fix: update permission name

graphql-hive · Oct 22, 2024 · fb1236f · fb1236f
1 parent 865eab1
commit fb1236f
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 7 deletions.
diff --git a/integration-tests/tests/api/oidc-integrations/crud.spec.ts b/integration-tests/tests/api/oidc-integrations/crud.spec.ts
@@ -150,7 +150,7 @@ describe('create', () => {
  expect(errors).toEqual(
  expect.arrayContaining([
  expect.objectContaining({
- message: `No access (reason: "Missing organization:integrations permission")`,
+ message: `No access (reason: "Missing permission for performing 'oidc:modify' on resource")`,
  }),
  ]),
  );
@@ -545,7 +545,7 @@ describe('delete', () => {
  expect(errors).toEqual(
  expect.arrayContaining([
  expect.objectContaining({
- message: `No access (reason: "Missing organization:integrations permission")`,
+ message: `No access (reason: "Missing permission for performing 'oidc:modify' on resource")`,
  }),
  ]),
  );
@@ -742,7 +742,7 @@ describe('update', () => {
  expect(errors).toEqual(
  expect.arrayContaining([
  expect.objectContaining({
- message: `No access (reason: "Missing organization:integrations permission")`,
+ message: `No access (reason: "Missing permission for performing 'oidc:modify' on resource")`,
  }),
  ]),
  );

diff --git a/packages/services/api/src/modules/auth/lib/authz.ts b/packages/services/api/src/modules/auth/lib/authz.ts
@@ -103,7 +103,7 @@ export abstract class Session {
  for (const action of actions) {
  if (isActionMatch(action, args.action)) {
  if (permission.effect === 'deny') {
- throw new AccessError(`Missing permissions '${args.action}' on resource.`);
+ throw new AccessError(`Missing permission for performing '${args.action}' on resource`);
  } else {
  isAllowed = true;
  }
@@ -112,7 +112,7 @@ export abstract class Session {
  }
 
  if (!isAllowed) {
- throw new AccessError(`Missing permissions '${args.action}' on resource.`);
+ throw new AccessError(`Missing permission for performing '${args.action}' on resource`);
  }
  }
 }
@@ -235,7 +235,8 @@ const actionDefinitions = {
  'project:delete': defaultProjectIdentity,
  'alert:modify': defaultProjectIdentity,
  'project:updateSlug': defaultProjectIdentity,
- 'schemaLinting:manage': defaultProjectIdentity,
+ 'schemaLinting:manageOrganization': defaultProjectIdentity,
+ 'schemaLinting:manageProject': defaultProjectIdentity,
  'target:create': defaultProjectIdentity,
  'target:delete': defaultTargetIdentity,
  'schemaCheck:create': schemaCheckOrPublishIdentity,

diff --git a/packages/services/api/src/modules/auth/lib/legacy-permissions.ts b/packages/services/api/src/modules/auth/lib/legacy-permissions.ts
@@ -21,6 +21,7 @@ export function transformLegacyPolicies(
  action: ['support:manageTickets'],
  resource: [`hrn:${organizationId}:*`],
  });
+ break;
  }
  case OrganizationAccessScope.SETTINGS: {
  policies.push({

diff --git a/packages/services/api/src/modules/auth/lib/supertokens-strategy.ts b/packages/services/api/src/modules/auth/lib/supertokens-strategy.ts
@@ -1,8 +1,8 @@
 import SessionNode from 'supertokens-node/recipe/session/index.js';
 import * as zod from 'zod';
-import { User } from '@hive/api';
 import type { FastifyReply, FastifyRequest, ServiceLogger } from '@hive/service-common';
 import { captureException } from '@sentry/node';
+import type { User } from '../../../shared/entities';
 import { AccessError, HiveError } from '../../../shared/errors';
 import { isUUID } from '../../../shared/is-uuid';
 import type { Storage } from '../../shared/providers/storage';