Authorization saved on subspace level

alkemio.yml

@@ -53,6 +53,10 @@ bootstrap:
   authorization:
     enabled: ${BOOTSTRAP_AUTHORIZATION_ENABLED}:true
     file: ${BOOTSTRAP_AUTHORIZATION_FILE}
+# Settings related to the authorization framework
+authorization:
+  # amount of authorization policies saved in a single chunk
+  chunk: ${AUTHORIZATION_CHUNK_SIZE}:1000
 
 ## security ##
 # The various means by which the security of the Alkemio platform can be configured.

package.json

@@ -1,6 +1,6 @@
 {
   "name": "alkemio-server",
-  "version": "0.93.0",
+  "version": "0.93.1",
   "description": "Alkemio server, responsible for managing the shared Alkemio platform",
   "author": "Alkemio Foundation",
   "private": false,

src/domain/common/authorization-policy/authorization.policy.service.ts

@@ -25,16 +25,24 @@ import { IAuthorizationPolicyRulePrivilege } from '@core/authorization/authoriza
 import { IAuthorizationPolicyRuleVerifiedCredential } from '@core/authorization/authorization.policy.rule.verified.credential.interface';
 import { ICredentialDefinition } from '@domain/agent/credential/credential.definition.interface';
 import { AuthorizationPolicyType } from '@common/enums/authorization.policy.type';
+import { ConfigService } from '@nestjs/config';
+import { AlkemioConfig } from '@src/types';
 
 @Injectable()
 export class AuthorizationPolicyService {
+  private readonly authChunkSize: number;
   constructor(
     @InjectRepository(AuthorizationPolicy)
     private authorizationPolicyRepository: Repository<AuthorizationPolicy>,
     private authorizationService: AuthorizationService,
     @Inject(WINSTON_MODULE_NEST_PROVIDER)
-    private readonly logger: LoggerService
-  ) {}
+    private readonly logger: LoggerService,
+    private readonly configService: ConfigService<AlkemioConfig, true>
+  ) {
+    this.authChunkSize = this.configService.get('authorization.chunk', {
+      infer: true,
+    });
+  }
 
   public authorizationSelectOptions: FindOptionsSelect<AuthorizationPolicy> = {
     id: true,
@@ -193,7 +201,7 @@ export class AuthorizationPolicyService {
       LogContext.AUTH
     );
     await this.authorizationPolicyRepository.save(authorizationPolicies, {
-      chunk: 100,
+      chunk: this.authChunkSize,
     });
   }
 

src/domain/space/account/account.service.authorization.ts

@@ -1,4 +1,4 @@
-import { Injectable } from '@nestjs/common';
+import { Inject, Injectable, LoggerService } from '@nestjs/common';
 import {
   AuthorizationCredential,
   AuthorizationPrivilege,
@@ -35,6 +35,7 @@ import { InnovationHubAuthorizationService } from '@domain/innovation-hub/innova
 import { LicenseEngineService } from '@core/license-engine/license.engine.service';
 import { LicensePrivilege } from '@common/enums/license.privilege';
 import { IAgent } from '@domain/agent/agent/agent.interface';
+import { WINSTON_MODULE_NEST_PROVIDER } from 'nest-winston';
 
 @Injectable()
 export class AccountAuthorizationService {
@@ -49,7 +50,8 @@ export class AccountAuthorizationService {
     private storageAggregatorAuthorizationService: StorageAggregatorAuthorizationService,
     private innovationHubAuthorizationService: InnovationHubAuthorizationService,
     private accountService: AccountService,
-    private accountHostService: AccountHostService
+    private accountHostService: AccountHostService,
+    @Inject(WINSTON_MODULE_NEST_PROVIDER) private readonly logger: LoggerService
   ) {}
 
   async applyAuthorizationPolicy(
@@ -150,6 +152,10 @@ export class AccountAuthorizationService {
     for (const space of account.spaces) {
       const spaceAuthorizations =
         await this.spaceAuthorizationService.applyAuthorizationPolicy(space);
+      this.logger.verbose?.(
+        `space nameID ${space.nameID}: authorizations to reset count = ${spaceAuthorizations.length}`,
+        LogContext.AUTH
+      );
       updatedAuthorizations.push(...spaceAuthorizations);
     }
 

src/domain/space/space/space.service.authorization.ts

@@ -1,4 +1,4 @@
-import { Injectable } from '@nestjs/common';
+import { Inject, Injectable, LoggerService } from '@nestjs/common';
 import {
   AuthorizationCredential,
   AuthorizationPrivilege,
@@ -38,6 +38,7 @@ import { ISpaceSettings } from '../space.settings/space.settings.interface';
 import { TemplatesSetAuthorizationService } from '@domain/template/templates-set/templates.set.service.authorization';
 import { RoleSetService } from '@domain/access/role-set/role.set.service';
 import { IRoleSet } from '@domain/access/role-set';
+import { WINSTON_MODULE_NEST_PROVIDER } from 'nest-winston';
 
 @Injectable()
 export class SpaceAuthorizationService {
@@ -52,7 +53,8 @@ export class SpaceAuthorizationService {
     private collaborationAuthorizationService: CollaborationAuthorizationService,
     private templatesSetAuthorizationService: TemplatesSetAuthorizationService,
     private spaceService: SpaceService,
-    private spaceSettingsService: SpaceSettingsService
+    private spaceSettingsService: SpaceSettingsService,
+    @Inject(WINSTON_MODULE_NEST_PROVIDER) private readonly logger: LoggerService
   ) {}
 
   async applyAuthorizationPolicy(
@@ -215,7 +217,13 @@ export class SpaceAuthorizationService {
     for (const subspace of space.subspaces) {
       const updatedSubspaceAuthorizations =
         await this.applyAuthorizationPolicy(subspace);
-      updatedAuthorizations.push(...updatedSubspaceAuthorizations);
+      this.logger.verbose?.(
+        `Subspace (${subspace.id}) auth reset: saving ${updatedSubspaceAuthorizations.length} authorizations`,
+        LogContext.AUTH
+      );
+      await this.authorizationPolicyService.saveAll(
+        updatedSubspaceAuthorizations
+      );
     }
 
     return updatedAuthorizations;

src/types/alkemio.config.ts

@@ -1,4 +1,7 @@
 export type AlkemioConfig = {
+  authorization: {
+    chunk: number;
+  };
   hosting: {
     environment: string;
     port: number;