From a9b3fbdece554901e2d905da6134080161fc1b30 Mon Sep 17 00:00:00 2001 From: Relintai Date: Wed, 10 Nov 2021 19:53:56 +0100 Subject: [PATCH] RBAC default entries are now created on migrate. Also basic simple default rank implementation. --- modules/rbac/rbac_controller.cpp | 6 ++-- modules/rbac/rbac_controller.h | 1 + modules/rbac/rbac_model.cpp | 37 +++++++++++++++++++++ modules/rbac/rbac_model.h | 2 ++ modules/rbac_users/rbac_user_controller.cpp | 2 +- 5 files changed, 45 insertions(+), 3 deletions(-) diff --git a/modules/rbac/rbac_controller.cpp b/modules/rbac/rbac_controller.cpp index d58569c..db04885 100644 --- a/modules/rbac/rbac_controller.cpp +++ b/modules/rbac/rbac_controller.cpp @@ -567,6 +567,7 @@ void RBACController::clear_registered_permissions() { void RBACController::initialize() { _ranks = RBACModel::get_singleton()->load_ranks(); + _default_rank_id = RBACModel::get_singleton()->get_default_rank(); register_permissions(); } @@ -585,8 +586,7 @@ Ref RBACController::get_rank(int rank_id) { } int RBACController::get_default_rank_id() { - //todo - return 0; + return _default_rank_id; } Ref RBACController::get_default_rank() { @@ -609,6 +609,8 @@ RBACController::RBACController() : printf("RBACController::RBACController(): Error! self is not null!/n"); } + _default_rank_id = 0; + _self = this; } diff --git a/modules/rbac/rbac_controller.h b/modules/rbac/rbac_controller.h index 55be093..77152d6 100644 --- a/modules/rbac/rbac_controller.h +++ b/modules/rbac/rbac_controller.h @@ -78,6 +78,7 @@ public: protected: static RBACController *_self; + int _default_rank_id; std::map > _ranks; struct PermissionEntry { diff --git a/modules/rbac/rbac_model.cpp b/modules/rbac/rbac_model.cpp index e0db1bd..c6decb1 100644 --- a/modules/rbac/rbac_model.cpp +++ b/modules/rbac/rbac_model.cpp @@ -9,6 +9,8 @@ #define RBAC_RANK_TABLE "rbac_ranks" #define RBAC_PERMISSION_TABLE "rbac_permissions" +#include "rbac_default_permissions.h" + std::map > RBACModel::load_ranks() { std::map > ranks; @@ -142,6 +144,11 @@ void RBACModel::save_permission(const Ref &permission) { } } +int RBACModel::get_default_rank() { + //todo, load this, and save it to a table (probably a new settings class) + return 3; +} + void RBACModel::create_table() { Ref tb = DatabaseManager::get_singleton()->ddb->get_table_builder(); @@ -182,6 +189,36 @@ void RBACModel::drop_table() { void RBACModel::migrate() { drop_table(); create_table(); + create_default_entries(); +} + +void RBACModel::create_default_entries() { + Ref admin; + admin.instance(); + + admin->name = "Admin"; + admin->base_permissions = RBAC_PERMISSION_ALL; + admin->rank_permissions = RBAC_PERMISSION_ADMIN_PANEL; + + save_rank(admin); + + Ref user; + user.instance(); + + user->name = "User"; + user->base_permissions = RBAC_PERMISSION_READ; + user->rank_permissions = 0; + + save_rank(user); + + Ref guest; + guest.instance(); + + guest->name = "Guest"; + guest->base_permissions = RBAC_PERMISSION_READ; + guest->rank_permissions = 0; + + save_rank(guest); } RBACModel *RBACModel::get_singleton() { diff --git a/modules/rbac/rbac_model.h b/modules/rbac/rbac_model.h index 9396808..9ff370e 100644 --- a/modules/rbac/rbac_model.h +++ b/modules/rbac/rbac_model.h @@ -19,10 +19,12 @@ public: virtual void save(const Ref &rank); virtual void save_rank(const Ref &rank); virtual void save_permission(const Ref &permission); + virtual int get_default_rank(); void create_table(); void drop_table(); void migrate(); + virtual void create_default_entries(); static RBACModel *get_singleton(); diff --git a/modules/rbac_users/rbac_user_controller.cpp b/modules/rbac_users/rbac_user_controller.cpp index 0193c44..36bb157 100644 --- a/modules/rbac_users/rbac_user_controller.cpp +++ b/modules/rbac_users/rbac_user_controller.cpp @@ -66,7 +66,7 @@ void RBACUserController::rbac_default_user_session_middleware(Object *instance, } } - if (rank->has_permission(request, RBAC_PERMISSION_READ)) { + if (!rank->has_permission(request, RBAC_PERMISSION_READ)) { //todo implement redirect perm request->send_error(404);