admin/twenty
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Move Impersonate from User to Workspace (#2630)

Browse Source 
* Fix impersonate

* align core typeorm config with metadata config + add allowImpersonation to workspace

* move allowImpersonation to workspace

* remove allowImpersonation from workspaceMember workspace table
This commit is contained in:
Weiko
2023-11-22 14:12:39 +01:00
committed by GitHub
parent 680e9b6aa5
commit a6abe09163
33 changed files with 199 additions and 119 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
server/src/core/auth/auth.module.ts
View File

@ -3,19 +3,15 @@ import { Module } from '@nestjs/common';
import { JwtModule } from '@nestjs/jwt';
import { TypeOrmModule } from '@nestjs/typeorm';
import { NestjsQueryGraphQLModule } from '@ptc-org/nestjs-query-graphql';
import { EnvironmentService } from 'src/integrations/environment/environment.service';
import { FileModule } from 'src/core/file/file.module';
import { Workspace } from 'src/core/workspace/workspace.entity';
import { User } from 'src/core/user/user.entity';
import { RefreshToken } from 'src/core/refresh-token/refresh-token.entity';
import { DataSourceModule } from 'src/metadata/data-source/data-source.module';
import { TypeORMModule } from 'src/database/typeorm/typeorm.module';
import { UserModule } from 'src/core/user/user.module';
import { WorkspaceManagerModule } from 'src/workspace/workspace-manager/workspace-manager.module';
import config from '../../../ormconfig';
import { TypeORMModule } from 'src/database/typeorm/typeorm.module';
import { AuthResolver } from './auth.resolver';
@ -44,13 +40,8 @@ const jwtModule = JwtModule.registerAsync({
DataSourceModule,
UserModule,
WorkspaceManagerModule,
TypeOrmModule.forRoot(config),
NestjsQueryGraphQLModule.forFeature({
imports: [
TypeOrmModule.forFeature([Workspace, User, RefreshToken]),
TypeORMModule,
],
}),
TypeORMModule,
TypeOrmModule.forFeature([Workspace, User, RefreshToken], 'core'),
],
controllers: [GoogleAuthController, VerifyAuthController],
providers: [AuthService, TokenService, JwtAuthStrategy, AuthResolver],

2
server/src/core/auth/auth.resolver.ts
View File

@ -34,7 +34,7 @@ import { ImpersonateInput } from './dto/impersonate.input';
@Resolver()
export class AuthResolver {
constructor(
@InjectRepository(Workspace)
@InjectRepository(Workspace, 'core')
private readonly workspaceRepository: Repository<Workspace>,
private authService: AuthService,
private tokenService: TokenService,

4
server/src/core/auth/controllers/google-auth.controller.ts
View File

@ -21,8 +21,8 @@ export class GoogleAuthController {
private readonly environmentService: EnvironmentService,
private readonly typeORMService: TypeORMService,
private readonly authService: AuthService,
@InjectRepository(Workspace)
@InjectRepository(User, 'metadata')
@InjectRepository(Workspace, 'core')
@InjectRepository(User, 'core')
private readonly userRepository: Repository<User>,
) {}

15
server/src/core/auth/services/auth.service.ts
View File

@ -44,9 +44,9 @@ export class AuthService {
private readonly userService: UserService,
private readonly workspaceManagerService: WorkspaceManagerService,
private readonly fileUploadService: FileUploadService,
@InjectRepository(Workspace)
@InjectRepository(Workspace, 'core')
private readonly workspaceRepository: Repository<Workspace>,
@InjectRepository(User)
@InjectRepository(User, 'core')
private readonly userRepository: Repository<User>,
) {}
@ -194,13 +194,18 @@ export class AuthService {
}
async impersonate(userId: string) {
const user = await this.userRepository.findOneBy({
id: userId,
const user = await this.userRepository.findOne({
where: {
id: userId,
},
relations: ['defaultWorkspace'],
});
assert(user, "This user doesn't exist", NotFoundException);
// Todo: check if workspace member can be impersonated
if (!user.defaultWorkspace.allowImpersonation) {
throw new ForbiddenException('Impersonation not allowed');
}
const accessToken = await this.tokenService.generateAccessToken(user.id);
const refreshToken = await this.tokenService.generateRefreshToken(user.id);

4
server/src/core/auth/services/token.service.ts
View File

@ -26,9 +26,9 @@ export class TokenService {
constructor(
private readonly jwtService: JwtService,
private readonly environmentService: EnvironmentService,
@InjectRepository(User)
@InjectRepository(User, 'core')
private readonly userRepository: Repository<User>,
@InjectRepository(RefreshToken)
@InjectRepository(RefreshToken, 'core')
private readonly refreshTokenRepository: Repository<RefreshToken>,
) {}

4
server/src/core/auth/strategies/jwt.auth.strategy.ts
View File

@ -25,9 +25,9 @@ export class JwtAuthStrategy extends PassportStrategy(Strategy, 'jwt') {
private readonly environmentService: EnvironmentService,
private readonly typeORMService: TypeORMService,
private readonly dataSourceService: DataSourceService,
@InjectRepository(Workspace)
@InjectRepository(Workspace, 'core')
private readonly workspaceRepository: Repository<Workspace>,
@InjectRepository(User)
@InjectRepository(User, 'core')
private readonly userRepository: Repository<User>,
) {
super({

7
server/src/core/refresh-token/refresh-token.module.ts
View File

@ -1,12 +1,8 @@
import { Module } from '@nestjs/common';
import { TypeOrmModule } from '@nestjs/typeorm';
import { NestjsQueryGraphQLModule } from '@ptc-org/nestjs-query-graphql';
import { NestjsQueryTypeOrmModule } from '@ptc-org/nestjs-query-typeorm';
// eslint-disable-next-line no-restricted-imports
import config from '../../../ormconfig';
import { RefreshToken } from './refresh-token.entity';
import { refreshTokenAutoResolverOpts } from './refresh-token.auto-resolver-opts';
@ -14,9 +10,8 @@ import { RefreshTokenService } from './services/refresh-token.service';
@Module({
imports: [
TypeOrmModule.forRoot(config),
NestjsQueryGraphQLModule.forFeature({
imports: [NestjsQueryTypeOrmModule.forFeature([RefreshToken])],
imports: [NestjsQueryTypeOrmModule.forFeature([RefreshToken], 'core')],
services: [RefreshTokenService],
resolvers: refreshTokenAutoResolverOpts,
}),

2
server/src/core/user/services/user.service.ts
View File

@ -11,7 +11,7 @@ import { TypeORMService } from 'src/database/typeorm/typeorm.service';
export class UserService extends TypeOrmQueryService<User> {
constructor(
@InjectRepository(User)
@InjectRepository(User, 'core')
private readonly userRepository: Repository<User>,
private readonly dataSourceService: DataSourceService,
private readonly typeORMService: TypeORMService,

4
server/src/core/user/user.entity.ts
View File

@ -23,11 +23,11 @@ export class User {
id: string;
@Field()
@Column({ nullable: true })
@Column({ default: '' })
firstName: string;
@Field()
@Column({ nullable: true })
@Column({ default: '' })
lastName: string;
@Field()

9
server/src/core/user/user.module.ts
View File

@ -1,6 +1,5 @@
/* eslint-disable no-restricted-imports */
import { Module } from '@nestjs/common';
import { TypeOrmModule } from '@nestjs/typeorm';
import { NestjsQueryGraphQLModule } from '@ptc-org/nestjs-query-graphql';
import { NestjsQueryTypeOrmModule } from '@ptc-org/nestjs-query-typeorm';
@ -12,17 +11,17 @@ import { TypeORMService } from 'src/database/typeorm/typeorm.service';
import { DataSourceModule } from 'src/metadata/data-source/data-source.module';
import { TypeORMModule } from 'src/database/typeorm/typeorm.module';
import config from '../../../ormconfig';
import { userAutoResolverOpts } from './user.auto-resolver-opts';
import { UserService } from './services/user.service';
@Module({
imports: [
TypeOrmModule.forRoot(config),
NestjsQueryGraphQLModule.forFeature({
imports: [NestjsQueryTypeOrmModule.forFeature([User]), TypeORMModule],
imports: [
NestjsQueryTypeOrmModule.forFeature([User], 'core'),
TypeORMModule,
],
resolvers: userAutoResolverOpts,
}),
DataSourceModule,

7
server/src/core/workspace/dtos/update-workspace-input.ts
View File

@ -1,6 +1,6 @@
import { Field, InputType } from '@nestjs/graphql';
import { IsOptional, IsString } from 'class-validator';
import { IsBoolean, IsOptional, IsString } from 'class-validator';
@InputType()
export class UpdateWorkspaceInput {
@ -23,4 +23,9 @@ export class UpdateWorkspaceInput {
@IsString()
@IsOptional()
inviteHash?: string;
@Field({ nullable: true })
@IsBoolean()
@IsOptional()
allowImpersonation?: boolean;
}

2
server/src/core/workspace/services/workspace.service.ts
View File

@ -10,7 +10,7 @@ import { Workspace } from 'src/core/workspace/workspace.entity';
export class WorkspaceService extends TypeOrmQueryService<Workspace> {
constructor(
@InjectRepository(Workspace)
@InjectRepository(Workspace, 'core')
private readonly workspaceRepository: Repository<Workspace>,
private readonly workspaceManagerService: WorkspaceManagerService,
) {

4
server/src/core/workspace/workspace.entity.ts
View File

@ -49,4 +49,8 @@ export class Workspace {
@OneToMany(() => User, (user) => user.defaultWorkspace)
users: User[];
@Field()
@Column({ default: true })
allowImpersonation: boolean;
}

9
server/src/core/workspace/workspace.module.ts
View File

@ -1,5 +1,4 @@
import { Module } from '@nestjs/common';
import { TypeOrmModule } from '@nestjs/typeorm';
import { NestjsQueryGraphQLModule } from '@ptc-org/nestjs-query-graphql';
import { NestjsQueryTypeOrmModule } from '@ptc-org/nestjs-query-typeorm';
@ -7,9 +6,7 @@ import { NestjsQueryTypeOrmModule } from '@ptc-org/nestjs-query-typeorm';
import { FileModule } from 'src/core/file/file.module';
import { WorkspaceManagerModule } from 'src/workspace/workspace-manager/workspace-manager.module';
import { WorkspaceResolver } from 'src/core/workspace/workspace.resolver';
// eslint-disable-next-line no-restricted-imports
import config from '../../../ormconfig';
import { TypeORMModule } from 'src/database/typeorm/typeorm.module';
import { Workspace } from './workspace.entity';
import { workspaceAutoResolverOpts } from './workspace.auto-resolver-opts';
@ -18,10 +15,10 @@ import { WorkspaceService } from './services/workspace.service';
@Module({
imports: [
TypeOrmModule.forRoot(config),
TypeORMModule,
NestjsQueryGraphQLModule.forFeature({
imports: [
NestjsQueryTypeOrmModule.forFeature([Workspace]),
NestjsQueryTypeOrmModule.forFeature([Workspace], 'core'),
WorkspaceManagerModule,
FileModule,
],

18
server/src/database/typeorm-seeds/metadata/field-metadata/workspace-member.ts
View File

@ -162,24 +162,6 @@ export const seedWorkspaceMemberFieldMetadata = async (
isSystem: false,
defaultValue: undefined,
},
{
id: SeedWorkspaceMemberFieldMetadataIds.AllowImpersonation,
objectMetadataId: SeedObjectMetadataIds.WorkspaceMember,
isCustom: false,
workspaceId: SeedWorkspaceId,
isActive: true,
type: FieldMetadataType.BOOLEAN,
name: 'allowImpersonation',
label: 'Admin Access',
targetColumnMap: {
value: 'allowImpersonation',
},
description: 'Allow Admin Access',
icon: 'IconEye',
isNullable: false,
isSystem: false,
defaultValue: { value: false },
},
{
id: SeedWorkspaceMemberFieldMetadataIds.ColorScheme,
objectMetadataId: SeedObjectMetadataIds.WorkspaceMember,

21
server/src/database/typeorm/core/core.datasource.ts Normal file
View File

@ -0,0 +1,21 @@
import { ConfigService } from '@nestjs/config';
import { TypeOrmModuleOptions } from '@nestjs/typeorm';
import { DataSource, DataSourceOptions } from 'typeorm';
import { config } from 'dotenv';
config();
const configService = new ConfigService();
export const typeORMCoreModuleOptions: TypeOrmModuleOptions = {
url: configService.get<string>('PG_DATABASE_URL'),
type: 'postgres',
logging: ['error'],
schema: 'core',
entities: ['dist/src/core/**/*.entity{.ts,.js}'],
synchronize: false,
migrationsRun: false,
migrationsTableName: '_typeorm_migrations',
migrations: ['dist/src/database/typeorm/core/migrations/*{.ts,.js}'],
};
export const connectionSource = new DataSource(
typeORMCoreModuleOptions as DataSourceOptions,
);

43
server/src/database/typeorm/core/migrations/1700654387203-addAllowImpersonationToWorkspace.ts Normal file
View File

@ -0,0 +1,43 @@
import { MigrationInterface, QueryRunner } from 'typeorm';
export class AddAllowImpersonationToWorkspace1700654387203
implements MigrationInterface
{
name = 'AddAllowImpersonationToWorkspace1700654387203';
public async up(queryRunner: QueryRunner): Promise<void> {
await queryRunner.query(
`ALTER TABLE "core"."user" DROP CONSTRAINT "FK_5d77e050eabd28d203b301235a7"`,
);
await queryRunner.query(
`ALTER TABLE "core"."refreshToken" DROP CONSTRAINT "FK_610102b60fea1455310ccd299de"`,
);
await queryRunner.query(
`ALTER TABLE "core"."workspace" ADD "allowImpersonation" boolean NOT NULL DEFAULT true`,
);
await queryRunner.query(
`ALTER TABLE "core"."user" ADD CONSTRAINT "FK_2ec910029395fa7655621c88908" FOREIGN KEY ("defaultWorkspaceId") REFERENCES "core"."workspace"("id") ON DELETE NO ACTION ON UPDATE NO ACTION`,
);
await queryRunner.query(
`ALTER TABLE "core"."refreshToken" ADD CONSTRAINT "FK_7008a2b0fb083127f60b5f4448e" FOREIGN KEY ("userId") REFERENCES "core"."user"("id") ON DELETE NO ACTION ON UPDATE NO ACTION`,
);
}
public async down(queryRunner: QueryRunner): Promise<void> {
await queryRunner.query(
`ALTER TABLE "core"."refreshToken" DROP CONSTRAINT "FK_7008a2b0fb083127f60b5f4448e"`,
);
await queryRunner.query(
`ALTER TABLE "core"."user" DROP CONSTRAINT "FK_2ec910029395fa7655621c88908"`,
);
await queryRunner.query(
`ALTER TABLE "core"."workspace" DROP COLUMN "allowImpersonation"`,
);
await queryRunner.query(
`ALTER TABLE "core"."refreshToken" ADD CONSTRAINT "FK_610102b60fea1455310ccd299de" FOREIGN KEY ("userId") REFERENCES "core"."user"("id") ON DELETE NO ACTION ON UPDATE NO ACTION`,
);
await queryRunner.query(
`ALTER TABLE "core"."user" ADD CONSTRAINT "FK_5d77e050eabd28d203b301235a7" FOREIGN KEY ("defaultWorkspaceId") REFERENCES "core"."workspace"("id") ON DELETE NO ACTION ON UPDATE NO ACTION`,
);
}
}

10
server/src/database/typeorm/metadata/metadata.datasource.ts
View File

@ -10,17 +10,11 @@ export const typeORMMetadataModuleOptions: TypeOrmModuleOptions = {
type: 'postgres',
logging: ['error'],
schema: 'metadata',
entities: [
'dist/src/metadata/**/*.entity{.ts,.js}',
'dist/src/core/**/*.entity{.ts,.js}',
],
entities: ['dist/src/metadata/**/*.entity{.ts,.js}'],
synchronize: false,
migrationsRun: false,
migrationsTableName: '_typeorm_migrations',
migrations: [
'dist/src/database/typeorm/metadata/migrations/*{.ts,.js}',
'dist/src/database/typeorm/core/migrations/*{.ts,.js}',
],
migrations: ['dist/src/database/typeorm/metadata/migrations/*{.ts,.js}'],
};
export const connectionSource = new DataSource(
typeORMMetadataModuleOptions as DataSourceOptions,

11
server/src/database/typeorm/typeorm.module.ts
View File

@ -1,6 +1,8 @@
import { Module } from '@nestjs/common';
import { TypeOrmModule, TypeOrmModuleOptions } from '@nestjs/typeorm';
import { typeORMCoreModuleOptions } from 'src/database/typeorm/core/core.datasource';
import { TypeORMService } from './typeorm.service';
import { typeORMMetadataModuleOptions } from './metadata/metadata.datasource';
@ -10,12 +12,21 @@ const metadataTypeORMFactory = async (): Promise<TypeOrmModuleOptions> => ({
name: 'metadata',
});
const coreTypeORMFactory = async (): Promise<TypeOrmModuleOptions> => ({
...typeORMCoreModuleOptions,
name: 'core',
});
@Module({
imports: [
TypeOrmModule.forRootAsync({
useFactory: metadataTypeORMFactory,
name: 'metadata',
}),
TypeOrmModule.forRootAsync({
useFactory: coreTypeORMFactory,
name: 'core',
}),
],
providers: [TypeORMService],
exports: [TypeORMService],

13
server/src/workspace/workspace-manager/standard-objects/workspace-member.ts
View File

@ -26,19 +26,6 @@ const workspaceMemberMetadata = {
isNullable: false,
defaultValue: { firstName: '', lastName: '' },
},
{
isCustom: false,
isActive: true,
type: FieldMetadataType.BOOLEAN,
name: 'allowImpersonation',
label: 'Admin Access',
targetColumnMap: {
value: 'allowImpersonation',
},
description: 'Allow Admin Access',
icon: 'IconEye',
isNullable: false,
},
{
isCustom: false,
isActive: true,