Pull from the policies to show to users

This commit is contained in:
Owen
2026-06-01 17:49:09 -07:00
parent 1625dd1add
commit 4d6ed7eec5
+113 -44
View File
@@ -7,11 +7,15 @@ import {
roleResources, roleResources,
userPolicies, userPolicies,
rolePolicies, rolePolicies,
resourcePolicies,
userOrgRoles, userOrgRoles,
userOrgs, userOrgs,
resourcePassword, resourcePassword,
resourcePincode, resourcePincode,
resourceWhitelist, resourceWhitelist,
resourcePolicyPassword,
resourcePolicyPincode,
resourcePolicyWhiteList,
siteResources, siteResources,
userSiteResources, userSiteResources,
roleSiteResources, roleSiteResources,
@@ -29,6 +33,10 @@ export async function getUserResources(
next: NextFunction next: NextFunction
): Promise<any> { ): Promise<any> {
try { try {
const effectiveResourcePolicyId = sql<
number | null
>`coalesce(${resources.resourcePolicyId}, ${resources.defaultResourcePolicyId})`;
const orgId = getFirstString(req.params.orgId); const orgId = getFirstString(req.params.orgId);
const userId = req.user?.userId; const userId = req.user?.userId;
@@ -87,7 +95,7 @@ export async function getUserResources(
.from(resources) .from(resources)
.innerJoin( .innerJoin(
userPolicies, userPolicies,
eq(resources.resourcePolicyId, userPolicies.resourcePolicyId) eq(effectiveResourcePolicyId, userPolicies.resourcePolicyId)
) )
.where(eq(userPolicies.userId, userId)); .where(eq(userPolicies.userId, userId));
@@ -99,7 +107,7 @@ export async function getUserResources(
.innerJoin( .innerJoin(
rolePolicies, rolePolicies,
eq( eq(
resources.resourcePolicyId, effectiveResourcePolicyId,
rolePolicies.resourcePolicyId rolePolicies.resourcePolicyId
) )
) )
@@ -145,15 +153,22 @@ export async function getUserResources(
...rolePolicyResourceResults.map((r) => r.resourceId) ...rolePolicyResourceResults.map((r) => r.resourceId)
]; ];
// remove duplicates
const uniqueResourceIds = Array.from(new Set(accessibleResourceIds));
// Combine all accessible site resource IDs // Combine all accessible site resource IDs
const accessibleSiteResourceIds = [ const accessibleSiteResourceIds = [
...directSiteResourceResults.map((r) => r.siteResourceId), ...directSiteResourceResults.map((r) => r.siteResourceId),
...roleSiteResourceResults.map((r) => r.siteResourceId) ...roleSiteResourceResults.map((r) => r.siteResourceId)
]; ];
const uniqueSiteResourceIds = Array.from(
new Set(accessibleSiteResourceIds)
);
// Get resource details for accessible resources // Get resource details for accessible resources
let resourcesData: Array<{ let resourcesData: Array<{
resourceId: number; resourceId: number;
effectiveResourcePolicyId: number | null;
name: string; name: string;
fullDomain: string | null; fullDomain: string | null;
ssl: boolean; ssl: boolean;
@@ -161,23 +176,34 @@ export async function getUserResources(
sso: boolean; sso: boolean;
mode: string; mode: string;
emailWhitelistEnabled: boolean; emailWhitelistEnabled: boolean;
policyEmailWhitelistEnabled: boolean | null;
}> = []; }> = [];
if (accessibleResourceIds.length > 0) { if (uniqueResourceIds.length > 0) {
resourcesData = await db resourcesData = await db
.select({ .select({
resourceId: resources.resourceId, resourceId: resources.resourceId,
effectiveResourcePolicyId,
name: resources.name, name: resources.name,
fullDomain: resources.fullDomain, fullDomain: resources.fullDomain,
ssl: resources.ssl, ssl: resources.ssl,
enabled: resources.enabled, enabled: resources.enabled,
sso: resources.sso, sso: resources.sso,
mode: resources.mode, mode: resources.mode,
emailWhitelistEnabled: resources.emailWhitelistEnabled emailWhitelistEnabled: resources.emailWhitelistEnabled,
policyEmailWhitelistEnabled:
resourcePolicies.emailWhitelistEnabled
}) })
.from(resources) .from(resources)
.leftJoin(
resourcePolicies,
eq(
effectiveResourcePolicyId,
resourcePolicies.resourcePolicyId
)
)
.where( .where(
and( and(
inArray(resources.resourceId, accessibleResourceIds), inArray(resources.resourceId, uniqueResourceIds),
eq(resources.orgId, orgId), eq(resources.orgId, orgId),
eq(resources.enabled, true) eq(resources.enabled, true)
) )
@@ -206,7 +232,7 @@ export async function getUserResources(
siteAddresses: (string | null)[]; siteAddresses: (string | null)[];
siteOnlines: boolean[]; siteOnlines: boolean[];
}> = []; }> = [];
if (accessibleSiteResourceIds.length > 0) { if (uniqueSiteResourceIds.length > 0) {
const aggCol = <T>(column: any) => { const aggCol = <T>(column: any) => {
if (DB_TYPE === "sqlite") { if (DB_TYPE === "sqlite") {
return sql<T>`json_group_array(${column})`; return sql<T>`json_group_array(${column})`;
@@ -246,7 +272,7 @@ export async function getUserResources(
and( and(
inArray( inArray(
siteResources.siteResourceId, siteResources.siteResourceId,
accessibleSiteResourceIds uniqueSiteResourceIds
), ),
eq(siteResources.orgId, orgId), eq(siteResources.orgId, orgId),
eq(siteResources.enabled, true) eq(siteResources.enabled, true)
@@ -305,44 +331,87 @@ export async function getUserResources(
// Check for password, pincode, and whitelist protection for each resource // Check for password, pincode, and whitelist protection for each resource
const resourcesWithAuth = await Promise.all( const resourcesWithAuth = await Promise.all(
resourcesData.map(async (resource) => { resourcesData.map(async (resource) => {
const [passwordCheck, pincodeCheck, whitelistCheck] = const policyId = resource.effectiveResourcePolicyId;
await Promise.all([
db
.select()
.from(resourcePassword)
.where(
eq(
resourcePassword.resourceId,
resource.resourceId
)
)
.limit(1),
db
.select()
.from(resourcePincode)
.where(
eq(
resourcePincode.resourceId,
resource.resourceId
)
)
.limit(1),
db
.select()
.from(resourceWhitelist)
.where(
eq(
resourceWhitelist.resourceId,
resource.resourceId
)
)
.limit(1)
]);
const hasPassword = passwordCheck.length > 0; const [
const hasPincode = pincodeCheck.length > 0; passwordCheck,
pincodeCheck,
whitelistCheck,
policyPasswordCheck,
policyPincodeCheck,
policyWhitelistCheck
] = await Promise.all([
db
.select()
.from(resourcePassword)
.where(
eq(resourcePassword.resourceId, resource.resourceId)
)
.limit(1),
db
.select()
.from(resourcePincode)
.where(
eq(resourcePincode.resourceId, resource.resourceId)
)
.limit(1),
db
.select()
.from(resourceWhitelist)
.where(
eq(
resourceWhitelist.resourceId,
resource.resourceId
)
)
.limit(1),
policyId
? db
.select()
.from(resourcePolicyPassword)
.where(
eq(
resourcePolicyPassword.resourcePolicyId,
policyId
)
)
.limit(1)
: Promise.resolve([]),
policyId
? db
.select()
.from(resourcePolicyPincode)
.where(
eq(
resourcePolicyPincode.resourcePolicyId,
policyId
)
)
.limit(1)
: Promise.resolve([]),
policyId
? db
.select()
.from(resourcePolicyWhiteList)
.where(
eq(
resourcePolicyWhiteList.resourcePolicyId,
policyId
)
)
.limit(1)
: Promise.resolve([])
]);
const hasPassword =
passwordCheck.length > 0 || policyPasswordCheck.length > 0;
const hasPincode =
pincodeCheck.length > 0 || policyPincodeCheck.length > 0;
const hasWhitelist = const hasWhitelist =
whitelistCheck.length > 0 || resource.emailWhitelistEnabled; whitelistCheck.length > 0 ||
policyWhitelistCheck.length > 0 ||
resource.emailWhitelistEnabled ||
!!resource.policyEmailWhitelistEnabled;
return { return {
resourceId: resource.resourceId, resourceId: resource.resourceId,
@@ -418,7 +487,7 @@ export type GetUserResourcesResponse = {
domain: string; domain: string;
enabled: boolean; enabled: boolean;
protected: boolean; protected: boolean;
ode: string; mode: string;
}>; }>;
siteResources: Array<{ siteResources: Array<{
siteResourceId: number; siteResourceId: number;