Merge pull request #559 from VitNode/backend/admin_wrapper_to_check_p…

…ermissions

feat(backend): Add checking permissions admin while using AdminAuthGuards

README.md

@@ -39,7 +39,7 @@ pnpm create vitnode-app@latest
 
 | 🛠️ Software | Minimum | Recommended |
 | :---------- | :------ | :---------- |
-| Node.js     | 18.17   | 20          |
+| Node.js     | 20      | 20          |
 | PostgreSQL  | 14      | 16          |
 
 | 🖥️ Hardware | Minimum        | Development    |

apps/backend/schema.gql

@@ -10,9 +10,9 @@ enum AllowTypeFilesEnum {
 }
 
 type AuthorizationAdminSessionsObj {
-  files: FilesAuthorizationCoreSessions!
+  permissions: [PermissionsStaffObjWithoutPluginName!]!
   restart_server: Boolean!
-  user: AuthorizationCurrentUserObj
+  user: UserWithDangerousInfo!
   version: String!
 }
 
@@ -22,7 +22,6 @@ type AuthorizationCoreMiddleware {
 }
 
 type AuthorizationCoreSessionsObj {
-  files: FilesAuthorizationCoreSessions!
   plugin_default: String!
   user: AuthorizationCurrentUserObj
 }
@@ -31,6 +30,7 @@ type AuthorizationCurrentUserObj {
   avatar: AvatarUser
   avatar_color: String!
   email: String!
+  files_permissions: FilesPermissionsCoreSessions!
   group: GroupUser!
   id: Int!
   is_admin: Boolean!
@@ -134,13 +134,6 @@ type EditorShowCoreMiddleware {
   sticky: Boolean!
 }
 
-type FilesAuthorizationCoreSessions {
-  allow_upload: Boolean!
-  max_storage_for_submit: Int!
-  space_used: Float!
-  total_max_storage: Int!
-}
-
 input FilesEditAdminEditorStyles {
   allow_type: AllowTypeFilesEnum!
 }
@@ -149,6 +142,13 @@ type FilesEditorShowCoreMiddleware {
   allow_type: AllowTypeFilesEnum!
 }
 
+type FilesPermissionsCoreSessions {
+  allow_upload: Boolean!
+  max_storage_for_submit: Int!
+  space_used: Float!
+  total_max_storage: Int!
+}
+
 type GroupUser {
   color: String
   id: Int!
@@ -248,9 +248,9 @@ type Mutation {
   admin__core_plugins__permissions_admin__delete(id: String!, parent_id: String, plugin_code: String!): String!
   admin__core_plugins__upload(code: String, file: Upload!): String!
   admin__core_security__captcha__edit(secret_key: String!, site_key: String!, type: CaptchaTypeEnum!): ShowAdminCaptchaSecurityObj!
-  admin__core_staff_administrators__create_edit(group_id: Int, permissions: [PermissionsStaffArgs!], unrestricted: Boolean!, user_id: Int): ShowAdminStaffAdministrators!
+  admin__core_staff_administrators__create_edit(group_id: Int, id: Int, permissions: [PermissionsStaffArgs!], user_id: Int): ShowAdminStaffAdministrators!
   admin__core_staff_administrators__delete(id: Int!): String!
-  admin__core_staff_moderators__create(group_id: Int, unrestricted: Boolean!, user_id: Int): ShowAdminStaffModerators!
+  admin__core_staff_moderators__create(group_id: Int, user_id: Int): ShowAdminStaffModerators!
   admin__core_staff_moderators__delete(id: Int!): String!
   admin__core_styles__editor__edit(files: FilesEditAdminEditorStyles!, sticky: Boolean!): EditorShowCoreMiddleware!
   admin__core_styles__nav__create(description: [StringLanguageInput!]!, external: Boolean!, href: String!, name: [StringLanguageInput!]!): ShowCoreNav!
@@ -291,28 +291,28 @@ type PageInfo {
 }
 
 type PermissionsStaff {
-  children: [String!]!
   id: String!
+  permissions: [String!]!
 }
 
 input PermissionsStaffArgs {
-  permissions: [PermissionsStaffInput!]!
+  groups: [PermissionsStaffInput!]!
   plugin_code: String!
 }
 
 input PermissionsStaffInput {
-  children: [String!]!
   id: String!
+  permissions: [String!]!
 }
 
 type PermissionsStaffObj {
-  permissions: [PermissionsStaff!]!
+  groups: [PermissionsStaff!]!
   plugin: String!
   plugin_code: String!
 }
 
 type PermissionsStaffObjWithoutPluginName {
-  permissions: [PermissionsStaff!]!
+  groups: [PermissionsStaff!]!
   plugin_code: String!
 }
 
@@ -524,7 +524,6 @@ type ShowAdminStaffAdministrators {
   id: Int!
   permissions: [PermissionsStaffObjWithoutPluginName!]!
   protected: Boolean!
-  unrestricted: Boolean!
   updated: DateTime!
   user_or_group: UserOrGroupCoreStaffUnion!
 }
@@ -548,7 +547,6 @@ type ShowAdminStaffModerators {
   created: DateTime!
   id: Int!
   protected: Boolean!
-  unrestricted: Boolean!
   updated: DateTime!
   user_or_group: UserOrGroupCoreStaffUnion!
 }
@@ -825,4 +823,16 @@ type User {
   name_seo: String!
 }
 
-union UserOrGroupCoreStaffUnion = StaffGroupUser | User
+union UserOrGroupCoreStaffUnion = StaffGroupUser | User
+
+type UserWithDangerousInfo {
+  avatar: AvatarUser
+  avatar_color: String!
+  email: String!
+  files_permissions: FilesPermissionsCoreSessions!
+  group: GroupUser!
+  id: Int!
+  language: String!
+  name: String!
+  name_seo: String!
+}

apps/frontend/src/app/[locale]/(main)/(layout)/error.tsx

@@ -1,7 +1,9 @@
 'use client';
 
-import { ErrorView } from 'vitnode-frontend/views/theme/views/error/error-view';
+import { WrapperError } from 'vitnode-frontend/views/theme/views/error/wrapper-error';
 
-export default function Error() {
-  return <ErrorView code="500" />;
+export default function Error(
+  props: React.ComponentProps<typeof WrapperError>,
+) {
+  return <WrapperError {...props} />;
 }

apps/frontend/src/app/[locale]/admin/(auth)/error.tsx

@@ -1,7 +1,9 @@
 'use client';
 
-import { ErrorView } from 'vitnode-frontend/views/theme/views/error/error-view';
+import { WrapperError } from 'vitnode-frontend/views/theme/views/error/wrapper-error';
 
-export default function Error() {
-  return <ErrorView code="500" />;
+export default function Error(
+  props: React.ComponentProps<typeof WrapperError>,
+) {
+  return <WrapperError {...props} />;
 }

apps/frontend/src/plugins/core/langs/en.json

@@ -333,15 +333,23 @@
     },
     "admin_permissions": {
       "dashboard": "Dashboard",
-      "dashboard_can_manage_diagnostic_tools": "Can manage diagnostic tools?",
+      "can_manage_diagnostic_tools": "Can manage diagnostic tools?",
       "settings": "Settings",
-      "settings_can_manage_settings_main": "Can manage main settings?",
-      "settings_can_manage_settings_security": "Can manage security settings?",
-      "settings_can_manage_settings_metadata": "Can manage metadata settings?",
-      "settings_can_manage_settings_email": "Can manage email settings?",
-      "settings_can_manage_settings_authorization": "Can manage authorization settings?",
-      "settings_can_manage_settings_legal": "Can manage legal settings?",
-      "settings_can_manage_settings_ai": "Can manage AI settings?"
+      "can_manage_settings_main": "Can manage main settings?",
+      "can_manage_settings_security": "Can manage security settings?",
+      "can_manage_settings_metadata": "Can manage metadata settings?",
+      "can_manage_settings_email": "Can manage email settings?",
+      "can_manage_settings_authorization": "Can manage authorization settings?",
+      "can_manage_settings_legal": "Can manage legal settings?",
+      "can_manage_settings_ai": "Can manage AI settings?",
+      "can_manage_plugins": "Can manage plugins?",
+      "styles": "Styles",
+      "can_manage_styles_theme-editor": "Can manage theme editor?",
+      "can_manage_styles_nav": "Can manage navigation?",
+      "can_manage_styles_editor": "Can manage editor?",
+      "can_manage_langs": "Can manage languages?",
+      "advanced": "Advanced",
+      "can_manage_advanced_files": "Can manage files?"
     }
   },
   "admin_members": {
@@ -352,6 +360,13 @@
       "staff": "Staff",
       "staff_moderators": "Moderators",
       "staff_administrators": "Administrators"
+    },
+    "admin_permissions": {
+      "users": "Users",
+      "can_manage_users": "Can manage users?",
+      "can_manage_groups": "Can manage groups?",
+      "staff": "Staff",
+      "can_manage_staff_administrators": "Can manage administrators?"
     }
   }
 }

packages/backend-ai-google/.swcrc

@@ -15,5 +15,6 @@
   },
   "module": {
     "type": "commonjs"
-  }
+  },
+  "minify": true
 }

packages/backend-ai-open-ai/.swcrc

@@ -15,5 +15,6 @@
   },
   "module": {
     "type": "commonjs"
-  }
+  },
+  "minify": true
 }

packages/backend-email-resend/.swcrc

@@ -15,5 +15,6 @@
   },
   "module": {
     "type": "commonjs"
-  }
+  },
+  "minify": true
 }

packages/backend-email-smtp/.swcrc

@@ -15,5 +15,6 @@
   },
   "module": {
     "type": "commonjs"
-  }
+  },
+  "minify": true
 }

packages/backend/.swcrc

@@ -15,5 +15,6 @@
   },
   "module": {
     "type": "commonjs"
-  }
+  },
+  "minify": true
 }

packages/backend/src/core/admin/ai/test/test.resolver.ts

@@ -1,3 +1,5 @@
+import { AdminAuthGuards, AdminPermission } from '@/utils';
+import { UseGuards } from '@nestjs/common';
 import { Args, Mutation, Resolver } from '@nestjs/graphql';
 
 import { TestAdminCoreAiService } from './test.service';
@@ -7,6 +9,12 @@ export class TestAdminCoreAiResolver {
   constructor(private readonly service: TestAdminCoreAiService) {}
 
   @Mutation(() => String)
+  @UseGuards(AdminAuthGuards)
+  @AdminPermission({
+    plugin_code: 'core',
+    group: 'settings',
+    permission: 'can_manage_settings_ai',
+  })
   async admin__core_ai__test(
     @Args('prompt', { type: () => String }) prompt: string,
   ): Promise<string> {

packages/backend/src/core/admin/email/logs/logs.resolver.ts

@@ -1,4 +1,4 @@
-import { AdminAuthGuards } from '@/utils';
+import { AdminAuthGuards, AdminPermission } from '@/utils';
 import { UseGuards } from '@nestjs/common';
 import { Args, Query, Resolver } from '@nestjs/graphql';
 
@@ -11,6 +11,11 @@ export class LogsAdminEmailResolver {
 
   @Query(() => LogsAdminEmailObj)
   @UseGuards(AdminAuthGuards)
+  @AdminPermission({
+    plugin_code: 'core',
+    group: 'settings',
+    permission: 'can_manage_settings_email',
+  })
   async admin__core_email__logs(
     @Args() args: LogsAdminEmailArgs,
   ): Promise<LogsAdminEmailObj> {

packages/backend/src/core/admin/email/settings/edit/edit.resolver.ts

@@ -1,4 +1,4 @@
-import { AdminAuthGuards } from '@/utils';
+import { AdminAuthGuards, AdminPermission } from '@/utils';
 import { UseGuards } from '@nestjs/common';
 import { Args, Mutation, Resolver } from '@nestjs/graphql';
 
@@ -12,6 +12,11 @@ export class EditAdminEmailSettingsResolver {
 
   @Mutation(() => ShowAdminEmailSettingsServiceObj)
   @UseGuards(AdminAuthGuards)
+  @AdminPermission({
+    plugin_code: 'core',
+    group: 'settings',
+    permission: 'can_manage_settings_email',
+  })
   async admin__core_email_settings__edit(
     @Args() args: EditAdminEmailSettingsServiceArgs,
   ): Promise<ShowAdminEmailSettingsServiceObj> {

packages/backend/src/core/admin/email/settings/edit/edit.service.ts

@@ -1,5 +1,4 @@
 import { FilesService } from '@/core/files/helpers/upload/upload.service';
-import { InternalServerError } from '@/errors';
 import { configPath, ConfigType, getConfigFile } from '@/providers/config';
 import { Injectable } from '@nestjs/common';
 import * as fs from 'fs';
@@ -53,7 +52,10 @@ export class EditAdminEmailSettingsService {
 
     fs.writeFileSync(configPath, JSON.stringify(newData, null, 2), 'utf8');
 
-    // Still here? Something went wrong
-    throw new InternalServerError();
+    return {
+      color_primary,
+      is_enabled: true,
+      logo: newData.settings.email.logo,
+    };
   }
 }

packages/backend/src/core/admin/email/settings/show/show.resolver.ts

@@ -1,4 +1,4 @@
-import { AdminAuthGuards } from '@/utils';
+import { AdminAuthGuards, AdminPermission } from '@/utils';
 import { UseGuards } from '@nestjs/common';
 import { Query, Resolver } from '@nestjs/graphql';
 
@@ -11,6 +11,11 @@ export class ShowAdminEmailSettingsResolver {
 
   @Query(() => ShowAdminEmailSettingsServiceObj)
   @UseGuards(AdminAuthGuards)
+  @AdminPermission({
+    plugin_code: 'core',
+    group: 'settings',
+    permission: 'can_manage_settings_email',
+  })
   admin__core_email_settings__show(): ShowAdminEmailSettingsServiceObj {
     return this.service.show();
   }

packages/backend/src/core/admin/email/settings/test/test.resolver.ts

@@ -1,5 +1,5 @@
 import { CurrentUser, User } from '@/decorators';
-import { AdminAuthGuards } from '@/utils';
+import { AdminAuthGuards, AdminPermission } from '@/utils';
 import { UseGuards } from '@nestjs/common';
 import { Args, Mutation, Resolver } from '@nestjs/graphql';
 
@@ -12,6 +12,11 @@ export class TestAdminEmailSettingsResolver {
 
   @Mutation(() => String)
   @UseGuards(AdminAuthGuards)
+  @AdminPermission({
+    plugin_code: 'core',
+    group: 'settings',
+    permission: 'can_manage_settings_email',
+  })
   async admin__core_email_settings__test(
     @Args() args: TestAdminEmailSettingsServiceArgs,
     @CurrentUser() user: User,

packages/backend/src/core/admin/files/delete/delete.resolver.ts

@@ -1,4 +1,4 @@
-import { AdminAuthGuards } from '@/utils';
+import { AdminAuthGuards, AdminPermission } from '@/utils';
 import { UseGuards } from '@nestjs/common';
 import { Args, Int, Mutation, Resolver } from '@nestjs/graphql';
 
@@ -10,6 +10,11 @@ export class DeleteAdminFilesResolver {
 
   @Mutation(() => String)
   @UseGuards(AdminAuthGuards)
+  @AdminPermission({
+    plugin_code: 'core',
+    group: 'files',
+    permission: 'can_manage_files',
+  })
   async admin__core_files__delete(
     @Args('id', { type: () => Int }) id: number,
   ): Promise<string> {