✨ apply rules on resource policies

2026-05-09 22:04:16 +00:00 · 2026-03-05 18:13:30 +01:00
parent 8a3c0d9a08
commit de2980e1bc
4 changed files with 90 additions and 16 deletions
--- a/server/db/pg/schema/schema.ts
+++ b/server/db/pg/schema/schema.ts
@@ -661,7 +661,7 @@ export const resourceRules = pgTable("resourceRules", {
    value: varchar("value").notNull()
 });

-export const policyRules = pgTable("policyRules", {
+export const resourcePolicyRules = pgTable("resourcePolicyRules", {
    ruleId: serial("ruleId").primaryKey(),
    resourcePolicyId: integer("resourcePolicyId")
        .notNull()
--- a/server/routers/policy/getResourcePolicy.ts
+++ b/server/routers/policy/getResourcePolicy.ts
@@ -1,6 +1,7 @@
 import {
    db,
    idp,
+    resourcePolicyRules,
    resourcePolicies,
    resourcePolicyHeaderAuth,
    resourcePolicyPassword,
@@ -56,6 +57,7 @@ async function query(params: z.infer<typeof getResourcePolicySchema>) {
        .select({
            resourcePolicyId: resourcePolicies.resourcePolicyId,
            sso: resourcePolicies.sso,
+            applyRules: resourcePolicies.applyRules,
            emailWhitelistEnabled: resourcePolicies.emailWhitelistEnabled,
            idpId: resourcePolicies.idpId,
            niceId: resourcePolicies.niceId,
@@ -134,11 +136,24 @@ async function query(params: z.infer<typeof getResourcePolicySchema>) {
            eq(resourcePolicyWhiteList.resourcePolicyId, res.resourcePolicyId)
        );

+    const policyRules = await db
+        .select({
+            ruleId: resourcePolicyRules.ruleId,
+            enabled: resourcePolicyRules.enabled,
+            priority: resourcePolicyRules.priority,
+            action: resourcePolicyRules.action,
+            match: resourcePolicyRules.match,
+            value: resourcePolicyRules.value
+        })
+        .from(resourcePolicyRules)
+        .where(eq(resourcePolicyRules.resourcePolicyId, res.resourcePolicyId));
+
    return {
        ...res,
        roles: policyRoles,
        users: policyUsers,
-        emailWhiteList: policyEmailWhiteList
+        emailWhiteList: policyEmailWhiteList,
+        rules: policyRules
    };
 }

--- a/server/routers/policy/setResourcePolicyRules.ts
+++ b/server/routers/policy/setResourcePolicyRules.ts
@@ -1,6 +1,6 @@
 import { Request, Response, NextFunction } from "express";
 import { z } from "zod";
-import { db, policyRules, resourcePolicies } from "@server/db";
+import { db, resourcePolicyRules, resourcePolicies } from "@server/db";
 import { eq } from "drizzle-orm";
 import response from "@server/lib/response";
 import HttpCode from "@server/types/HttpCode";
@@ -136,11 +136,13 @@ export async function setResourcePolicyRules(
                .where(eq(resourcePolicies.resourcePolicyId, resourcePolicyId));

            await trx
-                .delete(policyRules)
-                .where(eq(policyRules.resourcePolicyId, resourcePolicyId));
+                .delete(resourcePolicyRules)
+                .where(
+                    eq(resourcePolicyRules.resourcePolicyId, resourcePolicyId)
+                );

            if (rules.length > 0) {
-                await trx.insert(policyRules).values(
+                await trx.insert(resourcePolicyRules).values(
                    rules.map((rule) => ({
                        resourcePolicyId,
                        ...rule