[server] WorkspaceService.getWorkspaces

Author: geropl

components/server/src/workspace/gitpod-server-impl.ts

@@ -1078,22 +1078,13 @@ export class GitpodServerImpl implements GitpodServerWithTracing, Disposable {
 
         const user = await this.checkUser("getWorkspaces");
 
-        const res = await this.workspaceDb.trace(ctx).find({
-            limit: 20,
-            ...options,
-            userId: user.id,
-            includeHeadless: false,
+        return this.workspaceService.getWorkspaces(user.id, options, async (workspace, instance) => {
+            if (instance) {
+                return this.guardAccess({ kind: "workspaceInstance", subject: instance, workspace: workspace }, "get");
+            } else {
+                return this.guardAccess({ kind: "workspace", subject: workspace }, "get");
+            }
         });
-        await Promise.all(res.map((ws) => this.guardAccess({ kind: "workspace", subject: ws.workspace }, "get")));
-        await Promise.all(
-            res.map((ws) =>
-                this.guardAccess(
-                    { kind: "workspaceInstance", subject: ws.latestInstance, workspace: ws.workspace },
-                    "get",
-                ),
-            ),
-        );
-        return res;
     }
 
     public async isWorkspaceOwner(ctx: TraceContext, workspaceId: string): Promise<boolean> {

components/server/src/workspace/workspace-service.spec.db.ts

@@ -233,6 +233,36 @@ describe("WorkspaceService", async () => {
         expect(strangerWs?.id, "stranger has access to shared workspace").to.equal(ws.id);
     });
 
+    it("should getWorkspaces", async () => {
+        const svc = container.get(WorkspaceService);
+        await createTestWorkspace(svc, org, owner, project);
+
+        const ownerResult = await svc.getWorkspaces(owner.id, {});
+        expect(ownerResult).to.have.lengthOf(1);
+
+        const memberResult = await svc.getWorkspaces(member.id, {});
+        expect(memberResult).to.have.lengthOf(0);
+
+        const strangerResult = await svc.getWorkspaces(stranger.id, {});
+        expect(strangerResult).to.have.lengthOf(0);
+    });
+
+    it("should getWorkspaces - shared", async () => {
+        const svc = container.get(WorkspaceService);
+        const ws = await createTestWorkspace(svc, org, owner, project);
+
+        await svc.controlAdmission(owner.id, ws.id, "everyone");
+
+        const ownerResult = await svc.getWorkspaces(owner.id, {});
+        expect(ownerResult).to.have.lengthOf(1);
+
+        const memberResult = await svc.getWorkspaces(member.id, {});
+        expect(memberResult).to.have.lengthOf(1);
+
+        const strangerResult = await svc.getWorkspaces(stranger.id, {});
+        expect(strangerResult).to.have.lengthOf(1);
+    });
+
     it("should getOwnerToken", async () => {
         const svc = container.get(WorkspaceService);
         const ws = await createTestWorkspace(svc, org, owner, project);

components/server/src/workspace/workspace-service.ts

@@ -140,6 +140,26 @@ export class WorkspaceService {
         };
     }
 
+    async getWorkspaces(
+        userId: string,
+        options: GitpodServer.GetWorkspacesOptions,
+        check: (workspace: Workspace, instance?: WorkspaceInstance) => Promise<void> = async () => {},
+    ): Promise<WorkspaceInfo[]> {
+        const res = await this.db.find({
+            limit: 20,
+            ...options,
+            userId,
+            includeHeadless: false,
+        });
+        await Promise.all(
+            res.map(async (info) => {
+                await this.auth.checkPermissionOnWorkspace(userId, "access", info.workspace.id);
+                await check(info.workspace, info.latestInstance);
+            }),
+        );
+        return res;
+    }
+
     async getCurrentInstance(userId: string, workspaceId: string): Promise<WorkspaceInstance> {
         await this.auth.checkPermissionOnWorkspace(userId, "access", workspaceId);
         const result = await this.db.findCurrentInstance(workspaceId);