
 const connections = new Set<string>()
 const connectionsGauge = new MetricsGauge({
@@ -17,7 +17,7 @@ Meteor.onConnection((conn: Meteor.Connection) => {
 	// This is called whenever a new ddp-connection is opened (ie a web-client or a peripheral-device)
 
 	if (Settings.enableHeaderAuth) {
-		const userLevel = parseUserLevel(conn.httpHeaders[USER_LEVEL_HEADER])
+		const userLevel = parseUserPermissions(conn.httpHeaders[USER_PERMISSIONS_HEADER])
 		if (!userLevel) {
 			// Reject connection, not permitted
 			conn.close()

diff --git a/meteor/server/api/user.ts b/meteor/server/api/user.ts
@@ -16,7 +16,7 @@ import { resetCredentials } from '../security/lib/credentials'
 import { OrganizationId, UserId } from '@sofie-automation/corelib/dist/dataModel/Ids'
 import { Organizations, Users } from '../collections'
 import { logger } from '../logging'
-import { parseUserLevel, USER_LEVEL_HEADER } from '../../lib/userLevel'
+import { parseUserPermissions, USER_PERMISSIONS_HEADER } from '@sofie-automation/meteor-lib/dist/userPermissions'
 
 async function enrollUser(email: string, name: string): Promise<UserId> {
 	triggerWriteAccessBecauseNoCheckNecessary()
@@ -94,8 +94,8 @@ async function removeUser(context: MethodContext) {
 }
 
 class ServerUserAPI extends MethodContextAPI implements NewUserAPI {
-	async getUserLevel() {
-		return parseUserLevel(this.connection?.httpHeaders?.[USER_LEVEL_HEADER])
+	async getUserPermissions() {
+		return parseUserPermissions(this.connection?.httpHeaders?.[USER_PERMISSIONS_HEADER])
 	}
 	async enrollUser(email: string, name: string) {
 		return enrollUser(email, name)

diff --git a/meteor/server/security/lib/security.ts b/meteor/server/security/lib/security.ts
@@ -23,7 +23,7 @@ import {
 	UserId,
 } from '@sofie-automation/corelib/dist/dataModel/Ids'
 import { StudioLight } from '@sofie-automation/corelib/dist/dataModel/Studio'
-import { UserLevel } from '@sofie-automation/meteor-lib/dist/userLevel'
+import { UserPermissions } from '@sofie-automation/meteor-lib/dist/userPermissions'
 
 export const LIMIT_CACHE_TIME = 1000 * 60 * 15 // 15 minutes
 
@@ -152,7 +152,7 @@ export async function allowAccessToStudio(
 		if (!isProtectedString(studioId)) return noAccess('studioId is not a string')
 		if (!('userId' in cred0) || !cred0.userId) return noAccess('missing userId')
 
-		const userPermissions = JSON.parse(unprotectString(cred0.userId)) as UserLevel
+		const userPermissions = JSON.parse(unprotectString(cred0.userId)) as UserPermissions
 
 		const studio = await fetchStudioLight(studioId)
 		if (!studio) return noAccess('Studio not found')

diff --git a/meteor/server/security/rundownPlaylist.ts b/meteor/server/security/rundownPlaylist.ts
@@ -16,8 +16,8 @@ import {
 	UserId,
 } from '@sofie-automation/corelib/dist/dataModel/Ids'
 import { RundownPlaylists, Rundowns } from '../collections'
-import { MethodContext } from '../../lib/api/methods'
-import { parseUserLevel, USER_LEVEL_HEADER } from '../../lib/userLevel'
+import { parseUserPermissions, USER_PERMISSIONS_HEADER } from '@sofie-automation/meteor-lib/dist/userPermissions'
+import { MethodContext } from '../api/methodContext'
 
 export namespace RundownPlaylistReadAccess {
 	/** Handles read access for all playlist document */
@@ -104,8 +104,8 @@ export namespace RundownPlaylistContentWriteAccess {
 
 		if (context.connection) {
 			// A POC that 'fails auth' if the user doesn't have studio permissions
-			const userLevel = parseUserLevel(context.connection.httpHeaders[USER_LEVEL_HEADER])
-			if (!userLevel?.studio) throw new Meteor.Error(403, `Not allowed: no studio permission`)
+			const userPermissions = parseUserPermissions(context.connection.httpHeaders[USER_PERMISSIONS_HEADER])
+			if (!userPermissions?.studio) throw new Meteor.Error(403, `Not allowed: no studio permission`)
 		}
 
 		if (!Settings.enableUserAccounts) {

diff --git a/packages/meteor-lib/src/api/user.ts b/packages/meteor-lib/src/api/user.ts
@@ -1,15 +1,15 @@
 import { UserProfile } from '../collections/Users'
 import { UserId } from '@sofie-automation/corelib/dist/dataModel/Ids'
-import { UserLevel } from '../userLevel'
+import { UserPermissions } from '../userPermissions'
 
 export interface NewUserAPI {
-	getUserLevel(): Promise<UserLevel | null>
+	getUserPermissions(): Promise<UserPermissions | null>
 	enrollUser(email: string, name: string): Promise<UserId>
 	requestPasswordReset(email: string): Promise<boolean>
 	removeUser(): Promise<boolean>
 }
 export enum UserAPIMethods {
-	'getUserLevel' = 'user.getUserLevel',
+	'getUserPermissions' = 'user.getUserPermissions',
 	'enrollUser' = 'user.enrollUser',
 	'requestPasswordReset' = 'user.requestPasswordReset',
 	'removeUser' = 'user.removeUser',

diff --git a/packages/meteor-lib/src/userLevel.ts b/packages/meteor-lib/src/userLevel.ts
diff --git a/packages/meteor-lib/src/userPermissions.ts b/packages/meteor-lib/src/userPermissions.ts
@@ -0,0 +1,46 @@
+export const USER_PERMISSIONS_HEADER = 'dnt'
+// export const USER_LEVEL_USER_ID = protectString<UserId>('fake-user')
+
+export interface UserPermissions {
+	studio: boolean
+	configure: boolean
+	developer: boolean
+	testing: boolean
+	service: boolean
+}
+const allowedPermissions = new Set<keyof UserPermissions>(['studio', 'configure', 'developer', 'testing', 'service'])
+
+export function parseUserPermissions(encodedPermissions: string | undefined): UserPermissions | null {
+	if (encodedPermissions === 'admin') {
+		return {
+			studio: true,
+			configure: true,
+			developer: true,
+			testing: true,
+			service: true,
+		}
+	}
+
+	const result: UserPermissions = {
+		studio: false,
+		configure: false,
+		developer: false,
+		testing: false,
+		service: false,
+	}
+
+	if (encodedPermissions && typeof encodedPermissions === 'string') {
+		const parts = encodedPermissions.split(',')
+
+		for (const part of parts) {
+			const part2 = part.trim() as keyof UserPermissions
+			if (allowedPermissions.has(part2)) {
+				result[part2] = true
+			}
+		}
+
+		return result
+	}
+
+	return null
+}
diff --git a/packages/webui/src/client/ui/UserPermissions.tsx b/packages/webui/src/client/ui/UserPermissions.tsx
@@ -13,7 +13,7 @@ import {
 } from '../lib/localStorage'
 import { parse as queryStringParse } from 'query-string'
 import { MeteorCall } from '../lib/meteorApi'
-import { UserLevel as UserPermissions } from '@sofie-automation/meteor-lib/dist/userLevel' // nocommit - avoid this alias
+import { UserPermissions } from '@sofie-automation/meteor-lib/dist/userPermissions'
 import { Settings } from '../lib/Settings'
 
 export type { UserPermissions }
@@ -56,7 +56,7 @@ export function useUserPermissions(): [roles: UserPermissions, ready: boolean] {
 			// TODO - this is a temorary hack!
 			// TODO - this should also be triggered by ddp reconnecting
 			MeteorCall.user
-				.getUserLevel()
+				.getUserPermissions()
 				.then((v) => {
 					setPermissions(
 						v || {