Entitlements + license services

src/app.module.ts

@@ -82,6 +82,7 @@ import { PlatformHubModule } from '@platform/platform.hub/platform.hub.module';
 import { AdminContributorsModule } from '@platform/admin/avatars/admin.avatar.module';
 import { InputCreatorModule } from '@services/api/input-creator/input.creator.module';
 import { TemplateApplierModule } from '@domain/template/template-applier/template.applier.module';
+import { LoaderCreatorModule } from '@core/dataloader/creators/loader.creator.module';
 import { Cipher, EncryptionModule } from '@hedger/nestjs-encryption';
 import { AdminUsersModule } from '@platform/admin/users/admin.users.module';
 
@@ -247,6 +248,7 @@ import { AdminUsersModule } from '@platform/admin/users/admin.users.module';
         };
       },
     }),
+    LoaderCreatorModule,
     ScalarsModule,
     AuthenticationModule,
     AuthorizationModule,

src/common/constants/authorization/credential.rule.types.constants.ts

@@ -16,8 +16,6 @@ export const CREDENTIAL_RULE_TYPES_SPACE_COMMUNITY_APPLY_GLOBAL_REGISTERED =
   'credentialRuleTypes-spaceCommunityApplyGlobalRegistered';
 export const CREDENTIAL_RULE_TYPES_SPACE_COMMUNITY_JOIN_GLOBAL_REGISTERED =
   'credentialRuleTypes-spaceCommunityJoinGlobalRegistered';
-export const CREDENTIAL_RULE_TYPES_ACCESS_VIRTUAL_CONTRIBUTORS =
-  'credentialRuleTypes-accessVirtualContributors';
 export const CREDENTIAL_RULE_TYPES_CALLOUT_SAVE_AS_TEMPLATE =
   'credentialRuleTypes-calloutSaveAsTemplate';
 export const CREDENTIAL_RULE_TYPES_CALLOUT_UPDATE_PUBLISHER_ADMINS =

src/common/enums/alkemio.error.status.ts

@@ -25,6 +25,8 @@ export enum AlkemioErrorStatus {
   NOT_ENABLED = 'NOT_ENABLED',
   USER_NOT_REGISTERED = 'USER_NOT_REGISTERED',
   LICENSE_NOT_FOUND = 'LICENSE_NOT_FOUND',
+  LICENSE_ENTITLEMENT_NOT_AVAILABLE = 'LICENSE_ENTITLEMENT_NOT_AVAILABLE',
+  LICENSE_ENTITLEMENT_NOT_SUPPORTED = 'LICENSE_ENTITLEMENT_NOT_SUPPORTED',
   MATRIX_ENTITY_NOT_FOUND_ERROR = 'MATRIX_ENTITY_NOT_FOUND_ERROR',
   BOOTSTRAP_FAILED = 'BOOTSTRAP_FAILED',
   NOTIFICATION_PAYLOAD_BUILDER_ERROR = 'NOTIFICATION_PAYLOAD_BUILDER_ERROR',

src/common/enums/authorization.policy.type.ts

@@ -54,6 +54,7 @@ export enum AuthorizationPolicyType {
   LIBRARY = 'library',
   IN_MEMORY = 'in-memory',
   LICENSING = 'licensing',
+  LICENSE = 'license',
   LICENSE_POLICY = 'license-policy',
   UNKNOWN = 'unknown',
   AI_PERSONA_SERVICE = 'ai-persona-service',

src/common/enums/authorization.privilege.ts

@@ -8,6 +8,7 @@ export enum AuthorizationPrivilege {
   GRANT = 'grant', // allow the issuing / revoking of credentials of the same type within a given scope
   GRANT_GLOBAL_ADMINS = 'grant-global-admins',
   AUTHORIZATION_RESET = 'authorization-reset',
+  LICENSE_RESET = 'license-reset',
   PLATFORM_ADMIN = 'platform-admin', // To determine if the user should have access to the platform administration
   CONTRIBUTE = 'contribute',
   CREATE_CALLOUT = 'create-callout',

src/common/enums/license.entitlement.data.type.ts

@@ -0,0 +1,10 @@
+import { registerEnumType } from '@nestjs/graphql';
+
+export enum LicenseEntitlementDataType {
+  LIMIT = 'limit',
+  FLAG = 'flag',
+}
+
+registerEnumType(LicenseEntitlementDataType, {
+  name: 'LicenseEntitlementDataType',
+});

src/common/enums/license.entitlement.type.ts

@@ -0,0 +1,20 @@
+import { registerEnumType } from '@nestjs/graphql';
+
+export enum LicenseEntitlementType {
+  ACCOUNT_SPACE_FREE = 'account-space-free',
+  ACCOUNT_SPACE_PLUS = 'account-space-plus',
+  ACCOUNT_SPACE_PREMIUM = 'account-space-premium',
+  ACCOUNT_VIRTUAL_CONTRIBUTOR = 'account-virtual-contributor',
+  ACCOUNT_INNOVATION_PACK = 'account-innovation-pack',
+  ACCOUNT_INNOVATION_HUB = 'account-innovation-hub',
+  SPACE_FREE = 'space-free',
+  SPACE_PLUS = 'space-plus',
+  SPACE_PREMIUM = 'space-premium',
+  SPACE_FLAG_SAVE_AS_TEMPLATE = 'space-flag-save-as-template',
+  SPACE_FLAG_VIRTUAL_CONTRIBUTOR_ACCESS = 'space-flag-virtual-contributor-access',
+  SPACE_FLAG_WHITEBOARD_MULTI_USER = 'space-flag-whiteboard-multi-user',
+}
+
+registerEnumType(LicenseEntitlementType, {
+  name: 'LicenseEntitlementType',
+});

src/common/enums/license.type.ts

@@ -0,0 +1,13 @@
+import { registerEnumType } from '@nestjs/graphql';
+
+export enum LicenseType {
+  ACCOUNT = 'account',
+  SPACE = 'space',
+  WHITEBOARD = 'whiteboard',
+  ROLESET = 'roleset',
+  COLLABORATION = 'collaboration',
+}
+
+registerEnumType(LicenseType, {
+  name: 'LicenseType',
+});

src/common/exceptions/forbidden.license.policy.exception.ts

@@ -1,11 +1,11 @@
 import { AlkemioErrorStatus, LogContext } from '@common/enums';
 import { BaseException } from './base.exception';
-import { LicensePrivilege } from '@common/enums/license.privilege';
+import { LicenseEntitlementType } from '@common/enums/license.entitlement.type';
 
 export class ForbiddenLicensePolicyException extends BaseException {
   constructor(
     error: string,
-    public checkedPrivilege: LicensePrivilege,
+    public checkedEntitlement: LicenseEntitlementType,
     public licensePolicyId: string,
     public licenseId: string
   ) {

src/common/exceptions/license.entitlement.not.available.exception.ts

@@ -0,0 +1,12 @@
+import { LogContext, AlkemioErrorStatus } from '@common/enums';
+import { BaseException } from './base.exception';
+
+export class LicenseEntitlementNotAvailableException extends BaseException {
+  constructor(error: string, context: LogContext, code?: AlkemioErrorStatus) {
+    super(
+      error,
+      context,
+      code ?? AlkemioErrorStatus.LICENSE_ENTITLEMENT_NOT_AVAILABLE
+    );
+  }
+}

src/common/exceptions/license.entitlement.not.supported.ts

@@ -0,0 +1,12 @@
+import { LogContext, AlkemioErrorStatus } from '@common/enums';
+import { BaseException } from './base.exception';
+
+export class LicenseEntitlementNotSupportedException extends BaseException {
+  constructor(error: string, context: LogContext, code?: AlkemioErrorStatus) {
+    super(
+      error,
+      context,
+      code ?? AlkemioErrorStatus.LICENSE_ENTITLEMENT_NOT_SUPPORTED
+    );
+  }
+}

src/core/bootstrap/bootstrap.module.ts

@@ -19,14 +19,16 @@ import { ContributorModule } from '@domain/community/contributor/contributor.mod
 import { TemplatesSetModule } from '@domain/template/templates-set/templates.set.module';
 import { TemplatesManagerModule } from '@domain/template/templates-manager/templates.manager.module';
 import { TemplateDefaultModule } from '@domain/template/template-default/template.default.module';
-import { LicensingModule } from '@platform/licensing/licensing.module';
+import { LicenseModule } from '@domain/common/license/license.module';
 import { LicensePlanModule } from '@platform/license-plan/license.plan.module';
+import { LicensingFrameworkModule } from '@platform/licensing-framework/licensing.framework.module';
 
 @Module({
   imports: [
     AiServerModule,
     AgentModule,
     AuthorizationPolicyModule,
+    LicenseModule,
     ContributorModule,
     SpaceModule,
     OrganizationModule,
@@ -43,7 +45,7 @@ import { LicensePlanModule } from '@platform/license-plan/license.plan.module';
     TemplatesSetModule,
     TemplatesManagerModule,
     TemplateDefaultModule,
-    LicensingModule,
+    LicensingFrameworkModule,
     LicensePlanModule,
   ],
   providers: [BootstrapService],

src/core/bootstrap/bootstrap.service.ts

@@ -55,8 +55,10 @@ import { bootstrapSpaceCallouts } from './platform-template-definitions/space/bo
 import { bootstrapSpaceTutorialsInnovationFlowStates } from './platform-template-definitions/space-tutorials/bootstrap.space.tutorials.innovation.flow.states';
 import { bootstrapSpaceTutorialsCalloutGroups } from './platform-template-definitions/space-tutorials/bootstrap.space.tutorials.callout.groups';
 import { bootstrapSpaceTutorialsCallouts } from './platform-template-definitions/space-tutorials/bootstrap.space.tutorials.callouts';
-import { LicensingService } from '@platform/licensing/licensing.service';
+import { LicenseService } from '@domain/common/license/license.service';
+import { AccountLicenseService } from '@domain/space/account/account.service.license';
 import { LicensePlanService } from '@platform/license-plan/license.plan.service';
+import { LicensingFrameworkService } from '@platform/licensing-framework/licensing.framework.service';
 
 @Injectable()
 export class BootstrapService {
@@ -84,7 +86,9 @@ export class BootstrapService {
     private templatesManagerService: TemplatesManagerService,
     private templatesSetService: TemplatesSetService,
     private templateDefaultService: TemplateDefaultService,
-    private licensingService: LicensingService,
+    private accountLicenseService: AccountLicenseService,
+    private licenseService: LicenseService,
+    private licensingFrameworkService: LicensingFrameworkService,
     private licensePlanService: LicensePlanService
   ) {}
 
@@ -273,14 +277,15 @@ export class BootstrapService {
 
   async createLicensePlans(licensePlansData: any[]) {
     try {
-      const licensing = await this.licensingService.getDefaultLicensingOrFail();
+      const licensing =
+        await this.licensingFrameworkService.getDefaultLicensingOrFail();
       for (const licensePlanData of licensePlansData) {
         const planExists =
           await this.licensePlanService.licensePlanByNameExists(
             licensePlanData.name
           );
         if (!planExists) {
-          await this.licensingService.createLicensePlan({
+          await this.licensingFrameworkService.createLicensePlan({
             ...licensePlanData,
             licensingID: licensing.id,
           });
@@ -454,6 +459,10 @@ export class BootstrapService {
           account
         );
       await this.authorizationPolicyService.saveAll(accountAuthorizations);
+
+      const accountEntitlements =
+        await this.accountLicenseService.applyLicensePolicy(account.id);
+      await this.licenseService.saveAll(accountEntitlements);
     }
   }
 
@@ -508,6 +517,10 @@ export class BootstrapService {
         await this.spaceAuthorizationService.applyAuthorizationPolicy(space);
       await this.authorizationPolicyService.saveAll(spaceAuthorizations);
 
+      const accountEntitlements =
+        await this.accountLicenseService.applyLicensePolicy(account.id);
+      await this.licenseService.saveAll(accountEntitlements);
+
       return this.spaceService.getSpaceOrFail(space.id);
     }
   }

src/core/dataloader/creators/loader.creators/index.ts

@@ -7,6 +7,7 @@ export * from './profile/profile.tagsets.loader.creator';
 export * from './callout-framing/callout.framing.whiteboard.loader';
 
 export * from './profile.loader.creator';
+export * from './license.loader.creator';
 export * from './preferences.loader.creator';
 export * from './agent.loader.creator';
 export * from './authorization.loader.creator';

src/core/dataloader/creators/loader.creators/license.loader.creator.ts

@@ -0,0 +1,36 @@
+import { EntityManager } from 'typeorm';
+import { Injectable } from '@nestjs/common';
+import { InjectEntityManager } from '@nestjs/typeorm';
+import { DataLoaderInitError } from '@common/exceptions/data-loader';
+import { createTypedRelationDataLoader } from '../../utils';
+import { DataLoaderCreator, DataLoaderCreatorOptions } from '../base';
+import { ILicense } from '@domain/common/license/license.interface';
+import { License } from '@domain/common/license/license.entity';
+
+@Injectable()
+export class LicenseLoaderCreator implements DataLoaderCreator<ILicense> {
+  constructor(@InjectEntityManager() private manager: EntityManager) {}
+
+  create(
+    options?: DataLoaderCreatorOptions<
+      ILicense,
+      { id: string; license?: License }
+    >
+  ) {
+    if (!options?.parentClassRef) {
+      throw new DataLoaderInitError(
+        `${this.constructor.name} requires the 'parentClassRef' to be provided.`
+      );
+    }
+
+    return createTypedRelationDataLoader(
+      this.manager,
+      options.parentClassRef,
+      {
+        license: true,
+      },
+      this.constructor.name,
+      options
+    );
+  }
+}

src/core/license-engine/license.engine.service.ts

@@ -5,14 +5,14 @@ import {
   ForbiddenException,
 } from '@common/exceptions';
 import { LogContext } from '@common/enums';
-import { LicensePrivilege } from '@common/enums/license.privilege';
 import { ILicensePolicy } from '@platform/license-policy/license.policy.interface';
 import { ForbiddenLicensePolicyException } from '@common/exceptions/forbidden.license.policy.exception';
 import { EntityManager } from 'typeorm';
 import { InjectEntityManager } from '@nestjs/typeorm';
 import { LicensePolicy } from '@platform/license-policy';
 import { IAgent, ICredential } from '@domain/agent';
 import { ILicensePolicyCredentialRule } from './license.policy.rule.credential.interface';
+import { LicenseEntitlementType } from '@common/enums/license.entitlement.type';
 
 @Injectable()
 export class LicenseEngineService {
@@ -23,31 +23,31 @@ export class LicenseEngineService {
     private entityManager: EntityManager
   ) {}
 
-  public async grantAccessOrFail(
-    privilegeRequired: LicensePrivilege,
+  public async grantEntitlementOrFail(
+    entitlementRequired: LicenseEntitlementType,
     agent: IAgent,
     msg: string,
     licensePolicy: ILicensePolicy | undefined
   ) {
-    const accessGranted = await this.isAccessGranted(
-      privilegeRequired,
+    const accessGranted = await this.isEntitlementGranted(
+      entitlementRequired,
       agent,
       licensePolicy
     );
     if (accessGranted) return true;
 
-    const errorMsg = `License.engine: unable to grant '${privilegeRequired}' privilege: ${msg} license: ${agent.id}`;
+    const errorMsg = `License.engine: unable to grant '${entitlementRequired}' privilege: ${msg} license: ${agent.id}`;
     // If you get to here then no match was found
     throw new ForbiddenLicensePolicyException(
       errorMsg,
-      privilegeRequired,
+      entitlementRequired,
       licensePolicy?.id || 'no license policy',
       agent.id
     );
   }
 
-  public async isAccessGranted(
-    privilegeRequired: LicensePrivilege,
+  public async isEntitlementGranted(
+    entitlementRequired: LicenseEntitlementType,
     agent: IAgent,
     licensePolicy?: ILicensePolicy | undefined
   ): Promise<boolean> {
@@ -60,9 +60,11 @@ export class LicenseEngineService {
     for (const credentialRule of credentialRules) {
       for (const credential of credentials) {
         if (credential.type === credentialRule.credentialType) {
-          if (credentialRule.grantedPrivileges.includes(privilegeRequired)) {
+          if (
+            credentialRule.grantedEntitlements.includes(entitlementRequired)
+          ) {
             this.logger.verbose?.(
-              `[CredentialRule] Granted privilege '${privilegeRequired}' using rule '${credentialRule.name}'`,
+              `[CredentialRule] Granted privilege '${entitlementRequired}' using rule '${credentialRule.name}'`,
               LogContext.LICENSE
             );
             return true;
@@ -94,29 +96,29 @@ export class LicenseEngineService {
     return policy;
   }
 
-  public async getGrantedPrivileges(
+  public async getGrantedEntitlements(
     agent: IAgent,
     licensePolicy?: ILicensePolicy
-  ) {
+  ): Promise<LicenseEntitlementType[]> {
     const policy = await this.getLicensePolicyOrFail(licensePolicy);
     const credentials = await this.getCredentialsFromAgent(agent);
 
-    const grantedPrivileges: LicensePrivilege[] = [];
+    const grantedEntitlements: LicenseEntitlementType[] = [];
 
     const credentialRules = this.convertCredentialRulesStr(
       policy.credentialRulesStr
     );
     for (const rule of credentialRules) {
       for (const credential of credentials) {
         if (rule.credentialType === credential.type) {
-          for (const privilege of rule.grantedPrivileges) {
-            grantedPrivileges.push(privilege);
+          for (const entitlement of rule.grantedEntitlements) {
+            grantedEntitlements.push(entitlement);
           }
         }
       }
     }
 
-    const uniquePrivileges = grantedPrivileges.filter(
+    const uniquePrivileges = grantedEntitlements.filter(
       (item, i, ar) => ar.indexOf(item) === i
     );