From a3d3dfb16fd24672c9f6554e874170b7ed6a4c15 Mon Sep 17 00:00:00 2001 From: kriks7iitk Date: Thu, 23 May 2024 15:08:09 +0530 Subject: [PATCH] completed group permission service --- .../group_permissions.controller.v2.ts | 56 ++++++++++++++++++- .../granular-permissions.constant.ts | 2 +- .../utility/granular-permissios.utility.ts | 12 +++- .../services/granular_permissions.service.ts | 45 +++++++-------- .../services/group_permissions.service.v2.ts | 9 +-- server/src/services/user-role.service.ts | 7 +-- 6 files changed, 93 insertions(+), 38 deletions(-) diff --git a/server/src/controllers/group_permissions.controller.v2.ts b/server/src/controllers/group_permissions.controller.v2.ts index 132417dc83..29fc5ef468 100644 --- a/server/src/controllers/group_permissions.controller.v2.ts +++ b/server/src/controllers/group_permissions.controller.v2.ts @@ -1,4 +1,4 @@ -import { CreateGranularPermissionDto } from '@dto/granular-permissions.dto'; +import { CreateGranularPermissionDto, UpdateGranularPermissionDto } from '@dto/granular-permissions.dto'; import { AddGroupUserDto, CreateGroupPermissionDto, @@ -6,7 +6,10 @@ import { UpdateGroupPermissionDto, } from '@dto/group_permissions.dto'; import { JwtAuthGuard } from '@module/auth/jwt-auth.guard'; -import { validateGranularPermissionCreateOperation } from '@module/user_resource_permissions/utility/granular-permissios.utility'; +import { + validateGranularPermissionCreateOperation, + validateGranularPermissionUpdateOperation, +} from '@module/user_resource_permissions/utility/granular-permissios.utility'; import { validateCreateGroupOperation } from '@module/user_resource_permissions/utility/group-permissions.utility'; import { Body, Controller, Delete, Get, Param, Post, Put, UseGuards } from '@nestjs/common'; import { GranularPermissionsService } from '@services/granular_permissions.service'; @@ -29,6 +32,12 @@ export class GroupPermissionsControllerV2 { @UseGuards(JwtAuthGuard) @Post() async create(@User() user, @Body() createGroupPermissionDto: CreateGroupPermissionDto) { + /* + License Validation check - + 1. CE - Anyone can create custom groups + 2. EE/Cloud - Basic Plan - Cant create custom group + - Paid Plan - Can create custom group + */ validateCreateGroupOperation(createGroupPermissionDto); return await this.groupPermissionsService.create(user, createGroupPermissionDto); } @@ -49,6 +58,12 @@ export class GroupPermissionsControllerV2 { @UseGuards(JwtAuthGuard) @Put() async update(@User() user, @Param('id') id: string, @Body() updateGroupDto: UpdateGroupPermissionDto) { + /* + License Validation check - + 1. CE - Anyone can create update custom groups but no'one can update defaul group + 2. EE/Cloud - Basic Plan - No'one can update custom and default group + - Paid Plan - Can update only custom and default -builder custom group + */ return await this.groupPermissionsService.updateGroup(id, updateGroupDto); } @@ -80,14 +95,24 @@ export class GroupPermissionsControllerV2 { @UseGuards(JwtAuthGuard) @Put('user-role') async updateUserRole(@User() user, @Body() editRoleDto: EditUserRoleDto) { + /* + + What are license thing for this + License Validation check - + 1. CE - Anyone can create update custom groups but no'one can update defaul group + 2. EE/Cloud - Basic Plan - No'one can update custom and default group + - Paid Plan - Can update only custom and default -builder custom group + */ const { organizationId } = user; return await this.userRoleService.editDefaultGroupUserRole(editRoleDto, organizationId); } + //Should be not be part of current CE @UseGuards(JwtAuthGuard) @Post('granular-permissions') async createGranularPermissions(@User() user, @Body() createGranularPermissionsDto: CreateGranularPermissionDto) { //Check for license validation first here + // What are license validation for this const { groupId } = createGranularPermissionsDto; const group = await this.groupPermissionsService.getGroup(groupId); validateGranularPermissionCreateOperation(group); @@ -95,11 +120,36 @@ export class GroupPermissionsControllerV2 { } @UseGuards(JwtAuthGuard) - @Post('granular-permissions') + @Get('granular-permissions') async getAllGranularPermissions(@User() user, @Param('id') groupId: string): Promise { const granularPermissions: GranularPermissions[] = await this.granularPermissionsService.getAll({ groupId: groupId, }); return granularPermissions; } + + @UseGuards(JwtAuthGuard) + @Put('granular-permissions/:id') + async updateGranularPermissions( + @User() user, + @Param('id') granularPermissionsId: string, + @Body() updateGranularPermissionDto: UpdateGranularPermissionDto + ) { + //Check for license validation first here + // What are license validation for this + // const { groupId } = createGranularPermissionsDto; + const granularPermissions = await this.granularPermissionsService.get(granularPermissionsId); + const group = granularPermissions.group; + validateGranularPermissionUpdateOperation(group); + return await this.granularPermissionsService.update(granularPermissionsId, { + organizationId: group.organizationId, + updateGranularPermissionDto, + }); + } + + @UseGuards(JwtAuthGuard) + @Delete('granular-permissions/:id') + async deleteGranularPermissions(@User() user, @Param('id') granularPermissionsId: string): Promise { + await this.granularPermissionsService.delete(granularPermissionsId); + } } diff --git a/server/src/modules/user_resource_permissions/constants/granular-permissions.constant.ts b/server/src/modules/user_resource_permissions/constants/granular-permissions.constant.ts index 85fcd311d6..bd3b1b604e 100644 --- a/server/src/modules/user_resource_permissions/constants/granular-permissions.constant.ts +++ b/server/src/modules/user_resource_permissions/constants/granular-permissions.constant.ts @@ -36,7 +36,7 @@ export const DEFAULT_RESOURCE_PERMISSIONS = { } as Record>; export const ERROR_HANDLER = { - DEFAULT_GROUP_GRANULAR_PERMISSIONS: 'Cannot create granular permissions of default group', + ADMIN_DEFAULT_GROUP_GRANULAR_PERMISSIONS: 'Cannot create granular permissions of admin group', EDITOR_LEVEL_PERMISSIONS_NOT_ALLOWED: 'End-users can only be granted permission to view apps. If you wish to add this permission, kindly change the following users role from end-user to builder', }; diff --git a/server/src/modules/user_resource_permissions/utility/granular-permissios.utility.ts b/server/src/modules/user_resource_permissions/utility/granular-permissios.utility.ts index d18ac08278..96b2b9883d 100644 --- a/server/src/modules/user_resource_permissions/utility/granular-permissios.utility.ts +++ b/server/src/modules/user_resource_permissions/utility/granular-permissios.utility.ts @@ -1,5 +1,5 @@ import { GroupPermissions } from 'src/entities/group_permissions.entity'; -import { GROUP_PERMISSIONS_TYPE } from '../constants/group-permissions.constant'; +import { USER_ROLE } from '../constants/group-permissions.constant'; import { BadRequestException } from '@nestjs/common'; import { ERROR_HANDLER } from '../constants/granular-permissions.constant'; import { EntityManager, SelectQueryBuilder } from 'typeorm'; @@ -7,8 +7,13 @@ import { GranularPermissionQuerySearchParam } from '../interface/granular-permis import { GranularPermissions } from 'src/entities/granular_permissions.entity'; export function validateGranularPermissionCreateOperation(group: GroupPermissions) { - if (group.type != GROUP_PERMISSIONS_TYPE.DEFAULT) - throw new BadRequestException(ERROR_HANDLER.DEFAULT_GROUP_GRANULAR_PERMISSIONS); + if (group.name != USER_ROLE.ADMIN) + throw new BadRequestException(ERROR_HANDLER.ADMIN_DEFAULT_GROUP_GRANULAR_PERMISSIONS); +} + +export function validateGranularPermissionUpdateOperation(group: GroupPermissions) { + if (group.name != USER_ROLE.ADMIN) + throw new BadRequestException(ERROR_HANDLER.ADMIN_DEFAULT_GROUP_GRANULAR_PERMISSIONS); } export function getAllGranularPermissionQuery( @@ -50,6 +55,7 @@ export function getGranularPermissionQuery( ): SelectQueryBuilder { const query = manager .createQueryBuilder(GranularPermissions, 'granularPermissions') + .innerJoinAndSelect('granularPermissions.group', 'groupPermissions') .innerJoin( 'apps_group_permissions', 'appsGroupPermissions', diff --git a/server/src/services/granular_permissions.service.ts b/server/src/services/granular_permissions.service.ts index c6e4fa899b..80b3ea2145 100644 --- a/server/src/services/granular_permissions.service.ts +++ b/server/src/services/granular_permissions.service.ts @@ -72,27 +72,10 @@ export class GranularPermissionsService { resourcesToDelete, resourcesToAdd, }; - const groupEditors = await this.groupPermissionsUtilityService.getRoleUsersList( - USER_ROLE.END_USER, - organizationId, - id, - manager - ); - - //Resource update level - const editPermissionsPresent = Object.values(actions).some( - (value) => typeof value === 'boolean' && value === true - ); - if (groupEditors.length && editPermissionsPresent) - throw new BadRequestException({ - message: ERROR_HANDLER.EDITOR_LEVEL_PERMISSIONS_NOT_ALLOWED, - data: groupEditors, - }); - await catchDbException(async () => { await manager.update(GranularPermissions, id, updateGranularPermission); }, [DATA_BASE_CONSTRAINTS.GRANULAR_PERMISSIONS_NAME_UNIQUE]); - await this.updateResourcePermissions(updateResource, manager); + await this.updateResourcePermissions(updateResource, organizationId, manager); }, manager); } @@ -123,7 +106,7 @@ export class GranularPermissionsService { return resourceGranularPermissions; } - async createAppGroupPermission( + private async createAppGroupPermission( granularPermissions: GranularPermissions, createAppPermissionsObj?: CreateAppsPermissionsObject, manager?: EntityManager @@ -136,26 +119,44 @@ export class GranularPermissionsService { }, manager); } - async updateResourcePermissions( + private async updateResourcePermissions( updateResourceGroupPermissionsObject: UpdateResourceGroupPermissionsObject, + organizationId: string, manager?: EntityManager ) { const { granularPermissions } = updateResourceGroupPermissionsObject; return await dbTransactionWrap(async (manager: EntityManager) => { switch (granularPermissions.type) { case ResourceType.APP: - await this.updateAppsGroupPermission(updateResourceGroupPermissionsObject, manager); + await this.updateAppsGroupPermission(updateResourceGroupPermissionsObject, organizationId, manager); break; } }, manager); } - async updateAppsGroupPermission( + private async updateAppsGroupPermission( UpdateResourceGroupPermissionsObject: UpdateResourceGroupPermissionsObject, + organizationId: string, manager?: EntityManager ) { return await dbTransactionWrap(async (manager: EntityManager) => { const { granularPermissions, actions, resourcesToDelete, resourcesToAdd } = UpdateResourceGroupPermissionsObject; + const groupEditors = await this.groupPermissionsUtilityService.getRoleUsersList( + USER_ROLE.END_USER, + organizationId, + granularPermissions.groupId, + manager + ); + + //Resource update level + const editPermissionsPresent = Object.values(actions).some( + (value) => typeof value === 'boolean' && value === true + ); + if (groupEditors.length && editPermissionsPresent) + throw new BadRequestException({ + message: ERROR_HANDLER.EDITOR_LEVEL_PERMISSIONS_NOT_ALLOWED, + data: groupEditors, + }); const appsGroupPermissions = await manager.findOne(AppsGroupPermissions, { where: { granularPermissionId: granularPermissions.id, diff --git a/server/src/services/group_permissions.service.v2.ts b/server/src/services/group_permissions.service.v2.ts index 2a957b14b8..1be6f4bf55 100644 --- a/server/src/services/group_permissions.service.v2.ts +++ b/server/src/services/group_permissions.service.v2.ts @@ -59,10 +59,11 @@ export class GroupPermissionsServiceV2 { } async getGroup(id: string, manager?: EntityManager): Promise { - const entityManager: EntityManager = manager ? manager : getManager(); - return await entityManager.findOne(GroupPermissions, { - where: { id }, - }); + return await dbTransactionWrap(async (manager: EntityManager) => { + return await manager.findOne(GroupPermissions, { + where: { id }, + }); + }, manager); } async updateGroup(id: string, updateGroupPermissionDto: UpdateGroupPermissionDto, manager?: EntityManager) { diff --git a/server/src/services/user-role.service.ts b/server/src/services/user-role.service.ts index fccbb190ad..ccafc36c45 100644 --- a/server/src/services/user-role.service.ts +++ b/server/src/services/user-role.service.ts @@ -84,10 +84,8 @@ export class UserRoleService { ): Promise { const { newRole, userId } = editRoleDto; const userRole = await this.groupPermissionsUtilityService.getUserRole(userId, organizationId); - const userGroup = userRole.groupUsers[0]; if (!userRole) throw new BadRequestException(ERROR_HANDLER.ADD_GROUP_USER_NON_EXISTING_USER); - - const newRoleGroup = await this.getRoleGroup(newRole, organizationId); + const userGroup = userRole.groupUsers[0]; if (userRole.name == newRole) throw new BadRequestException(ERROR_HANDLER.DEFAULT_GROUP_ADD_USER_ROLE_EXIST(newRole)); @@ -104,8 +102,7 @@ export class UserRoleService { if (editPermissionsPresent) await this.groupPermissionsService.deleteGroupUser(customUserGroup.id, manager); } } - const newUserRole = manager.create(GroupUsers, { groupId: newRoleGroup.id, userId }); - await manager.save(newUserRole); + await this.addUserRole({ role: newRole, userId }, organizationId, manager); }, manager); }