Open rajdip-b opened 3 weeks ago
/attempt
Assigned the issue to you!
Hey @rayaanoidPrime! Could you hold up to this for a day or two? I'm making a major refactor to the way secrets, variables and environments are organized. I would notify you once its done.
Oh sure no worries
Hey bro! @rayaanoidPrime
v2.0.0 just got released! You can start working now. Do hit me up if you want help.
Description
Right now, the roles that are created can have one or many projects associated with it. Associating projects mean that members who will have this role attached to them, will be able to perform the
authorities
inWorkspaceRole
entity [refer to prisma schema].We would like to have another layer of security in here. We would also like to introduce environment specific access, so that members can have access to only a specific set of environments in the project set by the admin.
Use case:
Consider that there's a project that has 3 environments - dev, stage and prod. It will be ideal to allow the developers access the
dev
andstage
environments (and the secrets and variables in it) while theprod
environment is only accessible by the DevOps team or such. This is where this feature will be helpfulSolution
ProjectWorkspaceRoleAssociation
entity to includeenvironments
- specifying the environments accessible by the member.Environment
on toProjectWorkspaceRoleAssociation
.getCollectiveEnvironmentAuthorities
. You can take the reference from anyget-collective-project-authorities.ts
. The purpose of this function would be this: given the userId, project, and environment, it would need to fetch all the authorities that the member has over this environment.AuthorityCheckerService#checkAuthorityOverEnvironment
to incorporate thegetCollectiveEnvironmentAuthorities
function and filter the roles.projectIds
to be a of typeMap<String, Array<String>>
. The association will be something like this: For every projectId, list of environmentIds that will be available to the role.WorkspaceRoleService
functions acordinglyworkspace-role
module.