From c2eac6bda46b81df5b2d2d23ef5e29d5ee00ecc5 Mon Sep 17 00:00:00 2001 From: Gero Posmyk-Leinemann Date: Tue, 19 Sep 2023 09:10:09 +0000 Subject: [PATCH] [server] EntitlementService.maySetTimeout: Make organizationId mandatory --- .../gitpod-protocol/src/gitpod-service.ts | 2 +- .../src/billing/entitlement-service-ubp.ts | 58 ++++--------------- .../server/src/billing/entitlement-service.ts | 4 +- .../src/workspace/gitpod-server-impl.ts | 14 ++--- 4 files changed, 19 insertions(+), 59 deletions(-) diff --git a/components/gitpod-protocol/src/gitpod-service.ts b/components/gitpod-protocol/src/gitpod-service.ts index 6ea0683e390f75..0e215ead17a014 100644 --- a/components/gitpod-protocol/src/gitpod-service.ts +++ b/components/gitpod-protocol/src/gitpod-service.ts @@ -259,7 +259,7 @@ export interface GitpodServer extends JsonRpcServer, AdminServer, reportErrorBoundary(url: string, message: string): Promise; getSupportedWorkspaceClasses(): Promise; - maySetTimeout(opts?: { organizationId?: string }): Promise; + maySetTimeout(opts: { organizationId: string }): Promise; updateWorkspaceTimeoutSetting(setting: Partial): Promise; /** diff --git a/components/server/src/billing/entitlement-service-ubp.ts b/components/server/src/billing/entitlement-service-ubp.ts index 4eb5869e45ad50..f7105072e016e5 100644 --- a/components/server/src/billing/entitlement-service-ubp.ts +++ b/components/server/src/billing/entitlement-service-ubp.ts @@ -4,7 +4,6 @@ * See License.AGPL.txt in the project root for license information. */ -import { TeamDB } from "@gitpod/gitpod-db/lib"; import { WorkspaceInstance, WorkspaceTimeoutDuration, @@ -14,7 +13,6 @@ import { WORKSPACE_LIFETIME_SHORT, User, BillingTier, - Team, } from "@gitpod/gitpod-protocol"; import { AttributionId } from "@gitpod/gitpod-protocol/lib/attribution"; import { inject, injectable } from "inversify"; @@ -31,10 +29,7 @@ const MAX_PARALLEL_WORKSPACES_PAID = 16; */ @injectable() export class EntitlementServiceUBP implements EntitlementService { - constructor( - @inject(UsageService) private readonly usageService: UsageService, - @inject(TeamDB) private readonly teamDB: TeamDB, - ) {} + constructor(@inject(UsageService) private readonly usageService: UsageService) {} async mayStartWorkspace( user: User, @@ -79,7 +74,7 @@ export class EntitlementServiceUBP implements EntitlementService { } } - async maySetTimeout(userId: string, organizationId?: string): Promise { + async maySetTimeout(userId: string, organizationId: string): Promise { return this.hasPaidSubscription(userId, organizationId); } @@ -109,48 +104,15 @@ export class EntitlementServiceUBP implements EntitlementService { return true; } - private async hasPaidSubscription(userId: string, organizationId?: string): Promise { - if (organizationId) { - try { - // This is the "stricter", more correct version: We only allow privileges on the Organization that is paying for it - const { billingStrategy } = await this.usageService.getCostCenter(userId, organizationId); - return billingStrategy === CostCenter_BillingStrategy.BILLING_STRATEGY_STRIPE; - } catch (err) { - log.warn({ userId, organizationId }, "Error checking if user is subscribed to organization", err); - return false; - } - } - - // TODO(gpl) Remove everything below once organizationId is always passed - // This is the old behavior, stemming from our transition to PAYF, where our API did-/doesn't pass organizationId, yet - // Member of paid team? - const teams = await this.teamDB.findTeamsByUser(userId); - const isTeamSubscribedPromises = teams.map(async (team: Team) => { - const { billingStrategy } = await this.usageService.getCostCenter(userId, team.id); + private async hasPaidSubscription(userId: string, organizationId: string): Promise { + try { + // This is the "stricter", more correct version: We only allow privileges on the Organization that is paying for it + const { billingStrategy } = await this.usageService.getCostCenter(userId, organizationId); return billingStrategy === CostCenter_BillingStrategy.BILLING_STRATEGY_STRIPE; - }); - // Return the first truthy promise, or false if all the promises were falsy. - // Source: https://gist.github.com/jbreckmckye/66364021ebaa0785e426deec0410a235 - return new Promise((resolve, reject) => { - // If any promise returns true, immediately resolve with true - isTeamSubscribedPromises.forEach(async (isTeamSubscribedPromise: Promise) => { - try { - const isTeamSubscribed = await isTeamSubscribedPromise; - if (isTeamSubscribed) resolve(true); - } catch (err) { - log.warn({ userId, organizationId }, "Error checking if user is subscribed to organization", err); - resolve(false); - } - }); - - // If neither of the above fires, resolve with false - // Check truthiness just in case callbacks fire out-of-band - Promise.all(isTeamSubscribedPromises) - .then((areTeamsSubscribed) => { - resolve(!!areTeamsSubscribed.find((isTeamSubscribed: boolean) => !!isTeamSubscribed)); - }) - .catch(reject); - }); + } catch (err) { + log.warn({ userId, organizationId }, "Error checking if user is subscribed to organization", err); + return false; + } } async getBillingTier(userId: string, organizationId: string): Promise { diff --git a/components/server/src/billing/entitlement-service.ts b/components/server/src/billing/entitlement-service.ts index 6bc49f91ca6374..d5f6db2d2d8f92 100644 --- a/components/server/src/billing/entitlement-service.ts +++ b/components/server/src/billing/entitlement-service.ts @@ -54,7 +54,7 @@ export interface EntitlementService { * @param userId * @param organizationId */ - maySetTimeout(userId: string, organizationId?: string): Promise; + maySetTimeout(userId: string, organizationId: string): Promise; /** * Returns the default workspace timeout for the given user at a given point in time @@ -127,7 +127,7 @@ export class EntitlementServiceImpl implements EntitlementService { } } - async maySetTimeout(userId: string, organizationId?: string): Promise { + async maySetTimeout(userId: string, organizationId: string): Promise { try { // TODO(gpl): We need to replace this with ".getBillingMode(user.id, organizationId);" once all callers forward organizationId const billingMode = await this.billingModes.getBillingModeForUser(); diff --git a/components/server/src/workspace/gitpod-server-impl.ts b/components/server/src/workspace/gitpod-server-impl.ts index 3de1df2884dff8..c22873676e03ec 100644 --- a/components/server/src/workspace/gitpod-server-impl.ts +++ b/components/server/src/workspace/gitpod-server-impl.ts @@ -642,16 +642,14 @@ export class GitpodServerImpl implements GitpodServerWithTracing, Disposable { return updatedUser; } - public async maySetTimeout(ctx: TraceContext, opts?: { organizationId?: string }): Promise { + public async maySetTimeout(ctx: TraceContext, opts: { organizationId: string }): Promise { const user = await this.checkUser("maySetTimeout", opts); - await this.guardAccess({ kind: "user", subject: user }, "get"); - // TODO(gpl) Remove once organizationId is mandatory - await this.auth.checkPermissionOnUser(user.id, "read_info", user.id); - if (opts?.organizationId) { - await this.auth.checkPermissionOnOrganization(user.id, "read_info", opts.organizationId); - } + const org = await this.organizationService.getOrganization(user.id, opts.organizationId); + const members = await this.organizationService.listMembers(user.id, opts.organizationId); + await this.guardAccess({ kind: "team", subject: org, members }, "get"); - return await this.entitlementService.maySetTimeout(user.id, opts?.organizationId); + await this.auth.checkPermissionOnOrganization(user.id, "read_info", opts.organizationId); + return await this.entitlementService.maySetTimeout(user.id, opts.organizationId); } public async updateWorkspaceTimeoutSetting(