-
-
Notifications
You must be signed in to change notification settings - Fork 115
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
API: Enhance permissions to allow filtering by environments #260
Comments
/attempt |
Assigned the issue to you! |
Hey @rayaanoidPrime! Could you hold up to this for a day or two? I'm making a major refactor to the way secrets, variables and environments are organized. I would notify you once its done. |
Oh sure no worries |
Hey bro! @rayaanoidPrime v2.0.0 just got released! You can start working now. Do hit me up if you want help. |
Howdy @rayaanoidPrime, any updates yet? |
Hey @rajdip-b sorry for being unresponsive just been kinda busy last few months. I remember being done with it and I think only the tests are left to be written. Let me see if I can do a pr this afternoon. |
No rush bro! Just let us know when you can put up the PR. |
Hi! In light of the evolutions and additions that the code has undergone in the time after this issue was posted I have thought of a few changes to the initial solution format. (the core logic remains the same ). Let me know your thoughts
class CreateWorkspaceRole {
// ... other properties ...
@IsOptional()
@ValidateNested({ each: true })
@Type(() => ProjectEnvironments)
readonly projectEnvironments?: ProjectEnvironments[]
}
class ProjectEnvironments {
@IsString()
projectSlug: string
@IsArray()
@IsString({ each: true })
environmentSlugs: string[]
}
|
Yes! I believe that's what needs to be done. Thanks for the detailed writeup. |
@rayaanoidPrime hey bro long time no see. I'm unassigning this for now. Feel free to pick this up later on. |
/attempt |
Assigned the issue to @muntaxir4! |
Description
Right now, the roles that are created can have one or many projects associated with it. Associating projects mean that members who will have this role attached to them, will be able to perform the
authorities
inWorkspaceRole
entity [refer to prisma schema].We would like to have another layer of security in here. We would also like to introduce environment specific access, so that members can have access to only a specific set of environments in the project set by the admin.
Use case:
Consider that there's a project that has 3 environments - dev, stage and prod. It will be ideal to allow the developers access the
dev
andstage
environments (and the secrets and variables in it) while theprod
environment is only accessible by the DevOps team or such. This is where this feature will be helpfulSolution
ProjectWorkspaceRoleAssociation
entity to includeenvironments
- specifying the environments accessible by the member.Environment
on toProjectWorkspaceRoleAssociation
.getCollectiveEnvironmentAuthorities
. You can take the reference from anyget-collective-project-authorities.ts
. The purpose of this function would be this: given the userId, project, and environment, it would need to fetch all the authorities that the member has over this environment.AuthorityCheckerService#checkAuthorityOverEnvironment
to incorporate thegetCollectiveEnvironmentAuthorities
function and filter the roles.projectIds
to be a of typeMap<String, Array<String>>
. The association will be something like this: For every projectId, list of environmentIds that will be available to the role.WorkspaceRoleService
functions acordinglyworkspace-role
module.The text was updated successfully, but these errors were encountered: