Skip to content

Commit

Permalink
add final changes
Browse files Browse the repository at this point in the history
  • Loading branch information
@muntaxir4
muntaxir4 committed Jan 7, 2025
1 parent 7e007db commit 31e74cb
Show file tree
Hide file tree
Showing 9 changed files with 218 additions and 81 deletions.
16 changes: 6 additions & 10 deletions apps/api/src/common/collective-authorities.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -121,16 +121,6 @@ export const getCollectiveEnvironmentAuthorities = async (
},
role: {
OR: [
{
projects: {
some: {
projectId: environment.project.id,
environments: {
none: {}
}
}
}
},
{
projects: {
some: {
Expand All @@ -142,6 +132,12 @@ export const getCollectiveEnvironmentAuthorities = async (
}
}
}
},
// Check if the user has the WORKSPACE_ADMIN authority
{
authorities: {
has: Authority.WORKSPACE_ADMIN
}
}
]
}
Expand Down
4 changes: 1 addition & 3 deletions apps/api/src/event/event.e2e.spec.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -438,9 +438,7 @@ describe('Event Controller Tests', () => {
description: 'Some description',
colorCode: '#000000',
authorities: [],
projectEnvironments: [
{ projectSlug: project.slug, environmentSlugs: [] }
]
projectEnvironments: [{ projectSlug: project.slug }]
}
)

Expand Down
23 changes: 13 additions & 10 deletions apps/api/src/workspace-role/dto/create-workspace-role/create-workspace-role.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,18 @@ import {
IsString,
ValidateNested
} from 'class-validator'
import { Type } from 'class-transformer'

class ProjectEnvironments {
@IsString()
@IsNotEmpty()
readonly projectSlug: string

@IsArray()
@IsOptional()
@IsNotEmpty({ each: true })
readonly environmentSlugs?: string[]
}

export class CreateWorkspaceRole {
@IsString()
Expand All @@ -26,15 +38,6 @@ export class CreateWorkspaceRole {
@IsArray()
@IsOptional()
@ValidateNested({ each: true })
@Type(() => ProjectEnvironments)
readonly projectEnvironments?: ProjectEnvironments[]
}

class ProjectEnvironments {
@IsString()
@IsNotEmpty()
readonly projectSlug: string

@IsArray()
@IsNotEmpty({ each: true })
readonly environmentSlugs: string[]
}
136 changes: 95 additions & 41 deletions apps/api/src/workspace-role/service/workspace-role.service.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,46 +107,73 @@ export class WorkspaceRoleService {
if (dto.projectEnvironments) {
// Create the project associations
const projectSlugToIdMap = await this.getProjectSlugToIdMap(
dto.projectEnvironments
.map((pe) => pe.projectSlug)
.filter((slug) => slug)
dto.projectEnvironments.map((pe) => pe.projectSlug)
)

for (const pe of dto.projectEnvironments) {
const projectId = projectSlugToIdMap.get(pe.projectSlug)
if (projectId) {
//Check if all environments are part of the project
const project = await this.prisma.project.findFirst({
where: {
id: projectId,
AND: pe.environmentSlugs.map((slug) => ({
environments: {
some: {
slug: slug
if (pe.environmentSlugs && pe.environmentSlugs.length === 0)
throw new BadRequestException(
`EnvironmentSlugs in the project ${pe.projectSlug} are required`
)
if (pe.environmentSlugs) {
//Check if all environments are part of the project
const project = await this.prisma.project.findFirst({
where: {
id: projectId,
AND: pe.environmentSlugs.map((slug) => ({
environments: {
some: {
slug: slug
}
}
}
}))
}))
}
})

if (!project) {
throw new BadRequestException(
`All environmentSlugs in the project ${pe.projectSlug} are not part of the project`
)
}
})

if (!project) {
throw new BadRequestException(
`All environmentSlugs in the project ${pe.projectSlug} are not part of the project`
)
// Check if the user has read authority over all the environments
for (const environmentSlug of pe.environmentSlugs) {
try {
await this.authorityCheckerService.checkAuthorityOverEnvironment(
{
userId: user.id,
entity: {
slug: environmentSlug
},
authorities: [Authority.READ_ENVIRONMENT],
prisma: this.prisma
}
)
} catch {
throw new UnauthorizedException(
`User does not have read authority over environment ${environmentSlug}`
)
}
}
}

// Create the project workspace role association with the environments accessible on the project
op.push(
this.prisma.projectWorkspaceRoleAssociation.create({
data: {
roleId: workspaceRoleId,
projectId: projectId,
environments: {
environments: pe.environmentSlugs && {
connect: pe.environmentSlugs.map((slug) => ({ slug }))
}
}
})
)
} else {
throw new NotFoundException(
`Project with slug ${pe.projectSlug} not found`
)
}
}
}
Expand Down Expand Up @@ -264,34 +291,57 @@ export class WorkspaceRoleService {
})

const projectSlugToIdMap = await this.getProjectSlugToIdMap(
dto.projectEnvironments
.map((pe) => pe.projectSlug)
.filter((slug) => slug)
dto.projectEnvironments.map((pe) => pe.projectSlug)
)

for (const pe of dto.projectEnvironments) {
const projectId = projectSlugToIdMap.get(pe.projectSlug)
if (projectId) {
//Check if all environments are part of the project
const project = await this.prisma.project.findFirst({
where: {
id: projectId,
AND: pe.environmentSlugs.map((slug) => ({
environments: {
some: {
slug: slug
if (pe.environmentSlugs && pe.environmentSlugs.length === 0)
throw new BadRequestException(
`EnvironmentSlugs in the project ${pe.projectSlug} are required`
)
if (pe.environmentSlugs) {
//Check if all environments are part of the project
const project = await this.prisma.project.findFirst({
where: {
id: projectId,
AND: pe.environmentSlugs.map((slug) => ({
environments: {
some: {
slug: slug
}
}
}
}))
}))
}
})

if (!project) {
throw new BadRequestException(
`All environmentSlugs in the project ${pe.projectSlug} are not part of the project`
)
}
})

if (!project) {
throw new BadRequestException(
`All environmentSlugs in the project ${pe.projectSlug} are not part of the project`
)
// Check if the user has read authority over all the environments
for (const environmentSlug of pe.environmentSlugs) {
try {
await this.authorityCheckerService.checkAuthorityOverEnvironment(
{
userId: user.id,
entity: {
slug: environmentSlug
},
authorities: [Authority.READ_ENVIRONMENT],
prisma: this.prisma
}
)
} catch {
throw new UnauthorizedException(
`User does not have update authority over environment ${environmentSlug}`
)
}
}
}

// Create or Update the project workspace role association with the environments accessible on the project
await this.prisma.projectWorkspaceRoleAssociation.upsert({
where: {
Expand All @@ -301,19 +351,23 @@ export class WorkspaceRoleService {
}
},
update: {
environments: {
environments: pe.environmentSlugs && {
set: [],
connect: pe.environmentSlugs.map((slug) => ({ slug }))
}
},
create: {
roleId: workspaceRoleId,
projectId: projectId,
environments: {
environments: pe.environmentSlugs && {
connect: pe.environmentSlugs.map((slug) => ({ slug }))
}
}
})
} else {
throw new NotFoundException(
`Project with slug ${pe.projectSlug} not found`
)
}
}
}
Expand Down
Loading

0 comments on commit 31e74cb

Please sign in to comment.