🚧 WIP

2026-05-08 21:37:11 +00:00 · 2026-03-10 18:54:26 +01:00
parent 6686de6788
commit 61ec938b00
11 changed files with 191 additions and 312 deletions
--- a/server/auth/actions.ts
+++ b/server/auth/actions.ts
@@ -146,7 +146,8 @@ export enum ActionsEnum {
    setResourcePolicyPincode = "setResourcePolicyPincode",
    setResourcePolicyHeaderAuth = "setResourcePolicyHeaderAuth",
    setResourcePolicyWhitelist = "setResourcePolicyWhitelist",
-    setResourcePolicyRules = "setResourcePolicyRules"
+    setResourcePolicyRules = "setResourcePolicyRules",
+    getResourcePolicies = "getResourcePolicies"
 }

 export async function checkUserActionPermission(
--- a/server/routers/external.ts
+++ b/server/routers/external.ts
@@ -636,6 +636,13 @@ authenticated.get(
    policy.getResourcePolicy
 );

+authenticated.get(
+    "/resource/:resourceId/policies",
+    verifyResourceAccess,
+    verifyUserHasAction(ActionsEnum.getResourcePolicies),
+    resource.getResourcePolicies
+);
+
 authenticated.put(
    "/resource-policy/:resourcePolicyId",
    verifyResourcePolicyAccess,
--- a/server/routers/integration.ts
+++ b/server/routers/integration.ts
@@ -453,6 +453,13 @@ authenticated.get(
    policy.getResourcePolicy
 );

+authenticated.get(
+    "/resource/:resourceId/policies",
+    verifyApiKeyResourceAccess,
+    verifyApiKeyHasAction(ActionsEnum.getResourcePolicies),
+    resource.getResourcePolicies
+);
+
 authenticated.post(
    "/resource/:resourceId",
    verifyApiKeyResourceAccess,
--- a/server/routers/policy/getResourcePolicy.ts
+++ b/server/routers/policy/getResourcePolicy.ts
@@ -40,7 +40,9 @@ const getResourcePolicySchema = z
        })
    );

-async function query(params: z.infer<typeof getResourcePolicySchema>) {
+export async function queryResourcePolicy(
+    params: z.infer<typeof getResourcePolicySchema>
+) {
    const conditions: SQL<unknown>[] = [];
    if ("resourcePolicyId" in params) {
        conditions.push(
@@ -158,7 +160,7 @@ async function query(params: z.infer<typeof getResourcePolicySchema>) {
 }

 export type GetResourcePolicyResponse = NonNullable<
-    Awaited<ReturnType<typeof query>>
+    Awaited<ReturnType<typeof queryResourcePolicy>>
 >;

 registry.registerPath({
@@ -205,7 +207,7 @@ export async function getResourcePolicy(
            );
        }

-        const policy = await query(parsedParams.data);
+        const policy = await queryResourcePolicy(parsedParams.data);

        if (!policy) {
            return next(
--- a/server/routers/resource/getResourcePolicies.ts
+++ b/server/routers/resource/getResourcePolicies.ts
@@ -0,0 +1,88 @@
+import { db, resources } from "@server/db";
+import {
+    queryResourcePolicy,
+    type GetResourcePolicyResponse
+} from "@server/routers/policy/getResourcePolicy";
+import response from "@server/lib/response";
+import logger from "@server/logger";
+import { OpenAPITags, registry } from "@server/openApi";
+import HttpCode from "@server/types/HttpCode";
+import { eq } from "drizzle-orm";
+import type { NextFunction, Request, Response } from "express";
+import createHttpError from "http-errors";
+import z from "zod";
+import { fromError } from "zod-validation-error";
+
+const getResourcePoliciesParamsSchema = z.strictObject({
+    resourceId: z.string().transform(Number).pipe(z.int().positive())
+});
+
+export type GetResourcePoliciesResponse = {
+    defaultPolicy: GetResourcePolicyResponse | null;
+};
+
+registry.registerPath({
+    method: "get",
+    path: "/resource/{resourceId}/policies",
+    description: "Get the default policy for a resource.",
+    tags: [OpenAPITags.PublicResource, OpenAPITags.Policy],
+    request: {
+        params: getResourcePoliciesParamsSchema
+    },
+    responses: {}
+});
+
+export async function getResourcePolicies(
+    req: Request,
+    res: Response,
+    next: NextFunction
+): Promise<any> {
+    try {
+        const parsedParams = getResourcePoliciesParamsSchema.safeParse(
+            req.params
+        );
+        if (!parsedParams.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedParams.error).toString()
+                )
+            );
+        }
+
+        const { resourceId } = parsedParams.data;
+
+        const [resource] = await db
+            .select({
+                defaultResourcePolicyId: resources.defaultResourcePolicyId
+            })
+            .from(resources)
+            .where(eq(resources.resourceId, resourceId))
+            .limit(1);
+
+        if (!resource) {
+            return next(
+                createHttpError(HttpCode.NOT_FOUND, "Resource not found")
+            );
+        }
+
+        const defaultPolicy = resource.defaultResourcePolicyId
+            ? await queryResourcePolicy({
+                  resourcePolicyId: resource.defaultResourcePolicyId
+              })
+            : null;
+
+        return response<GetResourcePoliciesResponse>(res, {
+            data: { defaultPolicy },
+            success: true,
+            error: false,
+            message: "Resource policies retrieved successfully",
+            status: HttpCode.OK
+        });
+    } catch (error) {
+        logger.error(error);
+        return next(
+            createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
+        );
+    }
+}
--- a/server/routers/resource/index.ts
+++ b/server/routers/resource/index.ts
@@ -31,3 +31,4 @@ export * from "./addUserToResource";
 export * from "./removeUserFromResource";
 export * from "./listAllResourceNames";
 export * from "./removeEmailFromResourceWhitelist";
+export * from "./getResourcePolicies";