Merge branch 'main' into CHARTS-10307-add-check-parent-folder-in-rest…

…ore-entity

api/constants.ts

@@ -2,6 +2,8 @@ export {
     AppEnv,
     BiTrackingLogs,
     US_MASTER_TOKEN_HEADER,
+    COOKIE_HEADER,
+    DL_SERVICE_USER_ACCESS_TOKEN,
     DL_COMPONENT_HEADER,
     SYSTEM_USER,
     ORG_TENANT_PREFIX,

api/entities.ts

@@ -1,3 +1,4 @@
+export {ResourceType} from '../src/entities/types';
 export {
     CollectionPermission,
     CollectionRole,

api/tests/auth.ts

@@ -0,0 +1 @@
+export * from '../../src/tests/int/auth';

api/tests/constants.ts

@@ -0,0 +1 @@
+export * from '../../src/tests/int/constants';

api/tests/db.ts

@@ -0,0 +1 @@
+export * from '../../src/tests/int/db';

api/tests/helpers.ts

@@ -0,0 +1 @@
+export * from '../../src/tests/int/helpers';

api/tests/models.ts

@@ -0,0 +1 @@
+export * from '../../src/tests/int/models';

api/tests/roles.ts

@@ -0,0 +1 @@
+export * from '../../src/tests/int/roles';

api/tests/routes.ts

@@ -0,0 +1 @@
+export * from '../../src/tests/int/routes';

dev/env/opensource/development.env

@@ -6,7 +6,7 @@ CONTROL_MASTER_TOKEN=development-control-master-token
 
 US_SURPRESS_DB_STATUS_LOGS=true
 
-ZITADEL=false
+ZITADEL=true
 
 ZITADEL_URI=http://localhost:8085
 

dev/env/opensource/int-testing.env

@@ -1,6 +1,8 @@
 APP_INSTALLATION=opensource
 APP_ENV=int-testing
 
+ZITADEL=true
+
 MASTER_TOKEN=int-testing-master-token
 
 APP_LOGGING_LEVEL=silent

src/configs/common.ts

@@ -34,7 +34,7 @@ export default {
 
     dlsEnabled: false,
     accessServiceEnabled: Utils.isTrueArg(Utils.getEnvVariable('ZITADEL')),
-    accessBindingsServiceEnabled: false,
+    accessBindingsServiceEnabled: Utils.isTrueArg(Utils.getEnvVariable('ZITADEL')),
 
     masterToken: Utils.getEnvTokenVariable('MASTER_TOKEN'),
 

src/const/common.ts

@@ -162,11 +162,14 @@ export const AJV_PATTERN_KEYS_NOT_OBJECT = {
     },
 };
 
+export const COOKIE_HEADER = 'cookie';
+export const AUTHORIZATION_HEADER = 'authorization';
+export const DL_AUTH_HEADER_KEY = 'bearer';
+
 export const US_MASTER_TOKEN_HEADER = 'x-us-master-token';
 export const DL_COMPONENT_HEADER = 'x-dl-component';
 export const DL_WORKBOOK_ID_HEADER = 'x-dl-workbookid';
 export const DL_SERVICE_USER_ACCESS_TOKEN = 'x-dl-service-user-access-token';
-export const DL_AUTH_HEADER_KEY = 'bearer';
 
 export const COMPARISON_OPERATORS: {[key: string]: string} = {
     eq: '=',

src/entities/types.ts

@@ -0,0 +1,7 @@
+export {CollectionRole, CollectionPermission} from './collection/types';
+export {WorkbookRole, WorkbookPermission} from './workbook/types';
+
+export enum ResourceType {
+    Collection = 'datalens.collection',
+    Workbook = 'datalens.workbook',
+}

src/registry/common/entities/collection/collection.ts

@@ -5,6 +5,8 @@ import {CollectionConstructor, CollectionInstance} from './types';
 import {CollectionPermission, Permissions} from '../../../../entities/collection/types';
 import {US_ERRORS} from '../../../../const';
 import {ZitadelUserRole} from '../../../../types/zitadel';
+import {getMockedOperation} from '../utils';
+import Utils from '../../../../utils';
 
 export const Collection: CollectionConstructor = class Collection implements CollectionInstance {
     ctx: AppContext;
@@ -16,10 +18,13 @@ export const Collection: CollectionConstructor = class Collection implements Col
         this.model = model;
     }
 
-    private getAllPermissions() {
+    private isEditorOrAdmin() {
         const {zitadelUserRole: role} = this.ctx.get('info');
+        return role === ZitadelUserRole.Editor || role === ZitadelUserRole.Admin;
+    }
 
-        const isEditorOrAdmin = role === ZitadelUserRole.Editor || role === ZitadelUserRole.Admin;
+    private getAllPermissions() {
+        const isEditorOrAdmin = this.isEditorOrAdmin();
 
         const permissions = {
             listAccessBindings: true,
@@ -37,7 +42,17 @@ export const Collection: CollectionConstructor = class Collection implements Col
         return permissions;
     }
 
-    async register() {}
+    async register() {
+        const isEditorOrAdmin = this.isEditorOrAdmin();
+
+        if (!isEditorOrAdmin) {
+            throw new AppError(US_ERRORS.ACCESS_SERVICE_PERMISSION_DENIED, {
+                code: US_ERRORS.ACCESS_SERVICE_PERMISSION_DENIED,
+            });
+        }
+
+        return Promise.resolve(getMockedOperation(Utils.encodeId(this.model.collectionId)));
+    }
 
     async checkPermission(args: {
         parentIds: string[];

src/registry/common/entities/utils.ts

@@ -0,0 +1,18 @@
+export const getMockedOperation = (id: string) => {
+    const [seconds, nanoseconds] = process.hrtime();
+    return {
+        createdAt: {
+            nanos: nanoseconds,
+            seconds: seconds.toString(),
+        },
+        createdBy: '',
+        description: 'Datalens operation',
+        done: true,
+        id: id,
+        metadata: {},
+        modifiedAt: {
+            nanos: nanoseconds,
+            seconds: seconds.toString(),
+        },
+    };
+};

src/registry/common/entities/workbook/workbook.ts

@@ -5,6 +5,8 @@ import {WorkbookConstructor, WorkbookInstance} from './types';
 import {Permissions, WorkbookPermission} from '../../../../entities/workbook/types';
 import {US_ERRORS} from '../../../../const';
 import {ZitadelUserRole} from '../../../../types/zitadel';
+import {getMockedOperation} from '../utils';
+import Utils from '../../../../utils';
 
 export const Workbook: WorkbookConstructor<WorkbookInstance> = class Workbook
     implements WorkbookInstance
@@ -18,10 +20,13 @@ export const Workbook: WorkbookConstructor<WorkbookInstance> = class Workbook
         this.model = model;
     }
 
-    private getAllPermissions() {
+    private isEditorOrAdmin() {
         const {zitadelUserRole: role} = this.ctx.get('info');
+        return role === ZitadelUserRole.Editor || role === ZitadelUserRole.Admin;
+    }
 
-        const isEditorOrAdmin = role === ZitadelUserRole.Editor || role === ZitadelUserRole.Admin;
+    private getAllPermissions() {
+        const isEditorOrAdmin = this.isEditorOrAdmin();
 
         const permissions = {
             listAccessBindings: true,
@@ -39,8 +44,16 @@ export const Workbook: WorkbookConstructor<WorkbookInstance> = class Workbook
         return permissions;
     }
 
-    async register(_args: {parentIds: string[]}): Promise<unknown> {
-        return Promise.resolve();
+    async register() {
+        const isEditorOrAdmin = this.isEditorOrAdmin();
+
+        if (!isEditorOrAdmin) {
+            throw new AppError(US_ERRORS.ACCESS_SERVICE_PERMISSION_DENIED, {
+                code: US_ERRORS.ACCESS_SERVICE_PERMISSION_DENIED,
+            });
+        }
+
+        return Promise.resolve(getMockedOperation(Utils.encodeId(this.model.workbookId)));
     }
 
     async checkPermission(args: {

src/tests/int/auth.ts

@@ -0,0 +1,91 @@
+import request from 'supertest';
+import {
+    AUTHORIZATION_HEADER,
+    DL_AUTH_HEADER_KEY,
+    US_ERRORS,
+    US_MASTER_TOKEN_HEADER,
+} from '../../const';
+import {testUserId, testUserLogin} from './constants';
+import {OpensourceRole} from './roles';
+import usApp from '../..';
+import {ZitadelUserRole} from '../../types/zitadel';
+import {CollectionPermission} from '../../entities/collection/types';
+import {WorkbookPermission} from '../../entities/workbook/types';
+import {ResourceType} from '../../entities/types';
+
+export {US_ERRORS};
+
+export const app = usApp.express;
+export const appConfig = usApp.config;
+
+export const testTenantId = 'common';
+export const testProjectId = null;
+
+export const getCollectionBinding = (
+    collectionId: string,
+    permission: `${CollectionPermission}`,
+) => {
+    return {
+        id: collectionId,
+        type: ResourceType.Collection as const,
+        permission,
+    };
+};
+
+export const getWorkbookBinding = (workbookId: string, permission: `${WorkbookPermission}`) => {
+    return {
+        id: workbookId,
+        type: ResourceType.Workbook as const,
+        permission,
+    };
+};
+
+export type AccessBinding = ReturnType<typeof getCollectionBinding | typeof getWorkbookBinding>;
+
+export type AuthArgs = {
+    userId?: string;
+    login?: string;
+    role?: OpensourceRole;
+    accessBindings?: AccessBinding[];
+};
+
+export const auth = (req: request.Test, args: AuthArgs = {}) => {
+    const {
+        userId = testUserId,
+        login = testUserLogin,
+        role = OpensourceRole.Viewer,
+        accessBindings = [],
+    } = args;
+
+    let zitadelRole: ZitadelUserRole;
+
+    switch (role) {
+        case OpensourceRole.Admin:
+            zitadelRole = ZitadelUserRole.Admin;
+            break;
+        case OpensourceRole.Editor:
+            zitadelRole = ZitadelUserRole.Editor;
+            break;
+        default:
+            zitadelRole = ZitadelUserRole.Viewer;
+            break;
+    }
+
+    req.set(
+        AUTHORIZATION_HEADER,
+        `${DL_AUTH_HEADER_KEY} ${JSON.stringify({
+            userId,
+            login,
+            role: zitadelRole,
+            accessBindings,
+        })}`,
+    );
+
+    return req;
+};
+
+export const authMasterToken = (req: request.Test) => {
+    const token = process.env.MASTER_TOKEN ?? '';
+    req.set(US_MASTER_TOKEN_HEADER, token);
+    return req;
+};

src/tests/int/constants.ts

@@ -1,9 +1,9 @@
-export const systemId = 'systemId';
+export const systemUserId = 'systemId';
 export const systemLogin = 'system';
 
-export const testUserLogin = 'unknown';
+export const testUserId = 'test-user-id';
+export const testUserLogin = 'test-user-login';
 
-export const testTenantId = 'common';
-export const testProjectId = null;
+export const testOtherUserId = 'test-other-user-id';
 
 export const ZITADEL_USER_ROLE_HEADER = 'zitadel-user-role';