Release - auth fix (#4085)

* Admin gets COMMUNITY_ADD_MEMBER_VC_FROM_ACCOUNT (#4082) * Add COMMUNITY_ADD_MEMBER on Root Space (#4068) * Add COMMUNITY_ADD_MEMBER on Root Space * added privilege for VC addition from same account; updated logic to check for this * Fix SQL bug --------- Co-authored-by: Neil Smyth <[email protected]> * VC privileges for Account Host (#4066) * VC privileges for Account Host * Minor version bump * Fix auth propagation * Auth fix --------- Co-authored-by: Neil Smyth <[email protected]> Co-authored-by: Neil Smyth <[email protected]> * Minor version bump --------- Co-authored-by: Neil Smyth <[email protected]> Co-authored-by: Neil Smyth <[email protected]>
alkem-io · Jun 11, 2024 · 62b9dfc · 62b9dfc
1 parent 79ee8d8
commit 62b9dfc
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 3 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "alkemio-server",
-  "version": "0.78.9",
+  "version": "0.78.10",
   "description": "Alkemio server, responsible for managing the shared Alkemio platform",
   "author": "Alkemio Foundation",
   "private": false,

diff --git a/src/common/constants/authorization/policy.rule.constants.ts b/src/common/constants/authorization/policy.rule.constants.ts
@@ -26,3 +26,5 @@ export const PRIVILEGE_RULE_TYPES_INNOVATION_FLOW_UPDATE =
   'privilegeRuleTypes-innovationFlowUpdate';
 export const PRIVILEGE_RULE_READ_USER_SETTINGS =
   'privilegeRule-readUserSettings';
+export const POLICY_RULE_VC_ADD_TO_COMMUNITY =
+  'policyRule-virtualContributorAddToCommunity';
diff --git a/src/domain/community/community/community.service.authorization.ts b/src/domain/community/community/community.service.authorization.ts
@@ -19,6 +19,7 @@ import {
   CREDENTIAL_RULE_TYPES_ACCESS_VIRTUAL_CONTRIBUTORS,
   CREDENTIAL_RULE_TYPES_COMMUNITY_ADD_MEMBERS,
   CREDENTIAL_RULE_TYPES_COMMUNITY_INVITE_MEMBERS,
+  POLICY_RULE_VC_ADD_TO_COMMUNITY,
 } from '@common/constants';
 import { InvitationExternalAuthorizationService } from '../invitation.external/invitation.external.service.authorization';
 import { InvitationAuthorizationService } from '../invitation/invitation.service.authorization';
@@ -31,6 +32,7 @@ import { ICommunityPolicy } from '../community-policy/community.policy.interface
 import { CommunityRole } from '@common/enums/community.role';
 import { LicenseEngineService } from '@core/license-engine/license.engine.service';
 import { LicensePrivilege } from '@common/enums/license.privilege';
+import { AuthorizationPolicyRulePrivilege } from '@core/authorization/authorization.policy.rule.privilege';
 
 @Injectable()
 export class CommunityAuthorizationService {
@@ -91,6 +93,10 @@ export class CommunityAuthorizationService {
         parentAuthorization
       );
 
+    community.authorization = this.appendPrivilegeRules(
+      community.authorization
+    );
+
     community.authorization = await this.extendAuthorizationPolicy(
       community.authorization,
       parentAuthorization?.anonymousReadAccess,
@@ -291,4 +297,19 @@ export class CommunityAuthorizationService {
 
     return updatedAuthorization;
   }
+
+  private appendPrivilegeRules(
+    authorization: IAuthorizationPolicy
+  ): IAuthorizationPolicy {
+    const createVCPrivilege = new AuthorizationPolicyRulePrivilege(
+      [AuthorizationPrivilege.COMMUNITY_ADD_MEMBER_VC_FROM_ACCOUNT],
+      AuthorizationPrivilege.GRANT,
+      POLICY_RULE_VC_ADD_TO_COMMUNITY
+    );
+
+    return this.authorizationPolicyService.appendPrivilegeAuthorizationRules(
+      authorization,
+      [createVCPrivilege]
+    );
+  }
 }