Kristaps Fabians Geikins
bde148f286
* wip * some extra fixes * stuff kinda works? * need to figure out mocks * need to figure out mocks * fix db listener * gqlgen fix * minor gqlgen watch adjustment * lint fixes * delete old codegen file * converting migrations to ESM * getModuleDIrectory * vitest sort of works * added back ts-vitest * resolve gql double load * fixing test timeout configs * TSC lint fix * fix automate tests * moar debugging * debugging * more debugging * codegen update * server works * yargs migrated * chore(server): getting rid of global mocks for Server ESM (#5046) * got rid of email mock * got rid of comment mocks * got rid of multi region mocks * got rid of stripe mock * admin override mock updated * removed final mock * fixing import.meta.resolve calls * another import.meta.resolve fix * added requested test * nyc ESM fix * removed unneeded deps + linting * yarn lock forgot to commit * tryna fix flakyness * email capture util fix * sendEmail fix * fix TSX check * sender transporter fix + CR comments * merge main fix * test fixx * circleci fix * gqlgen bigint fix * error formatter fix * more error formatting improvements * esmloader added to Dockerfile * more dockerfile fixes * bg jobs fix
78 lines
2.1 KiB
TypeScript
78 lines
2.1 KiB
TypeScript
import {
|
|
UserServerRole,
|
|
UserStreamRole
|
|
} from '@/modules/shared/domain/rolesAndScopes/types'
|
|
import { Roles } from '@/modules/core/helpers/mainConstants'
|
|
import { RoleInfo } from '@speckle/shared'
|
|
import { pick } from 'lodash-es'
|
|
|
|
// Conventions:
|
|
// "weight: 1000" => resource owner
|
|
// "weight: 100" => resource viewer / basic user
|
|
// Anything in between 100 and 1000 can be used for escalating privileges.
|
|
const keysToPick = ['weight', 'description'] as const
|
|
|
|
const coreUserRoles: Array<UserServerRole | UserStreamRole> = [
|
|
/**
|
|
* Roles for "this" server.
|
|
*/
|
|
{
|
|
name: Roles.Server.Admin,
|
|
...pick(RoleInfo.Server[Roles.Server.Admin], keysToPick),
|
|
resourceTarget: 'server',
|
|
aclTableName: 'server_acl',
|
|
public: false
|
|
},
|
|
{
|
|
name: Roles.Server.User,
|
|
...pick(RoleInfo.Server[Roles.Server.User], keysToPick),
|
|
resourceTarget: 'server',
|
|
aclTableName: 'server_acl',
|
|
public: false
|
|
},
|
|
// TODO: should this be dynamically pushed if guest role is enabled?
|
|
// feels risky, since feature can be toggled on and off,
|
|
// but user roles are not updated
|
|
// can leave the guest users in a broken state
|
|
{
|
|
name: Roles.Server.Guest,
|
|
...pick(RoleInfo.Server[Roles.Server.Guest], keysToPick),
|
|
resourceTarget: 'server',
|
|
aclTableName: 'server_acl',
|
|
public: false
|
|
},
|
|
{
|
|
name: Roles.Server.ArchivedUser,
|
|
...pick(RoleInfo.Server[Roles.Server.ArchivedUser], keysToPick),
|
|
resourceTarget: 'server',
|
|
aclTableName: 'server_acl',
|
|
public: false
|
|
},
|
|
/**
|
|
* Roles for streams.
|
|
*/
|
|
{
|
|
name: Roles.Stream.Owner,
|
|
...pick(RoleInfo.Stream[Roles.Stream.Owner], keysToPick),
|
|
resourceTarget: 'streams',
|
|
aclTableName: 'stream_acl',
|
|
public: true
|
|
},
|
|
{
|
|
name: Roles.Stream.Contributor,
|
|
...pick(RoleInfo.Stream[Roles.Stream.Contributor], keysToPick),
|
|
resourceTarget: 'streams',
|
|
aclTableName: 'stream_acl',
|
|
public: true
|
|
},
|
|
{
|
|
name: Roles.Stream.Reviewer,
|
|
...pick(RoleInfo.Stream[Roles.Stream.Reviewer], keysToPick),
|
|
resourceTarget: 'streams',
|
|
aclTableName: 'stream_acl',
|
|
public: true
|
|
}
|
|
]
|
|
|
|
export default coreUserRoles
|