From c3f633b7da7ca1248ea961341b7c509229fe1787 Mon Sep 17 00:00:00 2001 From: Henry Fontanier Date: Thu, 31 Aug 2023 17:38:22 +0200 Subject: [PATCH] enh: remove asSuperUser param from fromSession --- front/lib/auth.ts | 84 ++++++++++++++++++-------- front/pages/poke/[wId]/index.tsx | 6 +- front/pages/poke/[wId]/memberships.tsx | 6 +- 3 files changed, 60 insertions(+), 36 deletions(-) diff --git a/front/lib/auth.ts b/front/lib/auth.ts index 08cefa4be3b4..d806c7f93258 100644 --- a/front/lib/auth.ts +++ b/front/lib/auth.ts @@ -50,15 +50,9 @@ export class Authenticator { * * @param session any NextAuth session * @param wId string target workspace id - * @param asSuperUser boolean if true, will return an admin role for the user if the user is a - * superuser * @returns Promise */ - static async fromSession( - session: any, - wId: string, - asSuperUser = false - ): Promise { + static async fromSession(session: any, wId: string): Promise { const [workspace, user] = await Promise.all([ (async () => { return await Workspace.findOne({ @@ -84,31 +78,69 @@ export class Authenticator { let role = "none" as RoleType; if (user && workspace) { - if (asSuperUser && user.isDustSuperUser) { - role = "admin"; - } else { - const membership = await Membership.findOne({ + const membership = await Membership.findOne({ + where: { + userId: user.id, + workspaceId: workspace.id, + }, + }); + + if (membership) { + switch (membership.role) { + case "admin": + case "builder": + case "user": + role = membership.role; + break; + default: + role = "none"; + } + } + } + + return new Authenticator(workspace, user, role); + } + + /** + * Get a an Authenticator for the target workspace and the authentified Super User user from the + * NextAuth session. + * Super User will have `role` set to `admin` regardless of their actual role in the workspace. + * + * @param session any NextAuth session + * @param wId string target workspace id + * @returns Promise + */ + static async fromSuperUserSession( + session: any, + wId: string + ): Promise { + const [workspace, user] = await Promise.all([ + (async () => { + return await Workspace.findOne({ where: { - userId: user.id, - workspaceId: workspace.id, + sId: wId, }, }); - - if (membership) { - switch (membership.role) { - case "admin": - case "builder": - case "user": - role = membership.role; - break; - default: - role = "none"; - } + })(), + (async () => { + if (!session) { + return null; + } else { + return await User.findOne({ + where: { + provider: session.provider.provider, + providerId: session.provider.id.toString(), + }, + }); } - } + })(), + ]); + + if (!user || !user.isDustSuperUser) { + return new Authenticator(workspace, user, "none"); } - return new Authenticator(workspace, user, role); + return new Authenticator(workspace, user, "admin"); } /** diff --git a/front/pages/poke/[wId]/index.tsx b/front/pages/poke/[wId]/index.tsx index 09ae256f4b77..a565ca3f4804 100644 --- a/front/pages/poke/[wId]/index.tsx +++ b/front/pages/poke/[wId]/index.tsx @@ -46,11 +46,7 @@ export const getServerSideProps: GetServerSideProps<{ }; } - const auth = await Authenticator.fromSession( - session, - wId, - true // asSuperUser - ); + const auth = await Authenticator.fromSuperUserSession(session, wId); const workspace = auth.workspace(); diff --git a/front/pages/poke/[wId]/memberships.tsx b/front/pages/poke/[wId]/memberships.tsx index 5546435aa079..d4b4f42bcfd8 100644 --- a/front/pages/poke/[wId]/memberships.tsx +++ b/front/pages/poke/[wId]/memberships.tsx @@ -38,11 +38,7 @@ export const getServerSideProps: GetServerSideProps<{ }; } - const auth = await Authenticator.fromSession( - session, - wId, - true // asSuperUser - ); + const auth = await Authenticator.fromSuperUserSession(session, wId); const workspace = auth.workspace();