Skip to content

Commit

Permalink
Merge pull request #4612 from alkem-io/patch
Browse files Browse the repository at this point in the history 
Authorization saved on subspace level
  • Loading branch information
@hero101
hero101 authored Oct 14, 2024
2 parents 567be78 + 00fa9a0 commit 902733d
Show file tree
Hide file tree
Showing 7 changed files with 40 additions and 11 deletions.
4 changes: 4 additions & 0 deletions alkemio.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,10 @@ bootstrap:
authorization:
enabled: ${BOOTSTRAP_AUTHORIZATION_ENABLED}:true
file: ${BOOTSTRAP_AUTHORIZATION_FILE}
# Settings related to the authorization framework
authorization:
# amount of authorization policies saved in a single chunk
chunk: ${AUTHORIZATION_CHUNK_SIZE}:1000

## security ##
# The various means by which the security of the Alkemio platform can be configured.
Expand Down
4 changes: 2 additions & 2 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "alkemio-server",
"version": "0.93.0",
"version": "0.93.1",
"description": "Alkemio server, responsible for managing the shared Alkemio platform",
"author": "Alkemio Foundation",
"private": false,
Expand Down
14 changes: 11 additions & 3 deletions src/domain/common/authorization-policy/authorization.policy.service.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,16 +25,24 @@ import { IAuthorizationPolicyRulePrivilege } from '@core/authorization/authoriza
import { IAuthorizationPolicyRuleVerifiedCredential } from '@core/authorization/authorization.policy.rule.verified.credential.interface';
import { ICredentialDefinition } from '@domain/agent/credential/credential.definition.interface';
import { AuthorizationPolicyType } from '@common/enums/authorization.policy.type';
import { ConfigService } from '@nestjs/config';
import { AlkemioConfig } from '@src/types';

@Injectable()
export class AuthorizationPolicyService {
private readonly authChunkSize: number;
constructor(
@InjectRepository(AuthorizationPolicy)
private authorizationPolicyRepository: Repository<AuthorizationPolicy>,
private authorizationService: AuthorizationService,
@Inject(WINSTON_MODULE_NEST_PROVIDER)
private readonly logger: LoggerService
) {}
private readonly logger: LoggerService,
private readonly configService: ConfigService<AlkemioConfig, true>
) {
this.authChunkSize = this.configService.get('authorization.chunk', {
infer: true,
});
}

public authorizationSelectOptions: FindOptionsSelect<AuthorizationPolicy> = {
id: true,
Expand Down Expand Up @@ -193,7 +201,7 @@ export class AuthorizationPolicyService {
LogContext.AUTH
);
await this.authorizationPolicyRepository.save(authorizationPolicies, {
chunk: 100,
chunk: this.authChunkSize,
});
}

Expand Down
10 changes: 8 additions & 2 deletions src/domain/space/account/account.service.authorization.ts
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
import { Injectable } from '@nestjs/common';
import { Inject, Injectable, LoggerService } from '@nestjs/common';
import {
AuthorizationCredential,
AuthorizationPrivilege,
Expand Down Expand Up @@ -35,6 +35,7 @@ import { InnovationHubAuthorizationService } from '@domain/innovation-hub/innova
import { LicenseEngineService } from '@core/license-engine/license.engine.service';
import { LicensePrivilege } from '@common/enums/license.privilege';
import { IAgent } from '@domain/agent/agent/agent.interface';
import { WINSTON_MODULE_NEST_PROVIDER } from 'nest-winston';

@Injectable()
export class AccountAuthorizationService {
Expand All @@ -49,7 +50,8 @@ export class AccountAuthorizationService {
private storageAggregatorAuthorizationService: StorageAggregatorAuthorizationService,
private innovationHubAuthorizationService: InnovationHubAuthorizationService,
private accountService: AccountService,
private accountHostService: AccountHostService
private accountHostService: AccountHostService,
@Inject(WINSTON_MODULE_NEST_PROVIDER) private readonly logger: LoggerService
) {}

async applyAuthorizationPolicy(
Expand Down Expand Up @@ -150,6 +152,10 @@ export class AccountAuthorizationService {
for (const space of account.spaces) {
const spaceAuthorizations =
await this.spaceAuthorizationService.applyAuthorizationPolicy(space);
this.logger.verbose?.(
`space nameID ${space.nameID}: authorizations to reset count = ${spaceAuthorizations.length}`,
LogContext.AUTH
);
updatedAuthorizations.push(...spaceAuthorizations);
}

Expand Down
14 changes: 11 additions & 3 deletions src/domain/space/space/space.service.authorization.ts
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
import { Injectable } from '@nestjs/common';
import { Inject, Injectable, LoggerService } from '@nestjs/common';
import {
AuthorizationCredential,
AuthorizationPrivilege,
Expand Down Expand Up @@ -38,6 +38,7 @@ import { ISpaceSettings } from '../space.settings/space.settings.interface';
import { TemplatesSetAuthorizationService } from '@domain/template/templates-set/templates.set.service.authorization';
import { RoleSetService } from '@domain/access/role-set/role.set.service';
import { IRoleSet } from '@domain/access/role-set';
import { WINSTON_MODULE_NEST_PROVIDER } from 'nest-winston';

@Injectable()
export class SpaceAuthorizationService {
Expand All @@ -52,7 +53,8 @@ export class SpaceAuthorizationService {
private collaborationAuthorizationService: CollaborationAuthorizationService,
private templatesSetAuthorizationService: TemplatesSetAuthorizationService,
private spaceService: SpaceService,
private spaceSettingsService: SpaceSettingsService
private spaceSettingsService: SpaceSettingsService,
@Inject(WINSTON_MODULE_NEST_PROVIDER) private readonly logger: LoggerService
) {}

async applyAuthorizationPolicy(
Expand Down Expand Up @@ -215,7 +217,13 @@ export class SpaceAuthorizationService {
for (const subspace of space.subspaces) {
const updatedSubspaceAuthorizations =
await this.applyAuthorizationPolicy(subspace);
updatedAuthorizations.push(...updatedSubspaceAuthorizations);
this.logger.verbose?.(
`Subspace (${subspace.id}) auth reset: saving ${updatedSubspaceAuthorizations.length} authorizations`,
LogContext.AUTH
);
await this.authorizationPolicyService.saveAll(
updatedSubspaceAuthorizations
);
}

return updatedAuthorizations;
Expand Down
3 changes: 3 additions & 0 deletions src/types/alkemio.config.ts
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
export type AlkemioConfig = {
authorization: {
chunk: number;
};
hosting: {
environment: string;
port: number;
Expand Down

0 comments on commit 902733d

Please sign in to comment.