refactor: subject connection permissions

dbeaver · Oct 2, 2023 · 76f123c · 76f123c
1 parent 75682bc
commit 76f123c
Show file tree

Hide file tree

Showing 8 changed files with 88 additions and 31 deletions.
diff --git a/webapp/packages/core-authentication/src/UsersResource.ts b/webapp/packages/core-authentication/src/UsersResource.ts
@@ -115,8 +115,20 @@ export class UsersResource extends CachedMapResource<string, AdminUser, UserReso
     return grantedConnections;
   }
 
-  async setConnections(userId: string, connections: string[]): Promise<void> {
-    await this.graphQLService.sdk.setConnections({ userId, connections });
+  async addConnectionsAccess(userId: string, connectionIds: string[]): Promise<void> {
+    await this.graphQLService.sdk.addConnectionsAccess({
+      projectId: 'g_GlobalConfiguration',
+      connectionIds,
+      subjects: [userId],
+    });
+  }
+
+  async deleteConnectionsAccess(userId: string, connectionIds: string[]): Promise<void> {
+    await this.graphQLService.sdk.deleteConnectionsAccess({
+      projectId: 'g_GlobalConfiguration',
+      connectionIds,
+      subjects: [userId],
+    });
   }
 
   async setMetaParameters(userId: string, parameters: Record<string, any>): Promise<void> {

diff --git a/webapp/packages/core-sdk/src/queries/connections/administration/setConnectionAccess.gql b/webapp/packages/core-sdk/src/queries/connections/administration/setConnectionAccess.gql
diff --git a/...p/packages/core-sdk/src/queries/connections/administration/setSubjectConnectionAccess.gql b/...p/packages/core-sdk/src/queries/connections/administration/setSubjectConnectionAccess.gql
diff --git a/webapp/packages/core-sdk/src/queries/resource-manager/addProjectsPermissions.graphql b/webapp/packages/core-sdk/src/queries/resource-manager/addProjectsPermissions.graphql
@@ -0,0 +1,3 @@
+mutation addProjectsPermissions($projectIds: [ID!]!, $subjectIds: [ID!]!, $permissions: [String!]!) {
+  rmAddProjectsPermissions(projectIds: $projectIds, subjectIds: $subjectIds, permissions: $permissions)
+}
diff --git a/webapp/packages/core-sdk/src/queries/resource-manager/deleteProjectsPermissions.graphql b/webapp/packages/core-sdk/src/queries/resource-manager/deleteProjectsPermissions.graphql
@@ -0,0 +1,3 @@
+mutation deleteProjectsPermissions($projectIds: [ID!]!, $subjectIds: [ID!]!, $permissions: [String!]!) {
+  rmDeleteProjectsPermissions(projectIds: $projectIds, subjectIds: $subjectIds, permissions: $permissions)
+}
diff --git a/...tration/src/Administration/Users/Teams/GrantedConnections/GrantedConnectionsTabService.ts b/...tration/src/Administration/Users/Teams/GrantedConnections/GrantedConnectionsTabService.ts
@@ -95,15 +95,38 @@ export class GrantedConnectionsTabService extends Bootstrap {
       return;
     }
 
+    const { connectionsToRevoke, connectionsToGrant } = this.getConnectionsDifferences(state);
+
     try {
-      await this.graphQLService.sdk.setSubjectConnectionAccess({
-        subjectId: config.teamId,
-        connections: state.grantedSubjects,
-      });
+      if (connectionsToRevoke.length > 0) {
+        await this.graphQLService.sdk.deleteConnectionsAccess({
+          projectId: 'g_GlobalConfiguration',
+          subjects: [config.teamId],
+          connectionIds: connectionsToRevoke,
+        });
+      }
+
+      if (connectionsToGrant.length > 0) {
+        await this.graphQLService.sdk.addConnectionsAccess({
+          projectId: 'g_GlobalConfiguration',
+          subjects: [config.teamId],
+          connectionIds: connectionsToGrant,
+        });
+      }
 
       state.loaded = false;
     } catch (exception: any) {
       this.notificationService.logException(exception);
     }
   }
+
+  private getConnectionsDifferences(state: IGrantedConnectionsTabState): { connectionsToRevoke: string[]; connectionsToGrant: string[] } {
+    const current = state.initialGrantedSubjects;
+    const next = state.grantedSubjects;
+
+    const connectionsToRevoke = current.filter(subjectId => !next.includes(subjectId));
+    const connectionsToGrant = next.filter(subjectId => !current.includes(subjectId));
+
+    return { connectionsToRevoke, connectionsToGrant };
+  }
 }
diff --git a/...ration/src/Administration/Users/UserForm/ConnectionAccess/UserFormConnectionAccessPart.ts b/...ration/src/Administration/Users/UserForm/ConnectionAccess/UserFormConnectionAccessPart.ts
@@ -55,14 +55,33 @@ export class UserFormConnectionAccessPart extends FormPart<AdminConnectionGrantI
   }
 
   protected override async saveChanges() {
+    const { connectionsToRevoke, connectionsToGrant } = this.getConnectionsDifferences(
+      this.getGrantedConnections(this.initialState),
+      this.getGrantedConnections(this.state),
+    );
+
     const userFormInfoPart = this.formState.dataContext.get(DATA_CONTEXT_USER_FORM_INFO_PART);
-    await this.usersResource.setConnections(userFormInfoPart.state.userId, this.getGrantedConnections(this.state));
+
+    if (connectionsToRevoke.length > 0) {
+      await this.usersResource.deleteConnectionsAccess(userFormInfoPart.state.userId, connectionsToRevoke);
+    }
+
+    if (connectionsToGrant.length > 0) {
+      await this.usersResource.addConnectionsAccess(userFormInfoPart.state.userId, connectionsToGrant);
+    }
   }
 
   private getGrantedConnections(state: AdminConnectionGrantInfo[]): string[] {
     return state.filter(connection => connection.subjectType !== AdminSubjectType.Team).map(connection => connection.dataSourceId);
   }
 
+  private getConnectionsDifferences(current: string[], next: string[]): { connectionsToRevoke: string[]; connectionsToGrant: string[] } {
+    const connectionsToRevoke = current.filter(subjectId => !next.includes(subjectId));
+    const connectionsToGrant = next.filter(subjectId => !current.includes(subjectId));
+
+    return { connectionsToRevoke, connectionsToGrant };
+  }
+
   protected override async loader() {
     const userFormInfoPart = this.formState.dataContext.get(DATA_CONTEXT_USER_FORM_INFO_PART);
     let grantedConnections: AdminConnectionGrantInfo[] = [];

diff --git a/...nections-administration/src/ConnectionForm/ConnectionAccess/ConnectionAccessTabService.ts b/...nections-administration/src/ConnectionForm/ConnectionAccess/ConnectionAccessTabService.ts
@@ -104,20 +104,24 @@ export class ConnectionAccessTabService extends Bootstrap {
 
     const key = createConnectionParam(data.state.projectId, config.connectionId);
 
-    const changed = await this.isChanged(key, state.grantedSubjects);
+    const currentGrantedSubjects = await this.connectionInfoResource.loadAccessSubjects(key);
+    const currentGrantedSubjectIds = currentGrantedSubjects.map(subject => subject.subjectId);
 
-    if (changed) {
-      if (state.initialGrantedSubjects.length > state.grantedSubjects.length) {
+    const { subjectsToRevoke, subjectsToGrant } = await this.getSubjectDifferences(currentGrantedSubjectIds, state.grantedSubjects);
+
+    if (subjectsToRevoke.length === 0 && subjectsToGrant.length === 0) {
+      return;
+    }
 
-        const subjectsToRemove = state.initialGrantedSubjects.filter(subject => !state.grantedSubjects.includes(subject));
-        await this.connectionInfoResource.deleteConnectionsAccess(key, subjectsToRemove);
-      } else if (state.initialGrantedSubjects.length < state.grantedSubjects.length) {
+    if (subjectsToRevoke.length > 0) {
+      await this.connectionInfoResource.deleteConnectionsAccess(key, subjectsToRevoke);
+    }
 
-        const subjectsToAdd = state.grantedSubjects.filter(subject => !state.initialGrantedSubjects.includes(subject));
-        await this.connectionInfoResource.addConnectionsAccess(key, subjectsToAdd);
-      }
-      state.initialGrantedSubjects = state.grantedSubjects.slice();
+    if (subjectsToGrant.length > 0) {
+      await this.connectionInfoResource.addConnectionsAccess(key, subjectsToGrant);
     }
+
+    state.initialGrantedSubjects = state.grantedSubjects.slice();
   }
 
   private async formState(data: IConnectionFormState, contexts: IExecutionContextProvider<IConnectionFormState>) {
@@ -146,4 +150,11 @@ export class ConnectionAccessTabService extends Bootstrap {
 
     return current.some(value => !next.some(subjectId => subjectId === value.subjectId));
   }
+
+  private async getSubjectDifferences(current: string[], next: string[]): Promise<{ subjectsToRevoke: string[]; subjectsToGrant: string[] }> {
+    const subjectsToRevoke = current.filter(subjectId => !next.includes(subjectId));
+    const subjectsToGrant = next.filter(subjectId => !current.includes(subjectId));
+
+    return { subjectsToRevoke, subjectsToGrant };
+  }
 }