ershisan99/coolify
1
0
Fork 0
mirror of https://github.com/ershisan99/coolify.git synced 2026-01-23 12:34:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: Ton of updates for users/teams

Browse Source
This commit is contained in:
Andras Bacsai
2022-04-07 23:26:06 +02:00
parent f779b3bb54
commit b96c1a23ec
20 changed files with 383 additions and 228 deletions
Download Patch File Download Diff File Expand all files Collapse all files

130
src/routes/iam/index.json.ts Normal file
View File

@@ -0,0 +1,130 @@
import { getUserDetails } from '$lib/common';
import * as db from '$lib/database';
import { ErrorHandler } from '$lib/database';
import type { RequestHandler } from '@sveltejs/kit';
export const get: RequestHandler = async (event) => {
const { teamId, userId, status, body } = await getUserDetails(event);
if (status === 401) return { status, body };
try {
const account = await db.prisma.user.findUnique({
where: { id: userId },
select: { id: true, email: true, teams: true }
});
let accounts = [];
if (teamId === '0') {
accounts = await db.prisma.user.findMany({ select: { id: true, email: true, teams: true } });
}
const teams = await db.prisma.permission.findMany({
where: { userId: teamId === '0' ? undefined : userId },
include: { team: { include: { _count: { select: { users: true } } } } }
});
const invitations = await db.prisma.teamInvitation.findMany({ where: { uid: userId } });
return {
status: 200,
body: {
teams,
invitations,
account,
accounts
}
};
} catch (error) {
return ErrorHandler(error);
}
};
export const post: RequestHandler = async (event) => {
const { teamId, userId, status, body } = await getUserDetails(event);
if (status === 401) return { status, body };
if (teamId !== '0')
return { status: 401, body: { message: 'You are not authorized to perform this action' } };
const { id } = await event.request.json();
try {
const aloneInTeams = await db.prisma.team.findMany({ where: { users: { every: { id } } } });
if (aloneInTeams.length > 0) {
for (const team of aloneInTeams) {
const applications = await db.prisma.application.findMany({
where: { teams: { every: { id: team.id } } }
});
if (applications.length > 0) {
for (const application of applications) {
await db.prisma.application.update({
where: { id: application.id },
data: { teams: { connect: { id: '0' } } }
});
}
}
const services = await db.prisma.service.findMany({
where: { teams: { every: { id: team.id } } }
});
if (services.length > 0) {
for (const service of services) {
await db.prisma.service.update({
where: { id: service.id },
data: { teams: { connect: { id: '0' } } }
});
}
}
const databases = await db.prisma.database.findMany({
where: { teams: { every: { id: team.id } } }
});
if (databases.length > 0) {
for (const database of databases) {
await db.prisma.database.update({
where: { id: database.id },
data: { teams: { connect: { id: '0' } } }
});
}
}
const sources = await db.prisma.gitSource.findMany({
where: { teams: { every: { id: team.id } } }
});
if (sources.length > 0) {
for (const source of sources) {
await db.prisma.gitSource.update({
where: { id: source.id },
data: { teams: { connect: { id: '0' } } }
});
}
}
const destinations = await db.prisma.destinationDocker.findMany({
where: { teams: { every: { id: team.id } } }
});
if (destinations.length > 0) {
for (const destination of destinations) {
await db.prisma.destinationDocker.update({
where: { id: destination.id },
data: { teams: { connect: { id: '0' } } }
});
}
}
await db.prisma.teamInvitation.deleteMany({ where: { teamId: team.id } });
await db.prisma.permission.deleteMany({ where: { teamId: team.id } });
await db.prisma.user.delete({ where: { id } });
await db.prisma.team.delete({ where: { id: team.id } });
}
}
const notAloneInTeams = await db.prisma.team.findMany({ where: { users: { some: { id } } } });
if (notAloneInTeams.length > 0) {
for (const team of notAloneInTeams) {
await db.prisma.team.update({
where: { id: team.id },
data: { users: { disconnect: { id } } }
});
}
}
return {
status: 201
};
} catch (error) {
return {
status: 500
};
}
};

178
src/routes/iam/index.svelte Normal file
View File

@@ -0,0 +1,178 @@
<script context="module" lang="ts">
import type { Load } from '@sveltejs/kit';
export const load: Load = async ({ fetch }) => {
const url = `/iam.json`;
const res = await fetch(url);
if (res.ok) {
return {
props: {
...(await res.json())
}
};
}
if (res.status === 401) {
return {
status: 302,
redirect: '/'
};
}
return {
status: res.status,
error: new Error(`Could not load ${url}`)
};
};
</script>
<script lang="ts">
import { session } from '$app/stores';
import { get, post } from '$lib/api';
import { errorNotification } from '$lib/form';
import { toast } from '@zerodevx/svelte-toast';
export let account;
export let accounts;
if (accounts.length === 0) {
accounts.push(account);
}
export let teams;
const ownTeams = teams.filter((team) => {
if (team.team.id === $session.teamId) {
return team;
}
});
const otherTeams = teams.filter((team) => {
if (team.team.id !== $session.teamId) {
return team;
}
});
async function resetPassword(id) {
const sure = window.confirm('Are you sure you want to reset the password?');
if (!sure) {
return;
}
try {
await post(`/iam/password.json`, { id });
toast.push('Password reset successfully.');
} catch ({ error }) {
return errorNotification(error);
}
}
async function deleteUser(id) {
const sure = window.confirm('Are you sure you want to delete this user?');
if (!sure) {
return;
}
try {
await post(`/iam.json`, { id });
toast.push('Account deleted.');
const data = await get('/iam.json');
accounts = data.accounts;
} catch ({ error }) {
return errorNotification(error);
}
}
</script>
<div class="flex space-x-1 p-6 font-bold">
<div class="mr-4 text-2xl tracking-tight">Identity and Access Management System</div>
</div>
<!-- <div class="flex items-center px-6">
<div>{account.email}</div>
</div> -->
<div class="mx-auto max-w-4xl px-6">
{#if $session.teamId === '0' && accounts.length > 0}
<div class="title font-bold">Accounts</div>
{:else}
<div class="title font-bold">Account</div>
{/if}
<div class="flex items-center justify-center pt-10">
<table class="mx-2 text-left">
<thead class="mb-2">
<tr>
{#if accounts.length > 1}
<th class="px-2">Email</th>
<th>Actions</th>
{/if}
</tr>
</thead>
<tbody>
{#each accounts as account}
<tr>
<td class="px-2">{account.email}</td>
<td class="flex space-x-2">
<form on:submit|preventDefault={() => resetPassword(account.id)}>
<button
class="mx-auto my-4 w-32 bg-coollabs hover:bg-coollabs-100 disabled:bg-coolgray-200"
>Reset Password</button
>
</form>
<form on:submit|preventDefault={() => deleteUser(account.id)}>
<button
disabled={account.id === $session.userId}
class="mx-auto my-4 w-32 bg-coollabs hover:bg-coollabs-100 disabled:bg-coolgray-200"
type="submit">Delete User</button
>
</form>
</td>
</tr>
{/each}
</tbody>
</table>
</div>
</div>
<div class="mx-auto max-w-4xl px-6">
<div class="title font-bold">Teams</div>
<div class="flex items-center justify-center pt-10">
<div class="flex flex-col">
<div class="flex flex-col flex-wrap justify-center px-2 pb-10 md:flex-row">
{#each ownTeams as team}
<a href="/iam/team/{team.teamId}" class="w-96 p-2 no-underline">
<div
class="box-selection relative"
class:hover:bg-cyan-600={team.team?.id !== '0'}
class:hover:bg-red-500={team.team?.id === '0'}
>
<div class="truncate text-center text-xl font-bold">
{team.team.name}
</div>
<div class="truncate text-center font-bold">
{team.team?.id === '0' ? 'root team' : ''}
</div>
<div class="mt-1 text-center">{team.team._count.users} member(s)</div>
</div>
</a>
{/each}
</div>
{#if $session.teamId === '0' && otherTeams.length > 0}
<div class="pb-5 pt-10 text-xl font-bold">Other Teams</div>
{/if}
<div class="flex flex-col flex-wrap justify-center px-2 md:flex-row">
{#each otherTeams as team}
<a href="/iam/team/{team.teamId}" class="w-96 p-2 no-underline">
<div
class="box-selection relative"
class:hover:bg-cyan-600={team.team?.id !== '0'}
class:hover:bg-red-500={team.team?.id === '0'}
>
<div class="truncate text-center text-xl font-bold">
{team.team.name}
</div>
<div class="truncate text-center font-bold">
{team.team?.id === '0' ? 'root team' : ''}
</div>
<div class="mt-1 text-center">{team.team._count.users} member(s)</div>
</div>
</a>
{/each}
</div>
</div>
</div>
</div>

22
src/routes/iam/password.json.ts Normal file
View File

@@ -0,0 +1,22 @@
import { getUserDetails } from '$lib/common';
import * as db from '$lib/database';
import { ErrorHandler } from '$lib/database';
import type { RequestHandler } from '@sveltejs/kit';
export const post: RequestHandler = async (event) => {
const { teamId, userId, status, body } = await getUserDetails(event);
if (status === 401) return { status, body };
const { id } = await event.request.json();
try {
await db.prisma.user.update({ where: { id }, data: { password: 'RESETME' } });
return {
status: 201
};
} catch (error) {
console.log(error);
return {
status: 500
};
}
};

28
src/routes/iam/team/[id]/__layout.svelte Normal file
View File

@@ -0,0 +1,28 @@
<script context="module" lang="ts">
import type { Load } from '@sveltejs/kit';
export const load: Load = async ({ fetch, params }) => {
const url = `/iam/team/${params.id}.json`;
const res = await fetch(url);
if (res.ok) {
const data = await res.json();
if (!data.permissions || Object.entries(data.permissions).length === 0) {
return {
status: 302,
redirect: '/iam'
};
}
return {
stuff: {
...data
}
};
}
return {
status: 302,
redirect: '/iam'
};
};
</script>
<slot />

55
src/routes/iam/team/[id]/index.json.ts Normal file
View File

@@ -0,0 +1,55 @@
import { getUserDetails } from '$lib/common';
import * as db from '$lib/database';
import { ErrorHandler } from '$lib/database';
import type { RequestHandler } from '@sveltejs/kit';
export const get: RequestHandler = async (event) => {
const { teamId, userId, status, body } = await getUserDetails(event, false);
if (status === 401) return { status, body };
const { id } = event.params;
try {
const user = await db.prisma.user.findFirst({
where: { id: userId, teams: teamId === '0' ? undefined : { some: { id } } },
include: { permission: true }
});
if (!user) {
return {
status: 401
};
}
const permissions = await db.prisma.permission.findMany({
where: { teamId: id },
include: { user: { select: { id: true, email: true } } }
});
const team = await db.prisma.team.findUnique({ where: { id }, include: { permissions: true } });
const invitations = await db.prisma.teamInvitation.findMany({ where: { teamId: team.id } });
return {
body: {
team,
permissions,
invitations
}
};
} catch (error) {
return ErrorHandler(error);
}
};
export const post: RequestHandler = async (event) => {
const { status, body } = await getUserDetails(event);
if (status === 401) return { status, body };
const { id } = event.params;
const { name } = await event.request.json();
try {
await db.prisma.team.update({ where: { id }, data: { name: { set: name } } });
return {
status: 201
};
} catch (error) {
return ErrorHandler(error);
}
};

218
src/routes/iam/team/[id]/index.svelte Normal file
View File

@@ -0,0 +1,218 @@
<script context="module" lang="ts">
import type { Load } from '@sveltejs/kit';
export const load: Load = async ({ fetch, params }) => {
const url = `/iam/team/${params.id}.json`;
const res = await fetch(url);
if (res.ok) {
return {
props: {
...(await res.json())
}
};
}
return {
status: res.status,
error: new Error(`Could not load ${url}`)
};
};
</script>
<script lang="ts">
export let permissions;
export let team;
export let invitations: any[];
import { page, session } from '$app/stores';
import Explainer from '$lib/components/Explainer.svelte';
import { errorNotification } from '$lib/form';
import { post } from '$lib/api';
const { id } = $page.params;
let invitation = {
teamName: team.name,
email: null,
permission: 'read'
};
// let myPermission = permissions.find((u) => u.user.id === $session.userId).permission;
function isAdmin(permission: string) {
if (permission === 'admin' || permission === 'owner') {
return true;
}
return false;
}
async function sendInvitation() {
try {
await post(`/iam/team/${id}/invitation/invite.json`, {
teamId: team.id,
teamName: invitation.teamName,
email: invitation.email.toLowerCase(),
permission: invitation.permission
});
return window.location.reload();
} catch ({ error }) {
return errorNotification(error);
}
}
async function revokeInvitation(id: string) {
try {
await post(`/iam/team/${id}/invitation/revoke.json`, { id });
return window.location.reload();
} catch ({ error }) {
return errorNotification(error);
}
}
async function removeFromTeam(uid: string) {
try {
await post(`/iam/team/${id}/remove/user.json`, { teamId: team.id, uid });
return window.location.reload();
} catch ({ error }) {
return errorNotification(error);
}
}
async function changePermission(userId: string, permissionId: string, currentPermission: string) {
let newPermission = 'read';
if (currentPermission === 'read') {
newPermission = 'admin';
}
try {
await post(`/iam/team/${id}/permission/change.json`, { userId, newPermission, permissionId });
return window.location.reload();
} catch ({ error }) {
return errorNotification(error);
}
}
async function handleSubmit() {
try {
await post(`/iam/team/${id}.json`, { ...team });
return window.location.reload();
} catch ({ error }) {
return errorNotification(error);
}
}
</script>
<div class="flex space-x-1 p-6 px-6 text-2xl font-bold">
<div class="tracking-tight">Team</div>
<span class="arrow-right-applications px-1 text-cyan-500">></span>
<span class="pr-2">{team.name}</span>
</div>
<div class="mx-auto max-w-4xl px-6">
<form on:submit|preventDefault={handleSubmit} class=" py-4">
<div class="flex space-x-1 pb-5">
<div class="title font-bold">Settings</div>
<button class="bg-cyan-600 hover:bg-cyan-500" type="submit">Save</button>
</div>
<div class="grid grid-flow-row gap-2 px-10">
<div class="mt-2 grid grid-cols-2">
<div class="flex-col">
<label for="name" class="text-base font-bold text-stone-100">Name</label>
{#if team.id === '0'}
<Explainer
customClass="w-full"
text="This is the <span class='text-red-500 font-bold'>root</span> team. That means members of this group can manage instance wide settings and have all the priviliges in Coolify (imagine like root user on Linux)."
/>
{/if}
</div>
<input id="name" name="name" placeholder="name" bind:value={team.name} />
</div>
</div>
</form>
<div class="flex space-x-1 py-5 pt-10 font-bold">
<div class="title">Members</div>
</div>
<div class="px-4 sm:px-6">
<table class="w-full border-separate text-left">
<thead>
<tr class="h-8 border-b border-coolgray-400">
<th scope="col">Email</th>
<th scope="col">Permission</th>
<th scope="col" class="text-center">Actions</th>
</tr>
</thead>
{#each permissions as permission}
<tr class="text-xs">
<td class="py-4"
>{permission.user.email}
<span class="font-bold">{permission.user.id === $session.userId ? '(You)' : ''}</span
></td
>
<td class="py-4">{permission.permission}</td>
{#if $session.isAdmin && permission.user.id !== $session.userId && permission.permission !== 'owner'}
<td class="flex flex-col items-center justify-center space-y-2 py-4 text-center">
<button
class="w-52 bg-red-600 hover:bg-red-500"
on:click={() => removeFromTeam(permission.user.id)}>Remove</button
>
<button
class="w-52"
on:click={() =>
changePermission(permission.user.id, permission.id, permission.permission)}
>Promote to {permission.permission === 'admin' ? 'read' : 'admin'}</button
>
</td>
{:else}
<td class="text-center py-4 flex-col space-y-2"> No actions available </td>
{/if}
</tr>
{/each}
{#each invitations as invitation}
<tr class="text-xs">
<td class="py-4 font-bold text-yellow-500">{invitation.email} </td>
<td class="py-4 font-bold text-yellow-500">{invitation.permission}</td>
{#if isAdmin(team.permissions[0].permission)}
<td class="flex-col space-y-2 py-4 text-center">
<button
class="w-52 bg-red-600 hover:bg-red-500"
on:click={() => revokeInvitation(invitation.id)}>Revoke invitation</button
>
</td>
{:else}
<td class="text-center py-4 flex-col space-y-2">Pending invitation</td>
{/if}
</tr>
{/each}
</table>
</div>
{#if $session.isAdmin}
<form on:submit|preventDefault={sendInvitation} class="py-5 pt-10">
<div class="flex space-x-1">
<div class="flex space-x-1">
<div class="title font-bold">Invite new member</div>
<button class="bg-cyan-600 hover:bg-cyan-500" type="submit">Send invitation</button>
</div>
</div>
<Explainer
text="You can only invite registered users at the moment - will be extended soon."
/>
<div class="flex-col space-y-2 px-4 pt-5 sm:px-6">
<div class="flex space-x-0">
<input
bind:value={invitation.email}
placeholder="Email address"
class="mr-2 w-full"
required
/>
<div class="flex-1" />
<button
on:click={() => (invitation.permission = 'read')}
class="rounded-none rounded-l border border-dashed border-transparent"
type="button"
class:border-coolgray-300={invitation.permission !== 'read'}
class:bg-pink-500={invitation.permission === 'read'}>Read</button
>
<button
on:click={() => (invitation.permission = 'admin')}
class="rounded-none rounded-r border border-dashed border-transparent"
type="button"
class:border-coolgray-300={invitation.permission !== 'admin'}
class:bg-red-500={invitation.permission === 'admin'}>Admin</button
>
</div>
</div>
</form>
{/if}
</div>

36
src/routes/iam/team/[id]/invitation/accept.json.ts Normal file
View File

@@ -0,0 +1,36 @@
import { getUserDetails } from '$lib/common';
import * as db from '$lib/database';
import { ErrorHandler } from '$lib/database';
import { dayjs } from '$lib/dayjs';
import type { RequestHandler } from '@sveltejs/kit';
export const post: RequestHandler = async (event) => {
const { userId, status, body } = await getUserDetails(event);
if (status === 401) return { status, body };
const { id } = await event.request.json();
try {
const invitation = await db.prisma.teamInvitation.findFirst({
where: { uid: userId },
rejectOnNotFound: true
});
await db.prisma.team.update({
where: { id: invitation.teamId },
data: { users: { connect: { id: userId } } }
});
await db.prisma.permission.create({
data: {
user: { connect: { id: userId } },
permission: invitation.permission,
team: { connect: { id: invitation.teamId } }
}
});
await db.prisma.teamInvitation.delete({ where: { id } });
return {
status: 200
};
} catch (error) {
return ErrorHandler(error);
}
};

69
src/routes/iam/team/[id]/invitation/invite.json.ts Normal file
View File

@@ -0,0 +1,69 @@
import { getUserDetails } from '$lib/common';
import * as db from '$lib/database';
import { ErrorHandler } from '$lib/database';
import { dayjs } from '$lib/dayjs';
import type { RequestHandler } from '@sveltejs/kit';
async function createInvitation({ email, uid, teamId, teamName, permission }) {
return await db.prisma.teamInvitation.create({
data: { email, uid, teamId, teamName, permission }
});
}
export const post: RequestHandler = async (event) => {
const { userId, status, body } = await getUserDetails(event);
if (status === 401) return { status, body };
const { email, permission, teamId, teamName } = await event.request.json();
try {
const userFound = await db.prisma.user.findUnique({ where: { email } });
if (!userFound) {
throw {
error: `No user found with '${email}' email address.`
};
}
const uid = userFound.id;
// Invitation to yourself?!
if (uid === userId) {
throw {
error: `Invitation to yourself? Whaaaaat?`
};
}
const alreadyInTeam = await db.prisma.team.findFirst({
where: { id: teamId, users: { some: { id: uid } } }
});
if (alreadyInTeam) {
throw {
error: `Already in the team.`
};
}
const invitationFound = await db.prisma.teamInvitation.findFirst({ where: { uid, teamId } });
if (invitationFound) {
if (dayjs().toDate() < dayjs(invitationFound.createdAt).add(1, 'day').toDate()) {
throw {
error: 'Invitiation already pending on user confirmation.'
};
} else {
await db.prisma.teamInvitation.delete({ where: { id: invitationFound.id } });
await createInvitation({ email, uid, teamId, teamName, permission });
return {
status: 200,
body: {
message: 'Invitiation sent.'
}
};
}
} else {
await createInvitation({ email, uid, teamId, teamName, permission });
return {
status: 200,
body: {
message: 'Invitiation sent.'
}
};
}
} catch (error) {
return ErrorHandler(error);
}
};

20
src/routes/iam/team/[id]/invitation/revoke.json.ts Normal file
View File

@@ -0,0 +1,20 @@
import { getUserDetails } from '$lib/common';
import * as db from '$lib/database';
import { ErrorHandler } from '$lib/database';
import { dayjs } from '$lib/dayjs';
import type { RequestHandler } from '@sveltejs/kit';
export const post: RequestHandler = async (event) => {
const { userId, status, body } = await getUserDetails(event);
if (status === 401) return { status, body };
const { id } = await event.request.json();
try {
await db.prisma.teamInvitation.delete({ where: { id } });
return {
status: 200
};
} catch (error) {
return ErrorHandler(error);
}
};

23
src/routes/iam/team/[id]/permission/change.json.ts Normal file
View File

@@ -0,0 +1,23 @@
import { getUserDetails } from '$lib/common';
import * as db from '$lib/database';
import { ErrorHandler } from '$lib/database';
import type { RequestHandler } from '@sveltejs/kit';
export const post: RequestHandler = async (event) => {
const { status, body } = await getUserDetails(event);
if (status === 401) return { status, body };
const { userId, newPermission, permissionId } = await event.request.json();
try {
await db.prisma.permission.updateMany({
where: { id: permissionId, userId },
data: { permission: { set: newPermission } }
});
return {
status: 201
};
} catch (error) {
return ErrorHandler(error);
}
};

24
src/routes/iam/team/[id]/remove/user.json.ts Normal file
View File

@@ -0,0 +1,24 @@
import { getUserDetails } from '$lib/common';
import * as db from '$lib/database';
import { ErrorHandler } from '$lib/database';
import type { RequestHandler } from '@sveltejs/kit';
export const post: RequestHandler = async (event) => {
const { userId, status, body } = await getUserDetails(event);
if (status === 401) return { status, body };
const { teamId, uid } = await event.request.json();
try {
await db.prisma.team.update({
where: { id: teamId },
data: { users: { disconnect: { id: uid } } }
});
await db.prisma.permission.deleteMany({ where: { userId: uid, teamId } });
return {
status: 201
};
} catch (error) {
return ErrorHandler(error);
}
};