From 3a8be1b536be05e84bba59405701065645ec4114 Mon Sep 17 00:00:00 2001
From: Rodrigo Rodriguez <me@rodrigorodriguez.com>
Date: Wed, 23 Aug 2023 11:24:48 -0300
Subject: [PATCH] new (basic.gbapp): ALLOW ROLE keyword.

---
 .../basic.gblib/services/DialogKeywords.ts    | 30 ++++++++++++++++-
 packages/basic.gblib/services/GBVMService.ts  | 32 +++++++++++--------
 .../services/KeywordsExpressions.ts           |  8 ++++-
 3 files changed, 54 insertions(+), 16 deletions(-)

diff --git a/packages/basic.gblib/services/DialogKeywords.ts b/packages/basic.gblib/services/DialogKeywords.ts
index b096b68e..5a6b53b7 100644
--- a/packages/basic.gblib/services/DialogKeywords.ts
+++ b/packages/basic.gblib/services/DialogKeywords.ts
@@ -32,7 +32,7 @@
 
 'use strict';
 
-import { GBLog, GBMinInstance } from 'botlib';
+import { GBError, GBLog, GBMinInstance } from 'botlib';
 import { GBConfigService } from '../../core.gbapp/services/GBConfigService.js';
 import { ChartServices } from './ChartServices.js';
 import urlJoin from 'url-join';
@@ -60,6 +60,7 @@ import pkg from 'whatsapp-web.js';
 import { ActivityTypes } from 'botbuilder';
 const { List, Buttons } = pkg;
 import mime from 'mime-types';
+import { GBLogEx } from '../../core.gbapp/services/GBLogEx.js';
 
 /**
  * Default check interval for user replay
@@ -525,6 +526,33 @@ export class DialogKeywords {
     await sec.updateUserLocale(user.userId, language);
   }
 
+  /**
+   * Defines the current security context for dialogs based on roles.
+   *
+   * @example ALLOW ROLE "DevOps"
+   *
+   */
+  public async allowRole({ pid, value }) {
+    const { min, user, proc } = await DialogKeywords.getProcessInfo(pid);
+    const sys  = new SystemKeywords();
+
+    // Updates current roles allowed from now on this dialog/process.
+
+    proc.roles = value;
+
+    // Checks access.
+
+    const filters = [`${value}=x`, `id=${user.userSystemId}`];
+    const people = sys.find({pid, handle:"People.xlsx", args:[filters]});
+
+    if (!people){
+      throw new Error(`Invalid access. Check if People sheet has the role ${value} checked.`);
+    }
+
+    GBLogEx.info(min, `Allowed access for ${user.userSystemId} on ${value}`);
+  }
+
+
   /**
    * Defines the id generation policy.
    *
diff --git a/packages/basic.gblib/services/GBVMService.ts b/packages/basic.gblib/services/GBVMService.ts
index 94f48695..236c075b 100644
--- a/packages/basic.gblib/services/GBVMService.ts
+++ b/packages/basic.gblib/services/GBVMService.ts
@@ -208,19 +208,6 @@ export class GBVMService extends GBService {
       require('isomorphic-fetch');
       const createRpcClient = require("@push-rpc/core").createRpcClient;
       const createHttpClient = require("@push-rpc/http").createHttpClient;
-
-      // Setups interprocess communication from .gbdialog run-time to the BotServer API.
-      const optsRPC = {callTimeout: this.callTimeout};
-      let url;
-
-      url = 'http://localhost:${GBVMService.API_PORT}/api/v3/${min.botId}/dk';
-      const dk = (await createRpcClient(0, () => createHttpClient(url), optsRPC)).remote;
-      url = 'http://localhost:${GBVMService.API_PORT}/api/v3/${min.botId}/sys';
-      const sys = (await createRpcClient(0, () => createHttpClient(url), optsRPC)).remote;
-      url = 'http://localhost:${GBVMService.API_PORT}/api/v3/${min.botId}/wa';
-      const wa = (await createRpcClient(0, () => createHttpClient(url), optsRPC)).remote;
-      url = 'http://localhost:${GBVMService.API_PORT}/api/v3/${min.botId}/img';
-      const img = (await createRpcClient(0, () => createHttpClient(url), optsRPC)).remote;
       
       // Unmarshalls Local variables from server VM.
 
@@ -287,8 +274,24 @@ export class GBVMService extends GBService {
       const base64 =  (v) => { return (async () => { return await dk.getCoded({v}) })(); };
       const tolist =  (v) => { return (async () => { return await dk.getToLst({v}) })(); };
 
+      // Setups interprocess communication from .gbdialog run-time to the BotServer API.
+
+      const optsRPC = {callTimeout: this.callTimeout};
+      let url;
+
+      url = 'http://localhost:${GBVMService.API_PORT}/api/v3/${min.botId}/dk';
+      const dk = caseInsensitive ((await createRpcClient(0, () => createHttpClient(url), optsRPC)).remote);
+      url = 'http://localhost:${GBVMService.API_PORT}/api/v3/${min.botId}/sys';
+      const sys = caseInsensitive ((await createRpcClient(0, () => createHttpClient(url), optsRPC)).remote);
+      url = 'http://localhost:${GBVMService.API_PORT}/api/v3/${min.botId}/wa';
+      const wa = caseInsensitive ((await createRpcClient(0, () => createHttpClient(url), optsRPC)).remote);
+      url = 'http://localhost:${GBVMService.API_PORT}/api/v3/${min.botId}/img';
+      const img = caseInsensitive ((await createRpcClient(0, () => createHttpClient(url), optsRPC)).remote);
+  
       ${code}
 
+      // Closes handles if any.
+
       await wa.closeHandles({pid: pid});
 
     })(); 
@@ -498,7 +501,8 @@ export class GBVMService extends GBService {
       pid: pid,
       userId: user ? user.userId : 0,
       instanceId: min.instance.instanceId,
-      channel: channel
+      channel: channel,
+      roles: 'everyone'
     };
     return pid;
   }
diff --git a/packages/basic.gblib/services/KeywordsExpressions.ts b/packages/basic.gblib/services/KeywordsExpressions.ts
index 3f61ca7e..b6dad81e 100644
--- a/packages/basic.gblib/services/KeywordsExpressions.ts
+++ b/packages/basic.gblib/services/KeywordsExpressions.ts
@@ -343,7 +343,6 @@ export class KeywordsExpressions {
       }
     ];
 
-
     keywords[i++] = [
       /^\s*hear (\w+\$*) as (\w+( \w+)*.xlsx)/gim,
       ($0, $1, $2) => {
@@ -609,6 +608,13 @@ export class KeywordsExpressions {
       }
     ];
 
+    keywords[i++] = [
+      /^\s*(allow role)(\s*)(.*)/gim,
+      ($0, $1, $2, $3) => {
+        return `await dk.allowRole ({pid: pid, role: ${$3}})`;
+      }
+    ];
+
     keywords[i++] = [
       /^\s*(set filter)(\s*)(.*)/gim,
       ($0, $1, $2, $3) => {