mirror of
https://github.com/Relintai/rcpp_framework.git
synced 2025-05-02 13:47:56 +02:00
Added generic permission support to the User.
This commit is contained in:
parent
86b890eb8f
commit
839e5ef674
@ -10,6 +10,7 @@
|
|||||||
#include "core/http/session_manager.h"
|
#include "core/http/session_manager.h"
|
||||||
#include "rbac_default_permissions.h"
|
#include "rbac_default_permissions.h"
|
||||||
#include "rbac_model.h"
|
#include "rbac_model.h"
|
||||||
|
#include "modules/users/user.h"
|
||||||
|
|
||||||
void RBACController::handle_request_main(Request *request) {
|
void RBACController::handle_request_main(Request *request) {
|
||||||
}
|
}
|
||||||
@ -574,10 +575,10 @@ void RBACController::initialize() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
void RBACController::register_permissions() {
|
void RBACController::register_permissions() {
|
||||||
register_permission("Create", RBAC_PERMISSION_CREATE);
|
register_permission("Create", User::PERMISSION_CREATE);
|
||||||
register_permission("Read", RBAC_PERMISSION_READ);
|
register_permission("Read", User::PERMISSION_READ);
|
||||||
register_permission("Update", RBAC_PERMISSION_UPDATE);
|
register_permission("Update", User::PERMISSION_UPDATE);
|
||||||
register_permission("Delete", RBAC_PERMISSION_DELETE);
|
register_permission("Delete", User::PERMISSION_DELETE);
|
||||||
|
|
||||||
register_rank_permission("Admin Panel", RBAC_RANK_PERMISSION_ADMIN_PANEL);
|
register_rank_permission("Admin Panel", RBAC_RANK_PERMISSION_ADMIN_PANEL);
|
||||||
register_rank_permission("Use Redirect", RBAC_RANK_PERMISSION_USE_REDIRECT);
|
register_rank_permission("Use Redirect", RBAC_RANK_PERMISSION_USE_REDIRECT);
|
||||||
|
|||||||
@ -1,16 +1,6 @@
|
|||||||
#ifndef RBAC_DEFAULT_PERMISSIONS_H
|
#ifndef RBAC_DEFAULT_PERMISSIONS_H
|
||||||
#define RBAC_DEFAULT_PERMISSIONS_H
|
#define RBAC_DEFAULT_PERMISSIONS_H
|
||||||
|
|
||||||
enum RBACDefaultPermissions {
|
|
||||||
RBAC_PERMISSION_CREATE = 1 << 0,
|
|
||||||
RBAC_PERMISSION_READ = 1 << 1,
|
|
||||||
RBAC_PERMISSION_UPDATE = 1 << 2,
|
|
||||||
RBAC_PERMISSION_DELETE = 1 << 3,
|
|
||||||
|
|
||||||
RBAC_PERMISSION_ALL = RBAC_PERMISSION_CREATE | RBAC_PERMISSION_READ | RBAC_PERMISSION_UPDATE | RBAC_PERMISSION_DELETE,
|
|
||||||
RBAC_PERMISSION_NONE = 0
|
|
||||||
};
|
|
||||||
|
|
||||||
enum RBACDefaultRankPermissions {
|
enum RBACDefaultRankPermissions {
|
||||||
RBAC_RANK_PERMISSION_ADMIN_PANEL = 1 << 0,
|
RBAC_RANK_PERMISSION_ADMIN_PANEL = 1 << 0,
|
||||||
RBAC_RANK_PERMISSION_USE_REDIRECT = 1 << 1,
|
RBAC_RANK_PERMISSION_USE_REDIRECT = 1 << 1,
|
||||||
|
|||||||
@ -11,6 +11,8 @@
|
|||||||
|
|
||||||
#include "rbac_default_permissions.h"
|
#include "rbac_default_permissions.h"
|
||||||
|
|
||||||
|
#include "modules/users/user.h"
|
||||||
|
|
||||||
std::map<int, Ref<RBACRank> > RBACModel::load_ranks() {
|
std::map<int, Ref<RBACRank> > RBACModel::load_ranks() {
|
||||||
std::map<int, Ref<RBACRank> > ranks;
|
std::map<int, Ref<RBACRank> > ranks;
|
||||||
|
|
||||||
@ -207,7 +209,7 @@ void RBACModel::create_default_entries() {
|
|||||||
admin.instance();
|
admin.instance();
|
||||||
|
|
||||||
admin->name = "Admin";
|
admin->name = "Admin";
|
||||||
admin->base_permissions = RBAC_PERMISSION_ALL;
|
admin->base_permissions = User::PERMISSION_ALL;
|
||||||
admin->rank_permissions = RBAC_RANK_PERMISSION_ADMIN_PANEL;
|
admin->rank_permissions = RBAC_RANK_PERMISSION_ADMIN_PANEL;
|
||||||
|
|
||||||
save_rank(admin);
|
save_rank(admin);
|
||||||
@ -216,11 +218,11 @@ void RBACModel::create_default_entries() {
|
|||||||
user.instance();
|
user.instance();
|
||||||
|
|
||||||
user->name = "User";
|
user->name = "User";
|
||||||
//user->base_permissions = RBAC_PERMISSION_READ;
|
//user->base_permissions = User::PERMISSION_READ;
|
||||||
//user->rank_permissions = 0;
|
//user->rank_permissions = 0;
|
||||||
|
|
||||||
//temporary!
|
//temporary!
|
||||||
user->base_permissions = RBAC_PERMISSION_ALL;
|
user->base_permissions = User::PERMISSION_ALL;
|
||||||
user->rank_permissions = RBAC_RANK_PERMISSION_ADMIN_PANEL;
|
user->rank_permissions = RBAC_RANK_PERMISSION_ADMIN_PANEL;
|
||||||
|
|
||||||
save_rank(user);
|
save_rank(user);
|
||||||
@ -229,7 +231,7 @@ void RBACModel::create_default_entries() {
|
|||||||
guest.instance();
|
guest.instance();
|
||||||
|
|
||||||
guest->name = "Guest";
|
guest->name = "Guest";
|
||||||
guest->base_permissions = RBAC_PERMISSION_READ;
|
guest->base_permissions = User::PERMISSION_READ;
|
||||||
guest->rank_permissions = RBAC_RANK_PERMISSION_USE_REDIRECT;
|
guest->rank_permissions = RBAC_RANK_PERMISSION_USE_REDIRECT;
|
||||||
|
|
||||||
save_rank(guest);
|
save_rank(guest);
|
||||||
|
|||||||
@ -68,7 +68,7 @@ void RBACUserController::rbac_default_user_session_middleware(Object *instance,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!rank->has_permission(request, RBAC_PERMISSION_READ)) {
|
if (!rank->has_permission(request, User::PERMISSION_READ)) {
|
||||||
if (rank->has_rank_permission(RBAC_RANK_PERMISSION_USE_REDIRECT)) {
|
if (rank->has_rank_permission(RBAC_RANK_PERMISSION_USE_REDIRECT)) {
|
||||||
//Note this can make the webapp prone to enumerations, if not done correctly
|
//Note this can make the webapp prone to enumerations, if not done correctly
|
||||||
//e.g. redirect from /admin, but sending 404 on a non existing uri, which does not have
|
//e.g. redirect from /admin, but sending 404 on a non existing uri, which does not have
|
||||||
|
|||||||
@ -80,6 +80,22 @@ void User::from_json(const String &p_data) {
|
|||||||
locked = uobj["locked"].GetBool();
|
locked = uobj["locked"].GetBool();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int User::get_permissions(Request *request) {
|
||||||
|
return PERMISSION_ALL;
|
||||||
|
}
|
||||||
|
|
||||||
|
bool User::has_permission(Request *request, const int permission) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
int User::get_additional_permissions(Request *request) {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
bool User::has_additional_permission(Request *request, const int permission) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
User::User() :
|
User::User() :
|
||||||
Resource() {
|
Resource() {
|
||||||
|
|
||||||
|
|||||||
@ -14,6 +14,16 @@ class User : public Resource {
|
|||||||
RCPP_OBJECT(User, Resource);
|
RCPP_OBJECT(User, Resource);
|
||||||
|
|
||||||
public:
|
public:
|
||||||
|
enum Permissions {
|
||||||
|
PERMISSION_CREATE = 1 << 0,
|
||||||
|
PERMISSION_READ = 1 << 1,
|
||||||
|
PERMISSION_UPDATE = 1 << 2,
|
||||||
|
PERMISSION_DELETE = 1 << 3,
|
||||||
|
|
||||||
|
PERMISSION_ALL = PERMISSION_CREATE | PERMISSION_READ | PERMISSION_UPDATE | PERMISSION_DELETE,
|
||||||
|
PERMISSION_NONE = 0
|
||||||
|
};
|
||||||
|
|
||||||
String name_user_input;
|
String name_user_input;
|
||||||
String email_user_input;
|
String email_user_input;
|
||||||
int rank;
|
int rank;
|
||||||
@ -27,6 +37,11 @@ public:
|
|||||||
String to_json(rapidjson::Document *into = nullptr);
|
String to_json(rapidjson::Document *into = nullptr);
|
||||||
void from_json(const String &data);
|
void from_json(const String &data);
|
||||||
|
|
||||||
|
virtual int get_permissions(Request *request);
|
||||||
|
virtual bool has_permission(Request *request, const int permission);
|
||||||
|
virtual int get_additional_permissions(Request *request);
|
||||||
|
virtual bool has_additional_permission(Request *request, const int permission);
|
||||||
|
|
||||||
User();
|
User();
|
||||||
~User();
|
~User();
|
||||||
};
|
};
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user