chore(release): 0.17.5 [skip ci]

## [0.17.5](https://github.com/sasjs/server/compare/v0.17.4...v0.17.5) (2022-09-02)

### Bug Fixes

* SASINITIALFOLDER split over 2 params, closes [#271](https://github.com/sasjs/server/issues/271) ([393b5ea](393b5eaf99))

.github/FUNDING.yml

@@ -0,0 +1,3 @@
+# These are supported funding model platforms
+
+github: [sasjs]

CHANGELOG.md

@@ -1,3 +1,300 @@
+## [0.17.5](https://github.com/sasjs/server/compare/v0.17.4...v0.17.5) (2022-09-02)
+
+
+### Bug Fixes
+
+* SASINITIALFOLDER split over 2 params, closes [#271](https://github.com/sasjs/server/issues/271) ([393b5ea](https://github.com/sasjs/server/commit/393b5eaf990049c39eecf2b9e8dd21a001b6e298))
+
+## [0.17.4](https://github.com/sasjs/server/compare/v0.17.3...v0.17.4) (2022-09-01)
+
+
+### Bug Fixes
+
+* invalid JS logic ([9f06080](https://github.com/sasjs/server/commit/9f06080348aed076f8188a26fb4890d38a5a3510))
+
+## [0.17.3](https://github.com/sasjs/server/compare/v0.17.2...v0.17.3) (2022-09-01)
+
+
+### Bug Fixes
+
+* making SASINITIALFOLDER option windows only.  Closes [#267](https://github.com/sasjs/server/issues/267) ([e63271a](https://github.com/sasjs/server/commit/e63271a67a0deb3059a5f2bec1854efee5a6e5a5))
+
+## [0.17.2](https://github.com/sasjs/server/compare/v0.17.1...v0.17.2) (2022-08-31)
+
+
+### Bug Fixes
+
+* addition of SASINITIALFOLDER startup option.  Closes [#260](https://github.com/sasjs/server/issues/260) ([a5ee2f2](https://github.com/sasjs/server/commit/a5ee2f292384f90e9d95d003d652311c0d91a7a7))
+
+## [0.17.1](https://github.com/sasjs/server/compare/v0.17.0...v0.17.1) (2022-08-30)
+
+
+### Bug Fixes
+
+* typo mistake ([ee17d37](https://github.com/sasjs/server/commit/ee17d37aa188b0ca43cea0e89d6cd1a566b765cb))
+
+# [0.17.0](https://github.com/sasjs/server/compare/v0.16.1...v0.17.0) (2022-08-25)
+
+
+### Bug Fixes
+
+* allow underscores in file name ([bce83cb](https://github.com/sasjs/server/commit/bce83cb6fbc98f8198564c9399821f5829acc767))
+
+
+### Features
+
+* add the functionality of saving file by ctrl + s in editor ([3a3c90d](https://github.com/sasjs/server/commit/3a3c90d9e690ac5267bf1acc834b5b5c5b4dadb6))
+
+## [0.16.1](https://github.com/sasjs/server/compare/v0.16.0...v0.16.1) (2022-08-24)
+
+
+### Bug Fixes
+
+* update response of /SASjsApi/stp/execute and /SASjsApi/code/execute ([98ea2ac](https://github.com/sasjs/server/commit/98ea2ac9b98631605e39e5900e533727ea0e3d85))
+
+# [0.16.0](https://github.com/sasjs/server/compare/v0.15.3...v0.16.0) (2022-08-17)
+
+
+### Bug Fixes
+
+* add a new variable _SASJS_WEBOUT_HEADERS to code.js and code.py ([882bedd](https://github.com/sasjs/server/commit/882bedd5d5da22de6ed45c03d0a261aadfb3a33c))
+* update content for code.sas file ([02e88ae](https://github.com/sasjs/server/commit/02e88ae7280d020a753bc2c095a931c79ac392d1))
+* update default content type for python and js runtimes ([8780b80](https://github.com/sasjs/server/commit/8780b800a34aa618631821e5d97e26e8b0f15806))
+
+
+### Features
+
+* implement the logic for running python stored programs ([b06993a](https://github.com/sasjs/server/commit/b06993ab9ea24b28d9e553763187387685aaa666))
+
+## [0.15.3](https://github.com/sasjs/server/compare/v0.15.2...v0.15.3) (2022-08-11)
+
+
+### Bug Fixes
+
+* adding proc printto in precode to enable print output in log.  Closes [#253](https://github.com/sasjs/server/issues/253) ([f8bb732](https://github.com/sasjs/server/commit/f8bb7327a8a4649ac77bb6237e31cea075d46bb9))
+
+## [0.15.2](https://github.com/sasjs/server/compare/v0.15.1...v0.15.2) (2022-08-10)
+
+
+### Bug Fixes
+
+* remove vulnerabitities ([f27ac51](https://github.com/sasjs/server/commit/f27ac51fc4beb21070d0ab551cfdaec1f6ba39e0))
+
+## [0.15.1](https://github.com/sasjs/server/compare/v0.15.0...v0.15.1) (2022-08-10)
+
+
+### Bug Fixes
+
+* **web:** fix UI responsiveness ([d99fdd1](https://github.com/sasjs/server/commit/d99fdd1ec7991b94a0d98338d7a7a6216f46ce45))
+
+# [0.15.0](https://github.com/sasjs/server/compare/v0.14.1...v0.15.0) (2022-08-05)
+
+
+### Bug Fixes
+
+* after selecting file in sidebar collapse sidebar in mobile view ([e215958](https://github.com/sasjs/server/commit/e215958b8b05d7a8ce9d82395e0640b5b37fb40d))
+* improve mobile view for studio page ([c67d3ee](https://github.com/sasjs/server/commit/c67d3ee2f102155e2e9781e13d5d33c1ab227cb4))
+* improve responsiveness for mobile view ([6ef40b9](https://github.com/sasjs/server/commit/6ef40b954a87ebb0a2621119064f38d58ea85148))
+* improve user experience for adding permissions ([7a162ed](https://github.com/sasjs/server/commit/7a162eda8fc60383ff647d93e6611799e2e6af7a))
+* show logout button only when user is logged in ([9227cd4](https://github.com/sasjs/server/commit/9227cd449dc46fd960a488eb281804a9b9ffc284))
+
+
+### Features
+
+* add multiple permission for same combination of type and principal at once ([754704b](https://github.com/sasjs/server/commit/754704bca89ecbdbcc3bd4ef04b94124c4f24167))
+
+## [0.14.1](https://github.com/sasjs/server/compare/v0.14.0...v0.14.1) (2022-08-04)
+
+
+### Bug Fixes
+
+* **apps:** App Stream logo fix ([87c03c5](https://github.com/sasjs/server/commit/87c03c5f8dbdfc151d4ff3722ecbcd3f7e409aea))
+* **cookie:** XSRF cookie is removed and passed token in head section ([77f8d30](https://github.com/sasjs/server/commit/77f8d30baf9b1077279c29f1c3e5ca02a5436bc0))
+* **env:** check added for not providing WHITELIST ([5966016](https://github.com/sasjs/server/commit/5966016853369146b27ac5781808cb51d65c887f))
+* **web:** show login on logged-out state ([f7fcc77](https://github.com/sasjs/server/commit/f7fcc7741aa2af93a4a2b1e651003704c9bbff0c))
+
+# [0.14.0](https://github.com/sasjs/server/compare/v0.13.3...v0.14.0) (2022-08-02)
+
+
+### Bug Fixes
+
+* add restriction on  add/remove user to public group ([d3a516c](https://github.com/sasjs/server/commit/d3a516c36e45aa1cc76c30c744e6a0e5bd553165))
+* call jwt.verify in synchronous way ([254bc07](https://github.com/sasjs/server/commit/254bc07da744a9708109bfb792be70aa3f6284f4))
+
+
+### Features
+
+* add public group to DB on seed ([c3e3bef](https://github.com/sasjs/server/commit/c3e3befc17102ee1754e1403193040b4f79fb2a7))
+* bypass authentication when route is enabled for public group ([68515f9](https://github.com/sasjs/server/commit/68515f95a65d422e29c0ed6028f3ea0ae8d9b1bf))
+
+## [0.13.3](https://github.com/sasjs/server/compare/v0.13.2...v0.13.3) (2022-08-02)
+
+
+### Bug Fixes
+
+* show non-admin user his own permissions only ([8a3054e](https://github.com/sasjs/server/commit/8a3054e19ade82e2792cfb0f2a8af9e502c5eb52))
+* update schema of Permission ([5d5a9d3](https://github.com/sasjs/server/commit/5d5a9d3788281d75c56f68f0dff231abc9c9c275))
+
+## [0.13.2](https://github.com/sasjs/server/compare/v0.13.1...v0.13.2) (2022-08-01)
+
+
+### Bug Fixes
+
+* adding ls=max to reduce log size and improve readability ([916947d](https://github.com/sasjs/server/commit/916947dffacd902ff23ac3e899d1bf5ab6238b75))
+
+## [0.13.1](https://github.com/sasjs/server/compare/v0.13.0...v0.13.1) (2022-07-31)
+
+
+### Bug Fixes
+
+* adding options to prevent unwanted windows on windows.  Closes [#244](https://github.com/sasjs/server/issues/244) ([77db14c](https://github.com/sasjs/server/commit/77db14c690e18145d733ac2b0d646ab0dbe4d521))
+
+# [0.13.0](https://github.com/sasjs/server/compare/v0.12.1...v0.13.0) (2022-07-28)
+
+
+### Bug Fixes
+
+* autofocus input field and submit on enter ([7681722](https://github.com/sasjs/server/commit/7681722e5afdc2df0c9eed201b05add3beda92a7))
+* move api button to user menu ([8de032b](https://github.com/sasjs/server/commit/8de032b5431b47daabcf783c47ff078bf817247d))
+
+
+### Features
+
+* add action and command to editor ([706e228](https://github.com/sasjs/server/commit/706e228a8e1924786fd9dc97de387974eda504b1))
+
+## [0.12.1](https://github.com/sasjs/server/compare/v0.12.0...v0.12.1) (2022-07-26)
+
+
+### Bug Fixes
+
+* **web:** disable launch icon button when file content is not saved ([c574b42](https://github.com/sasjs/server/commit/c574b4223591c4a6cd3ef5e146ce99cd8f7c9190))
+* **web:** saveAs functionality fixed in studio page ([3c987c6](https://github.com/sasjs/server/commit/3c987c61ddc258f991e2bf38c1f16a0c4248d6ae))
+* **web:** show original name as default name in rename file/folder modal ([9640f65](https://github.com/sasjs/server/commit/9640f6526496f3564664ccb1f834d0f659dcad4e))
+* **web:** webout tab item fixed in studio page ([7cdffe3](https://github.com/sasjs/server/commit/7cdffe30e36e5cad0284f48ea97925958e12704c))
+* **web:** when no file is selected save the editor content to local storage ([3b1fcb9](https://github.com/sasjs/server/commit/3b1fcb937d06d02ab99c9e8dbe307012d48a7a3a))
+
+# [0.12.0](https://github.com/sasjs/server/compare/v0.11.5...v0.12.0) (2022-07-26)
+
+
+### Bug Fixes
+
+* fileTree api response to include an additional attribute isFolder ([0f19384](https://github.com/sasjs/server/commit/0f193849994f1ac8a071afa8f10af5b46f86663d))
+* remove drive component ([06d7c91](https://github.com/sasjs/server/commit/06d7c91fc34620a954df1fd1c682eff370f79ca6))
+
+
+### Features
+
+* add api end point for delete folder ([08e0c61](https://github.com/sasjs/server/commit/08e0c61e0fd7041d6cded6f4d71fbb410e5615ce))
+* add sidebar(drive) to left of studio ([6c35412](https://github.com/sasjs/server/commit/6c35412d2f5180d4e49b12e616576d8b8dacb7d8))
+* created api endpoint for adding empty folder in drive ([941917e](https://github.com/sasjs/server/commit/941917e508ece5009135f9dddf99775dd4002f78))
+* implemented api for renaming file/folder ([fdcaba9](https://github.com/sasjs/server/commit/fdcaba9d56cddea5d56d7de5a172f1bb49be3db5))
+* implemented delete file/folder functionality ([177675b](https://github.com/sasjs/server/commit/177675bc897416f7994dd849dc7bb11ba072efe9))
+* implemented functionality for adding file/folder from sidebar context menu ([0ce94a5](https://github.com/sasjs/server/commit/0ce94a553e53bfcdbd6273b26b322095a080a341))
+* implemented the functionality for renaming file/folder from context menu ([7010a6a](https://github.com/sasjs/server/commit/7010a6a1201720d0eb4093267a344fb828b90a2f))
+* prevent user from leaving studio page when there are unsaved changes ([6c75502](https://github.com/sasjs/server/commit/6c7550286b5f505e9dfe8ca63c62fa1db1b60b2e))
+* **web:** add difference view editor in studio ([420a61a](https://github.com/sasjs/server/commit/420a61a5a6b11dcb5eb0a652ea9cecea5c3bee5f))
+
+## [0.11.5](https://github.com/sasjs/server/compare/v0.11.4...v0.11.5) (2022-07-19)
+
+
+### Bug Fixes
+
+* Revert "fix(security): missing cookie flags are added" ([ce5218a](https://github.com/sasjs/server/commit/ce5218a2278cc750f2b1032024685dc6cd72f796))
+
+## [0.11.4](https://github.com/sasjs/server/compare/v0.11.3...v0.11.4) (2022-07-19)
+
+
+### Bug Fixes
+
+* **security:** missing cookie flags are added ([526402f](https://github.com/sasjs/server/commit/526402fd73407ee4fa2d31092111a7e6a1741487))
+
+## [0.11.3](https://github.com/sasjs/server/compare/v0.11.2...v0.11.3) (2022-07-19)
+
+
+### Bug Fixes
+
+* filePath fix in code.js file for windows ([2995121](https://github.com/sasjs/server/commit/299512135d77c2ac9e34853cf35aee6f2e1d4da4))
+
+## [0.11.2](https://github.com/sasjs/server/compare/v0.11.1...v0.11.2) (2022-07-18)
+
+
+### Bug Fixes
+
+* apply icon option only for sas.exe ([d2ddd8a](https://github.com/sasjs/server/commit/d2ddd8aacadfdd143026881f2c6ae8c6b277610a))
+
+## [0.11.1](https://github.com/sasjs/server/compare/v0.11.0...v0.11.1) (2022-07-18)
+
+
+### Bug Fixes
+
+* bank operator ([aa02741](https://github.com/sasjs/server/commit/aa027414ed3ce51f1014ef36c4191e064b2e963d))
+* ensuring nosplash option only applies for sas.exe ([65e6de9](https://github.com/sasjs/server/commit/65e6de966383fe49a919b1f901d77c7f1e402c9b)), closes [#229](https://github.com/sasjs/server/issues/229)
+
+# [0.11.0](https://github.com/sasjs/server/compare/v0.10.0...v0.11.0) (2022-07-16)
+
+
+### Bug Fixes
+
+* **logs:** logs location is configurable ([e024a92](https://github.com/sasjs/server/commit/e024a92f165990e08db8aa26ee326dbcb30e2e46))
+
+
+### Features
+
+* **logs:** logs to file with rotating + code split into files ([92fda18](https://github.com/sasjs/server/commit/92fda183f3f0f3956b7c791669eb8dd52c389d1b))
+
+# [0.10.0](https://github.com/sasjs/server/compare/v0.9.0...v0.10.0) (2022-07-06)
+
+
+### Bug Fixes
+
+* add authorize middleware for appStreams ([e54a09d](https://github.com/sasjs/server/commit/e54a09db19ec8690e54a40760531a4e06d250974))
+* add isAdmin attribute to return response of get session and login requests ([bdf63df](https://github.com/sasjs/server/commit/bdf63df1d915892486005ec904807749786b1c0c))
+* add permission authorization middleware to only specific routes ([f3dfc70](https://github.com/sasjs/server/commit/f3dfc7083fbfb4b447521341b1a86730fb90b4c0))
+* bumping core and running lint ([a2d1396](https://github.com/sasjs/server/commit/a2d13960578014312d2cb5e03145bfd1829d99ec))
+* controller fixed for deleting permission ([b5f595a](https://github.com/sasjs/server/commit/b5f595a25c50550d62482409353c7629c5a5c3e0))
+* do not show admin users in add permission modal ([a75edba](https://github.com/sasjs/server/commit/a75edbaa327ec2af49523c13996ac283061da7d8))
+* export GroupResponse interface ([38a7db8](https://github.com/sasjs/server/commit/38a7db8514de0acd94d74ba96bc1efb732add30c))
+* move permission filter modal to separate file and icons for different actions ([d000f75](https://github.com/sasjs/server/commit/d000f7508f6d7384afffafee4179151fca802ca8))
+* principalId type changed to  number from any ([4fcc191](https://github.com/sasjs/server/commit/4fcc191ce9edc7e4dcd8821fb8019f4eea5db4ea))
+* remove clientId from principal types ([0781ddd](https://github.com/sasjs/server/commit/0781ddd64e3b5e5ca39647bb4e4e1a9332a0f4f8))
+* remove duplicates principals from permission filter modal ([5b319f9](https://github.com/sasjs/server/commit/5b319f9ad1f941b306db6b9473a2128b2e42bf76))
+* show loading spinner in studio while executing code ([496247d](https://github.com/sasjs/server/commit/496247d0b9975097a008cf4d3a999d77648fd930))
+* show permission component only in server mode ([f863b81](https://github.com/sasjs/server/commit/f863b81a7d40a1296a061ec93946f204382af2c3))
+* update permission model ([39fc908](https://github.com/sasjs/server/commit/39fc908de1945f2aaea18d14e6bce703f6bf0c06))
+* update permission response ([e516b77](https://github.com/sasjs/server/commit/e516b7716da5ff7e23350a5f77cfa073b1171175))
+* **web:** only admin should be able to add, update or delete permission ([be8635c](https://github.com/sasjs/server/commit/be8635ccc5eb34c3f0a5951c8a0421292ef69c97))
+
+
+### Features
+
+* add api endpoint for deleting permission ([0171344](https://github.com/sasjs/server/commit/01713440a4fa661b76368785c0ca731f096ac70a))
+* add api endpoint for updating permission setting ([540f54f](https://github.com/sasjs/server/commit/540f54fb77b364822da7889dbe75c02242f48a59))
+* add authorize middleware for validating permissions ([7d916ec](https://github.com/sasjs/server/commit/7d916ec3e9ef579dde1b73015715cd01098c2018))
+* add basic UI for settings and permissions ([5652325](https://github.com/sasjs/server/commit/56523254525a66e756196e90b39a2b8cdadc1518))
+* add documentation link under usename dropdown menu ([eeb63b3](https://github.com/sasjs/server/commit/eeb63b330c292afcdd5c8f006882b224c4235068))
+* add permission model ([6bea1f7](https://github.com/sasjs/server/commit/6bea1f76668ddb070ad95b3e02c31238af67c346))
+* add UI for updating permission ([e8c21a4](https://github.com/sasjs/server/commit/e8c21a43b215f5fced0463b70747cda1191a4e01))
+* add validation for registering permission ([e5200c1](https://github.com/sasjs/server/commit/e5200c1000903185dfad9ee49c99583e473c4388))
+* add, remove and update permissions from web component ([97ecfdc](https://github.com/sasjs/server/commit/97ecfdc95563c72dbdecaebcb504e5194250a763))
+* added get authorizedRoutes api endpoint ([b10e932](https://github.com/sasjs/server/commit/b10e9326058193dd65a57fab2d2f05b7b06096e7))
+* created modal for adding permission ([1413b18](https://github.com/sasjs/server/commit/1413b1850838ecc988ab289da4541bde36a9a346))
+* defined register permission and get all permissions api endpoints ([1103ffe](https://github.com/sasjs/server/commit/1103ffe07b88496967cb03683b08f058ca3bbb9f))
+* update swagger docs ([797c2bc](https://github.com/sasjs/server/commit/797c2bcc39005a05a995be15a150d584fecae259))
+
+# [0.9.0](https://github.com/sasjs/server/compare/v0.8.3...v0.9.0) (2022-07-03)
+
+
+### Features
+
+* removed secrets from env variables ([9c3da56](https://github.com/sasjs/server/commit/9c3da56901672a818f54267f9defc9f4701ab7fb))
+
+## [0.8.3](https://github.com/sasjs/server/compare/v0.8.2...v0.8.3) (2022-07-02)
+
+
+### Bug Fixes
+
+* **deploy:** extract first json from zip file ([e290751](https://github.com/sasjs/server/commit/e290751c872d24009482871a8c398e834357dcde))
+
 ## [0.8.2](https://github.com/sasjs/server/compare/v0.8.1...v0.8.2) (2022-06-22)
 
 

README.md

@@ -64,12 +64,27 @@ Example contents of a `.env` file:
 # Server mode is multi-user and suitable for intranet / internet use
 MODE=
 
+# A comma separated string that defines the available runTimes.
+# Priority is given to the runtime that comes first in the string.
+# Possible options at the moment are sas and js
+
+# This string sets the priority of the available analytic runtimes
+# Valid runtimes are SAS (sas), JavaScript (js) and Python (py)
+# For each option provided, there should be a corresponding path,
+# eg SAS_PATH, NODE_PATH or PYTHON_PATH
+# Priority is given to runtimes earlier in the string
+# Example options:  [sas,js,py | js,py | sas | sas,js]
+RUN_TIMES=
+
 # Path to SAS executable (sas.exe / sas.sh)
 SAS_PATH=/path/to/sas/executable.exe
 
 # Path to Node.js executable
 NODE_PATH=~/.nvm/versions/node/v16.14.0/bin/node
 
+# Path to Python executable
+PYTHON_PATH=/usr/bin/python
+
 # Path to working directory
 # This location is for SAS WORK, staged files, DRIVE, configuration etc
 SASJS_ROOT=./sasjs_root
@@ -105,10 +120,6 @@ CERT_CHAIN=certificate.pem (required)
 CA_ROOT=fullchain.pem (optional)
 
 # ENV variables required for MODE: `server`
-ACCESS_TOKEN_SECRET=<secret>
-REFRESH_TOKEN_SECRET=<secret>
-AUTH_CODE_SECRET=<secret>
-SESSION_SECRET=<secret>
 DB_CONNECT=mongodb+srv://<DB_USERNAME>:<DB_PASSWORD>@<CLUSTER>/<DB_NAME>?retryWrites=true&w=majority
 
 # options: [disable|enable] default: `disable` for `server` & `enable` for `desktop`
@@ -140,12 +151,8 @@ HELMET_CSP_CONFIG_PATH=./csp.config.json
 # Docs: https://www.npmjs.com/package/morgan#predefined-formats
 LOG_FORMAT_MORGAN=
 
-# A comma separated string that defines the available runTimes.
-# Priority is given to the runtime that comes first in the string.
-# Possible options at the moment are sas and js
-
-# options: [sas,js|js,sas|sas|js] default:sas
-RUN_TIMES=
+# This location is for server logs with classical UNIX logrotate behavior
+LOG_LOCATION=./sasjs_root/logs
 
 ```
 

api/.env.example

@@ -12,16 +12,14 @@ PORT=[5000] default value is 5000
 HELMET_CSP_CONFIG_PATH=./csp.config.json if omitted HELMET default will be used
 HELMET_COEP=[true|false] if omitted HELMET default will be used
 
-ACCESS_TOKEN_SECRET=<secret>
-REFRESH_TOKEN_SECRET=<secret>
-AUTH_CODE_SECRET=<secret>
-SESSION_SECRET=<secret>
 DB_CONNECT=mongodb+srv://<DB_USERNAME>:<DB_PASSWORD>@<CLUSTER>/<DB_NAME>?retryWrites=true&w=majority
 
-RUN_TIMES=[sas|js|sas,js|js,sas] default considered as sas
+RUN_TIMES=[sas,js,py | js,py | sas | sas,js] default considered as sas
 SAS_PATH=/opt/sas/sas9/SASHome/SASFoundation/9.4/sas
 NODE_PATH=~/.nvm/versions/node/v16.14.0/bin/node
+PYTHON_PATH=/usr/bin/python
 
 SASJS_ROOT=./sasjs_root
 
-LOG_FORMAT_MORGAN=common
+LOG_FORMAT_MORGAN=common
+LOG_LOCATION=./sasjs_root/logs

api/package.json

@@ -7,7 +7,7 @@
     "initial": "npm run swagger && npm run compileSysInit && npm run copySASjsCore",
     "prestart": "npm run initial",
     "prebuild": "npm run initial",
-    "start": "nodemon ./src/server.ts",
+    "start": "NODE_ENV=development nodemon ./src/server.ts",
     "start:prod": "node ./build/src/server.js",
     "build": "rimraf build && tsc",
     "postbuild": "npm run copy:files",
@@ -47,7 +47,7 @@
   },
   "author": "4GL Ltd",
   "dependencies": {
-    "@sasjs/core": "^4.27.3",
+    "@sasjs/core": "^4.31.3",
     "@sasjs/utils": "2.42.1",
     "bcryptjs": "^2.4.3",
     "connect-mongo": "^4.6.0",
@@ -62,7 +62,8 @@
     "mongoose": "^6.0.12",
     "mongoose-sequence": "^5.3.1",
     "morgan": "^1.10.0",
-    "multer": "^1.4.3",
+    "multer": "^1.4.5-lts.1",
+    "rotating-file-stream": "^3.0.4",
     "swagger-ui-express": "4.3.0",
     "unzipper": "^0.10.11",
     "url": "^0.10.3"

api/scripts/compileSysInit.ts

@@ -6,12 +6,12 @@ import {
   readFile,
   SASJsFileType
 } from '@sasjs/utils'
-import { apiRoot, sysInitCompiledPath } from '../src/utils'
+import { apiRoot, sysInitCompiledPath } from '../src/utils/file'
 
 const macroCorePath = path.join(apiRoot, 'node_modules', '@sasjs', 'core')
 
 const compiledSystemInit = async (systemInit: string) =>
-  'options ps=max;\n' +
+  'options ls=max ps=max;\n' +
   (await loadDependenciesFile({
     fileContent: systemInit,
     type: SASJsFileType.job,

api/scripts/copySASjsCore.ts

@@ -8,7 +8,11 @@ import {
   listFilesInFolder
 } from '@sasjs/utils'
 
-import { apiRoot, sasJSCoreMacros, sasJSCoreMacrosInfo } from '../src/utils'
+import {
+  apiRoot,
+  sasJSCoreMacros,
+  sasJSCoreMacrosInfo
+} from '../src/utils/file'
 
 const macroCorePath = path.join(apiRoot, 'node_modules', '@sasjs', 'core')
 

api/src/app-modules/configureCors.ts

@@ -0,0 +1,21 @@
+import { Express } from 'express'
+import cors from 'cors'
+import { CorsType } from '../utils'
+
+export const configureCors = (app: Express) => {
+  const { CORS, WHITELIST } = process.env
+
+  if (CORS === CorsType.ENABLED) {
+    const whiteList: string[] = []
+    WHITELIST?.split(' ')
+      ?.filter((url) => !!url)
+      .forEach((url) => {
+        if (url.startsWith('http'))
+          // removing trailing slash of URLs listing for CORS
+          whiteList.push(url.replace(/\/$/, ''))
+      })
+
+    console.log('All CORS Requests are enabled for:', whiteList)
+    app.use(cors({ credentials: true, origin: whiteList }))
+  }
+}

api/src/app-modules/configureExpressSession.ts

@@ -0,0 +1,32 @@
+import { Express } from 'express'
+import mongoose from 'mongoose'
+import session from 'express-session'
+import MongoStore from 'connect-mongo'
+
+import { ModeType } from '../utils'
+import { cookieOptions } from '../app'
+
+export const configureExpressSession = (app: Express) => {
+  const { MODE } = process.env
+
+  if (MODE === ModeType.Server) {
+    let store: MongoStore | undefined
+
+    if (process.env.NODE_ENV !== 'test') {
+      store = MongoStore.create({
+        client: mongoose.connection!.getClient() as any,
+        collectionName: 'sessions'
+      })
+    }
+
+    app.use(
+      session({
+        secret: process.secrets.SESSION_SECRET,
+        saveUninitialized: false, // don't create session until something stored
+        resave: false, //don't save session if unmodified
+        store,
+        cookie: cookieOptions
+      })
+    )
+  }
+}

api/src/app-modules/configureLogger.ts

@@ -0,0 +1,33 @@
+import path from 'path'
+import { Express } from 'express'
+import morgan from 'morgan'
+import { createStream } from 'rotating-file-stream'
+import { generateTimestamp } from '@sasjs/utils'
+import { getLogFolder } from '../utils'
+
+export const configureLogger = (app: Express) => {
+  const { LOG_FORMAT_MORGAN } = process.env
+
+  let options
+  if (
+    process.env.NODE_ENV !== 'development' &&
+    process.env.NODE_ENV !== 'test'
+  ) {
+    const timestamp = generateTimestamp()
+    const filename = `${timestamp}.log`
+    const logsFolder = getLogFolder()
+
+    // create a rotating write stream
+    var accessLogStream = createStream(filename, {
+      interval: '1d', // rotate daily
+      path: logsFolder
+    })
+
+    console.log('Writing Logs to :', path.join(logsFolder, filename))
+
+    options = { stream: accessLogStream }
+  }
+
+  // setup the logger
+  app.use(morgan(LOG_FORMAT_MORGAN as string, options))
+}

api/src/app-modules/configureSecurity.ts

@@ -0,0 +1,26 @@
+import { Express } from 'express'
+import { getEnvCSPDirectives } from '../utils/parseHelmetConfig'
+import { HelmetCoepType, ProtocolType } from '../utils'
+import helmet from 'helmet'
+
+export const configureSecurity = (app: Express) => {
+  const { PROTOCOL, HELMET_CSP_CONFIG_PATH, HELMET_COEP } = process.env
+
+  const cspConfigJson: { [key: string]: string[] | null } = getEnvCSPDirectives(
+    HELMET_CSP_CONFIG_PATH
+  )
+  if (PROTOCOL === ProtocolType.HTTP)
+    cspConfigJson['upgrade-insecure-requests'] = null
+
+  app.use(
+    helmet({
+      contentSecurityPolicy: {
+        directives: {
+          ...helmet.contentSecurityPolicy.getDefaultDirectives(),
+          ...cspConfigJson
+        }
+      },
+      crossOriginEmbedderPolicy: HELMET_COEP === HelmetCoepType.TRUE
+    })
+  )
+}

api/src/app-modules/index.ts

@@ -0,0 +1,4 @@
+export * from './configureCors'
+export * from './configureExpressSession'
+export * from './configureLogger'
+export * from './configureSecurity'

api/src/app.ts

@@ -1,30 +1,26 @@
 import path from 'path'
 import express, { ErrorRequestHandler } from 'express'
-import csrf from 'csurf'
-import session from 'express-session'
-import MongoStore from 'connect-mongo'
-import morgan from 'morgan'
+import csrf, { CookieOptions } from 'csurf'
 import cookieParser from 'cookie-parser'
 import dotenv from 'dotenv'
-import cors from 'cors'
-import helmet from 'helmet'
 
 import {
-  connectDB,
   copySASjsCore,
-  CorsType,
   getWebBuildFolder,
-  HelmetCoepType,
   instantiateLogger,
   loadAppStreamConfig,
-  ModeType,
   ProtocolType,
   ReturnCode,
   setProcessVariables,
   setupFolders,
   verifyEnvVariables
 } from './utils'
-import { getEnvCSPDirectives } from './utils/parseHelmetConfig'
+import {
+  configureCors,
+  configureExpressSession,
+  configureLogger,
+  configureSecurity
+} from './app-modules'
 
 dotenv.config()
 
@@ -34,99 +30,20 @@ if (verifyEnvVariables()) process.exit(ReturnCode.InvalidEnv)
 
 const app = express()
 
-app.use(cookieParser())
+const { PROTOCOL } = process.env
 
-const {
-  MODE,
-  CORS,
-  WHITELIST,
-  PROTOCOL,
-  HELMET_CSP_CONFIG_PATH,
-  HELMET_COEP,
-  LOG_FORMAT_MORGAN
-} = process.env
-
-app.use(morgan(LOG_FORMAT_MORGAN as string))
-
-export const cookieOptions = {
+export const cookieOptions: CookieOptions = {
   secure: PROTOCOL === ProtocolType.HTTPS,
   httpOnly: true,
+  sameSite: PROTOCOL === ProtocolType.HTTPS ? 'none' : undefined,
   maxAge: 24 * 60 * 60 * 1000 // 24 hours
 }
 
-const cspConfigJson: { [key: string]: string[] | null } = getEnvCSPDirectives(
-  HELMET_CSP_CONFIG_PATH
-)
-if (PROTOCOL === ProtocolType.HTTP)
-  cspConfigJson['upgrade-insecure-requests'] = null
-
 /***********************************
  *         CSRF Protection         *
  ***********************************/
 export const csrfProtection = csrf({ cookie: cookieOptions })
 
-/***********************************
- *   Handle security and origin    *
- ***********************************/
-app.use(
-  helmet({
-    contentSecurityPolicy: {
-      directives: {
-        ...helmet.contentSecurityPolicy.getDefaultDirectives(),
-        ...cspConfigJson
-      }
-    },
-    crossOriginEmbedderPolicy: HELMET_COEP === HelmetCoepType.TRUE
-  })
-)
-
-/***********************************
- *         Enabling CORS           *
- ***********************************/
-if (CORS === CorsType.ENABLED) {
-  const whiteList: string[] = []
-  WHITELIST?.split(' ')
-    ?.filter((url) => !!url)
-    .forEach((url) => {
-      if (url.startsWith('http'))
-        // removing trailing slash of URLs listing for CORS
-        whiteList.push(url.replace(/\/$/, ''))
-    })
-
-  console.log('All CORS Requests are enabled for:', whiteList)
-  app.use(cors({ credentials: true, origin: whiteList }))
-}
-
-/***********************************
- *         DB Connection &          *
- *        Express Sessions          *
- *        With Mongo Store          *
- ***********************************/
-if (MODE === ModeType.Server) {
-  let store: MongoStore | undefined
-
-  // NOTE: when exporting app.js as agent for supertest
-  // we should exclude connecting to the real database
-  if (process.env.NODE_ENV !== 'test') {
-    const clientPromise = connectDB().then((conn) => conn!.getClient() as any)
-
-    store = MongoStore.create({ clientPromise, collectionName: 'sessions' })
-  }
-
-  app.use(
-    session({
-      secret: process.env.SESSION_SECRET as string,
-      saveUninitialized: false, // don't create session until something stored
-      resave: false, //don't save session if unmodified
-      store,
-      cookie: cookieOptions
-    })
-  )
-}
-
-app.use(express.json({ limit: '100mb' }))
-app.use(express.static(path.join(__dirname, '../public')))
-
 const onError: ErrorRequestHandler = (err, req, res, next) => {
   if (err.code === 'EBADCSRFTOKEN')
     return res.status(400).send('Invalid CSRF token!')
@@ -136,6 +53,30 @@ const onError: ErrorRequestHandler = (err, req, res, next) => {
 }
 
 export default setProcessVariables().then(async () => {
+  app.use(cookieParser())
+
+  configureLogger(app)
+
+  /***********************************
+   *   Handle security and origin    *
+   ***********************************/
+  configureSecurity(app)
+
+  /***********************************
+   *         Enabling CORS           *
+   ***********************************/
+  configureCors(app)
+
+  /***********************************
+   *         DB Connection &          *
+   *        Express Sessions          *
+   *        With Mongo Store          *
+   ***********************************/
+  configureExpressSession(app)
+
+  app.use(express.json({ limit: '100mb' }))
+  app.use(express.static(path.join(__dirname, '../public')))
+
   await setupFolders()
   await copySASjsCore()
 

api/src/controllers/auth.ts

@@ -129,8 +129,8 @@ const verifyAuthCode = async (
   clientId: string,
   code: string
 ): Promise<InfoJWT | undefined> => {
-  return new Promise((resolve, reject) => {
-    jwt.verify(code, process.env.AUTH_CODE_SECRET as string, (err, data) => {
+  return new Promise((resolve) => {
+    jwt.verify(code, process.secrets.AUTH_CODE_SECRET, (err, data) => {
       if (err) return resolve(undefined)
 
       const clientInfo: InfoJWT = {

api/src/controllers/code.ts

@@ -1,7 +1,6 @@
 import express from 'express'
 import { Request, Security, Route, Tags, Post, Body } from 'tsoa'
-import { ExecuteReturnJson, ExecutionController } from './internal'
-import { ExecuteReturnJsonResponse } from '.'
+import { ExecutionController } from './internal'
 import {
   getPreProgramVariables,
   getUserAutoExec,
@@ -35,7 +34,7 @@ export class CodeController {
   public async executeCode(
     @Request() request: express.Request,
     @Body() body: ExecuteCodePayload
-  ): Promise<ExecuteReturnJsonResponse> {
+  ): Promise<string | Buffer> {
     return executeCode(request, body)
   }
 }
@@ -51,22 +50,15 @@ const executeCode = async (
       : await getUserAutoExec()
 
   try {
-    const { webout, log, httpHeaders } =
-      (await new ExecutionController().executeProgram({
-        program: code,
-        preProgramVariables: getPreProgramVariables(req),
-        vars: { ...req.query, _debug: 131 },
-        otherArgs: { userAutoExec },
-        returnJson: true,
-        runTime: runTime
-      })) as ExecuteReturnJson
+    const { result } = await new ExecutionController().executeProgram({
+      program: code,
+      preProgramVariables: getPreProgramVariables(req),
+      vars: { ...req.query, _debug: 131 },
+      otherArgs: { userAutoExec },
+      runTime: runTime
+    })
 
-    return {
-      status: 'success',
-      _webout: webout as string,
-      log: parseLogToArray(log),
-      httpHeaders
-    }
+    return result
   } catch (err: any) {
     throw {
       code: 400,

api/src/controllers/drive.ts

@@ -22,6 +22,7 @@ import {
   moveFile,
   createFolder,
   deleteFile as deleteFileOnSystem,
+  deleteFolder as deleteFolderOnSystem,
   folderExists,
   listFilesInFolder,
   listSubFoldersInFolder,
@@ -58,11 +59,32 @@ interface GetFileTreeResponse {
   tree: TreeNode
 }
 
-interface UpdateFileResponse {
+interface FileFolderResponse {
   status: string
   message?: string
 }
 
+interface AddFolderPayload {
+  /**
+   * Location of folder
+   * @example "/Public/someFolder"
+   */
+  folderPath: string
+}
+
+interface RenamePayload {
+  /**
+   * Old path of file/folder
+   * @example "/Public/someFolder"
+   */
+  oldPath: string
+  /**
+   * New path of file/folder
+   * @example "/Public/newFolder"
+   */
+  newPath: string
+}
+
 const fileTreeExample = getTreeExample()
 
 const successDeployResponse: DeployResponse = {
@@ -143,7 +165,7 @@ export class DriveController {
   /**
    *
    * @summary Delete file from SASjs Drive
-   * @query _filePath Location of SAS program
+   * @query _filePath Location of file
    * @example _filePath "/Public/somefolder/some.file"
    */
   @Delete('/file')
@@ -151,20 +173,31 @@ export class DriveController {
     return deleteFile(_filePath)
   }
 
+  /**
+   *
+   * @summary Delete folder from SASjs Drive
+   * @query _folderPath Location of folder
+   * @example _folderPath "/Public/somefolder/"
+   */
+  @Delete('/folder')
+  public async deleteFolder(@Query() _folderPath: string) {
+    return deleteFolder(_folderPath)
+  }
+
   /**
    * It's optional to either provide `_filePath` in url as query parameter
    * Or provide `filePath` in body as form field.
    * But it's required to provide else API will respond with Bad Request.
    *
    * @summary Create a file in SASjs Drive
-   * @param _filePath Location of SAS program
+   * @param _filePath Location of file
    * @example _filePath "/Public/somefolder/some.file.sas"
    *
    */
-  @Example<UpdateFileResponse>({
+  @Example<FileFolderResponse>({
     status: 'success'
   })
-  @Response<UpdateFileResponse>(403, 'File already exists', {
+  @Response<FileFolderResponse>(403, 'File already exists', {
     status: 'failure',
     message: 'File request failed.'
   })
@@ -173,10 +206,28 @@ export class DriveController {
     @UploadedFile() file: Express.Multer.File,
     @Query() _filePath?: string,
     @FormField() filePath?: string
-  ): Promise<UpdateFileResponse> {
+  ): Promise<FileFolderResponse> {
     return saveFile((_filePath ?? filePath)!, file)
   }
 
+  /**
+   * @summary Create an empty folder in SASjs Drive
+   *
+   */
+  @Example<FileFolderResponse>({
+    status: 'success'
+  })
+  @Response<FileFolderResponse>(409, 'Folder already exists', {
+    status: 'failure',
+    message: 'Add folder request failed.'
+  })
+  @Post('/folder')
+  public async addFolder(
+    @Body() body: AddFolderPayload
+  ): Promise<FileFolderResponse> {
+    return addFolder(body.folderPath)
+  }
+
   /**
    * It's optional to either provide `_filePath` in url as query parameter
    * Or provide `filePath` in body as form field.
@@ -187,10 +238,10 @@ export class DriveController {
    * @example _filePath "/Public/somefolder/some.file.sas"
    *
    */
-  @Example<UpdateFileResponse>({
+  @Example<FileFolderResponse>({
     status: 'success'
   })
-  @Response<UpdateFileResponse>(403, `File doesn't exist`, {
+  @Response<FileFolderResponse>(403, `File doesn't exist`, {
     status: 'failure',
     message: 'File request failed.'
   })
@@ -199,10 +250,28 @@ export class DriveController {
     @UploadedFile() file: Express.Multer.File,
     @Query() _filePath?: string,
     @FormField() filePath?: string
-  ): Promise<UpdateFileResponse> {
+  ): Promise<FileFolderResponse> {
     return updateFile((_filePath ?? filePath)!, file)
   }
 
+  /**
+   * @summary Renames a file/folder in SASjs Drive
+   *
+   */
+  @Example<FileFolderResponse>({
+    status: 'success'
+  })
+  @Response<FileFolderResponse>(409, 'Folder already exists', {
+    status: 'failure',
+    message: 'rename request failed.'
+  })
+  @Post('/rename')
+  public async rename(
+    @Body() body: RenamePayload
+  ): Promise<FileFolderResponse> {
+    return rename(body.oldPath, body.newPath)
+  }
+
   /**
    * @summary Fetch file tree within SASjs Drive.
    *
@@ -249,20 +318,26 @@ const getFile = async (req: express.Request, filePath: string) => {
     .join(getFilesFolder(), filePath)
     .replace(new RegExp('/', 'g'), path.sep)
 
-  if (!filePathFull.includes(driveFilesPath)) {
-    throw new Error('Cannot get file outside drive.')
-  }
+  if (!filePathFull.includes(driveFilesPath))
+    throw {
+      code: 400,
+      status: 'Bad Request',
+      message: `Can't get file outside drive.`
+    }
 
-  if (!(await fileExists(filePathFull))) {
-    throw new Error("File doesn't exist.")
-  }
+  if (!(await fileExists(filePathFull)))
+    throw {
+      code: 404,
+      status: 'Not Found',
+      message: `File doesn't exist.`
+    }
 
   const extension = path.extname(filePathFull).toLowerCase()
   if (extension === '.sas') {
     req.res?.setHeader('Content-type', 'text/plain')
   }
 
-  req.res?.sendFile(path.resolve(filePathFull))
+  req.res?.sendFile(path.resolve(filePathFull), { dotfiles: 'allow' })
 }
 
 const getFolder = async (folderPath?: string) => {
@@ -273,17 +348,26 @@ const getFolder = async (folderPath?: string) => {
       .join(getFilesFolder(), folderPath)
       .replace(new RegExp('/', 'g'), path.sep)
 
-    if (!folderPathFull.includes(driveFilesPath)) {
-      throw new Error('Cannot get folder outside drive.')
-    }
+    if (!folderPathFull.includes(driveFilesPath))
+      throw {
+        code: 400,
+        status: 'Bad Request',
+        message: `Can't get folder outside drive.`
+      }
 
-    if (!(await folderExists(folderPathFull))) {
-      throw new Error("Folder doesn't exist.")
-    }
+    if (!(await folderExists(folderPathFull)))
+      throw {
+        code: 404,
+        status: 'Not Found',
+        message: `Folder doesn't exist.`
+      }
 
-    if (!(await isFolder(folderPathFull))) {
-      throw new Error('Not a Folder.')
-    }
+    if (!(await isFolder(folderPathFull)))
+      throw {
+        code: 400,
+        status: 'Bad Request',
+        message: 'Not a Folder.'
+      }
 
     const files: string[] = await listFilesInFolder(folderPathFull)
     const folders: string[] = await listSubFoldersInFolder(folderPathFull)
@@ -302,19 +386,51 @@ const deleteFile = async (filePath: string) => {
     .join(getFilesFolder(), filePath)
     .replace(new RegExp('/', 'g'), path.sep)
 
-  if (!filePathFull.includes(driveFilesPath)) {
-    throw new Error('Cannot delete file outside drive.')
-  }
+  if (!filePathFull.includes(driveFilesPath))
+    throw {
+      code: 400,
+      status: 'Bad Request',
+      message: `Can't delete file outside drive.`
+    }
 
-  if (!(await fileExists(filePathFull))) {
-    throw new Error('File does not exist.')
-  }
+  if (!(await fileExists(filePathFull)))
+    throw {
+      code: 404,
+      status: 'Not Found',
+      message: `File doesn't exist.`
+    }
 
   await deleteFileOnSystem(filePathFull)
 
   return { status: 'success' }
 }
 
+const deleteFolder = async (folderPath: string) => {
+  const driveFolderPath = getFilesFolder()
+
+  const folderPathFull = path
+    .join(getFilesFolder(), folderPath)
+    .replace(new RegExp('/', 'g'), path.sep)
+
+  if (!folderPathFull.includes(driveFolderPath))
+    throw {
+      code: 400,
+      status: 'Bad Request',
+      message: `Can't delete folder outside drive.`
+    }
+
+  if (!(await folderExists(folderPathFull)))
+    throw {
+      code: 404,
+      status: 'Not Found',
+      message: `Folder doesn't exist.`
+    }
+
+  await deleteFolderOnSystem(folderPathFull)
+
+  return { status: 'success' }
+}
+
 const saveFile = async (
   filePath: string,
   multerFile: Express.Multer.File
@@ -325,13 +441,19 @@ const saveFile = async (
     .join(driveFilesPath, filePath)
     .replace(new RegExp('/', 'g'), path.sep)
 
-  if (!filePathFull.includes(driveFilesPath)) {
-    throw new Error('Cannot put file outside drive.')
-  }
+  if (!filePathFull.includes(driveFilesPath))
+    throw {
+      code: 400,
+      status: 'Bad Request',
+      message: `Can't put file outside drive.`
+    }
 
-  if (await fileExists(filePathFull)) {
-    throw new Error('File already exists.')
-  }
+  if (await fileExists(filePathFull))
+    throw {
+      code: 409,
+      status: 'Conflict',
+      message: 'File already exists.'
+    }
 
   const folderPath = path.dirname(filePathFull)
   await createFolder(folderPath)
@@ -340,6 +462,88 @@ const saveFile = async (
   return { status: 'success' }
 }
 
+const addFolder = async (folderPath: string): Promise<FileFolderResponse> => {
+  const drivePath = getFilesFolder()
+
+  const folderPathFull = path
+    .join(drivePath, folderPath)
+    .replace(new RegExp('/', 'g'), path.sep)
+
+  if (!folderPathFull.includes(drivePath))
+    throw {
+      code: 400,
+      status: 'Bad Request',
+      message: `Can't put folder outside drive.`
+    }
+
+  if (await folderExists(folderPathFull))
+    throw {
+      code: 409,
+      status: 'Conflict',
+      message: 'Folder already exists.'
+    }
+
+  await createFolder(folderPathFull)
+
+  return { status: 'success' }
+}
+
+const rename = async (
+  oldPath: string,
+  newPath: string
+): Promise<FileFolderResponse> => {
+  const drivePath = getFilesFolder()
+
+  const oldPathFull = path
+    .join(drivePath, oldPath)
+    .replace(new RegExp('/', 'g'), path.sep)
+
+  const newPathFull = path
+    .join(drivePath, newPath)
+    .replace(new RegExp('/', 'g'), path.sep)
+
+  if (!oldPathFull.includes(drivePath))
+    throw {
+      code: 400,
+      status: 'Bad Request',
+      message: `Old path can't be outside of drive.`
+    }
+
+  if (!newPathFull.includes(drivePath))
+    throw {
+      code: 400,
+      status: 'Bad Request',
+      message: `New path can't be outside of drive.`
+    }
+
+  if (await isFolder(oldPathFull)) {
+    if (await folderExists(newPathFull))
+      throw {
+        code: 409,
+        status: 'Conflict',
+        message: 'Folder with new name already exists.'
+      }
+    else moveFile(oldPathFull, newPathFull)
+
+    return { status: 'success' }
+  } else if (await fileExists(oldPathFull)) {
+    if (await fileExists(newPathFull))
+      throw {
+        code: 409,
+        status: 'Conflict',
+        message: 'File with new name already exists.'
+      }
+    else moveFile(oldPathFull, newPathFull)
+    return { status: 'success' }
+  }
+
+  throw {
+    code: 404,
+    status: 'Not Found',
+    message: 'No file/folder found for provided path.'
+  }
+}
+
 const updateFile = async (
   filePath: string,
   multerFile: Express.Multer.File
@@ -350,13 +554,19 @@ const updateFile = async (
     .join(driveFilesPath, filePath)
     .replace(new RegExp('/', 'g'), path.sep)
 
-  if (!filePathFull.includes(driveFilesPath)) {
-    throw new Error('Cannot modify file outside drive.')
-  }
+  if (!filePathFull.includes(driveFilesPath))
+    throw {
+      code: 400,
+      status: 'Bad Request',
+      message: `Can't modify file outside drive.`
+    }
 
-  if (!(await fileExists(filePathFull))) {
-    throw new Error(`File doesn't exist.`)
-  }
+  if (!(await fileExists(filePathFull)))
+    throw {
+      code: 404,
+      status: 'Not Found',
+      message: `File doesn't exist.`
+    }
 
   await moveFile(multerFile.path, filePathFull)
 

api/src/controllers/group.ts

@@ -10,7 +10,7 @@ import {
   Body
 } from 'tsoa'
 
-import Group, { GroupPayload } from '../model/Group'
+import Group, { GroupPayload, PUBLIC_GROUP_NAME } from '../model/Group'
 import User from '../model/User'
 import { UserResponse } from './user'
 
@@ -20,7 +20,7 @@ export interface GroupResponse {
   description: string
 }
 
-interface GroupDetailsResponse {
+export interface GroupDetailsResponse {
   groupId: number
   name: string
   description: string
@@ -198,7 +198,7 @@ const getGroup = async (findBy: GetGroupBy): Promise<GroupDetailsResponse> => {
     'groupId name description isActive users -_id'
   ).populate(
     'users',
-    'id username displayName -_id'
+    'id username displayName isAdmin -_id'
   )) as unknown as GroupDetailsResponse
   if (!group)
     throw {
@@ -241,6 +241,13 @@ const updateUsersListInGroup = async (
       message: 'Group not found.'
     }
 
+  if (group.name === PUBLIC_GROUP_NAME)
+    throw {
+      code: 400,
+      status: 'Bad Request',
+      message: `Can't add/remove user to '${PUBLIC_GROUP_NAME}' group.`
+    }
+
   const user = await User.findOne({ id: userId })
   if (!user)
     throw {
@@ -249,9 +256,10 @@ const updateUsersListInGroup = async (
       message: 'User not found.'
     }
 
-  const updatedGroup = (action === 'addUser'
-    ? await group.addUser(user._id)
-    : await group.removeUser(user._id)) as unknown as GroupDetailsResponse
+  const updatedGroup =
+    action === 'addUser'
+      ? await group.addUser(user)
+      : await group.removeUser(user)
 
   if (!updatedGroup)
     throw {
@@ -260,9 +268,6 @@ const updateUsersListInGroup = async (
       message: 'Unable to update group.'
     }
 
-  if (action === 'addUser') user.addGroup(group._id)
-  else user.removeGroup(group._id)
-
   return {
     groupId: updatedGroup.groupId,
     name: updatedGroup.name,

api/src/controllers/index.ts

@@ -4,6 +4,7 @@ export * from './code'
 export * from './drive'
 export * from './group'
 export * from './info'
+export * from './permission'
 export * from './session'
 export * from './stp'
 export * from './user'

api/src/controllers/info.ts

@@ -1,4 +1,8 @@
 import { Route, Tags, Example, Get } from 'tsoa'
+import { getAuthorizedRoutes } from '../utils'
+export interface AuthorizedRoutesResponse {
+  paths: string[]
+}
 
 export interface InfoResponse {
   mode: string
@@ -36,4 +40,19 @@ export class InfoController {
     }
     return response
   }
+
+  /**
+   * @summary Get the list of available routes to which permissions can be applied.  Used to populate the dialog in the URI Permissions feature.
+   *
+   */
+  @Example<AuthorizedRoutesResponse>({
+    paths: ['/AppStream', '/SASjsApi/stp/execute']
+  })
+  @Get('/authorizedRoutes')
+  public authorizedRoutes(): AuthorizedRoutesResponse {
+    const response = {
+      paths: getAuthorizedRoutes()
+    }
+    return response
+  }
 }

api/src/controllers/internal/Execution.ts

@@ -20,12 +20,6 @@ export interface ExecuteReturnRaw {
   result: string | Buffer
 }
 
-export interface ExecuteReturnJson {
-  httpHeaders: HTTPHeaders
-  webout: string | Buffer
-  log?: string
-}
-
 interface ExecuteFileParams {
   programPath: string
   preProgramVariables: PreProgramVars
@@ -68,10 +62,9 @@ export class ExecutionController {
     preProgramVariables,
     vars,
     otherArgs,
-    returnJson,
     session: sessionByFileUpload,
     runTime
-  }: ExecuteProgramParams): Promise<ExecuteReturnRaw | ExecuteReturnJson> {
+  }: ExecuteProgramParams): Promise<ExecuteReturnRaw> {
     const sessionController = getSessionController(runTime)
 
     const session =
@@ -96,6 +89,7 @@ export class ExecutionController {
       vars,
       session,
       weboutPath,
+      headersPath,
       tokenFile,
       runTime,
       logPath,
@@ -107,10 +101,7 @@ export class ExecutionController {
       ? await readFile(headersPath)
       : ''
     const httpHeaders: HTTPHeaders = extractHeaders(headersContent)
-    const fileResponse: boolean =
-      httpHeaders.hasOwnProperty('content-type') &&
-      !returnJson && // not a POST Request
-      !isDebugOn(vars) // Debug is not enabled
+    const fileResponse: boolean = httpHeaders.hasOwnProperty('content-type')
 
     const webout = (await fileExists(weboutPath))
       ? fileResponse
@@ -121,19 +112,11 @@ export class ExecutionController {
     // it should be deleted by scheduleSessionDestroy
     session.inUse = false
 
-    if (returnJson) {
-      return {
-        httpHeaders,
-        webout,
-        log: isDebugOn(vars) || session.crashed ? log : undefined
-      }
-    }
-
     return {
       httpHeaders,
       result:
         isDebugOn(vars) || session.crashed
-          ? `<html><body>${webout}<div style="text-align:left"><hr /><h2>SAS Log</h2><pre>${log}</pre></div></body></html>`
+          ? `${webout}\n${process.logsUUID}\n${log}`
           : webout
     }
   }
@@ -143,6 +126,7 @@ export class ExecutionController {
       name: 'files',
       relativePath: '',
       absolutePath: getFilesFolder(),
+      isFolder: true,
       children: []
     }
 
@@ -152,15 +136,22 @@ export class ExecutionController {
       const currentNode = stack.pop()
 
       if (currentNode) {
+        currentNode.isFolder = fs
+          .statSync(currentNode.absolutePath)
+          .isDirectory()
+
         const children = fs.readdirSync(currentNode.absolutePath)
 
         for (let child of children) {
-          const absoluteChildPath = `${currentNode.absolutePath}/${child}`
+          const absoluteChildPath = path.join(currentNode.absolutePath, child)
+          // relative path will only be used in frontend component
+          // so, no need to convert '/' to platform specific separator
           const relativeChildPath = `${currentNode.relativePath}/${child}`
           const childNode: TreeNode = {
             name: child,
             relativePath: relativeChildPath,
             absolutePath: absoluteChildPath,
+            isFolder: false,
             children: []
           }
           currentNode.children.push(childNode)

api/src/controllers/internal/Session.ts

@@ -101,9 +101,14 @@ ${autoExecContent}`
       session.path,
       '-AUTOEXEC',
       autoExecPath,
-      isWindows() ? '-nosplash' : '',
-      isWindows() ? '-icon' : '',
-      isWindows() ? '-nologo' : ''
+      isWindows() ? '-nologo' : '',
+      process.sasLoc!.endsWith('sas.exe') ? '-nosplash' : '',
+      process.sasLoc!.endsWith('sas.exe') ? '-icon' : '',
+      process.sasLoc!.endsWith('sas.exe') ? '-nodms' : '',
+      process.sasLoc!.endsWith('sas.exe') ? '-noterminal' : '',
+      process.sasLoc!.endsWith('sas.exe') ? '-nostatuswin' : '',
+      process.sasLoc!.endsWith('sas.exe') ? '-SASINITIALFOLDER' : '',
+      process.sasLoc!.endsWith('sas.exe') ? session.path : ''
     ])
       .then(() => {
         session.completed = true
@@ -187,7 +192,39 @@ export class JSSessionController extends SessionController {
     }
 
     const headersPath = path.join(session.path, 'stpsrv_header.txt')
-    await createFile(headersPath, 'Content-type: application/json')
+    await createFile(headersPath, 'Content-type: text/plain')
+
+    this.sessions.push(session)
+    return session
+  }
+}
+
+export class PythonSessionController extends SessionController {
+  protected async createSession(): Promise<Session> {
+    const sessionId = generateUniqueFileName(generateTimestamp())
+    const sessionFolder = path.join(getSessionsFolder(), sessionId)
+
+    const creationTimeStamp = sessionId.split('-').pop() as string
+    // death time of session is 15 mins from creation
+    const deathTimeStamp = (
+      parseInt(creationTimeStamp) +
+      15 * 60 * 1000 -
+      1000
+    ).toString()
+
+    const session: Session = {
+      id: sessionId,
+      ready: true,
+      inUse: true,
+      consumed: false,
+      completed: false,
+      creationTimeStamp,
+      deathTimeStamp,
+      path: sessionFolder
+    }
+
+    const headersPath = path.join(session.path, 'stpsrv_header.txt')
+    await createFile(headersPath, 'Content-type: text/plain')
 
     this.sessions.push(session)
     return session
@@ -196,7 +233,7 @@ export class JSSessionController extends SessionController {
 
 export const getSessionController = (
   runTime: RunTimeType
-): SASSessionController | JSSessionController => {
+): SASSessionController | JSSessionController | PythonSessionController => {
   if (runTime === RunTimeType.SAS) {
     return getSASSessionController()
   }
@@ -205,6 +242,10 @@ export const getSessionController = (
     return getJSSessionController()
   }
 
+  if (runTime === RunTimeType.PY) {
+    return getPythonSessionController()
+  }
+
   throw new Error('No Runtime is configured')
 }
 
@@ -224,6 +265,14 @@ const getJSSessionController = (): JSSessionController => {
   return process.jsSessionController
 }
 
+const getPythonSessionController = (): PythonSessionController => {
+  if (process.pythonSessionController) return process.pythonSessionController
+
+  process.pythonSessionController = new PythonSessionController()
+
+  return process.pythonSessionController
+}
+
 const autoExecContent = `
 data _null_;
   /* remove the dummy SYSIN */

api/src/controllers/internal/createJSProgram.ts

@@ -9,6 +9,7 @@ export const createJSProgram = async (
   vars: ExecutionVars,
   session: Session,
   weboutPath: string,
+  headersPath: string,
   tokenFile: string,
   otherArgs?: any
 ) => {
@@ -23,13 +24,16 @@ let _webout = '';
 const weboutPath = '${
     isWindows() ? weboutPath.replace(/\\/g, '\\\\') : weboutPath
   }'; 
-const _sasjs_tokenfile = '${tokenFile}';
-const _sasjs_username = '${preProgramVariables?.username}';
-const _sasjs_userid = '${preProgramVariables?.userId}';
-const _sasjs_displayname = '${preProgramVariables?.displayName}';
-const _metaperson = _sasjs_displayname;
-const _metauser = _sasjs_username;
-const sasjsprocessmode = 'Stored Program';
+const _SASJS_TOKENFILE = '${
+    isWindows() ? tokenFile.replace(/\\/g, '\\\\') : tokenFile
+  }';
+const _SASJS_WEBOUT_HEADERS = '${headersPath}';
+const _SASJS_USERNAME = '${preProgramVariables?.username}';
+const _SASJS_USERID = '${preProgramVariables?.userId}';
+const _SASJS_DISPLAYNAME = '${preProgramVariables?.displayName}';
+const _METAPERSON = _SASJS_DISPLAYNAME;
+const _METAUSER = _SASJS_USERNAME;
+const SASJSPROCESSMODE = 'Stored Program';
 `
 
   const requiredModules = `const fs = require('fs')`
@@ -53,14 +57,15 @@ if (_webout) {
 `
   // if no files are uploaded filesNamesMap will be undefined
   if (otherArgs?.filesNamesMap) {
-    const uploadJSCode = await generateFileUploadJSCode(
+    const uploadJsCode = await generateFileUploadJSCode(
       otherArgs.filesNamesMap,
       session.path
     )
 
-    //If js code for the file is generated it will be appended to the top of jsCode
-    if (uploadJSCode.length > 0) {
-      program = `${uploadJSCode}\n` + program
+    // If any files are uploaded, the program needs to be updated with some
+    // dynamically generated variables (pointers) for ease of ingestion
+    if (uploadJsCode.length > 0) {
+      program = `${uploadJsCode}\n` + program
     }
   }
   return requiredModules + program

api/src/controllers/internal/createPythonProgram.ts

@@ -0,0 +1,68 @@
+import { isWindows } from '@sasjs/utils'
+import { PreProgramVars, Session } from '../../types'
+import { generateFileUploadPythonCode } from '../../utils'
+import { ExecutionVars } from './'
+
+export const createPythonProgram = async (
+  program: string,
+  preProgramVariables: PreProgramVars,
+  vars: ExecutionVars,
+  session: Session,
+  weboutPath: string,
+  headersPath: string,
+  tokenFile: string,
+  otherArgs?: any
+) => {
+  const varStatments = Object.keys(vars).reduce(
+    (computed: string, key: string) => `${computed}${key} = '${vars[key]}';\n`,
+    ''
+  )
+
+  const preProgramVarStatments = `
+_SASJS_SESSION_PATH = '${
+    isWindows() ? session.path.replace(/\\/g, '\\\\') : session.path
+  }';
+_WEBOUT = '${isWindows() ? weboutPath.replace(/\\/g, '\\\\') : weboutPath}'; 
+_SASJS_WEBOUT_HEADERS = '${headersPath}';
+_SASJS_TOKENFILE = '${
+    isWindows() ? tokenFile.replace(/\\/g, '\\\\') : tokenFile
+  }';
+_SASJS_USERNAME = '${preProgramVariables?.username}';
+_SASJS_USERID = '${preProgramVariables?.userId}';
+_SASJS_DISPLAYNAME = '${preProgramVariables?.displayName}';
+_METAPERSON = _SASJS_DISPLAYNAME;
+_METAUSER = _SASJS_USERNAME;
+SASJSPROCESSMODE = 'Stored Program';
+`
+
+  const requiredModules = `import os`
+
+  program = `
+# runtime vars
+${varStatments}
+
+# dynamic user-provided vars
+${preProgramVarStatments}
+
+# change working directory to  session folder
+os.chdir(_SASJS_SESSION_PATH)
+
+# actual job code
+${program}
+
+`
+  // if no files are uploaded filesNamesMap will be undefined
+  if (otherArgs?.filesNamesMap) {
+    const uploadPythonCode = await generateFileUploadPythonCode(
+      otherArgs.filesNamesMap,
+      session.path
+    )
+
+    // If any files are uploaded, the program needs to be updated with some
+    // dynamically generated variables (pointers) for ease of ingestion
+    if (uploadPythonCode.length > 0) {
+      program = `${uploadPythonCode}\n` + program
+    }
+  }
+  return requiredModules + program
+}

api/src/controllers/internal/createSASProgram.ts

@@ -23,10 +23,14 @@ export const createSASProgram = async (
 %let _sasjs_displayname=${preProgramVariables?.displayName};
 %let _sasjs_apiserverurl=${preProgramVariables?.serverUrl};
 %let _sasjs_apipath=/SASjsApi/stp/execute;
+%let _sasjs_webout_headers=%sysfunc(pathname(work))/../stpsrv_header.txt;
 %let _metaperson=&_sasjs_displayname;
 %let _metauser=&_sasjs_username;
+
+/* the below is here for compatibility and will be removed in a future release */
+%let sasjs_stpsrv_header_loc=&_sasjs_webout_headers;
+
 %let sasjsprocessmode=Stored Program;
-%let sasjs_stpsrv_header_loc=%sysfunc(pathname(work))/../stpsrv_header.txt;
 
 %global SYSPROCESSMODE SYSTCPIPHOSTNAME SYSHOSTINFOLONG;
 %macro _sasjs_server_init();
@@ -34,6 +38,9 @@ export const createSASProgram = async (
 %if "&SYSTCPIPHOSTNAME"="" %then %let SYSTCPIPHOSTNAME=&_sasjs_apiserverurl;
 %mend;
 %_sasjs_server_init()
+
+proc printto print="%sysfunc(getoption(log))";
+run;
 `
 
   program = `
@@ -60,7 +67,8 @@ ${program}`
       session.path
     )
 
-    //If sas code for the file is generated it will be appended to the top of sasCode
+    // If any files are uploaded, the program needs to be updated with some
+    // dynamically generated variables (pointers) for ease of ingestion
     if (uploadSasCode.length > 0) {
       program = `${uploadSasCode}` + program
     }

api/src/controllers/internal/index.ts

@@ -4,4 +4,5 @@ export * from './Execution'
 export * from './FileUploadController'
 export * from './createSASProgram'
 export * from './createJSProgram'
+export * from './createPythonProgram'
 export * from './processProgram'

api/src/controllers/internal/processProgram.ts

@@ -5,7 +5,12 @@ import { once } from 'stream'
 import { createFile, moveFile } from '@sasjs/utils'
 import { PreProgramVars, Session } from '../../types'
 import { RunTimeType } from '../../utils'
-import { ExecutionVars, createSASProgram, createJSProgram } from './'
+import {
+  ExecutionVars,
+  createSASProgram,
+  createJSProgram,
+  createPythonProgram
+} from './'
 
 export const processProgram = async (
   program: string,
@@ -13,6 +18,7 @@ export const processProgram = async (
   vars: ExecutionVars,
   session: Session,
   weboutPath: string,
+  headersPath: string,
   tokenFile: string,
   runTime: RunTimeType,
   logPath: string,
@@ -25,6 +31,7 @@ export const processProgram = async (
       vars,
       session,
       weboutPath,
+      headersPath,
       tokenFile,
       otherArgs
     )
@@ -47,6 +54,43 @@ export const processProgram = async (
       // copy the code.js program to log and end write stream
       writeStream.end(program)
 
+      session.completed = true
+      console.log('session completed', session)
+    } catch (err: any) {
+      session.completed = true
+      session.crashed = err.toString()
+      console.log('session crashed', session.id, session.crashed)
+    }
+  } else if (runTime === RunTimeType.PY) {
+    program = await createPythonProgram(
+      program,
+      preProgramVariables,
+      vars,
+      session,
+      weboutPath,
+      headersPath,
+      tokenFile,
+      otherArgs
+    )
+
+    const codePath = path.join(session.path, 'code.py')
+
+    try {
+      await createFile(codePath, program)
+
+      // create a stream that will write to console outputs to log file
+      const writeStream = fs.createWriteStream(logPath)
+
+      // waiting for the open event so that we can have underlying file descriptor
+      await once(writeStream, 'open')
+
+      execFileSync(process.pythonLoc!, [codePath], {
+        stdio: ['ignore', writeStream, writeStream]
+      })
+
+      // copy the code.py program to log and end write stream
+      writeStream.end(program)
+
       session.completed = true
       console.log('session completed', session)
     } catch (err: any) {

api/src/controllers/permission.ts

@@ -0,0 +1,368 @@
+import express from 'express'
+import {
+  Security,
+  Route,
+  Tags,
+  Path,
+  Example,
+  Get,
+  Post,
+  Patch,
+  Delete,
+  Body,
+  Request
+} from 'tsoa'
+
+import Permission from '../model/Permission'
+import User from '../model/User'
+import Group from '../model/Group'
+import { UserResponse } from './user'
+import { GroupDetailsResponse } from './group'
+
+export enum PermissionType {
+  route = 'Route'
+}
+
+export enum PrincipalType {
+  user = 'user',
+  group = 'group'
+}
+
+export enum PermissionSettingForRoute {
+  grant = 'Grant',
+  deny = 'Deny'
+}
+
+interface RegisterPermissionPayload {
+  /**
+   * Name of affected resource
+   * @example "/SASjsApi/code/execute"
+   */
+  path: string
+  /**
+   * Type of affected resource
+   * @example "Route"
+   */
+  type: PermissionType
+  /**
+   * The indication of whether (and to what extent) access is provided
+   * @example "Grant"
+   */
+  setting: PermissionSettingForRoute
+  /**
+   * Indicates the type of principal
+   * @example "user"
+   */
+  principalType: PrincipalType
+  /**
+   * The id of user or group to which a rule is assigned.
+   * @example 123
+   */
+  principalId: number
+}
+
+interface UpdatePermissionPayload {
+  /**
+   * The indication of whether (and to what extent) access is provided
+   * @example "Grant"
+   */
+  setting: PermissionSettingForRoute
+}
+
+export interface PermissionDetailsResponse {
+  permissionId: number
+  path: string
+  type: string
+  setting: string
+  user?: UserResponse
+  group?: GroupDetailsResponse
+}
+
+@Security('bearerAuth')
+@Route('SASjsApi/permission')
+@Tags('Permission')
+export class PermissionController {
+  /**
+   * Get the list of permission rules applicable the authenticated user.
+   * If the user is an admin, all rules are returned.
+   *
+   * @summary Get the list of permission rules. If the user is admin, all rules are returned.
+   *
+   */
+  @Example<PermissionDetailsResponse[]>([
+    {
+      permissionId: 123,
+      path: '/SASjsApi/code/execute',
+      type: 'Route',
+      setting: 'Grant',
+      user: {
+        id: 1,
+        username: 'johnSnow01',
+        displayName: 'John Snow',
+        isAdmin: false
+      }
+    },
+    {
+      permissionId: 124,
+      path: '/SASjsApi/code/execute',
+      type: 'Route',
+      setting: 'Grant',
+      group: {
+        groupId: 1,
+        name: 'DCGroup',
+        description: 'This group represents Data Controller Users',
+        isActive: true,
+        users: []
+      }
+    }
+  ])
+  @Get('/')
+  public async getAllPermissions(
+    @Request() request: express.Request
+  ): Promise<PermissionDetailsResponse[]> {
+    return getAllPermissions(request)
+  }
+
+  /**
+   * @summary Create a new permission. Admin only.
+   *
+   */
+  @Example<PermissionDetailsResponse>({
+    permissionId: 123,
+    path: '/SASjsApi/code/execute',
+    type: 'Route',
+    setting: 'Grant',
+    user: {
+      id: 1,
+      username: 'johnSnow01',
+      displayName: 'John Snow',
+      isAdmin: false
+    }
+  })
+  @Post('/')
+  public async createPermission(
+    @Body() body: RegisterPermissionPayload
+  ): Promise<PermissionDetailsResponse> {
+    return createPermission(body)
+  }
+
+  /**
+   * @summary Update permission setting. Admin only
+   * @param permissionId The permission's identifier
+   * @example permissionId 1234
+   */
+  @Example<PermissionDetailsResponse>({
+    permissionId: 123,
+    path: '/SASjsApi/code/execute',
+    type: 'Route',
+    setting: 'Grant',
+    user: {
+      id: 1,
+      username: 'johnSnow01',
+      displayName: 'John Snow',
+      isAdmin: false
+    }
+  })
+  @Patch('{permissionId}')
+  public async updatePermission(
+    @Path() permissionId: number,
+    @Body() body: UpdatePermissionPayload
+  ): Promise<PermissionDetailsResponse> {
+    return updatePermission(permissionId, body)
+  }
+
+  /**
+   * @summary Delete a permission. Admin only.
+   * @param permissionId The user's identifier
+   * @example permissionId 1234
+   */
+  @Delete('{permissionId}')
+  public async deletePermission(@Path() permissionId: number) {
+    return deletePermission(permissionId)
+  }
+}
+
+const getAllPermissions = async (
+  req: express.Request
+): Promise<PermissionDetailsResponse[]> => {
+  const { user } = req
+
+  if (user?.isAdmin) return await Permission.get({})
+  else {
+    const permissions: PermissionDetailsResponse[] = []
+
+    const dbUser = await User.findOne({ id: user?.userId })
+    if (!dbUser)
+      throw {
+        code: 404,
+        status: 'Not Found',
+        message: 'User not found.'
+      }
+
+    permissions.push(...(await Permission.get({ user: dbUser._id })))
+
+    for (const group of dbUser.groups) {
+      permissions.push(...(await Permission.get({ group })))
+    }
+
+    return permissions
+  }
+}
+
+const createPermission = async ({
+  path,
+  type,
+  setting,
+  principalType,
+  principalId
+}: RegisterPermissionPayload): Promise<PermissionDetailsResponse> => {
+  const permission = new Permission({
+    path,
+    type,
+    setting
+  })
+
+  let user: UserResponse | undefined
+  let group: GroupDetailsResponse | undefined
+
+  switch (principalType) {
+    case PrincipalType.user: {
+      const userInDB = await User.findOne({ id: principalId })
+      if (!userInDB)
+        throw {
+          code: 404,
+          status: 'Not Found',
+          message: 'User not found.'
+        }
+
+      if (userInDB.isAdmin)
+        throw {
+          code: 400,
+          status: 'Bad Request',
+          message: 'Can not add permission for admin user.'
+        }
+
+      const alreadyExists = await Permission.findOne({
+        path,
+        type,
+        user: userInDB._id
+      })
+
+      if (alreadyExists)
+        throw {
+          code: 409,
+          status: 'Conflict',
+          message:
+            'Permission already exists with provided Path, Type and User.'
+        }
+
+      permission.user = userInDB._id
+
+      user = {
+        id: userInDB.id,
+        username: userInDB.username,
+        displayName: userInDB.displayName,
+        isAdmin: userInDB.isAdmin
+      }
+      break
+    }
+    case PrincipalType.group: {
+      const groupInDB = await Group.findOne({ groupId: principalId })
+      if (!groupInDB)
+        throw {
+          code: 404,
+          status: 'Not Found',
+          message: 'Group not found.'
+        }
+
+      const alreadyExists = await Permission.findOne({
+        path,
+        type,
+        group: groupInDB._id
+      })
+      if (alreadyExists)
+        throw {
+          code: 409,
+          status: 'Conflict',
+          message:
+            'Permission already exists with provided Path, Type and Group.'
+        }
+
+      permission.group = groupInDB._id
+
+      group = {
+        groupId: groupInDB.groupId,
+        name: groupInDB.name,
+        description: groupInDB.description,
+        isActive: groupInDB.isActive,
+        users: groupInDB.populate({
+          path: 'users',
+          select: 'id username displayName isAdmin -_id',
+          options: { limit: 15 }
+        }) as unknown as UserResponse[]
+      }
+      break
+    }
+    default:
+      throw {
+        code: 400,
+        status: 'Bad Request',
+        message: 'Invalid principal type. Valid types are user or group.'
+      }
+  }
+
+  const savedPermission = await permission.save()
+
+  return {
+    permissionId: savedPermission.permissionId,
+    path: savedPermission.path,
+    type: savedPermission.type,
+    setting: savedPermission.setting,
+    user,
+    group
+  }
+}
+
+const updatePermission = async (
+  id: number,
+  data: UpdatePermissionPayload
+): Promise<PermissionDetailsResponse> => {
+  const { setting } = data
+
+  const updatedPermission = (await Permission.findOneAndUpdate(
+    { permissionId: id },
+    { setting },
+    { new: true }
+  )
+    .select({
+      _id: 0,
+      permissionId: 1,
+      path: 1,
+      type: 1,
+      setting: 1
+    })
+    .populate({ path: 'user', select: 'id username displayName isAdmin -_id' })
+    .populate({
+      path: 'group',
+      select: 'groupId name description -_id'
+    })) as unknown as PermissionDetailsResponse
+  if (!updatedPermission)
+    throw {
+      code: 404,
+      status: 'Not Found',
+      message: 'Permission not found.'
+    }
+
+  return updatedPermission
+}
+
+const deletePermission = async (id: number) => {
+  const permission = await Permission.findOne({ permissionId: id })
+  if (!permission)
+    throw {
+      code: 404,
+      status: 'Not Found',
+      message: 'Permission not found.'
+    }
+  await Permission.deleteOne({ permissionId: id })
+}

api/src/controllers/session.ts

@@ -13,7 +13,8 @@ export class SessionController {
   @Example<UserResponse>({
     id: 123,
     username: 'johnusername',
-    displayName: 'John'
+    displayName: 'John',
+    isAdmin: false
   })
   @Get('/')
   public async session(
@@ -26,5 +27,6 @@ export class SessionController {
 const session = (req: express.Request) => ({
   id: req.user!.userId,
   username: req.user!.username,
-  displayName: req.user!.displayName
+  displayName: req.user!.displayName,
+  isAdmin: req.user!.isAdmin
 })

api/src/controllers/stp.ts

@@ -1,33 +1,16 @@
 import express from 'express'
-import {
-  Request,
-  Security,
-  Route,
-  Tags,
-  Post,
-  Body,
-  Get,
-  Query,
-  Example
-} from 'tsoa'
-import {
-  ExecuteReturnJson,
-  ExecuteReturnRaw,
-  ExecutionController,
-  ExecutionVars
-} from './internal'
+import { Request, Security, Route, Tags, Post, Body, Get, Query } from 'tsoa'
+import { ExecutionController, ExecutionVars } from './internal'
 import {
   getPreProgramVariables,
   HTTPHeaders,
-  isDebugOn,
   LogLine,
   makeFilesNamesMap,
-  parseLogToArray,
   getRunTimeAndFilePath
 } from '../utils'
 import { MulterFile } from '../types/Upload'
 
-interface ExecuteReturnJsonPayload {
+interface ExecutePostRequestPayload {
   /**
    * Location of SAS program
    * @example "/Public/somefolder/some.file"
@@ -35,17 +18,6 @@ interface ExecuteReturnJsonPayload {
   _program?: string
 }
 
-interface IRecordOfAny {
-  [key: string]: any
-}
-export interface ExecuteReturnJsonResponse {
-  status: string
-  _webout: string | IRecordOfAny
-  log: LogLine[]
-  message?: string
-  httpHeaders: HTTPHeaders
-}
-
 @Security('bearerAuth')
 @Route('SASjsApi/stp')
 @Tags('STP')
@@ -62,11 +34,12 @@ export class STPController {
    * @example _program "/Projects/myApp/some/program"
    */
   @Get('/execute')
-  public async executeReturnRaw(
+  public async executeGetRequest(
     @Request() request: express.Request,
     @Query() _program: string
   ): Promise<string | Buffer> {
-    return executeReturnRaw(request, _program)
+    const vars = request.query as ExecutionVars
+    return execute(request, _program, vars)
   }
 
   /**
@@ -87,50 +60,42 @@ export class STPController {
    * @param _program Location of SAS or JS code
    * @example _program "/Projects/myApp/some/program"
    */
-  @Example<ExecuteReturnJsonResponse>({
-    status: 'success',
-    _webout: 'webout content',
-    log: [],
-    httpHeaders: {
-      'Content-type': 'application/zip',
-      'Cache-Control': 'public, max-age=1000'
-    }
-  })
   @Post('/execute')
-  public async executeReturnJson(
+  public async executePostRequest(
     @Request() request: express.Request,
-    @Body() body?: ExecuteReturnJsonPayload,
+    @Body() body?: ExecutePostRequestPayload,
     @Query() _program?: string
-  ): Promise<ExecuteReturnJsonResponse> {
+  ): Promise<string | Buffer> {
     const program = _program ?? body?._program
-    return executeReturnJson(request, program!)
+    const vars = { ...request.query, ...request.body }
+    const filesNamesMap = request.files?.length
+      ? makeFilesNamesMap(request.files as MulterFile[])
+      : null
+    const otherArgs = { filesNamesMap: filesNamesMap }
+
+    return execute(request, program!, vars, otherArgs)
   }
 }
 
-const executeReturnRaw = async (
+const execute = async (
   req: express.Request,
-  _program: string
+  _program: string,
+  vars: ExecutionVars,
+  otherArgs?: any
 ): Promise<string | Buffer> => {
-  const query = req.query as ExecutionVars
-
   try {
     const { codePath, runTime } = await getRunTimeAndFilePath(_program)
 
-    const { result, httpHeaders } =
-      (await new ExecutionController().executeFile({
+    const { result, httpHeaders } = await new ExecutionController().executeFile(
+      {
         programPath: codePath,
+        runTime,
         preProgramVariables: getPreProgramVariables(req),
-        vars: query,
-        runTime
-      })) as ExecuteReturnRaw
-
-    // Should over-ride response header for debug
-    // on GET request to see entire log rendering on browser.
-    if (isDebugOn(query)) {
-      httpHeaders['content-type'] = 'text/plain'
-    }
-
-    req.res?.set(httpHeaders)
+        vars,
+        otherArgs,
+        session: req.sasjsSession
+      }
+    )
 
     if (result instanceof Buffer) {
       ;(req as any).sasHeaders = httpHeaders
@@ -146,48 +111,3 @@ const executeReturnRaw = async (
     }
   }
 }
-
-const executeReturnJson = async (
-  req: express.Request,
-  _program: string
-): Promise<ExecuteReturnJsonResponse> => {
-  const filesNamesMap = req.files?.length
-    ? makeFilesNamesMap(req.files as MulterFile[])
-    : null
-
-  try {
-    const { codePath, runTime } = await getRunTimeAndFilePath(_program)
-
-    const { webout, log, httpHeaders } =
-      (await new ExecutionController().executeFile({
-        programPath: codePath,
-        preProgramVariables: getPreProgramVariables(req),
-        vars: { ...req.query, ...req.body },
-        otherArgs: { filesNamesMap: filesNamesMap },
-        returnJson: true,
-        session: req.sasjsSession,
-        runTime
-      })) as ExecuteReturnJson
-
-    let weboutRes: string | IRecordOfAny = webout
-    if (httpHeaders['content-type']?.toLowerCase() === 'application/json') {
-      try {
-        weboutRes = JSON.parse(webout as string)
-      } catch (_) {}
-    }
-
-    return {
-      status: 'success',
-      _webout: weboutRes,
-      log: parseLogToArray(log),
-      httpHeaders
-    }
-  } catch (err: any) {
-    throw {
-      code: 400,
-      status: 'failure',
-      message: 'Job execution failed.',
-      error: typeof err === 'object' ? err.toString() : err
-    }
-  }
-}

api/src/controllers/user.ts

@@ -24,9 +24,10 @@ export interface UserResponse {
   id: number
   username: string
   displayName: string
+  isAdmin: boolean
 }
 
-interface UserDetailsResponse {
+export interface UserDetailsResponse {
   id: number
   displayName: string
   username: string
@@ -48,12 +49,14 @@ export class UserController {
     {
       id: 123,
       username: 'johnusername',
-      displayName: 'John'
+      displayName: 'John',
+      isAdmin: false
     },
     {
       id: 456,
       username: 'starkusername',
-      displayName: 'Stark'
+      displayName: 'Stark',
+      isAdmin: true
     }
   ])
   @Get('/')
@@ -200,7 +203,7 @@ export class UserController {
 
 const getAllUsers = async (): Promise<UserResponse[]> =>
   await User.find({})
-    .select({ _id: 0, id: 1, username: 1, displayName: 1 })
+    .select({ _id: 0, id: 1, username: 1, displayName: 1, isAdmin: 1 })
     .exec()
 
 const createUser = async (data: UserPayload): Promise<UserDetailsResponse> => {

api/src/controllers/web.ts

@@ -99,7 +99,8 @@ const login = async (
     user: {
       id: user.id,
       username: user.username,
-      displayName: user.displayName
+      displayName: user.displayName,
+      isAdmin: user.isAdmin
     }
   }
 }

api/src/middlewares/authenticateToken.ts

@@ -1,8 +1,16 @@
 import { RequestHandler, Request, Response, NextFunction } from 'express'
 import jwt from 'jsonwebtoken'
 import { csrfProtection } from '../app'
-import { fetchLatestAutoExec, ModeType, verifyTokenInDB } from '../utils'
+import {
+  fetchLatestAutoExec,
+  ModeType,
+  verifyTokenInDB,
+  isAuthorizingRoute,
+  isPublicRoute,
+  publicUser
+} from '../utils'
 import { desktopUser } from './desktop'
+import { authorize } from './authorize'
 
 export const authenticateAccessToken: RequestHandler = async (
   req,
@@ -15,6 +23,10 @@ export const authenticateAccessToken: RequestHandler = async (
     return next()
   }
 
+  const nextFunction = isAuthorizingRoute(req)
+    ? () => authorize(req, res, next)
+    : next
+
   // if request is coming from web and has valid session
   // it can be validated.
   if (req.session?.loggedIn) {
@@ -24,33 +36,37 @@ export const authenticateAccessToken: RequestHandler = async (
       if (user) {
         if (user.isActive) {
           req.user = user
-          return csrfProtection(req, res, next)
+          return csrfProtection(req, res, nextFunction)
         } else return res.sendStatus(401)
       }
     }
     return res.sendStatus(401)
   }
 
-  authenticateToken(
+  await authenticateToken(
     req,
     res,
-    next,
-    process.env.ACCESS_TOKEN_SECRET as string,
+    nextFunction,
+    process.secrets.ACCESS_TOKEN_SECRET,
     'accessToken'
   )
 }
 
-export const authenticateRefreshToken: RequestHandler = (req, res, next) => {
-  authenticateToken(
+export const authenticateRefreshToken: RequestHandler = async (
+  req,
+  res,
+  next
+) => {
+  await authenticateToken(
     req,
     res,
     next,
-    process.env.REFRESH_TOKEN_SECRET as string,
+    process.secrets.REFRESH_TOKEN_SECRET,
     'refreshToken'
   )
 }
 
-const authenticateToken = (
+const authenticateToken = async (
   req: Request,
   res: Response,
   next: NextFunction,
@@ -58,7 +74,7 @@ const authenticateToken = (
   tokenType: 'accessToken' | 'refreshToken'
 ) => {
   const { MODE } = process.env
-  if (MODE?.trim() !== 'server') {
+  if (MODE === ModeType.Desktop) {
     req.user = {
       userId: 1234,
       clientId: 'desktopModeClientId',
@@ -73,12 +89,12 @@ const authenticateToken = (
 
   const authHeader = req.headers['authorization']
   const token = authHeader?.split(' ')[1]
-  if (!token) return res.sendStatus(401)
 
-  jwt.verify(token, key, async (err: any, data: any) => {
-    if (err) return res.sendStatus(401)
+  try {
+    if (!token) throw 'Unauthorized'
+
+    const data: any = jwt.verify(token, key)
 
-    // verify this valid token's entry in DB
     const user = await verifyTokenInDB(
       data?.userId,
       data?.clientId,
@@ -91,8 +107,16 @@ const authenticateToken = (
         req.user = user
         if (tokenType === 'accessToken') req.accessToken = token
         return next()
-      } else return res.sendStatus(401)
+      } else throw 'Unauthorized'
     }
-    return res.sendStatus(401)
-  })
+
+    throw 'Unauthorized'
+  } catch (error) {
+    if (await isPublicRoute(req)) {
+      req.user = publicUser
+      return next()
+    }
+
+    res.sendStatus(401)
+  }
 }

api/src/middlewares/authorize.ts

@@ -0,0 +1,51 @@
+import { RequestHandler } from 'express'
+import User from '../model/User'
+import Permission from '../model/Permission'
+import {
+  PermissionSettingForRoute,
+  PermissionType
+} from '../controllers/permission'
+import { getPath, isPublicRoute } from '../utils'
+
+export const authorize: RequestHandler = async (req, res, next) => {
+  const { user } = req
+
+  if (!user) {
+    return res.sendStatus(401)
+  }
+
+  // no need to check for permissions when user is admin
+  if (user.isAdmin) return next()
+
+  // no need to check for permissions when route is Public
+  if (await isPublicRoute(req)) return next()
+
+  const dbUser = await User.findOne({ id: user.userId })
+  if (!dbUser) return res.sendStatus(401)
+
+  const path = getPath(req)
+
+  // find permission w.r.t user
+  const permission = await Permission.findOne({
+    path,
+    type: PermissionType.route,
+    user: dbUser._id
+  })
+
+  if (permission) {
+    if (permission.setting === PermissionSettingForRoute.grant) return next()
+    else return res.sendStatus(401)
+  }
+
+  // find permission w.r.t user's groups
+  for (const group of dbUser.groups) {
+    const groupPermission = await Permission.findOne({
+      path,
+      type: PermissionType.route,
+      group
+    })
+    if (groupPermission?.setting === PermissionSettingForRoute.grant)
+      return next()
+  }
+  return res.sendStatus(401)
+}

api/src/middlewares/index.ts

@@ -2,3 +2,4 @@ export * from './authenticateToken'
 export * from './desktop'
 export * from './verifyAdmin'
 export * from './verifyAdminIfNeeded'
+export * from './authorize'

api/src/middlewares/verifyAdmin.ts

@@ -1,8 +1,9 @@
 import { RequestHandler } from 'express'
+import { ModeType } from '../utils'
 
 export const verifyAdmin: RequestHandler = (req, res, next) => {
   const { MODE } = process.env
-  if (MODE?.trim() !== 'server') return next()
+  if (MODE === ModeType.Desktop) return next()
 
   const { user } = req
   if (!user?.isAdmin) return res.status(401).send('Admin account required')

api/src/model/Configuration.ts

@@ -0,0 +1,45 @@
+import mongoose, { Schema } from 'mongoose'
+
+export interface ConfigurationType {
+  /**
+   * SecretOrPrivateKey to sign Access Token
+   * @example "someRandomCryptoString"
+   */
+  ACCESS_TOKEN_SECRET: string
+  /**
+   * SecretOrPrivateKey to sign Refresh Token
+   * @example "someRandomCryptoString"
+   */
+  REFRESH_TOKEN_SECRET: string
+  /**
+   * SecretOrPrivateKey to sign Auth Code
+   * @example "someRandomCryptoString"
+   */
+  AUTH_CODE_SECRET: string
+  /**
+   * Secret used to sign the session cookie
+   * @example "someRandomCryptoString"
+   */
+  SESSION_SECRET: string
+}
+
+const ConfigurationSchema = new Schema<ConfigurationType>({
+  ACCESS_TOKEN_SECRET: {
+    type: String,
+    required: true
+  },
+  REFRESH_TOKEN_SECRET: {
+    type: String,
+    required: true
+  },
+  AUTH_CODE_SECRET: {
+    type: String,
+    required: true
+  },
+  SESSION_SECRET: {
+    type: String,
+    required: true
+  }
+})
+
+export default mongoose.model('Configuration', ConfigurationSchema)

api/src/model/Group.ts

@@ -1,7 +1,10 @@
 import mongoose, { Schema, model, Document, Model } from 'mongoose'
-import User from './User'
+import { GroupDetailsResponse } from '../controllers'
+import User, { IUser } from './User'
 const AutoIncrement = require('mongoose-sequence')(mongoose)
 
+export const PUBLIC_GROUP_NAME = 'Public'
+
 export interface GroupPayload {
   /**
    * Name of the group
@@ -27,8 +30,9 @@ interface IGroupDocument extends GroupPayload, Document {
 }
 
 interface IGroup extends IGroupDocument {
-  addUser(userObjectId: Schema.Types.ObjectId): Promise<IGroup>
-  removeUser(userObjectId: Schema.Types.ObjectId): Promise<IGroup>
+  addUser(user: IUser): Promise<GroupDetailsResponse>
+  removeUser(user: IUser): Promise<GroupDetailsResponse>
+  hasUser(user: IUser): boolean
 }
 interface IGroupModel extends Model<IGroup> {}
 
@@ -70,28 +74,31 @@ groupSchema.pre('remove', async function () {
 })
 
 // Instance Methods
-groupSchema.method(
-  'addUser',
-  async function (userObjectId: Schema.Types.ObjectId) {
-    const userIdIndex = this.users.indexOf(userObjectId)
-    if (userIdIndex === -1) {
-      this.users.push(userObjectId)
-    }
-    this.markModified('users')
-    return this.save()
+groupSchema.method('addUser', async function (user: IUser) {
+  const userObjectId = user._id
+  const userIdIndex = this.users.indexOf(userObjectId)
+  if (userIdIndex === -1) {
+    this.users.push(userObjectId)
+    user.addGroup(this._id)
   }
-)
-groupSchema.method(
-  'removeUser',
-  async function (userObjectId: Schema.Types.ObjectId) {
-    const userIdIndex = this.users.indexOf(userObjectId)
-    if (userIdIndex > -1) {
-      this.users.splice(userIdIndex, 1)
-    }
-    this.markModified('users')
-    return this.save()
+  this.markModified('users')
+  return this.save()
+})
+groupSchema.method('removeUser', async function (user: IUser) {
+  const userObjectId = user._id
+  const userIdIndex = this.users.indexOf(userObjectId)
+  if (userIdIndex > -1) {
+    this.users.splice(userIdIndex, 1)
+    user.removeGroup(this._id)
   }
-)
+  this.markModified('users')
+  return this.save()
+})
+groupSchema.method('hasUser', function (user: IUser) {
+  const userObjectId = user._id
+  const userIdIndex = this.users.indexOf(userObjectId)
+  return userIdIndex > -1
+})
 
 export const Group: IGroupModel = model<IGroup, IGroupModel>(
   'Group',

api/src/model/Permission.ts

@@ -0,0 +1,73 @@
+import mongoose, { Schema, model, Document, Model } from 'mongoose'
+const AutoIncrement = require('mongoose-sequence')(mongoose)
+import { PermissionDetailsResponse } from '../controllers'
+
+interface GetPermissionBy {
+  user?: Schema.Types.ObjectId
+  group?: Schema.Types.ObjectId
+}
+
+interface IPermissionDocument extends Document {
+  path: string
+  type: string
+  setting: string
+  permissionId: number
+  user: Schema.Types.ObjectId
+  group: Schema.Types.ObjectId
+}
+
+interface IPermission extends IPermissionDocument {}
+
+interface IPermissionModel extends Model<IPermission> {
+  get(getBy: GetPermissionBy): Promise<PermissionDetailsResponse[]>
+}
+
+const permissionSchema = new Schema<IPermissionDocument>({
+  path: {
+    type: String,
+    required: true
+  },
+  type: {
+    type: String,
+    required: true
+  },
+  setting: {
+    type: String,
+    required: true
+  },
+  user: { type: Schema.Types.ObjectId, ref: 'User' },
+  group: { type: Schema.Types.ObjectId, ref: 'Group' }
+})
+
+permissionSchema.plugin(AutoIncrement, { inc_field: 'permissionId' })
+
+// Static Methods
+permissionSchema.static('get', async function (getBy: GetPermissionBy): Promise<
+  PermissionDetailsResponse[]
+> {
+  return (await this.find(getBy)
+    .select({
+      _id: 0,
+      permissionId: 1,
+      path: 1,
+      type: 1,
+      setting: 1
+    })
+    .populate({ path: 'user', select: 'id username displayName isAdmin -_id' })
+    .populate({
+      path: 'group',
+      select: 'groupId name description -_id',
+      populate: {
+        path: 'users',
+        select: 'id username displayName isAdmin -_id',
+        options: { limit: 15 }
+      }
+    })) as unknown as PermissionDetailsResponse[]
+})
+
+export const Permission: IPermissionModel = model<
+  IPermission,
+  IPermissionModel
+>('Permission', permissionSchema)
+
+export default Permission

api/src/model/User.ts

@@ -35,6 +35,7 @@ export interface UserPayload {
 }
 
 interface IUserDocument extends UserPayload, Document {
+  _id: Schema.Types.ObjectId
   id: number
   isAdmin: boolean
   isActive: boolean
@@ -43,7 +44,7 @@ interface IUserDocument extends UserPayload, Document {
   tokens: [{ [key: string]: string }]
 }
 
-interface IUser extends IUserDocument {
+export interface IUser extends IUserDocument {
   comparePassword(password: string): boolean
   addGroup(groupObjectId: Schema.Types.ObjectId): Promise<IUser>
   removeGroup(groupObjectId: Schema.Types.ObjectId): Promise<IUser>

api/src/routes/api/drive.ts

@@ -11,8 +11,10 @@ import {
   extractName,
   fileBodyValidation,
   fileParamValidation,
+  folderBodyValidation,
   folderParamValidation,
-  isZipFile
+  isZipFile,
+  renameBodyValidation
 } from '../../utils'
 
 const controller = new DriveController()
@@ -119,7 +121,11 @@ driveRouter.get('/file', async (req, res) => {
   try {
     await controller.getFile(req, query._filePath)
   } catch (err: any) {
-    res.status(403).send(err.toString())
+    const statusCode = err.code
+
+    delete err.code
+
+    res.status(statusCode).send(err.message)
   }
 })
 
@@ -132,7 +138,11 @@ driveRouter.get('/folder', async (req, res) => {
     const response = await controller.getFolder(query._folderPath)
     res.send(response)
   } catch (err: any) {
-    res.status(403).send(err.toString())
+    const statusCode = err.code
+
+    delete err.code
+
+    res.status(statusCode).send(err.message)
   }
 })
 
@@ -145,7 +155,28 @@ driveRouter.delete('/file', async (req, res) => {
     const response = await controller.deleteFile(query._filePath)
     res.send(response)
   } catch (err: any) {
-    res.status(403).send(err.toString())
+    const statusCode = err.code
+
+    delete err.code
+
+    res.status(statusCode).send(err.message)
+  }
+})
+
+driveRouter.delete('/folder', async (req, res) => {
+  const { error: errQ, value: query } = folderParamValidation(req.query, true)
+
+  if (errQ) return res.status(400).send(errQ.details[0].message)
+
+  try {
+    const response = await controller.deleteFolder(query._folderPath)
+    res.send(response)
+  } catch (err: any) {
+    const statusCode = err.code
+
+    delete err.code
+
+    res.status(statusCode).send(err.message)
   }
 })
 
@@ -172,11 +203,33 @@ driveRouter.post(
       res.send(response)
     } catch (err: any) {
       await deleteFile(req.file.path)
-      res.status(403).send(err.toString())
+
+      const statusCode = err.code
+
+      delete err.code
+
+      res.status(statusCode).send(err.message)
     }
   }
 )
 
+driveRouter.post('/folder', async (req, res) => {
+  const { error, value: body } = folderBodyValidation(req.body)
+
+  if (error) return res.status(400).send(error.details[0].message)
+
+  try {
+    const response = await controller.addFolder(body)
+    res.send(response)
+  } catch (err: any) {
+    const statusCode = err.code
+
+    delete err.code
+
+    res.status(statusCode).send(err.message)
+  }
+})
+
 driveRouter.patch(
   '/file',
   (...arg) => multerSingle('file', arg),
@@ -200,11 +253,33 @@ driveRouter.patch(
       res.send(response)
     } catch (err: any) {
       await deleteFile(req.file.path)
-      res.status(403).send(err.toString())
+
+      const statusCode = err.code
+
+      delete err.code
+
+      res.status(statusCode).send(err.message)
     }
   }
 )
 
+driveRouter.post('/rename', async (req, res) => {
+  const { error, value: body } = renameBodyValidation(req.body)
+
+  if (error) return res.status(400).send(error.details[0].message)
+
+  try {
+    const response = await controller.rename(body)
+    res.send(response)
+  } catch (err: any) {
+    const statusCode = err.code
+
+    delete err.code
+
+    res.status(statusCode).send(err.message)
+  }
+})
+
 driveRouter.get('/fileTree', async (req, res) => {
   try {
     const response = await controller.getFileTree()

api/src/routes/api/index.ts

@@ -17,6 +17,7 @@ import groupRouter from './group'
 import clientRouter from './client'
 import authRouter from './auth'
 import sessionRouter from './session'
+import permissionRouter from './permission'
 
 const router = express.Router()
 
@@ -35,6 +36,12 @@ router.use('/group', desktopRestrict, groupRouter)
 router.use('/stp', authenticateAccessToken, stpRouter)
 router.use('/code', authenticateAccessToken, codeRouter)
 router.use('/user', desktopRestrict, userRouter)
+router.use(
+  '/permission',
+  desktopRestrict,
+  authenticateAccessToken,
+  permissionRouter
+)
 
 router.use(
   '/',

api/src/routes/api/info.ts

@@ -13,4 +13,14 @@ infoRouter.get('/', async (req, res) => {
   }
 })
 
+infoRouter.get('/authorizedRoutes', async (req, res) => {
+  const controller = new InfoController()
+  try {
+    const response = controller.authorizedRoutes()
+    res.send(response)
+  } catch (err: any) {
+    res.status(403).send(err.toString())
+  }
+})
+
 export default infoRouter

api/src/routes/api/permission.ts

@@ -0,0 +1,69 @@
+import express from 'express'
+import { PermissionController } from '../../controllers/'
+import { verifyAdmin } from '../../middlewares'
+import {
+  registerPermissionValidation,
+  updatePermissionValidation
+} from '../../utils'
+
+const permissionRouter = express.Router()
+const controller = new PermissionController()
+
+permissionRouter.get('/', async (req, res) => {
+  try {
+    const response = await controller.getAllPermissions(req)
+    res.send(response)
+  } catch (err: any) {
+    const statusCode = err.code
+    delete err.code
+    res.status(statusCode).send(err.message)
+  }
+})
+
+permissionRouter.post('/', verifyAdmin, async (req, res) => {
+  const { error, value: body } = registerPermissionValidation(req.body)
+  if (error) return res.status(400).send(error.details[0].message)
+
+  try {
+    const response = await controller.createPermission(body)
+    res.send(response)
+  } catch (err: any) {
+    const statusCode = err.code
+    delete err.code
+    res.status(statusCode).send(err.message)
+  }
+})
+
+permissionRouter.patch('/:permissionId', verifyAdmin, async (req: any, res) => {
+  const { permissionId } = req.params
+
+  const { error, value: body } = updatePermissionValidation(req.body)
+  if (error) return res.status(400).send(error.details[0].message)
+
+  try {
+    const response = await controller.updatePermission(permissionId, body)
+    res.send(response)
+  } catch (err: any) {
+    const statusCode = err.code
+    delete err.code
+    res.status(statusCode).send(err.message)
+  }
+})
+
+permissionRouter.delete(
+  '/:permissionId',
+  verifyAdmin,
+  async (req: any, res) => {
+    const { permissionId } = req.params
+
+    try {
+      await controller.deletePermission(permissionId)
+      res.status(200).send('Permission Deleted!')
+    } catch (err: any) {
+      const statusCode = err.code
+      delete err.code
+      res.status(statusCode).send(err.message)
+    }
+  }
+)
+export default permissionRouter

api/src/routes/api/spec/drive.spec.ts

@@ -29,7 +29,13 @@ jest
   .mockImplementation(() => path.join(tmpFolder, 'uploads'))
 
 import appPromise from '../../../app'
-import { UserController } from '../../../controllers/'
+import {
+  UserController,
+  PermissionController,
+  PermissionType,
+  PermissionSettingForRoute,
+  PrincipalType
+} from '../../../controllers/'
 import { getTreeExample } from '../../../controllers/internal'
 import { generateAccessToken, saveTokensInDB } from '../../../utils/'
 const { getFilesFolder } = fileUtilModules
@@ -43,11 +49,18 @@ const user = {
   isActive: true
 }
 
+const permission = {
+  type: PermissionType.route,
+  principalType: PrincipalType.user,
+  setting: PermissionSettingForRoute.grant
+}
+
 describe('drive', () => {
   let app: Express
   let con: Mongoose
   let mongoServer: MongoMemoryServer
   const controller = new UserController()
+  const permissionController = new PermissionController()
 
   let accessToken: string
 
@@ -58,11 +71,32 @@ describe('drive', () => {
     con = await mongoose.connect(mongoServer.getUri())
 
     const dbUser = await controller.createUser(user)
-    accessToken = generateAccessToken({
-      clientId,
-      userId: dbUser.id
+    accessToken = await generateAndSaveToken(dbUser.id)
+    await permissionController.createPermission({
+      ...permission,
+      path: '/SASjsApi/drive/deploy',
+      principalId: dbUser.id
+    })
+    await permissionController.createPermission({
+      ...permission,
+      path: '/SASjsApi/drive/deploy/upload',
+      principalId: dbUser.id
+    })
+    await permissionController.createPermission({
+      ...permission,
+      path: '/SASjsApi/drive/file',
+      principalId: dbUser.id
+    })
+    await permissionController.createPermission({
+      ...permission,
+      path: '/SASjsApi/drive/folder',
+      principalId: dbUser.id
+    })
+    await permissionController.createPermission({
+      ...permission,
+      path: '/SASjsApi/drive/rename',
+      principalId: dbUser.id
     })
-    await saveTokensInDB(dbUser.id, clientId, accessToken, 'refreshToken')
   })
 
   afterAll(async () => {
@@ -517,29 +551,29 @@ describe('drive', () => {
         expect(res.body).toEqual({})
       })
 
-      it('should respond with Forbidden if folder is not present', async () => {
+      it('should respond with Not Found if folder is not present', async () => {
         const res = await request(app)
           .get(getFolderApi)
           .auth(accessToken, { type: 'bearer' })
           .query({ _folderPath: `/my/path/code-${generateTimestamp()}` })
-          .expect(403)
+          .expect(404)
 
-        expect(res.text).toEqual(`Error: Folder doesn't exist.`)
+        expect(res.text).toEqual(`Folder doesn't exist.`)
         expect(res.body).toEqual({})
       })
 
-      it('should respond with Forbidden if folderPath outside Drive', async () => {
+      it('should respond with Bad Request if folderPath outside Drive', async () => {
         const res = await request(app)
           .get(getFolderApi)
           .auth(accessToken, { type: 'bearer' })
           .query({ _folderPath: '/../path/code.sas' })
-          .expect(403)
+          .expect(400)
 
-        expect(res.text).toEqual('Error: Cannot get folder outside drive.')
+        expect(res.text).toEqual(`Can't get folder outside drive.`)
         expect(res.body).toEqual({})
       })
 
-      it('should respond with Forbidden if folderPath is of a file', async () => {
+      it('should respond with Bad Request if folderPath is of a file', async () => {
         const fileToCopyPath = path.join(__dirname, 'files', 'sample.sas')
         const filePath = '/my/path/code.sas'
 
@@ -550,12 +584,96 @@ describe('drive', () => {
           .get(getFolderApi)
           .auth(accessToken, { type: 'bearer' })
           .query({ _folderPath: filePath })
-          .expect(403)
+          .expect(400)
 
-        expect(res.text).toEqual('Error: Not a Folder.')
+        expect(res.text).toEqual('Not a Folder.')
         expect(res.body).toEqual({})
       })
     })
+
+    describe('post', () => {
+      const folderApi = '/SASjsApi/drive/folder'
+      const pathToDrive = fileUtilModules.getFilesFolder()
+
+      afterEach(async () => {
+        await deleteFolder(path.join(pathToDrive, 'post'))
+      })
+
+      it('should create a folder on drive', async () => {
+        const res = await request(app)
+          .post(folderApi)
+          .auth(accessToken, { type: 'bearer' })
+          .send({ folderPath: '/post/folder' })
+
+        expect(res.statusCode).toEqual(200)
+        expect(res.body).toEqual({
+          status: 'success'
+        })
+      })
+
+      it('should respond with Conflict if the folder already exists', async () => {
+        await createFolder(path.join(pathToDrive, '/post/folder'))
+
+        const res = await request(app)
+          .post(folderApi)
+          .auth(accessToken, { type: 'bearer' })
+          .send({ folderPath: '/post/folder' })
+          .expect(409)
+
+        expect(res.text).toEqual(`Folder already exists.`)
+
+        expect(res.statusCode).toEqual(409)
+      })
+
+      it('should respond with Bad Request if the folderPath is outside drive', async () => {
+        const res = await request(app)
+          .post(folderApi)
+          .auth(accessToken, { type: 'bearer' })
+          .send({ folderPath: '../sample' })
+          .expect(400)
+
+        expect(res.text).toEqual(`Can't put folder outside drive.`)
+      })
+    })
+
+    describe('delete', () => {
+      const folderApi = '/SASjsApi/drive/folder'
+      const pathToDrive = fileUtilModules.getFilesFolder()
+
+      it('should delete a folder on drive', async () => {
+        await createFolder(path.join(pathToDrive, 'delete'))
+
+        const res = await request(app)
+          .delete(folderApi)
+          .auth(accessToken, { type: 'bearer' })
+          .query({ _folderPath: 'delete' })
+
+        expect(res.statusCode).toEqual(200)
+        expect(res.body).toEqual({
+          status: 'success'
+        })
+      })
+
+      it('should respond with Not Found if the folder does not  exists', async () => {
+        const res = await request(app)
+          .delete(folderApi)
+          .auth(accessToken, { type: 'bearer' })
+          .query({ _folderPath: 'notExists' })
+          .expect(404)
+
+        expect(res.text).toEqual(`Folder doesn't exist.`)
+      })
+
+      it('should respond with Bad Request if the folderPath is outside drive', async () => {
+        const res = await request(app)
+          .delete(folderApi)
+          .auth(accessToken, { type: 'bearer' })
+          .query({ _folderPath: '../outsideDrive' })
+          .expect(400)
+
+        expect(res.text).toEqual(`Can't delete folder outside drive.`)
+      })
+    })
   })
 
   describe('file', () => {
@@ -601,7 +719,7 @@ describe('drive', () => {
         expect(res.body).toEqual({})
       })
 
-      it('should respond with Forbidden if file is already present', async () => {
+      it('should respond with Conflict if file is already present', async () => {
         const fileToAttachPath = path.join(__dirname, 'files', 'sample.sas')
         const pathToUpload = `/my/path/code-${generateTimestamp()}.sas`
 
@@ -616,13 +734,13 @@ describe('drive', () => {
           .auth(accessToken, { type: 'bearer' })
           .field('filePath', pathToUpload)
           .attach('file', fileToAttachPath)
-          .expect(403)
+          .expect(409)
 
-        expect(res.text).toEqual('Error: File already exists.')
+        expect(res.text).toEqual('File already exists.')
         expect(res.body).toEqual({})
       })
 
-      it('should respond with Forbidden if filePath outside Drive', async () => {
+      it('should respond with Bad Request if filePath outside Drive', async () => {
         const fileToAttachPath = path.join(__dirname, 'files', 'sample.sas')
         const pathToUpload = '/../path/code.sas'
 
@@ -631,9 +749,9 @@ describe('drive', () => {
           .auth(accessToken, { type: 'bearer' })
           .field('filePath', pathToUpload)
           .attach('file', fileToAttachPath)
-          .expect(403)
+          .expect(400)
 
-        expect(res.text).toEqual('Error: Cannot put file outside drive.')
+        expect(res.text).toEqual(`Can't put file outside drive.`)
         expect(res.body).toEqual({})
       })
 
@@ -768,19 +886,19 @@ describe('drive', () => {
         expect(res.body).toEqual({})
       })
 
-      it('should respond with Forbidden if file is not present', async () => {
+      it('should respond with Not Found if file is not present', async () => {
         const res = await request(app)
           .patch('/SASjsApi/drive/file')
           .auth(accessToken, { type: 'bearer' })
           .field('filePath', `/my/path/code-3.sas`)
           .attach('file', path.join(__dirname, 'files', 'sample.sas'))
-          .expect(403)
+          .expect(404)
 
-        expect(res.text).toEqual(`Error: File doesn't exist.`)
+        expect(res.text).toEqual(`File doesn't exist.`)
         expect(res.body).toEqual({})
       })
 
-      it('should respond with Forbidden if filePath outside Drive', async () => {
+      it('should respond with Bad Request if filePath outside Drive', async () => {
         const fileToAttachPath = path.join(__dirname, 'files', 'sample.sas')
         const pathToUpload = '/../path/code.sas'
 
@@ -789,9 +907,9 @@ describe('drive', () => {
           .auth(accessToken, { type: 'bearer' })
           .field('filePath', pathToUpload)
           .attach('file', fileToAttachPath)
-          .expect(403)
+          .expect(400)
 
-        expect(res.text).toEqual('Error: Cannot modify file outside drive.')
+        expect(res.text).toEqual(`Can't modify file outside drive.`)
         expect(res.body).toEqual({})
       })
 
@@ -896,25 +1014,25 @@ describe('drive', () => {
         expect(res.body).toEqual({})
       })
 
-      it('should respond with Forbidden if file is not present', async () => {
+      it('should respond with Not Found if file is not present', async () => {
         const res = await request(app)
           .get('/SASjsApi/drive/file')
           .auth(accessToken, { type: 'bearer' })
           .query({ _filePath: `/my/path/code-4.sas` })
-          .expect(403)
+          .expect(404)
 
-        expect(res.text).toEqual(`Error: File doesn't exist.`)
+        expect(res.text).toEqual(`File doesn't exist.`)
         expect(res.body).toEqual({})
       })
 
-      it('should respond with Forbidden if filePath outside Drive', async () => {
+      it('should respond with Bad Request if filePath outside Drive', async () => {
         const res = await request(app)
           .get('/SASjsApi/drive/file')
           .auth(accessToken, { type: 'bearer' })
           .query({ _filePath: '/../path/code.sas' })
-          .expect(403)
+          .expect(400)
 
-        expect(res.text).toEqual('Error: Cannot get file outside drive.')
+        expect(res.text).toEqual(`Can't get file outside drive.`)
         expect(res.body).toEqual({})
       })
 
@@ -940,8 +1058,150 @@ describe('drive', () => {
       })
     })
   })
+
+  describe('rename', () => {
+    const renameApi = '/SASjsApi/drive/rename'
+    const pathToDrive = fileUtilModules.getFilesFolder()
+
+    afterEach(async () => {
+      await deleteFolder(path.join(pathToDrive, 'rename'))
+    })
+
+    it('should rename a folder', async () => {
+      await createFolder(path.join(pathToDrive, 'rename', 'folder'))
+
+      const res = await request(app)
+        .post(renameApi)
+        .auth(accessToken, { type: 'bearer' })
+        .send({ oldPath: '/rename/folder', newPath: '/rename/renamed' })
+
+      expect(res.statusCode).toEqual(200)
+      expect(res.body).toEqual({
+        status: 'success'
+      })
+    })
+
+    it('should rename a file', async () => {
+      await createFile(
+        path.join(pathToDrive, 'rename', 'file.txt'),
+        'some file content'
+      )
+
+      const res = await request(app)
+        .post(renameApi)
+        .auth(accessToken, { type: 'bearer' })
+        .send({
+          oldPath: '/rename/file.txt',
+          newPath: '/rename/renamed.txt'
+        })
+
+      expect(res.statusCode).toEqual(200)
+      expect(res.body).toEqual({
+        status: 'success'
+      })
+    })
+
+    it('should respond with Bad Request if the oldPath is missing', async () => {
+      const res = await request(app)
+        .post(renameApi)
+        .auth(accessToken, { type: 'bearer' })
+        .send({ newPath: 'newPath' })
+        .expect(400)
+
+      expect(res.text).toEqual(`\"oldPath\" is required`)
+    })
+
+    it('should respond with Bad Request if the newPath is missing', async () => {
+      const res = await request(app)
+        .post(renameApi)
+        .auth(accessToken, { type: 'bearer' })
+        .send({ oldPath: 'oldPath' })
+        .expect(400)
+
+      expect(res.text).toEqual(`\"newPath\" is required`)
+    })
+
+    it('should respond with Bad Request if the oldPath is outside drive', async () => {
+      const res = await request(app)
+        .post(renameApi)
+        .auth(accessToken, { type: 'bearer' })
+        .send({ oldPath: '../outside', newPath: 'renamed' })
+        .expect(400)
+
+      expect(res.text).toEqual(`Old path can't be outside of drive.`)
+    })
+
+    it('should respond with Bad Request if the newPath is outside drive', async () => {
+      const res = await request(app)
+        .post(renameApi)
+        .auth(accessToken, { type: 'bearer' })
+        .send({ oldPath: 'older', newPath: '../outside' })
+        .expect(400)
+
+      expect(res.text).toEqual(`New path can't be outside of drive.`)
+    })
+
+    it('should respond with Not Found if the folder does not exist', async () => {
+      const res = await request(app)
+        .post(renameApi)
+        .auth(accessToken, { type: 'bearer' })
+        .send({ oldPath: '/rename/not exists', newPath: '/rename/renamed' })
+        .expect(404)
+
+      expect(res.text).toEqual('No file/folder found for provided path.')
+    })
+
+    it('should respond with Conflict if the folder already exists', async () => {
+      await createFolder(path.join(pathToDrive, 'rename', 'folder'))
+      await createFolder(path.join(pathToDrive, 'rename', 'exists'))
+      const res = await request(app)
+        .post(renameApi)
+        .auth(accessToken, { type: 'bearer' })
+        .send({ oldPath: '/rename/folder', newPath: '/rename/exists' })
+        .expect(409)
+
+      expect(res.text).toEqual('Folder with new name already exists.')
+    })
+
+    it('should respond with Not Found if the file does not exist', async () => {
+      const res = await request(app)
+        .post(renameApi)
+        .auth(accessToken, { type: 'bearer' })
+        .send({ oldPath: '/rename/file.txt', newPath: '/rename/renamed.txt' })
+        .expect(404)
+
+      expect(res.text).toEqual('No file/folder found for provided path.')
+    })
+
+    it('should respond with Conflict if the file already exists', async () => {
+      await createFile(
+        path.join(pathToDrive, 'rename', 'file.txt'),
+        'some file content'
+      )
+      await createFile(
+        path.join(pathToDrive, 'rename', 'exists.txt'),
+        'some existing content'
+      )
+      const res = await request(app)
+        .post(renameApi)
+        .auth(accessToken, { type: 'bearer' })
+        .send({ oldPath: '/rename/file.txt', newPath: '/rename/exists.txt' })
+        .expect(409)
+
+      expect(res.text).toEqual('File with new name already exists.')
+    })
+  })
 })
 
 const getExampleService = (): ServiceMember =>
   ((getTreeExample().members[0] as FolderMember).members[0] as FolderMember)
     .members[0] as ServiceMember
+
+const generateAndSaveToken = async (userId: number) => {
+  const adminAccessToken = generateAccessToken({
+    clientId,
+    userId
+  })
+  await saveTokensInDB(userId, clientId, adminAccessToken, 'refreshToken')
+  return adminAccessToken
+}

api/src/routes/api/spec/group.spec.ts

@@ -5,6 +5,7 @@ import request from 'supertest'
 import appPromise from '../../../app'
 import { UserController, GroupController } from '../../../controllers/'
 import { generateAccessToken, saveTokensInDB } from '../../../utils'
+import { PUBLIC_GROUP_NAME } from '../../../model/Group'
 
 const clientId = 'someclientID'
 const adminUser = {
@@ -27,6 +28,12 @@ const group = {
   description: 'DC group for testing purposes.'
 }
 
+const PUBLIC_GROUP = {
+  name: PUBLIC_GROUP_NAME,
+  description:
+    'A special group that can be used to bypass authentication for particular routes.'
+}
+
 const userController = new UserController()
 const groupController = new GroupController()
 
@@ -535,6 +542,24 @@ describe('group', () => {
       expect(res.text).toEqual('User not found.')
       expect(res.body).toEqual({})
     })
+
+    it('should respond with Bad Request when adding user to Public group', async () => {
+      const dbGroup = await groupController.createGroup(PUBLIC_GROUP)
+      const dbUser = await userController.createUser({
+        ...user,
+        username: 'publicUser'
+      })
+
+      const res = await request(app)
+        .post(`/SASjsApi/group/${dbGroup.groupId}/${dbUser.id}`)
+        .auth(adminAccessToken, { type: 'bearer' })
+        .send()
+        .expect(400)
+
+      expect(res.text).toEqual(
+        `Can't add/remove user to '${PUBLIC_GROUP_NAME}' group.`
+      )
+    })
   })
 
   describe('RemoveUser', () => {

api/src/routes/api/spec/permission.spec.ts

@@ -0,0 +1,596 @@
+import { Express } from 'express'
+import mongoose, { Mongoose } from 'mongoose'
+import { MongoMemoryServer } from 'mongodb-memory-server'
+import request from 'supertest'
+import appPromise from '../../../app'
+import {
+  DriveController,
+  UserController,
+  GroupController,
+  PermissionController,
+  PrincipalType,
+  PermissionType,
+  PermissionSettingForRoute
+} from '../../../controllers/'
+import {
+  UserDetailsResponse,
+  PermissionDetailsResponse
+} from '../../../controllers'
+import { generateAccessToken, saveTokensInDB } from '../../../utils'
+
+const deployPayload = {
+  appLoc: 'string',
+  streamWebFolder: 'string',
+  fileTree: {
+    members: [
+      {
+        name: 'string',
+        type: 'folder',
+        members: [
+          'string',
+          {
+            name: 'string',
+            type: 'service',
+            code: 'string'
+          }
+        ]
+      }
+    ]
+  }
+}
+
+const clientId = 'someclientID'
+const adminUser = {
+  displayName: 'Test Admin',
+  username: 'testAdminUsername',
+  password: '12345678',
+  isAdmin: true,
+  isActive: true
+}
+const user = {
+  displayName: 'Test User',
+  username: 'testUsername',
+  password: '87654321',
+  isAdmin: false,
+  isActive: true
+}
+
+const permission = {
+  path: '/SASjsApi/code/execute',
+  type: PermissionType.route,
+  setting: PermissionSettingForRoute.grant,
+  principalType: PrincipalType.user
+}
+
+const group = {
+  name: 'DCGroup1',
+  description: 'DC group for testing purposes.'
+}
+
+const userController = new UserController()
+const groupController = new GroupController()
+const permissionController = new PermissionController()
+
+describe('permission', () => {
+  let app: Express
+  let con: Mongoose
+  let mongoServer: MongoMemoryServer
+  let adminAccessToken: string
+  let dbUser: UserDetailsResponse
+
+  beforeAll(async () => {
+    app = await appPromise
+
+    mongoServer = await MongoMemoryServer.create()
+    con = await mongoose.connect(mongoServer.getUri())
+
+    adminAccessToken = await generateSaveTokenAndCreateUser()
+    dbUser = await userController.createUser(user)
+  })
+
+  afterAll(async () => {
+    await con.connection.dropDatabase()
+    await con.connection.close()
+    await mongoServer.stop()
+  })
+
+  describe('create', () => {
+    afterEach(async () => {
+      await deleteAllPermissions()
+    })
+
+    it('should respond with new permission when principalType is user', async () => {
+      const res = await request(app)
+        .post('/SASjsApi/permission')
+        .auth(adminAccessToken, { type: 'bearer' })
+        .send({ ...permission, principalId: dbUser.id })
+        .expect(200)
+
+      expect(res.body.permissionId).toBeTruthy()
+      expect(res.body.path).toEqual(permission.path)
+      expect(res.body.type).toEqual(permission.type)
+      expect(res.body.setting).toEqual(permission.setting)
+      expect(res.body.user).toBeTruthy()
+    })
+
+    it('should respond with new permission when principalType is group', async () => {
+      const dbGroup = await groupController.createGroup(group)
+
+      const res = await request(app)
+        .post('/SASjsApi/permission')
+        .auth(adminAccessToken, { type: 'bearer' })
+        .send({
+          ...permission,
+          principalType: 'group',
+          principalId: dbGroup.groupId
+        })
+        .expect(200)
+
+      expect(res.body.permissionId).toBeTruthy()
+      expect(res.body.path).toEqual(permission.path)
+      expect(res.body.type).toEqual(permission.type)
+      expect(res.body.setting).toEqual(permission.setting)
+      expect(res.body.group).toBeTruthy()
+    })
+
+    it('should respond with Unauthorized if access token is not present', async () => {
+      const res = await request(app)
+        .post('/SASjsApi/permission')
+        .send(permission)
+        .expect(401)
+
+      expect(res.text).toEqual('Unauthorized')
+      expect(res.body).toEqual({})
+    })
+
+    it('should respond with Unauthorized if access token is not of an admin account', async () => {
+      const accessToken = await generateAndSaveToken(dbUser.id)
+
+      const res = await request(app)
+        .post('/SASjsApi/permission')
+        .auth(accessToken, { type: 'bearer' })
+        .send(permission)
+        .expect(401)
+
+      expect(res.text).toEqual('Admin account required')
+      expect(res.body).toEqual({})
+    })
+
+    it('should respond with Bad Request if path is missing', async () => {
+      const res = await request(app)
+        .post('/SASjsApi/permission')
+        .auth(adminAccessToken, { type: 'bearer' })
+        .send({
+          ...permission,
+          path: undefined
+        })
+        .expect(400)
+
+      expect(res.text).toEqual(`"path" is required`)
+      expect(res.body).toEqual({})
+    })
+
+    it('should respond with Bad Request if path is not valid', async () => {
+      const res = await request(app)
+        .post('/SASjsApi/permission')
+        .auth(adminAccessToken, { type: 'bearer' })
+        .send({
+          ...permission,
+          path: '/some/random/api/endpoint'
+        })
+        .expect(400)
+
+      expect(res.body).toEqual({})
+    })
+
+    it('should respond with Bad Request if type is not valid', async () => {
+      const res = await request(app)
+        .post('/SASjsApi/permission')
+        .auth(adminAccessToken, { type: 'bearer' })
+        .send({
+          ...permission,
+          type: 'invalid'
+        })
+        .expect(400)
+
+      expect(res.text).toEqual('"type" must be [Route]')
+      expect(res.body).toEqual({})
+    })
+
+    it('should respond with Bad Request if type is missing', async () => {
+      const res = await request(app)
+        .post('/SASjsApi/permission')
+        .auth(adminAccessToken, { type: 'bearer' })
+        .send({
+          ...permission,
+          type: undefined
+        })
+        .expect(400)
+
+      expect(res.text).toEqual(`"type" is required`)
+      expect(res.body).toEqual({})
+    })
+
+    it('should respond with Bad Request if setting is missing', async () => {
+      const res = await request(app)
+        .post('/SASjsApi/permission')
+        .auth(adminAccessToken, { type: 'bearer' })
+        .send({
+          ...permission,
+          setting: undefined
+        })
+        .expect(400)
+
+      expect(res.text).toEqual(`"setting" is required`)
+      expect(res.body).toEqual({})
+    })
+
+    it('should respond with Bad Request if setting is not valid', async () => {
+      const res = await request(app)
+        .post('/SASjsApi/permission')
+        .auth(adminAccessToken, { type: 'bearer' })
+        .send({
+          ...permission,
+          setting: 'invalid'
+        })
+        .expect(400)
+
+      expect(res.text).toEqual('"setting" must be one of [Grant, Deny]')
+      expect(res.body).toEqual({})
+    })
+
+    it('should respond with Bad Request if principalType is missing', async () => {
+      const res = await request(app)
+        .post('/SASjsApi/permission')
+        .auth(adminAccessToken, { type: 'bearer' })
+        .send({
+          ...permission,
+          principalType: undefined
+        })
+        .expect(400)
+
+      expect(res.text).toEqual(`"principalType" is required`)
+      expect(res.body).toEqual({})
+    })
+
+    it('should respond with Bad Request if principal type is not valid', async () => {
+      const res = await request(app)
+        .post('/SASjsApi/permission')
+        .auth(adminAccessToken, { type: 'bearer' })
+        .send({
+          ...permission,
+          principalType: 'invalid'
+        })
+        .expect(400)
+
+      expect(res.text).toEqual('"principalType" must be one of [user, group]')
+      expect(res.body).toEqual({})
+    })
+
+    it('should respond with Bad Request if principalId is missing', async () => {
+      const res = await request(app)
+        .post('/SASjsApi/permission')
+        .auth(adminAccessToken, { type: 'bearer' })
+        .send({
+          ...permission,
+          principalId: undefined
+        })
+        .expect(400)
+
+      expect(res.text).toEqual(`"principalId" is required`)
+      expect(res.body).toEqual({})
+    })
+
+    it('should respond with Bad Request if principalId is not a number', async () => {
+      const res = await request(app)
+        .post('/SASjsApi/permission')
+        .auth(adminAccessToken, { type: 'bearer' })
+        .send({
+          ...permission,
+          principalId: 'someCharacters'
+        })
+        .expect(400)
+
+      expect(res.text).toEqual('"principalId" must be a number')
+      expect(res.body).toEqual({})
+    })
+
+    it('should respond with Bad Request if adding permission for admin user', async () => {
+      const adminUser = await userController.createUser({
+        ...user,
+        username: 'adminUser',
+        isAdmin: true
+      })
+
+      const res = await request(app)
+        .post('/SASjsApi/permission')
+        .auth(adminAccessToken, { type: 'bearer' })
+        .send({
+          ...permission,
+          principalId: adminUser.id
+        })
+        .expect(400)
+
+      expect(res.text).toEqual('Can not add permission for admin user.')
+      expect(res.body).toEqual({})
+    })
+
+    it('should respond with Not Found (404) if user is not found', async () => {
+      const res = await request(app)
+        .post('/SASjsApi/permission')
+        .auth(adminAccessToken, { type: 'bearer' })
+        .send({
+          ...permission,
+          principalId: 123
+        })
+        .expect(404)
+
+      expect(res.text).toEqual('User not found.')
+      expect(res.body).toEqual({})
+    })
+
+    it('should respond with Not Found (404) if group is not found', async () => {
+      const res = await request(app)
+        .post('/SASjsApi/permission')
+        .auth(adminAccessToken, { type: 'bearer' })
+        .send({
+          ...permission,
+          principalType: 'group',
+          principalId: 123
+        })
+        .expect(404)
+
+      expect(res.text).toEqual('Group not found.')
+      expect(res.body).toEqual({})
+    })
+
+    it('should respond with Conflict (409) if permission already exists', async () => {
+      await permissionController.createPermission({
+        ...permission,
+        principalId: dbUser.id
+      })
+
+      const res = await request(app)
+        .post('/SASjsApi/permission')
+        .auth(adminAccessToken, { type: 'bearer' })
+        .send({ ...permission, principalId: dbUser.id })
+        .expect(409)
+
+      expect(res.text).toEqual(
+        'Permission already exists with provided Path, Type and User.'
+      )
+      expect(res.body).toEqual({})
+    })
+  })
+
+  describe('update', () => {
+    let dbPermission: PermissionDetailsResponse | undefined
+    beforeAll(async () => {
+      dbPermission = await permissionController.createPermission({
+        ...permission,
+        principalId: dbUser.id
+      })
+    })
+
+    afterEach(async () => {
+      await deleteAllPermissions()
+    })
+
+    it('should respond with updated permission', async () => {
+      const res = await request(app)
+        .patch(`/SASjsApi/permission/${dbPermission?.permissionId}`)
+        .auth(adminAccessToken, { type: 'bearer' })
+        .send({ setting: PermissionSettingForRoute.deny })
+        .expect(200)
+
+      expect(res.body.setting).toEqual('Deny')
+    })
+
+    it('should respond with Unauthorized if access token is not present', async () => {
+      const res = await request(app)
+        .patch(`/SASjsApi/permission/${dbPermission?.permissionId}`)
+        .send()
+        .expect(401)
+
+      expect(res.text).toEqual('Unauthorized')
+      expect(res.body).toEqual({})
+    })
+
+    it('should respond with Unauthorized if access token is not of an admin account', async () => {
+      const accessToken = await generateSaveTokenAndCreateUser({
+        ...user,
+        username: 'update' + user.username
+      })
+
+      const res = await request(app)
+        .patch(`/SASjsApi/permission/${dbPermission?.permissionId}`)
+        .auth(accessToken, { type: 'bearer' })
+        .send()
+        .expect(401)
+
+      expect(res.text).toEqual('Admin account required')
+      expect(res.body).toEqual({})
+    })
+
+    it('should respond with Bad Request if setting is missing', async () => {
+      const res = await request(app)
+        .patch(`/SASjsApi/permission/${dbPermission?.permissionId}`)
+        .auth(adminAccessToken, { type: 'bearer' })
+        .send()
+        .expect(400)
+
+      expect(res.text).toEqual(`"setting" is required`)
+      expect(res.body).toEqual({})
+    })
+
+    it('should respond with Bad Request if setting is  invalid', async () => {
+      const res = await request(app)
+        .patch(`/SASjsApi/permission/${dbPermission?.permissionId}`)
+        .auth(adminAccessToken, { type: 'bearer' })
+        .send({
+          setting: 'invalid'
+        })
+        .expect(400)
+
+      expect(res.text).toEqual('"setting" must be one of [Grant, Deny]')
+      expect(res.body).toEqual({})
+    })
+
+    it('should respond with not found (404) if permission with provided id does not exist', async () => {
+      const res = await request(app)
+        .patch('/SASjsApi/permission/123')
+        .auth(adminAccessToken, { type: 'bearer' })
+        .send({
+          setting: PermissionSettingForRoute.deny
+        })
+        .expect(404)
+
+      expect(res.text).toEqual('Permission not found.')
+      expect(res.body).toEqual({})
+    })
+  })
+
+  describe('delete', () => {
+    it('should delete permission', async () => {
+      const dbPermission = await permissionController.createPermission({
+        ...permission,
+        principalId: dbUser.id
+      })
+      const res = await request(app)
+        .delete(`/SASjsApi/permission/${dbPermission?.permissionId}`)
+        .auth(adminAccessToken, { type: 'bearer' })
+        .send()
+        .expect(200)
+
+      expect(res.text).toEqual('Permission Deleted!')
+    })
+
+    it('should respond with not found (404) if permission with provided id does not exists', async () => {
+      const res = await request(app)
+        .delete('/SASjsApi/permission/123')
+        .auth(adminAccessToken, { type: 'bearer' })
+        .send()
+        .expect(404)
+
+      expect(res.text).toEqual('Permission not found.')
+    })
+  })
+
+  describe('get', () => {
+    beforeAll(async () => {
+      await permissionController.createPermission({
+        ...permission,
+        path: '/test-1',
+        principalId: dbUser.id
+      })
+      await permissionController.createPermission({
+        ...permission,
+        path: '/test-2',
+        principalId: dbUser.id
+      })
+    })
+
+    it('should give a list of all permissions when user is admin', async () => {
+      const res = await request(app)
+        .get('/SASjsApi/permission/')
+        .auth(adminAccessToken, { type: 'bearer' })
+        .send()
+        .expect(200)
+
+      expect(res.body).toHaveLength(2)
+    })
+
+    it(`should give a list of user's own  permissions when user is not admin`, async () => {
+      const nonAdminUser = await userController.createUser({
+        ...user,
+        username: 'get' + user.username
+      })
+      const accessToken = await generateAndSaveToken(nonAdminUser.id)
+      await permissionController.createPermission({
+        path: '/test-1',
+        type: PermissionType.route,
+        principalType: PrincipalType.user,
+        principalId: nonAdminUser.id,
+        setting: PermissionSettingForRoute.grant
+      })
+
+      const permissionCount = 1
+
+      const res = await request(app)
+        .get('/SASjsApi/permission/')
+        .auth(accessToken, { type: 'bearer' })
+        .send()
+        .expect(200)
+
+      expect(res.body).toHaveLength(permissionCount)
+    })
+  })
+
+  describe('verify', () => {
+    beforeAll(async () => {
+      await permissionController.createPermission({
+        ...permission,
+        path: '/SASjsApi/drive/deploy',
+        principalId: dbUser.id
+      })
+    })
+
+    beforeEach(() => {
+      jest
+        .spyOn(DriveController.prototype, 'deploy')
+        .mockImplementation((deployPayload) =>
+          Promise.resolve({
+            status: 'success',
+            message: 'Files deployed successfully to @sasjs/server.'
+          })
+        )
+    })
+
+    afterEach(() => {
+      jest.resetAllMocks()
+    })
+
+    it('should create files in SASJS drive', async () => {
+      const accessToken = await generateAndSaveToken(dbUser.id)
+
+      await request(app)
+        .get('/SASjsApi/drive/deploy')
+        .auth(accessToken, { type: 'bearer' })
+        .send(deployPayload)
+        .expect(200)
+    })
+
+    it('should respond unauthorized', async () => {
+      const accessToken = await generateAndSaveToken(dbUser.id)
+
+      await request(app)
+        .get('/SASjsApi/drive/deploy/upload')
+        .auth(accessToken, { type: 'bearer' })
+        .send()
+        .expect(401)
+    })
+  })
+})
+
+const generateSaveTokenAndCreateUser = async (
+  someUser?: any
+): Promise<string> => {
+  const dbUser = await userController.createUser(someUser ?? adminUser)
+
+  return generateAndSaveToken(dbUser.id)
+}
+
+const generateAndSaveToken = async (userId: number) => {
+  const adminAccessToken = generateAccessToken({
+    clientId,
+    userId
+  })
+  await saveTokensInDB(userId, clientId, adminAccessToken, 'refreshToken')
+  return adminAccessToken
+}
+
+const deleteAllPermissions = async () => {
+  const { collections } = mongoose.connection
+  const collection = collections['permissions']
+  await collection.deleteMany({})
+}

api/src/routes/api/spec/stp.spec.ts

@@ -4,7 +4,13 @@ import mongoose, { Mongoose } from 'mongoose'
 import { MongoMemoryServer } from 'mongodb-memory-server'
 import request from 'supertest'
 import appPromise from '../../../app'
-import { UserController } from '../../../controllers/'
+import {
+  UserController,
+  PermissionController,
+  PermissionType,
+  PermissionSettingForRoute,
+  PrincipalType
+} from '../../../controllers/'
 import {
   generateAccessToken,
   saveTokensInDB,
@@ -16,7 +22,8 @@ import {
 import { createFile, generateTimestamp, deleteFolder } from '@sasjs/utils'
 import {
   SASSessionController,
-  JSSessionController
+  JSSessionController,
+  PythonSessionController
 } from '../../../controllers/internal'
 import * as ProcessProgramModule from '../../../controllers/internal/processProgram'
 import { Session } from '../../../types'
@@ -33,20 +40,33 @@ const user = {
 
 const sampleSasProgram = '%put hello world!;'
 const sampleJsProgram = `console.log('hello world!/')`
+const samplePyProgram = `print('hello world!/')`
 
 const filesFolder = getFilesFolder()
+const testFilesFolder = `test-stp-${generateTimestamp()}`
+
+let app: Express
+let accessToken: string
 
 describe('stp', () => {
-  let app: Express
   let con: Mongoose
   let mongoServer: MongoMemoryServer
-  let accessToken: string
+  const userController = new UserController()
+  const permissionController = new PermissionController()
 
   beforeAll(async () => {
     app = await appPromise
     mongoServer = await MongoMemoryServer.create()
     con = await mongoose.connect(mongoServer.getUri())
-    accessToken = await generateSaveTokenAndCreateUser(user)
+    const dbUser = await userController.createUser(user)
+    accessToken = await generateAndSaveToken(dbUser.id)
+    await permissionController.createPermission({
+      path: '/SASjsApi/stp/execute',
+      type: PermissionType.route,
+      principalType: PrincipalType.user,
+      principalId: dbUser.id,
+      setting: PermissionSettingForRoute.grant
+    })
   })
 
   afterAll(async () => {
@@ -56,8 +76,6 @@ describe('stp', () => {
   })
 
   describe('execute', () => {
-    const testFilesFolder = `test-stp-${generateTimestamp()}`
-
     describe('get', () => {
       describe('with runtime js', () => {
         const testFilesFolder = `test-stp-${generateTimestamp()}`
@@ -77,41 +95,45 @@ describe('stp', () => {
         })
 
         it('should execute js program when both js and sas program are present', async () => {
-          const programPath = path.join(testFilesFolder, 'program')
-          const sasProgramPath = path.join(filesFolder, `${programPath}.sas`)
-          const jsProgramPath = path.join(filesFolder, `${programPath}.js`)
-          await createFile(sasProgramPath, sampleSasProgram)
-          await createFile(jsProgramPath, sampleJsProgram)
-
-          await request(app)
-            .get(`/SASjsApi/stp/execute?_program=${programPath}`)
-            .auth(accessToken, { type: 'bearer' })
-            .send()
-            .expect(200)
-
-          expect(ProcessProgramModule.processProgram).toHaveBeenCalledWith(
-            expect.anything(),
-            expect.anything(),
-            expect.anything(),
-            expect.anything(),
-            expect.anything(),
-            expect.anything(),
-            RunTimeType.JS,
-            expect.anything(),
-            undefined
+          await makeRequestAndAssert(
+            [RunTimeType.JS, RunTimeType.SAS],
+            200,
+            RunTimeType.JS
           )
         })
 
         it('should throw error when js program is not present but sas program exists', async () => {
-          const programPath = path.join(testFilesFolder, 'program')
-          const sasProgramPath = path.join(filesFolder, `${programPath}.sas`)
-          await createFile(sasProgramPath, sampleSasProgram)
+          await makeRequestAndAssert([], 400)
+        })
+      })
 
-          await request(app)
-            .get(`/SASjsApi/stp/execute?_program=${programPath}`)
-            .auth(accessToken, { type: 'bearer' })
-            .send()
-            .expect(400)
+      describe('with runtime py', () => {
+        const testFilesFolder = `test-stp-${generateTimestamp()}`
+
+        beforeAll(() => {
+          process.runTimes = [RunTimeType.PY]
+        })
+
+        beforeEach(() => {
+          jest.resetModules() // it clears the cache
+          setupMocks()
+        })
+
+        afterEach(async () => {
+          jest.resetAllMocks()
+          await deleteFolder(path.join(filesFolder, testFilesFolder))
+        })
+
+        it('should execute python program when python, js and sas programs are present', async () => {
+          await makeRequestAndAssert(
+            [RunTimeType.PY, RunTimeType.SAS, RunTimeType.JS],
+            200,
+            RunTimeType.PY
+          )
+        })
+
+        it('should throw error when py program is not present but js or sas program exists', async () => {
+          await makeRequestAndAssert([], 400)
         })
       })
 
@@ -131,41 +153,11 @@ describe('stp', () => {
         })
 
         it('should execute sas program when both sas and js programs are present', async () => {
-          const programPath = path.join(testFilesFolder, 'program')
-          const sasProgramPath = path.join(filesFolder, `${programPath}.sas`)
-          const jsProgramPath = path.join(filesFolder, `${programPath}.js`)
-          await createFile(sasProgramPath, sampleSasProgram)
-          await createFile(jsProgramPath, sampleJsProgram)
-
-          await request(app)
-            .get(`/SASjsApi/stp/execute?_program=${programPath}`)
-            .auth(accessToken, { type: 'bearer' })
-            .send()
-            .expect(200)
-
-          expect(ProcessProgramModule.processProgram).toHaveBeenCalledWith(
-            expect.anything(),
-            expect.anything(),
-            expect.anything(),
-            expect.anything(),
-            expect.anything(),
-            expect.anything(),
-            RunTimeType.SAS,
-            expect.anything(),
-            undefined
-          )
+          await makeRequestAndAssert([RunTimeType.SAS], 200, RunTimeType.SAS)
         })
 
         it('should throw error when sas program do not exit but js exists', async () => {
-          const programPath = path.join(testFilesFolder, 'program')
-          const jsProgramPath = path.join(filesFolder, `${programPath}.js`)
-          await createFile(jsProgramPath, sampleJsProgram)
-
-          await request(app)
-            .get(`/SASjsApi/stp/execute?_program=${programPath}`)
-            .auth(accessToken, { type: 'bearer' })
-            .send()
-            .expect(400)
+          await makeRequestAndAssert([], 400)
         })
       })
 
@@ -185,63 +177,51 @@ describe('stp', () => {
         })
 
         it('should execute js program when both js and sas program are present', async () => {
-          const programPath = path.join(testFilesFolder, 'program')
-          const sasProgramPath = path.join(filesFolder, `${programPath}.sas`)
-          const jsProgramPath = path.join(filesFolder, `${programPath}.js`)
-          await createFile(sasProgramPath, sampleSasProgram)
-          await createFile(jsProgramPath, sampleJsProgram)
-
-          await request(app)
-            .get(`/SASjsApi/stp/execute?_program=${programPath}`)
-            .auth(accessToken, { type: 'bearer' })
-            .send()
-            .expect(200)
-
-          expect(ProcessProgramModule.processProgram).toHaveBeenCalledWith(
-            expect.anything(),
-            expect.anything(),
-            expect.anything(),
-            expect.anything(),
-            expect.anything(),
-            expect.anything(),
-            RunTimeType.JS,
-            expect.anything(),
-            undefined
+          await makeRequestAndAssert(
+            [RunTimeType.SAS, RunTimeType.JS],
+            200,
+            RunTimeType.JS
           )
         })
 
         it('should execute sas program when js program is not present but sas program exists', async () => {
-          const programPath = path.join(testFilesFolder, 'program')
-          const sasProgramPath = path.join(filesFolder, `${programPath}.sas`)
-          await createFile(sasProgramPath, sampleSasProgram)
-
-          await request(app)
-            .get(`/SASjsApi/stp/execute?_program=${programPath}`)
-            .auth(accessToken, { type: 'bearer' })
-            .send()
-            .expect(200)
-
-          expect(ProcessProgramModule.processProgram).toHaveBeenCalledWith(
-            expect.anything(),
-            expect.anything(),
-            expect.anything(),
-            expect.anything(),
-            expect.anything(),
-            expect.anything(),
-            RunTimeType.SAS,
-            expect.anything(),
-            undefined
-          )
+          await makeRequestAndAssert([RunTimeType.SAS], 200, RunTimeType.SAS)
         })
 
         it('should throw error when both sas and js programs do not exist', async () => {
-          const programPath = path.join(testFilesFolder, 'program')
+          await makeRequestAndAssert([], 400)
+        })
+      })
 
-          await request(app)
-            .get(`/SASjsApi/stp/execute?_program=${programPath}`)
-            .auth(accessToken, { type: 'bearer' })
-            .send()
-            .expect(400)
+      describe('with runtime py and sas', () => {
+        beforeAll(() => {
+          process.runTimes = [RunTimeType.PY, RunTimeType.SAS]
+        })
+
+        beforeEach(() => {
+          jest.resetModules() // it clears the cache
+          setupMocks()
+        })
+
+        afterEach(async () => {
+          jest.resetAllMocks()
+          await deleteFolder(path.join(filesFolder, testFilesFolder))
+        })
+
+        it('should execute python program when both python and sas program are present', async () => {
+          await makeRequestAndAssert(
+            [RunTimeType.PY, RunTimeType.SAS],
+            200,
+            RunTimeType.PY
+          )
+        })
+
+        it('should execute sas program when python program is not present but sas program exists', async () => {
+          await makeRequestAndAssert([RunTimeType.SAS], 200, RunTimeType.SAS)
+        })
+
+        it('should throw error when both sas and js programs do not exist', async () => {
+          await makeRequestAndAssert([], 400)
         })
       })
 
@@ -261,76 +241,220 @@ describe('stp', () => {
         })
 
         it('should execute sas program when both sas and js programs  exist', async () => {
-          const programPath = path.join(testFilesFolder, 'program')
-          const sasProgramPath = path.join(filesFolder, `${programPath}.sas`)
-          const jsProgramPath = path.join(filesFolder, `${programPath}.js`)
-          await createFile(sasProgramPath, sampleSasProgram)
-          await createFile(jsProgramPath, sampleJsProgram)
-
-          await request(app)
-            .get(`/SASjsApi/stp/execute?_program=${programPath}`)
-            .auth(accessToken, { type: 'bearer' })
-            .send()
-            .expect(200)
-
-          expect(ProcessProgramModule.processProgram).toHaveBeenCalledWith(
-            expect.anything(),
-            expect.anything(),
-            expect.anything(),
-            expect.anything(),
-            expect.anything(),
-            expect.anything(),
-            RunTimeType.SAS,
-            expect.anything(),
-            undefined
+          await makeRequestAndAssert(
+            [RunTimeType.SAS, RunTimeType.JS],
+            200,
+            RunTimeType.SAS
           )
         })
 
         it('should execute js program when sas program is not present but js program exists', async () => {
-          const programPath = path.join(testFilesFolder, 'program')
-          const jsProgramPath = path.join(filesFolder, `${programPath}.js`)
-          await createFile(jsProgramPath, sampleJsProgram)
-
-          await request(app)
-            .get(`/SASjsApi/stp/execute?_program=${programPath}`)
-            .auth(accessToken, { type: 'bearer' })
-            .send()
-            .expect(200)
-
-          expect(ProcessProgramModule.processProgram).toHaveBeenCalledWith(
-            expect.anything(),
-            expect.anything(),
-            expect.anything(),
-            expect.anything(),
-            expect.anything(),
-            expect.anything(),
-            RunTimeType.JS,
-            expect.anything(),
-            undefined
-          )
+          await makeRequestAndAssert([RunTimeType.JS], 200, RunTimeType.JS)
         })
 
         it('should throw error when both sas and js programs do not exist', async () => {
-          const programPath = path.join(testFilesFolder, 'program')
+          await makeRequestAndAssert([], 400)
+        })
+      })
 
-          await request(app)
-            .get(`/SASjsApi/stp/execute?_program=${programPath}`)
-            .auth(accessToken, { type: 'bearer' })
-            .send()
-            .expect(400)
+      describe('with runtime sas and py', () => {
+        beforeAll(() => {
+          process.runTimes = [RunTimeType.SAS, RunTimeType.PY]
+        })
+
+        beforeEach(() => {
+          jest.resetModules() // it clears the cache
+          setupMocks()
+        })
+
+        afterEach(async () => {
+          jest.resetAllMocks()
+          await deleteFolder(path.join(filesFolder, testFilesFolder))
+        })
+
+        it('should execute sas program when both sas and python programs exist', async () => {
+          await makeRequestAndAssert(
+            [RunTimeType.SAS, RunTimeType.PY],
+            200,
+            RunTimeType.SAS
+          )
+        })
+
+        it('should execute python program when sas program is not present but python program exists', async () => {
+          await makeRequestAndAssert([RunTimeType.PY], 200, RunTimeType.PY)
+        })
+
+        it('should throw error when both sas and python programs do not exist', async () => {
+          await makeRequestAndAssert([], 400)
+        })
+      })
+
+      describe('with runtime sas, js and py', () => {
+        beforeAll(() => {
+          process.runTimes = [RunTimeType.SAS, RunTimeType.JS, RunTimeType.PY]
+        })
+
+        beforeEach(() => {
+          jest.resetModules() // it clears the cache
+          setupMocks()
+        })
+
+        afterEach(async () => {
+          jest.resetAllMocks()
+          await deleteFolder(path.join(filesFolder, testFilesFolder))
+        })
+
+        it('should execute sas program when it exists, no matter js and python programs exist or not', async () => {
+          await makeRequestAndAssert(
+            [RunTimeType.SAS, RunTimeType.PY, RunTimeType.JS],
+            200,
+            RunTimeType.SAS
+          )
+        })
+
+        it('should execute js program when sas program is absent but js and python programs are present', async () => {
+          await makeRequestAndAssert(
+            [RunTimeType.JS, RunTimeType.PY],
+            200,
+            RunTimeType.JS
+          )
+        })
+
+        it('should execute python program when both sas and js programs are not present', async () => {
+          await makeRequestAndAssert([RunTimeType.PY], 200, RunTimeType.PY)
+        })
+
+        it('should throw error when no program exists', async () => {
+          await makeRequestAndAssert([], 400)
+        })
+      })
+
+      describe('with runtime js, sas and py', () => {
+        beforeAll(() => {
+          process.runTimes = [RunTimeType.JS, RunTimeType.SAS, RunTimeType.PY]
+        })
+
+        beforeEach(() => {
+          jest.resetModules() // it clears the cache
+          setupMocks()
+        })
+
+        afterEach(async () => {
+          jest.resetAllMocks()
+          await deleteFolder(path.join(filesFolder, testFilesFolder))
+        })
+
+        it('should execute js program when it exists, no matter sas and python programs exist or not', async () => {
+          await makeRequestAndAssert(
+            [RunTimeType.JS, RunTimeType.SAS, RunTimeType.PY],
+            200,
+            RunTimeType.JS
+          )
+        })
+
+        it('should execute sas program when js program is absent but sas and python programs are present', async () => {
+          await makeRequestAndAssert(
+            [RunTimeType.SAS, RunTimeType.PY],
+            200,
+            RunTimeType.SAS
+          )
+        })
+
+        it('should execute python program when both sas and js programs are not present', async () => {
+          await makeRequestAndAssert([RunTimeType.PY], 200, RunTimeType.PY)
+        })
+
+        it('should throw error when no program exists', async () => {
+          await makeRequestAndAssert([], 400)
+        })
+      })
+
+      describe('with runtime py, sas and js', () => {
+        beforeAll(() => {
+          process.runTimes = [RunTimeType.PY, RunTimeType.SAS, RunTimeType.JS]
+        })
+
+        beforeEach(() => {
+          jest.resetModules() // it clears the cache
+          setupMocks()
+        })
+
+        afterEach(async () => {
+          jest.resetAllMocks()
+          await deleteFolder(path.join(filesFolder, testFilesFolder))
+        })
+
+        it('should execute python program when it exists, no matter sas and js programs exist or not', async () => {
+          await makeRequestAndAssert(
+            [RunTimeType.PY, RunTimeType.SAS, RunTimeType.JS],
+            200,
+            RunTimeType.PY
+          )
+        })
+
+        it('should execute sas program when python program is absent but sas and js programs are present', async () => {
+          await makeRequestAndAssert(
+            [RunTimeType.SAS, RunTimeType.JS],
+            200,
+            RunTimeType.SAS
+          )
+        })
+
+        it('should execute js program when both sas and python programs are not present', async () => {
+          await makeRequestAndAssert([RunTimeType.JS], 200, RunTimeType.JS)
+        })
+
+        it('should throw error when no program exists', async () => {
+          await makeRequestAndAssert([], 400)
         })
       })
     })
   })
 })
 
-const generateSaveTokenAndCreateUser = async (
-  someUser: any
-): Promise<string> => {
-  const userController = new UserController()
-  const dbUser = await userController.createUser(someUser)
+const makeRequestAndAssert = async (
+  programTypes: RunTimeType[],
+  expectedStatusCode: number,
+  expectedRuntime?: RunTimeType
+) => {
+  const programPath = path.join(testFilesFolder, 'program')
+  for (const programType of programTypes) {
+    if (programType === RunTimeType.JS)
+      await createFile(
+        path.join(filesFolder, `${programPath}.js`),
+        sampleJsProgram
+      )
+    else if (programType === RunTimeType.PY)
+      await createFile(
+        path.join(filesFolder, `${programPath}.py`),
+        samplePyProgram
+      )
+    else if (programType === RunTimeType.SAS)
+      await createFile(
+        path.join(filesFolder, `${programPath}.sas`),
+        sampleSasProgram
+      )
+  }
 
-  return generateAndSaveToken(dbUser.id)
+  await request(app)
+    .get(`/SASjsApi/stp/execute?_program=${programPath}`)
+    .auth(accessToken, { type: 'bearer' })
+    .send()
+    .expect(expectedStatusCode)
+
+  if (expectedRuntime)
+    expect(ProcessProgramModule.processProgram).toHaveBeenCalledWith(
+      expect.anything(),
+      expect.anything(),
+      expect.anything(),
+      expect.anything(),
+      expect.anything(),
+      expect.anything(),
+      expect.anything(),
+      expectedRuntime,
+      expect.anything(),
+      undefined
+    )
 }
 
 const generateAndSaveToken = async (userId: number) => {
@@ -351,6 +475,10 @@ const setupMocks = async () => {
     .spyOn(JSSessionController.prototype, 'getSession')
     .mockImplementation(mockedGetSession)
 
+  jest
+    .spyOn(PythonSessionController.prototype, 'getSession')
+    .mockImplementation(mockedGetSession)
+
   jest
     .spyOn(ProcessProgramModule, 'processProgram')
     .mockImplementation(() => Promise.resolve())

api/src/routes/api/spec/user.spec.ts

@@ -770,12 +770,14 @@ describe('user', () => {
         {
           id: expect.anything(),
           username: adminUser.username,
-          displayName: adminUser.displayName
+          displayName: adminUser.displayName,
+          isAdmin: adminUser.isAdmin
         },
         {
           id: expect.anything(),
           username: user.username,
-          displayName: user.displayName
+          displayName: user.displayName,
+          isAdmin: user.isAdmin
         }
       ])
     })
@@ -796,12 +798,14 @@ describe('user', () => {
         {
           id: expect.anything(),
           username: adminUser.username,
-          displayName: adminUser.displayName
+          displayName: adminUser.displayName,
+          isAdmin: adminUser.isAdmin
         },
         {
           id: expect.anything(),
           username: 'randomUser',
-          displayName: user.displayName
+          displayName: user.displayName,
+          isAdmin: user.isAdmin
         }
       ])
     })

api/src/routes/api/spec/web.spec.ts

@@ -39,12 +39,11 @@ describe('web', () => {
 
   describe('home', () => {
     it('should respond with CSRF Token', async () => {
-      await request(app)
-        .get('/')
-        .expect(
-          'set-cookie',
-          /_csrf=.*; Max-Age=86400000; Path=\/; HttpOnly,XSRF-TOKEN=.*; Path=\//
-        )
+      const res = await request(app).get('/').expect(200)
+
+      expect(res.text).toMatch(
+        /<script>document.cookie = '(XSRF-TOKEN=.*; Max-Age=86400; SameSite=Strict; Path=\/;)'<\/script>/
+      )
     })
   })
 
@@ -79,7 +78,8 @@ describe('web', () => {
       expect(res.body.user).toEqual({
         id: expect.any(Number),
         username: user.username,
-        displayName: user.displayName
+        displayName: user.displayName,
+        isAdmin: user.isAdmin
       })
     })
   })
@@ -153,10 +153,10 @@ describe('web', () => {
 
 const getCSRF = async (app: Express) => {
   // make request to get CSRF
-  const { header } = await request(app).get('/')
+  const { header, text } = await request(app).get('/')
   const cookies = header['set-cookie'].join()
 
-  const csrfToken = extractCSRF(cookies)
+  const csrfToken = extractCSRF(text)
   return { csrfToken, cookies }
 }
 
@@ -176,7 +176,7 @@ const performLogin = async (
   return { cookies: newCookies }
 }
 
-const extractCSRF = (cookies: string) =>
-  /_csrf=(.*); Max-Age=86400000; Path=\/; HttpOnly,XSRF-TOKEN=(.*); Path=\//.exec(
-    cookies
-  )![2]
+const extractCSRF = (text: string) =>
+  /<script>document.cookie = 'XSRF-TOKEN=(.*); Max-Age=86400; SameSite=Strict; Path=\/;'<\/script>/.exec(
+    text
+  )![1]

api/src/routes/api/stp.ts

@@ -13,7 +13,7 @@ stpRouter.get('/execute', async (req, res) => {
   if (error) return res.status(400).send(error.details[0].message)
 
   try {
-    const response = await controller.executeReturnRaw(req, query._program)
+    const response = await controller.executeGetRequest(req, query._program)
 
     if (response instanceof Buffer) {
       res.writeHead(200, (req as any).sasHeaders)
@@ -42,7 +42,7 @@ stpRouter.post(
     // if (errQ && errB) return res.status(400).send(errB.details[0].message)
 
     try {
-      const response = await controller.executeReturnJson(
+      const response = await controller.executePostRequest(
         req,
         req.body,
         req.query?._program as string

api/src/routes/appStream/index.ts

@@ -1,5 +1,6 @@
 import path from 'path'
 import express, { Request } from 'express'
+import { authenticateAccessToken } from '../../middlewares'
 import { folderExists } from '@sasjs/utils'
 
 import { addEntryToAppStreamConfig, getFilesFolder } from '../../utils'
@@ -9,7 +10,7 @@ const appStreams: { [key: string]: string } = {}
 
 const router = express.Router()
 
-router.get('/', async (req, res) => {
+router.get('/', authenticateAccessToken, async (req, res) => {
   const content = appStreamHtml(process.appStreamConfig)
 
   res.cookie('XSRF-TOKEN', req.csrfToken())
@@ -66,7 +67,7 @@ export const publishAppStream = async (
   return {}
 }
 
-router.get(`/*`, function (req: Request, res, next) {
+router.get(`/*`, authenticateAccessToken, function (req: Request, res, next) {
   const reqPath = req.path.replace(/^\//, '')
 
   // Redirecting to url with trailing slash for appStream base URL only

api/src/routes/appStream/style.ts

@@ -26,6 +26,7 @@ export const style = `<style>
 }
 .app-container .app img{
   width: 100%;
+  height: calc(100% - 30px);
   margin-bottom: 10px;
   border-radius: 10px;
 }

api/src/routes/web/web.ts

@@ -11,11 +11,15 @@ webRouter.get('/', async (req, res) => {
   try {
     response = await controller.home()
   } catch (_) {
-    response = 'Web Build is not present'
+    response = '<html><head></head><body>Web Build is not present</body></html>'
   } finally {
-    res.cookie('XSRF-TOKEN', req.csrfToken())
+    const codeToInject = `<script>document.cookie = 'XSRF-TOKEN=${req.csrfToken()}; Max-Age=86400; SameSite=Strict; Path=/;'</script>`
+    const injectedContent = response?.replace(
+      '</head>',
+      `${codeToInject}</head>`
+    )
 
-    return res.send(response)
+    return res.send(injectedContent)
   }
 })
 

api/src/types/TreeNode.ts

@@ -2,5 +2,6 @@ export interface TreeNode {
   name: string
   relativePath: string
   absolutePath: string
+  isFolder: boolean
   children: Array<TreeNode>
 }

api/src/types/system/process.d.ts

@@ -2,11 +2,16 @@ declare namespace NodeJS {
   export interface Process {
     sasLoc?: string
     nodeLoc?: string
+    pythonLoc?: string
     driveLoc: string
+    logsLoc: string
+    logsUUID: string
     sasSessionController?: import('../../controllers/internal').SASSessionController
     jsSessionController?: import('../../controllers/internal').JSSessionController
+    pythonSessionController?: import('../../controllers/internal').PythonSessionController
     appStreamConfig: import('../').AppStreamConfig
     logger: import('@sasjs/utils/logger').Logger
     runTimes: import('../../utils').RunTimeType[]
+    secrets: import('../../model/Configuration').ConfigurationType
   }
 }

api/src/utils/appStreamConfig.ts

@@ -5,6 +5,8 @@ import { AppStreamConfig } from '../types'
 import { getAppStreamConfigPath } from './file'
 
 export const loadAppStreamConfig = async () => {
+  process.appStreamConfig = {}
+
   if (process.env.NODE_ENV === 'test') return
 
   const appStreamConfigPath = getAppStreamConfigPath()
@@ -21,7 +23,6 @@ export const loadAppStreamConfig = async () => {
   } catch (_) {
     appStreamConfig = {}
   }
-  process.appStreamConfig = {}
 
   for (const [streamServiceName, entry] of Object.entries(appStreamConfig)) {
     const { appLoc, streamWebFolder, streamLogo } = entry

api/src/utils/connectDB.ts

@@ -9,7 +9,5 @@ export const connectDB = async () => {
   }
 
   console.log('Connected to DB!')
-  await seedDB()
-
-  return mongoose.connection
+  return seedDB()
 }

api/src/utils/file.ts

@@ -22,6 +22,8 @@ export const getDesktopUserAutoExecPath = () =>
 
 export const getSasjsRootFolder = () => process.driveLoc
 
+export const getLogFolder = () => process.logsLoc
+
 export const getAppStreamConfigPath = () =>
   path.join(getSasjsRootFolder(), 'appStreamConfig.json')
 
@@ -32,8 +34,6 @@ export const getUploadsFolder = () => path.join(getSasjsRootFolder(), 'uploads')
 
 export const getFilesFolder = () => path.join(getSasjsRootFolder(), 'files')
 
-export const getLogFolder = () => path.join(getSasjsRootFolder(), 'logs')
-
 export const getWeboutFolder = () => path.join(getSasjsRootFolder(), 'webouts')
 
 export const getSessionsFolder = () =>

api/src/utils/generateAccessToken.ts

@@ -2,6 +2,6 @@ import jwt from 'jsonwebtoken'
 import { InfoJWT } from '../types'
 
 export const generateAccessToken = (data: InfoJWT) =>
-  jwt.sign(data, process.env.ACCESS_TOKEN_SECRET as string, {
+  jwt.sign(data, process.secrets.ACCESS_TOKEN_SECRET, {
     expiresIn: '1day'
   })

api/src/utils/generateAuthCode.ts

@@ -2,6 +2,6 @@ import jwt from 'jsonwebtoken'
 import { InfoJWT } from '../types'
 
 export const generateAuthCode = (data: InfoJWT) =>
-  jwt.sign(data, process.env.AUTH_CODE_SECRET as string, {
+  jwt.sign(data, process.secrets.AUTH_CODE_SECRET, {
     expiresIn: '30s'
   })

api/src/utils/generateRefreshToken.ts

@@ -2,6 +2,6 @@ import jwt from 'jsonwebtoken'
 import { InfoJWT } from '../types'
 
 export const generateRefreshToken = (data: InfoJWT) =>
-  jwt.sign(data, process.env.REFRESH_TOKEN_SECRET as string, {
+  jwt.sign(data, process.secrets.REFRESH_TOKEN_SECRET, {
     expiresIn: '30 days'
   })

api/src/utils/getAuthorizedRoutes.ts

@@ -0,0 +1,35 @@
+import { Request } from 'express'
+
+const StaticAuthorizedRoutes = [
+  '/AppStream',
+  '/SASjsApi/code/execute',
+  '/SASjsApi/stp/execute',
+  '/SASjsApi/drive/deploy',
+  '/SASjsApi/drive/deploy/upload',
+  '/SASjsApi/drive/file',
+  '/SASjsApi/drive/folder',
+  '/SASjsApi/drive/fileTree',
+  '/SASjsApi/drive/rename'
+]
+
+export const getAuthorizedRoutes = () => {
+  const streamingApps = Object.keys(process.appStreamConfig)
+  const streamingAppsRoutes = streamingApps.map((app) => `/AppStream/${app}`)
+  return [...StaticAuthorizedRoutes, ...streamingAppsRoutes]
+}
+
+export const getPath = (req: Request) => {
+  const { baseUrl, path: reqPath } = req
+
+  if (baseUrl === '/AppStream') {
+    const appStream = reqPath.split('/')[1]
+
+    // removing trailing slash of URLs
+    return (baseUrl + '/' + appStream).replace(/\/$/, '')
+  }
+
+  return (baseUrl + reqPath).replace(/\/$/, '')
+}
+
+export const isAuthorizingRoute = (req: Request): boolean =>
+  getAuthorizedRoutes().includes(getPath(req))

api/src/utils/getDesktopFields.ts

@@ -4,9 +4,9 @@ import { createFolder, fileExists, folderExists, isWindows } from '@sasjs/utils'
 import { RunTimeType } from './verifyEnvVariables'
 
 export const getDesktopFields = async () => {
-  const { SAS_PATH, NODE_PATH } = process.env
+  const { SAS_PATH, NODE_PATH, PYTHON_PATH } = process.env
 
-  let sasLoc, nodeLoc
+  let sasLoc, nodeLoc, pythonLoc
 
   if (process.runTimes.includes(RunTimeType.SAS)) {
     sasLoc = SAS_PATH ?? (await getSASLocation())
@@ -16,7 +16,11 @@ export const getDesktopFields = async () => {
     nodeLoc = NODE_PATH ?? (await getNodeLocation())
   }
 
-  return { sasLoc, nodeLoc }
+  if (process.runTimes.includes(RunTimeType.PY)) {
+    pythonLoc = PYTHON_PATH ?? (await getPythonLocation())
+  }
+
+  return { sasLoc, nodeLoc, pythonLoc }
 }
 
 const getDriveLocation = async (): Promise<string> => {
@@ -91,3 +95,25 @@ const getNodeLocation = async (): Promise<string> => {
 
   return targetName
 }
+
+const getPythonLocation = async (): Promise<string> => {
+  const validator = async (filePath: string) => {
+    if (!filePath) return 'Path to Python executable is required.'
+
+    if (!(await fileExists(filePath))) {
+      return 'No file found at provided path.'
+    }
+
+    return true
+  }
+
+  const defaultLocation = isWindows() ? 'C:\\Python' : '/usr/bin/python'
+
+  const targetName = await getString(
+    'Please enter full path to a Python executable: ',
+    validator,
+    defaultLocation
+  )
+
+  return targetName
+}

api/src/utils/getRunTimeAndFilePath.ts

@@ -5,7 +5,7 @@ import { RunTimeType } from '.'
 
 export const getRunTimeAndFilePath = async (programPath: string) => {
   const ext = path.extname(programPath)
-  // If programPath (_program) is provided with a ".sas" or ".js" extension 
+  // If programPath (_program) is provided with a ".sas", ".js" or ".py" extension
   // we should use that extension to determine the appropriate runTime
   if (ext && Object.values(RunTimeType).includes(ext.slice(1) as RunTimeType)) {
     const runTime = ext.slice(1)

api/src/utils/index.ts

@@ -8,6 +8,7 @@ export * from './file'
 export * from './generateAccessToken'
 export * from './generateAuthCode'
 export * from './generateRefreshToken'
+export * from './getAuthorizedRoutes'
 export * from './getCertificates'
 export * from './getDesktopFields'
 export * from './getPreProgramVariables'
@@ -15,6 +16,7 @@ export * from './getRunTimeAndFilePath'
 export * from './getServerUrl'
 export * from './instantiateLogger'
 export * from './isDebugOn'
+export * from './isPublicRoute'
 export * from './zipped'
 export * from './parseLogToArray'
 export * from './removeTokensInDB'

api/src/utils/isPublicRoute.ts

@@ -0,0 +1,31 @@
+import { Request } from 'express'
+import { getPath } from './getAuthorizedRoutes'
+import Group, { PUBLIC_GROUP_NAME } from '../model/Group'
+import Permission from '../model/Permission'
+import { PermissionSettingForRoute } from '../controllers'
+import { RequestUser } from '../types'
+
+export const isPublicRoute = async (req: Request): Promise<boolean> => {
+  const group = await Group.findOne({ name: PUBLIC_GROUP_NAME })
+  if (group) {
+    const path = getPath(req)
+
+    const groupPermission = await Permission.findOne({
+      path,
+      group: group?._id
+    })
+    if (groupPermission?.setting === PermissionSettingForRoute.grant)
+      return true
+  }
+
+  return false
+}
+
+export const publicUser: RequestUser = {
+  userId: 0,
+  clientId: 'public_app',
+  username: 'publicUser',
+  displayName: 'Public User',
+  isAdmin: false,
+  isActive: true
+}

api/src/utils/seedDB.ts

@@ -1,5 +1,88 @@
 import Client from '../model/Client'
+import Group, { PUBLIC_GROUP_NAME } from '../model/Group'
 import User from '../model/User'
+import Configuration, { ConfigurationType } from '../model/Configuration'
+
+import { randomBytes } from 'crypto'
+
+export const SECRETS: ConfigurationType = {
+  ACCESS_TOKEN_SECRET: randomBytes(64).toString('hex'),
+  REFRESH_TOKEN_SECRET: randomBytes(64).toString('hex'),
+  AUTH_CODE_SECRET: randomBytes(64).toString('hex'),
+  SESSION_SECRET: randomBytes(64).toString('hex')
+}
+
+export const seedDB = async (): Promise<ConfigurationType> => {
+  // Checking if client is already in the database
+  const clientExist = await Client.findOne({ clientId: CLIENT.clientId })
+  if (!clientExist) {
+    const client = new Client(CLIENT)
+    await client.save()
+
+    console.log(`DB Seed - client created: ${CLIENT.clientId}`)
+  }
+
+  // Checking if 'AllUsers' Group is already in the database
+  let groupExist = await Group.findOne({ name: GROUP.name })
+  if (!groupExist) {
+    const group = new Group(GROUP)
+    groupExist = await group.save()
+
+    console.log(`DB Seed - Group created: ${GROUP.name}`)
+  }
+
+  // Checking if 'Public' Group is already in the database
+  const publicGroupExist = await Group.findOne({ name: PUBLIC_GROUP.name })
+  if (!publicGroupExist) {
+    const group = new Group(PUBLIC_GROUP)
+    await group.save()
+
+    console.log(`DB Seed - Group created: ${PUBLIC_GROUP.name}`)
+  }
+
+  // Checking if user is already in the database
+  let usernameExist = await User.findOne({ username: ADMIN_USER.username })
+  if (!usernameExist) {
+    const user = new User(ADMIN_USER)
+    usernameExist = await user.save()
+
+    console.log(`DB Seed - admin account created: ${ADMIN_USER.username}`)
+  }
+
+  if (!groupExist.hasUser(usernameExist)) {
+    groupExist.addUser(usernameExist)
+    console.log(
+      `DB Seed - admin account '${ADMIN_USER.username}' added to Group '${GROUP.name}'`
+    )
+  }
+
+  // checking if configuration is present in the database
+  let configExist = await Configuration.findOne()
+  if (!configExist) {
+    const configuration = new Configuration(SECRETS)
+    configExist = await configuration.save()
+
+    console.log('DB Seed - configuration added')
+  }
+
+  return {
+    ACCESS_TOKEN_SECRET: configExist.ACCESS_TOKEN_SECRET,
+    REFRESH_TOKEN_SECRET: configExist.REFRESH_TOKEN_SECRET,
+    AUTH_CODE_SECRET: configExist.AUTH_CODE_SECRET,
+    SESSION_SECRET: configExist.SESSION_SECRET
+  }
+}
+
+const GROUP = {
+  name: 'AllUsers',
+  description: 'Group contains all users'
+}
+
+const PUBLIC_GROUP = {
+  name: PUBLIC_GROUP_NAME,
+  description:
+    'A special group that can be used to bypass authentication for particular routes.'
+}
 
 const CLIENT = {
   clientId: 'clientID1',
@@ -13,23 +96,3 @@ const ADMIN_USER = {
   isAdmin: true,
   isActive: true
 }
-
-export const seedDB = async () => {
-  // Checking if client is already in the database
-  const clientExist = await Client.findOne({ clientId: CLIENT.clientId })
-  if (!clientExist) {
-    const client = new Client(CLIENT)
-    await client.save()
-
-    console.log(`DB Seed - client created: ${CLIENT.clientId}`)
-  }
-
-  // Checking if user is already in the database
-  const usernameExist = await User.findOne({ username: ADMIN_USER.username })
-  if (!usernameExist) {
-    const user = new User(ADMIN_USER)
-    await user.save()
-
-    console.log(`DB Seed - admin account created: ${ADMIN_USER.username}`)
-  }
-}

api/src/utils/setProcessVariables.ts

@@ -1,26 +1,40 @@
 import path from 'path'
 import { createFolder, getAbsolutePath, getRealPath } from '@sasjs/utils'
 
-import { getDesktopFields, ModeType, RunTimeType } from '.'
+import { connectDB, getDesktopFields, ModeType, RunTimeType, SECRETS } from '.'
 
 export const setProcessVariables = async () => {
+  const { MODE, RUN_TIMES } = process.env
+
+  if (MODE === ModeType.Server) {
+    // NOTE: when exporting app.js as agent for supertest
+    // it should prevent connecting to the real database
+    if (process.env.NODE_ENV !== 'test') {
+      const secrets = await connectDB()
+
+      process.secrets = secrets
+    } else {
+      process.secrets = SECRETS
+    }
+  }
+
   if (process.env.NODE_ENV === 'test') {
     process.driveLoc = path.join(process.cwd(), 'sasjs_root')
     return
   }
 
-  const { MODE, RUN_TIMES } = process.env
-
   process.runTimes = (RUN_TIMES?.split(',') as RunTimeType[]) ?? []
 
   if (MODE === ModeType.Server) {
     process.sasLoc = process.env.SAS_PATH
     process.nodeLoc = process.env.NODE_PATH
+    process.pythonLoc = process.env.PYTHON_PATH
   } else {
-    const { sasLoc, nodeLoc } = await getDesktopFields()
+    const { sasLoc, nodeLoc, pythonLoc } = await getDesktopFields()
 
     process.sasLoc = sasLoc
     process.nodeLoc = nodeLoc
+    process.pythonLoc = pythonLoc
   }
 
   const { SASJS_ROOT } = process.env
@@ -28,7 +42,18 @@ export const setProcessVariables = async () => {
   await createFolder(absPath)
   process.driveLoc = getRealPath(absPath)
 
+  const { LOG_LOCATION } = process.env
+  const absLogsPath = getAbsolutePath(
+    LOG_LOCATION ?? `sasjs_root${path.sep}logs`,
+    process.cwd()
+  )
+  await createFolder(absLogsPath)
+  process.logsLoc = getRealPath(absLogsPath)
+
+  process.logsUUID = 'SASJS_LOGS_SEPARATOR_163ee17b6ff24f028928972d80a26784'
+
   console.log('sasLoc: ', process.sasLoc)
   console.log('sasDrive: ', process.driveLoc)
+  console.log('sasLogs: ', process.logsLoc)
   console.log('runTimes: ', process.runTimes)
 }

api/src/utils/specs/extractHeaders.spec.ts

@@ -1,4 +1,4 @@
-import { extractHeaders } from '..'
+import { extractHeaders } from '../extractHeaders'
 
 describe('extractHeaders', () => {
   it('should return valid http headers', () => {

api/src/utils/specs/parseLogToArray.spec.ts

@@ -1,4 +1,4 @@
-import { parseLogToArray } from '..'
+import { parseLogToArray } from '../parseLogToArray'
 
 describe('parseLogToArray', () => {
   it('should parse log to array type', () => {

api/src/utils/upload.ts

@@ -1,6 +1,6 @@
 import path from 'path'
 import { MulterFile } from '../types/Upload'
-import { listFilesInFolder, readFileBinary } from '@sasjs/utils'
+import { listFilesInFolder, readFileBinary, isWindows } from '@sasjs/utils'
 
 interface FilenameMapSingle {
   fieldName: string
@@ -118,15 +118,42 @@ export const generateFileUploadJSCode = async (
     if (fileName.includes('req_file')) {
       fileCount++
       const filePath = path.join(sessionFolder, fileName)
-      uploadCode += `\nconst _WEBIN_FILEREF${fileCount} = fs.readFileSync('${filePath}')`
+      uploadCode += `\nconst _WEBIN_FILEREF${fileCount} = fs.readFileSync('${
+        isWindows() ? filePath.replace(/\\/g, '\\\\') : filePath
+      }')`
       uploadCode += `\nconst _WEBIN_FILENAME${fileCount} = '${filesNamesMap[fileName].originalName}'`
       uploadCode += `\nconst _WEBIN_NAME${fileCount} = '${filesNamesMap[fileName].fieldName}'`
     }
   })
 
-  if (fileCount) {
-    uploadCode = `\nconst _WEBIN_FILE_COUNT = ${fileCount}` + uploadCode
-  }
+  uploadCode += `\nconst _WEBIN_FILE_COUNT = ${fileCount}`
+
+  return uploadCode
+}
+
+/**
+ * Generates the python code that references uploaded files in the concurrent request
+ * @param filesNamesMap object that maps hashed file names and original file names
+ * @param sessionFolder name of the folder that is created for the purpose of files in concurrent request
+ * @returns generated python code
+ */
+export const generateFileUploadPythonCode = async (
+  filesNamesMap: FilenamesMap,
+  sessionFolder: string
+) => {
+  let uploadCode = ''
+  let fileCount = 0
+
+  const sessionFolderList: string[] = await listFilesInFolder(sessionFolder)
+  sessionFolderList.forEach(async (fileName) => {
+    if (fileName.includes('req_file')) {
+      fileCount++
+      uploadCode += `\n_WEBIN_FILENAME${fileCount} = '${filesNamesMap[fileName].originalName}'`
+      uploadCode += `\n_WEBIN_NAME${fileCount} = '${filesNamesMap[fileName].fieldName}'`
+    }
+  })
+
+  uploadCode += `\n_WEBIN_FILE_COUNT = ${fileCount}`
 
   return uploadCode
 }

api/src/utils/validation.ts

@@ -1,5 +1,10 @@
 import Joi from 'joi'
-import { RunTimeType } from '.'
+import {
+  PermissionType,
+  PermissionSettingForRoute,
+  PrincipalType
+} from '../controllers/permission'
+import { getAuthorizedRoutes } from './getAuthorizedRoutes'
 
 const usernameSchema = Joi.string().lowercase().alphanum().min(3).max(16)
 const passwordSchema = Joi.string().min(6).max(1024)
@@ -86,6 +91,30 @@ export const registerClientValidation = (data: any): Joi.ValidationResult =>
     clientSecret: Joi.string().required()
   }).validate(data)
 
+export const registerPermissionValidation = (data: any): Joi.ValidationResult =>
+  Joi.object({
+    path: Joi.string()
+      .required()
+      .valid(...getAuthorizedRoutes()),
+    type: Joi.string()
+      .required()
+      .valid(...Object.values(PermissionType)),
+    setting: Joi.string()
+      .required()
+      .valid(...Object.values(PermissionSettingForRoute)),
+    principalType: Joi.string()
+      .required()
+      .valid(...Object.values(PrincipalType)),
+    principalId: Joi.number().required()
+  }).validate(data)
+
+export const updatePermissionValidation = (data: any): Joi.ValidationResult =>
+  Joi.object({
+    setting: Joi.string()
+      .required()
+      .valid(...Object.values(PermissionSettingForRoute))
+  }).validate(data)
+
 export const deployValidation = (data: any): Joi.ValidationResult =>
   Joi.object({
     appLoc: Joi.string().pattern(/^\//).required().min(2),
@@ -116,9 +145,23 @@ export const fileParamValidation = (data: any): Joi.ValidationResult =>
     _filePath: filePathSchema
   }).validate(data)
 
-export const folderParamValidation = (data: any): Joi.ValidationResult =>
+export const folderParamValidation = (
+  data: any,
+  folderPathRequired?: boolean
+): Joi.ValidationResult =>
   Joi.object({
-    _folderPath: Joi.string()
+    _folderPath: folderPathRequired ? Joi.string().required() : Joi.string()
+  }).validate(data)
+
+export const folderBodyValidation = (data: any): Joi.ValidationResult =>
+  Joi.object({
+    folderPath: Joi.string().required()
+  }).validate(data)
+
+export const renameBodyValidation = (data: any): Joi.ValidationResult =>
+  Joi.object({
+    oldPath: Joi.string().required(),
+    newPath: Joi.string().required()
   }).validate(data)
 
 export const runCodeValidation = (data: any): Joi.ValidationResult =>

api/src/utils/verifyEnvVariables.ts

@@ -28,7 +28,8 @@ export enum LOG_FORMAT_MORGANType {
 
 export enum RunTimeType {
   SAS = 'sas',
-  JS = 'js'
+  JS = 'js',
+  PY = 'py'
 }
 
 export enum ReturnCode {
@@ -78,33 +79,7 @@ const verifyMODE = (): string[] => {
   }
 
   if (process.env.MODE === ModeType.Server) {
-    const {
-      ACCESS_TOKEN_SECRET,
-      REFRESH_TOKEN_SECRET,
-      AUTH_CODE_SECRET,
-      SESSION_SECRET,
-      DB_CONNECT
-    } = process.env
-
-    if (!ACCESS_TOKEN_SECRET)
-      errors.push(
-        `- ACCESS_TOKEN_SECRET is required for PROTOCOL '${ModeType.Server}'`
-      )
-
-    if (!REFRESH_TOKEN_SECRET)
-      errors.push(
-        `- REFRESH_TOKEN_SECRET is required for PROTOCOL '${ModeType.Server}'`
-      )
-
-    if (!AUTH_CODE_SECRET)
-      errors.push(
-        `- AUTH_CODE_SECRET is required for PROTOCOL '${ModeType.Server}'`
-      )
-
-    if (!SESSION_SECRET)
-      errors.push(
-        `- SESSION_SECRET is required for PROTOCOL '${ModeType.Server}'`
-      )
+    const { DB_CONNECT } = process.env
 
     if (process.env.NODE_ENV !== 'test')
       if (!DB_CONNECT)
@@ -151,8 +126,27 @@ const verifyCORS = (): string[] => {
 
   if (CORS) {
     const corsTypes = Object.values(CorsType)
+
     if (!corsTypes.includes(CORS as CorsType))
       errors.push(`- CORS '${CORS}'\n - valid options ${corsTypes}`)
+
+    if (CORS === CorsType.ENABLED) {
+      const { WHITELIST } = process.env
+
+      const urls = WHITELIST?.trim()
+        .split(' ')
+        .filter((url) => !!url)
+      if (urls?.length) {
+        urls.forEach((url) => {
+          if (!url.startsWith('http://') && !url.startsWith('https://'))
+            errors.push(
+              `- CORS '${CORS}'\n - provided WHITELIST ${url} is not valid`
+            )
+        })
+      } else {
+        errors.push(`- CORS '${CORS}'\n - provide at least one WHITELIST URL`)
+      }
+    }
   } else {
     const { MODE } = process.env
     process.env.CORS =
@@ -235,7 +229,7 @@ const verifyRUN_TIMES = (): string[] => {
 
 const verifyExecutablePaths = () => {
   const errors: string[] = []
-  const { RUN_TIMES, SAS_PATH, NODE_PATH, MODE } = process.env
+  const { RUN_TIMES, SAS_PATH, NODE_PATH, PYTHON_PATH, MODE } = process.env
 
   if (MODE === ModeType.Server) {
     const runTimes = RUN_TIMES?.split(',')
@@ -247,6 +241,10 @@ const verifyExecutablePaths = () => {
     if (runTimes?.includes(RunTimeType.JS) && !NODE_PATH) {
       errors.push(`- NODE_PATH is required for ${RunTimeType.JS} run time`)
     }
+
+    if (runTimes?.includes(RunTimeType.PY) && !PYTHON_PATH) {
+      errors.push(`- PYTHON_PATH is required for ${RunTimeType.PY} run time`)
+    }
   }
 
   return errors

api/src/utils/zipped.ts

@@ -28,7 +28,8 @@ export const extractJSONFromZip = async (zipFile: Express.Multer.File) => {
 
   for await (const entry of zip) {
     const fileName = entry.path as string
-    if (fileName.toUpperCase().endsWith('.JSON') && fileName === fileInZip) {
+    // grab the first json found in .zip
+    if (fileName.toUpperCase().endsWith('.JSON')) {
       fileContent = await entry.buffer()
       break
     } else {

api/tsoa.json

@@ -12,40 +12,44 @@
     },
     "tags": [
       {
-        "name": "Info",
-        "description": "Get Server Info"
-      },
-      {
-        "name": "Session",
-        "description": "Get Session information"
-      },
-      {
-        "name": "User",
-        "description": "Operations about users"
+        "name": "Auth",
+        "description": "Operations about auth"
       },
       {
         "name": "Client",
         "description": "Operations about clients"
       },
       {
-        "name": "Auth",
-        "description": "Operations about auth"
+        "name": "CODE",
+        "description": "Execution of code (various runtimes are supported)"
       },
       {
         "name": "Drive",
-        "description": "Operations about drive"
+        "description": "Operations on SASjs Drive"
       },
       {
         "name": "Group",
-        "description": "Operations about group"
+        "description": "Operations on groups and group memberships"
+      },
+      {
+        "name": "Info",
+        "description": "Get Server Information"
+      },
+      {
+        "name": "Permission",
+        "description": "Operations about permissions"
+      },
+      {
+        "name": "Session",
+        "description": "Get Session information"
       },
       {
         "name": "STP",
-        "description": "Operations about STP"
+        "description": "Execution of Stored Programs"
       },
       {
-        "name": "CODE",
-        "description": "Operations on SAS code"
+        "name": "User",
+        "description": "Operations with users"
       },
       {
         "name": "Web",

web/package-lock.json

@@ -10,7 +10,7 @@
       "dependencies": {
         "@emotion/react": "^11.4.1",
         "@emotion/styled": "^11.3.0",
-        "@mui/icons-material": "^5.0.3",
+        "@mui/icons-material": "^5.8.4",
         "@mui/lab": "^5.0.0-alpha.50",
         "@mui/material": "^5.0.3",
         "@mui/styles": "^5.0.1",
@@ -27,7 +27,7 @@
         "react-copy-to-clipboard": "^5.1.0",
         "react-dom": "^17.0.2",
         "react-monaco-editor": "^0.48.0",
-        "react-router-dom": "^5.3.0",
+        "react-router-dom": "^6.3.0",
         "react-toastify": "^9.0.1"
       },
       "devDependencies": {
@@ -1836,9 +1836,9 @@
       }
     },
     "node_modules/@babel/runtime": {
-      "version": "7.16.3",
-      "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.16.3.tgz",
-      "integrity": "sha512-WBwekcqacdY2e9AF/Q7WLFUWmdJGJTkbjqTjoMDgXkVZ3ZRUvOPsLb5KdwISoQVsbP+DQzVZW4Zhci0DvpbNTQ==",
+      "version": "7.18.6",
+      "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.18.6.tgz",
+      "integrity": "sha512-t9wi7/AW6XtKahAe20Yw0/mMljKq0B1r2fPdvaAdV/KPDZewFXdaaa6K7lxmZBZ8FBNpCiAT6iHPmd6QO9bKfQ==",
       "dependencies": {
         "regenerator-runtime": "^0.13.4"
       },
@@ -2284,6 +2284,58 @@
         "node": ">=8"
       }
     },
+    "node_modules/@jridgewell/gen-mapping": {
+      "version": "0.3.2",
+      "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.2.tgz",
+      "integrity": "sha512-mh65xKQAzI6iBcFzwv28KVWSmCkdRBWoOh+bYQGW3+6OZvbbN3TqMGo5hqYxQniRcH9F2VZIoJCm4pa3BPDK/A==",
+      "dependencies": {
+        "@jridgewell/set-array": "^1.0.1",
+        "@jridgewell/sourcemap-codec": "^1.4.10",
+        "@jridgewell/trace-mapping": "^0.3.9"
+      },
+      "engines": {
+        "node": ">=6.0.0"
+      }
+    },
+    "node_modules/@jridgewell/resolve-uri": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.0.tgz",
+      "integrity": "sha512-F2msla3tad+Mfht5cJq7LSXcdudKTWCVYUgw6pLFOOHSTtZlj6SWNYAp+AhuqLmWdBO2X5hPrLcu8cVP8fy28w==",
+      "engines": {
+        "node": ">=6.0.0"
+      }
+    },
+    "node_modules/@jridgewell/set-array": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/@jridgewell/set-array/-/set-array-1.1.2.tgz",
+      "integrity": "sha512-xnkseuNADM0gt2bs+BvhO0p78Mk762YnZdsuzFV018NoG1Sj1SCQvpSqa7XUaTam5vAGasABV9qXASMKnFMwMw==",
+      "engines": {
+        "node": ">=6.0.0"
+      }
+    },
+    "node_modules/@jridgewell/source-map": {
+      "version": "0.3.2",
+      "resolved": "https://registry.npmjs.org/@jridgewell/source-map/-/source-map-0.3.2.tgz",
+      "integrity": "sha512-m7O9o2uR8k2ObDysZYzdfhb08VuEml5oWGiosa1VdaPZ/A6QyPkAJuwN0Q1lhULOf6B7MtQmHENS743hWtCrgw==",
+      "dependencies": {
+        "@jridgewell/gen-mapping": "^0.3.0",
+        "@jridgewell/trace-mapping": "^0.3.9"
+      }
+    },
+    "node_modules/@jridgewell/sourcemap-codec": {
+      "version": "1.4.14",
+      "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.14.tgz",
+      "integrity": "sha512-XPSJHWmi394fuUuzDnGz1wiKqWfo1yXecHQMRf2l6hztTO+nPru658AyDngaBe7isIxEkRsPR3FZh+s7iVa4Uw=="
+    },
+    "node_modules/@jridgewell/trace-mapping": {
+      "version": "0.3.14",
+      "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.14.tgz",
+      "integrity": "sha512-bJWEfQ9lPTvm3SneWwRFVLzrh6nhjwqw7TUFFBEMzwvg7t7PCDenf2lDwqo4NQXzdpgBXyFgDWnQA+2vkruksQ==",
+      "dependencies": {
+        "@jridgewell/resolve-uri": "^3.0.3",
+        "@jridgewell/sourcemap-codec": "^1.4.10"
+      }
+    },
     "node_modules/@mui/core": {
       "version": "5.0.0-alpha.54",
       "resolved": "https://registry.npmjs.org/@mui/core/-/core-5.0.0-alpha.54.tgz",
@@ -2312,19 +2364,23 @@
       }
     },
     "node_modules/@mui/icons-material": {
-      "version": "5.1.0",
-      "resolved": "https://registry.npmjs.org/@mui/icons-material/-/icons-material-5.1.0.tgz",
-      "integrity": "sha512-GD2cNZ2XTqoxX6DMUg+tos1fDUVg6kXWxwo9UuBiRIhK8N+B7CG7vjRDf28LLmewcqIjxqy+T2SEVqDLy1FOYQ==",
+      "version": "5.8.4",
+      "resolved": "https://registry.npmjs.org/@mui/icons-material/-/icons-material-5.8.4.tgz",
+      "integrity": "sha512-9Z/vyj2szvEhGWDvb+gG875bOGm8b8rlHBKOD1+nA3PcgC3fV6W1AU6pfOorPeBfH2X4mb9Boe97vHvaSndQvA==",
       "dependencies": {
-        "@babel/runtime": "^7.16.0"
+        "@babel/runtime": "^7.17.2"
       },
       "engines": {
         "node": ">=12.0.0"
       },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/mui"
+      },
       "peerDependencies": {
         "@mui/material": "^5.0.0",
-        "@types/react": "^16.8.6 || ^17.0.0",
-        "react": "^17.0.2"
+        "@types/react": "^17.0.0 || ^18.0.0",
+        "react": "^17.0.0 || ^18.0.0"
       },
       "peerDependenciesMeta": {
         "@types/react": {
@@ -3933,11 +3989,9 @@
       }
     },
     "node_modules/acorn": {
-      "version": "7.4.1",
-      "resolved": "https://registry.npmjs.org/acorn/-/acorn-7.4.1.tgz",
-      "integrity": "sha512-nQyp0o1/mNdbTO1PO6kHkwSrmgZ0MT/jCCpNiwbUjGoRN4dlBhqJtoQuCnEOKzgTVwg0ZWiCoQy6SxMebQVh8A==",
-      "dev": true,
-      "peer": true,
+      "version": "8.8.0",
+      "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.8.0.tgz",
+      "integrity": "sha512-QOxyigPVrpZ2GXT+PFyZTl6TtOFc5egxHIP9IlQ+RbupQuX4RkT/Bee4/kQuC02Xkzg84JcT7oLYtDIQxp+v7w==",
       "bin": {
         "acorn": "bin/acorn"
       },
@@ -6518,18 +6572,6 @@
         "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
       }
     },
-    "node_modules/espree/node_modules/acorn": {
-      "version": "8.7.0",
-      "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.7.0.tgz",
-      "integrity": "sha512-V/LGr1APy+PXIwKebEWrkZPwoeoF+w1jiOBUmuxuiUIaOHtob8Qc9BTrYo7VuI5fR8tqsy+buA2WFooR5olqvQ==",
-      "dev": true,
-      "bin": {
-        "acorn": "bin/acorn"
-      },
-      "engines": {
-        "node": ">=0.4.0"
-      }
-    },
     "node_modules/espree/node_modules/eslint-visitor-keys": {
       "version": "3.3.0",
       "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.3.0.tgz",
@@ -7128,16 +7170,11 @@
       }
     },
     "node_modules/history": {
-      "version": "4.10.1",
-      "resolved": "https://registry.npmjs.org/history/-/history-4.10.1.tgz",
-      "integrity": "sha512-36nwAD620w12kuzPAsyINPWJqlNbij+hpK1k9XRloDtym8mxzGYl2c17LnV6IAGB2Dmg4tEa7G7DlawS0+qjew==",
+      "version": "5.3.0",
+      "resolved": "https://registry.npmjs.org/history/-/history-5.3.0.tgz",
+      "integrity": "sha512-ZqaKwjjrAYUYfLG+htGaIIZ4nioX2L70ZUMIFysS3xvBsSG4x/n1V6TXV3N8ZYNuFGlDirFg32T7B6WOUPDYcQ==",
       "dependencies": {
-        "@babel/runtime": "^7.1.2",
-        "loose-envify": "^1.2.0",
-        "resolve-pathname": "^3.0.0",
-        "tiny-invariant": "^1.0.2",
-        "tiny-warning": "^1.0.0",
-        "value-equal": "^1.0.1"
+        "@babel/runtime": "^7.7.6"
       }
     },
     "node_modules/hoist-non-react-statics": {
@@ -7198,20 +7235,6 @@
         "node": ">=12"
       }
     },
-    "node_modules/html-minifier-terser/node_modules/acorn": {
-      "version": "8.7.0",
-      "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.7.0.tgz",
-      "integrity": "sha512-V/LGr1APy+PXIwKebEWrkZPwoeoF+w1jiOBUmuxuiUIaOHtob8Qc9BTrYo7VuI5fR8tqsy+buA2WFooR5olqvQ==",
-      "dev": true,
-      "optional": true,
-      "peer": true,
-      "bin": {
-        "acorn": "bin/acorn"
-      },
-      "engines": {
-        "node": ">=0.4.0"
-      }
-    },
     "node_modules/html-minifier-terser/node_modules/commander": {
       "version": "8.3.0",
       "resolved": "https://registry.npmjs.org/commander/-/commander-8.3.0.tgz",
@@ -7221,46 +7244,6 @@
         "node": ">= 12"
       }
     },
-    "node_modules/html-minifier-terser/node_modules/source-map": {
-      "version": "0.7.3",
-      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.3.tgz",
-      "integrity": "sha512-CkCj6giN3S+n9qrYiBTX5gystlENnRW5jZeNLHpe6aue+SrHcG5VYwujhW9s4dY31mEGsxBDrHR6oI69fTXsaQ==",
-      "dev": true,
-      "engines": {
-        "node": ">= 8"
-      }
-    },
-    "node_modules/html-minifier-terser/node_modules/terser": {
-      "version": "5.10.0",
-      "resolved": "https://registry.npmjs.org/terser/-/terser-5.10.0.tgz",
-      "integrity": "sha512-AMmF99DMfEDiRJfxfY5jj5wNH/bYO09cniSqhfoyxc8sFoYIgkJy86G04UoZU5VjlpnplVu0K6Tx6E9b5+DlHA==",
-      "dev": true,
-      "dependencies": {
-        "commander": "^2.20.0",
-        "source-map": "~0.7.2",
-        "source-map-support": "~0.5.20"
-      },
-      "bin": {
-        "terser": "bin/terser"
-      },
-      "engines": {
-        "node": ">=10"
-      },
-      "peerDependencies": {
-        "acorn": "^8.5.0"
-      },
-      "peerDependenciesMeta": {
-        "acorn": {
-          "optional": true
-        }
-      }
-    },
-    "node_modules/html-minifier-terser/node_modules/terser/node_modules/commander": {
-      "version": "2.20.3",
-      "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz",
-      "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ==",
-      "dev": true
-    },
     "node_modules/html-webpack-plugin": {
       "version": "5.5.0",
       "resolved": "https://registry.npmjs.org/html-webpack-plugin/-/html-webpack-plugin-5.5.0.tgz",
@@ -7829,11 +7812,6 @@
         "node": ">=8"
       }
     },
-    "node_modules/isarray": {
-      "version": "0.0.1",
-      "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz",
-      "integrity": "sha1-ihis/Kmo9Bd+Cav8YDiTmwXR7t8="
-    },
     "node_modules/isexe": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz",
@@ -8392,19 +8370,6 @@
         "node": ">=4"
       }
     },
-    "node_modules/mini-create-react-context": {
-      "version": "0.4.1",
-      "resolved": "https://registry.npmjs.org/mini-create-react-context/-/mini-create-react-context-0.4.1.tgz",
-      "integrity": "sha512-YWCYEmd5CQeHGSAKrYvXgmzzkrvssZcuuQDDeqkT+PziKGMgE+0MCCtcKbROzocGBG1meBLl2FotlRwf4gAzbQ==",
-      "dependencies": {
-        "@babel/runtime": "^7.12.1",
-        "tiny-warning": "^1.0.3"
-      },
-      "peerDependencies": {
-        "prop-types": "^15.0.0",
-        "react": "^0.14.0 || ^15.0.0 || ^16.0.0 || ^17.0.0"
-      }
-    },
     "node_modules/minimalistic-assert": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz",
@@ -8967,14 +8932,6 @@
       "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz",
       "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw=="
     },
-    "node_modules/path-to-regexp": {
-      "version": "1.8.0",
-      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-1.8.0.tgz",
-      "integrity": "sha512-n43JRhlUKUAlibEJhPeir1ncUID16QnEjNpwzNdO3Lm4ywrBpBZ5oLD0I6br9evr1Y9JTqwRtAh7JLoOzAQdVA==",
-      "dependencies": {
-        "isarray": "0.0.1"
-      }
-    },
     "node_modules/path-type": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz",
@@ -9362,47 +9319,29 @@
         "react": "^17.x"
       }
     },
-    "node_modules/react-router": {
-      "version": "5.2.1",
-      "resolved": "https://registry.npmjs.org/react-router/-/react-router-5.2.1.tgz",
-      "integrity": "sha512-lIboRiOtDLFdg1VTemMwud9vRVuOCZmUIT/7lUoZiSpPODiiH1UQlfXy+vPLC/7IWdFYnhRwAyNqA/+I7wnvKQ==",
-      "dependencies": {
-        "@babel/runtime": "^7.12.13",
-        "history": "^4.9.0",
-        "hoist-non-react-statics": "^3.1.0",
-        "loose-envify": "^1.3.1",
-        "mini-create-react-context": "^0.4.0",
-        "path-to-regexp": "^1.7.0",
-        "prop-types": "^15.6.2",
-        "react-is": "^16.6.0",
-        "tiny-invariant": "^1.0.2",
-        "tiny-warning": "^1.0.0"
-      },
-      "peerDependencies": {
-        "react": ">=15"
-      }
-    },
     "node_modules/react-router-dom": {
-      "version": "5.3.0",
-      "resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-5.3.0.tgz",
-      "integrity": "sha512-ObVBLjUZsphUUMVycibxgMdh5jJ1e3o+KpAZBVeHcNQZ4W+uUGGWsokurzlF4YOldQYRQL4y6yFRWM4m3svmuQ==",
+      "version": "6.3.0",
+      "resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-6.3.0.tgz",
+      "integrity": "sha512-uaJj7LKytRxZNQV8+RbzJWnJ8K2nPsOOEuX7aQstlMZKQT0164C+X2w6bnkqU3sjtLvpd5ojrezAyfZ1+0sStw==",
       "dependencies": {
-        "@babel/runtime": "^7.12.13",
-        "history": "^4.9.0",
-        "loose-envify": "^1.3.1",
-        "prop-types": "^15.6.2",
-        "react-router": "5.2.1",
-        "tiny-invariant": "^1.0.2",
-        "tiny-warning": "^1.0.0"
+        "history": "^5.2.0",
+        "react-router": "6.3.0"
       },
       "peerDependencies": {
-        "react": ">=15"
+        "react": ">=16.8",
+        "react-dom": ">=16.8"
       }
     },
-    "node_modules/react-router/node_modules/react-is": {
-      "version": "16.13.1",
-      "resolved": "https://registry.npmjs.org/react-is/-/react-is-16.13.1.tgz",
-      "integrity": "sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ=="
+    "node_modules/react-router-dom/node_modules/react-router": {
+      "version": "6.3.0",
+      "resolved": "https://registry.npmjs.org/react-router/-/react-router-6.3.0.tgz",
+      "integrity": "sha512-7Wh1DzVQ+tlFjkeo+ujvjSqSJmkt1+8JO+T5xklPlgrh70y7ogx75ODRW0ThWhY7S+6yEDks8TYrtQe/aoboBQ==",
+      "dependencies": {
+        "history": "^5.2.0"
+      },
+      "peerDependencies": {
+        "react": ">=16.8"
+      }
     },
     "node_modules/react-toastify": {
       "version": "9.0.1",
@@ -9679,11 +9618,6 @@
         "node": ">=4"
       }
     },
-    "node_modules/resolve-pathname": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/resolve-pathname/-/resolve-pathname-3.0.0.tgz",
-      "integrity": "sha512-C7rARubxI8bXFNB/hqcp/4iUeIXJhJZvFPFPiSPRnhU5UPxzMFIl+2E6yY6c4k9giDJAhtV+enfA+G89N6Csng=="
-    },
     "node_modules/retry": {
       "version": "0.13.1",
       "resolved": "https://registry.npmjs.org/retry/-/retry-0.13.1.tgz",
@@ -10337,6 +10271,28 @@
         "node": ">=6"
       }
     },
+    "node_modules/terser": {
+      "version": "5.14.2",
+      "resolved": "https://registry.npmjs.org/terser/-/terser-5.14.2.tgz",
+      "integrity": "sha512-oL0rGeM/WFQCUd0y2QrWxYnq7tfSuKBiqTjRPWrRgB46WD/kiwHwF8T23z78H6Q6kGCuuHcPB+KULHRdxvVGQA==",
+      "dependencies": {
+        "@jridgewell/source-map": "^0.3.2",
+        "acorn": "^8.5.0",
+        "commander": "^2.20.0",
+        "source-map-support": "~0.5.20"
+      },
+      "bin": {
+        "terser": "bin/terser"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/terser/node_modules/commander": {
+      "version": "2.20.3",
+      "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz",
+      "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ=="
+    },
     "node_modules/text-table": {
       "version": "0.2.0",
       "resolved": "https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz",
@@ -10349,11 +10305,6 @@
       "integrity": "sha512-eHY7nBftgThBqOyHGVN+l8gF0BucP09fMo0oO/Lb0w1OF80dJv+lDVpXG60WMQvkcxAkNybKsrEIE3ZtKGmPrA==",
       "dev": true
     },
-    "node_modules/tiny-invariant": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/tiny-invariant/-/tiny-invariant-1.2.0.tgz",
-      "integrity": "sha512-1Uhn/aqw5C6RI4KejVeTg6mIS7IqxnLJ8Mv2tV5rTc0qWobay7pDUz6Wi392Cnc8ak1H0F2cjoRzb2/AW4+Fvg=="
-    },
     "node_modules/tiny-warning": {
       "version": "1.0.3",
       "resolved": "https://registry.npmjs.org/tiny-warning/-/tiny-warning-1.0.3.tgz",
@@ -10733,11 +10684,6 @@
         "node": ">= 0.10"
       }
     },
-    "node_modules/value-equal": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/value-equal/-/value-equal-1.0.1.tgz",
-      "integrity": "sha512-NOJ6JZCAWr0zlxZt+xqCHNTEKOsrks2HQd4MqhP1qy4z1SkbEP467eNx6TgDKXMvUOb+OENfJCZwM+16n7fRfw=="
-    },
     "node_modules/vary": {
       "version": "1.1.2",
       "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz",
@@ -11184,17 +11130,6 @@
         "node": ">=10.0.0"
       }
     },
-    "node_modules/webpack/node_modules/acorn": {
-      "version": "8.7.0",
-      "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.7.0.tgz",
-      "integrity": "sha512-V/LGr1APy+PXIwKebEWrkZPwoeoF+w1jiOBUmuxuiUIaOHtob8Qc9BTrYo7VuI5fR8tqsy+buA2WFooR5olqvQ==",
-      "bin": {
-        "acorn": "bin/acorn"
-      },
-      "engines": {
-        "node": ">=0.4.0"
-      }
-    },
     "node_modules/webpack/node_modules/acorn-import-assertions": {
       "version": "1.8.0",
       "resolved": "https://registry.npmjs.org/acorn-import-assertions/-/acorn-import-assertions-1.8.0.tgz",
@@ -11203,11 +11138,6 @@
         "acorn": "^8"
       }
     },
-    "node_modules/webpack/node_modules/commander": {
-      "version": "2.20.3",
-      "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz",
-      "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ=="
-    },
     "node_modules/webpack/node_modules/has-flag": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
@@ -11276,30 +11206,6 @@
         "url": "https://github.com/chalk/supports-color?sponsor=1"
       }
     },
-    "node_modules/webpack/node_modules/terser": {
-      "version": "5.10.0",
-      "resolved": "https://registry.npmjs.org/terser/-/terser-5.10.0.tgz",
-      "integrity": "sha512-AMmF99DMfEDiRJfxfY5jj5wNH/bYO09cniSqhfoyxc8sFoYIgkJy86G04UoZU5VjlpnplVu0K6Tx6E9b5+DlHA==",
-      "dependencies": {
-        "commander": "^2.20.0",
-        "source-map": "~0.7.2",
-        "source-map-support": "~0.5.20"
-      },
-      "bin": {
-        "terser": "bin/terser"
-      },
-      "engines": {
-        "node": ">=10"
-      },
-      "peerDependencies": {
-        "acorn": "^8.5.0"
-      },
-      "peerDependenciesMeta": {
-        "acorn": {
-          "optional": true
-        }
-      }
-    },
     "node_modules/webpack/node_modules/terser-webpack-plugin": {
       "version": "5.3.1",
       "resolved": "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-5.3.1.tgz",
@@ -11333,14 +11239,6 @@
         }
       }
     },
-    "node_modules/webpack/node_modules/terser/node_modules/source-map": {
-      "version": "0.7.3",
-      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.3.tgz",
-      "integrity": "sha512-CkCj6giN3S+n9qrYiBTX5gystlENnRW5jZeNLHpe6aue+SrHcG5VYwujhW9s4dY31mEGsxBDrHR6oI69fTXsaQ==",
-      "engines": {
-        "node": ">= 8"
-      }
-    },
     "node_modules/webpack/node_modules/webpack-sources": {
       "version": "3.2.3",
       "resolved": "https://registry.npmjs.org/webpack-sources/-/webpack-sources-3.2.3.tgz",
@@ -12642,9 +12540,9 @@
       }
     },
     "@babel/runtime": {
-      "version": "7.16.3",
-      "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.16.3.tgz",
-      "integrity": "sha512-WBwekcqacdY2e9AF/Q7WLFUWmdJGJTkbjqTjoMDgXkVZ3ZRUvOPsLb5KdwISoQVsbP+DQzVZW4Zhci0DvpbNTQ==",
+      "version": "7.18.6",
+      "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.18.6.tgz",
+      "integrity": "sha512-t9wi7/AW6XtKahAe20Yw0/mMljKq0B1r2fPdvaAdV/KPDZewFXdaaa6K7lxmZBZ8FBNpCiAT6iHPmd6QO9bKfQ==",
       "requires": {
         "regenerator-runtime": "^0.13.4"
       }
@@ -12974,6 +12872,49 @@
         }
       }
     },
+    "@jridgewell/gen-mapping": {
+      "version": "0.3.2",
+      "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.2.tgz",
+      "integrity": "sha512-mh65xKQAzI6iBcFzwv28KVWSmCkdRBWoOh+bYQGW3+6OZvbbN3TqMGo5hqYxQniRcH9F2VZIoJCm4pa3BPDK/A==",
+      "requires": {
+        "@jridgewell/set-array": "^1.0.1",
+        "@jridgewell/sourcemap-codec": "^1.4.10",
+        "@jridgewell/trace-mapping": "^0.3.9"
+      }
+    },
+    "@jridgewell/resolve-uri": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.0.tgz",
+      "integrity": "sha512-F2msla3tad+Mfht5cJq7LSXcdudKTWCVYUgw6pLFOOHSTtZlj6SWNYAp+AhuqLmWdBO2X5hPrLcu8cVP8fy28w=="
+    },
+    "@jridgewell/set-array": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/@jridgewell/set-array/-/set-array-1.1.2.tgz",
+      "integrity": "sha512-xnkseuNADM0gt2bs+BvhO0p78Mk762YnZdsuzFV018NoG1Sj1SCQvpSqa7XUaTam5vAGasABV9qXASMKnFMwMw=="
+    },
+    "@jridgewell/source-map": {
+      "version": "0.3.2",
+      "resolved": "https://registry.npmjs.org/@jridgewell/source-map/-/source-map-0.3.2.tgz",
+      "integrity": "sha512-m7O9o2uR8k2ObDysZYzdfhb08VuEml5oWGiosa1VdaPZ/A6QyPkAJuwN0Q1lhULOf6B7MtQmHENS743hWtCrgw==",
+      "requires": {
+        "@jridgewell/gen-mapping": "^0.3.0",
+        "@jridgewell/trace-mapping": "^0.3.9"
+      }
+    },
+    "@jridgewell/sourcemap-codec": {
+      "version": "1.4.14",
+      "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.14.tgz",
+      "integrity": "sha512-XPSJHWmi394fuUuzDnGz1wiKqWfo1yXecHQMRf2l6hztTO+nPru658AyDngaBe7isIxEkRsPR3FZh+s7iVa4Uw=="
+    },
+    "@jridgewell/trace-mapping": {
+      "version": "0.3.14",
+      "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.14.tgz",
+      "integrity": "sha512-bJWEfQ9lPTvm3SneWwRFVLzrh6nhjwqw7TUFFBEMzwvg7t7PCDenf2lDwqo4NQXzdpgBXyFgDWnQA+2vkruksQ==",
+      "requires": {
+        "@jridgewell/resolve-uri": "^3.0.3",
+        "@jridgewell/sourcemap-codec": "^1.4.10"
+      }
+    },
     "@mui/core": {
       "version": "5.0.0-alpha.54",
       "resolved": "https://registry.npmjs.org/@mui/core/-/core-5.0.0-alpha.54.tgz",
@@ -12989,11 +12930,11 @@
       }
     },
     "@mui/icons-material": {
-      "version": "5.1.0",
-      "resolved": "https://registry.npmjs.org/@mui/icons-material/-/icons-material-5.1.0.tgz",
-      "integrity": "sha512-GD2cNZ2XTqoxX6DMUg+tos1fDUVg6kXWxwo9UuBiRIhK8N+B7CG7vjRDf28LLmewcqIjxqy+T2SEVqDLy1FOYQ==",
+      "version": "5.8.4",
+      "resolved": "https://registry.npmjs.org/@mui/icons-material/-/icons-material-5.8.4.tgz",
+      "integrity": "sha512-9Z/vyj2szvEhGWDvb+gG875bOGm8b8rlHBKOD1+nA3PcgC3fV6W1AU6pfOorPeBfH2X4mb9Boe97vHvaSndQvA==",
       "requires": {
-        "@babel/runtime": "^7.16.0"
+        "@babel/runtime": "^7.17.2"
       }
     },
     "@mui/lab": {
@@ -14170,11 +14111,9 @@
       }
     },
     "acorn": {
-      "version": "7.4.1",
-      "resolved": "https://registry.npmjs.org/acorn/-/acorn-7.4.1.tgz",
-      "integrity": "sha512-nQyp0o1/mNdbTO1PO6kHkwSrmgZ0MT/jCCpNiwbUjGoRN4dlBhqJtoQuCnEOKzgTVwg0ZWiCoQy6SxMebQVh8A==",
-      "dev": true,
-      "peer": true
+      "version": "8.8.0",
+      "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.8.0.tgz",
+      "integrity": "sha512-QOxyigPVrpZ2GXT+PFyZTl6TtOFc5egxHIP9IlQ+RbupQuX4RkT/Bee4/kQuC02Xkzg84JcT7oLYtDIQxp+v7w=="
     },
     "acorn-jsx": {
       "version": "5.3.2",
@@ -16121,12 +16060,6 @@
         "eslint-visitor-keys": "^3.3.0"
       },
       "dependencies": {
-        "acorn": {
-          "version": "8.7.0",
-          "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.7.0.tgz",
-          "integrity": "sha512-V/LGr1APy+PXIwKebEWrkZPwoeoF+w1jiOBUmuxuiUIaOHtob8Qc9BTrYo7VuI5fR8tqsy+buA2WFooR5olqvQ==",
-          "dev": true
-        },
         "eslint-visitor-keys": {
           "version": "3.3.0",
           "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.3.0.tgz",
@@ -16587,16 +16520,11 @@
       "dev": true
     },
     "history": {
-      "version": "4.10.1",
-      "resolved": "https://registry.npmjs.org/history/-/history-4.10.1.tgz",
-      "integrity": "sha512-36nwAD620w12kuzPAsyINPWJqlNbij+hpK1k9XRloDtym8mxzGYl2c17LnV6IAGB2Dmg4tEa7G7DlawS0+qjew==",
+      "version": "5.3.0",
+      "resolved": "https://registry.npmjs.org/history/-/history-5.3.0.tgz",
+      "integrity": "sha512-ZqaKwjjrAYUYfLG+htGaIIZ4nioX2L70ZUMIFysS3xvBsSG4x/n1V6TXV3N8ZYNuFGlDirFg32T7B6WOUPDYcQ==",
       "requires": {
-        "@babel/runtime": "^7.1.2",
-        "loose-envify": "^1.2.0",
-        "resolve-pathname": "^3.0.0",
-        "tiny-invariant": "^1.0.2",
-        "tiny-warning": "^1.0.0",
-        "value-equal": "^1.0.1"
+        "@babel/runtime": "^7.7.6"
       }
     },
     "hoist-non-react-statics": {
@@ -16650,44 +16578,11 @@
         "terser": "^5.10.0"
       },
       "dependencies": {
-        "acorn": {
-          "version": "8.7.0",
-          "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.7.0.tgz",
-          "integrity": "sha512-V/LGr1APy+PXIwKebEWrkZPwoeoF+w1jiOBUmuxuiUIaOHtob8Qc9BTrYo7VuI5fR8tqsy+buA2WFooR5olqvQ==",
-          "dev": true,
-          "optional": true,
-          "peer": true
-        },
         "commander": {
           "version": "8.3.0",
           "resolved": "https://registry.npmjs.org/commander/-/commander-8.3.0.tgz",
           "integrity": "sha512-OkTL9umf+He2DZkUq8f8J9of7yL6RJKI24dVITBmNfZBmri9zYZQrKkuXiKhyfPSu8tUhnVBB1iKXevvnlR4Ww==",
           "dev": true
-        },
-        "source-map": {
-          "version": "0.7.3",
-          "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.3.tgz",
-          "integrity": "sha512-CkCj6giN3S+n9qrYiBTX5gystlENnRW5jZeNLHpe6aue+SrHcG5VYwujhW9s4dY31mEGsxBDrHR6oI69fTXsaQ==",
-          "dev": true
-        },
-        "terser": {
-          "version": "5.10.0",
-          "resolved": "https://registry.npmjs.org/terser/-/terser-5.10.0.tgz",
-          "integrity": "sha512-AMmF99DMfEDiRJfxfY5jj5wNH/bYO09cniSqhfoyxc8sFoYIgkJy86G04UoZU5VjlpnplVu0K6Tx6E9b5+DlHA==",
-          "dev": true,
-          "requires": {
-            "commander": "^2.20.0",
-            "source-map": "~0.7.2",
-            "source-map-support": "~0.5.20"
-          },
-          "dependencies": {
-            "commander": {
-              "version": "2.20.3",
-              "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz",
-              "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ==",
-              "dev": true
-            }
-          }
         }
       }
     },
@@ -17084,11 +16979,6 @@
         "is-docker": "^2.0.0"
       }
     },
-    "isarray": {
-      "version": "0.0.1",
-      "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz",
-      "integrity": "sha1-ihis/Kmo9Bd+Cav8YDiTmwXR7t8="
-    },
     "isexe": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz",
@@ -17530,15 +17420,6 @@
       "resolved": "https://registry.npmjs.org/min-indent/-/min-indent-1.0.1.tgz",
       "integrity": "sha512-I9jwMn07Sy/IwOj3zVkVik2JTvgpaykDZEigL6Rx6N9LbMywwUSMtxET+7lVoDLLd3O3IXwJwvuuns8UB/HeAg=="
     },
-    "mini-create-react-context": {
-      "version": "0.4.1",
-      "resolved": "https://registry.npmjs.org/mini-create-react-context/-/mini-create-react-context-0.4.1.tgz",
-      "integrity": "sha512-YWCYEmd5CQeHGSAKrYvXgmzzkrvssZcuuQDDeqkT+PziKGMgE+0MCCtcKbROzocGBG1meBLl2FotlRwf4gAzbQ==",
-      "requires": {
-        "@babel/runtime": "^7.12.1",
-        "tiny-warning": "^1.0.3"
-      }
-    },
     "minimalistic-assert": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz",
@@ -17961,14 +17842,6 @@
       "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz",
       "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw=="
     },
-    "path-to-regexp": {
-      "version": "1.8.0",
-      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-1.8.0.tgz",
-      "integrity": "sha512-n43JRhlUKUAlibEJhPeir1ncUID16QnEjNpwzNdO3Lm4ywrBpBZ5oLD0I6br9evr1Y9JTqwRtAh7JLoOzAQdVA==",
-      "requires": {
-        "isarray": "0.0.1"
-      }
-    },
     "path-type": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/path-type/-/path-type-4.0.0.tgz",
@@ -18260,44 +18133,25 @@
         "prop-types": "^15.8.1"
       }
     },
-    "react-router": {
-      "version": "5.2.1",
-      "resolved": "https://registry.npmjs.org/react-router/-/react-router-5.2.1.tgz",
-      "integrity": "sha512-lIboRiOtDLFdg1VTemMwud9vRVuOCZmUIT/7lUoZiSpPODiiH1UQlfXy+vPLC/7IWdFYnhRwAyNqA/+I7wnvKQ==",
+    "react-router-dom": {
+      "version": "6.3.0",
+      "resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-6.3.0.tgz",
+      "integrity": "sha512-uaJj7LKytRxZNQV8+RbzJWnJ8K2nPsOOEuX7aQstlMZKQT0164C+X2w6bnkqU3sjtLvpd5ojrezAyfZ1+0sStw==",
       "requires": {
-        "@babel/runtime": "^7.12.13",
-        "history": "^4.9.0",
-        "hoist-non-react-statics": "^3.1.0",
-        "loose-envify": "^1.3.1",
-        "mini-create-react-context": "^0.4.0",
-        "path-to-regexp": "^1.7.0",
-        "prop-types": "^15.6.2",
-        "react-is": "^16.6.0",
-        "tiny-invariant": "^1.0.2",
-        "tiny-warning": "^1.0.0"
+        "history": "^5.2.0",
+        "react-router": "6.3.0"
       },
       "dependencies": {
-        "react-is": {
-          "version": "16.13.1",
-          "resolved": "https://registry.npmjs.org/react-is/-/react-is-16.13.1.tgz",
-          "integrity": "sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ=="
+        "react-router": {
+          "version": "6.3.0",
+          "resolved": "https://registry.npmjs.org/react-router/-/react-router-6.3.0.tgz",
+          "integrity": "sha512-7Wh1DzVQ+tlFjkeo+ujvjSqSJmkt1+8JO+T5xklPlgrh70y7ogx75ODRW0ThWhY7S+6yEDks8TYrtQe/aoboBQ==",
+          "requires": {
+            "history": "^5.2.0"
+          }
         }
       }
     },
-    "react-router-dom": {
-      "version": "5.3.0",
-      "resolved": "https://registry.npmjs.org/react-router-dom/-/react-router-dom-5.3.0.tgz",
-      "integrity": "sha512-ObVBLjUZsphUUMVycibxgMdh5jJ1e3o+KpAZBVeHcNQZ4W+uUGGWsokurzlF4YOldQYRQL4y6yFRWM4m3svmuQ==",
-      "requires": {
-        "@babel/runtime": "^7.12.13",
-        "history": "^4.9.0",
-        "loose-envify": "^1.3.1",
-        "prop-types": "^15.6.2",
-        "react-router": "5.2.1",
-        "tiny-invariant": "^1.0.2",
-        "tiny-warning": "^1.0.0"
-      }
-    },
     "react-toastify": {
       "version": "9.0.1",
       "resolved": "https://registry.npmjs.org/react-toastify/-/react-toastify-9.0.1.tgz",
@@ -18520,11 +18374,6 @@
       "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz",
       "integrity": "sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g=="
     },
-    "resolve-pathname": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/resolve-pathname/-/resolve-pathname-3.0.0.tgz",
-      "integrity": "sha512-C7rARubxI8bXFNB/hqcp/4iUeIXJhJZvFPFPiSPRnhU5UPxzMFIl+2E6yY6c4k9giDJAhtV+enfA+G89N6Csng=="
-    },
     "retry": {
       "version": "0.13.1",
       "resolved": "https://registry.npmjs.org/retry/-/retry-0.13.1.tgz",
@@ -19014,6 +18863,24 @@
       "resolved": "https://registry.npmjs.org/tapable/-/tapable-2.2.1.tgz",
       "integrity": "sha512-GNzQvQTOIP6RyTfE2Qxb8ZVlNmw0n88vp1szwWRimP02mnTsx3Wtn5qRdqY9w2XduFNUgvOwhNnQsjwCp+kqaQ=="
     },
+    "terser": {
+      "version": "5.14.2",
+      "resolved": "https://registry.npmjs.org/terser/-/terser-5.14.2.tgz",
+      "integrity": "sha512-oL0rGeM/WFQCUd0y2QrWxYnq7tfSuKBiqTjRPWrRgB46WD/kiwHwF8T23z78H6Q6kGCuuHcPB+KULHRdxvVGQA==",
+      "requires": {
+        "@jridgewell/source-map": "^0.3.2",
+        "acorn": "^8.5.0",
+        "commander": "^2.20.0",
+        "source-map-support": "~0.5.20"
+      },
+      "dependencies": {
+        "commander": {
+          "version": "2.20.3",
+          "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz",
+          "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ=="
+        }
+      }
+    },
     "text-table": {
       "version": "0.2.0",
       "resolved": "https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz",
@@ -19026,11 +18893,6 @@
       "integrity": "sha512-eHY7nBftgThBqOyHGVN+l8gF0BucP09fMo0oO/Lb0w1OF80dJv+lDVpXG60WMQvkcxAkNybKsrEIE3ZtKGmPrA==",
       "dev": true
     },
-    "tiny-invariant": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/tiny-invariant/-/tiny-invariant-1.2.0.tgz",
-      "integrity": "sha512-1Uhn/aqw5C6RI4KejVeTg6mIS7IqxnLJ8Mv2tV5rTc0qWobay7pDUz6Wi392Cnc8ak1H0F2cjoRzb2/AW4+Fvg=="
-    },
     "tiny-warning": {
       "version": "1.0.3",
       "resolved": "https://registry.npmjs.org/tiny-warning/-/tiny-warning-1.0.3.tgz",
@@ -19320,11 +19182,6 @@
         "homedir-polyfill": "^1.0.1"
       }
     },
-    "value-equal": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/value-equal/-/value-equal-1.0.1.tgz",
-      "integrity": "sha512-NOJ6JZCAWr0zlxZt+xqCHNTEKOsrks2HQd4MqhP1qy4z1SkbEP467eNx6TgDKXMvUOb+OENfJCZwM+16n7fRfw=="
-    },
     "vary": {
       "version": "1.1.2",
       "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz",
@@ -19380,22 +19237,12 @@
         "webpack-sources": "^3.2.2"
       },
       "dependencies": {
-        "acorn": {
-          "version": "8.7.0",
-          "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.7.0.tgz",
-          "integrity": "sha512-V/LGr1APy+PXIwKebEWrkZPwoeoF+w1jiOBUmuxuiUIaOHtob8Qc9BTrYo7VuI5fR8tqsy+buA2WFooR5olqvQ=="
-        },
         "acorn-import-assertions": {
           "version": "1.8.0",
           "resolved": "https://registry.npmjs.org/acorn-import-assertions/-/acorn-import-assertions-1.8.0.tgz",
           "integrity": "sha512-m7VZ3jwz4eK6A4Vtt8Ew1/mNbP24u0FhdyfA7fSvnJR6LMdfOYnmuIrrJAgrYfYJ10F/otaHTtrtrtmHdMNzEw==",
           "requires": {}
         },
-        "commander": {
-          "version": "2.20.3",
-          "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz",
-          "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ=="
-        },
         "has-flag": {
           "version": "4.0.0",
           "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
@@ -19442,23 +19289,6 @@
             "has-flag": "^4.0.0"
           }
         },
-        "terser": {
-          "version": "5.10.0",
-          "resolved": "https://registry.npmjs.org/terser/-/terser-5.10.0.tgz",
-          "integrity": "sha512-AMmF99DMfEDiRJfxfY5jj5wNH/bYO09cniSqhfoyxc8sFoYIgkJy86G04UoZU5VjlpnplVu0K6Tx6E9b5+DlHA==",
-          "requires": {
-            "commander": "^2.20.0",
-            "source-map": "~0.7.2",
-            "source-map-support": "~0.5.20"
-          },
-          "dependencies": {
-            "source-map": {
-              "version": "0.7.3",
-              "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.7.3.tgz",
-              "integrity": "sha512-CkCj6giN3S+n9qrYiBTX5gystlENnRW5jZeNLHpe6aue+SrHcG5VYwujhW9s4dY31mEGsxBDrHR6oI69fTXsaQ=="
-            }
-          }
-        },
         "terser-webpack-plugin": {
           "version": "5.3.1",
           "resolved": "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-5.3.1.tgz",

web/package.json

@@ -3,13 +3,13 @@
   "version": "0.1.0",
   "private": true,
   "scripts": {
-    "start": "npx webpack-dev-server --config webpack.dev.ts --hot",
-    "build": "npx webpack --config webpack.prod.ts"
+    "start": "webpack-dev-server --config webpack.dev.ts --hot",
+    "build": "webpack --config webpack.prod.ts"
   },
   "dependencies": {
     "@emotion/react": "^11.4.1",
     "@emotion/styled": "^11.3.0",
-    "@mui/icons-material": "^5.0.3",
+    "@mui/icons-material": "^5.8.4",
     "@mui/lab": "^5.0.0-alpha.50",
     "@mui/material": "^5.0.3",
     "@mui/styles": "^5.0.1",
@@ -26,7 +26,7 @@
     "react-copy-to-clipboard": "^5.1.0",
     "react-dom": "^17.0.2",
     "react-monaco-editor": "^0.48.0",
-    "react-router-dom": "^5.3.0",
+    "react-router-dom": "^6.3.0",
     "react-toastify": "^9.0.1"
   },
   "devDependencies": {

web/src/App.tsx

@@ -1,12 +1,11 @@
 import React, { useContext } from 'react'
-import { Route, HashRouter, Switch } from 'react-router-dom'
+import { Route, HashRouter, Routes } from 'react-router-dom'
 import { ThemeProvider } from '@mui/material/styles'
 import { theme } from './theme'
 
 import Login from './components/login'
 import Header from './components/header'
 import Home from './components/home'
-import Drive from './containers/Drive'
 import Studio from './containers/Studio'
 import Settings from './containers/Settings'
 
@@ -22,11 +21,9 @@ function App() {
       <ThemeProvider theme={theme}>
         <HashRouter>
           <Header />
-          <Switch>
-            <Route path="/">
-              <Login />
-            </Route>
-          </Switch>
+          <Routes>
+            <Route path="*" element={<Login />} />
+          </Routes>
         </HashRouter>
       </ThemeProvider>
     )
@@ -36,23 +33,12 @@ function App() {
     <ThemeProvider theme={theme}>
       <HashRouter>
         <Header />
-        <Switch>
-          <Route exact path="/">
-            <Home />
-          </Route>
-          <Route exact path="/SASjsDrive">
-            <Drive />
-          </Route>
-          <Route exact path="/SASjsStudio">
-            <Studio />
-          </Route>
-          <Route exact path="/SASjsSettings">
-            <Settings />
-          </Route>
-          <Route exact path="/SASjsLogon">
-            <AuthCode />
-          </Route>
-        </Switch>
+        <Routes>
+          <Route path="/" element={<Home />} />
+          <Route path="/SASjsStudio" element={<Studio />} />
+          <Route path="/SASjsSettings" element={<Settings />} />
+          <Route path="/SASjsLogon" element={<AuthCode />} />
+        </Routes>
         <ToastContainer />
       </HashRouter>
     </ThemeProvider>

web/src/components/deleteConfirmationModal.tsx

@@ -0,0 +1,49 @@
+import React from 'react'
+
+import {
+  Button,
+  Dialog,
+  DialogContent,
+  DialogActions,
+  Typography
+} from '@mui/material'
+import { styled } from '@mui/material/styles'
+
+const BootstrapDialog = styled(Dialog)(({ theme }) => ({
+  '& .MuiDialogContent-root': {
+    padding: theme.spacing(2)
+  },
+  '& .MuiDialogActions-root': {
+    padding: theme.spacing(1)
+  }
+}))
+
+type DeleteConfirmationModalProps = {
+  open: boolean
+  setOpen: React.Dispatch<React.SetStateAction<boolean>>
+  message: string
+  _delete: () => void
+}
+
+const DeleteConfirmationModal = ({
+  open,
+  setOpen,
+  message,
+  _delete
+}: DeleteConfirmationModalProps) => {
+  return (
+    <BootstrapDialog onClose={() => setOpen(false)} open={open}>
+      <DialogContent dividers>
+        <Typography gutterBottom>{message}</Typography>
+      </DialogContent>
+      <DialogActions>
+        <Button onClick={() => setOpen(false)}>Cancel</Button>
+        <Button color="error" onClick={() => _delete()}>
+          Delete
+        </Button>
+      </DialogActions>
+    </BootstrapDialog>
+  )
+}
+
+export default DeleteConfirmationModal

web/src/components/dialogTitle.tsx

@@ -0,0 +1,35 @@
+import React, { Dispatch, SetStateAction } from 'react'
+
+import DialogTitle from '@mui/material/DialogTitle'
+import IconButton from '@mui/material/IconButton'
+import CloseIcon from '@mui/icons-material/Close'
+
+export interface DialogTitleProps {
+  id: string
+  children?: React.ReactNode
+  handleOpen: Dispatch<SetStateAction<boolean>>
+}
+
+export const BootstrapDialogTitle = (props: DialogTitleProps) => {
+  const { children, handleOpen, ...other } = props
+
+  return (
+    <DialogTitle sx={{ m: 0, p: 2 }} {...other}>
+      {children}
+      {handleOpen ? (
+        <IconButton
+          aria-label="close"
+          onClick={() => handleOpen(false)}
+          sx={{
+            position: 'absolute',
+            right: 8,
+            top: 8,
+            color: (theme) => theme.palette.grey[500]
+          }}
+        >
+          <CloseIcon />
+        </IconButton>
+      ) : null}
+    </DialogTitle>
+  )
+}

web/src/components/filePathInputModal.tsx

@@ -0,0 +1,83 @@
+import React, { useState } from 'react'
+
+import { Button, DialogActions, DialogContent, TextField } from '@mui/material'
+
+import { BootstrapDialogTitle } from './dialogTitle'
+import { BootstrapDialog } from './modal'
+
+type FilePathInputModalProps = {
+  open: boolean
+  setOpen: React.Dispatch<React.SetStateAction<boolean>>
+  saveFile: (filePath: string) => void
+}
+
+const FilePathInputModal = ({
+  open,
+  setOpen,
+  saveFile
+}: FilePathInputModalProps) => {
+  const [filePath, setFilePath] = useState('')
+  const [hasError, setHasError] = useState(false)
+  const [errorText, setErrorText] = useState('')
+
+  const handleChange = (event: React.ChangeEvent<HTMLInputElement>) => {
+    const value = event.target.value
+
+    const specialChars = /[`!@#$%^&*()+\-=[\]{};':"\\|,<>?~]/
+    const fileExtension = /\.(exe|sh|htaccess)$/i
+
+    if (specialChars.test(value)) {
+      setHasError(true)
+      setErrorText('can not have special characters')
+    } else if (fileExtension.test(value)) {
+      setHasError(true)
+      setErrorText('can not save file with extensions [exe, sh, htaccess]')
+    } else {
+      setHasError(false)
+      setErrorText('')
+    }
+    setFilePath(value)
+  }
+
+  const handleSubmit = (event: React.FormEvent<HTMLFormElement>) => {
+    event.preventDefault()
+    if (hasError || !filePath) return
+    saveFile(filePath)
+  }
+
+  return (
+    <BootstrapDialog fullWidth onClose={() => setOpen(false)} open={open}>
+      <BootstrapDialogTitle id="abort-modal" handleOpen={setOpen}>
+        Save File
+      </BootstrapDialogTitle>
+      <DialogContent dividers>
+        <form onSubmit={handleSubmit}>
+          <TextField
+            fullWidth
+            autoFocus
+            variant="outlined"
+            label="File Path"
+            value={filePath}
+            onChange={handleChange}
+            error={hasError}
+            helperText={errorText}
+          />
+        </form>
+      </DialogContent>
+      <DialogActions>
+        <Button variant="contained" onClick={() => setOpen(false)}>
+          Cancel
+        </Button>
+        <Button
+          variant="contained"
+          onClick={() => saveFile(filePath)}
+          disabled={hasError || !filePath}
+        >
+          Save
+        </Button>
+      </DialogActions>
+    </BootstrapDialog>
+  )
+}
+
+export default FilePathInputModal

web/src/components/header.tsx

@@ -1,17 +1,19 @@
 import React, { useState, useEffect, useContext } from 'react'
-import { Link, useHistory, useLocation } from 'react-router-dom'
+import { Link, useNavigate, useLocation } from 'react-router-dom'
 
 import {
+  Box,
   AppBar,
   Toolbar,
   Tabs,
   Tab,
   Button,
   Menu,
-  MenuItem
+  MenuItem,
+  IconButton,
+  Typography
 } from '@mui/material'
-import OpenInNewIcon from '@mui/icons-material/OpenInNew'
-import SettingsIcon from '@mui/icons-material/Settings'
+import { OpenInNew, Settings, Menu as MenuIcon } from '@mui/icons-material'
 
 import Username from './username'
 import { AppContext } from '../context/appContext'
@@ -24,37 +26,44 @@ const baseUrl =
 const validTabs = ['/', '/SASjsDrive', '/SASjsStudio']
 
 const Header = (props: any) => {
-  const history = useHistory()
+  const navigate = useNavigate()
   const { pathname } = useLocation()
   const appContext = useContext(AppContext)
   const [tabValue, setTabValue] = useState(
     validTabs.includes(pathname) ? pathname : '/'
   )
-  const [anchorEl, setAnchorEl] = useState<
-    (EventTarget & HTMLButtonElement) | null
-  >(null)
+
+  const [anchorElNav, setAnchorElNav] = React.useState<null | HTMLElement>(null)
+  const [anchorElUser, setAnchorElUser] = React.useState<null | HTMLElement>(
+    null
+  )
+
+  const handleOpenNavMenu = (event: React.MouseEvent<HTMLElement>) => {
+    setAnchorElNav(event.currentTarget)
+  }
+  const handleOpenUserMenu = (event: React.MouseEvent<HTMLElement>) => {
+    setAnchorElUser(event.currentTarget)
+  }
+
+  const handleCloseNavMenu = () => {
+    setAnchorElNav(null)
+  }
+
+  const handleCloseUserMenu = () => {
+    setAnchorElUser(null)
+  }
 
   useEffect(() => {
     setTabValue(validTabs.includes(pathname) ? pathname : '/')
   }, [pathname])
 
-  const handleMenu = (
-    event: React.MouseEvent<HTMLButtonElement, MouseEvent>
-  ) => {
-    setAnchorEl(event.currentTarget)
-  }
-
-  const handleClose = () => {
-    setAnchorEl(null)
-  }
-
   const handleTabChange = (event: React.SyntheticEvent, value: string) => {
     setTabValue(value)
   }
 
   const handleLogout = () => {
     if (appContext.logout) {
-      handleClose()
+      handleCloseUserMenu()
       appContext.logout()
     }
   }
@@ -64,60 +73,129 @@ const Header = (props: any) => {
       sx={{ zIndex: (theme) => theme.zIndex.drawer + 1 }}
     >
       <Toolbar variant="dense">
-        <img
-          src="logo.png"
-          alt="logo"
-          style={{
-            width: '35px',
-            cursor: 'pointer',
-            marginRight: '25px'
-          }}
-          onClick={() => {
-            setTabValue('/')
-            history.push('/')
-          }}
-        />
-        <Tabs
-          indicatorColor="secondary"
-          value={tabValue}
-          onChange={handleTabChange}
-        >
-          <Tab label="Home" value="/" to="/" component={Link} />
-          <Tab
-            label="Drive"
-            value="/SASjsDrive"
-            to="/SASjsDrive"
-            component={Link}
+        <Box sx={{ display: { xs: 'none', md: 'flex' } }}>
+          <img
+            src="logo.png"
+            alt="logo"
+            style={{
+              width: '35px',
+              height: '35px',
+              marginTop: '9px',
+              cursor: 'pointer',
+              marginRight: '25px'
+            }}
+            onClick={() => {
+              setTabValue('/')
+              navigate('/')
+            }}
           />
-          <Tab
-            label="Studio"
-            value="/SASjsStudio"
-            to="/SASjsStudio"
-            component={Link}
+          <Tabs
+            indicatorColor="secondary"
+            value={tabValue}
+            onChange={handleTabChange}
+          >
+            <Tab label="Home" value="/" to="/" component={Link} />
+            <Tab
+              label="Studio"
+              value="/SASjsStudio"
+              to="/SASjsStudio"
+              component={Link}
+            />
+          </Tabs>
+          <Button
+            href={`${baseUrl}/AppStream`}
+            target="_blank"
+            rel="noreferrer"
+            variant="contained"
+            color="primary"
+            size="large"
+            endIcon={<OpenInNew />}
+          >
+            Apps
+          </Button>
+        </Box>
+
+        <Box sx={{ flexGrow: 1, display: { xs: 'flex', md: 'none' } }}>
+          <IconButton size="large" onClick={handleOpenNavMenu} color="inherit">
+            <MenuIcon />
+          </IconButton>
+
+          <Menu
+            id="menu-appbar"
+            anchorEl={anchorElNav}
+            anchorOrigin={{
+              vertical: 'bottom',
+              horizontal: 'left'
+            }}
+            keepMounted
+            transformOrigin={{
+              vertical: 'top',
+              horizontal: 'left'
+            }}
+            open={!!anchorElNav}
+            onClose={handleCloseNavMenu}
+            sx={{
+              display: { xs: 'block', md: 'none' }
+            }}
+          >
+            <MenuItem sx={{ justifyContent: 'center' }}>
+              <Button
+                component={Link}
+                to="/"
+                onClick={handleCloseNavMenu}
+                variant="contained"
+                color="primary"
+              >
+                Home
+              </Button>
+            </MenuItem>
+
+            <MenuItem sx={{ justifyContent: 'center' }}>
+              <Button
+                component={Link}
+                to="/SASjsStudio"
+                onClick={handleCloseNavMenu}
+                variant="contained"
+                color="primary"
+              >
+                Studio
+              </Button>
+            </MenuItem>
+
+            <MenuItem sx={{ justifyContent: 'center' }}>
+              <Button
+                href={`${baseUrl}/AppStream`}
+                target="_blank"
+                rel="noreferrer"
+                onClick={handleCloseNavMenu}
+                variant="contained"
+                color="primary"
+                endIcon={<OpenInNew />}
+              >
+                Apps
+              </Button>
+            </MenuItem>
+          </Menu>
+        </Box>
+
+        <Box sx={{ display: { xs: 'flex', md: 'none' } }}>
+          <img
+            src="logo.png"
+            alt="logo"
+            style={{
+              width: '35px',
+              height: '35px',
+              marginTop: '2px',
+              cursor: 'pointer',
+              marginRight: '25px'
+            }}
+            onClick={() => {
+              setTabValue('/')
+              navigate('/')
+            }}
           />
-        </Tabs>
-        <Button
-          href={`${baseUrl}/SASjsApi`}
-          target="_blank"
-          rel="noreferrer"
-          variant="contained"
-          color="primary"
-          size="large"
-          endIcon={<OpenInNewIcon />}
-        >
-          API Docs
-        </Button>
-        <Button
-          href={`${baseUrl}/AppStream`}
-          target="_blank"
-          rel="noreferrer"
-          variant="contained"
-          color="primary"
-          size="large"
-          endIcon={<OpenInNewIcon />}
-        >
-          App Stream
-        </Button>
+        </Box>
+
         <div
           style={{
             display: 'flex',
@@ -127,11 +205,11 @@ const Header = (props: any) => {
         >
           <Username
             username={appContext.displayName || appContext.username}
-            onClickHandler={handleMenu}
+            onClickHandler={handleOpenUserMenu}
           />
           <Menu
             id="menu-appbar"
-            anchorEl={anchorEl}
+            anchorEl={anchorElUser}
             anchorOrigin={{
               vertical: 'bottom',
               horizontal: 'center'
@@ -141,26 +219,70 @@ const Header = (props: any) => {
               vertical: 'top',
               horizontal: 'center'
             }}
-            open={!!anchorEl}
-            onClose={handleClose}
+            open={!!anchorElUser}
+            onClose={handleCloseUserMenu}
           >
+            {appContext.loggedIn && (
+              <MenuItem
+                sx={{ justifyContent: 'center', display: { md: 'none' } }}
+              >
+                <Typography
+                  variant="h5"
+                  sx={{ border: '1px solid black', padding: '5px' }}
+                >
+                  {appContext.displayName || appContext.username}
+                </Typography>
+              </MenuItem>
+            )}
+
             <MenuItem sx={{ justifyContent: 'center' }}>
               <Button
                 component={Link}
                 to="/SASjsSettings"
-                onClick={handleClose}
+                onClick={handleCloseUserMenu}
                 variant="contained"
                 color="primary"
-                startIcon={<SettingsIcon />}
+                startIcon={<Settings />}
               >
                 Settings
               </Button>
             </MenuItem>
-            <MenuItem onClick={handleLogout} sx={{ justifyContent: 'center' }}>
-              <Button variant="contained" color="primary">
-                Logout
+            <MenuItem sx={{ justifyContent: 'center' }}>
+              <Button
+                href={'https://server.sasjs.io'}
+                target="_blank"
+                rel="noreferrer"
+                variant="contained"
+                size="large"
+                color="primary"
+                endIcon={<OpenInNew />}
+              >
+                Docs
               </Button>
             </MenuItem>
+            <MenuItem sx={{ justifyContent: 'center' }}>
+              <Button
+                href={`${baseUrl}/SASjsApi`}
+                target="_blank"
+                rel="noreferrer"
+                variant="contained"
+                color="primary"
+                size="large"
+                endIcon={<OpenInNew />}
+              >
+                API
+              </Button>
+            </MenuItem>
+            {appContext.loggedIn && (
+              <MenuItem
+                onClick={handleLogout}
+                sx={{ justifyContent: 'center' }}
+              >
+                <Button variant="contained" color="primary">
+                  Logout
+                </Button>
+              </MenuItem>
+            )}
           </Menu>
         </div>
       </Toolbar>

web/src/components/login.tsx

@@ -22,7 +22,7 @@ const Login = () => {
       username,
       password
     }).catch((err: any) => {
-      setErrorMessage(err.response.data)
+      setErrorMessage(err.response?.data || err.toString())
       return {}
     })
 
@@ -30,6 +30,7 @@ const Login = () => {
       appContext.setUserId?.(user.id)
       appContext.setUsername?.(user.username)
       appContext.setDisplayName?.(user.displayName)
+      appContext.setIsAdmin?.(user.isAdmin)
       appContext.setLoggedIn?.(loggedIn)
     }
   }

web/src/components/modal.tsx

@@ -0,0 +1,43 @@
+import React from 'react'
+
+import { Typography, Dialog, DialogContent } from '@mui/material'
+import { styled } from '@mui/material/styles'
+
+import { BootstrapDialogTitle } from './dialogTitle'
+
+export const BootstrapDialog = styled(Dialog)(({ theme }) => ({
+  '& .MuiDialogContent-root': {
+    padding: theme.spacing(2)
+  },
+  '& .MuiDialogActions-root': {
+    padding: theme.spacing(1)
+  }
+}))
+
+type ModalProps = {
+  open: boolean
+  setOpen: React.Dispatch<React.SetStateAction<boolean>>
+  title: string
+  payload: string
+}
+
+const Modal = (props: ModalProps) => {
+  const { open, setOpen, title, payload } = props
+
+  return (
+    <div>
+      <BootstrapDialog onClose={() => setOpen(false)} open={open}>
+        <BootstrapDialogTitle id="abort-modal" handleOpen={setOpen}>
+          {title}
+        </BootstrapDialogTitle>
+        <DialogContent dividers>
+          <Typography gutterBottom>
+            <span style={{ fontFamily: 'monospace' }}>{payload}</span>
+          </Typography>
+        </DialogContent>
+      </BootstrapDialog>
+    </div>
+  )
+}
+
+export default Modal

web/src/components/nameInputModal.tsx

@@ -0,0 +1,109 @@
+import React, { useState, useEffect } from 'react'
+
+import { Button, DialogActions, DialogContent, TextField } from '@mui/material'
+
+import { BootstrapDialogTitle } from './dialogTitle'
+import { BootstrapDialog } from './modal'
+
+type NameInputModalProps = {
+  open: boolean
+  setOpen: React.Dispatch<React.SetStateAction<boolean>>
+  title: string
+  isFolder: boolean
+  actionLabel: string
+  action: (name: string) => void
+  defaultName?: string
+}
+
+const NameInputModal = ({
+  open,
+  setOpen,
+  title,
+  isFolder,
+  actionLabel,
+  action,
+  defaultName
+}: NameInputModalProps) => {
+  const [name, setName] = useState('')
+  const [hasError, setHasError] = useState(false)
+  const [errorText, setErrorText] = useState('')
+
+  useEffect(() => {
+    if (defaultName) setName(defaultName)
+  }, [defaultName])
+
+  const handleFocus = (
+    event: React.FocusEvent<HTMLInputElement | HTMLTextAreaElement, Element>
+  ) => {
+    if (defaultName) {
+      event.target.select()
+    }
+  }
+
+  const handleChange = (event: React.ChangeEvent<HTMLInputElement>) => {
+    const value = event.target.value
+
+    const folderNameRegex = /[`!@#$%^&*()_+\-=[\]{};':"\\|,.<>/?~]/
+    const fileNameRegex = /[`!@#$%^&*()+\-=[\]{};':"\\|,<>/?~]/
+    const fileNameExtensionRegex = /.(exe|sh|htaccess)$/i
+
+    const specialChars = isFolder ? folderNameRegex : fileNameRegex
+
+    if (specialChars.test(value)) {
+      setHasError(true)
+      setErrorText('can not have special characters')
+    } else if (!isFolder && fileNameExtensionRegex.test(value)) {
+      setHasError(true)
+      setErrorText('can not add file with extensions [exe, sh, htaccess]')
+    } else {
+      setHasError(false)
+      setErrorText('')
+    }
+
+    setName(value)
+  }
+
+  const handleSubmit = (event: React.FormEvent<HTMLFormElement>) => {
+    event.preventDefault()
+    if (hasError || !name) return
+    action(name)
+  }
+
+  return (
+    <BootstrapDialog fullWidth onClose={() => setOpen(false)} open={open}>
+      <BootstrapDialogTitle id="abort-modal" handleOpen={setOpen}>
+        {title}
+      </BootstrapDialogTitle>
+      <DialogContent dividers>
+        <form onSubmit={handleSubmit}>
+          <TextField
+            id="input-box"
+            fullWidth
+            autoFocus
+            onFocus={handleFocus}
+            variant="outlined"
+            label={isFolder ? 'Folder Name' : 'File Name'}
+            value={name}
+            onChange={handleChange}
+            error={hasError}
+            helperText={errorText}
+          />
+        </form>
+      </DialogContent>
+      <DialogActions>
+        <Button variant="contained" onClick={() => setOpen(false)}>
+          Cancel
+        </Button>
+        <Button
+          variant="contained"
+          onClick={() => action(name)}
+          disabled={hasError || !name}
+        >
+          {actionLabel}
+        </Button>
+      </DialogActions>
+    </BootstrapDialog>
+  )
+}
+
+export default NameInputModal

web/src/components/snackbar.tsx

@@ -0,0 +1,62 @@
+import React, { Dispatch, SetStateAction } from 'react'
+import Snackbar from '@mui/material/Snackbar'
+import MuiAlert, { AlertProps } from '@mui/material/Alert'
+import Slide, { SlideProps } from '@mui/material/Slide'
+
+const Alert = React.forwardRef<HTMLDivElement, AlertProps>(function Alert(
+  props,
+  ref
+) {
+  return <MuiAlert elevation={6} ref={ref} variant="filled" {...props} />
+})
+
+const Transition = (props: SlideProps) => {
+  return <Slide {...props} direction="up" />
+}
+
+export enum AlertSeverityType {
+  Success = 'success',
+  Warning = 'warning',
+  Info = 'info',
+  Error = 'error'
+}
+
+type BootstrapSnackbarProps = {
+  open: boolean
+  setOpen: Dispatch<SetStateAction<boolean>>
+  message: string
+  severity: AlertSeverityType
+}
+
+const BootstrapSnackbar = ({
+  open,
+  setOpen,
+  message,
+  severity
+}: BootstrapSnackbarProps) => {
+  const handleClose = (
+    event: React.SyntheticEvent | Event,
+    reason?: string
+  ) => {
+    if (reason === 'clickaway') {
+      return
+    }
+
+    setOpen(false)
+  }
+
+  return (
+    <Snackbar
+      open={open}
+      autoHideDuration={3000}
+      onClose={handleClose}
+      TransitionComponent={Transition}
+    >
+      <Alert onClose={handleClose} severity={severity} sx={{ width: '100%' }}>
+        {message}
+      </Alert>
+    </Snackbar>
+  )
+}
+
+export default BootstrapSnackbar

web/src/components/tree.tsx

@@ -0,0 +1,247 @@
+import React, { useEffect, useState } from 'react'
+import { Menu, MenuItem } from '@mui/material'
+import ExpandMoreIcon from '@mui/icons-material/ExpandMore'
+import ChevronRightIcon from '@mui/icons-material/ChevronRight'
+
+import DeleteConfirmationModal from './deleteConfirmationModal'
+import NameInputModal from './nameInputModal'
+
+import { TreeNode } from '../utils/types'
+
+type Props = {
+  node: TreeNode
+  selectedFilePath: string
+  handleSelect: (filePath: string) => void
+  deleteNode: (path: string, isFolder: boolean) => void
+  addFile: (path: string) => void
+  addFolder: (path: string) => void
+  rename: (oldPath: string, newPath: string) => void
+  defaultExpanded?: string[]
+}
+
+const TreeView = ({
+  node,
+  selectedFilePath,
+  handleSelect,
+  deleteNode,
+  addFile,
+  addFolder,
+  rename,
+  defaultExpanded
+}: Props) => {
+  return (
+    <ul
+      style={{
+        listStyle: 'none',
+        padding: '0.25rem 0.85rem',
+        width: 'max-content'
+      }}
+    >
+      <TreeViewNode
+        node={node}
+        selectedFilePath={selectedFilePath}
+        handleSelect={handleSelect}
+        deleteNode={deleteNode}
+        addFile={addFile}
+        addFolder={addFolder}
+        rename={rename}
+        defaultExpanded={defaultExpanded}
+      />
+    </ul>
+  )
+}
+
+export default TreeView
+
+const TreeViewNode = ({
+  node,
+  selectedFilePath,
+  handleSelect,
+  deleteNode,
+  addFile,
+  addFolder,
+  rename,
+  defaultExpanded
+}: Props) => {
+  const [deleteConfirmationModalOpen, setDeleteConfirmationModalOpen] =
+    useState(false)
+  const [deleteConfirmationModalMessage, setDeleteConfirmationModalMessage] =
+    useState('')
+  const [defaultInputModalName, setDefaultInputModalName] = useState('')
+  const [nameInputModalOpen, setNameInputModalOpen] = useState(false)
+  const [nameInputModalTitle, setNameInputModalTitle] = useState('')
+  const [nameInputModalActionLabel, setNameInputModalActionLabel] = useState('')
+  const [nameInputModalForFolder, setNameInputModalForFolder] = useState(false)
+  const [childVisible, setChildVisibility] = useState(false)
+  const [contextMenu, setContextMenu] = useState<{
+    mouseX: number
+    mouseY: number
+  } | null>(null)
+
+  const handleContextMenu = (event: React.MouseEvent) => {
+    event.preventDefault()
+    event.stopPropagation()
+    setContextMenu(
+      contextMenu === null
+        ? {
+            mouseX: event.clientX + 2,
+            mouseY: event.clientY - 6
+          }
+        : null
+    )
+  }
+
+  const hasChild = node.children.length ? true : false
+
+  const handleItemClick = () => {
+    if (node.children.length) {
+      setChildVisibility((v) => !v)
+      return
+    }
+
+    handleSelect(node.relativePath)
+  }
+
+  useEffect(() => {
+    if (defaultExpanded && defaultExpanded[0] === node.relativePath) {
+      setChildVisibility(true)
+      defaultExpanded.shift()
+    }
+  }, [defaultExpanded, node.relativePath])
+
+  const handleDeleteItemClick = () => {
+    setContextMenu(null)
+    setDeleteConfirmationModalOpen(true)
+    setDeleteConfirmationModalMessage(
+      `Are you sure you want to delete ${node.isFolder ? 'folder' : 'file'} "${
+        node.relativePath
+      }"?`
+    )
+  }
+
+  const deleteConfirm = () => {
+    setDeleteConfirmationModalOpen(false)
+    deleteNode(node.relativePath, node.isFolder)
+  }
+
+  const handleNewFolderItemClick = () => {
+    setContextMenu(null)
+    setNameInputModalOpen(true)
+    setNameInputModalTitle('Add Folder')
+    setNameInputModalActionLabel('Add')
+    setNameInputModalForFolder(true)
+    setDefaultInputModalName('')
+  }
+
+  const handleNewFileItemClick = () => {
+    setContextMenu(null)
+    setNameInputModalOpen(true)
+    setNameInputModalTitle('Add File')
+    setNameInputModalActionLabel('Add')
+    setNameInputModalForFolder(false)
+    setDefaultInputModalName('')
+  }
+
+  const addFileFolder = (name: string) => {
+    setNameInputModalOpen(false)
+    const path = node.relativePath + '/' + name
+    if (nameInputModalForFolder) addFolder(path)
+    else addFile(path)
+  }
+
+  const handleRenameItemClick = () => {
+    setContextMenu(null)
+    setNameInputModalOpen(true)
+    setNameInputModalTitle('Rename')
+    setNameInputModalActionLabel('Rename')
+    setNameInputModalForFolder(node.isFolder)
+    setDefaultInputModalName(node.relativePath.split('/').pop() ?? '')
+  }
+
+  const renameFileFolder = (name: string) => {
+    setNameInputModalOpen(false)
+    const oldPath = node.relativePath
+    const splittedPath = node.relativePath.split('/')
+    splittedPath.splice(-1, 1, name)
+    const newPath = splittedPath.join('/')
+    rename(oldPath, newPath)
+  }
+
+  return (
+    <div onContextMenu={handleContextMenu} style={{ cursor: 'context-menu' }}>
+      <li style={{ display: 'list-item' }}>
+        <div
+          className={`tree-item-label ${
+            selectedFilePath === node.relativePath ? 'selected' : ''
+          }`}
+          onClick={() => handleItemClick()}
+        >
+          {hasChild &&
+            (childVisible ? <ExpandMoreIcon /> : <ChevronRightIcon />)}
+          <div>{node.name}</div>
+        </div>
+
+        {hasChild &&
+          childVisible &&
+          node.children.map((child, index) => (
+            <TreeView
+              key={node.relativePath + '-' + index}
+              node={child}
+              selectedFilePath={selectedFilePath}
+              handleSelect={handleSelect}
+              deleteNode={deleteNode}
+              addFile={addFile}
+              addFolder={addFolder}
+              rename={rename}
+              defaultExpanded={defaultExpanded}
+            />
+          ))}
+      </li>
+      <DeleteConfirmationModal
+        open={deleteConfirmationModalOpen}
+        setOpen={setDeleteConfirmationModalOpen}
+        message={deleteConfirmationModalMessage}
+        _delete={deleteConfirm}
+      />
+      <NameInputModal
+        open={nameInputModalOpen}
+        setOpen={setNameInputModalOpen}
+        title={nameInputModalTitle}
+        isFolder={nameInputModalForFolder}
+        actionLabel={nameInputModalActionLabel}
+        action={
+          nameInputModalActionLabel === 'Add' ? addFileFolder : renameFileFolder
+        }
+        defaultName={defaultInputModalName}
+      />
+      <Menu
+        open={contextMenu !== null}
+        onClose={() => setContextMenu(null)}
+        anchorReference="anchorPosition"
+        anchorPosition={
+          contextMenu !== null
+            ? { top: contextMenu.mouseY, left: contextMenu.mouseX }
+            : undefined
+        }
+      >
+        {node.isFolder && (
+          <div>
+            <MenuItem onClick={handleNewFolderItemClick}>Add Folder</MenuItem>
+            <MenuItem
+              disabled={!node.relativePath}
+              onClick={handleNewFileItemClick}
+            >
+              Add File
+            </MenuItem>
+          </div>
+        )}
+        <MenuItem disabled={!node.relativePath} onClick={handleRenameItemClick}>
+          Rename
+        </MenuItem>
+        <MenuItem disabled={!node.relativePath} onClick={handleDeleteItemClick}>
+          Delete
+        </MenuItem>
+      </Menu>
+    </div>
+  )
+}

web/src/components/username.tsx

@@ -20,7 +20,14 @@ const Username = (props: any) => {
       ) : (
         <AccountCircle></AccountCircle>
       )}
-      <Typography variant="h6" sx={{ color: 'white', padding: '0 8px' }}>
+      <Typography
+        variant="h6"
+        sx={{
+          color: 'white',
+          padding: '0 8px',
+          display: { xs: 'none', md: 'flex' }
+        }}
+      >
         {props.username}
       </Typography>
     </IconButton>

web/src/containers/Drive/index.tsx

@@ -1,106 +0,0 @@
-import React, { useState, useEffect, useCallback } from 'react'
-import { useLocation } from 'react-router-dom'
-import axios from 'axios'
-
-import CssBaseline from '@mui/material/CssBaseline'
-import Box from '@mui/material/Box'
-
-import SideBar from './sideBar'
-import Main from './main'
-
-export interface TreeNode {
-  name: string
-  relativePath: string
-  absolutePath: string
-  children: Array<TreeNode>
-}
-
-const Drive = () => {
-  const location = useLocation()
-  const baseUrl = window.location.origin
-
-  const [selectedFilePath, setSelectedFilePath] = useState('')
-  const [directoryData, setDirectoryData] = useState<TreeNode | null>(null)
-
-  const setFilePathOnMount = useCallback(() => {
-    const queryParams = new URLSearchParams(location.search)
-    setSelectedFilePath(queryParams.get('filePath') ?? '')
-  }, [location.search])
-
-  useEffect(() => {
-    axios
-      .get(`/SASjsApi/drive/fileTree`)
-      .then((res: any) => {
-        if (res.data && res.data?.status === 'success') {
-          setDirectoryData(res.data.tree)
-        }
-      })
-      .catch((err) => {
-        console.log(err)
-      })
-    setFilePathOnMount()
-  }, [setFilePathOnMount])
-
-  const handleSelect = (node: TreeNode) => {
-    if (node.children.length) return
-
-    if (!node.name.includes('.')) return
-
-    window.history.pushState(
-      '',
-      '',
-      `${baseUrl}/#/SASjsDrive?filePath=${node.relativePath}`
-    )
-    setSelectedFilePath(node.relativePath)
-  }
-
-  const removeFileFromTree = (path: string) => {
-    if (directoryData) {
-      const newTree = JSON.parse(JSON.stringify(directoryData)) as TreeNode
-      findAndRemoveNode(newTree, newTree, path)
-      setDirectoryData(newTree)
-    }
-  }
-
-  const findAndRemoveNode = (
-    node: TreeNode,
-    parentNode: TreeNode,
-    path: string
-  ) => {
-    if (node.relativePath === path) {
-      removeNodeFromParent(parentNode, path)
-      return true
-    }
-    if (Array.isArray(node.children)) {
-      for (let i = 0; i < node.children.length; i++) {
-        if (findAndRemoveNode(node.children[i], node, path)) return
-      }
-    }
-  }
-
-  const removeNodeFromParent = (parent: TreeNode, path: string) => {
-    const index = parent.children.findIndex(
-      (node) => node.relativePath === path
-    )
-    if (index !== -1) {
-      parent.children.splice(index, 1)
-    }
-  }
-
-  return (
-    <Box sx={{ display: 'flex' }}>
-      <CssBaseline />
-      <SideBar
-        selectedFilePath={selectedFilePath}
-        directoryData={directoryData}
-        handleSelect={handleSelect}
-      />
-      <Main
-        selectedFilePath={selectedFilePath}
-        removeFileFromTree={removeFileFromTree}
-      />
-    </Box>
-  )
-}
-
-export default Drive

web/src/containers/Drive/main.tsx

@@ -1,173 +0,0 @@
-import React, { useState, useEffect } from 'react'
-import { Link } from 'react-router-dom'
-import axios from 'axios'
-
-import Editor from 'react-monaco-editor'
-
-import Box from '@mui/material/Box'
-import Paper from '@mui/material/Paper'
-import Stack from '@mui/material/Stack'
-import Button from '@mui/material/Button'
-import Toolbar from '@mui/material/Toolbar'
-import CircularProgress from '@mui/material/CircularProgress'
-
-type Props = {
-  selectedFilePath: string
-  removeFileFromTree: (path: string) => void
-}
-
-const Main = (props: Props) => {
-  const baseUrl = window.location.origin
-
-  const [isLoading, setIsLoading] = useState(false)
-  const [fileContentBeforeEdit, setFileContentBeforeEdit] = useState('')
-  const [fileContent, setFileContent] = useState('')
-  const [editMode, setEditMode] = useState(false)
-
-  useEffect(() => {
-    if (props.selectedFilePath) {
-      setIsLoading(true)
-      axios
-        .get(`/SASjsApi/drive/file?_filePath=${props.selectedFilePath}`)
-        .then((res: any) => {
-          setFileContent(res.data)
-        })
-        .catch((err) => {
-          console.log(err)
-        })
-        .finally(() => {
-          setIsLoading(false)
-        })
-    }
-  }, [props.selectedFilePath])
-
-  const handleDeleteBtnClick = () => {
-    setIsLoading(true)
-
-    const filePath = props.selectedFilePath
-
-    axios
-      .delete(`/SASjsApi/drive/file?_filePath=${filePath}`)
-      .then((res) => {
-        setFileContent('')
-        props.removeFileFromTree(filePath)
-        window.history.pushState('', '', `${baseUrl}/#/SASjsDrive`)
-      })
-      .catch((err) => {
-        console.log(err)
-      })
-      .finally(() => {
-        setIsLoading(false)
-      })
-  }
-
-  const handleEditSaveBtnClick = () => {
-    if (!editMode) {
-      setFileContentBeforeEdit(fileContent)
-      setEditMode(true)
-    } else {
-      setIsLoading(true)
-
-      const formData = new FormData()
-
-      const stringBlob = new Blob([fileContent], { type: 'text/plain' })
-      formData.append('file', stringBlob, 'filename.sas')
-      formData.append('filePath', props.selectedFilePath)
-
-      axios
-        .patch(`/SASjsApi/drive/file`, formData)
-        .then((res) => {
-          setEditMode(false)
-        })
-        .catch((err) => {
-          console.log(err)
-        })
-        .finally(() => {
-          setIsLoading(false)
-        })
-    }
-  }
-
-  const handleCancelExecuteBtnClick = () => {
-    if (editMode) {
-      setFileContent(fileContentBeforeEdit)
-      setEditMode(false)
-    } else {
-      window.open(
-        `${baseUrl}/SASjsApi/stp/execute?_program=${props.selectedFilePath}`
-      )
-    }
-  }
-
-  return (
-    <Box component="main" sx={{ flexGrow: 1, p: 3 }}>
-      <Toolbar />
-      <Paper
-        sx={{
-          height: '75vh',
-          padding: '10px',
-          overflow: 'auto',
-          position: 'relative'
-        }}
-        elevation={3}
-      >
-        {isLoading && (
-          <CircularProgress
-            style={{ position: 'absolute', left: '50%', top: '50%' }}
-          />
-        )}
-        {!isLoading && props?.selectedFilePath && !editMode && (
-          <code style={{ whiteSpace: 'break-spaces' }}>{fileContent}</code>
-        )}
-        {!isLoading && props?.selectedFilePath && editMode && (
-          <Editor
-            height="95%"
-            language="sas"
-            value={fileContent}
-            onChange={(val) => {
-              if (val) setFileContent(val)
-            }}
-          />
-        )}
-      </Paper>
-      <Stack
-        spacing={3}
-        direction="row"
-        sx={{ justifyContent: 'center', marginTop: '20px' }}
-      >
-        <Button
-          variant="contained"
-          onClick={handleDeleteBtnClick}
-          disabled={isLoading || !props?.selectedFilePath}
-        >
-          Delete
-        </Button>
-        <Button
-          variant="contained"
-          onClick={handleEditSaveBtnClick}
-          disabled={isLoading || !props?.selectedFilePath}
-        >
-          {!editMode ? 'Edit' : 'Save'}
-        </Button>
-        <Button
-          variant="contained"
-          onClick={handleCancelExecuteBtnClick}
-          disabled={isLoading || !props?.selectedFilePath}
-        >
-          {editMode ? 'Cancel' : 'Execute'}
-        </Button>
-        {props?.selectedFilePath && (
-          <Button
-            variant="contained"
-            component={Link}
-            to={`/SASjsStudio?_program=${props.selectedFilePath}`}
-          >
-            Open in Studio
-          </Button>
-        )}
-      </Stack>
-    </Box>
-  )
-}
-
-export default Main

web/src/containers/Drive/sideBar.tsx

@@ -1,100 +0,0 @@
-import React, { useMemo } from 'react'
-
-import { makeStyles } from '@mui/styles'
-
-import Box from '@mui/material/Box'
-import Drawer from '@mui/material/Drawer'
-import Toolbar from '@mui/material/Toolbar'
-import ListItem from '@mui/material/ListItem'
-import ListItemText from '@mui/material/ListItemText'
-
-import TreeView from '@mui/lab/TreeView'
-import TreeItem from '@mui/lab/TreeItem'
-
-import ExpandMoreIcon from '@mui/icons-material/ExpandMore'
-import ChevronRightIcon from '@mui/icons-material/ChevronRight'
-
-import { TreeNode } from '.'
-
-const useStyles = makeStyles(() => ({
-  root: {
-    '& .MuiTreeItem-content': {
-      width: 'auto'
-    }
-  },
-  listItem: {
-    padding: 0
-  }
-}))
-
-const drawerWidth = 240
-
-type Props = {
-  selectedFilePath: string
-  directoryData: TreeNode | null
-  handleSelect: (node: TreeNode) => void
-}
-
-const SideBar = ({ selectedFilePath, directoryData, handleSelect }: Props) => {
-  const classes = useStyles()
-
-  const defaultExpanded = useMemo(() => {
-    const splittedPath = selectedFilePath.split('/')
-    const arr = ['']
-    let nodeId = ''
-    splittedPath.forEach((path) => {
-      if (path !== '') {
-        nodeId += '/' + path
-        arr.push(nodeId)
-      }
-    })
-    return arr
-  }, [selectedFilePath])
-
-  const renderTree = (nodes: TreeNode) => (
-    <TreeItem
-      classes={{ root: classes.root }}
-      key={nodes.relativePath}
-      nodeId={nodes.relativePath}
-      label={
-        <ListItem
-          className={classes.listItem}
-          onClick={() => handleSelect(nodes)}
-        >
-          <ListItemText primary={nodes.name} />
-        </ListItem>
-      }
-    >
-      {Array.isArray(nodes.children)
-        ? nodes.children.map((node) => renderTree(node))
-        : null}
-    </TreeItem>
-  )
-
-  return (
-    <Drawer
-      variant="permanent"
-      sx={{
-        width: drawerWidth,
-        flexShrink: 0,
-        [`& .MuiDrawer-paper`]: { width: drawerWidth, boxSizing: 'border-box' }
-      }}
-    >
-      <Toolbar />
-      <Box sx={{ overflow: 'auto' }}>
-        {directoryData && (
-          <TreeView
-            defaultCollapseIcon={<ExpandMoreIcon />}
-            defaultExpandIcon={<ChevronRightIcon />}
-            defaultExpanded={defaultExpanded}
-            selected={defaultExpanded.slice(-1)}
-          >
-            {renderTree(directoryData)}
-          </TreeView>
-        )}
-      </Box>
-    </Drawer>
-  )
-}
-
-export default SideBar

web/src/containers/Settings/addPermissionModal.tsx

@@ -0,0 +1,255 @@
+import React, { useState, useEffect, Dispatch, SetStateAction } from 'react'
+import axios from 'axios'
+import {
+  Button,
+  Grid,
+  Dialog,
+  DialogContent,
+  DialogActions,
+  TextField,
+  CircularProgress,
+  Autocomplete
+} from '@mui/material'
+import { styled } from '@mui/material/styles'
+
+import { BootstrapDialogTitle } from '../../components/dialogTitle'
+
+import {
+  UserResponse,
+  GroupResponse,
+  RegisterPermissionPayload
+} from '../../utils/types'
+
+const BootstrapDialog = styled(Dialog)(({ theme }) => ({
+  '& .MuiDialogContent-root': {
+    padding: theme.spacing(2)
+  },
+  '& .MuiDialogActions-root': {
+    padding: theme.spacing(1)
+  }
+}))
+
+type AddPermissionModalProps = {
+  open: boolean
+  handleOpen: Dispatch<SetStateAction<boolean>>
+  addPermission: (
+    permissions: RegisterPermissionPayload[],
+    permissionType: string,
+    principalType: string,
+    principal: string,
+    permissionSetting: string
+  ) => void
+}
+
+const AddPermissionModal = ({
+  open,
+  handleOpen,
+  addPermission
+}: AddPermissionModalProps) => {
+  const [paths, setPaths] = useState<string[]>([])
+  const [loadingPaths, setLoadingPaths] = useState(false)
+  const [selectedPaths, setSelectedPaths] = useState<string[]>([])
+  const [permissionType, setPermissionType] = useState('Route')
+  const [principalType, setPrincipalType] = useState('Group')
+  const [userPrincipal, setUserPrincipal] = useState<UserResponse>()
+  const [groupPrincipal, setGroupPrincipal] = useState<GroupResponse>()
+  const [permissionSetting, setPermissionSetting] = useState('Grant')
+  const [loadingPrincipals, setLoadingPrincipals] = useState(false)
+  const [userPrincipals, setUserPrincipals] = useState<UserResponse[]>([])
+  const [groupPrincipals, setGroupPrincipals] = useState<GroupResponse[]>([])
+
+  useEffect(() => {
+    setLoadingPaths(true)
+    axios
+      .get('/SASjsApi/info/authorizedRoutes')
+      .then((res: any) => {
+        if (res.data) {
+          setPaths(res.data.paths)
+        }
+      })
+      .catch((err) => {
+        console.log(err)
+      })
+      .finally(() => {
+        setLoadingPaths(false)
+      })
+  }, [])
+
+  useEffect(() => {
+    setLoadingPrincipals(true)
+    axios
+      .get(`/SASjsApi/${principalType.toLowerCase()}`)
+      .then((res: any) => {
+        if (res.data) {
+          if (principalType.toLowerCase() === 'user') {
+            const users: UserResponse[] = res.data
+            const nonAdminUsers = users.filter((user) => !user.isAdmin)
+            setUserPrincipals(nonAdminUsers)
+          } else {
+            setGroupPrincipals(res.data)
+          }
+        }
+      })
+      .catch((err) => {
+        console.log(err)
+      })
+      .finally(() => {
+        setLoadingPrincipals(false)
+      })
+  }, [principalType])
+
+  const handleAddPermission = () => {
+    const permissions: RegisterPermissionPayload[] = []
+
+    selectedPaths.forEach((path) => {
+      const addPermissionPayload: any = {
+        path,
+        type: permissionType,
+        setting: permissionSetting,
+        principalType: principalType.toLowerCase(),
+        principalId:
+          principalType.toLowerCase() === 'user'
+            ? userPrincipal?.id
+            : groupPrincipal?.groupId
+      }
+
+      permissions.push(addPermissionPayload)
+    })
+
+    const principal =
+      principalType.toLowerCase() === 'user'
+        ? userPrincipal?.username
+        : groupPrincipal?.name
+
+    addPermission(
+      permissions,
+      permissionType,
+      principalType,
+      principal!,
+      permissionSetting
+    )
+  }
+
+  const addButtonDisabled =
+    !selectedPaths.length ||
+    (principalType.toLowerCase() === 'user' ? !userPrincipal : !groupPrincipal)
+
+  return (
+    <BootstrapDialog onClose={() => handleOpen(false)} open={open}>
+      <BootstrapDialogTitle
+        id="add-permission-dialog-title"
+        handleOpen={handleOpen}
+      >
+        Add Permission
+      </BootstrapDialogTitle>
+      <DialogContent dividers>
+        <Grid container spacing={2}>
+          <Grid item xs={12}>
+            <Autocomplete
+              multiple
+              disableClearable
+              options={paths}
+              filterSelectedOptions
+              value={selectedPaths}
+              onChange={(event: any, newValue: string[]) => {
+                setSelectedPaths(newValue)
+              }}
+              renderInput={(params) => <TextField {...params} label="Paths" />}
+            />
+          </Grid>
+          <Grid item xs={12}>
+            <Autocomplete
+              options={['Route']}
+              disableClearable
+              value={permissionType}
+              onChange={(event: any, newValue: string) =>
+                setPermissionType(newValue)
+              }
+              renderInput={(params) =>
+                loadingPaths ? (
+                  <CircularProgress />
+                ) : (
+                  <TextField {...params} label="Permission Type" />
+                )
+              }
+            />
+          </Grid>
+          <Grid item xs={12}>
+            <Autocomplete
+              options={['Group', 'User']}
+              disableClearable
+              value={principalType}
+              onChange={(event: any, newValue: string) =>
+                setPrincipalType(newValue)
+              }
+              renderInput={(params) => (
+                <TextField {...params} label="Principal Type" />
+              )}
+            />
+          </Grid>
+          <Grid item xs={12}>
+            {principalType.toLowerCase() === 'user' ? (
+              <Autocomplete
+                options={userPrincipals}
+                getOptionLabel={(option) => option.displayName}
+                disableClearable
+                value={userPrincipal}
+                onChange={(event: any, newValue: UserResponse) =>
+                  setUserPrincipal(newValue)
+                }
+                renderInput={(params) =>
+                  loadingPrincipals ? (
+                    <CircularProgress />
+                  ) : (
+                    <TextField {...params} label="Principal" />
+                  )
+                }
+              />
+            ) : (
+              <Autocomplete
+                options={groupPrincipals}
+                getOptionLabel={(option) => option.name}
+                disableClearable
+                value={groupPrincipal}
+                onChange={(event: any, newValue: GroupResponse) =>
+                  setGroupPrincipal(newValue)
+                }
+                renderInput={(params) =>
+                  loadingPrincipals ? (
+                    <CircularProgress />
+                  ) : (
+                    <TextField {...params} label="Principal" />
+                  )
+                }
+              />
+            )}
+          </Grid>
+          <Grid item xs={12}>
+            <Autocomplete
+              options={['Grant', 'Deny']}
+              disableClearable
+              value={permissionSetting}
+              onChange={(event: any, newValue: string) =>
+                setPermissionSetting(newValue)
+              }
+              renderInput={(params) => (
+                <TextField {...params} label="Settings" />
+              )}
+            />
+          </Grid>
+        </Grid>
+      </DialogContent>
+      <DialogActions>
+        <Button
+          variant="outlined"
+          onClick={handleAddPermission}
+          disabled={addButtonDisabled}
+        >
+          Add
+        </Button>
+      </DialogActions>
+    </BootstrapDialog>
+  )
+}
+
+export default AddPermissionModal

web/src/containers/Settings/addPermissionResponseModal.tsx

@@ -0,0 +1,120 @@
+import React from 'react'
+
+import { Typography, DialogContent } from '@mui/material'
+
+import { BootstrapDialog } from '../../components/modal'
+import { BootstrapDialogTitle } from '../../components/dialogTitle'
+import { PermissionResponse } from '../../utils/types'
+
+export interface PermissionResponsePayload {
+  permissionType: string
+  principalType: string
+  principal: string
+  permissionSetting: string
+  existingPermissions: PermissionResponse[]
+  newAddedPermissions: PermissionResponse[]
+  updatedPermissions: PermissionResponse[]
+  errorPaths: string[]
+}
+
+type Props = {
+  open: boolean
+  setOpen: React.Dispatch<React.SetStateAction<boolean>>
+  payload: PermissionResponsePayload
+}
+
+const PermissionResponseModal = ({ open, setOpen, payload }: Props) => {
+  const newAddedPermissionsLength = payload.newAddedPermissions.length
+  const updatedPermissionsLength = payload.updatedPermissions.length
+  const existingPermissionsLength = payload.existingPermissions.length
+  const appliedPermissionsLength =
+    newAddedPermissionsLength + updatedPermissionsLength
+
+  return (
+    <div>
+      <BootstrapDialog onClose={() => setOpen(false)} open={open}>
+        <BootstrapDialogTitle
+          id="permission-response-modal"
+          handleOpen={setOpen}
+        >
+          Permission Response
+        </BootstrapDialogTitle>
+        <DialogContent dividers>
+          <Typography sx={{ fontWeight: 'bold', marginBottom: '15px' }}>
+            {`${appliedPermissionsLength} "${payload.permissionSetting}", "${
+              payload.permissionType
+            }", "${payload.principalType}", "${payload.principal}" ${
+              appliedPermissionsLength > 1 ? 'Rules' : 'Rule'
+            }`}{' '}
+            Applied:
+          </Typography>
+
+          {newAddedPermissionsLength > 0 && (
+            <>
+              <Typography>
+                {`${newAddedPermissionsLength} ${
+                  newAddedPermissionsLength > 1 ? 'Rules' : 'Rule'
+                }`}{' '}
+                Added:
+              </Typography>
+              <ul>
+                {payload.newAddedPermissions.map((permission, index) => (
+                  <li key={index}>{permission.path}</li>
+                ))}
+              </ul>
+            </>
+          )}
+
+          {updatedPermissionsLength > 0 && (
+            <>
+              <Typography>
+                {` ${updatedPermissionsLength} ${
+                  updatedPermissionsLength > 1 ? 'Rules' : 'Rule'
+                }`}{' '}
+                Updated:
+              </Typography>
+              <ul>
+                {payload.updatedPermissions.map((permission, index) => (
+                  <li key={index}>{permission.path}</li>
+                ))}
+              </ul>
+            </>
+          )}
+
+          {existingPermissionsLength > 0 && (
+            <>
+              <Typography>
+                {`${existingPermissionsLength} ${
+                  existingPermissionsLength > 1 ? 'Rules' : 'Rule'
+                }`}{' '}
+                Unchanged:
+              </Typography>
+              <ul>
+                {payload.existingPermissions.map((permission, index) => (
+                  <li key={index}>{permission.path}</li>
+                ))}
+              </ul>
+            </>
+          )}
+
+          {payload.errorPaths.length > 0 && (
+            <>
+              <Typography style={{ color: 'red', marginTop: '10px' }}>
+                Errors occurred for following paths:
+              </Typography>
+              <ul>
+                {payload.errorPaths.map((path, index) => (
+                  <li key={index}>
+                    <Typography>{path}</Typography>
+                  </li>
+                ))}
+              </ul>
+            </>
+          )}
+        </DialogContent>
+      </BootstrapDialog>
+    </div>
+  )
+}
+
+export default PermissionResponseModal

web/src/containers/Settings/index.tsx

@@ -1,12 +1,15 @@
-import * as React from 'react'
+import React, { useState, useContext } from 'react'
 
 import { Box, Paper, Tab, styled } from '@mui/material'
 import TabContext from '@mui/lab/TabContext'
 import TabList from '@mui/lab/TabList'
 import TabPanel from '@mui/lab/TabPanel'
 
+import Permission from './permission'
 import Profile from './profile'
 
+import { AppContext, ModeType } from '../../context/appContext'
+
 const StyledTab = styled(Tab)({
   background: 'black',
   margin: '0 5px 5px 0'
@@ -17,7 +20,8 @@ const StyledTabpanel = styled(TabPanel)({
 })
 
 const Settings = () => {
-  const [value, setValue] = React.useState('profile')
+  const appContext = useContext(AppContext)
+  const [value, setValue] = useState('profile')
 
   const handleChange = (event: React.SyntheticEvent, newValue: string) => {
     setValue(newValue)
@@ -27,11 +31,20 @@ const Settings = () => {
     <Box
       sx={{
         display: 'flex',
+        flexDirection: { xs: 'column', md: 'row' },
         marginTop: '65px'
       }}
     >
       <TabContext value={value}>
-        <Box component={Paper} sx={{ margin: '0 5px', height: '92vh' }}>
+        <Box
+          component={Paper}
+          sx={{
+            margin: '0 5px',
+            height: { md: '92vh' },
+            display: 'flex',
+            justifyContent: 'center'
+          }}
+        >
           <TabList
             TabIndicatorProps={{
               style: {
@@ -42,11 +55,17 @@ const Settings = () => {
             onChange={handleChange}
           >
             <StyledTab label="Profile" value="profile" />
+            {appContext.mode === ModeType.Server && (
+              <StyledTab label="Permissions" value="permission" />
+            )}
           </TabList>
         </Box>
         <StyledTabpanel value="profile">
           <Profile />
         </StyledTabpanel>
+        <StyledTabpanel value="permission">
+          <Permission />
+        </StyledTabpanel>
       </TabContext>
     </Box>
   )

web/src/containers/Settings/permission.tsx

@@ -0,0 +1,575 @@
+import React, { useState, useEffect, useContext, useCallback } from 'react'
+import axios from 'axios'
+import {
+  Box,
+  Table,
+  TableBody,
+  TableCell,
+  TableContainer,
+  TableHead,
+  TableRow,
+  Paper,
+  Grid,
+  CircularProgress,
+  IconButton,
+  Tooltip,
+  Typography,
+  Popover
+} from '@mui/material'
+
+import FilterListIcon from '@mui/icons-material/FilterList'
+import AddIcon from '@mui/icons-material/Add'
+import EditIcon from '@mui/icons-material/Edit'
+import DeleteForeverIcon from '@mui/icons-material/DeleteForever'
+
+import { styled } from '@mui/material/styles'
+
+import Modal from '../../components/modal'
+import PermissionFilterModal from './permissionFilterModal'
+import AddPermissionModal from './addPermissionModal'
+import PermissionResponseModal, {
+  PermissionResponsePayload
+} from './addPermissionResponseModal'
+import UpdatePermissionModal from './updatePermissionModal'
+import DeleteConfirmationModal from '../../components/deleteConfirmationModal'
+import BootstrapSnackbar, { AlertSeverityType } from '../../components/snackbar'
+
+import {
+  GroupDetailsResponse,
+  PermissionResponse,
+  RegisterPermissionPayload
+} from '../../utils/types'
+import {
+  findExistingPermission,
+  findUpdatingPermission
+} from '../../utils/helper'
+
+import { AppContext } from '../../context/appContext'
+
+const BootstrapTableCell = styled(TableCell)({
+  textAlign: 'left'
+})
+
+const BootstrapGridItem = styled(Grid)({
+  '&.MuiGrid-item': {
+    maxWidth: '100%'
+  }
+})
+
+export enum PrincipalType {
+  User = 'User',
+  Group = 'Group'
+}
+
+const Permission = () => {
+  const appContext = useContext(AppContext)
+  const [isLoading, setIsLoading] = useState(false)
+  const [openModal, setOpenModal] = useState(false)
+  const [modalTitle, setModalTitle] = useState('')
+  const [modalPayload, setModalPayload] = useState('')
+  const [openSnackbar, setOpenSnackbar] = useState(false)
+  const [snackbarMessage, setSnackbarMessage] = useState('')
+  const [snackbarSeverity, setSnackbarSeverity] = useState<AlertSeverityType>(
+    AlertSeverityType.Success
+  )
+  const [addPermissionModalOpen, setAddPermissionModalOpen] = useState(false)
+  const [openPermissionResponseModal, setOpenPermissionResponseModal] =
+    useState(false)
+  const [permissionResponsePayload, setPermissionResponsePayload] =
+    useState<PermissionResponsePayload>({
+      permissionType: '',
+      principalType: '',
+      principal: '',
+      permissionSetting: '',
+      existingPermissions: [],
+      newAddedPermissions: [],
+      updatedPermissions: [],
+      errorPaths: []
+    })
+
+  const [updatePermissionModalOpen, setUpdatePermissionModalOpen] =
+    useState(false)
+  const [deleteConfirmationModalOpen, setDeleteConfirmationModalOpen] =
+    useState(false)
+  const [deleteConfirmationModalMessage, setDeleteConfirmationModalMessage] =
+    useState('')
+  const [selectedPermission, setSelectedPermission] =
+    useState<PermissionResponse>()
+  const [filterModalOpen, setFilterModalOpen] = useState(false)
+  const [pathFilter, setPathFilter] = useState<string[]>([])
+  const [principalFilter, setPrincipalFilter] = useState<string[]>([])
+  const [principalTypeFilter, setPrincipalTypeFilter] = useState<
+    PrincipalType[]
+  >([])
+  const [settingFilter, setSettingFilter] = useState<string[]>([])
+  const [permissions, setPermissions] = useState<PermissionResponse[]>([])
+  const [filteredPermissions, setFilteredPermissions] = useState<
+    PermissionResponse[]
+  >([])
+  const [filterApplied, setFilterApplied] = useState(false)
+
+  const fetchPermissions = useCallback(() => {
+    axios
+      .get(`/SASjsApi/permission`)
+      .then((res: any) => {
+        if (res.data?.length > 0) {
+          setPermissions(res.data)
+        }
+      })
+      .catch((err) => {
+        setModalTitle('Abort')
+        setModalPayload(
+          typeof err.response.data === 'object'
+            ? JSON.stringify(err.response.data)
+            : err.response.data
+        )
+        setOpenModal(true)
+      })
+  }, [])
+
+  useEffect(() => {
+    fetchPermissions()
+  }, [fetchPermissions])
+
+  /**
+   * first find the permissions w.r.t each filter type
+   * take intersection of resultant arrays
+   */
+  const applyFilter = () => {
+    setFilterModalOpen(false)
+
+    const uriFilteredPermissions =
+      pathFilter.length > 0
+        ? permissions.filter((permission) =>
+            pathFilter.includes(permission.path)
+          )
+        : permissions
+
+    const principalFilteredPermissions =
+      principalFilter.length > 0
+        ? permissions.filter((permission) => {
+            if (permission.user) {
+              return principalFilter.includes(permission.user.username)
+            }
+            if (permission.group) {
+              return principalFilter.includes(permission.group.name)
+            }
+            return false
+          })
+        : permissions
+
+    const principalTypeFilteredPermissions =
+      principalTypeFilter.length > 0
+        ? permissions.filter((permission) => {
+            if (permission.user) {
+              return principalTypeFilter.includes(PrincipalType.User)
+            }
+            if (permission.group) {
+              return principalTypeFilter.includes(PrincipalType.Group)
+            }
+            return false
+          })
+        : permissions
+
+    const settingFilteredPermissions =
+      settingFilter.length > 0
+        ? permissions.filter((permission) =>
+            settingFilter.includes(permission.setting)
+          )
+        : permissions
+
+    let filteredArray = uriFilteredPermissions.filter((permission) =>
+      principalFilteredPermissions.some(
+        (item) => item.permissionId === permission.permissionId
+      )
+    )
+
+    filteredArray = filteredArray.filter((permission) =>
+      principalTypeFilteredPermissions.some(
+        (item) => item.permissionId === permission.permissionId
+      )
+    )
+
+    filteredArray = filteredArray.filter((permission) =>
+      settingFilteredPermissions.some(
+        (item) => item.permissionId === permission.permissionId
+      )
+    )
+
+    setFilteredPermissions(filteredArray)
+    setFilterApplied(true)
+  }
+
+  const resetFilter = () => {
+    setFilterModalOpen(false)
+    setPathFilter([])
+    setPrincipalFilter([])
+    setSettingFilter([])
+    setFilteredPermissions([])
+    setFilterApplied(false)
+  }
+
+  const addPermission = async (
+    permissionsToAdd: RegisterPermissionPayload[],
+    permissionType: string,
+    principalType: string,
+    principal: string,
+    permissionSetting: string
+  ) => {
+    setAddPermissionModalOpen(false)
+    setIsLoading(true)
+
+    const newAddedPermissions: PermissionResponse[] = []
+    const updatedPermissions: PermissionResponse[] = []
+    const errorPaths: string[] = []
+
+    const existingPermissions: PermissionResponse[] = []
+    const updatingPermissions: PermissionResponse[] = []
+    const newPermissions: RegisterPermissionPayload[] = []
+
+    permissionsToAdd.forEach((permission) => {
+      const existingPermission = findExistingPermission(permissions, permission)
+      if (existingPermission) {
+        existingPermissions.push(existingPermission)
+        return
+      }
+
+      const updatingPermission = findUpdatingPermission(permissions, permission)
+      if (updatingPermission) {
+        updatingPermissions.push(updatingPermission)
+        return
+      }
+
+      newPermissions.push(permission)
+    })
+
+    for (const permission of newPermissions) {
+      await axios
+        .post('/SASjsApi/permission', permission)
+        .then((res) => {
+          newAddedPermissions.push(res.data)
+        })
+        .catch((error) => {
+          errorPaths.push(permission.path)
+        })
+    }
+
+    for (const permission of updatingPermissions) {
+      await axios
+        .patch(`/SASjsApi/permission/${permission.permissionId}`, {
+          setting: permission.setting === 'Grant' ? 'Deny' : 'Grant'
+        })
+        .then((res) => {
+          updatedPermissions.push(res.data)
+        })
+        .catch((error) => {
+          errorPaths.push(permission.path)
+        })
+    }
+
+    fetchPermissions()
+    setIsLoading(false)
+    setPermissionResponsePayload({
+      permissionType,
+      principalType,
+      principal,
+      permissionSetting,
+      existingPermissions,
+      updatedPermissions,
+      newAddedPermissions,
+      errorPaths
+    })
+    setOpenPermissionResponseModal(true)
+  }
+
+  const handleUpdatePermissionClick = (permission: PermissionResponse) => {
+    setSelectedPermission(permission)
+    setUpdatePermissionModalOpen(true)
+  }
+
+  const updatePermission = (setting: string) => {
+    setUpdatePermissionModalOpen(false)
+    setIsLoading(true)
+    axios
+      .patch(`/SASjsApi/permission/${selectedPermission?.permissionId}`, {
+        setting
+      })
+      .then((res: any) => {
+        fetchPermissions()
+        setSnackbarMessage('Permission updated!')
+        setSnackbarSeverity(AlertSeverityType.Success)
+        setOpenSnackbar(true)
+      })
+      .catch((err) => {
+        setModalTitle('Abort')
+        setModalPayload(
+          typeof err.response.data === 'object'
+            ? JSON.stringify(err.response.data)
+            : err.response.data
+        )
+        setOpenModal(true)
+      })
+      .finally(() => {
+        setIsLoading(false)
+        setSelectedPermission(undefined)
+      })
+  }
+
+  const handleDeletePermissionClick = (permission: PermissionResponse) => {
+    setSelectedPermission(permission)
+    setDeleteConfirmationModalOpen(true)
+    setDeleteConfirmationModalMessage(
+      'Are you sure you want to delete this permission?'
+    )
+  }
+
+  const deletePermission = () => {
+    setDeleteConfirmationModalOpen(false)
+    setIsLoading(true)
+    axios
+      .delete(`/SASjsApi/permission/${selectedPermission?.permissionId}`)
+      .then((res: any) => {
+        fetchPermissions()
+        setSnackbarMessage('Permission deleted!')
+        setSnackbarSeverity(AlertSeverityType.Success)
+        setOpenSnackbar(true)
+      })
+      .catch((err) => {
+        setModalTitle('Abort')
+        setModalPayload(
+          typeof err.response.data === 'object'
+            ? JSON.stringify(err.response.data)
+            : err.response.data
+        )
+        setOpenModal(true)
+      })
+      .finally(() => {
+        setIsLoading(false)
+        setSelectedPermission(undefined)
+      })
+  }
+
+  return isLoading ? (
+    <CircularProgress
+      style={{ position: 'absolute', left: '50%', top: '50%' }}
+    />
+  ) : (
+    <Box className="permissions-page">
+      <Grid container direction="column" spacing={1}>
+        <BootstrapGridItem item xs={12}>
+          <Paper elevation={3} sx={{ display: 'flex' }}>
+            <Tooltip title="Filter Permissions">
+              <IconButton onClick={() => setFilterModalOpen(true)}>
+                <FilterListIcon />
+              </IconButton>
+            </Tooltip>
+            {appContext.isAdmin && (
+              <Tooltip
+                sx={{ marginLeft: 'auto' }}
+                title="Add Permission"
+                placement="bottom-end"
+              >
+                <IconButton onClick={() => setAddPermissionModalOpen(true)}>
+                  <AddIcon />
+                </IconButton>
+              </Tooltip>
+            )}
+          </Paper>
+        </BootstrapGridItem>
+        <BootstrapGridItem item xs={12}>
+          <PermissionTable
+            permissions={filterApplied ? filteredPermissions : permissions}
+            handleUpdatePermissionClick={handleUpdatePermissionClick}
+            handleDeletePermissionClick={handleDeletePermissionClick}
+          />
+        </BootstrapGridItem>
+      </Grid>
+      <BootstrapSnackbar
+        open={openSnackbar}
+        setOpen={setOpenSnackbar}
+        message={snackbarMessage}
+        severity={snackbarSeverity}
+      />
+      <Modal
+        open={openModal}
+        setOpen={setOpenModal}
+        title={modalTitle}
+        payload={modalPayload}
+      />
+      <PermissionFilterModal
+        open={filterModalOpen}
+        handleOpen={setFilterModalOpen}
+        permissions={permissions}
+        pathFilter={pathFilter}
+        setPathFilter={setPathFilter}
+        principalFilter={principalFilter}
+        setPrincipalFilter={setPrincipalFilter}
+        principalTypeFilter={principalTypeFilter}
+        setPrincipalTypeFilter={setPrincipalTypeFilter}
+        settingFilter={settingFilter}
+        setSettingFilter={setSettingFilter}
+        applyFilter={applyFilter}
+        resetFilter={resetFilter}
+      />
+      <AddPermissionModal
+        open={addPermissionModalOpen}
+        handleOpen={setAddPermissionModalOpen}
+        addPermission={addPermission}
+      />
+      <PermissionResponseModal
+        open={openPermissionResponseModal}
+        setOpen={setOpenPermissionResponseModal}
+        payload={permissionResponsePayload}
+      />
+      <UpdatePermissionModal
+        open={updatePermissionModalOpen}
+        handleOpen={setUpdatePermissionModalOpen}
+        permission={selectedPermission}
+        updatePermission={updatePermission}
+      />
+      <DeleteConfirmationModal
+        open={deleteConfirmationModalOpen}
+        setOpen={setDeleteConfirmationModalOpen}
+        message={deleteConfirmationModalMessage}
+        _delete={deletePermission}
+      />
+    </Box>
+  )
+}
+
+export default Permission
+
+type PermissionTableProps = {
+  permissions: PermissionResponse[]
+  handleUpdatePermissionClick: (permission: PermissionResponse) => void
+  handleDeletePermissionClick: (permission: PermissionResponse) => void
+}
+
+const PermissionTable = ({
+  permissions,
+  handleUpdatePermissionClick,
+  handleDeletePermissionClick
+}: PermissionTableProps) => {
+  const appContext = useContext(AppContext)
+
+  return (
+    <TableContainer component={Paper}>
+      <Table sx={{ minWidth: 650 }}>
+        <TableHead sx={{ background: 'rgb(0,0,0, 0.3)' }}>
+          <TableRow>
+            <BootstrapTableCell>Path</BootstrapTableCell>
+            <BootstrapTableCell>Permission Type</BootstrapTableCell>
+            <BootstrapTableCell>Principal</BootstrapTableCell>
+            <BootstrapTableCell>Principal Type</BootstrapTableCell>
+            <BootstrapTableCell>Setting</BootstrapTableCell>
+            {appContext.isAdmin && (
+              <BootstrapTableCell>Action</BootstrapTableCell>
+            )}
+          </TableRow>
+        </TableHead>
+        <TableBody>
+          {permissions.map((permission) => (
+            <TableRow key={permission.permissionId}>
+              <BootstrapTableCell>{permission.path}</BootstrapTableCell>
+              <BootstrapTableCell>{permission.type}</BootstrapTableCell>
+              <BootstrapTableCell>
+                {displayPrincipal(permission)}
+              </BootstrapTableCell>
+              <BootstrapTableCell>
+                {displayPrincipalType(permission)}
+              </BootstrapTableCell>
+              <BootstrapTableCell>{permission.setting}</BootstrapTableCell>
+              {appContext.isAdmin && (
+                <BootstrapTableCell>
+                  <Tooltip title="Edit Permission">
+                    <IconButton
+                      onClick={() => handleUpdatePermissionClick(permission)}
+                    >
+                      <EditIcon />
+                    </IconButton>
+                  </Tooltip>
+                  <Tooltip title="Delete Permission">
+                    <IconButton
+                      color="error"
+                      onClick={() => handleDeletePermissionClick(permission)}
+                    >
+                      <DeleteForeverIcon />
+                    </IconButton>
+                  </Tooltip>
+                </BootstrapTableCell>
+              )}
+            </TableRow>
+          ))}
+        </TableBody>
+      </Table>
+    </TableContainer>
+  )
+}
+
+const displayPrincipal = (permission: PermissionResponse) => {
+  if (permission.user) return permission.user.username
+  if (permission.group) return <DisplayGroup group={permission.group} />
+}
+
+type DisplayGroupProps = {
+  group: GroupDetailsResponse
+}
+
+const DisplayGroup = ({ group }: DisplayGroupProps) => {
+  const [anchorEl, setAnchorEl] = useState<HTMLElement | null>(null)
+
+  const handlePopoverOpen = (event: React.MouseEvent<HTMLElement>) => {
+    setAnchorEl(event.currentTarget)
+  }
+
+  const handlePopoverClose = () => {
+    setAnchorEl(null)
+  }
+
+  const open = Boolean(anchorEl)
+
+  return (
+    <div>
+      <Typography
+        aria-owns={open ? 'mouse-over-popover' : undefined}
+        aria-haspopup="true"
+        onMouseEnter={handlePopoverOpen}
+        onMouseLeave={handlePopoverClose}
+      >
+        {group.name}
+      </Typography>
+      <Popover
+        id="mouse-over-popover"
+        sx={{
+          pointerEvents: 'none'
+        }}
+        open={open}
+        anchorEl={anchorEl}
+        anchorOrigin={{
+          vertical: 'bottom',
+          horizontal: 'left'
+        }}
+        transformOrigin={{
+          vertical: 'top',
+          horizontal: 'left'
+        }}
+        onClose={handlePopoverClose}
+        disableRestoreFocus
+      >
+        <Typography sx={{ p: 1 }} variant="h6" component="div">
+          Group Members
+        </Typography>
+        {group.users.map((user, index) => (
+          <Typography key={index} sx={{ p: 1 }} component="li">
+            {user.username}
+          </Typography>
+        ))}
+      </Popover>
+    </div>
+  )
+}
+
+const displayPrincipalType = (permission: PermissionResponse) => {
+  if (permission.user) return PrincipalType.User
+  if (permission.group) return PrincipalType.Group
+}

web/src/containers/Settings/permissionFilterModal.tsx

@@ -0,0 +1,154 @@
+import React, { Dispatch, SetStateAction } from 'react'
+import {
+  Button,
+  Grid,
+  Dialog,
+  DialogContent,
+  DialogActions,
+  TextField
+} from '@mui/material'
+import { styled } from '@mui/material/styles'
+import Autocomplete from '@mui/material/Autocomplete'
+
+import { PermissionResponse } from '../../utils/types'
+import { BootstrapDialogTitle } from '../../components/dialogTitle'
+import { PrincipalType } from './permission'
+
+const BootstrapDialog = styled(Dialog)(({ theme }) => ({
+  '& .MuiDialogContent-root': {
+    padding: theme.spacing(2)
+  },
+  '& .MuiDialogActions-root': {
+    padding: theme.spacing(1)
+  }
+}))
+
+type FilterModalProps = {
+  open: boolean
+  handleOpen: Dispatch<SetStateAction<boolean>>
+  permissions: PermissionResponse[]
+  pathFilter: string[]
+  setPathFilter: Dispatch<SetStateAction<string[]>>
+  principalFilter: string[]
+  setPrincipalFilter: Dispatch<SetStateAction<string[]>>
+  principalTypeFilter: PrincipalType[]
+  setPrincipalTypeFilter: Dispatch<SetStateAction<PrincipalType[]>>
+  settingFilter: string[]
+  setSettingFilter: Dispatch<SetStateAction<string[]>>
+  applyFilter: () => void
+  resetFilter: () => void
+}
+
+const PermissionFilterModal = ({
+  open,
+  handleOpen,
+  permissions,
+  pathFilter,
+  setPathFilter,
+  principalFilter,
+  setPrincipalFilter,
+  principalTypeFilter,
+  setPrincipalTypeFilter,
+  settingFilter,
+  setSettingFilter,
+  applyFilter,
+  resetFilter
+}: FilterModalProps) => {
+  const paths = permissions
+    .map((permission) => permission.path)
+    .filter((uri, index, array) => array.indexOf(uri) === index)
+
+  // fetch all the principals from permissions array
+  let principals = permissions.map((permission) => {
+    if (permission.user) return permission.user.username
+    if (permission.group) return permission.group.name
+    return ''
+  })
+
+  // removes empty strings
+  principals = principals.filter((principal) => principal !== '')
+
+  // removes the duplicates
+  principals = principals.filter(
+    (principal, index, array) => array.indexOf(principal) === index
+  )
+
+  return (
+    <BootstrapDialog onClose={() => handleOpen(false)} open={open}>
+      <BootstrapDialogTitle
+        id="permission-filter-dialog-title"
+        handleOpen={handleOpen}
+      >
+        Permission Filter
+      </BootstrapDialogTitle>
+      <DialogContent dividers>
+        <Grid container spacing={1}>
+          <Grid item xs={12}>
+            <Autocomplete
+              multiple
+              options={paths}
+              filterSelectedOptions
+              value={pathFilter}
+              onChange={(event: any, newValue: string[]) => {
+                setPathFilter(newValue)
+              }}
+              renderInput={(params) => <TextField {...params} label="Paths" />}
+            />
+          </Grid>
+          <Grid item xs={12}>
+            <Autocomplete
+              multiple
+              options={principals}
+              filterSelectedOptions
+              value={principalFilter}
+              onChange={(event: any, newValue: string[]) => {
+                setPrincipalFilter(newValue)
+              }}
+              renderInput={(params) => (
+                <TextField {...params} label="Principals" />
+              )}
+            />
+          </Grid>
+          <Grid item xs={12}>
+            <Autocomplete
+              multiple
+              options={Object.values(PrincipalType)}
+              filterSelectedOptions
+              value={principalTypeFilter}
+              onChange={(event: any, newValue: PrincipalType[]) => {
+                setPrincipalTypeFilter(newValue)
+              }}
+              renderInput={(params) => (
+                <TextField {...params} label="Principal Type" />
+              )}
+            />
+          </Grid>
+          <Grid item xs={12}>
+            <Autocomplete
+              multiple
+              options={['Grant', 'Deny']}
+              filterSelectedOptions
+              value={settingFilter}
+              onChange={(event: any, newValue: string[]) => {
+                setSettingFilter(newValue)
+              }}
+              renderInput={(params) => (
+                <TextField {...params} label="Settings" />
+              )}
+            />
+          </Grid>
+        </Grid>
+      </DialogContent>
+      <DialogActions>
+        <Button variant="outlined" color="error" onClick={resetFilter}>
+          Reset
+        </Button>
+        <Button variant="outlined" onClick={applyFilter}>
+          Apply
+        </Button>
+      </DialogActions>
+    </BootstrapDialog>
+  )
+}
+
+export default PermissionFilterModal

web/src/containers/Settings/updatePermissionModal.tsx

@@ -0,0 +1,84 @@
+import React, { useState, Dispatch, SetStateAction, useEffect } from 'react'
+import {
+  Button,
+  Grid,
+  Dialog,
+  DialogContent,
+  DialogActions,
+  TextField
+} from '@mui/material'
+import { styled } from '@mui/material/styles'
+import Autocomplete from '@mui/material/Autocomplete'
+
+import { BootstrapDialogTitle } from '../../components/dialogTitle'
+
+import { PermissionResponse } from '../../utils/types'
+
+const BootstrapDialog = styled(Dialog)(({ theme }) => ({
+  '& .MuiDialogContent-root': {
+    padding: theme.spacing(2)
+  },
+  '& .MuiDialogActions-root': {
+    padding: theme.spacing(1)
+  }
+}))
+
+type UpdatePermissionModalProps = {
+  open: boolean
+  handleOpen: Dispatch<SetStateAction<boolean>>
+  permission: PermissionResponse | undefined
+  updatePermission: (setting: string) => void
+}
+
+const UpdatePermissionModal = ({
+  open,
+  handleOpen,
+  permission,
+  updatePermission
+}: UpdatePermissionModalProps) => {
+  const [permissionSetting, setPermissionSetting] = useState('Grant')
+
+  useEffect(() => {
+    if (permission) setPermissionSetting(permission.setting)
+  }, [permission])
+
+  return (
+    <BootstrapDialog onClose={() => handleOpen(false)} open={open}>
+      <BootstrapDialogTitle
+        id="add-permission-dialog-title"
+        handleOpen={handleOpen}
+      >
+        Update Permission
+      </BootstrapDialogTitle>
+      <DialogContent dividers>
+        <Grid container spacing={2}>
+          <Grid item xs={12}>
+            <Autocomplete
+              sx={{ width: 300 }}
+              options={['Grant', 'Deny']}
+              disableClearable
+              value={permissionSetting}
+              onChange={(event: any, newValue: string) =>
+                setPermissionSetting(newValue)
+              }
+              renderInput={(params) => (
+                <TextField {...params} label="Settings" />
+              )}
+            />
+          </Grid>
+        </Grid>
+      </DialogContent>
+      <DialogActions>
+        <Button
+          variant="outlined"
+          onClick={() => updatePermission(permissionSetting)}
+          disabled={permission?.setting === permissionSetting}
+        >
+          Update
+        </Button>
+      </DialogActions>
+    </BootstrapDialog>
+  )
+}
+
+export default UpdatePermissionModal

web/src/containers/Studio/editor.tsx

@@ -0,0 +1,713 @@
+import React, {
+  Dispatch,
+  SetStateAction,
+  useEffect,
+  useRef,
+  useState,
+  useContext,
+  useCallback
+} from 'react'
+import axios from 'axios'
+
+import {
+  Backdrop,
+  Box,
+  Button,
+  CircularProgress,
+  FormControl,
+  IconButton,
+  Menu,
+  MenuItem,
+  Paper,
+  Select,
+  SelectChangeEvent,
+  Tab,
+  Tooltip,
+  Typography
+} from '@mui/material'
+import { styled } from '@mui/material/styles'
+
+import {
+  RocketLaunch,
+  MoreVert,
+  Save,
+  SaveAs,
+  Difference,
+  Edit
+} from '@mui/icons-material'
+import Editor, {
+  MonacoDiffEditor,
+  DiffEditorDidMount,
+  EditorDidMount,
+  monaco
+} from 'react-monaco-editor'
+import { TabContext, TabList, TabPanel } from '@mui/lab'
+
+import { AppContext, RunTimeType } from '../../context/appContext'
+
+import FilePathInputModal from '../../components/filePathInputModal'
+import BootstrapSnackbar, { AlertSeverityType } from '../../components/snackbar'
+import Modal from '../../components/modal'
+
+import { usePrompt, useStateWithCallback } from '../../utils/hooks'
+
+const StyledTabPanel = styled(TabPanel)(() => ({
+  padding: '10px'
+}))
+
+const StyledTab = styled(Tab)(() => ({
+  fontSize: '1rem',
+  color: 'gray',
+  '&.Mui-selected': {
+    color: 'black'
+  }
+}))
+
+type SASjsEditorProps = {
+  selectedFilePath: string
+  setSelectedFilePath: (filePath: string, refreshSideBar?: boolean) => void
+  tab: string
+  setTab: Dispatch<SetStateAction<string>>
+}
+
+const baseUrl = window.location.origin
+const SASJS_LOGS_SEPARATOR =
+  'SASJS_LOGS_SEPARATOR_163ee17b6ff24f028928972d80a26784'
+
+const SASjsEditor = ({
+  selectedFilePath,
+  setSelectedFilePath,
+  tab,
+  setTab
+}: SASjsEditorProps) => {
+  const appContext = useContext(AppContext)
+  const [isLoading, setIsLoading] = useState(false)
+  const [openModal, setOpenModal] = useState(false)
+  const [modalTitle, setModalTitle] = useState('')
+  const [modalPayload, setModalPayload] = useState('')
+  const [openSnackbar, setOpenSnackbar] = useState(false)
+  const [snackbarMessage, setSnackbarMessage] = useState('')
+  const [snackbarSeverity, setSnackbarSeverity] = useState<AlertSeverityType>(
+    AlertSeverityType.Success
+  )
+  const [prevFileContent, setPrevFileContent] = useStateWithCallback('')
+  const [fileContent, setFileContent] = useState('')
+  const [log, setLog] = useState('')
+  const [ctrlPressed, setCtrlPressed] = useState(false)
+  const [webout, setWebout] = useState('')
+  const [runTimes, setRunTimes] = useState<string[]>([])
+  const [selectedRunTime, setSelectedRunTime] = useState('')
+  const [selectedFileExtension, setSelectedFileExtension] = useState('')
+  const [openFilePathInputModal, setOpenFilePathInputModal] = useState(false)
+  const [showDiff, setShowDiff] = useState(false)
+
+  const editorRef = useRef(null as any)
+
+  const handleEditorDidMount: EditorDidMount = (editor) => {
+    editorRef.current = editor
+    editor.focus()
+    editor.addAction({
+      // An unique identifier of the contributed action.
+      id: 'show-difference',
+
+      // A label of the action that will be presented to the user.
+      label: 'Show Differences',
+
+      // An optional array of keybindings for the action.
+      keybindings: [monaco.KeyMod.CtrlCmd | monaco.KeyCode.KeyD],
+
+      contextMenuGroupId: 'navigation',
+
+      contextMenuOrder: 1,
+
+      // Method that will be executed when the action is triggered.
+      // @param editor The editor instance is passed in as a convenience
+      run: function (ed) {
+        setShowDiff(true)
+      }
+    })
+  }
+
+  const handleDiffEditorDidMount: DiffEditorDidMount = (diffEditor) => {
+    diffEditor.focus()
+    diffEditor.addCommand(monaco.KeyCode.Escape, function () {
+      setShowDiff(false)
+    })
+  }
+
+  usePrompt(
+    'Changes you made may not be saved.',
+    prevFileContent !== fileContent && !!selectedFilePath
+  )
+
+  const saveFile = useCallback(
+    (filePath?: string) => {
+      setIsLoading(true)
+
+      if (filePath) {
+        filePath = filePath.startsWith('/') ? filePath : `/${filePath}`
+      }
+
+      const formData = new FormData()
+
+      const stringBlob = new Blob([fileContent], { type: 'text/plain' })
+      formData.append('file', stringBlob)
+      formData.append('filePath', filePath ?? selectedFilePath)
+
+      const axiosPromise = filePath
+        ? axios.post('/SASjsApi/drive/file', formData)
+        : axios.patch('/SASjsApi/drive/file', formData)
+
+      axiosPromise
+        .then(() => {
+          if (filePath && fileContent === prevFileContent) {
+            // when fileContent and prevFileContent is same,
+            // callback function in setPrevFileContent method is not called
+            // because behind the scene useEffect hook is being used
+            // for calling callback function, and it's only fired when the
+            // new value is not equal to old value.
+            // So, we'll have to explicitly update the selected file path
+
+            setSelectedFilePath(filePath, true)
+          } else {
+            setPrevFileContent(fileContent, () => {
+              if (filePath) {
+                setSelectedFilePath(filePath, true)
+              }
+            })
+          }
+          setSnackbarMessage('File saved!')
+          setSnackbarSeverity(AlertSeverityType.Success)
+          setOpenSnackbar(true)
+        })
+        .catch((err) => {
+          setModalTitle('Abort')
+          setModalPayload(
+            typeof err.response.data === 'object'
+              ? JSON.stringify(err.response.data)
+              : err.response.data
+          )
+          setOpenModal(true)
+        })
+        .finally(() => {
+          setIsLoading(false)
+        })
+    },
+    [
+      fileContent,
+      prevFileContent,
+      selectedFilePath,
+      setPrevFileContent,
+      setSelectedFilePath
+    ]
+  )
+
+  useEffect(() => {
+    editorRef.current.addAction({
+      // An unique identifier of the contributed action.
+      id: 'save-file',
+
+      // A label of the action that will be presented to the user.
+      label: 'Save',
+
+      // An optional array of keybindings for the action.
+      keybindings: [monaco.KeyMod.CtrlCmd | monaco.KeyCode.KeyS],
+
+      // Method that will be executed when the action is triggered.
+      // @param editor The editor instance is passed in as a convenience
+      run: () => {
+        if (!selectedFilePath) return setOpenFilePathInputModal(true)
+        if (prevFileContent !== fileContent) return saveFile()
+      }
+    })
+  }, [fileContent, prevFileContent, selectedFilePath, saveFile])
+
+  useEffect(() => {
+    setRunTimes(Object.values(appContext.runTimes))
+  }, [appContext.runTimes])
+
+  useEffect(() => {
+    if (runTimes.length) setSelectedRunTime(runTimes[0])
+  }, [runTimes])
+
+  useEffect(() => {
+    if (selectedFilePath) {
+      setIsLoading(true)
+      setSelectedFileExtension(selectedFilePath.split('.').pop() ?? '')
+      axios
+        .get(`/SASjsApi/drive/file?_filePath=${selectedFilePath}`)
+        .then((res: any) => {
+          setPrevFileContent(res.data)
+          setFileContent(res.data)
+        })
+        .catch((err) => {
+          setModalTitle('Abort')
+          setModalPayload(
+            typeof err.response.data === 'object'
+              ? JSON.stringify(err.response.data)
+              : err.response.data
+          )
+          setOpenModal(true)
+        })
+        .finally(() => setIsLoading(false))
+    } else {
+      const content = localStorage.getItem('fileContent') ?? ''
+      setFileContent(content)
+    }
+    setLog('')
+    setWebout('')
+    setTab('code')
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+  }, [selectedFilePath])
+
+  useEffect(() => {
+    if (fileContent.length && !selectedFilePath) {
+      localStorage.setItem('fileContent', fileContent)
+    }
+  }, [fileContent, selectedFilePath])
+
+  useEffect(() => {
+    if (runTimes.includes(selectedFileExtension))
+      setSelectedRunTime(selectedFileExtension)
+  }, [selectedFileExtension, runTimes])
+
+  const handleTabChange = (_e: any, newValue: string) => {
+    setTab(newValue)
+  }
+
+  const getSelection = () => {
+    const editor = editorRef.current as any
+    const selection = editor?.getModel().getValueInRange(editor?.getSelection())
+    return selection ?? ''
+  }
+
+  const handleRunBtnClick = () => runCode(getSelection() || fileContent)
+
+  const runCode = (code: string) => {
+    setIsLoading(true)
+    axios
+      .post(`/SASjsApi/code/execute`, { code, runTime: selectedRunTime })
+      .then((res: any) => {
+        setWebout(res.data.split(SASJS_LOGS_SEPARATOR)[0] ?? '')
+        setLog(res.data.split(SASJS_LOGS_SEPARATOR)[1] ?? '')
+        setTab('log')
+
+        // Scroll to bottom of log
+        const logElement = document.getElementById('log')
+        if (logElement) logElement.scrollTop = logElement.scrollHeight
+      })
+      .catch((err) => {
+        setModalTitle('Abort')
+        setModalPayload(
+          typeof err.response.data === 'object'
+            ? JSON.stringify(err.response.data)
+            : err.response.data
+        )
+        setOpenModal(true)
+      })
+      .finally(() => setIsLoading(false))
+  }
+
+  const handleKeyDown = (event: any) => {
+    if (event.ctrlKey) {
+      if (event.key === 'v') {
+        setCtrlPressed(false)
+      }
+
+      if (event.key === 'Enter') runCode(getSelection() || fileContent)
+      if (!ctrlPressed) setCtrlPressed(true)
+    }
+  }
+
+  const handleKeyUp = (event: any) => {
+    if (!event.ctrlKey && ctrlPressed) setCtrlPressed(false)
+  }
+
+  const handleChangeRunTime = (event: SelectChangeEvent) => {
+    setSelectedRunTime(event.target.value as RunTimeType)
+  }
+
+  const handleFilePathInput = (filePath: string) => {
+    setOpenFilePathInputModal(false)
+    saveFile(filePath)
+  }
+
+  return (
+    <Box sx={{ width: '100%', typography: 'body1', marginTop: '50px' }}>
+      <Backdrop
+        sx={{ color: '#fff', zIndex: (theme) => theme.zIndex.drawer + 1 }}
+        open={isLoading}
+      >
+        <CircularProgress color="inherit" />
+      </Backdrop>
+      {selectedFilePath && !runTimes.includes(selectedFileExtension) ? (
+        <Box sx={{ marginTop: '10px' }}>
+          <Box sx={{ display: 'flex', justifyContent: 'center' }}>
+            <FileMenu
+              showDiff={showDiff}
+              setShowDiff={setShowDiff}
+              prevFileContent={prevFileContent}
+              currentFileContent={fileContent}
+              selectedFilePath={selectedFilePath}
+              setOpenFilePathInputModal={setOpenFilePathInputModal}
+              saveFile={saveFile}
+            />
+          </Box>
+          <Paper
+            sx={{
+              height: 'calc(100vh - 140px)',
+              padding: '10px',
+              margin: '0 24px',
+              overflow: 'auto',
+              position: 'relative'
+            }}
+            elevation={3}
+          >
+            {showDiff ? (
+              <MonacoDiffEditor
+                height="98%"
+                language={getLanguage(selectedFileExtension)}
+                original={prevFileContent}
+                value={fileContent}
+                editorDidMount={handleDiffEditorDidMount}
+                options={{ readOnly: ctrlPressed }}
+                onChange={(val) => setFileContent(val)}
+              />
+            ) : (
+              <Editor
+                height="98%"
+                language={getLanguage(selectedFileExtension)}
+                value={fileContent}
+                editorDidMount={handleEditorDidMount}
+                options={{ readOnly: ctrlPressed }}
+                onChange={(val) => setFileContent(val)}
+              />
+            )}
+          </Paper>
+        </Box>
+      ) : (
+        <TabContext value={tab}>
+          <Box
+            sx={{
+              borderBottom: 1,
+              borderColor: 'divider',
+              background: 'white'
+            }}
+          >
+            <TabList onChange={handleTabChange} centered>
+              <StyledTab label="Code" value="code" />
+              <StyledTab label="Log" value="log" />
+              <StyledTab
+                label={
+                  <Tooltip title="Displays content from the _webout fileref">
+                    <Typography>Webout</Typography>
+                  </Tooltip>
+                }
+                value="webout"
+              />
+            </TabList>
+          </Box>
+
+          <StyledTabPanel sx={{ paddingBottom: 0 }} value="code">
+            <Box sx={{ display: 'flex', justifyContent: 'center' }}>
+              <RunMenu
+                fileContent={fileContent}
+                prevFileContent={prevFileContent}
+                selectedFilePath={selectedFilePath}
+                selectedRunTime={selectedRunTime}
+                runTimes={runTimes}
+                handleChangeRunTime={handleChangeRunTime}
+                handleRunBtnClick={handleRunBtnClick}
+              />
+              <FileMenu
+                showDiff={showDiff}
+                setShowDiff={setShowDiff}
+                prevFileContent={prevFileContent}
+                currentFileContent={fileContent}
+                selectedFilePath={selectedFilePath}
+                setOpenFilePathInputModal={setOpenFilePathInputModal}
+                saveFile={saveFile}
+              />
+            </Box>
+            <Paper
+              onKeyUp={handleKeyUp}
+              onKeyDown={handleKeyDown}
+              sx={{
+                height: 'calc(100vh - 170px)',
+                padding: '10px',
+                overflow: 'auto',
+                position: 'relative'
+              }}
+              elevation={3}
+            >
+              {showDiff ? (
+                <MonacoDiffEditor
+                  height="98%"
+                  language={getLanguage(selectedFileExtension)}
+                  original={prevFileContent}
+                  value={fileContent}
+                  editorDidMount={handleDiffEditorDidMount}
+                  options={{ readOnly: ctrlPressed }}
+                  onChange={(val) => setFileContent(val)}
+                />
+              ) : (
+                <Editor
+                  height="98%"
+                  language={getLanguage(selectedFileExtension)}
+                  value={fileContent}
+                  editorDidMount={handleEditorDidMount}
+                  options={{ readOnly: ctrlPressed }}
+                  onChange={(val) => setFileContent(val)}
+                />
+              )}
+              <p
+                style={{
+                  position: 'absolute',
+                  left: 0,
+                  right: 0,
+                  bottom: -10,
+                  textAlign: 'center',
+                  fontSize: '13px'
+                }}
+              >
+                Press CTRL + ENTER to run code
+              </p>
+            </Paper>
+          </StyledTabPanel>
+          <StyledTabPanel value="log">
+            <div>
+              <h2>Log</h2>
+              <pre id="log" style={{ overflow: 'auto', height: '75vh' }}>
+                {log}
+              </pre>
+            </div>
+          </StyledTabPanel>
+          <StyledTabPanel value="webout">
+            <div>
+              <pre>{webout}</pre>
+            </div>
+          </StyledTabPanel>
+        </TabContext>
+      )}
+      <Modal
+        open={openModal}
+        setOpen={setOpenModal}
+        title={modalTitle}
+        payload={modalPayload}
+      />
+      <BootstrapSnackbar
+        open={openSnackbar}
+        setOpen={setOpenSnackbar}
+        message={snackbarMessage}
+        severity={snackbarSeverity}
+      />
+      <FilePathInputModal
+        open={openFilePathInputModal}
+        setOpen={setOpenFilePathInputModal}
+        saveFile={handleFilePathInput}
+      />
+    </Box>
+  )
+}
+
+export default SASjsEditor
+
+type RunMenuProps = {
+  selectedFilePath: string
+  fileContent: string
+  prevFileContent: string
+  selectedRunTime: string
+  runTimes: string[]
+  handleChangeRunTime: (event: SelectChangeEvent) => void
+  handleRunBtnClick: () => void
+}
+
+const RunMenu = ({
+  selectedFilePath,
+  fileContent,
+  prevFileContent,
+  selectedRunTime,
+  runTimes,
+  handleChangeRunTime,
+  handleRunBtnClick
+}: RunMenuProps) => {
+  const launchProgram = () => {
+    window.open(`${baseUrl}/SASjsApi/stp/execute?_program=${selectedFilePath}`)
+  }
+
+  return (
+    <>
+      <Tooltip title="CTRL+ENTER will also run code">
+        <Button
+          onClick={handleRunBtnClick}
+          sx={{
+            display: 'flex',
+            alignItems: 'center',
+            padding: '5px 5px',
+            minWidth: 'unset'
+          }}
+        >
+          <img
+            alt=""
+            draggable="false"
+            style={{ width: '25px' }}
+            src="/running-sas.png"
+          ></img>
+          <span style={{ fontSize: '12px' }}>RUN</span>
+        </Button>
+      </Tooltip>
+      {selectedFilePath ? (
+        <Box sx={{ marginLeft: '10px' }}>
+          <Tooltip
+            title={
+              fileContent !== prevFileContent
+                ? 'Save file before launching program'
+                : 'Launch program in new window'
+            }
+          >
+            <span>
+              <IconButton
+                disabled={fileContent !== prevFileContent}
+                onClick={launchProgram}
+              >
+                <RocketLaunch />
+              </IconButton>
+            </span>
+          </Tooltip>
+        </Box>
+      ) : (
+        <Box sx={{ minWidth: '75px', marginLeft: '10px' }}>
+          <FormControl variant="standard">
+            <Select
+              labelId="run-time-select-label"
+              id="run-time-select"
+              value={selectedRunTime}
+              onChange={handleChangeRunTime}
+            >
+              {runTimes.map((runTime) => (
+                <MenuItem key={runTime} value={runTime}>
+                  {runTime}
+                </MenuItem>
+              ))}
+            </Select>
+          </FormControl>
+        </Box>
+      )}
+    </>
+  )
+}
+
+type FileMenuProps = {
+  showDiff: boolean
+  setShowDiff: React.Dispatch<React.SetStateAction<boolean>>
+  prevFileContent: string
+  currentFileContent: string
+  selectedFilePath: string
+  setOpenFilePathInputModal: React.Dispatch<React.SetStateAction<boolean>>
+  saveFile: () => void
+}
+
+const FileMenu = ({
+  showDiff,
+  setShowDiff,
+  prevFileContent,
+  currentFileContent,
+  selectedFilePath,
+  setOpenFilePathInputModal,
+  saveFile
+}: FileMenuProps) => {
+  const [anchorEl, setAnchorEl] = useState<
+    (EventTarget & HTMLButtonElement) | null
+  >(null)
+
+  const handleMenu = (
+    event?: React.MouseEvent<HTMLButtonElement, MouseEvent>
+  ) => {
+    if (event) setAnchorEl(event.currentTarget)
+    else setAnchorEl(null)
+  }
+
+  const handleDiffBtnClick = () => {
+    setAnchorEl(null)
+    setShowDiff(!showDiff)
+  }
+
+  const handleSaveAsBtnClick = () => {
+    setAnchorEl(null)
+    setOpenFilePathInputModal(true)
+  }
+
+  const handleSaveBtnClick = () => {
+    setAnchorEl(null)
+    saveFile()
+  }
+
+  return (
+    <>
+      <Tooltip title="Save File Menu">
+        <IconButton onClick={handleMenu}>
+          <MoreVert />
+        </IconButton>
+      </Tooltip>
+      <Menu
+        id="save-file-menu"
+        anchorEl={anchorEl}
+        anchorOrigin={{
+          vertical: 'bottom',
+          horizontal: 'center'
+        }}
+        keepMounted
+        transformOrigin={{
+          vertical: 'top',
+          horizontal: 'center'
+        }}
+        open={!!anchorEl}
+        onClose={() => handleMenu()}
+      >
+        <MenuItem sx={{ justifyContent: 'center' }}>
+          <Button
+            onClick={handleDiffBtnClick}
+            variant="contained"
+            color="primary"
+            startIcon={showDiff ? <Edit /> : <Difference />}
+          >
+            {showDiff ? 'Edit' : 'Diff'}
+          </Button>
+        </MenuItem>
+        <MenuItem sx={{ justifyContent: 'center' }}>
+          <Button
+            onClick={handleSaveBtnClick}
+            variant="contained"
+            color="primary"
+            startIcon={<Save />}
+            disabled={
+              !selectedFilePath || prevFileContent === currentFileContent
+            }
+          >
+            Save
+          </Button>
+        </MenuItem>
+        <MenuItem sx={{ justifyContent: 'center' }}>
+          <Button
+            onClick={handleSaveAsBtnClick}
+            variant="contained"
+            color="primary"
+            startIcon={<SaveAs />}
+          >
+            Save As
+          </Button>
+        </MenuItem>
+      </Menu>
+    </>
+  )
+}
+
+const getLanguage = (extension: string) => {
+  if (extension === 'js') return 'javascript'
+
+  if (extension === 'ts') return 'typescript'
+
+  if (extension === 'md' || extension === 'mdx') return 'markdown'
+
+  return extension
+}