Skip to content

Commit

Permalink
fix: permission dependencies and decoding
Browse files Browse the repository at this point in the history
  • Loading branch information
@n1ru4l
n1ru4l committed Jan 13, 2025
1 parent 32b3d89 commit 28cd247
Show file tree
Hide file tree
Showing 4 changed files with 32 additions and 32 deletions.
4 changes: 2 additions & 2 deletions packages/services/api/src/modules/organization/lib/organization-member-permissions.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ export const allPermissionGroups: Array<PermissionGroup> = [
id: 'member:modifyRole',
title: 'Modify member role',
description: 'Member can modify, create and delete roles.',
dependsOn: 'member:describe',
dependsOn: 'member:assignRole',
},
{
id: 'member:removeMember',
Expand All @@ -78,7 +78,7 @@ export const allPermissionGroups: Array<PermissionGroup> = [
id: 'member:manageInvites',
title: 'Manage invites',
description: 'Member can invite users via email and modify or delete pending invites.',
dependsOn: 'member:describe',
dependsOn: 'member:assignRole',
},
],
},
Expand Down
8 changes: 8 additions & 0 deletions packages/services/api/src/modules/organization/providers/organization-manager.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1011,6 +1011,14 @@ export class OrganizationManager {
};
}

if (role.membersCount > 0) {
return {
error: {
message: `Cannot delete a role with members`,
},
};
}

// delete the role
await this.storage.deleteOrganizationMemberRole({
organizationId: input.organizationId,
Expand Down
46 changes: 20 additions & 26 deletions packages/services/api/src/modules/organization/providers/organization-member-roles.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,31 +24,22 @@ function omit<T extends object, K extends keyof T>(obj: T, key: K): Omit<T, K> {
}

const MemberRoleModel = z
.intersection(
z.object({
id: z.string(),
name: z.string(),
description: z.string(),
isLocked: z.boolean(),
organizationId: z.string(),
membersCount: z.number(),
}),
z.union([
z.object({
legacyScopes: z
.array(z.string())
.transform(
value =>
value as Array<OrganizationAccessScope | ProjectAccessScope | TargetAccessScope>,
),
permissions: z.null(),
}),
z.object({
legacyScopes: z.null(),
permissions: z.array(PermissionsModel),
}),
]),
)
.object({
id: z.string(),
name: z.string(),
description: z.string(),
isLocked: z.boolean(),
organizationId: z.string(),
membersCount: z.number(),
legacyScopes: z
.array(z.string())
.nullable()
.transform(
value =>
value as Array<OrganizationAccessScope | ProjectAccessScope | TargetAccessScope> | null,
),
permissions: z.array(PermissionsModel).nullable(),
})
.transform(record => {
let permissions: PermissionsPerResourceLevelAssignment;

Expand All @@ -63,7 +54,9 @@ const MemberRoleModel = z
...record.permissions,
]);
} else {
permissions = transformOrganizationMemberLegacyScopesIntoPermissionGroup(record.legacyScopes);
permissions = transformOrganizationMemberLegacyScopesIntoPermissionGroup(
record.legacyScopes ?? [],
);
}

return {
Expand Down Expand Up @@ -332,6 +325,7 @@ const predefinedRolesPermissions = {
* Permissions the default admin role is assigned with (aka full access)
**/
admin: permissionsToPermissionsPerResourceLevelAssignment([
...OrganizationMemberPermissions.permissions.default,
...OrganizationMemberPermissions.permissions.assignable,
]),
/**
Expand Down
6 changes: 2 additions & 4 deletions packages/services/api/src/modules/organization/providers/organization-members.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,8 +99,7 @@ export class OrganizationMembers {
const query = sql`
SELECT
"om"."user_id" AS "userId"
, "om"."role_id" AS "legacyRoleId"
, "om"."scopes" AS "legacyScopes"
, "om"."role_id" AS "roleId"
, "om"."connected_to_zendesk" AS "connectedToZendesk"
FROM
"organization_member" AS "om"
Expand Down Expand Up @@ -231,8 +230,7 @@ export class OrganizationMembers {
const query = sql`
SELECT
"om"."user_id" AS "userId"
, "om"."role_id" AS "legacyRoleId"
, "om"."scopes" AS "legacyScopes"
, "om"."role_id" AS "roleId"
, "om"."connected_to_zendesk" AS "connectedToZendesk"
FROM
"organization_member" AS "om"
Expand Down

0 comments on commit 28cd247

Please sign in to comment.