github/directus
1
0
Fork 0
mirror of https://github.com/directus/directus.git synced 2026-01-29 22:08:05 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
cc076494ff9ddefec97741fda281ef55922451fe
directus/api/src/services/roles.ts
Rijk van Zanten dbf35a1736 Add ability to share items with people outside the platform (#10663) 
* Add directus_shares

* Don't check for usage limit on refresh

* Add all endpoints to the shares controller

* Move route `/auth/shared` to `/shared/auth`

* Add password protection

* Add `share` action in permissions

* Add `shares/:pk/info`

* Start on shared-view

* Add basic styling for full shared view

* Fixed migrations

* Add inline style for shared view

* Allow title override

* Finish /info endpoint for shares

* Add basic UUID validation to share/info endpont

* Add UUID validation to other routes

* Add not found state

* Cleanup /extract/finish share login endpoint

* Cleanup auth

* Added `share_start` and `share_end`

* Add share sidebar details.

* Allow share permissions configuration

* Hide the `new_share` button for unauthorized users

* Fix uses_left displayed value

* Show expired / upcoming shares

* Improved expired/upcoming styling

* Fixed share login query

* Fix check-ip and get-permissions middlewares behaviour when role is null

* Simplify cache key

* Fix typescript linting issues

* Handle app auth flow for shared page

* Fixed /users/me response

* Show when user is authenticated

* Try showing item drawer in shared page

* Improved shared card styling

* Add shares permissions and change share card styling

* Pull in schema/permissions on share

* Create getPermissionForShare file

* Change getPermissionsForShare signature

* Render form + item on share after auth

* Finalize public front end

* Handle fake o2m field in applyQuery

* [WIP]

* New translations en-US.yaml (Bulgarian) (#10585)

* smaller label height (#10587)

* Update to the latest Material Icons (#10573)

The icons are based on https://fonts.google.com/icons

* New translations en-US.yaml (Arabic) (#10593)

* New translations en-US.yaml (Arabic) (#10594)

* New translations en-US.yaml (Portuguese, Brazilian) (#10604)

* New translations en-US.yaml (French) (#10605)

* New translations en-US.yaml (Italian) (#10613)

* fix M2A list not updating (#10617)

* Fix filters

* Add admin filter on m2o role selection

* Add admin filter on m2o role selection

* Add o2m permissions traversing

* Finish relational tree permissions generation

* Handle implicit a2o relation

* Update implicit relation regex

* Fix regex

* Fix implicitRelation unnesting for new regex

* Fix implicitRelation length check

* Rename m2a to a2o internally

* Add auto-gen permissions for a2o

* [WIP] Improve share UX

* Add ctx menu options

* Add share dialog

* Add email notifications

* Tweak endpoint

* Tweak file interface disabled state

* Add nicer invalid state to password input

* Dont return info for expired/upcoming shares

* Tweak disabled state for relational interfaces

* Fix share button for non admin roles

* Show/hide edit/delete based on permissions to shares

* Fix imports of mutationtype

* Resolve (my own) suggestions

* Fix migration for ms sql

* Resolve last suggestion

Co-authored-by: Oreilles <oreilles.github@nitoref.io>
Co-authored-by: Oreilles <33065839+oreilles@users.noreply.github.com>
Co-authored-by: Ben Haynes <ben@rngr.org>
Co-authored-by: Thien Nguyen <72242664+tatthien@users.noreply.github.com>
Co-authored-by: Azri Kahar <42867097+azrikahar@users.noreply.github.com>
2021-12-23 18:51:59 -05:00

153 lines
4.7 KiB
TypeScript
Raw Blame History

import { ForbiddenException, UnprocessableEntityException } from '../exceptions';
import { AbstractServiceOptions, MutationOptions, PrimaryKey, Alterations, Item } from '../types';
import { Query } from '@directus/shared/types';
import { ItemsService } from './items';
import { PermissionsService } from './permissions';
import { PresetsService } from './presets';
import { UsersService } from './users';
export class RolesService extends ItemsService {
constructor(options: AbstractServiceOptions) {
super('directus_roles', options);
}
private async checkForOtherAdminRoles(excludeKeys: PrimaryKey[]): Promise<void> {
// Make sure there's at least one admin role left after this deletion is done
const otherAdminRoles = await this.knex
.count('*', { as: 'count' })
.from('directus_roles')
.whereNotIn('id', excludeKeys)
.andWhere({ admin_access: true })
.first();
const otherAdminRolesCount = +(otherAdminRoles?.count || 0);
if (otherAdminRolesCount === 0) throw new UnprocessableEntityException(`You can't delete the last admin role.`);
}
private async checkForOtherAdminUsers(key: PrimaryKey, users: Alterations | Item[]): Promise<void> {
const role = await this.knex.select('admin_access').from('directus_roles').where('id', '=', key).first();
if (!role) throw new ForbiddenException();
// The users that will now be in this new non-admin role
let userKeys: PrimaryKey[] = [];
if (Array.isArray(users)) {
userKeys = users.map((user) => (typeof user === 'string' ? user : user.id)).filter((id) => id);
} else {
userKeys = users.update.map((user) => user.id).filter((id) => id);
}
const usersThatWereInRoleBefore = (await this.knex.select('id').from('directus_users').where('role', '=', key)).map(
(user) => user.id
);
const usersThatAreRemoved = usersThatWereInRoleBefore.filter((id) => userKeys.includes(id) === false);
const usersThatAreAdded = Array.isArray(users) ? users : users.create;
// If the role the users are moved to is an admin-role, and there's at least 1 (new) admin
// user, we don't have to check for other admin
// users
if ((role.admin_access === true || role.admin_access === 1) && usersThatAreAdded.length > 0) return;
const otherAdminUsers = await this.knex
.count('*', { as: 'count' })
.from('directus_users')
.whereNotIn('directus_users.id', [...userKeys, ...usersThatAreRemoved])
.andWhere({ 'directus_roles.admin_access': true })
.leftJoin('directus_roles', 'directus_users.role', 'directus_roles.id')
.first();
const otherAdminUsersCount = +(otherAdminUsers?.count || 0);
if (otherAdminUsersCount === 0) {
throw new UnprocessableEntityException(`You can't remove the last admin user from the admin role.`);
}
return;
}
async updateOne(key: PrimaryKey, data: Record<string, any>, opts?: MutationOptions): Promise<PrimaryKey> {
if ('admin_access' in data && data.admin_access === false) {
await this.checkForOtherAdminRoles([key]);
}
if ('users' in data) {
await this.checkForOtherAdminUsers(key, data.users);
}
return super.updateOne(key, data, opts);
}
async updateMany(keys: PrimaryKey[], data: Record<string, any>, opts?: MutationOptions): Promise<PrimaryKey[]> {
if ('admin_access' in data && data.admin_access === false) {
await this.checkForOtherAdminRoles(keys);
}
return super.updateMany(keys, data, opts);
}
async deleteOne(key: PrimaryKey): Promise<PrimaryKey> {
await this.deleteMany([key]);
return key;
}
async deleteMany(keys: PrimaryKey[]): Promise<PrimaryKey[]> {
await this.checkForOtherAdminRoles(keys);
await this.knex.transaction(async (trx) => {
const itemsService = new ItemsService('directus_roles', {
knex: trx,
accountability: this.accountability,
schema: this.schema,
});
const permissionsService = new PermissionsService({
knex: trx,
accountability: this.accountability,
schema: this.schema,
});
const presetsService = new PresetsService({
knex: trx,
accountability: this.accountability,
schema: this.schema,
});
const usersService = new UsersService({
knex: trx,
accountability: this.accountability,
schema: this.schema,
});
// Delete permissions/presets for this role, suspend all remaining users in role
await permissionsService.deleteByQuery({
filter: { role: { _in: keys } },
});
await presetsService.deleteByQuery({
filter: { role: { _in: keys } },
});
await usersService.updateByQuery(
{
filter: { role: { _in: keys } },
},
{
status: 'suspended',
role: null,
}
);
await itemsService.deleteMany(keys);
});
return keys;
}
deleteByQuery(query: Query, opts?: MutationOptions): Promise<PrimaryKey[]> {
return super.deleteByQuery(query, opts);
}
}
Reference in New Issue View Git Blame Copy Permalink