Skip to content

Commit

Permalink
[server] relationship updates (#18369)
Browse files Browse the repository at this point in the history
  • Loading branch information
svenefftinge authored Jul 28, 2023
1 parent 62e58b1 commit 8b4fbb4
Show file tree
Hide file tree
Showing 18 changed files with 864 additions and 307 deletions.
3 changes: 2 additions & 1 deletion components/gitpod-protocol/src/protocol.ts
Original file line number Diff line number Diff line change
Expand Up @@ -268,7 +268,8 @@ export interface AdditionalUserData extends Partial<WorkspaceTimeoutSetting> {
// additional user profile data
profile?: ProfileDetails;
shouldSeeMigrationMessage?: boolean;

// fgaRelationshipsVersion is the version of the spicedb relationships
fgaRelationshipsVersion?: number;
// remembered workspace auto start options
workspaceAutostartOptions?: WorkspaceAutostartOption[];
}
Expand Down
4 changes: 4 additions & 0 deletions components/gitpod-protocol/src/teams-projects-protocol.ts
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,10 @@ export interface Project {
}

export namespace Project {
export function is(data?: any): data is Project {
return typeof data === "object" && ["id", "name", "cloneUrl", "teamId"].every((p) => p in data);
}

export const create = (project: Omit<Project, "id" | "creationTime">): Project => {
return {
...project,
Expand Down
313 changes: 101 additions & 212 deletions components/server/src/authorization/authorizer.ts

Large diffs are not rendered by default.

273 changes: 271 additions & 2 deletions components/server/src/authorization/definitions.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,12 @@
* See License.AGPL.txt in the project root for license information.
*/

export const InstallationID = "1";
// This file is generated by the spicedb/codegen/codegen.go. Do not edit manually.

import { v1 } from "@authzed/authzed-node";

const InstallationID = "1";

export type ResourceType = UserResourceType | InstallationResourceType | OrganizationResourceType | ProjectResourceType;

export type Relation = UserRelation | InstallationRelation | OrganizationRelation | ProjectRelation;
Expand All @@ -15,7 +20,7 @@ export type UserResourceType = "user";

export type UserRelation = "self" | "container";

export type UserPermission = "read_info" | "write_info" | "suspend";
export type UserPermission = "read_info" | "write_info" | "suspend" | "make_admin";

export type InstallationResourceType = "installation";

Expand Down Expand Up @@ -50,3 +55,267 @@ export type ProjectResourceType = "project";
export type ProjectRelation = "org" | "editor" | "viewer";

export type ProjectPermission = "read_info" | "write_info" | "delete";

export const rel = {
user(id: string) {
const result: Partial<v1.Relationship> = {
resource: {
objectType: "user",
objectId: id,
},
};
return {
get self() {
const result2 = {
...result,
relation: "self",
};
return {
user(objectId: string) {
return {
...result2,
subject: {
object: {
objectType: "user",
objectId: objectId,
},
},
} as v1.Relationship;
},
};
},

get container() {
const result2 = {
...result,
relation: "container",
};
return {
organization(objectId: string) {
return {
...result2,
subject: {
object: {
objectType: "organization",
objectId: objectId,
},
},
} as v1.Relationship;
},
get installation() {
return {
...result2,
subject: {
object: {
objectType: "installation",
objectId: InstallationID,
},
},
} as v1.Relationship;
},
};
},
};
},

get installation() {
const result: Partial<v1.Relationship> = {
resource: {
objectType: "installation",
objectId: InstallationID,
},
};
return {
get member() {
const result2 = {
...result,
relation: "member",
};
return {
user(objectId: string) {
return {
...result2,
subject: {
object: {
objectType: "user",
objectId: objectId,
},
},
} as v1.Relationship;
},
};
},

get admin() {
const result2 = {
...result,
relation: "admin",
};
return {
user(objectId: string) {
return {
...result2,
subject: {
object: {
objectType: "user",
objectId: objectId,
},
},
} as v1.Relationship;
},
};
},
};
},

organization(id: string) {
const result: Partial<v1.Relationship> = {
resource: {
objectType: "organization",
objectId: id,
},
};
return {
get installation() {
const result2 = {
...result,
relation: "installation",
};
return {
get installation() {
return {
...result2,
subject: {
object: {
objectType: "installation",
objectId: InstallationID,
},
},
} as v1.Relationship;
},
};
},

get member() {
const result2 = {
...result,
relation: "member",
};
return {
user(objectId: string) {
return {
...result2,
subject: {
object: {
objectType: "user",
objectId: objectId,
},
},
} as v1.Relationship;
},
};
},

get owner() {
const result2 = {
...result,
relation: "owner",
};
return {
user(objectId: string) {
return {
...result2,
subject: {
object: {
objectType: "user",
objectId: objectId,
},
},
} as v1.Relationship;
},
};
},
};
},

project(id: string) {
const result: Partial<v1.Relationship> = {
resource: {
objectType: "project",
objectId: id,
},
};
return {
get org() {
const result2 = {
...result,
relation: "org",
};
return {
organization(objectId: string) {
return {
...result2,
subject: {
object: {
objectType: "organization",
objectId: objectId,
},
},
} as v1.Relationship;
},
};
},

get editor() {
const result2 = {
...result,
relation: "editor",
};
return {
user(objectId: string) {
return {
...result2,
subject: {
object: {
objectType: "user",
objectId: objectId,
},
},
} as v1.Relationship;
},
};
},

get viewer() {
const result2 = {
...result,
relation: "viewer",
};
return {
user(objectId: string) {
return {
...result2,
subject: {
object: {
objectType: "user",
objectId: objectId,
},
},
} as v1.Relationship;
},
organization(objectId: string) {
return {
...result2,
subject: {
object: {
objectType: "organization",
objectId: objectId,
},
},
} as v1.Relationship;
},
};
},
};
},
};
Loading

0 comments on commit 8b4fbb4

Please sign in to comment.