This reverts commit cb8aa31b66.
This commit is contained in:
Chuck Driesler
@@ -1,36 +0,0 @@
|
||||
import { db } from '@/db/knex'
|
||||
import { defineLoaders } from '@/modules/loaders'
|
||||
import {
|
||||
getUserSsoSessionFactory,
|
||||
getWorkspaceSsoProviderRecordFactory
|
||||
} from '@/modules/workspaces/repositories/sso'
|
||||
import {
|
||||
getWorkspaceFactory,
|
||||
getWorkspaceRoleForUserFactory
|
||||
} from '@/modules/workspaces/repositories/workspaces'
|
||||
|
||||
export const defineModuleLoaders = () => {
|
||||
defineLoaders({
|
||||
getWorkspace: getWorkspaceFactory({ db }),
|
||||
getWorkspaceRole: async ({ userId, workspaceId }) => {
|
||||
const role = await getWorkspaceRoleForUserFactory({ db })({
|
||||
userId,
|
||||
workspaceId
|
||||
})
|
||||
return role?.role ?? null
|
||||
},
|
||||
getWorkspaceSsoSession: async ({ userId, workspaceId }) => {
|
||||
const ssoSession = await getUserSsoSessionFactory({ db })({
|
||||
userId,
|
||||
workspaceId
|
||||
})
|
||||
return ssoSession ?? null
|
||||
},
|
||||
getWorkspaceSsoProvider: async ({ workspaceId }) => {
|
||||
const ssoProvider = await getWorkspaceSsoProviderRecordFactory({ db })({
|
||||
workspaceId
|
||||
})
|
||||
return ssoProvider ?? null
|
||||
}
|
||||
})
|
||||
}
|
||||
@@ -10,7 +10,6 @@ import { initializeEventListenersFactory } from '@/modules/workspaces/events/eve
|
||||
import { validateModuleLicense } from '@/modules/gatekeeper/services/validateLicense'
|
||||
import { getSsoRouter } from '@/modules/workspaces/rest/sso'
|
||||
import { InvalidLicenseError } from '@/modules/gatekeeper/errors/license'
|
||||
import { defineModuleLoaders } from '@/modules/workspaces/authz'
|
||||
|
||||
const { FF_WORKSPACES_MODULE_ENABLED, FF_WORKSPACES_SSO_ENABLED } = getFeatureFlags()
|
||||
|
||||
@@ -45,8 +44,6 @@ const workspacesModule: SpeckleModule = {
|
||||
quitListeners = initializeEventListenersFactory({ db })()
|
||||
}
|
||||
await Promise.all([initScopes(), initRoles()])
|
||||
|
||||
defineModuleLoaders()
|
||||
},
|
||||
shutdown() {
|
||||
if (!FF_WORKSPACES_MODULE_ENABLED) return
|
||||
|
||||
@@ -1,30 +1,30 @@
|
||||
import { UserWorkspaceRole } from '@/modules/shared/domain/rolesAndScopes/types'
|
||||
import { Roles, RoleInfo } from '@speckle/shared'
|
||||
import { pick } from 'lodash'
|
||||
import { Roles } from '@speckle/shared'
|
||||
|
||||
const aclTableName = 'workspace_acl'
|
||||
const resourceTarget = 'workspaces'
|
||||
|
||||
const keysToPick = ['weight', 'description'] as const
|
||||
|
||||
export const workspaceRoles: UserWorkspaceRole[] = [
|
||||
{
|
||||
name: Roles.Workspace.Admin,
|
||||
...pick(RoleInfo.Workspace[Roles.Workspace.Admin], keysToPick),
|
||||
description: 'Has root on the workspace',
|
||||
weight: 1000,
|
||||
public: true,
|
||||
resourceTarget,
|
||||
aclTableName
|
||||
},
|
||||
{
|
||||
name: Roles.Workspace.Member,
|
||||
...pick(RoleInfo.Workspace[Roles.Workspace.Member], keysToPick),
|
||||
description: 'A regular member of the workspace',
|
||||
weight: 100,
|
||||
public: true,
|
||||
resourceTarget,
|
||||
aclTableName
|
||||
},
|
||||
{
|
||||
name: Roles.Workspace.Guest,
|
||||
...pick(RoleInfo.Workspace[Roles.Workspace.Guest], keysToPick),
|
||||
description: 'An external guest member of the workspace with limited rights',
|
||||
weight: 50,
|
||||
public: true,
|
||||
resourceTarget,
|
||||
aclTableName
|
||||
|
||||
@@ -155,23 +155,19 @@ describe('Workspace SSO', () => {
|
||||
const resA = await memberApollo.execute(GetWorkspaceDocument, {
|
||||
workspaceId: testWorkspaceWithSso.id
|
||||
})
|
||||
expect(resA).to.haveGraphQLErrors({ message: 'gql-sso-workspace' })
|
||||
expect(resA).to.haveGraphQLErrors({
|
||||
code: 'SSO_SESSION_MISSING_OR_EXPIRED_ERROR'
|
||||
})
|
||||
|
||||
const resB = await memberApollo.execute(GetWorkspaceProjectsDocument, {
|
||||
id: testWorkspaceWithSso.id
|
||||
})
|
||||
expect(resB).to.haveGraphQLErrors({ message: 'gql-sso-workspace' })
|
||||
expect(resB).to.haveGraphQLErrors({
|
||||
code: 'SSO_SESSION_MISSING_OR_EXPIRED_ERROR'
|
||||
})
|
||||
|
||||
const resC = await memberApollo.execute(GetProjectDocument, {
|
||||
id: testWorkspaceWithSsoProjectId
|
||||
})
|
||||
expect(resC).to.haveGraphQLErrors({ message: 'SSO session is invalid' })
|
||||
|
||||
for (const res of [resA, resB, resC]) {
|
||||
expect(res).to.haveGraphQLErrors({ message: 'gql-sso-workspace' })
|
||||
expect(res).to.haveGraphQLErrors({
|
||||
code: 'SSO_SESSION_MISSING_OR_EXPIRED_ERROR'
|
||||
})
|
||||
}
|
||||
})
|
||||
|
||||
it('should allow limited access to workspace memberships', async () => {
|
||||
|
||||
Reference in New Issue
Block a user