🔐 feat: Granular Role-based Permissions + Entra ID Group Discovery (#7804)

WIP: pre-granular-permissions commit feat: Add category and support contact fields to Agent schema and UI components Revert "feat: Add category and support contact fields to Agent schema and UI components" This reverts commit c43a52b4c9. Fix: Update import for renderHook in useAgentCategories.spec.tsx fix: Update icon rendering in AgentCategoryDisplay tests to use empty spans refactor: Improve category synchronization logic and clean up AgentConfig component refactor: Remove unused UI flow translations from translation.json feat: agent marketplace features 🔐 feat: Granular Role-based Permissions + Entra ID Group Discovery (#7804)
2026-03-09 17:42:38 +01:00 · 2025-06-23 10:22:27 -04:00 · 2025-06-23 10:22:27 -04:00 · 66bd419baa
commit 66bd419baa
parent aa42759ffd
147 changed files with 17564 additions and 645 deletions
--- a/packages/data-schemas/src/schema/aclEntry.ts
+++ b/packages/data-schemas/src/schema/aclEntry.ts
@ -0,0 +1,65 @@
+import { Schema } from 'mongoose';
+import type { IAclEntry } from '~/types';
+
+const aclEntrySchema = new Schema<IAclEntry>(
+  {
+    principalType: {
+      type: String,
+      enum: ['user', 'group', 'public'],
+      required: true,
+    },
+    principalId: {
+      type: Schema.Types.ObjectId,
+      refPath: 'principalModel',
+      required: function (this: IAclEntry) {
+        return this.principalType !== 'public';
+      },
+      index: true,
+    },
+    principalModel: {
+      type: String,
+      enum: ['User', 'Group'],
+      required: function (this: IAclEntry) {
+        return this.principalType !== 'public';
+      },
+    },
+    resourceType: {
+      type: String,
+      enum: ['agent', 'project', 'file'],
+      required: true,
+    },
+    resourceId: {
+      type: Schema.Types.ObjectId,
+      required: true,
+      index: true,
+    },
+    permBits: {
+      type: Number,
+      default: 1,
+    },
+    roleId: {
+      type: Schema.Types.ObjectId,
+      ref: 'AccessRole',
+    },
+    inheritedFrom: {
+      type: Schema.Types.ObjectId,
+      sparse: true,
+      index: true,
+    },
+    grantedBy: {
+      type: Schema.Types.ObjectId,
+      ref: 'User',
+    },
+    grantedAt: {
+      type: Date,
+      default: Date.now,
+    },
+  },
+  { timestamps: true },
+);
+
+aclEntrySchema.index({ principalId: 1, principalType: 1, resourceType: 1, resourceId: 1 });
+aclEntrySchema.index({ resourceId: 1, principalType: 1, principalId: 1 });
+aclEntrySchema.index({ principalId: 1, permBits: 1, resourceType: 1 });
+
+export default aclEntrySchema;