mirror of
https://github.com/Unleash/unleash.git
synced 2024-10-18 20:09:08 +02:00
0c78980502
* wip: environment for permissions * fix: add migration for roles * fix: connect environment with access service * feat: add tests * chore: Implement scaffolding for new rbac * fix: add fake store * feat: Add api endpoints for roles and permissions list * feat: Add ability to provide permissions when creating a role and rename environmentName to name in the list permissions datastructure * fix: Make project roles resolve correctly against new environments permissions structure * fix: Patch migration to also populate permission names * fix: Make permissions actually work with new environments * fix: Add back to get permissions working for editor role * fix: Removed ability to set role type through api during creation - it's now always custom * feat: Return permissions on get role endpoint * feat: Add in support for updating roles * fix: Get a bunch of tests working and delete a few that make no sense anymore * chore: A few small cleanups - remove logging and restore default on dev server config * chore: Refactor role/access stores into more logical domains * feat: Add in validation for roles * feat: Patch db migration to handle old stucture * fix: migration for project roles * fix: patch a few broken tests * fix: add permissions to editor * fix: update test name * fix: update user permission mapping * fix: create new user * fix: update root role test * fix: update tests * feat: Validation now works when updating a role * fix: Add in very barebones down migration for rbac so that tests work * fix: Improve responses from role resolution - getting a non existant role will throw a NotFound error * fix: remove unused permissions * fix: add test for connecting roles and deleting project * fix: add test for adding a project member with a custom role * fix: add test for changing user role * fix: add guard for deleting role if the role is in use * fix: alter migration * chore: Minor code cleanups * chore: Small code cleanups * chore: More minor cleanups of code * chore: Trim some dead code to make the linter happy * feat: Schema validation for roles * fix: setup permission for variant * fix: remove unused import * feat: Add cascading delete for role_permissions when deleting a role * feat: add configuration option for disabling legacy api * chore: update frontend to beta version * 4.6.0-beta.0 * fix: export default project constant * fix: update snapshot * fix: module pattern ../../lib * fix: move DEFAULT_PROJECT to types * fix: remove debug logging * fix: remove debug log state * fix: Change permission descriptions * fix: roles should have unique name * fix: root roles should be connected to the default project * fix: typo in role-schema.ts * fix: Role permission empty string for non environment type * feat: new permission for moving project * fix: add event for changeProject * fix: Removing a user from a project will now check to see if that project has an owner, rather than checking if any project has an owner * fix: add tests for move project * fix: Add in missing create/delete tag permissions * fix: Removed duplicate impl caused by multiple good samaritans putting it back in! * fix: Trim out add tag permissions, for now at least * chore: Trim out new add and delete tag permissions - we're going with update feature instead * chore: update frontend * 4.6.0-beta.1 * feat: Prevent editing of built in roles * fix: Patch an issue where permissions for variants/environments didn't match the front end * fix: lint Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com> Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com>
186 lines
5.1 KiB
TypeScript
186 lines
5.1 KiB
TypeScript
import EventEmitter from 'events';
|
|
import { Knex } from 'knex';
|
|
import { Logger, LogProvider } from '../logger';
|
|
import NotFoundError from '../error/notfound-error';
|
|
import { ICustomRole } from 'lib/types/model';
|
|
import {
|
|
ICustomRoleInsert,
|
|
ICustomRoleUpdate,
|
|
IRoleStore,
|
|
} from 'lib/types/stores/role-store';
|
|
import { IRole, IUserRole } from 'lib/types/stores/access-store';
|
|
|
|
const T = {
|
|
ROLE_USER: 'role_user',
|
|
ROLES: 'roles',
|
|
};
|
|
|
|
const COLUMNS = ['id', 'name', 'description', 'type'];
|
|
|
|
interface IRoleRow {
|
|
id: number;
|
|
name: string;
|
|
description: string;
|
|
type: string;
|
|
}
|
|
|
|
export default class RoleStore implements IRoleStore {
|
|
private logger: Logger;
|
|
|
|
private eventBus: EventEmitter;
|
|
|
|
private db: Knex;
|
|
|
|
constructor(db: Knex, eventBus: EventEmitter, getLogger: LogProvider) {
|
|
this.db = db;
|
|
this.eventBus = eventBus;
|
|
this.logger = getLogger('lib/db/role-store.ts');
|
|
}
|
|
|
|
async getAll(): Promise<ICustomRole[]> {
|
|
const rows = await this.db
|
|
.select(COLUMNS)
|
|
.from(T.ROLES)
|
|
.orderBy('name', 'asc');
|
|
|
|
return rows.map(this.mapRow);
|
|
}
|
|
|
|
async create(role: ICustomRoleInsert): Promise<ICustomRole> {
|
|
const row = await this.db(T.ROLES)
|
|
.insert({
|
|
name: role.name,
|
|
description: role.description,
|
|
type: role.roleType,
|
|
})
|
|
.returning('*');
|
|
return this.mapRow(row[0]);
|
|
}
|
|
|
|
async delete(id: number): Promise<void> {
|
|
return this.db(T.ROLES).where({ id }).del();
|
|
}
|
|
|
|
async get(id: number): Promise<ICustomRole> {
|
|
const rows = await this.db.select(COLUMNS).from(T.ROLES).where({ id });
|
|
if (rows.length === 0) {
|
|
throw new NotFoundError(`Could not find role with id: ${id}`);
|
|
}
|
|
return this.mapRow(rows[0]);
|
|
}
|
|
|
|
async update(role: ICustomRoleUpdate): Promise<ICustomRole> {
|
|
const rows = await this.db(T.ROLES)
|
|
.where({
|
|
id: role.id,
|
|
})
|
|
.update({
|
|
id: role.id,
|
|
name: role.name,
|
|
description: role.description,
|
|
})
|
|
.returning('*');
|
|
return this.mapRow(rows[0]);
|
|
}
|
|
|
|
async exists(id: number): Promise<boolean> {
|
|
const result = await this.db.raw(
|
|
`SELECT EXISTS (SELECT 1 FROM ${T.ROLES} WHERE id = ?) AS present`,
|
|
[id],
|
|
);
|
|
const { present } = result.rows[0];
|
|
return present;
|
|
}
|
|
|
|
async nameInUse(name: string, existingId?: number): Promise<boolean> {
|
|
let query = this.db(T.ROLES).where({ name }).returning('id');
|
|
if (existingId) {
|
|
query = query.andWhereNot({ id: existingId });
|
|
}
|
|
const result = await query;
|
|
return result.length > 0;
|
|
}
|
|
|
|
async deleteAll(): Promise<void> {
|
|
return this.db(T.ROLES).del();
|
|
}
|
|
|
|
mapRow(row: IRoleRow): ICustomRole {
|
|
if (!row) {
|
|
throw new NotFoundError('No row');
|
|
}
|
|
|
|
return {
|
|
id: row.id,
|
|
name: row.name,
|
|
description: row.description,
|
|
type: row.type,
|
|
};
|
|
}
|
|
|
|
async getRoles(): Promise<IRole[]> {
|
|
return this.db
|
|
.select(['id', 'name', 'type', 'description'])
|
|
.from<IRole>(T.ROLES);
|
|
}
|
|
|
|
async getRoleWithId(id: number): Promise<IRole> {
|
|
return this.db
|
|
.select(['id', 'name', 'type', 'description'])
|
|
.where('id', id)
|
|
.first()
|
|
.from<IRole>(T.ROLES);
|
|
}
|
|
|
|
async getProjectRoles(): Promise<IRole[]> {
|
|
return this.db
|
|
.select(['id', 'name', 'type', 'description'])
|
|
.from<IRole>(T.ROLES)
|
|
.where('type', 'custom')
|
|
.orWhere('type', 'project');
|
|
}
|
|
|
|
async getRolesForProject(projectId: string): Promise<IRole[]> {
|
|
return this.db
|
|
.select(['r.id', 'r.name', 'r.type', 'ru.project', 'r.description'])
|
|
.from<IRole>(`${T.ROLE_USER} as ru`)
|
|
.innerJoin(`${T.ROLES} as r`, 'ru.role_id', 'r.id')
|
|
.where('project', projectId);
|
|
}
|
|
|
|
async getRootRoles(): Promise<IRole[]> {
|
|
return this.db
|
|
.select(['id', 'name', 'type', 'description'])
|
|
.from<IRole>(T.ROLES)
|
|
.where('type', 'root');
|
|
}
|
|
|
|
async removeRolesForProject(projectId: string): Promise<void> {
|
|
return this.db(T.ROLE_USER)
|
|
.where({
|
|
project: projectId,
|
|
})
|
|
.delete();
|
|
}
|
|
|
|
async getRootRoleForAllUsers(): Promise<IUserRole[]> {
|
|
const rows = await this.db
|
|
.select('id', 'user_id')
|
|
.distinctOn('user_id')
|
|
.from(`${T.ROLES} AS r`)
|
|
.leftJoin(`${T.ROLE_USER} AS ru`, 'r.id', 'ru.role_id')
|
|
.where('r.type', '=', 'root');
|
|
|
|
return rows.map((row) => ({
|
|
roleId: Number(row.id),
|
|
userId: Number(row.user_id),
|
|
}));
|
|
}
|
|
|
|
async getRoleByName(name: string): Promise<IRole> {
|
|
return this.db(T.ROLES).where({ name }).first();
|
|
}
|
|
|
|
destroy(): void {}
|
|
}
|