Skip to content

Commit c265c07

Browse files
svenefftingesvenefftinge
committed
[server] relationship updates
1 parent 61f89f8 commit c265c07

18 files changed

+861
-306
lines changed

components/gitpod-protocol/src/protocol.ts

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -268,7 +268,8 @@ export interface AdditionalUserData extends Partial<WorkspaceTimeoutSetting> {
268268
// additional user profile data
269269
profile?: ProfileDetails;
270270
shouldSeeMigrationMessage?: boolean;
271-
271+
// fgaRelationshipsVersion is the version of the spicedb relationships
272+
fgaRelationshipsVersion?: number;
272273
// remembered workspace auto start options
273274
workspaceAutostartOptions?: WorkspaceAutostartOption[];
274275
}

components/gitpod-protocol/src/teams-projects-protocol.ts

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,10 @@ export interface Project {
4040
}
4141

4242
export namespace Project {
43+
export function is(data?: any): data is Project {
44+
return typeof data === "object" && ["id", "name", "cloneUrl", "teamId"].every((p) => p in data);
45+
}
46+
4347
export const create = (project: Omit<Project, "id" | "creationTime">): Project => {
4448
return {
4549
...project,

components/server/src/authorization/authorizer.ts

Lines changed: 101 additions & 212 deletions
Large diffs are not rendered by default.

components/server/src/authorization/definitions.ts

Lines changed: 268 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,10 @@
44
* See License.AGPL.txt in the project root for license information.
55
*/
66

7+
import { v1 } from "@authzed/authzed-node";
8+
79
export const InstallationID = "1";
10+
811
export type ResourceType = UserResourceType | InstallationResourceType | OrganizationResourceType | ProjectResourceType;
912

1013
export type Relation = UserRelation | InstallationRelation | OrganizationRelation | ProjectRelation;
@@ -15,7 +18,7 @@ export type UserResourceType = "user";
1518

1619
export type UserRelation = "self" | "container";
1720

18-
export type UserPermission = "read_info" | "write_info" | "suspend";
21+
export type UserPermission = "read_info" | "write_info" | "suspend" | "make_admin";
1922

2023
export type InstallationResourceType = "installation";
2124

@@ -50,3 +53,267 @@ export type ProjectResourceType = "project";
5053
export type ProjectRelation = "org" | "editor" | "viewer";
5154

5255
export type ProjectPermission = "read_info" | "write_info" | "delete";
56+
57+
export const rel = {
58+
user(id: string) {
59+
const result: Partial<v1.Relationship> = {
60+
resource: {
61+
objectType: "user",
62+
objectId: id,
63+
},
64+
};
65+
return {
66+
get self() {
67+
const result2 = {
68+
...result,
69+
relation: "self",
70+
};
71+
return {
72+
user(objectId: string) {
73+
return {
74+
...result2,
75+
subject: {
76+
object: {
77+
objectType: "user",
78+
objectId: objectId,
79+
},
80+
},
81+
} as v1.Relationship;
82+
},
83+
};
84+
},
85+
86+
get container() {
87+
const result2 = {
88+
...result,
89+
relation: "container",
90+
};
91+
return {
92+
organization(objectId: string) {
93+
return {
94+
...result2,
95+
subject: {
96+
object: {
97+
objectType: "organization",
98+
objectId: objectId,
99+
},
100+
},
101+
} as v1.Relationship;
102+
},
103+
get installation() {
104+
return {
105+
...result2,
106+
subject: {
107+
object: {
108+
objectType: "installation",
109+
objectId: "1",
110+
},
111+
},
112+
} as v1.Relationship;
113+
},
114+
};
115+
},
116+
};
117+
},
118+
119+
get installation() {
120+
const result: Partial<v1.Relationship> = {
121+
resource: {
122+
objectType: "installation",
123+
objectId: "1",
124+
},
125+
};
126+
return {
127+
get member() {
128+
const result2 = {
129+
...result,
130+
relation: "member",
131+
};
132+
return {
133+
user(objectId: string) {
134+
return {
135+
...result2,
136+
subject: {
137+
object: {
138+
objectType: "user",
139+
objectId: objectId,
140+
},
141+
},
142+
} as v1.Relationship;
143+
},
144+
};
145+
},
146+
147+
get admin() {
148+
const result2 = {
149+
...result,
150+
relation: "admin",
151+
};
152+
return {
153+
user(objectId: string) {
154+
return {
155+
...result2,
156+
subject: {
157+
object: {
158+
objectType: "user",
159+
objectId: objectId,
160+
},
161+
},
162+
} as v1.Relationship;
163+
},
164+
};
165+
},
166+
};
167+
},
168+
169+
organization(id: string) {
170+
const result: Partial<v1.Relationship> = {
171+
resource: {
172+
objectType: "organization",
173+
objectId: id,
174+
},
175+
};
176+
return {
177+
get installation() {
178+
const result2 = {
179+
...result,
180+
relation: "installation",
181+
};
182+
return {
183+
get installation() {
184+
return {
185+
...result2,
186+
subject: {
187+
object: {
188+
objectType: "installation",
189+
objectId: "1",
190+
},
191+
},
192+
} as v1.Relationship;
193+
},
194+
};
195+
},
196+
197+
get member() {
198+
const result2 = {
199+
...result,
200+
relation: "member",
201+
};
202+
return {
203+
user(objectId: string) {
204+
return {
205+
...result2,
206+
subject: {
207+
object: {
208+
objectType: "user",
209+
objectId: objectId,
210+
},
211+
},
212+
} as v1.Relationship;
213+
},
214+
};
215+
},
216+
217+
get owner() {
218+
const result2 = {
219+
...result,
220+
relation: "owner",
221+
};
222+
return {
223+
user(objectId: string) {
224+
return {
225+
...result2,
226+
subject: {
227+
object: {
228+
objectType: "user",
229+
objectId: objectId,
230+
},
231+
},
232+
} as v1.Relationship;
233+
},
234+
};
235+
},
236+
};
237+
},
238+
239+
project(id: string) {
240+
const result: Partial<v1.Relationship> = {
241+
resource: {
242+
objectType: "project",
243+
objectId: id,
244+
},
245+
};
246+
return {
247+
get org() {
248+
const result2 = {
249+
...result,
250+
relation: "org",
251+
};
252+
return {
253+
organization(objectId: string) {
254+
return {
255+
...result2,
256+
subject: {
257+
object: {
258+
objectType: "organization",
259+
objectId: objectId,
260+
},
261+
},
262+
} as v1.Relationship;
263+
},
264+
};
265+
},
266+
267+
get editor() {
268+
const result2 = {
269+
...result,
270+
relation: "editor",
271+
};
272+
return {
273+
user(objectId: string) {
274+
return {
275+
...result2,
276+
subject: {
277+
object: {
278+
objectType: "user",
279+
objectId: objectId,
280+
},
281+
},
282+
} as v1.Relationship;
283+
},
284+
};
285+
},
286+
287+
get viewer() {
288+
const result2 = {
289+
...result,
290+
relation: "viewer",
291+
};
292+
return {
293+
user(objectId: string) {
294+
return {
295+
...result2,
296+
subject: {
297+
object: {
298+
objectType: "user",
299+
objectId: objectId,
300+
},
301+
},
302+
} as v1.Relationship;
303+
},
304+
organization(objectId: string) {
305+
return {
306+
...result2,
307+
subject: {
308+
object: {
309+
objectType: "organization",
310+
objectId: objectId,
311+
},
312+
},
313+
} as v1.Relationship;
314+
},
315+
};
316+
},
317+
};
318+
},
319+
};

0 commit comments

Comments
 (0)