mirror of
https://github.com/umami-software/umami.git
synced 2026-02-08 14:47:14 +01:00
Update api for new teams.
This commit is contained in:
Brian Cao
parent
f319ce7915
commit
80883b5ff1
6 changed files with 122 additions and 109 deletions
|
|
@ -1,13 +1,13 @@
|
|||
import { Report } from '@prisma/client';
|
||||
import debug from 'debug';
|
||||
import redis from '@umami/redis-client';
|
||||
import { PERMISSIONS, ROLE_PERMISSIONS, ROLES, SHARE_TOKEN_HEADER } from 'lib/constants';
|
||||
import debug from 'debug';
|
||||
import { PERMISSIONS, ROLE_PERMISSIONS, SHARE_TOKEN_HEADER } from 'lib/constants';
|
||||
import { secret } from 'lib/crypto';
|
||||
import { NextApiRequest } from 'next';
|
||||
import { createSecureToken, ensureArray, getRandomChars, parseToken } from 'next-basics';
|
||||
import { getTeamUser, getWebsiteById } from 'queries';
|
||||
import { getTeamUser } from 'queries';
|
||||
import { loadWebsite } from './load';
|
||||
import { Auth } from './types';
|
||||
import { NextApiRequest } from 'next';
|
||||
|
||||
const log = debug('umami:auth');
|
||||
const cloudMode = process.env.CLOUD_MODE;
|
||||
|
|
@ -52,9 +52,17 @@ export async function canViewWebsite({ user, shareToken }: Auth, websiteId: stri
|
|||
|
||||
const website = await loadWebsite(websiteId);
|
||||
|
||||
if (user.id === website?.userId) {
|
||||
return true;
|
||||
if (website.userId) {
|
||||
return user.id === website.userId;
|
||||
}
|
||||
|
||||
if (website.teamId) {
|
||||
const teamUser = await getTeamUser(website.teamId, user.id);
|
||||
|
||||
return !!teamUser;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
export async function canViewAllWebsites({ user }: Auth) {
|
||||
|
|
@ -80,7 +88,17 @@ export async function canUpdateWebsite({ user }: Auth, websiteId: string) {
|
|||
|
||||
const website = await loadWebsite(websiteId);
|
||||
|
||||
return user.id === website?.userId;
|
||||
if (website.userId) {
|
||||
return user.id === website.userId;
|
||||
}
|
||||
|
||||
if (website.teamId) {
|
||||
const teamUser = await getTeamUser(website.teamId, user.id);
|
||||
|
||||
return teamUser && hasPermission(teamUser.role, PERMISSIONS.websiteUpdate);
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
export async function canDeleteWebsite({ user }: Auth, websiteId: string) {
|
||||
|
|
@ -90,7 +108,17 @@ export async function canDeleteWebsite({ user }: Auth, websiteId: string) {
|
|||
|
||||
const website = await loadWebsite(websiteId);
|
||||
|
||||
return user.id === website?.userId;
|
||||
if (website.userId) {
|
||||
return user.id === website.userId;
|
||||
}
|
||||
|
||||
if (website.teamId) {
|
||||
const teamUser = await getTeamUser(website.teamId, user.id);
|
||||
|
||||
return teamUser && hasPermission(teamUser.role, PERMISSIONS.websiteDelete);
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
export async function canViewReport(auth: Auth, report: Report) {
|
||||
|
|
@ -137,7 +165,11 @@ export async function canViewTeam({ user }: Auth, teamId: string) {
|
|||
return getTeamUser(teamId, user.id);
|
||||
}
|
||||
|
||||
export async function canUpdateTeam({ user }: Auth, teamId: string) {
|
||||
export async function canUpdateTeam({ user, grant }: Auth, teamId: string) {
|
||||
if (cloudMode) {
|
||||
return !!grant?.find(a => a === PERMISSIONS.teamUpdate);
|
||||
}
|
||||
|
||||
if (user.isAdmin) {
|
||||
return true;
|
||||
}
|
||||
|
|
@ -147,6 +179,14 @@ export async function canUpdateTeam({ user }: Auth, teamId: string) {
|
|||
return teamUser && hasPermission(teamUser.role, PERMISSIONS.teamUpdate);
|
||||
}
|
||||
|
||||
export async function canAddUserToTeam({ user, grant }: Auth) {
|
||||
if (cloudMode) {
|
||||
return !!grant?.find(a => a === PERMISSIONS.teamUpdate);
|
||||
}
|
||||
|
||||
return user.isAdmin;
|
||||
}
|
||||
|
||||
export async function canDeleteTeam({ user }: Auth, teamId: string) {
|
||||
if (user.isAdmin) {
|
||||
return true;
|
||||
|
|
@ -171,20 +211,14 @@ export async function canDeleteTeamUser({ user }: Auth, teamId: string, removeUs
|
|||
return teamUser && hasPermission(teamUser.role, PERMISSIONS.teamUpdate);
|
||||
}
|
||||
|
||||
export async function canDeleteTeamWebsite({ user }: Auth, teamId: string, websiteId: string) {
|
||||
export async function canCreateTeamWebsite({ user }: Auth, teamId: string) {
|
||||
if (user.isAdmin) {
|
||||
return true;
|
||||
}
|
||||
|
||||
const teamWebsite = await getWebsiteById(websiteId);
|
||||
const teamUser = await getTeamUser(teamId, user.id);
|
||||
|
||||
if (teamWebsite && teamWebsite.teamId === teamId) {
|
||||
const teamUser = await getTeamUser(teamId, user.id);
|
||||
|
||||
return teamUser.role === ROLES.teamOwner || teamUser.role === ROLES.teamMember;
|
||||
}
|
||||
|
||||
return false;
|
||||
return teamUser && hasPermission(teamUser.role, PERMISSIONS.websiteCreate);
|
||||
}
|
||||
|
||||
export async function canCreateUser({ user }: Auth) {
|
||||
|
|
|
|||
|
|
@ -147,8 +147,19 @@ export const ROLE_PERMISSIONS = {
|
|||
PERMISSIONS.teamCreate,
|
||||
],
|
||||
[ROLES.viewOnly]: [],
|
||||
[ROLES.teamOwner]: [PERMISSIONS.teamUpdate, PERMISSIONS.teamDelete],
|
||||
[ROLES.teamMember]: [],
|
||||
[ROLES.teamOwner]: [
|
||||
PERMISSIONS.teamUpdate,
|
||||
PERMISSIONS.teamDelete,
|
||||
PERMISSIONS.websiteCreate,
|
||||
PERMISSIONS.websiteUpdate,
|
||||
PERMISSIONS.websiteDelete,
|
||||
],
|
||||
[ROLES.teamMember]: [
|
||||
PERMISSIONS.websiteCreate,
|
||||
PERMISSIONS.websiteUpdate,
|
||||
PERMISSIONS.websiteDelete,
|
||||
],
|
||||
[ROLES.teamGuest]: [],
|
||||
} as const;
|
||||
|
||||
export const THEME_COLORS = {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue