mirror of
https://github.com/fosrl/pangolin.git
synced 2026-07-13 17:21:48 +02:00
Pull from the policies to show to users
This commit is contained in:
@@ -7,11 +7,15 @@ import {
|
|||||||
roleResources,
|
roleResources,
|
||||||
userPolicies,
|
userPolicies,
|
||||||
rolePolicies,
|
rolePolicies,
|
||||||
|
resourcePolicies,
|
||||||
userOrgRoles,
|
userOrgRoles,
|
||||||
userOrgs,
|
userOrgs,
|
||||||
resourcePassword,
|
resourcePassword,
|
||||||
resourcePincode,
|
resourcePincode,
|
||||||
resourceWhitelist,
|
resourceWhitelist,
|
||||||
|
resourcePolicyPassword,
|
||||||
|
resourcePolicyPincode,
|
||||||
|
resourcePolicyWhiteList,
|
||||||
siteResources,
|
siteResources,
|
||||||
userSiteResources,
|
userSiteResources,
|
||||||
roleSiteResources,
|
roleSiteResources,
|
||||||
@@ -29,6 +33,10 @@ export async function getUserResources(
|
|||||||
next: NextFunction
|
next: NextFunction
|
||||||
): Promise<any> {
|
): Promise<any> {
|
||||||
try {
|
try {
|
||||||
|
const effectiveResourcePolicyId = sql<
|
||||||
|
number | null
|
||||||
|
>`coalesce(${resources.resourcePolicyId}, ${resources.defaultResourcePolicyId})`;
|
||||||
|
|
||||||
const orgId = getFirstString(req.params.orgId);
|
const orgId = getFirstString(req.params.orgId);
|
||||||
const userId = req.user?.userId;
|
const userId = req.user?.userId;
|
||||||
|
|
||||||
@@ -87,7 +95,7 @@ export async function getUserResources(
|
|||||||
.from(resources)
|
.from(resources)
|
||||||
.innerJoin(
|
.innerJoin(
|
||||||
userPolicies,
|
userPolicies,
|
||||||
eq(resources.resourcePolicyId, userPolicies.resourcePolicyId)
|
eq(effectiveResourcePolicyId, userPolicies.resourcePolicyId)
|
||||||
)
|
)
|
||||||
.where(eq(userPolicies.userId, userId));
|
.where(eq(userPolicies.userId, userId));
|
||||||
|
|
||||||
@@ -99,7 +107,7 @@ export async function getUserResources(
|
|||||||
.innerJoin(
|
.innerJoin(
|
||||||
rolePolicies,
|
rolePolicies,
|
||||||
eq(
|
eq(
|
||||||
resources.resourcePolicyId,
|
effectiveResourcePolicyId,
|
||||||
rolePolicies.resourcePolicyId
|
rolePolicies.resourcePolicyId
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
@@ -145,15 +153,22 @@ export async function getUserResources(
|
|||||||
...rolePolicyResourceResults.map((r) => r.resourceId)
|
...rolePolicyResourceResults.map((r) => r.resourceId)
|
||||||
];
|
];
|
||||||
|
|
||||||
|
// remove duplicates
|
||||||
|
const uniqueResourceIds = Array.from(new Set(accessibleResourceIds));
|
||||||
|
|
||||||
// Combine all accessible site resource IDs
|
// Combine all accessible site resource IDs
|
||||||
const accessibleSiteResourceIds = [
|
const accessibleSiteResourceIds = [
|
||||||
...directSiteResourceResults.map((r) => r.siteResourceId),
|
...directSiteResourceResults.map((r) => r.siteResourceId),
|
||||||
...roleSiteResourceResults.map((r) => r.siteResourceId)
|
...roleSiteResourceResults.map((r) => r.siteResourceId)
|
||||||
];
|
];
|
||||||
|
const uniqueSiteResourceIds = Array.from(
|
||||||
|
new Set(accessibleSiteResourceIds)
|
||||||
|
);
|
||||||
|
|
||||||
// Get resource details for accessible resources
|
// Get resource details for accessible resources
|
||||||
let resourcesData: Array<{
|
let resourcesData: Array<{
|
||||||
resourceId: number;
|
resourceId: number;
|
||||||
|
effectiveResourcePolicyId: number | null;
|
||||||
name: string;
|
name: string;
|
||||||
fullDomain: string | null;
|
fullDomain: string | null;
|
||||||
ssl: boolean;
|
ssl: boolean;
|
||||||
@@ -161,23 +176,34 @@ export async function getUserResources(
|
|||||||
sso: boolean;
|
sso: boolean;
|
||||||
mode: string;
|
mode: string;
|
||||||
emailWhitelistEnabled: boolean;
|
emailWhitelistEnabled: boolean;
|
||||||
|
policyEmailWhitelistEnabled: boolean | null;
|
||||||
}> = [];
|
}> = [];
|
||||||
if (accessibleResourceIds.length > 0) {
|
if (uniqueResourceIds.length > 0) {
|
||||||
resourcesData = await db
|
resourcesData = await db
|
||||||
.select({
|
.select({
|
||||||
resourceId: resources.resourceId,
|
resourceId: resources.resourceId,
|
||||||
|
effectiveResourcePolicyId,
|
||||||
name: resources.name,
|
name: resources.name,
|
||||||
fullDomain: resources.fullDomain,
|
fullDomain: resources.fullDomain,
|
||||||
ssl: resources.ssl,
|
ssl: resources.ssl,
|
||||||
enabled: resources.enabled,
|
enabled: resources.enabled,
|
||||||
sso: resources.sso,
|
sso: resources.sso,
|
||||||
mode: resources.mode,
|
mode: resources.mode,
|
||||||
emailWhitelistEnabled: resources.emailWhitelistEnabled
|
emailWhitelistEnabled: resources.emailWhitelistEnabled,
|
||||||
|
policyEmailWhitelistEnabled:
|
||||||
|
resourcePolicies.emailWhitelistEnabled
|
||||||
})
|
})
|
||||||
.from(resources)
|
.from(resources)
|
||||||
|
.leftJoin(
|
||||||
|
resourcePolicies,
|
||||||
|
eq(
|
||||||
|
effectiveResourcePolicyId,
|
||||||
|
resourcePolicies.resourcePolicyId
|
||||||
|
)
|
||||||
|
)
|
||||||
.where(
|
.where(
|
||||||
and(
|
and(
|
||||||
inArray(resources.resourceId, accessibleResourceIds),
|
inArray(resources.resourceId, uniqueResourceIds),
|
||||||
eq(resources.orgId, orgId),
|
eq(resources.orgId, orgId),
|
||||||
eq(resources.enabled, true)
|
eq(resources.enabled, true)
|
||||||
)
|
)
|
||||||
@@ -206,7 +232,7 @@ export async function getUserResources(
|
|||||||
siteAddresses: (string | null)[];
|
siteAddresses: (string | null)[];
|
||||||
siteOnlines: boolean[];
|
siteOnlines: boolean[];
|
||||||
}> = [];
|
}> = [];
|
||||||
if (accessibleSiteResourceIds.length > 0) {
|
if (uniqueSiteResourceIds.length > 0) {
|
||||||
const aggCol = <T>(column: any) => {
|
const aggCol = <T>(column: any) => {
|
||||||
if (DB_TYPE === "sqlite") {
|
if (DB_TYPE === "sqlite") {
|
||||||
return sql<T>`json_group_array(${column})`;
|
return sql<T>`json_group_array(${column})`;
|
||||||
@@ -246,7 +272,7 @@ export async function getUserResources(
|
|||||||
and(
|
and(
|
||||||
inArray(
|
inArray(
|
||||||
siteResources.siteResourceId,
|
siteResources.siteResourceId,
|
||||||
accessibleSiteResourceIds
|
uniqueSiteResourceIds
|
||||||
),
|
),
|
||||||
eq(siteResources.orgId, orgId),
|
eq(siteResources.orgId, orgId),
|
||||||
eq(siteResources.enabled, true)
|
eq(siteResources.enabled, true)
|
||||||
@@ -305,44 +331,87 @@ export async function getUserResources(
|
|||||||
// Check for password, pincode, and whitelist protection for each resource
|
// Check for password, pincode, and whitelist protection for each resource
|
||||||
const resourcesWithAuth = await Promise.all(
|
const resourcesWithAuth = await Promise.all(
|
||||||
resourcesData.map(async (resource) => {
|
resourcesData.map(async (resource) => {
|
||||||
const [passwordCheck, pincodeCheck, whitelistCheck] =
|
const policyId = resource.effectiveResourcePolicyId;
|
||||||
await Promise.all([
|
|
||||||
db
|
|
||||||
.select()
|
|
||||||
.from(resourcePassword)
|
|
||||||
.where(
|
|
||||||
eq(
|
|
||||||
resourcePassword.resourceId,
|
|
||||||
resource.resourceId
|
|
||||||
)
|
|
||||||
)
|
|
||||||
.limit(1),
|
|
||||||
db
|
|
||||||
.select()
|
|
||||||
.from(resourcePincode)
|
|
||||||
.where(
|
|
||||||
eq(
|
|
||||||
resourcePincode.resourceId,
|
|
||||||
resource.resourceId
|
|
||||||
)
|
|
||||||
)
|
|
||||||
.limit(1),
|
|
||||||
db
|
|
||||||
.select()
|
|
||||||
.from(resourceWhitelist)
|
|
||||||
.where(
|
|
||||||
eq(
|
|
||||||
resourceWhitelist.resourceId,
|
|
||||||
resource.resourceId
|
|
||||||
)
|
|
||||||
)
|
|
||||||
.limit(1)
|
|
||||||
]);
|
|
||||||
|
|
||||||
const hasPassword = passwordCheck.length > 0;
|
const [
|
||||||
const hasPincode = pincodeCheck.length > 0;
|
passwordCheck,
|
||||||
|
pincodeCheck,
|
||||||
|
whitelistCheck,
|
||||||
|
policyPasswordCheck,
|
||||||
|
policyPincodeCheck,
|
||||||
|
policyWhitelistCheck
|
||||||
|
] = await Promise.all([
|
||||||
|
db
|
||||||
|
.select()
|
||||||
|
.from(resourcePassword)
|
||||||
|
.where(
|
||||||
|
eq(resourcePassword.resourceId, resource.resourceId)
|
||||||
|
)
|
||||||
|
.limit(1),
|
||||||
|
db
|
||||||
|
.select()
|
||||||
|
.from(resourcePincode)
|
||||||
|
.where(
|
||||||
|
eq(resourcePincode.resourceId, resource.resourceId)
|
||||||
|
)
|
||||||
|
.limit(1),
|
||||||
|
db
|
||||||
|
.select()
|
||||||
|
.from(resourceWhitelist)
|
||||||
|
.where(
|
||||||
|
eq(
|
||||||
|
resourceWhitelist.resourceId,
|
||||||
|
resource.resourceId
|
||||||
|
)
|
||||||
|
)
|
||||||
|
.limit(1),
|
||||||
|
policyId
|
||||||
|
? db
|
||||||
|
.select()
|
||||||
|
.from(resourcePolicyPassword)
|
||||||
|
.where(
|
||||||
|
eq(
|
||||||
|
resourcePolicyPassword.resourcePolicyId,
|
||||||
|
policyId
|
||||||
|
)
|
||||||
|
)
|
||||||
|
.limit(1)
|
||||||
|
: Promise.resolve([]),
|
||||||
|
policyId
|
||||||
|
? db
|
||||||
|
.select()
|
||||||
|
.from(resourcePolicyPincode)
|
||||||
|
.where(
|
||||||
|
eq(
|
||||||
|
resourcePolicyPincode.resourcePolicyId,
|
||||||
|
policyId
|
||||||
|
)
|
||||||
|
)
|
||||||
|
.limit(1)
|
||||||
|
: Promise.resolve([]),
|
||||||
|
policyId
|
||||||
|
? db
|
||||||
|
.select()
|
||||||
|
.from(resourcePolicyWhiteList)
|
||||||
|
.where(
|
||||||
|
eq(
|
||||||
|
resourcePolicyWhiteList.resourcePolicyId,
|
||||||
|
policyId
|
||||||
|
)
|
||||||
|
)
|
||||||
|
.limit(1)
|
||||||
|
: Promise.resolve([])
|
||||||
|
]);
|
||||||
|
|
||||||
|
const hasPassword =
|
||||||
|
passwordCheck.length > 0 || policyPasswordCheck.length > 0;
|
||||||
|
const hasPincode =
|
||||||
|
pincodeCheck.length > 0 || policyPincodeCheck.length > 0;
|
||||||
const hasWhitelist =
|
const hasWhitelist =
|
||||||
whitelistCheck.length > 0 || resource.emailWhitelistEnabled;
|
whitelistCheck.length > 0 ||
|
||||||
|
policyWhitelistCheck.length > 0 ||
|
||||||
|
resource.emailWhitelistEnabled ||
|
||||||
|
!!resource.policyEmailWhitelistEnabled;
|
||||||
|
|
||||||
return {
|
return {
|
||||||
resourceId: resource.resourceId,
|
resourceId: resource.resourceId,
|
||||||
@@ -418,7 +487,7 @@ export type GetUserResourcesResponse = {
|
|||||||
domain: string;
|
domain: string;
|
||||||
enabled: boolean;
|
enabled: boolean;
|
||||||
protected: boolean;
|
protected: boolean;
|
||||||
ode: string;
|
mode: string;
|
||||||
}>;
|
}>;
|
||||||
siteResources: Array<{
|
siteResources: Array<{
|
||||||
siteResourceId: number;
|
siteResourceId: number;
|
||||||
|
|||||||
Reference in New Issue
Block a user