Flowise/packages/server/src/enterprise/controllers/workspace-user.controller.ts at cbad1a96ed6e2b4ac39d577c4acfd3d8716ba00a · FlowiseAI/Flowise · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
import { NextFunction, Request, Response } from 'express'
import { StatusCodes } from 'http-status-codes'
import { QueryRunner } from 'typeorm'
import { InternalFlowiseError } from '../../errors/internalFlowiseError'
import { GeneralErrorMessage } from '../../utils/constants'
import { getRunningExpressApp } from '../../utils/getRunningExpressApp'
import { WorkspaceUser } from '../database/entities/workspace-user.entity'
import { WorkspaceUserService } from '../services/workspace-user.service'
import {
    assertQueryOrganizationMatchesActiveOrg,
    assertWorkspaceIdAccessibleToUser,
    getLoggedInUser,
    userMayManageOrgUsers
} from '../utils/tenantRequestGuards'

export class WorkspaceUserController {
    public async create(req: Request, res: Response, next: NextFunction) {
        try {
            const workspaceUserService = new WorkspaceUserService()
            const newWorkspaceUser = await workspaceUserService.createWorkspaceUser(req.body)
            return res.status(StatusCodes.CREATED).json(newWorkspaceUser)
        } catch (error) {
            next(error)
        }
    }

    public async read(req: Request, res: Response, next: NextFunction) {
        let queryRunner
        try {
            const user = getLoggedInUser(req)
            queryRunner = getRunningExpressApp().AppDataSource.createQueryRunner()
            await queryRunner.connect()
            const query = req.query as Partial<WorkspaceUser & { organizationId: string | undefined }>
            const workspaceUserService = new WorkspaceUserService()

            assertQueryOrganizationMatchesActiveOrg(user, query.organizationId)

            let workspaceUser: any
            if (query.workspaceId && query.userId) {
                await assertWorkspaceIdAccessibleToUser(user, query.workspaceId, queryRunner)
                workspaceUser = await workspaceUserService.readWorkspaceUserByWorkspaceIdUserId(
                    query.workspaceId,
                    query.userId,
                    queryRunner
                )
            } else if (query.workspaceId) {
                await assertWorkspaceIdAccessibleToUser(user, query.workspaceId, queryRunner)
                workspaceUser = await workspaceUserService.readWorkspaceUserByWorkspaceId(query.workspaceId, queryRunner)
            } else if (query.organizationId && query.userId) {
                workspaceUser = await workspaceUserService.readWorkspaceUserByOrganizationIdUserId(
                    query.organizationId,
                    query.userId,
                    queryRunner
                )
            } else if (query.userId) {
                if (typeof query.userId === 'string' && query.userId !== user.id && !userMayManageOrgUsers(user)) {
                    throw new InternalFlowiseError(StatusCodes.FORBIDDEN, GeneralErrorMessage.FORBIDDEN)
                }
                workspaceUser = await workspaceUserService.readWorkspaceUserByUserId(query.userId, queryRunner)
            } else if (query.roleId) {
                if (!userMayManageOrgUsers(user)) {
                    throw new InternalFlowiseError(StatusCodes.FORBIDDEN, GeneralErrorMessage.FORBIDDEN)
                }
                workspaceUser = await workspaceUserService.readWorkspaceUserByRoleId(query.roleId, queryRunner, user.activeOrganizationId)
            } else {
                throw new InternalFlowiseError(StatusCodes.BAD_REQUEST, GeneralErrorMessage.UNHANDLED_EDGE_CASE)
            }

            return res.status(StatusCodes.OK).json(workspaceUser)
        } catch (error) {
            next(error)
        } finally {
            if (queryRunner) await queryRunner.release()
        }
    }

    public async update(req: Request, res: Response, next: NextFunction) {
        let queryRunner: QueryRunner | undefined
        try {
            queryRunner = getRunningExpressApp().AppDataSource.createQueryRunner()
            await queryRunner.connect()
            const workspaceUserService = new WorkspaceUserService()
            const workspaceUser = await workspaceUserService.updateWorkspaceUser(req.body, queryRunner)
            return res.status(StatusCodes.OK).json(workspaceUser)
        } catch (error) {
            if (queryRunner && queryRunner.isTransactionActive) await queryRunner.rollbackTransaction()
            next(error)
        } finally {
            if (queryRunner && !queryRunner.isReleased) await queryRunner.release()
        }
    }

    public async delete(req: Request, res: Response, next: NextFunction) {
        try {
            const query = req.query as Partial<WorkspaceUser>

            const workspaceUserService = new WorkspaceUserService()
            const workspaceUser = await workspaceUserService.deleteWorkspaceUser(query.workspaceId, query.userId)
            return res.status(StatusCodes.OK).json(workspaceUser)
        } catch (error) {
            next(error)
        }
    }
}