refactor(hooks): merge projectmember and projectrole to project hook

Co-authored-by: William Phetsinorath <william.phetsinorath@shikanime.studio>
Signed-off-by: William Phetsinorath <william.phetsinorath-open@interieur.gouv.fr>

Author: shikanime

apps/server/src/resources/project-member/business.ts

@@ -44,20 +44,17 @@ export async function addMember(projectId: Project['id'], user: XOR<{ userId: st
   }
 
   await upsertMember({ projectId, userId: userInDb.id, roleIds: [] })
-  await hook.projectMember.upsert(projectId, userInDb.id)
   return listMembers(projectId)
 }
 
 export async function patchMembers(projectId: Project['id'], members: typeof projectMemberContract.patchMembers.body._type) {
   for (const member of members) {
     await upsertMember({ projectId, userId: member.userId, roleIds: member.roles })
-    await hook.projectMember.upsert(projectId, member.userId)
   }
   return listMembers(projectId)
 }
 
 export async function removeMember(projectId: Project['id'], userId: User['id']) {
-  await hook.projectMember.delete(projectId, userId)
   await deleteMember({ projectId, userId })
   return listMembers(projectId)
 }

apps/server/src/resources/project-role/business.ts

@@ -7,7 +7,6 @@ import {
   updateRole,
 } from '@/resources/queries-index.js'
 import { BadRequest400, Forbidden403, NotFound404 } from '@/utils/errors.js'
-import { hook } from '@/utils/hook-wrapper.js'
 import prisma from '@/prisma.js'
 
 export async function listRoles(projectId: Project['id']) {
@@ -55,7 +54,6 @@ export async function patchRoles(projectId: Project['id'], roles: typeof project
   if (positionsAvailable.length && positionsAvailable.length !== dbRoles.length) return new BadRequest400('Les numéros de position des rôles sont incohérentes')
   for (const { id, ...role } of updatedRoles) {
     await updateRole(id, role)
-    await hook.projectRole.upsert(id)
   }
 
   return listRoles(projectId)
@@ -78,7 +76,7 @@ export async function createRole(projectId: Project['id'], role: typeof projectR
     throw new BadRequest400('oidcGroup doit commencer par /')
   }
 
-  const createdRole = await prisma.projectRole.create({
+  await prisma.projectRole.create({
     data: {
       ...role,
       projectId,
@@ -88,8 +86,6 @@ export async function createRole(projectId: Project['id'], role: typeof projectR
     },
   })
 
-  await hook.projectRole.upsert(createdRole.id)
-
   return listRoles(projectId)
 }
 
@@ -107,10 +103,10 @@ export async function countRolesMembers(projectId: Project['id']) {
 
 export async function deleteRole(roleId: Project['id']) {
   const role = await prisma.projectRole.findUnique({ where: { id: roleId } })
-  if (role?.type === 'system') {
+  if (!role) throw new NotFound404()
+  if (role.type === 'system') {
     return new Forbidden403('Ce rôle système ne peut pas être supprimé')
   }
-  await hook.projectRole.delete(roleId)
   await deleteRoleQuery(roleId)
   return null
 }

apps/server/src/resources/project/business.ts

@@ -87,6 +87,11 @@ export async function createProject(dataDto: typeof projectContract.createProjec
     await addLogs({ action: 'Upsert Project Role', data: roleResult.results, userId: requestor.id, requestId, projectId: project.id })
   }
 
+  for (const member of projectInfos.members) {
+    const memberResult = await hook.projectMember.upsert(project.id, member.userId)
+    await addLogs({ action: 'Upsert Project Member', data: memberResult.results, userId: requestor.id, requestId, projectId: project.id })
+  }
+
   return {
     ...projectInfos,
     clusterIds: projectInfos.clusters.map(({ id }) => id),

apps/server/src/utils/hook-wrapper.spec.ts

@@ -207,7 +207,11 @@ describe('transformToHookProject', () => {
     expect(result.users).toEqual([project.owner])
 
     // Assert sur la transformation des rôles
-    expect(result.roles).toEqual([{ userId: project.owner.id, role: 'owner' }])
+    expect(result.roles).toEqual([{
+      name: 'owner',
+      position: 0,
+      users: [project.owner],
+    }])
 
     // Assert sur la transformation des clusters
     expect(result.clusters).toEqual([associatedCluster, nonAssociatedCluster].map(({ kubeconfig, ...cluster }) => ({
@@ -218,7 +222,7 @@ describe('transformToHookProject', () => {
     })))
 
     // Assert sur la transformation des environnements
-    expect(result.environments).toEqual(project.environments.map(({ permissions: _, stage, quota, ...environment }) => ({
+    expect(result.environments).toEqual(project.environments.map(({ permissions: _, stage, quota, ...environment }: any) => ({
       quota,
       stage: stage.name,
       permissions: [{ permissions: { rw: true, ro: true }, userId: project.ownerId }],
@@ -227,9 +231,44 @@ describe('transformToHookProject', () => {
     })))
 
     // Assert sur la transformation des repositories
-    expect(result.repositories).toEqual(project.repositories.map(repo => ({ ...repo, newCreds: mockReposCreds[repo.internalRepoName] })))
+    expect(result.repositories).toEqual(project.repositories.map((repo: any) => ({ ...repo, newCreds: mockReposCreds[repo.internalRepoName] })))
 
     // Assert sur le store
     expect(result.store).toEqual(mockStore)
   })
+
+  it('handles members with roles correctly', () => {
+    const roleDev = { id: 'role-dev', name: 'developer', permissions: 0n, position: 0 }
+    const memberDev = {
+      userId: 'user-dev',
+      roleIds: ['role-dev'],
+      user: { id: 'user-dev', firstName: 'Dev', lastName: 'User', email: 'dev@test.com', createdAt: new Date(), updatedAt: new Date(), adminRoleIds: [] },
+      id: 'member-dev',
+      projectId: project.id,
+      createdAt: new Date(),
+      updatedAt: new Date(),
+    }
+    const projectWithRoles = {
+      ...project,
+      roles: [roleDev],
+      members: [memberDev],
+    }
+
+    // @ts-ignore - limited mock
+    const result = transformToHookProject(projectWithRoles, mockStore, mockReposCreds)
+
+    expect(result.roles).toContainEqual({
+      name: 'owner',
+      position: 0,
+      users: [project.owner],
+    })
+    expect(result.roles).toContainEqual({
+      name: 'developer',
+      permissions: '0',
+      position: 0,
+      type: undefined,
+      oidcGroup: undefined,
+      users: [memberDev.user],
+    })
+  })
 })

apps/server/src/utils/hook-wrapper.ts

@@ -1,10 +1,10 @@
-import type { Cluster, Kubeconfig, Project, ProjectRole, Zone, ProjectMembers } from '@prisma/client'
+import type { Cluster, Kubeconfig, Project, ProjectRole, Zone } from '@prisma/client'
 import type { ClusterObject, HookResult, KubeCluster, KubeUser, Project as ProjectPayload, RepoCreds, Repository, Store, ZoneObject } from '@cpn-console/hooks'
 import { hooks } from '@cpn-console/hooks'
 import type { AsyncReturnType } from '@cpn-console/shared'
 import { ProjectAuthorized, getPermsByUserRoles, resourceListToDict } from '@cpn-console/shared'
 import { genericProxy } from './proxy.js'
-import { archiveProject, getAdminPlugin, getAdminRoleById, getClusterByIdOrThrow, getClusterNamesByZoneId, getClustersAssociatedWithProject, getHookProjectInfos, getHookRepository, getProjectStore, getRole, getZoneByIdOrThrow, saveProjectStore, updateProjectClusterHistory, updateProjectCreated, updateProjectFailed, updateProjectWarning } from '@/resources/queries-index.js'
+import { archiveProject, getAdminPlugin, getAdminRoleById, getClusterByIdOrThrow, getClusterNamesByZoneId, getClustersAssociatedWithProject, getHookProjectInfos, getHookRepository, getProjectStore, getZoneByIdOrThrow, saveProjectStore, updateProjectClusterHistory, updateProjectCreated, updateProjectFailed, updateProjectWarning } from '@/resources/queries-index.js'
 import type { ConfigRecords } from '@/resources/project-service/business.js'
 import { dbToObj } from '@/resources/project-service/business.js'
 
@@ -139,114 +139,6 @@ const user = {
   },
 } as const
 
-const projectMember = {
-  upsert: async (projectId: Project['id'], userId: ProjectMembers['userId']) => {
-    const project = await getHookProjectInfos(projectId)
-    const projectStore = dbToObj(await getProjectStore(project.id))
-    const hookProject = transformToHookProject(project, projectStore)
-    const store = dbToObj(await getAdminPlugin())
-
-    const member = project.members.find(m => m.userId === userId)
-    if (!member) throw new Error('Member not found')
-
-    const memberRoles = project.roles
-      .filter(role => member.roleIds.includes(role.id))
-      .map(role => ({
-        ...role,
-        permissions: role.permissions.toString(),
-        oidcGroup: role.oidcGroup ?? undefined,
-        project: hookProject,
-      }))
-
-    const payload = {
-      userId: member.userId,
-      roleIds: member.roleIds,
-      firstName: member.user.firstName,
-      lastName: member.user.lastName,
-      email: member.user.email,
-      type: member.user.type as 'human' | 'bot' | 'ghost',
-      createdAt: member.user.createdAt.toISOString(),
-      updatedAt: member.user.updatedAt.toISOString(),
-      lastLogin: member.user.lastLogin?.toISOString(),
-      projectId: project.id,
-      roles: memberRoles,
-      project: hookProject,
-    }
-
-    return hooks.upsertProjectMember.execute(payload, store)
-  },
-  delete: async (projectId: Project['id'], userId: ProjectMembers['userId']) => {
-    const project = await getHookProjectInfos(projectId)
-    const projectStore = dbToObj(await getProjectStore(project.id))
-    const hookProject = transformToHookProject(project, projectStore)
-    const store = dbToObj(await getAdminPlugin())
-
-    const member = project.members.find(m => m.userId === userId)
-    if (!member) throw new Error('Member not found')
-
-    const memberRoles = project.roles
-      .filter(role => member.roleIds.includes(role.id))
-      .map(role => ({
-        ...role,
-        permissions: role.permissions.toString(),
-        oidcGroup: role.oidcGroup ?? undefined,
-        project: hookProject,
-      }))
-
-    const payload = {
-      userId: member.userId,
-      roleIds: member.roleIds,
-      firstName: member.user.firstName,
-      lastName: member.user.lastName,
-      email: member.user.email,
-      type: member.user.type as 'human' | 'bot' | 'ghost',
-      createdAt: member.user.createdAt.toISOString(),
-      updatedAt: member.user.updatedAt.toISOString(),
-      lastLogin: member.user.lastLogin?.toISOString(),
-      projectId: project.id,
-      roles: memberRoles,
-      project: hookProject,
-    }
-
-    return hooks.deleteProjectMember.execute(payload, store)
-  },
-} as const
-
-const projectRole = {
-  upsert: async (roleId: ProjectRole['id']) => {
-    const role = await getRole(roleId)
-    if (!role) throw new Error('Role not found')
-
-    const project = await getHookProjectInfos(role.projectId)
-    const projectStore = dbToObj(await getProjectStore(role.projectId))
-    const hookProject = transformToHookProject(project, projectStore)
-
-    const rolePayload = {
-      ...role,
-      permissions: role.permissions.toString(),
-      project: hookProject,
-    }
-    const store = dbToObj(await getAdminPlugin())
-    return hooks.upsertProjectRole.execute(rolePayload, store)
-  },
-  delete: async (roleId: ProjectRole['id']) => {
-    const role = await getRole(roleId)
-    if (!role) throw new Error('Role not found')
-
-    const project = await getHookProjectInfos(role.projectId)
-    const projectStore = dbToObj(await getProjectStore(role.projectId))
-    const hookProject = transformToHookProject(project, projectStore)
-
-    const rolePayload = {
-      ...role,
-      permissions: role.permissions.toString(),
-      project: hookProject,
-    }
-    const store = dbToObj(await getAdminPlugin())
-    return hooks.deleteProjectRole.execute(rolePayload, store)
-  },
-} as const
-
 const zone = {
   upsert: async (zoneId: Zone['id']) => {
     const zone: ZoneObject = await getZoneByIdOrThrow(zoneId)
@@ -299,10 +191,6 @@ export const hook = {
   // @ts-ignore TODO voir comment opti la signature de la fonction
   project: genericProxy(project, { upsert: ['delete'], delete: ['upsert', 'delete'], getSecrets: ['delete'] }),
   // @ts-ignore TODO voir comment opti la signature de la fonction
-  projectRole: genericProxy(projectRole, { delete: ['upsert', 'delete'], upsert: ['delete'] }),
-  // @ts-ignore TODO voir comment opti la signature de la fonction
-  projectMember: genericProxy(projectMember, { delete: ['upsert'], upsert: ['delete'] }),
-  // @ts-ignore TODO voir comment opti la signature de la fonction
   cluster: genericProxy(cluster, { delete: ['upsert', 'delete'], upsert: ['delete'] }),
   // @ts-ignore TODO voir comment opti la signature de la fonction
   zone: genericProxy(zone, { delete: ['upsert'], upsert: ['delete'] }),
@@ -349,10 +237,20 @@ export function transformToHookProject(project: ProjectInfos, store: Store, repo
     store,
     users: [project.owner, ...project.members.map(({ user }) => user)],
     roles: [
-      { userId: project.ownerId, role: 'owner' },
-      ...project.members.map(member => ({
-        userId: member.userId,
-        role: 'user' as const,
+      {
+        name: 'owner',
+        position: 0,
+        users: [project.owner],
+      },
+      ...project.roles.map(role => ({
+        name: role.name,
+        permissions: role.permissions.toString(),
+        position: role.position,
+        type: role.type,
+        oidcGroup: role.oidcGroup,
+        users: project.members
+          .filter(member => member.roleIds.includes(role.id))
+          .map(member => member.user),
       })),
     ],
   })

packages/hooks/src/hooks/hook-project-member.ts

@@ -9,8 +9,12 @@ export interface RepoCreds {
 }
 
 export interface Role {
-  userId: string
-  role: 'owner' | 'user'
+  name: string
+  permissions?: string
+  position: number
+  type?: string
+  oidcGroup?: string
+  users: UserObject[]
 }
 
 export interface EnvironmentApis {

packages/hooks/src/hooks/hook-project-role.ts

@@ -1,8 +1,6 @@
 export * from './hook-cluster.js'
 export * from './hook-misc.js'
 export * from './hook-project.js'
-export * from './hook-project-role.js'
-export * from './hook-project-member.js'
 export * from './hook-user.js'
 export * from './hook-zone.js'
 export * from './hook-admin-role.js'

packages/hooks/src/hooks/hook-project.ts

@@ -42,8 +42,8 @@ export const upsertProject: StepCall<Project> = async (payload) => {
       ...splitExtraRepositories(project.store.argocd?.extraRepositories),
     ]
 
-    await Promise.all([
-      ...project.environments.map(async (environment) => {
+    await Promise.all(
+      project.environments.map(async (environment) => {
         const nsName = generateNamespaceName(project.id, environment.id)
         const cluster = getCluster(project, environment)
         const infraProject = await gitlabApi.getOrCreateInfraProject(
@@ -72,7 +72,7 @@ export const upsertProject: StepCall<Project> = async (payload) => {
           vaultApi,
         )
       }),
-    ])
+    )
 
     await removeInfraEnvValues(project, gitlabApi)
 
@@ -99,6 +99,7 @@ interface ArgoRepoSource {
   path: string
   valueFiles: string[]
 }
+
 async function ensureInfraEnvValues(
   project: Project,
   environment: Environment,