Skip to content

Commit 8e35211

Browse files
kptdobekptdobe
authored
feat: add special IMS org with full access (#233)
1 parent e803b4a commit 8e35211

File tree

3 files changed

+41
-0
lines changed

3 files changed

+41
-0
lines changed

src/index.d.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@ export interface Env {
1919
AEM_BUCKET_NAME: string;
2020
// shared secret used as authorization when invoking the collab service (eg for syncadmin)
2121
COLLAB_SHARED_SECRET: string;
22+
DA_OPS_IMS_ORG: string;
2223

2324
DA_AUTH: KVNamespace,
2425
DA_CONFIG: KVNamespace,

src/utils/auth.js

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -238,6 +238,19 @@ export async function getAclCtx(env, org, users, key, api) {
238238
};
239239
}
240240

241+
if (env.DA_OPS_IMS_ORG) {
242+
props.permissions.data.push({
243+
path: 'CONFIG',
244+
groups: env.DA_OPS_IMS_ORG,
245+
actions: 'write',
246+
});
247+
props.permissions.data.push({
248+
path: '/ + **',
249+
groups: env.DA_OPS_IMS_ORG,
250+
actions: 'write',
251+
});
252+
}
253+
241254
const aclTrace = [];
242255
props.permissions.data.forEach(({ path, groups, actions }) => {
243256
if (!path || !groups) return;

test/utils/auth.test.js

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -389,6 +389,33 @@ describe('DA auth', () => {
389389
assert(aclCtx.actionSet.has('read'));
390390
assert(!aclCtx.actionSet.has('write'));
391391
});
392+
393+
it('test DA_OPS_IMS_ORG permissions', async () => {
394+
const opsOrg = 'MyOpsOrg';
395+
const envOps = {
396+
...env2,
397+
DA_OPS_IMS_ORG: opsOrg,
398+
};
399+
400+
// User in the OPS ORG
401+
const users = [{ orgs: [{ orgIdent: opsOrg }] }];
402+
const aclCtx = await getAclCtx(envOps, 'test', users, '/', 'config');
403+
404+
// Should have write permission on CONFIG because of DA_OPS_IMS_ORG injection
405+
assert(hasPermission({
406+
users, org: 'test', aclCtx, key: '',
407+
}, 'CONFIG', 'write', true));
408+
409+
// Should have write permission on / because of DA_OPS_IMS_ORG injection (path: '/ + **')
410+
assert(hasPermission({
411+
users, org: 'test', aclCtx, key: '',
412+
}, '/', 'write'));
413+
414+
// Should have write permission on path because of DA_OPS_IMS_ORG injection (path: '/ + **')
415+
assert(hasPermission({
416+
users, org: 'test', aclCtx, key: '',
417+
}, '/some/deep/path', 'write'));
418+
});
392419
});
393420

394421
describe('persmissions single sheet', () => {

0 commit comments

Comments
 (0)