1
0
mirror of https://github.com/Unleash/unleash.git synced 2024-12-22 19:07:54 +01:00

feat: move middleware to enterprise (#4767)

This commit is contained in:
Jaanus Sellin 2023-09-20 08:37:52 +03:00 committed by GitHub
parent ebc9cb20a9
commit e4577362bc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 14 additions and 51 deletions

View File

@ -29,7 +29,6 @@ import maintenanceMiddleware from './middleware/maintenance-middleware';
import { unless } from './middleware/unless-middleware';
import { catchAllErrorHandler } from './middleware/catch-all-error-handler';
import NotFoundError from './error/notfound-error';
import privateProjectMiddleware from './features/private-project/privateProjectMiddleware';
export default async function getApp(
config: IUnleashConfig,
@ -158,8 +157,6 @@ export default async function getApp(
}
}
app.use(baseUriPath, privateProjectMiddleware(config, services));
app.use(
baseUriPath,
rbacMiddleware(config, stores, services.accessService),

View File

@ -1,39 +0,0 @@
import { IUnleashConfig, IUnleashServices } from '../../types';
import { findParam } from '../../middleware';
import { NextFunction, Response } from 'express';
const privateProjectMiddleware = (
{
getLogger,
flagResolver,
}: Pick<IUnleashConfig, 'getLogger' | 'flagResolver'>,
{ accessService, privateProjectChecker }: IUnleashServices,
): any => {
const logger = getLogger('/middleware/project-middleware.ts');
logger.debug('Enabling private project middleware');
if (!flagResolver.isEnabled('privateProjects')) {
return (req, res, next) => next();
}
return async (req, res: Response, next: NextFunction) => {
req.checkPrivateProjectPermissions = async () => {
const { user } = req;
let projectId =
findParam('projectId', req) || findParam('project', req);
if (projectId === undefined) {
return true;
}
const permissions = await accessService.getPermissionsForUser(user);
return (
permissions.map((p) => p.permission).includes('ADMIN') ||
privateProjectChecker.hasAccessToProject(user.id, projectId)
);
};
next();
};
};
export default privateProjectMiddleware;

View File

@ -2,6 +2,8 @@ import { Db } from '../../db/db';
import { Logger, LogProvider } from '../../logger';
import { IPrivateProjectStore } from './privateProjectStoreType';
const ADMIN_TOKEN_ID = -1;
class PrivateProjectStore implements IPrivateProjectStore {
private db: Db;
@ -15,26 +17,28 @@ class PrivateProjectStore implements IPrivateProjectStore {
destroy(): void {}
async getUserAccessibleProjects(userId: number): Promise<string[]> {
const isNotViewer = await this.db('role_user')
if (userId === ADMIN_TOKEN_ID) {
const allProjects = await this.db('projects').pluck('id');
return allProjects;
}
const isViewer = await this.db('role_user')
.join('roles', 'role_user.role_id', 'roles.id')
.where('role_user.user_id', userId)
.andWhere((db) => {
db.whereNot({
'roles.name': 'Viewer',
'roles.type': 'root',
});
.andWhere({
'roles.name': 'Viewer',
'roles.type': 'root',
})
.count('*')
.first();
if (isNotViewer && isNotViewer.count > 0) {
if (!isViewer || isViewer.count == 0) {
const allProjects = await this.db('projects').pluck('id');
return allProjects;
}
const accessibleProjects = await this.db
.from((db) => {
db.distinct('accessible_projects.project_id')
db.distinct()
.select('projects.id as project_id')
.from('projects')
.leftJoin(
@ -82,7 +86,8 @@ class PrivateProjectStore implements IPrivateProjectStore {
})
.as('accessible_projects');
})
.select('*');
.select('*')
.pluck('project_id');
return accessibleProjects;
}