chore: 清理macOS同步产生的重复文件
详细说明: - 删除了352个带数字后缀的重复文件 - 更新.gitignore防止未来产生此类文件 - 这些文件是由iCloud或其他同步服务冲突产生的 - 不影响项目功能,仅清理冗余文件
This commit is contained in:
Yep_Q
@@ -1,43 +0,0 @@
|
||||
export const DEFAULT_OPERATIONS = ['create', 'read', 'update', 'delete', 'list'] as const;
|
||||
|
||||
export const RESOURCES = {
|
||||
annotationTag: [...DEFAULT_OPERATIONS] as const,
|
||||
auditLogs: ['manage'] as const,
|
||||
banner: ['dismiss'] as const,
|
||||
community: ['register'] as const,
|
||||
communityPackage: ['install', 'uninstall', 'update', 'list', 'manage'] as const,
|
||||
credential: ['share', 'move', ...DEFAULT_OPERATIONS] as const,
|
||||
externalSecretsProvider: ['sync', ...DEFAULT_OPERATIONS] as const,
|
||||
externalSecret: ['list', 'use'] as const,
|
||||
eventBusDestination: ['test', ...DEFAULT_OPERATIONS] as const,
|
||||
ldap: ['sync', 'manage'] as const,
|
||||
license: ['manage'] as const,
|
||||
logStreaming: ['manage'] as const,
|
||||
orchestration: ['read', 'list'] as const,
|
||||
project: [...DEFAULT_OPERATIONS] as const,
|
||||
saml: ['manage'] as const,
|
||||
securityAudit: ['generate'] as const,
|
||||
sourceControl: ['pull', 'push', 'manage'] as const,
|
||||
tag: [...DEFAULT_OPERATIONS] as const,
|
||||
user: ['resetPassword', 'changeRole', 'enforceMfa', ...DEFAULT_OPERATIONS] as const,
|
||||
variable: [...DEFAULT_OPERATIONS] as const,
|
||||
workersView: ['manage'] as const,
|
||||
workflow: ['share', 'execute', 'move', ...DEFAULT_OPERATIONS] as const,
|
||||
folder: [...DEFAULT_OPERATIONS, 'move'] as const,
|
||||
insights: ['list'] as const,
|
||||
oidc: ['manage'] as const,
|
||||
dataStore: [...DEFAULT_OPERATIONS, 'readRow', 'writeRow', 'listProject'] as const,
|
||||
} as const;
|
||||
|
||||
export const API_KEY_RESOURCES = {
|
||||
tag: [...DEFAULT_OPERATIONS] as const,
|
||||
workflow: [...DEFAULT_OPERATIONS, 'move', 'activate', 'deactivate'] as const,
|
||||
variable: ['create', 'update', 'delete', 'list'] as const,
|
||||
securityAudit: ['generate'] as const,
|
||||
project: ['create', 'update', 'delete', 'list'] as const,
|
||||
user: ['read', 'list', 'create', 'changeRole', 'delete', 'enforceMfa'] as const,
|
||||
execution: ['delete', 'read', 'list', 'get'] as const,
|
||||
credential: ['create', 'move', 'delete'] as const,
|
||||
sourceControl: ['pull'] as const,
|
||||
workflowTags: ['update', 'list'] as const,
|
||||
} as const;
|
||||
@@ -1,19 +0,0 @@
|
||||
export type * from './types.ee';
|
||||
export * from './constants.ee';
|
||||
|
||||
export * from './roles/scopes/global-scopes.ee';
|
||||
export * from './scope-information';
|
||||
export * from './roles/role-maps.ee';
|
||||
export * from './roles/all-roles';
|
||||
|
||||
export { projectRoleSchema } from './schemas.ee';
|
||||
|
||||
export { hasScope } from './utilities/has-scope.ee';
|
||||
export { hasGlobalScope } from './utilities/has-global-scope.ee';
|
||||
export { combineScopes } from './utilities/combine-scopes.ee';
|
||||
export { rolesWithScope } from './utilities/roles-with-scope.ee';
|
||||
export { getGlobalScopes } from './utilities/get-global-scopes.ee';
|
||||
export { getRoleScopes } from './utilities/get-role-scopes.ee';
|
||||
export { getResourcePermissions } from './utilities/get-resource-permissions.ee';
|
||||
export type { PermissionsRecord } from './utilities/get-resource-permissions.ee';
|
||||
export * from './public-api-permissions.ee';
|
||||
@@ -1,83 +0,0 @@
|
||||
import type { ApiKeyScope, GlobalRole } from './types.ee';
|
||||
|
||||
export const OWNER_API_KEY_SCOPES: ApiKeyScope[] = [
|
||||
'user:read',
|
||||
'user:list',
|
||||
'user:create',
|
||||
'user:changeRole',
|
||||
'user:delete',
|
||||
'user:enforceMfa',
|
||||
'sourceControl:pull',
|
||||
'securityAudit:generate',
|
||||
'project:create',
|
||||
'project:update',
|
||||
'project:delete',
|
||||
'project:list',
|
||||
'variable:create',
|
||||
'variable:delete',
|
||||
'variable:list',
|
||||
'variable:update',
|
||||
'tag:create',
|
||||
'tag:read',
|
||||
'tag:update',
|
||||
'tag:delete',
|
||||
'tag:list',
|
||||
'workflowTags:update',
|
||||
'workflowTags:list',
|
||||
'workflow:create',
|
||||
'workflow:read',
|
||||
'workflow:update',
|
||||
'workflow:delete',
|
||||
'workflow:list',
|
||||
'workflow:move',
|
||||
'workflow:activate',
|
||||
'workflow:deactivate',
|
||||
'execution:delete',
|
||||
'execution:read',
|
||||
'execution:list',
|
||||
'credential:create',
|
||||
'credential:move',
|
||||
'credential:delete',
|
||||
];
|
||||
|
||||
export const ADMIN_API_KEY_SCOPES: ApiKeyScope[] = OWNER_API_KEY_SCOPES;
|
||||
|
||||
export const MEMBER_API_KEY_SCOPES: ApiKeyScope[] = [
|
||||
'tag:create',
|
||||
'tag:read',
|
||||
'tag:update',
|
||||
'tag:list',
|
||||
'workflowTags:update',
|
||||
'workflowTags:list',
|
||||
'workflow:create',
|
||||
'workflow:read',
|
||||
'workflow:update',
|
||||
'workflow:delete',
|
||||
'workflow:list',
|
||||
'workflow:move',
|
||||
'workflow:activate',
|
||||
'workflow:deactivate',
|
||||
'execution:delete',
|
||||
'execution:read',
|
||||
'execution:list',
|
||||
'credential:create',
|
||||
'credential:move',
|
||||
'credential:delete',
|
||||
];
|
||||
|
||||
const MAP_ROLE_SCOPES: Record<GlobalRole, ApiKeyScope[]> = {
|
||||
'global:owner': OWNER_API_KEY_SCOPES,
|
||||
'global:admin': ADMIN_API_KEY_SCOPES,
|
||||
'global:member': MEMBER_API_KEY_SCOPES,
|
||||
};
|
||||
|
||||
export const getApiKeyScopesForRole = (role: GlobalRole) => {
|
||||
return MAP_ROLE_SCOPES[role];
|
||||
};
|
||||
|
||||
export const getOwnerOnlyApiKeyScopes = () => {
|
||||
const ownerScopes = new Set<ApiKeyScope>(MAP_ROLE_SCOPES['global:owner']);
|
||||
const memberScopes = new Set<ApiKeyScope>(MAP_ROLE_SCOPES['global:member']);
|
||||
memberScopes.forEach((item) => ownerScopes.delete(item));
|
||||
return Array.from(ownerScopes);
|
||||
};
|
||||
@@ -1,21 +0,0 @@
|
||||
import { z } from 'zod';
|
||||
|
||||
export const roleNamespaceSchema = z.enum(['global', 'project', 'credential', 'workflow']);
|
||||
|
||||
export const globalRoleSchema = z.enum(['global:owner', 'global:admin', 'global:member']);
|
||||
|
||||
export const assignableGlobalRoleSchema = globalRoleSchema.exclude([
|
||||
'global:owner', // Owner cannot be changed
|
||||
]);
|
||||
|
||||
export const personalRoleSchema = z.enum([
|
||||
'project:personalOwner', // personalOwner is only used for personal projects
|
||||
]);
|
||||
|
||||
export const teamRoleSchema = z.enum(['project:admin', 'project:editor', 'project:viewer']);
|
||||
|
||||
export const projectRoleSchema = z.enum([...personalRoleSchema.options, ...teamRoleSchema.options]);
|
||||
|
||||
export const credentialSharingRoleSchema = z.enum(['credential:owner', 'credential:user']);
|
||||
|
||||
export const workflowSharingRoleSchema = z.enum(['workflow:owner', 'workflow:editor']);
|
||||
@@ -1,21 +0,0 @@
|
||||
import { RESOURCES } from './constants.ee';
|
||||
import type { Scope, ScopeInformation } from './types.ee';
|
||||
|
||||
function buildResourceScopes() {
|
||||
const resourceScopes = Object.entries(RESOURCES).flatMap(([resource, operations]) => [
|
||||
...operations.map((op) => `${resource}:${op}` as const),
|
||||
`${resource}:*` as const,
|
||||
]) as Scope[];
|
||||
|
||||
resourceScopes.push('*' as const); // Global wildcard
|
||||
return resourceScopes;
|
||||
}
|
||||
|
||||
export const ALL_SCOPES = buildResourceScopes();
|
||||
|
||||
export const scopeInformation: Partial<Record<Scope, ScopeInformation>> = {
|
||||
'annotationTag:create': {
|
||||
displayName: 'Create Annotation Tag',
|
||||
description: 'Allows creating new annotation tags.',
|
||||
},
|
||||
};
|
||||
@@ -1,104 +0,0 @@
|
||||
import type { z } from 'zod';
|
||||
|
||||
import type { RESOURCES, API_KEY_RESOURCES } from './constants.ee';
|
||||
import type {
|
||||
assignableGlobalRoleSchema,
|
||||
credentialSharingRoleSchema,
|
||||
globalRoleSchema,
|
||||
projectRoleSchema,
|
||||
roleNamespaceSchema,
|
||||
teamRoleSchema,
|
||||
workflowSharingRoleSchema,
|
||||
} from './schemas.ee';
|
||||
|
||||
export type ScopeInformation = {
|
||||
displayName: string;
|
||||
description?: string | null;
|
||||
};
|
||||
|
||||
/** Represents a resource that can have permissions applied to it */
|
||||
export type Resource = keyof typeof RESOURCES;
|
||||
|
||||
/** A permission scope for a specific resource + operation combination */
|
||||
type ResourceScope<
|
||||
R extends Resource,
|
||||
Operation extends (typeof RESOURCES)[R][number] = (typeof RESOURCES)[R][number],
|
||||
> = `${R}:${Operation}`;
|
||||
|
||||
/** A wildcard scope applies to all operations on a resource or all resources */
|
||||
type WildcardScope = `${Resource}:*` | '*';
|
||||
|
||||
// This is purely an intermediary type.
|
||||
// If we tried to do use `ResourceScope<Resource>` directly we'd end
|
||||
// up with all resources having all scopes (e.g. `ldap:uninstall`).
|
||||
type AllScopesObject = {
|
||||
[R in Resource]: ResourceScope<R>;
|
||||
};
|
||||
|
||||
/** A permission scope in the system, either a specific resource:operation or a wildcard */
|
||||
export type Scope = AllScopesObject[Resource] | WildcardScope;
|
||||
|
||||
export type ScopeLevels = {
|
||||
global: Scope[];
|
||||
project?: Scope[];
|
||||
resource?: Scope[];
|
||||
};
|
||||
|
||||
export type MaskLevels = {
|
||||
sharing: Scope[];
|
||||
};
|
||||
|
||||
export type ScopeOptions = { mode: 'oneOf' | 'allOf' };
|
||||
|
||||
export type RoleNamespace = z.infer<typeof roleNamespaceSchema>;
|
||||
export type GlobalRole = z.infer<typeof globalRoleSchema>;
|
||||
export type AssignableGlobalRole = z.infer<typeof assignableGlobalRoleSchema>;
|
||||
export type CredentialSharingRole = z.infer<typeof credentialSharingRoleSchema>;
|
||||
export type WorkflowSharingRole = z.infer<typeof workflowSharingRoleSchema>;
|
||||
export type TeamProjectRole = z.infer<typeof teamRoleSchema>;
|
||||
export type ProjectRole = z.infer<typeof projectRoleSchema>;
|
||||
|
||||
/** Union of all possible role types in the system */
|
||||
export type AllRoleTypes = GlobalRole | ProjectRole | WorkflowSharingRole | CredentialSharingRole;
|
||||
|
||||
type RoleObject<T extends AllRoleTypes> = {
|
||||
role: T;
|
||||
name: string;
|
||||
description?: string | null;
|
||||
scopes: Scope[];
|
||||
licensed: boolean;
|
||||
};
|
||||
|
||||
export type AllRolesMap = {
|
||||
global: Array<RoleObject<GlobalRole>>;
|
||||
project: Array<RoleObject<ProjectRole>>;
|
||||
credential: Array<RoleObject<CredentialSharingRole>>;
|
||||
workflow: Array<RoleObject<WorkflowSharingRole>>;
|
||||
};
|
||||
|
||||
/**
|
||||
* Represents an authenticated entity in the system that can have specific permissions via a role.
|
||||
* @property role - The global role this principal has
|
||||
*/
|
||||
export type AuthPrincipal = {
|
||||
role: GlobalRole;
|
||||
};
|
||||
|
||||
// #region Public API
|
||||
type PublicApiKeyResources = keyof typeof API_KEY_RESOURCES;
|
||||
|
||||
type ApiKeyResourceScope<
|
||||
R extends PublicApiKeyResources,
|
||||
Operation extends (typeof API_KEY_RESOURCES)[R][number] = (typeof API_KEY_RESOURCES)[R][number],
|
||||
> = `${R}:${Operation}`;
|
||||
|
||||
// This is purely an intermediary type.
|
||||
// If we tried to do use `ResourceScope<Resource>` directly we'd end
|
||||
// up with all resources having all scopes.
|
||||
type AllApiKeyScopesObject = {
|
||||
[R in PublicApiKeyResources]: ApiKeyResourceScope<R>;
|
||||
};
|
||||
|
||||
export type ApiKeyScope = AllApiKeyScopesObject[PublicApiKeyResources];
|
||||
|
||||
// #endregion
|
||||
Reference in New Issue
Block a user