1
0
mirror of https://github.com/Unleash/unleash.git synced 2024-11-01 19:07:38 +01:00
Commit Graph

41 Commits

Author SHA1 Message Date
Christopher Kolstad
21b4ada577
feat: multiple project roles (#4512)
https://linear.app/unleash/issue/2-1128/change-the-api-to-support-adding-multiple-roles-to-a-usergroup-on-a

https://linear.app/unleash/issue/2-1125/be-able-to-fetch-all-roles-for-a-user-in-a-project

https://linear.app/unleash/issue/2-1127/adapt-the-ui-to-be-able-to-do-a-multi-select-on-role-permissions-for

- Allows assigning project roles to groups with root roles
- Implements new methods that support assigning, editing, removing and
retrieving multiple project roles in project access, along with other
auxiliary methods
- Adds new events for updating and removing assigned roles
- Adapts `useProjectApi` to new methods that use new endpoints that
support multiple roles
- Adds the `multipleRoles` feature flag that controls the possibility of
selecting multiple roles on the UI
- Adapts `ProjectAccessAssign` to support multiple role, using the new
methods
- Adds a new `MultipleRoleSelect` component that allows you to select
multiple roles based on the `RoleSelect` component
- Adapts the `RoleCell` component to support either a single role or
multiple roles
- Updates the `access.spec.ts` Cypress e2e test to reflect our new logic
- Updates `access-service.e2e.test.ts` with tests covering the multiple
roles logic and covering some corner cases
- Updates `project-service.e2e.test.ts` to adapt to the new logic,
adding a test that covers adding access with `[roles], [groups],
[users]`
- Misc refactors and boy scouting


![image](https://github.com/Unleash/unleash/assets/14320932/d1cc7626-9387-4ab8-9860-cd293a0d4f62)

---------

Co-authored-by: David Leek <david@getunleash.io>
Co-authored-by: Mateusz Kwasniewski <kwasniewski.mateusz@gmail.com>
Co-authored-by: Nuno Góis <github@nunogois.com>
2023-08-25 09:31:37 +01:00
David Leek
76d3cc59cf
feat: add usage info to project role deletion dialog (#4464)
## About the changes
<!-- Describe the changes introduced. What are they and why are they
being introduced? Feel free to also add screenshots or steps to view the
changes if they're visual. -->

Adds projects user and group -usage information to the dialog shown when
user wants to delete a project role

<img width="670" alt="Skjermbilde 2023-08-10 kl 08 28 40"
src="https://github.com/Unleash/unleash/assets/707867/a1df961b-2d0f-419d-b9bf-fedef896a84e">

---------

Co-authored-by: Nuno Góis <github@nunogois.com>
2023-08-17 09:43:43 +02:00
Nuno Góis
ded33a6d81
chore: remove customRootRoles flag in favor of killswitch (#4431)
https://linear.app/unleash/issue/2-1303/adapt-existing-customrootroles-flag-to-a-customrootroleskillswitch

Removes the existing `customRootRoles` flag in favor of a
`customRootRolesKillSwitch` which should follow the same logic but
negated/inverted.

Once released, this will effectively make custom root roles GA, and we
can use
[customRootRolesKillSwitch](https://app.unleash-hosted.com/hosted/projects/eg/features/customRootRolesKillSwitch)
to disable the feature if needed.
2023-08-10 13:11:55 +01:00
David Leek
57c448c197
fix: deletion validation didnt account for groups (#4441)
<!-- Thanks for creating a PR! To make it easier for reviewers and
everyone else to understand what your changes relate to, please add some
relevant content to the headings below. Feel free to ignore or delete
sections that you don't think are relevant. Thank you! ❤️ -->

## About the changes
<!-- Describe the changes introduced. What are they and why are they
being introduced? Feel free to also add screenshots or steps to view the
changes if they're visual. -->

Fixes an issue where project role deletion validation didn't validate
against project roles being connected to groups
2023-08-08 13:45:19 +02:00
Gastón Fournier
4cedb00e04
fix: fetching user root roles include custom ones (#4068)
## About the changes
`getUserRootRoles` should also consider custom root roles

This introduces test cases that unveiled a dependency between stores
(this happens actually at the DB layer having access-service access
tables from two different stores but skipping the store layer).


https://linear.app/unleash/issue/2-1161/a-user-with-custom-root-role-and-permission-to-create-client-api

---------

Co-authored-by: Nuno Góis <github@nunogois.com>
2023-06-22 14:42:01 +00:00
Nuno Góis
7e9069e390
refactor: token permissions, drop admin-like permissions (#4050)
https://linear.app/unleash/issue/2-1155/refactor-permissions

- Our `rbac-middleware` now supports multiple OR permissions;
- Drops non-specific permissions (e.g. CRUD API token permissions
without specifying the token type);
- Makes our permission descriptions consistent;
- Drops our higher-level permissions that basically mean ADMIN (e.g.
ADMIN token permissions) in favor of `ADMIN` permission in order to
avoid privilege escalations;

This PR may help with
https://linear.app/unleash/issue/2-1144/discover-potential-privilege-escalations
as it may prevent privilege escalations altogether.

There's some UI permission logic around this, but in the future
https://linear.app/unleash/issue/2-1156/adapt-api-tokens-creation-ui-to-new-permissions
could take it a bit further by adapting the creation of tokens as well.

---------

Co-authored-by: Gastón Fournier <gaston@getunleash.io>
2023-06-22 08:35:54 +01:00
Christopher Kolstad
3acb116ab2
feat: Separate api token roles (#4019)
## What
As part of the move to enable custom-root-roles, our permissions model
was found to not be granular enough to allow service accounts to only be
allowed to create read-only tokens (client, frontend), but not be
allowed to create admin tokens to avoid opening up a path for privilege
escalation.

## How
This PR adds 12 new roles, a CRUD set for each of the three token types
(admin, client, frontend). To access the `/api/admin/api-tokens`
endpoints you will still need the existing permission (CREATE_API_TOKEN,
DELETE_API_TOKEN, READ_API_TOKEN, UPDATE_API_TOKEN). Once this PR has
been merged the token type you're modifying will also be checked, so if
you're trying to create a CLIENT api-token, you will need
`CREATE_API_TOKEN` and `CREATE_CLIENT_API_TOKEN` permissions. If the
user performing the create call does not have these two permissions or
the `ADMIN` permission, the creation will be rejected with a `403 -
FORBIDDEN` status.


### Discussion points
The test suite tests all operations using a token with
operation_CLIENT_API_TOKEN permission and verifies that it fails trying
to do any of the operations against FRONTEND and ADMIN tokens. During
development the operation_FRONTEND_API_TOKEN and
operation_ADMIN_API_TOKEN permission has also been tested in the same
way. I wonder if it's worth it to re-add these tests in order to verify
that the permission checker works for all operations, or if this is
enough. Since we're running them using e2e tests, I've removed them for
now, to avoid hogging too much processing time.
2023-06-20 14:21:14 +02:00
Nuno Góis
bb026c0ba1
feat: custom root roles (#3975)
## About the changes
Implements custom root roles, encompassing a lot of different areas of
the project, and slightly refactoring the current roles logic. It
includes quite a clean up.

This feature itself is behind a flag: `customRootRoles`

This feature covers root roles in:
 - Users;
 - Service Accounts;
 - Groups;

Apologies in advance. I may have gotten a bit carried away 🙈 

### Roles

We now have a new admin tab called "Roles" where we can see all root
roles and manage custom ones. We are not allowed to edit or remove
*predefined* roles.

![image](https://github.com/Unleash/unleash/assets/14320932/1ad8695c-8c3f-440d-ac32-39746720d588)
This meant slightly pushing away the existing roles to `project-roles`
instead. One idea we want to explore in the future is to unify both
types of roles in the UI instead of having 2 separate tabs. This
includes modernizing project roles to fit more into our current design
and decisions.

Hovering the permissions cell expands detailed information about the
role:

![image](https://github.com/Unleash/unleash/assets/14320932/81c4aae7-8b4d-4cb4-92d1-8f1bc3ef1f2a)

### Create and edit role

Here's how the role form looks like (create / edit):

![image](https://github.com/Unleash/unleash/assets/14320932/85baec29-bb10-48c5-a207-b3e9a8de838a)
Here I categorized permissions so it's easier to visualize and manage
from a UX perspective.

I'm using the same endpoint as before. I tried to unify the logic and
get rid of the `projectRole` specific hooks. What distinguishes custom
root roles from custom project roles is the extra `root-custom` type we
see on the payload. By default we assume `custom` (custom project role)
instead, which should help in terms of backwards compatibility.

### Delete role

When we delete a custom role we try to help the end user make an
informed decision by listing all the entities which currently use this
custom root role:

![image](https://github.com/Unleash/unleash/assets/14320932/352ed529-76be-47a8-88da-5e924fb191d4)
~~As mentioned in the screenshot, when deleting a custom role, we demote
all entities associated with it to the predefined `Viewer` role.~~
**EDIT**: Apparently we currently block this from the API
(access-service deleteRole) with a message:

![image](https://github.com/Unleash/unleash/assets/14320932/82a8e50f-8dc5-4c18-a2ba-54e2ae91b91c)
What should the correct behavior be?

### Role selector

I added a new easy-to-use role selector component that is present in:
 - Users 

![image](https://github.com/Unleash/unleash/assets/14320932/76953139-7fb6-437e-b3fa-ace1d9187674)
 - Service Accounts

![image](https://github.com/Unleash/unleash/assets/14320932/2b80bd55-9abb-4883-b715-15650ae752ea)
- Groups

![image](https://github.com/Unleash/unleash/assets/14320932/ab438f7c-2245-4779-b157-2da1689fe402)

### Role description

I also added a new role description component that you can see below the
dropdown in the selector component, but it's also used to better
describe each role in the respective tables:

![image](https://github.com/Unleash/unleash/assets/14320932/a3eecac1-2a34-4500-a68c-e3f62ebfa782)

I'm not listing all the permissions of predefined roles. Those simply
show the description in the tooltip:

![image](https://github.com/Unleash/unleash/assets/14320932/7e5b2948-45f0-4472-8311-bf533409ba6c)

### Role badge

Groups is a bit different, since it uses a list of cards, so I added yet
another component - Role badge:

![image](https://github.com/Unleash/unleash/assets/14320932/1d62c3db-072a-4c97-b86f-1d8ebdd3523e)

I'm using this same component on the profile tab:

![image](https://github.com/Unleash/unleash/assets/14320932/214272db-a828-444e-8846-4f39b9456bc6)

## Discussion points
- Are we being defensive enough with the use of the flag? Should we
cover more?
 - Are we breaking backwards compatibility in any way?
 - What should we do when removing a role? Block or demote?
- Maybe some existing permission-related issues will surface with this
change: Are we being specific enough with our permissions? A lot of
places are simply checking for `ADMIN`;
- We may want to get rid of the API roles coupling we have with the
users and SAs and instead use the new hooks (e.g. `useRoles`)
explicitly;
 - We should update the docs;
- Maybe we could allow the user to add a custom role directly from the
role selector component;

---------

Co-authored-by: Gastón Fournier <gaston@getunleash.io>
2023-06-14 14:40:40 +01:00
Mateusz Kwasniewski
ab913228ca
refactor: read model for change request access checking (#3380) 2023-03-24 14:31:43 +01:00
Mateusz Kwasniewski
d9e3ff9cd4
refactor: move project membership check from access to project (#3322) 2023-03-15 14:44:08 +01:00
Mateusz Kwasniewski
7753082660
feat: expose project members (#3310) 2023-03-14 16:27:57 +01:00
Mateusz Kwasniewski
ee20737e4a
refactor: make permission check type less demanding (#3214) 2023-02-28 14:48:27 +01:00
Nuno Góis
7d73d772df
feat: add the account abstraction logic (#2918)
https://linear.app/unleash/issue/2-579/improve-user-like-behaviour-for-service-accounts-accounts-concept

Builds on top of https://github.com/Unleash/unleash/pull/2917 by moving
the responsibility of handling both account types from `users` to
`accounts`.

Ideally:
 - `users` - Should only handle users;
 - `service-accounts` - Should only handle service accounts;
 - `accounts` - Should handle any type of account;

This should hopefully also provide a good building block in case we
later decide to refactor this further down the `accounts` path.
2023-01-18 16:08:07 +00:00
sjaanus
b071de6742
Add possibility to soft delete users (#2497)
Previously we hard deleted the users, but due to change requests and
possibly other features in future, we really want to hard-link user
table and have meaningful relationships.

But this means, when user is deleted, all linked data is also deleted.
**Workaround is to soft delete users and just clear users data and keep
the relationships alive for audit logs.**

This PR implements this feature.
2022-11-23 09:30:54 +02:00
sjaanus
131ebb931a
Permission guards in existing endpoints interacting with feature toggle configuration (#2418)
This PR adds permission guards for operations.

1. Toggling feature flag
2. Adding a strategy
3. Updating a strategy
4. Deleting a strategy
2022-11-14 15:05:26 +02:00
sjaanus
ddc759ac63
Add some extra fields for profile (#2119)
First version
2022-09-30 14:36:45 +03:00
Gastón Fournier
d91b91b56f
chore: type improvements (#1941)
Simplify the type to its minimum so it matches the API spec
2022-08-19 10:28:53 +02:00
sighphyre
5806b6748f
Feat/grouping (#1845)
* Implement user grouping feature for permissions

Co-authored-by: Thomas Heartman <thomas@getunleash.ai>
Co-authored-by: Jaanus Sellin <sellinjaanus@gmail.com>
Co-authored-by: Nuno Góis <github@nunogois.com>
Co-authored-by: Thomas Heartman <thomas@getunleash.ai>
2022-07-21 16:23:56 +02:00
olav
ab75d4085e
refactor: add schemas to user admin controller (#1692)
* refactor: add schemas to user admin controller

* refactor: remove unused SessionService

* refactor: fix search query type confusion

* refactor: add schemas to user controller (#1693)

* refactor: add schemas to user controller

* refactor: fix getAllUserSplashes method name

* refactor: name and email should not be required on create

* refactor: only some user fields may be updated

* refactor: should not require any fields on user update  (#1730)

* refactor: send 400 instead of 500 on missing username and email

* refactor: should not require any fields for user update

* refactor: note that earlier versions required name or email

* refactor: merge roleDescriptionSchema and roleSchema
2022-06-22 14:55:43 +02:00
Dennis Szczepanski
7ead887147
fix: Issue #1444 - API import with drop=true deletes existing client keys (#1668)
* fix: Does not delete api_tokens on drop-Import

* feat: Cleans unused apiTokens on environment import

* refactor: Moves ALL_PROJECTS and ALL_ENVIRONMENTS to constants

* refactor: Renames migration 20220528143630 for a more precise name

* refactor: Removes unecessary console.log

* fix: Adds correct down-script for migration 20220528143630
2022-06-09 15:56:13 +01:00
olav
9f7d878422
fix: add missing awaits (#1472)
* refactor: silence expected console.error call

* fix: add missing access service awaits

* fix: add missing constraint validation await
2022-04-01 11:10:21 +02:00
Ivar Conradi Østhus
8364c3b396 fix: add method to change role for project memeber 2022-03-03 08:52:44 +01:00
sighphyre
bfcad65cdc fix: Prevent deletion of built in roles 2022-01-14 10:30:34 +02:00
sighphyre
0c78980502
feat: custom project roles (#1220)
* wip: environment for permissions

* fix: add migration for roles

* fix: connect environment with access service

* feat: add tests

* chore: Implement scaffolding for new rbac

* fix: add fake store

* feat: Add api endpoints for roles and permissions list

* feat: Add ability to provide permissions when creating a role and rename environmentName to name in the list permissions datastructure

* fix: Make project roles resolve correctly against new environments permissions structure

* fix: Patch migration to also populate permission names

* fix: Make permissions actually work with new environments

* fix: Add back to get permissions working for editor role

* fix: Removed ability to set role type through api during creation - it's now always custom

* feat: Return permissions on get role endpoint

* feat: Add in support for updating roles

* fix: Get a bunch of tests working and delete a few that make no sense anymore

* chore: A few small cleanups - remove logging and restore default on dev server config

* chore: Refactor role/access stores into more logical domains

* feat: Add in validation for roles

* feat: Patch db migration to handle old stucture

* fix: migration for project roles

* fix: patch a few broken tests

* fix: add permissions to editor

* fix: update test name

* fix: update user permission mapping

* fix: create new user

* fix: update root role test

* fix: update tests

* feat: Validation now works when updating a role

* fix: Add in very barebones down migration for rbac so that tests work

* fix: Improve responses from role resolution - getting a non existant role will throw a NotFound error

* fix: remove unused permissions

* fix: add test for connecting roles and deleting project

* fix: add test for adding a project member with a custom role

* fix: add test for changing user role

* fix: add guard for deleting role if the role is in use

* fix: alter migration

* chore: Minor code cleanups

* chore: Small code cleanups

* chore: More minor cleanups of code

* chore: Trim some dead code to make the linter happy

* feat: Schema validation for roles

* fix: setup permission for variant

* fix: remove unused import

* feat: Add cascading delete for role_permissions when deleting a role

* feat: add configuration option for disabling legacy api

* chore: update frontend to beta version

* 4.6.0-beta.0

* fix: export default project constant

* fix: update snapshot

* fix: module pattern ../../lib

* fix: move DEFAULT_PROJECT to types

* fix: remove debug logging

* fix: remove debug log state

* fix: Change permission descriptions

* fix: roles should have unique name

* fix: root roles should be connected to the default project

* fix: typo in role-schema.ts

* fix: Role permission empty string for non environment type

* feat: new permission for moving project

* fix: add event for changeProject

* fix: Removing a user from a project will now check to see if that project has an owner, rather than checking if any project has an owner

* fix: add tests for move project

* fix: Add in missing create/delete tag permissions

* fix: Removed duplicate impl caused by multiple good samaritans putting it back in!

* fix: Trim out add tag permissions, for now at least

* chore: Trim out new add and delete tag permissions - we're going with update feature instead

* chore: update frontend

* 4.6.0-beta.1

* feat: Prevent editing of built in roles

* fix: Patch an issue where permissions for variants/environments didn't match the front end

* fix: lint

Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com>
Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com>
2022-01-13 11:14:17 +01:00
Ivar Conradi Østhus
784ddf8fb3
fix: cleanup old user permissions (#1150) 2021-12-01 22:10:09 +01:00
Christopher Kolstad
1f37b0bf4b
fix: make hasPermission call handle api tokens (#1041) 2021-10-19 11:34:56 +02:00
Ivar Conradi Østhus
90962434d9
fix: Cleanup new features API with env support (#929) 2021-09-13 10:23:57 +02:00
Ivar Conradi Østhus
8cbf378286
feat: sync fields when logging in via SSO (#916) 2021-08-23 12:11:29 +02:00
Christopher Kolstad
ff7be7696c
fix: Stores as typescript and with interfaces. (#902)
Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com>
2021-08-12 15:04:37 +02:00
Ivar Conradi Østhus
0bed8f605e
fix: regular users are not API users 2021-05-03 19:33:37 +02:00
Ivar Conradi Østhus
4b48c08e0e
fix: move permission to types 2021-05-02 20:58:02 +02:00
Ivar Conradi Østhus
0efc238fdb
fix: define root role by setting the name of the role (#823) 2021-04-30 13:25:24 +02:00
Ivar Conradi Østhus
b4b524a11b
feat: add option for LOG_LEVEL (#803) 2021-04-23 15:31:12 +02:00
Ivar Conradi Østhus
d021f4ebc5
fix: lint 2021-04-23 12:55:11 +02:00
Ivar Conradi Østhus
709d12a1dc
fix: hasPermission should not throw 2021-04-23 12:52:29 +02:00
Ivar Conradi Østhus
b0e6d8c363
fix: User should require a ID field set (#799) 2021-04-22 23:40:52 +02:00
Christopher Kolstad
240c6a77a1
Feat/options need types (#794)
feat: options are now typed

- This makes it easier to know what to send to unleash.start / unleash.create
- Using a Partial to instantiate the config, then melding it with defaults to get a config object with all fields set either to their defaults or to whatever is passed in.


Co-authored-by: Fredrik Strand Oseberg <fredrik.no@gmail.com>
Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com>
2021-04-22 10:07:10 +02:00
Ivar Conradi Østhus
23ea21babf
fix: rename rbac roles. (#788)
* fix: rename rbac roles.

Root-roles:
- Admin
- Editor
- Viewer

Project roles:
- Owner
- Member

* Update src/lib/services/access-service.ts

* Update src/migrations/20210415173116-rbac-rename-roles.js

Co-authored-by: Christopher Kolstad <chriswk@getunleash.ai>
2021-04-16 10:45:15 +02:00
Ivar Conradi Østhus
9e7d2f845a
fix: migrate all permissions to rbac (#782)
* fix: migrate all permissions to rbac
* fix: update migration guide

fixes #782
2021-04-12 20:25:03 +02:00
Ivar Conradi Østhus
9bd425c193
feat: Add username/password authentication (#777) 2021-04-09 13:46:53 +02:00
Ivar Conradi Østhus
e1fbe9d013
feat: Default roles and RBAC permission checker. (#735)
This PR Introduces first steps towards RBAC according to our specifications. Rbac will assume users to exist in the Unleash user table with a unique id. This is required to make correct mappings between users and roles.
2021-03-11 22:51:58 +01:00