rzmk/learnhouse
1
0
Fork 0
mirror of https://github.com/rzmk/learnhouse.git synced 2025-12-19 04:19:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: add multi-policies for roles

Browse source
This commit is contained in:
swve 2023-03-14 20:16:04 +01:00
parent be0c2ef262
commit 10eb94c0dd
4 changed files with 24 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

5
front/app/_orgs/[orgslug]/settings/layout.tsx
View file

@ -24,6 +24,11 @@ function SettingsLayout({ children, params }: { children: React.ReactNode, param
<li><Link href="/settings/account/profile">Profile</Link></li> <li><Link href="/settings/account/profile">Profile</Link></li>
<li><Link href="/settings/account/passwords">Passwords</Link></li> <li><Link href="/settings/account/passwords">Passwords</Link></li>
</ul> </ul>
<MenuTitle>Organization</MenuTitle>
<ul>
<li><Link href="/settings/organization/general">General</Link></li>
<li><Link href="/settings/organization/roles">Roles</Link></li>
</ul>
</LeftMenuWrapper> </LeftMenuWrapper>
</LeftWrapper> </LeftWrapper>
<RightWrapper> <RightWrapper>

9
src/services/mocks/initial.py
View file

@ -10,7 +10,7 @@ from src.services.courses.thumbnails import upload_thumbnail
from src.services.users import PublicUser, User, UserInDB, UserWithPassword from src.services.users import PublicUser, User, UserInDB, UserWithPassword
from src.services.orgs import OrganizationInDB, Organization, create_org from src.services.orgs import OrganizationInDB, Organization, create_org
from src.services.roles import Permission, Elements, create_role from src.services.roles import Permission, Elements, RolePolicy, create_role
from src.services.users import create_user from src.services.users import create_user
from src.services.courses.courses import Course, CourseInDB, create_course from src.services.courses.courses import Course, CourseInDB, create_course
from src.services.roles import Role from src.services.roles import Role
@ -87,11 +87,14 @@ async def create_initial_data(request: Request):
database_roles = request.app.db["roles"] database_roles = request.app.db["roles"]
await database_roles.delete_many({}) await database_roles.delete_many({})
roles = [] roles = []
admin_role = Role( admin_role = Role(
name="admin", name="admin",
description="admin", description="admin",
permissions=Permission( policies=[RolePolicy(permissions=Permission(
action_create=True, action_create=True,
action_read=True, action_read=True,
action_update=True, action_update=True,
@ -105,7 +108,7 @@ async def create_initial_data(request: Request):
organizations=["*"], organizations=["*"],
coursechapters=["*"], coursechapters=["*"],
lectures=["*"], lectures=["*"],
), ))],
linked_users=[admin_user.user_id], linked_users=[admin_user.user_id],
) )
roles.append(admin_role) roles.append(admin_role)

8
src/services/roles.py
View file

@ -28,14 +28,16 @@ class Elements(BaseModel):
lectures : List[str] lectures : List[str]
class RolePolicy(BaseModel):
permissions: Permission
elements: Elements
class Role(BaseModel): class Role(BaseModel):
name: str name: str
description: str description: str
permissions: Permission policies: List[RolePolicy]
elements: Elements
linked_users: List[str] linked_users: List[str]
class RoleInDB(Role): class RoleInDB(Role):
role_id: str role_id: str
creationDate: str creationDate: str

5
src/services/security.py
View file

@ -46,8 +46,9 @@ async def verify_user_rights_with_roles(request: Request,action: str, user_id: s
user_roles.append(role) user_roles.append(role)
for role in user_roles: for role in user_roles:
element = role["elements"][await check_element_type(element_id)] for policy in role['policies']:
permission_state = role["permissions"][f'action_{action}'] element = policy["elements"][await check_element_type(element_id)]
permission_state = policy["permissions"][f'action_{action}']
## ##
if ("*" in element or element_id in element) and (permission_state is True): if ("*" in element or element_id in element) and (permission_state is True):