From 14016d23d834038dd65d3a96cf71af04b556a32c Mon Sep 17 00:00:00 2001 From: Simon Larsen Date: Fri, 22 Mar 2024 10:28:33 +0000 Subject: [PATCH] Add deletedByUserId property to several models --- .../Types/Database/ModelPermission.ts | 25 ++++++++++ Model/Models/BillingInvoice.ts | 1 + .../Models/OnCallDutyPolicyEscalationRule.ts | 19 +++++++ .../OnCallDutyPolicyEscalationRuleSchedule.ts | 19 +++++++ .../OnCallDutyPolicyEscalationRuleTeam.ts | 18 +++++++ .../OnCallDutyPolicyEscalationRuleUser.ts | 18 +++++++ Model/Models/OnCallDutyPolicyExecutionLog.ts | 2 + .../OnCallDutyPolicyExecutionLogTimeline.ts | 18 +++++++ Model/Models/OnCallDutyPolicySchedule.ts | 2 + Model/Models/OnCallDutyPolicyScheduleLayer.ts | 2 + .../OnCallDutyPolicyScheduleLayerUser.ts | 1 + Model/Models/User.ts | 49 ++++--------------- 12 files changed, 134 insertions(+), 40 deletions(-) diff --git a/CommonServer/Types/Database/ModelPermission.ts b/CommonServer/Types/Database/ModelPermission.ts index 2a30cef0dca..5303b68438b 100644 --- a/CommonServer/Types/Database/ModelPermission.ts +++ b/CommonServer/Types/Database/ModelPermission.ts @@ -39,6 +39,7 @@ import UserType from 'Common/Types/UserType'; import ColumnBillingAccessControl from 'Common/Types/BaseDatabase/ColumnBillingAccessControl'; import DatabaseCommonInteractionPropsUtil from 'Common/Types/BaseDatabase/DatabaseCommonInteractionPropsUtil'; import Includes from 'Common/Types/BaseDatabase/Includes'; +import UserModel from 'Common/Models/UserModel'; export interface CheckReadPermissionType { query: Query; @@ -295,6 +296,10 @@ export default class ModelPermission { props ); + // add user scope if any + + query = await this.addUserScopeToQuery(modelType, query, props); + if (!props.isMultiTenantRequest) { // We will check for this permission in recursive function. @@ -854,6 +859,26 @@ export default class ModelPermission { return query; } + private static async addUserScopeToQuery( + modelType: { new (): TBaseModel }, + query: Query, + props: DatabaseCommonInteractionProps + ): Promise> { + const model: BaseModel = new modelType(); + + if (model instanceof UserModel) { + if (props.userId) { + (query as any)['_id'] = props.userId; + } else if (!props.isRoot && !props.isMasterAdmin) { + throw new NotAuthorizedException( + `You do not have permissions to query on - ${model.singularName}.` + ); + } + } + + return query; + } + private static async addTenantScopeToQuery( modelType: { new (): TBaseModel }, query: Query, diff --git a/Model/Models/BillingInvoice.ts b/Model/Models/BillingInvoice.ts index d005ce6e64a..425b949e2e9 100644 --- a/Model/Models/BillingInvoice.ts +++ b/Model/Models/BillingInvoice.ts @@ -192,6 +192,7 @@ export default class BillingInvoice extends BaseModel { @JoinColumn({ name: 'deletedByUserId' }) public deletedByUser?: User = undefined; + @ColumnAccessControl({ create: [], read: [ diff --git a/Model/Models/OnCallDutyPolicyEscalationRule.ts b/Model/Models/OnCallDutyPolicyEscalationRule.ts index 9702d5ffb22..ad45d51026f 100644 --- a/Model/Models/OnCallDutyPolicyEscalationRule.ts +++ b/Model/Models/OnCallDutyPolicyEscalationRule.ts @@ -355,6 +355,25 @@ export default class OnCallDutyPolicyEscalationRule extends BaseModel { @JoinColumn({ name: 'deletedByUserId' }) public deletedByUser?: User = undefined; + @ColumnAccessControl({ + create: [], + read: [], + update: [], + }) + @TableColumn({ + type: TableColumnType.ObjectID, + title: 'Deleted by User ID', + description: + 'User ID who deleted this object (if this object was deleted by a User)', + }) + @Column({ + type: ColumnType.ObjectID, + nullable: true, + transformer: ObjectID.getDatabaseTransformer(), + }) + public deletedByUserId?: ObjectID = undefined; + + @ColumnAccessControl({ create: [ Permission.ProjectOwner, diff --git a/Model/Models/OnCallDutyPolicyEscalationRuleSchedule.ts b/Model/Models/OnCallDutyPolicyEscalationRuleSchedule.ts index 65a9c19aa17..aa2e84c414f 100644 --- a/Model/Models/OnCallDutyPolicyEscalationRuleSchedule.ts +++ b/Model/Models/OnCallDutyPolicyEscalationRuleSchedule.ts @@ -420,4 +420,23 @@ export default class OnCallDutyPolicyEscalationRuleSchedule extends BaseModel { ) @JoinColumn({ name: 'deletedByUserId' }) public deletedByUser?: User = undefined; + + + @ColumnAccessControl({ + create: [], + read: [], + update: [], + }) + @TableColumn({ + type: TableColumnType.ObjectID, + title: 'Deleted by User ID', + description: + 'User ID who deleted this object (if this object was deleted by a User)', + }) + @Column({ + type: ColumnType.ObjectID, + nullable: true, + transformer: ObjectID.getDatabaseTransformer(), + }) + public deletedByUserId?: ObjectID = undefined; } diff --git a/Model/Models/OnCallDutyPolicyEscalationRuleTeam.ts b/Model/Models/OnCallDutyPolicyEscalationRuleTeam.ts index 006d1794ae4..aefb023f9db 100644 --- a/Model/Models/OnCallDutyPolicyEscalationRuleTeam.ts +++ b/Model/Models/OnCallDutyPolicyEscalationRuleTeam.ts @@ -418,4 +418,22 @@ export default class OnCallDutyPolicyEscalationRuleTeam extends BaseModel { ) @JoinColumn({ name: 'deletedByUserId' }) public deletedByUser?: User = undefined; + + @ColumnAccessControl({ + create: [], + read: [], + update: [], + }) + @TableColumn({ + type: TableColumnType.ObjectID, + title: 'Deleted by User ID', + description: + 'User ID who deleted this object (if this object was deleted by a User)', + }) + @Column({ + type: ColumnType.ObjectID, + nullable: true, + transformer: ObjectID.getDatabaseTransformer(), + }) + public deletedByUserId?: ObjectID = undefined; } diff --git a/Model/Models/OnCallDutyPolicyEscalationRuleUser.ts b/Model/Models/OnCallDutyPolicyEscalationRuleUser.ts index 88cfaf1e3be..5a5984421bb 100644 --- a/Model/Models/OnCallDutyPolicyEscalationRuleUser.ts +++ b/Model/Models/OnCallDutyPolicyEscalationRuleUser.ts @@ -417,4 +417,22 @@ export default class OnCallDutyPolicyEscalationRuleUser extends BaseModel { ) @JoinColumn({ name: 'deletedByUserId' }) public deletedByUser?: User = undefined; + + @ColumnAccessControl({ + create: [], + read: [], + update: [], + }) + @TableColumn({ + type: TableColumnType.ObjectID, + title: 'Deleted by User ID', + description: + 'User ID who deleted this object (if this object was deleted by a User)', + }) + @Column({ + type: ColumnType.ObjectID, + nullable: true, + transformer: ObjectID.getDatabaseTransformer(), + }) + public deletedByUserId?: ObjectID = undefined; } diff --git a/Model/Models/OnCallDutyPolicyExecutionLog.ts b/Model/Models/OnCallDutyPolicyExecutionLog.ts index 780ee6c26e9..6c20019cefd 100644 --- a/Model/Models/OnCallDutyPolicyExecutionLog.ts +++ b/Model/Models/OnCallDutyPolicyExecutionLog.ts @@ -664,4 +664,6 @@ export default class OnCallDutyPolicyExecutionLog extends BaseModel { default: 1, }) public onCallPolicyExecutionRepeatCount?: number = undefined; + + } diff --git a/Model/Models/OnCallDutyPolicyExecutionLogTimeline.ts b/Model/Models/OnCallDutyPolicyExecutionLogTimeline.ts index 9d95c4bcb98..7d08b198cef 100644 --- a/Model/Models/OnCallDutyPolicyExecutionLogTimeline.ts +++ b/Model/Models/OnCallDutyPolicyExecutionLogTimeline.ts @@ -708,4 +708,22 @@ export default class OnCallDutyPolicyExecutionLogTimeline extends BaseModel { unique: false, }) public acknowledgedAt?: Date = undefined; + + @ColumnAccessControl({ + create: [], + read: [], + update: [], + }) + @TableColumn({ + type: TableColumnType.ObjectID, + title: 'Deleted by User ID', + description: + 'User ID who deleted this object (if this object was deleted by a User)', + }) + @Column({ + type: ColumnType.ObjectID, + nullable: true, + transformer: ObjectID.getDatabaseTransformer(), + }) + public deletedByUserId?: ObjectID = undefined; } diff --git a/Model/Models/OnCallDutyPolicySchedule.ts b/Model/Models/OnCallDutyPolicySchedule.ts index a8ee6136658..76392ab96b2 100644 --- a/Model/Models/OnCallDutyPolicySchedule.ts +++ b/Model/Models/OnCallDutyPolicySchedule.ts @@ -402,4 +402,6 @@ export default class OnCallDutyPolicySchedule extends BaseModel { transformer: ObjectID.getDatabaseTransformer(), }) public deletedByUserId?: ObjectID = undefined; + + } diff --git a/Model/Models/OnCallDutyPolicyScheduleLayer.ts b/Model/Models/OnCallDutyPolicyScheduleLayer.ts index d527593bdf6..c70ebbc6d11 100644 --- a/Model/Models/OnCallDutyPolicyScheduleLayer.ts +++ b/Model/Models/OnCallDutyPolicyScheduleLayer.ts @@ -556,4 +556,6 @@ export default class OnCallDutyPolicyScheduleLayer extends BaseModel { transformer: RestrictionTimes.getDatabaseTransformer(), }) public restrictionTimes?: RestrictionTimes = undefined; + + } diff --git a/Model/Models/OnCallDutyPolicyScheduleLayerUser.ts b/Model/Models/OnCallDutyPolicyScheduleLayerUser.ts index 088709fa8f2..2f2ecad1e26 100644 --- a/Model/Models/OnCallDutyPolicyScheduleLayerUser.ts +++ b/Model/Models/OnCallDutyPolicyScheduleLayerUser.ts @@ -494,4 +494,5 @@ export default class OnCallDutyPolicyScheduleLayerUser extends BaseModel { transformer: ObjectID.getDatabaseTransformer(), }) public userId?: ObjectID = undefined; + } diff --git a/Model/Models/User.ts b/Model/Models/User.ts index 0de11e88be2..dab362900ab 100644 --- a/Model/Models/User.ts +++ b/Model/Models/User.ts @@ -32,11 +32,7 @@ import EnableDocumentation from 'Common/Types/Database/EnableDocumentation'; @AllowAccessIfSubscriptionIsUnpaid() @TableAccessControl({ create: [Permission.Public], - read: [ - Permission.CurrentUser, - Permission.ProjectAdmin, - Permission.ProjectOwner, - ], + read: [Permission.CurrentUser], delete: [Permission.CurrentUser], update: [Permission.CurrentUser], }) @@ -56,11 +52,7 @@ import EnableDocumentation from 'Common/Types/Database/EnableDocumentation'; class User extends UserModel { @ColumnAccessControl({ create: [Permission.Public], - read: [ - Permission.CurrentUser, - Permission.ProjectAdmin, - Permission.ProjectOwner, - ], + read: [Permission.CurrentUser], update: [Permission.CurrentUser], }) @TableColumn({ type: TableColumnType.Name, canReadOnRelationQuery: true }) @@ -75,11 +67,7 @@ class User extends UserModel { @ColumnAccessControl({ create: [Permission.Public], - read: [ - Permission.CurrentUser, - Permission.ProjectAdmin, - Permission.ProjectOwner, - ], + read: [Permission.CurrentUser], update: [Permission.CurrentUser], }) @@ -247,11 +235,7 @@ class User extends UserModel { @ColumnAccessControl({ create: [], - read: [ - Permission.CurrentUser, - Permission.ProjectAdmin, - Permission.ProjectOwner, - ], + read: [Permission.CurrentUser], update: [Permission.CurrentUser], }) @@ -276,11 +260,7 @@ class User extends UserModel { @ColumnAccessControl({ create: [], - read: [ - Permission.CurrentUser, - Permission.ProjectAdmin, - Permission.ProjectOwner, - ], + read: [Permission.CurrentUser], update: [Permission.CurrentUser], }) @@ -297,11 +277,7 @@ class User extends UserModel { @ColumnAccessControl({ create: [], - read: [ - Permission.CurrentUser, - Permission.ProjectAdmin, - Permission.ProjectOwner, - ], + read: [Permission.CurrentUser], update: [Permission.CurrentUser], }) @@ -309,6 +285,7 @@ class User extends UserModel { isDefaultValueColumn: true, required: true, type: TableColumnType.Boolean, + canReadOnRelationQuery: true, }) @Column({ type: ColumnType.Boolean, @@ -424,11 +401,7 @@ class User extends UserModel { @ColumnAccessControl({ create: [], - read: [ - Permission.CurrentUser, - Permission.ProjectAdmin, - Permission.ProjectOwner, - ], + read: [Permission.CurrentUser], update: [Permission.CurrentUser], }) @@ -543,11 +516,7 @@ class User extends UserModel { @ColumnAccessControl({ create: [], - read: [ - Permission.CurrentUser, - Permission.ProjectAdmin, - Permission.ProjectOwner, - ], + read: [Permission.CurrentUser], update: [Permission.CurrentUser], })