diff --git a/Common/Types/Permission.ts b/Common/Types/Permission.ts index 3c0f7466d5..31e24abac5 100644 --- a/Common/Types/Permission.ts +++ b/Common/Types/Permission.ts @@ -15,6 +15,9 @@ enum Permission { // All users in the project will have this permission. ProjectUser = 'ProjectUser', + // Users who are in the project but do not have SSO authorization. + UnAuthorizedSsoUser = 'UnAuthorizedSsoUser', + // Owner of a Project ProjectOwner = 'ProjectOwner', diff --git a/CommonServer/Middleware/UserAuthorization.ts b/CommonServer/Middleware/UserAuthorization.ts index 5990e5a551..dec7e60843 100644 --- a/CommonServer/Middleware/UserAuthorization.ts +++ b/CommonServer/Middleware/UserAuthorization.ts @@ -262,22 +262,29 @@ export default class UserMiddleware { projectId, new ObjectID(userId) ) - ) { - // Just add ProjectUser Permission in this case. - } - - // get project level permissions if projectid exists in request. - const userTenantAccessPermission: UserTenantAccessPermission | null = - await AccessTokenService.getUserTenantAccessPermission( - oneuptimeRequest.userAuthorization.userId, - projectId - ); - - if (userTenantAccessPermission) { + ) { + // Add default permissions. + const userTenantAccessPermission: UserTenantAccessPermission | null = AccessTokenService.getDefaultUserTenantAccessPermission(projectId); oneuptimeRequest.userTenantAccessPermission[ projectId.toString() ] = userTenantAccessPermission; + + } else { + // get project level permissions if projectid exists in request. + const userTenantAccessPermission: UserTenantAccessPermission | null = + await AccessTokenService.getUserTenantAccessPermission( + oneuptimeRequest.userAuthorization.userId, + projectId + ); + + if (userTenantAccessPermission) { + oneuptimeRequest.userTenantAccessPermission[ + projectId.toString() + ] = userTenantAccessPermission; + } } + + } } @@ -305,7 +312,7 @@ export default class UserMiddleware { const projectValue: string = JSON.stringify( JSONFunctions.serialize( oneuptimeRequest.userTenantAccessPermission[ - tenantId.toString() + tenantId.toString() ]! ) ); @@ -320,7 +327,7 @@ export default class UserMiddleware { req.headers && req.headers['project-permissions-hash'] && req.headers['project-permissions-hash'] === - projectPermissionsHash + projectPermissionsHash ) ) { res.set('project-permissions', projectValue); diff --git a/CommonServer/Services/AccessTokenService.ts b/CommonServer/Services/AccessTokenService.ts index c67f67b50a..65b87d6bea 100644 --- a/CommonServer/Services/AccessTokenService.ts +++ b/CommonServer/Services/AccessTokenService.ts @@ -72,7 +72,7 @@ export default class AccessTokenService { }); userPermissions.push({ - permission: Permission.ProjectUser, + permission: Permission.UnAuthorizedSsoUser, labelIds: [], _type: 'UserPermission', }); diff --git a/Model/Models/Project.ts b/Model/Models/Project.ts index c5f738ee4d..4112f2a470 100644 --- a/Model/Models/Project.ts +++ b/Model/Models/Project.ts @@ -28,6 +28,7 @@ import MultiTenentQueryAllowed from 'Common/Types/Database/MultiTenentQueryAllow Permission.ProjectAdmin, Permission.ProjectMember, Permission.CanReadProject, + Permission.UnAuthorizedSsoUser, Permission.ProjectUser, ], delete: [Permission.ProjectOwner, Permission.CanDeleteProject], @@ -58,6 +59,7 @@ export default class Model extends TenantModel { Permission.ProjectAdmin, Permission.ProjectMember, Permission.CanReadProject, + Permission.UnAuthorizedSsoUser, Permission.ProjectUser, ], update: [ @@ -86,6 +88,7 @@ export default class Model extends TenantModel { Permission.ProjectAdmin, Permission.ProjectMember, Permission.CanReadProject, + Permission.UnAuthorizedSsoUser, Permission.ProjectUser, ], update: [], @@ -106,6 +109,7 @@ export default class Model extends TenantModel { Permission.ProjectAdmin, Permission.ProjectMember, Permission.CanReadProject, + Permission.UnAuthorizedSsoUser, Permission.ProjectUser, ], update: [Permission.ProjectOwner], @@ -126,6 +130,7 @@ export default class Model extends TenantModel { Permission.ProjectAdmin, Permission.ProjectMember, Permission.CanReadProject, + Permission.UnAuthorizedSsoUser, Permission.ProjectUser, ], update: [], @@ -146,6 +151,7 @@ export default class Model extends TenantModel { Permission.ProjectAdmin, Permission.ProjectMember, Permission.CanReadProject, + Permission.UnAuthorizedSsoUser, Permission.ProjectUser, ], update: [], @@ -165,6 +171,7 @@ export default class Model extends TenantModel { Permission.ProjectAdmin, Permission.ProjectMember, Permission.CanReadProject, + Permission.UnAuthorizedSsoUser, Permission.ProjectUser, ], update: [], @@ -184,6 +191,7 @@ export default class Model extends TenantModel { Permission.ProjectAdmin, Permission.ProjectMember, Permission.CanReadProject, + Permission.UnAuthorizedSsoUser, Permission.ProjectUser, ], update: [], @@ -204,6 +212,7 @@ export default class Model extends TenantModel { Permission.ProjectAdmin, Permission.ProjectMember, Permission.CanReadProject, + Permission.UnAuthorizedSsoUser, Permission.ProjectUser, ], update: [], @@ -224,6 +233,7 @@ export default class Model extends TenantModel { Permission.ProjectAdmin, Permission.ProjectMember, Permission.CanReadProject, + Permission.UnAuthorizedSsoUser, Permission.ProjectUser, ], update: [], @@ -247,6 +257,7 @@ export default class Model extends TenantModel { Permission.ProjectAdmin, Permission.ProjectMember, Permission.CanReadProject, + Permission.UnAuthorizedSsoUser, Permission.ProjectUser, ], update: [], @@ -277,6 +288,7 @@ export default class Model extends TenantModel { Permission.ProjectAdmin, Permission.ProjectMember, Permission.CanReadProject, + Permission.UnAuthorizedSsoUser, Permission.ProjectUser, ], update: [], @@ -320,6 +332,7 @@ export default class Model extends TenantModel { Permission.ProjectAdmin, Permission.ProjectMember, Permission.CanReadProject, + Permission.UnAuthorizedSsoUser, Permission.ProjectUser, ], update: [], @@ -339,6 +352,7 @@ export default class Model extends TenantModel { Permission.ProjectAdmin, Permission.ProjectMember, Permission.CanReadProject, + Permission.UnAuthorizedSsoUser, Permission.ProjectUser, ], update: [ @@ -442,7 +456,8 @@ export default class Model extends TenantModel { Permission.ProjectAdmin, Permission.ProjectMember, Permission.CanReadProject, - Permission.ProjectUser, + Permission.UnAuthorizedSsoUser, + Permission.CanReadWorkflow ], update: [], }) @@ -461,6 +476,7 @@ export default class Model extends TenantModel { Permission.ProjectAdmin, Permission.ProjectMember, Permission.CanReadProject, + Permission.UnAuthorizedSsoUser, Permission.ProjectUser, ], update: [ diff --git a/Model/Models/ProjectSso.ts b/Model/Models/ProjectSso.ts index 97af8dc96b..a3e4178193 100644 --- a/Model/Models/ProjectSso.ts +++ b/Model/Models/ProjectSso.ts @@ -49,8 +49,10 @@ import MultiTenentQueryAllowed from 'Common/Types/Database/MultiTenentQueryAllow read: [ Permission.ProjectOwner, Permission.ProjectUser, + Permission.UnAuthorizedSsoUser, Permission.ProjectAdmin, Permission.ProjectUser, + Permission.UnAuthorizedSsoUser, Permission.CanReadProjectSSO, ], delete: [ @@ -85,7 +87,9 @@ export default class ProjectSSO extends BaseModel { Permission.ProjectOwner, Permission.ProjectAdmin, Permission.ProjectUser, + Permission.UnAuthorizedSsoUser, Permission.ProjectUser, + Permission.UnAuthorizedSsoUser, Permission.CanReadProjectSSO, ], update: [], @@ -119,8 +123,10 @@ export default class ProjectSSO extends BaseModel { Permission.ProjectOwner, Permission.ProjectAdmin, Permission.ProjectUser, + Permission.UnAuthorizedSsoUser, Permission.CanReadProjectSSO, Permission.ProjectUser, + Permission.UnAuthorizedSsoUser, ], update: [], }) @@ -147,8 +153,10 @@ export default class ProjectSSO extends BaseModel { Permission.ProjectOwner, Permission.ProjectAdmin, Permission.ProjectUser, + Permission.UnAuthorizedSsoUser, Permission.CanReadProjectSSO, Permission.ProjectUser, + Permission.UnAuthorizedSsoUser, ], update: [ Permission.ProjectOwner, @@ -179,8 +187,8 @@ export default class ProjectSSO extends BaseModel { Permission.ProjectOwner, Permission.ProjectAdmin, Permission.ProjectUser, + Permission.UnAuthorizedSsoUser, Permission.CanReadProjectSSO, - Permission.ProjectUser, ], update: [ Permission.ProjectOwner, @@ -270,6 +278,7 @@ export default class ProjectSSO extends BaseModel { Permission.ProjectAdmin, Permission.CanReadProjectSSO, Permission.ProjectUser, + Permission.UnAuthorizedSsoUser, ], update: [ Permission.ProjectOwner, @@ -502,6 +511,7 @@ export default class ProjectSSO extends BaseModel { Permission.ProjectOwner, Permission.ProjectAdmin, Permission.ProjectUser, + Permission.UnAuthorizedSsoUser, Permission.CanReadProjectSSO, ], update: [