mirror of
https://github.com/documenso/documenso.git
synced 2026-07-13 06:25:01 +10:00
9ac7b94d9a
Allow organisations to manage an SSO OIDC compliant portal. This method is intended to streamline the onboarding process and paves the way to allow organisations to manage their members in a more strict way.
133 lines
3.2 KiB
TypeScript
133 lines
3.2 KiB
TypeScript
import { OrganisationGroupType, OrganisationMemberRole } from '@prisma/client';
|
|
|
|
export const ORGANISATION_URL_ROOT_REGEX = new RegExp('^/t/[^/]+/?$');
|
|
export const ORGANISATION_URL_REGEX = new RegExp('^/t/[^/]+');
|
|
|
|
export const ORGANISATION_INTERNAL_GROUPS: {
|
|
organisationRole: OrganisationMemberRole;
|
|
type: OrganisationGroupType;
|
|
}[] = [
|
|
{
|
|
organisationRole: OrganisationMemberRole.ADMIN,
|
|
type: OrganisationGroupType.INTERNAL_ORGANISATION,
|
|
},
|
|
{
|
|
organisationRole: OrganisationMemberRole.MANAGER,
|
|
type: OrganisationGroupType.INTERNAL_ORGANISATION,
|
|
},
|
|
{
|
|
organisationRole: OrganisationMemberRole.MEMBER,
|
|
type: OrganisationGroupType.INTERNAL_ORGANISATION,
|
|
},
|
|
] as const;
|
|
|
|
export const ORGANISATION_MEMBER_ROLE_PERMISSIONS_MAP = {
|
|
/**
|
|
* Includes permissions to:
|
|
* - Manage organisation members
|
|
* - Manage organisation settings, changing name, url, etc.
|
|
*/
|
|
DELETE_ORGANISATION: [OrganisationMemberRole.ADMIN],
|
|
MANAGE_BILLING: [OrganisationMemberRole.ADMIN],
|
|
DELETE_ORGANISATION_TRANSFER_REQUEST: [OrganisationMemberRole.ADMIN],
|
|
MANAGE_ORGANISATION: [OrganisationMemberRole.ADMIN, OrganisationMemberRole.MANAGER],
|
|
} satisfies Record<string, OrganisationMemberRole[]>;
|
|
|
|
/**
|
|
* A hierarchy of organisation member roles to determine which role has higher permission than another.
|
|
*
|
|
* Warning: The length of the array is used to determine the priority of the role.
|
|
* See `getHighestOrganisationRoleInGroup`
|
|
*/
|
|
export const ORGANISATION_MEMBER_ROLE_HIERARCHY = {
|
|
[OrganisationMemberRole.ADMIN]: [
|
|
OrganisationMemberRole.ADMIN,
|
|
OrganisationMemberRole.MANAGER,
|
|
OrganisationMemberRole.MEMBER,
|
|
],
|
|
[OrganisationMemberRole.MANAGER]: [OrganisationMemberRole.MANAGER, OrganisationMemberRole.MEMBER],
|
|
[OrganisationMemberRole.MEMBER]: [OrganisationMemberRole.MEMBER],
|
|
} satisfies Record<OrganisationMemberRole, OrganisationMemberRole[]>;
|
|
|
|
export const LOWEST_ORGANISATION_ROLE = OrganisationMemberRole.MEMBER;
|
|
|
|
export const PROTECTED_ORGANISATION_URLS = [
|
|
'403',
|
|
'404',
|
|
'500',
|
|
'502',
|
|
'503',
|
|
'504',
|
|
'about',
|
|
'account',
|
|
'admin',
|
|
'administrator',
|
|
'api',
|
|
'app',
|
|
'archive',
|
|
'auth',
|
|
'backup',
|
|
'config',
|
|
'configure',
|
|
'contact',
|
|
'contact-us',
|
|
'copyright',
|
|
'crime',
|
|
'criminal',
|
|
'dashboard',
|
|
'docs',
|
|
'documentation',
|
|
'document',
|
|
'documents',
|
|
'error',
|
|
'exploit',
|
|
'exploitation',
|
|
'exploiter',
|
|
'feedback',
|
|
'finance',
|
|
'forgot-password',
|
|
'fraud',
|
|
'fraudulent',
|
|
'hack',
|
|
'hacker',
|
|
'harassment',
|
|
'help',
|
|
'helpdesk',
|
|
'illegal',
|
|
'internal',
|
|
'legal',
|
|
'login',
|
|
'logout',
|
|
'maintenance',
|
|
'malware',
|
|
'newsletter',
|
|
'policy',
|
|
'privacy',
|
|
'profile',
|
|
'public',
|
|
'reset-password',
|
|
'scam',
|
|
'scammer',
|
|
'settings',
|
|
'setup',
|
|
'sign',
|
|
'signin',
|
|
'signout',
|
|
'signup',
|
|
'spam',
|
|
'support',
|
|
'system',
|
|
'organisation',
|
|
'terms',
|
|
'virus',
|
|
'webhook',
|
|
];
|
|
|
|
export const isOrganisationUrlProtected = (url: string) => {
|
|
return PROTECTED_ORGANISATION_URLS.some((protectedUrl) => url.startsWith(`/${protectedUrl}`));
|
|
};
|
|
|
|
export const ORGANISATION_ACCOUNT_LINK_VERIFICATION_TOKEN_IDENTIFIER = 'organisation-account-link';
|
|
|
|
export const ORGANISATION_USER_ACCOUNT_TYPE = 'org-oidc';
|