WIP - storing progress on RBAC changes.
This commit is contained in:
mike12345567
parent
0fc6f0de98
commit
fdb825d444
|
|
@ -1,7 +1,9 @@
|
||||||
const {
|
const {
|
||||||
BUILTIN_PERMISSIONS,
|
BUILTIN_PERMISSIONS,
|
||||||
PermissionLevels,
|
PermissionLevels,
|
||||||
|
PermissionTypes,
|
||||||
higherPermission,
|
higherPermission,
|
||||||
|
getBuiltinPermissionByID,
|
||||||
} = require("../../utilities/security/permissions")
|
} = require("../../utilities/security/permissions")
|
||||||
const {
|
const {
|
||||||
isBuiltin,
|
isBuiltin,
|
||||||
|
|
@ -9,7 +11,7 @@ const {
|
||||||
getExternalRoleID,
|
getExternalRoleID,
|
||||||
BUILTIN_ROLES,
|
BUILTIN_ROLES,
|
||||||
} = require("../../utilities/security/roles")
|
} = require("../../utilities/security/roles")
|
||||||
const { getRoleParams } = require("../../db/utils")
|
const { getRoleParams, DocumentTypes } = require("../../db/utils")
|
||||||
const CouchDB = require("../../db")
|
const CouchDB = require("../../db")
|
||||||
const { cloneDeep } = require("lodash/fp")
|
const { cloneDeep } = require("lodash/fp")
|
||||||
|
|
||||||
|
|
@ -18,6 +20,47 @@ const PermissionUpdateType = {
|
||||||
ADD: "add",
|
ADD: "add",
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function getBasePermissions(resourceId) {
|
||||||
|
const docType = DocumentTypes.filter(docType =>
|
||||||
|
resourceId.startsWith(docType)
|
||||||
|
)[0]
|
||||||
|
const levelsToFind = [PermissionLevels.WRITE, PermissionLevels.READ]
|
||||||
|
let type
|
||||||
|
switch (docType) {
|
||||||
|
case DocumentTypes.TABLE:
|
||||||
|
case DocumentTypes.ROW:
|
||||||
|
type = PermissionTypes.TABLE
|
||||||
|
break
|
||||||
|
case DocumentTypes.AUTOMATION:
|
||||||
|
type = PermissionTypes.AUTOMATION
|
||||||
|
break
|
||||||
|
case DocumentTypes.WEBHOOK:
|
||||||
|
type = PermissionTypes.WEBHOOK
|
||||||
|
break
|
||||||
|
case DocumentTypes.QUERY:
|
||||||
|
case DocumentTypes.DATASOURCE:
|
||||||
|
type = PermissionTypes.QUERY
|
||||||
|
break
|
||||||
|
default:
|
||||||
|
// views don't have an ID, will end up here
|
||||||
|
type = PermissionTypes.VIEW
|
||||||
|
break
|
||||||
|
}
|
||||||
|
|
||||||
|
const permissions = {}
|
||||||
|
for (let [roleId, role] of Object.entries(BUILTIN_ROLES)) {
|
||||||
|
if (!role.permissionId) {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
const perms = getBuiltinPermissionByID(role.permissionId)
|
||||||
|
const typedPermission = perms.permissions.find(perm => perm.type === type)
|
||||||
|
if (typedPermission) {
|
||||||
|
// TODO: need to get the lowest role
|
||||||
|
// TODO: store the read/write with the lowest role
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// utility function to stop this repetition - permissions always stored under roles
|
// utility function to stop this repetition - permissions always stored under roles
|
||||||
async function getAllDBRoles(db) {
|
async function getAllDBRoles(db) {
|
||||||
const body = await db.allDocs(
|
const body = await db.allDocs(
|
||||||
|
|
|
||||||
|
|
@ -97,6 +97,11 @@ exports.BUILTIN_PERMISSIONS = {
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
exports.getBuiltinPermissionByID = id => {
|
||||||
|
const perms = Object.values(exports.BUILTIN_PERMISSIONS)
|
||||||
|
return perms.find(perm => perm._id === id)
|
||||||
|
}
|
||||||
|
|
||||||
exports.doesHaveResourcePermission = (
|
exports.doesHaveResourcePermission = (
|
||||||
permissions,
|
permissions,
|
||||||
permLevel,
|
permLevel,
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue