From 36edf3788f115566c9e8808726554efc72d9e8f4 Mon Sep 17 00:00:00 2001 From: mike12345567 Date: Fri, 5 Feb 2021 18:46:15 +0000 Subject: [PATCH] Further work, need to have a larger think about the API of this. --- .../server/src/api/controllers/permission.js | 38 +++++++++++++++++-- packages/server/src/api/routes/permission.js | 10 ++--- packages/server/src/api/routes/role.js | 10 ++++- 3 files changed, 47 insertions(+), 11 deletions(-) diff --git a/packages/server/src/api/controllers/permission.js b/packages/server/src/api/controllers/permission.js index 9ff788b5cc..c7ffcda672 100644 --- a/packages/server/src/api/controllers/permission.js +++ b/packages/server/src/api/controllers/permission.js @@ -2,9 +2,34 @@ const { BUILTIN_PERMISSIONS, PermissionLevels, } = require("../../utilities/security/permissions") +const { getRoleParams } = require("../../db/utils") +const CouchDB = require("../../db") -function updatePermissionOnRole(roleId, permissions, remove = false) { +async function updatePermissionOnRole( + appId, + roleId, + permissions, + remove = false +) { + const db = new CouchDB(appId) + const body = await db.allDocs( + getRoleParams(null, { + include_docs: true, + }) + ) + const dbRoles = body.rows.map(row => row.doc) + const docUpdates = [] + // now try to find any roles which need updated, e.g. removing the + // resource from another role and then adding to the new role + for (let role of dbRoles) { + if (role.permissions) { + // TODO + } + } + + // TODO: NEED TO WORK THIS PART OUT + return await db.bulkDocs(docUpdates) } exports.fetchBuiltin = function(ctx) { @@ -16,10 +41,15 @@ exports.fetchLevels = function(ctx) { } exports.addPermission = async function(ctx) { - const permissions = ctx.body.permissions, appId = ctx.appId - updatePermissionOnRole + const appId = ctx.appId, + roleId = ctx.params.roleId, + resourceId = ctx.params.resourceId + ctx.body = await updatePermissionOnRole(appId, roleId, resourceId) } exports.removePermission = async function(ctx) { - const permissions = ctx.body.permissions, appId = ctx.appId + const appId = ctx.appId, + roleId = ctx.params.roleId, + resourceId = ctx.params.resourceId + ctx.body = await updatePermissionOnRole(appId, roleId, resourceId, true) } diff --git a/packages/server/src/api/routes/permission.js b/packages/server/src/api/routes/permission.js index 3dbce73599..aa312d6537 100644 --- a/packages/server/src/api/routes/permission.js +++ b/packages/server/src/api/routes/permission.js @@ -30,16 +30,14 @@ function generateRemoveValidator() { router .get("/api/permission/builtin", authorized(BUILDER), controller.fetchBuiltin) .get("/api/permission/levels", authorized(BUILDER), controller.fetchLevels) - .patch( - "/api/permission/:roleId/add", + .post( + "/api/permission/:roleId/:resourceId", authorized(BUILDER), - generateAddValidator(), controller.addPermission ) - .patch( - "/api/permission/:roleId/remove", + .delete( + "/api/permission/:roleId/:resourceId", authorized(BUILDER), - generateRemoveValidator(), controller.removePermission ) diff --git a/packages/server/src/api/routes/role.js b/packages/server/src/api/routes/role.js index 98ac333e17..760acaa7e7 100644 --- a/packages/server/src/api/routes/role.js +++ b/packages/server/src/api/routes/role.js @@ -1,7 +1,10 @@ const Router = require("@koa/router") const controller = require("../controllers/role") const authorized = require("../../middleware/authorized") -const { BUILDER } = require("../../utilities/security/permissions") +const { + BUILDER, + PermissionLevels, +} = require("../../utilities/security/permissions") const Joi = require("joi") const joiValidator = require("../../middleware/joi-validator") const { @@ -11,12 +14,17 @@ const { const router = Router() function generateValidator() { + const permLevelArray = Object.values(PermissionLevels) // prettier-ignore return joiValidator.body(Joi.object({ _id: Joi.string().optional(), _rev: Joi.string().optional(), name: Joi.string().required(), + // this is the base permission ID (for now a built in) permissionId: Joi.string().valid(...Object.values(BUILTIN_PERMISSION_IDS)).required(), + permissions: Joi.object() + .pattern(/.*/, [Joi.string().valid(...permLevelArray)]) + .optional(), inherits: Joi.string().optional(), }).unknown(true)) }