feat: role authorizations - WIP

2025-11-22 04:01:12 +10:00 · 2024-03-08 23:55:42 +00:00
parent 3e174b3838
commit b42fe48e9b
15 changed files with 263 additions and 14 deletions
--- a/apps/server/src/core/workspace/controllers/workspace.controller.ts
+++ b/apps/server/src/core/workspace/controllers/workspace.controller.ts
@ -26,6 +26,12 @@ import {
  InviteUserDto,
  RevokeInviteDto,
 } from '../dto/invitation.dto';
+import { Action } from '../../casl/ability.action';
+import { WorkspaceUser } from '../entities/workspace-user.entity';
+import { WorkspaceInvitation } from '../entities/workspace-invitation.entity';
+import { CheckPolicies } from '../../casl/decorators/policies.decorator';
+import { AppAbility } from '../../casl/abilities/casl-ability.factory';
+import { PoliciesGuard } from '../../casl/guards/policies.guard';

@UseGuards(JwtGuard)
@Controller('workspaces')
@ -57,6 +63,8 @@ export class WorkspaceController {
  }
  */

+  @UseGuards(PoliciesGuard)
+  @CheckPolicies((ability: AppAbility) => ability.can(Action.Manage, Workspace))
  @HttpCode(HttpStatus.OK)
  @Post('update')
  async updateWorkspace(
@ -66,12 +74,18 @@ export class WorkspaceController {
    return this.workspaceService.update(workspace.id, updateWorkspaceDto);
  }

+  @UseGuards(PoliciesGuard)
+  @CheckPolicies((ability: AppAbility) => ability.can(Action.Manage, Workspace))
  @HttpCode(HttpStatus.OK)
  @Post('delete')
  async deleteWorkspace(@Body() deleteWorkspaceDto: DeleteWorkspaceDto) {
    return this.workspaceService.delete(deleteWorkspaceDto);
  }

+  @UseGuards(PoliciesGuard)
+  @CheckPolicies((ability: AppAbility) =>
+    ability.can(Action.Read, WorkspaceUser),
+  )
  @HttpCode(HttpStatus.OK)
  @Post('members')
  async getWorkspaceMembers(
@ -85,6 +99,10 @@ export class WorkspaceController {
    );
  }

+  @UseGuards(PoliciesGuard)
+  @CheckPolicies((ability: AppAbility) =>
+    ability.can(Action.Manage, WorkspaceUser),
+  )
  @HttpCode(HttpStatus.OK)
  @Post('members/add')
  async addWorkspaceMember(
@ -98,6 +116,10 @@ export class WorkspaceController {
    );
  }

+  @UseGuards(PoliciesGuard)
+  @CheckPolicies((ability: AppAbility) =>
+    ability.can(Action.Manage, WorkspaceUser),
+  )
  @HttpCode(HttpStatus.OK)
  @Post('members/remove')
  async removeWorkspaceMember(
@ -110,6 +132,10 @@ export class WorkspaceController {
    );
  }

+  @UseGuards(PoliciesGuard)
+  @CheckPolicies((ability: AppAbility) =>
+    ability.can(Action.Manage, WorkspaceUser),
+  )
  @HttpCode(HttpStatus.OK)
  @Post('members/role')
  async updateWorkspaceMemberRole(
@ -124,6 +150,10 @@ export class WorkspaceController {
    );
  }

+  @UseGuards(PoliciesGuard)
+  @CheckPolicies((ability: AppAbility) =>
+    ability.can(Action.Manage, WorkspaceInvitation),
+  )
  @HttpCode(HttpStatus.OK)
  @Post('invite')
  async inviteUser(
--- a/apps/server/src/core/workspace/entities/workspace.entity.ts
+++ b/apps/server/src/core/workspace/entities/workspace.entity.ts
@ -86,4 +86,6 @@ export class Workspace {

  @OneToMany(() => Group, (group) => group.workspace)
  groups: [];
+
+  workspaceUser?: WorkspaceUser;
 }
--- a/apps/server/src/core/workspace/services/workspace.service.ts
+++ b/apps/server/src/core/workspace/services/workspace.service.ts
@ -1,8 +1,4 @@
-import {
-  BadRequestException,
-  Injectable,
-  NotFoundException,
-} from '@nestjs/common';
+import { Injectable, NotFoundException } from '@nestjs/common';
 import { CreateWorkspaceDto } from '../dto/create-workspace.dto';
 import { WorkspaceRepository } from '../repositories/workspace.repository';
 import { WorkspaceUserRepository } from '../repositories/workspace-user.repository';
@ -15,12 +11,10 @@ import { plainToInstance } from 'class-transformer';
 import { v4 as uuid } from 'uuid';
 import { UpdateWorkspaceDto } from '../dto/update-workspace.dto';
 import { DeleteWorkspaceDto } from '../dto/delete-workspace.dto';
-import { UpdateWorkspaceUserRoleDto } from '../dto/update-workspace-user-role.dto';
 import { SpaceService } from '../../space/space.service';
 import { PaginationOptions } from '../../../helpers/pagination/pagination-options';
 import { PaginationMetaDto } from '../../../helpers/pagination/pagination-meta-dto';
 import { PaginatedResult } from '../../../helpers/pagination/paginated-result';
-import { User } from '../../user/entities/user.entity';
 import { DataSource, EntityManager } from 'typeorm';
 import { transactionWrapper } from '../../../helpers/db.helper';
 import { CreateSpaceDto } from '../../space/dto/create-space.dto';
@ -187,8 +181,8 @@ export class WorkspaceService {

  async getUserCurrentWorkspace(userId: string): Promise<Workspace> {
    const userWorkspace = await this.workspaceUserRepository.findOne({
-      where: { userId: userId },
      relations: ['workspace'],
+      where: { userId: userId },
      order: {
        createdAt: 'ASC',
      },
@ -198,7 +192,8 @@ export class WorkspaceService {
      throw new NotFoundException('No workspace found for this user');
    }

-    return userWorkspace.workspace;
+    const { workspace, ...workspaceUser } = userWorkspace;
+    return { ...workspace, workspaceUser } as Workspace;
  }

  async getUserWorkspaces(