Chuck Driesler
6eaf3c8c92
* feat(workspaces): drop createdByUserId from the dataschema * feat(workspaces): repositories WIP * merge * protect against removing last admin in workspace * quick impl and stub tests * add tests * services * unit tests for role services * feat(workspaces): authorize project creation if workspace specified * feat(workspaces): emit project created event * feat(workspaces): assign roles on project create in workspace * feat(workspaces): update project roles when user added to workspace * feat(workspaces): stencil gql resolvers * fix(workspaces): lol lmao * fix(workspaces): perform automatic project role update in service function * fix(workspaces): also delete roles * fix(workspaces): broke tests again oops * fix(workspaces): update `onProjectCreated` listener to use new repo method * fix(workspaces): use service function in event listener * fix(workspaces): get workspace projects via existing stream repo functions * fix(workspaces): roles mapping in domain, use enum * feat(workspaces): stencil gql api and resolvers * fix(workspaces): repair type reference in tests * fix(workspaces): consolidate files, use different existing stream-getter * fix(workspaces): more specific error * fix(workspaces): roles and scopes * fix(workspaces): yield per page * fix(workspaces): some test dry * fix(workspaces): superdry * fix(workspaces): add scopes * fix(workspaces): classic * feat(workspaces): create workspace mutation * feat(workspaces): I'm sure everything will be fine * fix(workspaces): yep * fix(workspaces): successful gql e2e test * feat(workspaces): update workspace resolver * chore(workspaces): update resolver test * feat(workspaces): some retrieval resolvers * chore(workspaces): tests for query resolvers * fix(chore): revert temp test command change * fix(workspaces): test structure and gql types * fix(workspaces): validate user authz to perform some operations * fix(workspaces): use existing test infrastructure * fix(workspaces): stop `isPublic` check if authorizing a workspace resource * fix(workspaces): better test hygiene --------- Co-authored-by: Gergő Jedlicska <gergo@jedlicska.com>
260 lines
7.3 KiB
TypeScript
260 lines
7.3 KiB
TypeScript
import { WorkspaceEvents } from '@/modules/workspacesCore/domain/events'
|
|
import {
|
|
EmitWorkspaceEvent,
|
|
GetWorkspace,
|
|
StoreBlob,
|
|
UpsertWorkspace,
|
|
UpsertWorkspaceRole
|
|
} from '@/modules/workspaces/domain/operations'
|
|
import { Workspace, WorkspaceAcl } from '@/modules/workspacesCore/domain/types'
|
|
import { Roles } from '@speckle/shared'
|
|
import cryptoRandomString from 'crypto-random-string'
|
|
import {
|
|
grantStreamPermissions as repoGrantStreamPermissions,
|
|
revokeStreamPermissions as repoRevokeStreamPermissions
|
|
} from '@/modules/core/repositories/streams'
|
|
import { getStreams as repoGetStreams } from '@/modules/core/services/streams'
|
|
import {
|
|
DeleteWorkspaceRole,
|
|
GetWorkspaceRoleForUser,
|
|
GetWorkspaceRoles
|
|
} from '@/modules/workspaces/domain/operations'
|
|
import {
|
|
WorkspaceAdminRequiredError,
|
|
WorkspaceNotFoundError
|
|
} from '@/modules/workspaces/errors/workspace'
|
|
import { isUserLastWorkspaceAdmin } from '@/modules/workspaces/utils/roles'
|
|
import { mapWorkspaceRoleToProjectRole } from '@/modules/workspaces/domain/roles'
|
|
import { queryAllWorkspaceProjectsFactory } from '@/modules/workspaces/services/projects'
|
|
import { EventBus } from '@/modules/shared/services/eventBus'
|
|
import { removeNullOrUndefinedKeys } from '@speckle/shared'
|
|
import { authorizeResolver } from '@/modules/shared'
|
|
|
|
const tryStoreBlobFactory =
|
|
(storeBlob: StoreBlob) =>
|
|
async (blob?: string | null): Promise<string | null> => {
|
|
let logoUrl: string | null = null
|
|
if (blob) {
|
|
logoUrl = await storeBlob(blob)
|
|
}
|
|
return logoUrl
|
|
}
|
|
|
|
type WorkspaceCreateArgs = {
|
|
userId: string
|
|
workspaceInput: {
|
|
name: string
|
|
description: string | null
|
|
logoUrl: string | null
|
|
}
|
|
}
|
|
|
|
export const createWorkspaceFactory =
|
|
({
|
|
upsertWorkspace,
|
|
upsertWorkspaceRole,
|
|
emitWorkspaceEvent,
|
|
storeBlob
|
|
}: {
|
|
upsertWorkspace: UpsertWorkspace
|
|
upsertWorkspaceRole: UpsertWorkspaceRole
|
|
emitWorkspaceEvent: EventBus['emit']
|
|
storeBlob: StoreBlob
|
|
}) =>
|
|
async ({ userId, workspaceInput }: WorkspaceCreateArgs): Promise<Workspace> => {
|
|
const logoUrl = await tryStoreBlobFactory(storeBlob)(workspaceInput.logoUrl)
|
|
|
|
const workspace = {
|
|
...workspaceInput,
|
|
id: cryptoRandomString({ length: 10 }),
|
|
createdAt: new Date(),
|
|
updatedAt: new Date(),
|
|
logoUrl
|
|
}
|
|
await upsertWorkspace({ workspace })
|
|
// assign the creator as workspace administrator
|
|
await upsertWorkspaceRole({
|
|
userId,
|
|
role: Roles.Workspace.Admin,
|
|
workspaceId: workspace.id
|
|
})
|
|
|
|
// emit a workspace created event
|
|
await emitWorkspaceEvent({
|
|
eventName: WorkspaceEvents.Created,
|
|
payload: { ...workspace, createdByUserId: userId }
|
|
})
|
|
|
|
return workspace
|
|
}
|
|
|
|
type WorkspaceUpdateArgs = {
|
|
/** Id of user performing the operation */
|
|
workspaceUpdaterId: string
|
|
workspaceId: string
|
|
workspaceInput: {
|
|
name?: string | null
|
|
description?: string | null
|
|
logoUrl?: string | null
|
|
}
|
|
}
|
|
|
|
export const updateWorkspaceFactory =
|
|
({
|
|
getWorkspace,
|
|
upsertWorkspace,
|
|
emitWorkspaceEvent,
|
|
storeBlob
|
|
}: {
|
|
getWorkspace: GetWorkspace
|
|
upsertWorkspace: UpsertWorkspace
|
|
emitWorkspaceEvent: EventBus['emit']
|
|
storeBlob: StoreBlob
|
|
}) =>
|
|
async ({
|
|
workspaceUpdaterId,
|
|
workspaceId,
|
|
workspaceInput
|
|
}: WorkspaceUpdateArgs): Promise<Workspace> => {
|
|
await authorizeResolver(workspaceUpdaterId, workspaceId, Roles.Workspace.Admin)
|
|
|
|
const currentWorkspace = await getWorkspace({ workspaceId })
|
|
|
|
if (!currentWorkspace) {
|
|
throw new WorkspaceNotFoundError()
|
|
}
|
|
|
|
const logoUrl = await tryStoreBlobFactory(storeBlob)(workspaceInput.logoUrl)
|
|
|
|
const workspace = {
|
|
...currentWorkspace,
|
|
...removeNullOrUndefinedKeys(workspaceInput),
|
|
updatedAt: new Date(),
|
|
logoUrl
|
|
}
|
|
|
|
await upsertWorkspace({ workspace })
|
|
await emitWorkspaceEvent({ eventName: WorkspaceEvents.Updated, payload: workspace })
|
|
|
|
return workspace
|
|
}
|
|
|
|
type WorkspaceRoleDeleteArgs = {
|
|
userId: string
|
|
workspaceId: string
|
|
}
|
|
|
|
export const deleteWorkspaceRoleFactory =
|
|
({
|
|
getWorkspaceRoles,
|
|
deleteWorkspaceRole,
|
|
emitWorkspaceEvent,
|
|
getStreams,
|
|
revokeStreamPermissions
|
|
}: {
|
|
getWorkspaceRoles: GetWorkspaceRoles
|
|
deleteWorkspaceRole: DeleteWorkspaceRole
|
|
emitWorkspaceEvent: EmitWorkspaceEvent
|
|
getStreams: typeof repoGetStreams
|
|
revokeStreamPermissions: typeof repoRevokeStreamPermissions
|
|
}) =>
|
|
async ({
|
|
userId,
|
|
workspaceId
|
|
}: WorkspaceRoleDeleteArgs): Promise<WorkspaceAcl | null> => {
|
|
// Protect against removing last admin
|
|
const workspaceRoles = await getWorkspaceRoles({ workspaceId })
|
|
if (isUserLastWorkspaceAdmin(workspaceRoles, userId)) {
|
|
throw new WorkspaceAdminRequiredError()
|
|
}
|
|
|
|
// Perform delete
|
|
const deletedRole = await deleteWorkspaceRole({ userId, workspaceId })
|
|
if (!deletedRole) {
|
|
return null
|
|
}
|
|
|
|
// Delete workspace project roles
|
|
const queryAllWorkspaceProjectsGenerator = queryAllWorkspaceProjectsFactory({
|
|
getStreams
|
|
})
|
|
for await (const projectsPage of queryAllWorkspaceProjectsGenerator(workspaceId)) {
|
|
await Promise.all(
|
|
projectsPage.map(({ id: streamId }) =>
|
|
revokeStreamPermissions({ streamId, userId })
|
|
)
|
|
)
|
|
}
|
|
|
|
// Emit deleted role
|
|
await emitWorkspaceEvent({
|
|
eventName: WorkspaceEvents.RoleDeleted,
|
|
payload: deletedRole
|
|
})
|
|
|
|
return deletedRole
|
|
}
|
|
|
|
type WorkspaceRoleGetArgs = {
|
|
userId: string
|
|
workspaceId: string
|
|
}
|
|
|
|
export const getWorkspaceRoleFactory =
|
|
({ getWorkspaceRoleForUser }: { getWorkspaceRoleForUser: GetWorkspaceRoleForUser }) =>
|
|
async ({
|
|
userId,
|
|
workspaceId
|
|
}: WorkspaceRoleGetArgs): Promise<WorkspaceAcl | null> => {
|
|
return await getWorkspaceRoleForUser({ userId, workspaceId })
|
|
}
|
|
|
|
export const setWorkspaceRoleFactory =
|
|
({
|
|
getWorkspaceRoles,
|
|
upsertWorkspaceRole,
|
|
emitWorkspaceEvent,
|
|
getStreams,
|
|
grantStreamPermissions
|
|
}: {
|
|
getWorkspaceRoles: GetWorkspaceRoles
|
|
upsertWorkspaceRole: UpsertWorkspaceRole
|
|
emitWorkspaceEvent: EmitWorkspaceEvent
|
|
// TODO: Create `core` domain and import type from there
|
|
getStreams: typeof repoGetStreams
|
|
grantStreamPermissions: typeof repoGrantStreamPermissions
|
|
}) =>
|
|
async ({ userId, workspaceId, role }: WorkspaceAcl): Promise<void> => {
|
|
// Protect against removing last admin
|
|
const workspaceRoles = await getWorkspaceRoles({ workspaceId })
|
|
if (
|
|
isUserLastWorkspaceAdmin(workspaceRoles, userId) &&
|
|
role !== 'workspace:admin'
|
|
) {
|
|
throw new WorkspaceAdminRequiredError()
|
|
}
|
|
|
|
// Perform upsert
|
|
await upsertWorkspaceRole({ userId, workspaceId, role })
|
|
|
|
// Update user role in all workspace projects
|
|
// TODO: Should these be in a transaction with the workspace role change?
|
|
const queryAllWorkspaceProjectsGenerator = queryAllWorkspaceProjectsFactory({
|
|
getStreams
|
|
})
|
|
const projectRole = mapWorkspaceRoleToProjectRole(role)
|
|
for await (const projectsPage of queryAllWorkspaceProjectsGenerator(workspaceId)) {
|
|
await Promise.all(
|
|
projectsPage.map(({ id: streamId }) =>
|
|
grantStreamPermissions({ streamId, userId, role: projectRole })
|
|
)
|
|
)
|
|
}
|
|
|
|
// Emit new role
|
|
await emitWorkspaceEvent({
|
|
eventName: WorkspaceEvents.RoleUpdated,
|
|
payload: { userId, workspaceId, role }
|
|
})
|
|
}
|