Add some documentation; pull the override values

2026-06-11 01:53:58 +00:00 · 2026-06-10 10:03:16 -07:00
parent e248571268
commit 665806dfe8
2 changed files with 66 additions and 10 deletions
--- a/server/routers/resource/getResource.ts
+++ b/server/routers/resource/getResource.ts
@@ -1,4 +1,4 @@
-import { db, resources } from "@server/db";
+import { db, resourcePolicies, resources } from "@server/db";
 import response from "@server/lib/response";
 import stoi from "@server/lib/stoi";
 import logger from "@server/logger";
@@ -41,6 +41,15 @@ async function query(resourceId?: number, niceId?: string, orgId?: string) {
    }
 }

+async function queryInlinePolicy(resourcePolicyId: number) {
+    const [res] = await db
+        .select()
+        .from(resourcePolicies)
+        .where(eq(resourcePolicies.resourcePolicyId, resourcePolicyId))
+        .limit(1);
+    return res;
+}
+
 export type GetResourceResponse = Omit<
    NonNullable<Awaited<ReturnType<typeof query>>>,
    "headers"
@@ -132,12 +141,31 @@ export async function getResource(
            );
        }

+        const isInlinePolicy =
+            resource.resourcePolicyId === null &&
+            resource.defaultResourcePolicyId !== null;
+
+        let returnData = resource;
+        if (isInlinePolicy) {
+            // get the policy
+            const policy = await queryInlinePolicy(
+                resource.defaultResourcePolicyId!
+            );
+            returnData = {
+                ...returnData,
+                sso: policy?.sso || null,
+                emailWhitelistEnabled: policy?.emailWhitelistEnabled || null,
+                applyRules: policy?.applyRules || null,
+                skipToIdpId: policy?.idpId || null
+            };
+        }
+
        return response<GetResourceResponse>(res, {
            data: {
-                ...resource,
-                headers: resource.headers
-                    ? JSON.parse(resource.headers)
-                    : resource.headers
+                ...returnData,
+                headers: returnData.headers
+                    ? JSON.parse(returnData.headers)
+                    : returnData.headers
            },
            success: true,
            error: false,
--- a/server/routers/resource/updateResource.ts
+++ b/server/routers/resource/updateResource.ts
@@ -66,16 +66,38 @@ const updateHttpResourceBodySchema = z
            .optional(),
        subdomain: z.string().nullable().optional(),
        ssl: z.boolean().optional(),
-        sso: z.boolean().optional(),
+        sso: z
+            .boolean()
+            .optional()
+            .describe(
+                "When no shared resource policy is assigned (resourcePolicyId is null), updates the resource's inline policy. When a shared policy is assigned, this value overrides the shared policy for this resource."
+            ),
        blockAccess: z.boolean().optional(),
-        emailWhitelistEnabled: z.boolean().optional(),
-        applyRules: z.boolean().optional(),
+        emailWhitelistEnabled: z
+            .boolean()
+            .optional()
+            .describe(
+                "When no shared resource policy is assigned (resourcePolicyId is null), updates the resource's inline policy. When a shared policy is assigned, this value overrides the shared policy for this resource."
+            ),
+        applyRules: z
+            .boolean()
+            .optional()
+            .describe(
+                "When no shared resource policy is assigned (resourcePolicyId is null), updates the resource's inline policy. When a shared policy is assigned, this value overrides the shared policy for this resource."
+            ),
        domainId: z.string().optional(),
        enabled: z.boolean().optional(),
        stickySession: z.boolean().optional(),
        tlsServerName: z.string().nullable().optional(),
        setHostHeader: z.string().nullable().optional(),
-        skipToIdpId: z.int().positive().nullable().optional(),
+        skipToIdpId: z
+            .int()
+            .positive()
+            .nullable()
+            .optional()
+            .describe(
+                "When no shared resource policy is assigned (resourcePolicyId is null), updates the resource's inline policy. When a shared policy is assigned, this value overrides the shared policy for this resource."
+            ),
        headers: z
            .array(z.strictObject({ name: z.string(), value: z.string() }))
            .nullable()
@@ -91,7 +113,13 @@ const updateHttpResourceBodySchema = z
        pamMode: z.enum(["passthrough", "push"]).optional(),
        authDaemonMode: z.enum(["site", "remote", "native"]).optional(),
        authDaemonPort: z.int().min(1).max(65535).nullable().optional(),
-        resourcePolicyId: z.number().nullable().optional()
+        resourcePolicyId: z
+            .number()
+            .nullable()
+            .optional()
+            .describe(
+                "ID of the resource policy to apply to this resource. Set to null to remove the resource policy and fall back to the inline policy settings."
+            )
    })
    .refine((data) => Object.keys(data).length > 0, {
        error: "At least one field must be provided for update"