From 06d1ba787040fc86226bd1ca3d34271a6487ad1a Mon Sep 17 00:00:00 2001 From: tada5hi Date: Wed, 4 Sep 2024 09:33:24 +0200 Subject: [PATCH] feat: permit node authority to update run_status if permission is granted --- .../core/analysis-node/handlers/update.ts | 25 ++++++++++++------- .../core/analysis-node/utils/validation.ts | 7 +++++- 2 files changed, 22 insertions(+), 10 deletions(-) diff --git a/packages/server-core/src/http/controllers/core/analysis-node/handlers/update.ts b/packages/server-core/src/http/controllers/core/analysis-node/handlers/update.ts index aac30e6c5..7949144f8 100644 --- a/packages/server-core/src/http/controllers/core/analysis-node/handlers/update.ts +++ b/packages/server-core/src/http/controllers/core/analysis-node/handlers/update.ts @@ -29,21 +29,22 @@ export async function updateAnalysisNodeRouteHandler(req: Request, res: Response const ability = useRequestEnv(req, 'abilities'); const isAuthorityOfNode = isRealmResourceWritable(useRequestEnv(req, 'realm'), entity.node_realm_id); - const isAuthorizedForNode = ability.has(PermissionName.ANALYSIS_APPROVE); - const isAuthorityOfAnalysis = isRealmResourceWritable(useRequestEnv(req, 'realm'), entity.analysis_realm_id); - const isAuthorizedForAnalysis = ability.has(PermissionName.ANALYSIS_UPDATE); - if ( - !(isAuthorityOfNode && isAuthorizedForNode) && - !(isAuthorityOfAnalysis && isAuthorizedForAnalysis) - ) { + if (!isAuthorityOfNode && !isAuthorityOfAnalysis) { + throw new ForbiddenError(); + } + + const canUpdate = ability.has(PermissionName.ANALYSIS_UPDATE); + const canApprove = ability.has(PermissionName.ANALYSIS_APPROVE); + + if (!canUpdate && !canApprove) { throw new ForbiddenError(); } const result = await runAnalysisNodeValidation(req, 'update'); - if (!isAuthorityOfNode) { + if (!isAuthorityOfNode || !canApprove) { if (result.data.approval_status) { delete result.data.approval_status; } @@ -53,7 +54,13 @@ export async function updateAnalysisNodeRouteHandler(req: Request, res: Response } } - if (!isAuthorityOfAnalysis) { + if (!isAuthorityOfNode || !canUpdate) { + if (result.data.run_status) { + delete result.data.run_status; + } + } + + if (!isAuthorityOfAnalysis || !canUpdate) { if (result.data.index) { delete result.data.index; } diff --git a/packages/server-core/src/http/controllers/core/analysis-node/utils/validation.ts b/packages/server-core/src/http/controllers/core/analysis-node/utils/validation.ts index b78512c3d..e27153b78 100644 --- a/packages/server-core/src/http/controllers/core/analysis-node/utils/validation.ts +++ b/packages/server-core/src/http/controllers/core/analysis-node/utils/validation.ts @@ -6,7 +6,7 @@ */ import { check } from 'express-validator'; -import { AnalysisNodeApprovalStatus } from '@privateaim/core-kit'; +import { AnalysisNodeApprovalStatus, AnalysisNodeRunStatus } from '@privateaim/core-kit'; import { BadRequestError, NotFoundError } from '@ebec/http'; import { isRealmResourceWritable } from '@authup/core-kit'; import type { Request } from 'routup'; @@ -37,6 +37,11 @@ export async function runAnalysisNodeValidation( .run(req); } + await check('run_status') + .isIn(Object.values(AnalysisNodeRunStatus)) + .optional({ values: 'null' }) + .run(req); + await check('index') .exists() .isInt()