mirrors/oneuptime
1
0
Fork 0
mirror of https://github.com/OneUptime/oneuptime synced 2024-11-22 15:24:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

add unauthorized sso permission

Browse Source
This commit is contained in:
Simon Larsen 2023-03-07 19:53:38 +00:00
parent 9f5d191226
commit 102657091b
No known key found for this signature in database
GPG Key ID: AB45983AA9C81CDE
5 changed files with 53 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Common/Types/Permission.ts
View File

@ -15,6 +15,9 @@ enum Permission {
// All users in the project will have this permission.
ProjectUser = 'ProjectUser',
// Users who are in the project but do not have SSO authorization.
UnAuthorizedSsoUser = 'UnAuthorizedSsoUser',
// Owner of a Project
ProjectOwner = 'ProjectOwner',

35
CommonServer/Middleware/UserAuthorization.ts
View File

@ -262,22 +262,29 @@ export default class UserMiddleware {
projectId,
new ObjectID(userId)
)
) {
// Just add ProjectUser Permission in this case.
}
// get project level permissions if projectid exists in request.
const userTenantAccessPermission: UserTenantAccessPermission | null =
await AccessTokenService.getUserTenantAccessPermission(
oneuptimeRequest.userAuthorization.userId,
projectId
);
if (userTenantAccessPermission) {
) {
// Add default permissions.
const userTenantAccessPermission: UserTenantAccessPermission | null = AccessTokenService.getDefaultUserTenantAccessPermission(projectId);
oneuptimeRequest.userTenantAccessPermission[
projectId.toString()
] = userTenantAccessPermission;
} else {
// get project level permissions if projectid exists in request.
const userTenantAccessPermission: UserTenantAccessPermission | null =
await AccessTokenService.getUserTenantAccessPermission(
oneuptimeRequest.userAuthorization.userId,
projectId
);
if (userTenantAccessPermission) {
oneuptimeRequest.userTenantAccessPermission[
projectId.toString()
] = userTenantAccessPermission;
}
}
}
}
@ -305,7 +312,7 @@ export default class UserMiddleware {
const projectValue: string = JSON.stringify(
JSONFunctions.serialize(
oneuptimeRequest.userTenantAccessPermission[
tenantId.toString()
tenantId.toString()
]!
)
);
@ -320,7 +327,7 @@ export default class UserMiddleware {
req.headers &&
req.headers['project-permissions-hash'] &&
req.headers['project-permissions-hash'] ===
projectPermissionsHash
projectPermissionsHash
)
) {
res.set('project-permissions', projectValue);

2
CommonServer/Services/AccessTokenService.ts
View File

@ -72,7 +72,7 @@ export default class AccessTokenService {
});
userPermissions.push({
permission: Permission.ProjectUser,
permission: Permission.UnAuthorizedSsoUser,
labelIds: [],
_type: 'UserPermission',
});

18
Model/Models/Project.ts
View File

@ -28,6 +28,7 @@ import MultiTenentQueryAllowed from 'Common/Types/Database/MultiTenentQueryAllow
Permission.ProjectAdmin,
Permission.ProjectMember,
Permission.CanReadProject,
Permission.UnAuthorizedSsoUser,
Permission.ProjectUser,
],
delete: [Permission.ProjectOwner, Permission.CanDeleteProject],
@ -58,6 +59,7 @@ export default class Model extends TenantModel {
Permission.ProjectAdmin,
Permission.ProjectMember,
Permission.CanReadProject,
Permission.UnAuthorizedSsoUser,
Permission.ProjectUser,
],
update: [
@ -86,6 +88,7 @@ export default class Model extends TenantModel {
Permission.ProjectAdmin,
Permission.ProjectMember,
Permission.CanReadProject,
Permission.UnAuthorizedSsoUser,
Permission.ProjectUser,
],
update: [],
@ -106,6 +109,7 @@ export default class Model extends TenantModel {
Permission.ProjectAdmin,
Permission.ProjectMember,
Permission.CanReadProject,
Permission.UnAuthorizedSsoUser,
Permission.ProjectUser,
],
update: [Permission.ProjectOwner],
@ -126,6 +130,7 @@ export default class Model extends TenantModel {
Permission.ProjectAdmin,
Permission.ProjectMember,
Permission.CanReadProject,
Permission.UnAuthorizedSsoUser,
Permission.ProjectUser,
],
update: [],
@ -146,6 +151,7 @@ export default class Model extends TenantModel {
Permission.ProjectAdmin,
Permission.ProjectMember,
Permission.CanReadProject,
Permission.UnAuthorizedSsoUser,
Permission.ProjectUser,
],
update: [],
@ -165,6 +171,7 @@ export default class Model extends TenantModel {
Permission.ProjectAdmin,
Permission.ProjectMember,
Permission.CanReadProject,
Permission.UnAuthorizedSsoUser,
Permission.ProjectUser,
],
update: [],
@ -184,6 +191,7 @@ export default class Model extends TenantModel {
Permission.ProjectAdmin,
Permission.ProjectMember,
Permission.CanReadProject,
Permission.UnAuthorizedSsoUser,
Permission.ProjectUser,
],
update: [],
@ -204,6 +212,7 @@ export default class Model extends TenantModel {
Permission.ProjectAdmin,
Permission.ProjectMember,
Permission.CanReadProject,
Permission.UnAuthorizedSsoUser,
Permission.ProjectUser,
],
update: [],
@ -224,6 +233,7 @@ export default class Model extends TenantModel {
Permission.ProjectAdmin,
Permission.ProjectMember,
Permission.CanReadProject,
Permission.UnAuthorizedSsoUser,
Permission.ProjectUser,
],
update: [],
@ -247,6 +257,7 @@ export default class Model extends TenantModel {
Permission.ProjectAdmin,
Permission.ProjectMember,
Permission.CanReadProject,
Permission.UnAuthorizedSsoUser,
Permission.ProjectUser,
],
update: [],
@ -277,6 +288,7 @@ export default class Model extends TenantModel {
Permission.ProjectAdmin,
Permission.ProjectMember,
Permission.CanReadProject,
Permission.UnAuthorizedSsoUser,
Permission.ProjectUser,
],
update: [],
@ -320,6 +332,7 @@ export default class Model extends TenantModel {
Permission.ProjectAdmin,
Permission.ProjectMember,
Permission.CanReadProject,
Permission.UnAuthorizedSsoUser,
Permission.ProjectUser,
],
update: [],
@ -339,6 +352,7 @@ export default class Model extends TenantModel {
Permission.ProjectAdmin,
Permission.ProjectMember,
Permission.CanReadProject,
Permission.UnAuthorizedSsoUser,
Permission.ProjectUser,
],
update: [
@ -442,7 +456,8 @@ export default class Model extends TenantModel {
Permission.ProjectAdmin,
Permission.ProjectMember,
Permission.CanReadProject,
Permission.ProjectUser,
Permission.UnAuthorizedSsoUser,
Permission.CanReadWorkflow
],
update: [],
})
@ -461,6 +476,7 @@ export default class Model extends TenantModel {
Permission.ProjectAdmin,
Permission.ProjectMember,
Permission.CanReadProject,
Permission.UnAuthorizedSsoUser,
Permission.ProjectUser,
],
update: [

12
Model/Models/ProjectSso.ts
View File

@ -49,8 +49,10 @@ import MultiTenentQueryAllowed from 'Common/Types/Database/MultiTenentQueryAllow
read: [
Permission.ProjectOwner,
Permission.ProjectUser,
Permission.UnAuthorizedSsoUser,
Permission.ProjectAdmin,
Permission.ProjectUser,
Permission.UnAuthorizedSsoUser,
Permission.CanReadProjectSSO,
],
delete: [
@ -85,7 +87,9 @@ export default class ProjectSSO extends BaseModel {
Permission.ProjectOwner,
Permission.ProjectAdmin,
Permission.ProjectUser,
Permission.UnAuthorizedSsoUser,
Permission.ProjectUser,
Permission.UnAuthorizedSsoUser,
Permission.CanReadProjectSSO,
],
update: [],
@ -119,8 +123,10 @@ export default class ProjectSSO extends BaseModel {
Permission.ProjectOwner,
Permission.ProjectAdmin,
Permission.ProjectUser,
Permission.UnAuthorizedSsoUser,
Permission.CanReadProjectSSO,
Permission.ProjectUser,
Permission.UnAuthorizedSsoUser,
],
update: [],
})
@ -147,8 +153,10 @@ export default class ProjectSSO extends BaseModel {
Permission.ProjectOwner,
Permission.ProjectAdmin,
Permission.ProjectUser,
Permission.UnAuthorizedSsoUser,
Permission.CanReadProjectSSO,
Permission.ProjectUser,
Permission.UnAuthorizedSsoUser,
],
update: [
Permission.ProjectOwner,
@ -179,8 +187,8 @@ export default class ProjectSSO extends BaseModel {
Permission.ProjectOwner,
Permission.ProjectAdmin,
Permission.ProjectUser,
Permission.UnAuthorizedSsoUser,
Permission.CanReadProjectSSO,
Permission.ProjectUser,
],
update: [
Permission.ProjectOwner,
@ -270,6 +278,7 @@ export default class ProjectSSO extends BaseModel {
Permission.ProjectAdmin,
Permission.CanReadProjectSSO,
Permission.ProjectUser,
Permission.UnAuthorizedSsoUser,
],
update: [
Permission.ProjectOwner,
@ -502,6 +511,7 @@ export default class ProjectSSO extends BaseModel {
Permission.ProjectOwner,
Permission.ProjectAdmin,
Permission.ProjectUser,
Permission.UnAuthorizedSsoUser,
Permission.CanReadProjectSSO,
],
update: [