284313f908
Some checks are pending
Bidi Control Character Guard / bidi-control-guard (push) Waiting to run
Circular Dependency Check / Check for new circular dependencies (push) Waiting to run
Citus Migration Smoke / Combined migrations on single-node Citus (push) Waiting to run
E2E Fresh Install Tests / fresh-install-e2e (push) Waiting to run
ext-v2 guardrails / Run ext-v2 guard and ESLint (push) Waiting to run
Integration Tests / Check for relevant changes (push) Waiting to run
Integration Tests / ${{ (github.event_name == 'schedule' || github.event.inputs.suite == 'full') && 'Full integration suite' || 'Tier-1 integration subset' }} (push) Blocked by required conditions
Mobile checks / Mobile lint + typecheck (push) Waiting to run
Mobile checks / Mobile unit tests (push) Waiting to run
Mobile checks / Mobile dependency audit (report) (push) Waiting to run
Mobile checks / Mobile reproducibility checks (push) Waiting to run
Secrets guard (env backups) / Ensure no tracked env backup files (push) Waiting to run
Temporal Readiness / fast-readiness (push) Waiting to run
Temporal Readiness / docker-parity (push) Waiting to run
TypeScript Type Check / Nx affected typecheck (push) Waiting to run
Unit Tests / Skipped-test budget (push) Waiting to run
Unit Tests / Nx affected unit tests (push) Waiting to run
Unit Tests / Server unit coverage (informational) (push) Waiting to run
Validate Tenant Management Schema / Check for relevant changes (push) Waiting to run
Validate Tenant Management Schema / Validate Tenant Management Schema (push) Blocked by required conditions
EE Workflows Build Guard / ee-workflows-build-guard (push) Waiting to run
Excluded: .git, node_modules, secrets/, compose.env, assemblyscript tgz Source: /opt/alga-psa on psa.joliet.tech
26 lines
1.0 KiB
TypeScript
26 lines
1.0 KiB
TypeScript
import { getAdminConnection } from '@alga-psa/db/admin';
|
|
import { resolveProductCode } from '@alga-psa/types';
|
|
|
|
export class ProductAccessError extends Error {
|
|
public readonly status = 403;
|
|
public readonly code = 'PRODUCT_ACCESS_DENIED';
|
|
public readonly capability: string;
|
|
public readonly productCode: string | null;
|
|
|
|
constructor(capability: string, productCode: string | null, message?: string) {
|
|
super(message ?? `Product access denied for capability "${capability}"`);
|
|
this.name = 'ProductAccessError';
|
|
this.capability = capability;
|
|
this.productCode = productCode;
|
|
}
|
|
}
|
|
|
|
export async function assertPsaOnlyTenantAccess(tenantId: string, capability: string): Promise<void> {
|
|
const admin = await getAdminConnection();
|
|
const row = await admin('tenants').where({ tenant: tenantId }).select('product_code').first();
|
|
const resolved = resolveProductCode(row?.product_code);
|
|
if (resolved.isMisconfigured || resolved.productCode !== 'psa') {
|
|
throw new ProductAccessError(capability, row?.product_code ?? null);
|
|
}
|
|
}
|