feat: support parent-based areaRestrictions in config for areas.json

config/local.example.json

@@ -90,11 +90,13 @@
     "areaRestrictions": [
       {
         "roles": [],
-        "areas": []
+        "areas": [],
+        "parent": []
       },
       {
         "roles": [],
-        "areas": []
+        "areas": [],
+        "parent": []
       }
     ],
     "aliases": [

packages/config/lib/mutations.js

@@ -307,9 +307,10 @@ const applyMutations = (config) => {
   })
 
   config.authentication.areaRestrictions =
-    config.authentication.areaRestrictions.map(({ roles, areas }) => ({
+    config.authentication.areaRestrictions.map(({ roles, areas, parent }) => ({
       roles: roles.flatMap(replaceAliases),
       areas,
+      parent,
     }))
 
   config.authentication.strategies = config.authentication.strategies.map(

packages/types/lib/config.d.ts

@@ -53,7 +53,7 @@ export type Config<Client extends boolean = false> = DeepMerge<
     }
     areas: ConfigAreas
     authentication: {
-      areaRestrictions: { roles: string[]; areas: string[] }[]
+      areaRestrictions: { roles: string[]; areas: string[]; parent?: string[] }[]
       // Unfortunately these types are not convenient for looping the `perms` object...
       // excludeFromTutorial: (keyof BaseConfig['authentication']['perms'])[]
       // alwaysEnabledPerms: (keyof BaseConfig['authentication']['perms'])[]

server/src/graphql/resolvers.js

@@ -18,6 +18,10 @@ const { getPolyVector } = require('../utils/getPolyVector')
 const { getPlacementCells } = require('../utils/getPlacementCells')
 const { getTypeCells } = require('../utils/getTypeCells')
 const { getValidCoords } = require('../utils/getValidCoords')
+const { hasUnrestrictedAreaGrant } = require('../utils/areaPerms')
+const {
+  getAccessibleScanAreasMenu,
+} = require('../utils/getAccessibleScanAreasMenu')
 
 /** @type {import("@apollo/server").ApolloServerOptions<import("@rm/types").GqlContext>['resolvers']} */
 const resolvers = {
@@ -355,54 +359,44 @@ const resolvers = {
     scanAreas: (_, _args, { req, perms }) => {
       if (perms?.scanAreas) {
         const scanAreas = config.getAreas(req, 'scanAreas')
+        const unrestrictedAreaGrant = hasUnrestrictedAreaGrant(
+          perms.areaRestrictions,
+        )
+        const hasDirectAreaAccess = (properties) =>
+          unrestrictedAreaGrant ||
+          !perms.areaRestrictions.length ||
+          perms.areaRestrictions.includes(properties.key)
+        const accessibleSelectableParents = new Set(
+          scanAreas.features
+            .filter(
+              (feature) =>
+                feature.properties.parent &&
+                !feature.properties.hidden &&
+                !feature.properties.manual &&
+                hasDirectAreaAccess(feature.properties),
+            )
+            .map((feature) => feature.properties.parent),
+        )
+        const canAccessArea = (properties) =>
+          hasDirectAreaAccess(properties) ||
+          (!properties.parent &&
+            !properties.manual &&
+            accessibleSelectableParents.has(properties.name))
+
         return [
           {
             ...scanAreas,
             features: scanAreas.features.filter(
               (feature) =>
-                !feature.properties.hidden &&
-                (!perms.areaRestrictions.length ||
-                  perms.areaRestrictions.includes(feature.properties.name) ||
-                  perms.areaRestrictions.includes(feature.properties.parent)),
+                !feature.properties.hidden && canAccessArea(feature.properties),
             ),
           },
         ]
       }
       return [{ features: [] }]
     },
-    scanAreasMenu: (_, _args, { req, perms }) => {
-      if (perms?.scanAreas) {
-        const scanAreas = config.getAreas(req, 'scanAreasMenu')
-        if (perms.areaRestrictions.length) {
-          const filtered = scanAreas
-            .map((parent) => ({
-              ...parent,
-              children: perms.areaRestrictions.includes(parent.name)
-                ? parent.children
-                : parent.children.filter((child) =>
-                    perms.areaRestrictions.includes(child.properties.name),
-                  ),
-            }))
-            .filter((parent) => parent.children.length)
-
-          // // Adds new blanks to account for area restrictions trimming some
-          // filtered.forEach(({ children }) => {
-          //   if (children.length % 2 === 1) {
-          //     children.push({
-          //       type: 'Feature',
-          //       properties: {
-          //         name: '',
-          //         manual: !!config.getSafe('manualAreas.length'),
-          //       },
-          //     })
-          //   }
-          // })
-          return filtered
-        }
-        return scanAreas.filter((parent) => parent.children.length)
-      }
-      return []
-    },
+    scanAreasMenu: (_, _args, { req, perms }) =>
+      getAccessibleScanAreasMenu(req, perms),
     scannerConfig: (_, { mode }, { perms }) => {
       const scanner = config.getSafe('scanner')
       const modeConfig = scanner[mode]

server/src/middleware/apollo.js

@@ -7,6 +7,7 @@ const { parse } = require('graphql')
 const { state } = require('../services/state')
 const { version } = require('../../../package.json')
 const { DataLimitCheck } = require('../services/DataLimitCheck')
+const { normalizeAreaRestrictions } = require('../utils/areaPerms')
 
 /**
  *
@@ -16,7 +17,16 @@ const { DataLimitCheck } = require('../services/DataLimitCheck')
 function apolloMiddleware(server) {
   return expressMiddleware(server, {
     context: async ({ req, res }) => {
-      const perms = req.user ? req.user.perms : req.session.perms
+      const rawPerms = req.user ? req.user.perms : req.session.perms
+      const perms = rawPerms
+        ? {
+            ...rawPerms,
+            areaRestrictions: normalizeAreaRestrictions(
+              rawPerms.areaRestrictions || [],
+              req,
+            ),
+          }
+        : rawPerms
       const username = req?.user?.username || ''
       const id = req?.user?.id || 0
 

server/src/models/Weather.js

@@ -8,6 +8,8 @@ const config = require('@rm/config')
 
 const { getPolyVector } = require('../utils/getPolyVector')
 const { getPolygonBbox } = require('../utils/getBbox')
+const { consolidateAreas } = require('../utils/consolidateAreas')
+const { hasUnrestrictedAreaGrant } = require('../utils/areaPerms')
 
 class Weather extends Model {
   static get tableName() {
@@ -41,15 +43,19 @@ class Weather extends Model {
     /** @type {import("@rm/types").FullWeather[]} */
     const results = await query
 
-    const areas = config.getSafe('areas')
-    const cleanUserAreas = (args.filters.onlyAreas || []).filter((area) =>
-      areas.names.has(area),
+    const unrestrictedAreaGrant = hasUnrestrictedAreaGrant(
+      perms.areaRestrictions,
     )
-    const merged = perms.areaRestrictions.length
-      ? perms.areaRestrictions.filter(
-          (area) => !cleanUserAreas.length || cleanUserAreas.includes(area),
-        )
-      : cleanUserAreas
+    const hasAreaFilter =
+      (!unrestrictedAreaGrant && perms.areaRestrictions.length) ||
+      (args.filters.onlyAreas || []).length
+    const merged = hasAreaFilter
+      ? [...consolidateAreas(perms.areaRestrictions, args.filters.onlyAreas)]
+      : []
+
+    if (hasAreaFilter && !merged.length) {
+      return []
+    }
 
     const boundPolygon = getPolygonBbox(args)
     return results
@@ -61,21 +67,20 @@ class Weather extends Model {
           (pointInPolygon(center, boundPolygon) ||
             booleanOverlap(geojson, boundPolygon) ||
             booleanContains(geojson, boundPolygon)) &&
-          (!merged.length ||
+          (!hasAreaFilter ||
             merged.some(
               (area) =>
-                areas.scanAreasObj[area] &&
-                (pointInPolygon(center, areas.scanAreasObj[area]) ||
-                  booleanOverlap(geojson, areas.scanAreasObj[area]) ||
-                  pointInPolygon(
-                    point(
-                      // @ts-ignore // again, probably need real TS types
-                      areas.scanAreasObj[area].geometry.type === 'MultiPolygon'
-                        ? areas.scanAreasObj[area].geometry.coordinates[0][0][0]
-                        : areas.scanAreasObj[area].geometry.coordinates[0][0],
-                    ),
-                    geojson,
-                  )),
+                pointInPolygon(center, area) ||
+                booleanOverlap(geojson, area) ||
+                pointInPolygon(
+                  point(
+                    // @ts-ignore // again, probably need real TS types
+                    area.geometry.type === 'MultiPolygon'
+                      ? area.geometry.coordinates[0][0][0]
+                      : area.geometry.coordinates[0][0],
+                  ),
+                  geojson,
+                ),
             ))
         return (
           hasOverlap && {

server/src/routes/rootRouter.js

@@ -140,7 +140,7 @@ rootRouter.get('/api/settings', async (req, res, next) => {
         ...Object.fromEntries(
           Object.keys(authentication.perms).map((p) => [p, false]),
         ),
-        areaRestrictions: areaPerms(['none']),
+        areaRestrictions: areaPerms(['none'], req, true),
         webhooks: [],
         scanner: Object.keys(scanner).filter(
           (key) =>