feat: add integration access settings (#725)

* feat: add integration access settings * fix: typecheck and test issues * fix: test timeout * chore: address pull request feedback * chore: add throw if action forbidden for integration permissions * fix: unable to create new migrations because of duplicate prevId in sqlite snapshots * chore: add sqlite migration for integration permissions * test: add unit tests for integration access * test: add permission checks to integration router tests * test: add unit test for integration permissions * chore: add mysql migration * fix: format issues
2024-07-08 00:00:37 +02:00
parent be711149f7
commit 408cdeb5c3
50 changed files with 4392 additions and 615 deletions
--- a/packages/db/schema/sqlite.ts
+++ b/packages/db/schema/sqlite.ts
@@ -12,6 +12,7 @@ import type {
  BoardPermission,
  GroupPermissionKey,
  IntegrationKind,
+  IntegrationPermission,
  IntegrationSecretKind,
  SectionKind,
  WidgetKind,
@@ -160,6 +161,42 @@ export const integrationSecrets = sqliteTable(
  }),
 );

+export const integrationUserPermissions = sqliteTable(
+  "integrationUserPermission",
+  {
+    integrationId: text("integration_id")
+      .notNull()
+      .references(() => integrations.id, { onDelete: "cascade" }),
+    userId: text("user_id")
+      .notNull()
+      .references(() => users.id, { onDelete: "cascade" }),
+    permission: text("permission").$type<IntegrationPermission>().notNull(),
+  },
+  (table) => ({
+    compoundKey: primaryKey({
+      columns: [table.integrationId, table.userId, table.permission],
+    }),
+  }),
+);
+
+export const integrationGroupPermissions = sqliteTable(
+  "integrationGroupPermissions",
+  {
+    integrationId: text("integration_id")
+      .notNull()
+      .references(() => integrations.id, { onDelete: "cascade" }),
+    groupId: text("group_id")
+      .notNull()
+      .references(() => groups.id, { onDelete: "cascade" }),
+    permission: text("permission").$type<IntegrationPermission>().notNull(),
+  },
+  (table) => ({
+    compoundKey: primaryKey({
+      columns: [table.integrationId, table.groupId, table.permission],
+    }),
+  }),
+);
+
 export const boards = sqliteTable("board", {
  id: text("id").notNull().primaryKey(),
  name: text("name").unique().notNull(),
@@ -390,6 +427,30 @@ export const boardGroupPermissionRelations = relations(boardGroupPermissions, ({
 export const integrationRelations = relations(integrations, ({ many }) => ({
  secrets: many(integrationSecrets),
  items: many(integrationItems),
+  userPermissions: many(integrationUserPermissions),
+  groupPermissions: many(integrationGroupPermissions),
+}));
+
+export const integrationUserPermissionRelations = relations(integrationUserPermissions, ({ one }) => ({
+  user: one(users, {
+    fields: [integrationUserPermissions.userId],
+    references: [users.id],
+  }),
+  integration: one(integrations, {
+    fields: [integrationUserPermissions.integrationId],
+    references: [integrations.id],
+  }),
+}));
+
+export const integrationGroupPermissionRelations = relations(integrationGroupPermissions, ({ one }) => ({
+  group: one(groups, {
+    fields: [integrationGroupPermissions.groupId],
+    references: [groups.id],
+  }),
+  integration: one(integrations, {
+    fields: [integrationGroupPermissions.integrationId],
+    references: [integrations.id],
+  }),
 }));

 export const integrationSecretRelations = relations(integrationSecrets, ({ one }) => ({