datalens-tech · imsitnikov · Sep 27, 2024 · Sep 26, 2024
diff --git a/dev/env/opensource/development.env b/dev/env/opensource/development.env
@@ -6,7 +6,7 @@ CONTROL_MASTER_TOKEN=development-control-master-token
 
 US_SURPRESS_DB_STATUS_LOGS=true
 
-ZITADEL=false
+ZITADEL=true
 
 ZITADEL_URI=http://localhost:8085
 

diff --git a/src/configs/common.ts b/src/configs/common.ts
@@ -34,7 +34,7 @@ export default {
 
     dlsEnabled: false,
     accessServiceEnabled: Utils.isTrueArg(Utils.getEnvVariable('ZITADEL')),
-    accessBindingsServiceEnabled: false,
+    accessBindingsServiceEnabled: Utils.isTrueArg(Utils.getEnvVariable('ZITADEL')),
 
     masterToken: Utils.getEnvTokenVariable('MASTER_TOKEN'),
 

diff --git a/src/registry/common/entities/collection/collection.ts b/src/registry/common/entities/collection/collection.ts
@@ -16,10 +16,13 @@ export const Collection: CollectionConstructor = class Collection implements Col
         this.model = model;
     }
 
-    private getAllPermissions() {
+    private isEditorOrAdmin() {
         const {zitadelUserRole: role} = this.ctx.get('info');
+        return role === ZitadelUserRole.Editor || role === ZitadelUserRole.Admin;
+    }
 
-        const isEditorOrAdmin = role === ZitadelUserRole.Editor || role === ZitadelUserRole.Admin;
+    private getAllPermissions() {
+        const isEditorOrAdmin = this.isEditorOrAdmin();
 
         const permissions = {
             listAccessBindings: true,
@@ -37,7 +40,17 @@ export const Collection: CollectionConstructor = class Collection implements Col
         return permissions;
     }
 
-    async register() {}
+    async register() {
+        const isEditorOrAdmin = this.isEditorOrAdmin();
+
+        if (!isEditorOrAdmin) {
+            throw new AppError(US_ERRORS.ACCESS_SERVICE_PERMISSION_DENIED, {
+                code: US_ERRORS.ACCESS_SERVICE_PERMISSION_DENIED,
+            });
+        }
+
+        return Promise.resolve();
+    }
 
     async checkPermission(args: {
         parentIds: string[];

diff --git a/src/registry/common/entities/workbook/workbook.ts b/src/registry/common/entities/workbook/workbook.ts
@@ -18,10 +18,13 @@ export const Workbook: WorkbookConstructor<WorkbookInstance> = class Workbook
         this.model = model;
     }
 
-    private getAllPermissions() {
+    private isEditorOrAdmin() {
         const {zitadelUserRole: role} = this.ctx.get('info');
+        return role === ZitadelUserRole.Editor || role === ZitadelUserRole.Admin;
+    }
 
-        const isEditorOrAdmin = role === ZitadelUserRole.Editor || role === ZitadelUserRole.Admin;
+    private getAllPermissions() {
+        const isEditorOrAdmin = this.isEditorOrAdmin();
 
         const permissions = {
             listAccessBindings: true,
@@ -39,7 +42,15 @@ export const Workbook: WorkbookConstructor<WorkbookInstance> = class Workbook
         return permissions;
     }
 
-    async register(_args: {parentIds: string[]}): Promise<unknown> {
+    async register() {
+        const isEditorOrAdmin = this.isEditorOrAdmin();
+
+        if (!isEditorOrAdmin) {
+            throw new AppError(US_ERRORS.ACCESS_SERVICE_PERMISSION_DENIED, {
+                code: US_ERRORS.ACCESS_SERVICE_PERMISSION_DENIED,
+            });
+        }
+
         return Promise.resolve();
     }