ToolJet/server/src/controllers/organization_users.controller.ts

import { Controller, Param, Post, UseGuards, Body } from '@nestjs/common';
import { OrganizationUsersService } from 'src/services/organization_users.service';
import { decamelizeKeys } from 'humps';
import { JwtAuthGuard } from '../../src/modules/auth/jwt-auth.guard';
import { AppAbility } from 'src/modules/casl/casl-ability.factory';
import { PoliciesGuard } from 'src/modules/casl/policies.guard';
import { CheckPolicies } from 'src/modules/casl/check_policies.decorator';
import { User as UserEntity } from 'src/entities/user.entity';
import { User } from 'src/decorators/user.decorator';
import { InviteNewUserDto } from '../dto/invite-new-user.dto';
import { OrganizationsService } from '@services/organizations.service';

@Controller('organization_users')
export class OrganizationUsersController {
  constructor(
    private organizationUsersService: OrganizationUsersService,
    private organizationsService: OrganizationsService
  ) {}

  // Endpoint for inviting new organization users
  @UseGuards(JwtAuthGuard, PoliciesGuard)
  @CheckPolicies((ability: AppAbility) => ability.can('inviteUser', UserEntity))
  @Post()
  async create(@User() user, @Body() inviteNewUserDto: InviteNewUserDto) {
    await this.organizationsService.inviteNewUser(user, inviteNewUserDto);
    return;
  }

  @UseGuards(JwtAuthGuard, PoliciesGuard)
  @CheckPolicies((ability: AppAbility) => ability.can('archiveUser', UserEntity))
  @Post(':id/archive')
  async archive(@User() user, @Param('id') id: string) {
    await this.organizationUsersService.archive(id, user.organizationId);
    return;
  }

  @UseGuards(JwtAuthGuard, PoliciesGuard)
  @CheckPolicies((ability: AppAbility) => ability.can('archiveUser', UserEntity))
  @Post(':id/unarchive')
  async unarchive(@User() user, @Param('id') id: string) {
    await this.organizationUsersService.unarchive(user, id);
    return;
  }

  // Deprecated
  @UseGuards(JwtAuthGuard, PoliciesGuard)
  @CheckPolicies((ability: AppAbility) => ability.can('changeRole', UserEntity))
  @Post(':id/change_role')
  async changeRole(@Param('id') id, @Body('role') role) {
    const result = await this.organizationUsersService.changeRole(id, role);
    return decamelizeKeys({ result });
  }
}
Support for multiple workspaces 🚀 (#2778) * multi org changes * Initial changes * changes * manage sso page * Multi-organization changes * Multi organization changes * multi-org changes * multi-org changes * multi-org changes * multi-org fixes * env variables app.json changes * multi-org-fix * user invitation token fix * multi-org group permission fix * multi-org app privilege * google oauth fix * Remove enable signup for form login * Multi organization fixes * multi-org user invite flow changes * multi-org sign up fix * rebase and multi-org fixes * revert testing logs * test logs revert * migration changes * migration file fix * error message changes * git login for private email fix * dropdown fix * test cases * e2e test cases added * test cases fix * documentation changes * testcases fix * testcases added * replace findOne with findOneOrFail * accept invite testcases * login page fixes * added encrypted tag * review comments * migration fixes * improvements * manage sso loading fix * review comments * migration file changes * new organization creation bug fix * added e2e testcases * added testcases * Update data_sources.controller.ts 2022-05-05 07:08:42 +00:00			`import { Controller, Param, Post, UseGuards, Body } from '@nestjs/common';`
Endpoint to archive org users 2021-07-19 08:57:57 +00:00			`import { OrganizationUsersService } from 'src/services/organization_users.service';`
			`import { decamelizeKeys } from 'humps';`
			`import { JwtAuthGuard } from '../../src/modules/auth/jwt-auth.guard';`
Policies and tests for organization user actions 2021-07-22 07:25:29 +00:00			`import { AppAbility } from 'src/modules/casl/casl-ability.factory';`
Set up CASL abilities 2021-07-21 16:57:04 +00:00			`import { PoliciesGuard } from 'src/modules/casl/policies.guard';`
			`import { CheckPolicies } from 'src/modules/casl/check_policies.decorator';`
Support for multiple workspaces 🚀 (#2778) * multi org changes * Initial changes * changes * manage sso page * Multi-organization changes * Multi organization changes * multi-org changes * multi-org changes * multi-org changes * multi-org fixes * env variables app.json changes * multi-org-fix * user invitation token fix * multi-org group permission fix * multi-org app privilege * google oauth fix * Remove enable signup for form login * Multi organization fixes * multi-org user invite flow changes * multi-org sign up fix * rebase and multi-org fixes * revert testing logs * test logs revert * migration changes * migration file fix * error message changes * git login for private email fix * dropdown fix * test cases * e2e test cases added * test cases fix * documentation changes * testcases fix * testcases added * replace findOne with findOneOrFail * accept invite testcases * login page fixes * added encrypted tag * review comments * migration fixes * improvements * manage sso loading fix * review comments * migration file changes * new organization creation bug fix * added e2e testcases * added testcases * Update data_sources.controller.ts 2022-05-05 07:08:42 +00:00			`import { User as UserEntity } from 'src/entities/user.entity';`
			`import { User } from 'src/decorators/user.decorator';`
Feature: Add data transfer object layer to validate and sanitize user inputs (#2694) * add sanitize-html to be used with dto * add dto for controllers * add vaalidation to check token not empty * update test config * add validation pipe on test setup * fix spec * fix params casing * update dto for empt checks * update reset password dto * only check for options to be defined * update specs * update dto and spec * Remove invalid decorator * update package-lock * update thread dto * update user dto * fix email * make comment req params attributes as optional * fix specs 2022-04-20 09:16:57 +00:00			`import { InviteNewUserDto } from '../dto/invite-new-user.dto';`
[BUG] Account level security issue (#3150) * bug fixes * changes * changes for single workspace support * added guards for signup route * test cases fixes * Workspace invite and user onboarding flow changes (#3190) * invite user flow changes * review comments * cleanup * testcase fix 2022-06-02 09:50:51 +00:00			`import { OrganizationsService } from '@services/organizations.service';`
Endpoint to archive org users 2021-07-19 08:57:57 +00:00
			`@Controller('organization_users')`
			`export class OrganizationUsersController {`
[BUG] Account level security issue (#3150) * bug fixes * changes * changes for single workspace support * added guards for signup route * test cases fixes * Workspace invite and user onboarding flow changes (#3190) * invite user flow changes * review comments * cleanup * testcase fix 2022-06-02 09:50:51 +00:00			`constructor(`
			`private organizationUsersService: OrganizationUsersService,`
			`private organizationsService: OrganizationsService`
			`) {}`
Endpoint to archive org users 2021-07-19 08:57:57 +00:00
Endpoint for creating new organization users 2021-07-19 09:36:34 +00:00			`// Endpoint for inviting new organization users`
Policies and tests for org user invitation 2021-07-22 09:41:50 +00:00			`@UseGuards(JwtAuthGuard, PoliciesGuard)`
Support for multiple workspaces 🚀 (#2778) * multi org changes * Initial changes * changes * manage sso page * Multi-organization changes * Multi organization changes * multi-org changes * multi-org changes * multi-org changes * multi-org fixes * env variables app.json changes * multi-org-fix * user invitation token fix * multi-org group permission fix * multi-org app privilege * google oauth fix * Remove enable signup for form login * Multi organization fixes * multi-org user invite flow changes * multi-org sign up fix * rebase and multi-org fixes * revert testing logs * test logs revert * migration changes * migration file fix * error message changes * git login for private email fix * dropdown fix * test cases * e2e test cases added * test cases fix * documentation changes * testcases fix * testcases added * replace findOne with findOneOrFail * accept invite testcases * login page fixes * added encrypted tag * review comments * migration fixes * improvements * manage sso loading fix * review comments * migration file changes * new organization creation bug fix * added e2e testcases * added testcases * Update data_sources.controller.ts 2022-05-05 07:08:42 +00:00			`@CheckPolicies((ability: AppAbility) => ability.can('inviteUser', UserEntity))`
Endpoint for creating new organization users 2021-07-19 09:36:34 +00:00			`@Post()`
Support for multiple workspaces 🚀 (#2778) * multi org changes * Initial changes * changes * manage sso page * Multi-organization changes * Multi organization changes * multi-org changes * multi-org changes * multi-org changes * multi-org fixes * env variables app.json changes * multi-org-fix * user invitation token fix * multi-org group permission fix * multi-org app privilege * google oauth fix * Remove enable signup for form login * Multi organization fixes * multi-org user invite flow changes * multi-org sign up fix * rebase and multi-org fixes * revert testing logs * test logs revert * migration changes * migration file fix * error message changes * git login for private email fix * dropdown fix * test cases * e2e test cases added * test cases fix * documentation changes * testcases fix * testcases added * replace findOne with findOneOrFail * accept invite testcases * login page fixes * added encrypted tag * review comments * migration fixes * improvements * manage sso loading fix * review comments * migration file changes * new organization creation bug fix * added e2e testcases * added testcases * Update data_sources.controller.ts 2022-05-05 07:08:42 +00:00			`async create(@User() user, @Body() inviteNewUserDto: InviteNewUserDto) {`
Security issue fix (#3793) 2022-08-16 02:14:03 +00:00			`await this.organizationsService.inviteNewUser(user, inviteNewUserDto);`
			`return;`
Endpoint to archive org users 2021-07-19 08:57:57 +00:00			`}`

Policies and tests for organization user actions 2021-07-22 07:25:29 +00:00			`@UseGuards(JwtAuthGuard, PoliciesGuard)`
Support for multiple workspaces 🚀 (#2778) * multi org changes * Initial changes * changes * manage sso page * Multi-organization changes * Multi organization changes * multi-org changes * multi-org changes * multi-org changes * multi-org fixes * env variables app.json changes * multi-org-fix * user invitation token fix * multi-org group permission fix * multi-org app privilege * google oauth fix * Remove enable signup for form login * Multi organization fixes * multi-org user invite flow changes * multi-org sign up fix * rebase and multi-org fixes * revert testing logs * test logs revert * migration changes * migration file fix * error message changes * git login for private email fix * dropdown fix * test cases * e2e test cases added * test cases fix * documentation changes * testcases fix * testcases added * replace findOne with findOneOrFail * accept invite testcases * login page fixes * added encrypted tag * review comments * migration fixes * improvements * manage sso loading fix * review comments * migration file changes * new organization creation bug fix * added e2e testcases * added testcases * Update data_sources.controller.ts 2022-05-05 07:08:42 +00:00			`@CheckPolicies((ability: AppAbility) => ability.can('archiveUser', UserEntity))`
Endpoint for creating new organization users 2021-07-19 09:36:34 +00:00			`@Post(':id/archive')`
User account level security issue (#3272) * user account level security issue * review comments * review comments 2022-06-17 11:39:13 +00:00			`async archive(@User() user, @Param('id') id: string) {`
			`await this.organizationUsersService.archive(id, user.organizationId);`
			`return;`
Endpoint for creating new organization users 2021-07-19 09:36:34 +00:00			`}`

Feature: Unarchive users (#1694) * add ability to unarchive users * add e2e specs * reset password on unarchive * fix spec 2021-12-30 20:41:10 +00:00			`@UseGuards(JwtAuthGuard, PoliciesGuard)`
Support for multiple workspaces 🚀 (#2778) * multi org changes * Initial changes * changes * manage sso page * Multi-organization changes * Multi organization changes * multi-org changes * multi-org changes * multi-org changes * multi-org fixes * env variables app.json changes * multi-org-fix * user invitation token fix * multi-org group permission fix * multi-org app privilege * google oauth fix * Remove enable signup for form login * Multi organization fixes * multi-org user invite flow changes * multi-org sign up fix * rebase and multi-org fixes * revert testing logs * test logs revert * migration changes * migration file fix * error message changes * git login for private email fix * dropdown fix * test cases * e2e test cases added * test cases fix * documentation changes * testcases fix * testcases added * replace findOne with findOneOrFail * accept invite testcases * login page fixes * added encrypted tag * review comments * migration fixes * improvements * manage sso loading fix * review comments * migration file changes * new organization creation bug fix * added e2e testcases * added testcases * Update data_sources.controller.ts 2022-05-05 07:08:42 +00:00			`@CheckPolicies((ability: AppAbility) => ability.can('archiveUser', UserEntity))`
Feature: Unarchive users (#1694) * add ability to unarchive users * add e2e specs * reset password on unarchive * fix spec 2021-12-30 20:41:10 +00:00			`@Post(':id/unarchive')`
Support for multiple workspaces 🚀 (#2778) * multi org changes * Initial changes * changes * manage sso page * Multi-organization changes * Multi organization changes * multi-org changes * multi-org changes * multi-org changes * multi-org fixes * env variables app.json changes * multi-org-fix * user invitation token fix * multi-org group permission fix * multi-org app privilege * google oauth fix * Remove enable signup for form login * Multi organization fixes * multi-org user invite flow changes * multi-org sign up fix * rebase and multi-org fixes * revert testing logs * test logs revert * migration changes * migration file fix * error message changes * git login for private email fix * dropdown fix * test cases * e2e test cases added * test cases fix * documentation changes * testcases fix * testcases added * replace findOne with findOneOrFail * accept invite testcases * login page fixes * added encrypted tag * review comments * migration fixes * improvements * manage sso loading fix * review comments * migration file changes * new organization creation bug fix * added e2e testcases * added testcases * Update data_sources.controller.ts 2022-05-05 07:08:42 +00:00			`async unarchive(@User() user, @Param('id') id: string) {`
User account level security issue (#3272) * user account level security issue * review comments * review comments 2022-06-17 11:39:13 +00:00			`await this.organizationUsersService.unarchive(user, id);`
			`return;`
Feature: Unarchive users (#1694) * add ability to unarchive users * add e2e specs * reset password on unarchive * fix spec 2021-12-30 20:41:10 +00:00			`}`

Feature: Add data transfer object layer to validate and sanitize user inputs (#2694) * add sanitize-html to be used with dto * add dto for controllers * add vaalidation to check token not empty * update test config * add validation pipe on test setup * fix spec * fix params casing * update dto for empt checks * update reset password dto * only check for options to be defined * update specs * update dto and spec * Remove invalid decorator * update package-lock * update thread dto * update user dto * fix email * make comment req params attributes as optional * fix specs 2022-04-20 09:16:57 +00:00			`// Deprecated`
Set up CASL abilities 2021-07-21 16:57:04 +00:00			`@UseGuards(JwtAuthGuard, PoliciesGuard)`
Support for multiple workspaces 🚀 (#2778) * multi org changes * Initial changes * changes * manage sso page * Multi-organization changes * Multi organization changes * multi-org changes * multi-org changes * multi-org changes * multi-org fixes * env variables app.json changes * multi-org-fix * user invitation token fix * multi-org group permission fix * multi-org app privilege * google oauth fix * Remove enable signup for form login * Multi organization fixes * multi-org user invite flow changes * multi-org sign up fix * rebase and multi-org fixes * revert testing logs * test logs revert * migration changes * migration file fix * error message changes * git login for private email fix * dropdown fix * test cases * e2e test cases added * test cases fix * documentation changes * testcases fix * testcases added * replace findOne with findOneOrFail * accept invite testcases * login page fixes * added encrypted tag * review comments * migration fixes * improvements * manage sso loading fix * review comments * migration file changes * new organization creation bug fix * added e2e testcases * added testcases * Update data_sources.controller.ts 2022-05-05 07:08:42 +00:00			`@CheckPolicies((ability: AppAbility) => ability.can('changeRole', UserEntity))`
Endpoint for updatign user roles 2021-07-19 09:41:33 +00:00			`@Post(':id/change_role')`
Support for multiple workspaces 🚀 (#2778) * multi org changes * Initial changes * changes * manage sso page * Multi-organization changes * Multi organization changes * multi-org changes * multi-org changes * multi-org changes * multi-org fixes * env variables app.json changes * multi-org-fix * user invitation token fix * multi-org group permission fix * multi-org app privilege * google oauth fix * Remove enable signup for form login * Multi organization fixes * multi-org user invite flow changes * multi-org sign up fix * rebase and multi-org fixes * revert testing logs * test logs revert * migration changes * migration file fix * error message changes * git login for private email fix * dropdown fix * test cases * e2e test cases added * test cases fix * documentation changes * testcases fix * testcases added * replace findOne with findOneOrFail * accept invite testcases * login page fixes * added encrypted tag * review comments * migration fixes * improvements * manage sso loading fix * review comments * migration file changes * new organization creation bug fix * added e2e testcases * added testcases * Update data_sources.controller.ts 2022-05-05 07:08:42 +00:00			`async changeRole(@Param('id') id, @Body('role') role) {`
			`const result = await this.organizationUsersService.changeRole(id, role);`
Endpoint for updatign user roles 2021-07-19 09:41:33 +00:00			`return decamelizeKeys({ result });`
			`}`
Endpoint to archive org users 2021-07-19 08:57:57 +00:00			`}`