mirror of
https://github.com/ToolJet/ToolJet
synced 2026-05-24 09:28:31 +00:00
7023f72d1d
* create migrations for group permissions setup * define new entities and relationships * revise migrations * rename columns * add migration to populate permission groups for existing users * Feature: User access permission group usage (#883) * create migrations for group permissions setup * define new entities and relationships * revise migrations * rename columns * add migration to populate permission groups for existing users * revise migrations * hide roles usage * setup group permissions for apps and users * fix defaultChecked * fix update permission checkbox * fix casl ability check to have params passed * fix casl apps abilities to check with app specific permission * add ability to delete groups * conditionally render edit and delete options for all and admin users * fix user role to group migration * revise group management pages to disallow updating default group * move manage users and groups to navbar dropdown * show only addable apps and users on dropdowns * rename header as profile settings * scope addable apps and users by organization * scope viewable apps on homepage * hide manage groups link from non admins * make permissions to be used with radio input * add loading state for add apps/users buttons * revise unit tests * revise migrations * fix e2e tests * comment out dead code * fix seeds script * handle folder count * captalize error toast * hide manage users dropdown for non admins * show fobidden error on blank homepage * fix folder app count * fix invalid state set * make group name clickable for edit instead * users with edit permission can deploy apps * not show edit link on homepage if user dont have update permission * remove unused entity from merge * remove roles usage from manage org users page * fix folder count and blank slate on homepage * disable add buttons if there is no selections * humanize default groups on view * make app added onto groups have read permission by default * not show app menu if user is not admin * remove admin users from group user addition dropdown * create default permissions for app cloned * fix querying index page without page params * fix admin scoped out from group add * remove apps from header * fix invitation url not shown * scope admin deletion check by org * scope public apps by organization * add specs for group permissions e2e * removed unused entity and add group permissions spec * remove console logs * remove unused permission * scope public app count by org * remove console log * refactor manage group permission resources component * update group permssion in org scope
213 lines
6.1 KiB
TypeScript
213 lines
6.1 KiB
TypeScript
import {
|
|
Controller,
|
|
Get,
|
|
Param,
|
|
Post,
|
|
Patch,
|
|
Delete,
|
|
Query,
|
|
Request,
|
|
UseGuards,
|
|
ForbiddenException,
|
|
} from '@nestjs/common';
|
|
import { JwtAuthGuard } from '../../src/modules/auth/jwt-auth.guard';
|
|
import { decamelizeKeys } from 'humps';
|
|
import { DataQueriesService } from '../../src/services/data_queries.service';
|
|
import { DataSourcesService } from '../../src/services/data_sources.service';
|
|
import { QueryError } from 'src/modules/data_sources/query.error';
|
|
import { QueryAuthGuard } from 'src/modules/auth/query-auth.guard';
|
|
import { AppsAbilityFactory } from 'src/modules/casl/abilities/apps-ability.factory';
|
|
import { AppsService } from '@services/apps.service';
|
|
|
|
@Controller('data_queries')
|
|
export class DataQueriesController {
|
|
constructor(
|
|
private appsService: AppsService,
|
|
private dataQueriesService: DataQueriesService,
|
|
private dataSourcesService: DataSourcesService,
|
|
private appsAbilityFactory: AppsAbilityFactory
|
|
) {}
|
|
|
|
@UseGuards(JwtAuthGuard)
|
|
@Get()
|
|
async index(@Request() req, @Query() query) {
|
|
const app = await this.appsService.find(query.app_id);
|
|
const ability = await this.appsAbilityFactory.appsActions(req.user, {
|
|
id: query.app_id,
|
|
});
|
|
|
|
if (!ability.can('getQueries', app)) {
|
|
throw new ForbiddenException('you do not have permissions to perform this action');
|
|
}
|
|
|
|
const queries = await this.dataQueriesService.all(req.user, query.app_id);
|
|
const seralizedQueries = [];
|
|
|
|
// serialize
|
|
for (const query of queries) {
|
|
const decamelizedQuery = decamelizeKeys(query);
|
|
|
|
decamelizedQuery['options'] = query.options;
|
|
seralizedQueries.push(decamelizedQuery);
|
|
}
|
|
|
|
const response = { data_queries: seralizedQueries };
|
|
|
|
return response;
|
|
}
|
|
|
|
@UseGuards(JwtAuthGuard)
|
|
@Post()
|
|
async create(@Request() req) {
|
|
const { kind, name, options } = req.body;
|
|
const appId = req.body.app_id;
|
|
|
|
const app = await this.appsService.find(appId);
|
|
const ability = await this.appsAbilityFactory.appsActions(req.user, {
|
|
id: appId,
|
|
});
|
|
|
|
if (!ability.can('createQuery', app)) {
|
|
throw new ForbiddenException('you do not have permissions to perform this action');
|
|
}
|
|
|
|
const dataSourceId = req.body.data_source_id;
|
|
|
|
// Make sure that the data source belongs ot the app
|
|
if (dataSourceId) {
|
|
const dataSource = await this.dataSourcesService.findOne(dataSourceId);
|
|
if (dataSource.appId !== appId) {
|
|
throw new ForbiddenException('you do not have permissions to perform this action');
|
|
}
|
|
}
|
|
|
|
const dataQuery = await this.dataQueriesService.create(req.user, name, kind, options, appId, dataSourceId);
|
|
return decamelizeKeys(dataQuery);
|
|
}
|
|
|
|
@UseGuards(JwtAuthGuard)
|
|
@Patch(':id')
|
|
async update(@Request() req, @Param() params) {
|
|
const { name, options } = req.body;
|
|
const dataQueryId = params.id;
|
|
|
|
const dataQuery = await this.dataQueriesService.findOne(dataQueryId);
|
|
const ability = await this.appsAbilityFactory.appsActions(req.user, {
|
|
id: dataQuery.appId,
|
|
});
|
|
|
|
if (!ability.can('updateQuery', dataQuery.app)) {
|
|
throw new ForbiddenException('you do not have permissions to perform this action');
|
|
}
|
|
|
|
const result = await this.dataQueriesService.update(req.user, dataQueryId, name, options);
|
|
return decamelizeKeys(result);
|
|
}
|
|
|
|
@UseGuards(JwtAuthGuard)
|
|
@Delete(':id')
|
|
async delete(@Request() req, @Param() params) {
|
|
const dataQueryId = params.id;
|
|
|
|
const dataQuery = await this.dataQueriesService.findOne(dataQueryId);
|
|
const ability = await this.appsAbilityFactory.appsActions(req.user, {
|
|
id: dataQuery.appId,
|
|
});
|
|
|
|
if (!ability.can('deleteQuery', dataQuery.app)) {
|
|
throw new ForbiddenException('you do not have permissions to perform this action');
|
|
}
|
|
|
|
const result = await this.dataQueriesService.delete(params.id);
|
|
return decamelizeKeys(result);
|
|
}
|
|
|
|
@UseGuards(QueryAuthGuard)
|
|
@Post(':id/run')
|
|
async runQuery(@Request() req, @Param() params) {
|
|
const dataQueryId = params.id;
|
|
const { options } = req.body;
|
|
|
|
const dataQuery = await this.dataQueriesService.findOne(dataQueryId);
|
|
|
|
if (req.user) {
|
|
const ability = await this.appsAbilityFactory.appsActions(req.user, {
|
|
id: dataQuery.appId,
|
|
});
|
|
|
|
if (!ability.can('runQuery', dataQuery.app)) {
|
|
throw new ForbiddenException('you do not have permissions to perform this action');
|
|
}
|
|
}
|
|
|
|
let result = {};
|
|
|
|
try {
|
|
result = await this.dataQueriesService.runQuery(req.user, dataQuery, options);
|
|
} catch (error) {
|
|
if (error instanceof QueryError) {
|
|
result = {
|
|
status: 'failed',
|
|
message: error.message,
|
|
description: error.description,
|
|
data: error.data,
|
|
};
|
|
} else {
|
|
console.log(error);
|
|
result = {
|
|
status: 'failed',
|
|
message: 'Internal server error',
|
|
description: error.message,
|
|
data: {},
|
|
};
|
|
}
|
|
}
|
|
|
|
return result;
|
|
}
|
|
|
|
@UseGuards(JwtAuthGuard)
|
|
@Post('/preview')
|
|
async previewQuery(@Request() req, @Param() params) {
|
|
const { options, query } = req.body;
|
|
const dataQueryEntity = {
|
|
...query,
|
|
dataSource: await this.dataSourcesService.findOne(query['data_source_id']),
|
|
};
|
|
|
|
if (dataQueryEntity.dataSource) {
|
|
const ability = await this.appsAbilityFactory.appsActions(req.user, {
|
|
id: dataQueryEntity.dataSource.appId,
|
|
});
|
|
|
|
if (!ability.can('previewQuery', dataQueryEntity.dataSource.app)) {
|
|
throw new ForbiddenException('you do not have permissions to perform this action');
|
|
}
|
|
}
|
|
|
|
let result = {};
|
|
|
|
try {
|
|
result = await this.dataQueriesService.runQuery(req.user, dataQueryEntity, options);
|
|
} catch (error) {
|
|
if (error instanceof QueryError) {
|
|
result = {
|
|
status: 'failed',
|
|
message: error.message,
|
|
description: error.description,
|
|
data: error.data,
|
|
};
|
|
} else {
|
|
console.log(error);
|
|
result = {
|
|
status: 'failed',
|
|
message: 'Internal server error',
|
|
description: error.message,
|
|
data: {},
|
|
};
|
|
}
|
|
}
|
|
|
|
return result;
|
|
}
|
|
}
|