Elgato_dark/ToolJet
1
0
Fork 0
mirror of https://github.com/ToolJet/ToolJet synced 2026-04-21 21:47:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 7
ToolJet/server/data-migrations/1720352990850-CreateDefaultGroupInExistingWorkspace.ts
vjaris42 0431098e2c
Feat: Folder permission system (#15028) 
* feat: Folder permission system

* fix(group-permissions): resolve custom group validation, folder edit check, and UI inconsistencie

* edit folder container && no folder in custom resource

* fix the ui for custom in empty state

* fix: coercion logic for folder permissions

* feat: enhance folder permissions handling in app components

* feat: add folder granular permissions handling in user apps permissions

* feat: implement granular folder permissions in ability guard and service

* feat: improve error handling for folder permissions with specific messages

* feat: enhance EnvironmentSelect component to handle disabled state and improve display logic

* chore: bump ee submodules

* feat: Update permission prop to isEditable in BaseManageGranularAccess component

* chore: bump ee server submodule

* fix: refine folder visibility logic based on user permissions

* feat: enhance MultiValue rendering and styling for "All environments" option

* feat: implement folder ownership checks and enhance app permissions handling

* feat: enhance folder permissions handling for app ownership and actions

* chore: clarify folder creation and deletion permissions in workspace context

* fix: update folder permission labels

* fixed folder permission cases

* fixed css class issue

* minor fix

* feat: streamline folder permissions handling by removing redundant checks and simplifying access logic

* refactor: made error message consistent

* fix: add missing permission message for folder deletion action

* refactor: consolidate forbidden messages for folder actions and maintain consistency

* feat: streamline permission handling and improve app visibility logic

* fix: remove default access denial message in AbilityGuard

* fixed all user page functionality falky case

* Fixed profile flaky case

* fixed granular access flaky case

* chore: revert package-lock.json

* chore: revert frontend/package-lock.json to main

* refactor: revert folder operations

* fix: remove unused AppEnvironmentsModule and AppsUtilService exports

---------

Co-authored-by: gsmithun4 <gsmithun4@gmail.com>
Co-authored-by: Pratush <pratush@Pratushs-MBP.lan>
Co-authored-by: Shantanu Mane <maneshantanu.20@gmail.com>
Co-authored-by: Yukti Goyal <yuktigoyal02@gmail.com>
2026-03-19 22:00:30 +05:30

217 lines
8.1 KiB
TypeScript
Raw Blame History

import { MigrationProgress } from '@helpers/migration.helper';
import { NestFactory } from '@nestjs/core';
import { AppsGroupPermissions } from '@entities/apps_group_permissions.entity';
import { GranularPermissions } from '@entities/granular_permissions.entity';
import { GroupPermissions } from '@entities/group_permissions.entity';
import { Organization } from '@entities/organization.entity';
import { UserGroupPermission } from '@entities/user_group_permission.entity';
import { EntityManager, MigrationInterface, QueryRunner } from 'typeorm';
import {
CreateResourcePermissionObjectGeneric,
DEFAULT_GROUP_PERMISSIONS_MIGRATIONS,
} from 'src/migration-helpers/constants';
import {
USER_ROLE,
DEFAULT_GROUP_PERMISSIONS,
ResourceType,
DEFAULT_RESOURCE_PERMISSIONS,
} from '@modules/group-permissions/constants';
import { DEFAULT_GRANULAR_PERMISSIONS_NAME } from '@modules/group-permissions/constants/granular_permissions';
import { CreateGranularPermissionDto } from '@modules/group-permissions/dto/granular-permissions';
import {
CreateResourcePermissionObject,
ResourcePermissionMetaData,
} from '@modules/group-permissions/types/granular_permissions';
import { AppModule } from '@modules/app/module';
import { LicenseInitService } from '@modules/licensing/interfaces/IService';
import { TOOLJET_EDITIONS } from '@modules/app/constants';
import { getTooljetEdition } from '@helpers/utils.helper';
export class CreateDefaultGroupInExistingWorkspace1720352990850 implements MigrationInterface {
public async up(queryRunner: QueryRunner): Promise<void> {
const edition = getTooljetEdition() as TOOLJET_EDITIONS;
if (edition === TOOLJET_EDITIONS.Cloud) {
console.log('Migration is only restricted for non cloud edition.');
return; // Exit the migration early
}
const manager = queryRunner.manager;
const organizationIds = (
await manager.find(Organization, {
select: ['id'],
})
).map((organization) => organization.id);
if (organizationIds?.length === 0) {
console.log('No organizations found, skipping migration.');
return;
}
const nestApp = await NestFactory.createApplicationContext(await AppModule.register({ IS_GET_CONTEXT: true }));
const licenseService = nestApp.get<LicenseInitService>(LicenseInitService);
const licenseValid =
getTooljetEdition() === TOOLJET_EDITIONS.CE ? true : await licenseService.initForMigration(manager);
const migrationProgress = new MigrationProgress(
'CreateDefaultGroupInExistingWorkspace1720352990850',
organizationIds.length
);
for (const organizationId of organizationIds) {
for (const defaultGroup of Object.keys(USER_ROLE)) {
const groupPermissions: any = licenseValid
? DEFAULT_GROUP_PERMISSIONS_MIGRATIONS[defaultGroup]
: DEFAULT_GROUP_PERMISSIONS[defaultGroup];
const query = `
INSERT INTO permission_groups (
organization_id,
name,
type,
app_create,
app_delete,
folder_crud,
org_constant_crud,
data_source_create,
data_source_delete
) VALUES (
'${organizationId}',
'${groupPermissions.name}',
'${groupPermissions.type}',
${groupPermissions.appCreate},
${groupPermissions.appDelete},
${groupPermissions.folderCRUD},
${groupPermissions.orgConstantCRUD},
${groupPermissions.dataSourceCreate},
${groupPermissions.dataSourceDelete}
) RETURNING *;
`;
const group: GroupPermissions = (await manager.query(query))[0];
const groupGranularPermissions: Record<
ResourceType,
CreateResourcePermissionObject<any>
> = DEFAULT_RESOURCE_PERMISSIONS[group.name];
for (const resource of Object.keys(groupGranularPermissions)) {
const dtoObject: CreateGranularPermissionDto = {
name: DEFAULT_GRANULAR_PERMISSIONS_NAME[resource],
groupId: group.id,
type: resource as ResourceType,
isAll: true,
createResourcePermissionObject: {},
};
if (group.name === USER_ROLE.ADMIN) {
const createResourcePermissionObj: CreateResourcePermissionObjectGeneric =
groupGranularPermissions[resource];
const granularPermissions = await this.createGranularPermission(manager, dtoObject);
if (resource === ResourceType.APP) {
await this.createAppsResourcePermission(
manager,
{ granularPermissions, organizationId },
createResourcePermissionObj as CreateResourcePermissionObject<ResourceType.APP>
);
} else if (resource === ResourceType.DATA_SOURCE) {
await this.createDataSourceResourcePermission(
manager,
{ granularPermissions, organizationId },
createResourcePermissionObj as CreateResourcePermissionObject<ResourceType.DATA_SOURCE>
);
}
}
}
//Migrating Admins to new Admins
if (group.name === USER_ROLE.ADMIN) {
const adminsUsers = await manager
.createQueryBuilder(UserGroupPermission, 'usersGroup')
.innerJoin(
'usersGroup.groupPermission',
'groupPermission',
'groupPermission.organizationId = :organizationId',
{
organizationId,
}
)
.where('groupPermission.group = :admin', {
admin: 'admin',
})
.getMany();
const uniqueUserIds = new Set(adminsUsers.map((userGroup) => userGroup.userId));
if (uniqueUserIds.size === 0) continue;
const userIds = [...uniqueUserIds];
await this.migrateUserGroup(manager, userIds, group.id);
}
}
migrationProgress.show();
}
await nestApp.close();
}
async createGranularPermission(
manager: EntityManager,
createObject: CreateGranularPermissionDto
): Promise<GranularPermissions> {
const query = `
INSERT INTO granular_permissions (
group_id,
name,
type,
is_all
) VALUES (
'${createObject.groupId}', '${createObject.name}', '${createObject.type}', ${createObject.isAll}
) RETURNING *;
`;
return (await manager.query(query))[0];
}
async createAppsResourcePermission(
manager: EntityManager,
createMeta: ResourcePermissionMetaData,
createObject: CreateResourcePermissionObject<ResourceType.APP>
): Promise<AppsGroupPermissions> {
const { granularPermissions } = createMeta;
const query = `
INSERT INTO apps_group_permissions (
granular_permission_id,
can_edit,
can_view,
hide_from_dashboard
) VALUES (
'${granularPermissions.id}', ${createObject.canEdit}, ${createObject.canView}, ${createObject.hideFromDashboard}
) RETURNING *;
`;
return (await manager.query(query))[0];
}
async createDataSourceResourcePermission(
manager: EntityManager,
createMeta: ResourcePermissionMetaData,
createObject: CreateResourcePermissionObject<ResourceType.DATA_SOURCE>
): Promise<AppsGroupPermissions> {
const { granularPermissions } = createMeta;
const query = `
INSERT INTO data_sources_group_permissions (
granular_permission_id,
can_configure,
can_use
) VALUES (
'${granularPermissions.id}', ${createObject?.action?.canConfigure || false}, ${
createObject?.action?.canUse || false
}
) RETURNING *;
`;
return (await manager.query(query))[0];
}
async migrateUserGroup(manager: EntityManager, userIds: string[], groupId: string) {
if (userIds.length == 0) return;
const valuesString = userIds.map((id) => `('${id}', '${groupId}')`).join(',');
const query = `
INSERT INTO group_users (user_id, group_id)
VALUES ${valuesString};
`;
return await manager.query(query);
}
public async down(queryRunner: QueryRunner): Promise<void> {}
}
Reference in a new issue View git blame Copy permalink