Further work, need to have a larger think about the API of this.
This commit is contained in:
parent
9f1c2cd602
commit
36edf3788f
|
@ -2,9 +2,34 @@ const {
|
||||||
BUILTIN_PERMISSIONS,
|
BUILTIN_PERMISSIONS,
|
||||||
PermissionLevels,
|
PermissionLevels,
|
||||||
} = require("../../utilities/security/permissions")
|
} = require("../../utilities/security/permissions")
|
||||||
|
const { getRoleParams } = require("../../db/utils")
|
||||||
|
const CouchDB = require("../../db")
|
||||||
|
|
||||||
function updatePermissionOnRole(roleId, permissions, remove = false) {
|
async function updatePermissionOnRole(
|
||||||
|
appId,
|
||||||
|
roleId,
|
||||||
|
permissions,
|
||||||
|
remove = false
|
||||||
|
) {
|
||||||
|
const db = new CouchDB(appId)
|
||||||
|
const body = await db.allDocs(
|
||||||
|
getRoleParams(null, {
|
||||||
|
include_docs: true,
|
||||||
|
})
|
||||||
|
)
|
||||||
|
const dbRoles = body.rows.map(row => row.doc)
|
||||||
|
const docUpdates = []
|
||||||
|
|
||||||
|
// now try to find any roles which need updated, e.g. removing the
|
||||||
|
// resource from another role and then adding to the new role
|
||||||
|
for (let role of dbRoles) {
|
||||||
|
if (role.permissions) {
|
||||||
|
// TODO
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// TODO: NEED TO WORK THIS PART OUT
|
||||||
|
return await db.bulkDocs(docUpdates)
|
||||||
}
|
}
|
||||||
|
|
||||||
exports.fetchBuiltin = function(ctx) {
|
exports.fetchBuiltin = function(ctx) {
|
||||||
|
@ -16,10 +41,15 @@ exports.fetchLevels = function(ctx) {
|
||||||
}
|
}
|
||||||
|
|
||||||
exports.addPermission = async function(ctx) {
|
exports.addPermission = async function(ctx) {
|
||||||
const permissions = ctx.body.permissions, appId = ctx.appId
|
const appId = ctx.appId,
|
||||||
updatePermissionOnRole
|
roleId = ctx.params.roleId,
|
||||||
|
resourceId = ctx.params.resourceId
|
||||||
|
ctx.body = await updatePermissionOnRole(appId, roleId, resourceId)
|
||||||
}
|
}
|
||||||
|
|
||||||
exports.removePermission = async function(ctx) {
|
exports.removePermission = async function(ctx) {
|
||||||
const permissions = ctx.body.permissions, appId = ctx.appId
|
const appId = ctx.appId,
|
||||||
|
roleId = ctx.params.roleId,
|
||||||
|
resourceId = ctx.params.resourceId
|
||||||
|
ctx.body = await updatePermissionOnRole(appId, roleId, resourceId, true)
|
||||||
}
|
}
|
||||||
|
|
|
@ -30,16 +30,14 @@ function generateRemoveValidator() {
|
||||||
router
|
router
|
||||||
.get("/api/permission/builtin", authorized(BUILDER), controller.fetchBuiltin)
|
.get("/api/permission/builtin", authorized(BUILDER), controller.fetchBuiltin)
|
||||||
.get("/api/permission/levels", authorized(BUILDER), controller.fetchLevels)
|
.get("/api/permission/levels", authorized(BUILDER), controller.fetchLevels)
|
||||||
.patch(
|
.post(
|
||||||
"/api/permission/:roleId/add",
|
"/api/permission/:roleId/:resourceId",
|
||||||
authorized(BUILDER),
|
authorized(BUILDER),
|
||||||
generateAddValidator(),
|
|
||||||
controller.addPermission
|
controller.addPermission
|
||||||
)
|
)
|
||||||
.patch(
|
.delete(
|
||||||
"/api/permission/:roleId/remove",
|
"/api/permission/:roleId/:resourceId",
|
||||||
authorized(BUILDER),
|
authorized(BUILDER),
|
||||||
generateRemoveValidator(),
|
|
||||||
controller.removePermission
|
controller.removePermission
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,10 @@
|
||||||
const Router = require("@koa/router")
|
const Router = require("@koa/router")
|
||||||
const controller = require("../controllers/role")
|
const controller = require("../controllers/role")
|
||||||
const authorized = require("../../middleware/authorized")
|
const authorized = require("../../middleware/authorized")
|
||||||
const { BUILDER } = require("../../utilities/security/permissions")
|
const {
|
||||||
|
BUILDER,
|
||||||
|
PermissionLevels,
|
||||||
|
} = require("../../utilities/security/permissions")
|
||||||
const Joi = require("joi")
|
const Joi = require("joi")
|
||||||
const joiValidator = require("../../middleware/joi-validator")
|
const joiValidator = require("../../middleware/joi-validator")
|
||||||
const {
|
const {
|
||||||
|
@ -11,12 +14,17 @@ const {
|
||||||
const router = Router()
|
const router = Router()
|
||||||
|
|
||||||
function generateValidator() {
|
function generateValidator() {
|
||||||
|
const permLevelArray = Object.values(PermissionLevels)
|
||||||
// prettier-ignore
|
// prettier-ignore
|
||||||
return joiValidator.body(Joi.object({
|
return joiValidator.body(Joi.object({
|
||||||
_id: Joi.string().optional(),
|
_id: Joi.string().optional(),
|
||||||
_rev: Joi.string().optional(),
|
_rev: Joi.string().optional(),
|
||||||
name: Joi.string().required(),
|
name: Joi.string().required(),
|
||||||
|
// this is the base permission ID (for now a built in)
|
||||||
permissionId: Joi.string().valid(...Object.values(BUILTIN_PERMISSION_IDS)).required(),
|
permissionId: Joi.string().valid(...Object.values(BUILTIN_PERMISSION_IDS)).required(),
|
||||||
|
permissions: Joi.object()
|
||||||
|
.pattern(/.*/, [Joi.string().valid(...permLevelArray)])
|
||||||
|
.optional(),
|
||||||
inherits: Joi.string().optional(),
|
inherits: Joi.string().optional(),
|
||||||
}).unknown(true))
|
}).unknown(true))
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue