diff --git a/src/lib/app.ts b/src/lib/app.ts index 61c64de0da..580e2b9d00 100644 --- a/src/lib/app.ts +++ b/src/lib/app.ts @@ -29,7 +29,6 @@ import maintenanceMiddleware from './middleware/maintenance-middleware'; import { unless } from './middleware/unless-middleware'; import { catchAllErrorHandler } from './middleware/catch-all-error-handler'; import NotFoundError from './error/notfound-error'; -import privateProjectMiddleware from './features/private-project/privateProjectMiddleware'; export default async function getApp( config: IUnleashConfig, @@ -158,8 +157,6 @@ export default async function getApp( } } - app.use(baseUriPath, privateProjectMiddleware(config, services)); - app.use( baseUriPath, rbacMiddleware(config, stores, services.accessService), diff --git a/src/lib/features/private-project/privateProjectMiddleware.ts b/src/lib/features/private-project/privateProjectMiddleware.ts deleted file mode 100644 index ad99f704d7..0000000000 --- a/src/lib/features/private-project/privateProjectMiddleware.ts +++ /dev/null @@ -1,39 +0,0 @@ -import { IUnleashConfig, IUnleashServices } from '../../types'; -import { findParam } from '../../middleware'; -import { NextFunction, Response } from 'express'; - -const privateProjectMiddleware = ( - { - getLogger, - flagResolver, - }: Pick, - { accessService, privateProjectChecker }: IUnleashServices, -): any => { - const logger = getLogger('/middleware/project-middleware.ts'); - logger.debug('Enabling private project middleware'); - - if (!flagResolver.isEnabled('privateProjects')) { - return (req, res, next) => next(); - } - - return async (req, res: Response, next: NextFunction) => { - req.checkPrivateProjectPermissions = async () => { - const { user } = req; - - let projectId = - findParam('projectId', req) || findParam('project', req); - - if (projectId === undefined) { - return true; - } - const permissions = await accessService.getPermissionsForUser(user); - return ( - permissions.map((p) => p.permission).includes('ADMIN') || - privateProjectChecker.hasAccessToProject(user.id, projectId) - ); - }; - next(); - }; -}; - -export default privateProjectMiddleware; diff --git a/src/lib/features/private-project/privateProjectStore.ts b/src/lib/features/private-project/privateProjectStore.ts index 6c1efc24b3..0a3be0b48a 100644 --- a/src/lib/features/private-project/privateProjectStore.ts +++ b/src/lib/features/private-project/privateProjectStore.ts @@ -2,6 +2,8 @@ import { Db } from '../../db/db'; import { Logger, LogProvider } from '../../logger'; import { IPrivateProjectStore } from './privateProjectStoreType'; +const ADMIN_TOKEN_ID = -1; + class PrivateProjectStore implements IPrivateProjectStore { private db: Db; @@ -15,26 +17,28 @@ class PrivateProjectStore implements IPrivateProjectStore { destroy(): void {} async getUserAccessibleProjects(userId: number): Promise { - const isNotViewer = await this.db('role_user') + if (userId === ADMIN_TOKEN_ID) { + const allProjects = await this.db('projects').pluck('id'); + return allProjects; + } + const isViewer = await this.db('role_user') .join('roles', 'role_user.role_id', 'roles.id') .where('role_user.user_id', userId) - .andWhere((db) => { - db.whereNot({ - 'roles.name': 'Viewer', - 'roles.type': 'root', - }); + .andWhere({ + 'roles.name': 'Viewer', + 'roles.type': 'root', }) .count('*') .first(); - if (isNotViewer && isNotViewer.count > 0) { + if (!isViewer || isViewer.count == 0) { const allProjects = await this.db('projects').pluck('id'); return allProjects; } const accessibleProjects = await this.db .from((db) => { - db.distinct('accessible_projects.project_id') + db.distinct() .select('projects.id as project_id') .from('projects') .leftJoin( @@ -82,7 +86,8 @@ class PrivateProjectStore implements IPrivateProjectStore { }) .as('accessible_projects'); }) - .select('*'); + .select('*') + .pluck('project_id'); return accessibleProjects; }