WIP - storing progress on RBAC changes.
This commit is contained in:
parent
111ff61bbc
commit
1abc4dd1f7
|
@ -1,7 +1,9 @@
|
|||
const {
|
||||
BUILTIN_PERMISSIONS,
|
||||
PermissionLevels,
|
||||
PermissionTypes,
|
||||
higherPermission,
|
||||
getBuiltinPermissionByID,
|
||||
} = require("../../utilities/security/permissions")
|
||||
const {
|
||||
isBuiltin,
|
||||
|
@ -9,7 +11,7 @@ const {
|
|||
getExternalRoleID,
|
||||
BUILTIN_ROLES,
|
||||
} = require("../../utilities/security/roles")
|
||||
const { getRoleParams } = require("../../db/utils")
|
||||
const { getRoleParams, DocumentTypes } = require("../../db/utils")
|
||||
const CouchDB = require("../../db")
|
||||
const { cloneDeep } = require("lodash/fp")
|
||||
|
||||
|
@ -18,6 +20,47 @@ const PermissionUpdateType = {
|
|||
ADD: "add",
|
||||
}
|
||||
|
||||
function getBasePermissions(resourceId) {
|
||||
const docType = DocumentTypes.filter(docType =>
|
||||
resourceId.startsWith(docType)
|
||||
)[0]
|
||||
const levelsToFind = [PermissionLevels.WRITE, PermissionLevels.READ]
|
||||
let type
|
||||
switch (docType) {
|
||||
case DocumentTypes.TABLE:
|
||||
case DocumentTypes.ROW:
|
||||
type = PermissionTypes.TABLE
|
||||
break
|
||||
case DocumentTypes.AUTOMATION:
|
||||
type = PermissionTypes.AUTOMATION
|
||||
break
|
||||
case DocumentTypes.WEBHOOK:
|
||||
type = PermissionTypes.WEBHOOK
|
||||
break
|
||||
case DocumentTypes.QUERY:
|
||||
case DocumentTypes.DATASOURCE:
|
||||
type = PermissionTypes.QUERY
|
||||
break
|
||||
default:
|
||||
// views don't have an ID, will end up here
|
||||
type = PermissionTypes.VIEW
|
||||
break
|
||||
}
|
||||
|
||||
const permissions = {}
|
||||
for (let [roleId, role] of Object.entries(BUILTIN_ROLES)) {
|
||||
if (!role.permissionId) {
|
||||
continue
|
||||
}
|
||||
const perms = getBuiltinPermissionByID(role.permissionId)
|
||||
const typedPermission = perms.permissions.find(perm => perm.type === type)
|
||||
if (typedPermission) {
|
||||
// TODO: need to get the lowest role
|
||||
// TODO: store the read/write with the lowest role
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// utility function to stop this repetition - permissions always stored under roles
|
||||
async function getAllDBRoles(db) {
|
||||
const body = await db.allDocs(
|
||||
|
|
|
@ -97,6 +97,11 @@ exports.BUILTIN_PERMISSIONS = {
|
|||
},
|
||||
}
|
||||
|
||||
exports.getBuiltinPermissionByID = id => {
|
||||
const perms = Object.values(exports.BUILTIN_PERMISSIONS)
|
||||
return perms.find(perm => perm._id === id)
|
||||
}
|
||||
|
||||
exports.doesHaveResourcePermission = (
|
||||
permissions,
|
||||
permLevel,
|
||||
|
|
Loading…
Reference in New Issue