-
-
Notifications
You must be signed in to change notification settings - Fork 115
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
agentR47@gmail.com
committed
Feb 8, 2024
1 parent
daa1e2a
commit a7e19dd
Showing
17 changed files
with
1,033 additions
and
93 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,155 @@ | ||
import { | ||
ApiKey, | ||
Environment, | ||
EventSeverity, | ||
EventTriggerer, | ||
EventType, | ||
EventSource, | ||
PrismaClient, | ||
Project, | ||
Secret, | ||
User, | ||
Workspace, | ||
WorkspaceMember, | ||
WorkspaceRole | ||
} from '@prisma/client' | ||
import { JsonObject } from '@prisma/client/runtime/library' | ||
|
||
export default async function createEvent( | ||
data: { | ||
triggerer?: EventTriggerer | ||
severity?: EventSeverity | ||
triggeredBy?: User | ||
entity?: | ||
| Workspace | ||
| Project | ||
| Environment | ||
| WorkspaceRole | ||
| WorkspaceMember | ||
| ApiKey | ||
| Secret | ||
type: EventType | ||
source: EventSource | ||
title: string | ||
description?: string | ||
metadata: JsonObject | ||
}, | ||
prisma: PrismaClient | ||
) { | ||
if (data.triggerer !== EventTriggerer.SYSTEM && !data.triggeredBy) { | ||
throw new Error('User must be provided for non-system events') | ||
} | ||
|
||
const baseData = { | ||
triggerer: data.triggerer ? data.triggerer : EventTriggerer.USER, | ||
severity: data.severity ? data.severity : EventSeverity.INFO, | ||
type: data.type, | ||
source: data.source, | ||
title: data.title, | ||
description: data.description, | ||
metadata: data.metadata, | ||
sourceUser: { | ||
connect: { | ||
id: data.triggeredBy.id | ||
} | ||
} | ||
} | ||
|
||
switch (data.source) { | ||
case EventSource.WORKSPACE: { | ||
const entity = data.entity as Workspace | ||
await prisma.event.create({ | ||
data: { | ||
...baseData, | ||
sourceWorkspace: data.entity | ||
? { | ||
connect: { | ||
id: entity.id | ||
} | ||
} | ||
: undefined | ||
} | ||
}) | ||
break | ||
} | ||
case EventSource.PROJECT: { | ||
const entity = data.entity as Project | ||
await prisma.event.create({ | ||
data: { | ||
...baseData, | ||
sourceProject: data.entity | ||
? { connect: { id: entity.id } } | ||
: undefined | ||
} | ||
}) | ||
break | ||
} | ||
case EventSource.ENVIRONMENT: { | ||
const entity = data.entity as Environment | ||
await prisma.event.create({ | ||
data: { | ||
...baseData, | ||
sourceEnvironment: data.entity | ||
? { connect: { id: entity.id } } | ||
: undefined | ||
} | ||
}) | ||
break | ||
} | ||
case EventSource.WORKSPACE_ROLE: { | ||
const entity = data.entity as WorkspaceRole | ||
await prisma.event.create({ | ||
data: { | ||
...baseData, | ||
sourceWorkspaceRole: data.entity | ||
? { connect: { id: entity.id } } | ||
: undefined | ||
} | ||
}) | ||
break | ||
} | ||
case EventSource.WORKSPACE_MEMBER: { | ||
const entity = data.entity as WorkspaceMember | ||
await prisma.event.create({ | ||
data: { | ||
...baseData, | ||
sourceWorkspaceMembership: data.entity | ||
? { connect: { id: entity.id } } | ||
: undefined | ||
} | ||
}) | ||
break | ||
} | ||
case EventSource.API_KEY: { | ||
const entity = data.entity as ApiKey | ||
await prisma.event.create({ | ||
data: { | ||
...baseData, | ||
sourceApiKey: data.entity ? { connect: { id: entity.id } } : undefined | ||
} | ||
}) | ||
break | ||
} | ||
case EventSource.SECRET: { | ||
const entity = data.entity as Secret | ||
await prisma.event.create({ | ||
data: { | ||
...baseData, | ||
sourceSecret: data.entity ? { connect: { id: entity.id } } : undefined | ||
} | ||
}) | ||
break | ||
} | ||
case EventSource.USER: { | ||
await prisma.event.create({ | ||
data: { | ||
...baseData | ||
} | ||
}) | ||
break | ||
} | ||
default: { | ||
throw new Error('Invalid event source') | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
import { Authority, PrismaClient, Secret, User } from '@prisma/client' | ||
import { SecretWithProjectAndVersion } from '../secret/secret.types' | ||
import getCollectiveProjectAuthorities from './get-collective-project-authorities' | ||
import { ConflictException, NotFoundException } from '@nestjs/common' | ||
|
||
export default async function getSecretWithAuthority( | ||
userId: User['id'], | ||
secretId: Secret['id'], | ||
authority: Authority, | ||
prisma: PrismaClient | ||
): Promise<SecretWithProjectAndVersion> { | ||
// Fetch the secret | ||
const secret = await prisma.secret.findUnique({ | ||
where: { | ||
id: secretId | ||
}, | ||
include: { | ||
versions: true, | ||
project: { | ||
include: { | ||
workspace: { | ||
include: { | ||
members: true | ||
} | ||
} | ||
} | ||
} | ||
} | ||
}) | ||
|
||
if (!secret) { | ||
throw new NotFoundException(`Secret with id ${secretId} not found`) | ||
} | ||
|
||
// Check if the user has the project in their workspace role list | ||
const permittedAuthorities = await getCollectiveProjectAuthorities( | ||
userId, | ||
secret.project, | ||
prisma | ||
) | ||
|
||
// Check if the user has the required authorities | ||
if ( | ||
!permittedAuthorities.has(authority) && | ||
!permittedAuthorities.has(Authority.WORKSPACE_ADMIN) | ||
) { | ||
throw new ConflictException( | ||
`User ${userId} does not have the required authorities` | ||
) | ||
} | ||
|
||
// Remove the workspace from the secret | ||
secret.project.workspace = undefined | ||
|
||
return secret | ||
} |
Oops, something went wrong.