calvin.erfmann/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-05-18 06:51:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

create default policy when creating a resource

Browse Source
This commit is contained in:
Fred KISSIE
2026-03-07 02:29:36 +01:00
parent f8e18de2fc
commit 5d956080f2
1 changed files with 87 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

115
server/routers/resource/createResource.ts
View File

@@ -6,11 +6,17 @@ import {
orgs, orgs,
Resource, Resource,
resources, resources,
resourcePolicies,
roleResources, roleResources,
rolePolicies,
roles, roles,
userPolicies,
userResources userResources
} from "@server/db"; } from "@server/db";
import { getUniqueResourceName } from "@server/db/names"; import {
getUniqueResourceName,
getUniqueResourcePolicyName
} from "@server/db/names";
import config from "@server/lib/config"; import config from "@server/lib/config";
import { validateAndConstructDomain } from "@server/lib/domainUtils"; import { validateAndConstructDomain } from "@server/lib/domainUtils";
import response from "@server/lib/response"; import response from "@server/lib/response";
@@ -241,8 +247,46 @@ async function createHttpResource(
let resource: Resource | undefined; let resource: Resource | undefined;
const niceId = await getUniqueResourceName(orgId); const niceId = await getUniqueResourceName(orgId);
const policyNiceId = await getUniqueResourcePolicyName(orgId);
await db.transaction(async (trx) => { await db.transaction(async (trx) => {
const adminRole = await trx
.select()
.from(roles)
.where(and(eq(roles.isAdmin, true), eq(roles.orgId, orgId)))
.limit(1);
if (adminRole.length === 0) {
return next(
createHttpError(HttpCode.NOT_FOUND, `Admin role not found`)
);
}
const [defaultPolicy] = await trx
.insert(resourcePolicies)
.values({
niceId: policyNiceId,
orgId,
name: `default policy for ${niceId}`,
sso: true,
scope: "resource"
})
.returning();
// make this policy visible by the admin role
await trx.insert(rolePolicies).values({
roleId: adminRole[0].roleId,
resourcePolicyId: defaultPolicy.resourcePolicyId
});
// make this policy visible by the current user
if (req.user && req.userOrgRoleId !== adminRole[0].roleId) {
await trx.insert(userPolicies).values({
userId: req.user?.userId!,
resourcePolicyId: defaultPolicy.resourcePolicyId
});
}
const newResource = await trx const newResource = await trx
.insert(resources) .insert(resources)
.values({ .values({
@@ -256,22 +300,11 @@ async function createHttpResource(
protocol: "tcp", protocol: "tcp",
ssl: true, ssl: true,
stickySession: stickySession, stickySession: stickySession,
postAuthPath: postAuthPath postAuthPath: postAuthPath,
defaultResourcePolicyId: defaultPolicy.resourcePolicyId
}) })
.returning(); .returning();
const adminRole = await db
.select()
.from(roles)
.where(and(eq(roles.isAdmin, true), eq(roles.orgId, orgId)))
.limit(1);
if (adminRole.length === 0) {
return next(
createHttpError(HttpCode.NOT_FOUND, `Admin role not found`)
);
}
await trx.insert(roleResources).values({ await trx.insert(roleResources).values({
roleId: adminRole[0].roleId, roleId: adminRole[0].roleId,
resourceId: newResource[0].resourceId resourceId: newResource[0].resourceId
@@ -338,22 +371,10 @@ async function createRawResource(
let resource: Resource | undefined; let resource: Resource | undefined;
const niceId = await getUniqueResourceName(orgId); const niceId = await getUniqueResourceName(orgId);
const policyNiceId = await getUniqueResourcePolicyName(orgId);
await db.transaction(async (trx) => { await db.transaction(async (trx) => {
const newResource = await trx const adminRole = await trx
.insert(resources)
.values({
niceId,
orgId,
name,
http,
protocol,
proxyPort
// enableProxy
})
.returning();
const adminRole = await db
.select() .select()
.from(roles) .from(roles)
.where(and(eq(roles.isAdmin, true), eq(roles.orgId, orgId))) .where(and(eq(roles.isAdmin, true), eq(roles.orgId, orgId)))
@@ -365,6 +386,44 @@ async function createRawResource(
); );
} }
const [defaultPolicy] = await trx
.insert(resourcePolicies)
.values({
niceId: policyNiceId,
orgId,
name: `default policy for ${niceId}`,
sso: true,
scope: "resource"
})
.returning();
// make this policy visible by the admin role
await trx.insert(rolePolicies).values({
roleId: adminRole[0].roleId,
resourcePolicyId: defaultPolicy.resourcePolicyId
});
// make this policy visible by the current user
if (req.user && req.userOrgRoleId != adminRole[0].roleId) {
await trx.insert(userPolicies).values({
userId: req.user?.userId!,
resourcePolicyId: defaultPolicy.resourcePolicyId
});
}
const newResource = await trx
.insert(resources)
.values({
niceId,
orgId,
name,
http,
protocol,
proxyPort,
defaultResourcePolicyId: defaultPolicy.resourcePolicyId
})
.returning();
await trx.insert(roleResources).values({ await trx.insert(roleResources).values({
roleId: adminRole[0].roleId, roleId: adminRole[0].roleId,
resourceId: newResource[0].resourceId resourceId: newResource[0].resourceId