calvin.erfmann/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-05-30 20:52:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2980 from rinseaid/blueprint-auto-create-roles

Browse Source 
Auto-create roles referenced in blueprints
This commit is contained in:
Owen Schwartz
2026-05-28 20:10:53 -07:00
committed by GitHub
parent c74b423bae 4786fc3a31
commit 1e27acbf88
2 changed files with 64 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
server/lib/blueprints/clientResources.ts
View File

@@ -3,6 +3,7 @@ import {
clientSiteResources, clientSiteResources,
domains, domains,
orgDomains, orgDomains,
roleActions,
roles, roles,
roleSiteResources, roleSiteResources,
Site, Site,
@@ -19,6 +20,7 @@ import { sites } from "@server/db";
import { eq, and, ne, inArray, or, isNotNull } from "drizzle-orm"; import { eq, and, ne, inArray, or, isNotNull } from "drizzle-orm";
import { Config } from "./types"; import { Config } from "./types";
import logger from "@server/logger"; import logger from "@server/logger";
import { defaultRoleAllowedActions } from "@server/routers/role/createRole";
import { getNextAvailableAliasAddress } from "../ip"; import { getNextAvailableAliasAddress } from "../ip";
import { createCertificate } from "#dynamic/routers/certificates/createCertificate"; import { createCertificate } from "#dynamic/routers/certificates/createCertificate";
@@ -332,8 +334,7 @@ export async function updateClientResources(
} }
if (resourceData.roles.length > 0) { if (resourceData.roles.length > 0) {
// Re-add specified roles but we need to get the roleIds from the role name in the array const existingRoles = await trx
const rolesToUpdate = await trx
.select() .select()
.from(roles) .from(roles)
.where( .where(
@@ -343,7 +344,28 @@ export async function updateClientResources(
) )
); );
const roleIds = rolesToUpdate.map((role) => role.roleId); const foundNames = new Set(existingRoles.map((r) => r.name));
const missingNames = resourceData.roles.filter(
(n) => !foundNames.has(n)
);
for (const name of missingNames) {
const [created] = await trx
.insert(roles)
.values({ name, orgId })
.returning();
await trx.insert(roleActions).values(
defaultRoleAllowedActions.map((action) => ({
roleId: created.roleId,
actionId: action,
orgId
}))
);
existingRoles.push(created);
logger.info(`Auto-created role "${name}" in org ${orgId} from blueprint`);
}
const roleIds = existingRoles.map((role) => role.roleId);
await trx await trx
.insert(roleSiteResources) .insert(roleSiteResources)
@@ -444,8 +466,7 @@ export async function updateClientResources(
}); });
if (resourceData.roles.length > 0) { if (resourceData.roles.length > 0) {
// get roleIds from role names const existingRoles = await trx
const rolesToUpdate = await trx
.select() .select()
.from(roles) .from(roles)
.where( .where(
@@ -455,7 +476,28 @@ export async function updateClientResources(
) )
); );
const roleIds = rolesToUpdate.map((role) => role.roleId); const foundNames = new Set(existingRoles.map((r) => r.name));
const missingNames = resourceData.roles.filter(
(n) => !foundNames.has(n)
);
for (const name of missingNames) {
const [created] = await trx
.insert(roles)
.values({ name, orgId })
.returning();
await trx.insert(roleActions).values(
defaultRoleAllowedActions.map((action) => ({
roleId: created.roleId,
actionId: action,
orgId
}))
);
existingRoles.push(created);
logger.info(`Auto-created role "${name}" in org ${orgId} from blueprint`);
}
const roleIds = existingRoles.map((role) => role.roleId);
await trx await trx
.insert(roleSiteResources) .insert(roleSiteResources)

18
server/lib/blueprints/proxyResources.ts
View File

@@ -8,6 +8,7 @@ import {
resourcePincode, resourcePincode,
resourceRules, resourceRules,
resourceWhitelist, resourceWhitelist,
roleActions,
roleResources, roleResources,
roles, roles,
Target, Target,
@@ -36,6 +37,7 @@ import { isValidRegionId } from "@server/db/regions";
import { isLicensedOrSubscribed } from "#dynamic/lib/isLicencedOrSubscribed"; import { isLicensedOrSubscribed } from "#dynamic/lib/isLicencedOrSubscribed";
import { fireHealthCheckUnknownAlert } from "@server/lib/alerts"; import { fireHealthCheckUnknownAlert } from "@server/lib/alerts";
import { tierMatrix } from "../billing/tierMatrix"; import { tierMatrix } from "../billing/tierMatrix";
import { defaultRoleAllowedActions } from "@server/routers/role/createRole";
export type ProxyResourcesResults = { export type ProxyResourcesResults = {
proxyResource: Resource; proxyResource: Resource;
@@ -925,14 +927,26 @@ async function syncRoleResources(
.where(eq(roleResources.resourceId, resourceId)); .where(eq(roleResources.resourceId, resourceId));
for (const roleName of ssoRoles) { for (const roleName of ssoRoles) {
const [role] = await trx let [role] = await trx
.select() .select()
.from(roles) .from(roles)
.where(and(eq(roles.name, roleName), eq(roles.orgId, orgId))) .where(and(eq(roles.name, roleName), eq(roles.orgId, orgId)))
.limit(1); .limit(1);
if (!role) { if (!role) {
throw new Error(`Role not found: ${roleName} in org ${orgId}`); const [created] = await trx
.insert(roles)
.values({ name: roleName, orgId })
.returning();
await trx.insert(roleActions).values(
defaultRoleAllowedActions.map((action) => ({
roleId: created.roleId,
actionId: action,
orgId
}))
);
role = created;
logger.info(`Auto-created role "${roleName}" in org ${orgId} from blueprint`);
} }
if (role.isAdmin) { if (role.isAdmin) {