Added generic permission support to the User.

2025-02-20 15:14:26 +01:00 · 2022-01-06 11:12:43 +01:00 · 2022-01-06 11:12:43 +01:00 · 839e5ef674
commit 839e5ef674
parent 86b890eb8f
6 changed files with 43 additions and 19 deletions
--- a/modules/rbac/rbac_controller.cpp
+++ b/modules/rbac/rbac_controller.cpp
@ -10,6 +10,7 @@
 #include "core/http/session_manager.h"
 #include "rbac_default_permissions.h"
 #include "rbac_model.h"
+#include "modules/users/user.h"

 void RBACController::handle_request_main(Request *request) {
 }
@ -574,10 +575,10 @@ void RBACController::initialize() {
 }

 void RBACController::register_permissions() {
-	register_permission("Create", RBAC_PERMISSION_CREATE);
-	register_permission("Read", RBAC_PERMISSION_READ);
-	register_permission("Update", RBAC_PERMISSION_UPDATE);
-	register_permission("Delete", RBAC_PERMISSION_DELETE);
+	register_permission("Create", User::PERMISSION_CREATE);
+	register_permission("Read", User::PERMISSION_READ);
+	register_permission("Update", User::PERMISSION_UPDATE);
+	register_permission("Delete", User::PERMISSION_DELETE);

 	register_rank_permission("Admin Panel", RBAC_RANK_PERMISSION_ADMIN_PANEL);
 	register_rank_permission("Use Redirect", RBAC_RANK_PERMISSION_USE_REDIRECT);
--- a/modules/rbac/rbac_default_permissions.h
+++ b/modules/rbac/rbac_default_permissions.h
@ -1,16 +1,6 @@
 #ifndef RBAC_DEFAULT_PERMISSIONS_H
 #define RBAC_DEFAULT_PERMISSIONS_H

-enum RBACDefaultPermissions {
-    RBAC_PERMISSION_CREATE = 1 << 0,
-    RBAC_PERMISSION_READ = 1 << 1,
-    RBAC_PERMISSION_UPDATE = 1 << 2,
-    RBAC_PERMISSION_DELETE = 1 << 3,
-
-    RBAC_PERMISSION_ALL = RBAC_PERMISSION_CREATE | RBAC_PERMISSION_READ | RBAC_PERMISSION_UPDATE | RBAC_PERMISSION_DELETE,
-    RBAC_PERMISSION_NONE = 0
-};
-
 enum RBACDefaultRankPermissions {
    RBAC_RANK_PERMISSION_ADMIN_PANEL = 1 << 0,
    RBAC_RANK_PERMISSION_USE_REDIRECT = 1 << 1,
--- a/modules/rbac/rbac_model.cpp
+++ b/modules/rbac/rbac_model.cpp
@ -11,6 +11,8 @@

 #include "rbac_default_permissions.h"

+#include "modules/users/user.h"
+
 std::map<int, Ref<RBACRank> > RBACModel::load_ranks() {
 	std::map<int, Ref<RBACRank> > ranks;

@ -207,7 +209,7 @@ void RBACModel::create_default_entries() {
 	admin.instance();

 	admin->name = "Admin";
-	admin->base_permissions = RBAC_PERMISSION_ALL;
+	admin->base_permissions = User::PERMISSION_ALL;
 	admin->rank_permissions = RBAC_RANK_PERMISSION_ADMIN_PANEL;

 	save_rank(admin);
@ -216,11 +218,11 @@ void RBACModel::create_default_entries() {
 	user.instance();

 	user->name = "User";
-	//user->base_permissions = RBAC_PERMISSION_READ;
+	//user->base_permissions = User::PERMISSION_READ;
 	//user->rank_permissions = 0;

 	//temporary!
-	user->base_permissions = RBAC_PERMISSION_ALL;
+	user->base_permissions = User::PERMISSION_ALL;
 	user->rank_permissions = RBAC_RANK_PERMISSION_ADMIN_PANEL;

 	save_rank(user);
@ -229,7 +231,7 @@ void RBACModel::create_default_entries() {
 	guest.instance();

 	guest->name = "Guest";
-	guest->base_permissions = RBAC_PERMISSION_READ;
+	guest->base_permissions = User::PERMISSION_READ;
 	guest->rank_permissions = RBAC_RANK_PERMISSION_USE_REDIRECT;

 	save_rank(guest);
--- a/modules/rbac_users/rbac_user_controller.cpp
+++ b/modules/rbac_users/rbac_user_controller.cpp
@ -68,7 +68,7 @@ void RBACUserController::rbac_default_user_session_middleware(Object *instance,
 		}
 	}

-	if (!rank->has_permission(request, RBAC_PERMISSION_READ)) {
+	if (!rank->has_permission(request, User::PERMISSION_READ)) {
 		if (rank->has_rank_permission(RBAC_RANK_PERMISSION_USE_REDIRECT)) {
 			//Note this can make the webapp prone to enumerations, if not done correctly
 			//e.g. redirect from /admin, but sending 404 on a non existing uri, which does not have
--- a/modules/users/user.cpp
+++ b/modules/users/user.cpp
@ -80,6 +80,22 @@ void User::from_json(const String &p_data) {
 	locked = uobj["locked"].GetBool();
 }

+int User::get_permissions(Request *request) {
+	return PERMISSION_ALL;
+}
+
+bool User::has_permission(Request *request, const int permission) {
+	return true;
+}
+
+int User::get_additional_permissions(Request *request) {
+	return 0;
+}
+
+bool User::has_additional_permission(Request *request, const int permission) {
+	return true;
+}
+
 User::User() :
 		Resource() {

--- a/modules/users/user.h
+++ b/modules/users/user.h
@ -14,6 +14,16 @@ class User : public Resource {
 	RCPP_OBJECT(User, Resource);

 public:
+	enum Permissions {
+		PERMISSION_CREATE = 1 << 0,
+		PERMISSION_READ = 1 << 1,
+		PERMISSION_UPDATE = 1 << 2,
+		PERMISSION_DELETE = 1 << 3,
+
+		PERMISSION_ALL = PERMISSION_CREATE | PERMISSION_READ | PERMISSION_UPDATE | PERMISSION_DELETE,
+		PERMISSION_NONE = 0
+	};
+
 	String name_user_input;
 	String email_user_input;
 	int rank;
@ -27,6 +37,11 @@ public:
 	String to_json(rapidjson::Document *into = nullptr);
 	void from_json(const String &data);

+	virtual int get_permissions(Request *request);
+	virtual bool has_permission(Request *request, const int permission);
+	virtual int get_additional_permissions(Request *request);
+	virtual bool has_additional_permission(Request *request, const int permission);
+
 	User();
 	~User();
 };