fix: Refactor rbac

ctrlplanedev · Nov 14, 2024 · 67768b8 · 67768b8
1 parent 71598b8
commit 67768b8
Show file tree

Hide file tree

Showing 11 changed files with 61 additions and 58 deletions.
diff --git a/apps/webservice/src/app/api/v1/target-providers/[providerId]/set/route.ts b/apps/webservice/src/app/api/v1/target-providers/[providerId]/set/route.ts
@@ -47,7 +47,7 @@ export const PATCH = request()
   .use(
     authz(({ can, extra }) =>
       can
-        .perform(Permission.TargetUpdate)
+        .perform(Permission.ResourceUpdate)
         .on({ type: "resourceProvider", id: extra.params.providerId }),
     ),
   )

diff --git a/apps/webservice/src/app/api/v1/targets/[targetId]/route.ts b/apps/webservice/src/app/api/v1/targets/[targetId]/route.ts
@@ -16,7 +16,7 @@ export const GET = request()
   .use(
     authz(({ can, extra }) => {
       return can
-        .perform(Permission.TargetGet)
+        .perform(Permission.ResourceGet)
         .on({ type: "resource", id: extra.params.targetId });
     }),
   )
@@ -64,7 +64,7 @@ export const PATCH = request()
   .use(
     authz(({ can, extra }) =>
       can
-        .perform(Permission.TargetUpdate)
+        .perform(Permission.ResourceUpdate)
         .on({ type: "resource", id: extra.params.targetId }),
     ),
   )
@@ -90,7 +90,7 @@ export const DELETE = request()
   .use(
     authz(({ can, extra }) =>
       can
-        .perform(Permission.TargetDelete)
+        .perform(Permission.ResourceDelete)
         .on({ type: "resource", id: extra.params.targetId }),
     ),
   )

diff --git a/apps/webservice/src/app/api/v1/targets/route.ts b/apps/webservice/src/app/api/v1/targets/route.ts
@@ -43,7 +43,7 @@ export const POST = request()
   .use(
     authz(({ can, ctx }) =>
       can
-        .perform(Permission.TargetUpdate)
+        .perform(Permission.ResourceUpdate)
         .on({ type: "workspace", id: ctx.body.workspaceId }),
     ),
   )

diff --git a/.../webservice/src/app/api/v1/workspaces/[workspaceId]/target-providers/name/[name]/route.ts b/.../webservice/src/app/api/v1/workspaces/[workspaceId]/target-providers/name/[name]/route.ts
@@ -29,7 +29,7 @@ export const GET = async (
   const canAccess = await checkEntityPermissionForResource(
     { type: "user", id: user.id },
     { type: "workspace", id: ws.id },
-    [Permission.TargetGet],
+    [Permission.ResourceGet],
   );
   if (!canAccess)
     return NextResponse.json({ error: "Permission denied" }, { status: 403 });

diff --git a/...bservice/src/app/api/v1/workspaces/[workspaceId]/targets/identifier/[identifier]/route.ts b/...bservice/src/app/api/v1/workspaces/[workspaceId]/targets/identifier/[identifier]/route.ts
@@ -23,7 +23,7 @@ export const GET = request()
 
       if (target == null) return false;
       return can
-        .perform(Permission.TargetGet)
+        .perform(Permission.ResourceGet)
         .on({ type: "resource", id: target.id });
     }),
   )
@@ -71,7 +71,7 @@ export const DELETE = request()
 
       if (target == null) return false;
       return can
-        .perform(Permission.TargetDelete)
+        .perform(Permission.ResourceDelete)
         .on({ type: "resource", id: target.id });
     }),
   )

diff --git a/packages/api/src/router/release-deploy.ts b/packages/api/src/router/release-deploy.ts
@@ -105,7 +105,7 @@ export const releaseDeployRouter = createTRPCRouter({
     .meta({
       authorizationCheck: ({ canUser, input }) =>
         canUser
-          .perform(Permission.ReleaseGet, Permission.TargetUpdate)
+          .perform(Permission.ReleaseGet, Permission.ResourceUpdate)
           .on(
             { type: "release", id: input.releaseId },
             { type: "resource", id: input.targetId },

diff --git a/packages/api/src/router/target-metadata-group.ts b/packages/api/src/router/target-metadata-group.ts
@@ -27,7 +27,7 @@ export const targetMetadataGroupRouter = createTRPCRouter({
     .meta({
       authorizationCheck: ({ canUser, input }) =>
         canUser
-          .perform(Permission.TargetMetadataGroupList)
+          .perform(Permission.ResourceMetadataGroupList)
           .on({ type: "workspace", id: input }),
     })
     .input(z.string().uuid())
@@ -122,7 +122,7 @@ export const targetMetadataGroupRouter = createTRPCRouter({
     .meta({
       authorizationCheck: ({ canUser, input }) =>
         canUser
-          .perform(Permission.TargetMetadataGroupGet)
+          .perform(Permission.ResourceMetadataGroupGet)
           .on({ type: "resourceMetadataGroup", id: input }),
     })
     .input(z.string().uuid())
@@ -202,7 +202,7 @@ export const targetMetadataGroupRouter = createTRPCRouter({
     .meta({
       authorizationCheck: ({ canUser, input }) =>
         canUser
-          .perform(Permission.TargetMetadataGroupCreate)
+          .perform(Permission.ResourceMetadataGroupCreate)
           .on({ type: "workspace", id: input.workspaceId }),
     })
     .input(createResourceMetadataGroup)
@@ -218,7 +218,7 @@ export const targetMetadataGroupRouter = createTRPCRouter({
     .meta({
       authorizationCheck: ({ canUser, input }) =>
         canUser
-          .perform(Permission.TargetMetadataGroupUpdate)
+          .perform(Permission.ResourceMetadataGroupUpdate)
           .on({ type: "resourceMetadataGroup", id: input.id }),
     })
     .input(
@@ -240,7 +240,7 @@ export const targetMetadataGroupRouter = createTRPCRouter({
     .meta({
       authorizationCheck: ({ canUser, input }) =>
         canUser
-          .perform(Permission.TargetMetadataGroupDelete)
+          .perform(Permission.ResourceMetadataGroupDelete)
           .on({ type: "resourceMetadataGroup", id: input }),
     })
     .input(z.string().uuid())

diff --git a/packages/api/src/router/target-provider.ts b/packages/api/src/router/target-provider.ts
@@ -20,7 +20,7 @@ export const targetProviderRouter = createTRPCRouter({
     .meta({
       authorizationCheck: ({ canUser, input }) =>
         canUser
-          .perform(Permission.TargetList)
+          .perform(Permission.ResourceList)
           .on({ type: "workspace", id: input }),
     })
     .input(z.string().uuid())
@@ -84,7 +84,7 @@ export const targetProviderRouter = createTRPCRouter({
     .meta({
       authorizationCheck: ({ canUser, input }) =>
         canUser
-          .perform(Permission.TargetList)
+          .perform(Permission.ResourceList)
           .on({ type: "resourceProvider", id: input }),
     })
     .input(z.string().uuid())
@@ -101,7 +101,7 @@ export const targetProviderRouter = createTRPCRouter({
       .meta({
         authorizationCheck: ({ canUser, input }) =>
           canUser
-            .perform(Permission.TargetProviderUpdate)
+            .perform(Permission.ResourceProviderUpdate)
             .on({ type: "resourceProvider", id: input }),
       })
       .input(z.string().uuid())
@@ -114,7 +114,10 @@ export const targetProviderRouter = createTRPCRouter({
         .meta({
           authorizationCheck: ({ canUser, input }) =>
             canUser
-              .perform(Permission.TargetCreate, Permission.TargetProviderUpdate)
+              .perform(
+                Permission.ResourceCreate,
+                Permission.ResourceProviderUpdate,
+              )
               .on({ type: "workspace", id: input.workspaceId }),
         })
         .input(
@@ -208,7 +211,7 @@ export const targetProviderRouter = createTRPCRouter({
     .meta({
       authorizationCheck: ({ canUser, input }) =>
         canUser
-          .perform(Permission.TargetDelete)
+          .perform(Permission.ResourceDelete)
           .on({ type: "resourceProvider", id: input.providerId }),
     })
     .input(

diff --git a/packages/api/src/router/target.ts b/packages/api/src/router/target.ts
@@ -105,7 +105,7 @@ const targetViews = createTRPCRouter({
     .meta({
       authorizationCheck: ({ canUser, input }) =>
         canUser
-          .perform(Permission.TargetViewCreate)
+          .perform(Permission.ResourceViewCreate)
           .on({ type: "workspace", id: input.workspaceId }),
     })
     .input(schema.createResourceView)
@@ -121,7 +121,7 @@ const targetViews = createTRPCRouter({
     .meta({
       authorizationCheck: ({ canUser, input }) =>
         canUser
-          .perform(Permission.TargetViewUpdate)
+          .perform(Permission.ResourceViewUpdate)
           .on({ type: "resourceView", id: input.id }),
     })
     .input(z.object({ id: z.string().uuid(), data: schema.updateResourceView }))
@@ -138,7 +138,7 @@ const targetViews = createTRPCRouter({
     .meta({
       authorizationCheck: ({ canUser, input }) =>
         canUser
-          .perform(Permission.TargetViewDelete)
+          .perform(Permission.ResourceViewDelete)
           .on({ type: "resourceView", id: input }),
     })
     .input(z.string().uuid())
@@ -152,7 +152,7 @@ const targetViews = createTRPCRouter({
     .meta({
       authorizationCheck: ({ canUser, input }) =>
         canUser
-          .perform(Permission.TargetViewGet)
+          .perform(Permission.ResourceViewGet)
           .on({ type: "resourceView", id: input }),
     })
     .input(z.string().uuid())
@@ -168,7 +168,7 @@ const targetViews = createTRPCRouter({
     .meta({
       authorizationCheck: ({ canUser, input }) =>
         canUser
-          .perform(Permission.TargetViewList)
+          .perform(Permission.ResourceViewList)
           .on({ type: "workspace", id: input }),
     })
     .input(z.string().uuid())
@@ -203,7 +203,7 @@ const targetVariables = createTRPCRouter({
     .meta({
       authorizationCheck: ({ canUser, input }) =>
         canUser
-          .perform(Permission.TargetUpdate)
+          .perform(Permission.ResourceUpdate)
           .on({ type: "resource", id: input.targetId }),
     })
     .mutation(async ({ ctx, input }) => {
@@ -229,7 +229,7 @@ const targetVariables = createTRPCRouter({
         if (!variable) return false;
 
         return canUser
-          .perform(Permission.TargetUpdate)
+          .perform(Permission.ResourceUpdate)
           .on({ type: "resource", id: variable.resourceId });
       },
     })
@@ -259,7 +259,7 @@ const targetVariables = createTRPCRouter({
         if (!variable) return false;
 
         return canUser
-          .perform(Permission.TargetUpdate)
+          .perform(Permission.ResourceUpdate)
           .on({ type: "resource", id: variable.resourceId });
       },
     })
@@ -314,7 +314,7 @@ export const targetRouter = createTRPCRouter({
     .meta({
       authorizationCheck: ({ canUser, input }) =>
         canUser
-          .perform(Permission.TargetGet)
+          .perform(Permission.ResourceGet)
           .on({ type: "resource", id: input }),
     })
     .input(z.string().uuid())
@@ -337,7 +337,7 @@ export const targetRouter = createTRPCRouter({
       .meta({
         authorizationCheck: ({ canUser, input }) =>
           canUser
-            .perform(Permission.TargetList)
+            .perform(Permission.ResourceList)
             .on({ type: "workspace", id: input.workspaceId }),
       })
       .input(
@@ -390,7 +390,7 @@ export const targetRouter = createTRPCRouter({
     .meta({
       authorizationCheck: ({ canUser, input }) =>
         canUser
-          .perform(Permission.TargetCreate)
+          .perform(Permission.ResourceCreate)
           .on({ type: "workspace", id: input.workspaceId }),
     })
     .input(
@@ -420,7 +420,7 @@ export const targetRouter = createTRPCRouter({
     .meta({
       authorizationCheck: ({ canUser, input }) =>
         canUser
-          .perform(Permission.TargetUpdate)
+          .perform(Permission.ResourceUpdate)
           .on({ type: "resource", id: input.id }),
     })
     .input(
@@ -481,7 +481,7 @@ export const targetRouter = createTRPCRouter({
   delete: protectedProcedure
     .meta({
       authorizationCheck: ({ canUser, input }) =>
-        canUser.perform(Permission.TargetDelete).on(
+        canUser.perform(Permission.ResourceDelete).on(
           ...(input as string[]).map((t) => ({
             type: "resource" as const,
             id: t,
@@ -508,7 +508,7 @@ export const targetRouter = createTRPCRouter({
     .meta({
       authorizationCheck: ({ canUser, input }) =>
         canUser
-          .perform(Permission.TargetList)
+          .perform(Permission.ResourceList)
           .on({ type: "workspace", id: input }),
     })
     .input(z.string())
@@ -528,7 +528,7 @@ export const targetRouter = createTRPCRouter({
     .meta({
       authorizationCheck: ({ canUser, input }) =>
         canUser
-          .perform(Permission.TargetUpdate)
+          .perform(Permission.ResourceUpdate)
           .on({ type: "resource", id: input }),
     })
     .input(z.string().uuid())
@@ -545,7 +545,7 @@ export const targetRouter = createTRPCRouter({
     .meta({
       authorizationCheck: ({ canUser, input }) =>
         canUser
-          .perform(Permission.TargetUpdate)
+          .perform(Permission.ResourceUpdate)
           .on({ type: "resource", id: input }),
     })
     .input(z.string().uuid())
@@ -563,7 +563,7 @@ export const targetRouter = createTRPCRouter({
     .meta({
       authorizationCheck: ({ canUser, input }) =>
         canUser
-          .perform(Permission.TargetUpdate)
+          .perform(Permission.ResourceUpdate)
           .on({ type: "resource", id: input }),
     })
     .mutation(({ ctx, input }) =>

diff --git a/packages/api/src/router/workspace.ts b/packages/api/src/router/workspace.ts
@@ -217,7 +217,7 @@ export const workspaceRouter = createTRPCRouter({
     .meta({
       authorizationCheck: ({ canUser, input }) =>
         canUser
-          .perform(Permission.TargetList)
+          .perform(Permission.ResourceList)
           .on({ type: "workspace", id: input }),
     })
     .input(z.string().uuid())

diff --git a/packages/validators/src/auth/index.ts b/packages/validators/src/auth/index.ts
@@ -42,27 +42,27 @@ export enum Permission {
   SystemList = "system.list",
   SystemDelete = "system.delete",
 
-  TargetCreate = "target.create",
-  TargetList = "target.list",
-  TargetGet = "target.get",
-  TargetUpdate = "target.update",
-  TargetDelete = "target.delete",
-
-  TargetProviderGet = "targetProvider.get",
-  TargetProviderDelete = "targetProvider.delete",
-  TargetProviderUpdate = "targetProvider.update",
-
-  TargetViewCreate = "targetView.create",
-  TargetViewList = "targetView.list",
-  TargetViewGet = "targetView.get",
-  TargetViewUpdate = "targetView.update",
-  TargetViewDelete = "targetView.delete",
-
-  TargetMetadataGroupList = "targetMetadataGroup.list",
-  TargetMetadataGroupGet = "targetMetadataGroup.get",
-  TargetMetadataGroupCreate = "targetMetadataGroup.create",
-  TargetMetadataGroupUpdate = "targetMetadataGroup.update",
-  TargetMetadataGroupDelete = "targetMetadataGroup.delete",
+  ResourceCreate = "resource.create",
+  ResourceList = "resource.list",
+  ResourceGet = "resource.get",
+  ResourceUpdate = "resource.update",
+  ResourceDelete = "resource.delete",
+
+  ResourceProviderGet = "resourceProvider.get",
+  ResourceProviderDelete = "resourceProvider.delete",
+  ResourceProviderUpdate = "resourceProvider.update",
+
+  ResourceViewCreate = "resourceView.create",
+  ResourceViewList = "resourceView.list",
+  ResourceViewGet = "resourceView.get",
+  ResourceViewUpdate = "resourceView.update",
+  ResourceViewDelete = "resourceView.delete",
+
+  ResourceMetadataGroupList = "resourceMetadataGroup.list",
+  ResourceMetadataGroupGet = "resourceMetadataGroup.get",
+  ResourceMetadataGroupCreate = "resourceMetadataGroup.create",
+  ResourceMetadataGroupUpdate = "resourceMetadataGroup.update",
+  ResourceMetadataGroupDelete = "resourceMetadataGroup.delete",
 
   DeploymentCreate = "deployment.create",
   DeploymentUpdate = "deployment.update",