Merge pull request #3235 from SeedCompany/finish-actor

Author: CarsonF

src/common/resource.dto.ts

@@ -85,6 +85,8 @@ export type ResourceRelationsShape = ResourceShape<any>['Relations'];
 export class EnhancedResource<T extends ResourceShape<any>> {
   /** @internal */
   static readonly dbTypes = new WeakMap<ResourceShape<any>, $.$expr_PathNode>();
+  /** @internal */
+  static readonly dbSkipAccessPolicies = new Set<string>();
 
   private constructor(readonly type: T) {}
   private static readonly refs = new WeakMap<
@@ -255,6 +257,10 @@ export class EnhancedResource<T extends ResourceShape<any>> {
     return type as any;
   }
 
+  get generateAccessPolicies() {
+    return this.hasDB && !EnhancedResource.dbSkipAccessPolicies.has(this.dbFQN);
+  }
+
   get dbFQN(): ResourceShape<any> extends T ? string : DBName<DBType<T>> {
     return this.db.__element__.__name__ as any;
   }

src/components/admin/admin.edgedb.repository.ts

@@ -3,15 +3,15 @@ import { ID, Role } from '~/common';
 import { RootUserAlias } from '~/core/config/root-user.config';
 import { disableAccessPolicies, e, EdgeDB } from '~/core/edgedb';
 import { AuthenticationRepository } from '../authentication/authentication.repository';
-import { ActorRepository } from '../user/actor.repository';
+import { SystemAgentRepository } from '../user/system-agent.repository';
 
 @Injectable()
 export class AdminEdgeDBRepository {
   private readonly db: EdgeDB;
   constructor(
     edgedb: EdgeDB,
     readonly auth: AuthenticationRepository,
-    readonly actors: ActorRepository,
+    readonly agents: SystemAgentRepository,
   ) {
     this.db = edgedb.withOptions(disableAccessPolicies);
   }
@@ -38,7 +38,7 @@ export class AdminEdgeDBRepository {
   }
 
   async createRootUser(id: ID, email: string, passwordHash: string) {
-    const ghost = await this.actors.getGhost();
+    const ghost = await this.agents.getGhost();
 
     const newUser = e.insert(e.User, {
       id,
@@ -63,7 +63,7 @@ export class AdminEdgeDBRepository {
   }
 
   async updateEmail(id: ID, email: string) {
-    const ghost = await this.actors.getGhost();
+    const ghost = await this.agents.getGhost();
     const u = e.cast(e.User, e.uuid(id));
     const query = e.update(u, () => ({ set: { email } }));
     await this.db

src/components/authentication/authentication.service.ts

@@ -22,7 +22,7 @@ import { ForgotPassword } from '~/core/email/templates';
 import { Privileges } from '../authorization';
 import { rolesForScope, withoutScope } from '../authorization/dto';
 import { AssignableRoles } from '../authorization/dto/assignable-roles';
-import { ActorRepository } from '../user/actor.repository';
+import { SystemAgentRepository } from '../user/system-agent.repository';
 import { AuthenticationRepository } from './authentication.repository';
 import { CryptoService } from './crypto.service';
 import { LoginInput, RegisterInput, ResetPasswordInput } from './dto';
@@ -42,7 +42,7 @@ export class AuthenticationService {
     @Logger('authentication:service') private readonly logger: ILogger,
     private readonly repo: AuthenticationRepository,
     private readonly edgedb: EdgeDB,
-    private readonly actors: ActorRepository,
+    private readonly agents: SystemAgentRepository,
     private readonly moduleRef: ModuleRef,
   ) {}
 
@@ -121,7 +121,7 @@ export class AuthenticationService {
 
     const [result, anon] = await Promise.all([
       this.repo.resumeSession(token, impersonatee?.id),
-      this.actors.getAnonymous(),
+      this.agents.getAnonymous(),
     ]);
 
     if (!result) {

src/components/authorization/policy/edgedb-access-policy.generator.ts

@@ -17,6 +17,11 @@ export class EdgeDBAccessPolicyGenerator {
 
   makeSdl(params: AsEdgeQLParams<any>) {
     const { resource } = params;
+
+    if (!resource.generateAccessPolicies) {
+      return undefined;
+    }
+
     const actions = {
       select: 'read',
       'update read': 'read',

src/components/user/actor.loader.ts

@@ -0,0 +1,15 @@
+import { ID } from '~/common';
+import { LoaderFactory, SessionAwareLoaderStrategy } from '~/core';
+import { Actor } from './dto';
+import { UserService } from './user.service';
+
+@LoaderFactory(() => Actor)
+export class ActorLoader extends SessionAwareLoaderStrategy<Actor> {
+  constructor(private readonly users: UserService) {
+    super();
+  }
+
+  async loadMany(ids: readonly ID[]) {
+    return await this.users.readManyActors(ids, this.session);
+  }
+}

src/components/user/dto/actor.dto.ts

@@ -0,0 +1,55 @@
+import { InterfaceType, ObjectType } from '@nestjs/graphql';
+import { keys as keysOf } from 'ts-transformer-keys';
+import {
+  DataObject,
+  ID,
+  IdField,
+  NameField,
+  resolveByTypename,
+  Role,
+  SecuredProperty,
+  SecuredProps,
+} from '~/common';
+import { RegisterResource } from '~/core';
+import { e } from '~/core/edgedb';
+
+@RegisterResource({
+  db: e.Actor,
+  skipAccessPolicies: true,
+})
+@InterfaceType({
+  resolveType: resolveByTypename(Actor.name),
+})
+export class Actor extends DataObject {
+  static readonly Props: string[] = keysOf<Actor>();
+  static readonly SecuredProps: string[] = keysOf<SecuredProps<Actor>>();
+
+  @IdField()
+  readonly id: ID;
+}
+
+@ObjectType({
+  implements: [Actor],
+})
+export abstract class SystemAgent extends Actor {
+  __typename?: 'SystemAgent';
+
+  @NameField()
+  readonly name: string;
+
+  readonly roles: readonly Role[];
+}
+
+@ObjectType({
+  description: SecuredProperty.descriptionFor('a actor'),
+})
+export class SecuredActor extends SecuredProperty(Actor) {}
+
+declare module '~/core/resources/map' {
+  interface ResourceMap {
+    Actor: typeof Actor;
+  }
+  interface ResourceDBMap {
+    Actor: typeof e.Actor;
+  }
+}

src/components/user/dto/index.ts

@@ -1,3 +1,4 @@
+export * from './actor.dto';
 export * from './user.dto';
 export * from './list-users.dto';
 export * from './create-person.dto';

src/components/user/dto/user.dto.ts

@@ -1,6 +1,7 @@
 import { Field, ObjectType } from '@nestjs/graphql';
 import { keys as keysOf } from 'ts-transformer-keys';
 import {
+  DbLabel,
   DbUnique,
   IntersectTypes,
   NameField,
@@ -21,15 +22,17 @@ import { Pinnable } from '../../pin/dto';
 import { IProject as Project } from '../../project/dto';
 import { Education } from '../education/dto';
 import { Unavailability } from '../unavailability/dto';
+import { Actor } from './actor.dto';
 import { KnownLanguage } from './known-language.dto';
 import { SecuredUserStatus } from './user-status.enum';
 
-const Interfaces = IntersectTypes(Resource, Pinnable);
+const Interfaces = IntersectTypes(Resource, Actor, Pinnable);
 
 @RegisterResource({ db: e.User })
 @ObjectType({
   implements: Interfaces.members,
 })
+@DbLabel('User', 'Actor')
 export class User extends Interfaces {
   static readonly Props = keysOf<User>();
   static readonly SecuredProps = keysOf<SecuredProps<User>>();

src/components/user/migrations/add-actor-label.migration.ts

@@ -0,0 +1,13 @@
+import { BaseMigration, Migration } from '~/core/database';
+
+@Migration('2024-06-07T12:00:00')
+export class AddActorLabelMigration extends BaseMigration {
+  async up() {
+    await this.db.query().raw`
+      match (n)
+      where n:User or n:SystemAgent
+      set n:Actor
+      return count(n)
+    `.executeAndLogStats();
+  }
+}

src/components/user/actor.edgedb.repository.ts renamed to src/components/user/system-agent.edgedb.repository.ts

@@ -1,10 +1,10 @@
 import { Injectable } from '@nestjs/common';
 import { Role } from '~/common';
 import { disableAccessPolicies, EdgeDB, edgeql } from '~/core/edgedb';
-import { ActorRepository } from './actor.repository';
+import { SystemAgentRepository } from './system-agent.repository';
 
 @Injectable()
-export class ActorEdgeDBRepository extends ActorRepository {
+export class SystemAgentEdgeDBRepository extends SystemAgentRepository {
   private readonly db: EdgeDB;
   constructor(edgedb: EdgeDB) {
     super();