unleash.unleash/src/lib/features/private-project/privateProjectStore.ts

import type { Db } from '../../db/db';
import type { Logger, LogProvider } from '../../logger';
import type { IPrivateProjectStore } from './privateProjectStoreType';
import { ADMIN_TOKEN_USER } from '../../types';

export type ProjectAccess =
    | {
          mode: 'all';
      }
    | {
          mode: 'limited';
          projects: string[];
      };

export const ALL_PROJECT_ACCESS: ProjectAccess = {
    mode: 'all',
};

class PrivateProjectStore implements IPrivateProjectStore {
    private db: Db;

    private logger: Logger;

    constructor(db: Db, getLogger: LogProvider) {
        this.db = db;
        this.logger = getLogger('project-permission-store.ts');
    }

    destroy(): void {}

    async getUserAccessibleProjects(userId: number): Promise<ProjectAccess> {
        if (userId === ADMIN_TOKEN_USER.id) {
            return ALL_PROJECT_ACCESS;
        }
        const isViewer = await this.db('role_user')
            .join('roles', 'role_user.role_id', 'roles.id')
            .where('role_user.user_id', userId)
            .andWhere({
                'roles.name': 'Viewer',
                'roles.type': 'root',
            })
            .count('*')
            .then((res) => Number(res[0].count));

        if (isViewer === 0) {
            return ALL_PROJECT_ACCESS;
        }

        const accessibleProjects: string[] = await this.db
            .from((db) => {
                db.distinct()
                    .select('projects.id as project_id')
                    .from('projects')
                    .leftJoin(
                        'project_settings',
                        'projects.id',
                        'project_settings.project',
                    )
                    .where((builder) => {
                        builder
                            .whereNull('project_settings.project')
                            .orWhere(
                                'project_settings.project_mode',
                                '!=',
                                'private',
                            );
                    })
                    .unionAll((queryBuilder) => {
                        queryBuilder
                            .select('projects.id as project_id')
                            .from('projects')
                            .join(
                                'project_settings',
                                'projects.id',
                                'project_settings.project',
                            )
                            .where(
                                'project_settings.project_mode',
                                '=',
                                'private',
                            )
                            .whereIn('projects.id', (whereBuilder) => {
                                whereBuilder
                                    .select('role_user.project')
                                    .from('role_user')
                                    .leftJoin(
                                        'roles',
                                        'role_user.role_id',
                                        'roles.id',
                                    )
                                    .where('role_user.user_id', userId);
                            })
                            .orWhereIn('projects.id', (whereBuilder) => {
                                whereBuilder
                                    .select('group_role.project')
                                    .from('group_role')
                                    .leftJoin(
                                        'group_user',
                                        'group_user.group_id',
                                        'group_role.group_id',
                                    )
                                    .where('group_user.user_id', userId);
                            });
                    })
                    .as('accessible_projects');
            })
            .select('*')
            .pluck('project_id');

        return { mode: 'limited', projects: accessibleProjects };
    }
}

export default PrivateProjectStore;
chore: Bump biome and configure husky (#6589) Upgrades biome to 1.6.1, and updates husky pre-commit hook. Most changes here are making type imports explicit. 2024-03-18 13:58:05 +01:00			`import type { Db } from '../../db/db';`
			`import type { Logger, LogProvider } from '../../logger';`
			`import type { IPrivateProjectStore } from './privateProjectStoreType';`
fix: admin token should be passed forward from controllers (#5960) We were sending `user.id` to the service, but if an admin token is used, there is no `user.id.` Instead, there is `user.internalAdminTokenUserId`. so we need to use the special method `extractUserIdFromUser`. This PR adds this implementation, and now the service correctly retrieves the appropriate ID for admins. Related to: https://github.com/Unleash/unleash/pull/5924 2024-01-30 10:03:15 +01:00			`import { ADMIN_TOKEN_USER } from '../../types';`
feat: walking skeleton of private projects (#4753) 2023-09-15 14:52:54 +02:00
feat: optimize private projects for enterprise (#4812) 2023-09-22 10:54:33 +02:00			`export type ProjectAccess =`
			`\| {`
			`mode: 'all';`
			`}`
			`\| {`
			`mode: 'limited';`
			`projects: string[];`
			`};`

			`export const ALL_PROJECT_ACCESS: ProjectAccess = {`
			`mode: 'all',`
			`};`
feat: move middleware to enterprise (#4767) 2023-09-20 07:37:52 +02:00
feat: walking skeleton of private projects (#4753) 2023-09-15 14:52:54 +02:00			`class PrivateProjectStore implements IPrivateProjectStore {`
			`private db: Db;`

			`private logger: Logger;`

			`constructor(db: Db, getLogger: LogProvider) {`
			`this.db = db;`
			`this.logger = getLogger('project-permission-store.ts');`
			`}`

			`destroy(): void {}`

feat: optimize private projects for enterprise (#4812) 2023-09-22 10:54:33 +02:00			`async getUserAccessibleProjects(userId: number): Promise<ProjectAccess> {`
fix: admin token should be passed forward from controllers (#5960) We were sending `user.id` to the service, but if an admin token is used, there is no `user.id.` Instead, there is `user.internalAdminTokenUserId`. so we need to use the special method `extractUserIdFromUser`. This PR adds this implementation, and now the service correctly retrieves the appropriate ID for admins. Related to: https://github.com/Unleash/unleash/pull/5924 2024-01-30 10:03:15 +01:00			`if (userId === ADMIN_TOKEN_USER.id) {`
feat: optimize private projects for enterprise (#4812) 2023-09-22 10:54:33 +02:00			`return ALL_PROJECT_ACCESS;`
feat: move middleware to enterprise (#4767) 2023-09-20 07:37:52 +02:00			`}`
			`const isViewer = await this.db('role_user')`
feat: private project filtering and store implementation (#4758) 2023-09-18 10:06:26 +02:00			`.join('roles', 'role_user.role_id', 'roles.id')`
			`.where('role_user.user_id', userId)`
feat: move middleware to enterprise (#4767) 2023-09-20 07:37:52 +02:00			`.andWhere({`
			`'roles.name': 'Viewer',`
			`'roles.type': 'root',`
feat: private project filtering and store implementation (#4758) 2023-09-18 10:06:26 +02:00			`})`
			`.count('*')`
fix: private projects early exit when not root viewer (#5232) 2023-10-31 12:37:09 +01:00			`.then((res) => Number(res[0].count));`
feat: private project filtering and store implementation (#4758) 2023-09-18 10:06:26 +02:00
fix: private projects early exit when not root viewer (#5232) 2023-10-31 12:37:09 +01:00			`if (isViewer === 0) {`
feat: optimize private projects for enterprise (#4812) 2023-09-22 10:54:33 +02:00			`return ALL_PROJECT_ACCESS;`
feat: private project filtering and store implementation (#4758) 2023-09-18 10:06:26 +02:00			`}`

feat: optimize private projects for enterprise (#4812) 2023-09-22 10:54:33 +02:00			`const accessibleProjects: string[] = await this.db`
feat: walking skeleton of private projects (#4753) 2023-09-15 14:52:54 +02:00			`.from((db) => {`
feat: move middleware to enterprise (#4767) 2023-09-20 07:37:52 +02:00			`db.distinct()`
feat: private project filtering and store implementation (#4758) 2023-09-18 10:06:26 +02:00			`.select('projects.id as project_id')`
			`.from('projects')`
			`.leftJoin(`
			`'project_settings',`
			`'projects.id',`
			`'project_settings.project',`
			`)`
feat: optimize private projects for enterprise (#4812) 2023-09-22 10:54:33 +02:00			`.where((builder) => {`
			`builder`
			`.whereNull('project_settings.project')`
			`.orWhere(`
			`'project_settings.project_mode',`
			`'!=',`
			`'private',`
			`);`
			`})`
feat: private project filtering and store implementation (#4758) 2023-09-18 10:06:26 +02:00			`.unionAll((queryBuilder) => {`
feat: walking skeleton of private projects (#4753) 2023-09-15 14:52:54 +02:00			`queryBuilder`
feat: private project filtering and store implementation (#4758) 2023-09-18 10:06:26 +02:00			`.select('projects.id as project_id')`
			`.from('projects')`
			`.join(`
			`'project_settings',`
			`'projects.id',`
			`'project_settings.project',`
feat: walking skeleton of private projects (#4753) 2023-09-15 14:52:54 +02:00			`)`
feat: private project filtering and store implementation (#4758) 2023-09-18 10:06:26 +02:00			`.where(`
			`'project_settings.project_mode',`
			`'=',`
			`'private',`
			`)`
			`.whereIn('projects.id', (whereBuilder) => {`
			`whereBuilder`
			`.select('role_user.project')`
			`.from('role_user')`
			`.leftJoin(`
			`'roles',`
			`'role_user.role_id',`
			`'roles.id',`
			`)`
			`.where('role_user.user_id', userId);`
			`})`
			`.orWhereIn('projects.id', (whereBuilder) => {`
			`whereBuilder`
			`.select('group_role.project')`
			`.from('group_role')`
			`.leftJoin(`
			`'group_user',`
			`'group_user.group_id',`
			`'group_role.group_id',`
			`)`
			`.where('group_user.user_id', userId);`
			`});`
feat: walking skeleton of private projects (#4753) 2023-09-15 14:52:54 +02:00			`})`
feat: private project filtering and store implementation (#4758) 2023-09-18 10:06:26 +02:00			`.as('accessible_projects');`
feat: walking skeleton of private projects (#4753) 2023-09-15 14:52:54 +02:00			`})`
feat: move middleware to enterprise (#4767) 2023-09-20 07:37:52 +02:00			`.select('*')`
			`.pluck('project_id');`
feat: private project filtering and store implementation (#4758) 2023-09-18 10:06:26 +02:00
feat: optimize private projects for enterprise (#4812) 2023-09-22 10:54:33 +02:00			`return { mode: 'limited', projects: accessibleProjects };`
feat: walking skeleton of private projects (#4753) 2023-09-15 14:52:54 +02:00			`}`
			`}`

			`export default PrivateProjectStore;`