mirror of
https://github.com/fosrl/pangolin.git
synced 2026-07-09 23:49:47 +02:00
dont show non sso resoruces
This commit is contained in:
@@ -1,11 +1,10 @@
|
|||||||
import { createHash } from "node:crypto";
|
import { createHash } from "node:crypto";
|
||||||
import { alias, db } from "@server/db";
|
import { db } from "@server/db";
|
||||||
import {
|
import {
|
||||||
exitNodes,
|
exitNodes,
|
||||||
labels,
|
labels,
|
||||||
launcherViews,
|
launcherViews,
|
||||||
resourceLabels,
|
resourceLabels,
|
||||||
resourcePolicies,
|
|
||||||
resources,
|
resources,
|
||||||
rolePolicies,
|
rolePolicies,
|
||||||
roleResources,
|
roleResources,
|
||||||
@@ -32,7 +31,6 @@ import {
|
|||||||
inArray,
|
inArray,
|
||||||
isNull,
|
isNull,
|
||||||
like,
|
like,
|
||||||
not,
|
|
||||||
or,
|
or,
|
||||||
sql,
|
sql,
|
||||||
type SQL
|
type SQL
|
||||||
@@ -136,48 +134,6 @@ function launcherAccessibleIdsCacheKey(
|
|||||||
return `launcherAccessibleIds:${orgId}:${userId}:${rolesKey}`;
|
return `launcherAccessibleIds:${orgId}:${userId}:${rolesKey}`;
|
||||||
}
|
}
|
||||||
|
|
||||||
async function fetchOrgNonSsoPublicResourceIds(
|
|
||||||
orgId: string
|
|
||||||
): Promise<number[]> {
|
|
||||||
const sharedPolicy = alias(resourcePolicies, "sharedPolicy");
|
|
||||||
const defaultPolicy = alias(resourcePolicies, "defaultPolicy");
|
|
||||||
|
|
||||||
const effectiveSso = sql<boolean>`
|
|
||||||
COALESCE(
|
|
||||||
CASE
|
|
||||||
WHEN ${sharedPolicy.resourcePolicyId} IS NOT NULL THEN ${sharedPolicy.sso}
|
|
||||||
ELSE ${defaultPolicy.sso}
|
|
||||||
END,
|
|
||||||
false
|
|
||||||
)
|
|
||||||
`;
|
|
||||||
|
|
||||||
const rows = await db
|
|
||||||
.select({ resourceId: resources.resourceId })
|
|
||||||
.from(resources)
|
|
||||||
.leftJoin(
|
|
||||||
sharedPolicy,
|
|
||||||
eq(sharedPolicy.resourcePolicyId, resources.resourcePolicyId)
|
|
||||||
)
|
|
||||||
.leftJoin(
|
|
||||||
defaultPolicy,
|
|
||||||
eq(
|
|
||||||
defaultPolicy.resourcePolicyId,
|
|
||||||
resources.defaultResourcePolicyId
|
|
||||||
)
|
|
||||||
)
|
|
||||||
.where(
|
|
||||||
and(
|
|
||||||
eq(resources.orgId, orgId),
|
|
||||||
eq(resources.enabled, true),
|
|
||||||
eq(resources.blockAccess, false),
|
|
||||||
not(effectiveSso)
|
|
||||||
)
|
|
||||||
);
|
|
||||||
|
|
||||||
return rows.map((row) => row.resourceId);
|
|
||||||
}
|
|
||||||
|
|
||||||
async function resolveAccessibleIdsUncached(
|
async function resolveAccessibleIdsUncached(
|
||||||
orgId: string,
|
orgId: string,
|
||||||
userId: string,
|
userId: string,
|
||||||
@@ -189,8 +145,7 @@ async function resolveAccessibleIdsUncached(
|
|||||||
directPolicyResourceResults,
|
directPolicyResourceResults,
|
||||||
rolePolicyResourceResults,
|
rolePolicyResourceResults,
|
||||||
directSiteResourceResults,
|
directSiteResourceResults,
|
||||||
roleSiteResourceResults,
|
roleSiteResourceResults
|
||||||
orgNonSsoPublicResources
|
|
||||||
] = await Promise.all([
|
] = await Promise.all([
|
||||||
db
|
db
|
||||||
.select({ resourceId: userResources.resourceId })
|
.select({ resourceId: userResources.resourceId })
|
||||||
@@ -259,8 +214,7 @@ async function resolveAccessibleIdsUncached(
|
|||||||
})
|
})
|
||||||
.from(roleSiteResources)
|
.from(roleSiteResources)
|
||||||
.where(inArray(roleSiteResources.roleId, userRoleIds))
|
.where(inArray(roleSiteResources.roleId, userRoleIds))
|
||||||
: Promise.resolve([]),
|
: Promise.resolve([])
|
||||||
fetchOrgNonSsoPublicResourceIds(orgId)
|
|
||||||
]);
|
]);
|
||||||
|
|
||||||
return {
|
return {
|
||||||
@@ -269,8 +223,7 @@ async function resolveAccessibleIdsUncached(
|
|||||||
...directResources.map((r) => r.resourceId),
|
...directResources.map((r) => r.resourceId),
|
||||||
...roleResourceResults.map((r) => r.resourceId),
|
...roleResourceResults.map((r) => r.resourceId),
|
||||||
...directPolicyResourceResults.map((r) => r.resourceId),
|
...directPolicyResourceResults.map((r) => r.resourceId),
|
||||||
...rolePolicyResourceResults.map((r) => r.resourceId),
|
...rolePolicyResourceResults.map((r) => r.resourceId)
|
||||||
...orgNonSsoPublicResources
|
|
||||||
])
|
])
|
||||||
),
|
),
|
||||||
siteResourceIds: Array.from(
|
siteResourceIds: Array.from(
|
||||||
|
|||||||
Reference in New Issue
Block a user