Merge remote-tracking branch 'origin/next' into stable

Author: adrians5j

packages/api-aco/__tests__/flp.tasks.test.ts

@@ -323,6 +323,70 @@ describe("Folder Level Permissions -  UPDATE FLP - Simple", () => {
                 }
             ]
         });
+
+        // Update child folder with its own permissions
+        await context.aco.folder.update(childFolder.id, {
+            permissions: [
+                {
+                    target: "admin:5678",
+                    level: "editor"
+                }
+            ]
+        });
+
+        {
+            // Check child folder
+            const updatedChildFlp = await context.aco.flp.get(childFolder.id);
+            expect(updatedChildFlp).toMatchObject({
+                id: childFolder.id,
+                type,
+                slug: childFolder.slug,
+                parentId: parentFolder.id,
+                permissions: [
+                    {
+                        target: "admin:5678",
+                        level: "editor"
+                    },
+                    {
+                        target: "admin:1234",
+                        level: "viewer",
+                        inheritedFrom: `parent:${parentFolder.id}`
+                    }
+                ]
+            });
+        }
+
+        // Update the parent folder removing all permissions
+        await context.aco.folder.update(parentFolder.id, {
+            permissions: []
+        });
+
+        // Check parent folder
+        const updatedParentFlp = await context.aco.flp.get(parentFolder.id);
+        expect(updatedParentFlp).toMatchObject({
+            id: parentFolder.id,
+            type,
+            slug: parentFolder.slug,
+            parentId: ROOT_FOLDER,
+            permissions: []
+        });
+
+        {
+            // Check child folder
+            const updatedChildFlp = await context.aco.flp.get(childFolder.id);
+            expect(updatedChildFlp).toMatchObject({
+                id: childFolder.id,
+                type,
+                slug: childFolder.slug,
+                parentId: parentFolder.id,
+                permissions: [
+                    {
+                        target: "admin:5678",
+                        level: "editor"
+                    }
+                ]
+            });
+        }
     });
 });
 
@@ -644,6 +708,53 @@ describe("Folder Level Permissions -  UPDATE FLP - Complex", () => {
             }
         }
 
+        // Update level2 with its empty permissions: it should always inherit permissions from level1 and propagate them down
+        await context.aco.folder.update(level2.id, {
+            permissions: []
+        });
+
+        // Verify level2 has no permissions
+        for (let i = 0; i < folders.length; i++) {
+            const folder = folders[i];
+            const flp = await context.aco.flp.get(folder.id);
+
+            const expectedPath = folders
+                .slice(0, i + 1)
+                .map(f => f.slug)
+                .join("/");
+
+            if (i === 0) {
+                expect(flp).toMatchObject({
+                    id: folder.id,
+                    type,
+                    slug: folder.slug,
+                    parentId: ROOT_FOLDER,
+                    path: `${ROOT_FOLDER}/${expectedPath}`,
+                    permissions: [
+                        {
+                            target: "admin:user1",
+                            level: "viewer"
+                        }
+                    ]
+                });
+            } else {
+                expect(flp).toMatchObject({
+                    id: folder.id,
+                    type,
+                    slug: folder.slug,
+                    parentId: folders[i - 1].id,
+                    path: `${ROOT_FOLDER}/${expectedPath}`,
+                    permissions: [
+                        {
+                            target: "admin:user1",
+                            level: "viewer",
+                            inheritedFrom: `parent:${folders[i - 1].id}`
+                        }
+                    ]
+                });
+            }
+        }
+
         // Update level3 with its own permissions
         await context.aco.folder.update(level3.id, {
             permissions: [

packages/api-aco/package.json

@@ -34,6 +34,7 @@
     "@webiny/handler": "0.0.0",
     "@webiny/handler-graphql": "0.0.0",
     "@webiny/pubsub": "0.0.0",
+    "@webiny/shared-aco": "0.0.0",
     "@webiny/tasks": "0.0.0",
     "@webiny/utils": "0.0.0",
     "@webiny/validation": "0.0.0",

packages/api-aco/src/constants.ts

@@ -1,3 +1,3 @@
-export const ROOT_FOLDER = "root";
+export * from "@webiny/shared-aco";
 export const PB_PAGE_TYPE = "PbPage";
 export const FM_FILE_TYPE = "FmFile";

packages/api-aco/src/flp/flp.types.ts

@@ -1,23 +1,9 @@
 import { Topic } from "@webiny/pubsub/types";
 import { ITaskRunParams } from "@webiny/tasks/types";
 import { type AcoContext, type Folder } from "~/types";
+import type { FolderLevelPermission, FolderPermission } from "@webiny/shared-aco/flp/flp.types";
 
-export type FolderAccessLevel = "owner" | "viewer" | "editor" | "public" | "no-access";
-
-export interface FolderPermission {
-    target: string;
-    level: FolderAccessLevel;
-    inheritedFrom?: string;
-}
-
-export interface FolderLevelPermission {
-    id: string;
-    parentId: string;
-    slug: string;
-    path: string;
-    permissions: FolderPermission[];
-    type: string;
-}
+export * from "@webiny/shared-aco/flp/flp.types";
 
 /********
  * CRUD operations

packages/api-aco/src/flp/useCases/CreateFlp.ts

@@ -1,10 +1,9 @@
 import { WebinyError } from "@webiny/error";
 import { Path } from "~/utils/Path";
-import { Permissions } from "./Permissions";
+import { Permissions, ROOT_FOLDER } from "@webiny/shared-aco";
 import type { FolderLevelPermission as IFolderLevelPermission } from "~/flp/flp.types";
 import type { Folder } from "~/folder/folder.types";
 import type { AcoContext } from "~/types";
-import { ROOT_FOLDER } from "~/constants";
 
 export class CreateFlp {
     private context: AcoContext;

packages/api-aco/src/flp/useCases/UpdateFlp.ts

@@ -1,7 +1,6 @@
 import { WebinyError } from "@webiny/error";
 import { Path } from "~/utils/Path";
-import { Permissions } from "./Permissions";
-import { ROOT_FOLDER } from "~/constants";
+import { Permissions, ROOT_FOLDER } from "@webiny/shared-aco";
 import type { AcoContext, Folder, FolderLevelPermission, FolderPermission } from "~/types";
 import { FOLDER_MODEL_ID } from "~/folder/folder.model";
 

packages/api-aco/tsconfig.build.json

@@ -14,6 +14,7 @@
     { "path": "../handler/tsconfig.build.json" },
     { "path": "../handler-graphql/tsconfig.build.json" },
     { "path": "../pubsub/tsconfig.build.json" },
+    { "path": "../shared-aco/tsconfig.build.json" },
     { "path": "../tasks/tsconfig.build.json" },
     { "path": "../utils/tsconfig.build.json" },
     { "path": "../validation/tsconfig.build.json" },

packages/api-aco/tsconfig.json

@@ -14,6 +14,7 @@
     { "path": "../handler" },
     { "path": "../handler-graphql" },
     { "path": "../pubsub" },
+    { "path": "../shared-aco" },
     { "path": "../tasks" },
     { "path": "../utils" },
     { "path": "../validation" },
@@ -58,6 +59,8 @@
       "@webiny/handler-graphql": ["../handler-graphql/src"],
       "@webiny/pubsub/*": ["../pubsub/src/*"],
       "@webiny/pubsub": ["../pubsub/src"],
+      "@webiny/shared-aco/*": ["../shared-aco/src/*"],
+      "@webiny/shared-aco": ["../shared-aco/src"],
       "@webiny/tasks/*": ["../tasks/src/*"],
       "@webiny/tasks": ["../tasks/src"],
       "@webiny/utils/*": ["../utils/src/*"],

packages/api-headless-cms-ddb-es/src/dynamoDb/storage/richText.ts

@@ -24,7 +24,14 @@ export const createRichTextStorageTransformPlugin = () => {
             }
 
             try {
-                return await compressor.getCompressor().decompress(storageValue);
+                const uncompressed = await compressor.getCompressor().decompress(storageValue);
+
+                // We must make sure the rich text value is an object.
+                // It is possible that it is a string if developers call the API with an already stringified value.
+                if (typeof uncompressed === "string") {
+                    return JSON.parse(uncompressed);
+                }
+                return uncompressed;
             } catch {
                 return storageValue;
             }

packages/api-headless-cms-ddb/src/dynamoDb/storage/richText.ts

@@ -27,7 +27,14 @@ export const createRichTextStorageTransformPlugin = () => {
             }
 
             try {
-                return await compressor.getCompressor().decompress(storageValue);
+                const uncompressed = await compressor.getCompressor().decompress(storageValue);
+
+                // We must make sure the rich text value is an object.
+                // It is possible that it is a string if developers call the API with an already stringified value.
+                if (typeof uncompressed === "string") {
+                    return JSON.parse(uncompressed);
+                }
+                return uncompressed;
             } catch {
                 return storageValue;
             }