Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(core): Allow admin creation #7837

Merged
merged 10 commits into from
Nov 29, 2023
Merged
Show file tree
Hide file tree
Changes from 7 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions packages/cli/src/Server.ts
Original file line number Diff line number Diff line change
Expand Up @@ -296,6 +296,7 @@ export class Server extends AbstractServer {
internalHooks,
externalHooks,
Container.get(UserService),
Container.get(License),
postHog,
),
Container.get(VariablesController),
Expand Down
20 changes: 18 additions & 2 deletions packages/cli/src/controllers/invitation.controller.ts
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ export class InvitationController {
private readonly internalHooks: IInternalHooksClass,
private readonly externalHooks: IExternalHooksClass,
private readonly userService: UserService,
private readonly license: License,
private readonly postHog?: PostHogClient,
) {}

Expand Down Expand Up @@ -88,11 +89,26 @@ export class InvitationController {
`Request to send email invite(s) to user(s) failed because of an invalid email address: ${invite.email}`,
);
}

if (invite.role && !['member', 'admin'].includes(invite.role)) {
throw new BadRequestError(
`Cannot invite user with invalid role: ${invite.role}. Please ensure all invitees' roles are either 'member' or 'admin'.`,
);
}

if (invite.role === 'admin' && !this.license.isAdvancedPermissionsLicensed()) {
throw new UnauthorizedError(
'Cannot invite admin user without advanced permissions. Please upgrade to a license that includes this feature.',
);
}
});

const emails = req.body.map((e) => e.email);
const attributes = req.body.map(({ email, role }) => ({
email,
role: role ?? 'member',
}));

const { usersInvited, usersCreated } = await this.userService.inviteMembers(req.user, emails);
const { usersInvited, usersCreated } = await this.userService.inviteUsers(req.user, attributes);

await this.externalHooks.run('user.invited', [usersCreated]);

Expand Down
6 changes: 5 additions & 1 deletion packages/cli/src/requests.ts
Original file line number Diff line number Diff line change
Expand Up @@ -296,7 +296,11 @@ export declare namespace PasswordResetRequest {
// ----------------------------------

export declare namespace UserRequest {
export type Invite = AuthenticatedRequest<{}, {}, Array<{ email: string }>>;
export type Invite = AuthenticatedRequest<
{},
{},
Array<{ email: string; role?: 'member' | 'admin' }>
>;

export type InviteResponse = {
user: { id: string; email: string; inviteAcceptUrl?: string; emailSent: boolean };
Expand Down
16 changes: 10 additions & 6 deletions packages/cli/src/services/user.service.ts
Original file line number Diff line number Diff line change
Expand Up @@ -238,18 +238,22 @@ export class UserService {
);
}

public async inviteMembers(owner: User, emails: string[]) {
public async inviteUsers(
owner: User,
attributes: Array<{ email: string; role: 'member' | 'admin' }>,
) {
const memberRole = await this.roleService.findGlobalMemberRole();
const adminRole = await this.roleService.findGlobalAdminRole();

const existingUsers = await this.findMany({
where: { email: In(emails) },
where: { email: In(attributes.map(({ email }) => email)) },
relations: ['globalRole'],
select: ['email', 'password', 'id'],
});

const existUsersEmails = existingUsers.map((user) => user.email);

const toCreateUsers = emails.filter((email) => !existUsersEmails.includes(email));
const toCreateUsers = attributes.filter(({ email }) => !existUsersEmails.includes(email));

const pendingUsersToInvite = existingUsers.filter((email) => email.isPending);

Expand All @@ -264,10 +268,10 @@ export class UserService {
try {
await this.getManager().transaction(async (transactionManager) =>
Promise.all(
toCreateUsers.map(async (email) => {
toCreateUsers.map(async ({ email, role }) => {
const newUser = Object.assign(new User(), {
email,
globalRole: memberRole,
globalRole: role === 'member' ? memberRole : adminRole,
});
const savedUser = await transactionManager.save<User>(newUser);
createdUsers.set(email, savedUser.id);
Expand All @@ -285,6 +289,6 @@ export class UserService {

const usersInvited = await this.sendEmails(owner, Object.fromEntries(createdUsers));

return { usersInvited, usersCreated: toCreateUsers };
return { usersInvited, usersCreated: toCreateUsers.map(({ email }) => email) };
}
}
Loading