zeppelin/backend/src/data/ApiPermissionAssignments.ts

import { ApiPermissions } from "@shared/apiPermissions";
import { getRepository, Repository } from "typeorm";
import { BaseRepository } from "./BaseRepository";
import { ApiPermissionAssignment } from "./entities/ApiPermissionAssignment";
import { Permissions } from "discord.js";
import { ApiAuditLog } from "./ApiAuditLog";
import { AuditLogEventTypes } from "./apiAuditLogTypes";

export enum ApiPermissionTypes {
  User = "USER",
  Role = "ROLE",
}

export class ApiPermissionAssignments extends BaseRepository {
  private apiPermissions: Repository<ApiPermissionAssignment>;
  private auditLogs: ApiAuditLog;

  constructor() {
    super();
    this.apiPermissions = getRepository(ApiPermissionAssignment);
    this.auditLogs = new ApiAuditLog();
  }

  getByGuildId(guildId) {
    return this.apiPermissions.find({
      where: {
        guild_id: guildId,
      },
    });
  }

  getByUserId(userId) {
    return this.apiPermissions.find({
      where: {
        type: ApiPermissionTypes.User,
        target_id: userId,
      },
    });
  }

  getByGuildAndUserId(guildId, userId) {
    return this.apiPermissions.findOne({
      where: {
        guild_id: guildId,
        type: ApiPermissionTypes.User,
        target_id: userId,
      },
    });
  }

  addUser(guildId, userId, permissions: ApiPermissions[], expiresAt: string | null = null) {
    return this.apiPermissions.insert({
      guild_id: guildId,
      type: ApiPermissionTypes.User,
      target_id: userId,
      permissions,
      expires_at: expiresAt,
    });
  }

  removeUser(guildId, userId) {
    return this.apiPermissions.delete({ guild_id: guildId, type: ApiPermissionTypes.User, target_id: userId });
  }

  async updateUserPermissions(guildId: string, userId: string, permissions: ApiPermissions[]): Promise<void> {
    await this.apiPermissions.update(
      {
        guild_id: guildId,
        type: ApiPermissionTypes.User,
        target_id: userId,
      },
      {
        permissions,
      },
    );
  }

  async clearExpiredPermissions() {
    await this.apiPermissions
      .createQueryBuilder()
      .where("expires_at IS NOT NULL")
      .andWhere("expires_at <= NOW()")
      .delete();
  }

  async applyOwnerChange(guildId: string, newOwnerId: string) {
    const existingPermissions = await this.getByGuildId(guildId);
    let updatedOwner = false;
    for (const perm of existingPermissions) {
      let hasChanges = false;

      // Remove owner permission from anyone who currently has it
      if (perm.permissions.includes(ApiPermissions.Owner)) {
        perm.permissions.splice(perm.permissions.indexOf(ApiPermissions.Owner), 1);
        hasChanges = true;
      }

      // Add owner permission if we encounter the new owner
      if (perm.type === ApiPermissionTypes.User && perm.target_id === newOwnerId) {
        perm.permissions.push(ApiPermissions.Owner);
        updatedOwner = true;
        hasChanges = true;
      }

      if (hasChanges) {
        const criteria = {
          guild_id: perm.guild_id,
          type: perm.type,
          target_id: perm.target_id,
        };
        if (perm.permissions.length === 0) {
          // No remaining permissions -> remove entry
          this.auditLogs.addEntry(guildId, "0", AuditLogEventTypes.REMOVE_API_PERMISSION, {
            type: perm.type,
            target_id: perm.target_id,
          });
          await this.apiPermissions.delete(criteria);
        } else {
          this.auditLogs.addEntry(guildId, "0", AuditLogEventTypes.EDIT_API_PERMISSION, {
            type: perm.type,
            target_id: perm.target_id,
            permissions: perm.permissions,
            expires_at: perm.expires_at,
          });
          await this.apiPermissions.update(criteria, {
            permissions: perm.permissions,
          });
        }
      }
    }

    if (!updatedOwner) {
      this.auditLogs.addEntry(guildId, "0", AuditLogEventTypes.ADD_API_PERMISSION, {
        type: ApiPermissionTypes.User,
        target_id: newOwnerId,
        permissions: [ApiPermissions.Owner],
        expires_at: null,
      });
      await this.apiPermissions.insert({
        guild_id: guildId,
        type: ApiPermissionTypes.User,
        target_id: newOwnerId,
        permissions: [ApiPermissions.Owner],
      });
    }
  }
}
Organise all imports, make Mutes depend on Logs 2021-06-06 23:51:32 +02:00			`import { ApiPermissions } from "@shared/apiPermissions";`
More work on API permissions 2019-11-08 00:04:24 +02:00			`import { getRepository, Repository } from "typeorm";`
			`import { BaseRepository } from "./BaseRepository";`
Organise all imports, make Mutes depend on Logs 2021-06-06 23:51:32 +02:00			`import { ApiPermissionAssignment } from "./entities/ApiPermissionAssignment";`
Update server owner dashboard permissions automatically 2021-09-05 14:34:06 +03:00			`import { Permissions } from "discord.js";`
			`import { ApiAuditLog } from "./ApiAuditLog";`
			`import { AuditLogEventTypes } from "./apiAuditLogTypes";`
More work on API permissions 2019-11-08 00:04:24 +02:00
			`export enum ApiPermissionTypes {`
			`User = "USER",`
			`Role = "ROLE",`
			`}`

			`export class ApiPermissionAssignments extends BaseRepository {`
			`private apiPermissions: Repository<ApiPermissionAssignment>;`
Update server owner dashboard permissions automatically 2021-09-05 14:34:06 +03:00			`private auditLogs: ApiAuditLog;`
More work on API permissions 2019-11-08 00:04:24 +02:00
			`constructor() {`
			`super();`
			`this.apiPermissions = getRepository(ApiPermissionAssignment);`
Update server owner dashboard permissions automatically 2021-09-05 14:34:06 +03:00			`this.auditLogs = new ApiAuditLog();`
More work on API permissions 2019-11-08 00:04:24 +02:00			`}`

dashboard: work on guild access page 2020-05-23 17:30:52 +03:00			`getByGuildId(guildId) {`
			`return this.apiPermissions.find({`
			`where: {`
			`guild_id: guildId,`
			`},`
			`});`
			`}`

More work on API permissions 2019-11-08 00:04:24 +02:00			`getByUserId(userId) {`
			`return this.apiPermissions.find({`
			`where: {`
			`type: ApiPermissionTypes.User,`
			`target_id: userId,`
			`},`
			`});`
			`}`

			`getByGuildAndUserId(guildId, userId) {`
			`return this.apiPermissions.findOne({`
			`where: {`
			`guild_id: guildId,`
			`type: ApiPermissionTypes.User,`
			`target_id: userId,`
			`},`
			`});`
			`}`
Add bot owner commands for adding/removing servers and dashboard users 2020-10-10 14:21:59 +03:00
Add rudimentary user management to dashboard 2021-09-05 16:42:35 +03:00			`addUser(guildId, userId, permissions: ApiPermissions[], expiresAt: string \| null = null) {`
Add bot owner commands for adding/removing servers and dashboard users 2020-10-10 14:21:59 +03:00			`return this.apiPermissions.insert({`
			`guild_id: guildId,`
			`type: ApiPermissionTypes.User,`
			`target_id: userId,`
			`permissions,`
Add rudimentary user management to dashboard 2021-09-05 16:42:35 +03:00			`expires_at: expiresAt,`
Add bot owner commands for adding/removing servers and dashboard users 2020-10-10 14:21:59 +03:00			`});`
			`}`

			`removeUser(guildId, userId) {`
			`return this.apiPermissions.delete({ guild_id: guildId, type: ApiPermissionTypes.User, target_id: userId });`
			`}`
Add support for API permission expiry 2021-09-05 13:53:46 +03:00
Add rudimentary user management to dashboard 2021-09-05 16:42:35 +03:00			`async updateUserPermissions(guildId: string, userId: string, permissions: ApiPermissions[]): Promise<void> {`
			`await this.apiPermissions.update(`
			`{`
			`guild_id: guildId,`
			`type: ApiPermissionTypes.User,`
			`target_id: userId,`
			`},`
			`{`
			`permissions,`
			`},`
			`);`
			`}`

Add support for API permission expiry 2021-09-05 13:53:46 +03:00			`async clearExpiredPermissions() {`
			`await this.apiPermissions`
			`.createQueryBuilder()`
			`.where("expires_at IS NOT NULL")`
			`.andWhere("expires_at <= NOW()")`
			`.delete();`
			`}`
Update server owner dashboard permissions automatically 2021-09-05 14:34:06 +03:00
			`async applyOwnerChange(guildId: string, newOwnerId: string) {`
			`const existingPermissions = await this.getByGuildId(guildId);`
			`let updatedOwner = false;`
			`for (const perm of existingPermissions) {`
			`let hasChanges = false;`

			`// Remove owner permission from anyone who currently has it`
			`if (perm.permissions.includes(ApiPermissions.Owner)) {`
			`perm.permissions.splice(perm.permissions.indexOf(ApiPermissions.Owner), 1);`
			`hasChanges = true;`
			`}`

			`// Add owner permission if we encounter the new owner`
			`if (perm.type === ApiPermissionTypes.User && perm.target_id === newOwnerId) {`
			`perm.permissions.push(ApiPermissions.Owner);`
			`updatedOwner = true;`
			`hasChanges = true;`
			`}`

			`if (hasChanges) {`
			`const criteria = {`
			`guild_id: perm.guild_id,`
			`type: perm.type,`
			`target_id: perm.target_id,`
			`};`
			`if (perm.permissions.length === 0) {`
			`// No remaining permissions -> remove entry`
			`this.auditLogs.addEntry(guildId, "0", AuditLogEventTypes.REMOVE_API_PERMISSION, {`
			`type: perm.type,`
			`target_id: perm.target_id,`
			`});`
			`await this.apiPermissions.delete(criteria);`
			`} else {`
			`this.auditLogs.addEntry(guildId, "0", AuditLogEventTypes.EDIT_API_PERMISSION, {`
			`type: perm.type,`
			`target_id: perm.target_id,`
			`permissions: perm.permissions,`
			`expires_at: perm.expires_at,`
			`});`
			`await this.apiPermissions.update(criteria, {`
			`permissions: perm.permissions,`
			`});`
			`}`
			`}`
			`}`

			`if (!updatedOwner) {`
			`this.auditLogs.addEntry(guildId, "0", AuditLogEventTypes.ADD_API_PERMISSION, {`
			`type: ApiPermissionTypes.User,`
			`target_id: newOwnerId,`
			`permissions: [ApiPermissions.Owner],`
			`expires_at: null,`
			`});`
			`await this.apiPermissions.insert({`
			`guild_id: guildId,`
			`type: ApiPermissionTypes.User,`
			`target_id: newOwnerId,`
			`permissions: [ApiPermissions.Owner],`
			`});`
			`}`
			`}`
More work on API permissions 2019-11-08 00:04:24 +02:00			`}`