zappyzep/backend/src/data/ApiPermissionAssignments.ts

import { ApiPermissions } from "@shared/apiPermissions";
import { Repository } from "typeorm";
import { ApiAuditLog } from "./ApiAuditLog";
import { BaseRepository } from "./BaseRepository";
import { AuditLogEventTypes } from "./apiAuditLogTypes";
import { dataSource } from "./dataSource";
import { ApiPermissionAssignment } from "./entities/ApiPermissionAssignment";

export enum ApiPermissionTypes {
  User = "USER",
  Role = "ROLE",
}

export class ApiPermissionAssignments extends BaseRepository {
  private apiPermissions: Repository<ApiPermissionAssignment>;
  private auditLogs: ApiAuditLog;

  constructor() {
    super();
    this.apiPermissions = dataSource.getRepository(ApiPermissionAssignment);
    this.auditLogs = new ApiAuditLog();
  }

  getByGuildId(guildId) {
    return this.apiPermissions.find({
      where: {
        guild_id: guildId,
      },
    });
  }

  getByUserId(userId) {
    return this.apiPermissions.find({
      where: {
        type: ApiPermissionTypes.User,
        target_id: userId,
      },
    });
  }

  getByGuildAndUserId(guildId, userId) {
    return this.apiPermissions.findOne({
      where: {
        guild_id: guildId,
        type: ApiPermissionTypes.User,
        target_id: userId,
      },
    });
  }

  addUser(guildId, userId, permissions: ApiPermissions[], expiresAt: string | null = null) {
    return this.apiPermissions.insert({
      guild_id: guildId,
      type: ApiPermissionTypes.User,
      target_id: userId,
      permissions,
      expires_at: expiresAt,
    });
  }

  removeUser(guildId, userId) {
    return this.apiPermissions.delete({ guild_id: guildId, type: ApiPermissionTypes.User, target_id: userId });
  }

  async updateUserPermissions(guildId: string, userId: string, permissions: ApiPermissions[]): Promise<void> {
    await this.apiPermissions.update(
      {
        guild_id: guildId,
        type: ApiPermissionTypes.User,
        target_id: userId,
      },
      {
        permissions,
      },
    );
  }

  async clearExpiredPermissions() {
    await this.apiPermissions
      .createQueryBuilder()
      .where("expires_at IS NOT NULL")
      .andWhere("expires_at <= NOW()")
      .delete()
      .execute();
  }

  async applyOwnerChange(guildId: string, newOwnerId: string) {
    const existingPermissions = await this.getByGuildId(guildId);
    let updatedOwner = false;
    for (const perm of existingPermissions) {
      let hasChanges = false;

      // Remove owner permission from anyone who currently has it
      if (perm.permissions.includes(ApiPermissions.Owner)) {
        perm.permissions.splice(perm.permissions.indexOf(ApiPermissions.Owner), 1);
        hasChanges = true;
      }

      // Add owner permission if we encounter the new owner
      if (perm.type === ApiPermissionTypes.User && perm.target_id === newOwnerId) {
        perm.permissions.push(ApiPermissions.Owner);
        updatedOwner = true;
        hasChanges = true;
      }

      if (hasChanges) {
        const criteria = {
          guild_id: perm.guild_id,
          type: perm.type,
          target_id: perm.target_id,
        };
        if (perm.permissions.length === 0) {
          // No remaining permissions -> remove entry
          this.auditLogs.addEntry(guildId, "0", AuditLogEventTypes.REMOVE_API_PERMISSION, {
            type: perm.type,
            target_id: perm.target_id,
          });
          await this.apiPermissions.delete(criteria);
        } else {
          this.auditLogs.addEntry(guildId, "0", AuditLogEventTypes.EDIT_API_PERMISSION, {
            type: perm.type,
            target_id: perm.target_id,
            permissions: perm.permissions,
            expires_at: perm.expires_at,
          });
          await this.apiPermissions.update(criteria, {
            permissions: perm.permissions,
          });
        }
      }
    }

    if (!updatedOwner) {
      this.auditLogs.addEntry(guildId, "0", AuditLogEventTypes.ADD_API_PERMISSION, {
        type: ApiPermissionTypes.User,
        target_id: newOwnerId,
        permissions: [ApiPermissions.Owner],
        expires_at: null,
      });
      await this.apiPermissions.insert({
        guild_id: guildId,
        type: ApiPermissionTypes.User,
        target_id: newOwnerId,
        permissions: [ApiPermissions.Owner],
      });
    }
  }
}
Organise all imports, make Mutes depend on Logs 2021-06-06 23:51:32 +02:00			`import { ApiPermissions } from "@shared/apiPermissions";`
feat: upgrade to TypeORM 0.3 2023-07-01 12:17:45 +00:00			`import { Repository } from "typeorm";`
Update server owner dashboard permissions automatically 2021-09-05 14:34:06 +03:00			`import { ApiAuditLog } from "./ApiAuditLog";`
Update djs & knub (#395) * update pkgs Signed-off-by: GitHub <noreply@github.com> * new knub typings Signed-off-by: GitHub <noreply@github.com> * more pkg updates Signed-off-by: GitHub <noreply@github.com> * more fixes Signed-off-by: GitHub <noreply@github.com> * channel typings Signed-off-by: GitHub <noreply@github.com> * more message utils typings fixes Signed-off-by: GitHub <noreply@github.com> * migrate permissions Signed-off-by: GitHub <noreply@github.com> * fix: InternalPoster webhookables Signed-off-by: GitHub <noreply@github.com> * djs typings: Attachment & Util Signed-off-by: GitHub <noreply@github.com> * more typings Signed-off-by: GitHub <noreply@github.com> * fix: rename permissionNames Signed-off-by: GitHub <noreply@github.com> * more fixes Signed-off-by: GitHub <noreply@github.com> * half the number of errors * knub commands => messageCommands Signed-off-by: GitHub <noreply@github.com> * configPreprocessor => configParser Signed-off-by: GitHub <noreply@github.com> * fix channel.messages Signed-off-by: GitHub <noreply@github.com> * revert automod any typing Signed-off-by: GitHub <noreply@github.com> * more configParser typings Signed-off-by: GitHub <noreply@github.com> * revert Signed-off-by: GitHub <noreply@github.com> * remove knub type params Signed-off-by: GitHub <noreply@github.com> * fix more MessageEmbed / MessageOptions Signed-off-by: GitHub <noreply@github.com> * dumb commit for @almeidx to see why this is stupid Signed-off-by: GitHub <noreply@github.com> * temp disable custom_events Signed-off-by: GitHub <noreply@github.com> * more minor typings fixes - 23 err left Signed-off-by: GitHub <noreply@github.com> * update djs dep * +debug build method (revert this) Signed-off-by: GitHub <noreply@github.com> * Revert "+debug build method (revert this)" This reverts commit a80af1e729b742d1aad1097df538d224fbd32ce7. * Redo +debug build (Revert this) Signed-off-by: GitHub <noreply@github.com> * uniform before/after Load shorthands Signed-off-by: GitHub <noreply@github.com> * remove unused imports & add prettier plugin Signed-off-by: GitHub <noreply@github.com> * env fixes for web platform hosting Signed-off-by: GitHub <noreply@github.com> * feat: knub v32-next; related fixes * fix: allow legacy keys in change_perms action * fix: request Message Content intent * fix: use Knub's config validation logic in API * fix(dashboard): fix error when there are no message and/or slash commands in a plugin * fix(automod): start_thread action thread options * fix(CustomEvents): message command types * chore: remove unneeded type annotation * feat: add forum channel icon; use thread icon for news threads * chore: make tslint happy * chore: fix formatting --------- Signed-off-by: GitHub <noreply@github.com> Co-authored-by: almeidx <almeidx@pm.me> Co-authored-by: Dragory <2606411+Dragory@users.noreply.github.com> 2023-04-01 12:58:17 +01:00			`import { BaseRepository } from "./BaseRepository";`
feat: upgrade to TypeORM 0.3 2023-07-01 12:17:45 +00:00			`import { AuditLogEventTypes } from "./apiAuditLogTypes";`
			`import { dataSource } from "./dataSource";`
Update djs & knub (#395) * update pkgs Signed-off-by: GitHub <noreply@github.com> * new knub typings Signed-off-by: GitHub <noreply@github.com> * more pkg updates Signed-off-by: GitHub <noreply@github.com> * more fixes Signed-off-by: GitHub <noreply@github.com> * channel typings Signed-off-by: GitHub <noreply@github.com> * more message utils typings fixes Signed-off-by: GitHub <noreply@github.com> * migrate permissions Signed-off-by: GitHub <noreply@github.com> * fix: InternalPoster webhookables Signed-off-by: GitHub <noreply@github.com> * djs typings: Attachment & Util Signed-off-by: GitHub <noreply@github.com> * more typings Signed-off-by: GitHub <noreply@github.com> * fix: rename permissionNames Signed-off-by: GitHub <noreply@github.com> * more fixes Signed-off-by: GitHub <noreply@github.com> * half the number of errors * knub commands => messageCommands Signed-off-by: GitHub <noreply@github.com> * configPreprocessor => configParser Signed-off-by: GitHub <noreply@github.com> * fix channel.messages Signed-off-by: GitHub <noreply@github.com> * revert automod any typing Signed-off-by: GitHub <noreply@github.com> * more configParser typings Signed-off-by: GitHub <noreply@github.com> * revert Signed-off-by: GitHub <noreply@github.com> * remove knub type params Signed-off-by: GitHub <noreply@github.com> * fix more MessageEmbed / MessageOptions Signed-off-by: GitHub <noreply@github.com> * dumb commit for @almeidx to see why this is stupid Signed-off-by: GitHub <noreply@github.com> * temp disable custom_events Signed-off-by: GitHub <noreply@github.com> * more minor typings fixes - 23 err left Signed-off-by: GitHub <noreply@github.com> * update djs dep * +debug build method (revert this) Signed-off-by: GitHub <noreply@github.com> * Revert "+debug build method (revert this)" This reverts commit a80af1e729b742d1aad1097df538d224fbd32ce7. * Redo +debug build (Revert this) Signed-off-by: GitHub <noreply@github.com> * uniform before/after Load shorthands Signed-off-by: GitHub <noreply@github.com> * remove unused imports & add prettier plugin Signed-off-by: GitHub <noreply@github.com> * env fixes for web platform hosting Signed-off-by: GitHub <noreply@github.com> * feat: knub v32-next; related fixes * fix: allow legacy keys in change_perms action * fix: request Message Content intent * fix: use Knub's config validation logic in API * fix(dashboard): fix error when there are no message and/or slash commands in a plugin * fix(automod): start_thread action thread options * fix(CustomEvents): message command types * chore: remove unneeded type annotation * feat: add forum channel icon; use thread icon for news threads * chore: make tslint happy * chore: fix formatting --------- Signed-off-by: GitHub <noreply@github.com> Co-authored-by: almeidx <almeidx@pm.me> Co-authored-by: Dragory <2606411+Dragory@users.noreply.github.com> 2023-04-01 12:58:17 +01:00			`import { ApiPermissionAssignment } from "./entities/ApiPermissionAssignment";`
More work on API permissions 2019-11-08 00:04:24 +02:00
			`export enum ApiPermissionTypes {`
			`User = "USER",`
			`Role = "ROLE",`
			`}`

			`export class ApiPermissionAssignments extends BaseRepository {`
			`private apiPermissions: Repository<ApiPermissionAssignment>;`
Update server owner dashboard permissions automatically 2021-09-05 14:34:06 +03:00			`private auditLogs: ApiAuditLog;`
More work on API permissions 2019-11-08 00:04:24 +02:00
			`constructor() {`
			`super();`
feat: upgrade to TypeORM 0.3 2023-07-01 12:17:45 +00:00			`this.apiPermissions = dataSource.getRepository(ApiPermissionAssignment);`
Update server owner dashboard permissions automatically 2021-09-05 14:34:06 +03:00			`this.auditLogs = new ApiAuditLog();`
More work on API permissions 2019-11-08 00:04:24 +02:00			`}`

dashboard: work on guild access page 2020-05-23 17:30:52 +03:00			`getByGuildId(guildId) {`
			`return this.apiPermissions.find({`
			`where: {`
			`guild_id: guildId,`
			`},`
			`});`
			`}`

More work on API permissions 2019-11-08 00:04:24 +02:00			`getByUserId(userId) {`
			`return this.apiPermissions.find({`
			`where: {`
			`type: ApiPermissionTypes.User,`
			`target_id: userId,`
			`},`
			`});`
			`}`

			`getByGuildAndUserId(guildId, userId) {`
			`return this.apiPermissions.findOne({`
			`where: {`
			`guild_id: guildId,`
			`type: ApiPermissionTypes.User,`
			`target_id: userId,`
			`},`
			`});`
			`}`
Add bot owner commands for adding/removing servers and dashboard users 2020-10-10 14:21:59 +03:00
Add rudimentary user management to dashboard 2021-09-05 16:42:35 +03:00			`addUser(guildId, userId, permissions: ApiPermissions[], expiresAt: string \| null = null) {`
Add bot owner commands for adding/removing servers and dashboard users 2020-10-10 14:21:59 +03:00			`return this.apiPermissions.insert({`
			`guild_id: guildId,`
			`type: ApiPermissionTypes.User,`
			`target_id: userId,`
			`permissions,`
Add rudimentary user management to dashboard 2021-09-05 16:42:35 +03:00			`expires_at: expiresAt,`
Add bot owner commands for adding/removing servers and dashboard users 2020-10-10 14:21:59 +03:00			`});`
			`}`

			`removeUser(guildId, userId) {`
			`return this.apiPermissions.delete({ guild_id: guildId, type: ApiPermissionTypes.User, target_id: userId });`
			`}`
Add support for API permission expiry 2021-09-05 13:53:46 +03:00
Add rudimentary user management to dashboard 2021-09-05 16:42:35 +03:00			`async updateUserPermissions(guildId: string, userId: string, permissions: ApiPermissions[]): Promise<void> {`
			`await this.apiPermissions.update(`
			`{`
			`guild_id: guildId,`
			`type: ApiPermissionTypes.User,`
			`target_id: userId,`
			`},`
			`{`
			`permissions,`
			`},`
			`);`
			`}`

Add support for API permission expiry 2021-09-05 13:53:46 +03:00			`async clearExpiredPermissions() {`
			`await this.apiPermissions`
			`.createQueryBuilder()`
			`.where("expires_at IS NOT NULL")`
			`.andWhere("expires_at <= NOW()")`
fix: fix expired api permissions not being deleted 2022-08-14 00:06:20 +03:00			`.delete()`
			`.execute();`
Add support for API permission expiry 2021-09-05 13:53:46 +03:00			`}`
Update server owner dashboard permissions automatically 2021-09-05 14:34:06 +03:00
			`async applyOwnerChange(guildId: string, newOwnerId: string) {`
			`const existingPermissions = await this.getByGuildId(guildId);`
			`let updatedOwner = false;`
			`for (const perm of existingPermissions) {`
			`let hasChanges = false;`

			`// Remove owner permission from anyone who currently has it`
			`if (perm.permissions.includes(ApiPermissions.Owner)) {`
			`perm.permissions.splice(perm.permissions.indexOf(ApiPermissions.Owner), 1);`
			`hasChanges = true;`
			`}`

			`// Add owner permission if we encounter the new owner`
			`if (perm.type === ApiPermissionTypes.User && perm.target_id === newOwnerId) {`
			`perm.permissions.push(ApiPermissions.Owner);`
			`updatedOwner = true;`
			`hasChanges = true;`
			`}`

			`if (hasChanges) {`
			`const criteria = {`
			`guild_id: perm.guild_id,`
			`type: perm.type,`
			`target_id: perm.target_id,`
			`};`
			`if (perm.permissions.length === 0) {`
			`// No remaining permissions -> remove entry`
			`this.auditLogs.addEntry(guildId, "0", AuditLogEventTypes.REMOVE_API_PERMISSION, {`
			`type: perm.type,`
			`target_id: perm.target_id,`
			`});`
			`await this.apiPermissions.delete(criteria);`
			`} else {`
			`this.auditLogs.addEntry(guildId, "0", AuditLogEventTypes.EDIT_API_PERMISSION, {`
			`type: perm.type,`
			`target_id: perm.target_id,`
			`permissions: perm.permissions,`
			`expires_at: perm.expires_at,`
			`});`
			`await this.apiPermissions.update(criteria, {`
			`permissions: perm.permissions,`
			`});`
			`}`
			`}`
			`}`

			`if (!updatedOwner) {`
			`this.auditLogs.addEntry(guildId, "0", AuditLogEventTypes.ADD_API_PERMISSION, {`
			`type: ApiPermissionTypes.User,`
			`target_id: newOwnerId,`
			`permissions: [ApiPermissions.Owner],`
			`expires_at: null,`
			`});`
			`await this.apiPermissions.insert({`
			`guild_id: guildId,`
			`type: ApiPermissionTypes.User,`
			`target_id: newOwnerId,`
			`permissions: [ApiPermissions.Owner],`
			`});`
			`}`
			`}`
More work on API permissions 2019-11-08 00:04:24 +02:00			`}`