mirror of
https://github.com/OneUptime/oneuptime.git
synced 2026-04-06 00:32:12 +02:00
c229936d5c
- Updated permission arrays in various database model files to ensure consistent formatting by aligning closing brackets. - Adjusted the `onBeforeCreate` function in the IncidentMembers component for improved readability. - Cleaned up descriptions in the Permission helper class for better clarity. - Added a new migration for IncidentRole and IncidentMember tables with appropriate constraints and indexes.
626 lines
15 KiB
TypeScript
626 lines
15 KiB
TypeScript
import Project from "./Project";
|
|
import Team from "./Team";
|
|
import User from "./User";
|
|
import BaseModel from "./DatabaseBaseModel/DatabaseBaseModel";
|
|
import Route from "../../Types/API/Route";
|
|
import URL from "../../Types/API/URL";
|
|
import { PlanType } from "../../Types/Billing/SubscriptionPlan";
|
|
import ColumnAccessControl from "../../Types/Database/AccessControl/ColumnAccessControl";
|
|
import TableAccessControl from "../../Types/Database/AccessControl/TableAccessControl";
|
|
import TableBillingAccessControl from "../../Types/Database/AccessControl/TableBillingAccessControl";
|
|
import ColumnLength from "../../Types/Database/ColumnLength";
|
|
import ColumnType from "../../Types/Database/ColumnType";
|
|
import CrudApiEndpoint from "../../Types/Database/CrudApiEndpoint";
|
|
import TableColumn from "../../Types/Database/TableColumn";
|
|
import TableColumnType from "../../Types/Database/TableColumnType";
|
|
import TableMetadata from "../../Types/Database/TableMetadata";
|
|
import TenantColumn from "../../Types/Database/TenantColumn";
|
|
import UniqueColumnBy from "../../Types/Database/UniqueColumnBy";
|
|
import IconProp from "../../Types/Icon/IconProp";
|
|
import ObjectID from "../../Types/ObjectID";
|
|
import Permission from "../../Types/Permission";
|
|
import DigestMethod from "../../Types/SSO/DigestMethod";
|
|
import SignatureMethod from "../../Types/SSO/SignatureMethod";
|
|
import {
|
|
Column,
|
|
Entity,
|
|
Index,
|
|
JoinColumn,
|
|
JoinTable,
|
|
ManyToMany,
|
|
ManyToOne,
|
|
} from "typeorm";
|
|
|
|
@TableBillingAccessControl({
|
|
create: PlanType.Scale,
|
|
read: PlanType.Scale,
|
|
update: PlanType.Scale,
|
|
delete: PlanType.Scale,
|
|
})
|
|
@TenantColumn("projectId")
|
|
@TableAccessControl({
|
|
create: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
Permission.CreateProjectSSO,
|
|
],
|
|
read: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectUser,
|
|
Permission.UnAuthorizedSsoUser,
|
|
Permission.ProjectMember,
|
|
Permission.ReadProjectSSO,
|
|
Permission.ReadAllProjectResources,
|
|
],
|
|
delete: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
Permission.DeleteProjectSSO,
|
|
],
|
|
update: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
Permission.EditProjectSSO,
|
|
],
|
|
})
|
|
@CrudApiEndpoint(new Route("/project-sso"))
|
|
@TableMetadata({
|
|
tableName: "ProjectSSO",
|
|
singularName: "SSO",
|
|
pluralName: "SSO",
|
|
icon: IconProp.Lock,
|
|
tableDescription: "Manage SSO for your project",
|
|
})
|
|
@Entity({
|
|
name: "ProjectSSO",
|
|
})
|
|
export default class ProjectSSO extends BaseModel {
|
|
@ColumnAccessControl({
|
|
create: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
Permission.CreateProjectSSO,
|
|
],
|
|
read: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
Permission.ProjectUser,
|
|
Permission.Public,
|
|
Permission.UnAuthorizedSsoUser,
|
|
Permission.ProjectMember,
|
|
Permission.ReadProjectSSO,
|
|
Permission.ReadAllProjectResources,
|
|
],
|
|
update: [],
|
|
})
|
|
@TableColumn({
|
|
manyToOneRelationColumn: "projectId",
|
|
type: TableColumnType.Entity,
|
|
modelType: Project,
|
|
title: "Project",
|
|
description: "Relation to Project Resource in which this object belongs",
|
|
example: "5f8b9c0d-e1a2-4b3c-8d5e-6f7a8b9c0d1e",
|
|
})
|
|
@ManyToOne(
|
|
() => {
|
|
return Project;
|
|
},
|
|
{
|
|
eager: false,
|
|
nullable: true,
|
|
onDelete: "CASCADE",
|
|
orphanedRowAction: "nullify",
|
|
},
|
|
)
|
|
@JoinColumn({ name: "projectId" })
|
|
public project?: Project = undefined;
|
|
|
|
@ColumnAccessControl({
|
|
create: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
Permission.CreateProjectSSO,
|
|
],
|
|
read: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
Permission.ProjectUser,
|
|
Permission.Public,
|
|
Permission.UnAuthorizedSsoUser,
|
|
Permission.ProjectMember,
|
|
Permission.ReadProjectSSO,
|
|
Permission.ProjectUser,
|
|
Permission.UnAuthorizedSsoUser,
|
|
Permission.ReadAllProjectResources,
|
|
],
|
|
update: [],
|
|
})
|
|
@Index()
|
|
@TableColumn({
|
|
type: TableColumnType.ObjectID,
|
|
required: true,
|
|
canReadOnRelationQuery: true,
|
|
title: "Project ID",
|
|
description: "ID of your OneUptime Project in which this object belongs",
|
|
example: "5f8b9c0d-e1a2-4b3c-8d5e-6f7a8b9c0d1e",
|
|
})
|
|
@Column({
|
|
type: ColumnType.ObjectID,
|
|
nullable: false,
|
|
transformer: ObjectID.getDatabaseTransformer(),
|
|
})
|
|
public projectId?: ObjectID = undefined;
|
|
|
|
@ColumnAccessControl({
|
|
create: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
Permission.CreateProjectSSO,
|
|
],
|
|
read: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
Permission.ProjectUser,
|
|
Permission.Public,
|
|
Permission.UnAuthorizedSsoUser,
|
|
Permission.ProjectMember,
|
|
Permission.ReadProjectSSO,
|
|
Permission.ProjectUser,
|
|
Permission.UnAuthorizedSsoUser,
|
|
Permission.ReadAllProjectResources,
|
|
],
|
|
update: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
Permission.EditProjectSSO,
|
|
],
|
|
})
|
|
@TableColumn({
|
|
required: true,
|
|
type: TableColumnType.ShortText,
|
|
canReadOnRelationQuery: true,
|
|
title: "Name",
|
|
description: "Any friendly name of this object",
|
|
example: "Okta SSO Integration",
|
|
})
|
|
@Column({
|
|
nullable: false,
|
|
type: ColumnType.ShortText,
|
|
length: ColumnLength.ShortText,
|
|
})
|
|
@UniqueColumnBy("projectId")
|
|
public name?: string = undefined;
|
|
|
|
@ColumnAccessControl({
|
|
create: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
Permission.CreateProjectSSO,
|
|
],
|
|
read: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
Permission.ProjectUser,
|
|
Permission.Public,
|
|
Permission.UnAuthorizedSsoUser,
|
|
Permission.ProjectMember,
|
|
Permission.ReadProjectSSO,
|
|
Permission.ReadAllProjectResources,
|
|
],
|
|
update: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
Permission.EditProjectSSO,
|
|
],
|
|
})
|
|
@TableColumn({
|
|
required: true,
|
|
type: TableColumnType.LongText,
|
|
canReadOnRelationQuery: true,
|
|
example: "Single Sign-On integration with company Okta identity provider",
|
|
})
|
|
@Column({
|
|
nullable: false,
|
|
type: ColumnType.LongText,
|
|
})
|
|
public description?: string = undefined;
|
|
|
|
@ColumnAccessControl({
|
|
create: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
Permission.CreateProjectSSO,
|
|
],
|
|
read: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
Permission.ReadProjectSSO,
|
|
Permission.ReadAllProjectResources,
|
|
],
|
|
update: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
Permission.EditProjectSSO,
|
|
],
|
|
})
|
|
@TableColumn({
|
|
required: true,
|
|
type: TableColumnType.ShortText,
|
|
canReadOnRelationQuery: true,
|
|
example: "sha256",
|
|
})
|
|
@Column({
|
|
nullable: false,
|
|
type: ColumnType.ShortText,
|
|
length: ColumnLength.ShortText,
|
|
})
|
|
public signatureMethod?: SignatureMethod = undefined;
|
|
|
|
@ColumnAccessControl({
|
|
create: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
Permission.CreateProjectSSO,
|
|
],
|
|
read: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
Permission.ReadProjectSSO,
|
|
Permission.ReadAllProjectResources,
|
|
],
|
|
update: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
Permission.EditProjectSSO,
|
|
],
|
|
})
|
|
@TableColumn({
|
|
required: true,
|
|
type: TableColumnType.ShortText,
|
|
canReadOnRelationQuery: true,
|
|
example: "sha256",
|
|
})
|
|
@Column({
|
|
nullable: false,
|
|
type: ColumnType.ShortText,
|
|
length: ColumnLength.ShortText,
|
|
})
|
|
public digestMethod?: DigestMethod = undefined;
|
|
|
|
@ColumnAccessControl({
|
|
create: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
Permission.CreateProjectSSO,
|
|
],
|
|
read: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
Permission.ProjectMember,
|
|
Permission.ReadProjectSSO,
|
|
Permission.Public,
|
|
Permission.ProjectUser,
|
|
Permission.UnAuthorizedSsoUser,
|
|
Permission.ReadAllProjectResources,
|
|
],
|
|
update: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
Permission.EditProjectSSO,
|
|
],
|
|
})
|
|
@TableColumn({
|
|
required: true,
|
|
type: TableColumnType.LongURL,
|
|
canReadOnRelationQuery: true,
|
|
example: "https://sso.example.com/saml/login",
|
|
})
|
|
@Column({
|
|
nullable: false,
|
|
type: ColumnType.LongURL,
|
|
transformer: URL.getDatabaseTransformer(),
|
|
})
|
|
@UniqueColumnBy("projectId")
|
|
public signOnURL?: URL = undefined;
|
|
|
|
@ColumnAccessControl({
|
|
create: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
Permission.CreateProjectSSO,
|
|
],
|
|
read: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
Permission.ProjectMember,
|
|
Permission.ReadProjectSSO,
|
|
Permission.ReadAllProjectResources,
|
|
],
|
|
update: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
Permission.EditProjectSSO,
|
|
],
|
|
})
|
|
@TableColumn({
|
|
required: false,
|
|
type: TableColumnType.EntityArray,
|
|
modelType: Team,
|
|
example: [{ id: "5f8b9c0d-e1a2-4b3c-8d5e-6f7a8b9c0d1e" }],
|
|
})
|
|
@ManyToMany(
|
|
() => {
|
|
return Team;
|
|
},
|
|
{ eager: false },
|
|
)
|
|
@JoinTable({
|
|
name: "ProjectSsoTeam",
|
|
inverseJoinColumn: {
|
|
name: "teamId",
|
|
referencedColumnName: "_id",
|
|
},
|
|
joinColumn: {
|
|
name: "projectSsoId",
|
|
referencedColumnName: "_id",
|
|
},
|
|
})
|
|
public teams?: Array<Team> = undefined; // teams that teammember should be added to when they sign into SSO for the first time.
|
|
|
|
@ColumnAccessControl({
|
|
create: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
Permission.CreateProjectSSO,
|
|
],
|
|
read: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
|
|
Permission.ReadProjectSSO,
|
|
Permission.ReadAllProjectResources,
|
|
],
|
|
update: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
Permission.EditProjectSSO,
|
|
],
|
|
})
|
|
@TableColumn({
|
|
required: true,
|
|
type: TableColumnType.LongURL,
|
|
canReadOnRelationQuery: true,
|
|
example: "https://sso.example.com",
|
|
})
|
|
@Column({
|
|
nullable: false,
|
|
type: ColumnType.LongURL,
|
|
transformer: URL.getDatabaseTransformer(),
|
|
})
|
|
public issuerURL?: URL = undefined;
|
|
|
|
@ColumnAccessControl({
|
|
create: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
Permission.CreateProjectSSO,
|
|
],
|
|
read: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
Permission.ReadProjectSSO,
|
|
Permission.ReadAllProjectResources,
|
|
],
|
|
update: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
Permission.EditProjectSSO,
|
|
],
|
|
})
|
|
@TableColumn({
|
|
required: true,
|
|
type: TableColumnType.VeryLongText,
|
|
canReadOnRelationQuery: true,
|
|
example:
|
|
"-----BEGIN CERTIFICATE-----\nMIIDXTCCAkWgAwIBAgIJAKL0UG...\n-----END CERTIFICATE-----",
|
|
})
|
|
@Column({
|
|
nullable: false,
|
|
type: ColumnType.VeryLongText,
|
|
})
|
|
public publicCertificate?: string = undefined;
|
|
|
|
@ColumnAccessControl({
|
|
create: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
Permission.CreateProjectSSO,
|
|
],
|
|
read: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
|
|
Permission.ProjectMember,
|
|
Permission.ReadProjectSSO,
|
|
Permission.ReadAllProjectResources,
|
|
],
|
|
update: [],
|
|
})
|
|
@TableColumn({
|
|
manyToOneRelationColumn: "createdByUserId",
|
|
type: TableColumnType.Entity,
|
|
modelType: User,
|
|
title: "Created by User",
|
|
description:
|
|
"Relation to User who created this object (if this object was created by a User)",
|
|
example: "5f8b9c0d-e1a2-4b3c-8d5e-6f7a8b9c0d1e",
|
|
})
|
|
@ManyToOne(
|
|
() => {
|
|
return User;
|
|
},
|
|
{
|
|
eager: false,
|
|
nullable: true,
|
|
onDelete: "SET NULL",
|
|
orphanedRowAction: "nullify",
|
|
},
|
|
)
|
|
@JoinColumn({ name: "createdByUserId" })
|
|
public createdByUser?: User = undefined;
|
|
|
|
@ColumnAccessControl({
|
|
create: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
Permission.CreateProjectSSO,
|
|
],
|
|
read: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
|
|
Permission.ProjectMember,
|
|
Permission.ReadProjectSSO,
|
|
Permission.ReadAllProjectResources,
|
|
],
|
|
update: [],
|
|
})
|
|
@TableColumn({
|
|
type: TableColumnType.ObjectID,
|
|
title: "Created by User ID",
|
|
description:
|
|
"User ID who created this object (if this object was created by a User)",
|
|
example: "5f8b9c0d-e1a2-4b3c-8d5e-6f7a8b9c0d1e",
|
|
})
|
|
@Column({
|
|
type: ColumnType.ObjectID,
|
|
nullable: true,
|
|
transformer: ObjectID.getDatabaseTransformer(),
|
|
})
|
|
public createdByUserId?: ObjectID = undefined;
|
|
|
|
@ColumnAccessControl({
|
|
create: [],
|
|
read: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
|
|
Permission.ProjectMember,
|
|
Permission.ReadProjectSSO,
|
|
Permission.ReadAllProjectResources,
|
|
],
|
|
update: [],
|
|
})
|
|
@TableColumn({
|
|
manyToOneRelationColumn: "deletedByUserId",
|
|
type: TableColumnType.Entity,
|
|
title: "Deleted by User",
|
|
modelType: User,
|
|
description:
|
|
"Relation to User who deleted this object (if this object was deleted by a User)",
|
|
example: "5f8b9c0d-e1a2-4b3c-8d5e-6f7a8b9c0d1e",
|
|
})
|
|
@ManyToOne(
|
|
() => {
|
|
return User;
|
|
},
|
|
{
|
|
cascade: false,
|
|
eager: false,
|
|
nullable: true,
|
|
onDelete: "SET NULL",
|
|
orphanedRowAction: "nullify",
|
|
},
|
|
)
|
|
@JoinColumn({ name: "deletedByUserId" })
|
|
public deletedByUser?: User = undefined;
|
|
|
|
@ColumnAccessControl({
|
|
create: [],
|
|
read: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
|
|
Permission.ProjectMember,
|
|
Permission.ReadProjectSSO,
|
|
Permission.ReadAllProjectResources,
|
|
],
|
|
update: [],
|
|
})
|
|
@TableColumn({
|
|
type: TableColumnType.ObjectID,
|
|
title: "Deleted by User ID",
|
|
description:
|
|
"User ID who deleted this object (if this object was deleted by a User)",
|
|
example: "5f8b9c0d-e1a2-4b3c-8d5e-6f7a8b9c0d1e",
|
|
})
|
|
@Column({
|
|
type: ColumnType.ObjectID,
|
|
nullable: true,
|
|
transformer: ObjectID.getDatabaseTransformer(),
|
|
})
|
|
public deletedByUserId?: ObjectID = undefined;
|
|
|
|
@ColumnAccessControl({
|
|
create: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
Permission.CreateProjectSSO,
|
|
],
|
|
read: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
Permission.ProjectUser,
|
|
Permission.UnAuthorizedSsoUser,
|
|
Permission.ProjectMember,
|
|
Permission.ReadProjectSSO,
|
|
Permission.ReadAllProjectResources,
|
|
],
|
|
update: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
Permission.EditProjectSSO,
|
|
],
|
|
})
|
|
@TableColumn({
|
|
isDefaultValueColumn: true,
|
|
type: TableColumnType.Boolean,
|
|
defaultValue: false,
|
|
example: true,
|
|
})
|
|
@Column({
|
|
type: ColumnType.Boolean,
|
|
default: false,
|
|
})
|
|
public isEnabled?: boolean = undefined;
|
|
|
|
// Is this integration tested?
|
|
@ColumnAccessControl({
|
|
create: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
Permission.CreateProjectSSO,
|
|
],
|
|
read: [
|
|
Permission.ProjectOwner,
|
|
Permission.ProjectAdmin,
|
|
|
|
Permission.ProjectMember,
|
|
Permission.ReadProjectSSO,
|
|
Permission.ReadAllProjectResources,
|
|
],
|
|
update: [],
|
|
})
|
|
@TableColumn({
|
|
isDefaultValueColumn: true,
|
|
type: TableColumnType.Boolean,
|
|
defaultValue: false,
|
|
example: true,
|
|
})
|
|
@Column({
|
|
type: ColumnType.Boolean,
|
|
default: false,
|
|
})
|
|
public isTested?: boolean = undefined;
|
|
}
|