feat(gitlab): add builtin roles to GitLab

Signed-off-by: William Phetsinorath <william.phetsinorath-open@interieur.gouv.fr>

Author: shikanime

apps/server/src/utils/hook-wrapper.ts

@@ -142,14 +142,21 @@ const user = {
 const projectMember = {
   upsert: async (projectId: Project['id'], userId: ProjectMembers['userId']) => {
     const project = await getHookProjectInfos(projectId)
+    const projectStore = dbToObj(await getProjectStore(project.id))
+    const hookProject = transformToHookProject(project, projectStore)
     const store = dbToObj(await getAdminPlugin())
 
     const member = project.members.find(m => m.userId === userId)
     if (!member) throw new Error('Member not found')
 
     const memberRoles = project.roles
       .filter(role => member.roleIds.includes(role.id))
-      .map(role => ({ ...role, permissions: role.permissions.toString(), oidcGroup: role.oidcGroup ?? undefined }))
+      .map(role => ({
+        ...role,
+        permissions: role.permissions.toString(),
+        oidcGroup: role.oidcGroup ?? undefined,
+        project: hookProject,
+      }))
 
     const payload = {
       userId: member.userId,
@@ -163,24 +170,28 @@ const projectMember = {
       lastLogin: member.user.lastLogin?.toISOString(),
       projectId: project.id,
       roles: memberRoles,
-      project: {
-        id: project.id,
-        slug: project.slug,
-      },
+      project: hookProject,
     }
 
     return hooks.upsertProjectMember.execute(payload, store)
   },
   delete: async (projectId: Project['id'], userId: ProjectMembers['userId']) => {
     const project = await getHookProjectInfos(projectId)
+    const projectStore = dbToObj(await getProjectStore(project.id))
+    const hookProject = transformToHookProject(project, projectStore)
     const store = dbToObj(await getAdminPlugin())
 
     const member = project.members.find(m => m.userId === userId)
     if (!member) throw new Error('Member not found')
 
     const memberRoles = project.roles
       .filter(role => member.roleIds.includes(role.id))
-      .map(role => ({ ...role, permissions: role.permissions.toString(), oidcGroup: role.oidcGroup ?? undefined }))
+      .map(role => ({
+        ...role,
+        permissions: role.permissions.toString(),
+        oidcGroup: role.oidcGroup ?? undefined,
+        project: hookProject,
+      }))
 
     const payload = {
       userId: member.userId,
@@ -194,10 +205,7 @@ const projectMember = {
       lastLogin: member.user.lastLogin?.toISOString(),
       projectId: project.id,
       roles: memberRoles,
-      project: {
-        id: project.id,
-        slug: project.slug,
-      },
+      project: hookProject,
     }
 
     return hooks.deleteProjectMember.execute(payload, store)
@@ -209,9 +217,14 @@ const projectRole = {
     const role = await getRole(roleId)
     if (!role) throw new Error('Role not found')
 
+    const project = await getHookProjectInfos(role.projectId)
+    const projectStore = dbToObj(await getProjectStore(role.projectId))
+    const hookProject = transformToHookProject(project, projectStore)
+
     const rolePayload = {
       ...role,
       permissions: role.permissions.toString(),
+      project: hookProject,
     }
     const store = dbToObj(await getAdminPlugin())
     return hooks.upsertProjectRole.execute(rolePayload, store)
@@ -220,9 +233,14 @@ const projectRole = {
     const role = await getRole(roleId)
     if (!role) throw new Error('Role not found')
 
+    const project = await getHookProjectInfos(role.projectId)
+    const projectStore = dbToObj(await getProjectStore(role.projectId))
+    const hookProject = transformToHookProject(project, projectStore)
+
     const rolePayload = {
       ...role,
       permissions: role.permissions.toString(),
+      project: hookProject,
     }
     const store = dbToObj(await getAdminPlugin())
     return hooks.deleteProjectRole.execute(rolePayload, store)

packages/hooks/src/hooks/hook-project-member.ts

@@ -1,14 +1,16 @@
-import type { ProjectMember, ProjectRole } from '@cpn-console/shared'
+import type { ProjectRole } from './hook-project-role.js'
+import type { Project } from './hook-project.js'
 import type { Hook } from './hook.js'
 import { createHook } from './hook.js'
 
-export type ProjectMemberPayload = ProjectMember & {
+export interface ProjectMember {
+  userId: string
+  email: string
+  firstName: string
+  lastName: string
   roles: ProjectRole[]
-  project: {
-    id: string
-    slug: string
-  }
+  project: Project
 }
 
-export const upsertProjectMember: Hook<ProjectMemberPayload> = createHook()
-export const deleteProjectMember: Hook<ProjectMemberPayload> = createHook()
+export const upsertProjectMember: Hook<ProjectMember> = createHook()
+export const deleteProjectMember: Hook<ProjectMember> = createHook()

packages/hooks/src/hooks/hook-project-role.ts

@@ -1,6 +1,17 @@
-import type { ProjectRole } from '@cpn-console/shared'
+import type { Project } from './hook-project.js'
 import type { Hook } from './hook.js'
 import { createHook } from './hook.js'
 
+export interface ProjectRole {
+  id: string
+  name: string
+  permissions: string
+  projectId: string
+  position: number
+  type?: string
+  oidcGroup?: string
+  project: Project
+}
+
 export const upsertProjectRole: Hook<ProjectRole> = createHook()
 export const deleteProjectRole: Hook<ProjectRole> = createHook()

plugins/gitlab/src/class.ts

@@ -1,5 +1,5 @@
 import { createHash } from 'node:crypto'
-import { PluginApi, type Project, type UniqueRepo } from '@cpn-console/hooks'
+import { PluginApi, type Project, type UniqueRepo, type ProjectMember } from '@cpn-console/hooks'
 import type { AccessTokenScopes, CommitAction, GroupSchema, GroupStatisticsSchema, MemberSchema, ProjectVariableSchema, VariableSchema } from '@gitbeaker/rest'
 import type { AllRepositoryTreesOptions, CondensedProjectSchema, Gitlab, PaginationRequestOptions, ProjectSchema, RepositoryFileExpandedSchema, RepositoryTreeSchema } from '@gitbeaker/core'
 import { AccessLevel } from '@gitbeaker/core'
@@ -234,12 +234,12 @@ export class GitlabZoneApi extends GitlabApi {
 }
 
 export class GitlabProjectApi extends GitlabApi {
-  private project: Project | UniqueRepo
+  private project: Project | UniqueRepo | ProjectMember['project']
   private gitlabGroup: GroupSchema & { statistics: GroupStatisticsSchema } | undefined
   private specialRepositories: string[] = [infraAppsRepoName, internalMirrorRepoName]
   private zoneApi: GitlabZoneApi
 
-  constructor(project: Project | UniqueRepo) {
+  constructor(project: Project | UniqueRepo | ProjectMember['project']) {
     super()
     this.project = project
     this.api = getApi()
@@ -440,6 +440,11 @@ export class GitlabProjectApi extends GitlabApi {
     return this.api.GroupMembers.add(group.id, userId, accessLevel)
   }
 
+  public async editGroupMember(userId: number, accessLevel: AccessLevelAllowed = AccessLevel.DEVELOPER): Promise<MemberSchema> {
+    const group = await this.getOrCreateProjectGroup()
+    return this.api.GroupMembers.edit(group.id, userId, accessLevel)
+  }
+
   public async removeGroupMember(userId: number) {
     const group = await this.getOrCreateProjectGroup()
     return this.api.GroupMembers.remove(group.id, userId)