Press n or j to go to the next uncovered block, b, p or k for the previous block.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 | 1x 1x 1x 1x 1x 1x 13x 13x 13x 13x 2x 11x 11x 2x 9x 9x 1x 8x 8x 8x 8x 8x 7x 7x 7x 1x 1x | const { DynamoDBClient } = require('@aws-sdk/client-dynamodb')
const { DynamoDBDocumentClient, QueryCommand, GetCommand } = require('@aws-sdk/lib-dynamodb')
const { permissionChecker } = require('../utils/PermissionChecker')
const client = new DynamoDBClient({})
const docClient = DynamoDBDocumentClient.from(client)
exports.handler = async (event) => {
try {
const tenantId = event.pathParameters?.tenantId
const userId = event.requestContext?.authorizer?.claims?.sub
if (!userId || !tenantId) {
return {
statusCode: 401,
headers: {
'Content-Type': 'application/json',
'Access-Control-Allow-Origin': '*'
},
body: JSON.stringify({ error: 'Unauthorized' })
}
}
// Check if user is member of this tenant
const membershipCheck = await docClient.send(
new GetCommand({
TableName: process.env.MEMBERSHIPS_TABLE_NAME,
Key: { userId, tenantId }
})
)
if (!membershipCheck.Item || membershipCheck.Item.status !== 'active') {
return {
statusCode: 403,
headers: {
'Content-Type': 'application/json',
'Access-Control-Allow-Origin': '*'
},
body: JSON.stringify({ error: 'Access denied - not a member of this flow' })
}
}
// Check if user has permission to list roles
const permissionCheck = await permissionChecker.hasPermission(userId, tenantId, 'role:list')
if (!permissionCheck.hasPermission) {
return {
statusCode: 403,
headers: {
'Content-Type': 'application/json',
'Access-Control-Allow-Origin': '*'
},
body: JSON.stringify({ error: 'Forbidden - Insufficient permissions' })
}
}
// Pagination support
const limit = event.queryStringParameters?.limit
? parseInt(event.queryStringParameters.limit)
: 30
const nextToken = event.queryStringParameters?.nextToken
const queryParams = {
TableName: process.env.ROLES_TABLE_NAME,
KeyConditionExpression: 'PK = :pk AND begins_with(SK, :sk)',
ExpressionAttributeValues: {
':pk': `TENANT#${tenantId}`,
':sk': 'ROLE#'
},
Limit: limit
}
// Add pagination token if provided
Iif (nextToken) {
try {
queryParams.ExclusiveStartKey = JSON.parse(Buffer.from(nextToken, 'base64').toString())
} catch {
return {
statusCode: 400,
headers: {
'Content-Type': 'application/json',
'Access-Control-Allow-Origin': '*'
},
body: JSON.stringify({ error: 'Invalid nextToken' })
}
}
}
const result = await docClient.send(new QueryCommand(queryParams))
const roles = result.Items || []
const responseNextToken = result.LastEvaluatedKey
? Buffer.from(JSON.stringify(result.LastEvaluatedKey)).toString('base64')
: null
return {
statusCode: 200,
headers: {
'Content-Type': 'application/json',
'Access-Control-Allow-Origin': '*'
},
body: JSON.stringify({
items: roles,
nextToken: responseNextToken,
hasMore: !!responseNextToken
})
}
} catch (error) {
console.error('Error listing roles:', error)
return {
statusCode: 500,
headers: {
'Content-Type': 'application/json',
'Access-Control-Allow-Origin': '*'
},
body: JSON.stringify({ error: 'Failed to list roles' })
}
}
}
|