Fix getProjectMembership to work with additional privileges

Infisical · Apr 4, 2024 · 51f220b · 51f220b
1 parent 51819e5
commit 51f220b
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 4 deletions.
diff --git a/backend/src/ee/services/permission/permission-dal.ts b/backend/src/ee/services/permission/permission-dal.ts
@@ -129,7 +129,7 @@ export const permissionDALFactory = (db: TDbClient) => {
         );
 
       const permission = sqlNestRelationships({
-        data: docs.concat(groupDocs),
+        data: docs,
         key: "projectId",
         parentMapper: ({ orgId, orgAuthEnforced, membershipId, membershipCreatedAt, membershipUpdatedAt, role }) => ({
           orgId,
@@ -175,7 +175,43 @@ export const permissionDALFactory = (db: TDbClient) => {
         ]
       });
 
+      const groupRoles = groupDocs.length
+        ? sqlNestRelationships({
+            data: groupDocs,
+            key: "projectId",
+            parentMapper: ({
+              orgId,
+              orgAuthEnforced,
+              membershipId,
+              membershipCreatedAt,
+              membershipUpdatedAt,
+              role
+            }) => ({
+              orgId,
+              orgAuthEnforced,
+              userId,
+              role,
+              id: membershipId,
+              projectId,
+              createdAt: membershipCreatedAt,
+              updatedAt: membershipUpdatedAt
+            }),
+            childrenMapper: [
+              {
+                key: "id",
+                label: "roles" as const,
+                mapper: (data) =>
+                  ProjectUserMembershipRolesSchema.extend({
+                    permissions: z.unknown(),
+                    customRoleSlug: z.string().optional().nullable()
+                  }).parse(data)
+              }
+            ]
+          })?.[0]?.roles
+        : [];
+
       if (!permission?.[0]) return undefined;
+
       // when introducting cron mode change it here
       const activeRoles = permission?.[0]?.roles?.filter(
         ({ isTemporary, temporaryAccessEndTime }) =>
@@ -187,7 +223,11 @@ export const permissionDALFactory = (db: TDbClient) => {
           !isTemporary || (isTemporary && temporaryAccessEndTime && new Date() < temporaryAccessEndTime)
       );
 
-      return { ...permission[0], roles: activeRoles, additionalPrivileges: activeAdditionalPrivileges };
+      return {
+        ...permission[0],
+        roles: [...activeRoles, ...groupRoles],
+        additionalPrivileges: activeAdditionalPrivileges
+      };
     } catch (error) {
       throw new DatabaseError({ error, name: "GetProjectPermission" });
     }

diff --git a/...rc/views/Project/MembersPage/components/GroupsTab/components/GroupsSection/GroupRoles.tsx b/...rc/views/Project/MembersPage/components/GroupsTab/components/GroupsSection/GroupRoles.tsx
@@ -26,8 +26,8 @@ import {
 import { useWorkspace } from "@app/context";
 import { usePopUp } from "@app/hooks";
 import { useGetProjectRoles, useUpdateGroupWorkspaceRole } from "@app/hooks/api";
+import { TGroupMembership } from "@app/hooks/api/groups/types";
 import { ProjectMembershipRole } from "@app/hooks/api/roles/types";
-import { TWorkspaceUser } from "@app/hooks/api/types";
 import { ProjectUserMembershipTemporaryMode } from "@app/hooks/api/workspace/types";
 import { groupBy } from "@app/lib/fn/array";
 
@@ -196,7 +196,7 @@ type TForm = z.infer<typeof formSchema>;
 export type TMemberRolesProp = {
   disableEdit?: boolean;
   groupSlug: string;
-  roles: TWorkspaceUser["roles"];
+  roles: TGroupMembership["roles"];
 };
 
 const MAX_ROLES_TO_BE_SHOWN_IN_TABLE = 2;