RoleSet + Role: shareable role management

src/common/enums/alkemio.error.status.ts

@@ -44,9 +44,9 @@ export enum AlkemioErrorStatus {
   PAGINATION_INPUT_OUT_OF_BOUND = 'PAGINATION_INPUT_OUT_OF_BOUND',
   PAGINATION_NOT_FOUND = 'PAGINATION_NOT_FOUND',
   PAGINATION_PARAM_NOT_FOUND = 'PAGINATION_PARAM_NOT_FOUND',
-  COMMUNITY_POLICY_ROLE_LIMITS_VIOLATED = 'COMMUNITY_POLICY_ROLE_LIMITS_VIOLATED',
-  COMMUNITY_MEMBERSHIP = 'COMMUNITY_MEMBERSHIP',
-  COMMUNITY_INVITATION = 'COMMUNITY_INVITATION',
+  ROLE_SET_POLICY_ROLE_LIMITS_VIOLATED = 'COMMUNITY_POLICY_ROLE_LIMITS_VIOLATED',
+  ROLE_SET_MEMBERSHIP = 'COMMUNITY_MEMBERSHIP',
+  ROLE_SET_INVITATION = 'COMMUNITY_INVITATION',
   LOGIN_FLOW_INIT = 'LOGIN_FLOW_INIT',
   LOGIN_FLOW = 'LOGIN_FLOW',
   SESSION_EXTEND = 'SESSION_EXTEND',

src/common/enums/authorization.policy.type.ts

@@ -22,6 +22,7 @@ export enum AuthorizationPolicyType {
   ROOM = 'room',
   AI_PERSONA = 'ai-persona',
   APPLICATION = 'application',
+  ROLE_SET = 'role-set',
   COMMUNITY = 'community',
   COMMUNITY_GUIDELINES = 'community-guidelines',
   INVITATION = 'invitation',

src/common/enums/community.role.ts

@@ -1,11 +1,11 @@
 import { registerEnumType } from '@nestjs/graphql';
 
-export enum CommunityRole {
+export enum CommunityRoleType {
   MEMBER = 'member',
   LEAD = 'lead',
   ADMIN = 'admin',
 }
 
-registerEnumType(CommunityRole, {
-  name: 'CommunityRole',
+registerEnumType(CommunityRoleType, {
+  name: 'CommunityRoleType',
 });

src/common/exceptions/index.ts

@@ -10,7 +10,7 @@ export * from './relationship.not.found.exception';
 export * from './validation.exception';
 export * from './registration.exception';
 export * from './matrix.entity.not.found.exception';
-export * from './community.policy.role.limits.exception';
+export * from './role.set.policy.role.limits.exception';
 export * from './subscription';
 
 export * from './pagination';

src/common/exceptions/community.invitation.exception.ts → src/common/exceptions/role.set.invitation.exception.ts

@@ -1,8 +1,8 @@
 import { LogContext, AlkemioErrorStatus } from '@common/enums';
 import { BaseException } from './base.exception';
 
-export class CommunityInvitationException extends BaseException {
+export class RoleSetInvitationException extends BaseException {
   constructor(error: string, context: LogContext, code?: AlkemioErrorStatus) {
-    super(error, context, code ?? AlkemioErrorStatus.COMMUNITY_INVITATION);
+    super(error, context, code ?? AlkemioErrorStatus.ROLE_SET_INVITATION);
   }
 }

src/common/exceptions/community.membership.exception.ts → src/common/exceptions/role.set.membership.exception.ts

@@ -1,8 +1,8 @@
 import { LogContext, AlkemioErrorStatus } from '@common/enums';
 import { BaseException } from './base.exception';
 
-export class CommunityMembershipException extends BaseException {
+export class RoleSetMembershipException extends BaseException {
   constructor(error: string, context: LogContext, code?: AlkemioErrorStatus) {
-    super(error, context, code ?? AlkemioErrorStatus.COMMUNITY_MEMBERSHIP);
+    super(error, context, code ?? AlkemioErrorStatus.ROLE_SET_MEMBERSHIP);
   }
 }

src/common/exceptions/community.policy.role.limits.exception.ts → src/common/exceptions/role.set.policy.role.limits.exception.ts

@@ -1,12 +1,12 @@
 import { LogContext, AlkemioErrorStatus } from '@common/enums';
 import { BaseException } from './base.exception';
 
-export class CommunityPolicyRoleLimitsException extends BaseException {
+export class RoleSetPolicyRoleLimitsException extends BaseException {
   constructor(error: string, context: LogContext, code?: AlkemioErrorStatus) {
     super(
       error,
       context,
-      code ?? AlkemioErrorStatus.COMMUNITY_POLICY_ROLE_LIMITS_VIOLATED
+      code ?? AlkemioErrorStatus.ROLE_SET_POLICY_ROLE_LIMITS_VIOLATED
     );
   }
 }

src/common/utils/stringify.util.ts

@@ -1,6 +1,7 @@
 export function stringifyWithoutAuthorizationMetaInfo(object: any): string {
   return JSON.stringify(object, (key, value) => {
     if (
+      key === 'credentials' ||
       key === 'authorization' ||
       key === 'createdDate' ||
       key === 'updatedDate' ||

src/core/authorization/authorization.service.ts

@@ -33,7 +33,7 @@ export class AuthorizationService {
 
     if (this.isAccessGranted(agentInfo, auth, privilegeRequired)) return true;
 
-    const errorMsg = `Authorization: unable to grant '${privilegeRequired}' privilege: ${msg} user: ${agentInfo.userID} on authorization of type '${auth.type}'`;
+    const errorMsg = `Authorization: unable to grant '${privilegeRequired}' privilege: ${msg} user: ${agentInfo.userID} on authorization ${auth.id} of type '${auth.type}'`;
     this.logCredentialCheckFailDetails(errorMsg, agentInfo, auth);
     // If you get to here then no match was found
     throw new ForbiddenAuthorizationPolicyException(
@@ -130,7 +130,7 @@ export class AuthorizationService {
           for (const privilege of rule.grantedPrivileges) {
             if (privilege === privilegeRequired) {
               this.logger.verbose?.(
-                `[CredentialRule] Granted privilege '${privilegeRequired}' using rule '${rule.name}'`,
+                `[CredentialRule] Granted privilege '${privilegeRequired}' using rule '${rule.name}' on authorization ${authorization.id}`,
                 LogContext.AUTH_POLICY
               );
               return true;
@@ -172,7 +172,7 @@ export class AuthorizationService {
       if (grantedPrivileges.includes(rule.sourcePrivilege)) {
         if (rule.grantedPrivileges.includes(privilegeRequired)) {
           this.logger.verbose?.(
-            `[PrivilegeRule] Granted privilege '${privilegeRequired}' using privilege rule '${rule.name}'`,
+            `[PrivilegeRule] Granted privilege '${privilegeRequired}' using privilege rule '${rule.name}' on authorization ${authorization.id}`,
             LogContext.AUTH_POLICY
           );
           return true;

src/core/validation/handlers/base/base.handler.ts

@@ -24,7 +24,7 @@ import {
   CreateTagsetOnProfileInput,
   UpdateProfileInput,
 } from '@domain/common/profile/dto';
-import { ApplicationEventInput } from '@domain/community/application/dto/application.dto.event';
+import { ApplicationEventInput } from '@domain/access/application/dto/application.dto.event';
 import { OrganizationVerificationEventInput } from '@domain/community/organization-verification/dto/organization.verification.dto.event';
 import { RoomSendMessageInput } from '@domain/communication/room/dto/room.dto.send.message';
 import { UpdatePostInput } from '@domain/collaboration/post/dto/post.dto.update';
@@ -35,7 +35,6 @@ import { SendMessageOnCalloutInput } from '@domain/collaboration/callout/dto/cal
 import { CreateCalloutOnCollaborationInput } from '@domain/collaboration/collaboration/dto/collaboration.dto.create.callout';
 import { CreateCalendarEventOnCalendarInput } from '@domain/timeline/calendar/dto/calendar.dto.create.event';
 import { UpdateCalendarEventInput } from '@domain/timeline/event';
-import { UpdateCommunityApplicationFormInput } from '@domain/community/community/dto/community.dto.update.application.form';
 import { CreateTemplateOnTemplatesSetInput } from '@domain/template/templates-set/dto/templates.set.dto.create.template';
 import { UpdateTemplateInput } from '@domain/template/template/dto/template.dto.update';
 import { CreateDocumentInput } from '@domain/storage/document/dto/document.dto.create';
@@ -70,18 +69,38 @@ import { UpdateSpaceSettingsInput } from '@domain/space/space/dto/space.dto.upda
 import { CreateAccountInput } from '@domain/space/account/dto';
 import { UpdateCommunityGuidelinesInput } from '@domain/community/community-guidelines/dto/community.guidelines.dto.update';
 import { ForumCreateDiscussionInput } from '@platform/forum/dto/forum.dto.create.discussion';
-import { CommunityRoleApplyInput } from '@domain/community/community-role/dto/community.role.dto.apply';
-import { CreateInvitationForContributorsOnCommunityInput } from '@domain/community/community-role/dto/community.role.dto.invite.contributor';
-import { CreatePlatformInvitationOnCommunityInput } from '@domain/community/community-role/dto/community.role.dto.platform.invitation.community';
 import { CreateCollaborationOnSpaceInput } from '@domain/space/space/dto/space.dto.create.collaboration';
-import { UpdateInnovationFlowEntityInput } from '@domain/collaboration/innovation-flow/dto/innovation.flow.dto.update.entity';
+import { InviteNewContributorForRoleOnRoleSetInput } from '@domain/access/role-set/dto/role.set.dto.platform.invitation.community';
+import { ApplyForEntryRoleOnRoleSetInput } from '@domain/access/role-set/dto/role.set.dto.entry.role.apply';
+import { InviteForEntryRoleOnRoleSetInput } from '@domain/access/role-set/dto/role.set.dto.entry.role.invite';
+import { AssignRoleOnRoleSetToUserInput } from '@domain/access/role-set/dto/role.set.dto.role.assign.user';
+import { AssignRoleOnRoleSetToOrganizationInput } from '@domain/access/role-set/dto/role.set.dto.role.assign.organization';
+import { AssignRoleOnRoleSetToVirtualContributorInput } from '@domain/access/role-set/dto/role.set.dto.role.assign.virtual';
+import { RemoveRoleOnRoleSetFromUserInput } from '@domain/access/role-set/dto/role.set.dto.role.remove.user';
+import { RemoveRoleOnRoleSetFromOrganizationInput } from '@domain/access/role-set/dto/role.set.dto.role.remove.organization';
+import { RemoveRoleOnRoleSetFromVirtualContributorInput } from '@domain/access/role-set/dto/role.set.dto.role.remove.virtual';
+import { UpdateApplicationFormOnRoleSetInput } from '@domain/access/role-set/dto/role.set.dto.update.application.form';
+import { JoinAsEntryRoleOnRoleSetInput } from '@domain/access/role-set/dto/role.set.dto.entry.role.join';
+import { RolesUserInput } from '@services/api/roles/dto/roles.dto.input.user';
 
 export class BaseHandler extends AbstractHandler {
   public async handle(
     value: any,
     metatype: Function
   ): Promise<ValidationError[]> {
     const types: Function[] = [
+      AssignRoleOnRoleSetToUserInput,
+      AssignRoleOnRoleSetToOrganizationInput,
+      AssignRoleOnRoleSetToVirtualContributorInput,
+      RemoveRoleOnRoleSetFromUserInput,
+      RemoveRoleOnRoleSetFromOrganizationInput,
+      RemoveRoleOnRoleSetFromVirtualContributorInput,
+      UpdateApplicationFormOnRoleSetInput,
+      JoinAsEntryRoleOnRoleSetInput,
+      ApplyForEntryRoleOnRoleSetInput,
+      RolesUserInput,
+      InviteForEntryRoleOnRoleSetInput,
+      InviteNewContributorForRoleOnRoleSetInput,
       ApplicationEventInput,
       UpdateInnovationFlowInput,
       RoomSendMessageInput,
@@ -113,7 +132,6 @@ export class BaseHandler extends AbstractHandler {
       UpdateCalloutContributionDefaultsInput,
       UpdateCalloutContributionPolicyInput,
       UpdateTemplateInput,
-      UpdateCommunityApplicationFormInput,
       UpdateCommunityGuidelinesInput,
       UpdateSpaceInput,
       UpdateSpaceSettingsEntityInput,
@@ -131,9 +149,6 @@ export class BaseHandler extends AbstractHandler {
       UpdateSpaceSettingsEntityInput,
       UpdateSpaceSettingsInput,
       VisualUploadImageInput,
-      CommunityRoleApplyInput,
-      CreateInvitationForContributorsOnCommunityInput,
-      CreatePlatformInvitationOnCommunityInput,
       ForumCreateDiscussionInput,
       SendMessageOnCalloutInput,
       CreateCalloutOnCollaborationInput,

src/domain/community/application/application.entity.ts → src/domain/access/application/application.entity.ts

@@ -6,13 +6,13 @@ import {
   ManyToOne,
   OneToOne,
 } from 'typeorm';
-import { Community } from '@domain/community/community/community.entity';
 import { Lifecycle } from '@domain/common/lifecycle/lifecycle.entity';
 import { IApplication } from './application.interface';
 import { NVP } from '@domain/common/nvp/nvp.entity';
 import { User } from '@domain/community/user/user.entity';
 import { AuthorizableEntity } from '@domain/common/entity/authorizable-entity';
 import { IQuestion } from '@domain/common/question/question.interface';
+import { RoleSet } from '@domain/access/role-set/role.set.entity';
 @Entity()
 export class Application extends AuthorizableEntity implements IApplication {
   @OneToOne(() => Lifecycle, {
@@ -34,10 +34,10 @@ export class Application extends AuthorizableEntity implements IApplication {
   })
   user?: User;
 
-  @ManyToOne(() => Community, community => community.applications, {
+  @ManyToOne(() => RoleSet, manager => manager.applications, {
     eager: false,
     cascade: false,
     onDelete: 'CASCADE',
   })
-  community?: Community;
+  roleSet?: RoleSet;
 }

src/domain/community/application/application.interface.ts → src/domain/access/application/application.interface.ts

@@ -1,15 +1,15 @@
 import { ILifecycle } from '@domain/common/lifecycle/lifecycle.interface';
-import { ICommunity } from '@domain/community/community/community.interface';
 import { IUser } from '@domain/community/user/user.interface';
 import { Field, ObjectType } from '@nestjs/graphql';
 import { IAuthorizable } from '@domain/common/entity/authorizable-entity';
 import { IQuestion } from '@domain/common/question/question.interface';
+import { IRoleSet } from '@domain/access/role-set/role.set.interface';
 
 @ObjectType('Application')
 export abstract class IApplication extends IAuthorizable {
   user?: IUser;
 
-  community?: ICommunity;
+  roleSet?: IRoleSet;
 
   @Field(() => ILifecycle, { nullable: false })
   lifecycle?: ILifecycle;

src/domain/community/application/application.module.ts → src/domain/access/application/application.module.ts

@@ -1,7 +1,7 @@
 import { LifecycleModule } from '@domain/common/lifecycle/lifecycle.module';
 import { NVPModule } from '@domain/common/nvp/nvp.module';
-import { Application } from '@domain/community/application';
-import { ApplicationService } from '@domain/community/application/application.service';
+import { Application } from '@domain/access/application';
+import { ApplicationService } from '@domain/access/application/application.service';
 import { Module } from '@nestjs/common';
 import { TypeOrmModule } from '@nestjs/typeorm';
 import { UserModule } from '@domain/community/user/user.module';

src/domain/community/application/application.resolver.fields.ts → src/domain/access/application/application.resolver.fields.ts

@@ -3,11 +3,11 @@ import { Resolver } from '@nestjs/graphql';
 import { Parent, ResolveField } from '@nestjs/graphql';
 import { ApplicationService } from './application.service';
 import { AuthorizationPrivilege } from '@common/enums';
-import { Application, IApplication } from '@domain/community/application';
+import { Application, IApplication } from '@domain/access/application';
 import { GraphqlGuard } from '@core/authorization';
 import { AuthorizationAgentPrivilege, Profiling } from '@src/common/decorators';
 import { IQuestion } from '@domain/common/question/question.interface';
-import { IContributor } from '../contributor/contributor.interface';
+import { IContributor } from '../../community/contributor/contributor.interface';
 
 @Resolver(() => IApplication)
 export class ApplicationResolverFields {

src/domain/community/application/application.resolver.mutations.ts → src/domain/access/application/application.resolver.mutations.ts

@@ -1,8 +1,8 @@
 import { UseGuards } from '@nestjs/common';
 import { Args, Mutation, Resolver } from '@nestjs/graphql';
 import { CurrentUser } from '@src/common/decorators';
-import { IApplication } from '@domain/community/application';
-import { ApplicationService } from '@domain/community/application/application.service';
+import { IApplication } from '@domain/access/application';
+import { ApplicationService } from '@domain/access/application/application.service';
 import { GraphqlGuard } from '@core/authorization';
 import { AgentInfo } from '@core/authentication.agent.info/agent.info';
 import { AuthorizationPrivilege } from '@common/enums';
@@ -31,7 +31,7 @@ export class ApplicationResolverMutations {
       agentInfo,
       application.authorization,
       AuthorizationPrivilege.DELETE,
-      `delete application community: ${application.id}`
+      `delete application on RoleSet: ${application.id}`
     );
     return await this.applicationService.deleteApplication(deleteData);
   }

src/domain/community/application/application.service.ts → src/domain/access/application/application.service.ts

@@ -1,9 +1,9 @@
-import { CreateApplicationInput } from '@domain/community/application';
+import { CreateApplicationInput } from '@domain/access/application';
 import {
   Application,
   IApplication,
   DeleteApplicationInput,
-} from '@domain/community/application';
+} from '@domain/access/application';
 
 import { Inject, Injectable, LoggerService } from '@nestjs/common';
 import { InjectRepository } from '@nestjs/typeorm';
@@ -17,12 +17,12 @@ import { FindManyOptions, FindOneOptions, Repository } from 'typeorm';
 import { NVPService } from '@domain/common/nvp/nvp.service';
 import { UserService } from '@domain/community/user/user.service';
 import { LifecycleService } from '@domain/common/lifecycle/lifecycle.service';
-import { applicationLifecycleConfig } from '@domain/community/application/application.lifecycle.config';
+import { applicationLifecycleConfig } from '@domain/access/application/application.lifecycle.config';
 import { AuthorizationPolicy } from '@domain/common/authorization-policy';
 import { AuthorizationPolicyService } from '@domain/common/authorization-policy/authorization.policy.service';
 import { IQuestion } from '@domain/common/question/question.interface';
 import { asyncFilter } from '@common/utils';
-import { IContributor } from '../contributor/contributor.interface';
+import { IContributor } from '../../community/contributor/contributor.interface';
 import { AuthorizationPolicyType } from '@common/enums/authorization.policy.type';
 
 @Injectable()
@@ -131,19 +131,18 @@ export class ApplicationService {
 
   async findExistingApplications(
     userID: string,
-    communityID: string
+    roleSetID: string
   ): Promise<IApplication[]> {
-    const existingApplications = await this.applicationRepository
-      .createQueryBuilder('application')
-      .leftJoinAndSelect('application.user', 'user')
-      .leftJoinAndSelect('application.community', 'community')
-      .where('user.id = :userID')
-      .andWhere('community.id = :communityID')
-      .setParameters({
-        userID: `${userID}`,
-        communityID: communityID,
-      })
-      .getMany();
+    const existingApplications = await this.applicationRepository.find({
+      where: {
+        user: { id: userID },
+        roleSet: { id: roleSetID },
+      },
+      relations: {
+        roleSet: true,
+        user: true,
+      },
+    });
     if (existingApplications.length > 0) return existingApplications;
     return [];
   }
@@ -153,7 +152,7 @@ export class ApplicationService {
     states: string[] = []
   ): Promise<IApplication[]> {
     const findOpts: FindManyOptions<Application> = {
-      relations: { community: true },
+      relations: { roleSet: true },
       where: { user: { id: userID } },
     };
 

src/domain/community/application/dto/application.dto.create.ts → src/domain/access/application/dto/application.dto.create.ts

@@ -2,7 +2,7 @@ import { CreateNVPInput } from '@domain/common/nvp';
 export class CreateApplicationInput {
   userID!: string;
 
-  parentID!: string;
+  roleSetID!: string;
 
   questions!: CreateNVPInput[];
 }

src/domain/community/invitation/dto/invitation.dto.create.ts → src/domain/access/invitation/dto/invitation.dto.create.ts

@@ -20,6 +20,6 @@ export class CreateInvitationInput {
 
   createdBy!: string;
 
-  communityID!: string;
+  roleSetID!: string;
   invitedToParent!: boolean;
 }