Fix getProjectMembership to work with additional privileges

2025-03-25 14:05:03 +00:00 · 2024-04-04 11:20:39 -07:00
parent 51819e57d1
commit 51f220ba2c
2 changed files with 44 additions and 4 deletions
--- a/backend/src/ee/services/permission/permission-dal.ts
+++ b/backend/src/ee/services/permission/permission-dal.ts
@ -129,7 +129,7 @@ export const permissionDALFactory = (db: TDbClient) => {
        );

      const permission = sqlNestRelationships({
-        data: docs.concat(groupDocs),
+        data: docs,
        key: "projectId",
        parentMapper: ({ orgId, orgAuthEnforced, membershipId, membershipCreatedAt, membershipUpdatedAt, role }) => ({
          orgId,
@ -175,7 +175,43 @@ export const permissionDALFactory = (db: TDbClient) => {
        ]
      });

+      const groupRoles = groupDocs.length
+        ? sqlNestRelationships({
+            data: groupDocs,
+            key: "projectId",
+            parentMapper: ({
+              orgId,
+              orgAuthEnforced,
+              membershipId,
+              membershipCreatedAt,
+              membershipUpdatedAt,
+              role
+            }) => ({
+              orgId,
+              orgAuthEnforced,
+              userId,
+              role,
+              id: membershipId,
+              projectId,
+              createdAt: membershipCreatedAt,
+              updatedAt: membershipUpdatedAt
+            }),
+            childrenMapper: [
+              {
+                key: "id",
+                label: "roles" as const,
+                mapper: (data) =>
+                  ProjectUserMembershipRolesSchema.extend({
+                    permissions: z.unknown(),
+                    customRoleSlug: z.string().optional().nullable()
+                  }).parse(data)
+              }
+            ]
+          })?.[0]?.roles
+        : [];
+
      if (!permission?.[0]) return undefined;
+
      // when introducting cron mode change it here
      const activeRoles = permission?.[0]?.roles?.filter(
        ({ isTemporary, temporaryAccessEndTime }) =>
@ -187,7 +223,11 @@ export const permissionDALFactory = (db: TDbClient) => {
          !isTemporary || (isTemporary && temporaryAccessEndTime && new Date() < temporaryAccessEndTime)
      );

-      return { ...permission[0], roles: activeRoles, additionalPrivileges: activeAdditionalPrivileges };
+      return {
+        ...permission[0],
+        roles: [...activeRoles, ...groupRoles],
+        additionalPrivileges: activeAdditionalPrivileges
+      };
    } catch (error) {
      throw new DatabaseError({ error, name: "GetProjectPermission" });
    }
--- a/frontend/src/views/Project/MembersPage/components/GroupsTab/components/GroupsSection/GroupRoles.tsx
+++ b/frontend/src/views/Project/MembersPage/components/GroupsTab/components/GroupsSection/GroupRoles.tsx
@ -26,8 +26,8 @@ import {
 import { useWorkspace } from "@app/context";
 import { usePopUp } from "@app/hooks";
 import { useGetProjectRoles, useUpdateGroupWorkspaceRole } from "@app/hooks/api";
+import { TGroupMembership } from "@app/hooks/api/groups/types";
 import { ProjectMembershipRole } from "@app/hooks/api/roles/types";
-import { TWorkspaceUser } from "@app/hooks/api/types";
 import { ProjectUserMembershipTemporaryMode } from "@app/hooks/api/workspace/types";
 import { groupBy } from "@app/lib/fn/array";

@ -196,7 +196,7 @@ type TForm = z.infer<typeof formSchema>;
 export type TMemberRolesProp = {
  disableEdit?: boolean;
  groupSlug: string;
-  roles: TWorkspaceUser["roles"];
+  roles: TGroupMembership["roles"];
 };

 const MAX_ROLES_TO_BE_SHOWN_IN_TABLE = 2;