Add permissions to the invite link

bcgov · Apr 15, 2024 · 6f416aa · 6f416aa
1 parent 6fe31a7
commit 6f416aa
Show file tree

Hide file tree

Showing 5 changed files with 24 additions and 3 deletions.
diff --git a/app/src/controllers/invite.js b/app/src/controllers/invite.js
@@ -120,7 +120,8 @@ const controller = {
         resource: resource,
         type: type,
         expiresAt: req.body.expiresAt ? new Date(req.body.expiresAt * 1000).toISOString() : undefined,
-        userId: userId
+        userId: userId,
+        permissionsCode: req.body.permissionsCode
       });
       res.status(201).json(response.token);
     } catch (e) {
@@ -182,7 +183,7 @@ const controller = {
 
         // Grant invitation permission and cleanup
         await objectPermissionService.addPermissions(invite.resource, [
-          { userId: userId, permCode: Permissions.READ }
+          { userId: userId, permCode: 'CREATE' }
         ], invite.createdBy);
       } else if (invite.type === ResourceType.BUCKET) {
         // Check for object existence

diff --git a/app/src/db/migrations/20240305000000_014-invitePermissions.js b/app/src/db/migrations/20240305000000_014-invitePermissions.js
@@ -0,0 +1,15 @@
+exports.up = function (knex) {
+  return Promise.resolve()
+    // Add permissionsCode to the table
+    .then(() => knex.schema.alterTable('invite', table => {
+      table.specificType('permissionsCode', 'TEXT[]');
+    }));
+};
+
+exports.down = function (knex) {
+  return Promise.resolve()
+    // permissionsCode column from Invite table
+    .then(() => knex.schema.alterTable('invite', table => {
+      table.dropColumn('permissionsCode');
+    }));
+};
diff --git a/app/src/db/models/tables/invite.js b/app/src/db/models/tables/invite.js
@@ -1,5 +1,6 @@
 const { Model } = require('objection');
 
+const { Permissions } = require('../../../components/constants');
 const { stamps } = require('../jsonSchema');
 const { Timestamps } = require('../mixins');
 
@@ -22,6 +23,7 @@ class ObjectModel extends Timestamps(Model) {
         resource: { type: 'string', format: 'uuid' },
         type: { type: 'string', enum: ['bucketId', 'objectId'] },
         expiresAt: { type: 'string', format: 'date-time' },
+        permissionsCode: { type: 'array', items: { type: 'string' } },
         ...stamps
       },
       additionalProperties: false

diff --git a/app/src/services/invite.js b/app/src/services/invite.js
@@ -13,6 +13,7 @@ const service = {
    * @param {string} [data.email] The optional email address of the intended recipient
    * @param {string} data.resource The uuid of the target resource
    * @param {(bucketId|objectId)} data.type The type of resource. Must either be `bucketId` or `objectId`.
+   * @param {string} [data.permCode] Permission level for the invite.
    * @param {string} [data.expiresAt] The optional time this token will expire at.
    * Defaults to 24 hours from now if unspecified.
    * @param {string} [data.userId] The optional userId that requested this generation
@@ -30,6 +31,7 @@ const service = {
         email: data.email,
         resource: data.resource,
         type: data.type,
+        permCode: data.permCode ?? 'READ',
         expiresAt: data.expiresAt,
         createdBy: data.userId ?? SYSTEM_USER
       });

diff --git a/app/src/validators/invite.js b/app/src/validators/invite.js
@@ -1,7 +1,7 @@
 
 const Joi = require('joi');
 
-const { type } = require('./common');
+const { scheme, type } = require('./common');
 const { validate } = require('../middleware/validation');
 
 const schema = {
@@ -11,6 +11,7 @@ const schema = {
       email: type.email,
       expiresAt: Joi.date().timestamp('unix').greater('now'),
       objectId: type.uuidv4,
+      permissionsCode: Joi.array().items(Joi.string()),
     }).xor('bucketId', 'objectId')
   },