From 6ef42914e4f5d2fb06f757fe4a004239d93ef4fb Mon Sep 17 00:00:00 2001 From: Maxime Lalo Date: Fri, 29 Sep 2023 14:12:57 +0200 Subject: [PATCH 1/6] :sparkles: Only show rules by namespace --- package.json | 2 +- src/app/api/admin/RulesController.ts | 10 +++++ src/app/api/notary/RulesController.ts | 9 ++++ .../migration.sql | 2 + src/common/databases/schema.prisma | 2 +- src/common/databases/seeders/seeder.ts | 41 ++++++++++++++++++- src/common/repositories/RulesRepository.ts | 5 ++- 7 files changed, 66 insertions(+), 5 deletions(-) create mode 100644 src/common/databases/migrations/20230929113629_rule_namespace/migration.sql diff --git a/package.json b/package.json index 40b5bb7f..01c62d97 100644 --- a/package.json +++ b/package.json @@ -53,7 +53,7 @@ "express": "^4.18.2", "fp-ts": "^2.16.1", "jsonwebtoken": "^9.0.0", - "le-coffre-resources": "git@github.com:smart-chain-fr/leCoffre-resources.git#v2.85", + "le-coffre-resources": "git@github.com:smart-chain-fr/leCoffre-resources.git#v2.86", "module-alias": "^2.2.2", "monocle-ts": "^2.3.13", "multer": "^1.4.5-lts.1", diff --git a/src/app/api/admin/RulesController.ts b/src/app/api/admin/RulesController.ts index 55526601..ca0e9d90 100644 --- a/src/app/api/admin/RulesController.ts +++ b/src/app/api/admin/RulesController.ts @@ -27,6 +27,11 @@ export default class RulesController extends ApiController { query = JSON.parse(req.query["q"] as string); } + query.where = { + ...query.where, + namespace: "notary", + }; + //call service to get prisma entity const rulesEntities = await this.rulesService.get(query); @@ -58,6 +63,11 @@ export default class RulesController extends ApiController { query = JSON.parse(req.query["q"] as string); } + query.where = { + ...query.where, + namespace: "notary", + }; + const ruleEntity = await this.rulesService.getByUid(uid, query); if (!ruleEntity) { diff --git a/src/app/api/notary/RulesController.ts b/src/app/api/notary/RulesController.ts index 63d29165..435a27c1 100644 --- a/src/app/api/notary/RulesController.ts +++ b/src/app/api/notary/RulesController.ts @@ -26,6 +26,10 @@ export default class RulesController extends ApiController { query = JSON.parse(req.query["q"] as string); } + query.where = { + ...query.where, + namespace: "notary", + }; //call service to get prisma entity const rulesEntities = await this.rulesService.get(query); @@ -57,6 +61,11 @@ export default class RulesController extends ApiController { query = JSON.parse(req.query["q"] as string); } + query.where = { + ...query.where, + namespace: "notary", + }; + const ruleEntity = await this.rulesService.getByUid(uid, query); if (!ruleEntity) { diff --git a/src/common/databases/migrations/20230929113629_rule_namespace/migration.sql b/src/common/databases/migrations/20230929113629_rule_namespace/migration.sql new file mode 100644 index 00000000..0eeea98b --- /dev/null +++ b/src/common/databases/migrations/20230929113629_rule_namespace/migration.sql @@ -0,0 +1,2 @@ +-- AlterTable +ALTER TABLE "rules" ADD COLUMN "namespace" VARCHAR(255) NOT NULL DEFAULT 'notary'; diff --git a/src/common/databases/schema.prisma b/src/common/databases/schema.prisma index a2120220..113f741d 100644 --- a/src/common/databases/schema.prisma +++ b/src/common/databases/schema.prisma @@ -299,7 +299,7 @@ model Rules { updated_at DateTime? @updatedAt role Roles[] @relation("RolesHasRules") office_roles OfficeRoles[] @relation("OfficeRolesHasRules") - + namespace String @db.VarChar(255) @default("notary") @@map("rules") } diff --git a/src/common/databases/seeders/seeder.ts b/src/common/databases/seeders/seeder.ts index 5429ba25..06039aed 100644 --- a/src/common/databases/seeders/seeder.ts +++ b/src/common/databases/seeders/seeder.ts @@ -527,228 +527,266 @@ export default async function main() { label: "Lecture des utilisateurs", created_at: new Date(), updated_at: new Date(), + namespace: "notary", }, { name: "GET offices", label: "Lecture des offices", created_at: new Date(), updated_at: new Date(), + namespace: "notary", }, { name: "GET customers", label: "Lecture des clients", created_at: new Date(), updated_at: new Date(), + namespace: "notary", }, { name: "GET deeds", label: "Lecture des actes", created_at: new Date(), updated_at: new Date(), + namespace: "notary", }, { name: "GET deed-types", label: "Lecture des types d'actes", created_at: new Date(), updated_at: new Date(), + namespace: "notary", }, { name: "GET documents", label: "Lecture des documents", created_at: new Date(), updated_at: new Date(), + namespace: "notary", }, { name: "GET document-types", label: "Lecture des types de documents", created_at: new Date(), updated_at: new Date(), + namespace: "notary", }, { name: "GET files", label: "Lecture des fichiers", created_at: new Date(), updated_at: new Date(), + namespace: "notary", }, { name: "GET folders", label: "Lecture des dossiers", created_at: new Date(), updated_at: new Date(), + namespace: "notary", }, { name: "GET roles", label: "Lecture utilisateurs", created_at: new Date(), updated_at: new Date(), + namespace: "notary", }, { name: "GET rules", label: "Lecture des droits", created_at: new Date(), updated_at: new Date(), + namespace: "notary", }, { name: "GET office-roles", label: "Lecture des rôles d'office", created_at: new Date(), updated_at: new Date(), + namespace: "notary", }, { name: "POST deeds", label: "Création des actes", created_at: new Date(), updated_at: new Date(), + namespace: "notary", }, { name: "PUT deeds", label: "Modification des actes", created_at: new Date(), updated_at: new Date(), + namespace: "notary", }, { name: "DELETE deeds", label: "Suppression des actes", created_at: new Date(), updated_at: new Date(), + namespace: "notary", }, { name: "POST folders", label: "Création des dossiers", created_at: new Date(), updated_at: new Date(), + namespace: "notary", }, { name: "PUT folders", label: "Modification des dossiers", created_at: new Date(), updated_at: new Date(), + namespace: "notary", }, { name: "DELETE folders", label: "Suppression des dossiers", created_at: new Date(), updated_at: new Date(), + namespace: "notary", }, { name: "POST documents", label: "Création des documents", created_at: new Date(), updated_at: new Date(), + namespace: "notary", }, { name: "PUT documents", label: "Modification des documents", created_at: new Date(), updated_at: new Date(), + namespace: "notary", }, { name: "DELETE documents", label: "Suppression des documents", created_at: new Date(), updated_at: new Date(), + namespace: "notary", }, { name: "POST customers", label: "Création des clients", created_at: new Date(), updated_at: new Date(), + namespace: "notary", }, { name: "PUT customers", label: "Modification des clients", created_at: new Date(), updated_at: new Date(), + namespace: "notary", }, { name: "DELETE customers", label: "Suppression des clients", created_at: new Date(), updated_at: new Date(), + namespace: "notary", }, { name: "POST anchors", label: "Ancrer un dossier", created_at: new Date(), updated_at: new Date(), + namespace: "notary", }, { name: "GET anchors", label: "Vérifier l'ancrage un dossier", created_at: new Date(), updated_at: new Date(), + namespace: "notary", }, { name: "POST deed-types", label: "Création des types d'actes", created_at: new Date(), updated_at: new Date(), + namespace: "admin", }, { name: "PUT deed-types", label: "Modification des types d'actes", created_at: new Date(), updated_at: new Date(), + namespace: "admin", }, { name: "DELETE deed-types", label: "Suppression des types d'actes", created_at: new Date(), updated_at: new Date(), + namespace: "admin", }, { name: "POST document-types", label: "Création des types de documents", created_at: new Date(), updated_at: new Date(), + namespace: "admin", }, { name: "PUT document-types", label: "Modification des types de documents", created_at: new Date(), updated_at: new Date(), + namespace: "admin", }, { name: "DELETE document-types", label: "Suppression des types de documents", created_at: new Date(), updated_at: new Date(), + namespace: "admin", }, { name: "POST office-roles", label: "Création des rôles d'office", created_at: new Date(), updated_at: new Date(), + namespace: "admin", }, { name: "PUT office-roles", label: "Modification des rôles d'office", created_at: new Date(), updated_at: new Date(), + namespace: "admin", }, { name: "DELETE office-roles", label: "Suppression des rôles d'office", created_at: new Date(), updated_at: new Date(), + namespace: "admin", }, { name: "DELETE office-roles", label: "Suppression des rôles d'office", created_at: new Date(), updated_at: new Date(), + namespace: "super-admin", }, { name: "PUT users", label: "Modification des utilisateurs", created_at: new Date(), updated_at: new Date(), + namespace: "super-admin", }, { name: "PUT offices", label: "Modification des offices", created_at: new Date(), updated_at: new Date(), + namespace: "super-admin", }, ]; @@ -779,7 +817,7 @@ export default async function main() { label: "Utilisateur", created_at: new Date(), updated_at: new Date(), - rules: rules.slice(0,1), + rules: rules.slice(0, 1), }, ]; @@ -1317,6 +1355,7 @@ export default async function main() { data: { name: rule.name, label: rule.label, + namespace: rule.namespace, }, }); rule.uid = ruleCreated.uid; diff --git a/src/common/repositories/RulesRepository.ts b/src/common/repositories/RulesRepository.ts index 281e505b..aa44b819 100644 --- a/src/common/repositories/RulesRepository.ts +++ b/src/common/repositories/RulesRepository.ts @@ -31,7 +31,8 @@ export default class RulesRepository extends BaseRepository { const createArgs: Prisma.RulesCreateArgs = { data: { name: rule.name, - label: rule.label + label: rule.label, + namespace: rule.namespace, }, }; @@ -48,7 +49,7 @@ export default class RulesRepository extends BaseRepository { }, data: { name: rule.name, - label: rule.label + label: rule.label, }, }; From 6c25e27ee069b83f205d5e66ccd7ea89c1d4e0c7 Mon Sep 17 00:00:00 2001 From: Maxime Lalo Date: Fri, 29 Sep 2023 14:33:17 +0200 Subject: [PATCH 2/6] :sparkles: Admin can put users --- src/common/databases/seeders/seeder.ts | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/common/databases/seeders/seeder.ts b/src/common/databases/seeders/seeder.ts index 06039aed..7c6e54d5 100644 --- a/src/common/databases/seeders/seeder.ts +++ b/src/common/databases/seeders/seeder.ts @@ -767,18 +767,18 @@ export default async function main() { updated_at: new Date(), namespace: "admin", }, - { - name: "DELETE office-roles", - label: "Suppression des rôles d'office", - created_at: new Date(), - updated_at: new Date(), - namespace: "super-admin", - }, { name: "PUT users", label: "Modification des utilisateurs", created_at: new Date(), updated_at: new Date(), + namespace: "admin", + }, + { + name: "DELETE office-roles", + label: "Suppression des rôles d'office", + created_at: new Date(), + updated_at: new Date(), namespace: "super-admin", }, { From aad951f28a333475c91018a72ea4d3daf7cc0696 Mon Sep 17 00:00:00 2001 From: Maxime Lalo Date: Fri, 29 Sep 2023 14:33:29 +0200 Subject: [PATCH 3/6] :sparkles: Admin can put users --- src/common/databases/seeders/seeder.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/common/databases/seeders/seeder.ts b/src/common/databases/seeders/seeder.ts index 7c6e54d5..aed0e1f8 100644 --- a/src/common/databases/seeders/seeder.ts +++ b/src/common/databases/seeders/seeder.ts @@ -803,7 +803,7 @@ export default async function main() { label: "Administrateur", created_at: new Date(), updated_at: new Date(), - rules: rules.slice(0, 35), + rules: rules.slice(0, 36), }, { name: "notary", From 3bb9cf1bdf21bf9612ab4696e2c80bcf16503cdc Mon Sep 17 00:00:00 2001 From: Maxime Lalo Date: Fri, 29 Sep 2023 14:34:05 +0200 Subject: [PATCH 4/6] :bug: Removing where in rules controller admin --- src/app/api/admin/RulesController.ts | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/src/app/api/admin/RulesController.ts b/src/app/api/admin/RulesController.ts index ca0e9d90..55526601 100644 --- a/src/app/api/admin/RulesController.ts +++ b/src/app/api/admin/RulesController.ts @@ -27,11 +27,6 @@ export default class RulesController extends ApiController { query = JSON.parse(req.query["q"] as string); } - query.where = { - ...query.where, - namespace: "notary", - }; - //call service to get prisma entity const rulesEntities = await this.rulesService.get(query); @@ -63,11 +58,6 @@ export default class RulesController extends ApiController { query = JSON.parse(req.query["q"] as string); } - query.where = { - ...query.where, - namespace: "notary", - }; - const ruleEntity = await this.rulesService.getByUid(uid, query); if (!ruleEntity) { From e3ae788b017178c29a0c3b73f6e1e6f253e23404 Mon Sep 17 00:00:00 2001 From: Maxime Lalo Date: Fri, 29 Sep 2023 16:52:50 +0200 Subject: [PATCH 5/6] :sparkles: Security in put --- src/app/api/admin/OfficeRolesController.ts | 23 ++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/src/app/api/admin/OfficeRolesController.ts b/src/app/api/admin/OfficeRolesController.ts index 5c06e471..dbde1263 100644 --- a/src/app/api/admin/OfficeRolesController.ts +++ b/src/app/api/admin/OfficeRolesController.ts @@ -10,11 +10,12 @@ import authHandler from "@App/middlewares/AuthHandler"; import ruleHandler from "@App/middlewares/RulesHandler"; import officeRoleHandler from "@App/middlewares/OfficeMembershipHandlers/OfficeRoleHandler"; import roleHandler from "@App/middlewares/RolesHandler"; +import RulesService from "@Services/admin/RulesService/RulesService"; @Controller() @Service() export default class OfficeRolesController extends ApiController { - constructor(private officeRolesService: OfficeRolesService) { + constructor(private officeRolesService: OfficeRolesService, private rulesService: RulesService) { super(); } @@ -30,7 +31,7 @@ export default class OfficeRolesController extends ApiController { query = JSON.parse(req.query["q"] as string); } - if(req.query["search"] && typeof req.query["search"] === "string") { + if (req.query["search"] && typeof req.query["search"] === "string") { const filter = req.query["search"]; query = { where: { @@ -39,7 +40,7 @@ export default class OfficeRolesController extends ApiController { mode: "insensitive", }, }, - } + }; } const officeId: string = req.body.user.office_Id; @@ -108,11 +109,25 @@ export default class OfficeRolesController extends ApiController { return; } + if (req.body.rules) { + const rules = req.body.rules; + const allRules = await this.rulesService.get({ + where: { + namespace: "notary", + }, + }); + + const rulesToEdit = rules.filter((rule: any) => { + const ruleFound = allRules.find((r) => r.uid === rule.uid && r.namespace === "notary"); + return ruleFound; + }); + req.body.rules = rulesToEdit; + } //init IOfficeRole resource with request body values const officeRoleEntity = OfficeRole.hydrate(req.body); //validate officeRole - await validateOrReject(officeRoleEntity, { groups: ["updateOfficeRole"] }); + await validateOrReject(officeRoleEntity, { groups: ["updateOfficeRole"] }); //call service to get prisma entity const officeRoleEntityUpdated = await this.officeRolesService.update(officeRoleEntity); From 81fc7644a0bcd389d350d4547542c6e530005a5c Mon Sep 17 00:00:00 2001 From: Maxime Lalo Date: Fri, 29 Sep 2023 16:53:35 +0200 Subject: [PATCH 6/6] :bug: Code optimization --- src/app/api/admin/OfficeRolesController.ts | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/app/api/admin/OfficeRolesController.ts b/src/app/api/admin/OfficeRolesController.ts index dbde1263..bd989779 100644 --- a/src/app/api/admin/OfficeRolesController.ts +++ b/src/app/api/admin/OfficeRolesController.ts @@ -110,18 +110,16 @@ export default class OfficeRolesController extends ApiController { } if (req.body.rules) { - const rules = req.body.rules; const allRules = await this.rulesService.get({ where: { namespace: "notary", }, }); - const rulesToEdit = rules.filter((rule: any) => { + req.body.rules = req.body.rules.filter((rule: any) => { const ruleFound = allRules.find((r) => r.uid === rule.uid && r.namespace === "notary"); return ruleFound; }); - req.body.rules = rulesToEdit; } //init IOfficeRole resource with request body values const officeRoleEntity = OfficeRole.hydrate(req.body);