huanld/speckle-server
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
86c113b29b54ded1d3084f8a791eaeb1663f3851
speckle-server/packages/server/modules/shared/domain/operations.ts
T
Alessandro Magionami bc70332d97 fix(workspaces): block god mode on mutations (#3999)
2025-02-17 14:41:23 +01:00

40 lines
1.2 KiB
TypeScript
Raw Blame History

import { ServerAcl, StreamAcl } from '@/modules/core/dbSchema'
import { TokenResourceIdentifier } from '@/modules/core/domain/tokens/types'
import { AuthContext } from '@/modules/shared/domain/authz/types'
import { WorkspaceAcl } from '@/modules/workspacesCore/helpers/db'
import {
AvailableRoles,
MaybeNullOrUndefined,
Optional,
ServerRoles
} from '@speckle/shared'
import { OperationTypeNode } from 'graphql'
export type GetUserAclRole = (params: {
aclTableName: typeof ServerAcl.name | typeof StreamAcl.name | typeof WorkspaceAcl.name
userId: string
resourceId: string
}) => Promise<MaybeNullOrUndefined<AvailableRoles>>
export type GetUserServerRole = (params: {
userId: string
}) => Promise<Optional<ServerRoles>>
export type ValidateScopes = (
scopes: Optional<string[]>,
scope: string
) => Promise<void>
export type AuthorizeResolver = (
userId: MaybeNullOrUndefined<string>,
resourceId: string,
requiredRole: AvailableRoles,
userResourceAccessLimits: MaybeNullOrUndefined<TokenResourceIdentifier[]>,
operationType?: OperationTypeNode // This is needed to block write operations when user is server admin
) => Promise<void>
export type ValidateUserServerRole = (
context: AuthContext,
requiredRole: ServerRoles
) => Promise<true>
Reference in New Issue View Git Blame Copy Permalink