Opentalent
/
app_vue2


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160
							import {$accessProfile} from "@/services/profile/accessProfile"
import {$organizationProfile} from "@/services/profile/organizationProfile"
import {$roleUtils} from "~/services/rights/roleUtils";
import {AbilitiesType, AnyJson, AnyStore} from "~/types/types";
import {Ability} from "@casl/ability";
import {$yamlParser} from "~/services/utils/yamlParser";
import * as _ from "lodash";

/**
 * @category Services/droits
 * @class AbilitiesUtils
 * Classe permettant de mener des opérations sur les abilités
 */
class AbilitiesUtils {
  private $store: AnyStore = {} as AnyStore
  private $ability: Ability = {} as Ability
  private factory: AnyJson = {}

  /**
   * @constructor
   */
  constructor(store: AnyStore, ability: Ability) {
    this.$store = store
    this.$ability = ability
  }

  /**
   * Initialise les services factories
   */
  initFactory() {
    this.factory = {
      access: $accessProfile(this.$store, this.$ability),
      organization: $organizationProfile(this.$store)
    }
  }

  /**
   * Set les abilities de l'utilisateur à chaque fois qu'on update son profile
   */
  setAbilities(){
    //Nécessaire pour que l'update des abilité soit correct après la phase SSR
    this.$ability.update(this.$store.state.profile.access.abilities);

    /**
     * Au moment où l'on effectue un SetProfile via le store Organization, il faut aller récupérer
     * les différentes abilitées que l'utilisateur peut effectuer. (Tout cela se passe en SSR)
     */
    const unsubscribe = this.$store.subscribeAction({
      after: (action, state) => {
        switch (action.type) {
          case 'profile/organization/setProfile':
            //On récupère les abilités
            const abilities = this.getAbilities();

            //On les store puis on update le service ability pour le mettre à jour.
            this.$store.commit('profile/access/setAbilities', abilities)
            this.$ability.update(abilities);
            //Unsubscribe pour éviter les memory leaks
            unsubscribe()
            break;
        }
      }
    })
  }

  /**
   * Récupération de l'ensemble des abilities quelles soient par Roles ou par Config.
   * @return {Array<AbilitiesType>}
   */
  getAbilities():Array<AbilitiesType> {
    const abilitiesByRoles = this.getAbilitiesByRoles(this.$store.state.profile.access.roles)
    this.$ability.update(abilitiesByRoles);
    this.initFactory();
    return abilitiesByRoles.concat(this.getAbilitiesByConfig('./config/abilities/config.yaml'))
  }

  /**
   * Adaptation et transformations des roles en abilities
   * @param {Array<string>} roles
   * @return {Array<AbilitiesType>}
   */
  getAbilitiesByRoles(roles: Array<string>): Array<AbilitiesType> {
    roles = $roleUtils.transformUnderscoreToHyphenBeforeCompleteMigration(roles);
    return $roleUtils.transformRoleToAbilities(roles);
  }

  /**
   * - Parcours la config d'abilities en Yaml
   * - filtres la config pour ne garder que les abilities autorisées
   * - transform la config restante en Object Abilities
   * @param {string} configPath
   * @return {Array<AbilitiesType>}
   */
  getAbilitiesByConfig(configPath:string): Array<AbilitiesType> {
    let abilitiesByConfig: Array<AbilitiesType> = []
   try {
      const doc = $yamlParser.parse(configPath);
      const abilitiesAvailable = doc['abilities']
      const abilitiesFiltered = this.abilitiesAvailableFilter(abilitiesAvailable)
      abilitiesByConfig = this.transformAbilitiesConfigToAbility(abilitiesFiltered)
    } catch (e) {
      console.debug(e)
    }
    return abilitiesByConfig;
  }

  /**
   * Filtre toutes les abilities possible suivant si l'utilisateur est autorisé ou non à les posséder
   * @param {AnyJson} abilitiesAvailable
   * @return {AnyJson}
   */
  abilitiesAvailableFilter(abilitiesAvailable:AnyJson):AnyJson{
    return _.pickBy(abilitiesAvailable, (ability:any) =>{
      const services = ability['services']
      return this.canHaveTheAbility(services)
    })
  }

  /**
   * Transform une config d'abilities en un tableau d'Abilities
   * @param {AnyJson} abilitiesAvailable
   * @return {Array<AbilitiesType>}
   */
  transformAbilitiesConfigToAbility(abilitiesAvailable:AnyJson):Array<AbilitiesType>{
    let abilitiesByConfig: Array<AbilitiesType> = []
    _.each(abilitiesAvailable, (ability, subject) => {
      let myAbility: AbilitiesType = {
        action: ability['action'],
        subject: subject
      }
      abilitiesByConfig.push(myAbility)
    })
    return abilitiesByConfig;
  }

  /**
   * Parcours les fonctions par services et établit si oui ou non l'abilité est autorisée
   * @param {AnyJson} functionByservices
   * @return {boolean}
   */
  canHaveTheAbility(functionByservices: AnyJson) {
    let hasAbility = true;
    _.each(functionByservices, (functions, service) => {
      if (hasAbility) {
        const nbFunctions = functions.length
        let cmpt = 0
        while (hasAbility && nbFunctions > cmpt) {
          const f = functions[cmpt]['function'];
          const parameters = functions[cmpt]['parameters'] ?? null;
          const result = functions[cmpt]['result'] ?? null;
          hasAbility = result !== null ? this.factory[service].handler()[f](parameters) == result : this.factory[service].handler()[f](parameters)
          cmpt++
        }
      }
    })
    return hasAbility;
  }
}

export const $abilitiesUtils = (store: AnyStore, ability:Ability) => new AbilitiesUtils(store, ability);