Skip to content

Commit

Permalink
fix(api): Enable global project access (keyshade-xyz#580)
Browse files Browse the repository at this point in the history
  • Loading branch information
muntaxir4 committed Jan 1, 2025
1 parent 9517f67 commit cdbf1bc
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 22 deletions.
37 changes: 20 additions & 17 deletions apps/api/src/project/project.e2e.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -867,23 +867,26 @@ describe('Project Controller Tests', () => {
await prisma.workspace.deleteMany()
})

// it('should allow any user to access a global project', async () => {
// const response = await app.inject({
// method: 'GET',
// url: `/project/${globalProject.slug}`,
// headers: {
// 'x-e2e-user-email': user2.email // user2 is not a member of workspace1
// }
// })

// expect(response.statusCode).toBe(200)
// expect(response.json()).toEqual({
// ...globalProject,
// lastUpdatedById: user1.id,
// createdAt: expect.any(String),
// updatedAt: expect.any(String)
// })
// })
it('should allow any user to access a global project', async () => {
const response = await app.inject({
method: 'GET',
url: `/project/${globalProject.slug}`,
headers: {
'x-e2e-user-email': user2.email // user2 is not a member of workspace1
}
})

expect(response.statusCode).toBe(200)
expect(response.json()).toEqual({
...globalProject,
lastUpdatedById: user1.id,
environmentCount: 1,
secretCount: 0,
variableCount: 0,
createdAt: expect.any(String),
updatedAt: expect.any(String)
})
})

it('should allow workspace members with READ_PROJECT to access an internal project', async () => {
const response = await app.inject({
Expand Down
13 changes: 8 additions & 5 deletions apps/api/src/project/service/project.service.ts
Original file line number Diff line number Diff line change
Expand Up @@ -1221,11 +1221,14 @@ export class ProjectService {
await this.authorityCheckerService.checkAuthorityOverEnvironment({
userId: user.id,
entity: { slug: env.slug },
authorities: [
Authority.READ_ENVIRONMENT,
Authority.READ_SECRET,
Authority.READ_VARIABLE
],
authorities:
project.accessLevel == ProjectAccessLevel.GLOBAL
? []
: [
Authority.READ_ENVIRONMENT,
Authority.READ_SECRET,
Authority.READ_VARIABLE
],
prisma: this.prisma
})
if (hasRequiredPermission) {
Expand Down

0 comments on commit cdbf1bc

Please sign in to comment.