forked from ToolJet/ToolJet
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path1632468258787-PopulateUserGroupsFromOrganizationRoles.ts
135 lines (116 loc) · 4.61 KB
/
1632468258787-PopulateUserGroupsFromOrganizationRoles.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
import { EntityManager, MigrationInterface, QueryRunner } from 'typeorm';
import { Organization } from '../src/entities/organization.entity';
import { GroupPermission } from '../src/entities/group_permission.entity';
import { AppGroupPermission } from '../src/entities/app_group_permission.entity';
import { UserGroupPermission } from '../src/entities/user_group_permission.entity';
import { App } from '../src/entities/app.entity';
import { OrganizationUser } from 'src/entities/organization_user.entity';
export class PopulateUserGroupsFromOrganizationRoles1632468258787 implements MigrationInterface {
public async up(queryRunner: QueryRunner): Promise<void> {
const entityManager = queryRunner.manager;
const OrganizationRepository = entityManager.getRepository(Organization);
const organizations = await OrganizationRepository.find({ select: ['id'] });
for (const organization of organizations) {
const groupPermissions = await setupInitialGroupPermissions(entityManager, organization);
await setupUserAndAppGroupPermissions(entityManager, organization, groupPermissions);
}
}
public async down(queryRunner: QueryRunner): Promise<void> {
const entityManager = queryRunner.manager;
await entityManager.createQueryBuilder().delete().from(GroupPermission).execute();
await entityManager.createQueryBuilder().delete().from(AppGroupPermission).execute();
await entityManager.createQueryBuilder().delete().from(UserGroupPermission).execute();
}
}
async function setupInitialGroupPermissions(
entityManager: EntityManager,
organization: Organization
): Promise<Array<GroupPermission>> {
const existingRoles = ['admin', 'developer', 'viewer'];
const groupsToCreate = ['all_users', ...existingRoles];
const createdGroupPermissionIds = [];
for (const group of groupsToCreate) {
// Note: Since we are running data population as a part of migrations
// queries run should explicitly mention what columns are being used and
// what data is returned. This is because the entity at hand can be updated
// at code and the database schema would not represent it when migrations
// are run.
const insertResult = await entityManager
.createQueryBuilder()
.insert()
.into(GroupPermission, ['organizationId', 'group'])
.values({
organizationId: organization.id,
group: group,
})
.returning('id')
.execute();
createdGroupPermissionIds.push(insertResult.raw[0].id);
}
const groupPermissionRepository = entityManager.getRepository(GroupPermission);
return await groupPermissionRepository.findByIds(createdGroupPermissionIds, {
select: ['id', 'group', 'organizationId'],
});
}
async function setupUserAndAppGroupPermissions(
entityManager: EntityManager,
organization: Organization,
createdGroupPermissions: Array<GroupPermission>
): Promise<void> {
const appRepository = entityManager.getRepository(App);
const organizationApps = await appRepository.find({
where: { organizationId: organization.id },
select: ['id'],
});
for (const groupPermission of createdGroupPermissions) {
const orgUsers = await entityManager.find(OrganizationUser, {
where: { organizationId: organization.id },
select: ['id', 'role'],
});
const usersForGroup = orgUsers.filter(
(u) => u.role == groupPermission.group || groupPermission.group == 'all_users'
);
for (const user of usersForGroup) {
await entityManager
.createQueryBuilder()
.insert()
.into(UserGroupPermission, ['groupPermissionId', 'userId'])
.values({
groupPermissionId: groupPermission.id,
userId: user.id,
})
.returning('id')
.execute();
}
const permissions = determinePermissionsForGroup(groupPermission.group);
for (const app of organizationApps) {
await entityManager
.createQueryBuilder()
.insert()
.into(AppGroupPermission, ['groupPermissionId', 'appId', 'read', 'update', 'delete'])
.values({
groupPermissionId: groupPermission.id,
appId: app.id,
...permissions,
})
.returning('id')
.execute();
}
}
}
function determinePermissionsForGroup(group: string): {
read: boolean;
update: boolean;
delete: boolean;
} {
switch (group) {
case 'all_users':
return { read: true, update: false, delete: false };
case 'admin':
return { read: true, update: true, delete: true };
case 'developer':
return { read: true, update: true, delete: true };
case 'viewer':
return { read: true, update: false, delete: false };
}
}