fix(api): Enable global project access (#580)

keyshade-xyz · Dec 7, 2024 · b3a0309 · b3a0309
1 parent c0763f3
commit b3a0309
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 22 deletions.
diff --git a/apps/api/src/project/project.e2e.spec.ts b/apps/api/src/project/project.e2e.spec.ts
@@ -867,23 +867,26 @@ describe('Project Controller Tests', () => {
       await prisma.workspace.deleteMany()
     })
 
-    // it('should allow any user to access a global project', async () => {
-    //   const response = await app.inject({
-    //     method: 'GET',
-    //     url: `/project/${globalProject.slug}`,
-    //     headers: {
-    //       'x-e2e-user-email': user2.email // user2 is not a member of workspace1
-    //     }
-    //   })
-
-    //   expect(response.statusCode).toBe(200)
-    //   expect(response.json()).toEqual({
-    //     ...globalProject,
-    //     lastUpdatedById: user1.id,
-    //     createdAt: expect.any(String),
-    //     updatedAt: expect.any(String)
-    //   })
-    // })
+    it('should allow any user to access a global project', async () => {
+      const response = await app.inject({
+        method: 'GET',
+        url: `/project/${globalProject.slug}`,
+        headers: {
+          'x-e2e-user-email': user2.email // user2 is not a member of workspace1
+        }
+      })
+
+      expect(response.statusCode).toBe(200)
+      expect(response.json()).toEqual({
+        ...globalProject,
+        lastUpdatedById: user1.id,
+        environmentCount: 1,
+        secretCount: 0,
+        variableCount: 0,
+        createdAt: expect.any(String),
+        updatedAt: expect.any(String)
+      })
+    })
 
     it('should allow workspace members with READ_PROJECT to access an internal project', async () => {
       const response = await app.inject({

diff --git a/apps/api/src/project/service/project.service.ts b/apps/api/src/project/service/project.service.ts
@@ -1221,11 +1221,14 @@ export class ProjectService {
         await this.authorityCheckerService.checkAuthorityOverEnvironment({
           userId: user.id,
           entity: { slug: env.slug },
-          authorities: [
-            Authority.READ_ENVIRONMENT,
-            Authority.READ_SECRET,
-            Authority.READ_VARIABLE
-          ],
+          authorities:
+            project.accessLevel == ProjectAccessLevel.GLOBAL
+              ? []
+              : [
+                  Authority.READ_ENVIRONMENT,
+                  Authority.READ_SECRET,
+                  Authority.READ_VARIABLE
+                ],
           prisma: this.prisma
         })
       if (hasRequiredPermission) {