Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

BC-7879 - Use OpenAPI client for authz call in tldraw-server #5292

Merged
merged 6 commits into from
Oct 17, 2024
Merged

BC-7879 - Use OpenAPI client for authz call in tldraw-server #5292

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
757b5e8
BC-7879 - fix `AuthorizationContextParams` to handle enum types corre…
bergatco Oct 15, 2024
8f0fa9e
BC-7879 - re-generate authorization API
bergatco Oct 15, 2024
b97c5cd
BC-7879 - refactor authorization API imports and builder methods
bergatco Oct 15, 2024
557c159
BC-7879 - fix errorneous dependencies in `nstance.rule.ts`
bergatco Oct 15, 2024
b9d96fb
Merge branch 'main' into BC-7879-use-openapi-client-for-authz-calls
bergatco Oct 17, 2024
05044c5
BC-7879 - fix tests and sonarcube issues
bergatco Oct 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion .../server/src/infra/authorization-client/authorization-api-client/.openapi-generator-ignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,6 @@ git_push.sh
models/*

# list of allowed files in the "models" folder
!models/action.ts
!models/authorization-body-params.ts
!models/authorization-context-params.ts
!models/authorized-reponse.ts
Expand Down
1 change: 0 additions & 1 deletion apps/server/src/infra/authorization-client/authorization-api-client/.openapi-generator/FILES
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@ base.ts
common.ts
configuration.ts
index.ts
models/action.ts
models/authorization-body-params.ts
models/authorization-context-params.ts
models/authorized-reponse.ts
Expand Down
31 changes: 0 additions & 31 deletions apps/server/src/infra/authorization-client/authorization-api-client/models/action.ts
View file
Open in desktop

This file was deleted.

210 changes: 190 additions & 20 deletions ...nfra/authorization-client/authorization-api-client/models/authorization-context-params.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,36 +5,206 @@
* This is v3 of Schulcloud-Verbund-Software Server. Checkout /docs for v1.
*
* The version of the OpenAPI document: 3.0
*
*
*
* NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
* https://openapi-generator.tech
* Do not edit the class manually.
*/

// May contain unused imports in some cases
// @ts-ignore
import type { Action } from './action';
// May contain unused imports in some cases
// @ts-ignore
import type { Permission } from './permission';


/**
*
*
* @export
* @interface AuthorizationContextParams
*/
export interface AuthorizationContextParams {
/**
*
* @type {Action}
* @memberof AuthorizationContextParams
*/
action: Action;
/**
* User permissions that are needed to execute the operation.
* @type {Array<Permission>}
* @memberof AuthorizationContextParams
*/
requiredPermissions: Array<Permission>;
/**
* Define for which action the operation should be performend.
* @type {string}
* @memberof AuthorizationContextParams
*/
'action': AuthorizationContextParamsAction;
/**
* User permissions that are needed to execute the operation.
* @type {Array<string>}
* @memberof AuthorizationContextParams
*/
'requiredPermissions': Array<AuthorizationContextParamsRequiredPermissions>;
}

export const AuthorizationContextParamsAction = {
READ: 'read',
WRITE: 'write'
} as const;

export type AuthorizationContextParamsAction = typeof AuthorizationContextParamsAction[keyof typeof AuthorizationContextParamsAction];
export const AuthorizationContextParamsRequiredPermissions = {
ACCOUNT_CREATE: 'ACCOUNT_CREATE',
ACCOUNT_DELETE: 'ACCOUNT_DELETE',
ACCOUNT_EDIT: 'ACCOUNT_EDIT',
ACCOUNT_VIEW: 'ACCOUNT_VIEW',
ADD_SCHOOL_MEMBERS: 'ADD_SCHOOL_MEMBERS',
ADMIN_EDIT: 'ADMIN_EDIT',
ADMIN_VIEW: 'ADMIN_VIEW',
BASE_VIEW: 'BASE_VIEW',
CALENDAR_CREATE: 'CALENDAR_CREATE',
CALENDAR_EDIT: 'CALENDAR_EDIT',
CALENDAR_VIEW: 'CALENDAR_VIEW',
CHANGE_TEAM_ROLES: 'CHANGE_TEAM_ROLES',
CLASS_CREATE: 'CLASS_CREATE',
CLASS_EDIT: 'CLASS_EDIT',
CLASS_FULL_ADMIN: 'CLASS_FULL_ADMIN',
CLASS_LIST: 'CLASS_LIST',
CLASS_REMOVE: 'CLASS_REMOVE',
CLASS_VIEW: 'CLASS_VIEW',
COMMENTS_CREATE: 'COMMENTS_CREATE',
COMMENTS_EDIT: 'COMMENTS_EDIT',
COMMENTS_VIEW: 'COMMENTS_VIEW',
CONTENT_NON_OER_VIEW: 'CONTENT_NON_OER_VIEW',
CONTENT_VIEW: 'CONTENT_VIEW',
CONTEXT_TOOL_ADMIN: 'CONTEXT_TOOL_ADMIN',
CONTEXT_TOOL_USER: 'CONTEXT_TOOL_USER',
COURSEGROUP_CREATE: 'COURSEGROUP_CREATE',
COURSEGROUP_EDIT: 'COURSEGROUP_EDIT',
COURSE_ADMINISTRATION: 'COURSE_ADMINISTRATION',
COURSE_CREATE: 'COURSE_CREATE',
COURSE_DELETE: 'COURSE_DELETE',
COURSE_EDIT: 'COURSE_EDIT',
COURSE_REMOVE: 'COURSE_REMOVE',
COURSE_VIEW: 'COURSE_VIEW',
CREATE_SUPPORT_JWT: 'CREATE_SUPPORT_JWT',
CREATE_TOPICS_AND_TASKS: 'CREATE_TOPICS_AND_TASKS',
DASHBOARD_VIEW: 'DASHBOARD_VIEW',
DATASOURCES_CREATE: 'DATASOURCES_CREATE',
DATASOURCES_DELETE: 'DATASOURCES_DELETE',
DATASOURCES_EDIT: 'DATASOURCES_EDIT',
DATASOURCES_RUN: 'DATASOURCES_RUN',
DATASOURCES_RUN_VIEW: 'DATASOURCES_RUN_VIEW',
DATASOURCES_VIEW: 'DATASOURCES_VIEW',
DEFAULT_FILE_PERMISSIONS: 'DEFAULT_FILE_PERMISSIONS',
DELETE_TEAM: 'DELETE_TEAM',
EDIT_ALL_FILES: 'EDIT_ALL_FILES',
ENTERTHECLOUD_START: 'ENTERTHECLOUD_START',
FEDERALSTATE_CREATE: 'FEDERALSTATE_CREATE',
FEDERALSTATE_EDIT: 'FEDERALSTATE_EDIT',
FEDERALSTATE_VIEW: 'FEDERALSTATE_VIEW',
FILESTORAGE_CREATE: 'FILESTORAGE_CREATE',
FILESTORAGE_EDIT: 'FILESTORAGE_EDIT',
FILESTORAGE_REMOVE: 'FILESTORAGE_REMOVE',
FILESTORAGE_VIEW: 'FILESTORAGE_VIEW',
FILE_CREATE: 'FILE_CREATE',
FILE_DELETE: 'FILE_DELETE',
FILE_MOVE: 'FILE_MOVE',
FOLDER_CREATE: 'FOLDER_CREATE',
FOLDER_DELETE: 'FOLDER_DELETE',
GROUP_LIST: 'GROUP_LIST',
GROUP_FULL_ADMIN: 'GROUP_FULL_ADMIN',
GROUP_VIEW: 'GROUP_VIEW',
HELPDESK_CREATE: 'HELPDESK_CREATE',
HELPDESK_EDIT: 'HELPDESK_EDIT',
HELPDESK_VIEW: 'HELPDESK_VIEW',
HOMEWORK_CREATE: 'HOMEWORK_CREATE',
HOMEWORK_EDIT: 'HOMEWORK_EDIT',
HOMEWORK_VIEW: 'HOMEWORK_VIEW',
IMPORT_USER_MIGRATE: 'IMPORT_USER_MIGRATE',
IMPORT_USER_UPDATE: 'IMPORT_USER_UPDATE',
IMPORT_USER_VIEW: 'IMPORT_USER_VIEW',
INSTANCE_VIEW: 'INSTANCE_VIEW',
INVITE_ADMINISTRATORS: 'INVITE_ADMINISTRATORS',
INVITE_EXPERTS: 'INVITE_EXPERTS',
JOIN_MEETING: 'JOIN_MEETING',
LEAVE_TEAM: 'LEAVE_TEAM',
LERNSTORE_VIEW: 'LERNSTORE_VIEW',
LESSONS_CREATE: 'LESSONS_CREATE',
LESSONS_VIEW: 'LESSONS_VIEW',
LINK_CREATE: 'LINK_CREATE',
NEWS_CREATE: 'NEWS_CREATE',
NEWS_EDIT: 'NEWS_EDIT',
NEWS_VIEW: 'NEWS_VIEW',
NEXTCLOUD_USER: 'NEXTCLOUD_USER',
NOTIFICATION_CREATE: 'NOTIFICATION_CREATE',
NOTIFICATION_EDIT: 'NOTIFICATION_EDIT',
NOTIFICATION_VIEW: 'NOTIFICATION_VIEW',
OAUTH_CLIENT_EDIT: 'OAUTH_CLIENT_EDIT',
OAUTH_CLIENT_VIEW: 'OAUTH_CLIENT_VIEW',
PASSWORD_EDIT: 'PASSWORD_EDIT',
PWRECOVERY_CREATE: 'PWRECOVERY_CREATE',
PWRECOVERY_EDIT: 'PWRECOVERY_EDIT',
PWRECOVERY_VIEW: 'PWRECOVERY_VIEW',
RELEASES_CREATE: 'RELEASES_CREATE',
RELEASES_EDIT: 'RELEASES_EDIT',
RELEASES_VIEW: 'RELEASES_VIEW',
REMOVE_MEMBERS: 'REMOVE_MEMBERS',
RENAME_TEAM: 'RENAME_TEAM',
REQUEST_CONSENTS: 'REQUEST_CONSENTS',
ROLE_CREATE: 'ROLE_CREATE',
ROLE_EDIT: 'ROLE_EDIT',
ROLE_VIEW: 'ROLE_VIEW',
SCHOOL_CHAT_MANAGE: 'SCHOOL_CHAT_MANAGE',
SCHOOL_CREATE: 'SCHOOL_CREATE',
SCHOOL_EDIT: 'SCHOOL_EDIT',
SCHOOL_EDIT_ALL: 'SCHOOL_EDIT_ALL',
SCHOOL_LOGO_MANAGE: 'SCHOOL_LOGO_MANAGE',
SCHOOL_NEWS_EDIT: 'SCHOOL_NEWS_EDIT',
SCHOOL_PERMISSION_CHANGE: 'SCHOOL_PERMISSION_CHANGE',
SCHOOL_PERMISSION_VIEW: 'SCHOOL_PERMISSION_VIEW',
SCHOOL_STUDENT_TEAM_MANAGE: 'SCHOOL_STUDENT_TEAM_MANAGE',
SCHOOL_SYSTEM_EDIT: 'SCHOOL_SYSTEM_EDIT',
SCHOOL_SYSTEM_VIEW: 'SCHOOL_SYSTEM_VIEW',
SCHOOL_TOOL_ADMIN: 'SCHOOL_TOOL_ADMIN',
SCOPE_PERMISSIONS_VIEW: 'SCOPE_PERMISSIONS_VIEW',
START_MEETING: 'START_MEETING',
STUDENT_CREATE: 'STUDENT_CREATE',
STUDENT_DELETE: 'STUDENT_DELETE',
STUDENT_EDIT: 'STUDENT_EDIT',
STUDENT_LIST: 'STUDENT_LIST',
STUDENT_SKIP_REGISTRATION: 'STUDENT_SKIP_REGISTRATION',
SUBMISSIONS_CREATE: 'SUBMISSIONS_CREATE',
SUBMISSIONS_EDIT: 'SUBMISSIONS_EDIT',
SUBMISSIONS_SCHOOL_VIEW: 'SUBMISSIONS_SCHOOL_VIEW',
SUBMISSIONS_VIEW: 'SUBMISSIONS_VIEW',
SYNC_START: 'SYNC_START',
SYSTEM_CREATE: 'SYSTEM_CREATE',
SYSTEM_EDIT: 'SYSTEM_EDIT',
SYSTEM_VIEW: 'SYSTEM_VIEW',
TASK_DASHBOARD_TEACHER_VIEW_V3: 'TASK_DASHBOARD_TEACHER_VIEW_V3',
TASK_DASHBOARD_VIEW_V3: 'TASK_DASHBOARD_VIEW_V3',
TEACHER_CREATE: 'TEACHER_CREATE',
TEACHER_DELETE: 'TEACHER_DELETE',
TEACHER_EDIT: 'TEACHER_EDIT',
TEACHER_LIST: 'TEACHER_LIST',
TEACHER_SKIP_REGISTRATION: 'TEACHER_SKIP_REGISTRATION',
TEAM_CREATE: 'TEAM_CREATE',
TOOL_CREATE_ETHERPAD: 'TOOL_CREATE_ETHERPAD',
TEAM_EDIT: 'TEAM_EDIT',
TEAM_INVITE_EXTERNAL: 'TEAM_INVITE_EXTERNAL',
TEAM_VIEW: 'TEAM_VIEW',
TOOL_ADMIN: 'TOOL_ADMIN',
TOOL_CREATE: 'TOOL_CREATE',
TOOL_EDIT: 'TOOL_EDIT',
TOOL_NEW_VIEW: 'TOOL_NEW_VIEW',
TOOL_VIEW: 'TOOL_VIEW',
TOPIC_CREATE: 'TOPIC_CREATE',
TOPIC_EDIT: 'TOPIC_EDIT',
TOPIC_VIEW: 'TOPIC_VIEW',
UPLOAD_FILES: 'UPLOAD_FILES',
USE_LIBREOFFICE: 'USE_LIBREOFFICE',
USE_ROCKETCHAT: 'USE_ROCKETCHAT',
USERGROUP_CREATE: 'USERGROUP_CREATE',
USERGROUP_EDIT: 'USERGROUP_EDIT',
USERGROUP_VIEW: 'USERGROUP_VIEW',
USER_CHANGE_OWN_NAME: 'USER_CHANGE_OWN_NAME',
USER_CREATE: 'USER_CREATE',
USER_LOGIN_MIGRATION_ADMIN: 'USER_LOGIN_MIGRATION_ADMIN',
USER_LOGIN_MIGRATION_ROLLBACK: 'USER_LOGIN_MIGRATION_ROLLBACK',
USER_LOGIN_MIGRATION_FORCE: 'USER_LOGIN_MIGRATION_FORCE',
USER_MIGRATE: 'USER_MIGRATE',
USER_UPDATE: 'USER_UPDATE',
YEARS_EDIT: 'YEARS_EDIT'
} as const;

export type AuthorizationContextParamsRequiredPermissions = typeof AuthorizationContextParamsRequiredPermissions[keyof typeof AuthorizationContextParamsRequiredPermissions];


1 change: 0 additions & 1 deletion apps/server/src/infra/authorization-client/authorization-api-client/models/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
export * from './action';
export * from './authorization-body-params';
export * from './authorization-context-params';
export * from './authorized-reponse';
7 changes: 6 additions & 1 deletion apps/server/src/infra/authorization-client/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,9 @@
export { Action, AuthorizationBodyParamsReferenceType, AuthorizationContextParams } from './authorization-api-client';
export {
AuthorizationBodyParamsReferenceType,
AuthorizationContextParams,
AuthorizationContextParamsAction,
AuthorizationContextParamsRequiredPermissions,
} from './authorization-api-client';
export { AuthorizationClientAdapter } from './authorization-client.adapter';
export { AuthorizationClientConfig, AuthorizationClientModule } from './authorization-client.module';
export { AuthorizationContextBuilder } from './mapper';
20 changes: 13 additions & 7 deletions apps/server/src/infra/authorization-client/mapper/authorization-context.builder.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,22 +1,28 @@
import { Permission } from '@shared/domain/interface';
import { Action, AuthorizationContextParams } from '../authorization-api-client';
import {
AuthorizationContextParams,
AuthorizationContextParamsAction,
AuthorizationContextParamsRequiredPermissions,
} from '../authorization-api-client';

export class AuthorizationContextBuilder {
static build(requiredPermissions: Array<Permission>, action: Action): AuthorizationContextParams {
static build(
requiredPermissions: Array<AuthorizationContextParamsRequiredPermissions>,
action: AuthorizationContextParamsAction
): AuthorizationContextParams {
return {
action,
requiredPermissions,
};
}

static write(requiredPermissions: Permission[]): AuthorizationContextParams {
const context = this.build(requiredPermissions, Action.WRITE);
static write(requiredPermissions: AuthorizationContextParamsRequiredPermissions[]): AuthorizationContextParams {
const context = this.build(requiredPermissions, AuthorizationContextParamsAction.WRITE);

return context;
}

static read(requiredPermissions: Permission[]): AuthorizationContextParams {
const context = this.build(requiredPermissions, Action.READ);
static read(requiredPermissions: AuthorizationContextParamsRequiredPermissions[]): AuthorizationContextParams {
const context = this.build(requiredPermissions, AuthorizationContextParamsAction.READ);

return context;
}
Expand Down
10 changes: 5 additions & 5 deletions apps/server/src/modules/authorization/api/dto/authorization-body.params.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,27 +1,27 @@
import { Permission } from '@shared/domain/interface';
import { ApiProperty } from '@nestjs/swagger';
import { Permission } from '@shared/domain/interface';
import { Type } from 'class-transformer';
import { IsArray, IsEnum, IsMongoId, ValidateNested } from 'class-validator';
import { Action, AuthorizableReferenceType, AuthorizationContext } from '../../domain';

class AuthorizationContextParams implements AuthorizationContext {
@IsEnum(Action)
@ApiProperty({
description: 'Define for which action the operation should be performend.',
name: 'action',
enum: Action,
enumName: 'Action',
description: 'Define for which action the operation should be performend.',
example: Action.read,
})
action!: Action;

@IsArray()
@IsEnum(Permission, { each: true })
@ApiProperty({
name: 'requiredPermissions',
enum: Permission,
enumName: 'Permission',
isArray: true,
description: 'User permissions that are needed to execute the operation.',
example: Permission.USER_UPDATE,
example: [Permission.USER_UPDATE],
})
requiredPermissions!: Permission[];
}
Expand Down
5 changes: 2 additions & 3 deletions apps/server/src/modules/authorization/domain/rules/instance.rule.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,8 @@ import { Instance } from '@modules/instance';
import { Injectable } from '@nestjs/common';
import { User } from '@shared/domain/entity';
import { RoleName } from '@shared/domain/interface';
import { Action } from '@infra/authorization-client';
import { AuthorizationHelper } from '../service/authorization.helper';
import { AuthorizationContext, Rule } from '../type';
import { Action, AuthorizationContext, Rule } from '../type';

@Injectable()
export class InstanceRule implements Rule<Instance> {
Expand All @@ -20,7 +19,7 @@ export class InstanceRule implements Rule<Instance> {
const hasPermission = this.authorizationHelper.hasAllPermissions(user, context.requiredPermissions);

// As temporary solution until the user with write access to instance added as group, we must check the role.
if (context.action === Action.WRITE) {
if (context.action === Action.write) {
const hasRole = this.authorizationHelper.hasRole(user, RoleName.SUPERHERO);

return hasPermission && hasRole;
Expand Down
Loading
Loading