fix: fix some permission issue

undb-io · Aug 10, 2024 · 38fb9fa · 38fb9fa
1 parent 13cb8b7
commit 38fb9fa
Show file tree

Hide file tree

Showing 50 changed files with 720 additions and 435 deletions.
diff --git a/apps/backend/src/modules/auth/auth.ts b/apps/backend/src/modules/auth/auth.ts
@@ -140,10 +140,14 @@ export class Auth {
         emailVerified: user!.emailVerified,
         avatar: user!.avatar,
       })
+
+      const m = member ? { role: member.role, spaceId: member.spaceId } : null
+      setContextValue("member", m)
+
       return {
         user,
         session,
-        member: member ? { role: member.role, spaceId: member.spaceId } : null,
+        member: m,
       }
     }
   }
@@ -236,7 +240,7 @@ export class Auth {
                 })
                 .execute()
 
-              const space = await this.spaceService.createPersonalSpace(username!)
+              const space = await this.spaceService.createSpace({ name: username! })
               await this.spaceMemberService.createMember(userId, space.id.value, "owner")
               if (invitation.isSome()) {
                 await this.spaceMemberService.createMember(
@@ -309,7 +313,7 @@ export class Auth {
           let space = await this.spaceService.getSpace({ userId: user.id })
           if (space.isSome()) {
           } else {
-            space = Some(await this.spaceService.createPersonalSpace(user.username))
+            space = Some(await this.spaceService.createSpace({ name: user.username }))
             await this.spaceMemberService.createMember(user.id, space.unwrap().id.value, "owner")
           }
           const session = await this.lucia.createSession(user.id, { space_id: space.unwrap().id.value })

diff --git a/apps/backend/src/modules/auth/oauth/github.ts b/apps/backend/src/modules/auth/oauth/github.ts
@@ -170,7 +170,7 @@ export class GithubOAuth {
                 provider_user_id: githubUserResult.id.toString(),
               })
               .execute()
-            const space = await this.spaceService.createPersonalSpace(githubUserResult.login)
+            const space = await this.spaceService.createSpace({ name: githubUserResult.login })
             await this.spaceMemberService.createMember(userId, space.id.value, "owner")
 
             return space

diff --git a/apps/backend/src/modules/auth/oauth/google.ts b/apps/backend/src/modules/auth/oauth/google.ts
@@ -160,7 +160,7 @@ export class GoogleOAuth {
                 provider_user_id: googleUserResult.id.toString(),
               })
               .execute()
-            const space = await this.spaceService.createPersonalSpace(googleUserResult.name)
+            const space = await this.spaceService.createSpace({ name: googleUserResult.name })
             await this.spaceMemberService.createMember(userId, space.id.value, "owner")
 
             return space

diff --git a/apps/backend/src/modules/openapi/openapi.tsx → apps/backend/src/modules/openapi/openapi.ts b/apps/backend/src/modules/openapi/openapi.tsx → apps/backend/src/modules/openapi/openapi.ts
@@ -1,3 +1,5 @@
+import { injectSpaceMemberService, type ISpaceMemberService } from "@undb/authz"
+import { type IBaseRepository, injectBaseRepository } from "@undb/base"
 import {
   BulkDeleteRecordsCommand,
   BulkDuplicateRecordsCommand,
@@ -8,28 +10,26 @@ import {
   DuplicateRecordCommand,
   UpdateRecordCommand,
 } from "@undb/commands"
-import { executionContext, getCurrentUser, getCurrentUserId, setContextValue } from "@undb/context/server"
+import { executionContext, getCurrentUserId, setContextValue } from "@undb/context/server"
 import { CommandBus, QueryBus } from "@undb/cqrs"
 import { inject, singleton } from "@undb/di"
-import { type ICommandBus, None, PaginatedDTO, type IQueryBus, Some } from "@undb/domain"
+import { type ICommandBus, type IQueryBus, None, PaginatedDTO, Some } from "@undb/domain"
 import { createLogger } from "@undb/logger"
 import { API_TOKEN_HEADER_NAME, createOpenApiSpec, type IApiTokenService, injectApiTokenService } from "@undb/openapi"
 import { injectQueryBuilder, type IQueryBuilder } from "@undb/persistence"
 import { GetReadableRecordByIdQuery, GetReadableRecordsQuery } from "@undb/queries"
+import { injectSpaceService, type ISpaceService } from "@undb/space"
 import {
   injectRecordRepository,
   injectTableRepository,
-  withUniqueTable,
   type IRecordReadableValueDTO,
   type IRecordRepository,
   type ITableRepository,
+  withUniqueTable,
 } from "@undb/table"
+import { injectUserService, type IUserService } from "@undb/user"
 import Elysia, { t } from "elysia"
 import { withTransaction } from "../../db"
-import { type IBaseRepository, injectBaseRepository } from "@undb/base"
-import { injectUserService, type IUserService } from "@undb/user"
-import { injectSpaceMemberService, type ISpaceMemberService } from "@undb/authz"
-import { injectSpaceService, type ISpaceService } from "@undb/space"
 
 @singleton()
 export class OpenAPI {

diff --git a/apps/backend/src/modules/space/space.module.ts b/apps/backend/src/modules/space/space.module.ts
@@ -1,5 +1,6 @@
+import { checkPermission } from "@undb/authz"
 import { DeleteSpaceCommand } from "@undb/commands"
-import { getCurrentUserId } from "@undb/context/server"
+import { getCurrentMember, getCurrentUserId } from "@undb/context/server"
 import { CommandBus } from "@undb/cqrs"
 import { inject, singleton } from "@undb/di"
 import { injectQueryBuilder, type IQueryBuilder } from "@undb/persistence"
@@ -59,25 +60,34 @@ export class SpaceModule {
           }),
         },
       )
-      .delete("/api/space", async (ctx) => {
-        return withTransaction(this.qb)(async () => {
-          await this.commandBus.execute(new DeleteSpaceCommand({}))
+      .delete(
+        "/api/space",
+        async (ctx) => {
+          return withTransaction(this.qb)(async () => {
+            await this.commandBus.execute(new DeleteSpaceCommand({}))
 
-          const userId = getCurrentUserId()
+            const userId = getCurrentUserId()
 
-          await this.lucia.invalidateSession(userId)
-          const space = (await this.spaceService.getSpace({ userId })).expect("Space not found")
+            await this.lucia.invalidateSession(userId)
+            const space = (await this.spaceService.getSpace({ userId })).expect("Space not found")
 
-          const updatedSession = await this.lucia.createSession(userId, { space_id: space.id.value })
-          const sessionCookie = this.lucia.createSessionCookie(updatedSession.id)
-          return new Response(null, {
-            status: 200,
-            headers: {
-              Location: "/",
-              "Set-Cookie": sessionCookie.serialize(),
-            },
+            const updatedSession = await this.lucia.createSession(userId, { space_id: space.id.value })
+            const sessionCookie = this.lucia.createSessionCookie(updatedSession.id)
+            return new Response(null, {
+              status: 200,
+              headers: {
+                Location: "/",
+                "Set-Cookie": sessionCookie.serialize(),
+              },
+            })
           })
-        })
-      })
+        },
+        {
+          beforeHandle(context) {
+            const role = getCurrentMember().role
+            checkPermission(role, ["space:delete"])
+          },
+        },
+      )
   }
 }
diff --git a/apps/frontend/src/lib/components/blocks/base/base-detail.svelte b/apps/frontend/src/lib/components/blocks/base/base-detail.svelte
@@ -4,36 +4,38 @@
   import { DatabaseIcon, ImportIcon, PlusCircleIcon, PlusIcon } from "lucide-svelte"
   import * as Table from "$lib/components/ui/table"
   import { goto } from "$app/navigation"
-  import { page } from "$app/stores"
+  import { hasPermission } from "$lib/store/space-member.store"
 
   export let base: GetBaseQuery$result["base"]
 </script>
 
 <main class="h-full flex-1 px-4 py-4">
-  <div class="flex items-center gap-4">
-    <button
-      type="button"
-      class="flex h-32 w-80 flex-col justify-between rounded-lg border bg-gray-100 px-4 py-7 text-left transition-all hover:bg-gray-200/50 hover:shadow-lg"
-      on:click={() => {
-        toggleModal(CREATE_TABLE_MODAL)
-      }}
-    >
-      <PlusCircleIcon class="text-muted-foreground" />
+  {#if $hasPermission("table:create")}
+    <div class="flex items-center gap-4">
+      <button
+        type="button"
+        class="flex h-32 w-80 flex-col justify-between rounded-lg border bg-gray-100 px-4 py-7 text-left transition-all hover:bg-gray-200/50 hover:shadow-lg"
+        on:click={() => {
+          toggleModal(CREATE_TABLE_MODAL)
+        }}
+      >
+        <PlusCircleIcon class="text-muted-foreground" />
 
-      Create New Table
-    </button>
-    <button
-      type="button"
-      class="flex h-32 w-80 flex-col justify-between rounded-lg border bg-gray-100 px-4 py-7 text-left transition-all hover:bg-gray-200/50 hover:shadow-lg"
-      on:click={() => {
-        toggleModal(IMPORT_TABLE_MODAL)
-      }}
-    >
-      <ImportIcon class="text-muted-foreground" />
+        Create New Table
+      </button>
+      <button
+        type="button"
+        class="flex h-32 w-80 flex-col justify-between rounded-lg border bg-gray-100 px-4 py-7 text-left transition-all hover:bg-gray-200/50 hover:shadow-lg"
+        on:click={() => {
+          toggleModal(IMPORT_TABLE_MODAL)
+        }}
+      >
+        <ImportIcon class="text-muted-foreground" />
 
-      Import Table
-    </button>
-  </div>
+        Import Table
+      </button>
+    </div>
+  {/if}
 
   <section class="pt-3">
     <h3 class="text-xl font-normal text-gray-600">Tables</h3>

diff --git a/.../frontend/src/lib/components/blocks/bulk-update-records/bulk-update-records-button.svelte b/.../frontend/src/lib/components/blocks/bulk-update-records/bulk-update-records-button.svelte
@@ -3,22 +3,25 @@
   import * as Sheet from "$lib/components/ui/sheet"
   import { PencilIcon } from "lucide-svelte"
   import BulkUpdateRecords from "./bulk-update-records.svelte"
+  import { hasPermission } from "$lib/store/space-member.store"
 
   let open = false
 </script>
 
-<Sheet.Root bind:open>
-  <Sheet.Trigger asChild let:builder>
-    <Button size="sm" variant="outline" builders={[builder]}>
-      <PencilIcon class="mr-2 h-3 w-3" />
-      Bulk Update
-    </Button>
-  </Sheet.Trigger>
-  <Sheet.Content class="sm:max-w-1/2 flex h-full w-2/3 flex-col gap-0 px-0 pb-0 pt-4 transition-all">
-    <Sheet.Header class="border-b px-4 pb-4">
-      <Sheet.Title>Bulk Update Records</Sheet.Title>
-    </Sheet.Header>
+{#if $hasPermission("record:update")}
+  <Sheet.Root bind:open>
+    <Sheet.Trigger asChild let:builder>
+      <Button size="sm" variant="outline" builders={[builder]}>
+        <PencilIcon class="mr-2 h-3 w-3" />
+        Bulk Update
+      </Button>
+    </Sheet.Trigger>
+    <Sheet.Content class="sm:max-w-1/2 flex h-full w-2/3 flex-col gap-0 px-0 pb-0 pt-4 transition-all">
+      <Sheet.Header class="border-b px-4 pb-4">
+        <Sheet.Title>Bulk Update Records</Sheet.Title>
+      </Sheet.Header>
 
-    <BulkUpdateRecords onSuccess={() => (open = false)} />
-  </Sheet.Content>
-</Sheet.Root>
+      <BulkUpdateRecords onSuccess={() => (open = false)} />
+    </Sheet.Content>
+  </Sheet.Root>
+{/if}
diff --git a/apps/frontend/src/lib/components/blocks/create-field/create-field-button.svelte b/apps/frontend/src/lib/components/blocks/create-field/create-field-button.svelte
@@ -3,24 +3,27 @@
   import { BetweenVerticalStartIcon } from "lucide-svelte"
   import * as Popover from "$lib/components/ui/popover"
   import CreateField from "./create-field.svelte"
+  import { hasPermission } from "$lib/store/space-member.store"
 
   let open = false
 </script>
 
-<Popover.Root bind:open>
-  <Popover.Trigger asChild let:builder>
-    <Button builders={[builder]} size="sm" variant="outline" {...$$restProps}>
-      <slot>
-        <BetweenVerticalStartIcon class="mr-1 h-4 w-4" />
-        Create Field
-      </slot>
-    </Button>
-  </Popover.Trigger>
-  <Popover.Content class="w-[400px] shadow-2xl">
-    <CreateField
-      onSuccess={() => {
-        open = false
-      }}
-    />
-  </Popover.Content>
-</Popover.Root>
+{#if $hasPermission("field:create")}
+  <Popover.Root bind:open>
+    <Popover.Trigger asChild let:builder>
+      <Button builders={[builder]} size="sm" variant="outline" {...$$restProps}>
+        <slot>
+          <BetweenVerticalStartIcon class="mr-1 h-4 w-4" />
+          Create Field
+        </slot>
+      </Button>
+    </Popover.Trigger>
+    <Popover.Content class="w-[400px] shadow-2xl">
+      <CreateField
+        onSuccess={() => {
+          open = false
+        }}
+      />
+    </Popover.Content>
+  </Popover.Root>
+{/if}
diff --git a/apps/frontend/src/lib/components/blocks/field/field-menu.svelte b/apps/frontend/src/lib/components/blocks/field/field-menu.svelte
@@ -23,6 +23,7 @@
   import { GetForeignTableStore, GetRollupForeignTablesStore } from "$houdini"
   import * as Alert from "$lib/components/ui/alert"
   import { preferences } from "$lib/store/persisted.store"
+  import { hasPermission } from "$lib/store/space-member.store"
 
   export let field: Field
   const table = getTable()
@@ -98,26 +99,30 @@
           {/if}
         {/if}
 
-        <Button
-          class="w-full justify-start rounded-none border-none text-xs focus-visible:ring-0"
-          variant="outline"
-          on:click={() => (update = true)}
-        >
-          <PencilIcon class="mr-2 h-3 w-3" />
-          Update Field
-        </Button>
+        {#if $hasPermission("field:update")}
+          <Button
+            class="w-full justify-start rounded-none border-none text-xs focus-visible:ring-0"
+            variant="outline"
+            on:click={() => (update = true)}
+          >
+            <PencilIcon class="mr-2 h-3 w-3" />
+            Update Field
+          </Button>
+        {/if}
 
         {#if !field.isSystem}
           <AlertDialog.Root>
             <AlertDialog.Trigger asChild let:builder>
-              <Button
-                builders={[builder]}
-                class="w-full justify-start rounded-none border-none text-xs focus-visible:ring-0"
-                variant="outline"
-              >
-                <TrashIcon class="mr-2 h-3 w-3" />
-                Duplicate Field
-              </Button>
+              {#if $hasPermission("field:create")}
+                <Button
+                  builders={[builder]}
+                  class="w-full justify-start rounded-none border-none text-xs focus-visible:ring-0"
+                  variant="outline"
+                >
+                  <TrashIcon class="mr-2 h-3 w-3" />
+                  Duplicate Field
+                </Button>
+              {/if}
             </AlertDialog.Trigger>
             <AlertDialog.Content>
               <AlertDialog.Header>
@@ -155,14 +160,16 @@
           </AlertDialog.Root>
           <AlertDialog.Root bind:open={deleteAlertOpen}>
             <AlertDialog.Trigger asChild let:builder>
-              <Button
-                builders={[builder]}
-                class="w-full justify-start rounded-none border-none text-xs text-red-500 hover:bg-red-50 hover:text-red-500 focus-visible:ring-0"
-                variant="outline"
-              >
-                <TrashIcon class="mr-2 h-3 w-3" />
-                Delete Field
-              </Button>
+              {#if $hasPermission("field:delete")}
+                <Button
+                  builders={[builder]}
+                  class="w-full justify-start rounded-none border-none text-xs text-red-500 hover:bg-red-50 hover:text-red-500 focus-visible:ring-0"
+                  variant="outline"
+                >
+                  <TrashIcon class="mr-2 h-3 w-3" />
+                  Delete Field
+                </Button>
+              {/if}
             </AlertDialog.Trigger>
             <AlertDialog.Content>
               <AlertDialog.Header>