huanld/speckle-server
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

feat(server): support editor -> viewer seat downgrades (#4181)

Browse Source 
* new seat based project role checks implemented

* everything done

* minor bugfix
This commit is contained in:
Kristaps Fabians Geikins
2025-03-14 14:21:25 +02:00
committed by GitHub
parent 50fd05afe8
commit d903e8ffc4
30 changed files with 975 additions and 337 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/server/modules/workspaces/tests/unit/services/management.spec.ts
+24 -8
View File
@@ -770,10 +770,12 @@ describe('Workspace role services', () => {
it('sets the workspace role', async () => {
const userId = cryptoRandomString({ length: 10 })
const workspaceId = cryptoRandomString({ length: 10 })
const workspaceOwnerId = cryptoRandomString({ length: 10 })
const role = {
userId,
workspaceId,
role: Roles.Workspace.Member
role: Roles.Workspace.Member,
updatedByUserId: workspaceOwnerId
}
const { updateWorkspaceRole, context } = buildUpdateWorkspaceRoleAndTestContext({
@@ -791,6 +793,7 @@ describe('Workspace role services', () => {
it('emits a role-updated event', async () => {
const userId = cryptoRandomString({ length: 10 })
const workspaceId = cryptoRandomString({ length: 10 })
const workspaceOwnerId = cryptoRandomString({ length: 10 })
const role: Pick<WorkspaceAcl, 'userId' | 'workspaceId' | 'role'> = {
userId,
workspaceId,
@@ -801,7 +804,7 @@ describe('Workspace role services', () => {
workspaceId
})
await updateWorkspaceRole(role)
await updateWorkspaceRole({ ...role, updatedByUserId: workspaceOwnerId })
const payload = {
...(context.eventData
@@ -811,11 +814,16 @@ describe('Workspace role services', () => {
expect(context.eventData.isCalled).to.be.true
expect(context.eventData.eventName).to.equal(WorkspaceEvents.RoleUpdated)
expect(payload).to.deep.equal({ acl: role, seatType: WorkspaceSeatType.Editor })
expect(payload).to.deep.equal({
acl: role,
seatType: WorkspaceSeatType.Editor,
updatedByUserId: workspaceOwnerId
})
})
it('throws if attempting to remove the last admin in a workspace', async () => {
const userId = cryptoRandomString({ length: 10 })
const workspaceId = cryptoRandomString({ length: 10 })
const workspaceOwnerId = cryptoRandomString({ length: 10 })
const role: WorkspaceAcl = {
userId,
workspaceId,
@@ -829,7 +837,11 @@ describe('Workspace role services', () => {
})
await expectToThrow(() =>
updateWorkspaceRole({ ...role, role: Roles.Workspace.Member })
updateWorkspaceRole({
...role,
role: Roles.Workspace.Member,
updatedByUserId: workspaceOwnerId
})
)
})
it('throws if attempting to set user role to more than GUEST and workspace domain protection is enabled and user has not an email matching a workspace domain', async () => {
@@ -880,7 +892,8 @@ describe('Workspace role services', () => {
updateWorkspaceRole({
workspaceId,
userId: guestId,
role: Roles.Workspace.Member
role: Roles.Workspace.Member,
updatedByUserId: adminId
})
)
expect(err.message).to.eq(new WorkspaceProtectedError().message)
@@ -888,6 +901,7 @@ describe('Workspace role services', () => {
it('sets roles on workspace projects when user added to workspace as admin', async () => {
const userId = cryptoRandomString({ length: 10 })
const workspaceId = cryptoRandomString({ length: 10 })
const workspaceOwnerId = cryptoRandomString({ length: 10 })
const projectId = cryptoRandomString({ length: 10 })
const workspaceRole: WorkspaceAcl = {
@@ -902,7 +916,7 @@ describe('Workspace role services', () => {
workspaceProjects: [{ id: projectId } as StreamRecord]
})
await updateWorkspaceRole(workspaceRole)
await updateWorkspaceRole({ ...workspaceRole, updatedByUserId: workspaceOwnerId })
expect(context.workspaceProjectRoles.length).to.equal(1)
expect(context.workspaceProjectRoles[0].userId).to.equal(userId)
@@ -912,6 +926,7 @@ describe('Workspace role services', () => {
const userId = cryptoRandomString({ length: 10 })
const workspaceId = cryptoRandomString({ length: 10 })
const projectId = cryptoRandomString({ length: 10 })
const workspaceOwnerId = cryptoRandomString({ length: 10 })
const workspaceRole: WorkspaceAcl = {
userId,
@@ -925,7 +940,7 @@ describe('Workspace role services', () => {
workspaceProjects: [{ id: projectId } as StreamRecord]
})
await updateWorkspaceRole(workspaceRole)
await updateWorkspaceRole({ ...workspaceRole, updatedByUserId: workspaceOwnerId })
expect(context.workspaceProjectRoles.length).to.equal(1)
expect(context.workspaceProjectRoles[0].userId).to.equal(userId)
@@ -935,6 +950,7 @@ describe('Workspace role services', () => {
const userId = cryptoRandomString({ length: 10 })
const workspaceId = cryptoRandomString({ length: 10 })
const projectId = cryptoRandomString({ length: 10 })
const workspaceOwnerId = cryptoRandomString({ length: 10 })
const workspaceRole: WorkspaceAcl = {
userId,
@@ -948,7 +964,7 @@ describe('Workspace role services', () => {
workspaceProjects: [{ id: projectId } as StreamRecord]
})
await updateWorkspaceRole(workspaceRole)
await updateWorkspaceRole({ ...workspaceRole, updatedByUserId: workspaceOwnerId })
expect(context.workspaceProjectRoles.find((role) => role.userId === userId)).to
.not.exist
packages/server/modules/workspaces/tests/unit/services/projects.spec.ts
+69 -59
View File
@@ -1,6 +1,7 @@
import { ProjectTeamMember } from '@/modules/core/domain/projects/types'
import { ProjectNotFoundError } from '@/modules/core/errors/projects'
import { StreamAclRecord, StreamRecord } from '@/modules/core/helpers/types'
import { GetWorkspaceRolesAllowedProjectRolesFactory } from '@/modules/workspaces/domain/operations'
import { WorkspaceInvalidProjectError } from '@/modules/workspaces/errors/workspace'
import {
moveProjectToWorkspaceFactory,
@@ -12,11 +13,22 @@ import { Roles } from '@speckle/shared'
import { expect } from 'chai'
import cryptoRandomString from 'crypto-random-string'
const getWorkspaceRoleToDefaultProjectRoleMapping = async () => ({
'workspace:admin': Roles.Stream.Owner,
'workspace:guest': null,
'workspace:member': Roles.Stream.Contributor
})
const getWorkspaceRolesAllowedProjectRoles: GetWorkspaceRolesAllowedProjectRolesFactory =
async () => {
const mapping = {
[Roles.Workspace.Admin]: Roles.Stream.Owner,
[Roles.Workspace.Member]: Roles.Stream.Contributor,
[Roles.Workspace.Guest]: null
}
return {
defaultProjectRole: ({ workspaceRole }) => {
return mapping[workspaceRole]
},
allowedProjectRoles: () => {
return Object.values(Roles.Stream)
}
}
}
describe('Project retrieval services', () => {
describe('queryAllWorkspaceProjectFactory returns a generator, that', () => {
@@ -105,10 +117,10 @@ describe('Project management services', () => {
getProjectCollaborators: async () => {
expect.fail()
},
getWorkspaceRoles: async () => {
getWorkspaceRolesAndSeats: async () => {
expect.fail()
},
getWorkspaceRoleToDefaultProjectRoleMapping: async () => {
getWorkspaceRolesAllowedProjectRoles: async () => {
expect.fail()
},
updateWorkspaceRole: async () => {
@@ -119,7 +131,8 @@ describe('Project management services', () => {
const err = await expectToThrow(() =>
moveProjectToWorkspace({
projectId: cryptoRandomString({ length: 6 }),
workspaceId: cryptoRandomString({ length: 6 })
workspaceId: cryptoRandomString({ length: 6 }),
movedByUserId: cryptoRandomString({ length: 10 })
})
)
expect(err.message).to.equal(new ProjectNotFoundError().message)
@@ -140,10 +153,10 @@ describe('Project management services', () => {
getProjectCollaborators: async () => {
expect.fail()
},
getWorkspaceRoles: async () => {
getWorkspaceRolesAndSeats: async () => {
expect.fail()
},
getWorkspaceRoleToDefaultProjectRoleMapping: async () => {
getWorkspaceRolesAllowedProjectRoles: async () => {
expect.fail()
},
updateWorkspaceRole: async () => {
@@ -154,7 +167,8 @@ describe('Project management services', () => {
const err = await expectToThrow(() =>
moveProjectToWorkspace({
projectId: cryptoRandomString({ length: 6 }),
workspaceId: cryptoRandomString({ length: 6 })
workspaceId: cryptoRandomString({ length: 6 }),
movedByUserId: cryptoRandomString({ length: 10 })
})
)
expect(err instanceof WorkspaceInvalidProjectError).to.be.true
@@ -185,27 +199,27 @@ describe('Project management services', () => {
} as unknown as ProjectTeamMember
]
},
getWorkspaceRoles: async () => {
return [
{
userId,
role: Roles.Workspace.Admin,
workspaceId,
createdAt: new Date()
getWorkspaceRolesAndSeats: async () => {
return {
[userId]: {
role: {
userId,
role: Roles.Workspace.Admin,
workspaceId,
createdAt: new Date()
},
seat: null,
userId
}
]
}
},
getWorkspaceRoleToDefaultProjectRoleMapping: async () => ({
'workspace:admin': Roles.Stream.Owner,
'workspace:guest': null,
'workspace:member': Roles.Stream.Contributor
}),
getWorkspaceRolesAllowedProjectRoles,
updateWorkspaceRole: async (role) => {
updatedRoles.push(role)
}
})
await moveProjectToWorkspace({ projectId, workspaceId })
await moveProjectToWorkspace({ projectId, workspaceId, movedByUserId: userId })
expect(updatedRoles.length).to.equal(1)
expect(updatedRoles[0].role).to.equal(Roles.Workspace.Admin)
@@ -236,16 +250,16 @@ describe('Project management services', () => {
} as unknown as ProjectTeamMember
]
},
getWorkspaceRoles: async () => {
return []
getWorkspaceRolesAndSeats: async () => {
return {}
},
getWorkspaceRoleToDefaultProjectRoleMapping,
getWorkspaceRolesAllowedProjectRoles,
updateWorkspaceRole: async (role) => {
updatedRoles.push(role)
}
})
await moveProjectToWorkspace({ projectId, workspaceId })
await moveProjectToWorkspace({ projectId, workspaceId, movedByUserId: userId })
expect(updatedRoles.length).to.equal(1)
expect(updatedRoles[0].role).to.equal(Roles.Workspace.Member)
@@ -277,16 +291,16 @@ describe('Project management services', () => {
} as unknown as ProjectTeamMember
]
},
getWorkspaceRoles: async () => {
return []
getWorkspaceRolesAndSeats: async () => {
return {}
},
getWorkspaceRoleToDefaultProjectRoleMapping,
getWorkspaceRolesAllowedProjectRoles,
updateWorkspaceRole: async (role) => {
updatedRoles.push(role)
}
})
await moveProjectToWorkspace({ projectId, workspaceId })
await moveProjectToWorkspace({ projectId, workspaceId, movedByUserId: userId })
expect(updatedRoles.length).to.equal(1)
expect(updatedRoles[0].role).to.equal(Roles.Workspace.Guest)
@@ -319,14 +333,14 @@ describe('Project management services', () => {
} as unknown as ProjectTeamMember
]
},
getWorkspaceRoles: async () => {
return []
getWorkspaceRolesAndSeats: async () => {
return {}
},
getWorkspaceRoleToDefaultProjectRoleMapping,
getWorkspaceRolesAllowedProjectRoles,
updateWorkspaceRole: async () => {}
})
await moveProjectToWorkspace({ projectId, workspaceId })
await moveProjectToWorkspace({ projectId, workspaceId, movedByUserId: userId })
expect(updatedRoles.length).to.equal(1)
expect(updatedRoles[0].role).to.equal(Roles.Stream.Owner)
@@ -359,18 +373,14 @@ describe('Project management services', () => {
} as unknown as ProjectTeamMember
]
},
getWorkspaceRoles: async () => {
return []
getWorkspaceRolesAndSeats: async () => {
return {}
},
getWorkspaceRoleToDefaultProjectRoleMapping: async () => ({
[Roles.Workspace.Guest]: null,
[Roles.Workspace.Member]: Roles.Stream.Contributor,
[Roles.Workspace.Admin]: Roles.Stream.Owner
}),
getWorkspaceRolesAllowedProjectRoles,
updateWorkspaceRole: async () => {}
})
await moveProjectToWorkspace({ projectId, workspaceId })
await moveProjectToWorkspace({ projectId, workspaceId, movedByUserId: userId })
expect(updatedRoles.length).to.equal(1)
expect(updatedRoles[0].role).to.equal(Roles.Stream.Contributor)
@@ -403,25 +413,25 @@ describe('Project management services', () => {
} as unknown as ProjectTeamMember
]
},
getWorkspaceRoles: async () => {
return [
{
userId,
workspaceId,
role: Roles.Workspace.Admin,
createdAt: new Date()
getWorkspaceRolesAndSeats: async () => {
return {
[userId]: {
role: {
userId,
workspaceId,
role: Roles.Workspace.Admin,
createdAt: new Date()
},
seat: null,
userId
}
]
}
},
getWorkspaceRoleToDefaultProjectRoleMapping: async () => ({
[Roles.Workspace.Guest]: null,
[Roles.Workspace.Member]: Roles.Stream.Contributor,
[Roles.Workspace.Admin]: Roles.Stream.Owner
}),
getWorkspaceRolesAllowedProjectRoles,
updateWorkspaceRole: async () => {}
})
await moveProjectToWorkspace({ projectId, workspaceId })
await moveProjectToWorkspace({ projectId, workspaceId, movedByUserId: userId })
expect(updatedRoles.length).to.equal(1)
expect(updatedRoles[0].role).to.equal(Roles.Stream.Owner)