server/packages/kit/db/role.ts

import type {
    RolePermission,
    Role as RoleSchema,
} from "@versia/client/schemas";
import { config, ProxiableUrl } from "@versia-server/config";
import {
    and,
    desc,
    eq,
    type InferInsertModel,
    type InferSelectModel,
    inArray,
    type SQL,
} from "drizzle-orm";
import type { z } from "zod/v4";
import { db } from "../tables/db.ts";
import { Roles, RoleToUsers } from "../tables/schema.ts";
import { BaseInterface } from "./base.ts";

type RoleType = InferSelectModel<typeof Roles>;

export class Role extends BaseInterface<typeof Roles> {
    public static $type: RoleType;
    public static defaultRole = new Role({
        id: "default",
        name: "Default",
        permissions: config.permissions.default,
        priority: 0,
        description: "Default role for all users",
        visible: false,
        icon: null,
    });
    public static adminRole = new Role({
        id: "admin",
        name: "Admin",
        permissions: config.permissions.admin,
        priority: 2 ** 31 - 1,
        description: "Default role for all administrators",
        visible: false,
        icon: null,
    });

    public async reload(): Promise<void> {
        const reloaded = await Role.fromId(this.data.id);

        if (!reloaded) {
            throw new Error("Failed to reload role");
        }

        this.data = reloaded.data;
    }

    public static async fromId(id: string | null): Promise<Role | null> {
        if (!id) {
            return null;
        }

        return await Role.fromSql(eq(Roles.id, id));
    }

    public static async fromIds(ids: string[]): Promise<Role[]> {
        return await Role.manyFromSql(inArray(Roles.id, ids));
    }

    public static async fromSql(
        sql: SQL<unknown> | undefined,
        orderBy: SQL<unknown> | undefined = desc(Roles.id),
    ): Promise<Role | null> {
        const found = await db.query.Roles.findFirst({
            where: sql,
            orderBy,
        });

        if (!found) {
            return null;
        }
        return new Role(found);
    }

    public static async getAll(): Promise<Role[]> {
        return (await Role.manyFromSql(undefined)).concat(
            Role.defaultRole,
            Role.adminRole,
        );
    }

    public static async getUserRoles(
        userId: string,
        isAdmin: boolean,
    ): Promise<Role[]> {
        return (
            await db.query.RoleToUsers.findMany({
                where: (role): SQL | undefined => eq(role.userId, userId),
                with: {
                    role: true,
                    user: {
                        columns: {
                            isAdmin: true,
                        },
                    },
                },
            })
        )
            .map((r) => new Role(r.role))
            .concat(
                new Role({
                    id: "default",
                    name: "Default",
                    permissions: config.permissions.default,
                    priority: 0,
                    description: "Default role for all users",
                    visible: false,
                    icon: null,
                }),
            )
            .concat(
                isAdmin
                    ? [
                          new Role({
                              id: "admin",
                              name: "Admin",
                              permissions: config.permissions.admin,
                              priority: 2 ** 31 - 1,
                              description:
                                  "Default role for all administrators",
                              visible: false,
                              icon: null,
                          }),
                      ]
                    : [],
            );
    }

    public static async manyFromSql(
        sql: SQL<unknown> | undefined,
        orderBy: SQL<unknown> | undefined = desc(Roles.id),
        limit?: number,
        offset?: number,
        extra?: Parameters<typeof db.query.Roles.findMany>[0],
    ): Promise<Role[]> {
        const found = await db.query.Roles.findMany({
            where: sql,
            orderBy,
            limit,
            offset,
            with: extra?.with,
        });

        return found.map((s) => new Role(s));
    }

    public async update(newRole: Partial<RoleType>): Promise<RoleType> {
        await db.update(Roles).set(newRole).where(eq(Roles.id, this.id));

        const updated = await Role.fromId(this.data.id);

        if (!updated) {
            throw new Error("Failed to update role");
        }

        return updated.data;
    }

    public save(): Promise<RoleType> {
        return this.update(this.data);
    }

    public async delete(ids?: string[]): Promise<void> {
        if (Array.isArray(ids)) {
            await db.delete(Roles).where(inArray(Roles.id, ids));
        } else {
            await db.delete(Roles).where(eq(Roles.id, this.id));
        }
    }

    public static async insert(
        data: InferInsertModel<typeof Roles>,
    ): Promise<Role> {
        const inserted = (await db.insert(Roles).values(data).returning())[0];

        const role = await Role.fromId(inserted.id);

        if (!role) {
            throw new Error("Failed to insert role");
        }

        return role;
    }

    public async linkUser(userId: string): Promise<void> {
        await db.insert(RoleToUsers).values({
            userId,
            roleId: this.id,
        });
    }

    public async unlinkUser(userId: string): Promise<void> {
        await db
            .delete(RoleToUsers)
            .where(
                and(
                    eq(RoleToUsers.roleId, this.id),
                    eq(RoleToUsers.userId, userId),
                ),
            );
    }

    public get id(): string {
        return this.data.id;
    }

    public toApi(): z.infer<typeof RoleSchema> {
        return {
            id: this.id,
            name: this.data.name,
            permissions: this.data.permissions as unknown as RolePermission[],
            priority: this.data.priority,
            description: this.data.description ?? undefined,
            visible: this.data.visible,
            icon: this.data.icon
                ? new ProxiableUrl(this.data.icon).proxied
                : undefined,
        };
    }
}
chore: :arrow_up: Upgrade dependencies 2025-05-01 16:27:34 +02:00			`import type {`
			`RolePermission,`
			`Role as RoleSchema,`
			`} from "@versia/client/schemas";`
refactor: :truck: Organize code into sub-packages, instead of a single large package 2025-06-15 04:38:20 +02:00			`import { config, ProxiableUrl } from "@versia-server/config";`
feat(api): :sparkles: Add Roles API 2024-06-08 05:31:17 +02:00			`import {`
			`and,`
			`desc,`
			`eq,`
chore: :arrow_up: Upgrade to Biome 2.0 2025-04-10 19:15:31 +02:00			`type InferInsertModel,`
			`type InferSelectModel,`
feat(api): :sparkles: Add Roles API 2024-06-08 05:31:17 +02:00			`inArray,`
chore: :arrow_up: Upgrade to Biome 2.0 2025-04-10 19:15:31 +02:00			`type SQL,`
feat(api): :sparkles: Add Roles API 2024-06-08 05:31:17 +02:00			`} from "drizzle-orm";`
refactor: :arrow_up: Upgrade to Zod v4 and hono-openapi 0.5.0 2025-07-07 03:42:35 +02:00			`import type { z } from "zod/v4";`
refactor: :recycle: Rewrite build system to fit the monorepo architecture 2025-07-04 06:29:43 +02:00			`import { db } from "../tables/db.ts";`
			`import { Roles, RoleToUsers } from "../tables/schema.ts";`
refactor: :truck: Explicitely add extensions to all imports 2024-10-04 15:22:48 +02:00			`import { BaseInterface } from "./base.ts";`
chore: :arrow_up: Upgrade to Biome 2.0 2025-04-10 19:15:31 +02:00
refactor: :label: Move all types that represent ORM abstractions to ORM class static properties 2024-11-04 14:58:17 +01:00			`type RoleType = InferSelectModel<typeof Roles>;`
refactor(database): :art: Improve database handlers to have more consistent naming and methods 2024-06-13 02:45:07 +02:00
			`export class Role extends BaseInterface<typeof Roles> {`
refactor: :label: Move all types that represent ORM abstractions to ORM class static properties 2024-11-04 14:58:17 +01:00			`public static $type: RoleType;`
fix(media): :bug: Don't proxy media from trusted origins, use new ProxiedUrl class 2025-03-30 23:44:50 +02:00			`public static defaultRole = new Role({`
			`id: "default",`
			`name: "Default",`
			`permissions: config.permissions.default,`
			`priority: 0,`
			`description: "Default role for all users",`
			`visible: false,`
			`icon: null,`
			`});`
			`public static adminRole = new Role({`
			`id: "admin",`
			`name: "Admin",`
			`permissions: config.permissions.admin,`
			`priority: 2 ** 31 - 1,`
			`description: "Default role for all administrators",`
			`visible: false,`
			`icon: null,`
			`});`
refactor: :label: Move all types that represent ORM abstractions to ORM class static properties 2024-11-04 14:58:17 +01:00
refactor: :rotating_light: Always explicitely state member accessibility 2024-11-01 21:20:12 +01:00			`public async reload(): Promise<void> {`
refactor(database): :art: Improve database handlers to have more consistent naming and methods 2024-06-13 02:45:07 +02:00			`const reloaded = await Role.fromId(this.data.id);`

			`if (!reloaded) {`
			`throw new Error("Failed to reload role");`
			`}`

			`this.data = reloaded.data;`
			`}`
feat(api): :sparkles: Add Roles API 2024-06-08 05:31:17 +02:00
			`public static async fromId(id: string \| null): Promise<Role \| null> {`
refactor: :rotating_light: Turn every linter rule on and fix issues (there were a LOT :3) 2024-06-13 04:26:43 +02:00			`if (!id) {`
			`return null;`
			`}`
feat(api): :sparkles: Add Roles API 2024-06-08 05:31:17 +02:00
			`return await Role.fromSql(eq(Roles.id, id));`
			`}`

			`public static async fromIds(ids: string[]): Promise<Role[]> {`
			`return await Role.manyFromSql(inArray(Roles.id, ids));`
			`}`

			`public static async fromSql(`
			`sql: SQL<unknown> \| undefined,`
			`orderBy: SQL<unknown> \| undefined = desc(Roles.id),`
refactor: :recycle: Always use explicit types in every function 2024-11-02 00:43:33 +01:00			`): Promise<Role \| null> {`
feat(api): :sparkles: Add Roles API 2024-06-08 05:31:17 +02:00			`const found = await db.query.Roles.findFirst({`
			`where: sql,`
			`orderBy,`
			`});`

refactor: :rotating_light: Turn every linter rule on and fix issues (there were a LOT :3) 2024-06-13 04:26:43 +02:00			`if (!found) {`
			`return null;`
			`}`
feat(api): :sparkles: Add Roles API 2024-06-08 05:31:17 +02:00			`return new Role(found);`
			`}`

feat(api): :sparkles: Overhaul Role API, add ability to edit roles and assign/unassign them from any user 2024-11-26 15:27:39 +01:00			`public static async getAll(): Promise<Role[]> {`
			`return (await Role.manyFromSql(undefined)).concat(`
fix(media): :bug: Don't proxy media from trusted origins, use new ProxiedUrl class 2025-03-30 23:44:50 +02:00			`Role.defaultRole,`
			`Role.adminRole,`
feat(api): :sparkles: Overhaul Role API, add ability to edit roles and assign/unassign them from any user 2024-11-26 15:27:39 +01:00			`);`
			`}`

refactor: :recycle: Always use explicit types in every function 2024-11-02 00:43:33 +01:00			`public static async getUserRoles(`
			`userId: string,`
			`isAdmin: boolean,`
			`): Promise<Role[]> {`
feat(api): :sparkles: Add Roles API 2024-06-08 05:31:17 +02:00			`return (`
			`await db.query.RoleToUsers.findMany({`
refactor(database): :fire: Always import SQL operators directly from drizzle 2025-05-26 19:00:24 +02:00			`where: (role): SQL \| undefined => eq(role.userId, userId),`
feat(api): :sparkles: Add Roles API 2024-06-08 05:31:17 +02:00			`with: {`
			`role: true,`
fix(api): :bug: Add default role with default permissions in roles API 2024-06-10 04:14:36 +02:00			`user: {`
			`columns: {`
			`isAdmin: true,`
			`},`
			`},`
feat(api): :sparkles: Add Roles API 2024-06-08 05:31:17 +02:00			`},`
			`})`
fix(api): :bug: Add default role with default permissions in roles API 2024-06-10 04:14:36 +02:00			`)`
			`.map((r) => new Role(r.role))`
			`.concat(`
			`new Role({`
			`id: "default",`
			`name: "Default",`
			`permissions: config.permissions.default,`
			`priority: 0,`
			`description: "Default role for all users",`
			`visible: false,`
			`icon: null,`
			`}),`
			`)`
			`.concat(`
			`isAdmin`
			`? [`
			`new Role({`
			`id: "admin",`
			`name: "Admin",`
			`permissions: config.permissions.admin,`
			`priority: 2 ** 31 - 1,`
			`description:`
			`"Default role for all administrators",`
			`visible: false,`
			`icon: null,`
			`}),`
			`]`
			`: [],`
			`);`
feat(api): :sparkles: Add Roles API 2024-06-08 05:31:17 +02:00			`}`

			`public static async manyFromSql(`
			`sql: SQL<unknown> \| undefined,`
			`orderBy: SQL<unknown> \| undefined = desc(Roles.id),`
			`limit?: number,`
			`offset?: number,`
feat(api): :sparkles: Add permissions to every route and permission config 2024-06-08 06:57:29 +02:00			`extra?: Parameters<typeof db.query.Roles.findMany>[0],`
refactor: :recycle: Always use explicit types in every function 2024-11-02 00:43:33 +01:00			`): Promise<Role[]> {`
feat(api): :sparkles: Add Roles API 2024-06-08 05:31:17 +02:00			`const found = await db.query.Roles.findMany({`
			`where: sql,`
			`orderBy,`
			`limit,`
			`offset,`
			`with: extra?.with,`
			`});`

			`return found.map((s) => new Role(s));`
			`}`

refactor: :rotating_light: Always explicitely state member accessibility 2024-11-01 21:20:12 +01:00			`public async update(newRole: Partial<RoleType>): Promise<RoleType> {`
refactor(database): :art: Improve database handlers to have more consistent naming and methods 2024-06-13 02:45:07 +02:00			`await db.update(Roles).set(newRole).where(eq(Roles.id, this.id));`

			`const updated = await Role.fromId(this.data.id);`

			`if (!updated) {`
			`throw new Error("Failed to update role");`
			`}`

			`return updated.data;`
feat(api): :sparkles: Add Roles API 2024-06-08 05:31:17 +02:00			`}`

refactor: :rotating_light: Always explicitely state member accessibility 2024-11-01 21:20:12 +01:00			`public save(): Promise<RoleType> {`
refactor(database): :art: Improve database handlers to have more consistent naming and methods 2024-06-13 02:45:07 +02:00			`return this.update(this.data);`
feat(api): :sparkles: Add Roles API 2024-06-08 05:31:17 +02:00			`}`

refactor: :rotating_light: Always explicitely state member accessibility 2024-11-01 21:20:12 +01:00			`public async delete(ids?: string[]): Promise<void> {`
refactor(database): :art: Improve database handlers to have more consistent naming and methods 2024-06-13 02:45:07 +02:00			`if (Array.isArray(ids)) {`
			`await db.delete(Roles).where(inArray(Roles.id, ids));`
			`} else {`
			`await db.delete(Roles).where(eq(Roles.id, this.id));`
			`}`
			`}`

			`public static async insert(`
			`data: InferInsertModel<typeof Roles>,`
			`): Promise<Role> {`
			`const inserted = (await db.insert(Roles).values(data).returning())[0];`

			`const role = await Role.fromId(inserted.id);`

			`if (!role) {`
			`throw new Error("Failed to insert role");`
			`}`

			`return role;`
feat(api): :sparkles: Add Roles API 2024-06-08 05:31:17 +02:00			`}`

refactor: :recycle: Always use explicit types in every function 2024-11-02 00:43:33 +01:00			`public async linkUser(userId: string): Promise<void> {`
feat(api): :sparkles: Add Roles API 2024-06-08 05:31:17 +02:00			`await db.insert(RoleToUsers).values({`
			`userId,`
			`roleId: this.id,`
			`});`
			`}`

refactor: :recycle: Always use explicit types in every function 2024-11-02 00:43:33 +01:00			`public async unlinkUser(userId: string): Promise<void> {`
feat(api): :sparkles: Add Roles API 2024-06-08 05:31:17 +02:00			`await db`
			`.delete(RoleToUsers)`
			`.where(`
			`and(`
			`eq(RoleToUsers.roleId, this.id),`
			`eq(RoleToUsers.userId, userId),`
			`),`
			`);`
			`}`

refactor: :recycle: Always use explicit types in every function 2024-11-02 00:43:33 +01:00			`public get id(): string {`
refactor(database): :art: Improve database handlers to have more consistent naming and methods 2024-06-13 02:45:07 +02:00			`return this.data.id;`
feat(api): :sparkles: Add Roles API 2024-06-08 05:31:17 +02:00			`}`

refactor(api): :fire: Remove old @versia/client version 2025-03-22 18:04:47 +01:00			`public toApi(): z.infer<typeof RoleSchema> {`
feat(api): :sparkles: Add Roles API 2024-06-08 05:31:17 +02:00			`return {`
			`id: this.id,`
refactor(database): :art: Improve database handlers to have more consistent naming and methods 2024-06-13 02:45:07 +02:00			`name: this.data.name,`
refactor(api): :label: Replace API types with those from @lysand-org/client 2024-06-29 08:36:15 +02:00			`permissions: this.data.permissions as unknown as RolePermission[],`
refactor(database): :art: Improve database handlers to have more consistent naming and methods 2024-06-13 02:45:07 +02:00			`priority: this.data.priority,`
fix(api): :bug: Don't use null in Role properties 2024-11-28 10:54:44 +01:00			`description: this.data.description ?? undefined,`
refactor(database): :art: Improve database handlers to have more consistent naming and methods 2024-06-13 02:45:07 +02:00			`visible: this.data.visible,`
refactor(api): :recycle: Use URL literal instead of strings 2025-02-01 16:32:18 +01:00			`icon: this.data.icon`
fix(media): :bug: Don't proxy media from trusted origins, use new ProxiedUrl class 2025-03-30 23:44:50 +02:00			`? new ProxiableUrl(this.data.icon).proxied`
refactor(api): :recycle: Use URL literal instead of strings 2025-02-01 16:32:18 +01:00			`: undefined,`
feat(api): :sparkles: Add Roles API 2024-06-08 05:31:17 +02:00			`};`
			`}`
			`}`