mirror of
https://github.com/Unleash/unleash.git
synced 2024-12-22 19:07:54 +01:00
feat: move middleware to enterprise (#4767)
This commit is contained in:
parent
ebc9cb20a9
commit
e4577362bc
@ -29,7 +29,6 @@ import maintenanceMiddleware from './middleware/maintenance-middleware';
|
||||
import { unless } from './middleware/unless-middleware';
|
||||
import { catchAllErrorHandler } from './middleware/catch-all-error-handler';
|
||||
import NotFoundError from './error/notfound-error';
|
||||
import privateProjectMiddleware from './features/private-project/privateProjectMiddleware';
|
||||
|
||||
export default async function getApp(
|
||||
config: IUnleashConfig,
|
||||
@ -158,8 +157,6 @@ export default async function getApp(
|
||||
}
|
||||
}
|
||||
|
||||
app.use(baseUriPath, privateProjectMiddleware(config, services));
|
||||
|
||||
app.use(
|
||||
baseUriPath,
|
||||
rbacMiddleware(config, stores, services.accessService),
|
||||
|
@ -1,39 +0,0 @@
|
||||
import { IUnleashConfig, IUnleashServices } from '../../types';
|
||||
import { findParam } from '../../middleware';
|
||||
import { NextFunction, Response } from 'express';
|
||||
|
||||
const privateProjectMiddleware = (
|
||||
{
|
||||
getLogger,
|
||||
flagResolver,
|
||||
}: Pick<IUnleashConfig, 'getLogger' | 'flagResolver'>,
|
||||
{ accessService, privateProjectChecker }: IUnleashServices,
|
||||
): any => {
|
||||
const logger = getLogger('/middleware/project-middleware.ts');
|
||||
logger.debug('Enabling private project middleware');
|
||||
|
||||
if (!flagResolver.isEnabled('privateProjects')) {
|
||||
return (req, res, next) => next();
|
||||
}
|
||||
|
||||
return async (req, res: Response, next: NextFunction) => {
|
||||
req.checkPrivateProjectPermissions = async () => {
|
||||
const { user } = req;
|
||||
|
||||
let projectId =
|
||||
findParam('projectId', req) || findParam('project', req);
|
||||
|
||||
if (projectId === undefined) {
|
||||
return true;
|
||||
}
|
||||
const permissions = await accessService.getPermissionsForUser(user);
|
||||
return (
|
||||
permissions.map((p) => p.permission).includes('ADMIN') ||
|
||||
privateProjectChecker.hasAccessToProject(user.id, projectId)
|
||||
);
|
||||
};
|
||||
next();
|
||||
};
|
||||
};
|
||||
|
||||
export default privateProjectMiddleware;
|
@ -2,6 +2,8 @@ import { Db } from '../../db/db';
|
||||
import { Logger, LogProvider } from '../../logger';
|
||||
import { IPrivateProjectStore } from './privateProjectStoreType';
|
||||
|
||||
const ADMIN_TOKEN_ID = -1;
|
||||
|
||||
class PrivateProjectStore implements IPrivateProjectStore {
|
||||
private db: Db;
|
||||
|
||||
@ -15,26 +17,28 @@ class PrivateProjectStore implements IPrivateProjectStore {
|
||||
destroy(): void {}
|
||||
|
||||
async getUserAccessibleProjects(userId: number): Promise<string[]> {
|
||||
const isNotViewer = await this.db('role_user')
|
||||
if (userId === ADMIN_TOKEN_ID) {
|
||||
const allProjects = await this.db('projects').pluck('id');
|
||||
return allProjects;
|
||||
}
|
||||
const isViewer = await this.db('role_user')
|
||||
.join('roles', 'role_user.role_id', 'roles.id')
|
||||
.where('role_user.user_id', userId)
|
||||
.andWhere((db) => {
|
||||
db.whereNot({
|
||||
'roles.name': 'Viewer',
|
||||
'roles.type': 'root',
|
||||
});
|
||||
.andWhere({
|
||||
'roles.name': 'Viewer',
|
||||
'roles.type': 'root',
|
||||
})
|
||||
.count('*')
|
||||
.first();
|
||||
|
||||
if (isNotViewer && isNotViewer.count > 0) {
|
||||
if (!isViewer || isViewer.count == 0) {
|
||||
const allProjects = await this.db('projects').pluck('id');
|
||||
return allProjects;
|
||||
}
|
||||
|
||||
const accessibleProjects = await this.db
|
||||
.from((db) => {
|
||||
db.distinct('accessible_projects.project_id')
|
||||
db.distinct()
|
||||
.select('projects.id as project_id')
|
||||
.from('projects')
|
||||
.leftJoin(
|
||||
@ -82,7 +86,8 @@ class PrivateProjectStore implements IPrivateProjectStore {
|
||||
})
|
||||
.as('accessible_projects');
|
||||
})
|
||||
.select('*');
|
||||
.select('*')
|
||||
.pluck('project_id');
|
||||
|
||||
return accessibleProjects;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user