Further work, need to have a larger think about the API of this.

This commit is contained in:
mike12345567 2021-02-05 18:46:15 +00:00
parent 9f1c2cd602
commit 36edf3788f
3 changed files with 47 additions and 11 deletions

View File

@ -2,9 +2,34 @@ const {
BUILTIN_PERMISSIONS, BUILTIN_PERMISSIONS,
PermissionLevels, PermissionLevels,
} = require("../../utilities/security/permissions") } = require("../../utilities/security/permissions")
const { getRoleParams } = require("../../db/utils")
const CouchDB = require("../../db")
function updatePermissionOnRole(roleId, permissions, remove = false) { async function updatePermissionOnRole(
appId,
roleId,
permissions,
remove = false
) {
const db = new CouchDB(appId)
const body = await db.allDocs(
getRoleParams(null, {
include_docs: true,
})
)
const dbRoles = body.rows.map(row => row.doc)
const docUpdates = []
// now try to find any roles which need updated, e.g. removing the
// resource from another role and then adding to the new role
for (let role of dbRoles) {
if (role.permissions) {
// TODO
}
}
// TODO: NEED TO WORK THIS PART OUT
return await db.bulkDocs(docUpdates)
} }
exports.fetchBuiltin = function(ctx) { exports.fetchBuiltin = function(ctx) {
@ -16,10 +41,15 @@ exports.fetchLevels = function(ctx) {
} }
exports.addPermission = async function(ctx) { exports.addPermission = async function(ctx) {
const permissions = ctx.body.permissions, appId = ctx.appId const appId = ctx.appId,
updatePermissionOnRole roleId = ctx.params.roleId,
resourceId = ctx.params.resourceId
ctx.body = await updatePermissionOnRole(appId, roleId, resourceId)
} }
exports.removePermission = async function(ctx) { exports.removePermission = async function(ctx) {
const permissions = ctx.body.permissions, appId = ctx.appId const appId = ctx.appId,
roleId = ctx.params.roleId,
resourceId = ctx.params.resourceId
ctx.body = await updatePermissionOnRole(appId, roleId, resourceId, true)
} }

View File

@ -30,16 +30,14 @@ function generateRemoveValidator() {
router router
.get("/api/permission/builtin", authorized(BUILDER), controller.fetchBuiltin) .get("/api/permission/builtin", authorized(BUILDER), controller.fetchBuiltin)
.get("/api/permission/levels", authorized(BUILDER), controller.fetchLevels) .get("/api/permission/levels", authorized(BUILDER), controller.fetchLevels)
.patch( .post(
"/api/permission/:roleId/add", "/api/permission/:roleId/:resourceId",
authorized(BUILDER), authorized(BUILDER),
generateAddValidator(),
controller.addPermission controller.addPermission
) )
.patch( .delete(
"/api/permission/:roleId/remove", "/api/permission/:roleId/:resourceId",
authorized(BUILDER), authorized(BUILDER),
generateRemoveValidator(),
controller.removePermission controller.removePermission
) )

View File

@ -1,7 +1,10 @@
const Router = require("@koa/router") const Router = require("@koa/router")
const controller = require("../controllers/role") const controller = require("../controllers/role")
const authorized = require("../../middleware/authorized") const authorized = require("../../middleware/authorized")
const { BUILDER } = require("../../utilities/security/permissions") const {
BUILDER,
PermissionLevels,
} = require("../../utilities/security/permissions")
const Joi = require("joi") const Joi = require("joi")
const joiValidator = require("../../middleware/joi-validator") const joiValidator = require("../../middleware/joi-validator")
const { const {
@ -11,12 +14,17 @@ const {
const router = Router() const router = Router()
function generateValidator() { function generateValidator() {
const permLevelArray = Object.values(PermissionLevels)
// prettier-ignore // prettier-ignore
return joiValidator.body(Joi.object({ return joiValidator.body(Joi.object({
_id: Joi.string().optional(), _id: Joi.string().optional(),
_rev: Joi.string().optional(), _rev: Joi.string().optional(),
name: Joi.string().required(), name: Joi.string().required(),
// this is the base permission ID (for now a built in)
permissionId: Joi.string().valid(...Object.values(BUILTIN_PERMISSION_IDS)).required(), permissionId: Joi.string().valid(...Object.values(BUILTIN_PERMISSION_IDS)).required(),
permissions: Joi.object()
.pattern(/.*/, [Joi.string().valid(...permLevelArray)])
.optional(),
inherits: Joi.string().optional(), inherits: Joi.string().optional(),
}).unknown(true)) }).unknown(true))
} }