Merge pull request #93 from import-ai/refactor/perf

refactor(resources): optimize API

Author: ycdzj

src/app/app.module.ts

@@ -80,8 +80,6 @@ import { LoggerMiddleware } from './logger.middleware';
 })
 export class AppModule implements NestModule {
   configure(consumer: MiddlewareConsumer) {
-    consumer
-      .apply(LoggerMiddleware)
-      .forRoutes('*');
+    consumer.apply(LoggerMiddleware).forRoutes('*');
   }
 }

src/app/logger.middleware.ts

@@ -14,4 +14,3 @@ export class LoggerMiddleware implements NestMiddleware {
     next();
   }
 }
-

src/groups/entities/group-user.entity.ts

@@ -28,6 +28,9 @@ export class GroupUser extends Base {
   @JoinColumn({ name: 'group_id' })
   group: Group;
 
+  @Column({ name: 'group_id', nullable: false })
+  groupId: string;
+
   @ManyToOne(() => User, { nullable: false })
   @JoinColumn({ name: 'user_id' })
   user: User;

src/namespaces/namespaces.service.ts

@@ -290,20 +290,19 @@ export class NamespacesService {
     });
   }
 
-  async getRoot(namespace: string, spaceType: SpaceType, userId: string) {
+  async getRoot(namespaceId: string, spaceType: SpaceType, userId: string) {
     let resource: Resource | null;
     if (spaceType === SpaceType.TEAMSPACE) {
-      resource = await this.getTeamspaceRoot(namespace);
+      resource = await this.getTeamspaceRoot(namespaceId);
     } else {
-      resource = await this.getPrivateRoot(userId, namespace);
+      resource = await this.getPrivateRoot(userId, namespaceId);
     }
-    const children = await this.resourceService.query({
-      namespaceId: namespace,
-      spaceType,
-      parentId: resource.id,
+    const children = await this.resourceService.listChildren(
+      namespaceId,
+      resource.id,
       userId,
-    });
-    return { ...resource, parentId: '0', spaceType, children };
+    );
+    return { ...resource, parentId: '0', children };
   }
 
   async userIsOwner(namespaceId: string, userId: string): Promise<boolean> {

src/permissions/entities/user-permission.entity.ts

@@ -32,6 +32,9 @@ export class UserPermission extends Base {
   @JoinColumn({ name: 'resource_id' })
   resource?: Resource;
 
+  @Column({ name: 'resource_id', nullable: false })
+  resourceId: string;
+
   @ManyToOne(() => User, { nullable: false })
   @JoinColumn({ name: 'user_id' })
   user?: User;

src/permissions/permission-level.enum.ts

@@ -20,3 +20,26 @@ export function comparePermissionLevel(
 ): number {
   return order.indexOf(a) - order.indexOf(b);
 }
+
+export function maxPermission(
+  a: PermissionLevel | null,
+  b: PermissionLevel | null,
+): PermissionLevel | null {
+  if (!a) {
+    return b;
+  }
+  if (!b) {
+    return a;
+  }
+  return comparePermissionLevel(a, b) > 0 ? a : b;
+}
+
+export function maxPermissions(
+  permissions: Array<PermissionLevel | null>,
+): PermissionLevel | null {
+  let permission: PermissionLevel | null = null;
+  for (const p of permissions) {
+    permission = maxPermission(permission, p);
+  }
+  return permission;
+}

src/permissions/permissions.service.ts

@@ -1,11 +1,13 @@
 import { Injectable } from '@nestjs/common';
 import { InjectRepository } from '@nestjs/typeorm';
-import { DataSource, EntityManager, IsNull, Repository } from 'typeorm';
+import { DataSource, EntityManager, In, IsNull, Repository } from 'typeorm';
 import { PermissionDto } from './dto/permission.dto';
 import { ListRespDto, UserPermissionDto } from './dto/list-resp.dto';
 import { plainToInstance } from 'class-transformer';
 import {
   comparePermissionLevel,
+  maxPermission,
+  maxPermissions,
   PermissionLevel,
 } from './permission-level.enum';
 import { UserPermission } from './entities/user-permission.entity';
@@ -14,6 +16,7 @@ import { Resource } from 'src/resources/resources.entity';
 import { UserService } from 'src/user/user.service';
 import { GroupUser } from 'src/groups/entities/group-user.entity';
 import { NamespaceMember } from 'src/namespaces/entities/namespace-member.entity';
+import { Record } from 'openai/core';
 
 @Injectable()
 export class PermissionsService {
@@ -428,6 +431,102 @@ export class PermissionsService {
     return level;
   }
 
+  getGlobalPermissionFromParents(
+    parentResources: Resource[],
+  ): PermissionLevel | null {
+    for (const resource of parentResources) {
+      if (resource.globalLevel) {
+        return resource.globalLevel;
+      }
+    }
+    return null;
+  }
+
+  async getUserPermissionFromParents(
+    namespaceId: string,
+    parentResourceIds: string[],
+    userId: string,
+  ): Promise<PermissionLevel | null> {
+    const userPermissions = await this.userPermiRepo.find({
+      where: {
+        namespace: { id: namespaceId },
+        user: { id: userId },
+        resourceId: In(parentResourceIds),
+      },
+    });
+    const userPermiMap: Map<string, UserPermission> = new Map(
+      userPermissions.map((permi) => [permi.resourceId, permi]),
+    );
+    for (const resourceId of parentResourceIds) {
+      const permission = userPermiMap.get(resourceId);
+      if (permission) {
+        return permission.level;
+      }
+    }
+    return null;
+  }
+
+  async getGroupPermissionFromParents(
+    namespaceId: string,
+    parentResourceIds: string[],
+    groupIds: string[],
+  ): Promise<PermissionLevel | null> {
+    const groupPermissions = await this.groupPermiRepo.find({
+      where: {
+        namespace: { id: namespaceId },
+        resource: { id: In(parentResourceIds) },
+        group: { id: In(groupIds) },
+      },
+    });
+    const permiMap: Map<string, PermissionLevel | null> = new Map();
+    for (const groupPermi of groupPermissions) {
+      const resourceId = groupPermi.resource!.id;
+      const curPermi = permiMap.get(resourceId) || null;
+      permiMap.set(resourceId, maxPermission(curPermi, groupPermi.level));
+    }
+    for (const resourceId of parentResourceIds) {
+      const permission = permiMap.get(resourceId);
+      if (permission) {
+        return permission;
+      }
+    }
+    return null;
+  }
+
+  async getCurrentPermissionFromParents(
+    namespaceId: string,
+    parentResources: Resource[],
+    userId: string,
+  ): Promise<PermissionLevel> {
+    const groups = await this.groupUserRepository.find({
+      where: {
+        namespace: { id: namespaceId },
+        user: { id: userId },
+      },
+    });
+    const groupIds = groups.map((group) => group.groupId);
+    const parentResourceIds = parentResources.map((resource) => resource.id);
+
+    const globalPermission =
+      this.getGlobalPermissionFromParents(parentResources);
+    const userPermission = await this.getUserPermissionFromParents(
+      namespaceId,
+      parentResourceIds,
+      userId,
+    );
+    const groupPermission = await this.getGroupPermissionFromParents(
+      namespaceId,
+      parentResourceIds,
+      groupIds,
+    );
+    const curPermission = maxPermissions([
+      globalPermission,
+      userPermission,
+      groupPermission,
+    ]);
+    return curPermission || PermissionLevel.NO_ACCESS;
+  }
+
   async getParentId(
     namespaceId: string,
     resourceId: string,

src/resources/resources.controller.ts

@@ -8,6 +8,7 @@ import {
   Delete,
   ForbiddenException,
   Get,
+  NotFoundException,
   Param,
   ParseIntPipe,
   Patch,
@@ -77,6 +78,19 @@ export class ResourcesController {
     });
   }
 
+  @Get(':resourceId/children')
+  async listChildren(
+    @Req() req,
+    @Param('namespaceId') namespaceId: string,
+    @Param('resourceId') resourceId: string,
+  ) {
+    return this.resourcesService.listChildren(
+      namespaceId,
+      resourceId,
+      req.user.id,
+    );
+  }
+
   @Post(':resourceId/move/:targetId')
   async move(
     @Req() req,
@@ -107,48 +121,62 @@ export class ResourcesController {
     });
   }
 
-  @Get(':resourceId/path')
-  async path(
-    @Req() req,
-    @Param('namespaceId') namespaceId: string,
-    @Param('resourceId') resourceId: string,
-  ) {
-    const resources: Array<Resource> = [];
-    let currentResource = await this.resourcesService.get(resourceId);
-    while (currentResource && currentResource.parentId) {
-      resources.push(currentResource);
-      currentResource = await this.resourcesService.get(
-        currentResource.parentId,
-      );
-    }
-    return await this.resourcesService.permissionFilter(
-      namespaceId,
-      req.user.id,
-      resources,
-    );
-  }
+  // @Get(':resourceId/path')
+  // async path(
+  //   @Req() req,
+  //   @Param('namespaceId') namespaceId: string,
+  //   @Param('resourceId') resourceId: string,
+  // ) {
+  //   const resources: Array<Resource> = [];
+  //   let currentResource = await this.resourcesService.get(resourceId);
+  //   while (currentResource && currentResource.parentId) {
+  //     resources.push(currentResource);
+  //     currentResource = await this.resourcesService.get(
+  //       currentResource.parentId,
+  //     );
+  //   }
+  //   return await this.resourcesService.permissionFilter(
+  //     namespaceId,
+  //     req.user.id,
+  //     resources,
+  //   );
+  // }
 
   @Get(':resourceId')
   async get(
     @Req() req,
     @Param('namespaceId') namespaceId: string,
     @Param('resourceId') resourceId: string,
   ) {
-    const hasPermission = await this.permissionsService.userHasPermission(
+    const userId: string = req.user.id;
+
+    const resource = await this.resourcesService.get(resourceId);
+    if (resource.namespaceId !== namespaceId) {
+      throw new NotFoundException('Not found');
+    }
+    const parentResources = await this.resourcesService.getParentResources(
       namespaceId,
-      resourceId,
-      req.user.id,
+      resource.parentId,
     );
-    if (!hasPermission) {
+
+    const permission =
+      await this.permissionsService.getCurrentPermissionFromParents(
+        namespaceId,
+        [resource, ...parentResources],
+        userId,
+      );
+    if (permission === PermissionLevel.NO_ACCESS) {
       throw new ForbiddenException('Not authorized');
     }
-    const currentLevel = await this.permissionsService.getCurrentLevel(
-      namespaceId,
-      resourceId,
-      req.user.id,
-    );
-    const resource = await this.resourcesService.get(resourceId);
-    return { ...resource, currentLevel };
+
+    const path = [resource, ...parentResources]
+      .filter((r) => r.parentId) // remove root resource
+      .map((r) => ({
+        id: r.id,
+        name: r.name,
+      }))
+      .reverse();
+    return { ...resource, currentLevel: permission, path };
   }
 
   @Patch(':resourceId')

src/resources/resources.entity.ts

@@ -64,4 +64,7 @@ export class Resource extends Base {
   @ManyToOne(() => Namespace)
   @JoinColumn({ name: 'namespace_id' })
   namespace: Namespace;
+
+  @Column({ name: 'namespace_id' })
+  namespaceId: string;
 }