mirror of
https://github.com/fosrl/pangolin.git
synced 2026-07-07 06:39:52 +02:00
includen on sso resources in launcher
This commit is contained in:
@@ -1,10 +1,11 @@
|
||||
import { createHash } from "node:crypto";
|
||||
import { db } from "@server/db";
|
||||
import { alias, db } from "@server/db";
|
||||
import {
|
||||
exitNodes,
|
||||
labels,
|
||||
launcherViews,
|
||||
resourceLabels,
|
||||
resourcePolicies,
|
||||
resources,
|
||||
rolePolicies,
|
||||
roleResources,
|
||||
@@ -31,6 +32,7 @@ import {
|
||||
inArray,
|
||||
isNull,
|
||||
like,
|
||||
not,
|
||||
or,
|
||||
sql,
|
||||
type SQL
|
||||
@@ -134,6 +136,48 @@ function launcherAccessibleIdsCacheKey(
|
||||
return `launcherAccessibleIds:${orgId}:${userId}:${rolesKey}`;
|
||||
}
|
||||
|
||||
async function fetchOrgNonSsoPublicResourceIds(
|
||||
orgId: string
|
||||
): Promise<number[]> {
|
||||
const sharedPolicy = alias(resourcePolicies, "sharedPolicy");
|
||||
const defaultPolicy = alias(resourcePolicies, "defaultPolicy");
|
||||
|
||||
const effectiveSso = sql<boolean>`
|
||||
COALESCE(
|
||||
CASE
|
||||
WHEN ${sharedPolicy.resourcePolicyId} IS NOT NULL THEN ${sharedPolicy.sso}
|
||||
ELSE ${defaultPolicy.sso}
|
||||
END,
|
||||
false
|
||||
)
|
||||
`;
|
||||
|
||||
const rows = await db
|
||||
.select({ resourceId: resources.resourceId })
|
||||
.from(resources)
|
||||
.leftJoin(
|
||||
sharedPolicy,
|
||||
eq(sharedPolicy.resourcePolicyId, resources.resourcePolicyId)
|
||||
)
|
||||
.leftJoin(
|
||||
defaultPolicy,
|
||||
eq(
|
||||
defaultPolicy.resourcePolicyId,
|
||||
resources.defaultResourcePolicyId
|
||||
)
|
||||
)
|
||||
.where(
|
||||
and(
|
||||
eq(resources.orgId, orgId),
|
||||
eq(resources.enabled, true),
|
||||
eq(resources.blockAccess, false),
|
||||
not(effectiveSso)
|
||||
)
|
||||
);
|
||||
|
||||
return rows.map((row) => row.resourceId);
|
||||
}
|
||||
|
||||
async function resolveAccessibleIdsUncached(
|
||||
orgId: string,
|
||||
userId: string,
|
||||
@@ -145,7 +189,8 @@ async function resolveAccessibleIdsUncached(
|
||||
directPolicyResourceResults,
|
||||
rolePolicyResourceResults,
|
||||
directSiteResourceResults,
|
||||
roleSiteResourceResults
|
||||
roleSiteResourceResults,
|
||||
orgNonSsoPublicResources
|
||||
] = await Promise.all([
|
||||
db
|
||||
.select({ resourceId: userResources.resourceId })
|
||||
@@ -214,7 +259,8 @@ async function resolveAccessibleIdsUncached(
|
||||
})
|
||||
.from(roleSiteResources)
|
||||
.where(inArray(roleSiteResources.roleId, userRoleIds))
|
||||
: Promise.resolve([])
|
||||
: Promise.resolve([]),
|
||||
fetchOrgNonSsoPublicResourceIds(orgId)
|
||||
]);
|
||||
|
||||
return {
|
||||
@@ -223,7 +269,8 @@ async function resolveAccessibleIdsUncached(
|
||||
...directResources.map((r) => r.resourceId),
|
||||
...roleResourceResults.map((r) => r.resourceId),
|
||||
...directPolicyResourceResults.map((r) => r.resourceId),
|
||||
...rolePolicyResourceResults.map((r) => r.resourceId)
|
||||
...rolePolicyResourceResults.map((r) => r.resourceId),
|
||||
...orgNonSsoPublicResources
|
||||
])
|
||||
),
|
||||
siteResourceIds: Array.from(
|
||||
|
||||
Reference in New Issue
Block a user