calvin.erfmann/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-06-12 10:27:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Also clear the roles and users

Browse Source
This commit is contained in:
Owen
2026-06-09 21:59:30 -07:00
parent a1ab8d8f35
commit dd1fba4e45
1 changed files with 46 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
server/routers/resource/updateResource.ts
View File

@@ -10,7 +10,10 @@ import {
resourcePincode, resourcePincode,
resourceRules, resourceRules,
resourceWhitelist, resourceWhitelist,
Transaction roleResources,
roles,
Transaction,
userResources
} from "@server/db"; } from "@server/db";
import { import {
domains, domains,
@@ -313,20 +316,30 @@ export async function updateResource(
async function clearResourceSpecificSettings( async function clearResourceSpecificSettings(
resourceId: number, resourceId: number,
orgId: string,
trx: Transaction | typeof db trx: Transaction | typeof db
) { ) {
const adminRole = await db
.select()
.from(roles)
.where(and(eq(roles.isAdmin, true), eq(roles.orgId, orgId)))
.limit(1);
if (adminRole.length === 0) {
throw new Error(`Admin role not found for org ${orgId}`);
}
// remove the resource specific pincode, password, header auth, rules, nad whitelist entries so that the resource will fall back to the policy settings // remove the resource specific pincode, password, header auth, rules, nad whitelist entries so that the resource will fall back to the policy settings
await Promise.all([ await Promise.all([
db trx
.delete(resourcePassword) .delete(resourcePassword)
.where(eq(resourcePassword.resourceId, resourceId)), .where(eq(resourcePassword.resourceId, resourceId)),
db trx
.delete(resourcePincode) .delete(resourcePincode)
.where(eq(resourcePincode.resourceId, resourceId)), .where(eq(resourcePincode.resourceId, resourceId)),
db trx
.delete(resourceHeaderAuth) .delete(resourceHeaderAuth)
.where(eq(resourceHeaderAuth.resourceId, resourceId)), .where(eq(resourceHeaderAuth.resourceId, resourceId)),
db trx
.delete(resourceHeaderAuthExtendedCompatibility) .delete(resourceHeaderAuthExtendedCompatibility)
.where( .where(
eq( eq(
@@ -334,10 +347,25 @@ async function clearResourceSpecificSettings(
resourceId resourceId
) )
), ),
db trx
.delete(resourceWhitelist) .delete(resourceWhitelist)
.where(eq(resourceWhitelist.resourceId, resourceId)), .where(eq(resourceWhitelist.resourceId, resourceId)),
db.delete(resourceRules).where(eq(resourceRules.resourceId, resourceId)) trx
.delete(resourceRules)
.where(eq(resourceRules.resourceId, resourceId)),
// delete the roles and the users as well
trx
.delete(userResources)
.where(eq(userResources.resourceId, resourceId)),
// except the admin role
trx
.delete(roleResources)
.where(
and(
eq(roleResources.resourceId, resourceId),
ne(roleResources.roleId, adminRole[0].roleId)
)
)
]); ]);
} }
@@ -404,12 +432,12 @@ async function updateHttpResource(
} }
// catch when the resource policy changes or gets cleared // catch when the resource policy changes or gets cleared
if ( if (resource.resourcePolicyId != updateData.resourcePolicyId) {
resource.resourcePolicyId != updateData.resourcePolicyId || await clearResourceSpecificSettings(
(updateData.resourcePolicyId === null && resource.resourceId,
resource.resourcePolicyId !== null) resource.orgId,
) { db
await clearResourceSpecificSettings(resource.resourceId, db); );
} }
if (updateData.niceId) { if (updateData.niceId) {
@@ -731,7 +759,11 @@ async function updateRawResource(
} }
} }
await clearResourceSpecificSettings(resource.resourceId, trx); // none of these are supported on raw resources await clearResourceSpecificSettings(
resource.resourceId,
resource.orgId,
trx
); // none of these are supported on raw resources
// we should make sure sso, emailWhitelistEnabled, and applyRules are null because this is a raw resource // we should make sure sso, emailWhitelistEnabled, and applyRules are null because this is a raw resource
const realUpdateData = { const realUpdateData = {