Move Impersonate from User to Workspace (#2630)
* Fix impersonate * align core typeorm config with metadata config + add allowImpersonation to workspace * move allowImpersonation to workspace * remove allowImpersonation from workspaceMember workspace table
This commit is contained in:
Weiko
@ -83,11 +83,13 @@ export type CreateOneRelationInput = {
|
||||
|
||||
export type CreateRelationInput = {
|
||||
description?: InputMaybe<Scalars['String']['input']>;
|
||||
fromDescription?: InputMaybe<Scalars['String']['input']>;
|
||||
fromIcon?: InputMaybe<Scalars['String']['input']>;
|
||||
fromLabel: Scalars['String']['input'];
|
||||
fromName: Scalars['String']['input'];
|
||||
fromObjectMetadataId: Scalars['String']['input'];
|
||||
relationType: RelationMetadataType;
|
||||
toDescription?: InputMaybe<Scalars['String']['input']>;
|
||||
toIcon?: InputMaybe<Scalars['String']['input']>;
|
||||
toLabel: Scalars['String']['input'];
|
||||
toName: Scalars['String']['input'];
|
||||
@ -393,7 +395,9 @@ export type UpdateFieldInput = {
|
||||
export type UpdateObjectInput = {
|
||||
description?: InputMaybe<Scalars['String']['input']>;
|
||||
icon?: InputMaybe<Scalars['String']['input']>;
|
||||
imageIdentifierFieldMetadataId?: InputMaybe<Scalars['String']['input']>;
|
||||
isActive?: InputMaybe<Scalars['Boolean']['input']>;
|
||||
labelIdentifierFieldMetadataId?: InputMaybe<Scalars['String']['input']>;
|
||||
labelPlural?: InputMaybe<Scalars['String']['input']>;
|
||||
labelSingular?: InputMaybe<Scalars['String']['input']>;
|
||||
namePlural?: InputMaybe<Scalars['String']['input']>;
|
||||
@ -457,6 +461,7 @@ export type UserWorkspaceMemberName = {
|
||||
|
||||
export type Workspace = {
|
||||
__typename?: 'Workspace';
|
||||
allowImpersonation: Scalars['Boolean']['output'];
|
||||
createdAt: Scalars['DateTime']['output'];
|
||||
deletedAt?: Maybe<Scalars['DateTime']['output']>;
|
||||
displayName?: Maybe<Scalars['String']['output']>;
|
||||
|
||||
@ -399,6 +399,7 @@ export type Telemetry = {
|
||||
};
|
||||
|
||||
export type UpdateWorkspaceInput = {
|
||||
allowImpersonation?: InputMaybe<Scalars['Boolean']>;
|
||||
displayName?: InputMaybe<Scalars['String']>;
|
||||
domainName?: InputMaybe<Scalars['String']>;
|
||||
inviteHash?: InputMaybe<Scalars['String']>;
|
||||
@ -460,6 +461,7 @@ export type Verify = {
|
||||
|
||||
export type Workspace = {
|
||||
__typename?: 'Workspace';
|
||||
allowImpersonation: Scalars['Boolean'];
|
||||
createdAt: Scalars['DateTime'];
|
||||
deletedAt?: Maybe<Scalars['DateTime']>;
|
||||
displayName?: Maybe<Scalars['String']>;
|
||||
@ -607,7 +609,7 @@ export type ImpersonateMutationVariables = Exact<{
|
||||
}>;
|
||||
|
||||
|
||||
export type ImpersonateMutation = { __typename?: 'Mutation', impersonate: { __typename?: 'Verify', user: { __typename?: 'User', id: string, firstName: string, lastName: string, email: string, canImpersonate: boolean, supportUserHash?: string | null, workspaceMember: { __typename?: 'UserWorkspaceMember', id: string, colorScheme: string, avatarUrl?: string | null, locale: string, allowImpersonation: boolean, name: { __typename?: 'UserWorkspaceMemberName', firstName: string, lastName: string } }, defaultWorkspace: { __typename?: 'Workspace', id: string, displayName?: string | null, logo?: string | null, domainName?: string | null, inviteHash?: string | null } }, tokens: { __typename?: 'AuthTokenPair', accessToken: { __typename?: 'AuthToken', token: string, expiresAt: string }, refreshToken: { __typename?: 'AuthToken', token: string, expiresAt: string } } } };
|
||||
export type ImpersonateMutation = { __typename?: 'Mutation', impersonate: { __typename?: 'Verify', user: { __typename?: 'User', id: string, firstName: string, lastName: string, email: string, canImpersonate: boolean, supportUserHash?: string | null, workspaceMember: { __typename?: 'UserWorkspaceMember', id: string, colorScheme: string, avatarUrl?: string | null, locale: string, allowImpersonation: boolean, name: { __typename?: 'UserWorkspaceMemberName', firstName: string, lastName: string } }, defaultWorkspace: { __typename?: 'Workspace', id: string, displayName?: string | null, logo?: string | null, domainName?: string | null, inviteHash?: string | null, allowImpersonation: boolean } }, tokens: { __typename?: 'AuthTokenPair', accessToken: { __typename?: 'AuthToken', token: string, expiresAt: string }, refreshToken: { __typename?: 'AuthToken', token: string, expiresAt: string } } } };
|
||||
|
||||
export type RenewTokenMutationVariables = Exact<{
|
||||
refreshToken: Scalars['String'];
|
||||
@ -630,7 +632,7 @@ export type VerifyMutationVariables = Exact<{
|
||||
}>;
|
||||
|
||||
|
||||
export type VerifyMutation = { __typename?: 'Mutation', verify: { __typename?: 'Verify', user: { __typename?: 'User', id: string, firstName: string, lastName: string, email: string, canImpersonate: boolean, supportUserHash?: string | null, workspaceMember: { __typename?: 'UserWorkspaceMember', id: string, colorScheme: string, avatarUrl?: string | null, locale: string, allowImpersonation: boolean, name: { __typename?: 'UserWorkspaceMemberName', firstName: string, lastName: string } }, defaultWorkspace: { __typename?: 'Workspace', id: string, displayName?: string | null, logo?: string | null, domainName?: string | null, inviteHash?: string | null } }, tokens: { __typename?: 'AuthTokenPair', accessToken: { __typename?: 'AuthToken', token: string, expiresAt: string }, refreshToken: { __typename?: 'AuthToken', token: string, expiresAt: string } } } };
|
||||
export type VerifyMutation = { __typename?: 'Mutation', verify: { __typename?: 'Verify', user: { __typename?: 'User', id: string, firstName: string, lastName: string, email: string, canImpersonate: boolean, supportUserHash?: string | null, workspaceMember: { __typename?: 'UserWorkspaceMember', id: string, colorScheme: string, avatarUrl?: string | null, locale: string, allowImpersonation: boolean, name: { __typename?: 'UserWorkspaceMemberName', firstName: string, lastName: string } }, defaultWorkspace: { __typename?: 'Workspace', id: string, displayName?: string | null, logo?: string | null, domainName?: string | null, inviteHash?: string | null, allowImpersonation: boolean } }, tokens: { __typename?: 'AuthTokenPair', accessToken: { __typename?: 'AuthToken', token: string, expiresAt: string }, refreshToken: { __typename?: 'AuthToken', token: string, expiresAt: string } } } };
|
||||
|
||||
export type CheckUserExistsQueryVariables = Exact<{
|
||||
email: Scalars['String'];
|
||||
@ -644,7 +646,7 @@ export type GetClientConfigQueryVariables = Exact<{ [key: string]: never; }>;
|
||||
|
||||
export type GetClientConfigQuery = { __typename?: 'Query', clientConfig: { __typename?: 'ClientConfig', signInPrefilled: boolean, debugMode: boolean, authProviders: { __typename?: 'AuthProviders', google: boolean, password: boolean }, telemetry: { __typename?: 'Telemetry', enabled: boolean, anonymizationEnabled: boolean }, support: { __typename?: 'Support', supportDriver: string, supportFrontChatId?: string | null } } };
|
||||
|
||||
export type UserQueryFragmentFragment = { __typename?: 'User', id: string, firstName: string, lastName: string, email: string, canImpersonate: boolean, supportUserHash?: string | null, workspaceMember: { __typename?: 'UserWorkspaceMember', id: string, colorScheme: string, avatarUrl?: string | null, locale: string, allowImpersonation: boolean, name: { __typename?: 'UserWorkspaceMemberName', firstName: string, lastName: string } }, defaultWorkspace: { __typename?: 'Workspace', id: string, displayName?: string | null, logo?: string | null, domainName?: string | null, inviteHash?: string | null } };
|
||||
export type UserQueryFragmentFragment = { __typename?: 'User', id: string, firstName: string, lastName: string, email: string, canImpersonate: boolean, supportUserHash?: string | null, workspaceMember: { __typename?: 'UserWorkspaceMember', id: string, colorScheme: string, avatarUrl?: string | null, locale: string, allowImpersonation: boolean, name: { __typename?: 'UserWorkspaceMemberName', firstName: string, lastName: string } }, defaultWorkspace: { __typename?: 'Workspace', id: string, displayName?: string | null, logo?: string | null, domainName?: string | null, inviteHash?: string | null, allowImpersonation: boolean } };
|
||||
|
||||
export type DeleteUserAccountMutationVariables = Exact<{ [key: string]: never; }>;
|
||||
|
||||
@ -661,7 +663,7 @@ export type UploadProfilePictureMutation = { __typename?: 'Mutation', uploadProf
|
||||
export type GetCurrentUserQueryVariables = Exact<{ [key: string]: never; }>;
|
||||
|
||||
|
||||
export type GetCurrentUserQuery = { __typename?: 'Query', currentUser: { __typename?: 'User', id: string, firstName: string, lastName: string, email: string, canImpersonate: boolean, supportUserHash?: string | null, workspaceMember: { __typename?: 'UserWorkspaceMember', id: string, colorScheme: string, avatarUrl?: string | null, locale: string, allowImpersonation: boolean, name: { __typename?: 'UserWorkspaceMemberName', firstName: string, lastName: string } }, defaultWorkspace: { __typename?: 'Workspace', id: string, displayName?: string | null, logo?: string | null, domainName?: string | null, inviteHash?: string | null } } };
|
||||
export type GetCurrentUserQuery = { __typename?: 'Query', currentUser: { __typename?: 'User', id: string, firstName: string, lastName: string, email: string, canImpersonate: boolean, supportUserHash?: string | null, workspaceMember: { __typename?: 'UserWorkspaceMember', id: string, colorScheme: string, avatarUrl?: string | null, locale: string, allowImpersonation: boolean, name: { __typename?: 'UserWorkspaceMemberName', firstName: string, lastName: string } }, defaultWorkspace: { __typename?: 'Workspace', id: string, displayName?: string | null, logo?: string | null, domainName?: string | null, inviteHash?: string | null, allowImpersonation: boolean } } };
|
||||
|
||||
export type DeleteCurrentWorkspaceMutationVariables = Exact<{ [key: string]: never; }>;
|
||||
|
||||
@ -673,7 +675,7 @@ export type UpdateWorkspaceMutationVariables = Exact<{
|
||||
}>;
|
||||
|
||||
|
||||
export type UpdateWorkspaceMutation = { __typename?: 'Mutation', updateWorkspace: { __typename?: 'Workspace', id: string, domainName?: string | null, displayName?: string | null, logo?: string | null } };
|
||||
export type UpdateWorkspaceMutation = { __typename?: 'Mutation', updateWorkspace: { __typename?: 'Workspace', id: string, domainName?: string | null, displayName?: string | null, logo?: string | null, allowImpersonation: boolean } };
|
||||
|
||||
export type UploadWorkspaceLogoMutationVariables = Exact<{
|
||||
file: Scalars['Upload'];
|
||||
@ -687,7 +689,7 @@ export type GetWorkspaceFromInviteHashQueryVariables = Exact<{
|
||||
}>;
|
||||
|
||||
|
||||
export type GetWorkspaceFromInviteHashQuery = { __typename?: 'Query', findWorkspaceFromInviteHash: { __typename?: 'Workspace', id: string, displayName?: string | null, logo?: string | null } };
|
||||
export type GetWorkspaceFromInviteHashQuery = { __typename?: 'Query', findWorkspaceFromInviteHash: { __typename?: 'Workspace', id: string, displayName?: string | null, logo?: string | null, allowImpersonation: boolean } };
|
||||
|
||||
export const AuthTokenFragmentFragmentDoc = gql`
|
||||
fragment AuthTokenFragment on AuthToken {
|
||||
@ -730,6 +732,7 @@ export const UserQueryFragmentFragmentDoc = gql`
|
||||
logo
|
||||
domainName
|
||||
inviteHash
|
||||
allowImpersonation
|
||||
}
|
||||
}
|
||||
`;
|
||||
@ -1162,6 +1165,7 @@ export const GetCurrentUserDocument = gql`
|
||||
logo
|
||||
domainName
|
||||
inviteHash
|
||||
allowImpersonation
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1232,6 +1236,7 @@ export const UpdateWorkspaceDocument = gql`
|
||||
domainName
|
||||
displayName
|
||||
logo
|
||||
allowImpersonation
|
||||
}
|
||||
}
|
||||
`;
|
||||
@ -1298,6 +1303,7 @@ export const GetWorkspaceFromInviteHashDocument = gql`
|
||||
id
|
||||
displayName
|
||||
logo
|
||||
allowImpersonation
|
||||
}
|
||||
}
|
||||
`;
|
||||
|
||||
@ -1,10 +1,10 @@
|
||||
import { atom } from 'recoil';
|
||||
|
||||
import { Workspace } from '~/generated-metadata/graphql';
|
||||
import { Workspace } from '~/generated/graphql';
|
||||
|
||||
export type CurrentWorkspace = Pick<
|
||||
Workspace,
|
||||
'id' | 'inviteHash' | 'logo' | 'displayName'
|
||||
'id' | 'inviteHash' | 'logo' | 'displayName' | 'allowImpersonation'
|
||||
>;
|
||||
|
||||
export const currentWorkspaceState = atom<CurrentWorkspace | null>({
|
||||
|
||||
@ -0,0 +1,46 @@
|
||||
import { useRecoilState } from 'recoil';
|
||||
|
||||
import { currentWorkspaceState } from '@/auth/states/currentWorkspaceState';
|
||||
import { useSnackBar } from '@/ui/feedback/snack-bar-manager/hooks/useSnackBar';
|
||||
import { Toggle } from '@/ui/input/components/Toggle';
|
||||
import { useUpdateWorkspaceMutation } from '~/generated/graphql';
|
||||
|
||||
export const ToggleImpersonate = () => {
|
||||
const { enqueueSnackBar } = useSnackBar();
|
||||
|
||||
const [currentWorkspace, setCurrentWorkspace] = useRecoilState(
|
||||
currentWorkspaceState,
|
||||
);
|
||||
|
||||
const [updateWorkspace] = useUpdateWorkspaceMutation();
|
||||
|
||||
const handleChange = async (value: boolean) => {
|
||||
try {
|
||||
if (!currentWorkspace?.id) {
|
||||
throw new Error('User is not logged in');
|
||||
}
|
||||
await updateWorkspace({
|
||||
variables: {
|
||||
input: {
|
||||
allowImpersonation: value,
|
||||
},
|
||||
},
|
||||
});
|
||||
setCurrentWorkspace({
|
||||
...currentWorkspace,
|
||||
allowImpersonation: value,
|
||||
});
|
||||
} catch (err: any) {
|
||||
enqueueSnackBar(err?.message, {
|
||||
variant: 'error',
|
||||
});
|
||||
}
|
||||
};
|
||||
|
||||
return (
|
||||
<Toggle
|
||||
value={currentWorkspace?.allowImpersonation}
|
||||
onChange={handleChange}
|
||||
/>
|
||||
);
|
||||
};
|
||||
@ -25,6 +25,7 @@ export const USER_QUERY_FRAGMENT = gql`
|
||||
logo
|
||||
domainName
|
||||
inviteHash
|
||||
allowImpersonation
|
||||
}
|
||||
}
|
||||
`;
|
||||
|
||||
@ -26,6 +26,7 @@ export const GET_CURRENT_USER = gql`
|
||||
logo
|
||||
domainName
|
||||
inviteHash
|
||||
allowImpersonation
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -7,6 +7,7 @@ export const UPDATE_WORKSPACE = gql`
|
||||
domainName
|
||||
displayName
|
||||
logo
|
||||
allowImpersonation
|
||||
}
|
||||
}
|
||||
`;
|
||||
|
||||
@ -6,6 +6,7 @@ export const GET_WORKSPACE_FROM_INVITE_HASH = gql`
|
||||
id
|
||||
displayName
|
||||
logo
|
||||
allowImpersonation
|
||||
}
|
||||
}
|
||||
`;
|
||||
|
||||
@ -77,6 +77,8 @@ export const CreateWorkspace = () => {
|
||||
setCurrentWorkspace({
|
||||
id: result.data?.updateWorkspace?.id ?? '',
|
||||
displayName: data.name,
|
||||
allowImpersonation:
|
||||
result.data?.updateWorkspace?.allowImpersonation ?? false,
|
||||
});
|
||||
|
||||
if (result.errors || !result.data?.updateWorkspace) {
|
||||
|
||||
@ -5,7 +5,6 @@ import { DeleteAccount } from '@/settings/profile/components/DeleteAccount';
|
||||
import { EmailField } from '@/settings/profile/components/EmailField';
|
||||
import { NameFields } from '@/settings/profile/components/NameFields';
|
||||
import { ProfilePictureUploader } from '@/settings/profile/components/ProfilePictureUploader';
|
||||
import { ToggleField } from '@/settings/profile/components/ToggleField';
|
||||
import { IconSettings } from '@/ui/display/icon';
|
||||
import { H1Title } from '@/ui/display/typography/components/H1Title';
|
||||
import { H2Title } from '@/ui/display/typography/components/H2Title';
|
||||
@ -35,13 +34,6 @@ export const SettingsProfile = () => (
|
||||
/>
|
||||
<EmailField />
|
||||
</Section>
|
||||
<Section>
|
||||
<H2Title
|
||||
title="Support"
|
||||
addornment={<ToggleField />}
|
||||
description="Grant Twenty support temporary access to your account so we can troubleshoot problems or recover content on your behalf. You can revoke access at any time."
|
||||
/>
|
||||
</Section>
|
||||
<Section>
|
||||
<DeleteAccount />
|
||||
</Section>
|
||||
|
||||
@ -3,6 +3,7 @@ import styled from '@emotion/styled';
|
||||
import { SettingsPageContainer } from '@/settings/components/SettingsPageContainer';
|
||||
import { DeleteWorkspace } from '@/settings/profile/components/DeleteWorkspace';
|
||||
import { NameField } from '@/settings/workspace/components/NameField';
|
||||
import { ToggleImpersonate } from '@/settings/workspace/components/ToggleImpersonate';
|
||||
import { WorkspaceLogoUploader } from '@/settings/workspace/components/WorkspaceLogoUploader';
|
||||
import { IconSettings } from '@/ui/display/icon';
|
||||
import { H1Title } from '@/ui/display/typography/components/H1Title';
|
||||
@ -26,7 +27,13 @@ export const SettingsWorkspace = () => (
|
||||
<H2Title title="Name" description="Name of your workspace" />
|
||||
<NameField />
|
||||
</Section>
|
||||
|
||||
<Section>
|
||||
<H2Title
|
||||
title="Support"
|
||||
addornment={<ToggleImpersonate />}
|
||||
description="Grant Twenty support temporary access to your workspace so we can troubleshoot problems or recover content on your behalf. You can revoke access at any time."
|
||||
/>
|
||||
</Section>
|
||||
<Section>
|
||||
<DeleteWorkspace />
|
||||
</Section>
|
||||
|
||||
@ -1,16 +0,0 @@
|
||||
import dotenv from 'dotenv';
|
||||
import { PostgresConnectionOptions } from 'typeorm/driver/postgres/PostgresConnectionOptions';
|
||||
dotenv.config();
|
||||
|
||||
export default {
|
||||
url: process.env.PG_DATABASE_URL,
|
||||
type: 'postgres',
|
||||
entities: [__dirname + '/src/core/**/*.entity{.ts,.js}'],
|
||||
synchronize: false,
|
||||
migrationsRun: false,
|
||||
migrationsTableName: '_typeorm_migrations',
|
||||
migrations: [__dirname + '/migrations/**/*{.ts,.js}'],
|
||||
cli: {
|
||||
migrationsDir: __dirname + '/migrations',
|
||||
},
|
||||
} as PostgresConnectionOptions;
|
||||
@ -21,7 +21,7 @@
|
||||
"test:debug": "node --inspect-brk -r tsconfig-paths/register -r ts-node/register node_modules/.bin/jest --runInBand",
|
||||
"test:e2e": "./scripts/run-integration.sh",
|
||||
"typeorm": "ts-node -r tsconfig-paths/register ./node_modules/typeorm/cli.js",
|
||||
"typeorm:migrate": "yarn typeorm migration:run -d ./src/database/typeorm/metadata/metadata.datasource.ts",
|
||||
"typeorm:migrate": "yarn typeorm migration:run -d ./src/database/typeorm/metadata/metadata.datasource.ts && yarn typeorm migration:run -d ./src/database/typeorm/core/core.datasource.ts",
|
||||
"database:init": "yarn database:setup && yarn database:seed",
|
||||
"database:setup": "npx ts-node ./scripts/setup-db.ts && yarn database:migrate",
|
||||
"database:truncate": "npx ts-node ./scripts/truncate-db.ts",
|
||||
|
||||
@ -3,19 +3,15 @@ import { Module } from '@nestjs/common';
|
||||
import { JwtModule } from '@nestjs/jwt';
|
||||
import { TypeOrmModule } from '@nestjs/typeorm';
|
||||
|
||||
import { NestjsQueryGraphQLModule } from '@ptc-org/nestjs-query-graphql';
|
||||
|
||||
import { EnvironmentService } from 'src/integrations/environment/environment.service';
|
||||
import { FileModule } from 'src/core/file/file.module';
|
||||
import { Workspace } from 'src/core/workspace/workspace.entity';
|
||||
import { User } from 'src/core/user/user.entity';
|
||||
import { RefreshToken } from 'src/core/refresh-token/refresh-token.entity';
|
||||
import { DataSourceModule } from 'src/metadata/data-source/data-source.module';
|
||||
import { TypeORMModule } from 'src/database/typeorm/typeorm.module';
|
||||
import { UserModule } from 'src/core/user/user.module';
|
||||
import { WorkspaceManagerModule } from 'src/workspace/workspace-manager/workspace-manager.module';
|
||||
|
||||
import config from '../../../ormconfig';
|
||||
import { TypeORMModule } from 'src/database/typeorm/typeorm.module';
|
||||
|
||||
import { AuthResolver } from './auth.resolver';
|
||||
|
||||
@ -44,13 +40,8 @@ const jwtModule = JwtModule.registerAsync({
|
||||
DataSourceModule,
|
||||
UserModule,
|
||||
WorkspaceManagerModule,
|
||||
TypeOrmModule.forRoot(config),
|
||||
NestjsQueryGraphQLModule.forFeature({
|
||||
imports: [
|
||||
TypeOrmModule.forFeature([Workspace, User, RefreshToken]),
|
||||
TypeORMModule,
|
||||
],
|
||||
}),
|
||||
TypeORMModule,
|
||||
TypeOrmModule.forFeature([Workspace, User, RefreshToken], 'core'),
|
||||
],
|
||||
controllers: [GoogleAuthController, VerifyAuthController],
|
||||
providers: [AuthService, TokenService, JwtAuthStrategy, AuthResolver],
|
||||
|
||||
@ -34,7 +34,7 @@ import { ImpersonateInput } from './dto/impersonate.input';
|
||||
@Resolver()
|
||||
export class AuthResolver {
|
||||
constructor(
|
||||
@InjectRepository(Workspace)
|
||||
@InjectRepository(Workspace, 'core')
|
||||
private readonly workspaceRepository: Repository<Workspace>,
|
||||
private authService: AuthService,
|
||||
private tokenService: TokenService,
|
||||
|
||||
@ -21,8 +21,8 @@ export class GoogleAuthController {
|
||||
private readonly environmentService: EnvironmentService,
|
||||
private readonly typeORMService: TypeORMService,
|
||||
private readonly authService: AuthService,
|
||||
@InjectRepository(Workspace)
|
||||
@InjectRepository(User, 'metadata')
|
||||
@InjectRepository(Workspace, 'core')
|
||||
@InjectRepository(User, 'core')
|
||||
private readonly userRepository: Repository<User>,
|
||||
) {}
|
||||
|
||||
|
||||
@ -44,9 +44,9 @@ export class AuthService {
|
||||
private readonly userService: UserService,
|
||||
private readonly workspaceManagerService: WorkspaceManagerService,
|
||||
private readonly fileUploadService: FileUploadService,
|
||||
@InjectRepository(Workspace)
|
||||
@InjectRepository(Workspace, 'core')
|
||||
private readonly workspaceRepository: Repository<Workspace>,
|
||||
@InjectRepository(User)
|
||||
@InjectRepository(User, 'core')
|
||||
private readonly userRepository: Repository<User>,
|
||||
) {}
|
||||
|
||||
@ -194,13 +194,18 @@ export class AuthService {
|
||||
}
|
||||
|
||||
async impersonate(userId: string) {
|
||||
const user = await this.userRepository.findOneBy({
|
||||
id: userId,
|
||||
const user = await this.userRepository.findOne({
|
||||
where: {
|
||||
id: userId,
|
||||
},
|
||||
relations: ['defaultWorkspace'],
|
||||
});
|
||||
|
||||
assert(user, "This user doesn't exist", NotFoundException);
|
||||
|
||||
// Todo: check if workspace member can be impersonated
|
||||
if (!user.defaultWorkspace.allowImpersonation) {
|
||||
throw new ForbiddenException('Impersonation not allowed');
|
||||
}
|
||||
|
||||
const accessToken = await this.tokenService.generateAccessToken(user.id);
|
||||
const refreshToken = await this.tokenService.generateRefreshToken(user.id);
|
||||
|
||||
@ -26,9 +26,9 @@ export class TokenService {
|
||||
constructor(
|
||||
private readonly jwtService: JwtService,
|
||||
private readonly environmentService: EnvironmentService,
|
||||
@InjectRepository(User)
|
||||
@InjectRepository(User, 'core')
|
||||
private readonly userRepository: Repository<User>,
|
||||
@InjectRepository(RefreshToken)
|
||||
@InjectRepository(RefreshToken, 'core')
|
||||
private readonly refreshTokenRepository: Repository<RefreshToken>,
|
||||
) {}
|
||||
|
||||
|
||||
@ -25,9 +25,9 @@ export class JwtAuthStrategy extends PassportStrategy(Strategy, 'jwt') {
|
||||
private readonly environmentService: EnvironmentService,
|
||||
private readonly typeORMService: TypeORMService,
|
||||
private readonly dataSourceService: DataSourceService,
|
||||
@InjectRepository(Workspace)
|
||||
@InjectRepository(Workspace, 'core')
|
||||
private readonly workspaceRepository: Repository<Workspace>,
|
||||
@InjectRepository(User)
|
||||
@InjectRepository(User, 'core')
|
||||
private readonly userRepository: Repository<User>,
|
||||
) {
|
||||
super({
|
||||
|
||||
@ -1,12 +1,8 @@
|
||||
import { Module } from '@nestjs/common';
|
||||
import { TypeOrmModule } from '@nestjs/typeorm';
|
||||
|
||||
import { NestjsQueryGraphQLModule } from '@ptc-org/nestjs-query-graphql';
|
||||
import { NestjsQueryTypeOrmModule } from '@ptc-org/nestjs-query-typeorm';
|
||||
|
||||
// eslint-disable-next-line no-restricted-imports
|
||||
import config from '../../../ormconfig';
|
||||
|
||||
import { RefreshToken } from './refresh-token.entity';
|
||||
import { refreshTokenAutoResolverOpts } from './refresh-token.auto-resolver-opts';
|
||||
|
||||
@ -14,9 +10,8 @@ import { RefreshTokenService } from './services/refresh-token.service';
|
||||
|
||||
@Module({
|
||||
imports: [
|
||||
TypeOrmModule.forRoot(config),
|
||||
NestjsQueryGraphQLModule.forFeature({
|
||||
imports: [NestjsQueryTypeOrmModule.forFeature([RefreshToken])],
|
||||
imports: [NestjsQueryTypeOrmModule.forFeature([RefreshToken], 'core')],
|
||||
services: [RefreshTokenService],
|
||||
resolvers: refreshTokenAutoResolverOpts,
|
||||
}),
|
||||
|
||||
@ -11,7 +11,7 @@ import { TypeORMService } from 'src/database/typeorm/typeorm.service';
|
||||
|
||||
export class UserService extends TypeOrmQueryService<User> {
|
||||
constructor(
|
||||
@InjectRepository(User)
|
||||
@InjectRepository(User, 'core')
|
||||
private readonly userRepository: Repository<User>,
|
||||
private readonly dataSourceService: DataSourceService,
|
||||
private readonly typeORMService: TypeORMService,
|
||||
|
||||
@ -23,11 +23,11 @@ export class User {
|
||||
id: string;
|
||||
|
||||
@Field()
|
||||
@Column({ nullable: true })
|
||||
@Column({ default: '' })
|
||||
firstName: string;
|
||||
|
||||
@Field()
|
||||
@Column({ nullable: true })
|
||||
@Column({ default: '' })
|
||||
lastName: string;
|
||||
|
||||
@Field()
|
||||
|
||||
@ -1,6 +1,5 @@
|
||||
/* eslint-disable no-restricted-imports */
|
||||
import { Module } from '@nestjs/common';
|
||||
import { TypeOrmModule } from '@nestjs/typeorm';
|
||||
|
||||
import { NestjsQueryGraphQLModule } from '@ptc-org/nestjs-query-graphql';
|
||||
import { NestjsQueryTypeOrmModule } from '@ptc-org/nestjs-query-typeorm';
|
||||
@ -12,17 +11,17 @@ import { TypeORMService } from 'src/database/typeorm/typeorm.service';
|
||||
import { DataSourceModule } from 'src/metadata/data-source/data-source.module';
|
||||
import { TypeORMModule } from 'src/database/typeorm/typeorm.module';
|
||||
|
||||
import config from '../../../ormconfig';
|
||||
|
||||
import { userAutoResolverOpts } from './user.auto-resolver-opts';
|
||||
|
||||
import { UserService } from './services/user.service';
|
||||
|
||||
@Module({
|
||||
imports: [
|
||||
TypeOrmModule.forRoot(config),
|
||||
NestjsQueryGraphQLModule.forFeature({
|
||||
imports: [NestjsQueryTypeOrmModule.forFeature([User]), TypeORMModule],
|
||||
imports: [
|
||||
NestjsQueryTypeOrmModule.forFeature([User], 'core'),
|
||||
TypeORMModule,
|
||||
],
|
||||
resolvers: userAutoResolverOpts,
|
||||
}),
|
||||
DataSourceModule,
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
import { Field, InputType } from '@nestjs/graphql';
|
||||
|
||||
import { IsOptional, IsString } from 'class-validator';
|
||||
import { IsBoolean, IsOptional, IsString } from 'class-validator';
|
||||
|
||||
@InputType()
|
||||
export class UpdateWorkspaceInput {
|
||||
@ -23,4 +23,9 @@ export class UpdateWorkspaceInput {
|
||||
@IsString()
|
||||
@IsOptional()
|
||||
inviteHash?: string;
|
||||
|
||||
@Field({ nullable: true })
|
||||
@IsBoolean()
|
||||
@IsOptional()
|
||||
allowImpersonation?: boolean;
|
||||
}
|
||||
|
||||
@ -10,7 +10,7 @@ import { Workspace } from 'src/core/workspace/workspace.entity';
|
||||
|
||||
export class WorkspaceService extends TypeOrmQueryService<Workspace> {
|
||||
constructor(
|
||||
@InjectRepository(Workspace)
|
||||
@InjectRepository(Workspace, 'core')
|
||||
private readonly workspaceRepository: Repository<Workspace>,
|
||||
private readonly workspaceManagerService: WorkspaceManagerService,
|
||||
) {
|
||||
|
||||
@ -49,4 +49,8 @@ export class Workspace {
|
||||
|
||||
@OneToMany(() => User, (user) => user.defaultWorkspace)
|
||||
users: User[];
|
||||
|
||||
@Field()
|
||||
@Column({ default: true })
|
||||
allowImpersonation: boolean;
|
||||
}
|
||||
|
||||
@ -1,5 +1,4 @@
|
||||
import { Module } from '@nestjs/common';
|
||||
import { TypeOrmModule } from '@nestjs/typeorm';
|
||||
|
||||
import { NestjsQueryGraphQLModule } from '@ptc-org/nestjs-query-graphql';
|
||||
import { NestjsQueryTypeOrmModule } from '@ptc-org/nestjs-query-typeorm';
|
||||
@ -7,9 +6,7 @@ import { NestjsQueryTypeOrmModule } from '@ptc-org/nestjs-query-typeorm';
|
||||
import { FileModule } from 'src/core/file/file.module';
|
||||
import { WorkspaceManagerModule } from 'src/workspace/workspace-manager/workspace-manager.module';
|
||||
import { WorkspaceResolver } from 'src/core/workspace/workspace.resolver';
|
||||
|
||||
// eslint-disable-next-line no-restricted-imports
|
||||
import config from '../../../ormconfig';
|
||||
import { TypeORMModule } from 'src/database/typeorm/typeorm.module';
|
||||
|
||||
import { Workspace } from './workspace.entity';
|
||||
import { workspaceAutoResolverOpts } from './workspace.auto-resolver-opts';
|
||||
@ -18,10 +15,10 @@ import { WorkspaceService } from './services/workspace.service';
|
||||
|
||||
@Module({
|
||||
imports: [
|
||||
TypeOrmModule.forRoot(config),
|
||||
TypeORMModule,
|
||||
NestjsQueryGraphQLModule.forFeature({
|
||||
imports: [
|
||||
NestjsQueryTypeOrmModule.forFeature([Workspace]),
|
||||
NestjsQueryTypeOrmModule.forFeature([Workspace], 'core'),
|
||||
WorkspaceManagerModule,
|
||||
FileModule,
|
||||
],
|
||||
|
||||
@ -162,24 +162,6 @@ export const seedWorkspaceMemberFieldMetadata = async (
|
||||
isSystem: false,
|
||||
defaultValue: undefined,
|
||||
},
|
||||
{
|
||||
id: SeedWorkspaceMemberFieldMetadataIds.AllowImpersonation,
|
||||
objectMetadataId: SeedObjectMetadataIds.WorkspaceMember,
|
||||
isCustom: false,
|
||||
workspaceId: SeedWorkspaceId,
|
||||
isActive: true,
|
||||
type: FieldMetadataType.BOOLEAN,
|
||||
name: 'allowImpersonation',
|
||||
label: 'Admin Access',
|
||||
targetColumnMap: {
|
||||
value: 'allowImpersonation',
|
||||
},
|
||||
description: 'Allow Admin Access',
|
||||
icon: 'IconEye',
|
||||
isNullable: false,
|
||||
isSystem: false,
|
||||
defaultValue: { value: false },
|
||||
},
|
||||
{
|
||||
id: SeedWorkspaceMemberFieldMetadataIds.ColorScheme,
|
||||
objectMetadataId: SeedObjectMetadataIds.WorkspaceMember,
|
||||
|
||||
21
server/src/database/typeorm/core/core.datasource.ts
Normal file
21
server/src/database/typeorm/core/core.datasource.ts
Normal file
@ -0,0 +1,21 @@
|
||||
import { ConfigService } from '@nestjs/config';
|
||||
import { TypeOrmModuleOptions } from '@nestjs/typeorm';
|
||||
|
||||
import { DataSource, DataSourceOptions } from 'typeorm';
|
||||
import { config } from 'dotenv';
|
||||
config();
|
||||
const configService = new ConfigService();
|
||||
export const typeORMCoreModuleOptions: TypeOrmModuleOptions = {
|
||||
url: configService.get<string>('PG_DATABASE_URL'),
|
||||
type: 'postgres',
|
||||
logging: ['error'],
|
||||
schema: 'core',
|
||||
entities: ['dist/src/core/**/*.entity{.ts,.js}'],
|
||||
synchronize: false,
|
||||
migrationsRun: false,
|
||||
migrationsTableName: '_typeorm_migrations',
|
||||
migrations: ['dist/src/database/typeorm/core/migrations/*{.ts,.js}'],
|
||||
};
|
||||
export const connectionSource = new DataSource(
|
||||
typeORMCoreModuleOptions as DataSourceOptions,
|
||||
);
|
||||
@ -0,0 +1,43 @@
|
||||
import { MigrationInterface, QueryRunner } from 'typeorm';
|
||||
|
||||
export class AddAllowImpersonationToWorkspace1700654387203
|
||||
implements MigrationInterface
|
||||
{
|
||||
name = 'AddAllowImpersonationToWorkspace1700654387203';
|
||||
|
||||
public async up(queryRunner: QueryRunner): Promise<void> {
|
||||
await queryRunner.query(
|
||||
`ALTER TABLE "core"."user" DROP CONSTRAINT "FK_5d77e050eabd28d203b301235a7"`,
|
||||
);
|
||||
await queryRunner.query(
|
||||
`ALTER TABLE "core"."refreshToken" DROP CONSTRAINT "FK_610102b60fea1455310ccd299de"`,
|
||||
);
|
||||
await queryRunner.query(
|
||||
`ALTER TABLE "core"."workspace" ADD "allowImpersonation" boolean NOT NULL DEFAULT true`,
|
||||
);
|
||||
await queryRunner.query(
|
||||
`ALTER TABLE "core"."user" ADD CONSTRAINT "FK_2ec910029395fa7655621c88908" FOREIGN KEY ("defaultWorkspaceId") REFERENCES "core"."workspace"("id") ON DELETE NO ACTION ON UPDATE NO ACTION`,
|
||||
);
|
||||
await queryRunner.query(
|
||||
`ALTER TABLE "core"."refreshToken" ADD CONSTRAINT "FK_7008a2b0fb083127f60b5f4448e" FOREIGN KEY ("userId") REFERENCES "core"."user"("id") ON DELETE NO ACTION ON UPDATE NO ACTION`,
|
||||
);
|
||||
}
|
||||
|
||||
public async down(queryRunner: QueryRunner): Promise<void> {
|
||||
await queryRunner.query(
|
||||
`ALTER TABLE "core"."refreshToken" DROP CONSTRAINT "FK_7008a2b0fb083127f60b5f4448e"`,
|
||||
);
|
||||
await queryRunner.query(
|
||||
`ALTER TABLE "core"."user" DROP CONSTRAINT "FK_2ec910029395fa7655621c88908"`,
|
||||
);
|
||||
await queryRunner.query(
|
||||
`ALTER TABLE "core"."workspace" DROP COLUMN "allowImpersonation"`,
|
||||
);
|
||||
await queryRunner.query(
|
||||
`ALTER TABLE "core"."refreshToken" ADD CONSTRAINT "FK_610102b60fea1455310ccd299de" FOREIGN KEY ("userId") REFERENCES "core"."user"("id") ON DELETE NO ACTION ON UPDATE NO ACTION`,
|
||||
);
|
||||
await queryRunner.query(
|
||||
`ALTER TABLE "core"."user" ADD CONSTRAINT "FK_5d77e050eabd28d203b301235a7" FOREIGN KEY ("defaultWorkspaceId") REFERENCES "core"."workspace"("id") ON DELETE NO ACTION ON UPDATE NO ACTION`,
|
||||
);
|
||||
}
|
||||
}
|
||||
@ -10,17 +10,11 @@ export const typeORMMetadataModuleOptions: TypeOrmModuleOptions = {
|
||||
type: 'postgres',
|
||||
logging: ['error'],
|
||||
schema: 'metadata',
|
||||
entities: [
|
||||
'dist/src/metadata/**/*.entity{.ts,.js}',
|
||||
'dist/src/core/**/*.entity{.ts,.js}',
|
||||
],
|
||||
entities: ['dist/src/metadata/**/*.entity{.ts,.js}'],
|
||||
synchronize: false,
|
||||
migrationsRun: false,
|
||||
migrationsTableName: '_typeorm_migrations',
|
||||
migrations: [
|
||||
'dist/src/database/typeorm/metadata/migrations/*{.ts,.js}',
|
||||
'dist/src/database/typeorm/core/migrations/*{.ts,.js}',
|
||||
],
|
||||
migrations: ['dist/src/database/typeorm/metadata/migrations/*{.ts,.js}'],
|
||||
};
|
||||
export const connectionSource = new DataSource(
|
||||
typeORMMetadataModuleOptions as DataSourceOptions,
|
||||
|
||||
@ -1,6 +1,8 @@
|
||||
import { Module } from '@nestjs/common';
|
||||
import { TypeOrmModule, TypeOrmModuleOptions } from '@nestjs/typeorm';
|
||||
|
||||
import { typeORMCoreModuleOptions } from 'src/database/typeorm/core/core.datasource';
|
||||
|
||||
import { TypeORMService } from './typeorm.service';
|
||||
|
||||
import { typeORMMetadataModuleOptions } from './metadata/metadata.datasource';
|
||||
@ -10,12 +12,21 @@ const metadataTypeORMFactory = async (): Promise<TypeOrmModuleOptions> => ({
|
||||
name: 'metadata',
|
||||
});
|
||||
|
||||
const coreTypeORMFactory = async (): Promise<TypeOrmModuleOptions> => ({
|
||||
...typeORMCoreModuleOptions,
|
||||
name: 'core',
|
||||
});
|
||||
|
||||
@Module({
|
||||
imports: [
|
||||
TypeOrmModule.forRootAsync({
|
||||
useFactory: metadataTypeORMFactory,
|
||||
name: 'metadata',
|
||||
}),
|
||||
TypeOrmModule.forRootAsync({
|
||||
useFactory: coreTypeORMFactory,
|
||||
name: 'core',
|
||||
}),
|
||||
],
|
||||
providers: [TypeORMService],
|
||||
exports: [TypeORMService],
|
||||
|
||||
@ -26,19 +26,6 @@ const workspaceMemberMetadata = {
|
||||
isNullable: false,
|
||||
defaultValue: { firstName: '', lastName: '' },
|
||||
},
|
||||
{
|
||||
isCustom: false,
|
||||
isActive: true,
|
||||
type: FieldMetadataType.BOOLEAN,
|
||||
name: 'allowImpersonation',
|
||||
label: 'Admin Access',
|
||||
targetColumnMap: {
|
||||
value: 'allowImpersonation',
|
||||
},
|
||||
description: 'Allow Admin Access',
|
||||
icon: 'IconEye',
|
||||
isNullable: false,
|
||||
},
|
||||
{
|
||||
isCustom: false,
|
||||
isActive: true,
|
||||
|
||||
Reference in New Issue
Block a user