feat(core): update application organization role apis

2025-01-13 21:30:30 -05:00 · 2024-06-22 23:17:05 +08:00 · 2024-06-22 23:17:05 +08:00 · 754d0e1340
commit 754d0e1340
parent 12cd49f903
13 changed files with 212 additions and 26 deletions
--- a/.changeset/fresh-gorillas-obey.md
+++ b/.changeset/fresh-gorillas-obey.md
@ -0,0 +1,7 @@
 ---
 "@logto/core": minor
 ---
 pagination is now optional for `GET /api/organizations/:id/users/:userId/roles`
 The default pagination is now removed. This isn't considered a breaking change, but we marked it as minor to get your attention. 
--- a/packages/core/src/routes/organization-role/index.ts
+++ b/packages/core/src/routes/organization-role/index.ts
@ -60,9 +60,7 @@ export default function organizationRoleRoutes<T extends ManagementApiRouter>(
    }),
    async (ctx, next) => {
      const { limit, offset } = ctx.pagination;
      const search = parseSearchOptions(organizationRoleSearchKeys, ctx.guard.query);
      const [count, entities] = await roles.findAll(limit, offset, search);
      ctx.pagination.totalCount = count;
--- a/packages/core/src/routes/organization/application/index.openapi.json
+++ b/packages/core/src/routes/organization/application/index.openapi.json
@ -82,6 +82,37 @@
        }
      }
    },
    "/api/organizations/{id}/applications/roles": {
      "post": {
        "tags": ["Dev feature"],
        "summary": "Assign roles to applications in an organization",
        "description": "Assign roles to applications in the specified organization.",
        "requestBody": {
          "content": {
            "application/json": {
              "schema": {
                "properties": {
                  "applicationIds": {
                    "description": "An array of application IDs to assign roles to."
                  },
                  "organizationRoleIds": {
                    "description": "An array of organization role IDs to assign to the applications."
                  }
                }
              }
            }
          }
        },
        "responses": {
          "201": {
            "description": "Roles were assigned to the applications successfully."
          },
          "422": {
            "description": "At least one of the IDs provided is not valid. For example, the organization ID, application ID, or organization role ID does not exist; the application is not a member of the organization; or the role type is not assignable to the application."
          }
        }
      }
    },
    "/api/organizations/{id}/applications/{applicationId}/roles": {
      "get": {
        "tags": ["Dev feature"],
--- a/packages/core/src/routes/organization/application/index.ts
+++ b/packages/core/src/routes/organization/application/index.ts
@ -54,6 +54,35 @@ export default function applicationRoutes(
      }
    );
    router.post(
      '/:id/applications/roles',
      koaGuard({
        params: z.object({ id: z.string().min(1) }),
        body: z.object({
          applicationIds: z.string().min(1).array().nonempty(),
          organizationRoleIds: z.string().min(1).array().nonempty(),
        }),
        status: [201, 422],
      }),
      async (ctx, next) => {
        const { id } = ctx.guard.params;
        const { applicationIds, organizationRoleIds } = ctx.guard.body;
        await organizations.relations.appsRoles.insert(
          ...organizationRoleIds.flatMap((organizationRoleId) =>
            applicationIds.map((applicationId) => ({
              organizationId: id,
              applicationId,
              organizationRoleId,
            }))
          )
        );
        ctx.status = 201;
        return next();
      }
    );
    // MARK: Organization - application role relation routes
    applicationRoleRelationRoutes(router, organizations);
  }
--- a/packages/core/src/routes/organization/application/role-relations.ts
+++ b/packages/core/src/routes/organization/application/role-relations.ts
@ -35,7 +35,7 @@ export default function applicationRoleRelationRoutes(
  router.get(
    pathname,
-    koaPagination(),
+    koaPagination({ isOptional: true }),
    koaGuard({
      params: z.object(params),
      response: OrganizationRoles.guard.array(),
@ -49,10 +49,14 @@ export default function applicationRoleRelationRoutes(
        {
          organizationId: id,
          applicationId,
-        }
+        },
        ctx.pagination.disabled ? undefined : ctx.pagination
      );
-      ctx.pagination.totalCount = totalCount;
+      if (!ctx.pagination.disabled) {
        ctx.pagination.totalCount = totalCount;
      }
      ctx.body = entities;
      return next();
    }
--- a/packages/core/src/routes/organization/user/index.openapi.json
+++ b/packages/core/src/routes/organization/user/index.openapi.json
@ -91,7 +91,7 @@
    "/api/organizations/{id}/users/roles": {
      "post": {
        "summary": "Assign roles to organization user members",
-        "description": "Assign roles to user members of the specified organization with the given data.",
+        "description": "Assign roles to user members of the specified organization.",
        "requestBody": {
          "content": {
            "application/json": {
@ -113,7 +113,7 @@
            "description": "Roles were assigned to organization users successfully."
          },
          "422": {
-            "description": "At least one of the IDs provided is not valid. For example, the organization ID, user ID, or organization role ID does not exist; the user is not a member of the organization."
+            "description": "At least one of the IDs provided is not valid. For example, the organization ID, user ID, or organization role ID does not exist; the user is not a member of the organization; or the role type is not assignable to the user."
          }
        }
      }
--- a/packages/core/src/routes/organization/user/role-relations.ts
+++ b/packages/core/src/routes/organization/user/role-relations.ts
@ -39,7 +39,7 @@ export default function userRoleRelationRoutes(
  router.get(
    pathname,
-    koaPagination(),
+    koaPagination({ isOptional: true }),
    koaGuard({
      params: z.object(params),
      response: OrganizationRoles.guard.array(),
@ -54,10 +54,12 @@ export default function userRoleRelationRoutes(
          organizationId: id,
          userId,
        },
-        ctx.pagination
+        ctx.pagination.disabled ? undefined : ctx.pagination
      );
-      ctx.pagination.totalCount = totalCount;
+      if (!ctx.pagination.disabled) {
        ctx.pagination.totalCount = totalCount;
      }
      ctx.body = entities;
      return next();
    }
--- a/packages/integration-tests/src/api/organization.ts
+++ b/packages/integration-tests/src/api/organization.ts
@ -36,6 +36,16 @@ export class OrganizationApi extends ApiFactory<Organization, Omit<CreateOrganiz
    return super.getList(query) as Promise<OrganizationWithFeatured[]>;
  }
  async addApplicationsRoles(
    id: string,
    applicationIds: string[],
    organizationRoleIds: string[]
  ): Promise<void> {
    await authedAdminApi.post(`${this.path}/${id}/applications/roles`, {
      json: { applicationIds, organizationRoleIds },
    });
  }
  async addUsers(id: string, userIds: string[]): Promise<void> {
    await authedAdminApi.post(`${this.path}/${id}/users`, { json: { userIds } });
  }
@ -68,9 +78,9 @@ export class OrganizationApi extends ApiFactory<Organization, Omit<CreateOrganiz
    });
  }
-  async getUserRoles(id: string, userId: string): Promise<OrganizationRole[]> {
+  async getUserRoles(id: string, userId: string, query?: Query): Promise<OrganizationRole[]> {
    return authedAdminApi
-      .get(`${this.path}/${id}/users/${userId}/roles`)
+      .get(`${this.path}/${id}/users/${userId}/roles`, { searchParams: query })
      .json<OrganizationRole[]>();
  }
@ -98,9 +108,24 @@ export class OrganizationApi extends ApiFactory<Organization, Omit<CreateOrganiz
    });
  }
-  async getApplicationRoles(id: string, applicationId: string): Promise<OrganizationRole[]> {
+  async getApplicationRoles(
    id: string,
    applicationId: string,
    page?: number,
    pageSize?: number
  ): Promise<OrganizationRole[]> {
    const search = new URLSearchParams();
    if (page) {
      search.set('page', String(page));
    }
    if (pageSize) {
      search.set('page_size', String(pageSize));
    }
    return authedAdminApi
-      .get(`${this.path}/${id}/applications/${applicationId}/roles`)
+      .get(`${this.path}/${id}/applications/${applicationId}/roles`, { searchParams: search })
      .json<OrganizationRole[]>();
  }
--- a/packages/integration-tests/src/helpers/organization.ts
+++ b/packages/integration-tests/src/helpers/organization.ts
@ -137,10 +137,12 @@ export class OrganizationApiTest extends OrganizationApi {
   * when they are deleted by other tests.
   */
  async cleanUp(): Promise<void> {
-    await Promise.all(
+    await Promise.all([
      // Use `trySafe` to avoid error when organization is deleted by other tests.
-      this.organizations.map(async (organization) => trySafe(this.delete(organization.id)))
+      ...this.organizations.map(async (organization) => trySafe(this.delete(organization.id))),
-    );
+      this.roleApi.cleanUp(),
      this.scopeApi.cleanUp(),
    ]);
    this.#organizations = [];
  }
 }
--- a/packages/integration-tests/src/tests/api/hook/hook.trigger.data.test.ts
+++ b/packages/integration-tests/src/tests/api/hook/hook.trigger.data.test.ts
@ -340,7 +340,7 @@ describe('organization role data hook events', () => {
  });
  afterAll(async () => {
-    await organizationScopeApi.cleanUp();
+    await Promise.all([organizationScopeApi.cleanUp(), roleApi.cleanUp()]);
  });
  it.each(organizationRoleDataHookTestCases)(
--- a/packages/integration-tests/src/tests/api/interaction/consent/happy-path.test.ts
+++ b/packages/integration-tests/src/tests/api/interaction/consent/happy-path.test.ts
@ -152,11 +152,9 @@ describe('consent api', () => {
  });
  describe('get consent info with organization resource scopes', () => {
    const roleApi = new OrganizationRoleApiTest();
    const organizationApi = new OrganizationApiTest();
    afterEach(async () => {
      await roleApi.cleanUp();
      await organizationApi.cleanUp();
    });
@ -167,7 +165,7 @@ describe('consent api', () => {
      const resource = await createResource(generateResourceName(), generateResourceIndicator());
      const scope = await createScope(resource.id, generateScopeName());
      const scope2 = await createScope(resource.id, generateScopeName());
-      const role = await roleApi.create({
+      const role = await organizationApi.roleApi.create({
        name: generateRoleName(),
        resourceScopeIds: [scope.id],
      });
@ -219,7 +217,7 @@ describe('consent api', () => {
      const resource = await createResource(generateResourceName(), generateResourceIndicator());
      const scope = await createScope(resource.id, generateScopeName());
-      const role = await roleApi.create({
+      const role = await organizationApi.roleApi.create({
        name: generateRoleName(),
        resourceScopeIds: [scope.id],
      });
@ -397,10 +395,12 @@ describe('consent api', () => {
      // Scope2 is removed because organization2 is not consented
      expect(getAccessTokenPayload(accessToken)).toHaveProperty('scope', scope.name);
-      await roleApi.cleanUp();
+      await Promise.all([
-      await organizationApi.cleanUp();
+        roleApi.cleanUp(),
-      await deleteResource(resource.id);
+        organizationApi.cleanUp(),
-      await deleteUser(user.id);
+        deleteResource(resource.id),
        deleteUser(user.id),
      ]);
    });
  });
--- a/packages/integration-tests/src/tests/api/organization/organization-application.test.ts
+++ b/packages/integration-tests/src/tests/api/organization/organization-application.test.ts
@ -259,5 +259,59 @@ devFeatureTest.describe('organization application APIs', () => {
        expect.objectContaining({ code: 'entity.db_constraint_violated' })
      );
    });
    it('should be able to assign multiple roles to multiple applications', async () => {
      const organization = await organizationApi.create({ name: 'test' });
      const roles = await Promise.all(
        Array.from({ length: 30 }).map(async () =>
          organizationApi.roleApi.create({
            name: `test-${generateTestName()}`,
            type: RoleType.MachineToMachine,
          })
        )
      );
      const applications = await Promise.all(
        Array.from({ length: 3 }).map(async () =>
          createApplication(generateTestName(), ApplicationType.MachineToMachine)
        )
      );
      await organizationApi.applications.add(
        organization.id,
        applications.map(({ id }) => id)
      );
      await organizationApi.addApplicationsRoles(
        organization.id,
        applications.map(({ id }) => id),
        roles.map(({ id }) => id)
      );
      const fetchedRoles = await Promise.all(
        applications.map(async ({ id }) => organizationApi.getApplicationRoles(organization.id, id))
      );
      expect(fetchedRoles).toEqual(
        Array.from({ length: 3 }).map(() =>
          expect.arrayContaining(roles.map((role) => expect.objectContaining(role)))
        )
      );
      // Test pagination
      const fetchedRoles1 = await organizationApi.getApplicationRoles(
        organization.id,
        applications[0]!.id,
        1,
        20
      );
      const fetchedRoles2 = await organizationApi.getApplicationRoles(
        organization.id,
        applications[0]!.id,
        2,
        10
      );
      expect(fetchedRoles1).toHaveLength(20);
      expect(fetchedRoles2).toHaveLength(10);
      expect(roles).toEqual(expect.arrayContaining(fetchedRoles1));
      expect(roles).toEqual(expect.arrayContaining(fetchedRoles2));
    });
  });
 });
--- a/packages/integration-tests/src/tests/api/organization/organization-user.test.ts
+++ b/packages/integration-tests/src/tests/api/organization/organization-user.test.ts
@ -307,6 +307,40 @@ describe('organization user APIs', () => {
        expect.objectContaining({ code: 'entity.db_constraint_violated' })
      );
    });
    it('should be able to get organization roles for a user with or without pagination', async () => {
      const organization = await organizationApi.create({ name: 'test' });
      const user = await userApi.create({ username: generateTestName() });
      const roles = await Promise.all(
        Array.from({ length: 30 }).map(async () => roleApi.create({ name: generateTestName() }))
      );
      await organizationApi.addUsers(organization.id, [user.id]);
      await organizationApi.addUserRoles(
        organization.id,
        user.id,
        roles.map(({ id }) => id)
      );
      const roles1 = await organizationApi.getUserRoles(organization.id, user.id, {
        page: 1,
        page_size: 20,
      });
      const roles2 = await organizationApi.getUserRoles(organization.id, user.id, {
        page: 2,
        page_size: 10,
      });
      expect(roles1).toHaveLength(20);
      expect(roles2).toHaveLength(10);
      expect(roles2[0]?.id).toBe(roles1[10]?.id);
      expect(roles).toEqual(expect.arrayContaining(roles1));
      expect(roles).toEqual(expect.arrayContaining(roles2));
      const allRoles = await organizationApi.getUserRoles(organization.id, user.id);
      expect(allRoles).toHaveLength(30);
      expect(allRoles).toEqual(expect.arrayContaining(roles));
    });
  });
  describe('organization - user - organization role - organization scopes relation', () => {