chore(web): switched built tool, webpack to Vite

chore(release): 0.21.7 [skip ci]
## [0.21.7](https://github.com/sasjs/server/compare/v0.21.6...v0.21.7) (2022-09-30) ### Bug Fixes * csrf package is changed to pillarjs-csrf ([fe3e508](fe3e5088f8))
2025-12-10 19:34:34 +00:00 · 2022-10-02 03:23:09 +05:00 · 2022-09-30 21:44:16 +00:00 · 2022-10-01 02:39:06 +05:00 · 2022-09-30 03:07:21 +05:00 · 2022-09-29 20:33:30 +05:00
117 changed files with 8497 additions and 9397 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -5,6 +5,8 @@ node_modules/
 .env*
 sas/
 sasjs_root/
 api/mocks/custom/*
 !api/mocks/custom/.keep
 tmp/
 build/
 sasjsbuild/
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,313 @@
 ## [0.21.7](https://github.com/sasjs/server/compare/v0.21.6...v0.21.7) (2022-09-30)
 ### Bug Fixes
 * csrf package is changed to pillarjs-csrf ([fe3e508](https://github.com/sasjs/server/commit/fe3e5088f8dfff50042ec8e8aac9ba5ba1394deb))
 ## [0.21.6](https://github.com/sasjs/server/compare/v0.21.5...v0.21.6) (2022-09-23)
 ### Bug Fixes
 * in getTokensFromDB handle the scenario when tokens are expired ([40f95f9](https://github.com/sasjs/server/commit/40f95f9072c8685910138d88fd2410f8704fc975))
 ## [0.21.5](https://github.com/sasjs/server/compare/v0.21.4...v0.21.5) (2022-09-22)
 ### Bug Fixes
 * made files extensions case insensitive ([2496043](https://github.com/sasjs/server/commit/249604384e42be4c12c88c70a7dff90fc1917a8f))
 ## [0.21.4](https://github.com/sasjs/server/compare/v0.21.3...v0.21.4) (2022-09-21)
 ### Bug Fixes
 * removing single quotes from _program value ([a0e7875](https://github.com/sasjs/server/commit/a0e7875ae61cbb6e7d3995d2e36e7300b0daec86))
 ## [0.21.3](https://github.com/sasjs/server/compare/v0.21.2...v0.21.3) (2022-09-21)
 ### Bug Fixes
 * return same tokens if not expired ([330c020](https://github.com/sasjs/server/commit/330c020933f1080261b38f07d6b627f6d7c62446))
 ## [0.21.2](https://github.com/sasjs/server/compare/v0.21.1...v0.21.2) (2022-09-20)
 ### Bug Fixes
 * default content-type for sas programs should be text/plain ([9977c9d](https://github.com/sasjs/server/commit/9977c9d161947b11d45ab2513f99a5320a3f5a06))
 * **studio:** inject program path to code before sending for execution ([edc2e2a](https://github.com/sasjs/server/commit/edc2e2a302ccea4985f3d6b83ef8c23620ab82b6))
 ## [0.21.1](https://github.com/sasjs/server/compare/v0.21.0...v0.21.1) (2022-09-19)
 ### Bug Fixes
 * SASJS_WEBOUT_HEADERS path for windows ([0749d65](https://github.com/sasjs/server/commit/0749d65173e8cfe9a93464711b7be1e123c289ff))
 # [0.21.0](https://github.com/sasjs/server/compare/v0.20.0...v0.21.0) (2022-09-19)
 ### Features
 * sas9 mocker improved - public access denied scenario ([06d3b17](https://github.com/sasjs/server/commit/06d3b1715432ea245ee755ae1dfd0579d3eb30e9))
 # [0.20.0](https://github.com/sasjs/server/compare/v0.19.0...v0.20.0) (2022-09-16)
 ### Features
 * add support for R stored programs ([d6651bb](https://github.com/sasjs/server/commit/d6651bbdbeee5067f53c36e69a0eefa973c523b6))
 # [0.19.0](https://github.com/sasjs/server/compare/v0.18.0...v0.19.0) (2022-09-05)
 ### Features
 * added mocking endpoints ([0a0ba2c](https://github.com/sasjs/server/commit/0a0ba2cca5db867de46fb2486d856a84ec68d3b4))
 # [0.18.0](https://github.com/sasjs/server/compare/v0.17.5...v0.18.0) (2022-09-02)
 ### Features
 * add option for program launch in context menu ([ee2db27](https://github.com/sasjs/server/commit/ee2db276bb0bbd522f758e0b66f7e7b2f4afd9d5))
 ## [0.17.5](https://github.com/sasjs/server/compare/v0.17.4...v0.17.5) (2022-09-02)
 ### Bug Fixes
 * SASINITIALFOLDER split over 2 params, closes [#271](https://github.com/sasjs/server/issues/271) ([393b5ea](https://github.com/sasjs/server/commit/393b5eaf990049c39eecf2b9e8dd21a001b6e298))
 ## [0.17.4](https://github.com/sasjs/server/compare/v0.17.3...v0.17.4) (2022-09-01)
 ### Bug Fixes
 * invalid JS logic ([9f06080](https://github.com/sasjs/server/commit/9f06080348aed076f8188a26fb4890d38a5a3510))
 ## [0.17.3](https://github.com/sasjs/server/compare/v0.17.2...v0.17.3) (2022-09-01)
 ### Bug Fixes
 * making SASINITIALFOLDER option windows only.  Closes [#267](https://github.com/sasjs/server/issues/267) ([e63271a](https://github.com/sasjs/server/commit/e63271a67a0deb3059a5f2bec1854efee5a6e5a5))
 ## [0.17.2](https://github.com/sasjs/server/compare/v0.17.1...v0.17.2) (2022-08-31)
 ### Bug Fixes
 * addition of SASINITIALFOLDER startup option.  Closes [#260](https://github.com/sasjs/server/issues/260) ([a5ee2f2](https://github.com/sasjs/server/commit/a5ee2f292384f90e9d95d003d652311c0d91a7a7))
 ## [0.17.1](https://github.com/sasjs/server/compare/v0.17.0...v0.17.1) (2022-08-30)
 ### Bug Fixes
 * typo mistake ([ee17d37](https://github.com/sasjs/server/commit/ee17d37aa188b0ca43cea0e89d6cd1a566b765cb))
 # [0.17.0](https://github.com/sasjs/server/compare/v0.16.1...v0.17.0) (2022-08-25)
 ### Bug Fixes
 * allow underscores in file name ([bce83cb](https://github.com/sasjs/server/commit/bce83cb6fbc98f8198564c9399821f5829acc767))
 ### Features
 * add the functionality of saving file by ctrl + s in editor ([3a3c90d](https://github.com/sasjs/server/commit/3a3c90d9e690ac5267bf1acc834b5b5c5b4dadb6))
 ## [0.16.1](https://github.com/sasjs/server/compare/v0.16.0...v0.16.1) (2022-08-24)
 ### Bug Fixes
 * update response of /SASjsApi/stp/execute and /SASjsApi/code/execute ([98ea2ac](https://github.com/sasjs/server/commit/98ea2ac9b98631605e39e5900e533727ea0e3d85))
 # [0.16.0](https://github.com/sasjs/server/compare/v0.15.3...v0.16.0) (2022-08-17)
 ### Bug Fixes
 * add a new variable _SASJS_WEBOUT_HEADERS to code.js and code.py ([882bedd](https://github.com/sasjs/server/commit/882bedd5d5da22de6ed45c03d0a261aadfb3a33c))
 * update content for code.sas file ([02e88ae](https://github.com/sasjs/server/commit/02e88ae7280d020a753bc2c095a931c79ac392d1))
 * update default content type for python and js runtimes ([8780b80](https://github.com/sasjs/server/commit/8780b800a34aa618631821e5d97e26e8b0f15806))
 ### Features
 * implement the logic for running python stored programs ([b06993a](https://github.com/sasjs/server/commit/b06993ab9ea24b28d9e553763187387685aaa666))
 ## [0.15.3](https://github.com/sasjs/server/compare/v0.15.2...v0.15.3) (2022-08-11)
 ### Bug Fixes
 * adding proc printto in precode to enable print output in log.  Closes [#253](https://github.com/sasjs/server/issues/253) ([f8bb732](https://github.com/sasjs/server/commit/f8bb7327a8a4649ac77bb6237e31cea075d46bb9))
 ## [0.15.2](https://github.com/sasjs/server/compare/v0.15.1...v0.15.2) (2022-08-10)
 ### Bug Fixes
 * remove vulnerabitities ([f27ac51](https://github.com/sasjs/server/commit/f27ac51fc4beb21070d0ab551cfdaec1f6ba39e0))
 ## [0.15.1](https://github.com/sasjs/server/compare/v0.15.0...v0.15.1) (2022-08-10)
 ### Bug Fixes
 * **web:** fix UI responsiveness ([d99fdd1](https://github.com/sasjs/server/commit/d99fdd1ec7991b94a0d98338d7a7a6216f46ce45))
 # [0.15.0](https://github.com/sasjs/server/compare/v0.14.1...v0.15.0) (2022-08-05)
 ### Bug Fixes
 * after selecting file in sidebar collapse sidebar in mobile view ([e215958](https://github.com/sasjs/server/commit/e215958b8b05d7a8ce9d82395e0640b5b37fb40d))
 * improve mobile view for studio page ([c67d3ee](https://github.com/sasjs/server/commit/c67d3ee2f102155e2e9781e13d5d33c1ab227cb4))
 * improve responsiveness for mobile view ([6ef40b9](https://github.com/sasjs/server/commit/6ef40b954a87ebb0a2621119064f38d58ea85148))
 * improve user experience for adding permissions ([7a162ed](https://github.com/sasjs/server/commit/7a162eda8fc60383ff647d93e6611799e2e6af7a))
 * show logout button only when user is logged in ([9227cd4](https://github.com/sasjs/server/commit/9227cd449dc46fd960a488eb281804a9b9ffc284))
 ### Features
 * add multiple permission for same combination of type and principal at once ([754704b](https://github.com/sasjs/server/commit/754704bca89ecbdbcc3bd4ef04b94124c4f24167))
 ## [0.14.1](https://github.com/sasjs/server/compare/v0.14.0...v0.14.1) (2022-08-04)
 ### Bug Fixes
 * **apps:** App Stream logo fix ([87c03c5](https://github.com/sasjs/server/commit/87c03c5f8dbdfc151d4ff3722ecbcd3f7e409aea))
 * **cookie:** XSRF cookie is removed and passed token in head section ([77f8d30](https://github.com/sasjs/server/commit/77f8d30baf9b1077279c29f1c3e5ca02a5436bc0))
 * **env:** check added for not providing WHITELIST ([5966016](https://github.com/sasjs/server/commit/5966016853369146b27ac5781808cb51d65c887f))
 * **web:** show login on logged-out state ([f7fcc77](https://github.com/sasjs/server/commit/f7fcc7741aa2af93a4a2b1e651003704c9bbff0c))
 # [0.14.0](https://github.com/sasjs/server/compare/v0.13.3...v0.14.0) (2022-08-02)
 ### Bug Fixes
 * add restriction on  add/remove user to public group ([d3a516c](https://github.com/sasjs/server/commit/d3a516c36e45aa1cc76c30c744e6a0e5bd553165))
 * call jwt.verify in synchronous way ([254bc07](https://github.com/sasjs/server/commit/254bc07da744a9708109bfb792be70aa3f6284f4))
 ### Features
 * add public group to DB on seed ([c3e3bef](https://github.com/sasjs/server/commit/c3e3befc17102ee1754e1403193040b4f79fb2a7))
 * bypass authentication when route is enabled for public group ([68515f9](https://github.com/sasjs/server/commit/68515f95a65d422e29c0ed6028f3ea0ae8d9b1bf))
 ## [0.13.3](https://github.com/sasjs/server/compare/v0.13.2...v0.13.3) (2022-08-02)
 ### Bug Fixes
 * show non-admin user his own permissions only ([8a3054e](https://github.com/sasjs/server/commit/8a3054e19ade82e2792cfb0f2a8af9e502c5eb52))
 * update schema of Permission ([5d5a9d3](https://github.com/sasjs/server/commit/5d5a9d3788281d75c56f68f0dff231abc9c9c275))
 ## [0.13.2](https://github.com/sasjs/server/compare/v0.13.1...v0.13.2) (2022-08-01)
 ### Bug Fixes
 * adding ls=max to reduce log size and improve readability ([916947d](https://github.com/sasjs/server/commit/916947dffacd902ff23ac3e899d1bf5ab6238b75))
 ## [0.13.1](https://github.com/sasjs/server/compare/v0.13.0...v0.13.1) (2022-07-31)
 ### Bug Fixes
 * adding options to prevent unwanted windows on windows.  Closes [#244](https://github.com/sasjs/server/issues/244) ([77db14c](https://github.com/sasjs/server/commit/77db14c690e18145d733ac2b0d646ab0dbe4d521))
 # [0.13.0](https://github.com/sasjs/server/compare/v0.12.1...v0.13.0) (2022-07-28)
 ### Bug Fixes
 * autofocus input field and submit on enter ([7681722](https://github.com/sasjs/server/commit/7681722e5afdc2df0c9eed201b05add3beda92a7))
 * move api button to user menu ([8de032b](https://github.com/sasjs/server/commit/8de032b5431b47daabcf783c47ff078bf817247d))
 ### Features
 * add action and command to editor ([706e228](https://github.com/sasjs/server/commit/706e228a8e1924786fd9dc97de387974eda504b1))
 ## [0.12.1](https://github.com/sasjs/server/compare/v0.12.0...v0.12.1) (2022-07-26)
 ### Bug Fixes
 * **web:** disable launch icon button when file content is not saved ([c574b42](https://github.com/sasjs/server/commit/c574b4223591c4a6cd3ef5e146ce99cd8f7c9190))
 * **web:** saveAs functionality fixed in studio page ([3c987c6](https://github.com/sasjs/server/commit/3c987c61ddc258f991e2bf38c1f16a0c4248d6ae))
 * **web:** show original name as default name in rename file/folder modal ([9640f65](https://github.com/sasjs/server/commit/9640f6526496f3564664ccb1f834d0f659dcad4e))
 * **web:** webout tab item fixed in studio page ([7cdffe3](https://github.com/sasjs/server/commit/7cdffe30e36e5cad0284f48ea97925958e12704c))
 * **web:** when no file is selected save the editor content to local storage ([3b1fcb9](https://github.com/sasjs/server/commit/3b1fcb937d06d02ab99c9e8dbe307012d48a7a3a))
 # [0.12.0](https://github.com/sasjs/server/compare/v0.11.5...v0.12.0) (2022-07-26)
 ### Bug Fixes
 * fileTree api response to include an additional attribute isFolder ([0f19384](https://github.com/sasjs/server/commit/0f193849994f1ac8a071afa8f10af5b46f86663d))
 * remove drive component ([06d7c91](https://github.com/sasjs/server/commit/06d7c91fc34620a954df1fd1c682eff370f79ca6))
 ### Features
 * add api end point for delete folder ([08e0c61](https://github.com/sasjs/server/commit/08e0c61e0fd7041d6cded6f4d71fbb410e5615ce))
 * add sidebar(drive) to left of studio ([6c35412](https://github.com/sasjs/server/commit/6c35412d2f5180d4e49b12e616576d8b8dacb7d8))
 * created api endpoint for adding empty folder in drive ([941917e](https://github.com/sasjs/server/commit/941917e508ece5009135f9dddf99775dd4002f78))
 * implemented api for renaming file/folder ([fdcaba9](https://github.com/sasjs/server/commit/fdcaba9d56cddea5d56d7de5a172f1bb49be3db5))
 * implemented delete file/folder functionality ([177675b](https://github.com/sasjs/server/commit/177675bc897416f7994dd849dc7bb11ba072efe9))
 * implemented functionality for adding file/folder from sidebar context menu ([0ce94a5](https://github.com/sasjs/server/commit/0ce94a553e53bfcdbd6273b26b322095a080a341))
 * implemented the functionality for renaming file/folder from context menu ([7010a6a](https://github.com/sasjs/server/commit/7010a6a1201720d0eb4093267a344fb828b90a2f))
 * prevent user from leaving studio page when there are unsaved changes ([6c75502](https://github.com/sasjs/server/commit/6c7550286b5f505e9dfe8ca63c62fa1db1b60b2e))
 * **web:** add difference view editor in studio ([420a61a](https://github.com/sasjs/server/commit/420a61a5a6b11dcb5eb0a652ea9cecea5c3bee5f))
 ## [0.11.5](https://github.com/sasjs/server/compare/v0.11.4...v0.11.5) (2022-07-19)
 ### Bug Fixes
 * Revert "fix(security): missing cookie flags are added" ([ce5218a](https://github.com/sasjs/server/commit/ce5218a2278cc750f2b1032024685dc6cd72f796))
 ## [0.11.4](https://github.com/sasjs/server/compare/v0.11.3...v0.11.4) (2022-07-19)
 ### Bug Fixes
 * **security:** missing cookie flags are added ([526402f](https://github.com/sasjs/server/commit/526402fd73407ee4fa2d31092111a7e6a1741487))
 ## [0.11.3](https://github.com/sasjs/server/compare/v0.11.2...v0.11.3) (2022-07-19)
 ### Bug Fixes
 * filePath fix in code.js file for windows ([2995121](https://github.com/sasjs/server/commit/299512135d77c2ac9e34853cf35aee6f2e1d4da4))
 ## [0.11.2](https://github.com/sasjs/server/compare/v0.11.1...v0.11.2) (2022-07-18)
 ### Bug Fixes
 * apply icon option only for sas.exe ([d2ddd8a](https://github.com/sasjs/server/commit/d2ddd8aacadfdd143026881f2c6ae8c6b277610a))
 ## [0.11.1](https://github.com/sasjs/server/compare/v0.11.0...v0.11.1) (2022-07-18)
 ### Bug Fixes
 * bank operator ([aa02741](https://github.com/sasjs/server/commit/aa027414ed3ce51f1014ef36c4191e064b2e963d))
 * ensuring nosplash option only applies for sas.exe ([65e6de9](https://github.com/sasjs/server/commit/65e6de966383fe49a919b1f901d77c7f1e402c9b)), closes [#229](https://github.com/sasjs/server/issues/229)
 # [0.11.0](https://github.com/sasjs/server/compare/v0.10.0...v0.11.0) (2022-07-16)
--- a/README.md
+++ b/README.md
@@ -64,12 +64,30 @@ Example contents of a `.env` file:
 # Server mode is multi-user and suitable for intranet / internet use
 MODE=
 # A comma separated string that defines the available runTimes.
 # Priority is given to the runtime that comes first in the string.
 # Possible options at the moment are sas, js, py and r
 # This string sets the priority of the available analytic runtimes
 # Valid runtimes are SAS (sas), JavaScript (js), Python (py) and R (r)
 # For each option provided, there should be a corresponding path,
 # eg SAS_PATH, NODE_PATH, PYTHON_PATH or RSCRIPT_PATH
 # Priority is given to runtimes earlier in the string
 # Example options:  [sas,js,py | js,py | sas | sas,js | r | sas,r]
 RUN_TIMES=
 # Path to SAS executable (sas.exe / sas.sh)
 SAS_PATH=/path/to/sas/executable.exe
 # Path to Node.js executable
 NODE_PATH=~/.nvm/versions/node/v16.14.0/bin/node
 # Path to Python executable
 PYTHON_PATH=/usr/bin/python
 # Path to R executable
 R_PATH=/usr/bin/Rscript
 # Path to working directory
 # This location is for SAS WORK, staged files, DRIVE, configuration etc
 SASJS_ROOT=./sasjs_root
@@ -81,6 +99,9 @@ PROTOCOL=
 # default: 5000
 PORT=
 # options: [sas9|sasviya]
 # If not present, mocking function is disabled
 MOCK_SERVERTYPE=
 #
 ## Additional SAS Options
@@ -139,13 +160,6 @@ LOG_FORMAT_MORGAN=
 # This location is for server logs with classical UNIX logrotate behavior
 LOG_LOCATION=./sasjs_root/logs
 # A comma separated string that defines the available runTimes.
 # Priority is given to the runtime that comes first in the string.
 # Possible options at the moment are sas and js
 # options: [sas,js|js,sas|sas|js] default:sas
 RUN_TIMES=
 ```
 ## Persisting the Session
--- a/api/.env.example
+++ b/api/.env.example
@@ -14,9 +14,11 @@ HELMET_COEP=[true|false] if omitted HELMET default will be used
 DB_CONNECT=mongodb+srv://<DB_USERNAME>:<DB_PASSWORD>@<CLUSTER>/<DB_NAME>?retryWrites=true&w=majority
-RUN_TIMES=[sas|js|sas,js|js,sas] default considered as sas
+RUN_TIMES=[sas,js,py | js,py | sas | sas,js] default considered as sas
 SAS_PATH=/opt/sas/sas9/SASHome/SASFoundation/9.4/sas
 NODE_PATH=~/.nvm/versions/node/v16.14.0/bin/node
 PYTHON_PATH=/usr/bin/python
 R_PATH=/usr/bin/Rscript
 SASJS_ROOT=./sasjs_root
--- a/api/mocks/custom/.keep
+++ b/api/mocks/custom/.keep
--- a/api/mocks/generic/sas9/logged-in
+++ b/api/mocks/generic/sas9/logged-in
@@ -0,0 +1 @@
 You have signed in.
--- a/api/mocks/generic/sas9/logged-out
+++ b/api/mocks/generic/sas9/logged-out
@@ -0,0 +1 @@
 You have signed out.
--- a/api/mocks/generic/sas9/login
+++ b/api/mocks/generic/sas9/login
@@ -0,0 +1,30 @@
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" dir="ltr" class="bg">
 <head>
  <meta charset="UTF-8" />
  <meta name="viewport" content="initial-scale=1" />
 </head>
 <div class="content">
  <form id="credentials" class="minimal" action="/SASLogon/login?service=http%3A%2F%2Flocalhost:5004%2FSASStoredProcess%2Fj_spring_cas_security_check" method="post">
    <!--form container-->
    <input type="hidden" name="lt" value="LT-8-WGkt9EXwICBihaVbxGc92opjufTK1D" aria-hidden="true" />
    <input type="hidden" name="execution" value="e2s1" aria-hidden="true" />
    <input type="hidden" name="_eventId" value="submit" aria-hidden="true" />
    <span class="userid">
      <input id="username" name="username" tabindex="3" aria-labelledby="username1 message1 message2 message3" name="username" placeholder="User ID" type="text" autofocus="true" value="" maxlength="500" autocomplete="off" />
    </span>
    <span class="password">
      <input id="password" name="password" tabindex="4" name="password" placeholder="Password" type="password" value="" maxlength="500" autocomplete="off" />
    </span>
    <button type="submit" class="btn-submit" title="Sign In" tabindex="5" onClick="this.disabled=true;setSubmitUrl(this.form);this.form.submit();return false;">Sign In</button>
  </form>
 </div>
 </html>
--- a/api/mocks/generic/sas9/public-access-denied
+++ b/api/mocks/generic/sas9/public-access-denied
@@ -0,0 +1 @@
 Public access has been denied.
--- a/api/mocks/generic/sas9/sas-stored-process
+++ b/api/mocks/generic/sas9/sas-stored-process
@@ -0,0 +1 @@
 "title": "Log Off SAS Demo User"
--- a/api/package-lock.json
+++ b/api/package-lock.json
@@ -9,12 +9,11 @@
      "version": "0.0.2",
      "dependencies": {
        "@sasjs/core": "^4.31.3",
-        "@sasjs/utils": "2.42.1",
+        "@sasjs/utils": "2.48.1",
        "bcryptjs": "^2.4.3",
        "connect-mongo": "^4.6.0",
        "cookie-parser": "^1.4.6",
        "cors": "^2.8.5",
        "csurf": "^1.11.0",
        "express": "^4.17.1",
        "express-session": "^1.17.2",
        "helmet": "^5.0.2",
@@ -23,7 +22,7 @@
        "mongoose": "^6.0.12",
        "mongoose-sequence": "^5.3.1",
        "morgan": "^1.10.0",
-        "multer": "^1.4.3",
+        "multer": "^1.4.5-lts.1",
        "rotating-file-stream": "^3.0.4",
        "swagger-ui-express": "4.3.0",
        "unzipper": "^0.10.11",
@@ -37,7 +36,6 @@
        "@types/bcryptjs": "^2.4.2",
        "@types/cookie-parser": "^1.4.2",
        "@types/cors": "^2.8.12",
        "@types/csurf": "^1.11.2",
        "@types/express": "^4.17.12",
        "@types/express-session": "^1.17.4",
        "@types/jest": "^26.0.24",
@@ -50,6 +48,7 @@
        "@types/swagger-ui-express": "^4.1.3",
        "@types/unzipper": "^0.10.5",
        "adm-zip": "^0.5.9",
        "csrf": "^3.1.0",
        "dotenv": "^10.0.0",
        "http-headers-validation": "^0.0.1",
        "jest": "^27.0.6",
@@ -1396,9 +1395,9 @@
      "integrity": "sha512-TpVqWl5bqp3JTQjIg0r4WiQg7Ima5f17eAJILJbdYDdXsnLXlA/Csbb95G7eDPhzWpM3C0NrzKek3yvCMGzXIA=="
    },
    "node_modules/@sasjs/utils": {
-      "version": "2.42.1",
+      "version": "2.48.1",
-      "resolved": "https://registry.npmjs.org/@sasjs/utils/-/utils-2.42.1.tgz",
+      "resolved": "https://registry.npmjs.org/@sasjs/utils/-/utils-2.48.1.tgz",
-      "integrity": "sha512-DzHNYjeoj2eUkwV7Sa4eHCKRoTrYaQ6eyv6c1U5qOYXwVdZpMoYA3HFsHj55UcMOn2U3CXI5nrR7PZlUmVwVbQ==",
+      "integrity": "sha512-Eu9p66JKLeTj0KK3kfY7YLQYq+MDMS1Q1/FOFfRe9hV23mFsuzierVMrnEYGK0JaHOogdHLmwzg6iVLDT8Jssg==",
      "hasInstallScript": true,
      "dependencies": {
        "@types/fs-extra": "9.0.13",
@@ -1833,15 +1832,6 @@
      "integrity": "sha512-vt+kDhq/M2ayberEtJcIN/hxXy1Pk+59g2FV/ZQceeaTyCtCucjL2Q7FXlFjtWn4n15KCr1NE2lNNFhp0lEThw==",
      "dev": true
    },
    "node_modules/@types/csurf": {
      "version": "1.11.2",
      "resolved": "https://registry.npmjs.org/@types/csurf/-/csurf-1.11.2.tgz",
      "integrity": "sha512-9bc98EnwmC1S0aSJiA8rWwXtgXtXHHOQOsGHptImxFgqm6CeH+mIOunHRg6+/eg2tlmDMX3tY7XrWxo2M/nUNQ==",
      "dev": true,
      "dependencies": {
        "@types/express-serve-static-core": "*"
      }
    },
    "node_modules/@types/express": {
      "version": "4.17.12",
      "resolved": "https://registry.npmjs.org/@types/express/-/express-4.17.12.tgz",
@@ -2184,9 +2174,9 @@
      "integrity": "sha512-XAahCdThVuCFDQLT7R7Pk/vqeObFNL3YqRyFZg+AqAP/W1/w3xHaIxuW7WszQqTbIBOPRcItYJIou3i/mppu3Q=="
    },
    "node_modules/@types/whatwg-url": {
-      "version": "8.2.1",
+      "version": "8.2.2",
-      "resolved": "https://registry.npmjs.org/@types/whatwg-url/-/whatwg-url-8.2.1.tgz",
+      "resolved": "https://registry.npmjs.org/@types/whatwg-url/-/whatwg-url-8.2.2.tgz",
-      "integrity": "sha512-2YubE1sjj5ifxievI5Ge1sckb9k/Er66HyR2c+3+I6VDUUg1TLPdYYTEbQ+DjRkS4nTxMJhgWfSfMRD2sl2EYQ==",
+      "integrity": "sha512-FtQu10RWgn3D9U4aazdwIE2yzphmTJREDqNdODHrbrZmmMqI0vMheC/6NE/J1Yveaj8H+ela+YwWTjq5PGmuhA==",
      "dependencies": {
        "@types/node": "*",
        "@types/webidl-conversions": "*"
@@ -2834,9 +2824,9 @@
      }
    },
    "node_modules/bson": {
-      "version": "4.5.4",
+      "version": "4.6.5",
-      "resolved": "https://registry.npmjs.org/bson/-/bson-4.5.4.tgz",
+      "resolved": "https://registry.npmjs.org/bson/-/bson-4.6.5.tgz",
-      "integrity": "sha512-wIt0bPACnx8Ju9r6IsS2wVtGDHBr9Dxb+U29A1YED2pu8XOhS8aKjOnLZ8sxyXkPwanoK7iWWVhS1+coxde6xA==",
+      "integrity": "sha512-uqrgcjyOaZsHfz7ea8zLRCLe1u+QGUSzMZmvXqO24CDW7DWoW1qiN9folSwa7hSneTSgM2ykDIzF5kcQQ8cwNw==",
      "dependencies": {
        "buffer": "^5.6.0"
      },
@@ -2903,38 +2893,16 @@
      }
    },
    "node_modules/busboy": {
-      "version": "0.2.14",
+      "version": "1.6.0",
-      "resolved": "https://registry.npmjs.org/busboy/-/busboy-0.2.14.tgz",
+      "resolved": "https://registry.npmjs.org/busboy/-/busboy-1.6.0.tgz",
-      "integrity": "sha512-InWFDomvlkEj+xWLBfU3AvnbVYqeTWmQopiW0tWWEy5yehYm2YkGEc59sUmw/4ty5Zj/b0WHGs1LgecuBSBGrg==",
+      "integrity": "sha512-8SFQbg/0hQ9xy3UNTB0YEnsNBbWfhf7RtnzpL7TkBiTBRfrQ9Fxcnz7VJsleJpyp6rVLvXiuORqjlHi5q+PYuA==",
      "dependencies": {
-        "dicer": "0.2.5",
+        "streamsearch": "^1.1.0"
        "readable-stream": "1.1.x"
      },
      "engines": {
-        "node": ">=0.8.0"
+        "node": ">=10.16.0"
      }
    },
    "node_modules/busboy/node_modules/isarray": {
      "version": "0.0.1",
      "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz",
      "integrity": "sha1-ihis/Kmo9Bd+Cav8YDiTmwXR7t8="
    },
    "node_modules/busboy/node_modules/readable-stream": {
      "version": "1.1.14",
      "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-1.1.14.tgz",
      "integrity": "sha1-fPTFTvZI44EwhMY23SB54WbAgdk=",
      "dependencies": {
        "core-util-is": "~1.0.0",
        "inherits": "~2.0.1",
        "isarray": "0.0.1",
        "string_decoder": "~0.10.x"
      }
    },
    "node_modules/busboy/node_modules/string_decoder": {
      "version": "0.10.31",
      "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz",
      "integrity": "sha1-YuIDvEF2bGwoyfyEMB2rHFMQ+pQ="
    },
    "node_modules/bytes": {
      "version": "3.1.0",
      "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.0.tgz",
@@ -3358,6 +3326,7 @@
      "version": "3.1.0",
      "resolved": "https://registry.npmjs.org/csrf/-/csrf-3.1.0.tgz",
      "integrity": "sha512-uTqEnCvWRk042asU6JtapDTcJeeailFy4ydOQS28bj1hcLnYRiqi8SsD2jS412AY1I/4qdOwWZun774iqywf9w==",
      "dev": true,
      "dependencies": {
        "rndm": "1.2.0",
        "tsscmp": "1.0.6",
@@ -3391,40 +3360,6 @@
      "integrity": "sha512-b0tGHbfegbhPJpxpiBPU2sCkigAqtM9O121le6bbOlgyV+NyGyCmVfJ6QW9eRjz8CpNfWEOYBIMIGRYkLwsIYg==",
      "dev": true
    },
    "node_modules/csurf": {
      "version": "1.11.0",
      "resolved": "https://registry.npmjs.org/csurf/-/csurf-1.11.0.tgz",
      "integrity": "sha512-UCtehyEExKTxgiu8UHdGvHj4tnpE/Qctue03Giq5gPgMQ9cg/ciod5blZQ5a4uCEenNQjxyGuzygLdKUmee/bQ==",
      "dependencies": {
        "cookie": "0.4.0",
        "cookie-signature": "1.0.6",
        "csrf": "3.1.0",
        "http-errors": "~1.7.3"
      },
      "engines": {
        "node": ">= 0.8.0"
      }
    },
    "node_modules/csurf/node_modules/http-errors": {
      "version": "1.7.3",
      "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.7.3.tgz",
      "integrity": "sha512-ZTTX0MWrsQ2ZAhA1cejAwDLycFsd7I7nVtnkT3Ol0aqodaKW+0CTZDQ1uBv5whptCnc8e8HeRRJxRs0kmm/Qfw==",
      "dependencies": {
        "depd": "~1.1.2",
        "inherits": "2.0.4",
        "setprototypeof": "1.1.1",
        "statuses": ">= 1.5.0 < 2",
        "toidentifier": "1.0.0"
      },
      "engines": {
        "node": ">= 0.6"
      }
    },
    "node_modules/csurf/node_modules/inherits": {
      "version": "2.0.4",
      "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
      "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ=="
    },
    "node_modules/csv-stringify": {
      "version": "5.6.5",
      "resolved": "https://registry.npmjs.org/csv-stringify/-/csv-stringify-5.6.5.tgz",
@@ -3566,39 +3501,6 @@
        "node": ">=8"
      }
    },
    "node_modules/dicer": {
      "version": "0.2.5",
      "resolved": "https://registry.npmjs.org/dicer/-/dicer-0.2.5.tgz",
      "integrity": "sha512-FDvbtnq7dzlPz0wyYlOExifDEZcu8h+rErEXgfxqmLfRfC/kJidEFh4+effJRO3P0xmfqyPbSMG0LveNRfTKVg==",
      "dependencies": {
        "readable-stream": "1.1.x",
        "streamsearch": "0.1.2"
      },
      "engines": {
        "node": ">=0.8.0"
      }
    },
    "node_modules/dicer/node_modules/isarray": {
      "version": "0.0.1",
      "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz",
      "integrity": "sha1-ihis/Kmo9Bd+Cav8YDiTmwXR7t8="
    },
    "node_modules/dicer/node_modules/readable-stream": {
      "version": "1.1.14",
      "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-1.1.14.tgz",
      "integrity": "sha1-fPTFTvZI44EwhMY23SB54WbAgdk=",
      "dependencies": {
        "core-util-is": "~1.0.0",
        "inherits": "~2.0.1",
        "isarray": "0.0.1",
        "string_decoder": "~0.10.x"
      }
    },
    "node_modules/dicer/node_modules/string_decoder": {
      "version": "0.10.31",
      "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz",
      "integrity": "sha1-YuIDvEF2bGwoyfyEMB2rHFMQ+pQ="
    },
    "node_modules/diff": {
      "version": "4.0.2",
      "resolved": "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz",
@@ -4946,6 +4848,11 @@
        "url": "https://github.com/sponsors/sindresorhus"
      }
    },
    "node_modules/ip": {
      "version": "2.0.0",
      "resolved": "https://registry.npmjs.org/ip/-/ip-2.0.0.tgz",
      "integrity": "sha512-WKa+XuLG1A1R0UWhl2+1XQSi+fZWMsYKffMZTTYsiZaUD8k2yDAj5atimTUD2TZkyCkNEeYE5NhFZmupOGtjYQ=="
    },
    "node_modules/ipaddr.js": {
      "version": "1.9.1",
      "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz",
@@ -6788,9 +6695,9 @@
      "integrity": "sha512-UfpWE/VZn0iP50d8cz9NrZLM9lSWhcJ+0Gt/nm4by88UL+J1SiKN8/5dkjMmbEzwL2CAe+67GsegCbIKtbp75A=="
    },
    "node_modules/kareem": {
-      "version": "2.3.2",
+      "version": "2.4.1",
-      "resolved": "https://registry.npmjs.org/kareem/-/kareem-2.3.2.tgz",
+      "resolved": "https://registry.npmjs.org/kareem/-/kareem-2.4.1.tgz",
-      "integrity": "sha512-STHz9P7X2L4Kwn72fA4rGyqyXdmrMSdxqHx9IXon/FXluXieaFA6KJ2upcHAHxQPQ0LeM/OjLrhFxifHewOALQ=="
+      "integrity": "sha512-aJ9opVoXroQUPfovYP5kaj2lM7Jn02Gw13bL0lg9v0V7SaUc0qavPs0Eue7d2DcC3NjqI6QAUElXNsuZSeM+EA=="
    },
    "node_modules/kleur": {
      "version": "3.0.3",
@@ -7093,13 +7000,14 @@
      "dev": true
    },
    "node_modules/mongodb": {
-      "version": "4.1.4",
+      "version": "4.8.1",
-      "resolved": "https://registry.npmjs.org/mongodb/-/mongodb-4.1.4.tgz",
+      "resolved": "https://registry.npmjs.org/mongodb/-/mongodb-4.8.1.tgz",
-      "integrity": "sha512-Cv/sk8on/tpvvqbEvR1h03mdyNdyvvO+WhtFlL4jrZ+DSsN/oSQHVqmJQI/sBCqqbOArFcYCAYDfyzqFwV4GSQ==",
+      "integrity": "sha512-/NyiM3Ox9AwP5zrfT9TXjRKDJbXlLaUDQ9Rg//2lbg8D2A8GXV0VidYYnA/gfdK6uwbnL4FnAflH7FbGw3TS7w==",
      "dependencies": {
-        "bson": "^4.5.4",
+        "bson": "^4.6.5",
        "denque": "^2.0.1",
-        "mongodb-connection-string-url": "^2.1.0"
+        "mongodb-connection-string-url": "^2.5.2",
        "socks": "^2.6.2"
      },
      "engines": {
        "node": ">=12.9.0"
@@ -7109,21 +7017,40 @@
      }
    },
    "node_modules/mongodb-connection-string-url": {
-      "version": "2.1.0",
+      "version": "2.5.3",
-      "resolved": "https://registry.npmjs.org/mongodb-connection-string-url/-/mongodb-connection-string-url-2.1.0.tgz",
+      "resolved": "https://registry.npmjs.org/mongodb-connection-string-url/-/mongodb-connection-string-url-2.5.3.tgz",
-      "integrity": "sha512-Qf9Zw7KGiRljWvMrrUFDdVqo46KIEiDuCzvEN97rh/PcKzk2bd6n9KuzEwBwW9xo5glwx69y1mI6s+jFUD/aIQ==",
+      "integrity": "sha512-f+/WsED+xF4B74l3k9V/XkTVj5/fxFH2o5ToKXd8Iyi5UhM+sO9u0Ape17Mvl/GkZaFtM0HQnzAG5OTmhKw+tQ==",
      "dependencies": {
        "@types/whatwg-url": "^8.2.1",
-        "whatwg-url": "^9.1.0"
+        "whatwg-url": "^11.0.0"
      }
    },
    "node_modules/mongodb-connection-string-url/node_modules/tr46": {
      "version": "3.0.0",
      "resolved": "https://registry.npmjs.org/tr46/-/tr46-3.0.0.tgz",
      "integrity": "sha512-l7FvfAHlcmulp8kr+flpQZmVwtu7nfRV7NZujtN0OqES8EL4O4e0qqzL0DC5gAvx/ZC/9lk6rhcUwYvkBnBnYA==",
      "dependencies": {
        "punycode": "^2.1.1"
      },
      "engines": {
        "node": ">=12"
      }
    },
    "node_modules/mongodb-connection-string-url/node_modules/webidl-conversions": {
      "version": "7.0.0",
      "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-7.0.0.tgz",
      "integrity": "sha512-VwddBukDzu71offAQR975unBIGqfKZpM+8ZX6ySk8nYhVoo5CYaZyzt3YBvYtRtO+aoGlqxPg/B87NGVZ/fu6g==",
      "engines": {
        "node": ">=12"
      }
    },
    "node_modules/mongodb-connection-string-url/node_modules/whatwg-url": {
-      "version": "9.1.0",
+      "version": "11.0.0",
-      "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-9.1.0.tgz",
+      "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-11.0.0.tgz",
-      "integrity": "sha512-CQ0UcrPHyomtlOCot1TL77WyMIm/bCwrJ2D6AOKGwEczU9EpyoqAokfqrf/MioU9kHcMsmJZcg1egXix2KYEsA==",
+      "integrity": "sha512-RKT8HExMpoYx4igMiVMY83lN6UeITKJlBQ+vR/8ZJ8OCdSiN3RwCq+9gH0+Xzj0+5IrM6i4j/6LuvzbZIQgEcQ==",
      "dependencies": {
-        "tr46": "^2.1.0",
+        "tr46": "^3.0.0",
-        "webidl-conversions": "^6.1.0"
+        "webidl-conversions": "^7.0.0"
      },
      "engines": {
        "node": ">=12"
@@ -7221,19 +7148,17 @@
      }
    },
    "node_modules/mongoose": {
-      "version": "6.0.12",
+      "version": "6.5.2",
-      "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-6.0.12.tgz",
+      "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-6.5.2.tgz",
-      "integrity": "sha512-BvsZk7zEEhb1AgQFLtxN9C+7qgy5edRuA3ZDDwHU+kHG/HM44vI6FdKV5m6HVdAUeCHHQTiVv+YQh8BRsToSHw==",
+      "integrity": "sha512-3CFDrSLtK2qjM1pZeZpLTUyqPRkc11Iuh74ZrwS4IwEJ3K2PqGnmyPLw7ex4Kzu37ujIMp3MAuiBlUjfrcb6hw==",
      "dependencies": {
-        "bson": "^4.2.2",
+        "bson": "^4.6.5",
-        "kareem": "2.3.2",
+        "kareem": "2.4.1",
-        "mongodb": "4.1.3",
+        "mongodb": "4.8.1",
-        "mpath": "0.8.4",
+        "mpath": "0.9.0",
-        "mquery": "4.0.0",
+        "mquery": "4.0.3",
-        "ms": "2.1.2",
+        "ms": "2.1.3",
-        "regexp-clone": "1.0.0",
+        "sift": "16.0.0"
        "sift": "13.5.2",
        "sliced": "1.0.1"
      },
      "engines": {
        "node": ">=12.0.0"
@@ -7255,26 +7180,10 @@
        "mongoose": ">=4"
      }
    },
    "node_modules/mongoose/node_modules/mongodb": {
      "version": "4.1.3",
      "resolved": "https://registry.npmjs.org/mongodb/-/mongodb-4.1.3.tgz",
      "integrity": "sha512-lHvTqODBiSpuqjpCj48DOyYWS6Iq6ElJNUiH9HWdQtONyOfjgsKzJULipWduMGsSzaNO4nFi/kmlMFCLvjox/Q==",
      "dependencies": {
        "bson": "^4.5.2",
        "denque": "^2.0.1",
        "mongodb-connection-string-url": "^2.0.0"
      },
      "engines": {
        "node": ">=12.9.0"
      },
      "optionalDependencies": {
        "saslprep": "^1.0.3"
      }
    },
    "node_modules/mongoose/node_modules/ms": {
-      "version": "2.1.2",
+      "version": "2.1.3",
-      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
-      "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w=="
+      "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="
    },
    "node_modules/morgan": {
      "version": "1.10.0",
@@ -7300,30 +7209,28 @@
      }
    },
    "node_modules/mpath": {
-      "version": "0.8.4",
+      "version": "0.9.0",
-      "resolved": "https://registry.npmjs.org/mpath/-/mpath-0.8.4.tgz",
+      "resolved": "https://registry.npmjs.org/mpath/-/mpath-0.9.0.tgz",
-      "integrity": "sha512-DTxNZomBcTWlrMW76jy1wvV37X/cNNxPW1y2Jzd4DZkAaC5ZGsm8bfGfNOthcDuRJujXLqiuS6o3Tpy0JEoh7g==",
+      "integrity": "sha512-ikJRQTk8hw5DEoFVxHG1Gn9T/xcjtdnOKIU1JTmGjZZlg9LST2mBLmcX3/ICIbgJydT2GOc15RnNy5mHmzfSew==",
      "engines": {
        "node": ">=4.0.0"
      }
    },
    "node_modules/mquery": {
-      "version": "4.0.0",
+      "version": "4.0.3",
-      "resolved": "https://registry.npmjs.org/mquery/-/mquery-4.0.0.tgz",
+      "resolved": "https://registry.npmjs.org/mquery/-/mquery-4.0.3.tgz",
-      "integrity": "sha512-nGjm89lHja+T/b8cybAby6H0YgA4qYC/lx6UlwvHGqvTq8bDaNeCwl1sY8uRELrNbVWJzIihxVd+vphGGn1vBw==",
+      "integrity": "sha512-J5heI+P08I6VJ2Ky3+33IpCdAvlYGTSUjwTPxkAr8i8EoduPMBX2OY/wa3IKZIQl7MU4SbFk8ndgSKyB/cl1zA==",
      "dependencies": {
-        "debug": "4.x",
+        "debug": "4.x"
        "regexp-clone": "^1.0.0",
        "sliced": "1.0.1"
      },
      "engines": {
        "node": ">=12.0.0"
      }
    },
    "node_modules/mquery/node_modules/debug": {
-      "version": "4.3.2",
+      "version": "4.3.4",
-      "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.2.tgz",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz",
-      "integrity": "sha512-mOp8wKcvj7XxC78zLgw/ZA+6TSgkoE2C/ienthhRD298T7UNwAg9diBpLRxC0mOezLl4B0xV7M0cCO6P/O0Xhw==",
+      "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==",
      "dependencies": {
        "ms": "2.1.2"
      },
@@ -7347,22 +7254,20 @@
      "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g="
    },
    "node_modules/multer": {
-      "version": "1.4.4",
+      "version": "1.4.5-lts.1",
-      "resolved": "https://registry.npmjs.org/multer/-/multer-1.4.4.tgz",
+      "resolved": "https://registry.npmjs.org/multer/-/multer-1.4.5-lts.1.tgz",
-      "integrity": "sha512-2wY2+xD4udX612aMqMcB8Ws2Voq6NIUPEtD1be6m411T4uDH/VtL9i//xvcyFlTVfRdaBsk7hV5tgrGQqhuBiw==",
+      "integrity": "sha512-ywPWvcDMeH+z9gQq5qYHCCy+ethsk4goepZ45GLD63fOu0YcNecQxi64nDs3qluZB+murG3/D4dJ7+dGctcCQQ==",
      "deprecated": "Multer 1.x is affected by CVE-2022-24434. This is fixed in v1.4.4-lts.1 which drops support for versions of Node.js before 6. Please upgrade to at least Node.js 6 and version 1.4.4-lts.1 of Multer. If you need support for older versions of Node.js, we are open to accepting patches that would fix the CVE on the main 1.x release line, whilst maintaining compatibility with Node.js 0.10.",
      "dependencies": {
        "append-field": "^1.0.0",
-        "busboy": "^0.2.11",
+        "busboy": "^1.0.0",
        "concat-stream": "^1.5.2",
        "mkdirp": "^0.5.4",
        "object-assign": "^4.1.1",
        "on-finished": "^2.3.0",
        "type-is": "^1.6.4",
        "xtend": "^4.0.0"
      },
      "engines": {
-        "node": ">= 0.10.0"
+        "node": ">= 6.0.0"
      }
    },
    "node_modules/multer/node_modules/mkdirp": {
@@ -8353,11 +8258,6 @@
        "node": ">=8.10.0"
      }
    },
    "node_modules/regexp-clone": {
      "version": "1.0.0",
      "resolved": "https://registry.npmjs.org/regexp-clone/-/regexp-clone-1.0.0.tgz",
      "integrity": "sha512-TuAasHQNamyyJ2hb97IuBEif4qBHGjPHBS64sZwytpLEqtBQ1gPJTnOaQ6qmpET16cK14kkjbazl6+p0RRv0yw=="
    },
    "node_modules/require-directory": {
      "version": "2.1.1",
      "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz",
@@ -8434,7 +8334,8 @@
    "node_modules/rndm": {
      "version": "1.2.0",
      "resolved": "https://registry.npmjs.org/rndm/-/rndm-1.2.0.tgz",
-      "integrity": "sha1-8z/pz7Urv9UgqhgyO8ZdsRCht2w="
+      "integrity": "sha1-8z/pz7Urv9UgqhgyO8ZdsRCht2w=",
      "dev": true
    },
    "node_modules/rotating-file-stream": {
      "version": "3.0.4",
@@ -8606,9 +8507,9 @@
      }
    },
    "node_modules/sift": {
-      "version": "13.5.2",
+      "version": "16.0.0",
-      "resolved": "https://registry.npmjs.org/sift/-/sift-13.5.2.tgz",
+      "resolved": "https://registry.npmjs.org/sift/-/sift-16.0.0.tgz",
-      "integrity": "sha512-+gxdEOMA2J+AI+fVsCqeNn7Tgx3M9ZN9jdi95939l1IJ8cZsqS8sqpJyOkic2SJk+1+98Uwryt/gL6XDaV+UZA=="
+      "integrity": "sha512-ILTjdP2Mv9V1kIxWMXeMTIRbOBrqKc4JAXmFMnFq3fKeyQ2Qwa3Dw1ubcye3vR+Y6ofA0b9gNDr/y2t6eUeIzQ=="
    },
    "node_modules/signal-exit": {
      "version": "3.0.3",
@@ -8706,10 +8607,27 @@
        "node": ">=8"
      }
    },
-    "node_modules/sliced": {
+    "node_modules/smart-buffer": {
-      "version": "1.0.1",
+      "version": "4.2.0",
-      "resolved": "https://registry.npmjs.org/sliced/-/sliced-1.0.1.tgz",
+      "resolved": "https://registry.npmjs.org/smart-buffer/-/smart-buffer-4.2.0.tgz",
-      "integrity": "sha1-CzpmK10Ewxd7GSa+qCsD+Dei70E="
+      "integrity": "sha512-94hK0Hh8rPqQl2xXc3HsaBoOXKV20MToPkcXvwbISWLEs+64sBq5kFgn2kJDHb1Pry9yrP0dxrCI9RRci7RXKg==",
      "engines": {
        "node": ">= 6.0.0",
        "npm": ">= 3.0.0"
      }
    },
    "node_modules/socks": {
      "version": "2.7.0",
      "resolved": "https://registry.npmjs.org/socks/-/socks-2.7.0.tgz",
      "integrity": "sha512-scnOe9y4VuiNUULJN72GrM26BNOjVsfPXI+j+98PkyEfsIXroa5ofyjT+FzGvn/xHs73U2JtoBYAVx9Hl4quSA==",
      "dependencies": {
        "ip": "^2.0.0",
        "smart-buffer": "^4.2.0"
      },
      "engines": {
        "node": ">= 10.13.0",
        "npm": ">= 3.0.0"
      }
    },
    "node_modules/source-map": {
      "version": "0.6.1",
@@ -8808,11 +8726,11 @@
      }
    },
    "node_modules/streamsearch": {
-      "version": "0.1.2",
+      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/streamsearch/-/streamsearch-0.1.2.tgz",
+      "resolved": "https://registry.npmjs.org/streamsearch/-/streamsearch-1.1.0.tgz",
-      "integrity": "sha1-gIudDlb8Jz2Am6VzOOkpkZoanxo=",
+      "integrity": "sha512-Mcc5wHehp9aXz1ax6bZUyY5afg9u2rv5cqQI3mRrYkGC8rW2hM02jWuwjtL++LS5qinSyhj2QfLyNsuc+VsExg==",
      "engines": {
-        "node": ">=0.8.0"
+        "node": ">=10.0.0"
      }
    },
    "node_modules/string_decoder": {
@@ -9296,6 +9214,7 @@
      "version": "2.1.0",
      "resolved": "https://registry.npmjs.org/tr46/-/tr46-2.1.0.tgz",
      "integrity": "sha512-15Ih7phfcdP5YxqiB+iDtLoaTz4Nd35+IiAv0kQ5FNKHzXgdWqPoTIqEDDJmXceQt4JZk6lVPT8lnDlPpGDppw==",
      "dev": true,
      "dependencies": {
        "punycode": "^2.1.1"
      },
@@ -9428,6 +9347,7 @@
      "version": "1.0.6",
      "resolved": "https://registry.npmjs.org/tsscmp/-/tsscmp-1.0.6.tgz",
      "integrity": "sha512-LxhtAkPDTkVCMQjt2h6eBVY28KCjikZqZfMcC15YBeNjkgUpdCfBu5HoiOTDu86v6smE8yOjyEktJ8hlbANHQA==",
      "dev": true,
      "engines": {
        "node": ">=0.6.x"
      }
@@ -9719,6 +9639,7 @@
      "version": "6.1.0",
      "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-6.1.0.tgz",
      "integrity": "sha512-qBIvFLGiBpLjfwmYAaHPXsn+ho5xZnGvyGvsarywGNc8VyQJUMHJ8OBKGGrPER0okBeMDaan4mNBlgBROxuI8w==",
      "dev": true,
      "engines": {
        "node": ">=10.4"
      }
@@ -11012,9 +10933,9 @@
      "integrity": "sha512-TpVqWl5bqp3JTQjIg0r4WiQg7Ima5f17eAJILJbdYDdXsnLXlA/Csbb95G7eDPhzWpM3C0NrzKek3yvCMGzXIA=="
    },
    "@sasjs/utils": {
-      "version": "2.42.1",
+      "version": "2.48.1",
-      "resolved": "https://registry.npmjs.org/@sasjs/utils/-/utils-2.42.1.tgz",
+      "resolved": "https://registry.npmjs.org/@sasjs/utils/-/utils-2.48.1.tgz",
-      "integrity": "sha512-DzHNYjeoj2eUkwV7Sa4eHCKRoTrYaQ6eyv6c1U5qOYXwVdZpMoYA3HFsHj55UcMOn2U3CXI5nrR7PZlUmVwVbQ==",
+      "integrity": "sha512-Eu9p66JKLeTj0KK3kfY7YLQYq+MDMS1Q1/FOFfRe9hV23mFsuzierVMrnEYGK0JaHOogdHLmwzg6iVLDT8Jssg==",
      "requires": {
        "@types/fs-extra": "9.0.13",
        "@types/prompts": "2.0.13",
@@ -11399,15 +11320,6 @@
      "integrity": "sha512-vt+kDhq/M2ayberEtJcIN/hxXy1Pk+59g2FV/ZQceeaTyCtCucjL2Q7FXlFjtWn4n15KCr1NE2lNNFhp0lEThw==",
      "dev": true
    },
    "@types/csurf": {
      "version": "1.11.2",
      "resolved": "https://registry.npmjs.org/@types/csurf/-/csurf-1.11.2.tgz",
      "integrity": "sha512-9bc98EnwmC1S0aSJiA8rWwXtgXtXHHOQOsGHptImxFgqm6CeH+mIOunHRg6+/eg2tlmDMX3tY7XrWxo2M/nUNQ==",
      "dev": true,
      "requires": {
        "@types/express-serve-static-core": "*"
      }
    },
    "@types/express": {
      "version": "4.17.12",
      "resolved": "https://registry.npmjs.org/@types/express/-/express-4.17.12.tgz",
@@ -11724,9 +11636,9 @@
      "integrity": "sha512-XAahCdThVuCFDQLT7R7Pk/vqeObFNL3YqRyFZg+AqAP/W1/w3xHaIxuW7WszQqTbIBOPRcItYJIou3i/mppu3Q=="
    },
    "@types/whatwg-url": {
-      "version": "8.2.1",
+      "version": "8.2.2",
-      "resolved": "https://registry.npmjs.org/@types/whatwg-url/-/whatwg-url-8.2.1.tgz",
+      "resolved": "https://registry.npmjs.org/@types/whatwg-url/-/whatwg-url-8.2.2.tgz",
-      "integrity": "sha512-2YubE1sjj5ifxievI5Ge1sckb9k/Er66HyR2c+3+I6VDUUg1TLPdYYTEbQ+DjRkS4nTxMJhgWfSfMRD2sl2EYQ==",
+      "integrity": "sha512-FtQu10RWgn3D9U4aazdwIE2yzphmTJREDqNdODHrbrZmmMqI0vMheC/6NE/J1Yveaj8H+ela+YwWTjq5PGmuhA==",
      "requires": {
        "@types/node": "*",
        "@types/webidl-conversions": "*"
@@ -12240,9 +12152,9 @@
      }
    },
    "bson": {
-      "version": "4.5.4",
+      "version": "4.6.5",
-      "resolved": "https://registry.npmjs.org/bson/-/bson-4.5.4.tgz",
+      "resolved": "https://registry.npmjs.org/bson/-/bson-4.6.5.tgz",
-      "integrity": "sha512-wIt0bPACnx8Ju9r6IsS2wVtGDHBr9Dxb+U29A1YED2pu8XOhS8aKjOnLZ8sxyXkPwanoK7iWWVhS1+coxde6xA==",
+      "integrity": "sha512-uqrgcjyOaZsHfz7ea8zLRCLe1u+QGUSzMZmvXqO24CDW7DWoW1qiN9folSwa7hSneTSgM2ykDIzF5kcQQ8cwNw==",
      "requires": {
        "buffer": "^5.6.0"
      }
@@ -12283,35 +12195,11 @@
      "integrity": "sha512-9q/rDEGSb/Qsvv2qvzIzdluL5k7AaJOTrw23z9reQthrbF7is4CtlT0DXyO1oei2DCp4uojjzQ7igaSHp1kAEQ=="
    },
    "busboy": {
-      "version": "0.2.14",
+      "version": "1.6.0",
-      "resolved": "https://registry.npmjs.org/busboy/-/busboy-0.2.14.tgz",
+      "resolved": "https://registry.npmjs.org/busboy/-/busboy-1.6.0.tgz",
-      "integrity": "sha512-InWFDomvlkEj+xWLBfU3AvnbVYqeTWmQopiW0tWWEy5yehYm2YkGEc59sUmw/4ty5Zj/b0WHGs1LgecuBSBGrg==",
+      "integrity": "sha512-8SFQbg/0hQ9xy3UNTB0YEnsNBbWfhf7RtnzpL7TkBiTBRfrQ9Fxcnz7VJsleJpyp6rVLvXiuORqjlHi5q+PYuA==",
      "requires": {
-        "dicer": "0.2.5",
+        "streamsearch": "^1.1.0"
        "readable-stream": "1.1.x"
      },
      "dependencies": {
        "isarray": {
          "version": "0.0.1",
          "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz",
          "integrity": "sha1-ihis/Kmo9Bd+Cav8YDiTmwXR7t8="
        },
        "readable-stream": {
          "version": "1.1.14",
          "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-1.1.14.tgz",
          "integrity": "sha1-fPTFTvZI44EwhMY23SB54WbAgdk=",
          "requires": {
            "core-util-is": "~1.0.0",
            "inherits": "~2.0.1",
            "isarray": "0.0.1",
            "string_decoder": "~0.10.x"
          }
        },
        "string_decoder": {
          "version": "0.10.31",
          "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz",
          "integrity": "sha1-YuIDvEF2bGwoyfyEMB2rHFMQ+pQ="
        }
      }
    },
    "bytes": {
@@ -12646,6 +12534,7 @@
      "version": "3.1.0",
      "resolved": "https://registry.npmjs.org/csrf/-/csrf-3.1.0.tgz",
      "integrity": "sha512-uTqEnCvWRk042asU6JtapDTcJeeailFy4ydOQS28bj1hcLnYRiqi8SsD2jS412AY1I/4qdOwWZun774iqywf9w==",
      "dev": true,
      "requires": {
        "rndm": "1.2.0",
        "tsscmp": "1.0.6",
@@ -12675,36 +12564,6 @@
        }
      }
    },
    "csurf": {
      "version": "1.11.0",
      "resolved": "https://registry.npmjs.org/csurf/-/csurf-1.11.0.tgz",
      "integrity": "sha512-UCtehyEExKTxgiu8UHdGvHj4tnpE/Qctue03Giq5gPgMQ9cg/ciod5blZQ5a4uCEenNQjxyGuzygLdKUmee/bQ==",
      "requires": {
        "cookie": "0.4.0",
        "cookie-signature": "1.0.6",
        "csrf": "3.1.0",
        "http-errors": "~1.7.3"
      },
      "dependencies": {
        "http-errors": {
          "version": "1.7.3",
          "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.7.3.tgz",
          "integrity": "sha512-ZTTX0MWrsQ2ZAhA1cejAwDLycFsd7I7nVtnkT3Ol0aqodaKW+0CTZDQ1uBv5whptCnc8e8HeRRJxRs0kmm/Qfw==",
          "requires": {
            "depd": "~1.1.2",
            "inherits": "2.0.4",
            "setprototypeof": "1.1.1",
            "statuses": ">= 1.5.0 < 2",
            "toidentifier": "1.0.0"
          }
        },
        "inherits": {
          "version": "2.0.4",
          "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
          "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ=="
        }
      }
    },
    "csv-stringify": {
      "version": "5.6.5",
      "resolved": "https://registry.npmjs.org/csv-stringify/-/csv-stringify-5.6.5.tgz",
@@ -12813,38 +12672,6 @@
      "integrity": "sha512-TLz+x/vEXm/Y7P7wn1EJFNLxYpUD4TgMosxY6fAVJUnJMbupHBOncxyWUG9OpTaH9EBD7uFI5LfEgmMOc54DsA==",
      "dev": true
    },
    "dicer": {
      "version": "0.2.5",
      "resolved": "https://registry.npmjs.org/dicer/-/dicer-0.2.5.tgz",
      "integrity": "sha512-FDvbtnq7dzlPz0wyYlOExifDEZcu8h+rErEXgfxqmLfRfC/kJidEFh4+effJRO3P0xmfqyPbSMG0LveNRfTKVg==",
      "requires": {
        "readable-stream": "1.1.x",
        "streamsearch": "0.1.2"
      },
      "dependencies": {
        "isarray": {
          "version": "0.0.1",
          "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz",
          "integrity": "sha1-ihis/Kmo9Bd+Cav8YDiTmwXR7t8="
        },
        "readable-stream": {
          "version": "1.1.14",
          "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-1.1.14.tgz",
          "integrity": "sha1-fPTFTvZI44EwhMY23SB54WbAgdk=",
          "requires": {
            "core-util-is": "~1.0.0",
            "inherits": "~2.0.1",
            "isarray": "0.0.1",
            "string_decoder": "~0.10.x"
          }
        },
        "string_decoder": {
          "version": "0.10.31",
          "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz",
          "integrity": "sha1-YuIDvEF2bGwoyfyEMB2rHFMQ+pQ="
        }
      }
    },
    "diff": {
      "version": "4.0.2",
      "resolved": "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz",
@@ -13868,6 +13695,11 @@
        "p-is-promise": "^3.0.0"
      }
    },
    "ip": {
      "version": "2.0.0",
      "resolved": "https://registry.npmjs.org/ip/-/ip-2.0.0.tgz",
      "integrity": "sha512-WKa+XuLG1A1R0UWhl2+1XQSi+fZWMsYKffMZTTYsiZaUD8k2yDAj5atimTUD2TZkyCkNEeYE5NhFZmupOGtjYQ=="
    },
    "ipaddr.js": {
      "version": "1.9.1",
      "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz",
@@ -15248,9 +15080,9 @@
      "integrity": "sha512-UfpWE/VZn0iP50d8cz9NrZLM9lSWhcJ+0Gt/nm4by88UL+J1SiKN8/5dkjMmbEzwL2CAe+67GsegCbIKtbp75A=="
    },
    "kareem": {
-      "version": "2.3.2",
+      "version": "2.4.1",
-      "resolved": "https://registry.npmjs.org/kareem/-/kareem-2.3.2.tgz",
+      "resolved": "https://registry.npmjs.org/kareem/-/kareem-2.4.1.tgz",
-      "integrity": "sha512-STHz9P7X2L4Kwn72fA4rGyqyXdmrMSdxqHx9IXon/FXluXieaFA6KJ2upcHAHxQPQ0LeM/OjLrhFxifHewOALQ=="
+      "integrity": "sha512-aJ9opVoXroQUPfovYP5kaj2lM7Jn02Gw13bL0lg9v0V7SaUc0qavPs0Eue7d2DcC3NjqI6QAUElXNsuZSeM+EA=="
    },
    "kleur": {
      "version": "3.0.3",
@@ -15486,32 +15318,46 @@
      "dev": true
    },
    "mongodb": {
-      "version": "4.1.4",
+      "version": "4.8.1",
-      "resolved": "https://registry.npmjs.org/mongodb/-/mongodb-4.1.4.tgz",
+      "resolved": "https://registry.npmjs.org/mongodb/-/mongodb-4.8.1.tgz",
-      "integrity": "sha512-Cv/sk8on/tpvvqbEvR1h03mdyNdyvvO+WhtFlL4jrZ+DSsN/oSQHVqmJQI/sBCqqbOArFcYCAYDfyzqFwV4GSQ==",
+      "integrity": "sha512-/NyiM3Ox9AwP5zrfT9TXjRKDJbXlLaUDQ9Rg//2lbg8D2A8GXV0VidYYnA/gfdK6uwbnL4FnAflH7FbGw3TS7w==",
      "requires": {
-        "bson": "^4.5.4",
+        "bson": "^4.6.5",
        "denque": "^2.0.1",
-        "mongodb-connection-string-url": "^2.1.0",
+        "mongodb-connection-string-url": "^2.5.2",
-        "saslprep": "^1.0.3"
+        "saslprep": "^1.0.3",
        "socks": "^2.6.2"
      }
    },
    "mongodb-connection-string-url": {
-      "version": "2.1.0",
+      "version": "2.5.3",
-      "resolved": "https://registry.npmjs.org/mongodb-connection-string-url/-/mongodb-connection-string-url-2.1.0.tgz",
+      "resolved": "https://registry.npmjs.org/mongodb-connection-string-url/-/mongodb-connection-string-url-2.5.3.tgz",
-      "integrity": "sha512-Qf9Zw7KGiRljWvMrrUFDdVqo46KIEiDuCzvEN97rh/PcKzk2bd6n9KuzEwBwW9xo5glwx69y1mI6s+jFUD/aIQ==",
+      "integrity": "sha512-f+/WsED+xF4B74l3k9V/XkTVj5/fxFH2o5ToKXd8Iyi5UhM+sO9u0Ape17Mvl/GkZaFtM0HQnzAG5OTmhKw+tQ==",
      "requires": {
        "@types/whatwg-url": "^8.2.1",
-        "whatwg-url": "^9.1.0"
+        "whatwg-url": "^11.0.0"
      },
      "dependencies": {
-        "whatwg-url": {
+        "tr46": {
-          "version": "9.1.0",
+          "version": "3.0.0",
-          "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-9.1.0.tgz",
+          "resolved": "https://registry.npmjs.org/tr46/-/tr46-3.0.0.tgz",
-          "integrity": "sha512-CQ0UcrPHyomtlOCot1TL77WyMIm/bCwrJ2D6AOKGwEczU9EpyoqAokfqrf/MioU9kHcMsmJZcg1egXix2KYEsA==",
+          "integrity": "sha512-l7FvfAHlcmulp8kr+flpQZmVwtu7nfRV7NZujtN0OqES8EL4O4e0qqzL0DC5gAvx/ZC/9lk6rhcUwYvkBnBnYA==",
          "requires": {
-            "tr46": "^2.1.0",
+            "punycode": "^2.1.1"
-            "webidl-conversions": "^6.1.0"
+          }
        },
        "webidl-conversions": {
          "version": "7.0.0",
          "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-7.0.0.tgz",
          "integrity": "sha512-VwddBukDzu71offAQR975unBIGqfKZpM+8ZX6ySk8nYhVoo5CYaZyzt3YBvYtRtO+aoGlqxPg/B87NGVZ/fu6g=="
        },
        "whatwg-url": {
          "version": "11.0.0",
          "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-11.0.0.tgz",
          "integrity": "sha512-RKT8HExMpoYx4igMiVMY83lN6UeITKJlBQ+vR/8ZJ8OCdSiN3RwCq+9gH0+Xzj0+5IrM6i4j/6LuvzbZIQgEcQ==",
          "requires": {
            "tr46": "^3.0.0",
            "webidl-conversions": "^7.0.0"
          }
        }
      }
@@ -15583,36 +15429,23 @@
      }
    },
    "mongoose": {
-      "version": "6.0.12",
+      "version": "6.5.2",
-      "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-6.0.12.tgz",
+      "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-6.5.2.tgz",
-      "integrity": "sha512-BvsZk7zEEhb1AgQFLtxN9C+7qgy5edRuA3ZDDwHU+kHG/HM44vI6FdKV5m6HVdAUeCHHQTiVv+YQh8BRsToSHw==",
+      "integrity": "sha512-3CFDrSLtK2qjM1pZeZpLTUyqPRkc11Iuh74ZrwS4IwEJ3K2PqGnmyPLw7ex4Kzu37ujIMp3MAuiBlUjfrcb6hw==",
      "requires": {
-        "bson": "^4.2.2",
+        "bson": "^4.6.5",
-        "kareem": "2.3.2",
+        "kareem": "2.4.1",
-        "mongodb": "4.1.3",
+        "mongodb": "4.8.1",
-        "mpath": "0.8.4",
+        "mpath": "0.9.0",
-        "mquery": "4.0.0",
+        "mquery": "4.0.3",
-        "ms": "2.1.2",
+        "ms": "2.1.3",
-        "regexp-clone": "1.0.0",
+        "sift": "16.0.0"
        "sift": "13.5.2",
        "sliced": "1.0.1"
      },
      "dependencies": {
        "mongodb": {
          "version": "4.1.3",
          "resolved": "https://registry.npmjs.org/mongodb/-/mongodb-4.1.3.tgz",
          "integrity": "sha512-lHvTqODBiSpuqjpCj48DOyYWS6Iq6ElJNUiH9HWdQtONyOfjgsKzJULipWduMGsSzaNO4nFi/kmlMFCLvjox/Q==",
          "requires": {
            "bson": "^4.5.2",
            "denque": "^2.0.1",
            "mongodb-connection-string-url": "^2.0.0",
            "saslprep": "^1.0.3"
          }
        },
        "ms": {
-          "version": "2.1.2",
+          "version": "2.1.3",
-          "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
+          "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
-          "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w=="
+          "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="
        }
      }
    },
@@ -15645,24 +15478,22 @@
      }
    },
    "mpath": {
-      "version": "0.8.4",
+      "version": "0.9.0",
-      "resolved": "https://registry.npmjs.org/mpath/-/mpath-0.8.4.tgz",
+      "resolved": "https://registry.npmjs.org/mpath/-/mpath-0.9.0.tgz",
-      "integrity": "sha512-DTxNZomBcTWlrMW76jy1wvV37X/cNNxPW1y2Jzd4DZkAaC5ZGsm8bfGfNOthcDuRJujXLqiuS6o3Tpy0JEoh7g=="
+      "integrity": "sha512-ikJRQTk8hw5DEoFVxHG1Gn9T/xcjtdnOKIU1JTmGjZZlg9LST2mBLmcX3/ICIbgJydT2GOc15RnNy5mHmzfSew=="
    },
    "mquery": {
-      "version": "4.0.0",
+      "version": "4.0.3",
-      "resolved": "https://registry.npmjs.org/mquery/-/mquery-4.0.0.tgz",
+      "resolved": "https://registry.npmjs.org/mquery/-/mquery-4.0.3.tgz",
-      "integrity": "sha512-nGjm89lHja+T/b8cybAby6H0YgA4qYC/lx6UlwvHGqvTq8bDaNeCwl1sY8uRELrNbVWJzIihxVd+vphGGn1vBw==",
+      "integrity": "sha512-J5heI+P08I6VJ2Ky3+33IpCdAvlYGTSUjwTPxkAr8i8EoduPMBX2OY/wa3IKZIQl7MU4SbFk8ndgSKyB/cl1zA==",
      "requires": {
-        "debug": "4.x",
+        "debug": "4.x"
        "regexp-clone": "^1.0.0",
        "sliced": "1.0.1"
      },
      "dependencies": {
        "debug": {
-          "version": "4.3.2",
+          "version": "4.3.4",
-          "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.2.tgz",
+          "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz",
-          "integrity": "sha512-mOp8wKcvj7XxC78zLgw/ZA+6TSgkoE2C/ienthhRD298T7UNwAg9diBpLRxC0mOezLl4B0xV7M0cCO6P/O0Xhw==",
+          "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==",
          "requires": {
            "ms": "2.1.2"
          }
@@ -15680,16 +15511,15 @@
      "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g="
    },
    "multer": {
-      "version": "1.4.4",
+      "version": "1.4.5-lts.1",
-      "resolved": "https://registry.npmjs.org/multer/-/multer-1.4.4.tgz",
+      "resolved": "https://registry.npmjs.org/multer/-/multer-1.4.5-lts.1.tgz",
-      "integrity": "sha512-2wY2+xD4udX612aMqMcB8Ws2Voq6NIUPEtD1be6m411T4uDH/VtL9i//xvcyFlTVfRdaBsk7hV5tgrGQqhuBiw==",
+      "integrity": "sha512-ywPWvcDMeH+z9gQq5qYHCCy+ethsk4goepZ45GLD63fOu0YcNecQxi64nDs3qluZB+murG3/D4dJ7+dGctcCQQ==",
      "requires": {
        "append-field": "^1.0.0",
-        "busboy": "^0.2.11",
+        "busboy": "^1.0.0",
        "concat-stream": "^1.5.2",
        "mkdirp": "^0.5.4",
        "object-assign": "^4.1.1",
        "on-finished": "^2.3.0",
        "type-is": "^1.6.4",
        "xtend": "^4.0.0"
      },
@@ -16416,11 +16246,6 @@
        "picomatch": "^2.2.1"
      }
    },
    "regexp-clone": {
      "version": "1.0.0",
      "resolved": "https://registry.npmjs.org/regexp-clone/-/regexp-clone-1.0.0.tgz",
      "integrity": "sha512-TuAasHQNamyyJ2hb97IuBEif4qBHGjPHBS64sZwytpLEqtBQ1gPJTnOaQ6qmpET16cK14kkjbazl6+p0RRv0yw=="
    },
    "require-directory": {
      "version": "2.1.1",
      "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz",
@@ -16475,7 +16300,8 @@
    "rndm": {
      "version": "1.2.0",
      "resolved": "https://registry.npmjs.org/rndm/-/rndm-1.2.0.tgz",
-      "integrity": "sha1-8z/pz7Urv9UgqhgyO8ZdsRCht2w="
+      "integrity": "sha1-8z/pz7Urv9UgqhgyO8ZdsRCht2w=",
      "dev": true
    },
    "rotating-file-stream": {
      "version": "3.0.4",
@@ -16605,9 +16431,9 @@
      }
    },
    "sift": {
-      "version": "13.5.2",
+      "version": "16.0.0",
-      "resolved": "https://registry.npmjs.org/sift/-/sift-13.5.2.tgz",
+      "resolved": "https://registry.npmjs.org/sift/-/sift-16.0.0.tgz",
-      "integrity": "sha512-+gxdEOMA2J+AI+fVsCqeNn7Tgx3M9ZN9jdi95939l1IJ8cZsqS8sqpJyOkic2SJk+1+98Uwryt/gL6XDaV+UZA=="
+      "integrity": "sha512-ILTjdP2Mv9V1kIxWMXeMTIRbOBrqKc4JAXmFMnFq3fKeyQ2Qwa3Dw1ubcye3vR+Y6ofA0b9gNDr/y2t6eUeIzQ=="
    },
    "signal-exit": {
      "version": "3.0.3",
@@ -16677,10 +16503,19 @@
      "integrity": "sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q==",
      "dev": true
    },
-    "sliced": {
+    "smart-buffer": {
-      "version": "1.0.1",
+      "version": "4.2.0",
-      "resolved": "https://registry.npmjs.org/sliced/-/sliced-1.0.1.tgz",
+      "resolved": "https://registry.npmjs.org/smart-buffer/-/smart-buffer-4.2.0.tgz",
-      "integrity": "sha1-CzpmK10Ewxd7GSa+qCsD+Dei70E="
+      "integrity": "sha512-94hK0Hh8rPqQl2xXc3HsaBoOXKV20MToPkcXvwbISWLEs+64sBq5kFgn2kJDHb1Pry9yrP0dxrCI9RRci7RXKg=="
    },
    "socks": {
      "version": "2.7.0",
      "resolved": "https://registry.npmjs.org/socks/-/socks-2.7.0.tgz",
      "integrity": "sha512-scnOe9y4VuiNUULJN72GrM26BNOjVsfPXI+j+98PkyEfsIXroa5ofyjT+FzGvn/xHs73U2JtoBYAVx9Hl4quSA==",
      "requires": {
        "ip": "^2.0.0",
        "smart-buffer": "^4.2.0"
      }
    },
    "source-map": {
      "version": "0.6.1",
@@ -16771,9 +16606,9 @@
      }
    },
    "streamsearch": {
-      "version": "0.1.2",
+      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/streamsearch/-/streamsearch-0.1.2.tgz",
+      "resolved": "https://registry.npmjs.org/streamsearch/-/streamsearch-1.1.0.tgz",
-      "integrity": "sha1-gIudDlb8Jz2Am6VzOOkpkZoanxo="
+      "integrity": "sha512-Mcc5wHehp9aXz1ax6bZUyY5afg9u2rv5cqQI3mRrYkGC8rW2hM02jWuwjtL++LS5qinSyhj2QfLyNsuc+VsExg=="
    },
    "string_decoder": {
      "version": "1.3.0",
@@ -17140,6 +16975,7 @@
      "version": "2.1.0",
      "resolved": "https://registry.npmjs.org/tr46/-/tr46-2.1.0.tgz",
      "integrity": "sha512-15Ih7phfcdP5YxqiB+iDtLoaTz4Nd35+IiAv0kQ5FNKHzXgdWqPoTIqEDDJmXceQt4JZk6lVPT8lnDlPpGDppw==",
      "dev": true,
      "requires": {
        "punycode": "^2.1.1"
      }
@@ -17220,7 +17056,8 @@
    "tsscmp": {
      "version": "1.0.6",
      "resolved": "https://registry.npmjs.org/tsscmp/-/tsscmp-1.0.6.tgz",
-      "integrity": "sha512-LxhtAkPDTkVCMQjt2h6eBVY28KCjikZqZfMcC15YBeNjkgUpdCfBu5HoiOTDu86v6smE8yOjyEktJ8hlbANHQA=="
+      "integrity": "sha512-LxhtAkPDTkVCMQjt2h6eBVY28KCjikZqZfMcC15YBeNjkgUpdCfBu5HoiOTDu86v6smE8yOjyEktJ8hlbANHQA==",
      "dev": true
    },
    "tunnel-agent": {
      "version": "0.6.0",
@@ -17456,7 +17293,8 @@
    "webidl-conversions": {
      "version": "6.1.0",
      "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-6.1.0.tgz",
-      "integrity": "sha512-qBIvFLGiBpLjfwmYAaHPXsn+ho5xZnGvyGvsarywGNc8VyQJUMHJ8OBKGGrPER0okBeMDaan4mNBlgBROxuI8w=="
+      "integrity": "sha512-qBIvFLGiBpLjfwmYAaHPXsn+ho5xZnGvyGvsarywGNc8VyQJUMHJ8OBKGGrPER0okBeMDaan4mNBlgBROxuI8w==",
      "dev": true
    },
    "whatwg-encoding": {
      "version": "1.0.5",
--- a/api/package.json
+++ b/api/package.json
@@ -48,12 +48,11 @@
  "author": "4GL Ltd",
  "dependencies": {
    "@sasjs/core": "^4.31.3",
-    "@sasjs/utils": "2.42.1",
+    "@sasjs/utils": "2.48.1",
    "bcryptjs": "^2.4.3",
    "connect-mongo": "^4.6.0",
    "cookie-parser": "^1.4.6",
    "cors": "^2.8.5",
    "csurf": "^1.11.0",
    "express": "^4.17.1",
    "express-session": "^1.17.2",
    "helmet": "^5.0.2",
@@ -62,7 +61,7 @@
    "mongoose": "^6.0.12",
    "mongoose-sequence": "^5.3.1",
    "morgan": "^1.10.0",
-    "multer": "^1.4.3",
+    "multer": "^1.4.5-lts.1",
    "rotating-file-stream": "^3.0.4",
    "swagger-ui-express": "4.3.0",
    "unzipper": "^0.10.11",
@@ -73,7 +72,6 @@
    "@types/bcryptjs": "^2.4.2",
    "@types/cookie-parser": "^1.4.2",
    "@types/cors": "^2.8.12",
    "@types/csurf": "^1.11.2",
    "@types/express": "^4.17.12",
    "@types/express-session": "^1.17.4",
    "@types/jest": "^26.0.24",
@@ -86,6 +84,7 @@
    "@types/swagger-ui-express": "^4.1.3",
    "@types/unzipper": "^0.10.5",
    "adm-zip": "^0.5.9",
    "csrf": "^3.1.0",
    "dotenv": "^10.0.0",
    "http-headers-validation": "^0.0.1",
    "jest": "^27.0.6",
--- a/api/public/swagger.yaml
+++ b/api/public/swagger.yaml
@@ -62,52 +62,12 @@ components:
                - clientSecret
            type: object
            additionalProperties: false
        IRecordOfAny:
            properties: {}
            type: object
            additionalProperties: {}
        LogLine:
            properties:
                line:
                    type: string
            required:
                - line
            type: object
            additionalProperties: false
        HTTPHeaders:
            properties: {}
            type: object
            additionalProperties:
                type: string
        ExecuteReturnJsonResponse:
            properties:
                status:
                    type: string
                _webout:
                    anyOf:
                        -
                            type: string
                        -
                            $ref: '#/components/schemas/IRecordOfAny'
                log:
                    items:
                        $ref: '#/components/schemas/LogLine'
                    type: array
                message:
                    type: string
                httpHeaders:
                    $ref: '#/components/schemas/HTTPHeaders'
            required:
                - status
                - _webout
                - log
                - httpHeaders
            type: object
            additionalProperties: false
        RunTimeType:
            enum:
                - sas
                - js
                - py
                - r
            type: string
        ExecuteCodePayload:
            properties:
@@ -230,7 +190,7 @@ components:
                - fileTree
            type: object
            additionalProperties: false
-        UpdateFileResponse:
+        FileFolderResponse:
            properties:
                status:
                    type: string
@@ -240,6 +200,31 @@ components:
                - status
            type: object
            additionalProperties: false
        AddFolderPayload:
            properties:
                folderPath:
                    type: string
                    description: 'Location of folder'
                    example: /Public/someFolder
            required:
                - folderPath
            type: object
            additionalProperties: false
        RenamePayload:
            properties:
                oldPath:
                    type: string
                    description: 'Old path of file/folder'
                    example: /Public/someFolder
                newPath:
                    type: string
                    description: 'New path of file/folder'
                    example: /Public/newFolder
            required:
                - oldPath
                - newPath
            type: object
            additionalProperties: false
        TreeNode:
            properties:
                name:
@@ -248,6 +233,8 @@ components:
                    type: string
                absolutePath:
                    type: string
                isFolder:
                    type: boolean
                children:
                    items:
                        $ref: '#/components/schemas/TreeNode'
@@ -256,6 +243,7 @@ components:
                - name
                - relativePath
                - absolutePath
                - isFolder
                - children
            type: object
            additionalProperties: false
@@ -403,27 +391,13 @@ components:
                - description
            type: object
            additionalProperties: false
-        _LeanDocument__LeanDocument_T__:
+        FlattenMaps_T_:
            properties: {}
            type: object
        Pick__LeanDocument_T_.Exclude_keyof_LeanDocument_T_.Exclude_keyofDocument._id-or-id-or-__v_-or-%24isSingleNested__:
            properties:
                _id:
                    $ref: '#/components/schemas/_LeanDocument__LeanDocument_T__'
                    description: 'This documents _id.'
                __v:
                    description: 'This documents __v.'
                id:
                    description: 'The string version of this documents _id.'
            type: object
            description: 'From T, pick a set of properties whose keys are in the union K'
        Omit__LeanDocument_this_.Exclude_keyofDocument._id-or-id-or-__v_-or-%24isSingleNested_:
            $ref: '#/components/schemas/Pick__LeanDocument_T_.Exclude_keyof_LeanDocument_T_.Exclude_keyofDocument._id-or-id-or-__v_-or-%24isSingleNested__'
            description: 'Construct a type with the properties of T except for those in type K.'
        LeanDocument_this_:
            $ref: '#/components/schemas/Omit__LeanDocument_this_.Exclude_keyofDocument._id-or-id-or-__v_-or-%24isSingleNested_'
        IGroup:
-            $ref: '#/components/schemas/LeanDocument_this_'
+            $ref: '#/components/schemas/FlattenMaps_T_'
        ObjectId:
            type: string
        InfoResponse:
            properties:
                mode:
@@ -450,15 +424,92 @@ components:
            additionalProperties: false
        AuthorizedRoutesResponse:
            properties:
-                URIs:
+                paths:
                    items:
                        type: string
                    type: array
            required:
-                - URIs
+                - paths
            type: object
            additionalProperties: false
-        ExecuteReturnJsonPayload:
+        PermissionDetailsResponse:
            properties:
                permissionId:
                    type: number
                    format: double
                path:
                    type: string
                type:
                    type: string
                setting:
                    type: string
                user:
                    $ref: '#/components/schemas/UserResponse'
                group:
                    $ref: '#/components/schemas/GroupDetailsResponse'
            required:
                - permissionId
                - path
                - type
                - setting
            type: object
            additionalProperties: false
        PermissionType:
            enum:
                - Route
            type: string
        PermissionSettingForRoute:
            enum:
                - Grant
                - Deny
            type: string
        PrincipalType:
            enum:
                - user
                - group
            type: string
        RegisterPermissionPayload:
            properties:
                path:
                    type: string
                    description: 'Name of affected resource'
                    example: /SASjsApi/code/execute
                type:
                    $ref: '#/components/schemas/PermissionType'
                    description: 'Type of affected resource'
                    example: Route
                setting:
                    $ref: '#/components/schemas/PermissionSettingForRoute'
                    description: 'The indication of whether (and to what extent) access is provided'
                    example: Grant
                principalType:
                    $ref: '#/components/schemas/PrincipalType'
                    description: 'Indicates the type of principal'
                    example: user
                principalId:
                    type: number
                    format: double
                    description: 'The id of user or group to which a rule is assigned.'
                    example: 123
            required:
                - path
                - type
                - setting
                - principalType
                - principalId
            type: object
            additionalProperties: false
        UpdatePermissionPayload:
            properties:
                setting:
                    $ref: '#/components/schemas/PermissionSettingForRoute'
                    description: 'The indication of whether (and to what extent) access is provided'
                    example: Grant
            required:
                - setting
            type: object
            additionalProperties: false
        ExecutePostRequestPayload:
            properties:
                _program:
                    type: string
@@ -501,71 +552,6 @@ components:
                - clientId
            type: object
            additionalProperties: false
        PermissionDetailsResponse:
            properties:
                permissionId:
                    type: number
                    format: double
                uri:
                    type: string
                setting:
                    type: string
                user:
                    $ref: '#/components/schemas/UserResponse'
                group:
                    $ref: '#/components/schemas/GroupDetailsResponse'
            required:
                - permissionId
                - uri
                - setting
            type: object
            additionalProperties: false
        PermissionSetting:
            enum:
                - Grant
                - Deny
            type: string
        PrincipalType:
            enum:
                - user
                - group
            type: string
        RegisterPermissionPayload:
            properties:
                uri:
                    type: string
                    description: 'Name of affected resource'
                    example: /SASjsApi/code/execute
                setting:
                    $ref: '#/components/schemas/PermissionSetting'
                    description: 'The indication of whether (and to what extent) access is provided'
                    example: Grant
                principalType:
                    $ref: '#/components/schemas/PrincipalType'
                    description: 'Indicates the type of principal'
                    example: user
                principalId:
                    type: number
                    format: double
                    description: 'The id of user or group to which a rule is assigned.'
                    example: 123
            required:
                - uri
                - setting
                - principalType
                - principalId
            type: object
            additionalProperties: false
        UpdatePermissionPayload:
            properties:
                setting:
                    $ref: '#/components/schemas/PermissionSetting'
                    description: 'The indication of whether (and to what extent) access is provided'
                    example: Grant
            required:
                - setting
            type: object
            additionalProperties: false
    securitySchemes:
        bearerAuth:
            type: http
@@ -671,11 +657,13 @@ paths:
                    content:
                        application/json:
                            schema:
-                                $ref: '#/components/schemas/ExecuteReturnJsonResponse'
+                                anyOf:
-            description: 'Execute SAS code.'
+                                    - {type: string}
-            summary: 'Run SAS Code and returns log'
+                                    - {type: string, format: byte}
            description: 'Execute Code on the Specified Runtime'
            summary: 'Run Code and Return Webout Content and Log'
            tags:
-                - CODE
+                - Code
            security:
                -
                    bearerAuth: []
@@ -836,7 +824,7 @@ paths:
                    content:
                        application/json:
                            schema:
-                                $ref: '#/components/schemas/UpdateFileResponse'
+                                $ref: '#/components/schemas/FileFolderResponse'
                            examples:
                                'Example 1':
                                    value: {status: success}
@@ -845,7 +833,7 @@ paths:
                    content:
                        application/json:
                            schema:
-                                $ref: '#/components/schemas/UpdateFileResponse'
+                                $ref: '#/components/schemas/FileFolderResponse'
                            examples:
                                'Example 1':
                                    value: {status: failure, message: 'File request failed.'}
@@ -858,7 +846,7 @@ paths:
                    bearerAuth: []
            parameters:
                -
-                    description: 'Location of SAS program'
+                    description: 'Location of file'
                    in: query
                    name: _filePath
                    required: false
@@ -887,7 +875,7 @@ paths:
                    content:
                        application/json:
                            schema:
-                                $ref: '#/components/schemas/UpdateFileResponse'
+                                $ref: '#/components/schemas/FileFolderResponse'
                            examples:
                                'Example 1':
                                    value: {status: success}
@@ -896,7 +884,7 @@ paths:
                    content:
                        application/json:
                            schema:
-                                $ref: '#/components/schemas/UpdateFileResponse'
+                                $ref: '#/components/schemas/FileFolderResponse'
                            examples:
                                'Example 1':
                                    value: {status: failure, message: 'File request failed.'}
@@ -960,6 +948,102 @@ paths:
                    schema:
                        type: string
                    example: /Public/somefolder
        delete:
            operationId: DeleteFolder
            responses:
                '200':
                    description: Ok
                    content:
                        application/json:
                            schema:
                                properties:
                                    status: {type: string}
                                required:
                                    - status
                                type: object
            summary: 'Delete folder from SASjs Drive'
            tags:
                - Drive
            security:
                -
                    bearerAuth: []
            parameters:
                -
                    in: query
                    name: _folderPath
                    required: true
                    schema:
                        type: string
                    example: /Public/somefolder/
        post:
            operationId: AddFolder
            responses:
                '200':
                    description: Ok
                    content:
                        application/json:
                            schema:
                                $ref: '#/components/schemas/FileFolderResponse'
                            examples:
                                'Example 1':
                                    value: {status: success}
                '409':
                    description: 'Folder already exists'
                    content:
                        application/json:
                            schema:
                                $ref: '#/components/schemas/FileFolderResponse'
                            examples:
                                'Example 1':
                                    value: {status: failure, message: 'Add folder request failed.'}
            summary: 'Create an empty folder in SASjs Drive'
            tags:
                - Drive
            security:
                -
                    bearerAuth: []
            parameters: []
            requestBody:
                required: true
                content:
                    application/json:
                        schema:
                            $ref: '#/components/schemas/AddFolderPayload'
    /SASjsApi/drive/rename:
        post:
            operationId: Rename
            responses:
                '200':
                    description: Ok
                    content:
                        application/json:
                            schema:
                                $ref: '#/components/schemas/FileFolderResponse'
                            examples:
                                'Example 1':
                                    value: {status: success}
                '409':
                    description: 'Folder already exists'
                    content:
                        application/json:
                            schema:
                                $ref: '#/components/schemas/FileFolderResponse'
                            examples:
                                'Example 1':
                                    value: {status: failure, message: 'rename request failed.'}
            summary: 'Renames a file/folder in SASjs Drive'
            tags:
                - Drive
            security:
                -
                    bearerAuth: []
            parameters: []
            requestBody:
                required: true
                content:
                    application/json:
                        schema:
                            $ref: '#/components/schemas/RenamePayload'
    /SASjsApi/drive/filetree:
        get:
            operationId: GetFileTree
@@ -1310,7 +1394,7 @@ paths:
                            schema:
                                allOf:
                                    - {$ref: '#/components/schemas/IGroup'}
-                                    - {properties: {_id: {}}, required: [_id], type: object}
+                                    - {properties: {_id: {$ref: '#/components/schemas/ObjectId'}}, required: [_id], type: object}
            summary: 'Delete a group. Admin task only.'
            tags:
                - Group
@@ -1432,12 +1516,116 @@ paths:
                                $ref: '#/components/schemas/AuthorizedRoutesResponse'
                            examples:
                                'Example 1':
-                                    value: {URIs: [/AppStream, /SASjsApi/stp/execute]}
+                                    value: {paths: [/AppStream, /SASjsApi/stp/execute]}
-            summary: 'Get authorized routes.'
+            summary: 'Get the list of available routes to which permissions can be applied.  Used to populate the dialog in the URI Permissions feature.'
            tags:
                - Info
            security: []
            parameters: []
    /SASjsApi/permission:
        get:
            operationId: GetAllPermissions
            responses:
                '200':
                    description: Ok
                    content:
                        application/json:
                            schema:
                                items:
                                    $ref: '#/components/schemas/PermissionDetailsResponse'
                                type: array
                            examples:
                                'Example 1':
                                    value: [{permissionId: 123, path: /SASjsApi/code/execute, type: Route, setting: Grant, user: {id: 1, username: johnSnow01, displayName: 'John Snow', isAdmin: false}}, {permissionId: 124, path: /SASjsApi/code/execute, type: Route, setting: Grant, group: {groupId: 1, name: DCGroup, description: 'This group represents Data Controller Users', isActive: true, users: []}}]
            description: "Get the list of permission rules applicable the authenticated user.\nIf the user is an admin, all rules are returned."
            summary: 'Get the list of permission rules. If the user is admin, all rules are returned.'
            tags:
                - Permission
            security:
                -
                    bearerAuth: []
            parameters: []
        post:
            operationId: CreatePermission
            responses:
                '200':
                    description: Ok
                    content:
                        application/json:
                            schema:
                                $ref: '#/components/schemas/PermissionDetailsResponse'
                            examples:
                                'Example 1':
                                    value: {permissionId: 123, path: /SASjsApi/code/execute, type: Route, setting: Grant, user: {id: 1, username: johnSnow01, displayName: 'John Snow', isAdmin: false}}
            summary: 'Create a new permission. Admin only.'
            tags:
                - Permission
            security:
                -
                    bearerAuth: []
            parameters: []
            requestBody:
                required: true
                content:
                    application/json:
                        schema:
                            $ref: '#/components/schemas/RegisterPermissionPayload'
    '/SASjsApi/permission/{permissionId}':
        patch:
            operationId: UpdatePermission
            responses:
                '200':
                    description: Ok
                    content:
                        application/json:
                            schema:
                                $ref: '#/components/schemas/PermissionDetailsResponse'
                            examples:
                                'Example 1':
                                    value: {permissionId: 123, path: /SASjsApi/code/execute, type: Route, setting: Grant, user: {id: 1, username: johnSnow01, displayName: 'John Snow', isAdmin: false}}
            summary: 'Update permission setting. Admin only'
            tags:
                - Permission
            security:
                -
                    bearerAuth: []
            parameters:
                -
                    description: 'The permission''s identifier'
                    in: path
                    name: permissionId
                    required: true
                    schema:
                        format: double
                        type: number
                    example: 1234
            requestBody:
                required: true
                content:
                    application/json:
                        schema:
                            $ref: '#/components/schemas/UpdatePermissionPayload'
        delete:
            operationId: DeletePermission
            responses:
                '204':
                    description: 'No content'
            summary: 'Delete a permission. Admin only.'
            tags:
                - Permission
            security:
                -
                    bearerAuth: []
            parameters:
                -
                    description: 'The user''s identifier'
                    in: path
                    name: permissionId
                    required: true
                    schema:
                        format: double
                        type: number
                    example: 1234
    /SASjsApi/session:
        get:
            operationId: Session
@@ -1460,7 +1648,7 @@ paths:
            parameters: []
    /SASjsApi/stp/execute:
        get:
-            operationId: ExecuteReturnRaw
+            operationId: ExecuteGetRequest
            responses:
                '200':
                    description: Ok
@@ -1470,8 +1658,8 @@ paths:
                                anyOf:
                                    - {type: string}
                                    - {type: string, format: byte}
-            description: "Trigger a SAS or JS program using the _program URL parameter.\n\nAccepts URL parameters and file uploads.  For more details, see docs:\n\nhttps://server.sasjs.io/storedprograms"
+            description: "Trigger a Stored Program using the _program URL parameter.\n\nAccepts URL parameters and file uploads.  For more details, see docs:\n\nhttps://server.sasjs.io/storedprograms"
-            summary: 'Execute a Stored Program, returns raw _webout content.'
+            summary: 'Execute a Stored Program, returns _webout and (optionally) log.'
            tags:
                - STP
            security:
@@ -1479,7 +1667,7 @@ paths:
                    bearerAuth: []
            parameters:
                -
-                    description: 'Location of SAS or JS code'
+                    description: 'Location of code in SASjs Drive'
                    in: query
                    name: _program
                    required: true
@@ -1487,19 +1675,18 @@ paths:
                        type: string
                    example: /Projects/myApp/some/program
        post:
-            operationId: ExecuteReturnJson
+            operationId: ExecutePostRequest
            responses:
                '200':
                    description: Ok
                    content:
                        application/json:
                            schema:
-                                $ref: '#/components/schemas/ExecuteReturnJsonResponse'
+                                anyOf:
-                            examples:
+                                    - {type: string}
-                                'Example 1':
+                                    - {type: string, format: byte}
-                                    value: {status: success, _webout: 'webout content', log: [], httpHeaders: {Content-type: application/zip, Cache-Control: 'public, max-age=1000'}}
+            description: "Trigger a Stored Program using the _program URL parameter.\n\nAccepts URL parameters and file uploads.  For more details, see docs:\n\nhttps://server.sasjs.io/storedprograms"
-            description: "Trigger a SAS or JS program using the _program URL parameter.\n\nAccepts URL parameters and file uploads.  For more details, see docs:\n\nhttps://server.sasjs.io/storedprograms\n\nThe response will be a JSON object with the following root attributes:\nlog, webout, headers.\n\nThe webout attribute will be nested JSON ONLY if the response-header\ncontains a content-type of application/json AND it is valid JSON.\nOtherwise it will be a stringified version of the webout content."
+            summary: 'Execute a Stored Program, returns _webout and (optionally) log.'
            summary: 'Execute a Stored Program, return a JSON object'
            tags:
                - STP
            security:
@@ -1507,7 +1694,7 @@ paths:
                    bearerAuth: []
            parameters:
                -
-                    description: 'Location of SAS or JS code'
+                    description: 'Location of code in SASjs Drive'
                    in: query
                    name: _program
                    required: false
@@ -1519,7 +1706,7 @@ paths:
                content:
                    application/json:
                        schema:
-                            $ref: '#/components/schemas/ExecuteReturnJsonPayload'
+                            $ref: '#/components/schemas/ExecutePostRequestPayload'
    /:
        get:
            operationId: Home
@@ -1600,143 +1787,40 @@ paths:
                - Web
            security: []
            parameters: []
    /SASjsApi/permission:
        get:
            operationId: GetAllPermissions
            responses:
                '200':
                    description: Ok
                    content:
                        application/json:
                            schema:
                                items:
                                    $ref: '#/components/schemas/PermissionDetailsResponse'
                                type: array
                            examples:
                                'Example 1':
                                    value: [{permissionId: 123, uri: /SASjsApi/code/execute, setting: Grant, user: {id: 1, username: johnSnow01, displayName: 'John Snow', isAdmin: false}}, {permissionId: 124, uri: /SASjsApi/code/execute, setting: Grant, group: {groupId: 1, name: DCGroup, description: 'This group represents Data Controller Users', isActive: true, users: []}}]
            summary: 'Get list of all permissions (uri, setting and userDetail).'
            tags:
                - Permission
            security:
                -
                    bearerAuth: []
            parameters: []
        post:
            operationId: CreatePermission
            responses:
                '200':
                    description: Ok
                    content:
                        application/json:
                            schema:
                                $ref: '#/components/schemas/PermissionDetailsResponse'
                            examples:
                                'Example 1':
                                    value: {permissionId: 123, uri: /SASjsApi/code/execute, setting: Grant, user: {id: 1, username: johnSnow01, displayName: 'John Snow', isAdmin: false}}
            summary: 'Create a new permission. Admin only.'
            tags:
                - Permission
            security:
                -
                    bearerAuth: []
            parameters: []
            requestBody:
                required: true
                content:
                    application/json:
                        schema:
                            $ref: '#/components/schemas/RegisterPermissionPayload'
    '/SASjsApi/permission/{permissionId}':
        patch:
            operationId: UpdatePermission
            responses:
                '200':
                    description: Ok
                    content:
                        application/json:
                            schema:
                                $ref: '#/components/schemas/PermissionDetailsResponse'
                            examples:
                                'Example 1':
                                    value: {permissionId: 123, uri: /SASjsApi/code/execute, setting: Grant, user: {id: 1, username: johnSnow01, displayName: 'John Snow', isAdmin: false}}
            summary: 'Update permission setting. Admin only'
            tags:
                - Permission
            security:
                -
                    bearerAuth: []
            parameters:
                -
                    description: 'The permission''s identifier'
                    in: path
                    name: permissionId
                    required: true
                    schema:
                        format: double
                        type: number
                    example: 1234
            requestBody:
                required: true
                content:
                    application/json:
                        schema:
                            $ref: '#/components/schemas/UpdatePermissionPayload'
        delete:
            operationId: DeletePermission
            responses:
                '204':
                    description: 'No content'
            summary: 'Delete a permission. Admin only.'
            tags:
                - Permission
            security:
                -
                    bearerAuth: []
            parameters:
                -
                    description: 'The user''s identifier'
                    in: path
                    name: permissionId
                    required: true
                    schema:
                        format: double
                        type: number
                    example: 1234
 servers:
    -
        url: /
 tags:
    -
-        name: Info
+        name: Auth
-        description: 'Get Server Information'
+        description: 'Operations about auth'
    -
        name: Session
        description: 'Get Session information'
    -
        name: User
        description: 'Operations with users'
    -
        name: Permission
        description: 'Operations about permissions'
    -
        name: Client
        description: 'Operations about clients'
    -
-        name: Auth
+        name: Code
-        description: 'Operations about auth'
+        description: 'Execution of code (various runtimes are supported)'
    -
        name: Drive
        description: 'Operations on SASjs Drive'
    -
        name: Group
        description: 'Operations on groups and group memberships'
    -
        name: Info
        description: 'Get Server Information'
    -
        name: Permission
        description: 'Operations about permissions'
    -
        name: Session
        description: 'Get Session information'
    -
        name: STP
        description: 'Execution of Stored Programs'
    -
-        name: CODE
+        name: User
-        description: 'Execution of code (various runtimes are supported)'
+        description: 'Operations with users'
    -
        name: Web
        description: 'Operations on Web'
--- a/api/scripts/compileSysInit.ts
+++ b/api/scripts/compileSysInit.ts
@@ -11,7 +11,7 @@ import { apiRoot, sysInitCompiledPath } from '../src/utils/file'
 const macroCorePath = path.join(apiRoot, 'node_modules', '@sasjs', 'core')
 const compiledSystemInit = async (systemInit: string) =>
-  'options ps=max;\n' +
+  'options ls=max ps=max;\n' +
  (await loadDependenciesFile({
    fileContent: systemInit,
    type: SASJsFileType.job,
--- a/api/src/app.ts
+++ b/api/src/app.ts
@@ -1,6 +1,5 @@
 import path from 'path'
-import express, { ErrorRequestHandler } from 'express'
+import express, { ErrorRequestHandler, CookieOptions } from 'express'
 import csrf from 'csurf'
 import cookieParser from 'cookie-parser'
 import dotenv from 'dotenv'
@@ -32,21 +31,14 @@ const app = express()
 const { PROTOCOL } = process.env
-export const cookieOptions = {
+export const cookieOptions: CookieOptions = {
  secure: PROTOCOL === ProtocolType.HTTPS,
  httpOnly: true,
  sameSite: PROTOCOL === ProtocolType.HTTPS ? 'none' : undefined,
  maxAge: 24 * 60 * 60 * 1000 // 24 hours
 }
 /***********************************
 *         CSRF Protection         *
 ***********************************/
 export const csrfProtection = csrf({ cookie: cookieOptions })
 const onError: ErrorRequestHandler = (err, req, res, next) => {
  if (err.code === 'EBADCSRFTOKEN')
    return res.status(400).send('Invalid CSRF token!')
  console.error(err.stack)
  res.status(500).send('Something broke!')
 }
@@ -76,6 +68,10 @@ export default setProcessVariables().then(async () => {
  app.use(express.json({ limit: '100mb' }))
  app.use(express.static(path.join(__dirname, '../public')))
  // Body parser is used for decoding the formdata on POST request.
  // Currently only place we use it is SAS9 Mock - POST /SASLogon/login
  app.use(express.urlencoded({ extended: true }))
  await setupFolders()
  await copySASjsCore()
--- a/api/src/controllers/auth.ts
+++ b/api/src/controllers/auth.ts
@@ -4,6 +4,7 @@ import { InfoJWT } from '../types'
 import {
  generateAccessToken,
  generateRefreshToken,
  getTokensFromDB,
  removeTokensInDB,
  saveTokensInDB
 } from '../utils'
@@ -73,6 +74,15 @@ const token = async (data: any): Promise<TokenResponse> => {
  AuthController.deleteCode(userInfo.userId, clientId)
  // get tokens from DB
  const existingTokens = await getTokensFromDB(userInfo.userId, clientId)
  if (existingTokens) {
    return {
      accessToken: existingTokens.accessToken,
      refreshToken: existingTokens.refreshToken
    }
  }
  const accessToken = generateAccessToken(userInfo)
  const refreshToken = generateRefreshToken(userInfo)
--- a/api/src/controllers/code.ts
+++ b/api/src/controllers/code.ts
@@ -1,7 +1,6 @@
 import express from 'express'
 import { Request, Security, Route, Tags, Post, Body } from 'tsoa'
-import { ExecuteReturnJson, ExecutionController } from './internal'
+import { ExecutionController } from './internal'
 import { ExecuteReturnJsonResponse } from '.'
 import {
  getPreProgramVariables,
  getUserAutoExec,
@@ -25,17 +24,17 @@ interface ExecuteCodePayload {
@Security('bearerAuth')
@Route('SASjsApi/code')
-@Tags('CODE')
+@Tags('Code')
 export class CodeController {
  /**
-   * Execute SAS code.
+   * Execute Code on the Specified Runtime
-   * @summary Run SAS Code and returns log
+   * @summary Run Code and Return Webout Content and Log
   */
  @Post('/execute')
  public async executeCode(
    @Request() request: express.Request,
    @Body() body: ExecuteCodePayload
-  ): Promise<ExecuteReturnJsonResponse> {
+  ): Promise<string | Buffer> {
    return executeCode(request, body)
  }
 }
@@ -51,22 +50,15 @@ const executeCode = async (
      : await getUserAutoExec()
  try {
-    const { webout, log, httpHeaders } =
+    const { result } = await new ExecutionController().executeProgram({
-      (await new ExecutionController().executeProgram({
+      program: code,
-        program: code,
+      preProgramVariables: getPreProgramVariables(req),
-        preProgramVariables: getPreProgramVariables(req),
+      vars: { ...req.query, _debug: 131 },
-        vars: { ...req.query, _debug: 131 },
+      otherArgs: { userAutoExec },
-        otherArgs: { userAutoExec },
+      runTime: runTime
-        returnJson: true,
+    })
        runTime: runTime
      })) as ExecuteReturnJson
-    return {
+    return result
      status: 'success',
      _webout: webout as string,
      log: parseLogToArray(log),
      httpHeaders
    }
  } catch (err: any) {
    throw {
      code: 400,
--- a/api/src/controllers/drive.ts
+++ b/api/src/controllers/drive.ts
@@ -22,6 +22,7 @@ import {
  moveFile,
  createFolder,
  deleteFile as deleteFileOnSystem,
  deleteFolder as deleteFolderOnSystem,
  folderExists,
  listFilesInFolder,
  listSubFoldersInFolder,
@@ -58,11 +59,32 @@ interface GetFileTreeResponse {
  tree: TreeNode
 }
-interface UpdateFileResponse {
+interface FileFolderResponse {
  status: string
  message?: string
 }
 interface AddFolderPayload {
  /**
   * Location of folder
   * @example "/Public/someFolder"
   */
  folderPath: string
 }
 interface RenamePayload {
  /**
   * Old path of file/folder
   * @example "/Public/someFolder"
   */
  oldPath: string
  /**
   * New path of file/folder
   * @example "/Public/newFolder"
   */
  newPath: string
 }
 const fileTreeExample = getTreeExample()
 const successDeployResponse: DeployResponse = {
@@ -143,7 +165,7 @@ export class DriveController {
  /**
   *
   * @summary Delete file from SASjs Drive
-   * @query _filePath Location of SAS program
+   * @query _filePath Location of file
   * @example _filePath "/Public/somefolder/some.file"
   */
  @Delete('/file')
@@ -151,20 +173,31 @@ export class DriveController {
    return deleteFile(_filePath)
  }
  /**
   *
   * @summary Delete folder from SASjs Drive
   * @query _folderPath Location of folder
   * @example _folderPath "/Public/somefolder/"
   */
  @Delete('/folder')
  public async deleteFolder(@Query() _folderPath: string) {
    return deleteFolder(_folderPath)
  }
  /**
   * It's optional to either provide `_filePath` in url as query parameter
   * Or provide `filePath` in body as form field.
   * But it's required to provide else API will respond with Bad Request.
   *
   * @summary Create a file in SASjs Drive
-   * @param _filePath Location of SAS program
+   * @param _filePath Location of file
   * @example _filePath "/Public/somefolder/some.file.sas"
   *
   */
-  @Example<UpdateFileResponse>({
+  @Example<FileFolderResponse>({
    status: 'success'
  })
-  @Response<UpdateFileResponse>(403, 'File already exists', {
+  @Response<FileFolderResponse>(403, 'File already exists', {
    status: 'failure',
    message: 'File request failed.'
  })
@@ -173,10 +206,28 @@ export class DriveController {
    @UploadedFile() file: Express.Multer.File,
    @Query() _filePath?: string,
    @FormField() filePath?: string
-  ): Promise<UpdateFileResponse> {
+  ): Promise<FileFolderResponse> {
    return saveFile((_filePath ?? filePath)!, file)
  }
  /**
   * @summary Create an empty folder in SASjs Drive
   *
   */
  @Example<FileFolderResponse>({
    status: 'success'
  })
  @Response<FileFolderResponse>(409, 'Folder already exists', {
    status: 'failure',
    message: 'Add folder request failed.'
  })
  @Post('/folder')
  public async addFolder(
    @Body() body: AddFolderPayload
  ): Promise<FileFolderResponse> {
    return addFolder(body.folderPath)
  }
  /**
   * It's optional to either provide `_filePath` in url as query parameter
   * Or provide `filePath` in body as form field.
@@ -187,10 +238,10 @@ export class DriveController {
   * @example _filePath "/Public/somefolder/some.file.sas"
   *
   */
-  @Example<UpdateFileResponse>({
+  @Example<FileFolderResponse>({
    status: 'success'
  })
-  @Response<UpdateFileResponse>(403, `File doesn't exist`, {
+  @Response<FileFolderResponse>(403, `File doesn't exist`, {
    status: 'failure',
    message: 'File request failed.'
  })
@@ -199,10 +250,28 @@ export class DriveController {
    @UploadedFile() file: Express.Multer.File,
    @Query() _filePath?: string,
    @FormField() filePath?: string
-  ): Promise<UpdateFileResponse> {
+  ): Promise<FileFolderResponse> {
    return updateFile((_filePath ?? filePath)!, file)
  }
  /**
   * @summary Renames a file/folder in SASjs Drive
   *
   */
  @Example<FileFolderResponse>({
    status: 'success'
  })
  @Response<FileFolderResponse>(409, 'Folder already exists', {
    status: 'failure',
    message: 'rename request failed.'
  })
  @Post('/rename')
  public async rename(
    @Body() body: RenamePayload
  ): Promise<FileFolderResponse> {
    return rename(body.oldPath, body.newPath)
  }
  /**
   * @summary Fetch file tree within SASjs Drive.
   *
@@ -249,20 +318,26 @@ const getFile = async (req: express.Request, filePath: string) => {
    .join(getFilesFolder(), filePath)
    .replace(new RegExp('/', 'g'), path.sep)
-  if (!filePathFull.includes(driveFilesPath)) {
+  if (!filePathFull.includes(driveFilesPath))
-    throw new Error('Cannot get file outside drive.')
+    throw {
-  }
+      code: 400,
      status: 'Bad Request',
      message: `Can't get file outside drive.`
    }
-  if (!(await fileExists(filePathFull))) {
+  if (!(await fileExists(filePathFull)))
-    throw new Error("File doesn't exist.")
+    throw {
-  }
+      code: 404,
      status: 'Not Found',
      message: `File doesn't exist.`
    }
  const extension = path.extname(filePathFull).toLowerCase()
  if (extension === '.sas') {
    req.res?.setHeader('Content-type', 'text/plain')
  }
-  req.res?.sendFile(path.resolve(filePathFull))
+  req.res?.sendFile(path.resolve(filePathFull), { dotfiles: 'allow' })
 }
 const getFolder = async (folderPath?: string) => {
@@ -273,17 +348,26 @@ const getFolder = async (folderPath?: string) => {
      .join(getFilesFolder(), folderPath)
      .replace(new RegExp('/', 'g'), path.sep)
-    if (!folderPathFull.includes(driveFilesPath)) {
+    if (!folderPathFull.includes(driveFilesPath))
-      throw new Error('Cannot get folder outside drive.')
+      throw {
-    }
+        code: 400,
        status: 'Bad Request',
        message: `Can't get folder outside drive.`
      }
-    if (!(await folderExists(folderPathFull))) {
+    if (!(await folderExists(folderPathFull)))
-      throw new Error("Folder doesn't exist.")
+      throw {
-    }
+        code: 404,
        status: 'Not Found',
        message: `Folder doesn't exist.`
      }
-    if (!(await isFolder(folderPathFull))) {
+    if (!(await isFolder(folderPathFull)))
-      throw new Error('Not a Folder.')
+      throw {
-    }
+        code: 400,
        status: 'Bad Request',
        message: 'Not a Folder.'
      }
    const files: string[] = await listFilesInFolder(folderPathFull)
    const folders: string[] = await listSubFoldersInFolder(folderPathFull)
@@ -302,19 +386,51 @@ const deleteFile = async (filePath: string) => {
    .join(getFilesFolder(), filePath)
    .replace(new RegExp('/', 'g'), path.sep)
-  if (!filePathFull.includes(driveFilesPath)) {
+  if (!filePathFull.includes(driveFilesPath))
-    throw new Error('Cannot delete file outside drive.')
+    throw {
-  }
+      code: 400,
      status: 'Bad Request',
      message: `Can't delete file outside drive.`
    }
-  if (!(await fileExists(filePathFull))) {
+  if (!(await fileExists(filePathFull)))
-    throw new Error('File does not exist.')
+    throw {
-  }
+      code: 404,
      status: 'Not Found',
      message: `File doesn't exist.`
    }
  await deleteFileOnSystem(filePathFull)
  return { status: 'success' }
 }
 const deleteFolder = async (folderPath: string) => {
  const driveFolderPath = getFilesFolder()
  const folderPathFull = path
    .join(getFilesFolder(), folderPath)
    .replace(new RegExp('/', 'g'), path.sep)
  if (!folderPathFull.includes(driveFolderPath))
    throw {
      code: 400,
      status: 'Bad Request',
      message: `Can't delete folder outside drive.`
    }
  if (!(await folderExists(folderPathFull)))
    throw {
      code: 404,
      status: 'Not Found',
      message: `Folder doesn't exist.`
    }
  await deleteFolderOnSystem(folderPathFull)
  return { status: 'success' }
 }
 const saveFile = async (
  filePath: string,
  multerFile: Express.Multer.File
@@ -325,13 +441,19 @@ const saveFile = async (
    .join(driveFilesPath, filePath)
    .replace(new RegExp('/', 'g'), path.sep)
-  if (!filePathFull.includes(driveFilesPath)) {
+  if (!filePathFull.includes(driveFilesPath))
-    throw new Error('Cannot put file outside drive.')
+    throw {
-  }
+      code: 400,
      status: 'Bad Request',
      message: `Can't put file outside drive.`
    }
-  if (await fileExists(filePathFull)) {
+  if (await fileExists(filePathFull))
-    throw new Error('File already exists.')
+    throw {
-  }
+      code: 409,
      status: 'Conflict',
      message: 'File already exists.'
    }
  const folderPath = path.dirname(filePathFull)
  await createFolder(folderPath)
@@ -340,6 +462,88 @@ const saveFile = async (
  return { status: 'success' }
 }
 const addFolder = async (folderPath: string): Promise<FileFolderResponse> => {
  const drivePath = getFilesFolder()
  const folderPathFull = path
    .join(drivePath, folderPath)
    .replace(new RegExp('/', 'g'), path.sep)
  if (!folderPathFull.includes(drivePath))
    throw {
      code: 400,
      status: 'Bad Request',
      message: `Can't put folder outside drive.`
    }
  if (await folderExists(folderPathFull))
    throw {
      code: 409,
      status: 'Conflict',
      message: 'Folder already exists.'
    }
  await createFolder(folderPathFull)
  return { status: 'success' }
 }
 const rename = async (
  oldPath: string,
  newPath: string
 ): Promise<FileFolderResponse> => {
  const drivePath = getFilesFolder()
  const oldPathFull = path
    .join(drivePath, oldPath)
    .replace(new RegExp('/', 'g'), path.sep)
  const newPathFull = path
    .join(drivePath, newPath)
    .replace(new RegExp('/', 'g'), path.sep)
  if (!oldPathFull.includes(drivePath))
    throw {
      code: 400,
      status: 'Bad Request',
      message: `Old path can't be outside of drive.`
    }
  if (!newPathFull.includes(drivePath))
    throw {
      code: 400,
      status: 'Bad Request',
      message: `New path can't be outside of drive.`
    }
  if (await isFolder(oldPathFull)) {
    if (await folderExists(newPathFull))
      throw {
        code: 409,
        status: 'Conflict',
        message: 'Folder with new name already exists.'
      }
    else moveFile(oldPathFull, newPathFull)
    return { status: 'success' }
  } else if (await fileExists(oldPathFull)) {
    if (await fileExists(newPathFull))
      throw {
        code: 409,
        status: 'Conflict',
        message: 'File with new name already exists.'
      }
    else moveFile(oldPathFull, newPathFull)
    return { status: 'success' }
  }
  throw {
    code: 404,
    status: 'Not Found',
    message: 'No file/folder found for provided path.'
  }
 }
 const updateFile = async (
  filePath: string,
  multerFile: Express.Multer.File
@@ -350,13 +554,19 @@ const updateFile = async (
    .join(driveFilesPath, filePath)
    .replace(new RegExp('/', 'g'), path.sep)
-  if (!filePathFull.includes(driveFilesPath)) {
+  if (!filePathFull.includes(driveFilesPath))
-    throw new Error('Cannot modify file outside drive.')
+    throw {
-  }
+      code: 400,
      status: 'Bad Request',
      message: `Can't modify file outside drive.`
    }
-  if (!(await fileExists(filePathFull))) {
+  if (!(await fileExists(filePathFull)))
-    throw new Error(`File doesn't exist.`)
+    throw {
-  }
+      code: 404,
      status: 'Not Found',
      message: `File doesn't exist.`
    }
  await moveFile(multerFile.path, filePathFull)
--- a/api/src/controllers/group.ts
+++ b/api/src/controllers/group.ts
@@ -10,7 +10,7 @@ import {
  Body
 } from 'tsoa'
-import Group, { GroupPayload } from '../model/Group'
+import Group, { GroupPayload, PUBLIC_GROUP_NAME } from '../model/Group'
 import User from '../model/User'
 import { UserResponse } from './user'
@@ -241,6 +241,13 @@ const updateUsersListInGroup = async (
      message: 'Group not found.'
    }
  if (group.name === PUBLIC_GROUP_NAME)
    throw {
      code: 400,
      status: 'Bad Request',
      message: `Can't add/remove user to '${PUBLIC_GROUP_NAME}' group.`
    }
  const user = await User.findOne({ id: userId })
  if (!user)
    throw {
--- a/api/src/controllers/info.ts
+++ b/api/src/controllers/info.ts
@@ -1,7 +1,7 @@
 import { Route, Tags, Example, Get } from 'tsoa'
 import { getAuthorizedRoutes } from '../utils'
 export interface AuthorizedRoutesResponse {
-  URIs: string[]
+  paths: string[]
 }
 export interface InfoResponse {
@@ -42,16 +42,16 @@ export class InfoController {
  }
  /**
-   * @summary Get authorized routes.
+   * @summary Get the list of available routes to which permissions can be applied.  Used to populate the dialog in the URI Permissions feature.
   *
   */
  @Example<AuthorizedRoutesResponse>({
-    URIs: ['/AppStream', '/SASjsApi/stp/execute']
+    paths: ['/AppStream', '/SASjsApi/stp/execute']
  })
  @Get('/authorizedRoutes')
  public authorizedRoutes(): AuthorizedRoutesResponse {
    const response = {
-      URIs: getAuthorizedRoutes()
+      paths: getAuthorizedRoutes()
    }
    return response
  }
--- a/api/src/controllers/internal/Execution.ts
+++ b/api/src/controllers/internal/Execution.ts
@@ -20,12 +20,6 @@ export interface ExecuteReturnRaw {
  result: string | Buffer
 }
 export interface ExecuteReturnJson {
  httpHeaders: HTTPHeaders
  webout: string | Buffer
  log?: string
 }
 interface ExecuteFileParams {
  programPath: string
  preProgramVariables: PreProgramVars
@@ -68,10 +62,9 @@ export class ExecutionController {
    preProgramVariables,
    vars,
    otherArgs,
    returnJson,
    session: sessionByFileUpload,
    runTime
-  }: ExecuteProgramParams): Promise<ExecuteReturnRaw | ExecuteReturnJson> {
+  }: ExecuteProgramParams): Promise<ExecuteReturnRaw> {
    const sessionController = getSessionController(runTime)
    const session =
@@ -96,6 +89,7 @@ export class ExecutionController {
      vars,
      session,
      weboutPath,
      headersPath,
      tokenFile,
      runTime,
      logPath,
@@ -107,10 +101,7 @@ export class ExecutionController {
      ? await readFile(headersPath)
      : ''
    const httpHeaders: HTTPHeaders = extractHeaders(headersContent)
-    const fileResponse: boolean =
+    const fileResponse: boolean = httpHeaders.hasOwnProperty('content-type')
      httpHeaders.hasOwnProperty('content-type') &&
      !returnJson && // not a POST Request
      !isDebugOn(vars) // Debug is not enabled
    const webout = (await fileExists(weboutPath))
      ? fileResponse
@@ -121,19 +112,11 @@ export class ExecutionController {
    // it should be deleted by scheduleSessionDestroy
    session.inUse = false
    if (returnJson) {
      return {
        httpHeaders,
        webout,
        log: isDebugOn(vars) || session.crashed ? log : undefined
      }
    }
    return {
      httpHeaders,
      result:
        isDebugOn(vars) || session.crashed
-          ? `<html><body>${webout}<div style="text-align:left"><hr /><h2>SAS Log</h2><pre>${log}</pre></div></body></html>`
+          ? `${webout}\n${process.logsUUID}\n${log}`
          : webout
    }
  }
@@ -143,6 +126,7 @@ export class ExecutionController {
      name: 'files',
      relativePath: '',
      absolutePath: getFilesFolder(),
      isFolder: true,
      children: []
    }
@@ -152,15 +136,22 @@ export class ExecutionController {
      const currentNode = stack.pop()
      if (currentNode) {
        currentNode.isFolder = fs
          .statSync(currentNode.absolutePath)
          .isDirectory()
        const children = fs.readdirSync(currentNode.absolutePath)
        for (let child of children) {
-          const absoluteChildPath = `${currentNode.absolutePath}/${child}`
+          const absoluteChildPath = path.join(currentNode.absolutePath, child)
          // relative path will only be used in frontend component
          // so, no need to convert '/' to platform specific separator
          const relativeChildPath = `${currentNode.relativePath}/${child}`
          const childNode: TreeNode = {
            name: child,
            relativePath: relativeChildPath,
            absolutePath: absoluteChildPath,
            isFolder: false,
            children: []
          }
          currentNode.children.push(childNode)
--- a/api/src/controllers/internal/Session.ts
+++ b/api/src/controllers/internal/Session.ts
@@ -19,13 +19,41 @@ import {
 const execFilePromise = promisify(execFile)
-abstract class SessionController {
+export class SessionController {
  protected sessions: Session[] = []
  protected getReadySessions = (): Session[] =>
    this.sessions.filter((sess: Session) => sess.ready && !sess.consumed)
-  protected abstract createSession(): Promise<Session>
+  protected async createSession(): Promise<Session> {
    const sessionId = generateUniqueFileName(generateTimestamp())
    const sessionFolder = path.join(getSessionsFolder(), sessionId)
    const creationTimeStamp = sessionId.split('-').pop() as string
    // death time of session is 15 mins from creation
    const deathTimeStamp = (
      parseInt(creationTimeStamp) +
      15 * 60 * 1000 -
      1000
    ).toString()
    const session: Session = {
      id: sessionId,
      ready: true,
      inUse: true,
      consumed: false,
      completed: false,
      creationTimeStamp,
      deathTimeStamp,
      path: sessionFolder
    }
    const headersPath = path.join(session.path, 'stpsrv_header.txt')
    await createFile(headersPath, 'Content-type: text/plain')
    this.sessions.push(session)
    return session
  }
  public async getSession() {
    const readySessions = this.getReadySessions()
@@ -64,6 +92,9 @@ export class SASSessionController extends SessionController {
      path: sessionFolder
    }
    const headersPath = path.join(session.path, 'stpsrv_header.txt')
    await createFile(headersPath, 'Content-type: text/plain')
    // we do not want to leave sessions running forever
    // we clean them up after a predefined period, if unused
    this.scheduleSessionDestroy(session)
@@ -101,9 +132,14 @@ ${autoExecContent}`
      session.path,
      '-AUTOEXEC',
      autoExecPath,
-      isWindows() ? '-nosplash' : '',
+      isWindows() ? '-nologo' : '',
-      isWindows() ? '-icon' : '',
+      process.sasLoc!.endsWith('sas.exe') ? '-nosplash' : '',
-      isWindows() ? '-nologo' : ''
+      process.sasLoc!.endsWith('sas.exe') ? '-icon' : '',
      process.sasLoc!.endsWith('sas.exe') ? '-nodms' : '',
      process.sasLoc!.endsWith('sas.exe') ? '-noterminal' : '',
      process.sasLoc!.endsWith('sas.exe') ? '-nostatuswin' : '',
      process.sasLoc!.endsWith('sas.exe') ? '-SASINITIALFOLDER' : '',
      process.sasLoc!.endsWith('sas.exe') ? session.path : ''
    ])
      .then(() => {
        session.completed = true
@@ -137,7 +173,7 @@ ${autoExecContent}`
    session.ready = true
  }
-  public async deleteSession(session: Session) {
+  private async deleteSession(session: Session) {
    // remove the temporary files, to avoid buildup
    await deleteFolder(session.path)
@@ -162,66 +198,17 @@ ${autoExecContent}`
  }
 }
 export class JSSessionController extends SessionController {
  protected async createSession(): Promise<Session> {
    const sessionId = generateUniqueFileName(generateTimestamp())
    const sessionFolder = path.join(getSessionsFolder(), sessionId)
    const creationTimeStamp = sessionId.split('-').pop() as string
    // death time of session is 15 mins from creation
    const deathTimeStamp = (
      parseInt(creationTimeStamp) +
      15 * 60 * 1000 -
      1000
    ).toString()
    const session: Session = {
      id: sessionId,
      ready: true,
      inUse: true,
      consumed: false,
      completed: false,
      creationTimeStamp,
      deathTimeStamp,
      path: sessionFolder
    }
    const headersPath = path.join(session.path, 'stpsrv_header.txt')
    await createFile(headersPath, 'Content-type: application/json')
    this.sessions.push(session)
    return session
  }
 }
 export const getSessionController = (
  runTime: RunTimeType
-): SASSessionController | JSSessionController => {
+): SessionController => {
-  if (runTime === RunTimeType.SAS) {
+  if (process.sessionController) return process.sessionController
    return getSASSessionController()
  }
-  if (runTime === RunTimeType.JS) {
+  process.sessionController =
-    return getJSSessionController()
+    runTime === RunTimeType.SAS
-  }
+      ? new SASSessionController()
      : new SessionController()
-  throw new Error('No Runtime is configured')
+  return process.sessionController
 }
 const getSASSessionController = (): SASSessionController => {
  if (process.sasSessionController) return process.sasSessionController
  process.sasSessionController = new SASSessionController()
  return process.sasSessionController
 }
 const getJSSessionController = (): JSSessionController => {
  if (process.jsSessionController) return process.jsSessionController
  process.jsSessionController = new JSSessionController()
  return process.jsSessionController
 }
 const autoExecContent = `
--- a/api/src/controllers/internal/createJSProgram.ts
+++ b/api/src/controllers/internal/createJSProgram.ts
@@ -1,4 +1,4 @@
-import { isWindows } from '@sasjs/utils'
+import { escapeWinSlashes } from '@sasjs/utils'
 import { PreProgramVars, Session } from '../../types'
 import { generateFileUploadJSCode } from '../../utils'
 import { ExecutionVars } from './'
@@ -9,6 +9,7 @@ export const createJSProgram = async (
  vars: ExecutionVars,
  session: Session,
  weboutPath: string,
  headersPath: string,
  tokenFile: string,
  otherArgs?: any
 ) => {
@@ -20,16 +21,15 @@ export const createJSProgram = async (
  const preProgramVarStatments = `
 let _webout = '';
-const weboutPath = '${
+const weboutPath = '${escapeWinSlashes(weboutPath)}'; 
-    isWindows() ? weboutPath.replace(/\\/g, '\\\\') : weboutPath
+const _SASJS_TOKENFILE = '${escapeWinSlashes(tokenFile)}';
-  }'; 
+const _SASJS_WEBOUT_HEADERS = '${escapeWinSlashes(headersPath)}';
-const _sasjs_tokenfile = '${tokenFile}';
+const _SASJS_USERNAME = '${preProgramVariables?.username}';
-const _sasjs_username = '${preProgramVariables?.username}';
+const _SASJS_USERID = '${preProgramVariables?.userId}';
-const _sasjs_userid = '${preProgramVariables?.userId}';
+const _SASJS_DISPLAYNAME = '${preProgramVariables?.displayName}';
-const _sasjs_displayname = '${preProgramVariables?.displayName}';
+const _METAPERSON = _SASJS_DISPLAYNAME;
-const _metaperson = _sasjs_displayname;
+const _METAUSER = _SASJS_USERNAME;
-const _metauser = _sasjs_username;
+const SASJSPROCESSMODE = 'Stored Program';
 const sasjsprocessmode = 'Stored Program';
 `
  const requiredModules = `const fs = require('fs')`
@@ -53,14 +53,15 @@ if (_webout) {
 `
  // if no files are uploaded filesNamesMap will be undefined
  if (otherArgs?.filesNamesMap) {
-    const uploadJSCode = await generateFileUploadJSCode(
+    const uploadJsCode = await generateFileUploadJSCode(
      otherArgs.filesNamesMap,
      session.path
    )
-    //If js code for the file is generated it will be appended to the top of jsCode
+    // If any files are uploaded, the program needs to be updated with some
-    if (uploadJSCode.length > 0) {
+    // dynamically generated variables (pointers) for ease of ingestion
-      program = `${uploadJSCode}\n` + program
+    if (uploadJsCode.length > 0) {
      program = `${uploadJsCode}\n` + program
    }
  }
  return requiredModules + program
--- a/api/src/controllers/internal/createPythonProgram.ts
+++ b/api/src/controllers/internal/createPythonProgram.ts
@@ -0,0 +1,64 @@
 import { escapeWinSlashes } from '@sasjs/utils'
 import { PreProgramVars, Session } from '../../types'
 import { generateFileUploadPythonCode } from '../../utils'
 import { ExecutionVars } from './'
 export const createPythonProgram = async (
  program: string,
  preProgramVariables: PreProgramVars,
  vars: ExecutionVars,
  session: Session,
  weboutPath: string,
  headersPath: string,
  tokenFile: string,
  otherArgs?: any
 ) => {
  const varStatments = Object.keys(vars).reduce(
    (computed: string, key: string) => `${computed}${key} = '${vars[key]}';\n`,
    ''
  )
  const preProgramVarStatments = `
 _SASJS_SESSION_PATH = '${escapeWinSlashes(session.path)}';
 _WEBOUT = '${escapeWinSlashes(weboutPath)}'; 
 _SASJS_WEBOUT_HEADERS = '${escapeWinSlashes(headersPath)}';
 _SASJS_TOKENFILE = '${escapeWinSlashes(tokenFile)}';
 _SASJS_USERNAME = '${preProgramVariables?.username}';
 _SASJS_USERID = '${preProgramVariables?.userId}';
 _SASJS_DISPLAYNAME = '${preProgramVariables?.displayName}';
 _METAPERSON = _SASJS_DISPLAYNAME;
 _METAUSER = _SASJS_USERNAME;
 SASJSPROCESSMODE = 'Stored Program';
 `
  const requiredModules = `import os`
  program = `
 # runtime vars
 ${varStatments}
 # dynamic user-provided vars
 ${preProgramVarStatments}
 # change working directory to  session folder
 os.chdir(_SASJS_SESSION_PATH)
 # actual job code
 ${program}
 `
  // if no files are uploaded filesNamesMap will be undefined
  if (otherArgs?.filesNamesMap) {
    const uploadPythonCode = await generateFileUploadPythonCode(
      otherArgs.filesNamesMap,
      session.path
    )
    // If any files are uploaded, the program needs to be updated with some
    // dynamically generated variables (pointers) for ease of ingestion
    if (uploadPythonCode.length > 0) {
      program = `${uploadPythonCode}\n` + program
    }
  }
  return requiredModules + program
 }
--- a/api/src/controllers/internal/createRProgram.ts
+++ b/api/src/controllers/internal/createRProgram.ts
@@ -0,0 +1,64 @@
 import { escapeWinSlashes } from '@sasjs/utils'
 import { PreProgramVars, Session } from '../../types'
 import { generateFileUploadRCode } from '../../utils'
 import { ExecutionVars } from '.'
 export const createRProgram = async (
  program: string,
  preProgramVariables: PreProgramVars,
  vars: ExecutionVars,
  session: Session,
  weboutPath: string,
  headersPath: string,
  tokenFile: string,
  otherArgs?: any
 ) => {
  const varStatments = Object.keys(vars).reduce(
    (computed: string, key: string) => `${computed}.${key} <- '${vars[key]}'\n`,
    ''
  )
  const preProgramVarStatments = `
 ._SASJS_SESSION_PATH <- '${escapeWinSlashes(session.path)}';
 ._WEBOUT <- '${escapeWinSlashes(weboutPath)}'; 
 ._SASJS_WEBOUT_HEADERS <- '${escapeWinSlashes(headersPath)}';
 ._SASJS_TOKENFILE <- '${escapeWinSlashes(tokenFile)}';
 ._SASJS_USERNAME <- '${preProgramVariables?.username}';
 ._SASJS_USERID <- '${preProgramVariables?.userId}';
 ._SASJS_DISPLAYNAME <- '${preProgramVariables?.displayName}';
 ._METAPERSON <- ._SASJS_DISPLAYNAME;
 ._METAUSER <- ._SASJS_USERNAME;
 SASJSPROCESSMODE <- 'Stored Program';
 `
  const requiredModules = ``
  program = `
 # runtime vars
 ${varStatments}
 # dynamic user-provided vars
 ${preProgramVarStatments}
 # change working directory to  session folder
 setwd(._SASJS_SESSION_PATH)
 # actual job code
 ${program}
 `
  // if no files are uploaded filesNamesMap will be undefined
  if (otherArgs?.filesNamesMap) {
    const uploadRCode = await generateFileUploadRCode(
      otherArgs.filesNamesMap,
      session.path
    )
    // If any files are uploaded, the program needs to be updated with some
    // dynamically generated variables (pointers) for ease of ingestion
    if (uploadRCode.length > 0) {
      program = `${uploadRCode}\n` + program
    }
  }
  return requiredModules + program
 }
--- a/api/src/controllers/internal/createSASProgram.ts
+++ b/api/src/controllers/internal/createSASProgram.ts
@@ -8,6 +8,7 @@ export const createSASProgram = async (
  vars: ExecutionVars,
  session: Session,
  weboutPath: string,
  headersPath: string,
  tokenFile: string,
  otherArgs?: any
 ) => {
@@ -23,10 +24,14 @@ export const createSASProgram = async (
 %let _sasjs_displayname=${preProgramVariables?.displayName};
 %let _sasjs_apiserverurl=${preProgramVariables?.serverUrl};
 %let _sasjs_apipath=/SASjsApi/stp/execute;
 %let _sasjs_webout_headers=${headersPath};
 %let _metaperson=&_sasjs_displayname;
 %let _metauser=&_sasjs_username;
 /* the below is here for compatibility and will be removed in a future release */
 %let sasjs_stpsrv_header_loc=&_sasjs_webout_headers;
 %let sasjsprocessmode=Stored Program;
 %let sasjs_stpsrv_header_loc=%sysfunc(pathname(work))/../stpsrv_header.txt;
 %global SYSPROCESSMODE SYSTCPIPHOSTNAME SYSHOSTINFOLONG;
 %macro _sasjs_server_init();
@@ -34,6 +39,9 @@ export const createSASProgram = async (
 %if "&SYSTCPIPHOSTNAME"="" %then %let SYSTCPIPHOSTNAME=&_sasjs_apiserverurl;
 %mend;
 %_sasjs_server_init()
 proc printto print="%sysfunc(getoption(log))";
 run;
 `
  program = `
@@ -60,7 +68,8 @@ ${program}`
      session.path
    )
-    //If sas code for the file is generated it will be appended to the top of sasCode
+    // If any files are uploaded, the program needs to be updated with some
    // dynamically generated variables (pointers) for ease of ingestion
    if (uploadSasCode.length > 0) {
      program = `${uploadSasCode}` + program
    }
--- a/api/src/controllers/internal/index.ts
+++ b/api/src/controllers/internal/index.ts
@@ -4,4 +4,6 @@ export * from './Execution'
 export * from './FileUploadController'
 export * from './createSASProgram'
 export * from './createJSProgram'
 export * from './createPythonProgram'
 export * from './createRProgram'
 export * from './processProgram'
--- a/api/src/controllers/internal/processProgram.ts
+++ b/api/src/controllers/internal/processProgram.ts
@@ -5,7 +5,13 @@ import { once } from 'stream'
 import { createFile, moveFile } from '@sasjs/utils'
 import { PreProgramVars, Session } from '../../types'
 import { RunTimeType } from '../../utils'
-import { ExecutionVars, createSASProgram, createJSProgram } from './'
+import {
  ExecutionVars,
  createSASProgram,
  createJSProgram,
  createPythonProgram,
  createRProgram
 } from './'
 export const processProgram = async (
  program: string,
@@ -13,54 +19,20 @@ export const processProgram = async (
  vars: ExecutionVars,
  session: Session,
  weboutPath: string,
  headersPath: string,
  tokenFile: string,
  runTime: RunTimeType,
  logPath: string,
  otherArgs?: any
 ) => {
-  if (runTime === RunTimeType.JS) {
+  if (runTime === RunTimeType.SAS) {
    program = await createJSProgram(
      program,
      preProgramVariables,
      vars,
      session,
      weboutPath,
      tokenFile,
      otherArgs
    )
    const codePath = path.join(session.path, 'code.js')
    try {
      await createFile(codePath, program)
      // create a stream that will write to console outputs to log file
      const writeStream = fs.createWriteStream(logPath)
      // waiting for the open event so that we can have underlying file descriptor
      await once(writeStream, 'open')
      execFileSync(process.nodeLoc!, [codePath], {
        stdio: ['ignore', writeStream, writeStream]
      })
      // copy the code.js program to log and end write stream
      writeStream.end(program)
      session.completed = true
      console.log('session completed', session)
    } catch (err: any) {
      session.completed = true
      session.crashed = err.toString()
      console.log('session crashed', session.id, session.crashed)
    }
  } else {
    program = await createSASProgram(
      program,
      preProgramVariables,
      vars,
      session,
      weboutPath,
      headersPath,
      tokenFile,
      otherArgs
    )
@@ -80,6 +52,82 @@ export const processProgram = async (
    while (!session.completed) {
      await delay(50)
    }
  } else {
    let codePath: string
    let executablePath: string
    switch (runTime) {
      case RunTimeType.JS:
        program = await createJSProgram(
          program,
          preProgramVariables,
          vars,
          session,
          weboutPath,
          headersPath,
          tokenFile,
          otherArgs
        )
        codePath = path.join(session.path, 'code.js')
        executablePath = process.nodeLoc!
        break
      case RunTimeType.PY:
        program = await createPythonProgram(
          program,
          preProgramVariables,
          vars,
          session,
          weboutPath,
          headersPath,
          tokenFile,
          otherArgs
        )
        codePath = path.join(session.path, 'code.py')
        executablePath = process.pythonLoc!
        break
      case RunTimeType.R:
        program = await createRProgram(
          program,
          preProgramVariables,
          vars,
          session,
          weboutPath,
          headersPath,
          tokenFile,
          otherArgs
        )
        codePath = path.join(session.path, 'code.r')
        executablePath = process.rLoc!
        break
      default:
        throw new Error('Invalid runtime!')
    }
    try {
      await createFile(codePath, program)
      // create a stream that will write to console outputs to log file
      const writeStream = fs.createWriteStream(logPath)
      // waiting for the open event so that we can have underlying file descriptor
      await once(writeStream, 'open')
      execFileSync(executablePath, [codePath], {
        stdio: ['ignore', writeStream, writeStream]
      })
      // copy the code file to log and end write stream
      writeStream.end(program)
      session.completed = true
      console.log('session completed', session)
    } catch (err: any) {
      session.completed = true
      session.crashed = err.toString()
      console.log('session crashed', session.id, session.crashed)
    }
  }
 }
--- a/api/src/controllers/mock-sas9.ts
+++ b/api/src/controllers/mock-sas9.ts
@@ -0,0 +1,191 @@
 import { readFile } from '@sasjs/utils'
 import express from 'express'
 import path from 'path'
 import { Request, Post, Get } from 'tsoa'
 export interface Sas9Response {
  content: string
  redirect?: string
  error?: boolean
 }
 export interface MockFileRead {
  content: string
  error?: boolean
 }
 export class MockSas9Controller {
  private loggedIn: string | undefined
  @Get('/SASStoredProcess')
  public async sasStoredProcess(): Promise<Sas9Response> {
    if (!this.loggedIn) {
      return {
        content: '',
        redirect: '/SASLogon/login'
      }
    }
    return await getMockResponseFromFile([
      process.cwd(),
      'mocks',
      'generic',
      'sas9',
      'sas-stored-process'
    ])
  }
  @Post('/SASStoredProcess/do/')
  public async sasStoredProcessDo(
    @Request() req: express.Request
  ): Promise<Sas9Response> {
    if (!this.loggedIn) {
      return {
        content: '',
        redirect: '/SASLogon/login'
      }
    }
    if (this.isPublicAccount()) {
      return {
        content: '',
        redirect: '/SASLogon/Login'
      }
    }
    let program = req.query._program?.toString() || ''
    program = program.replace('/', '')
    const content = await getMockResponseFromFile([
      process.cwd(),
      'mocks',
      ...program.split('/')
    ])
    if (content.error) {
      return content
    }
    const parsedContent = parseJsonIfValid(content.content)
    return {
      content: parsedContent
    }
  }
  @Get('/SASLogon/login')
  public async loginGet(): Promise<Sas9Response> {
    if (this.loggedIn) {
      if (this.isPublicAccount()) {
        return {
          content: '',
          redirect: '/SASStoredProcess/Logoff?publicDenied=true'
        }
      } else {
        return await getMockResponseFromFile([
          process.cwd(),
          'mocks',
          'generic',
          'sas9',
          'logged-in'
        ])
      }
    }
    return await getMockResponseFromFile([
      process.cwd(),
      'mocks',
      'generic',
      'sas9',
      'login'
    ])
  }
  @Post('/SASLogon/login')
  public async loginPost(req: express.Request): Promise<Sas9Response> {
    this.loggedIn = req.body.username
    return await getMockResponseFromFile([
      process.cwd(),
      'mocks',
      'generic',
      'sas9',
      'logged-in'
    ])
  }
  @Get('/SASLogon/logout')
  public async logout(req: express.Request): Promise<Sas9Response> {
    this.loggedIn = undefined
    if (req.query.publicDenied === 'true') {
      return await getMockResponseFromFile([
        process.cwd(),
        'mocks',
        'generic',
        'sas9',
        'public-access-denied'
      ])
    }
    return await getMockResponseFromFile([
      process.cwd(),
      'mocks',
      'generic',
      'sas9',
      'logged-out'
    ])
  }
  @Get('/SASStoredProcess/Logoff') //publicDenied=true
  public async logoff(req: express.Request): Promise<Sas9Response> {
    const params = req.query.publicDenied
      ? `?publicDenied=${req.query.publicDenied}`
      : ''
    return {
      content: '',
      redirect: '/SASLogon/logout' + params
    }
  }
  private isPublicAccount = () => this.loggedIn?.toLowerCase() === 'public'
 }
 /**
 * If JSON is valid it will be parsed otherwise will return text unaltered
 * @param content string to be parsed
 * @returns JSON or string
 */
 const parseJsonIfValid = (content: string) => {
  let fileContent = ''
  try {
    fileContent = JSON.parse(content)
  } catch (err: any) {
    fileContent = content
  }
  return fileContent
 }
 const getMockResponseFromFile = async (
  filePath: string[]
 ): Promise<MockFileRead> => {
  const filePathParsed = path.join(...filePath)
  let error: boolean = false
  let file = await readFile(filePathParsed).catch((err: any) => {
    const errMsg = `Error reading mocked file on path: ${filePathParsed}\nError: ${err}`
    console.error(errMsg)
    error = true
    return errMsg
  })
  return {
    content: file,
    error: error
  }
 }
--- a/api/src/controllers/permission.ts
+++ b/api/src/controllers/permission.ts
@@ -1,3 +1,4 @@
 import express from 'express'
 import {
  Security,
  Route,
@@ -8,7 +9,8 @@ import {
  Post,
  Patch,
  Delete,
-  Body
+  Body,
  Request
 } from 'tsoa'
 import Permission from '../model/Permission'
@@ -17,12 +19,16 @@ import Group from '../model/Group'
 import { UserResponse } from './user'
 import { GroupDetailsResponse } from './group'
 export enum PermissionType {
  route = 'Route'
 }
 export enum PrincipalType {
  user = 'user',
  group = 'group'
 }
-export enum PermissionSetting {
+export enum PermissionSettingForRoute {
  grant = 'Grant',
  deny = 'Deny'
 }
@@ -32,12 +38,17 @@ interface RegisterPermissionPayload {
   * Name of affected resource
   * @example "/SASjsApi/code/execute"
   */
-  uri: string
+  path: string
  /**
   * Type of affected resource
   * @example "Route"
   */
  type: PermissionType
  /**
   * The indication of whether (and to what extent) access is provided
   * @example "Grant"
   */
-  setting: PermissionSetting
+  setting: PermissionSettingForRoute
  /**
   * Indicates the type of principal
   * @example "user"
@@ -55,12 +66,13 @@ interface UpdatePermissionPayload {
   * The indication of whether (and to what extent) access is provided
   * @example "Grant"
   */
-  setting: PermissionSetting
+  setting: PermissionSettingForRoute
 }
 export interface PermissionDetailsResponse {
  permissionId: number
-  uri: string
+  path: string
  type: string
  setting: string
  user?: UserResponse
  group?: GroupDetailsResponse
@@ -71,13 +83,17 @@ export interface PermissionDetailsResponse {
@Tags('Permission')
 export class PermissionController {
  /**
-   * @summary Get list of all permissions (uri, setting and userDetail).
+   * Get the list of permission rules applicable the authenticated user.
   * If the user is an admin, all rules are returned.
   *
   * @summary Get the list of permission rules. If the user is admin, all rules are returned.
   *
   */
  @Example<PermissionDetailsResponse[]>([
    {
      permissionId: 123,
-      uri: '/SASjsApi/code/execute',
+      path: '/SASjsApi/code/execute',
      type: 'Route',
      setting: 'Grant',
      user: {
        id: 1,
@@ -88,7 +104,8 @@ export class PermissionController {
    },
    {
      permissionId: 124,
-      uri: '/SASjsApi/code/execute',
+      path: '/SASjsApi/code/execute',
      type: 'Route',
      setting: 'Grant',
      group: {
        groupId: 1,
@@ -100,8 +117,10 @@ export class PermissionController {
    }
  ])
  @Get('/')
-  public async getAllPermissions(): Promise<PermissionDetailsResponse[]> {
+  public async getAllPermissions(
-    return getAllPermissions()
+    @Request() request: express.Request
  ): Promise<PermissionDetailsResponse[]> {
    return getAllPermissions(request)
  }
  /**
@@ -110,7 +129,8 @@ export class PermissionController {
   */
  @Example<PermissionDetailsResponse>({
    permissionId: 123,
-    uri: '/SASjsApi/code/execute',
+    path: '/SASjsApi/code/execute',
    type: 'Route',
    setting: 'Grant',
    user: {
      id: 1,
@@ -133,7 +153,8 @@ export class PermissionController {
   */
  @Example<PermissionDetailsResponse>({
    permissionId: 123,
-    uri: '/SASjsApi/code/execute',
+    path: '/SASjsApi/code/execute',
    type: 'Route',
    setting: 'Grant',
    user: {
      id: 1,
@@ -161,33 +182,43 @@ export class PermissionController {
  }
 }
-const getAllPermissions = async (): Promise<PermissionDetailsResponse[]> =>
+const getAllPermissions = async (
-  (await Permission.find({})
+  req: express.Request
-    .select({
+): Promise<PermissionDetailsResponse[]> => {
-      _id: 0,
+  const { user } = req
-      permissionId: 1,
+
-      uri: 1,
+  if (user?.isAdmin) return await Permission.get({})
-      setting: 1
+  else {
-    })
+    const permissions: PermissionDetailsResponse[] = []
-    .populate({ path: 'user', select: 'id username displayName isAdmin -_id' })
+
-    .populate({
+    const dbUser = await User.findOne({ id: user?.userId })
-      path: 'group',
+    if (!dbUser)
-      select: 'groupId name description -_id',
+      throw {
-      populate: {
+        code: 404,
-        path: 'users',
+        status: 'Not Found',
-        select: 'id username displayName isAdmin -_id',
+        message: 'User not found.'
        options: { limit: 15 }
      }
-    })) as unknown as PermissionDetailsResponse[]
+
    permissions.push(...(await Permission.get({ user: dbUser._id })))
    for (const group of dbUser.groups) {
      permissions.push(...(await Permission.get({ group })))
    }
    return permissions
  }
 }
 const createPermission = async ({
-  uri,
+  path,
  type,
  setting,
  principalType,
  principalId
 }: RegisterPermissionPayload): Promise<PermissionDetailsResponse> => {
  const permission = new Permission({
-    uri,
+    path,
    type,
    setting
  })
@@ -212,7 +243,8 @@ const createPermission = async ({
        }
      const alreadyExists = await Permission.findOne({
-        uri,
+        path,
        type,
        user: userInDB._id
      })
@@ -220,7 +252,8 @@ const createPermission = async ({
        throw {
          code: 409,
          status: 'Conflict',
-          message: 'Permission already exists with provided URI and User.'
+          message:
            'Permission already exists with provided Path, Type and User.'
        }
      permission.user = userInDB._id
@@ -243,14 +276,16 @@ const createPermission = async ({
        }
      const alreadyExists = await Permission.findOne({
-        uri,
+        path,
        type,
        group: groupInDB._id
      })
      if (alreadyExists)
        throw {
          code: 409,
          status: 'Conflict',
-          message: 'Permission already exists with provided URI and Group.'
+          message:
            'Permission already exists with provided Path, Type and Group.'
        }
      permission.group = groupInDB._id
@@ -280,7 +315,8 @@ const createPermission = async ({
  return {
    permissionId: savedPermission.permissionId,
-    uri: savedPermission.uri,
+    path: savedPermission.path,
    type: savedPermission.type,
    setting: savedPermission.setting,
    user,
    group
@@ -301,7 +337,8 @@ const updatePermission = async (
    .select({
      _id: 0,
      permissionId: 1,
-      uri: 1,
+      path: 1,
      type: 1,
      setting: 1
    })
    .populate({ path: 'user', select: 'id username displayName isAdmin -_id' })
--- a/api/src/controllers/stp.ts
+++ b/api/src/controllers/stp.ts
@@ -1,33 +1,16 @@
 import express from 'express'
-import {
+import { Request, Security, Route, Tags, Post, Body, Get, Query } from 'tsoa'
-  Request,
+import { ExecutionController, ExecutionVars } from './internal'
  Security,
  Route,
  Tags,
  Post,
  Body,
  Get,
  Query,
  Example
 } from 'tsoa'
 import {
  ExecuteReturnJson,
  ExecuteReturnRaw,
  ExecutionController,
  ExecutionVars
 } from './internal'
 import {
  getPreProgramVariables,
  HTTPHeaders,
  isDebugOn,
  LogLine,
  makeFilesNamesMap,
  parseLogToArray,
  getRunTimeAndFilePath
 } from '../utils'
 import { MulterFile } from '../types/Upload'
-interface ExecuteReturnJsonPayload {
+interface ExecutePostRequestPayload {
  /**
   * Location of SAS program
   * @example "/Public/somefolder/some.file"
@@ -35,102 +18,78 @@ interface ExecuteReturnJsonPayload {
  _program?: string
 }
 interface IRecordOfAny {
  [key: string]: any
 }
 export interface ExecuteReturnJsonResponse {
  status: string
  _webout: string | IRecordOfAny
  log: LogLine[]
  message?: string
  httpHeaders: HTTPHeaders
 }
@Security('bearerAuth')
@Route('SASjsApi/stp')
@Tags('STP')
 export class STPController {
  /**
-   * Trigger a SAS or JS program using the _program URL parameter.
+   * Trigger a Stored Program using the _program URL parameter.
   *
   * Accepts URL parameters and file uploads.  For more details, see docs:
   *
   * https://server.sasjs.io/storedprograms
   *
-   * @summary Execute a Stored Program, returns raw _webout content.
+   * @summary Execute a Stored Program, returns _webout and (optionally) log.
-   * @param _program Location of SAS or JS code
+   * @param _program Location of code in SASjs Drive
   * @example _program "/Projects/myApp/some/program"
   */
  @Get('/execute')
-  public async executeReturnRaw(
+  public async executeGetRequest(
    @Request() request: express.Request,
    @Query() _program: string
  ): Promise<string | Buffer> {
-    return executeReturnRaw(request, _program)
+    const vars = request.query as ExecutionVars
    return execute(request, _program, vars)
  }
  /**
-   * Trigger a SAS or JS program using the _program URL parameter.
+   * Trigger a Stored Program using the _program URL parameter.
   *
   * Accepts URL parameters and file uploads.  For more details, see docs:
   *
   * https://server.sasjs.io/storedprograms
   *
   * The response will be a JSON object with the following root attributes:
   * log, webout, headers.
   *
-   * The webout attribute will be nested JSON ONLY if the response-header
+   * @summary Execute a Stored Program, returns _webout and (optionally) log.
-   * contains a content-type of application/json AND it is valid JSON.
+   * @param _program Location of code in SASjs Drive
   * Otherwise it will be a stringified version of the webout content.
   *
   * @summary Execute a Stored Program, return a JSON object
   * @param _program Location of SAS or JS code
   * @example _program "/Projects/myApp/some/program"
   */
  @Example<ExecuteReturnJsonResponse>({
    status: 'success',
    _webout: 'webout content',
    log: [],
    httpHeaders: {
      'Content-type': 'application/zip',
      'Cache-Control': 'public, max-age=1000'
    }
  })
  @Post('/execute')
-  public async executeReturnJson(
+  public async executePostRequest(
    @Request() request: express.Request,
-    @Body() body?: ExecuteReturnJsonPayload,
+    @Body() body?: ExecutePostRequestPayload,
    @Query() _program?: string
-  ): Promise<ExecuteReturnJsonResponse> {
+  ): Promise<string | Buffer> {
    const program = _program ?? body?._program
-    return executeReturnJson(request, program!)
+    const vars = { ...request.query, ...request.body }
    const filesNamesMap = request.files?.length
      ? makeFilesNamesMap(request.files as MulterFile[])
      : null
    const otherArgs = { filesNamesMap: filesNamesMap }
    return execute(request, program!, vars, otherArgs)
  }
 }
-const executeReturnRaw = async (
+const execute = async (
  req: express.Request,
-  _program: string
+  _program: string,
  vars: ExecutionVars,
  otherArgs?: any
 ): Promise<string | Buffer> => {
  const query = req.query as ExecutionVars
  try {
    const { codePath, runTime } = await getRunTimeAndFilePath(_program)
-    const { result, httpHeaders } =
+    const { result, httpHeaders } = await new ExecutionController().executeFile(
-      (await new ExecutionController().executeFile({
+      {
        programPath: codePath,
        runTime,
        preProgramVariables: getPreProgramVariables(req),
-        vars: query,
+        vars,
-        runTime
+        otherArgs,
-      })) as ExecuteReturnRaw
+        session: req.sasjsSession
-
+      }
-    // Should over-ride response header for debug
+    )
    // on GET request to see entire log rendering on browser.
    if (isDebugOn(query)) {
      httpHeaders['content-type'] = 'text/plain'
    }
    req.res?.set(httpHeaders)
    if (result instanceof Buffer) {
      ;(req as any).sasHeaders = httpHeaders
@@ -146,48 +105,3 @@ const executeReturnRaw = async (
    }
  }
 }
 const executeReturnJson = async (
  req: express.Request,
  _program: string
 ): Promise<ExecuteReturnJsonResponse> => {
  const filesNamesMap = req.files?.length
    ? makeFilesNamesMap(req.files as MulterFile[])
    : null
  try {
    const { codePath, runTime } = await getRunTimeAndFilePath(_program)
    const { webout, log, httpHeaders } =
      (await new ExecutionController().executeFile({
        programPath: codePath,
        preProgramVariables: getPreProgramVariables(req),
        vars: { ...req.query, ...req.body },
        otherArgs: { filesNamesMap: filesNamesMap },
        returnJson: true,
        session: req.sasjsSession,
        runTime
      })) as ExecuteReturnJson
    let weboutRes: string | IRecordOfAny = webout
    if (httpHeaders['content-type']?.toLowerCase() === 'application/json') {
      try {
        weboutRes = JSON.parse(webout as string)
      } catch (_) {}
    }
    return {
      status: 'success',
      _webout: weboutRes,
      log: parseLogToArray(log),
      httpHeaders
    }
  } catch (err: any) {
    throw {
      code: 400,
      status: 'failure',
      message: 'Job execution failed.',
      error: typeof err === 'object' ? err.toString() : err
    }
  }
 }
--- a/api/src/middlewares/authenticateToken.ts
+++ b/api/src/middlewares/authenticateToken.ts
@@ -1,11 +1,13 @@
 import { RequestHandler, Request, Response, NextFunction } from 'express'
 import jwt from 'jsonwebtoken'
-import { csrfProtection } from '../app'
+import { csrfProtection } from './'
 import {
  fetchLatestAutoExec,
  ModeType,
  verifyTokenInDB,
-  isAuthorizingRoute
+  isAuthorizingRoute,
  isPublicRoute,
  publicUser
 } from '../utils'
 import { desktopUser } from './desktop'
 import { authorize } from './authorize'
@@ -41,7 +43,7 @@ export const authenticateAccessToken: RequestHandler = async (
    return res.sendStatus(401)
  }
-  authenticateToken(
+  await authenticateToken(
    req,
    res,
    nextFunction,
@@ -50,8 +52,12 @@ export const authenticateAccessToken: RequestHandler = async (
  )
 }
-export const authenticateRefreshToken: RequestHandler = (req, res, next) => {
+export const authenticateRefreshToken: RequestHandler = async (
-  authenticateToken(
+  req,
  res,
  next
 ) => {
  await authenticateToken(
    req,
    res,
    next,
@@ -60,7 +66,7 @@ export const authenticateRefreshToken: RequestHandler = (req, res, next) => {
  )
 }
-const authenticateToken = (
+const authenticateToken = async (
  req: Request,
  res: Response,
  next: NextFunction,
@@ -83,12 +89,12 @@ const authenticateToken = (
  const authHeader = req.headers['authorization']
  const token = authHeader?.split(' ')[1]
  if (!token) return res.sendStatus(401)
-  jwt.verify(token, key, async (err: any, data: any) => {
+  try {
-    if (err) return res.sendStatus(401)
+    if (!token) throw 'Unauthorized'
    const data: any = jwt.verify(token, key)
    // verify this valid token's entry in DB
    const user = await verifyTokenInDB(
      data?.userId,
      data?.clientId,
@@ -101,8 +107,16 @@ const authenticateToken = (
        req.user = user
        if (tokenType === 'accessToken') req.accessToken = token
        return next()
-      } else return res.sendStatus(401)
+      } else throw 'Unauthorized'
    }
-    return res.sendStatus(401)
+
-  })
+    throw 'Unauthorized'
  } catch (error) {
    if (await isPublicRoute(req)) {
      req.user = publicUser
      return next()
    }
    res.sendStatus(401)
  }
 }
--- a/api/src/middlewares/authorize.ts
+++ b/api/src/middlewares/authorize.ts
@@ -1,36 +1,49 @@
 import { RequestHandler } from 'express'
 import User from '../model/User'
 import Permission from '../model/Permission'
-import { PermissionSetting } from '../controllers/permission'
+import {
-import { getUri } from '../utils'
+  PermissionSettingForRoute,
  PermissionType
 } from '../controllers/permission'
 import { getPath, isPublicRoute } from '../utils'
 export const authorize: RequestHandler = async (req, res, next) => {
  const { user } = req
-  if (!user) {
+  if (!user) return res.sendStatus(401)
    return res.sendStatus(401)
  }
  // no need to check for permissions when user is admin
  if (user.isAdmin) return next()
  // no need to check for permissions when route is Public
  if (await isPublicRoute(req)) return next()
  const dbUser = await User.findOne({ id: user.userId })
  if (!dbUser) return res.sendStatus(401)
-  const uri = getUri(req)
+  const path = getPath(req)
  // find permission w.r.t user
-  const permission = await Permission.findOne({ uri, user: dbUser._id })
+  const permission = await Permission.findOne({
    path,
    type: PermissionType.route,
    user: dbUser._id
  })
  if (permission) {
-    if (permission.setting === PermissionSetting.grant) return next()
+    if (permission.setting === PermissionSettingForRoute.grant) return next()
    else return res.sendStatus(401)
  }
  // find permission w.r.t user's groups
  for (const group of dbUser.groups) {
-    const groupPermission = await Permission.findOne({ uri, group })
+    const groupPermission = await Permission.findOne({
-    if (groupPermission?.setting === PermissionSetting.grant) return next()
+      path,
      type: PermissionType.route,
      group
    })
    if (groupPermission?.setting === PermissionSettingForRoute.grant)
      return next()
  }
  return res.sendStatus(401)
 }
--- a/api/src/middlewares/csrfProtection.ts
+++ b/api/src/middlewares/csrfProtection.ts
@@ -0,0 +1,32 @@
 import { RequestHandler } from 'express'
 import csrf from 'csrf'
 const csrfTokens = new csrf()
 const secret = csrfTokens.secretSync()
 export const generateCSRFToken = () => csrfTokens.create(secret)
 export const csrfProtection: RequestHandler = (req, res, next) => {
  if (req.method === 'GET') return next()
  // Reads the token from the following locations, in order:
  // req.body.csrf_token - typically generated by the body-parser module.
  // req.query.csrf_token - a built-in from Express.js to read from the URL query string.
  // req.headers['csrf-token'] - the CSRF-Token HTTP request header.
  // req.headers['xsrf-token'] - the XSRF-Token HTTP request header.
  // req.headers['x-csrf-token'] - the X-CSRF-Token HTTP request header.
  // req.headers['x-xsrf-token'] - the X-XSRF-Token HTTP request header.
  const token =
    req.body?.csrf_token ||
    req.query?.csrf_token ||
    req.headers['csrf-token'] ||
    req.headers['xsrf-token'] ||
    req.headers['x-csrf-token'] ||
    req.headers['x-xsrf-token']
  if (!csrfTokens.verify(secret, token)) {
    return res.status(400).send('Invalid CSRF token!')
  }
  next()
 }
--- a/api/src/middlewares/index.ts
+++ b/api/src/middlewares/index.ts
@@ -1,5 +1,6 @@
 export * from './authenticateToken'
 export * from './authorize'
 export * from './csrfProtection'
 export * from './desktop'
 export * from './verifyAdmin'
 export * from './verifyAdminIfNeeded'
 export * from './authorize'
--- a/api/src/model/Group.ts
+++ b/api/src/model/Group.ts
@@ -3,6 +3,8 @@ import { GroupDetailsResponse } from '../controllers'
 import User, { IUser } from './User'
 const AutoIncrement = require('mongoose-sequence')(mongoose)
 export const PUBLIC_GROUP_NAME = 'Public'
 export interface GroupPayload {
  /**
   * Name of the group
--- a/api/src/model/Permission.ts
+++ b/api/src/model/Permission.ts
@@ -1,8 +1,15 @@
 import mongoose, { Schema, model, Document, Model } from 'mongoose'
 const AutoIncrement = require('mongoose-sequence')(mongoose)
 import { PermissionDetailsResponse } from '../controllers'
 interface GetPermissionBy {
  user?: Schema.Types.ObjectId
  group?: Schema.Types.ObjectId
 }
 interface IPermissionDocument extends Document {
-  uri: string
+  path: string
  type: string
  setting: string
  permissionId: number
  user: Schema.Types.ObjectId
@@ -11,10 +18,16 @@ interface IPermissionDocument extends Document {
 interface IPermission extends IPermissionDocument {}
-interface IPermissionModel extends Model<IPermission> {}
+interface IPermissionModel extends Model<IPermission> {
  get(getBy: GetPermissionBy): Promise<PermissionDetailsResponse[]>
 }
 const permissionSchema = new Schema<IPermissionDocument>({
-  uri: {
+  path: {
    type: String,
    required: true
  },
  type: {
    type: String,
    required: true
  },
@@ -28,6 +41,30 @@ const permissionSchema = new Schema<IPermissionDocument>({
 permissionSchema.plugin(AutoIncrement, { inc_field: 'permissionId' })
 // Static Methods
 permissionSchema.static('get', async function (getBy: GetPermissionBy): Promise<
  PermissionDetailsResponse[]
 > {
  return (await this.find(getBy)
    .select({
      _id: 0,
      permissionId: 1,
      path: 1,
      type: 1,
      setting: 1
    })
    .populate({ path: 'user', select: 'id username displayName isAdmin -_id' })
    .populate({
      path: 'group',
      select: 'groupId name description -_id',
      populate: {
        path: 'users',
        select: 'id username displayName isAdmin -_id',
        options: { limit: 15 }
      }
    })) as unknown as PermissionDetailsResponse[]
 })
 export const Permission: IPermissionModel = model<
  IPermission,
  IPermissionModel
--- a/api/src/routes/api/auth.ts
+++ b/api/src/routes/api/auth.ts
@@ -7,7 +7,7 @@ import {
  authenticateRefreshToken
 } from '../../middlewares'
-import { authorizeValidation, tokenValidation } from '../../utils'
+import { tokenValidation } from '../../utils'
 import { InfoJWT } from '../../types'
 const authRouter = express.Router()
--- a/api/src/routes/api/drive.ts
+++ b/api/src/routes/api/drive.ts
@@ -11,8 +11,10 @@ import {
  extractName,
  fileBodyValidation,
  fileParamValidation,
  folderBodyValidation,
  folderParamValidation,
-  isZipFile
+  isZipFile,
  renameBodyValidation
 } from '../../utils'
 const controller = new DriveController()
@@ -119,7 +121,11 @@ driveRouter.get('/file', async (req, res) => {
  try {
    await controller.getFile(req, query._filePath)
  } catch (err: any) {
-    res.status(403).send(err.toString())
+    const statusCode = err.code
    delete err.code
    res.status(statusCode).send(err.message)
  }
 })
@@ -132,7 +138,11 @@ driveRouter.get('/folder', async (req, res) => {
    const response = await controller.getFolder(query._folderPath)
    res.send(response)
  } catch (err: any) {
-    res.status(403).send(err.toString())
+    const statusCode = err.code
    delete err.code
    res.status(statusCode).send(err.message)
  }
 })
@@ -145,7 +155,28 @@ driveRouter.delete('/file', async (req, res) => {
    const response = await controller.deleteFile(query._filePath)
    res.send(response)
  } catch (err: any) {
-    res.status(403).send(err.toString())
+    const statusCode = err.code
    delete err.code
    res.status(statusCode).send(err.message)
  }
 })
 driveRouter.delete('/folder', async (req, res) => {
  const { error: errQ, value: query } = folderParamValidation(req.query, true)
  if (errQ) return res.status(400).send(errQ.details[0].message)
  try {
    const response = await controller.deleteFolder(query._folderPath)
    res.send(response)
  } catch (err: any) {
    const statusCode = err.code
    delete err.code
    res.status(statusCode).send(err.message)
  }
 })
@@ -172,11 +203,33 @@ driveRouter.post(
      res.send(response)
    } catch (err: any) {
      await deleteFile(req.file.path)
-      res.status(403).send(err.toString())
+
      const statusCode = err.code
      delete err.code
      res.status(statusCode).send(err.message)
    }
  }
 )
 driveRouter.post('/folder', async (req, res) => {
  const { error, value: body } = folderBodyValidation(req.body)
  if (error) return res.status(400).send(error.details[0].message)
  try {
    const response = await controller.addFolder(body)
    res.send(response)
  } catch (err: any) {
    const statusCode = err.code
    delete err.code
    res.status(statusCode).send(err.message)
  }
 })
 driveRouter.patch(
  '/file',
  (...arg) => multerSingle('file', arg),
@@ -200,11 +253,33 @@ driveRouter.patch(
      res.send(response)
    } catch (err: any) {
      await deleteFile(req.file.path)
-      res.status(403).send(err.toString())
+
      const statusCode = err.code
      delete err.code
      res.status(statusCode).send(err.message)
    }
  }
 )
 driveRouter.post('/rename', async (req, res) => {
  const { error, value: body } = renameBodyValidation(req.body)
  if (error) return res.status(400).send(error.details[0].message)
  try {
    const response = await controller.rename(body)
    res.send(response)
  } catch (err: any) {
    const statusCode = err.code
    delete err.code
    res.status(statusCode).send(err.message)
  }
 })
 driveRouter.get('/fileTree', async (req, res) => {
  try {
    const response = await controller.getFileTree()
--- a/api/src/routes/api/permission.ts
+++ b/api/src/routes/api/permission.ts
@@ -11,7 +11,7 @@ const controller = new PermissionController()
 permissionRouter.get('/', async (req, res) => {
  try {
-    const response = await controller.getAllPermissions()
+    const response = await controller.getAllPermissions(req)
    res.send(response)
  } catch (err: any) {
    const statusCode = err.code
--- a/api/src/routes/api/spec/drive.spec.ts
+++ b/api/src/routes/api/spec/drive.spec.ts
@@ -32,7 +32,8 @@ import appPromise from '../../../app'
 import {
  UserController,
  PermissionController,
-  PermissionSetting,
+  PermissionType,
  PermissionSettingForRoute,
  PrincipalType
 } from '../../../controllers/'
 import { getTreeExample } from '../../../controllers/internal'
@@ -48,6 +49,12 @@ const user = {
  isActive: true
 }
 const permission = {
  type: PermissionType.route,
  principalType: PrincipalType.user,
  setting: PermissionSettingForRoute.grant
 }
 describe('drive', () => {
  let app: Express
  let con: Mongoose
@@ -66,28 +73,29 @@ describe('drive', () => {
    const dbUser = await controller.createUser(user)
    accessToken = await generateAndSaveToken(dbUser.id)
    await permissionController.createPermission({
-      uri: '/SASjsApi/drive/deploy',
+      ...permission,
-      principalType: PrincipalType.user,
+      path: '/SASjsApi/drive/deploy',
-      principalId: dbUser.id,
+      principalId: dbUser.id
      setting: PermissionSetting.grant
    })
    await permissionController.createPermission({
-      uri: '/SASjsApi/drive/deploy/upload',
+      ...permission,
-      principalType: PrincipalType.user,
+      path: '/SASjsApi/drive/deploy/upload',
-      principalId: dbUser.id,
+      principalId: dbUser.id
      setting: PermissionSetting.grant
    })
    await permissionController.createPermission({
-      uri: '/SASjsApi/drive/file',
+      ...permission,
-      principalType: PrincipalType.user,
+      path: '/SASjsApi/drive/file',
-      principalId: dbUser.id,
+      principalId: dbUser.id
      setting: PermissionSetting.grant
    })
    await permissionController.createPermission({
-      uri: '/SASjsApi/drive/folder',
+      ...permission,
-      principalType: PrincipalType.user,
+      path: '/SASjsApi/drive/folder',
-      principalId: dbUser.id,
+      principalId: dbUser.id
-      setting: PermissionSetting.grant
+    })
    await permissionController.createPermission({
      ...permission,
      path: '/SASjsApi/drive/rename',
      principalId: dbUser.id
    })
  })
@@ -543,29 +551,29 @@ describe('drive', () => {
        expect(res.body).toEqual({})
      })
-      it('should respond with Forbidden if folder is not present', async () => {
+      it('should respond with Not Found if folder is not present', async () => {
        const res = await request(app)
          .get(getFolderApi)
          .auth(accessToken, { type: 'bearer' })
          .query({ _folderPath: `/my/path/code-${generateTimestamp()}` })
-          .expect(403)
+          .expect(404)
-        expect(res.text).toEqual(`Error: Folder doesn't exist.`)
+        expect(res.text).toEqual(`Folder doesn't exist.`)
        expect(res.body).toEqual({})
      })
-      it('should respond with Forbidden if folderPath outside Drive', async () => {
+      it('should respond with Bad Request if folderPath outside Drive', async () => {
        const res = await request(app)
          .get(getFolderApi)
          .auth(accessToken, { type: 'bearer' })
          .query({ _folderPath: '/../path/code.sas' })
-          .expect(403)
+          .expect(400)
-        expect(res.text).toEqual('Error: Cannot get folder outside drive.')
+        expect(res.text).toEqual(`Can't get folder outside drive.`)
        expect(res.body).toEqual({})
      })
-      it('should respond with Forbidden if folderPath is of a file', async () => {
+      it('should respond with Bad Request if folderPath is of a file', async () => {
        const fileToCopyPath = path.join(__dirname, 'files', 'sample.sas')
        const filePath = '/my/path/code.sas'
@@ -576,12 +584,96 @@ describe('drive', () => {
          .get(getFolderApi)
          .auth(accessToken, { type: 'bearer' })
          .query({ _folderPath: filePath })
-          .expect(403)
+          .expect(400)
-        expect(res.text).toEqual('Error: Not a Folder.')
+        expect(res.text).toEqual('Not a Folder.')
        expect(res.body).toEqual({})
      })
    })
    describe('post', () => {
      const folderApi = '/SASjsApi/drive/folder'
      const pathToDrive = fileUtilModules.getFilesFolder()
      afterEach(async () => {
        await deleteFolder(path.join(pathToDrive, 'post'))
      })
      it('should create a folder on drive', async () => {
        const res = await request(app)
          .post(folderApi)
          .auth(accessToken, { type: 'bearer' })
          .send({ folderPath: '/post/folder' })
        expect(res.statusCode).toEqual(200)
        expect(res.body).toEqual({
          status: 'success'
        })
      })
      it('should respond with Conflict if the folder already exists', async () => {
        await createFolder(path.join(pathToDrive, '/post/folder'))
        const res = await request(app)
          .post(folderApi)
          .auth(accessToken, { type: 'bearer' })
          .send({ folderPath: '/post/folder' })
          .expect(409)
        expect(res.text).toEqual(`Folder already exists.`)
        expect(res.statusCode).toEqual(409)
      })
      it('should respond with Bad Request if the folderPath is outside drive', async () => {
        const res = await request(app)
          .post(folderApi)
          .auth(accessToken, { type: 'bearer' })
          .send({ folderPath: '../sample' })
          .expect(400)
        expect(res.text).toEqual(`Can't put folder outside drive.`)
      })
    })
    describe('delete', () => {
      const folderApi = '/SASjsApi/drive/folder'
      const pathToDrive = fileUtilModules.getFilesFolder()
      it('should delete a folder on drive', async () => {
        await createFolder(path.join(pathToDrive, 'delete'))
        const res = await request(app)
          .delete(folderApi)
          .auth(accessToken, { type: 'bearer' })
          .query({ _folderPath: 'delete' })
        expect(res.statusCode).toEqual(200)
        expect(res.body).toEqual({
          status: 'success'
        })
      })
      it('should respond with Not Found if the folder does not  exists', async () => {
        const res = await request(app)
          .delete(folderApi)
          .auth(accessToken, { type: 'bearer' })
          .query({ _folderPath: 'notExists' })
          .expect(404)
        expect(res.text).toEqual(`Folder doesn't exist.`)
      })
      it('should respond with Bad Request if the folderPath is outside drive', async () => {
        const res = await request(app)
          .delete(folderApi)
          .auth(accessToken, { type: 'bearer' })
          .query({ _folderPath: '../outsideDrive' })
          .expect(400)
        expect(res.text).toEqual(`Can't delete folder outside drive.`)
      })
    })
  })
  describe('file', () => {
@@ -627,7 +719,7 @@ describe('drive', () => {
        expect(res.body).toEqual({})
      })
-      it('should respond with Forbidden if file is already present', async () => {
+      it('should respond with Conflict if file is already present', async () => {
        const fileToAttachPath = path.join(__dirname, 'files', 'sample.sas')
        const pathToUpload = `/my/path/code-${generateTimestamp()}.sas`
@@ -642,13 +734,13 @@ describe('drive', () => {
          .auth(accessToken, { type: 'bearer' })
          .field('filePath', pathToUpload)
          .attach('file', fileToAttachPath)
-          .expect(403)
+          .expect(409)
-        expect(res.text).toEqual('Error: File already exists.')
+        expect(res.text).toEqual('File already exists.')
        expect(res.body).toEqual({})
      })
-      it('should respond with Forbidden if filePath outside Drive', async () => {
+      it('should respond with Bad Request if filePath outside Drive', async () => {
        const fileToAttachPath = path.join(__dirname, 'files', 'sample.sas')
        const pathToUpload = '/../path/code.sas'
@@ -657,9 +749,9 @@ describe('drive', () => {
          .auth(accessToken, { type: 'bearer' })
          .field('filePath', pathToUpload)
          .attach('file', fileToAttachPath)
-          .expect(403)
+          .expect(400)
-        expect(res.text).toEqual('Error: Cannot put file outside drive.')
+        expect(res.text).toEqual(`Can't put file outside drive.`)
        expect(res.body).toEqual({})
      })
@@ -794,19 +886,19 @@ describe('drive', () => {
        expect(res.body).toEqual({})
      })
-      it('should respond with Forbidden if file is not present', async () => {
+      it('should respond with Not Found if file is not present', async () => {
        const res = await request(app)
          .patch('/SASjsApi/drive/file')
          .auth(accessToken, { type: 'bearer' })
          .field('filePath', `/my/path/code-3.sas`)
          .attach('file', path.join(__dirname, 'files', 'sample.sas'))
-          .expect(403)
+          .expect(404)
-        expect(res.text).toEqual(`Error: File doesn't exist.`)
+        expect(res.text).toEqual(`File doesn't exist.`)
        expect(res.body).toEqual({})
      })
-      it('should respond with Forbidden if filePath outside Drive', async () => {
+      it('should respond with Bad Request if filePath outside Drive', async () => {
        const fileToAttachPath = path.join(__dirname, 'files', 'sample.sas')
        const pathToUpload = '/../path/code.sas'
@@ -815,9 +907,9 @@ describe('drive', () => {
          .auth(accessToken, { type: 'bearer' })
          .field('filePath', pathToUpload)
          .attach('file', fileToAttachPath)
-          .expect(403)
+          .expect(400)
-        expect(res.text).toEqual('Error: Cannot modify file outside drive.')
+        expect(res.text).toEqual(`Can't modify file outside drive.`)
        expect(res.body).toEqual({})
      })
@@ -922,25 +1014,25 @@ describe('drive', () => {
        expect(res.body).toEqual({})
      })
-      it('should respond with Forbidden if file is not present', async () => {
+      it('should respond with Not Found if file is not present', async () => {
        const res = await request(app)
          .get('/SASjsApi/drive/file')
          .auth(accessToken, { type: 'bearer' })
          .query({ _filePath: `/my/path/code-4.sas` })
-          .expect(403)
+          .expect(404)
-        expect(res.text).toEqual(`Error: File doesn't exist.`)
+        expect(res.text).toEqual(`File doesn't exist.`)
        expect(res.body).toEqual({})
      })
-      it('should respond with Forbidden if filePath outside Drive', async () => {
+      it('should respond with Bad Request if filePath outside Drive', async () => {
        const res = await request(app)
          .get('/SASjsApi/drive/file')
          .auth(accessToken, { type: 'bearer' })
          .query({ _filePath: '/../path/code.sas' })
-          .expect(403)
+          .expect(400)
-        expect(res.text).toEqual('Error: Cannot get file outside drive.')
+        expect(res.text).toEqual(`Can't get file outside drive.`)
        expect(res.body).toEqual({})
      })
@@ -966,6 +1058,139 @@ describe('drive', () => {
      })
    })
  })
  describe('rename', () => {
    const renameApi = '/SASjsApi/drive/rename'
    const pathToDrive = fileUtilModules.getFilesFolder()
    afterEach(async () => {
      await deleteFolder(path.join(pathToDrive, 'rename'))
    })
    it('should rename a folder', async () => {
      await createFolder(path.join(pathToDrive, 'rename', 'folder'))
      const res = await request(app)
        .post(renameApi)
        .auth(accessToken, { type: 'bearer' })
        .send({ oldPath: '/rename/folder', newPath: '/rename/renamed' })
      expect(res.statusCode).toEqual(200)
      expect(res.body).toEqual({
        status: 'success'
      })
    })
    it('should rename a file', async () => {
      await createFile(
        path.join(pathToDrive, 'rename', 'file.txt'),
        'some file content'
      )
      const res = await request(app)
        .post(renameApi)
        .auth(accessToken, { type: 'bearer' })
        .send({
          oldPath: '/rename/file.txt',
          newPath: '/rename/renamed.txt'
        })
      expect(res.statusCode).toEqual(200)
      expect(res.body).toEqual({
        status: 'success'
      })
    })
    it('should respond with Bad Request if the oldPath is missing', async () => {
      const res = await request(app)
        .post(renameApi)
        .auth(accessToken, { type: 'bearer' })
        .send({ newPath: 'newPath' })
        .expect(400)
      expect(res.text).toEqual(`\"oldPath\" is required`)
    })
    it('should respond with Bad Request if the newPath is missing', async () => {
      const res = await request(app)
        .post(renameApi)
        .auth(accessToken, { type: 'bearer' })
        .send({ oldPath: 'oldPath' })
        .expect(400)
      expect(res.text).toEqual(`\"newPath\" is required`)
    })
    it('should respond with Bad Request if the oldPath is outside drive', async () => {
      const res = await request(app)
        .post(renameApi)
        .auth(accessToken, { type: 'bearer' })
        .send({ oldPath: '../outside', newPath: 'renamed' })
        .expect(400)
      expect(res.text).toEqual(`Old path can't be outside of drive.`)
    })
    it('should respond with Bad Request if the newPath is outside drive', async () => {
      const res = await request(app)
        .post(renameApi)
        .auth(accessToken, { type: 'bearer' })
        .send({ oldPath: 'older', newPath: '../outside' })
        .expect(400)
      expect(res.text).toEqual(`New path can't be outside of drive.`)
    })
    it('should respond with Not Found if the folder does not exist', async () => {
      const res = await request(app)
        .post(renameApi)
        .auth(accessToken, { type: 'bearer' })
        .send({ oldPath: '/rename/not exists', newPath: '/rename/renamed' })
        .expect(404)
      expect(res.text).toEqual('No file/folder found for provided path.')
    })
    it('should respond with Conflict if the folder already exists', async () => {
      await createFolder(path.join(pathToDrive, 'rename', 'folder'))
      await createFolder(path.join(pathToDrive, 'rename', 'exists'))
      const res = await request(app)
        .post(renameApi)
        .auth(accessToken, { type: 'bearer' })
        .send({ oldPath: '/rename/folder', newPath: '/rename/exists' })
        .expect(409)
      expect(res.text).toEqual('Folder with new name already exists.')
    })
    it('should respond with Not Found if the file does not exist', async () => {
      const res = await request(app)
        .post(renameApi)
        .auth(accessToken, { type: 'bearer' })
        .send({ oldPath: '/rename/file.txt', newPath: '/rename/renamed.txt' })
        .expect(404)
      expect(res.text).toEqual('No file/folder found for provided path.')
    })
    it('should respond with Conflict if the file already exists', async () => {
      await createFile(
        path.join(pathToDrive, 'rename', 'file.txt'),
        'some file content'
      )
      await createFile(
        path.join(pathToDrive, 'rename', 'exists.txt'),
        'some existing content'
      )
      const res = await request(app)
        .post(renameApi)
        .auth(accessToken, { type: 'bearer' })
        .send({ oldPath: '/rename/file.txt', newPath: '/rename/exists.txt' })
        .expect(409)
      expect(res.text).toEqual('File with new name already exists.')
    })
  })
 })
 const getExampleService = (): ServiceMember =>
--- a/api/src/routes/api/spec/group.spec.ts
+++ b/api/src/routes/api/spec/group.spec.ts
@@ -5,6 +5,7 @@ import request from 'supertest'
 import appPromise from '../../../app'
 import { UserController, GroupController } from '../../../controllers/'
 import { generateAccessToken, saveTokensInDB } from '../../../utils'
 import { PUBLIC_GROUP_NAME } from '../../../model/Group'
 const clientId = 'someclientID'
 const adminUser = {
@@ -27,6 +28,12 @@ const group = {
  description: 'DC group for testing purposes.'
 }
 const PUBLIC_GROUP = {
  name: PUBLIC_GROUP_NAME,
  description:
    'A special group that can be used to bypass authentication for particular routes.'
 }
 const userController = new UserController()
 const groupController = new GroupController()
@@ -535,6 +542,24 @@ describe('group', () => {
      expect(res.text).toEqual('User not found.')
      expect(res.body).toEqual({})
    })
    it('should respond with Bad Request when adding user to Public group', async () => {
      const dbGroup = await groupController.createGroup(PUBLIC_GROUP)
      const dbUser = await userController.createUser({
        ...user,
        username: 'publicUser'
      })
      const res = await request(app)
        .post(`/SASjsApi/group/${dbGroup.groupId}/${dbUser.id}`)
        .auth(adminAccessToken, { type: 'bearer' })
        .send()
        .expect(400)
      expect(res.text).toEqual(
        `Can't add/remove user to '${PUBLIC_GROUP_NAME}' group.`
      )
    })
  })
  describe('RemoveUser', () => {
--- a/api/src/routes/api/spec/permission.spec.ts
+++ b/api/src/routes/api/spec/permission.spec.ts
@@ -7,10 +7,10 @@ import {
  DriveController,
  UserController,
  GroupController,
  ClientController,
  PermissionController,
  PrincipalType,
-  PermissionSetting
+  PermissionType,
  PermissionSettingForRoute
 } from '../../../controllers/'
 import {
  UserDetailsResponse,
@@ -56,10 +56,10 @@ const user = {
 }
 const permission = {
-  uri: '/SASjsApi/code/execute',
+  path: '/SASjsApi/code/execute',
-  setting: PermissionSetting.grant,
+  type: PermissionType.route,
-  principalType: PrincipalType.user,
+  setting: PermissionSettingForRoute.grant,
-  principalId: 123
+  principalType: PrincipalType.user
 }
 const group = {
@@ -69,7 +69,6 @@ const group = {
 const userController = new UserController()
 const groupController = new GroupController()
 const clientController = new ClientController()
 const permissionController = new PermissionController()
 describe('permission', () => {
@@ -108,7 +107,8 @@ describe('permission', () => {
        .expect(200)
      expect(res.body.permissionId).toBeTruthy()
-      expect(res.body.uri).toEqual(permission.uri)
+      expect(res.body.path).toEqual(permission.path)
      expect(res.body.type).toEqual(permission.type)
      expect(res.body.setting).toEqual(permission.setting)
      expect(res.body.user).toBeTruthy()
    })
@@ -127,7 +127,8 @@ describe('permission', () => {
        .expect(200)
      expect(res.body.permissionId).toBeTruthy()
-      expect(res.body.uri).toEqual(permission.uri)
+      expect(res.body.path).toEqual(permission.path)
      expect(res.body.type).toEqual(permission.type)
      expect(res.body.setting).toEqual(permission.setting)
      expect(res.body.group).toBeTruthy()
    })
@@ -142,53 +143,74 @@ describe('permission', () => {
      expect(res.body).toEqual({})
    })
-    it('should respond with Unauthorized if access token is not of an admin account even if user has permission', async () => {
+    it('should respond with Unauthorized if access token is not of an admin account', async () => {
      const accessToken = await generateAndSaveToken(dbUser.id)
      await permissionController.createPermission({
        uri: '/SASjsApi/permission',
        principalType: PrincipalType.user,
        principalId: dbUser.id,
        setting: PermissionSetting.grant
      })
      const res = await request(app)
        .post('/SASjsApi/permission')
        .auth(accessToken, { type: 'bearer' })
-        .send()
+        .send(permission)
        .expect(401)
      expect(res.text).toEqual('Admin account required')
      expect(res.body).toEqual({})
    })
-    it('should respond with Bad Request if uri is missing', async () => {
+    it('should respond with Bad Request if path is missing', async () => {
      const res = await request(app)
        .post('/SASjsApi/permission')
        .auth(adminAccessToken, { type: 'bearer' })
        .send({
          ...permission,
-          uri: undefined
+          path: undefined
        })
        .expect(400)
-      expect(res.text).toEqual(`"uri" is required`)
+      expect(res.text).toEqual(`"path" is required`)
      expect(res.body).toEqual({})
    })
-    it('should respond with Bad Request if uri is not valid', async () => {
+    it('should respond with Bad Request if path is not valid', async () => {
      const res = await request(app)
        .post('/SASjsApi/permission')
        .auth(adminAccessToken, { type: 'bearer' })
        .send({
          ...permission,
-          uri: '/some/random/api/endpoint'
+          path: '/some/random/api/endpoint'
        })
        .expect(400)
      expect(res.body).toEqual({})
    })
    it('should respond with Bad Request if type is not valid', async () => {
      const res = await request(app)
        .post('/SASjsApi/permission')
        .auth(adminAccessToken, { type: 'bearer' })
        .send({
          ...permission,
          type: 'invalid'
        })
        .expect(400)
      expect(res.text).toEqual('"type" must be [Route]')
      expect(res.body).toEqual({})
    })
    it('should respond with Bad Request if type is missing', async () => {
      const res = await request(app)
        .post('/SASjsApi/permission')
        .auth(adminAccessToken, { type: 'bearer' })
        .send({
          ...permission,
          type: undefined
        })
        .expect(400)
      expect(res.text).toEqual(`"type" is required`)
      expect(res.body).toEqual({})
    })
    it('should respond with Bad Request if setting is missing', async () => {
      const res = await request(app)
        .post('/SASjsApi/permission')
@@ -203,6 +225,20 @@ describe('permission', () => {
      expect(res.body).toEqual({})
    })
    it('should respond with Bad Request if setting is not valid', async () => {
      const res = await request(app)
        .post('/SASjsApi/permission')
        .auth(adminAccessToken, { type: 'bearer' })
        .send({
          ...permission,
          setting: 'invalid'
        })
        .expect(400)
      expect(res.text).toEqual('"setting" must be one of [Grant, Deny]')
      expect(res.body).toEqual({})
    })
    it('should respond with Bad Request if principalType is missing', async () => {
      const res = await request(app)
        .post('/SASjsApi/permission')
@@ -217,20 +253,6 @@ describe('permission', () => {
      expect(res.body).toEqual({})
    })
    it('should respond with Bad Request if principalId is missing', async () => {
      const res = await request(app)
        .post('/SASjsApi/permission')
        .auth(adminAccessToken, { type: 'bearer' })
        .send({
          ...permission,
          principalId: undefined
        })
        .expect(400)
      expect(res.text).toEqual(`"principalId" is required`)
      expect(res.body).toEqual({})
    })
    it('should respond with Bad Request if principal type is not valid', async () => {
      const res = await request(app)
        .post('/SASjsApi/permission')
@@ -245,17 +267,17 @@ describe('permission', () => {
      expect(res.body).toEqual({})
    })
-    it('should respond with Bad Request if setting is not valid', async () => {
+    it('should respond with Bad Request if principalId is missing', async () => {
      const res = await request(app)
        .post('/SASjsApi/permission')
        .auth(adminAccessToken, { type: 'bearer' })
        .send({
          ...permission,
-          setting: 'invalid'
+          principalId: undefined
        })
        .expect(400)
-      expect(res.text).toEqual('"setting" must be one of [Grant, Deny]')
+      expect(res.text).toEqual(`"principalId" is required`)
      expect(res.body).toEqual({})
    })
@@ -313,7 +335,8 @@ describe('permission', () => {
        .auth(adminAccessToken, { type: 'bearer' })
        .send({
          ...permission,
-          principalType: 'group'
+          principalType: 'group',
          principalId: 123
        })
        .expect(404)
@@ -334,7 +357,7 @@ describe('permission', () => {
        .expect(409)
      expect(res.text).toEqual(
-        'Permission already exists with provided URI and User.'
+        'Permission already exists with provided Path, Type and User.'
      )
      expect(res.body).toEqual({})
    })
@@ -357,7 +380,7 @@ describe('permission', () => {
      const res = await request(app)
        .patch(`/SASjsApi/permission/${dbPermission?.permissionId}`)
        .auth(adminAccessToken, { type: 'bearer' })
-        .send({ setting: 'Deny' })
+        .send({ setting: PermissionSettingForRoute.deny })
        .expect(200)
      expect(res.body.setting).toEqual('Deny')
@@ -366,7 +389,7 @@ describe('permission', () => {
    it('should respond with Unauthorized if access token is not present', async () => {
      const res = await request(app)
        .patch(`/SASjsApi/permission/${dbPermission?.permissionId}`)
-        .send(permission)
+        .send()
        .expect(401)
      expect(res.text).toEqual('Unauthorized')
@@ -400,12 +423,11 @@ describe('permission', () => {
      expect(res.body).toEqual({})
    })
-    it('should respond with Bad Request if setting is not valid', async () => {
+    it('should respond with Bad Request if setting is  invalid', async () => {
      const res = await request(app)
-        .post('/SASjsApi/permission')
+        .patch(`/SASjsApi/permission/${dbPermission?.permissionId}`)
        .auth(adminAccessToken, { type: 'bearer' })
        .send({
          ...permission,
          setting: 'invalid'
        })
        .expect(400)
@@ -414,12 +436,12 @@ describe('permission', () => {
      expect(res.body).toEqual({})
    })
-    it('should respond with not found (404) if permission with provided id does not exists', async () => {
+    it('should respond with not found (404) if permission with provided id does not exist', async () => {
      const res = await request(app)
        .patch('/SASjsApi/permission/123')
        .auth(adminAccessToken, { type: 'bearer' })
        .send({
-          setting: PermissionSetting.deny
+          setting: PermissionSettingForRoute.deny
        })
        .expect(404)
@@ -458,12 +480,12 @@ describe('permission', () => {
    beforeAll(async () => {
      await permissionController.createPermission({
        ...permission,
-        uri: '/test-1',
+        path: '/test-1',
        principalId: dbUser.id
      })
      await permissionController.createPermission({
        ...permission,
-        uri: '/test-2',
+        path: '/test-2',
        principalId: dbUser.id
      })
    })
@@ -478,34 +500,37 @@ describe('permission', () => {
      expect(res.body).toHaveLength(2)
    })
-    it('should give a list of all permissions when user is not admin', async () => {
+    it(`should give a list of user's own  permissions when user is not admin`, async () => {
-      const dbUser = await userController.createUser({
+      const nonAdminUser = await userController.createUser({
        ...user,
        username: 'get' + user.username
      })
-      const accessToken = await generateAndSaveToken(dbUser.id)
+      const accessToken = await generateAndSaveToken(nonAdminUser.id)
      await permissionController.createPermission({
-        uri: '/SASjsApi/permission',
+        path: '/test-1',
        type: PermissionType.route,
        principalType: PrincipalType.user,
-        principalId: dbUser.id,
+        principalId: nonAdminUser.id,
-        setting: PermissionSetting.grant
+        setting: PermissionSettingForRoute.grant
      })
      const permissionCount = 1
      const res = await request(app)
        .get('/SASjsApi/permission/')
        .auth(accessToken, { type: 'bearer' })
        .send()
        .expect(200)
-      expect(res.body).toHaveLength(3)
+      expect(res.body).toHaveLength(permissionCount)
    })
  })
-  describe.only('verify', () => {
+  describe('verify', () => {
    beforeAll(async () => {
      await permissionController.createPermission({
        ...permission,
-        uri: '/SASjsApi/drive/deploy',
+        path: '/SASjsApi/drive/deploy',
        principalId: dbUser.id
      })
    })
--- a/api/src/routes/api/spec/stp.spec.ts
+++ b/api/src/routes/api/spec/stp.spec.ts
@@ -7,7 +7,8 @@ import appPromise from '../../../app'
 import {
  UserController,
  PermissionController,
-  PermissionSetting,
+  PermissionType,
  PermissionSettingForRoute,
  PrincipalType
 } from '../../../controllers/'
 import {
@@ -20,8 +21,8 @@ import {
 } from '../../../utils'
 import { createFile, generateTimestamp, deleteFolder } from '@sasjs/utils'
 import {
-  SASSessionController,
+  SessionController,
-  JSSessionController
+  SASSessionController
 } from '../../../controllers/internal'
 import * as ProcessProgramModule from '../../../controllers/internal/processProgram'
 import { Session } from '../../../types'
@@ -38,14 +39,17 @@ const user = {
 const sampleSasProgram = '%put hello world!;'
 const sampleJsProgram = `console.log('hello world!/')`
 const samplePyProgram = `print('hello world!/')`
 const filesFolder = getFilesFolder()
 const testFilesFolder = `test-stp-${generateTimestamp()}`
 let app: Express
 let accessToken: string
 describe('stp', () => {
  let app: Express
  let con: Mongoose
  let mongoServer: MongoMemoryServer
  let accessToken: string
  const userController = new UserController()
  const permissionController = new PermissionController()
@@ -56,10 +60,11 @@ describe('stp', () => {
    const dbUser = await userController.createUser(user)
    accessToken = await generateAndSaveToken(dbUser.id)
    await permissionController.createPermission({
-      uri: '/SASjsApi/stp/execute',
+      path: '/SASjsApi/stp/execute',
      type: PermissionType.route,
      principalType: PrincipalType.user,
      principalId: dbUser.id,
-      setting: PermissionSetting.grant
+      setting: PermissionSettingForRoute.grant
    })
  })
@@ -70,8 +75,6 @@ describe('stp', () => {
  })
  describe('execute', () => {
    const testFilesFolder = `test-stp-${generateTimestamp()}`
    describe('get', () => {
      describe('with runtime js', () => {
        const testFilesFolder = `test-stp-${generateTimestamp()}`
@@ -91,41 +94,45 @@ describe('stp', () => {
        })
        it('should execute js program when both js and sas program are present', async () => {
-          const programPath = path.join(testFilesFolder, 'program')
+          await makeRequestAndAssert(
-          const sasProgramPath = path.join(filesFolder, `${programPath}.sas`)
+            [RunTimeType.JS, RunTimeType.SAS],
-          const jsProgramPath = path.join(filesFolder, `${programPath}.js`)
+            200,
-          await createFile(sasProgramPath, sampleSasProgram)
+            RunTimeType.JS
          await createFile(jsProgramPath, sampleJsProgram)
          await request(app)
            .get(`/SASjsApi/stp/execute?_program=${programPath}`)
            .auth(accessToken, { type: 'bearer' })
            .send()
            .expect(200)
          expect(ProcessProgramModule.processProgram).toHaveBeenCalledWith(
            expect.anything(),
            expect.anything(),
            expect.anything(),
            expect.anything(),
            expect.anything(),
            expect.anything(),
            RunTimeType.JS,
            expect.anything(),
            undefined
          )
        })
        it('should throw error when js program is not present but sas program exists', async () => {
-          const programPath = path.join(testFilesFolder, 'program')
+          await makeRequestAndAssert([], 400)
-          const sasProgramPath = path.join(filesFolder, `${programPath}.sas`)
+        })
-          await createFile(sasProgramPath, sampleSasProgram)
+      })
-          await request(app)
+      describe('with runtime py', () => {
-            .get(`/SASjsApi/stp/execute?_program=${programPath}`)
+        const testFilesFolder = `test-stp-${generateTimestamp()}`
-            .auth(accessToken, { type: 'bearer' })
+
-            .send()
+        beforeAll(() => {
-            .expect(400)
+          process.runTimes = [RunTimeType.PY]
        })
        beforeEach(() => {
          jest.resetModules() // it clears the cache
          setupMocks()
        })
        afterEach(async () => {
          jest.resetAllMocks()
          await deleteFolder(path.join(filesFolder, testFilesFolder))
        })
        it('should execute python program when python, js and sas programs are present', async () => {
          await makeRequestAndAssert(
            [RunTimeType.PY, RunTimeType.SAS, RunTimeType.JS],
            200,
            RunTimeType.PY
          )
        })
        it('should throw error when py program is not present but js or sas program exists', async () => {
          await makeRequestAndAssert([], 400)
        })
      })
@@ -145,41 +152,11 @@ describe('stp', () => {
        })
        it('should execute sas program when both sas and js programs are present', async () => {
-          const programPath = path.join(testFilesFolder, 'program')
+          await makeRequestAndAssert([RunTimeType.SAS], 200, RunTimeType.SAS)
          const sasProgramPath = path.join(filesFolder, `${programPath}.sas`)
          const jsProgramPath = path.join(filesFolder, `${programPath}.js`)
          await createFile(sasProgramPath, sampleSasProgram)
          await createFile(jsProgramPath, sampleJsProgram)
          await request(app)
            .get(`/SASjsApi/stp/execute?_program=${programPath}`)
            .auth(accessToken, { type: 'bearer' })
            .send()
            .expect(200)
          expect(ProcessProgramModule.processProgram).toHaveBeenCalledWith(
            expect.anything(),
            expect.anything(),
            expect.anything(),
            expect.anything(),
            expect.anything(),
            expect.anything(),
            RunTimeType.SAS,
            expect.anything(),
            undefined
          )
        })
        it('should throw error when sas program do not exit but js exists', async () => {
-          const programPath = path.join(testFilesFolder, 'program')
+          await makeRequestAndAssert([], 400)
          const jsProgramPath = path.join(filesFolder, `${programPath}.js`)
          await createFile(jsProgramPath, sampleJsProgram)
          await request(app)
            .get(`/SASjsApi/stp/execute?_program=${programPath}`)
            .auth(accessToken, { type: 'bearer' })
            .send()
            .expect(400)
        })
      })
@@ -199,63 +176,51 @@ describe('stp', () => {
        })
        it('should execute js program when both js and sas program are present', async () => {
-          const programPath = path.join(testFilesFolder, 'program')
+          await makeRequestAndAssert(
-          const sasProgramPath = path.join(filesFolder, `${programPath}.sas`)
+            [RunTimeType.SAS, RunTimeType.JS],
-          const jsProgramPath = path.join(filesFolder, `${programPath}.js`)
+            200,
-          await createFile(sasProgramPath, sampleSasProgram)
+            RunTimeType.JS
          await createFile(jsProgramPath, sampleJsProgram)
          await request(app)
            .get(`/SASjsApi/stp/execute?_program=${programPath}`)
            .auth(accessToken, { type: 'bearer' })
            .send()
            .expect(200)
          expect(ProcessProgramModule.processProgram).toHaveBeenCalledWith(
            expect.anything(),
            expect.anything(),
            expect.anything(),
            expect.anything(),
            expect.anything(),
            expect.anything(),
            RunTimeType.JS,
            expect.anything(),
            undefined
          )
        })
        it('should execute sas program when js program is not present but sas program exists', async () => {
-          const programPath = path.join(testFilesFolder, 'program')
+          await makeRequestAndAssert([RunTimeType.SAS], 200, RunTimeType.SAS)
          const sasProgramPath = path.join(filesFolder, `${programPath}.sas`)
          await createFile(sasProgramPath, sampleSasProgram)
          await request(app)
            .get(`/SASjsApi/stp/execute?_program=${programPath}`)
            .auth(accessToken, { type: 'bearer' })
            .send()
            .expect(200)
          expect(ProcessProgramModule.processProgram).toHaveBeenCalledWith(
            expect.anything(),
            expect.anything(),
            expect.anything(),
            expect.anything(),
            expect.anything(),
            expect.anything(),
            RunTimeType.SAS,
            expect.anything(),
            undefined
          )
        })
        it('should throw error when both sas and js programs do not exist', async () => {
-          const programPath = path.join(testFilesFolder, 'program')
+          await makeRequestAndAssert([], 400)
        })
      })
-          await request(app)
+      describe('with runtime py and sas', () => {
-            .get(`/SASjsApi/stp/execute?_program=${programPath}`)
+        beforeAll(() => {
-            .auth(accessToken, { type: 'bearer' })
+          process.runTimes = [RunTimeType.PY, RunTimeType.SAS]
-            .send()
+        })
-            .expect(400)
+
        beforeEach(() => {
          jest.resetModules() // it clears the cache
          setupMocks()
        })
        afterEach(async () => {
          jest.resetAllMocks()
          await deleteFolder(path.join(filesFolder, testFilesFolder))
        })
        it('should execute python program when both python and sas program are present', async () => {
          await makeRequestAndAssert(
            [RunTimeType.PY, RunTimeType.SAS],
            200,
            RunTimeType.PY
          )
        })
        it('should execute sas program when python program is not present but sas program exists', async () => {
          await makeRequestAndAssert([RunTimeType.SAS], 200, RunTimeType.SAS)
        })
        it('should throw error when both sas and js programs do not exist', async () => {
          await makeRequestAndAssert([], 400)
        })
      })
@@ -275,76 +240,220 @@ describe('stp', () => {
        })
        it('should execute sas program when both sas and js programs  exist', async () => {
-          const programPath = path.join(testFilesFolder, 'program')
+          await makeRequestAndAssert(
-          const sasProgramPath = path.join(filesFolder, `${programPath}.sas`)
+            [RunTimeType.SAS, RunTimeType.JS],
-          const jsProgramPath = path.join(filesFolder, `${programPath}.js`)
+            200,
-          await createFile(sasProgramPath, sampleSasProgram)
+            RunTimeType.SAS
          await createFile(jsProgramPath, sampleJsProgram)
          await request(app)
            .get(`/SASjsApi/stp/execute?_program=${programPath}`)
            .auth(accessToken, { type: 'bearer' })
            .send()
            .expect(200)
          expect(ProcessProgramModule.processProgram).toHaveBeenCalledWith(
            expect.anything(),
            expect.anything(),
            expect.anything(),
            expect.anything(),
            expect.anything(),
            expect.anything(),
            RunTimeType.SAS,
            expect.anything(),
            undefined
          )
        })
        it('should execute js program when sas program is not present but js program exists', async () => {
-          const programPath = path.join(testFilesFolder, 'program')
+          await makeRequestAndAssert([RunTimeType.JS], 200, RunTimeType.JS)
          const jsProgramPath = path.join(filesFolder, `${programPath}.js`)
          await createFile(jsProgramPath, sampleJsProgram)
          await request(app)
            .get(`/SASjsApi/stp/execute?_program=${programPath}`)
            .auth(accessToken, { type: 'bearer' })
            .send()
            .expect(200)
          expect(ProcessProgramModule.processProgram).toHaveBeenCalledWith(
            expect.anything(),
            expect.anything(),
            expect.anything(),
            expect.anything(),
            expect.anything(),
            expect.anything(),
            RunTimeType.JS,
            expect.anything(),
            undefined
          )
        })
        it('should throw error when both sas and js programs do not exist', async () => {
-          const programPath = path.join(testFilesFolder, 'program')
+          await makeRequestAndAssert([], 400)
        })
      })
-          await request(app)
+      describe('with runtime sas and py', () => {
-            .get(`/SASjsApi/stp/execute?_program=${programPath}`)
+        beforeAll(() => {
-            .auth(accessToken, { type: 'bearer' })
+          process.runTimes = [RunTimeType.SAS, RunTimeType.PY]
-            .send()
+        })
-            .expect(400)
+
        beforeEach(() => {
          jest.resetModules() // it clears the cache
          setupMocks()
        })
        afterEach(async () => {
          jest.resetAllMocks()
          await deleteFolder(path.join(filesFolder, testFilesFolder))
        })
        it('should execute sas program when both sas and python programs exist', async () => {
          await makeRequestAndAssert(
            [RunTimeType.SAS, RunTimeType.PY],
            200,
            RunTimeType.SAS
          )
        })
        it('should execute python program when sas program is not present but python program exists', async () => {
          await makeRequestAndAssert([RunTimeType.PY], 200, RunTimeType.PY)
        })
        it('should throw error when both sas and python programs do not exist', async () => {
          await makeRequestAndAssert([], 400)
        })
      })
      describe('with runtime sas, js and py', () => {
        beforeAll(() => {
          process.runTimes = [RunTimeType.SAS, RunTimeType.JS, RunTimeType.PY]
        })
        beforeEach(() => {
          jest.resetModules() // it clears the cache
          setupMocks()
        })
        afterEach(async () => {
          jest.resetAllMocks()
          await deleteFolder(path.join(filesFolder, testFilesFolder))
        })
        it('should execute sas program when it exists, no matter js and python programs exist or not', async () => {
          await makeRequestAndAssert(
            [RunTimeType.SAS, RunTimeType.PY, RunTimeType.JS],
            200,
            RunTimeType.SAS
          )
        })
        it('should execute js program when sas program is absent but js and python programs are present', async () => {
          await makeRequestAndAssert(
            [RunTimeType.JS, RunTimeType.PY],
            200,
            RunTimeType.JS
          )
        })
        it('should execute python program when both sas and js programs are not present', async () => {
          await makeRequestAndAssert([RunTimeType.PY], 200, RunTimeType.PY)
        })
        it('should throw error when no program exists', async () => {
          await makeRequestAndAssert([], 400)
        })
      })
      describe('with runtime js, sas and py', () => {
        beforeAll(() => {
          process.runTimes = [RunTimeType.JS, RunTimeType.SAS, RunTimeType.PY]
        })
        beforeEach(() => {
          jest.resetModules() // it clears the cache
          setupMocks()
        })
        afterEach(async () => {
          jest.resetAllMocks()
          await deleteFolder(path.join(filesFolder, testFilesFolder))
        })
        it('should execute js program when it exists, no matter sas and python programs exist or not', async () => {
          await makeRequestAndAssert(
            [RunTimeType.JS, RunTimeType.SAS, RunTimeType.PY],
            200,
            RunTimeType.JS
          )
        })
        it('should execute sas program when js program is absent but sas and python programs are present', async () => {
          await makeRequestAndAssert(
            [RunTimeType.SAS, RunTimeType.PY],
            200,
            RunTimeType.SAS
          )
        })
        it('should execute python program when both sas and js programs are not present', async () => {
          await makeRequestAndAssert([RunTimeType.PY], 200, RunTimeType.PY)
        })
        it('should throw error when no program exists', async () => {
          await makeRequestAndAssert([], 400)
        })
      })
      describe('with runtime py, sas and js', () => {
        beforeAll(() => {
          process.runTimes = [RunTimeType.PY, RunTimeType.SAS, RunTimeType.JS]
        })
        beforeEach(() => {
          jest.resetModules() // it clears the cache
          setupMocks()
        })
        afterEach(async () => {
          jest.resetAllMocks()
          await deleteFolder(path.join(filesFolder, testFilesFolder))
        })
        it('should execute python program when it exists, no matter sas and js programs exist or not', async () => {
          await makeRequestAndAssert(
            [RunTimeType.PY, RunTimeType.SAS, RunTimeType.JS],
            200,
            RunTimeType.PY
          )
        })
        it('should execute sas program when python program is absent but sas and js programs are present', async () => {
          await makeRequestAndAssert(
            [RunTimeType.SAS, RunTimeType.JS],
            200,
            RunTimeType.SAS
          )
        })
        it('should execute js program when both sas and python programs are not present', async () => {
          await makeRequestAndAssert([RunTimeType.JS], 200, RunTimeType.JS)
        })
        it('should throw error when no program exists', async () => {
          await makeRequestAndAssert([], 400)
        })
      })
    })
  })
 })
-const generateSaveTokenAndCreateUser = async (
+const makeRequestAndAssert = async (
-  someUser: any
+  programTypes: RunTimeType[],
-): Promise<string> => {
+  expectedStatusCode: number,
-  const userController = new UserController()
+  expectedRuntime?: RunTimeType
-  const dbUser = await userController.createUser(someUser)
+) => {
  const programPath = path.join(testFilesFolder, 'program')
  for (const programType of programTypes) {
    if (programType === RunTimeType.JS)
      await createFile(
        path.join(filesFolder, `${programPath}.js`),
        sampleJsProgram
      )
    else if (programType === RunTimeType.PY)
      await createFile(
        path.join(filesFolder, `${programPath}.py`),
        samplePyProgram
      )
    else if (programType === RunTimeType.SAS)
      await createFile(
        path.join(filesFolder, `${programPath}.sas`),
        sampleSasProgram
      )
  }
-  return generateAndSaveToken(dbUser.id)
+  await request(app)
    .get(`/SASjsApi/stp/execute?_program=${programPath}`)
    .auth(accessToken, { type: 'bearer' })
    .send()
    .expect(expectedStatusCode)
  if (expectedRuntime)
    expect(ProcessProgramModule.processProgram).toHaveBeenCalledWith(
      expect.anything(),
      expect.anything(),
      expect.anything(),
      expect.anything(),
      expect.anything(),
      expect.anything(),
      expect.anything(),
      expectedRuntime,
      expect.anything(),
      undefined
    )
 }
 const generateAndSaveToken = async (userId: number) => {
@@ -362,7 +471,7 @@ const setupMocks = async () => {
    .mockImplementation(mockedGetSession)
  jest
-    .spyOn(JSSessionController.prototype, 'getSession')
+    .spyOn(SASSessionController.prototype, 'getSession')
    .mockImplementation(mockedGetSession)
  jest
--- a/api/src/routes/api/spec/web.spec.ts
+++ b/api/src/routes/api/spec/web.spec.ts
@@ -39,21 +39,19 @@ describe('web', () => {
  describe('home', () => {
    it('should respond with CSRF Token', async () => {
-      await request(app)
+      const res = await request(app).get('/').expect(200)
-        .get('/')
+
-        .expect(
+      expect(res.text).toMatch(
-          'set-cookie',
+        /<script>document.cookie = '(XSRF-TOKEN=.*; Max-Age=86400; SameSite=Strict; Path=\/;)'<\/script>/
-          /_csrf=.*; Max-Age=86400000; Path=\/; HttpOnly,XSRF-TOKEN=.*; Path=\//
+      )
        )
    })
  })
  describe('SASLogon/login', () => {
    let csrfToken: string
    let cookies: string
    beforeAll(async () => {
-      ;({ csrfToken, cookies } = await getCSRF(app))
+      ;({ csrfToken } = await getCSRF(app))
    })
    afterEach(async () => {
@@ -67,7 +65,6 @@ describe('web', () => {
      const res = await request(app)
        .post('/SASLogon/login')
        .set('Cookie', cookies)
        .set('x-xsrf-token', csrfToken)
        .send({
          username: user.username,
@@ -83,15 +80,45 @@ describe('web', () => {
        isAdmin: user.isAdmin
      })
    })
    it('should respond with Bad Request if CSRF Token is not present', async () => {
      await userController.createUser(user)
      const res = await request(app)
        .post('/SASLogon/login')
        .send({
          username: user.username,
          password: user.password
        })
        .expect(400)
      expect(res.text).toEqual('Invalid CSRF token!')
      expect(res.body).toEqual({})
    })
    it('should respond with Bad Request if CSRF Token is invalid', async () => {
      await userController.createUser(user)
      const res = await request(app)
        .post('/SASLogon/login')
        .set('x-xsrf-token', 'INVALID_CSRF_TOKEN')
        .send({
          username: user.username,
          password: user.password
        })
        .expect(400)
      expect(res.text).toEqual('Invalid CSRF token!')
      expect(res.body).toEqual({})
    })
  })
  describe('SASLogon/authorize', () => {
    let csrfToken: string
    let cookies: string
    let authCookies: string
    beforeAll(async () => {
-      ;({ csrfToken, cookies } = await getCSRF(app))
+      ;({ csrfToken } = await getCSRF(app))
      await userController.createUser(user)
@@ -100,12 +127,7 @@ describe('web', () => {
        password: user.password
      }
-      ;({ cookies: authCookies } = await performLogin(
+      ;({ authCookies } = await performLogin(app, credentials, csrfToken))
        app,
        credentials,
        cookies,
        csrfToken
      ))
    })
    afterAll(async () => {
@@ -117,17 +139,28 @@ describe('web', () => {
    it('should respond with authorization code', async () => {
      const res = await request(app)
        .post('/SASLogon/authorize')
-        .set('Cookie', [authCookies, cookies].join('; '))
+        .set('Cookie', [authCookies].join('; '))
        .set('x-xsrf-token', csrfToken)
        .send({ clientId })
      expect(res.body).toHaveProperty('code')
    })
    it('should respond with Bad Request if CSRF Token is missing', async () => {
      const res = await request(app)
        .post('/SASLogon/authorize')
        .set('Cookie', [authCookies].join('; '))
        .send({ clientId })
        .expect(400)
      expect(res.text).toEqual('Invalid CSRF token!')
      expect(res.body).toEqual({})
    })
    it('should respond with Bad Request if clientId is missing', async () => {
      const res = await request(app)
        .post('/SASLogon/authorize')
-        .set('Cookie', [authCookies, cookies].join('; '))
+        .set('Cookie', [authCookies].join('; '))
        .set('x-xsrf-token', csrfToken)
        .send({})
        .expect(400)
@@ -139,7 +172,7 @@ describe('web', () => {
    it('should respond with Forbidden if clientId is incorrect', async () => {
      const res = await request(app)
        .post('/SASLogon/authorize')
-        .set('Cookie', [authCookies, cookies].join('; '))
+        .set('Cookie', [authCookies].join('; '))
        .set('x-xsrf-token', csrfToken)
        .send({
          clientId: 'WrongClientID'
@@ -154,30 +187,25 @@ describe('web', () => {
 const getCSRF = async (app: Express) => {
  // make request to get CSRF
-  const { header } = await request(app).get('/')
+  const { text } = await request(app).get('/')
  const cookies = header['set-cookie'].join()
-  const csrfToken = extractCSRF(cookies)
+  return { csrfToken: extractCSRF(text) }
  return { csrfToken, cookies }
 }
 const performLogin = async (
  app: Express,
  credentials: { username: string; password: string },
  cookies: string,
  csrfToken: string
 ) => {
  const { header } = await request(app)
    .post('/SASLogon/login')
    .set('Cookie', cookies)
    .set('x-xsrf-token', csrfToken)
    .send(credentials)
-  const newCookies: string = header['set-cookie'].join()
+  return { authCookies: header['set-cookie'].join() }
  return { cookies: newCookies }
 }
-const extractCSRF = (cookies: string) =>
+const extractCSRF = (text: string) =>
-  /_csrf=(.*); Max-Age=86400000; Path=\/; HttpOnly,XSRF-TOKEN=(.*); Path=\//.exec(
+  /<script>document.cookie = 'XSRF-TOKEN=(.*); Max-Age=86400; SameSite=Strict; Path=\/;'<\/script>/.exec(
-    cookies
+    text
-  )![2]
+  )![1]
--- a/api/src/routes/api/stp.ts
+++ b/api/src/routes/api/stp.ts
@@ -13,7 +13,7 @@ stpRouter.get('/execute', async (req, res) => {
  if (error) return res.status(400).send(error.details[0].message)
  try {
-    const response = await controller.executeReturnRaw(req, query._program)
+    const response = await controller.executeGetRequest(req, query._program)
    if (response instanceof Buffer) {
      res.writeHead(200, (req as any).sasHeaders)
@@ -42,7 +42,7 @@ stpRouter.post(
    // if (errQ && errB) return res.status(400).send(errB.details[0].message)
    try {
-      const response = await controller.executeReturnJson(
+      const response = await controller.executePostRequest(
        req,
        req.body,
        req.query?._program as string
--- a/api/src/routes/appStream/index.ts
+++ b/api/src/routes/appStream/index.ts
@@ -1,6 +1,6 @@
 import path from 'path'
 import express, { Request } from 'express'
-import { authenticateAccessToken } from '../../middlewares'
+import { authenticateAccessToken, generateCSRFToken } from '../../middlewares'
 import { folderExists } from '@sasjs/utils'
 import { addEntryToAppStreamConfig, getFilesFolder } from '../../utils'
@@ -13,7 +13,7 @@ const router = express.Router()
 router.get('/', authenticateAccessToken, async (req, res) => {
  const content = appStreamHtml(process.appStreamConfig)
-  res.cookie('XSRF-TOKEN', req.csrfToken())
+  res.cookie('XSRF-TOKEN', generateCSRFToken())
  return res.send(content)
 })
--- a/api/src/routes/appStream/style.ts
+++ b/api/src/routes/appStream/style.ts
@@ -26,6 +26,7 @@ export const style = `<style>
 }
 .app-container .app img{
  width: 100%;
  height: calc(100% - 30px);
  margin-bottom: 10px;
  border-radius: 10px;
 }
--- a/api/src/routes/setupRoutes.ts
+++ b/api/src/routes/setupRoutes.ts
@@ -4,7 +4,7 @@ import webRouter from './web'
 import apiRouter from './api'
 import appStreamRouter from './appStream'
-import { csrfProtection } from '../app'
+import { csrfProtection } from '../middlewares'
 export const setupRoutes = (app: Express) => {
  app.use('/SASjsApi', apiRouter)
--- a/api/src/routes/web/index.ts
+++ b/api/src/routes/web/index.ts
@@ -1,8 +1,25 @@
 import express from 'express'
 import sas9WebRouter from './sas9-web'
 import sasViyaWebRouter from './sasviya-web'
 import webRouter from './web'
 import { MOCK_SERVERTYPEType } from '../../utils'
 const router = express.Router()
-router.use('/', webRouter)
+const { MOCK_SERVERTYPE } = process.env
 switch (MOCK_SERVERTYPE) {
  case MOCK_SERVERTYPEType.SAS9: {
    router.use('/', sas9WebRouter)
    break
  }
  case MOCK_SERVERTYPEType.SASVIYA: {
    router.use('/', sasViyaWebRouter)
    break
  }
  default: {
    router.use('/', webRouter)
  }
 }
 export default router
--- a/api/src/routes/web/sas9-web.ts
+++ b/api/src/routes/web/sas9-web.ts
@@ -0,0 +1,119 @@
 import express from 'express'
 import { generateCSRFToken } from '../../middlewares'
 import { WebController } from '../../controllers'
 import { MockSas9Controller } from '../../controllers/mock-sas9'
 const sas9WebRouter = express.Router()
 const webController = new WebController()
 // Mock controller must be singleton because it keeps the states
 // for example `isLoggedIn` and potentially more in future mocks
 const controller = new MockSas9Controller()
 sas9WebRouter.get('/', async (req, res) => {
  let response
  try {
    response = await webController.home()
  } catch (_) {
    response = '<html><head></head><body>Web Build is not present</body></html>'
  } finally {
    const codeToInject = `<script>document.cookie = 'XSRF-TOKEN=${generateCSRFToken()}; Max-Age=86400; SameSite=Strict; Path=/;'</script>`
    const injectedContent = response?.replace(
      '</head>',
      `${codeToInject}</head>`
    )
    return res.send(injectedContent)
  }
 })
 sas9WebRouter.get('/SASStoredProcess', async (req, res) => {
  const response = await controller.sasStoredProcess()
  if (response.redirect) {
    res.redirect(response.redirect)
    return
  }
  try {
    res.send(response.content)
  } catch (err: any) {
    res.status(403).send(err.toString())
  }
 })
 sas9WebRouter.post('/SASStoredProcess/do/', async (req, res) => {
  const response = await controller.sasStoredProcessDo(req)
  if (response.redirect) {
    res.redirect(response.redirect)
    return
  }
  try {
    res.send(response.content)
  } catch (err: any) {
    res.status(403).send(err.toString())
  }
 })
 sas9WebRouter.get('/SASLogon/login', async (req, res) => {
  const response = await controller.loginGet()
  if (response.redirect) {
    res.redirect(response.redirect)
    return
  }
  try {
    res.send(response.content)
  } catch (err: any) {
    res.status(403).send(err.toString())
  }
 })
 sas9WebRouter.post('/SASLogon/login', async (req, res) => {
  const response = await controller.loginPost(req)
  if (response.redirect) {
    res.redirect(response.redirect)
    return
  }
  try {
    res.send(response.content)
  } catch (err: any) {
    res.status(403).send(err.toString())
  }
 })
 sas9WebRouter.get('/SASLogon/logout', async (req, res) => {
  const response = await controller.logout(req)
  if (response.redirect) {
    res.redirect(response.redirect)
    return
  }
  try {
    res.send(response.content)
  } catch (err: any) {
    res.status(403).send(err.toString())
  }
 })
 sas9WebRouter.get('/SASStoredProcess/Logoff', async (req, res) => {
  const response = await controller.logoff(req)
  if (response.redirect) {
    res.redirect(response.redirect)
    return
  }
  try {
    res.send(response.content)
  } catch (err: any) {
    res.status(403).send(err.toString())
  }
 })
 export default sas9WebRouter
--- a/api/src/routes/web/sasviya-web.ts
+++ b/api/src/routes/web/sasviya-web.ts
@@ -0,0 +1,33 @@
 import express from 'express'
 import { generateCSRFToken } from '../../middlewares'
 import { WebController } from '../../controllers/web'
 const sasViyaWebRouter = express.Router()
 const controller = new WebController()
 sasViyaWebRouter.get('/', async (req, res) => {
  let response
  try {
    response = await controller.home()
  } catch (_) {
    response = '<html><head></head><body>Web Build is not present</body></html>'
  } finally {
    const codeToInject = `<script>document.cookie = 'XSRF-TOKEN=${generateCSRFToken()}; Max-Age=86400; SameSite=Strict; Path=/;'</script>`
    const injectedContent = response?.replace(
      '</head>',
      `${codeToInject}</head>`
    )
    return res.send(injectedContent)
  }
 })
 sasViyaWebRouter.post('/SASJobExecution/', async (req, res) => {
  try {
    res.send({ test: 'test' })
  } catch (err: any) {
    res.status(403).send(err.toString())
  }
 })
 export default sasViyaWebRouter
--- a/api/src/routes/web/web.ts
+++ b/api/src/routes/web/web.ts
@@ -1,4 +1,5 @@
 import express from 'express'
 import { generateCSRFToken } from '../../middlewares'
 import { WebController } from '../../controllers/web'
 import { authenticateAccessToken, desktopRestrict } from '../../middlewares'
 import { authorizeValidation, loginWebValidation } from '../../utils'
@@ -11,11 +12,15 @@ webRouter.get('/', async (req, res) => {
  try {
    response = await controller.home()
  } catch (_) {
-    response = 'Web Build is not present'
+    response = '<html><head></head><body>Web Build is not present</body></html>'
  } finally {
-    res.cookie('XSRF-TOKEN', req.csrfToken())
+    const codeToInject = `<script>document.cookie = 'XSRF-TOKEN=${generateCSRFToken()}; Max-Age=86400; SameSite=Strict; Path=/;'</script>`
    const injectedContent = response?.replace(
      '</head>',
      `${codeToInject}</head>`
    )
-    return res.send(response)
+    return res.send(injectedContent)
  }
 })
--- a/api/src/types/TreeNode.ts
+++ b/api/src/types/TreeNode.ts
@@ -2,5 +2,6 @@ export interface TreeNode {
  name: string
  relativePath: string
  absolutePath: string
  isFolder: boolean
  children: Array<TreeNode>
 }
--- a/api/src/types/system/process.d.ts
+++ b/api/src/types/system/process.d.ts
@@ -2,10 +2,12 @@ declare namespace NodeJS {
  export interface Process {
    sasLoc?: string
    nodeLoc?: string
    pythonLoc?: string
    rLoc?: string
    driveLoc: string
    logsLoc: string
-    sasSessionController?: import('../../controllers/internal').SASSessionController
+    logsUUID: string
-    jsSessionController?: import('../../controllers/internal').JSSessionController
+    sessionController?: import('../../controllers/internal').SessionController
    appStreamConfig: import('../').AppStreamConfig
    logger: import('@sasjs/utils/logger').Logger
    runTimes: import('../../utils').RunTimeType[]
--- a/api/src/utils/getAuthorizedRoutes.ts
+++ b/api/src/utils/getAuthorizedRoutes.ts
@@ -9,7 +9,7 @@ const StaticAuthorizedRoutes = [
  '/SASjsApi/drive/file',
  '/SASjsApi/drive/folder',
  '/SASjsApi/drive/fileTree',
-  '/SASjsApi/permission'
+  '/SASjsApi/drive/rename'
 ]
 export const getAuthorizedRoutes = () => {
@@ -18,7 +18,7 @@ export const getAuthorizedRoutes = () => {
  return [...StaticAuthorizedRoutes, ...streamingAppsRoutes]
 }
-export const getUri = (req: Request) => {
+export const getPath = (req: Request) => {
  const { baseUrl, path: reqPath } = req
  if (baseUrl === '/AppStream') {
@@ -32,4 +32,4 @@ export const getUri = (req: Request) => {
 }
 export const isAuthorizingRoute = (req: Request): boolean =>
-  getAuthorizedRoutes().includes(getUri(req))
+  getAuthorizedRoutes().includes(getPath(req))
--- a/api/src/utils/getDesktopFields.ts
+++ b/api/src/utils/getDesktopFields.ts
@@ -4,9 +4,9 @@ import { createFolder, fileExists, folderExists, isWindows } from '@sasjs/utils'
 import { RunTimeType } from './verifyEnvVariables'
 export const getDesktopFields = async () => {
-  const { SAS_PATH, NODE_PATH } = process.env
+  const { SAS_PATH, NODE_PATH, PYTHON_PATH, R_PATH } = process.env
-  let sasLoc, nodeLoc
+  let sasLoc, nodeLoc, pythonLoc, rLoc
  if (process.runTimes.includes(RunTimeType.SAS)) {
    sasLoc = SAS_PATH ?? (await getSASLocation())
@@ -16,7 +16,15 @@ export const getDesktopFields = async () => {
    nodeLoc = NODE_PATH ?? (await getNodeLocation())
  }
-  return { sasLoc, nodeLoc }
+  if (process.runTimes.includes(RunTimeType.PY)) {
    pythonLoc = PYTHON_PATH ?? (await getPythonLocation())
  }
  if (process.runTimes.includes(RunTimeType.R)) {
    rLoc = R_PATH ?? (await getRLocation())
  }
  return { sasLoc, nodeLoc, pythonLoc, rLoc }
 }
 const getDriveLocation = async (): Promise<string> => {
@@ -91,3 +99,47 @@ const getNodeLocation = async (): Promise<string> => {
  return targetName
 }
 const getPythonLocation = async (): Promise<string> => {
  const validator = async (filePath: string) => {
    if (!filePath) return 'Path to Python executable is required.'
    if (!(await fileExists(filePath))) {
      return 'No file found at provided path.'
    }
    return true
  }
  const defaultLocation = isWindows() ? 'C:\\Python' : '/usr/bin/python'
  const targetName = await getString(
    'Please enter full path to a Python executable: ',
    validator,
    defaultLocation
  )
  return targetName
 }
 const getRLocation = async (): Promise<string> => {
  const validator = async (filePath: string) => {
    if (!filePath) return 'Path to R executable is required.'
    if (!(await fileExists(filePath))) {
      return 'No file found at provided path.'
    }
    return true
  }
  const defaultLocation = isWindows() ? 'C:\\Rscript' : '/usr/bin/Rscript'
  const targetName = await getString(
    'Please enter full path to a R executable: ',
    validator,
    defaultLocation
  )
  return targetName
 }
--- a/api/src/utils/getPreProgramVariables.ts
+++ b/api/src/utils/getPreProgramVariables.ts
@@ -7,7 +7,6 @@ export const getPreProgramVariables = (req: Request): PreProgramVars => {
  const { user, accessToken } = req
  const csrfToken = req.headers['x-xsrf-token'] || req.cookies['XSRF-TOKEN']
  const sessionId = req.cookies['connect.sid']
  const { _csrf } = req.cookies
  const httpHeaders: string[] = []
@@ -16,7 +15,6 @@ export const getPreProgramVariables = (req: Request): PreProgramVars => {
  const cookies: string[] = []
  if (sessionId) cookies.push(`connect.sid=${sessionId}`)
  if (_csrf) cookies.push(`_csrf=${_csrf}`)
  if (cookies.length) httpHeaders.push(`cookie: ${cookies.join('; ')}`)
--- a/api/src/utils/getRunTimeAndFilePath.ts
+++ b/api/src/utils/getRunTimeAndFilePath.ts
@@ -4,8 +4,8 @@ import { getFilesFolder } from './file'
 import { RunTimeType } from '.'
 export const getRunTimeAndFilePath = async (programPath: string) => {
-  const ext = path.extname(programPath)
+  const ext = path.extname(programPath).toLowerCase()
-  // If programPath (_program) is provided with a ".sas" or ".js" extension
+  // If programPath (_program) is provided with a ".sas", ".js", ".py" or ".r" extension
  // we should use that extension to determine the appropriate runTime
  if (ext && Object.values(RunTimeType).includes(ext.slice(1) as RunTimeType)) {
    const runTime = ext.slice(1)
--- a/api/src/utils/getTokensFromDB.ts
+++ b/api/src/utils/getTokensFromDB.ts
@@ -0,0 +1,55 @@
 import jwt from 'jsonwebtoken'
 import User from '../model/User'
 const isValidToken = async (
  token: string,
  key: string,
  userId: number,
  clientId: string
 ) => {
  const promise = new Promise<boolean>((resolve, reject) =>
    jwt.verify(token, key, (err, decoded) => {
      if (err) return reject(false)
      if (decoded?.userId === userId && decoded?.clientId === clientId) {
        return resolve(true)
      }
      return reject(false)
    })
  )
  return await promise.then(() => true).catch(() => false)
 }
 export const getTokensFromDB = async (userId: number, clientId: string) => {
  const user = await User.findOne({ id: userId })
  if (!user) return
  const currentTokenObj = user.tokens.find(
    (tokenObj: any) => tokenObj.clientId === clientId
  )
  if (currentTokenObj) {
    const accessToken = currentTokenObj.accessToken
    const refreshToken = currentTokenObj.refreshToken
    const isValidAccessToken = await isValidToken(
      accessToken,
      process.secrets.ACCESS_TOKEN_SECRET,
      userId,
      clientId
    )
    const isValidRefreshToken = await isValidToken(
      refreshToken,
      process.secrets.REFRESH_TOKEN_SECRET,
      userId,
      clientId
    )
    if (isValidAccessToken && isValidRefreshToken) {
      return { accessToken, refreshToken }
    }
  }
 }
--- a/api/src/utils/index.ts
+++ b/api/src/utils/index.ts
@@ -14,8 +14,10 @@ export * from './getDesktopFields'
 export * from './getPreProgramVariables'
 export * from './getRunTimeAndFilePath'
 export * from './getServerUrl'
 export * from './getTokensFromDB'
 export * from './instantiateLogger'
 export * from './isDebugOn'
 export * from './isPublicRoute'
 export * from './zipped'
 export * from './parseLogToArray'
 export * from './removeTokensInDB'
--- a/api/src/utils/isPublicRoute.ts
+++ b/api/src/utils/isPublicRoute.ts
@@ -0,0 +1,31 @@
 import { Request } from 'express'
 import { getPath } from './getAuthorizedRoutes'
 import Group, { PUBLIC_GROUP_NAME } from '../model/Group'
 import Permission from '../model/Permission'
 import { PermissionSettingForRoute } from '../controllers'
 import { RequestUser } from '../types'
 export const isPublicRoute = async (req: Request): Promise<boolean> => {
  const group = await Group.findOne({ name: PUBLIC_GROUP_NAME })
  if (group) {
    const path = getPath(req)
    const groupPermission = await Permission.findOne({
      path,
      group: group?._id
    })
    if (groupPermission?.setting === PermissionSettingForRoute.grant)
      return true
  }
  return false
 }
 export const publicUser: RequestUser = {
  userId: 0,
  clientId: 'public_app',
  username: 'publicUser',
  displayName: 'Public User',
  isAdmin: false,
  isActive: true
 }
--- a/api/src/utils/seedDB.ts
+++ b/api/src/utils/seedDB.ts
@@ -1,5 +1,5 @@
 import Client from '../model/Client'
-import Group from '../model/Group'
+import Group, { PUBLIC_GROUP_NAME } from '../model/Group'
 import User from '../model/User'
 import Configuration, { ConfigurationType } from '../model/Configuration'
@@ -31,6 +31,15 @@ export const seedDB = async (): Promise<ConfigurationType> => {
    console.log(`DB Seed - Group created: ${GROUP.name}`)
  }
  // Checking if 'Public' Group is already in the database
  const publicGroupExist = await Group.findOne({ name: PUBLIC_GROUP.name })
  if (!publicGroupExist) {
    const group = new Group(PUBLIC_GROUP)
    await group.save()
    console.log(`DB Seed - Group created: ${PUBLIC_GROUP.name}`)
  }
  // Checking if user is already in the database
  let usernameExist = await User.findOne({ username: ADMIN_USER.username })
  if (!usernameExist) {
@@ -68,6 +77,13 @@ const GROUP = {
  name: 'AllUsers',
  description: 'Group contains all users'
 }
 const PUBLIC_GROUP = {
  name: PUBLIC_GROUP_NAME,
  description:
    'A special group that can be used to bypass authentication for particular routes.'
 }
 const CLIENT = {
  clientId: 'clientID1',
  clientSecret: 'clientSecret'
--- a/api/src/utils/setProcessVariables.ts
+++ b/api/src/utils/setProcessVariables.ts
@@ -28,11 +28,15 @@ export const setProcessVariables = async () => {
  if (MODE === ModeType.Server) {
    process.sasLoc = process.env.SAS_PATH
    process.nodeLoc = process.env.NODE_PATH
    process.pythonLoc = process.env.PYTHON_PATH
    process.rLoc = process.env.R_PATH
  } else {
-    const { sasLoc, nodeLoc } = await getDesktopFields()
+    const { sasLoc, nodeLoc, pythonLoc, rLoc } = await getDesktopFields()
    process.sasLoc = sasLoc
    process.nodeLoc = nodeLoc
    process.pythonLoc = pythonLoc
    process.rLoc = rLoc
  }
  const { SASJS_ROOT } = process.env
@@ -48,6 +52,8 @@ export const setProcessVariables = async () => {
  await createFolder(absLogsPath)
  process.logsLoc = getRealPath(absLogsPath)
  process.logsUUID = 'SASJS_LOGS_SEPARATOR_163ee17b6ff24f028928972d80a26784'
  console.log('sasLoc: ', process.sasLoc)
  console.log('sasDrive: ', process.driveLoc)
  console.log('sasLogs: ', process.logsLoc)
--- a/api/src/utils/upload.ts
+++ b/api/src/utils/upload.ts
@@ -1,6 +1,6 @@
 import path from 'path'
 import { MulterFile } from '../types/Upload'
-import { listFilesInFolder, readFileBinary } from '@sasjs/utils'
+import { listFilesInFolder, readFileBinary, isWindows } from '@sasjs/utils'
 interface FilenameMapSingle {
  fieldName: string
@@ -118,15 +118,69 @@ export const generateFileUploadJSCode = async (
    if (fileName.includes('req_file')) {
      fileCount++
      const filePath = path.join(sessionFolder, fileName)
-      uploadCode += `\nconst _WEBIN_FILEREF${fileCount} = fs.readFileSync('${filePath}')`
+      uploadCode += `\nconst _WEBIN_FILEREF${fileCount} = fs.readFileSync('${
        isWindows() ? filePath.replace(/\\/g, '\\\\') : filePath
      }')`
      uploadCode += `\nconst _WEBIN_FILENAME${fileCount} = '${filesNamesMap[fileName].originalName}'`
      uploadCode += `\nconst _WEBIN_NAME${fileCount} = '${filesNamesMap[fileName].fieldName}'`
    }
  })
-  if (fileCount) {
+  uploadCode += `\nconst _WEBIN_FILE_COUNT = ${fileCount}`
-    uploadCode = `\nconst _WEBIN_FILE_COUNT = ${fileCount}` + uploadCode
+
-  }
+  return uploadCode
 }
 /**
 * Generates the python code that references uploaded files in the concurrent request
 * @param filesNamesMap object that maps hashed file names and original file names
 * @param sessionFolder name of the folder that is created for the purpose of files in concurrent request
 * @returns generated python code
 */
 export const generateFileUploadPythonCode = async (
  filesNamesMap: FilenamesMap,
  sessionFolder: string
 ) => {
  let uploadCode = ''
  let fileCount = 0
  const sessionFolderList: string[] = await listFilesInFolder(sessionFolder)
  sessionFolderList.forEach(async (fileName) => {
    if (fileName.includes('req_file')) {
      fileCount++
      uploadCode += `\n_WEBIN_FILENAME${fileCount} = '${filesNamesMap[fileName].originalName}'`
      uploadCode += `\n_WEBIN_NAME${fileCount} = '${filesNamesMap[fileName].fieldName}'`
    }
  })
  uploadCode += `\n_WEBIN_FILE_COUNT = ${fileCount}`
  return uploadCode
 }
 /**
 * Generates the R code that references uploaded files in the concurrent request
 * @param filesNamesMap object that maps hashed file names and original file names
 * @param sessionFolder name of the folder that is created for the purpose of files in concurrent request
 * @returns generated python code
 */
 export const generateFileUploadRCode = async (
  filesNamesMap: FilenamesMap,
  sessionFolder: string
 ) => {
  let uploadCode = ''
  let fileCount = 0
  const sessionFolderList: string[] = await listFilesInFolder(sessionFolder)
  sessionFolderList.forEach(async (fileName) => {
    if (fileName.includes('req_file')) {
      fileCount++
      uploadCode += `\n._WEBIN_FILENAME${fileCount} <- '${filesNamesMap[fileName].originalName}'`
      uploadCode += `\n._WEBIN_NAME${fileCount} <- '${filesNamesMap[fileName].fieldName}'`
    }
  })
  uploadCode += `\n._WEBIN_FILE_COUNT <- ${fileCount}`
  return uploadCode
 }
--- a/api/src/utils/validation.ts
+++ b/api/src/utils/validation.ts
@@ -1,5 +1,9 @@
 import Joi from 'joi'
-import { PermissionSetting, PrincipalType } from '../controllers/permission'
+import {
  PermissionType,
  PermissionSettingForRoute,
  PrincipalType
 } from '../controllers/permission'
 import { getAuthorizedRoutes } from './getAuthorizedRoutes'
 const usernameSchema = Joi.string().lowercase().alphanum().min(3).max(16)
@@ -89,12 +93,15 @@ export const registerClientValidation = (data: any): Joi.ValidationResult =>
 export const registerPermissionValidation = (data: any): Joi.ValidationResult =>
  Joi.object({
-    uri: Joi.string()
+    path: Joi.string()
      .required()
      .valid(...getAuthorizedRoutes()),
    type: Joi.string()
      .required()
      .valid(...Object.values(PermissionType)),
    setting: Joi.string()
      .required()
-      .valid(...Object.values(PermissionSetting)),
+      .valid(...Object.values(PermissionSettingForRoute)),
    principalType: Joi.string()
      .required()
      .valid(...Object.values(PrincipalType)),
@@ -105,7 +112,7 @@ export const updatePermissionValidation = (data: any): Joi.ValidationResult =>
  Joi.object({
    setting: Joi.string()
      .required()
-      .valid(...Object.values(PermissionSetting))
+      .valid(...Object.values(PermissionSettingForRoute))
  }).validate(data)
 export const deployValidation = (data: any): Joi.ValidationResult =>
@@ -138,9 +145,23 @@ export const fileParamValidation = (data: any): Joi.ValidationResult =>
    _filePath: filePathSchema
  }).validate(data)
-export const folderParamValidation = (data: any): Joi.ValidationResult =>
+export const folderParamValidation = (
  data: any,
  folderPathRequired?: boolean
 ): Joi.ValidationResult =>
  Joi.object({
-    _folderPath: Joi.string()
+    _folderPath: folderPathRequired ? Joi.string().required() : Joi.string()
  }).validate(data)
 export const folderBodyValidation = (data: any): Joi.ValidationResult =>
  Joi.object({
    folderPath: Joi.string().required()
  }).validate(data)
 export const renameBodyValidation = (data: any): Joi.ValidationResult =>
  Joi.object({
    oldPath: Joi.string().required(),
    newPath: Joi.string().required()
  }).validate(data)
 export const runCodeValidation = (data: any): Joi.ValidationResult =>
--- a/api/src/utils/verifyEnvVariables.ts
+++ b/api/src/utils/verifyEnvVariables.ts
@@ -1,3 +1,8 @@
 export enum MOCK_SERVERTYPEType {
  SAS9 = 'sas9',
  SASVIYA = 'sasviya'
 }
 export enum ModeType {
  Server = 'server',
  Desktop = 'desktop'
@@ -28,7 +33,9 @@ export enum LOG_FORMAT_MORGANType {
 export enum RunTimeType {
  SAS = 'sas',
-  JS = 'js'
+  JS = 'js',
  PY = 'py',
  R = 'r'
 }
 export enum ReturnCode {
@@ -39,6 +46,8 @@ export enum ReturnCode {
 export const verifyEnvVariables = (): ReturnCode => {
  const errors: string[] = []
  errors.push(...verifyMOCK_SERVERTYPE())
  errors.push(...verifyMODE())
  errors.push(...verifyPROTOCOL())
@@ -65,6 +74,23 @@ export const verifyEnvVariables = (): ReturnCode => {
  return ReturnCode.Success
 }
 const verifyMOCK_SERVERTYPE = (): string[] => {
  const errors: string[] = []
  const { MOCK_SERVERTYPE } = process.env
  if (MOCK_SERVERTYPE) {
    const modeTypes = Object.values(MOCK_SERVERTYPEType)
    if (!modeTypes.includes(MOCK_SERVERTYPE as MOCK_SERVERTYPEType))
      errors.push(
        `- MOCK_SERVERTYPE '${MOCK_SERVERTYPE}'\n - valid options ${modeTypes}`
      )
  } else {
    process.env.MOCK_SERVERTYPE = undefined
  }
  return errors
 }
 const verifyMODE = (): string[] => {
  const errors: string[] = []
  const { MODE } = process.env
@@ -125,8 +151,27 @@ const verifyCORS = (): string[] => {
  if (CORS) {
    const corsTypes = Object.values(CorsType)
    if (!corsTypes.includes(CORS as CorsType))
      errors.push(`- CORS '${CORS}'\n - valid options ${corsTypes}`)
    if (CORS === CorsType.ENABLED) {
      const { WHITELIST } = process.env
      const urls = WHITELIST?.trim()
        .split(' ')
        .filter((url) => !!url)
      if (urls?.length) {
        urls.forEach((url) => {
          if (!url.startsWith('http://') && !url.startsWith('https://'))
            errors.push(
              `- CORS '${CORS}'\n - provided WHITELIST ${url} is not valid`
            )
        })
      } else {
        errors.push(`- CORS '${CORS}'\n - provide at least one WHITELIST URL`)
      }
    }
  } else {
    const { MODE } = process.env
    process.env.CORS =
@@ -209,7 +254,8 @@ const verifyRUN_TIMES = (): string[] => {
 const verifyExecutablePaths = () => {
  const errors: string[] = []
-  const { RUN_TIMES, SAS_PATH, NODE_PATH, MODE } = process.env
+  const { RUN_TIMES, SAS_PATH, NODE_PATH, PYTHON_PATH, R_PATH, MODE } =
    process.env
  if (MODE === ModeType.Server) {
    const runTimes = RUN_TIMES?.split(',')
@@ -221,6 +267,14 @@ const verifyExecutablePaths = () => {
    if (runTimes?.includes(RunTimeType.JS) && !NODE_PATH) {
      errors.push(`- NODE_PATH is required for ${RunTimeType.JS} run time`)
    }
    if (runTimes?.includes(RunTimeType.PY) && !PYTHON_PATH) {
      errors.push(`- PYTHON_PATH is required for ${RunTimeType.PY} run time`)
    }
    if (runTimes?.includes(RunTimeType.R) && !R_PATH) {
      errors.push(`- R_PATH is required for ${RunTimeType.R} run time`)
    }
  }
  return errors
--- a/api/tsoa.json
+++ b/api/tsoa.json
@@ -12,28 +12,16 @@
    },
    "tags": [
      {
-        "name": "Info",
+        "name": "Auth",
-        "description": "Get Server Information"
+        "description": "Operations about auth"
      },
      {
        "name": "Session",
        "description": "Get Session information"
      },
      {
        "name": "User",
        "description": "Operations with users"
      },
      {
        "name": "Permission",
        "description": "Operations about permissions"
      },
      {
        "name": "Client",
        "description": "Operations about clients"
      },
      {
-        "name": "Auth",
+        "name": "Code",
-        "description": "Operations about auth"
+        "description": "Execution of code (various runtimes are supported)"
      },
      {
        "name": "Drive",
@@ -43,13 +31,25 @@
        "name": "Group",
        "description": "Operations on groups and group memberships"
      },
      {
        "name": "Info",
        "description": "Get Server Information"
      },
      {
        "name": "Permission",
        "description": "Operations about permissions"
      },
      {
        "name": "Session",
        "description": "Get Session information"
      },
      {
        "name": "STP",
        "description": "Execution of Stored Programs"
      },
      {
-        "name": "CODE",
+        "name": "User",
-        "description": "Execution of code (various runtimes are supported)"
+        "description": "Operations with users"
      },
      {
        "name": "Web",
--- a/web/package-lock.json
+++ b/web/package-lock.json
--- a/web/package.json
+++ b/web/package.json
@@ -3,13 +3,13 @@
  "version": "0.1.0",
  "private": true,
  "scripts": {
-    "start": "webpack-dev-server --config webpack.dev.ts --hot",
+    "start": "vite serve --port 3000",
-    "build": "webpack --config webpack.prod.ts"
+    "build": "vite build"
  },
  "dependencies": {
    "@emotion/react": "^11.4.1",
    "@emotion/styled": "^11.3.0",
-    "@mui/icons-material": "^5.0.3",
+    "@mui/icons-material": "^5.8.4",
    "@mui/lab": "^5.0.0-alpha.50",
    "@mui/material": "^5.0.3",
    "@mui/styles": "^5.0.1",
@@ -26,42 +26,25 @@
    "react-copy-to-clipboard": "^5.1.0",
    "react-dom": "^17.0.2",
    "react-monaco-editor": "^0.48.0",
-    "react-router-dom": "^5.3.0",
+    "react-router-dom": "^6.3.0",
    "react-toastify": "^9.0.1"
  },
  "devDependencies": {
    "@babel/core": "^7.16.0",
    "@babel/node": "^7.16.0",
    "@babel/plugin-proposal-class-properties": "^7.16.0",
    "@babel/preset-env": "^7.16.4",
    "@babel/preset-react": "^7.16.0",
    "@babel/preset-typescript": "^7.16.0",
    "@types/dotenv-webpack": "^7.0.3",
    "@types/prismjs": "^1.16.6",
    "@types/react": "^17.0.37",
    "@types/react-copy-to-clipboard": "^5.0.2",
    "@types/react-dom": "^17.0.11",
    "@types/react-router-dom": "^5.3.1",
-    "babel-loader": "^8.2.3",
+    "@vitejs/plugin-react": "^2.1.0",
    "babel-plugin-prismjs": "^2.1.0",
    "copy-webpack-plugin": "^10.0.0",
    "css-loader": "^6.5.1",
    "dotenv-webpack": "^7.1.0",
    "eslint": "^8.5.0",
    "eslint-config-react-app": "^7.0.0",
    "eslint-webpack-plugin": "^3.1.1",
    "file-loader": "^6.2.0",
    "html-webpack-plugin": "5.5.0",
    "path": "0.12.7",
    "prettier": "^2.4.1",
    "sass": "^1.44.0",
    "sass-loader": "^12.3.0",
    "style-loader": "^3.3.1",
    "ts-loader": "^9.2.6",
    "typescript": "^4.5.2",
-    "webpack": "5.64.3",
+    "vite": "^3.1.4",
-    "webpack-cli": "^4.9.2",
+    "vite-plugin-env-compatible": "^1.1.1",
-    "webpack-dev-server": "4.7.4"
+    "vite-plugin-html": "^3.2.0",
    "vite-plugin-monaco-editor": "^1.1.0"
  },
  "eslintConfig": {
    "extends": [
--- a/web/src/App.tsx
+++ b/web/src/App.tsx
@@ -1,12 +1,11 @@
 import React, { useContext } from 'react'
-import { Route, HashRouter, Switch } from 'react-router-dom'
+import { Route, HashRouter, Routes } from 'react-router-dom'
 import { ThemeProvider } from '@mui/material/styles'
 import { theme } from './theme'
 import Login from './components/login'
 import Header from './components/header'
 import Home from './components/home'
 import Drive from './containers/Drive'
 import Studio from './containers/Studio'
 import Settings from './containers/Settings'
@@ -22,11 +21,9 @@ function App() {
      <ThemeProvider theme={theme}>
        <HashRouter>
          <Header />
-          <Switch>
+          <Routes>
-            <Route path="/">
+            <Route path="*" element={<Login />} />
-              <Login />
+          </Routes>
            </Route>
          </Switch>
        </HashRouter>
      </ThemeProvider>
    )
@@ -36,23 +33,12 @@ function App() {
    <ThemeProvider theme={theme}>
      <HashRouter>
        <Header />
-        <Switch>
+        <Routes>
-          <Route exact path="/">
+          <Route path="/" element={<Home />} />
-            <Home />
+          <Route path="/SASjsStudio" element={<Studio />} />
-          </Route>
+          <Route path="/SASjsSettings" element={<Settings />} />
-          <Route exact path="/SASjsDrive">
+          <Route path="/SASjsLogon" element={<AuthCode />} />
-            <Drive />
+        </Routes>
          </Route>
          <Route exact path="/SASjsStudio">
            <Studio />
          </Route>
          <Route exact path="/SASjsSettings">
            <Settings />
          </Route>
          <Route exact path="/SASjsLogon">
            <AuthCode />
          </Route>
        </Switch>
        <ToastContainer />
      </HashRouter>
    </ThemeProvider>
--- a/web/src/containers/Settings/deletePermissionModal.tsx
+++ b/web/src/containers/Settings/deletePermissionModal.tsx
@@ -18,22 +18,27 @@ const BootstrapDialog = styled(Dialog)(({ theme }) => ({
  }
 }))
-type DeleteModalProps = {
+type DeleteConfirmationModalProps = {
  open: boolean
  setOpen: React.Dispatch<React.SetStateAction<boolean>>
-  deletePermission: () => void
+  message: string
  _delete: () => void
 }
-const DeleteModal = ({ open, setOpen, deletePermission }: DeleteModalProps) => {
+const DeleteConfirmationModal = ({
  open,
  setOpen,
  message,
  _delete
 }: DeleteConfirmationModalProps) => {
  return (
    <BootstrapDialog onClose={() => setOpen(false)} open={open}>
      <DialogContent dividers>
-        <Typography gutterBottom>
+        <Typography gutterBottom>{message}</Typography>
          Are you sure you want to delete this permission?
        </Typography>
      </DialogContent>
      <DialogActions>
-        <Button color="error" onClick={() => deletePermission()}>
+        <Button onClick={() => setOpen(false)}>Cancel</Button>
        <Button color="error" onClick={() => _delete()}>
          Delete
        </Button>
      </DialogActions>
@@ -41,4 +46,4 @@ const DeleteModal = ({ open, setOpen, deletePermission }: DeleteModalProps) => {
  )
 }
-export default DeleteModal
+export default DeleteConfirmationModal
--- a/web/src/components/filePathInputModal.tsx
+++ b/web/src/components/filePathInputModal.tsx
@@ -0,0 +1,83 @@
 import React, { useState } from 'react'
 import { Button, DialogActions, DialogContent, TextField } from '@mui/material'
 import { BootstrapDialogTitle } from './dialogTitle'
 import { BootstrapDialog } from './modal'
 type FilePathInputModalProps = {
  open: boolean
  setOpen: React.Dispatch<React.SetStateAction<boolean>>
  saveFile: (filePath: string) => void
 }
 const FilePathInputModal = ({
  open,
  setOpen,
  saveFile
 }: FilePathInputModalProps) => {
  const [filePath, setFilePath] = useState('')
  const [hasError, setHasError] = useState(false)
  const [errorText, setErrorText] = useState('')
  const handleChange = (event: React.ChangeEvent<HTMLInputElement>) => {
    const value = event.target.value
    const specialChars = /[`!@#$%^&*()+\-=[\]{};':"\\|,<>?~]/
    const fileExtension = /\.(exe|sh|htaccess)$/i
    if (specialChars.test(value)) {
      setHasError(true)
      setErrorText('can not have special characters')
    } else if (fileExtension.test(value)) {
      setHasError(true)
      setErrorText('can not save file with extensions [exe, sh, htaccess]')
    } else {
      setHasError(false)
      setErrorText('')
    }
    setFilePath(value)
  }
  const handleSubmit = (event: React.FormEvent<HTMLFormElement>) => {
    event.preventDefault()
    if (hasError || !filePath) return
    saveFile(filePath)
  }
  return (
    <BootstrapDialog fullWidth onClose={() => setOpen(false)} open={open}>
      <BootstrapDialogTitle id="abort-modal" handleOpen={setOpen}>
        Save File
      </BootstrapDialogTitle>
      <DialogContent dividers>
        <form onSubmit={handleSubmit}>
          <TextField
            fullWidth
            autoFocus
            variant="outlined"
            label="File Path"
            value={filePath}
            onChange={handleChange}
            error={hasError}
            helperText={errorText}
          />
        </form>
      </DialogContent>
      <DialogActions>
        <Button variant="contained" onClick={() => setOpen(false)}>
          Cancel
        </Button>
        <Button
          variant="contained"
          onClick={() => saveFile(filePath)}
          disabled={hasError || !filePath}
        >
          Save
        </Button>
      </DialogActions>
    </BootstrapDialog>
  )
 }
 export default FilePathInputModal
--- a/web/src/components/header.tsx
+++ b/web/src/components/header.tsx
@@ -1,17 +1,19 @@
 import React, { useState, useEffect, useContext } from 'react'
-import { Link, useHistory, useLocation } from 'react-router-dom'
+import { Link, useNavigate, useLocation } from 'react-router-dom'
 import {
  Box,
  AppBar,
  Toolbar,
  Tabs,
  Tab,
  Button,
  Menu,
-  MenuItem
+  MenuItem,
  IconButton,
  Typography
 } from '@mui/material'
-import OpenInNewIcon from '@mui/icons-material/OpenInNew'
+import { OpenInNew, Settings, Menu as MenuIcon } from '@mui/icons-material'
 import SettingsIcon from '@mui/icons-material/Settings'
 import Username from './username'
 import { AppContext } from '../context/appContext'
@@ -24,37 +26,44 @@ const baseUrl =
 const validTabs = ['/', '/SASjsDrive', '/SASjsStudio']
 const Header = (props: any) => {
-  const history = useHistory()
+  const navigate = useNavigate()
  const { pathname } = useLocation()
  const appContext = useContext(AppContext)
  const [tabValue, setTabValue] = useState(
    validTabs.includes(pathname) ? pathname : '/'
  )
-  const [anchorEl, setAnchorEl] = useState<
+
-    (EventTarget & HTMLButtonElement) | null
+  const [anchorElNav, setAnchorElNav] = React.useState<null | HTMLElement>(null)
-  >(null)
+  const [anchorElUser, setAnchorElUser] = React.useState<null | HTMLElement>(
    null
  )
  const handleOpenNavMenu = (event: React.MouseEvent<HTMLElement>) => {
    setAnchorElNav(event.currentTarget)
  }
  const handleOpenUserMenu = (event: React.MouseEvent<HTMLElement>) => {
    setAnchorElUser(event.currentTarget)
  }
  const handleCloseNavMenu = () => {
    setAnchorElNav(null)
  }
  const handleCloseUserMenu = () => {
    setAnchorElUser(null)
  }
  useEffect(() => {
    setTabValue(validTabs.includes(pathname) ? pathname : '/')
  }, [pathname])
  const handleMenu = (
    event: React.MouseEvent<HTMLButtonElement, MouseEvent>
  ) => {
    setAnchorEl(event.currentTarget)
  }
  const handleClose = () => {
    setAnchorEl(null)
  }
  const handleTabChange = (event: React.SyntheticEvent, value: string) => {
    setTabValue(value)
  }
  const handleLogout = () => {
    if (appContext.logout) {
-      handleClose()
+      handleCloseUserMenu()
      appContext.logout()
    }
  }
@@ -64,60 +73,129 @@ const Header = (props: any) => {
      sx={{ zIndex: (theme) => theme.zIndex.drawer + 1 }}
    >
      <Toolbar variant="dense">
-        <img
+        <Box sx={{ display: { xs: 'none', md: 'flex' } }}>
-          src="logo.png"
+          <img
-          alt="logo"
+            src="logo.png"
-          style={{
+            alt="logo"
-            width: '35px',
+            style={{
-            cursor: 'pointer',
+              width: '35px',
-            marginRight: '25px'
+              height: '35px',
-          }}
+              marginTop: '9px',
-          onClick={() => {
+              cursor: 'pointer',
-            setTabValue('/')
+              marginRight: '25px'
-            history.push('/')
+            }}
-          }}
+            onClick={() => {
-        />
+              setTabValue('/')
-        <Tabs
+              navigate('/')
-          indicatorColor="secondary"
+            }}
          value={tabValue}
          onChange={handleTabChange}
        >
          <Tab label="Home" value="/" to="/" component={Link} />
          <Tab
            label="Drive"
            value="/SASjsDrive"
            to="/SASjsDrive"
            component={Link}
          />
-          <Tab
+          <Tabs
-            label="Studio"
+            indicatorColor="secondary"
-            value="/SASjsStudio"
+            value={tabValue}
-            to="/SASjsStudio"
+            onChange={handleTabChange}
-            component={Link}
+          >
            <Tab label="Home" value="/" to="/" component={Link} />
            <Tab
              label="Studio"
              value="/SASjsStudio"
              to="/SASjsStudio"
              component={Link}
            />
          </Tabs>
          <Button
            href={`${baseUrl}/AppStream`}
            target="_blank"
            rel="noreferrer"
            variant="contained"
            color="primary"
            size="large"
            endIcon={<OpenInNew />}
          >
            Apps
          </Button>
        </Box>
        <Box sx={{ flexGrow: 1, display: { xs: 'flex', md: 'none' } }}>
          <IconButton size="large" onClick={handleOpenNavMenu} color="inherit">
            <MenuIcon />
          </IconButton>
          <Menu
            id="menu-appbar"
            anchorEl={anchorElNav}
            anchorOrigin={{
              vertical: 'bottom',
              horizontal: 'left'
            }}
            keepMounted
            transformOrigin={{
              vertical: 'top',
              horizontal: 'left'
            }}
            open={!!anchorElNav}
            onClose={handleCloseNavMenu}
            sx={{
              display: { xs: 'block', md: 'none' }
            }}
          >
            <MenuItem sx={{ justifyContent: 'center' }}>
              <Button
                component={Link}
                to="/"
                onClick={handleCloseNavMenu}
                variant="contained"
                color="primary"
              >
                Home
              </Button>
            </MenuItem>
            <MenuItem sx={{ justifyContent: 'center' }}>
              <Button
                component={Link}
                to="/SASjsStudio"
                onClick={handleCloseNavMenu}
                variant="contained"
                color="primary"
              >
                Studio
              </Button>
            </MenuItem>
            <MenuItem sx={{ justifyContent: 'center' }}>
              <Button
                href={`${baseUrl}/AppStream`}
                target="_blank"
                rel="noreferrer"
                onClick={handleCloseNavMenu}
                variant="contained"
                color="primary"
                endIcon={<OpenInNew />}
              >
                Apps
              </Button>
            </MenuItem>
          </Menu>
        </Box>
        <Box sx={{ display: { xs: 'flex', md: 'none' } }}>
          <img
            src="logo.png"
            alt="logo"
            style={{
              width: '35px',
              height: '35px',
              marginTop: '2px',
              cursor: 'pointer',
              marginRight: '25px'
            }}
            onClick={() => {
              setTabValue('/')
              navigate('/')
            }}
          />
-        </Tabs>
+        </Box>
-        <Button
+
          href={`${baseUrl}/SASjsApi`}
          target="_blank"
          rel="noreferrer"
          variant="contained"
          color="primary"
          size="large"
          endIcon={<OpenInNewIcon />}
        >
          API Docs
        </Button>
        <Button
          href={`${baseUrl}/AppStream`}
          target="_blank"
          rel="noreferrer"
          variant="contained"
          color="primary"
          size="large"
          endIcon={<OpenInNewIcon />}
        >
          App Stream
        </Button>
        <div
          style={{
            display: 'flex',
@@ -127,11 +205,11 @@ const Header = (props: any) => {
        >
          <Username
            username={appContext.displayName || appContext.username}
-            onClickHandler={handleMenu}
+            onClickHandler={handleOpenUserMenu}
          />
          <Menu
            id="menu-appbar"
-            anchorEl={anchorEl}
+            anchorEl={anchorElUser}
            anchorOrigin={{
              vertical: 'bottom',
              horizontal: 'center'
@@ -141,38 +219,70 @@ const Header = (props: any) => {
              vertical: 'top',
              horizontal: 'center'
            }}
-            open={!!anchorEl}
+            open={!!anchorElUser}
-            onClose={handleClose}
+            onClose={handleCloseUserMenu}
          >
            {appContext.loggedIn && (
              <MenuItem
                sx={{ justifyContent: 'center', display: { md: 'none' } }}
              >
                <Typography
                  variant="h5"
                  sx={{ border: '1px solid black', padding: '5px' }}
                >
                  {appContext.displayName || appContext.username}
                </Typography>
              </MenuItem>
            )}
            <MenuItem sx={{ justifyContent: 'center' }}>
              <Button
                component={Link}
                to="/SASjsSettings"
                onClick={handleCloseUserMenu}
                variant="contained"
                color="primary"
                startIcon={<Settings />}
              >
                Settings
              </Button>
            </MenuItem>
            <MenuItem sx={{ justifyContent: 'center' }}>
              <Button
                href={'https://server.sasjs.io'}
                target="_blank"
                rel="noreferrer"
                variant="contained"
                color="primary"
                size="large"
                color="primary"
                endIcon={<OpenInNew />}
              >
-                Documentation
+                Docs
              </Button>
            </MenuItem>
            <MenuItem sx={{ justifyContent: 'center' }}>
              <Button
-                component={Link}
+                href={`${baseUrl}/SASjsApi`}
-                to="/SASjsSettings"
+                target="_blank"
-                onClick={handleClose}
+                rel="noreferrer"
                variant="contained"
                color="primary"
-                startIcon={<SettingsIcon />}
+                size="large"
                endIcon={<OpenInNew />}
              >
-                Settings
+                API
              </Button>
            </MenuItem>
            <MenuItem onClick={handleLogout} sx={{ justifyContent: 'center' }}>
              <Button variant="contained" color="primary">
                Logout
              </Button>
            </MenuItem>
            {appContext.loggedIn && (
              <MenuItem
                onClick={handleLogout}
                sx={{ justifyContent: 'center' }}
              >
                <Button variant="contained" color="primary">
                  Logout
                </Button>
              </MenuItem>
            )}
          </Menu>
        </div>
      </Toolbar>
--- a/web/src/components/modal.tsx
+++ b/web/src/components/modal.tsx
@@ -5,7 +5,7 @@ import { styled } from '@mui/material/styles'
 import { BootstrapDialogTitle } from './dialogTitle'
-const BootstrapDialog = styled(Dialog)(({ theme }) => ({
+export const BootstrapDialog = styled(Dialog)(({ theme }) => ({
  '& .MuiDialogContent-root': {
    padding: theme.spacing(2)
  },
@@ -14,7 +14,7 @@ const BootstrapDialog = styled(Dialog)(({ theme }) => ({
  }
 }))
-export interface ModalProps {
+type ModalProps = {
  open: boolean
  setOpen: React.Dispatch<React.SetStateAction<boolean>>
  title: string
--- a/web/src/components/nameInputModal.tsx
+++ b/web/src/components/nameInputModal.tsx
@@ -0,0 +1,109 @@
 import React, { useState, useEffect } from 'react'
 import { Button, DialogActions, DialogContent, TextField } from '@mui/material'
 import { BootstrapDialogTitle } from './dialogTitle'
 import { BootstrapDialog } from './modal'
 type NameInputModalProps = {
  open: boolean
  setOpen: React.Dispatch<React.SetStateAction<boolean>>
  title: string
  isFolder: boolean
  actionLabel: string
  action: (name: string) => void
  defaultName?: string
 }
 const NameInputModal = ({
  open,
  setOpen,
  title,
  isFolder,
  actionLabel,
  action,
  defaultName
 }: NameInputModalProps) => {
  const [name, setName] = useState('')
  const [hasError, setHasError] = useState(false)
  const [errorText, setErrorText] = useState('')
  useEffect(() => {
    if (defaultName) setName(defaultName)
  }, [defaultName])
  const handleFocus = (
    event: React.FocusEvent<HTMLInputElement | HTMLTextAreaElement, Element>
  ) => {
    if (defaultName) {
      event.target.select()
    }
  }
  const handleChange = (event: React.ChangeEvent<HTMLInputElement>) => {
    const value = event.target.value
    const folderNameRegex = /[`!@#$%^&*()_+\-=[\]{};':"\\|,.<>/?~]/
    const fileNameRegex = /[`!@#$%^&*()+\-=[\]{};':"\\|,<>/?~]/
    const fileNameExtensionRegex = /.(exe|sh|htaccess)$/i
    const specialChars = isFolder ? folderNameRegex : fileNameRegex
    if (specialChars.test(value)) {
      setHasError(true)
      setErrorText('can not have special characters')
    } else if (!isFolder && fileNameExtensionRegex.test(value)) {
      setHasError(true)
      setErrorText('can not add file with extensions [exe, sh, htaccess]')
    } else {
      setHasError(false)
      setErrorText('')
    }
    setName(value)
  }
  const handleSubmit = (event: React.FormEvent<HTMLFormElement>) => {
    event.preventDefault()
    if (hasError || !name) return
    action(name)
  }
  return (
    <BootstrapDialog fullWidth onClose={() => setOpen(false)} open={open}>
      <BootstrapDialogTitle id="abort-modal" handleOpen={setOpen}>
        {title}
      </BootstrapDialogTitle>
      <DialogContent dividers>
        <form onSubmit={handleSubmit}>
          <TextField
            id="input-box"
            fullWidth
            autoFocus
            onFocus={handleFocus}
            variant="outlined"
            label={isFolder ? 'Folder Name' : 'File Name'}
            value={name}
            onChange={handleChange}
            error={hasError}
            helperText={errorText}
          />
        </form>
      </DialogContent>
      <DialogActions>
        <Button variant="contained" onClick={() => setOpen(false)}>
          Cancel
        </Button>
        <Button
          variant="contained"
          onClick={() => action(name)}
          disabled={hasError || !name}
        >
          {actionLabel}
        </Button>
      </DialogActions>
    </BootstrapDialog>
  )
 }
 export default NameInputModal
--- a/web/src/components/tree.tsx
+++ b/web/src/components/tree.tsx
@@ -0,0 +1,266 @@
 import React, { useEffect, useState } from 'react'
 import { Menu, MenuItem } from '@mui/material'
 import ExpandMoreIcon from '@mui/icons-material/ExpandMore'
 import ChevronRightIcon from '@mui/icons-material/ChevronRight'
 import DeleteConfirmationModal from './deleteConfirmationModal'
 import NameInputModal from './nameInputModal'
 import { TreeNode } from '../utils/types'
 type Props = {
  node: TreeNode
  selectedFilePath: string
  handleSelect: (filePath: string) => void
  deleteNode: (path: string, isFolder: boolean) => void
  addFile: (path: string) => void
  addFolder: (path: string) => void
  rename: (oldPath: string, newPath: string) => void
  defaultExpanded?: string[]
 }
 const TreeView = ({
  node,
  selectedFilePath,
  handleSelect,
  deleteNode,
  addFile,
  addFolder,
  rename,
  defaultExpanded
 }: Props) => {
  return (
    <ul
      style={{
        listStyle: 'none',
        padding: '0.25rem 0.85rem',
        width: 'max-content'
      }}
    >
      <TreeViewNode
        node={node}
        selectedFilePath={selectedFilePath}
        handleSelect={handleSelect}
        deleteNode={deleteNode}
        addFile={addFile}
        addFolder={addFolder}
        rename={rename}
        defaultExpanded={defaultExpanded}
      />
    </ul>
  )
 }
 export default TreeView
 const TreeViewNode = ({
  node,
  selectedFilePath,
  handleSelect,
  deleteNode,
  addFile,
  addFolder,
  rename,
  defaultExpanded
 }: Props) => {
  const [deleteConfirmationModalOpen, setDeleteConfirmationModalOpen] =
    useState(false)
  const [deleteConfirmationModalMessage, setDeleteConfirmationModalMessage] =
    useState('')
  const [defaultInputModalName, setDefaultInputModalName] = useState('')
  const [nameInputModalOpen, setNameInputModalOpen] = useState(false)
  const [nameInputModalTitle, setNameInputModalTitle] = useState('')
  const [nameInputModalActionLabel, setNameInputModalActionLabel] = useState('')
  const [nameInputModalForFolder, setNameInputModalForFolder] = useState(false)
  const [childVisible, setChildVisibility] = useState(false)
  const [contextMenu, setContextMenu] = useState<{
    mouseX: number
    mouseY: number
  } | null>(null)
  const launchProgram = () => {
    const baseUrl = window.location.origin
    window.open(`${baseUrl}/SASjsApi/stp/execute?_program=${node.relativePath}`)
  }
  const launchProgramWithDebug = () => {
    const baseUrl = window.location.origin
    window.open(
      `${baseUrl}/SASjsApi/stp/execute?_program=${node.relativePath}&_debug=131`
    )
  }
  const handleContextMenu = (event: React.MouseEvent) => {
    event.preventDefault()
    event.stopPropagation()
    setContextMenu(
      contextMenu === null
        ? {
            mouseX: event.clientX + 2,
            mouseY: event.clientY - 6
          }
        : null
    )
  }
  const hasChild = node.children.length ? true : false
  const handleItemClick = () => {
    if (node.children.length) {
      setChildVisibility((v) => !v)
      return
    }
    handleSelect(node.relativePath)
  }
  useEffect(() => {
    if (defaultExpanded && defaultExpanded[0] === node.relativePath) {
      setChildVisibility(true)
      defaultExpanded.shift()
    }
  }, [defaultExpanded, node.relativePath])
  const handleDeleteItemClick = () => {
    setContextMenu(null)
    setDeleteConfirmationModalOpen(true)
    setDeleteConfirmationModalMessage(
      `Are you sure you want to delete ${node.isFolder ? 'folder' : 'file'} "${
        node.relativePath
      }"?`
    )
  }
  const deleteConfirm = () => {
    setDeleteConfirmationModalOpen(false)
    deleteNode(node.relativePath, node.isFolder)
  }
  const handleNewFolderItemClick = () => {
    setContextMenu(null)
    setNameInputModalOpen(true)
    setNameInputModalTitle('Add Folder')
    setNameInputModalActionLabel('Add')
    setNameInputModalForFolder(true)
    setDefaultInputModalName('')
  }
  const handleNewFileItemClick = () => {
    setContextMenu(null)
    setNameInputModalOpen(true)
    setNameInputModalTitle('Add File')
    setNameInputModalActionLabel('Add')
    setNameInputModalForFolder(false)
    setDefaultInputModalName('')
  }
  const addFileFolder = (name: string) => {
    setNameInputModalOpen(false)
    const path = node.relativePath + '/' + name
    if (nameInputModalForFolder) addFolder(path)
    else addFile(path)
  }
  const handleRenameItemClick = () => {
    setContextMenu(null)
    setNameInputModalOpen(true)
    setNameInputModalTitle('Rename')
    setNameInputModalActionLabel('Rename')
    setNameInputModalForFolder(node.isFolder)
    setDefaultInputModalName(node.relativePath.split('/').pop() ?? '')
  }
  const renameFileFolder = (name: string) => {
    setNameInputModalOpen(false)
    const oldPath = node.relativePath
    const splittedPath = node.relativePath.split('/')
    splittedPath.splice(-1, 1, name)
    const newPath = splittedPath.join('/')
    rename(oldPath, newPath)
  }
  return (
    <div onContextMenu={handleContextMenu} style={{ cursor: 'context-menu' }}>
      <li style={{ display: 'list-item' }}>
        <div
          className={`tree-item-label ${
            selectedFilePath === node.relativePath ? 'selected' : ''
          }`}
          onClick={() => handleItemClick()}
        >
          {hasChild &&
            (childVisible ? <ExpandMoreIcon /> : <ChevronRightIcon />)}
          <div>{node.name}</div>
        </div>
        {hasChild &&
          childVisible &&
          node.children.map((child, index) => (
            <TreeView
              key={node.relativePath + '-' + index}
              node={child}
              selectedFilePath={selectedFilePath}
              handleSelect={handleSelect}
              deleteNode={deleteNode}
              addFile={addFile}
              addFolder={addFolder}
              rename={rename}
              defaultExpanded={defaultExpanded}
            />
          ))}
      </li>
      <DeleteConfirmationModal
        open={deleteConfirmationModalOpen}
        setOpen={setDeleteConfirmationModalOpen}
        message={deleteConfirmationModalMessage}
        _delete={deleteConfirm}
      />
      <NameInputModal
        open={nameInputModalOpen}
        setOpen={setNameInputModalOpen}
        title={nameInputModalTitle}
        isFolder={nameInputModalForFolder}
        actionLabel={nameInputModalActionLabel}
        action={
          nameInputModalActionLabel === 'Add' ? addFileFolder : renameFileFolder
        }
        defaultName={defaultInputModalName}
      />
      <Menu
        open={contextMenu !== null}
        onClose={() => setContextMenu(null)}
        anchorReference="anchorPosition"
        anchorPosition={
          contextMenu !== null
            ? { top: contextMenu.mouseY, left: contextMenu.mouseX }
            : undefined
        }
      >
        {node.isFolder ? (
          <>
            <MenuItem onClick={handleNewFolderItemClick}>Add Folder</MenuItem>
            <MenuItem
              disabled={!node.relativePath}
              onClick={handleNewFileItemClick}
            >
              Add File
            </MenuItem>
          </>
        ) : (
          <>
            <MenuItem onClick={launchProgram}>Launch</MenuItem>
            <MenuItem onClick={launchProgramWithDebug}>
              Launch and Debug
            </MenuItem>
          </>
        )}
        {!!node.relativePath && (
          <>
            <MenuItem onClick={handleRenameItemClick}>Rename</MenuItem>
            <MenuItem onClick={handleDeleteItemClick}>Delete</MenuItem>
          </>
        )}
      </Menu>
    </div>
  )
 }
--- a/web/src/components/username.tsx
+++ b/web/src/components/username.tsx
@@ -20,7 +20,14 @@ const Username = (props: any) => {
      ) : (
        <AccountCircle></AccountCircle>
      )}
-      <Typography variant="h6" sx={{ color: 'white', padding: '0 8px' }}>
+      <Typography
        variant="h6"
        sx={{
          color: 'white',
          padding: '0 8px',
          display: { xs: 'none', md: 'flex' }
        }}
      >
        {props.username}
      </Typography>
    </IconButton>
--- a/web/src/containers/Drive/index.tsx
+++ b/web/src/containers/Drive/index.tsx
@@ -1,106 +0,0 @@
 import React, { useState, useEffect, useCallback } from 'react'
 import { useLocation } from 'react-router-dom'
 import axios from 'axios'
 import CssBaseline from '@mui/material/CssBaseline'
 import Box from '@mui/material/Box'
 import SideBar from './sideBar'
 import Main from './main'
 export interface TreeNode {
  name: string
  relativePath: string
  absolutePath: string
  children: Array<TreeNode>
 }
 const Drive = () => {
  const location = useLocation()
  const baseUrl = window.location.origin
  const [selectedFilePath, setSelectedFilePath] = useState('')
  const [directoryData, setDirectoryData] = useState<TreeNode | null>(null)
  const setFilePathOnMount = useCallback(() => {
    const queryParams = new URLSearchParams(location.search)
    setSelectedFilePath(queryParams.get('filePath') ?? '')
  }, [location.search])
  useEffect(() => {
    axios
      .get(`/SASjsApi/drive/fileTree`)
      .then((res: any) => {
        if (res.data && res.data?.status === 'success') {
          setDirectoryData(res.data.tree)
        }
      })
      .catch((err) => {
        console.log(err)
      })
    setFilePathOnMount()
  }, [setFilePathOnMount])
  const handleSelect = (node: TreeNode) => {
    if (node.children.length) return
    if (!node.name.includes('.')) return
    window.history.pushState(
      '',
      '',
      `${baseUrl}/#/SASjsDrive?filePath=${node.relativePath}`
    )
    setSelectedFilePath(node.relativePath)
  }
  const removeFileFromTree = (path: string) => {
    if (directoryData) {
      const newTree = JSON.parse(JSON.stringify(directoryData)) as TreeNode
      findAndRemoveNode(newTree, newTree, path)
      setDirectoryData(newTree)
    }
  }
  const findAndRemoveNode = (
    node: TreeNode,
    parentNode: TreeNode,
    path: string
  ) => {
    if (node.relativePath === path) {
      removeNodeFromParent(parentNode, path)
      return true
    }
    if (Array.isArray(node.children)) {
      for (let i = 0; i < node.children.length; i++) {
        if (findAndRemoveNode(node.children[i], node, path)) return
      }
    }
  }
  const removeNodeFromParent = (parent: TreeNode, path: string) => {
    const index = parent.children.findIndex(
      (node) => node.relativePath === path
    )
    if (index !== -1) {
      parent.children.splice(index, 1)
    }
  }
  return (
    <Box sx={{ display: 'flex' }}>
      <CssBaseline />
      <SideBar
        selectedFilePath={selectedFilePath}
        directoryData={directoryData}
        handleSelect={handleSelect}
      />
      <Main
        selectedFilePath={selectedFilePath}
        removeFileFromTree={removeFileFromTree}
      />
    </Box>
  )
 }
 export default Drive
--- a/web/src/containers/Drive/main.tsx
+++ b/web/src/containers/Drive/main.tsx
@@ -1,173 +0,0 @@
 import React, { useState, useEffect } from 'react'
 import { Link } from 'react-router-dom'
 import axios from 'axios'
 import Editor from 'react-monaco-editor'
 import Box from '@mui/material/Box'
 import Paper from '@mui/material/Paper'
 import Stack from '@mui/material/Stack'
 import Button from '@mui/material/Button'
 import Toolbar from '@mui/material/Toolbar'
 import CircularProgress from '@mui/material/CircularProgress'
 type Props = {
  selectedFilePath: string
  removeFileFromTree: (path: string) => void
 }
 const Main = (props: Props) => {
  const baseUrl = window.location.origin
  const [isLoading, setIsLoading] = useState(false)
  const [fileContentBeforeEdit, setFileContentBeforeEdit] = useState('')
  const [fileContent, setFileContent] = useState('')
  const [editMode, setEditMode] = useState(false)
  useEffect(() => {
    if (props.selectedFilePath) {
      setIsLoading(true)
      axios
        .get(`/SASjsApi/drive/file?_filePath=${props.selectedFilePath}`)
        .then((res: any) => {
          setFileContent(res.data)
        })
        .catch((err) => {
          console.log(err)
        })
        .finally(() => {
          setIsLoading(false)
        })
    }
  }, [props.selectedFilePath])
  const handleDeleteBtnClick = () => {
    setIsLoading(true)
    const filePath = props.selectedFilePath
    axios
      .delete(`/SASjsApi/drive/file?_filePath=${filePath}`)
      .then((res) => {
        setFileContent('')
        props.removeFileFromTree(filePath)
        window.history.pushState('', '', `${baseUrl}/#/SASjsDrive`)
      })
      .catch((err) => {
        console.log(err)
      })
      .finally(() => {
        setIsLoading(false)
      })
  }
  const handleEditSaveBtnClick = () => {
    if (!editMode) {
      setFileContentBeforeEdit(fileContent)
      setEditMode(true)
    } else {
      setIsLoading(true)
      const formData = new FormData()
      const stringBlob = new Blob([fileContent], { type: 'text/plain' })
      formData.append('file', stringBlob, 'filename.sas')
      formData.append('filePath', props.selectedFilePath)
      axios
        .patch(`/SASjsApi/drive/file`, formData)
        .then((res) => {
          setEditMode(false)
        })
        .catch((err) => {
          console.log(err)
        })
        .finally(() => {
          setIsLoading(false)
        })
    }
  }
  const handleCancelExecuteBtnClick = () => {
    if (editMode) {
      setFileContent(fileContentBeforeEdit)
      setEditMode(false)
    } else {
      window.open(
        `${baseUrl}/SASjsApi/stp/execute?_program=${props.selectedFilePath}`
      )
    }
  }
  return (
    <Box component="main" sx={{ flexGrow: 1, p: 3 }}>
      <Toolbar />
      <Paper
        sx={{
          height: '75vh',
          padding: '10px',
          overflow: 'auto',
          position: 'relative'
        }}
        elevation={3}
      >
        {isLoading && (
          <CircularProgress
            style={{ position: 'absolute', left: '50%', top: '50%' }}
          />
        )}
        {!isLoading && props?.selectedFilePath && !editMode && (
          <code style={{ whiteSpace: 'break-spaces' }}>{fileContent}</code>
        )}
        {!isLoading && props?.selectedFilePath && editMode && (
          <Editor
            height="95%"
            language="sas"
            value={fileContent}
            onChange={(val) => {
              if (val) setFileContent(val)
            }}
          />
        )}
      </Paper>
      <Stack
        spacing={3}
        direction="row"
        sx={{ justifyContent: 'center', marginTop: '20px' }}
      >
        <Button
          variant="contained"
          onClick={handleDeleteBtnClick}
          disabled={isLoading || !props?.selectedFilePath}
        >
          Delete
        </Button>
        <Button
          variant="contained"
          onClick={handleEditSaveBtnClick}
          disabled={isLoading || !props?.selectedFilePath}
        >
          {!editMode ? 'Edit' : 'Save'}
        </Button>
        <Button
          variant="contained"
          onClick={handleCancelExecuteBtnClick}
          disabled={isLoading || !props?.selectedFilePath}
        >
          {editMode ? 'Cancel' : 'Execute'}
        </Button>
        {props?.selectedFilePath && (
          <Button
            variant="contained"
            component={Link}
            to={`/SASjsStudio?_program=${props.selectedFilePath}`}
          >
            Open in Studio
          </Button>
        )}
      </Stack>
    </Box>
  )
 }
 export default Main
--- a/web/src/containers/Drive/sideBar.tsx
+++ b/web/src/containers/Drive/sideBar.tsx
@@ -1,100 +0,0 @@
 import React, { useMemo } from 'react'
 import { makeStyles } from '@mui/styles'
 import Box from '@mui/material/Box'
 import Drawer from '@mui/material/Drawer'
 import Toolbar from '@mui/material/Toolbar'
 import ListItem from '@mui/material/ListItem'
 import ListItemText from '@mui/material/ListItemText'
 import TreeView from '@mui/lab/TreeView'
 import TreeItem from '@mui/lab/TreeItem'
 import ExpandMoreIcon from '@mui/icons-material/ExpandMore'
 import ChevronRightIcon from '@mui/icons-material/ChevronRight'
 import { TreeNode } from '.'
 const useStyles = makeStyles(() => ({
  root: {
    '& .MuiTreeItem-content': {
      width: 'auto'
    }
  },
  listItem: {
    padding: 0
  }
 }))
 const drawerWidth = 240
 type Props = {
  selectedFilePath: string
  directoryData: TreeNode | null
  handleSelect: (node: TreeNode) => void
 }
 const SideBar = ({ selectedFilePath, directoryData, handleSelect }: Props) => {
  const classes = useStyles()
  const defaultExpanded = useMemo(() => {
    const splittedPath = selectedFilePath.split('/')
    const arr = ['']
    let nodeId = ''
    splittedPath.forEach((path) => {
      if (path !== '') {
        nodeId += '/' + path
        arr.push(nodeId)
      }
    })
    return arr
  }, [selectedFilePath])
  const renderTree = (nodes: TreeNode) => (
    <TreeItem
      classes={{ root: classes.root }}
      key={nodes.relativePath}
      nodeId={nodes.relativePath}
      label={
        <ListItem
          className={classes.listItem}
          onClick={() => handleSelect(nodes)}
        >
          <ListItemText primary={nodes.name} />
        </ListItem>
      }
    >
      {Array.isArray(nodes.children)
        ? nodes.children.map((node) => renderTree(node))
        : null}
    </TreeItem>
  )
  return (
    <Drawer
      variant="permanent"
      sx={{
        width: drawerWidth,
        flexShrink: 0,
        [`& .MuiDrawer-paper`]: { width: drawerWidth, boxSizing: 'border-box' }
      }}
    >
      <Toolbar />
      <Box sx={{ overflow: 'auto' }}>
        {directoryData && (
          <TreeView
            defaultCollapseIcon={<ExpandMoreIcon />}
            defaultExpandIcon={<ChevronRightIcon />}
            defaultExpanded={defaultExpanded}
            selected={defaultExpanded.slice(-1)}
          >
            {renderTree(directoryData)}
          </TreeView>
        )}
      </Box>
    </Drawer>
  )
 }
 export default SideBar
--- a/web/src/containers/Settings/index.tsx
+++ b/web/src/containers/Settings/index.tsx
@@ -9,6 +9,7 @@ import Permission from './permission'
 import Profile from './profile'
 import { AppContext, ModeType } from '../../context/appContext'
 import PermissionsContextProvider from '../../context/permissionsContext'
 const StyledTab = styled(Tab)({
  background: 'black',
@@ -31,11 +32,20 @@ const Settings = () => {
    <Box
      sx={{
        display: 'flex',
        flexDirection: { xs: 'column', md: 'row' },
        marginTop: '65px'
      }}
    >
      <TabContext value={value}>
-        <Box component={Paper} sx={{ margin: '0 5px', height: '92vh' }}>
+        <Box
          component={Paper}
          sx={{
            margin: '0 5px',
            height: { md: '92vh' },
            display: 'flex',
            justifyContent: 'center'
          }}
        >
          <TabList
            TabIndicatorProps={{
              style: {
@@ -47,7 +57,7 @@ const Settings = () => {
          >
            <StyledTab label="Profile" value="profile" />
            {appContext.mode === ModeType.Server && (
-              <StyledTab label="Uri Access" value="permission" />
+              <StyledTab label="Permissions" value="permission" />
            )}
          </TabList>
        </Box>
@@ -55,7 +65,9 @@ const Settings = () => {
          <Profile />
        </StyledTabpanel>
        <StyledTabpanel value="permission">
-          <Permission />
+          <PermissionsContextProvider>
            <Permission />
          </PermissionsContextProvider>
        </StyledTabpanel>
      </TabContext>
    </Box>
--- a/web/src/containers/Settings/internal/components/addPermission.tsx
+++ b/web/src/containers/Settings/internal/components/addPermission.tsx
@@ -0,0 +1,40 @@
 import React from 'react'
 import { IconButton, Tooltip } from '@mui/material'
 import { Add } from '@mui/icons-material'
 import { RegisterPermissionPayload } from '../../../../utils/types'
 import AddPermissionModal from './addPermissionModal'
 type Props = {
  openModal: boolean
  setOpenModal: React.Dispatch<React.SetStateAction<boolean>>
  addPermission: (
    permissionsToAdd: RegisterPermissionPayload[],
    permissionType: string,
    principalType: string,
    principal: string,
    permissionSetting: string
  ) => Promise<void>
 }
 const AddPermission = ({ openModal, setOpenModal, addPermission }: Props) => {
  return (
    <>
      <Tooltip
        sx={{ marginLeft: 'auto' }}
        title="Add Permission"
        placement="bottom-end"
      >
        <IconButton onClick={() => setOpenModal(true)}>
          <Add />
        </IconButton>
      </Tooltip>
      <AddPermissionModal
        open={openModal}
        handleOpen={setOpenModal}
        addPermission={addPermission}
      />
    </>
  )
 }
 export default AddPermission
--- a/web/src/containers/Settings/internal/components/addPermissionModal.tsx
+++ b/web/src/containers/Settings/internal/components/addPermissionModal.tsx
@@ -3,36 +3,32 @@ import axios from 'axios'
 import {
  Button,
  Grid,
  Dialog,
  DialogContent,
  DialogActions,
  TextField,
  CircularProgress,
  Autocomplete
 } from '@mui/material'
 import { styled } from '@mui/material/styles'
-import { BootstrapDialogTitle } from '../../components/dialogTitle'
+import { BootstrapDialog } from '../../../../components/modal'
 import { BootstrapDialogTitle } from '../../../../components/dialogTitle'
 import {
  UserResponse,
  GroupResponse,
  RegisterPermissionPayload
-} from '../../utils/types'
+} from '../../../../utils/types'
 const BootstrapDialog = styled(Dialog)(({ theme }) => ({
  '& .MuiDialogContent-root': {
    padding: theme.spacing(2)
  },
  '& .MuiDialogActions-root': {
    padding: theme.spacing(1)
  }
 }))
 type AddPermissionModalProps = {
  open: boolean
  handleOpen: Dispatch<SetStateAction<boolean>>
-  addPermission: (addPermissionPayload: RegisterPermissionPayload) => void
+  addPermission: (
    permissions: RegisterPermissionPayload[],
    permissionType: string,
    principalType: string,
    principal: string,
    permissionSetting: string
  ) => void
 }
 const AddPermissionModal = ({
@@ -40,10 +36,11 @@ const AddPermissionModal = ({
  handleOpen,
  addPermission
 }: AddPermissionModalProps) => {
-  const [URIs, setURIs] = useState<string[]>([])
+  const [paths, setPaths] = useState<string[]>([])
-  const [loadingURIs, setLoadingURIs] = useState(false)
+  const [loadingPaths, setLoadingPaths] = useState(false)
-  const [uri, setUri] = useState<string>()
+  const [selectedPaths, setSelectedPaths] = useState<string[]>([])
-  const [principalType, setPrincipalType] = useState('user')
+  const [permissionType, setPermissionType] = useState('Route')
  const [principalType, setPrincipalType] = useState('Group')
  const [userPrincipal, setUserPrincipal] = useState<UserResponse>()
  const [groupPrincipal, setGroupPrincipal] = useState<GroupResponse>()
  const [permissionSetting, setPermissionSetting] = useState('Grant')
@@ -52,29 +49,29 @@ const AddPermissionModal = ({
  const [groupPrincipals, setGroupPrincipals] = useState<GroupResponse[]>([])
  useEffect(() => {
-    setLoadingURIs(true)
+    setLoadingPaths(true)
    axios
      .get('/SASjsApi/info/authorizedRoutes')
      .then((res: any) => {
        if (res.data) {
-          setURIs(res.data.URIs)
+          setPaths(res.data.paths)
        }
      })
      .catch((err) => {
        console.log(err)
      })
      .finally(() => {
-        setLoadingURIs(false)
+        setLoadingPaths(false)
      })
  }, [])
  useEffect(() => {
    setLoadingPrincipals(true)
    axios
-      .get(`/SASjsApi/${principalType}`)
+      .get(`/SASjsApi/${principalType.toLowerCase()}`)
      .then((res: any) => {
        if (res.data) {
-          if (principalType === 'user') {
+          if (principalType.toLowerCase() === 'user') {
            const users: UserResponse[] = res.data
            const nonAdminUsers = users.filter((user) => !user.isAdmin)
            setUserPrincipals(nonAdminUsers)
@@ -92,21 +89,40 @@ const AddPermissionModal = ({
  }, [principalType])
  const handleAddPermission = () => {
-    const addPermissionPayload: any = {
+    const permissions: RegisterPermissionPayload[] = []
-      uri,
+
-      setting: permissionSetting,
+    selectedPaths.forEach((path) => {
-      principalType
+      const addPermissionPayload: any = {
-    }
+        path,
-    if (principalType === 'user' && userPrincipal) {
+        type: permissionType,
-      addPermissionPayload.principalId = userPrincipal.id
+        setting: permissionSetting,
-    } else if (principalType === 'group' && groupPrincipal) {
+        principalType: principalType.toLowerCase(),
-      addPermissionPayload.principalId = groupPrincipal.groupId
+        principalId:
-    }
+          principalType.toLowerCase() === 'user'
-    addPermission(addPermissionPayload)
+            ? userPrincipal?.id
            : groupPrincipal?.groupId
      }
      permissions.push(addPermissionPayload)
    })
    const principal =
      principalType.toLowerCase() === 'user'
        ? userPrincipal?.username
        : groupPrincipal?.name
    addPermission(
      permissions,
      permissionType,
      principalType,
      principal!,
      permissionSetting
    )
  }
  const addButtonDisabled =
-    !uri || (principalType === 'user' ? !userPrincipal : !groupPrincipal)
+    !selectedPaths.length ||
    (principalType.toLowerCase() === 'user' ? !userPrincipal : !groupPrincipal)
  return (
    <BootstrapDialog onClose={() => handleOpen(false)} open={open}>
@@ -120,22 +136,37 @@ const AddPermissionModal = ({
        <Grid container spacing={2}>
          <Grid item xs={12}>
            <Autocomplete
-              options={URIs}
+              multiple
              disableClearable
-              value={uri}
+              options={paths}
-              onChange={(event: any, newValue: string) => setUri(newValue)}
+              filterSelectedOptions
              value={selectedPaths}
              onChange={(event: any, newValue: string[]) => {
                setSelectedPaths(newValue)
              }}
              renderInput={(params) => <TextField {...params} label="Paths" />}
            />
          </Grid>
          <Grid item xs={12}>
            <Autocomplete
              options={['Route']}
              disableClearable
              value={permissionType}
              onChange={(event: any, newValue: string) =>
                setPermissionType(newValue)
              }
              renderInput={(params) =>
-                loadingURIs ? (
+                loadingPaths ? (
                  <CircularProgress />
                ) : (
-                  <TextField {...params} label="Principal" />
+                  <TextField {...params} label="Permission Type" />
                )
              }
            />
          </Grid>
          <Grid item xs={12}>
            <Autocomplete
-              options={['user', 'group']}
+              options={['Group', 'User']}
              disableClearable
              value={principalType}
              onChange={(event: any, newValue: string) =>
@@ -147,7 +178,7 @@ const AddPermissionModal = ({
            />
          </Grid>
          <Grid item xs={12}>
-            {principalType === 'user' ? (
+            {principalType.toLowerCase() === 'user' ? (
              <Autocomplete
                options={userPrincipals}
                getOptionLabel={(option) => option.displayName}
--- a/web/src/containers/Settings/internal/components/displayGroup.tsx
+++ b/web/src/containers/Settings/internal/components/displayGroup.tsx
@@ -0,0 +1,63 @@
 import { useState } from 'react'
 import { Typography, Popover } from '@mui/material'
 import { GroupDetailsResponse } from '../../../../utils/types'
 type DisplayGroupProps = {
  group: GroupDetailsResponse
 }
 const DisplayGroup = ({ group }: DisplayGroupProps) => {
  const [anchorEl, setAnchorEl] = useState<HTMLElement | null>(null)
  const handlePopoverOpen = (event: React.MouseEvent<HTMLElement>) => {
    setAnchorEl(event.currentTarget)
  }
  const handlePopoverClose = () => {
    setAnchorEl(null)
  }
  const open = Boolean(anchorEl)
  return (
    <div>
      <Typography
        aria-owns={open ? 'mouse-over-popover' : undefined}
        aria-haspopup="true"
        onMouseEnter={handlePopoverOpen}
        onMouseLeave={handlePopoverClose}
      >
        {group.name}
      </Typography>
      <Popover
        id="mouse-over-popover"
        sx={{
          pointerEvents: 'none'
        }}
        open={open}
        anchorEl={anchorEl}
        anchorOrigin={{
          vertical: 'bottom',
          horizontal: 'left'
        }}
        transformOrigin={{
          vertical: 'top',
          horizontal: 'left'
        }}
        onClose={handlePopoverClose}
        disableRestoreFocus
      >
        <Typography sx={{ p: 1 }} variant="h6" component="div">
          Group Members
        </Typography>
        {group.users.map((user, index) => (
          <Typography key={index} sx={{ p: 1 }} component="li">
            {user.username}
          </Typography>
        ))}
      </Popover>
    </div>
  )
 }
 export default DisplayGroup
--- a/web/src/containers/Settings/internal/components/filterPermissions.tsx
+++ b/web/src/containers/Settings/internal/components/filterPermissions.tsx
@@ -0,0 +1,72 @@
 import React, { Dispatch, SetStateAction, useState } from 'react'
 import { IconButton, Tooltip } from '@mui/material'
 import { FilterList } from '@mui/icons-material'
 import { PermissionResponse } from '../../../../utils/types'
 import PermissionFilterModal from './permissionFilterModal'
 import { PrincipalType } from '../hooks/usePermission'
 type Props = {
  open: boolean
  handleOpen: Dispatch<SetStateAction<boolean>>
  permissions: PermissionResponse[]
  applyFilter: (
    pathFilter: string[],
    principalFilter: string[],
    principalTypeFilter: PrincipalType[],
    settingFilter: string[]
  ) => void
  resetFilter: () => void
 }
 const FilterPermissions = ({
  open,
  handleOpen,
  permissions,
  applyFilter,
  resetFilter
 }: Props) => {
  const [pathFilter, setPathFilter] = useState<string[]>([])
  const [principalFilter, setPrincipalFilter] = useState<string[]>([])
  const [principalTypeFilter, setPrincipalTypeFilter] = useState<
    PrincipalType[]
  >([])
  const [settingFilter, setSettingFilter] = useState<string[]>([])
  const handleApplyFilter = () => {
    applyFilter(pathFilter, principalFilter, principalTypeFilter, settingFilter)
  }
  const handleResetFilter = () => {
    setPathFilter([])
    setPrincipalFilter([])
    setPrincipalFilter([])
    setSettingFilter([])
    resetFilter()
  }
  return (
    <>
      <Tooltip title="Filter Permissions">
        <IconButton onClick={() => handleOpen(true)}>
          <FilterList />
        </IconButton>
      </Tooltip>
      <PermissionFilterModal
        open={open}
        handleOpen={handleOpen}
        permissions={permissions}
        pathFilter={pathFilter}
        setPathFilter={setPathFilter}
        principalFilter={principalFilter}
        setPrincipalFilter={setPrincipalFilter}
        principalTypeFilter={principalTypeFilter}
        setPrincipalTypeFilter={setPrincipalTypeFilter}
        settingFilter={settingFilter}
        setSettingFilter={setSettingFilter}
        applyFilter={handleApplyFilter}
        resetFilter={handleResetFilter}
      />
    </>
  )
 }
 export default FilterPermissions
--- a/web/src/containers/Settings/internal/components/permissionFilterModal.tsx
+++ b/web/src/containers/Settings/internal/components/permissionFilterModal.tsx
@@ -10,9 +10,9 @@ import {
 import { styled } from '@mui/material/styles'
 import Autocomplete from '@mui/material/Autocomplete'
-import { PermissionResponse } from '../../utils/types'
+import { PermissionResponse } from '../../../../utils/types'
-import { BootstrapDialogTitle } from '../../components/dialogTitle'
+import { BootstrapDialogTitle } from '../../../../components/dialogTitle'
-import { PrincipalType } from './permission'
+import { PrincipalType } from '../hooks/usePermission'
 const BootstrapDialog = styled(Dialog)(({ theme }) => ({
  '& .MuiDialogContent-root': {
@@ -27,8 +27,8 @@ type FilterModalProps = {
  open: boolean
  handleOpen: Dispatch<SetStateAction<boolean>>
  permissions: PermissionResponse[]
-  uriFilter: string[]
+  pathFilter: string[]
-  setUriFilter: Dispatch<SetStateAction<string[]>>
+  setPathFilter: Dispatch<SetStateAction<string[]>>
  principalFilter: string[]
  setPrincipalFilter: Dispatch<SetStateAction<string[]>>
  principalTypeFilter: PrincipalType[]
@@ -43,8 +43,8 @@ const PermissionFilterModal = ({
  open,
  handleOpen,
  permissions,
-  uriFilter,
+  pathFilter,
-  setUriFilter,
+  setPathFilter,
  principalFilter,
  setPrincipalFilter,
  principalTypeFilter,
@@ -54,8 +54,8 @@ const PermissionFilterModal = ({
  applyFilter,
  resetFilter
 }: FilterModalProps) => {
-  const URIs = permissions
+  const paths = permissions
-    .map((permission) => permission.uri)
+    .map((permission) => permission.path)
    .filter((uri, index, array) => array.indexOf(uri) === index)
  // fetch all the principals from permissions array
@@ -86,13 +86,13 @@ const PermissionFilterModal = ({
          <Grid item xs={12}>
            <Autocomplete
              multiple
-              options={URIs}
+              options={paths}
              filterSelectedOptions
-              value={uriFilter}
+              value={pathFilter}
              onChange={(event: any, newValue: string[]) => {
-                setUriFilter(newValue)
+                setPathFilter(newValue)
              }}
-              renderInput={(params) => <TextField {...params} label="URIs" />}
+              renderInput={(params) => <TextField {...params} label="Paths" />}
            />
          </Grid>
          <Grid item xs={12}>
--- a/web/src/containers/Settings/internal/components/permissionResponseModal.tsx
+++ b/web/src/containers/Settings/internal/components/permissionResponseModal.tsx
@@ -0,0 +1,120 @@
 import React from 'react'
 import { Typography, DialogContent } from '@mui/material'
 import { BootstrapDialog } from '../../../../components/modal'
 import { BootstrapDialogTitle } from '../../../../components/dialogTitle'
 import { PermissionResponse } from '../../../../utils/types'
 export interface PermissionResponsePayload {
  permissionType: string
  principalType: string
  principal: string
  permissionSetting: string
  existingPermissions: PermissionResponse[]
  newAddedPermissions: PermissionResponse[]
  updatedPermissions: PermissionResponse[]
  errorPaths: string[]
 }
 type Props = {
  open: boolean
  setOpen: React.Dispatch<React.SetStateAction<boolean>>
  payload: PermissionResponsePayload
 }
 const PermissionResponseModal = ({ open, setOpen, payload }: Props) => {
  const newAddedPermissionsLength = payload.newAddedPermissions.length
  const updatedPermissionsLength = payload.updatedPermissions.length
  const existingPermissionsLength = payload.existingPermissions.length
  const appliedPermissionsLength =
    newAddedPermissionsLength + updatedPermissionsLength
  return (
    <div>
      <BootstrapDialog onClose={() => setOpen(false)} open={open}>
        <BootstrapDialogTitle
          id="permission-response-modal"
          handleOpen={setOpen}
        >
          Permission Response
        </BootstrapDialogTitle>
        <DialogContent dividers>
          <Typography sx={{ fontWeight: 'bold', marginBottom: '15px' }}>
            {`${appliedPermissionsLength} "${payload.permissionSetting}", "${
              payload.permissionType
            }", "${payload.principalType}", "${payload.principal}" ${
              appliedPermissionsLength > 1 ? 'Rules' : 'Rule'
            }`}{' '}
            Applied:
          </Typography>
          {newAddedPermissionsLength > 0 && (
            <>
              <Typography>
                {`${newAddedPermissionsLength} ${
                  newAddedPermissionsLength > 1 ? 'Rules' : 'Rule'
                }`}{' '}
                Added:
              </Typography>
              <ul>
                {payload.newAddedPermissions.map((permission, index) => (
                  <li key={index}>{permission.path}</li>
                ))}
              </ul>
            </>
          )}
          {updatedPermissionsLength > 0 && (
            <>
              <Typography>
                {` ${updatedPermissionsLength} ${
                  updatedPermissionsLength > 1 ? 'Rules' : 'Rule'
                }`}{' '}
                Updated:
              </Typography>
              <ul>
                {payload.updatedPermissions.map((permission, index) => (
                  <li key={index}>{permission.path}</li>
                ))}
              </ul>
            </>
          )}
          {existingPermissionsLength > 0 && (
            <>
              <Typography>
                {`${existingPermissionsLength} ${
                  existingPermissionsLength > 1 ? 'Rules' : 'Rule'
                }`}{' '}
                Unchanged:
              </Typography>
              <ul>
                {payload.existingPermissions.map((permission, index) => (
                  <li key={index}>{permission.path}</li>
                ))}
              </ul>
            </>
          )}
          {payload.errorPaths.length > 0 && (
            <>
              <Typography style={{ color: 'red', marginTop: '10px' }}>
                Errors occurred for following paths:
              </Typography>
              <ul>
                {payload.errorPaths.map((path, index) => (
                  <li key={index}>
                    <Typography>{path}</Typography>
                  </li>
                ))}
              </ul>
            </>
          )}
        </DialogContent>
      </BootstrapDialog>
    </div>
  )
 }
 export default PermissionResponseModal
--- a/web/src/containers/Settings/internal/components/permissionTable.tsx
+++ b/web/src/containers/Settings/internal/components/permissionTable.tsx
@@ -0,0 +1,101 @@
 import { useContext } from 'react'
 import {
  Table,
  TableBody,
  TableCell,
  TableContainer,
  TableHead,
  TableRow,
  Paper,
  IconButton,
  Tooltip
 } from '@mui/material'
 import EditIcon from '@mui/icons-material/Edit'
 import DeleteForeverIcon from '@mui/icons-material/DeleteForever'
 import { styled } from '@mui/material/styles'
 import { PermissionResponse } from '../../../../utils/types'
 import { AppContext } from '../../../../context/appContext'
 import { displayPrincipal, displayPrincipalType } from '../helper'
 const BootstrapTableCell = styled(TableCell)({
  textAlign: 'left'
 })
 export enum PrincipalType {
  User = 'User',
  Group = 'Group'
 }
 type PermissionTableProps = {
  permissions: PermissionResponse[]
  handleUpdatePermissionClick: (permission: PermissionResponse) => void
  handleDeletePermissionClick: (permission: PermissionResponse) => void
 }
 const PermissionTable = ({
  permissions,
  handleUpdatePermissionClick,
  handleDeletePermissionClick
 }: PermissionTableProps) => {
  const appContext = useContext(AppContext)
  return (
    <TableContainer component={Paper}>
      <Table sx={{ minWidth: 650 }}>
        <TableHead sx={{ background: 'rgb(0,0,0, 0.3)' }}>
          <TableRow>
            <BootstrapTableCell>Path</BootstrapTableCell>
            <BootstrapTableCell>Permission Type</BootstrapTableCell>
            <BootstrapTableCell>Principal</BootstrapTableCell>
            <BootstrapTableCell>Principal Type</BootstrapTableCell>
            <BootstrapTableCell>Setting</BootstrapTableCell>
            {appContext.isAdmin && (
              <BootstrapTableCell>Action</BootstrapTableCell>
            )}
          </TableRow>
        </TableHead>
        <TableBody>
          {permissions.map((permission) => (
            <TableRow key={permission.permissionId}>
              <BootstrapTableCell>{permission.path}</BootstrapTableCell>
              <BootstrapTableCell>{permission.type}</BootstrapTableCell>
              <BootstrapTableCell>
                {displayPrincipal(permission)}
              </BootstrapTableCell>
              <BootstrapTableCell>
                {displayPrincipalType(permission)}
              </BootstrapTableCell>
              <BootstrapTableCell>{permission.setting}</BootstrapTableCell>
              {appContext.isAdmin && (
                <BootstrapTableCell>
                  <Tooltip title="Edit Permission">
                    <IconButton
                      onClick={() => handleUpdatePermissionClick(permission)}
                    >
                      <EditIcon />
                    </IconButton>
                  </Tooltip>
                  <Tooltip title="Delete Permission">
                    <IconButton
                      color="error"
                      onClick={() => handleDeletePermissionClick(permission)}
                    >
                      <DeleteForeverIcon />
                    </IconButton>
                  </Tooltip>
                </BootstrapTableCell>
              )}
            </TableRow>
          ))}
        </TableBody>
      </Table>
    </TableContainer>
  )
 }
 export default PermissionTable
--- a/web/src/containers/Settings/internal/components/updatePermissionModal.tsx
+++ b/web/src/containers/Settings/internal/components/updatePermissionModal.tsx
@@ -2,26 +2,17 @@ import React, { useState, Dispatch, SetStateAction, useEffect } from 'react'
 import {
  Button,
  Grid,
  Dialog,
  DialogContent,
  DialogActions,
  TextField
 } from '@mui/material'
-import { styled } from '@mui/material/styles'
+
 import Autocomplete from '@mui/material/Autocomplete'
-import { BootstrapDialogTitle } from '../../components/dialogTitle'
+import { BootstrapDialog } from '../../../../components/modal'
 import { BootstrapDialogTitle } from '../../../../components/dialogTitle'
-import { PermissionResponse } from '../../utils/types'
+import { PermissionResponse } from '../../../../utils/types'
 const BootstrapDialog = styled(Dialog)(({ theme }) => ({
  '& .MuiDialogContent-root': {
    padding: theme.spacing(2)
  },
  '& .MuiDialogActions-root': {
    padding: theme.spacing(1)
  }
 }))
 type UpdatePermissionModalProps = {
  open: boolean
--- a/web/src/containers/Settings/internal/helper.tsx
+++ b/web/src/containers/Settings/internal/helper.tsx
@@ -0,0 +1,13 @@
 import { PermissionResponse } from '../../../utils/types'
 import { PrincipalType } from './hooks/usePermission'
 import DisplayGroup from './components/displayGroup'
 export const displayPrincipal = (permission: PermissionResponse) => {
  if (permission.user) return permission.user.username
  if (permission.group) return <DisplayGroup group={permission.group} />
 }
 export const displayPrincipalType = (permission: PermissionResponse) => {
  if (permission.user) return PrincipalType.User
  if (permission.group) return PrincipalType.Group
 }
--- a/web/src/containers/Settings/internal/hooks/useAddPermission.tsx
+++ b/web/src/containers/Settings/internal/hooks/useAddPermission.tsx
@@ -0,0 +1,109 @@
 import axios from 'axios'
 import { useState, useContext } from 'react'
 import {
  PermissionResponse,
  RegisterPermissionPayload
 } from '../../../../utils/types'
 import AddPermission from '../components/addPermission'
 import { PermissionsContext } from '../../../../context/permissionsContext'
 import {
  findExistingPermission,
  findUpdatingPermission
 } from '../../../../utils/helper'
 const useAddPermission = () => {
  const {
    permissions,
    fetchPermissions,
    setIsLoading,
    setPermissionResponsePayload,
    setOpenPermissionResponseModal
  } = useContext(PermissionsContext)
  const [addPermissionModalOpen, setAddPermissionModalOpen] = useState(false)
  const addPermission = async (
    permissionsToAdd: RegisterPermissionPayload[],
    permissionType: string,
    principalType: string,
    principal: string,
    permissionSetting: string
  ) => {
    setAddPermissionModalOpen(false)
    setIsLoading(true)
    const newAddedPermissions: PermissionResponse[] = []
    const updatedPermissions: PermissionResponse[] = []
    const errorPaths: string[] = []
    const existingPermissions: PermissionResponse[] = []
    const updatingPermissions: PermissionResponse[] = []
    const newPermissions: RegisterPermissionPayload[] = []
    permissionsToAdd.forEach((permission) => {
      const existingPermission = findExistingPermission(permissions, permission)
      if (existingPermission) {
        existingPermissions.push(existingPermission)
        return
      }
      const updatingPermission = findUpdatingPermission(permissions, permission)
      if (updatingPermission) {
        updatingPermissions.push(updatingPermission)
        return
      }
      newPermissions.push(permission)
    })
    for (const permission of newPermissions) {
      await axios
        .post('/SASjsApi/permission', permission)
        .then((res) => {
          newAddedPermissions.push(res.data)
        })
        .catch((error) => {
          errorPaths.push(permission.path)
        })
    }
    for (const permission of updatingPermissions) {
      await axios
        .patch(`/SASjsApi/permission/${permission.permissionId}`, {
          setting: permission.setting === 'Grant' ? 'Deny' : 'Grant'
        })
        .then((res) => {
          updatedPermissions.push(res.data)
        })
        .catch((error) => {
          errorPaths.push(permission.path)
        })
    }
    fetchPermissions()
    setIsLoading(false)
    setPermissionResponsePayload({
      permissionType,
      principalType,
      principal,
      permissionSetting,
      existingPermissions,
      updatedPermissions,
      newAddedPermissions,
      errorPaths
    })
    setOpenPermissionResponseModal(true)
  }
  const AddPermissionButton = () => (
    <AddPermission
      openModal={addPermissionModalOpen}
      setOpenModal={setAddPermissionModalOpen}
      addPermission={addPermission}
    />
  )
  return { AddPermissionButton, setAddPermissionModalOpen }
 }
 export default useAddPermission
--- a/web/src/containers/Settings/internal/hooks/useDeletePermissionModal.tsx
+++ b/web/src/containers/Settings/internal/hooks/useDeletePermissionModal.tsx
@@ -0,0 +1,61 @@
 import axios from 'axios'
 import { useState, useContext } from 'react'
 import { PermissionsContext } from '../../../../context/permissionsContext'
 import { AlertSeverityType } from '../../../../components/snackbar'
 import DeleteConfirmationModal from '../../../../components/deleteConfirmationModal'
 const useDeletePermissionModal = () => {
  const {
    selectedPermission,
    setSelectedPermission,
    fetchPermissions,
    setIsLoading,
    setSnackbarMessage,
    setSnackbarSeverity,
    setOpenSnackbar,
    setModalTitle,
    setModalPayload,
    setOpenModal
  } = useContext(PermissionsContext)
  const [deleteConfirmationModalOpen, setDeleteConfirmationModalOpen] =
    useState(false)
  const deletePermission = () => {
    setDeleteConfirmationModalOpen(false)
    setIsLoading(true)
    axios
      .delete(`/SASjsApi/permission/${selectedPermission?.permissionId}`)
      .then((res: any) => {
        fetchPermissions()
        setSnackbarMessage('Permission deleted!')
        setSnackbarSeverity(AlertSeverityType.Success)
        setOpenSnackbar(true)
      })
      .catch((err) => {
        setModalTitle('Abort')
        setModalPayload(
          typeof err.response.data === 'object'
            ? JSON.stringify(err.response.data)
            : err.response.data
        )
        setOpenModal(true)
      })
      .finally(() => {
        setIsLoading(false)
        setSelectedPermission(undefined)
      })
  }
  const DeletePermissionDialog = () => (
    <DeleteConfirmationModal
      open={deleteConfirmationModalOpen}
      setOpen={setDeleteConfirmationModalOpen}
      message="Are you sure you want to delete this permission?"
      _delete={deletePermission}
    />
  )
  return { DeletePermissionDialog, setDeleteConfirmationModalOpen }
 }
 export default useDeletePermissionModal
--- a/web/src/containers/Settings/internal/hooks/useFilterPermissions.tsx
+++ b/web/src/containers/Settings/internal/hooks/useFilterPermissions.tsx
@@ -0,0 +1,105 @@
 import { useState, useContext } from 'react'
 import { PermissionsContext } from '../../../../context/permissionsContext'
 import { PrincipalType } from './usePermission'
 import FilterPermissions from '../components/filterPermissions'
 const useFilterPermissions = () => {
  const { permissions, setFilteredPermissions, setFilterApplied } =
    useContext(PermissionsContext)
  const [filterModalOpen, setFilterModalOpen] = useState(false)
  /**
   * first find the permissions w.r.t each filter type
   * take intersection of resultant arrays
   */
  const applyFilter = (
    pathFilter: string[],
    principalFilter: string[],
    principalTypeFilter: PrincipalType[],
    settingFilter: string[]
  ) => {
    setFilterModalOpen(false)
    const uriFilteredPermissions =
      pathFilter.length > 0
        ? permissions.filter((permission) =>
            pathFilter.includes(permission.path)
          )
        : permissions
    const principalFilteredPermissions =
      principalFilter.length > 0
        ? permissions.filter((permission) => {
            if (permission.user) {
              return principalFilter.includes(permission.user.username)
            }
            if (permission.group) {
              return principalFilter.includes(permission.group.name)
            }
            return false
          })
        : permissions
    const principalTypeFilteredPermissions =
      principalTypeFilter.length > 0
        ? permissions.filter((permission) => {
            if (permission.user) {
              return principalTypeFilter.includes(PrincipalType.User)
            }
            if (permission.group) {
              return principalTypeFilter.includes(PrincipalType.Group)
            }
            return false
          })
        : permissions
    const settingFilteredPermissions =
      settingFilter.length > 0
        ? permissions.filter((permission) =>
            settingFilter.includes(permission.setting)
          )
        : permissions
    let filteredArray = uriFilteredPermissions.filter((permission) =>
      principalFilteredPermissions.some(
        (item) => item.permissionId === permission.permissionId
      )
    )
    filteredArray = filteredArray.filter((permission) =>
      principalTypeFilteredPermissions.some(
        (item) => item.permissionId === permission.permissionId
      )
    )
    filteredArray = filteredArray.filter((permission) =>
      settingFilteredPermissions.some(
        (item) => item.permissionId === permission.permissionId
      )
    )
    setFilteredPermissions(filteredArray)
    setFilterApplied(true)
  }
  const resetFilter = () => {
    setFilterModalOpen(false)
    setFilterApplied(false)
    setFilteredPermissions([])
  }
  const FilterPermissionsButton = () => (
    <FilterPermissions
      open={filterModalOpen}
      handleOpen={setFilterModalOpen}
      permissions={permissions}
      applyFilter={applyFilter}
      resetFilter={resetFilter}
    />
  )
  return { FilterPermissionsButton }
 }
 export default useFilterPermissions
--- a/web/src/containers/Settings/internal/hooks/usePermission.ts
+++ b/web/src/containers/Settings/internal/hooks/usePermission.ts
@@ -0,0 +1,71 @@
 import { useContext, useEffect } from 'react'
 import { AppContext } from '../../../../context/appContext'
 import { PermissionsContext } from '../../../../context/permissionsContext'
 import { PermissionResponse } from '../../../../utils/types'
 import useAddPermission from './useAddPermission'
 import useUpdatePermissionModal from './useUpdatePermissionModal'
 import useDeletePermissionModal from './useDeletePermissionModal'
 import useFilterPermissions from './useFilterPermissions'
 export enum PrincipalType {
  User = 'User',
  Group = 'Group'
 }
 const usePermission = () => {
  const { isAdmin } = useContext(AppContext)
  const {
    filterApplied,
    filteredPermissions,
    isLoading,
    permissions,
    Dialog,
    Snackbar,
    PermissionResponseDialog,
    fetchPermissions,
    setSelectedPermission
  } = useContext(PermissionsContext)
  const { AddPermissionButton } = useAddPermission()
  const { UpdatePermissionDialog, setUpdatePermissionModalOpen } =
    useUpdatePermissionModal()
  const { DeletePermissionDialog, setDeleteConfirmationModalOpen } =
    useDeletePermissionModal()
  const { FilterPermissionsButton } = useFilterPermissions()
  useEffect(() => {
    if (fetchPermissions) fetchPermissions()
  }, [fetchPermissions])
  const handleUpdatePermissionClick = (permission: PermissionResponse) => {
    setSelectedPermission(permission)
    setUpdatePermissionModalOpen(true)
  }
  const handleDeletePermissionClick = (permission: PermissionResponse) => {
    setSelectedPermission(permission)
    setDeleteConfirmationModalOpen(true)
  }
  return {
    filterApplied,
    filteredPermissions,
    isAdmin,
    isLoading,
    permissions,
    AddPermissionButton,
    UpdatePermissionDialog,
    DeletePermissionDialog,
    FilterPermissionsButton,
    handleDeletePermissionClick,
    handleUpdatePermissionClick,
    PermissionResponseDialog,
    Dialog,
    Snackbar
  }
 }
 export default usePermission
--- a/web/src/containers/Settings/internal/hooks/usePermissionResponseModal.tsx
+++ b/web/src/containers/Settings/internal/hooks/usePermissionResponseModal.tsx
@@ -0,0 +1,36 @@
 import { useState } from 'react'
 import PermissionResponseModal, {
  PermissionResponsePayload
 } from '../components/permissionResponseModal'
 const usePermissionResponseModal = () => {
  const [openPermissionResponseModal, setOpenPermissionResponseModal] =
    useState(false)
  const [permissionResponsePayload, setPermissionResponsePayload] =
    useState<PermissionResponsePayload>({
      permissionType: '',
      principalType: '',
      principal: '',
      permissionSetting: '',
      existingPermissions: [],
      newAddedPermissions: [],
      updatedPermissions: [],
      errorPaths: []
    })
  const PermissionResponseDialog = () => (
    <PermissionResponseModal
      open={openPermissionResponseModal}
      setOpen={setOpenPermissionResponseModal}
      payload={permissionResponsePayload}
    />
  )
  return {
    PermissionResponseDialog,
    setOpenPermissionResponseModal,
    setPermissionResponsePayload
  }
 }
 export default usePermissionResponseModal
--- a/web/src/containers/Settings/internal/hooks/useUpdatePermissionModal.tsx
+++ b/web/src/containers/Settings/internal/hooks/useUpdatePermissionModal.tsx
@@ -0,0 +1,63 @@
 import axios from 'axios'
 import { useState, useContext } from 'react'
 import UpdatePermissionModal from '../components/updatePermissionModal'
 import { PermissionsContext } from '../../../../context/permissionsContext'
 import { AlertSeverityType } from '../../../../components/snackbar'
 const useUpdatePermissionModal = () => {
  const {
    selectedPermission,
    setSelectedPermission,
    fetchPermissions,
    setIsLoading,
    setSnackbarMessage,
    setSnackbarSeverity,
    setOpenSnackbar,
    setModalTitle,
    setModalPayload,
    setOpenModal
  } = useContext(PermissionsContext)
  const [updatePermissionModalOpen, setUpdatePermissionModalOpen] =
    useState(false)
  const updatePermission = (setting: string) => {
    setUpdatePermissionModalOpen(false)
    setIsLoading(true)
    axios
      .patch(`/SASjsApi/permission/${selectedPermission?.permissionId}`, {
        setting
      })
      .then((res: any) => {
        fetchPermissions()
        setSnackbarMessage('Permission updated!')
        setSnackbarSeverity(AlertSeverityType.Success)
        setOpenSnackbar(true)
      })
      .catch((err) => {
        setModalTitle('Abort')
        setModalPayload(
          typeof err.response.data === 'object'
            ? JSON.stringify(err.response.data)
            : err.response.data
        )
        setOpenModal(true)
      })
      .finally(() => {
        setIsLoading(false)
        setSelectedPermission(undefined)
      })
  }
  const UpdatePermissionDialog = () => (
    <UpdatePermissionModal
      open={updatePermissionModalOpen}
      handleOpen={setUpdatePermissionModalOpen}
      permission={selectedPermission}
      updatePermission={updatePermission}
    />
  )
  return { UpdatePermissionDialog, setUpdatePermissionModalOpen }
 }
 export default useUpdatePermissionModal
--- a/web/src/containers/Settings/permission.tsx
+++ b/web/src/containers/Settings/permission.tsx
@@ -1,269 +1,31 @@
-import React, { useState, useEffect, useContext, useCallback } from 'react'
+import { Box, Paper, Grid, CircularProgress } from '@mui/material'
 import axios from 'axios'
 import {
  Box,
  Table,
  TableBody,
  TableCell,
  TableContainer,
  TableHead,
  TableRow,
  Paper,
  Grid,
  CircularProgress,
  IconButton,
  Tooltip,
  Typography,
  Popover
 } from '@mui/material'
 import FilterListIcon from '@mui/icons-material/FilterList'
 import AddIcon from '@mui/icons-material/Add'
 import EditIcon from '@mui/icons-material/Edit'
 import DeleteForeverIcon from '@mui/icons-material/DeleteForever'
 import { styled } from '@mui/material/styles'
 import PermissionTable from './internal/components/permissionTable'
 import usePermission from './internal/hooks/usePermission'
-import Modal from '../../components/modal'
+const BootstrapGridItem = styled(Grid)({
-import PermissionFilterModal from './permissionFilterModal'
+  '&.MuiGrid-item': {
-import AddPermissionModal from './addPermissionModal'
+    maxWidth: '100%'
-import UpdatePermissionModal from './updatePermissionModal'
+  }
 import DeleteModal from './deletePermissionModal'
 import BootstrapSnackbar, { AlertSeverityType } from '../../components/snackbar'
 import {
  GroupDetailsResponse,
  PermissionResponse,
  RegisterPermissionPayload
 } from '../../utils/types'
 import { AppContext } from '../../context/appContext'
 const BootstrapTableCell = styled(TableCell)({
  textAlign: 'left'
 })
 export enum PrincipalType {
  User = 'User',
  Group = 'Group'
 }
 const Permission = () => {
-  const appContext = useContext(AppContext)
+  const {
-  const [isLoading, setIsLoading] = useState(false)
+    filterApplied,
-  const [openModal, setOpenModal] = useState(false)
+    filteredPermissions,
-  const [modalTitle, setModalTitle] = useState('')
+    isAdmin,
-  const [modalPayload, setModalPayload] = useState('')
+    isLoading,
-  const [openSnackbar, setOpenSnackbar] = useState(false)
+    permissions,
-  const [snackbarMessage, setSnackbarMessage] = useState('')
+    AddPermissionButton,
-  const [snackbarSeverity, setSnackbarSeverity] = useState<AlertSeverityType>(
+    UpdatePermissionDialog,
-    AlertSeverityType.Success
+    DeletePermissionDialog,
-  )
+    FilterPermissionsButton,
-  const [addPermissionModalOpen, setAddPermissionModalOpen] = useState(false)
+    handleDeletePermissionClick,
-  const [updatePermissionModalOpen, setUpdatePermissionModalOpen] =
+    handleUpdatePermissionClick,
-    useState(false)
+    PermissionResponseDialog,
-  const [deleteModalOpen, setDeleteModalOpen] = useState(false)
+    Dialog,
-  const [selectedPermission, setSelectedPermission] =
+    Snackbar
-    useState<PermissionResponse>()
+  } = usePermission()
  const [filterModalOpen, setFilterModalOpen] = useState(false)
  const [uriFilter, setUriFilter] = useState<string[]>([])
  const [principalFilter, setPrincipalFilter] = useState<string[]>([])
  const [principalTypeFilter, setPrincipalTypeFilter] = useState<
    PrincipalType[]
  >([])
  const [settingFilter, setSettingFilter] = useState<string[]>([])
  const [permissions, setPermissions] = useState<PermissionResponse[]>([])
  const [filteredPermissions, setFilteredPermissions] = useState<
    PermissionResponse[]
  >([])
  const [filterApplied, setFilterApplied] = useState(false)
  const fetchPermissions = useCallback(() => {
    axios
      .get(`/SASjsApi/permission`)
      .then((res: any) => {
        if (res.data?.length > 0) {
          setPermissions(res.data)
        }
      })
      .catch((err) => {
        setModalTitle('Abort')
        setModalPayload(
          typeof err.response.data === 'object'
            ? JSON.stringify(err.response.data)
            : err.response.data
        )
        setOpenModal(true)
      })
  }, [])
  useEffect(() => {
    fetchPermissions()
  }, [fetchPermissions])
  /**
   * first find the permissions w.r.t each filter type
   * take intersection of resultant arrays
   */
  const applyFilter = () => {
    setFilterModalOpen(false)
    const uriFilteredPermissions =
      uriFilter.length > 0
        ? permissions.filter((permission) => uriFilter.includes(permission.uri))
        : permissions
    const principalFilteredPermissions =
      principalFilter.length > 0
        ? permissions.filter((permission) => {
            if (permission.user) {
              return principalFilter.includes(permission.user.username)
            }
            if (permission.group) {
              return principalFilter.includes(permission.group.name)
            }
            return false
          })
        : permissions
    const principalTypeFilteredPermissions =
      principalTypeFilter.length > 0
        ? permissions.filter((permission) => {
            if (permission.user) {
              return principalTypeFilter.includes(PrincipalType.User)
            }
            if (permission.group) {
              return principalTypeFilter.includes(PrincipalType.Group)
            }
            return false
          })
        : permissions
    const settingFilteredPermissions =
      settingFilter.length > 0
        ? permissions.filter((permission) =>
            settingFilter.includes(permission.setting)
          )
        : permissions
    let filteredArray = uriFilteredPermissions.filter((permission) =>
      principalFilteredPermissions.some(
        (item) => item.permissionId === permission.permissionId
      )
    )
    filteredArray = filteredArray.filter((permission) =>
      principalTypeFilteredPermissions.some(
        (item) => item.permissionId === permission.permissionId
      )
    )
    filteredArray = filteredArray.filter((permission) =>
      settingFilteredPermissions.some(
        (item) => item.permissionId === permission.permissionId
      )
    )
    setFilteredPermissions(filteredArray)
    setFilterApplied(true)
  }
  const resetFilter = () => {
    setFilterModalOpen(false)
    setUriFilter([])
    setPrincipalFilter([])
    setSettingFilter([])
    setFilteredPermissions([])
    setFilterApplied(false)
  }
  const addPermission = (addPermissionPayload: RegisterPermissionPayload) => {
    setAddPermissionModalOpen(false)
    setIsLoading(true)
    axios
      .post('/SASjsApi/permission', addPermissionPayload)
      .then((res: any) => {
        fetchPermissions()
        setSnackbarMessage('Permission added!')
        setSnackbarSeverity(AlertSeverityType.Success)
        setOpenSnackbar(true)
      })
      .catch((err) => {
        setModalTitle('Abort')
        setModalPayload(
          typeof err.response.data === 'object'
            ? JSON.stringify(err.response.data)
            : err.response.data
        )
        setOpenModal(true)
      })
      .finally(() => {
        setIsLoading(false)
      })
  }
  const handleUpdatePermissionClick = (permission: PermissionResponse) => {
    setSelectedPermission(permission)
    setUpdatePermissionModalOpen(true)
  }
  const updatePermission = (setting: string) => {
    setUpdatePermissionModalOpen(false)
    setIsLoading(true)
    axios
      .patch(`/SASjsApi/permission/${selectedPermission?.permissionId}`, {
        setting
      })
      .then((res: any) => {
        fetchPermissions()
        setSnackbarMessage('Permission updated!')
        setSnackbarSeverity(AlertSeverityType.Success)
        setOpenSnackbar(true)
      })
      .catch((err) => {
        setModalTitle('Abort')
        setModalPayload(
          typeof err.response.data === 'object'
            ? JSON.stringify(err.response.data)
            : err.response.data
        )
        setOpenModal(true)
      })
      .finally(() => {
        setIsLoading(false)
        setSelectedPermission(undefined)
      })
  }
  const handleDeletePermissionClick = (permission: PermissionResponse) => {
    setSelectedPermission(permission)
    setDeleteModalOpen(true)
  }
  const deletePermission = () => {
    setDeleteModalOpen(false)
    setIsLoading(true)
    axios
      .delete(`/SASjsApi/permission/${selectedPermission?.permissionId}`)
      .then((res: any) => {
        fetchPermissions()
        setSnackbarMessage('Permission deleted!')
        setSnackbarSeverity(AlertSeverityType.Success)
        setOpenSnackbar(true)
      })
      .catch((err) => {
        setModalTitle('Abort')
        setModalPayload(
          typeof err.response.data === 'object'
            ? JSON.stringify(err.response.data)
            : err.response.data
        )
        setOpenModal(true)
      })
      .finally(() => {
        setIsLoading(false)
        setSelectedPermission(undefined)
      })
  }
  return isLoading ? (
    <CircularProgress
@@ -272,212 +34,27 @@ const Permission = () => {
  ) : (
    <Box className="permissions-page">
      <Grid container direction="column" spacing={1}>
-        <Grid item xs={12}>
+        <BootstrapGridItem item xs={12}>
          <Paper elevation={3} sx={{ display: 'flex' }}>
-            <Tooltip title="Filter Permissions">
+            <FilterPermissionsButton />
-              <IconButton>
+            {isAdmin && <AddPermissionButton />}
                <FilterListIcon onClick={() => setFilterModalOpen(true)} />
              </IconButton>
            </Tooltip>
            {appContext.isAdmin && (
              <Tooltip
                sx={{ marginLeft: 'auto' }}
                title="Add Permission"
                placement="bottom-end"
              >
                <IconButton onClick={() => setAddPermissionModalOpen(true)}>
                  <AddIcon />
                </IconButton>
              </Tooltip>
            )}
          </Paper>
-        </Grid>
+        </BootstrapGridItem>
-        <Grid item xs={12}>
+        <BootstrapGridItem item xs={12}>
          <PermissionTable
            permissions={filterApplied ? filteredPermissions : permissions}
            handleUpdatePermissionClick={handleUpdatePermissionClick}
            handleDeletePermissionClick={handleDeletePermissionClick}
          />
-        </Grid>
+        </BootstrapGridItem>
      </Grid>
-      <BootstrapSnackbar
+      <PermissionResponseDialog />
-        open={openSnackbar}
+      <UpdatePermissionDialog />
-        setOpen={setOpenSnackbar}
+      <DeletePermissionDialog />
-        message={snackbarMessage}
+      <Dialog />
-        severity={snackbarSeverity}
+      <Snackbar />
      />
      <Modal
        open={openModal}
        setOpen={setOpenModal}
        title={modalTitle}
        payload={modalPayload}
      />
      <PermissionFilterModal
        open={filterModalOpen}
        handleOpen={setFilterModalOpen}
        permissions={permissions}
        uriFilter={uriFilter}
        setUriFilter={setUriFilter}
        principalFilter={principalFilter}
        setPrincipalFilter={setPrincipalFilter}
        principalTypeFilter={principalTypeFilter}
        setPrincipalTypeFilter={setPrincipalTypeFilter}
        settingFilter={settingFilter}
        setSettingFilter={setSettingFilter}
        applyFilter={applyFilter}
        resetFilter={resetFilter}
      />
      <AddPermissionModal
        open={addPermissionModalOpen}
        handleOpen={setAddPermissionModalOpen}
        addPermission={addPermission}
      />
      <UpdatePermissionModal
        open={updatePermissionModalOpen}
        handleOpen={setUpdatePermissionModalOpen}
        permission={selectedPermission}
        updatePermission={updatePermission}
      />
      <DeleteModal
        open={deleteModalOpen}
        setOpen={setDeleteModalOpen}
        deletePermission={deletePermission}
      />
    </Box>
  )
 }
 export default Permission
 type PermissionTableProps = {
  permissions: PermissionResponse[]
  handleUpdatePermissionClick: (permission: PermissionResponse) => void
  handleDeletePermissionClick: (permission: PermissionResponse) => void
 }
 const PermissionTable = ({
  permissions,
  handleUpdatePermissionClick,
  handleDeletePermissionClick
 }: PermissionTableProps) => {
  const appContext = useContext(AppContext)
  return (
    <TableContainer component={Paper}>
      <Table sx={{ minWidth: 650 }}>
        <TableHead sx={{ background: 'rgb(0,0,0, 0.3)' }}>
          <TableRow>
            <BootstrapTableCell>Uri</BootstrapTableCell>
            <BootstrapTableCell>Principal</BootstrapTableCell>
            <BootstrapTableCell>Type</BootstrapTableCell>
            <BootstrapTableCell>Setting</BootstrapTableCell>
            {appContext.isAdmin && (
              <BootstrapTableCell>Action</BootstrapTableCell>
            )}
          </TableRow>
        </TableHead>
        <TableBody>
          {permissions.map((permission) => (
            <TableRow key={permission.permissionId}>
              <BootstrapTableCell>{permission.uri}</BootstrapTableCell>
              <BootstrapTableCell>
                {displayPrincipal(permission)}
              </BootstrapTableCell>
              <BootstrapTableCell>
                {displayPrincipalType(permission)}
              </BootstrapTableCell>
              <BootstrapTableCell>{permission.setting}</BootstrapTableCell>
              {appContext.isAdmin && (
                <BootstrapTableCell>
                  <Tooltip title="Edit Permission">
                    <IconButton
                      onClick={() => handleUpdatePermissionClick(permission)}
                    >
                      <EditIcon />
                    </IconButton>
                  </Tooltip>
                  <Tooltip title="Delete Permission">
                    <IconButton
                      color="error"
                      onClick={() => handleDeletePermissionClick(permission)}
                    >
                      <DeleteForeverIcon />
                    </IconButton>
                  </Tooltip>
                </BootstrapTableCell>
              )}
            </TableRow>
          ))}
        </TableBody>
      </Table>
    </TableContainer>
  )
 }
 const displayPrincipal = (permission: PermissionResponse) => {
  if (permission.user) return permission.user.username
  if (permission.group) return <DisplayGroup group={permission.group} />
 }
 type DisplayGroupProps = {
  group: GroupDetailsResponse
 }
 const DisplayGroup = ({ group }: DisplayGroupProps) => {
  const [anchorEl, setAnchorEl] = useState<HTMLElement | null>(null)
  const handlePopoverOpen = (event: React.MouseEvent<HTMLElement>) => {
    setAnchorEl(event.currentTarget)
  }
  const handlePopoverClose = () => {
    setAnchorEl(null)
  }
  const open = Boolean(anchorEl)
  return (
    <div>
      <Typography
        aria-owns={open ? 'mouse-over-popover' : undefined}
        aria-haspopup="true"
        onMouseEnter={handlePopoverOpen}
        onMouseLeave={handlePopoverClose}
      >
        {group.name}
      </Typography>
      <Popover
        id="mouse-over-popover"
        sx={{
          pointerEvents: 'none'
        }}
        open={open}
        anchorEl={anchorEl}
        anchorOrigin={{
          vertical: 'bottom',
          horizontal: 'left'
        }}
        transformOrigin={{
          vertical: 'top',
          horizontal: 'left'
        }}
        onClose={handlePopoverClose}
        disableRestoreFocus
      >
        <Typography sx={{ p: 1 }} variant="h6" component="div">
          Group Members
        </Typography>
        {group.users.map((user) => (
          <Typography sx={{ p: 1 }} component="li">
            {user.username}
          </Typography>
        ))}
      </Popover>
    </div>
  )
 }
 const displayPrincipalType = (permission: PermissionResponse) => {
  if (permission.user) return PrincipalType.User
  if (permission.group) return PrincipalType.Group
 }
--- a/web/src/containers/Studio/editor.tsx
+++ b/web/src/containers/Studio/editor.tsx
@@ -0,0 +1,230 @@
 import React, { Dispatch, SetStateAction } from 'react'
 import {
  Backdrop,
  Box,
  CircularProgress,
  Paper,
  Tab,
  Tooltip,
  Typography
 } from '@mui/material'
 import { styled } from '@mui/material/styles'
 import Editor, { MonacoDiffEditor } from 'react-monaco-editor'
 import { TabContext, TabList, TabPanel } from '@mui/lab'
 import FilePathInputModal from '../../components/filePathInputModal'
 import FileMenu from './internal/components/fileMenu'
 import RunMenu from './internal/components/runMenu'
 import { usePrompt } from '../../utils/hooks'
 import { getLanguageFromExtension } from './internal/helper'
 import useEditor from './internal/hooks/useEditor'
 const StyledTabPanel = styled(TabPanel)(() => ({
  padding: '10px'
 }))
 const StyledTab = styled(Tab)(() => ({
  fontSize: '1rem',
  color: 'gray',
  '&.Mui-selected': {
    color: 'black'
  }
 }))
 type SASjsEditorProps = {
  selectedFilePath: string
  setSelectedFilePath: (filePath: string, refreshSideBar?: boolean) => void
  tab: string
  setTab: Dispatch<SetStateAction<string>>
 }
 const SASjsEditor = ({
  selectedFilePath,
  setSelectedFilePath,
  tab,
  setTab
 }: SASjsEditorProps) => {
  const {
    ctrlPressed,
    fileContent,
    isLoading,
    log,
    openFilePathInputModal,
    prevFileContent,
    runTimes,
    selectedFileExtension,
    selectedRunTime,
    showDiff,
    webout,
    Dialog,
    handleChangeRunTime,
    handleDiffEditorDidMount,
    handleEditorDidMount,
    handleFilePathInput,
    handleKeyDown,
    handleKeyUp,
    handleRunBtnClick,
    handleTabChange,
    saveFile,
    setShowDiff,
    setOpenFilePathInputModal,
    setFileContent,
    Snackbar
  } = useEditor({ selectedFilePath, setSelectedFilePath, setTab })
  usePrompt(
    'Changes you made may not be saved.',
    prevFileContent !== fileContent && !!selectedFilePath
  )
  const fileMenu = (
    <FileMenu
      showDiff={showDiff}
      setShowDiff={setShowDiff}
      prevFileContent={prevFileContent}
      currentFileContent={fileContent}
      selectedFilePath={selectedFilePath}
      setOpenFilePathInputModal={setOpenFilePathInputModal}
      saveFile={saveFile}
    />
  )
  const monacoEditor = showDiff ? (
    <MonacoDiffEditor
      height="98%"
      language={getLanguageFromExtension(selectedFileExtension)}
      original={prevFileContent}
      value={fileContent}
      editorDidMount={handleDiffEditorDidMount}
      options={{ readOnly: ctrlPressed }}
      onChange={(val) => setFileContent(val)}
    />
  ) : (
    <Editor
      height="98%"
      language={getLanguageFromExtension(selectedFileExtension)}
      value={fileContent}
      editorDidMount={handleEditorDidMount}
      options={{ readOnly: ctrlPressed }}
      onChange={(val) => setFileContent(val)}
    />
  )
  return (
    <Box sx={{ width: '100%', typography: 'body1', marginTop: '50px' }}>
      <Backdrop
        sx={{ color: '#fff', zIndex: (theme) => theme.zIndex.drawer + 1 }}
        open={isLoading}
      >
        <CircularProgress color="inherit" />
      </Backdrop>
      {selectedFilePath && !runTimes.includes(selectedFileExtension) ? (
        <Box sx={{ marginTop: '10px' }}>
          <Box sx={{ display: 'flex', justifyContent: 'center' }}>
            {fileMenu}
          </Box>
          <Paper
            sx={{
              height: 'calc(100vh - 140px)',
              padding: '10px',
              margin: '0 24px',
              overflow: 'auto',
              position: 'relative'
            }}
            elevation={3}
          >
            {monacoEditor}
          </Paper>
        </Box>
      ) : (
        <TabContext value={tab}>
          <Box
            sx={{
              borderBottom: 1,
              borderColor: 'divider',
              background: 'white'
            }}
          >
            <TabList onChange={handleTabChange} centered>
              <StyledTab label="Code" value="code" />
              <StyledTab label="Log" value="log" />
              <StyledTab
                label={
                  <Tooltip title="Displays content from the _webout fileref">
                    <Typography>Webout</Typography>
                  </Tooltip>
                }
                value="webout"
              />
            </TabList>
          </Box>
          <StyledTabPanel sx={{ paddingBottom: 0 }} value="code">
            <Box sx={{ display: 'flex', justifyContent: 'center' }}>
              <RunMenu
                fileContent={fileContent}
                prevFileContent={prevFileContent}
                selectedFilePath={selectedFilePath}
                selectedRunTime={selectedRunTime}
                runTimes={runTimes}
                handleChangeRunTime={handleChangeRunTime}
                handleRunBtnClick={handleRunBtnClick}
              />
              {fileMenu}
            </Box>
            <Paper
              onKeyUp={handleKeyUp}
              onKeyDown={handleKeyDown}
              sx={{
                height: 'calc(100vh - 170px)',
                padding: '10px',
                overflow: 'auto',
                position: 'relative'
              }}
              elevation={3}
            >
              {monacoEditor}
              <p
                style={{
                  position: 'absolute',
                  left: 0,
                  right: 0,
                  bottom: -10,
                  textAlign: 'center',
                  fontSize: '13px'
                }}
              >
                Press CTRL + ENTER to run code
              </p>
            </Paper>
          </StyledTabPanel>
          <StyledTabPanel value="log">
            <div>
              <h2>Log</h2>
              <pre id="log" style={{ overflow: 'auto', height: '75vh' }}>
                {log}
              </pre>
            </div>
          </StyledTabPanel>
          <StyledTabPanel value="webout">
            <div>
              <pre>{webout}</pre>
            </div>
          </StyledTabPanel>
        </TabContext>
      )}
      <Dialog />
      <Snackbar />
      <FilePathInputModal
        open={openFilePathInputModal}
        setOpen={setOpenFilePathInputModal}
        saveFile={handleFilePathInput}
      />
    </Box>
  )
 }
 export default SASjsEditor
--- a/web/src/containers/Studio/index.tsx
+++ b/web/src/containers/Studio/index.tsx
@@ -1,253 +1,104 @@
-import React, { useEffect, useRef, useState, useContext } from 'react'
+import React, { useState, useEffect, useCallback } from 'react'
 import { useSearchParams } from 'react-router-dom'
 import axios from 'axios'
-import {
+import CssBaseline from '@mui/material/CssBaseline'
-  Backdrop,
+import Box from '@mui/material/Box'
  Box,
  Button,
  CircularProgress,
  FormControl,
  MenuItem,
  Paper,
  Select,
  SelectChangeEvent,
  Tab,
  Tooltip
 } from '@mui/material'
 import { makeStyles } from '@mui/styles'
 import Editor, { EditorDidMount } from 'react-monaco-editor'
 import { useLocation } from 'react-router-dom'
 import { TabContext, TabList, TabPanel } from '@mui/lab'
-import { AppContext, RunTimeType } from '../../context/appContext'
+import { TreeNode } from '../../utils/types'
-const useStyles = makeStyles(() => ({
+import SideBar from './sideBar'
-  root: {
+import SASjsEditor from './editor'
    fontSize: '1rem',
    color: 'gray',
    '&.Mui-selected': {
      color: 'black'
    }
  },
  subMenu: {
    marginTop: '25px',
    display: 'flex',
    justifyContent: 'center'
  },
  runButton: {
    display: 'flex',
    alignItems: 'center',
    padding: '5px 5px',
    minWidth: 'unset'
  }
 }))
 const Studio = () => {
-  const appContext = useContext(AppContext)
+  const [searchParams, setSearchParams] = useSearchParams()
-  const location = useLocation()
+  const [selectedFilePath, setSelectedFilePath] = useState('')
-  const [fileContent, setFileContent] = useState('')
+  const [directoryData, setDirectoryData] = useState<TreeNode | null>(null)
-  const [log, setLog] = useState('')
+  const [tab, setTab] = useState('code')
  const [ctrlPressed, setCtrlPressed] = useState(false)
  const [webout, setWebout] = useState('')
  const [tab, setTab] = useState('1')
  const [runTimes, setRunTimes] = useState<string[]>([])
  const [selectedRunTime, setSelectedRunTime] = useState('')
  const [isRunning, setIsRunning] = useState(false)
  useEffect(() => {
-    setRunTimes(Object.values(appContext.runTimes))
+    setSelectedFilePath(searchParams.get('filePath') ?? '')
-  }, [appContext.runTimes])
+  }, [searchParams])
-  useEffect(() => {
+  const fetchDirectoryData = useCallback(() => {
    if (runTimes.length) setSelectedRunTime(runTimes[0])
  }, [runTimes])
  const handleTabChange = (_e: any, newValue: string) => {
    setTab(newValue)
  }
  const editorRef = useRef(null as any)
  const handleEditorDidMount: EditorDidMount = (editor) => {
    editor.focus()
    editorRef.current = editor
  }
  const getSelection = () => {
    const editor = editorRef.current as any
    const selection = editor?.getModel().getValueInRange(editor?.getSelection())
    return selection ?? ''
  }
  const handleRunBtnClick = () => runCode(getSelection() || fileContent)
  const runCode = (code: string) => {
    setIsRunning(true)
    axios
-      .post(`/SASjsApi/code/execute`, { code, runTime: selectedRunTime })
+      .get(`/SASjsApi/drive/fileTree`)
      .then((res: any) => {
-        const parsedLog = res?.data?.log
+        if (res.data && res.data?.status === 'success') {
-          .map((logLine: any) => logLine.line)
+          setDirectoryData(res.data.tree)
-          .join('\n')
+        }
-
+      })
-        setLog(parsedLog)
+      .catch((err) => {
-
+        console.log(err)
        setWebout(`${res.data?._webout}`)
        setTab('2')
        // Scroll to bottom of log
        window.scrollTo(0, document.body.scrollHeight)
      })
      .catch((err) => console.log(err))
      .finally(() => setIsRunning(false))
  }
  const handleKeyDown = (event: any) => {
    if (event.ctrlKey) {
      if (event.key === 'v') {
        setCtrlPressed(false)
      }
      if (event.key === 'Enter') runCode(getSelection() || fileContent)
      if (!ctrlPressed) setCtrlPressed(true)
    }
  }
  const handleKeyUp = (event: any) => {
    if (!event.ctrlKey && ctrlPressed) setCtrlPressed(false)
  }
  const handleChangeRunTime = (event: SelectChangeEvent) => {
    setSelectedRunTime(event.target.value as RunTimeType)
  }
  useEffect(() => {
    const content = localStorage.getItem('fileContent') ?? ''
    setFileContent(content)
  }, [])
  useEffect(() => {
-    if (fileContent.length) {
+    fetchDirectoryData()
-      localStorage.setItem('fileContent', fileContent)
+  }, [fetchDirectoryData])
  const handleSelect = (filePath: string, refreshSideBar?: boolean) => {
    setSearchParams({ filePath })
    if (refreshSideBar) fetchDirectoryData()
  }
  const removeFileFromTree = (path: string) => {
    if (directoryData) {
      const newTree = JSON.parse(JSON.stringify(directoryData)) as TreeNode
      findAndRemoveNode(newTree, newTree, path)
      setDirectoryData(newTree)
    }
-  }, [fileContent])
+  }
-  useEffect(() => {
+  const findAndRemoveNode = (
-    const params = new URLSearchParams(location.search)
+    node: TreeNode,
-    const programPath = params.get('_program')
+    parentNode: TreeNode,
    path: string
  ) => {
    if (node.relativePath === path) {
      removeNodeFromParent(parentNode, path)
      // reset selected file path and file path query param
      if (
        node.relativePath === selectedFilePath ||
        selectedFilePath.startsWith(node.relativePath)
      )
        setSearchParams({})
      return true
    }
    if (Array.isArray(node.children)) {
      for (let i = 0; i < node.children.length; i++) {
        if (findAndRemoveNode(node.children[i], node, path)) return
      }
    }
  }
-    if (programPath?.length)
+  const removeNodeFromParent = (parent: TreeNode, path: string) => {
-      axios
+    const index = parent.children.findIndex(
-        .get(`/SASjsApi/drive/file?filePath=${programPath}`)
+      (node) => node.relativePath === path
-        .then((res: any) => setFileContent(res.data.fileContent))
+    )
-        .catch((err) => console.log(err))
+    if (index !== -1) {
-  }, [location.search])
+      parent.children.splice(index, 1)
-
+    }
-  const classes = useStyles()
+  }
  return (
-    <Box
+    <Box sx={{ display: 'flex' }}>
-      onKeyUp={handleKeyUp}
+      <CssBaseline />
-      onKeyDown={handleKeyDown}
+      {tab === 'code' && (
-      sx={{ width: '100%', typography: 'body1', marginTop: '50px' }}
+        <SideBar
-    >
+          selectedFilePath={selectedFilePath}
-      <TabContext value={tab}>
+          directoryData={directoryData}
-        <Box
+          handleSelect={handleSelect}
-          sx={{
+          removeFileFromTree={removeFileFromTree}
-            borderBottom: 1,
+          refreshSideBar={fetchDirectoryData}
-            borderColor: 'divider'
+        />
-          }}
+      )}
-          style={{ position: 'fixed', background: 'white', width: '100%' }}
+      <SASjsEditor
-        >
+        selectedFilePath={selectedFilePath}
-          <TabList onChange={handleTabChange} centered>
+        setSelectedFilePath={handleSelect}
-            <Tab className={classes.root} label="Code" value="1" />
+        tab={tab}
-            <Tab className={classes.root} label="Log" value="2" />
+        setTab={setTab}
-            <Tooltip title="Displays content from the _webout fileref">
+      />
              <Tab className={classes.root} label="Webout" value="3" />
            </Tooltip>
          </TabList>
        </Box>
        <TabPanel sx={{ paddingBottom: 0 }} value="1">
          <Backdrop
            sx={{ color: '#fff', zIndex: (theme) => theme.zIndex.drawer + 1 }}
            open={isRunning}
          >
            <CircularProgress color="inherit" />
          </Backdrop>
          <div className={classes.subMenu}>
            <Tooltip title="CTRL+ENTER will also run SAS code">
              <Button onClick={handleRunBtnClick} className={classes.runButton}>
                <img
                  alt=""
                  draggable="false"
                  style={{ width: '25px' }}
                  src="/running-sas.png"
                ></img>
                <span style={{ fontSize: '12px' }}>RUN</span>
              </Button>
            </Tooltip>
            <Box sx={{ minWidth: '75px', marginLeft: '10px' }}>
              <FormControl variant="standard">
                <Select
                  labelId="run-time-select-label"
                  id="run-time-select"
                  value={selectedRunTime}
                  onChange={handleChangeRunTime}
                >
                  {runTimes.map((runTime) => (
                    <MenuItem key={runTime} value={runTime}>
                      {runTime}
                    </MenuItem>
                  ))}
                </Select>
              </FormControl>
            </Box>
          </div>
          <Paper
            sx={{
              height: 'calc(100vh - 170px)',
              padding: '10px',
              overflow: 'auto',
              position: 'relative'
            }}
            elevation={3}
          >
            <Editor
              height="98%"
              language="sas"
              value={fileContent}
              editorDidMount={handleEditorDidMount}
              options={{ readOnly: ctrlPressed }}
              onChange={(val) => {
                if (val) setFileContent(val)
              }}
            />
            <p
              style={{
                position: 'absolute',
                left: 0,
                right: 0,
                bottom: -10,
                textAlign: 'center',
                fontSize: '13px'
              }}
            >
              Press CTRL + ENTER to run SAS code
            </p>
          </Paper>
        </TabPanel>
        <TabPanel value="2">
          <div style={{ marginTop: '50px' }}>
            <h2>SAS Log</h2>
            <pre>{log}</pre>
          </div>
        </TabPanel>
        <TabPanel value="3">
          <div style={{ marginTop: '50px' }}>
            <pre>{webout}</pre>
          </div>
        </TabPanel>
      </TabContext>
    </Box>
  )
 }
--- a/Show More
+++ b/Show More