@oneuptime/common 10.0.92 → 10.0.93
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/Models/DatabaseModels/TeamMember.ts +0 -2
- package/Server/API/TeamMemberAPI.ts +116 -0
- package/Server/Types/Database/Permissions/TenantPermission.ts +82 -0
- package/Types/Monitor/CustomCodeMonitor/CustomCodeMonitorResponse.ts +12 -0
- package/build/dist/Models/DatabaseModels/TeamMember.js +0 -1
- package/build/dist/Models/DatabaseModels/TeamMember.js.map +1 -1
- package/build/dist/Server/API/TeamMemberAPI.js +66 -0
- package/build/dist/Server/API/TeamMemberAPI.js.map +1 -0
- package/build/dist/Server/Types/Database/Permissions/TenantPermission.js +54 -0
- package/build/dist/Server/Types/Database/Permissions/TenantPermission.js.map +1 -1
- package/package.json +1 -1
|
@@ -0,0 +1,116 @@
|
|
|
1
|
+
import UserMiddleware from "../Middleware/UserAuthorization";
|
|
2
|
+
import ProjectSCIMService from "../Services/ProjectSCIMService";
|
|
3
|
+
import TeamMemberService, {
|
|
4
|
+
TeamMemberService as TeamMemberServiceType,
|
|
5
|
+
} from "../Services/TeamMemberService";
|
|
6
|
+
import {
|
|
7
|
+
ExpressRequest,
|
|
8
|
+
ExpressResponse,
|
|
9
|
+
NextFunction,
|
|
10
|
+
OneUptimeRequest,
|
|
11
|
+
} from "../Utils/Express";
|
|
12
|
+
import Response from "../Utils/Response";
|
|
13
|
+
import BaseAPI from "./BaseAPI";
|
|
14
|
+
import BadDataException from "../../Types/Exception/BadDataException";
|
|
15
|
+
import NotAuthorizedException from "../../Types/Exception/NotAuthorizedException";
|
|
16
|
+
import ObjectID from "../../Types/ObjectID";
|
|
17
|
+
import TeamMember from "../../Models/DatabaseModels/TeamMember";
|
|
18
|
+
|
|
19
|
+
export default class TeamMemberAPI extends BaseAPI<
|
|
20
|
+
TeamMember,
|
|
21
|
+
TeamMemberServiceType
|
|
22
|
+
> {
|
|
23
|
+
public constructor() {
|
|
24
|
+
super(TeamMember, TeamMemberService);
|
|
25
|
+
|
|
26
|
+
this.router.post(
|
|
27
|
+
`${new this.entityType().getCrudApiPath()?.toString()}/:id/leave`,
|
|
28
|
+
UserMiddleware.getUserMiddleware,
|
|
29
|
+
async (req: ExpressRequest, res: ExpressResponse, next: NextFunction) => {
|
|
30
|
+
try {
|
|
31
|
+
const oneUptimeRequest: OneUptimeRequest = req as OneUptimeRequest;
|
|
32
|
+
|
|
33
|
+
const idParam: string = req.params["id"] as string;
|
|
34
|
+
if (!idParam) {
|
|
35
|
+
return Response.sendErrorResponse(
|
|
36
|
+
req,
|
|
37
|
+
res,
|
|
38
|
+
new BadDataException("Team member id is required"),
|
|
39
|
+
);
|
|
40
|
+
}
|
|
41
|
+
|
|
42
|
+
ObjectID.validateUUID(idParam);
|
|
43
|
+
const teamMemberId: ObjectID = new ObjectID(idParam);
|
|
44
|
+
|
|
45
|
+
const userId: ObjectID | undefined =
|
|
46
|
+
oneUptimeRequest.userAuthorization?.userId;
|
|
47
|
+
if (!userId) {
|
|
48
|
+
return Response.sendErrorResponse(
|
|
49
|
+
req,
|
|
50
|
+
res,
|
|
51
|
+
new NotAuthorizedException("Not authenticated"),
|
|
52
|
+
);
|
|
53
|
+
}
|
|
54
|
+
|
|
55
|
+
const teamMember: TeamMember | null = await this.service.findOneById({
|
|
56
|
+
id: teamMemberId,
|
|
57
|
+
props: { isRoot: true },
|
|
58
|
+
select: {
|
|
59
|
+
userId: true,
|
|
60
|
+
projectId: true,
|
|
61
|
+
},
|
|
62
|
+
});
|
|
63
|
+
|
|
64
|
+
if (!teamMember) {
|
|
65
|
+
return Response.sendErrorResponse(
|
|
66
|
+
req,
|
|
67
|
+
res,
|
|
68
|
+
new BadDataException("Team member not found"),
|
|
69
|
+
);
|
|
70
|
+
}
|
|
71
|
+
|
|
72
|
+
if (teamMember.userId?.toString() !== userId.toString()) {
|
|
73
|
+
return Response.sendErrorResponse(
|
|
74
|
+
req,
|
|
75
|
+
res,
|
|
76
|
+
new NotAuthorizedException(
|
|
77
|
+
"You can only leave teams you are a member of",
|
|
78
|
+
),
|
|
79
|
+
);
|
|
80
|
+
}
|
|
81
|
+
|
|
82
|
+
if (teamMember.projectId) {
|
|
83
|
+
const scimCount: number = (
|
|
84
|
+
await ProjectSCIMService.countBy({
|
|
85
|
+
query: {
|
|
86
|
+
projectId: teamMember.projectId,
|
|
87
|
+
enablePushGroups: true,
|
|
88
|
+
},
|
|
89
|
+
props: { isRoot: true },
|
|
90
|
+
})
|
|
91
|
+
).toNumber();
|
|
92
|
+
|
|
93
|
+
if (scimCount > 0) {
|
|
94
|
+
return Response.sendErrorResponse(
|
|
95
|
+
req,
|
|
96
|
+
res,
|
|
97
|
+
new BadDataException(
|
|
98
|
+
"Team membership is managed by SCIM Push Groups for this project. Please contact your administrator to be removed.",
|
|
99
|
+
),
|
|
100
|
+
);
|
|
101
|
+
}
|
|
102
|
+
}
|
|
103
|
+
|
|
104
|
+
await this.service.deleteOneById({
|
|
105
|
+
id: teamMemberId,
|
|
106
|
+
props: { isRoot: true },
|
|
107
|
+
});
|
|
108
|
+
|
|
109
|
+
return Response.sendEmptySuccessResponse(req, res);
|
|
110
|
+
} catch (err) {
|
|
111
|
+
return next(err);
|
|
112
|
+
}
|
|
113
|
+
},
|
|
114
|
+
);
|
|
115
|
+
}
|
|
116
|
+
}
|
|
@@ -2,14 +2,30 @@ import DatabaseRequestType from "../../BaseDatabase/DatabaseRequestType";
|
|
|
2
2
|
import Query from "../Query";
|
|
3
3
|
import Select from "../Select";
|
|
4
4
|
import BasePermission, { CheckPermissionBaseInterface } from "./BasePermission";
|
|
5
|
+
import TablePermission from "./TablePermission";
|
|
5
6
|
import BaseModel from "../../../../Models/DatabaseModels/DatabaseBaseModel/DatabaseBaseModel";
|
|
6
7
|
import Includes from "../../../../Types/BaseDatabase/Includes";
|
|
7
8
|
import DatabaseCommonInteractionProps from "../../../../Types/BaseDatabase/DatabaseCommonInteractionProps";
|
|
9
|
+
import DatabaseCommonInteractionPropsUtil, {
|
|
10
|
+
PermissionType,
|
|
11
|
+
} from "../../../../Types/BaseDatabase/DatabaseCommonInteractionPropsUtil";
|
|
8
12
|
import BadDataException from "../../../../Types/Exception/BadDataException";
|
|
9
13
|
import NotAuthorizedException from "../../../../Types/Exception/NotAuthorizedException";
|
|
10
14
|
import ObjectID from "../../../../Types/ObjectID";
|
|
15
|
+
import Permission from "../../../../Types/Permission";
|
|
11
16
|
import CaptureSpan from "../../../Utils/Telemetry/CaptureSpan";
|
|
12
17
|
|
|
18
|
+
/*
|
|
19
|
+
* Permissions auto-granted to every logged-in tenant user. Holding only these
|
|
20
|
+
* (without an actual role permission) does not signal admin authority and so
|
|
21
|
+
* should not unlock cross-row access on models that scope by user.
|
|
22
|
+
*/
|
|
23
|
+
const AUTO_GRANTED_TENANT_PERMISSIONS: ReadonlyArray<Permission> = [
|
|
24
|
+
Permission.CurrentUser,
|
|
25
|
+
Permission.Public,
|
|
26
|
+
Permission.UnAuthorizedSsoUser,
|
|
27
|
+
];
|
|
28
|
+
|
|
13
29
|
export default class TenantPermission {
|
|
14
30
|
@CaptureSpan()
|
|
15
31
|
public static async addTenantScopeToQuery<TBaseModel extends BaseModel>(
|
|
@@ -32,6 +48,22 @@ export default class TenantPermission {
|
|
|
32
48
|
// If this model has a tenantColumn, and request has tenantId, and is multiTenantQuery null then add tenantId to query.
|
|
33
49
|
if (tenantColumn && props.tenantId && !props.isMultiTenantRequest) {
|
|
34
50
|
(query as any)[tenantColumn] = props.tenantId;
|
|
51
|
+
|
|
52
|
+
/*
|
|
53
|
+
* If Permission.CurrentUser is the only thing letting the user through
|
|
54
|
+
* for this model+operation, also restrict the query to records they own.
|
|
55
|
+
* Otherwise the tenant filter alone leaves the user able to act on any
|
|
56
|
+
* row in the project (CVE-class issue when CurrentUser appears in a
|
|
57
|
+
* model's delete/update list alongside admin permissions).
|
|
58
|
+
*/
|
|
59
|
+
if (
|
|
60
|
+
TenantPermission.shouldScopeQueryByCurrentUser(modelType, props, type)
|
|
61
|
+
) {
|
|
62
|
+
const userColumn: string | null = model.getUserColumn();
|
|
63
|
+
if (userColumn) {
|
|
64
|
+
(query as any)[userColumn] = props.userId;
|
|
65
|
+
}
|
|
66
|
+
}
|
|
35
67
|
}
|
|
36
68
|
// if model allows user query without tenant, and user column is present, and userId is present, then add userId to query.
|
|
37
69
|
else if (
|
|
@@ -124,4 +156,54 @@ export default class TenantPermission {
|
|
|
124
156
|
|
|
125
157
|
return query;
|
|
126
158
|
}
|
|
159
|
+
|
|
160
|
+
/**
|
|
161
|
+
* True if the only permission letting this user through the table-level
|
|
162
|
+
* check for this op is Permission.CurrentUser. In that case the query must
|
|
163
|
+
* be restricted to rows the user owns (via the model's user column).
|
|
164
|
+
*/
|
|
165
|
+
private static shouldScopeQueryByCurrentUser<TBaseModel extends BaseModel>(
|
|
166
|
+
modelType: { new (): TBaseModel },
|
|
167
|
+
props: DatabaseCommonInteractionProps,
|
|
168
|
+
type: DatabaseRequestType,
|
|
169
|
+
): boolean {
|
|
170
|
+
const model: BaseModel = new modelType();
|
|
171
|
+
|
|
172
|
+
if (!model.getUserColumn() || !props.userId) {
|
|
173
|
+
return false;
|
|
174
|
+
}
|
|
175
|
+
|
|
176
|
+
const modelPermissions: Array<Permission> =
|
|
177
|
+
TablePermission.getTablePermission(modelType, type);
|
|
178
|
+
|
|
179
|
+
if (!modelPermissions.includes(Permission.CurrentUser)) {
|
|
180
|
+
return false;
|
|
181
|
+
}
|
|
182
|
+
|
|
183
|
+
const userPermissions: Array<Permission> =
|
|
184
|
+
DatabaseCommonInteractionPropsUtil.getUserPermissions(
|
|
185
|
+
props,
|
|
186
|
+
PermissionType.Allow,
|
|
187
|
+
).map((up: { permission: Permission }) => {
|
|
188
|
+
return up.permission;
|
|
189
|
+
});
|
|
190
|
+
|
|
191
|
+
const intersection: Array<Permission> = userPermissions.filter(
|
|
192
|
+
(p: Permission) => {
|
|
193
|
+
return modelPermissions.includes(p);
|
|
194
|
+
},
|
|
195
|
+
);
|
|
196
|
+
|
|
197
|
+
if (!intersection.includes(Permission.CurrentUser)) {
|
|
198
|
+
return false;
|
|
199
|
+
}
|
|
200
|
+
|
|
201
|
+
const adminMatch: Array<Permission> = intersection.filter(
|
|
202
|
+
(p: Permission) => {
|
|
203
|
+
return !AUTO_GRANTED_TENANT_PERMISSIONS.includes(p);
|
|
204
|
+
},
|
|
205
|
+
);
|
|
206
|
+
|
|
207
|
+
return adminMatch.length === 0;
|
|
208
|
+
}
|
|
127
209
|
}
|
|
@@ -1,10 +1,22 @@
|
|
|
1
1
|
import CapturedMetric from "./CapturedMetric";
|
|
2
2
|
import { JSONObject } from "../../JSON";
|
|
3
3
|
|
|
4
|
+
export interface RetryAttempt {
|
|
5
|
+
attemptNumber: number;
|
|
6
|
+
scriptError?: string | undefined;
|
|
7
|
+
executionTimeInMS: number;
|
|
8
|
+
}
|
|
9
|
+
|
|
4
10
|
export default interface CustomCodeMonitorResponse {
|
|
5
11
|
result: string | number | boolean | JSONObject | undefined;
|
|
6
12
|
scriptError?: string | undefined;
|
|
7
13
|
logMessages: string[];
|
|
8
14
|
capturedMetrics: CapturedMetric[];
|
|
9
15
|
executionTimeInMS: number;
|
|
16
|
+
/*
|
|
17
|
+
* Populated only when more than one attempt occurred (i.e. at least one retry).
|
|
18
|
+
* Includes every attempt — the last entry corresponds to the final result above.
|
|
19
|
+
*/
|
|
20
|
+
retryAttempts?: Array<RetryAttempt> | undefined;
|
|
21
|
+
totalAttempts?: number | undefined;
|
|
10
22
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"TeamMember.js","sourceRoot":"","sources":["../../../../Models/DatabaseModels/TeamMember.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,OAAO,MAAM,WAAW,CAAC;AAChC,OAAO,IAAI,MAAM,QAAQ,CAAC;AAC1B,OAAO,IAAI,MAAM,QAAQ,CAAC;AAC1B,OAAO,SAAS,MAAM,uCAAuC,CAAC;AAC9D,OAAO,KAAK,MAAM,uBAAuB,CAAC;AAC1C,OAAO,mBAAmB,MAAM,wDAAwD,CAAC;AACzF,OAAO,kBAAkB,MAAM,uDAAuD,CAAC;AACvF,OAAO,2BAA2B,MAAM,kDAAkD,CAAC;AAC3F,OAAO,UAAU,MAAM,iCAAiC,CAAC;AACzD,OAAO,eAAe,MAAM,sCAAsC,CAAC;AACnE,OAAO,4BAA4B,MAAM,mDAAmD,CAAC;AAC7F,OAAO,mBAAmB,MAAM,0CAA0C,CAAC;AAC3E,OAAO,cAAc,MAAM,qCAAqC,CAAC;AACjE,OAAO,uBAAuB,MAAM,8CAA8C,CAAC;AACnF,OAAO,WAAW,MAAM,kCAAkC,CAAC;AAC3D,OAAO,eAAe,MAAM,sCAAsC,CAAC;AACnE,OAAO,aAAa,MAAM,oCAAoC,CAAC;AAC/D,OAAO,YAAY,MAAM,mCAAmC,CAAC;AAC7D,OAAO,QAAQ,MAAM,2BAA2B,CAAC;AACjD,OAAO,QAAQ,MAAM,sBAAsB,CAAC;AAC5C,OAAO,UAAU,MAAM,wBAAwB,CAAC;AAChD,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"TeamMember.js","sourceRoot":"","sources":["../../../../Models/DatabaseModels/TeamMember.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,OAAO,MAAM,WAAW,CAAC;AAChC,OAAO,IAAI,MAAM,QAAQ,CAAC;AAC1B,OAAO,IAAI,MAAM,QAAQ,CAAC;AAC1B,OAAO,SAAS,MAAM,uCAAuC,CAAC;AAC9D,OAAO,KAAK,MAAM,uBAAuB,CAAC;AAC1C,OAAO,mBAAmB,MAAM,wDAAwD,CAAC;AACzF,OAAO,kBAAkB,MAAM,uDAAuD,CAAC;AACvF,OAAO,2BAA2B,MAAM,kDAAkD,CAAC;AAC3F,OAAO,UAAU,MAAM,iCAAiC,CAAC;AACzD,OAAO,eAAe,MAAM,sCAAsC,CAAC;AACnE,OAAO,4BAA4B,MAAM,mDAAmD,CAAC;AAC7F,OAAO,mBAAmB,MAAM,0CAA0C,CAAC;AAC3E,OAAO,cAAc,MAAM,qCAAqC,CAAC;AACjE,OAAO,uBAAuB,MAAM,8CAA8C,CAAC;AACnF,OAAO,WAAW,MAAM,kCAAkC,CAAC;AAC3D,OAAO,eAAe,MAAM,sCAAsC,CAAC;AACnE,OAAO,aAAa,MAAM,oCAAoC,CAAC;AAC/D,OAAO,YAAY,MAAM,mCAAmC,CAAC;AAC7D,OAAO,QAAQ,MAAM,2BAA2B,CAAC;AACjD,OAAO,QAAQ,MAAM,sBAAsB,CAAC;AAC5C,OAAO,UAAU,MAAM,wBAAwB,CAAC;AAChD,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAqDxD,IAAM,UAAU,GAAhB,MAAM,UAAW,SAAQ,SAAS;IAAlC;;QAuCN,SAAI,GAAU,SAAS,CAAC;QAgCxB,WAAM,GAAc,SAAS,CAAC;QAwC9B,YAAO,GAAa,SAAS,CAAC;QAkC9B,cAAS,GAAc,SAAS,CAAC;QAwCjC,SAAI,GAAU,SAAS,CAAC;QAgCxB,WAAM,GAAc,SAAS,CAAC;QA4B9B,kBAAa,GAAU,SAAS,CAAC;QAmBjC,oBAAe,GAAc,SAAS,CAAC;QA6BvC,kBAAa,GAAU,SAAS,CAAC;QAmBjC,oBAAe,GAAc,SAAS,CAAC;QAmCvC,0BAAqB,GAAa,SAAS,CAAC;QA6B5C,yBAAoB,GAAU,SAAS,CAAC;IACjD,CAAC;CAAA,CAAA;AAlVQ;IAtCN,mBAAmB,CAAC;QACnB,MAAM,EAAE;YACN,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,iBAAiB;YAC5B,UAAU,CAAC,wBAAwB;SACpC;QACD,IAAI,EAAE;YACJ,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,aAAa;YACxB,UAAU,CAAC,MAAM;YACjB,UAAU,CAAC,eAAe;YAC1B,UAAU,CAAC,eAAe;YAC1B,UAAU,CAAC,WAAW;SACvB;QACD,MAAM,EAAE,EAAE;KACX,CAAC;IACD,WAAW,CAAC;QACX,uBAAuB,EAAE,QAAQ;QACjC,IAAI,EAAE,eAAe,CAAC,MAAM;QAC5B,SAAS,EAAE,IAAI;QACf,KAAK,EAAE,MAAM;QACb,WAAW,EAAE,kCAAkC;QAC/C,OAAO,EAAE,kBAAkB;KAC5B,CAAC;IACD,SAAS,CACR,GAAG,EAAE;QACH,OAAO,IAAI,CAAC;IACd,CAAC,EACD;QACE,KAAK,EAAE,KAAK;QACZ,QAAQ,EAAE,IAAI;QACd,QAAQ,EAAE,SAAS;QACnB,iBAAiB,EAAE,SAAS;KAC7B,CACF;IACA,UAAU,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;8BACjB,IAAI;wCAAa;AAgCxB;IA9BN,mBAAmB,CAAC;QACnB,MAAM,EAAE;YACN,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,iBAAiB;YAC5B,UAAU,CAAC,wBAAwB;SACpC;QACD,IAAI,EAAE;YACJ,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,aAAa;YACxB,UAAU,CAAC,MAAM;YACjB,UAAU,CAAC,eAAe;YAC1B,UAAU,CAAC,eAAe;YAC1B,UAAU,CAAC,WAAW;SACvB;QACD,MAAM,EAAE,EAAE;KACX,CAAC;IACD,KAAK,EAAE;IACP,WAAW,CAAC;QACX,IAAI,EAAE,eAAe,CAAC,QAAQ;QAC9B,KAAK,EAAE,SAAS;QAChB,WAAW,EAAE,kCAAkC;QAC/C,OAAO,EAAE,sCAAsC;KAChD,CAAC;IACD,MAAM,CAAC;QACN,IAAI,EAAE,UAAU,CAAC,QAAQ;QACzB,QAAQ,EAAE,IAAI;QACd,WAAW,EAAE,QAAQ,CAAC,sBAAsB,EAAE;KAC/C,CAAC;8BACc,QAAQ;0CAAa;AAwC9B;IAtCN,mBAAmB,CAAC;QACnB,MAAM,EAAE;YACN,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,iBAAiB;YAC5B,UAAU,CAAC,wBAAwB;SACpC;QACD,IAAI,EAAE;YACJ,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,aAAa;YACxB,UAAU,CAAC,MAAM;YACjB,UAAU,CAAC,eAAe;YAC1B,UAAU,CAAC,eAAe;YAC1B,UAAU,CAAC,WAAW;SACvB;QACD,MAAM,EAAE,EAAE;KACX,CAAC;IACD,WAAW,CAAC;QACX,uBAAuB,EAAE,WAAW;QACpC,IAAI,EAAE,eAAe,CAAC,MAAM;QAC5B,SAAS,EAAE,OAAO;QAClB,KAAK,EAAE,SAAS;QAChB,WAAW,EAAE,2DAA2D;QACxE,OAAO,EAAE,uBAAuB;KACjC,CAAC;IACD,SAAS,CACR,GAAG,EAAE;QACH,OAAO,OAAO,CAAC;IACjB,CAAC,EACD;QACE,KAAK,EAAE,KAAK;QACZ,QAAQ,EAAE,IAAI;QACd,QAAQ,EAAE,SAAS;QACnB,iBAAiB,EAAE,SAAS;KAC7B,CACF;IACA,UAAU,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;8BACjB,OAAO;2CAAa;AAkC9B;IAhCN,mBAAmB,CAAC;QACnB,MAAM,EAAE;YACN,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,iBAAiB;YAC5B,UAAU,CAAC,wBAAwB;SACpC;QACD,IAAI,EAAE;YACJ,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,aAAa;YACxB,UAAU,CAAC,MAAM;YACjB,UAAU,CAAC,eAAe;YAC1B,UAAU,CAAC,eAAe;YAC1B,UAAU,CAAC,WAAW;SACvB;QACD,MAAM,EAAE,EAAE;KACX,CAAC;IACD,KAAK,EAAE;IACP,WAAW,CAAC;QACX,IAAI,EAAE,eAAe,CAAC,QAAQ;QAC9B,QAAQ,EAAE,IAAI;QACd,sBAAsB,EAAE,IAAI;QAC5B,KAAK,EAAE,YAAY;QACnB,WAAW,EAAE,2DAA2D;QACxE,OAAO,EAAE,sCAAsC;KAChD,CAAC;IACD,MAAM,CAAC;QACN,IAAI,EAAE,UAAU,CAAC,QAAQ;QACzB,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,QAAQ,CAAC,sBAAsB,EAAE;KAC/C,CAAC;8BACiB,QAAQ;6CAAa;AAwCjC;IAtCN,mBAAmB,CAAC;QACnB,MAAM,EAAE;YACN,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,iBAAiB;YAC5B,UAAU,CAAC,wBAAwB;SACpC;QACD,IAAI,EAAE;YACJ,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,eAAe;YAC1B,UAAU,CAAC,aAAa;YACxB,UAAU,CAAC,MAAM;YACjB,UAAU,CAAC,eAAe;YAC1B,UAAU,CAAC,uBAAuB;SACnC;QACD,MAAM,EAAE,EAAE;KACX,CAAC;IACD,WAAW,CAAC;QACX,uBAAuB,EAAE,QAAQ;QACjC,IAAI,EAAE,eAAe,CAAC,MAAM;QAC5B,SAAS,EAAE,IAAI;QACf,KAAK,EAAE,MAAM;QACb,WAAW,EAAE,gCAAgC;QAC7C,OAAO,EAAE,sBAAsB;KAChC,CAAC;IACD,SAAS,CACR,GAAG,EAAE;QACH,OAAO,IAAI,CAAC;IACd,CAAC,EACD;QACE,KAAK,EAAE,KAAK;QACZ,QAAQ,EAAE,KAAK;QACf,QAAQ,EAAE,SAAS;QACnB,iBAAiB,EAAE,SAAS;KAC7B,CACF;IACA,UAAU,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;8BACjB,IAAI;wCAAa;AAgCxB;IA9BN,mBAAmB,CAAC;QACnB,MAAM,EAAE;YACN,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,iBAAiB;YAC5B,UAAU,CAAC,wBAAwB;SACpC;QACD,IAAI,EAAE;YACJ,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,aAAa;YACxB,UAAU,CAAC,MAAM;YACjB,UAAU,CAAC,eAAe;YAC1B,UAAU,CAAC,eAAe;YAC1B,UAAU,CAAC,WAAW;SACvB;QACD,MAAM,EAAE,EAAE;KACX,CAAC;IACD,WAAW,CAAC;QACX,IAAI,EAAE,eAAe,CAAC,QAAQ;QAC9B,QAAQ,EAAE,IAAI;QACd,KAAK,EAAE,SAAS;QAChB,WAAW,EAAE,qCAAqC;QAClD,OAAO,EAAE,sCAAsC;KAChD,CAAC;IACD,MAAM,CAAC;QACN,IAAI,EAAE,UAAU,CAAC,QAAQ;QACzB,QAAQ,EAAE,KAAK;QACf,WAAW,EAAE,QAAQ,CAAC,sBAAsB,EAAE;KAC/C,CAAC;8BACc,QAAQ;0CAAa;AA4B9B;IA1BN,mBAAmB,CAAC;QACnB,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,EAAE;QACR,MAAM,EAAE,EAAE;KACX,CAAC;IACD,WAAW,CAAC;QACX,uBAAuB,EAAE,iBAAiB;QAC1C,IAAI,EAAE,eAAe,CAAC,MAAM;QAC5B,SAAS,EAAE,IAAI;QACf,KAAK,EAAE,iBAAiB;QACxB,WAAW,EACT,iFAAiF;QACnF,OAAO,EAAE,mBAAmB;KAC7B,CAAC;IACD,SAAS,CACR,GAAG,EAAE;QACH,OAAO,IAAI,CAAC;IACd,CAAC,EACD;QACE,KAAK,EAAE,KAAK;QACZ,QAAQ,EAAE,IAAI;QACd,QAAQ,EAAE,UAAU;QACpB,iBAAiB,EAAE,SAAS;KAC7B,CACF;IACA,UAAU,CAAC,EAAE,IAAI,EAAE,iBAAiB,EAAE,CAAC;8BACjB,IAAI;iDAAa;AAmBjC;IAjBN,mBAAmB,CAAC;QACnB,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,EAAE;QACR,MAAM,EAAE,EAAE;KACX,CAAC;IACD,WAAW,CAAC;QACX,IAAI,EAAE,eAAe,CAAC,QAAQ;QAC9B,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,wEAAwE;QAC1E,OAAO,EAAE,sCAAsC;KAChD,CAAC;IACD,MAAM,CAAC;QACN,IAAI,EAAE,UAAU,CAAC,QAAQ;QACzB,QAAQ,EAAE,IAAI;QACd,WAAW,EAAE,QAAQ,CAAC,sBAAsB,EAAE;KAC/C,CAAC;8BACuB,QAAQ;mDAAa;AA6BvC;IA3BN,mBAAmB,CAAC;QACnB,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,EAAE;QACR,MAAM,EAAE,EAAE;KACX,CAAC;IACD,WAAW,CAAC;QACX,uBAAuB,EAAE,iBAAiB;QAC1C,IAAI,EAAE,eAAe,CAAC,MAAM;QAC5B,KAAK,EAAE,iBAAiB;QACxB,SAAS,EAAE,IAAI;QACf,WAAW,EACT,iFAAiF;QACnF,OAAO,EAAE,mBAAmB;KAC7B,CAAC;IACD,SAAS,CACR,GAAG,EAAE;QACH,OAAO,IAAI,CAAC;IACd,CAAC,EACD;QACE,OAAO,EAAE,KAAK;QACd,KAAK,EAAE,KAAK;QACZ,QAAQ,EAAE,IAAI;QACd,QAAQ,EAAE,UAAU;QACpB,iBAAiB,EAAE,SAAS;KAC7B,CACF;IACA,UAAU,CAAC,EAAE,IAAI,EAAE,iBAAiB,EAAE,CAAC;8BACjB,IAAI;iDAAa;AAmBjC;IAjBN,mBAAmB,CAAC;QACnB,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,EAAE;QACR,MAAM,EAAE,EAAE;KACX,CAAC;IACD,WAAW,CAAC;QACX,IAAI,EAAE,eAAe,CAAC,QAAQ;QAC9B,KAAK,EAAE,oBAAoB;QAC3B,WAAW,EACT,wEAAwE;QAC1E,OAAO,EAAE,sCAAsC;KAChD,CAAC;IACD,MAAM,CAAC;QACN,IAAI,EAAE,UAAU,CAAC,QAAQ;QACzB,QAAQ,EAAE,IAAI;QACd,WAAW,EAAE,QAAQ,CAAC,sBAAsB,EAAE;KAC/C,CAAC;8BACuB,QAAQ;mDAAa;AAmCvC;IAjCN,mBAAmB,CAAC;QACnB,MAAM,EAAE;YACN,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,iBAAiB;YAC5B,UAAU,CAAC,wBAAwB;SACpC;QACD,IAAI,EAAE;YACJ,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,aAAa;YACxB,UAAU,CAAC,MAAM;YACjB,UAAU,CAAC,eAAe;YAC1B,UAAU,CAAC,eAAe;YAC1B,UAAU,CAAC,WAAW;SACvB;QACD,MAAM,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC;KACjC,CAAC;IACD,WAAW,CAAC;QACX,oBAAoB,EAAE,IAAI;QAC1B,QAAQ,EAAE,IAAI;QACd,IAAI,EAAE,eAAe,CAAC,OAAO;QAC7B,KAAK,EAAE,yBAAyB;QAChC,WAAW,EAAE,0CAA0C;QACvD,YAAY,EAAE,KAAK;QACnB,OAAO,EAAE,IAAI;KACd,CAAC;IACD,MAAM,CAAC;QACN,IAAI,EAAE,UAAU,CAAC,OAAO;QACxB,QAAQ,EAAE,KAAK;QACf,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,KAAK;KACf,CAAC;;yDACiD;AA6B5C;IA3BN,mBAAmB,CAAC;QACnB,MAAM,EAAE;YACN,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,iBAAiB;YAC5B,UAAU,CAAC,wBAAwB;SACpC;QACD,IAAI,EAAE;YACJ,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,eAAe;YAC1B,UAAU,CAAC,uBAAuB;SACnC;QACD,MAAM,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC;KACjC,CAAC;IACD,WAAW,CAAC;QACX,QAAQ,EAAE,KAAK;QACf,IAAI,EAAE,eAAe,CAAC,IAAI;QAC1B,KAAK,EAAE,wBAAwB;QAC/B,WAAW,EAAE,6CAA6C;QAC1D,OAAO,EAAE,sBAAsB;KAChC,CAAC;IACD,MAAM,CAAC;QACN,IAAI,EAAE,UAAU,CAAC,IAAI;QACrB,QAAQ,EAAE,IAAI;QACd,MAAM,EAAE,KAAK;KACd,CAAC;8BAC4B,IAAI;wDAAa;AAxX5B,UAAU;IAnD9B,mBAAmB,EAAE;IACrB,kBAAkB,CAAC;QAClB,MAAM,EAAE;YACN,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,iBAAiB;YAC5B,UAAU,CAAC,wBAAwB;SACpC;QACD,IAAI,EAAE;YACJ,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,aAAa;YACxB,UAAU,CAAC,MAAM;YACjB,UAAU,CAAC,eAAe;YAC1B,UAAU,CAAC,eAAe;YAC1B,UAAU,CAAC,WAAW;SACvB;QACD,MAAM,EAAE;YACN,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,iBAAiB;SAC7B;QACD,MAAM,EAAE;YACN,UAAU,CAAC,YAAY;YACvB,UAAU,CAAC,wBAAwB;YACnC,UAAU,CAAC,eAAe;YAC1B,UAAU,CAAC,WAAW;SACvB;KACF,CAAC;IACD,uBAAuB,CAAC,IAAI,CAAC;IAC7B,2BAA2B,CAAC,IAAI,CAAC;IACjC,4BAA4B,CAAC,QAAQ,CAAC;IACtC,YAAY,CAAC,WAAW,CAAC;IACzB,eAAe,CAAC,IAAI,KAAK,CAAC,cAAc,CAAC,CAAC;IAC1C,MAAM,CAAC;QACN,IAAI,EAAE,YAAY;KACnB,CAAC;IACD,cAAc,CAAC;QACd,MAAM,EAAE,IAAI;QACZ,MAAM,EAAE,IAAI;QACZ,MAAM,EAAE,IAAI;QACZ,IAAI,EAAE,IAAI;KACX,CAAC;IACD,aAAa,CAAC;QACb,SAAS,EAAE,YAAY;QACvB,YAAY,EAAE,aAAa;QAC3B,UAAU,EAAE,cAAc;QAC1B,IAAI,EAAE,QAAQ,CAAC,IAAI;QACnB,gBAAgB,EAAE,qCAAqC;KACxD,CAAC;GACmB,UAAU,CAyX9B;eAzXoB,UAAU"}
|
|
@@ -0,0 +1,66 @@
|
|
|
1
|
+
import UserMiddleware from "../Middleware/UserAuthorization";
|
|
2
|
+
import ProjectSCIMService from "../Services/ProjectSCIMService";
|
|
3
|
+
import TeamMemberService from "../Services/TeamMemberService";
|
|
4
|
+
import Response from "../Utils/Response";
|
|
5
|
+
import BaseAPI from "./BaseAPI";
|
|
6
|
+
import BadDataException from "../../Types/Exception/BadDataException";
|
|
7
|
+
import NotAuthorizedException from "../../Types/Exception/NotAuthorizedException";
|
|
8
|
+
import ObjectID from "../../Types/ObjectID";
|
|
9
|
+
import TeamMember from "../../Models/DatabaseModels/TeamMember";
|
|
10
|
+
export default class TeamMemberAPI extends BaseAPI {
|
|
11
|
+
constructor() {
|
|
12
|
+
var _a;
|
|
13
|
+
super(TeamMember, TeamMemberService);
|
|
14
|
+
this.router.post(`${(_a = new this.entityType().getCrudApiPath()) === null || _a === void 0 ? void 0 : _a.toString()}/:id/leave`, UserMiddleware.getUserMiddleware, async (req, res, next) => {
|
|
15
|
+
var _a, _b;
|
|
16
|
+
try {
|
|
17
|
+
const oneUptimeRequest = req;
|
|
18
|
+
const idParam = req.params["id"];
|
|
19
|
+
if (!idParam) {
|
|
20
|
+
return Response.sendErrorResponse(req, res, new BadDataException("Team member id is required"));
|
|
21
|
+
}
|
|
22
|
+
ObjectID.validateUUID(idParam);
|
|
23
|
+
const teamMemberId = new ObjectID(idParam);
|
|
24
|
+
const userId = (_a = oneUptimeRequest.userAuthorization) === null || _a === void 0 ? void 0 : _a.userId;
|
|
25
|
+
if (!userId) {
|
|
26
|
+
return Response.sendErrorResponse(req, res, new NotAuthorizedException("Not authenticated"));
|
|
27
|
+
}
|
|
28
|
+
const teamMember = await this.service.findOneById({
|
|
29
|
+
id: teamMemberId,
|
|
30
|
+
props: { isRoot: true },
|
|
31
|
+
select: {
|
|
32
|
+
userId: true,
|
|
33
|
+
projectId: true,
|
|
34
|
+
},
|
|
35
|
+
});
|
|
36
|
+
if (!teamMember) {
|
|
37
|
+
return Response.sendErrorResponse(req, res, new BadDataException("Team member not found"));
|
|
38
|
+
}
|
|
39
|
+
if (((_b = teamMember.userId) === null || _b === void 0 ? void 0 : _b.toString()) !== userId.toString()) {
|
|
40
|
+
return Response.sendErrorResponse(req, res, new NotAuthorizedException("You can only leave teams you are a member of"));
|
|
41
|
+
}
|
|
42
|
+
if (teamMember.projectId) {
|
|
43
|
+
const scimCount = (await ProjectSCIMService.countBy({
|
|
44
|
+
query: {
|
|
45
|
+
projectId: teamMember.projectId,
|
|
46
|
+
enablePushGroups: true,
|
|
47
|
+
},
|
|
48
|
+
props: { isRoot: true },
|
|
49
|
+
})).toNumber();
|
|
50
|
+
if (scimCount > 0) {
|
|
51
|
+
return Response.sendErrorResponse(req, res, new BadDataException("Team membership is managed by SCIM Push Groups for this project. Please contact your administrator to be removed."));
|
|
52
|
+
}
|
|
53
|
+
}
|
|
54
|
+
await this.service.deleteOneById({
|
|
55
|
+
id: teamMemberId,
|
|
56
|
+
props: { isRoot: true },
|
|
57
|
+
});
|
|
58
|
+
return Response.sendEmptySuccessResponse(req, res);
|
|
59
|
+
}
|
|
60
|
+
catch (err) {
|
|
61
|
+
return next(err);
|
|
62
|
+
}
|
|
63
|
+
});
|
|
64
|
+
}
|
|
65
|
+
}
|
|
66
|
+
//# sourceMappingURL=TeamMemberAPI.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"TeamMemberAPI.js","sourceRoot":"","sources":["../../../../Server/API/TeamMemberAPI.ts"],"names":[],"mappings":"AAAA,OAAO,cAAc,MAAM,iCAAiC,CAAC;AAC7D,OAAO,kBAAkB,MAAM,gCAAgC,CAAC;AAChE,OAAO,iBAEN,MAAM,+BAA+B,CAAC;AAOvC,OAAO,QAAQ,MAAM,mBAAmB,CAAC;AACzC,OAAO,OAAO,MAAM,WAAW,CAAC;AAChC,OAAO,gBAAgB,MAAM,wCAAwC,CAAC;AACtE,OAAO,sBAAsB,MAAM,8CAA8C,CAAC;AAClF,OAAO,QAAQ,MAAM,sBAAsB,CAAC;AAC5C,OAAO,UAAU,MAAM,wCAAwC,CAAC;AAEhE,MAAM,CAAC,OAAO,OAAO,aAAc,SAAQ,OAG1C;IACC;;QACE,KAAK,CAAC,UAAU,EAAE,iBAAiB,CAAC,CAAC;QAErC,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,GAAG,MAAA,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC,cAAc,EAAE,0CAAE,QAAQ,EAAE,YAAY,EACjE,cAAc,CAAC,iBAAiB,EAChC,KAAK,EAAE,GAAmB,EAAE,GAAoB,EAAE,IAAkB,EAAE,EAAE;;YACtE,IAAI,CAAC;gBACH,MAAM,gBAAgB,GAAqB,GAAuB,CAAC;gBAEnE,MAAM,OAAO,GAAW,GAAG,CAAC,MAAM,CAAC,IAAI,CAAW,CAAC;gBACnD,IAAI,CAAC,OAAO,EAAE,CAAC;oBACb,OAAO,QAAQ,CAAC,iBAAiB,CAC/B,GAAG,EACH,GAAG,EACH,IAAI,gBAAgB,CAAC,4BAA4B,CAAC,CACnD,CAAC;gBACJ,CAAC;gBAED,QAAQ,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;gBAC/B,MAAM,YAAY,GAAa,IAAI,QAAQ,CAAC,OAAO,CAAC,CAAC;gBAErD,MAAM,MAAM,GACV,MAAA,gBAAgB,CAAC,iBAAiB,0CAAE,MAAM,CAAC;gBAC7C,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,OAAO,QAAQ,CAAC,iBAAiB,CAC/B,GAAG,EACH,GAAG,EACH,IAAI,sBAAsB,CAAC,mBAAmB,CAAC,CAChD,CAAC;gBACJ,CAAC;gBAED,MAAM,UAAU,GAAsB,MAAM,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC;oBACnE,EAAE,EAAE,YAAY;oBAChB,KAAK,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE;oBACvB,MAAM,EAAE;wBACN,MAAM,EAAE,IAAI;wBACZ,SAAS,EAAE,IAAI;qBAChB;iBACF,CAAC,CAAC;gBAEH,IAAI,CAAC,UAAU,EAAE,CAAC;oBAChB,OAAO,QAAQ,CAAC,iBAAiB,CAC/B,GAAG,EACH,GAAG,EACH,IAAI,gBAAgB,CAAC,uBAAuB,CAAC,CAC9C,CAAC;gBACJ,CAAC;gBAED,IAAI,CAAA,MAAA,UAAU,CAAC,MAAM,0CAAE,QAAQ,EAAE,MAAK,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;oBACxD,OAAO,QAAQ,CAAC,iBAAiB,CAC/B,GAAG,EACH,GAAG,EACH,IAAI,sBAAsB,CACxB,8CAA8C,CAC/C,CACF,CAAC;gBACJ,CAAC;gBAED,IAAI,UAAU,CAAC,SAAS,EAAE,CAAC;oBACzB,MAAM,SAAS,GAAW,CACxB,MAAM,kBAAkB,CAAC,OAAO,CAAC;wBAC/B,KAAK,EAAE;4BACL,SAAS,EAAE,UAAU,CAAC,SAAS;4BAC/B,gBAAgB,EAAE,IAAI;yBACvB;wBACD,KAAK,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE;qBACxB,CAAC,CACH,CAAC,QAAQ,EAAE,CAAC;oBAEb,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;wBAClB,OAAO,QAAQ,CAAC,iBAAiB,CAC/B,GAAG,EACH,GAAG,EACH,IAAI,gBAAgB,CAClB,mHAAmH,CACpH,CACF,CAAC;oBACJ,CAAC;gBACH,CAAC;gBAED,MAAM,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC;oBAC/B,EAAE,EAAE,YAAY;oBAChB,KAAK,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE;iBACxB,CAAC,CAAC;gBAEH,OAAO,QAAQ,CAAC,wBAAwB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YACrD,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC;YACnB,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC;CACF"}
|
|
@@ -9,10 +9,23 @@ var __metadata = (this && this.__metadata) || function (k, v) {
|
|
|
9
9
|
};
|
|
10
10
|
import DatabaseRequestType from "../../BaseDatabase/DatabaseRequestType";
|
|
11
11
|
import BasePermission from "./BasePermission";
|
|
12
|
+
import TablePermission from "./TablePermission";
|
|
12
13
|
import Includes from "../../../../Types/BaseDatabase/Includes";
|
|
14
|
+
import DatabaseCommonInteractionPropsUtil, { PermissionType, } from "../../../../Types/BaseDatabase/DatabaseCommonInteractionPropsUtil";
|
|
13
15
|
import BadDataException from "../../../../Types/Exception/BadDataException";
|
|
14
16
|
import NotAuthorizedException from "../../../../Types/Exception/NotAuthorizedException";
|
|
17
|
+
import Permission from "../../../../Types/Permission";
|
|
15
18
|
import CaptureSpan from "../../../Utils/Telemetry/CaptureSpan";
|
|
19
|
+
/*
|
|
20
|
+
* Permissions auto-granted to every logged-in tenant user. Holding only these
|
|
21
|
+
* (without an actual role permission) does not signal admin authority and so
|
|
22
|
+
* should not unlock cross-row access on models that scope by user.
|
|
23
|
+
*/
|
|
24
|
+
const AUTO_GRANTED_TENANT_PERMISSIONS = [
|
|
25
|
+
Permission.CurrentUser,
|
|
26
|
+
Permission.Public,
|
|
27
|
+
Permission.UnAuthorizedSsoUser,
|
|
28
|
+
];
|
|
16
29
|
export default class TenantPermission {
|
|
17
30
|
static async addTenantScopeToQuery(modelType, query, select, props, type) {
|
|
18
31
|
var _a;
|
|
@@ -24,6 +37,19 @@ export default class TenantPermission {
|
|
|
24
37
|
// If this model has a tenantColumn, and request has tenantId, and is multiTenantQuery null then add tenantId to query.
|
|
25
38
|
if (tenantColumn && props.tenantId && !props.isMultiTenantRequest) {
|
|
26
39
|
query[tenantColumn] = props.tenantId;
|
|
40
|
+
/*
|
|
41
|
+
* If Permission.CurrentUser is the only thing letting the user through
|
|
42
|
+
* for this model+operation, also restrict the query to records they own.
|
|
43
|
+
* Otherwise the tenant filter alone leaves the user able to act on any
|
|
44
|
+
* row in the project (CVE-class issue when CurrentUser appears in a
|
|
45
|
+
* model's delete/update list alongside admin permissions).
|
|
46
|
+
*/
|
|
47
|
+
if (TenantPermission.shouldScopeQueryByCurrentUser(modelType, props, type)) {
|
|
48
|
+
const userColumn = model.getUserColumn();
|
|
49
|
+
if (userColumn) {
|
|
50
|
+
query[userColumn] = props.userId;
|
|
51
|
+
}
|
|
52
|
+
}
|
|
27
53
|
}
|
|
28
54
|
// if model allows user query without tenant, and user column is present, and userId is present, then add userId to query.
|
|
29
55
|
else if (model.isUserQueryWithoutTenantAllowed() &&
|
|
@@ -83,6 +109,34 @@ export default class TenantPermission {
|
|
|
83
109
|
}
|
|
84
110
|
return query;
|
|
85
111
|
}
|
|
112
|
+
/**
|
|
113
|
+
* True if the only permission letting this user through the table-level
|
|
114
|
+
* check for this op is Permission.CurrentUser. In that case the query must
|
|
115
|
+
* be restricted to rows the user owns (via the model's user column).
|
|
116
|
+
*/
|
|
117
|
+
static shouldScopeQueryByCurrentUser(modelType, props, type) {
|
|
118
|
+
const model = new modelType();
|
|
119
|
+
if (!model.getUserColumn() || !props.userId) {
|
|
120
|
+
return false;
|
|
121
|
+
}
|
|
122
|
+
const modelPermissions = TablePermission.getTablePermission(modelType, type);
|
|
123
|
+
if (!modelPermissions.includes(Permission.CurrentUser)) {
|
|
124
|
+
return false;
|
|
125
|
+
}
|
|
126
|
+
const userPermissions = DatabaseCommonInteractionPropsUtil.getUserPermissions(props, PermissionType.Allow).map((up) => {
|
|
127
|
+
return up.permission;
|
|
128
|
+
});
|
|
129
|
+
const intersection = userPermissions.filter((p) => {
|
|
130
|
+
return modelPermissions.includes(p);
|
|
131
|
+
});
|
|
132
|
+
if (!intersection.includes(Permission.CurrentUser)) {
|
|
133
|
+
return false;
|
|
134
|
+
}
|
|
135
|
+
const adminMatch = intersection.filter((p) => {
|
|
136
|
+
return !AUTO_GRANTED_TENANT_PERMISSIONS.includes(p);
|
|
137
|
+
});
|
|
138
|
+
return adminMatch.length === 0;
|
|
139
|
+
}
|
|
86
140
|
}
|
|
87
141
|
__decorate([
|
|
88
142
|
CaptureSpan(),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"TenantPermission.js","sourceRoot":"","sources":["../../../../../../Server/Types/Database/Permissions/TenantPermission.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,mBAAmB,MAAM,wCAAwC,CAAC;AAGzE,OAAO,cAAgD,MAAM,kBAAkB,CAAC;
|
|
1
|
+
{"version":3,"file":"TenantPermission.js","sourceRoot":"","sources":["../../../../../../Server/Types/Database/Permissions/TenantPermission.ts"],"names":[],"mappings":";;;;;;;;;AAAA,OAAO,mBAAmB,MAAM,wCAAwC,CAAC;AAGzE,OAAO,cAAgD,MAAM,kBAAkB,CAAC;AAChF,OAAO,eAAe,MAAM,mBAAmB,CAAC;AAEhD,OAAO,QAAQ,MAAM,yCAAyC,CAAC;AAE/D,OAAO,kCAAkC,EAAE,EACzC,cAAc,GACf,MAAM,mEAAmE,CAAC;AAC3E,OAAO,gBAAgB,MAAM,8CAA8C,CAAC;AAC5E,OAAO,sBAAsB,MAAM,oDAAoD,CAAC;AAExF,OAAO,UAAU,MAAM,8BAA8B,CAAC;AACtD,OAAO,WAAW,MAAM,sCAAsC,CAAC;AAE/D;;;;GAIG;AACH,MAAM,+BAA+B,GAA8B;IACjE,UAAU,CAAC,WAAW;IACtB,UAAU,CAAC,MAAM;IACjB,UAAU,CAAC,mBAAmB;CAC/B,CAAC;AAEF,MAAM,CAAC,OAAO,OAAO,gBAAgB;IAEf,AAAb,MAAM,CAAC,KAAK,CAAC,qBAAqB,CACvC,SAAiC,EACjC,KAAwB,EACxB,MAAiC,EACjC,KAAqC,EACrC,IAAyB;;QAEzB,MAAM,KAAK,GAAc,IAAI,SAAS,EAAE,CAAC;QAEzC,MAAM,YAAY,GAAkB,KAAK,CAAC,eAAe,EAAE,CAAC;QAE5D,IAAI,KAAK,CAAC,oBAAoB,IAAI,CAAC,KAAK,CAAC,mBAAmB,EAAE,EAAE,CAAC;YAC/D,MAAM,IAAI,gBAAgB,CACxB,uCAAuC,KAAK,CAAC,YAAY,EAAE,CAC5D,CAAC;QACJ,CAAC;QAED,uHAAuH;QACvH,IAAI,YAAY,IAAI,KAAK,CAAC,QAAQ,IAAI,CAAC,KAAK,CAAC,oBAAoB,EAAE,CAAC;YACjE,KAAa,CAAC,YAAY,CAAC,GAAG,KAAK,CAAC,QAAQ,CAAC;YAE9C;;;;;;eAMG;YACH,IACE,gBAAgB,CAAC,6BAA6B,CAAC,SAAS,EAAE,KAAK,EAAE,IAAI,CAAC,EACtE,CAAC;gBACD,MAAM,UAAU,GAAkB,KAAK,CAAC,aAAa,EAAE,CAAC;gBACxD,IAAI,UAAU,EAAE,CAAC;oBACd,KAAa,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC;gBAC5C,CAAC;YACH,CAAC;QACH,CAAC;QACD,0HAA0H;aACrH,IACH,KAAK,CAAC,+BAA+B,EAAE;YACvC,KAAK,CAAC,aAAa,EAAE;YACrB,KAAK,CAAC,MAAM,EACZ,CAAC;YACA,KAAa,CAAC,KAAK,CAAC,aAAa,EAAY,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC;QACjE,CAAC;aAAM,IACL,YAAY;YACZ,KAAK,CAAC,0BAA0B;YAChC,CAAC,CAAC,KAAK,CAAC,QAAQ,IAAI,KAAK,CAAC,oBAAoB,CAAC,EAC/C,CAAC;YACD;;;;eAIG;YAEH,MAAM,OAAO,GAA6B,EAAE,CAAC;YAE7C,IAAI,UAAU,GAAoB,EAAE,CAAC;YAErC,IACE,KAAK,CAAC,0BAA0B;gBAChC,KAAK,CAAC,0BAA0B,CAAC,UAAU,EAC3C,CAAC;gBACD,UAAU,GAAG,MAAA,KAAK,CAAC,0BAA0B,0CAAE,UAAU,CAAC;YAC5D,CAAC;YAED;;;eAGG;YACH,MAAM,oBAAoB,GAAa,KAAa,CAAC,YAAY,CAAC,CAAC;YACnE,IAAI,oBAAoB,IAAI,oBAAoB,YAAY,QAAQ,EAAE,CAAC;gBACrE,MAAM,YAAY,GAChB,oBACD,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAA6B,EAAE,EAAE;oBAC7C,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAC;gBACtB,CAAC,CAAC,CAAC;gBACH,iEAAiE;gBACjE,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,GAAa,EAAE,EAAE;oBAC/C,OAAO,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;gBAC/C,CAAC,CAAC,CAAC;gBACH,uFAAuF;gBACvF,OAAQ,KAAa,CAAC,YAAY,CAAC,CAAC;YACtC,CAAC;YAED,IAAI,aAAa,GAAiB,IAAI,CAAC;YAEvC,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;gBACnC,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;oBAClB,SAAS;gBACX,CAAC;gBAED,IAAI,CAAC;oBACH,MAAM,oBAAoB,GACxB,MAAM,cAAc,CAAC,gBAAgB,CACnC,SAAS,EACT,KAAK,EACL,MAAM,kCAED,KAAK,KACR,oBAAoB,EAAE,KAAK,EAC3B,QAAQ,EAAE,SAAS,EACnB,0BAA0B,EAAE,KAAK,CAAC,0BAA0B,KAE9D,IAAI,CACL,CAAC;oBAEJ,OAAO,CAAC,IAAI,mBACP,oBAAoB,CAAC,KAAK,EAC7B,CAAC;gBACL,CAAC;gBAAC,OAAO,CAAC,EAAE,CAAC;oBACX,2BAA2B;oBAC3B,aAAa,GAAG,CAAU,CAAC;gBAC7B,CAAC;YACH,CAAC;YAED,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACzB,MAAM,IAAI,sBAAsB,CAC9B,CAAA,aAAa,aAAb,aAAa,uBAAb,aAAa,CAAE,OAAO;oBACpB,mCAAmC,GAAG,KAAK,CAAC,YAAY,CAC3D,CAAC;YACJ,CAAC;YAED,OAAO,OAAc,CAAC;QACxB,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;;OAIG;IACK,MAAM,CAAC,6BAA6B,CAC1C,SAAiC,EACjC,KAAqC,EACrC,IAAyB;QAEzB,MAAM,KAAK,GAAc,IAAI,SAAS,EAAE,CAAC;QAEzC,IAAI,CAAC,KAAK,CAAC,aAAa,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;YAC5C,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,gBAAgB,GACpB,eAAe,CAAC,kBAAkB,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;QAEtD,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YACvD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,eAAe,GACnB,kCAAkC,CAAC,kBAAkB,CACnD,KAAK,EACL,cAAc,CAAC,KAAK,CACrB,CAAC,GAAG,CAAC,CAAC,EAA8B,EAAE,EAAE;YACvC,OAAO,EAAE,CAAC,UAAU,CAAC;QACvB,CAAC,CAAC,CAAC;QAEL,MAAM,YAAY,GAAsB,eAAe,CAAC,MAAM,CAC5D,CAAC,CAAa,EAAE,EAAE;YAChB,OAAO,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QACtC,CAAC,CACF,CAAC;QAEF,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YACnD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,UAAU,GAAsB,YAAY,CAAC,MAAM,CACvD,CAAC,CAAa,EAAE,EAAE;YAChB,OAAO,CAAC,+BAA+B,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QACtD,CAAC,CACF,CAAC;QAEF,OAAO,UAAU,CAAC,MAAM,KAAK,CAAC,CAAC;IACjC,CAAC;CACF;AAlLqB;IADnB,WAAW,EAAE;;;;mDAgIb"}
|