rights system
This commit is contained in:
Matthias Hochmeister
@@ -148,21 +148,100 @@ class PermissionService {
|
||||
const client = await pool.connect();
|
||||
try {
|
||||
await client.query('BEGIN');
|
||||
|
||||
// Validate permission IDs exist (filter out stale/invalid ones)
|
||||
let validPermIds = permIds;
|
||||
if (permIds.length > 0) {
|
||||
const validResult = await client.query(
|
||||
'SELECT id FROM permissions WHERE id = ANY($1)',
|
||||
[permIds]
|
||||
);
|
||||
const validSet = new Set(validResult.rows.map((r: any) => r.id));
|
||||
validPermIds = permIds.filter(p => validSet.has(p));
|
||||
}
|
||||
|
||||
// Remove all existing permissions for this group
|
||||
await client.query('DELETE FROM group_permissions WHERE authentik_group = $1', [group]);
|
||||
|
||||
// Insert new permissions
|
||||
for (const permId of permIds) {
|
||||
if (validPermIds.length > 0) {
|
||||
const values = validPermIds.map((_p, i) =>
|
||||
`($1, $${i + 2}, $${validPermIds.length + 2})`
|
||||
).join(', ');
|
||||
await client.query(
|
||||
'INSERT INTO group_permissions (authentik_group, permission_id, granted_by) VALUES ($1, $2, $3) ON CONFLICT DO NOTHING',
|
||||
[group, permId, grantedBy]
|
||||
`INSERT INTO group_permissions (authentik_group, permission_id, granted_by)
|
||||
VALUES ${values}
|
||||
ON CONFLICT DO NOTHING`,
|
||||
[group, ...validPermIds, grantedBy]
|
||||
);
|
||||
}
|
||||
|
||||
await client.query('COMMIT');
|
||||
|
||||
// Reload cache
|
||||
await this.loadCache();
|
||||
|
||||
logger.info('Group permissions updated', { group, permissionCount: permIds.length, grantedBy });
|
||||
logger.info('Group permissions updated', { group, permissionCount: validPermIds.length, grantedBy });
|
||||
} catch (error) {
|
||||
await client.query('ROLLBACK');
|
||||
throw error;
|
||||
} finally {
|
||||
client.release();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Bulk-update permissions for multiple groups in a single transaction.
|
||||
* Reloads cache once at the end.
|
||||
*/
|
||||
async setMultipleGroupPermissions(
|
||||
updates: { group: string; permissions: string[] }[],
|
||||
grantedBy: string,
|
||||
): Promise<void> {
|
||||
const client = await pool.connect();
|
||||
try {
|
||||
await client.query('BEGIN');
|
||||
|
||||
// Collect all referenced permission IDs to validate in one query
|
||||
const allPermIds = new Set<string>();
|
||||
for (const u of updates) {
|
||||
for (const p of u.permissions) allPermIds.add(p);
|
||||
}
|
||||
|
||||
let validSet = new Set<string>();
|
||||
if (allPermIds.size > 0) {
|
||||
const validResult = await client.query(
|
||||
'SELECT id FROM permissions WHERE id = ANY($1)',
|
||||
[Array.from(allPermIds)]
|
||||
);
|
||||
validSet = new Set(validResult.rows.map((r: any) => r.id));
|
||||
}
|
||||
|
||||
for (const { group, permissions } of updates) {
|
||||
const validPermIds = permissions.filter(p => validSet.has(p));
|
||||
|
||||
await client.query('DELETE FROM group_permissions WHERE authentik_group = $1', [group]);
|
||||
|
||||
if (validPermIds.length > 0) {
|
||||
const values = validPermIds.map((_p, i) =>
|
||||
`($1, $${i + 2}, $${validPermIds.length + 2})`
|
||||
).join(', ');
|
||||
await client.query(
|
||||
`INSERT INTO group_permissions (authentik_group, permission_id, granted_by)
|
||||
VALUES ${values}
|
||||
ON CONFLICT DO NOTHING`,
|
||||
[group, ...validPermIds, grantedBy]
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
await client.query('COMMIT');
|
||||
await this.loadCache();
|
||||
|
||||
logger.info('Bulk group permissions updated', {
|
||||
groupCount: updates.length,
|
||||
grantedBy,
|
||||
});
|
||||
} catch (error) {
|
||||
await client.query('ROLLBACK');
|
||||
throw error;
|
||||
|
||||
Reference in New Issue
Block a user