Elgato_dark/ToolJet
1
0
Fork 0
mirror of https://github.com/ToolJet/ToolJet synced 2026-05-23 00:48:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

completed group permission service

Browse source
This commit is contained in:
kriks7iitk 2024-05-23 15:08:09 +05:30
parent 525404c4a4
commit a3d3dfb16f
6 changed files with 93 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

56
server/src/controllers/group_permissions.controller.v2.ts
View file

@ -1,4 +1,4 @@
import { CreateGranularPermissionDto } from '@dto/granular-permissions.dto';
import { CreateGranularPermissionDto, UpdateGranularPermissionDto } from '@dto/granular-permissions.dto';
import {
AddGroupUserDto,
CreateGroupPermissionDto,
@ -6,7 +6,10 @@ import {
UpdateGroupPermissionDto,
} from '@dto/group_permissions.dto';
import { JwtAuthGuard } from '@module/auth/jwt-auth.guard';
import { validateGranularPermissionCreateOperation } from '@module/user_resource_permissions/utility/granular-permissios.utility';
import {
validateGranularPermissionCreateOperation,
validateGranularPermissionUpdateOperation,
} from '@module/user_resource_permissions/utility/granular-permissios.utility';
import { validateCreateGroupOperation } from '@module/user_resource_permissions/utility/group-permissions.utility';
import { Body, Controller, Delete, Get, Param, Post, Put, UseGuards } from '@nestjs/common';
import { GranularPermissionsService } from '@services/granular_permissions.service';
@ -29,6 +32,12 @@ export class GroupPermissionsControllerV2 {
@UseGuards(JwtAuthGuard)
@Post()
async create(@User() user, @Body() createGroupPermissionDto: CreateGroupPermissionDto) {
/*
License Validation check -
1. CE - Anyone can create custom groups
2. EE/Cloud - Basic Plan - Cant create custom group
- Paid Plan - Can create custom group
*/
validateCreateGroupOperation(createGroupPermissionDto);
return await this.groupPermissionsService.create(user, createGroupPermissionDto);
}
@ -49,6 +58,12 @@ export class GroupPermissionsControllerV2 {
@UseGuards(JwtAuthGuard)
@Put()
async update(@User() user, @Param('id') id: string, @Body() updateGroupDto: UpdateGroupPermissionDto) {
/*
License Validation check -
1. CE - Anyone can create update custom groups but no'one can update defaul group
2. EE/Cloud - Basic Plan - No'one can update custom and default group
- Paid Plan - Can update only custom and default -builder custom group
*/
return await this.groupPermissionsService.updateGroup(id, updateGroupDto);
}
@ -80,14 +95,24 @@ export class GroupPermissionsControllerV2 {
@UseGuards(JwtAuthGuard)
@Put('user-role')
async updateUserRole(@User() user, @Body() editRoleDto: EditUserRoleDto) {
/*
What are license thing for this
License Validation check -
1. CE - Anyone can create update custom groups but no'one can update defaul group
2. EE/Cloud - Basic Plan - No'one can update custom and default group
- Paid Plan - Can update only custom and default -builder custom group
*/
const { organizationId } = user;
return await this.userRoleService.editDefaultGroupUserRole(editRoleDto, organizationId);
}
//Should be not be part of current CE
@UseGuards(JwtAuthGuard)
@Post('granular-permissions')
async createGranularPermissions(@User() user, @Body() createGranularPermissionsDto: CreateGranularPermissionDto) {
//Check for license validation first here
// What are license validation for this
const { groupId } = createGranularPermissionsDto;
const group = await this.groupPermissionsService.getGroup(groupId);
validateGranularPermissionCreateOperation(group);
@ -95,11 +120,36 @@ export class GroupPermissionsControllerV2 {
}
@UseGuards(JwtAuthGuard)
@Post('granular-permissions')
@Get('granular-permissions')
async getAllGranularPermissions(@User() user, @Param('id') groupId: string): Promise<GranularPermissions[]> {
const granularPermissions: GranularPermissions[] = await this.granularPermissionsService.getAll({
groupId: groupId,
});
return granularPermissions;
}
@UseGuards(JwtAuthGuard)
@Put('granular-permissions/:id')
async updateGranularPermissions(
@User() user,
@Param('id') granularPermissionsId: string,
@Body() updateGranularPermissionDto: UpdateGranularPermissionDto
) {
//Check for license validation first here
// What are license validation for this
// const { groupId } = createGranularPermissionsDto;
const granularPermissions = await this.granularPermissionsService.get(granularPermissionsId);
const group = granularPermissions.group;
validateGranularPermissionUpdateOperation(group);
return await this.granularPermissionsService.update(granularPermissionsId, {
organizationId: group.organizationId,
updateGranularPermissionDto,
});
}
@UseGuards(JwtAuthGuard)
@Delete('granular-permissions/:id')
async deleteGranularPermissions(@User() user, @Param('id') granularPermissionsId: string): Promise<void> {
await this.granularPermissionsService.delete(granularPermissionsId);
}
}

2
server/src/modules/user_resource_permissions/constants/granular-permissions.constant.ts
View file

@ -36,7 +36,7 @@ export const DEFAULT_RESOURCE_PERMISSIONS = {
} as Record<USER_ROLE, Record<ResourceType, CreateResourcePermissionObject>>;
export const ERROR_HANDLER = {
DEFAULT_GROUP_GRANULAR_PERMISSIONS: 'Cannot create granular permissions of default group',
ADMIN_DEFAULT_GROUP_GRANULAR_PERMISSIONS: 'Cannot create granular permissions of admin group',
EDITOR_LEVEL_PERMISSIONS_NOT_ALLOWED:
'End-users can only be granted permission to view apps. If you wish to add this permission, kindly change the following users role from end-user to builder',
};

12
server/src/modules/user_resource_permissions/utility/granular-permissios.utility.ts
View file

@ -1,5 +1,5 @@
import { GroupPermissions } from 'src/entities/group_permissions.entity';
import { GROUP_PERMISSIONS_TYPE } from '../constants/group-permissions.constant';
import { USER_ROLE } from '../constants/group-permissions.constant';
import { BadRequestException } from '@nestjs/common';
import { ERROR_HANDLER } from '../constants/granular-permissions.constant';
import { EntityManager, SelectQueryBuilder } from 'typeorm';
@ -7,8 +7,13 @@ import { GranularPermissionQuerySearchParam } from '../interface/granular-permis
import { GranularPermissions } from 'src/entities/granular_permissions.entity';
export function validateGranularPermissionCreateOperation(group: GroupPermissions) {
if (group.type != GROUP_PERMISSIONS_TYPE.DEFAULT)
throw new BadRequestException(ERROR_HANDLER.DEFAULT_GROUP_GRANULAR_PERMISSIONS);
if (group.name != USER_ROLE.ADMIN)
throw new BadRequestException(ERROR_HANDLER.ADMIN_DEFAULT_GROUP_GRANULAR_PERMISSIONS);
}
export function validateGranularPermissionUpdateOperation(group: GroupPermissions) {
if (group.name != USER_ROLE.ADMIN)
throw new BadRequestException(ERROR_HANDLER.ADMIN_DEFAULT_GROUP_GRANULAR_PERMISSIONS);
}
export function getAllGranularPermissionQuery(
@ -50,6 +55,7 @@ export function getGranularPermissionQuery(
): SelectQueryBuilder<GranularPermissions> {
const query = manager
.createQueryBuilder(GranularPermissions, 'granularPermissions')
.innerJoinAndSelect('granularPermissions.group', 'groupPermissions')
.innerJoin(
'apps_group_permissions',
'appsGroupPermissions',

45
server/src/services/granular_permissions.service.ts
View file

@ -72,27 +72,10 @@ export class GranularPermissionsService {
resourcesToDelete,
resourcesToAdd,
};
const groupEditors = await this.groupPermissionsUtilityService.getRoleUsersList(
USER_ROLE.END_USER,
organizationId,
id,
manager
);
//Resource update level
const editPermissionsPresent = Object.values(actions).some(
(value) => typeof value === 'boolean' && value === true
);
if (groupEditors.length && editPermissionsPresent)
throw new BadRequestException({
message: ERROR_HANDLER.EDITOR_LEVEL_PERMISSIONS_NOT_ALLOWED,
data: groupEditors,
});
await catchDbException(async () => {
await manager.update(GranularPermissions, id, updateGranularPermission);
}, [DATA_BASE_CONSTRAINTS.GRANULAR_PERMISSIONS_NAME_UNIQUE]);
await this.updateResourcePermissions(updateResource, manager);
await this.updateResourcePermissions(updateResource, organizationId, manager);
}, manager);
}
@ -123,7 +106,7 @@ export class GranularPermissionsService {
return resourceGranularPermissions;
}
async createAppGroupPermission(
private async createAppGroupPermission(
granularPermissions: GranularPermissions,
createAppPermissionsObj?: CreateAppsPermissionsObject,
manager?: EntityManager
@ -136,26 +119,44 @@ export class GranularPermissionsService {
}, manager);
}
async updateResourcePermissions(
private async updateResourcePermissions(
updateResourceGroupPermissionsObject: UpdateResourceGroupPermissionsObject,
organizationId: string,
manager?: EntityManager
) {
const { granularPermissions } = updateResourceGroupPermissionsObject;
return await dbTransactionWrap(async (manager: EntityManager) => {
switch (granularPermissions.type) {
case ResourceType.APP:
await this.updateAppsGroupPermission(updateResourceGroupPermissionsObject, manager);
await this.updateAppsGroupPermission(updateResourceGroupPermissionsObject, organizationId, manager);
break;
}
}, manager);
}
async updateAppsGroupPermission(
private async updateAppsGroupPermission(
UpdateResourceGroupPermissionsObject: UpdateResourceGroupPermissionsObject,
organizationId: string,
manager?: EntityManager
) {
return await dbTransactionWrap(async (manager: EntityManager) => {
const { granularPermissions, actions, resourcesToDelete, resourcesToAdd } = UpdateResourceGroupPermissionsObject;
const groupEditors = await this.groupPermissionsUtilityService.getRoleUsersList(
USER_ROLE.END_USER,
organizationId,
granularPermissions.groupId,
manager
);
//Resource update level
const editPermissionsPresent = Object.values(actions).some(
(value) => typeof value === 'boolean' && value === true
);
if (groupEditors.length && editPermissionsPresent)
throw new BadRequestException({
message: ERROR_HANDLER.EDITOR_LEVEL_PERMISSIONS_NOT_ALLOWED,
data: groupEditors,
});
const appsGroupPermissions = await manager.findOne(AppsGroupPermissions, {
where: {
granularPermissionId: granularPermissions.id,

9
server/src/services/group_permissions.service.v2.ts
View file

@ -59,10 +59,11 @@ export class GroupPermissionsServiceV2 {
}
async getGroup(id: string, manager?: EntityManager): Promise<GroupPermissions> {
const entityManager: EntityManager = manager ? manager : getManager();
return await entityManager.findOne(GroupPermissions, {
where: { id },
});
return await dbTransactionWrap(async (manager: EntityManager) => {
return await manager.findOne(GroupPermissions, {
where: { id },
});
}, manager);
}
async updateGroup(id: string, updateGroupPermissionDto: UpdateGroupPermissionDto, manager?: EntityManager) {

7
server/src/services/user-role.service.ts
View file

@ -84,10 +84,8 @@ export class UserRoleService {
): Promise<void> {
const { newRole, userId } = editRoleDto;
const userRole = await this.groupPermissionsUtilityService.getUserRole(userId, organizationId);
const userGroup = userRole.groupUsers[0];
if (!userRole) throw new BadRequestException(ERROR_HANDLER.ADD_GROUP_USER_NON_EXISTING_USER);
const newRoleGroup = await this.getRoleGroup(newRole, organizationId);
const userGroup = userRole.groupUsers[0];
if (userRole.name == newRole)
throw new BadRequestException(ERROR_HANDLER.DEFAULT_GROUP_ADD_USER_ROLE_EXIST(newRole));
@ -104,8 +102,7 @@ export class UserRoleService {
if (editPermissionsPresent) await this.groupPermissionsService.deleteGroupUser(customUserGroup.id, manager);
}
}
const newUserRole = manager.create(GroupUsers, { groupId: newRoleGroup.id, userId });
await manager.save(newUserRole);
await this.addUserRole({ role: newRole, userId }, organizationId, manager);
}, manager);
}