rzmk/learnhouse
1
0
Fork 0
mirror of https://github.com/rzmk/learnhouse.git synced 2025-12-19 04:19:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: add org roles verification

Browse source
This commit is contained in:
swve 2023-07-20 02:02:08 +02:00
parent 42c99f3939
commit fac56f0c7e
2 changed files with 31 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

2
front/components/Security/AuthenticatedClientElement.tsx
View file

@ -26,7 +26,7 @@ export const AuthenticatedClientElement = (props: AuthenticatedClientElementProp
const user_role = user_roles.find((role: any) => role.org_id == org_id); const user_role = user_roles.find((role: any) => role.org_id == org_id);
if (org_role && user_role) { if (org_role && user_role) {
if (org_roles_values.includes(org_role.org_role) && user_roles_values.includes(user_role.role_id)) { if (org_roles_values.includes(org_role.org_role) || user_roles_values.includes(user_role.role_id)) {
return true; return true;
} }
else { else {

27
src/security/rbac/rbac.py
View file

@ -63,10 +63,7 @@ async def authorization_verify_if_user_is_author(
if user_id in element["authors"]: if user_id in element["authors"]:
return True return True
else: else:
raise HTTPException( return False
status_code=status.HTTP_403_FORBIDDEN,
detail="User rights (author) : You don't have the right to perform this action",
)
else: else:
return False return False
@ -90,15 +87,33 @@ async def authorization_verify_based_on_roles(
roles_id_list = [role["role_id"] for role in roles_list] roles_id_list = [role["role_id"] for role in roles_list]
roles = await roles.find({"role_id": {"$in": roles_id_list}}).to_list(length=100) roles = await roles.find({"role_id": {"$in": roles_id_list}}).to_list(length=100)
# Get the rights of the roles async def checkRoles():
# Check Roles
for role in roles: for role in roles:
role = RoleInDB(**role) role = RoleInDB(**role)
if role.elements[element_type][f"action_{action}"] is True: if role.elements[element_type][f"action_{action}"] is True:
return True return True
else:
return False
async def checkOrgRoles():
# Check Org Roles
users = request.app.db["users"]
user = await users.find_one({"user_id": user_id})
if element is not None:
for org in user["orgs"]:
if org["org_id"] == element["org_id"]:
if org["org_role"] == "owner" or org["org_role"] == "editor":
return True
else:
return False
if await checkRoles() or await checkOrgRoles():
return True
else: else:
raise HTTPException( raise HTTPException(
status_code=status.HTTP_403_FORBIDDEN, status_code=status.HTTP_403_FORBIDDEN,
detail="User rights (roles) : You don't have the right to perform this action", detail="User rights (roless) : You don't have the right to perform this action",
) )