Move Impersonate from User to Workspace (#2630)
* Fix impersonate * align core typeorm config with metadata config + add allowImpersonation to workspace * move allowImpersonation to workspace * remove allowImpersonation from workspaceMember workspace table
This commit is contained in:
Weiko
@ -3,19 +3,15 @@ import { Module } from '@nestjs/common';
|
||||
import { JwtModule } from '@nestjs/jwt';
|
||||
import { TypeOrmModule } from '@nestjs/typeorm';
|
||||
|
||||
import { NestjsQueryGraphQLModule } from '@ptc-org/nestjs-query-graphql';
|
||||
|
||||
import { EnvironmentService } from 'src/integrations/environment/environment.service';
|
||||
import { FileModule } from 'src/core/file/file.module';
|
||||
import { Workspace } from 'src/core/workspace/workspace.entity';
|
||||
import { User } from 'src/core/user/user.entity';
|
||||
import { RefreshToken } from 'src/core/refresh-token/refresh-token.entity';
|
||||
import { DataSourceModule } from 'src/metadata/data-source/data-source.module';
|
||||
import { TypeORMModule } from 'src/database/typeorm/typeorm.module';
|
||||
import { UserModule } from 'src/core/user/user.module';
|
||||
import { WorkspaceManagerModule } from 'src/workspace/workspace-manager/workspace-manager.module';
|
||||
|
||||
import config from '../../../ormconfig';
|
||||
import { TypeORMModule } from 'src/database/typeorm/typeorm.module';
|
||||
|
||||
import { AuthResolver } from './auth.resolver';
|
||||
|
||||
@ -44,13 +40,8 @@ const jwtModule = JwtModule.registerAsync({
|
||||
DataSourceModule,
|
||||
UserModule,
|
||||
WorkspaceManagerModule,
|
||||
TypeOrmModule.forRoot(config),
|
||||
NestjsQueryGraphQLModule.forFeature({
|
||||
imports: [
|
||||
TypeOrmModule.forFeature([Workspace, User, RefreshToken]),
|
||||
TypeORMModule,
|
||||
],
|
||||
}),
|
||||
TypeORMModule,
|
||||
TypeOrmModule.forFeature([Workspace, User, RefreshToken], 'core'),
|
||||
],
|
||||
controllers: [GoogleAuthController, VerifyAuthController],
|
||||
providers: [AuthService, TokenService, JwtAuthStrategy, AuthResolver],
|
||||
|
||||
@ -34,7 +34,7 @@ import { ImpersonateInput } from './dto/impersonate.input';
|
||||
@Resolver()
|
||||
export class AuthResolver {
|
||||
constructor(
|
||||
@InjectRepository(Workspace)
|
||||
@InjectRepository(Workspace, 'core')
|
||||
private readonly workspaceRepository: Repository<Workspace>,
|
||||
private authService: AuthService,
|
||||
private tokenService: TokenService,
|
||||
|
||||
@ -21,8 +21,8 @@ export class GoogleAuthController {
|
||||
private readonly environmentService: EnvironmentService,
|
||||
private readonly typeORMService: TypeORMService,
|
||||
private readonly authService: AuthService,
|
||||
@InjectRepository(Workspace)
|
||||
@InjectRepository(User, 'metadata')
|
||||
@InjectRepository(Workspace, 'core')
|
||||
@InjectRepository(User, 'core')
|
||||
private readonly userRepository: Repository<User>,
|
||||
) {}
|
||||
|
||||
|
||||
@ -44,9 +44,9 @@ export class AuthService {
|
||||
private readonly userService: UserService,
|
||||
private readonly workspaceManagerService: WorkspaceManagerService,
|
||||
private readonly fileUploadService: FileUploadService,
|
||||
@InjectRepository(Workspace)
|
||||
@InjectRepository(Workspace, 'core')
|
||||
private readonly workspaceRepository: Repository<Workspace>,
|
||||
@InjectRepository(User)
|
||||
@InjectRepository(User, 'core')
|
||||
private readonly userRepository: Repository<User>,
|
||||
) {}
|
||||
|
||||
@ -194,13 +194,18 @@ export class AuthService {
|
||||
}
|
||||
|
||||
async impersonate(userId: string) {
|
||||
const user = await this.userRepository.findOneBy({
|
||||
id: userId,
|
||||
const user = await this.userRepository.findOne({
|
||||
where: {
|
||||
id: userId,
|
||||
},
|
||||
relations: ['defaultWorkspace'],
|
||||
});
|
||||
|
||||
assert(user, "This user doesn't exist", NotFoundException);
|
||||
|
||||
// Todo: check if workspace member can be impersonated
|
||||
if (!user.defaultWorkspace.allowImpersonation) {
|
||||
throw new ForbiddenException('Impersonation not allowed');
|
||||
}
|
||||
|
||||
const accessToken = await this.tokenService.generateAccessToken(user.id);
|
||||
const refreshToken = await this.tokenService.generateRefreshToken(user.id);
|
||||
|
||||
@ -26,9 +26,9 @@ export class TokenService {
|
||||
constructor(
|
||||
private readonly jwtService: JwtService,
|
||||
private readonly environmentService: EnvironmentService,
|
||||
@InjectRepository(User)
|
||||
@InjectRepository(User, 'core')
|
||||
private readonly userRepository: Repository<User>,
|
||||
@InjectRepository(RefreshToken)
|
||||
@InjectRepository(RefreshToken, 'core')
|
||||
private readonly refreshTokenRepository: Repository<RefreshToken>,
|
||||
) {}
|
||||
|
||||
|
||||
@ -25,9 +25,9 @@ export class JwtAuthStrategy extends PassportStrategy(Strategy, 'jwt') {
|
||||
private readonly environmentService: EnvironmentService,
|
||||
private readonly typeORMService: TypeORMService,
|
||||
private readonly dataSourceService: DataSourceService,
|
||||
@InjectRepository(Workspace)
|
||||
@InjectRepository(Workspace, 'core')
|
||||
private readonly workspaceRepository: Repository<Workspace>,
|
||||
@InjectRepository(User)
|
||||
@InjectRepository(User, 'core')
|
||||
private readonly userRepository: Repository<User>,
|
||||
) {
|
||||
super({
|
||||
|
||||
@ -1,12 +1,8 @@
|
||||
import { Module } from '@nestjs/common';
|
||||
import { TypeOrmModule } from '@nestjs/typeorm';
|
||||
|
||||
import { NestjsQueryGraphQLModule } from '@ptc-org/nestjs-query-graphql';
|
||||
import { NestjsQueryTypeOrmModule } from '@ptc-org/nestjs-query-typeorm';
|
||||
|
||||
// eslint-disable-next-line no-restricted-imports
|
||||
import config from '../../../ormconfig';
|
||||
|
||||
import { RefreshToken } from './refresh-token.entity';
|
||||
import { refreshTokenAutoResolverOpts } from './refresh-token.auto-resolver-opts';
|
||||
|
||||
@ -14,9 +10,8 @@ import { RefreshTokenService } from './services/refresh-token.service';
|
||||
|
||||
@Module({
|
||||
imports: [
|
||||
TypeOrmModule.forRoot(config),
|
||||
NestjsQueryGraphQLModule.forFeature({
|
||||
imports: [NestjsQueryTypeOrmModule.forFeature([RefreshToken])],
|
||||
imports: [NestjsQueryTypeOrmModule.forFeature([RefreshToken], 'core')],
|
||||
services: [RefreshTokenService],
|
||||
resolvers: refreshTokenAutoResolverOpts,
|
||||
}),
|
||||
|
||||
@ -11,7 +11,7 @@ import { TypeORMService } from 'src/database/typeorm/typeorm.service';
|
||||
|
||||
export class UserService extends TypeOrmQueryService<User> {
|
||||
constructor(
|
||||
@InjectRepository(User)
|
||||
@InjectRepository(User, 'core')
|
||||
private readonly userRepository: Repository<User>,
|
||||
private readonly dataSourceService: DataSourceService,
|
||||
private readonly typeORMService: TypeORMService,
|
||||
|
||||
@ -23,11 +23,11 @@ export class User {
|
||||
id: string;
|
||||
|
||||
@Field()
|
||||
@Column({ nullable: true })
|
||||
@Column({ default: '' })
|
||||
firstName: string;
|
||||
|
||||
@Field()
|
||||
@Column({ nullable: true })
|
||||
@Column({ default: '' })
|
||||
lastName: string;
|
||||
|
||||
@Field()
|
||||
|
||||
@ -1,6 +1,5 @@
|
||||
/* eslint-disable no-restricted-imports */
|
||||
import { Module } from '@nestjs/common';
|
||||
import { TypeOrmModule } from '@nestjs/typeorm';
|
||||
|
||||
import { NestjsQueryGraphQLModule } from '@ptc-org/nestjs-query-graphql';
|
||||
import { NestjsQueryTypeOrmModule } from '@ptc-org/nestjs-query-typeorm';
|
||||
@ -12,17 +11,17 @@ import { TypeORMService } from 'src/database/typeorm/typeorm.service';
|
||||
import { DataSourceModule } from 'src/metadata/data-source/data-source.module';
|
||||
import { TypeORMModule } from 'src/database/typeorm/typeorm.module';
|
||||
|
||||
import config from '../../../ormconfig';
|
||||
|
||||
import { userAutoResolverOpts } from './user.auto-resolver-opts';
|
||||
|
||||
import { UserService } from './services/user.service';
|
||||
|
||||
@Module({
|
||||
imports: [
|
||||
TypeOrmModule.forRoot(config),
|
||||
NestjsQueryGraphQLModule.forFeature({
|
||||
imports: [NestjsQueryTypeOrmModule.forFeature([User]), TypeORMModule],
|
||||
imports: [
|
||||
NestjsQueryTypeOrmModule.forFeature([User], 'core'),
|
||||
TypeORMModule,
|
||||
],
|
||||
resolvers: userAutoResolverOpts,
|
||||
}),
|
||||
DataSourceModule,
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
import { Field, InputType } from '@nestjs/graphql';
|
||||
|
||||
import { IsOptional, IsString } from 'class-validator';
|
||||
import { IsBoolean, IsOptional, IsString } from 'class-validator';
|
||||
|
||||
@InputType()
|
||||
export class UpdateWorkspaceInput {
|
||||
@ -23,4 +23,9 @@ export class UpdateWorkspaceInput {
|
||||
@IsString()
|
||||
@IsOptional()
|
||||
inviteHash?: string;
|
||||
|
||||
@Field({ nullable: true })
|
||||
@IsBoolean()
|
||||
@IsOptional()
|
||||
allowImpersonation?: boolean;
|
||||
}
|
||||
|
||||
@ -10,7 +10,7 @@ import { Workspace } from 'src/core/workspace/workspace.entity';
|
||||
|
||||
export class WorkspaceService extends TypeOrmQueryService<Workspace> {
|
||||
constructor(
|
||||
@InjectRepository(Workspace)
|
||||
@InjectRepository(Workspace, 'core')
|
||||
private readonly workspaceRepository: Repository<Workspace>,
|
||||
private readonly workspaceManagerService: WorkspaceManagerService,
|
||||
) {
|
||||
|
||||
@ -49,4 +49,8 @@ export class Workspace {
|
||||
|
||||
@OneToMany(() => User, (user) => user.defaultWorkspace)
|
||||
users: User[];
|
||||
|
||||
@Field()
|
||||
@Column({ default: true })
|
||||
allowImpersonation: boolean;
|
||||
}
|
||||
|
||||
@ -1,5 +1,4 @@
|
||||
import { Module } from '@nestjs/common';
|
||||
import { TypeOrmModule } from '@nestjs/typeorm';
|
||||
|
||||
import { NestjsQueryGraphQLModule } from '@ptc-org/nestjs-query-graphql';
|
||||
import { NestjsQueryTypeOrmModule } from '@ptc-org/nestjs-query-typeorm';
|
||||
@ -7,9 +6,7 @@ import { NestjsQueryTypeOrmModule } from '@ptc-org/nestjs-query-typeorm';
|
||||
import { FileModule } from 'src/core/file/file.module';
|
||||
import { WorkspaceManagerModule } from 'src/workspace/workspace-manager/workspace-manager.module';
|
||||
import { WorkspaceResolver } from 'src/core/workspace/workspace.resolver';
|
||||
|
||||
// eslint-disable-next-line no-restricted-imports
|
||||
import config from '../../../ormconfig';
|
||||
import { TypeORMModule } from 'src/database/typeorm/typeorm.module';
|
||||
|
||||
import { Workspace } from './workspace.entity';
|
||||
import { workspaceAutoResolverOpts } from './workspace.auto-resolver-opts';
|
||||
@ -18,10 +15,10 @@ import { WorkspaceService } from './services/workspace.service';
|
||||
|
||||
@Module({
|
||||
imports: [
|
||||
TypeOrmModule.forRoot(config),
|
||||
TypeORMModule,
|
||||
NestjsQueryGraphQLModule.forFeature({
|
||||
imports: [
|
||||
NestjsQueryTypeOrmModule.forFeature([Workspace]),
|
||||
NestjsQueryTypeOrmModule.forFeature([Workspace], 'core'),
|
||||
WorkspaceManagerModule,
|
||||
FileModule,
|
||||
],
|
||||
|
||||
Reference in New Issue
Block a user