rayaanoidPrime
commented
3 weeks ago /attempt
Open rajdip-b opened 3 weeks ago
rayaanoidPrime
commented
3 weeks ago /attempt
github-actions[bot]
commented
3 weeks ago Assigned the issue to you!
rajdip-b
commented
3 weeks ago Hey @rayaanoidPrime! Could you hold up to this for a day or two? I'm making a major refactor to the way secrets, variables and environments are organized. I would notify you once its done.
rayaanoidPrime
commented
3 weeks ago Oh sure no worries
rajdip-b
commented
2 weeks ago Hey bro! @rayaanoidPrime
v2.0.0 just got released! You can start working now. Do hit me up if you want help.
Description
Right now, the roles that are created can have one or many projects associated with it. Associating projects mean that members who will have this role attached to them, will be able to perform the
authoritiesinWorkspaceRoleentity [refer to prisma schema].We would like to have another layer of security in here. We would also like to introduce environment specific access, so that members can have access to only a specific set of environments in the project set by the admin.
Use case:
Consider that there's a project that has 3 environments - dev, stage and prod. It will be ideal to allow the developers access the
devandstageenvironments (and the secrets and variables in it) while theprodenvironment is only accessible by the DevOps team or such. This is where this feature will be helpfulSolution
ProjectWorkspaceRoleAssociationentity to includeenvironments- specifying the environments accessible by the member.Environmenton toProjectWorkspaceRoleAssociation.getCollectiveEnvironmentAuthorities. You can take the reference from anyget-collective-project-authorities.ts. The purpose of this function would be this: given the userId, project, and environment, it would need to fetch all the authorities that the member has over this environment.AuthorityCheckerService#checkAuthorityOverEnvironmentto incorporate thegetCollectiveEnvironmentAuthoritiesfunction and filter the roles.projectIdsto be a of typeMap<String, Array<String>>. The association will be something like this: For every projectId, list of environmentIds that will be available to the role.WorkspaceRoleServicefunctions acordinglyworkspace-rolemodule.