feat: add permission rewriter for app by name

Author: KernelDeimos

packages/backend/src/services/ProtectedAppService.js

@@ -1,12 +1,28 @@
 const { get_app } = require("../helpers");
 const { UserActorType } = require("./auth/Actor");
-const { PermissionImplicator, PermissionUtil } = require("./auth/PermissionService");
+const { PermissionImplicator, PermissionUtil, PermissionRewriter } = require("./auth/PermissionService");
 const BaseService = require("./BaseService");
 
 class ProtectedAppService extends BaseService {
     async _init () {
         const svc_permission = this.services.get('permission');
 
+        svc_permission.register_rewriter(PermissionRewriter.create({
+            matcher: permission => {
+                if ( ! permission.startsWith('app:') ) return false;
+                const [_, specifier] = PermissionUtil.split(permission);
+                if ( specifier.startsWith('uid#') ) return false;
+                return true;
+            },
+            rewriter: async permission => {
+                const [_1, name, ...rest] = PermissionUtil.split(permission);
+                const app = await get_app({ name });
+                return PermissionUtil.join(
+                    _1, `uid#${app.uid}`, ...rest,
+                );
+            },
+        }));
+
         // track: object description in comment
         // Owner of procted app has implicit permission to access it
         svc_permission.register_implicator(PermissionImplicator.create({