[IMPROVE] Raw models permissions

app/api/server/v1/permissions.ts

@@ -2,30 +2,28 @@ import { Meteor } from 'meteor/meteor';
 import { Match, check } from 'meteor/check';
 
 import { hasPermission } from '../../../authorization/server';
-import { Permissions } from '../../../models/server';
 import { API } from '../api';
-import { Roles } from '../../../models/server/raw';
+import { Permissions, Roles } from '../../../models/server/raw';
 
 API.v1.addRoute('permissions.listAll', { authRequired: true }, {
 	get() {
 		const { updatedSince } = this.queryParams;
 
-		let updatedSinceDate: Date;
+		let updatedSinceDate: Date | undefined;
 		if (updatedSince) {
 			if (isNaN(Date.parse(updatedSince))) {
 				throw new Meteor.Error('error-roomId-param-invalid', 'The "updatedSince" query parameter must be a valid date.');
 			}
 			updatedSinceDate = new Date(updatedSince);
 		}
 
-		let result;
-		Meteor.runAsUser(this.userId, () => { result = Meteor.call('permissions/get', updatedSinceDate); });
+		const result = Promise.await(Meteor.call('permissions/get', updatedSinceDate));
 
 		if (Array.isArray(result)) {
-			result = {
+			return API.v1.success({
 				update: result,
 				remove: [],
-			};
+			});
 		}
 
 		return API.v1.success(result);
@@ -52,7 +50,7 @@ API.v1.addRoute('permissions.update', { authRequired: true }, {
 		Object.keys(this.bodyParams.permissions).forEach((key) => {
 			const element = this.bodyParams.permissions[key];
 
-			if (!Permissions.findOneById(element._id)) {
+			if (!Promise.await(Permissions.findOneById(element._id))) {
 				permissionNotFound = true;
 			}
 
@@ -77,7 +75,7 @@ API.v1.addRoute('permissions.update', { authRequired: true }, {
 			Permissions.createOrUpdate(element._id, element.roles);
 		});
 
-		const result = Meteor.runAsUser(this.userId, () => Meteor.call('permissions/get'));
+		const result = Promise.await(Meteor.call('permissions/get'));
 
 		return API.v1.success({
 			permissions: result,

app/api/server/v1/roles.ts

@@ -60,7 +60,7 @@ API.v1.addRoute('roles.create', { authRequired: true }, {
 		if (['Users', 'Subscriptions'].includes(roleData.scope) === false) {
 			roleData.scope = 'Users';
 		}
-		const a = Roles.createWithRandomId(roleData.name, roleData.scope, roleData.description, false, roleData.mandatory2fa)
+		const a = Roles.createWithRandomId(roleData.name, roleData.scope, roleData.description, false, roleData.mandatory2fa);
 		const roleId = Promise.await(a).insertedId;
 
 		if (settings.get('UI_DisplayRoles')) {

app/authorization/server/functions/upsertPermissions.ts

@@ -1,12 +1,11 @@
 /* eslint no-multi-spaces: 0 */
-import Permissions from '../../../models/server/models/Permissions';
 import { settings } from '../../../settings/server';
 import { getSettingPermissionId, CONSTANTS } from '../../lib';
-import { Roles, Settings } from '../../../models/server/raw';
+import { Permissions, Roles, Settings } from '../../../models/server/raw';
 import { IPermission } from '../../../../definition/IPermission';
 import { ISetting } from '../../../../definition/ISetting';
 
-export const upsertPermissions = (): void => {
+export const upsertPermissions = async (): Promise<void> => {
 	// Note:
 	// 1.if we need to create a role that can only edit channel message, but not edit group message
 	// then we can define edit-<type>-message instead of edit-message
@@ -153,8 +152,8 @@ export const upsertPermissions = (): void => {
 	];
 
 
-	for (const permission of permissions) {
-		Permissions.create(permission._id, permission.roles);
+	for await (const permission of permissions) {
+		await Permissions.create(permission._id, permission.roles);
 	}
 
 	const defaultRoles = [
@@ -171,30 +170,27 @@ export const upsertPermissions = (): void => {
 		{ name: 'livechat-manager', scope: 'Users',         description: 'Livechat Manager' },
 	];
 
-	for (const role of defaultRoles) {
-		Roles.createOrUpdate(role.name, role.scope as 'Users' | 'Subscriptions', role.description, true, false);
+	for await (const role of defaultRoles) {
+		await Roles.createOrUpdate(role.name, role.scope as 'Users' | 'Subscriptions', role.description, true, false);
 	}
 
-	const getPreviousPermissions = function(settingId?: string): Record<string, IPermission> {
+	const getPreviousPermissions = async function(settingId?: string): Promise<Record<string, IPermission>> {
 		const previousSettingPermissions: {
 			[key: string]: IPermission;
 		} = {};
 
-		const selector = { level: CONSTANTS.SETTINGS_LEVEL, ...settingId && { settingId } };
-		if (settingId) {
-			selector.settingId = settingId;
-		}
+		const selector = { level: 'settings' as const, ...settingId && { settingId } };
 
-		Permissions.find(selector).forEach(
+		await Permissions.find(selector).forEach(
 			function(permission: IPermission) {
 				previousSettingPermissions[permission._id] = permission;
 			});
 		return previousSettingPermissions;
 	};
 
-	const createSettingPermission = function(setting: ISetting, previousSettingPermissions: {
+	const createSettingPermission = async function(setting: ISetting, previousSettingPermissions: {
 		[key: string]: IPermission;
-	}): void {
+	}): Promise<void> {
 		const permissionId = getSettingPermissionId(setting._id);
 		const permission: Omit<IPermission, '_id'> = {
 			level: CONSTANTS.SETTINGS_LEVEL as 'settings' | undefined,
@@ -216,19 +212,19 @@ export const upsertPermissions = (): void => {
 			permission.sectionPermissionId = getSettingPermissionId(setting.section);
 		}
 
-		const existent = Permissions.findOne({
+		const existent = await Permissions.findOne({
 			_id: permissionId,
 			...permission,
 		}, { fields: { _id: 1 } });
 
 		if (!existent) {
 			try {
-				Permissions.upsert({ _id: permissionId }, { $set: permission });
+				await Permissions.update({ _id: permissionId }, { $set: permission }, { upsert: true });
 			} catch (e) {
 				if (!e.message.includes('E11000')) {
 					// E11000 refers to a MongoDB error that can occur when using unique indexes for upserts
 					// https://docs.mongodb.com/manual/reference/method/db.collection.update/#use-unique-indexes
-					Permissions.upsert({ _id: permissionId }, { $set: permission });
+					await Permissions.update({ _id: permissionId }, { $set: permission }, { upsert: true });
 				}
 			}
 		}
@@ -237,16 +233,16 @@ export const upsertPermissions = (): void => {
 	};
 
 	const createPermissionsForExistingSettings = async function(): Promise<void> {
-		const previousSettingPermissions = getPreviousPermissions();
+		const previousSettingPermissions = await getPreviousPermissions();
 
 		(await Settings.findNotHidden().toArray()).forEach((setting) => {
 			createSettingPermission(setting, previousSettingPermissions);
 		});
 
 		// remove permissions for non-existent settings
-		for (const obsoletePermission in previousSettingPermissions) {
+		for await (const obsoletePermission of Object.keys(previousSettingPermissions)) {
 			if (previousSettingPermissions.hasOwnProperty(obsoletePermission)) {
-				Permissions.remove({ _id: obsoletePermission });
+				await Permissions.deleteOne({ _id: obsoletePermission });
 			}
 		}
 	};
@@ -256,7 +252,7 @@ export const upsertPermissions = (): void => {
 
 	// register a callback for settings for be create in higher-level-packages
 	settings.on('*', async function([settingId]) {
-		const previousSettingPermissions = getPreviousPermissions(settingId);
+		const previousSettingPermissions = await getPreviousPermissions(settingId);
 		const setting = await Settings.findOneById(settingId);
 		if (setting) {
 			if (!setting.hidden) {

app/authorization/server/methods/addPermissionToRole.js → app/authorization/server/methods/addPermissionToRole.ts

@@ -1,11 +1,12 @@
 import { Meteor } from 'meteor/meteor';
 
-import { Permissions } from '../../../models/server';
+
 import { hasPermission } from '../functions/hasPermission';
 import { CONSTANTS, AuthorizationUtils } from '../../lib';
+import { Permissions } from '../../../models/server/raw';
 
 Meteor.methods({
-	'authorization:addPermissionToRole'(permissionId, role) {
+	async 'authorization:addPermissionToRole'(permissionId, role) {
 		if (AuthorizationUtils.isPermissionRestrictedForRole(permissionId, role)) {
 			throw new Meteor.Error('error-action-not-allowed', 'Permission is restricted', {
 				method: 'authorization:addPermissionToRole',
@@ -14,7 +15,14 @@ Meteor.methods({
 		}
 
 		const uid = Meteor.userId();
-		const permission = Permissions.findOneById(permissionId);
+		const permission = await Permissions.findOneById(permissionId);
+
+		if (!permission) {
+			throw new Meteor.Error('error-invalid-permission', 'Permission does not exist', {
+				method: 'authorization:addPermissionToRole',
+				action: 'Adding_permission',
+			});
+		}
 
 		if (!uid || !hasPermission(uid, 'access-permissions') || (permission.level === CONSTANTS.SETTINGS_LEVEL && !hasPermission(uid, 'access-setting-permissions'))) {
 			throw new Meteor.Error('error-action-not-allowed', 'Adding permission is not allowed', {

app/authorization/server/methods/removeRoleFromPermission.js → app/authorization/server/methods/removeRoleFromPermission.ts

@@ -1,13 +1,18 @@
 import { Meteor } from 'meteor/meteor';
 
-import { Permissions } from '../../../models/server';
 import { hasPermission } from '../functions/hasPermission';
 import { CONSTANTS } from '../../lib';
+import { Permissions } from '../../../models/server/raw';
 
 Meteor.methods({
-	'authorization:removeRoleFromPermission'(permissionId, role) {
+	async 'authorization:removeRoleFromPermission'(permissionId, role) {
 		const uid = Meteor.userId();
-		const permission = Permissions.findOneById(permissionId);
+		const permission = await Permissions.findOneById(permissionId);
+
+
+		if (!permission) {
+			throw new Meteor.Error('error-permission-not-found', 'Permission not found', { method: 'authorization:removeRoleFromPermission' });
+		}
 
 		if (!uid || !hasPermission(uid, 'access-permissions') || (permission.level === CONSTANTS.SETTINGS_LEVEL && !hasPermission(uid, 'access-setting-permissions'))) {
 			throw new Meteor.Error('error-action-not-allowed', 'Removing permission is not allowed', {

app/authorization/server/streamer/permissions/index.ts

@@ -0,0 +1,28 @@
+import { Meteor } from 'meteor/meteor';
+import { check, Match } from 'meteor/check';
+
+import { Permissions } from '../../../../models/server/raw';
+
+Meteor.methods({
+	async 'permissions/get'(updatedAt: Date) {
+		check(updatedAt, Match.Maybe(Date));
+
+		// TODO: should we return this for non logged users?
+		// TODO: we could cache this collection
+
+		const records = await Permissions.find(updatedAt && { _updatedAt: { $gt: updatedAt } }).toArray();
+
+		if (updatedAt instanceof Date) {
+			return {
+				update: records,
+				remove: await Permissions.trashFindDeletedAfter(
+					updatedAt,
+					{},
+					{ fields: { _id: 1, _deletedAt: 1 } },
+				).toArray(),
+			};
+		}
+
+		return records;
+	},
+});

app/autotranslate/server/permissions.ts

@@ -0,0 +1,9 @@
+import { Meteor } from 'meteor/meteor';
+
+import { Permissions } from '../../models/server/raw';
+
+Meteor.startup(async () => {
+	if (!await Permissions.findOne({ _id: 'auto-translate' })) {
+		Permissions.create('auto-translate', ['admin']);
+	}
+});

app/discussion/server/permissions.js → app/discussion/server/permissions.ts

@@ -1,6 +1,7 @@
 import { Meteor } from 'meteor/meteor';
 
-import { Permissions } from '../../models';
+import { Permissions } from '../../models/server/raw';
+
 
 Meteor.startup(() => {
 	// Add permissions for discussion

app/models/server/index.js

@@ -5,7 +5,6 @@ import Rooms from './models/Rooms';
 import Settings from './models/Settings';
 import Subscriptions from './models/Subscriptions';
 import Users from './models/Users';
-import Permissions from './models/Permissions';
 import Imports from './models/Imports';
 import LivechatCustomField from './models/LivechatCustomField';
 import LivechatDepartment from './models/LivechatDepartment';
@@ -33,7 +32,6 @@ export {
 	Settings,
 	Subscriptions,
 	Users,
-	Permissions,
 	Imports,
 	LivechatCustomField,
 	LivechatDepartment,