/** * RepositoryPermission model - grants access to repositories */ import * as plugins from '../plugins.ts'; import type { IRepositoryPermission, TRepositoryRole } from '../interfaces/auth.interfaces.ts'; import { getDb } from './db.ts'; @plugins.smartdata.Collection(() => getDb()) export class RepositoryPermission extends plugins.smartdata.SmartDataDbDoc implements IRepositoryPermission { @plugins.smartdata.unI() public id: string = ''; @plugins.smartdata.svDb() @plugins.smartdata.index() public repositoryId: string = ''; @plugins.smartdata.svDb() @plugins.smartdata.index() public teamId?: string; @plugins.smartdata.svDb() @plugins.smartdata.index() public userId?: string; @plugins.smartdata.svDb() public role: TRepositoryRole = 'reader'; @plugins.smartdata.svDb() @plugins.smartdata.index() public createdAt: Date = new Date(); @plugins.smartdata.svDb() public grantedById: string = ''; /** * Grant permission to a user */ public static async grantToUser(data: { repositoryId: string; userId: string; role: TRepositoryRole; grantedById: string; }): Promise { // Check for existing permission const existing = await RepositoryPermission.getInstance({ repositoryId: data.repositoryId, userId: data.userId, }); if (existing) { // Update existing permission existing.role = data.role; await existing.save(); return existing; } const perm = new RepositoryPermission(); perm.id = await RepositoryPermission.getNewId(); perm.repositoryId = data.repositoryId; perm.userId = data.userId; perm.role = data.role; perm.grantedById = data.grantedById; perm.createdAt = new Date(); await perm.save(); return perm; } /** * Grant permission to a team */ public static async grantToTeam(data: { repositoryId: string; teamId: string; role: TRepositoryRole; grantedById: string; }): Promise { // Check for existing permission const existing = await RepositoryPermission.getInstance({ repositoryId: data.repositoryId, teamId: data.teamId, }); if (existing) { // Update existing permission existing.role = data.role; await existing.save(); return existing; } const perm = new RepositoryPermission(); perm.id = await RepositoryPermission.getNewId(); perm.repositoryId = data.repositoryId; perm.teamId = data.teamId; perm.role = data.role; perm.grantedById = data.grantedById; perm.createdAt = new Date(); await perm.save(); return perm; } /** * Get user's direct permission on repository */ public static async getUserPermission( repositoryId: string, userId: string ): Promise { return await RepositoryPermission.getInstance({ repositoryId, userId, }); } /** * Get team's permission on repository */ public static async getTeamPermission( repositoryId: string, teamId: string ): Promise { return await RepositoryPermission.getInstance({ repositoryId, teamId, }); } /** * Get all permissions for a repository */ public static async getRepoPermissions(repositoryId: string): Promise { return await RepositoryPermission.getInstances({ repositoryId, }); } /** * Get all permissions for user's teams on a repository */ public static async getTeamPermissionsForRepo( repositoryId: string, teamIds: string[] ): Promise { if (teamIds.length === 0) return []; return await RepositoryPermission.getInstances({ repositoryId, teamId: { $in: teamIds } as unknown as string, }); } /** * Lifecycle hook */ public async beforeSave(): Promise { if (!this.id) { this.id = await RepositoryPermission.getNewId(); } } }