Mirrors/unleash.unleash
1
0
Fork 0
mirror of https://github.com/Unleash/unleash.git synced 2024-10-18 20:09:08 +02:00
Code Issues Projects Releases Wiki Activity
8364c3b396
unleash.unleash/src/lib/db/role-store.ts
sighphyre 0c78980502
feat: custom project roles (#1220) 
* wip: environment for permissions

* fix: add migration for roles

* fix: connect environment with access service

* feat: add tests

* chore: Implement scaffolding for new rbac

* fix: add fake store

* feat: Add api endpoints for roles and permissions list

* feat: Add ability to provide permissions when creating a role and rename environmentName to name in the list permissions datastructure

* fix: Make project roles resolve correctly against new environments permissions structure

* fix: Patch migration to also populate permission names

* fix: Make permissions actually work with new environments

* fix: Add back to get permissions working for editor role

* fix: Removed ability to set role type through api during creation - it's now always custom

* feat: Return permissions on get role endpoint

* feat: Add in support for updating roles

* fix: Get a bunch of tests working and delete a few that make no sense anymore

* chore: A few small cleanups - remove logging and restore default on dev server config

* chore: Refactor role/access stores into more logical domains

* feat: Add in validation for roles

* feat: Patch db migration to handle old stucture

* fix: migration for project roles

* fix: patch a few broken tests

* fix: add permissions to editor

* fix: update test name

* fix: update user permission mapping

* fix: create new user

* fix: update root role test

* fix: update tests

* feat: Validation now works when updating a role

* fix: Add in very barebones down migration for rbac so that tests work

* fix: Improve responses from role resolution - getting a non existant role will throw a NotFound error

* fix: remove unused permissions

* fix: add test for connecting roles and deleting project

* fix: add test for adding a project member with a custom role

* fix: add test for changing user role

* fix: add guard for deleting role if the role is in use

* fix: alter migration

* chore: Minor code cleanups

* chore: Small code cleanups

* chore: More minor cleanups of code

* chore: Trim some dead code to make the linter happy

* feat: Schema validation for roles

* fix: setup permission for variant

* fix: remove unused import

* feat: Add cascading delete for role_permissions when deleting a role

* feat: add configuration option for disabling legacy api

* chore: update frontend to beta version

* 4.6.0-beta.0

* fix: export default project constant

* fix: update snapshot

* fix: module pattern ../../lib

* fix: move DEFAULT_PROJECT to types

* fix: remove debug logging

* fix: remove debug log state

* fix: Change permission descriptions

* fix: roles should have unique name

* fix: root roles should be connected to the default project

* fix: typo in role-schema.ts

* fix: Role permission empty string for non environment type

* feat: new permission for moving project

* fix: add event for changeProject

* fix: Removing a user from a project will now check to see if that project has an owner, rather than checking if any project has an owner

* fix: add tests for move project

* fix: Add in missing create/delete tag permissions

* fix: Removed duplicate impl caused by multiple good samaritans putting it back in!

* fix: Trim out add tag permissions, for now at least

* chore: Trim out new add and delete tag permissions - we're going with update feature instead

* chore: update frontend

* 4.6.0-beta.1

* feat: Prevent editing of built in roles

* fix: Patch an issue where permissions for variants/environments didn't match the front end

* fix: lint

Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com>
Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com>
2022-01-13 11:14:17 +01:00

186 lines
5.1 KiB
TypeScript
Raw Blame History

import EventEmitter from 'events';
import { Knex } from 'knex';
import { Logger, LogProvider } from '../logger';
import NotFoundError from '../error/notfound-error';
import { ICustomRole } from 'lib/types/model';
import {
ICustomRoleInsert,
ICustomRoleUpdate,
IRoleStore,
} from 'lib/types/stores/role-store';
import { IRole, IUserRole } from 'lib/types/stores/access-store';
const T = {
ROLE_USER: 'role_user',
ROLES: 'roles',
};
const COLUMNS = ['id', 'name', 'description', 'type'];
interface IRoleRow {
id: number;
name: string;
description: string;
type: string;
}
export default class RoleStore implements IRoleStore {
private logger: Logger;
private eventBus: EventEmitter;
private db: Knex;
constructor(db: Knex, eventBus: EventEmitter, getLogger: LogProvider) {
this.db = db;
this.eventBus = eventBus;
this.logger = getLogger('lib/db/role-store.ts');
}
async getAll(): Promise<ICustomRole[]> {
const rows = await this.db
.select(COLUMNS)
.from(T.ROLES)
.orderBy('name', 'asc');
return rows.map(this.mapRow);
}
async create(role: ICustomRoleInsert): Promise<ICustomRole> {
const row = await this.db(T.ROLES)
.insert({
name: role.name,
description: role.description,
type: role.roleType,
})
.returning('*');
return this.mapRow(row[0]);
}
async delete(id: number): Promise<void> {
return this.db(T.ROLES).where({ id }).del();
}
async get(id: number): Promise<ICustomRole> {
const rows = await this.db.select(COLUMNS).from(T.ROLES).where({ id });
if (rows.length === 0) {
throw new NotFoundError(`Could not find role with id: ${id}`);
}
return this.mapRow(rows[0]);
}
async update(role: ICustomRoleUpdate): Promise<ICustomRole> {
const rows = await this.db(T.ROLES)
.where({
id: role.id,
})
.update({
id: role.id,
name: role.name,
description: role.description,
})
.returning('*');
return this.mapRow(rows[0]);
}
async exists(id: number): Promise<boolean> {
const result = await this.db.raw(
`SELECT EXISTS (SELECT 1 FROM ${T.ROLES} WHERE id = ?) AS present`,
[id],
);
const { present } = result.rows[0];
return present;
}
async nameInUse(name: string, existingId?: number): Promise<boolean> {
let query = this.db(T.ROLES).where({ name }).returning('id');
if (existingId) {
query = query.andWhereNot({ id: existingId });
}
const result = await query;
return result.length > 0;
}
async deleteAll(): Promise<void> {
return this.db(T.ROLES).del();
}
mapRow(row: IRoleRow): ICustomRole {
if (!row) {
throw new NotFoundError('No row');
}
return {
id: row.id,
name: row.name,
description: row.description,
type: row.type,
};
}
async getRoles(): Promise<IRole[]> {
return this.db
.select(['id', 'name', 'type', 'description'])
.from<IRole>(T.ROLES);
}
async getRoleWithId(id: number): Promise<IRole> {
return this.db
.select(['id', 'name', 'type', 'description'])
.where('id', id)
.first()
.from<IRole>(T.ROLES);
}
async getProjectRoles(): Promise<IRole[]> {
return this.db
.select(['id', 'name', 'type', 'description'])
.from<IRole>(T.ROLES)
.where('type', 'custom')
.orWhere('type', 'project');
}
async getRolesForProject(projectId: string): Promise<IRole[]> {
return this.db
.select(['r.id', 'r.name', 'r.type', 'ru.project', 'r.description'])
.from<IRole>(`${T.ROLE_USER} as ru`)
.innerJoin(`${T.ROLES} as r`, 'ru.role_id', 'r.id')
.where('project', projectId);
}
async getRootRoles(): Promise<IRole[]> {
return this.db
.select(['id', 'name', 'type', 'description'])
.from<IRole>(T.ROLES)
.where('type', 'root');
}
async removeRolesForProject(projectId: string): Promise<void> {
return this.db(T.ROLE_USER)
.where({
project: projectId,
})
.delete();
}
async getRootRoleForAllUsers(): Promise<IUserRole[]> {
const rows = await this.db
.select('id', 'user_id')
.distinctOn('user_id')
.from(`${T.ROLES} AS r`)
.leftJoin(`${T.ROLE_USER} AS ru`, 'r.id', 'ru.role_id')
.where('r.type', '=', 'root');
return rows.map((row) => ({
roleId: Number(row.id),
userId: Number(row.user_id),
}));
}
async getRoleByName(name: string): Promise<IRole> {
return this.db(T.ROLES).where({ name }).first();
}
destroy(): void {}
}
Reference in New Issue View Git Blame Copy Permalink