Initial work towards rbac.
This commit is contained in:
parent
c578607511
commit
5f582dd1dc
|
@ -6,7 +6,7 @@
|
|||
import ErrorsBox from "components/common/ErrorsBox.svelte"
|
||||
import { backendUiStore } from "builderStore"
|
||||
|
||||
let permissions = []
|
||||
let basePermissions = []
|
||||
let selectedRole = {}
|
||||
let errors = []
|
||||
let builtInRoles = ["Admin", "Power", "Basic", "Public"]
|
||||
|
@ -16,9 +16,9 @@
|
|||
)
|
||||
$: isCreating = selectedRoleId == null || selectedRoleId === ""
|
||||
|
||||
const fetchPermissions = async () => {
|
||||
const permissionsResponse = await api.get("/api/permissions")
|
||||
permissions = await permissionsResponse.json()
|
||||
const fetchBasePermissions = async () => {
|
||||
const permissionsResponse = await api.get("/api/permission/builtin")
|
||||
basePermissions = await permissionsResponse.json()
|
||||
}
|
||||
|
||||
// Changes the selected role
|
||||
|
@ -81,7 +81,7 @@
|
|||
}
|
||||
}
|
||||
|
||||
onMount(fetchPermissions)
|
||||
onMount(fetchBasePermissions)
|
||||
</script>
|
||||
|
||||
<ModalContent
|
||||
|
@ -121,11 +121,11 @@
|
|||
<Select
|
||||
thin
|
||||
secondary
|
||||
label="Permissions"
|
||||
label="Base Permissions"
|
||||
bind:value={selectedRole.permissionId}>
|
||||
<option value="">Choose permissions</option>
|
||||
{#each permissions as permission}
|
||||
<option value={permission._id}>{permission.name}</option>
|
||||
{#each basePermissions as basePerm}
|
||||
<option value={basePerm._id}>{basePerm.name}</option>
|
||||
{/each}
|
||||
</Select>
|
||||
{/if}
|
||||
|
|
|
@ -14,6 +14,7 @@ exports.fetchInfo = async ctx => {
|
|||
}
|
||||
|
||||
exports.save = async ctx => {
|
||||
console.trace("DID A SAVE!")
|
||||
const db = new CouchDB(BUILDER_CONFIG_DB)
|
||||
const { type } = ctx.request.body
|
||||
if (type === HostingTypes.CLOUD && ctx.request.body._rev) {
|
||||
|
|
|
@ -1,6 +1,25 @@
|
|||
const { BUILTIN_PERMISSIONS } = require("../../utilities/security/permissions")
|
||||
const {
|
||||
BUILTIN_PERMISSIONS,
|
||||
PermissionLevels,
|
||||
} = require("../../utilities/security/permissions")
|
||||
|
||||
exports.fetch = async function(ctx) {
|
||||
// TODO: need to build out custom permissions
|
||||
function updatePermissionOnRole(roleId, permissions, remove = false) {
|
||||
|
||||
}
|
||||
|
||||
exports.fetchBuiltin = function(ctx) {
|
||||
ctx.body = Object.values(BUILTIN_PERMISSIONS)
|
||||
}
|
||||
|
||||
exports.fetchLevels = function(ctx) {
|
||||
ctx.body = Object.values(PermissionLevels)
|
||||
}
|
||||
|
||||
exports.addPermission = async function(ctx) {
|
||||
const permissions = ctx.body.permissions, appId = ctx.appId
|
||||
updatePermissionOnRole
|
||||
}
|
||||
|
||||
exports.removePermission = async function(ctx) {
|
||||
const permissions = ctx.body.permissions, appId = ctx.appId
|
||||
}
|
||||
|
|
|
@ -1,10 +1,46 @@
|
|||
const Router = require("@koa/router")
|
||||
const controller = require("../controllers/permission")
|
||||
const authorized = require("../../middleware/authorized")
|
||||
const { BUILDER } = require("../../utilities/security/permissions")
|
||||
const {
|
||||
BUILDER,
|
||||
PermissionLevels,
|
||||
} = require("../../utilities/security/permissions")
|
||||
const Joi = require("joi")
|
||||
const joiValidator = require("../../middleware/joi-validator")
|
||||
|
||||
const router = Router()
|
||||
|
||||
router.get("/api/permissions", authorized(BUILDER), controller.fetch)
|
||||
function generateAddValidator() {
|
||||
const permLevelArray = Object.values(PermissionLevels)
|
||||
// prettier-ignore
|
||||
return joiValidator.body(Joi.object({
|
||||
permissions: Joi.object()
|
||||
.pattern(/.*/, [Joi.string().valid(...permLevelArray)])
|
||||
.required()
|
||||
}).unknown(true))
|
||||
}
|
||||
|
||||
function generateRemoveValidator() {
|
||||
// prettier-ignore
|
||||
return joiValidator.body(Joi.object({
|
||||
permissions: Joi.array().items(Joi.string())
|
||||
}).unknown(true))
|
||||
}
|
||||
|
||||
router
|
||||
.get("/api/permission/builtin", authorized(BUILDER), controller.fetchBuiltin)
|
||||
.get("/api/permission/levels", authorized(BUILDER), controller.fetchLevels)
|
||||
.patch(
|
||||
"/api/permission/:roleId/add",
|
||||
authorized(BUILDER),
|
||||
generateAddValidator(),
|
||||
controller.addPermission
|
||||
)
|
||||
.patch(
|
||||
"/api/permission/:roleId/remove",
|
||||
authorized(BUILDER),
|
||||
generateRemoveValidator(),
|
||||
controller.removePermission
|
||||
)
|
||||
|
||||
module.exports = router
|
||||
|
|
|
@ -23,6 +23,7 @@ exports.HostingTypes = {
|
|||
}
|
||||
|
||||
exports.getHostingInfo = async () => {
|
||||
console.trace("DID A GET!")
|
||||
const db = new CouchDB(BUILDER_CONFIG_DB)
|
||||
let doc
|
||||
try {
|
||||
|
|
|
@ -7,6 +7,7 @@ const PermissionLevels = {
|
|||
ADMIN: "admin",
|
||||
}
|
||||
|
||||
// these are the global types, that govern the underlying default behaviour
|
||||
const PermissionTypes = {
|
||||
TABLE: "table",
|
||||
USER: "user",
|
||||
|
|
|
@ -66,14 +66,23 @@ exports.getRole = async (appId, roleId) => {
|
|||
if (!roleId) {
|
||||
return null
|
||||
}
|
||||
let role
|
||||
let role = {}
|
||||
// built in roles mostly come from the in-code implementation,
|
||||
// but can be extended by a doc stored about them (e.g. permissions)
|
||||
if (isBuiltin(roleId)) {
|
||||
role = cloneDeep(
|
||||
Object.values(exports.BUILTIN_ROLES).find(role => role._id === roleId)
|
||||
)
|
||||
} else {
|
||||
}
|
||||
try {
|
||||
const db = new CouchDB(appId)
|
||||
role = await db.get(roleId)
|
||||
const dbRole = await db.get(roleId)
|
||||
role = Object.assign(role, dbRole)
|
||||
} catch (err) {
|
||||
// only throw an error if there is no role at all
|
||||
if (Object.keys(role).length === 0) {
|
||||
throw err
|
||||
}
|
||||
}
|
||||
return role
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue