#!/usr/bin/env node const db = require('../src/db/models'); const AccessPolicyAuditService = require('../src/services/access-policy-audit'); const shouldFix = process.argv.includes('--fix'); const EXIT_TIMEOUT_MS = 1500; function summarizeReport(report) { return { publicRolePermissions: report.publicRolePermissions.length, publicUsersWithCustomPermissions: report.publicUsersWithCustomPermissions.length, productionPresentationAccessForNonPublicUsers: report.productionPresentationAccessForNonPublicUsers.length, }; } async function main() { if (shouldFix) { const result = await db.sequelize.transaction((transaction) => AccessPolicyAuditService.cleanupViolations({ transaction }), ); console.log( JSON.stringify( { fixed: true, summary: { removedPublicRolePermissions: result.removedPublicRolePermissions, clearedPublicUserCustomPermissions: result.clearedPublicUserCustomPermissions, removedNonPublicProductionPresentationGrants: result.removedNonPublicProductionPresentationGrants, }, }, null, 2, ), ); return; } const report = await AccessPolicyAuditService.findViolations(); const hasViolations = AccessPolicyAuditService.hasViolations(report); console.log( JSON.stringify( { ok: !hasViolations, summary: summarizeReport(report), report, }, null, 2, ), ); if (hasViolations) { process.exitCode = 1; } } main() .catch((error) => { console.error(error); process.exitCode = 1; }) .finally(async () => { try { await Promise.race([ db.sequelize.close(), new Promise((resolve) => setTimeout(resolve, EXIT_TIMEOUT_MS)), ]); } finally { process.exit(process.exitCode || 0); } });