Skip to content

Instantly share code, notes, and snippets.

@moo2u2

moo2u2/sitecore-field-helper.ts

Created October 8, 2023 02:37
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save moo2u2/1b22f8a14086511e512d69e729df8731 to your computer and use it in GitHub Desktop.
Save moo2u2/1b22f8a14086511e512d69e729df8731 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
sitecore-field-helper.ts
const Inheritance = '!*';
export const securityFieldName = '__Security';
const permissionCanRead = '+read';
const permissionCannotRead = '-read';
enum ParseState { au, ar, pe, pd };
export type Permissions = {
[username: string]: {
Item: string[];
Descendants: string[];
};
};
export type SecurityField = {
value: Permissions;
};
// Equivalent of the Sitecore backend logic at
// https://github.com/moo2u2/Sitecore-Permissions/blob/main/SitecorePermissions/code/LayoutService/FieldSerializers/SecurityFieldSerializer.cs
export const parseSecurityField = (securityValue: string) => {
const security = { value: {} } as SecurityField;
if (!securityValue)
return security;
let userOrRole = '';
let tokens = securityValue.split('|');
let parseState: ParseState = ParseState.au;
tokens.forEach(token => {
switch (token) {
case 'au':
parseState = ParseState.au;
break;
case 'ar':
parseState = ParseState.ar;
break;
case 'pe':
parseState = ParseState.pe;
break;
case 'pd':
parseState = ParseState.pd;
break;
default: {
if (token == Inheritance) {
security.value[userOrRole].Item.push('Inheritance');
break;
}
else if (token) {
switch (parseState) {
case ParseState.au:
case ParseState.ar:
userOrRole = token;
security.value[userOrRole] = { Item: [], Descendants: [] };
break;
case ParseState.pe:
const permissionsItem = token.split(':');
security.value[userOrRole].Item.push(permissionsItem[0][0] + permissionsItem[1]);
break;
case ParseState.pd:
const permissiondDesc = token.split(':');
security.value[userOrRole].Descendants.push(permissiondDesc[0][0] + permissiondDesc[1]);
break;
}
}
break;
}
}
});
return security;
};
// Check if role is _not_ authorized to read a given item (by its __Security standard field)
// See https://doc.sitecore.com/xp/en/developers/103/platform-administration-and-architecture/assign-access-rights-to-a-security-account.html
export const notAuthorized = (permissions: Permissions, role: string): boolean => {
if (role in permissions && 'Item' in permissions[role]) {
return permissions[role].Item.indexOf(permissionCannotRead) >= 0;
}
return false;
}
// Check if any of given roles is unauthorized to read given item
export const anyNotAuthorized = (permissions: Permissions, roles: string[]): boolean => {
return roles.some(role => notAuthorized(permissions, role));
}
// Check if role _is_ authorized to read a given item (by its __Security standard field)
export const isAuthorized = (permissions: Permissions, role: string): boolean => {
if (role in permissions && 'Item' in permissions[role]) {
return permissions[role].Item.indexOf(permissionCanRead) >= 0;
}
return false;
}
// Check if all given roles are authorized to read given item
export const allAuthorized = (permissions: Permissions, roles: string[]): boolean => {
return roles.every(role => isAuthorized(permissions, role));
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment