NEXT-30218 - Remove permissions from url

shopware · Feb 20, 2024 · 3bcfa61 · 3bcfa61
1 parent d85a2b5
commit 3bcfa61
Show file tree

Hide file tree

Showing 7 changed files with 11 additions and 114 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,11 +2,21 @@
 
 All notable changes to this project will be documented in this file.
 
+## [4.0.3] - 20.02.2024
+
+## Removed
+- Query parameter privileges to check privilieges on app side. The administration now handels this.
+
 ## [4.0.2] - 20.02.2024
 
 ## Fixed
 - `data.subscribe` throws now correctly an error if privileges are missing
 
+## [4.0.1] - 20.02.2024
+
+## Fixed
+- Settings item documentation icon name
+
 ## [4.0.0] - 07.02.2024
 
 ## Changed

diff --git a/e2e/channel.spec.ts b/e2e/channel.spec.ts
@@ -552,40 +552,6 @@ test.describe('Privilege tests', () => {
     expect(result.message.includes('Your app is missing the privileges product:read for action "repositorySearch".')).toBe(true);
   });
 
-  test('should not handle callback with missing privileges', async ({ page }) => {
-    const { mainFrame, subFrame } = await setup({ page });
-
-    await mainFrame.evaluate(() => {
-      window.sw_internal.setExtensions({
-        foo: {
-          baseUrl: 'http://localhost:8182',
-          permissions: {
-            create: ['notification']
-          }
-        }
-      });
-
-      window.sw_internal.handle('_privileges', () => {})
-    })
-
-    const response = await subFrame.evaluate(() => {
-      return window.sw_internal.send('_privileges', {})
-        .then((response) => ({
-          response: response,
-          errorMessage: 'No error happened',
-          isMissingPrivilesErrorInstance: false,
-        }))
-        .catch((error) => ({
-          response: error,
-          errorMessage: error.toString(),
-          isMissingPrivilesErrorInstance: error instanceof window.sw_internal.MissingPrivilegesError
-        }))
-    });
-
-    expect(response.errorMessage).toEqual(`Error: Your app is missing the privileges additional:not_entity_related, create:user, read:user, update:user, delete:user for action "_privileges".`);
-    expect(response.isMissingPrivilesErrorInstance).toBe(true);
-  });
-
   test('should not accept entity data without correct privileges (create,read,update,delete)', async ({ page }) => {
     const { mainFrame, subFrame } = await setup({ page });
 

diff --git a/package.json b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "@shopware-ag/meteor-admin-sdk",
   "license": "MIT",
-  "version": "4.0.2",
+  "version": "4.0.3",
   "repository": {
     "type": "git",
     "url": "git://github.com/shopware/meteor-admin-sdk.git"

diff --git a/src/channel.ts b/src/channel.ts
@@ -2,7 +2,6 @@
 import type { ShopwareMessageTypes } from './messages.types';
 import { generateUniqueId } from './_internals/utils';
 import type { extension } from './privileges/privilege-resolver';
-import { sendPrivileged, handlePrivileged } from './privileges/privilege-resolver';
 import { ShopwareMessageTypePrivileges } from './privileges';
 import MissingPrivilegesError from './privileges/missing-privileges-error';
 import SerializerFactory from './_internals/serializer';
@@ -106,13 +105,6 @@ export function send<MESSAGE_TYPE extends keyof ShopwareMessageTypes>(
   _targetWindow?: Window,
   _origin?: string
 ): Promise<ShopwareMessageTypes[MESSAGE_TYPE]['responseType'] | null> {
-  const missingPriviliges = sendPrivileged(type);
-  if (missingPriviliges !== null) {
-    const missingPrivilegesError = new MissingPrivilegesError(type, missingPriviliges);
-
-    return Promise.reject(missingPrivilegesError);
-  }
-
   // Generate a unique callback ID. This here is only for simple demonstration purposes
   const callbackId = generateUniqueId();
 
@@ -279,11 +271,6 @@ export function handle<MESSAGE_TYPE extends keyof ShopwareMessageTypes>
       if (!adminExtensions) {
         return;
       }
-
-      const missingPrivileges = handlePrivileged(type, event.origin);
-      if (missingPrivileges !== null) {
-        return;
-      }
     }
 
     if (typeof event.data !== 'string') {

diff --git a/src/privileges/index.ts b/src/privileges/index.ts
@@ -1,4 +1,3 @@
-import { _privileges } from './messages/_privileges';
 import type { privileges } from './privilege-resolver';
 
 /**
@@ -36,5 +35,4 @@ export const ShopwareMessageTypePrivileges: Record<string, privileges> = {
   _collectionTest: {},
   _multiply: {},
   _subtract: {},
-  _privileges: _privileges,
 };
diff --git a/src/privileges/messages/_privileges.ts b/src/privileges/messages/_privileges.ts
diff --git a/src/privileges/privilege-resolver.ts b/src/privileges/privilege-resolver.ts
@@ -1,5 +1,3 @@
-import { ShopwareMessageTypePrivileges } from '.';
-import type { ShopwareMessageTypes } from '../messages.types';
 import { adminExtensions } from '../channel';
 
 export type privilegeString = `${keyof privileges}:${string}`;
@@ -17,61 +15,6 @@ export type extension = {
   permissions: privileges,
 }
 
-export function sendPrivileged(messageType: keyof ShopwareMessageTypes): Array<privilegeString> | null {
-  const requiredPrivileges = getRequiredPrivilegesForMessage(messageType);
-  const locationPrivileges = getLocationPrivileges(window.location);
-
-  if (!requiredPrivileges || Object.keys(requiredPrivileges).length <= 0) {
-    return null;
-  }
-
-  return getMissingPrivileges(requiredPrivileges, locationPrivileges);
-}
-
-export function handlePrivileged(messageType: keyof ShopwareMessageTypes, origin: string): Array<privilegeString> | null {
-  const requiredPrivileges = getRequiredPrivilegesForMessage(messageType);
-  const extension = findExtensionByBaseUrl(origin);
-
-  if (!extension) {
-    return null;
-  }
-
-  return getMissingPrivileges(requiredPrivileges, extension.permissions);
-}
-
-function getRequiredPrivilegesForMessage<MESSAGE_TYPE extends keyof ShopwareMessageTypes>(messageType: MESSAGE_TYPE): typeof ShopwareMessageTypePrivileges[MESSAGE_TYPE]
-function getRequiredPrivilegesForMessage(messageType: string): privileges
-function getRequiredPrivilegesForMessage<MESSAGE_TYPE extends keyof ShopwareMessageTypes>(messageType: MESSAGE_TYPE | string): typeof ShopwareMessageTypePrivileges[MESSAGE_TYPE] | privileges {
-  return ShopwareMessageTypePrivileges[messageType] ?? {};
-}
-
-function getLocationPrivileges(location: Location): privileges {
-  const params = new URLSearchParams(location.search);
-  const privilegeString = params.get('privileges');
-
-  if (!privilegeString) {
-    return {};
-  }
-
-  return JSON.parse(privilegeString) as privileges;
-}
-
-function getMissingPrivileges(requiredPrivileges: privileges, privileges: privileges): null | Array<privilegeString> {
-  const requiredRoles = Object.keys(requiredPrivileges) as Array<keyof privileges>;
-  const missingPriviliges: Array<privilegeString> = [];
-
-  // Compare detailed priviliges of each role and add missing to stack
-  requiredRoles.forEach((requiredRole) => {
-    requiredPrivileges[requiredRole]?.forEach((privilege) => {
-      if (!privileges[requiredRole]?.includes(privilege)) {
-        missingPriviliges.push(`${requiredRole}:${privilege}`);
-      }
-    });
-  });
-
-  return missingPriviliges.length >= 1 ? missingPriviliges : null;
-}
-
 export function findExtensionByBaseUrl(baseUrl: string): extension | undefined {
   if (typeof baseUrl !== 'string') {
     return undefined;