Mirrors/unleash.unleash
1
0
Fork 0
mirror of https://github.com/Unleash/unleash.git synced 2025-10-27 11:02:16 +01:00
Code Issues Projects Releases Wiki Activity

feat: Return permissions on get role endpoint

Browse Source
This commit is contained in:
sighphyre 2021-12-17 12:49:53 +02:00 committed by Ivar Conradi Østhus
parent 8babe8cadf
commit f8550790c5
No known key found for this signature in database
GPG Key ID: 31AC596886B0BD09
9 changed files with 79 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
src/lib/db/access-store.ts
View File

@ -163,14 +163,27 @@ export class AccessStore implements IAccessStore {
return rows;
}
async getPermissionsForRole(roleId: number): Promise<IUserPermission[]> {
async getPermissionsForRole(roleId: number): Promise<IPermission[]> {
const stopTimer = this.timer('getPermissionsForRole');
const rows = await this.db
.select('project', 'permission', 'environment')
.from<IUserPermission>(`${T.ROLE_PERMISSION}`)
.where('role_id', '=', roleId);
.select('p.id', 'p.permission', 'p.environment', 'pt.display_name')
.from<IPermission>(`${T.ROLE_PERMISSION} as rp`)
.join(`${T.PERMISSIONS} as p`, 'p.id', 'rp.permission_id')
.join(
`${T.PERMISSION_TYPES} as pt`,
'pt.permission',
'p.permission',
)
.where('rp.role_id', '=', roleId);
stopTimer();
return rows;
return rows.map((permission) => {
return {
id: permission.id,
name: permission.permission,
environment: permission.environment,
displayName: permission.display_name,
};
});
}
async getRoles(): Promise<IRole[]> {
@ -338,6 +351,13 @@ export class AccessStore implements IAccessStore {
`SELECT id FROM ${T.PERMISSIONS} where environment = ? and permission = ANY(?)`,
[environment, permissions],
);
console.log(
'Adding permissions to table',
role_id,
permissions,
environment,
);
const ids = result.rows.map((x) => x.id);
const rows = ids.map((permission_id) => ({
@ -345,19 +365,29 @@ export class AccessStore implements IAccessStore {
permission_id,
}));
console.log('Final inssert', rows);
return this.db.batchInsert(T.ROLE_PERMISSION, rows);
}
async removePermissionFromRole(
roleId: number,
role_id: number,
permission: string,
projectId?: string,
environment?: string,
): Promise<void> {
const result = await this.db.raw(
`SELECT id FROM ${T.PERMISSIONS} where environment = ? and permission = ?`,
[environment, permission],
);
console.log('Gett results for ', environment, permission);
console.log('My result is', result);
const permissionId = result.first();
return this.db(T.ROLE_PERMISSION)
.where({
role_id: roleId,
permission,
project: projectId,
role_id,
permissionId,
})
.delete();
}

6
src/lib/db/role-store.ts
View File

@ -6,13 +6,13 @@ import { ICustomRole } from 'lib/types/model';
import { ICustomRoleInsert } from 'lib/types/stores/role-store';
const TABLE = 'roles';
const COLUMNS = ['id', 'name', 'description', 'created_at'];
const COLUMNS = ['id', 'name', 'description', 'type'];
interface IRoleRow {
id: number;
name: string;
description: string;
created_at: Date;
type: string;
}
export default class RoleStore {
@ -79,7 +79,7 @@ export default class RoleStore {
id: row.id,
name: row.name,
description: row.description,
createdAt: row.created_at,
type: row.type,
};
}

10
src/lib/services/access-service.ts
View File

@ -198,14 +198,18 @@ export class AccessService {
async addPermissionToRole(
roleId: number,
permission: string,
projectId?: string,
environment?: string,
): Promise<void> {
if (isProjectPermission(permission) && !projectId) {
if (isProjectPermission(permission) && !environment) {
throw new Error(
`ProjectId cannot be empty for permission=${permission}`,
);
}
return this.store.addPermissionsToRole(roleId, [permission], projectId);
return this.store.addPermissionsToRole(
roleId,
[permission],
environment,
);
}
async removePermissionFromRole(

16
src/lib/services/role-service.ts
View File

@ -1,7 +1,10 @@
import { IUnleashConfig } from 'lib/server-impl';
import { IUnleashStores } from 'lib/types';
import { ICustomRole, IPermission } from 'lib/types/model';
import { IAccessStore } from 'lib/types/stores/access-store';
import {
IAccessStore,
IRoleWithPermissions,
} from 'lib/types/stores/access-store';
import { IRoleStore } from 'lib/types/stores/role-store';
import { Logger } from '../logger';
@ -34,8 +37,15 @@ export default class RoleService {
return this.store.getAll();
}
async get(id: number): Promise<ICustomRole> {
return this.store.get(id);
async get(id: number): Promise<IRoleWithPermissions> {
const role = await this.store.get(id);
const permissions = await this.accessStore.getPermissionsForRole(
role.id,
);
return {
...role,
permissions,
};
}
async create(role: IRoleCreation): Promise<ICustomRole> {

7
src/lib/types/model.ts
View File

@ -1,6 +1,6 @@
import { ITagType } from './stores/tag-type-store';
import { LogProvider } from '../logger';
import { IRole, IUserPermission } from './stores/access-store';
import { IRole } from './stores/access-store';
import { IUser } from './user';
export interface IConstraint {
@ -212,7 +212,7 @@ export interface IUserWithRole {
export interface IRoleData {
role: IRole;
users: IUser[];
permissions: IUserPermission[];
permissions: IPermission[];
}
export interface IAvailablePermissions {
@ -224,6 +224,7 @@ export interface IPermission {
id: number;
name: string;
displayName: string;
environment?: string;
}
export interface IEnvironmentPermission {
@ -328,7 +329,7 @@ export interface ICustomRole {
id: number;
name: string;
description: string;
createdAt: Date;
type: string;
}
export interface IProjectWithCount extends IProject {

6
src/lib/types/stores/access-store.ts
View File

@ -14,6 +14,10 @@ export interface IRole {
type: string;
}
export interface IRoleWithPermissions extends IRole {
permissions: IPermission[];
}
export interface IRoleDescriptor {
name: string;
description?: string;
@ -28,7 +32,7 @@ export interface IAccessStore extends Store<IRole, number> {
getRoleByName(name: string): Promise<IRole>;
getAvailablePermissions(): Promise<IAvailablePermissions>;
getPermissionsForUser(userId: number): Promise<IUserPermission[]>;
getPermissionsForRole(roleId: number): Promise<IUserPermission[]>;
getPermissionsForRole(roleId: number): Promise<IPermission[]>;
getRoles(): Promise<IRole[]>;
getRolesForProject(projectId: string): Promise<IRole[]>;
unlinkUserRoles(userId: number): Promise<void>;

5
src/test/e2e/services/access-service.e2e.test.ts
View File

@ -4,6 +4,7 @@ import getLogger from '../../fixtures/no-logger';
// eslint-disable-next-line import/no-unresolved
import {
AccessService,
ALL_ENVS,
ALL_PROJECTS,
} from '../../../lib/services/access-service';
@ -177,13 +178,13 @@ test('should remove CREATE_FEATURE on all projects', async () => {
await accessService.addPermissionToRole(
editorRole.id,
permissions.CREATE_FEATURE,
ALL_PROJECTS,
ALL_ENVS,
);
await accessService.removePermissionFromRole(
editorRole.id,
permissions.CREATE_FEATURE,
ALL_PROJECTS,
ALL_ENVS,
);
expect(

2
src/test/fixtures/fake-access-store.ts vendored
View File

@ -54,7 +54,7 @@ class AccessStoreMock implements IAccessStore {
return Promise.resolve([]);
}
getPermissionsForRole(roleId: number): Promise<IUserPermission[]> {
getPermissionsForRole(roleId: number): Promise<IPermission[]> {
throw new Error('Method not implemented.');
}

6
src/test/fixtures/fake-role-store.ts vendored
View File

@ -12,7 +12,7 @@ export default class FakeRoleStore implements IRoleStore {
id: 1,
name: 'Role',
description: 'Hello',
createdAt: new Date(),
type: 'custom',
});
}
@ -22,7 +22,7 @@ export default class FakeRoleStore implements IRoleStore {
id: 1,
name: 'Role',
description: 'Hello',
createdAt: new Date(),
type: 'custom',
},
]);
}
@ -36,7 +36,7 @@ export default class FakeRoleStore implements IRoleStore {
id: 1,
name: 'Role',
description: 'Hello',
createdAt: new Date(),
type: 'custom',
});
}