Skip to content
This repository has been archived by the owner on Apr 19, 2023. It is now read-only.

Commit

Permalink
♻️ Update delete casbin policies
Browse files Browse the repository at this point in the history
  • Loading branch information
@AnandChowdhary
AnandChowdhary committed Sep 3, 2020
1 parent 2a75733 commit 13490a1
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 10 deletions.
16 changes: 8 additions & 8 deletions src/_staart/helpers/authorization.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,27 +53,27 @@ const getPolicyForUser = async (id: number) => {
policy += `p, user-${userId}, user-${userId}, ${Acts.READ}${scope}\n`;
policy += `p, user-${userId}, user-${userId}, ${Acts.WRITE}${scope}\n`;
});
policy += `p, user-${userId}, user-${userId}, ${Acts.DELETE}\n`;
policy += `p, user-${userId}, user-${userId}, ${Acts.DELETE}${ScopesUser.INFO}\n`;
const memberships = await prisma.memberships.findMany({
where: { id },
});
for await (const membership of memberships) {
const membershipId = twtToId(membership.id);
const groupId = twtToId(membership.groupId);
policy += `p, user-${userId}, membership-${membershipId}, ${Acts.READ}\n`;
policy += `p, user-${userId}, membership-${membershipId}, ${Acts.WRITE}\n`;
policy += `p, user-${userId}, membership-${membershipId}, ${Acts.DELETE}\n`;
policy += `p, user-${userId}, membership-${membershipId}, ${Acts.READ}${ScopesUser.MEMBERSHIPS}\n`;
policy += `p, user-${userId}, membership-${membershipId}, ${Acts.WRITE}${ScopesUser.MEMBERSHIPS}\n`;
policy += `p, user-${userId}, membership-${membershipId}, ${Acts.DELETE}${ScopesUser.MEMBERSHIPS}\n`;
if (membership.role === "ADMIN" || membership.role === "OWNER") {
const groupMemberships = await prisma.memberships.findMany({
where: { groupId: membership.groupId },
});
policy += `p, user-${userId}, group-${groupId}, ${Acts.DELETE}\n`;
policy += `p, user-${userId}, group-${groupId}, ${Acts.DELETE}${ScopesGroup.INFO}\n`;
groupMemberships.forEach((groupMembership) => {
const memberId = twtToId(groupMembership.id);
policy += `p, user-${userId}, membership-${memberId}, ${Acts.READ}\n`;
policy += `p, user-${userId}, membership-${memberId}, ${Acts.READ}${ScopesUser.MEMBERSHIPS}\n`;
if (groupMembership.role !== "OWNER") {
policy += `p, user-${userId}, membership-${memberId}, ${Acts.WRITE}\n`;
policy += `p, user-${userId}, membership-${memberId}, ${Acts.DELETE}\n`;
policy += `p, user-${userId}, membership-${memberId}, ${Acts.WRITE}${ScopesUser.MEMBERSHIPS}\n`;
policy += `p, user-${userId}, membership-${memberId}, ${Acts.DELETE}${ScopesUser.MEMBERSHIPS}\n`;
}
});
}
Expand Down
34 changes: 32 additions & 2 deletions src/_staart/rest/user.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,12 @@ import { deleteCustomer } from "@staart/payments";
import { compare, hash, randomString } from "@staart/text";
import { authenticator } from "otplib";
import { toDataURL } from "qrcode";
import { ALLOW_DISPOSABLE_EMAILS, SERVICE_2FA, ScopesUser } from "../../config";
import {
ALLOW_DISPOSABLE_EMAILS,
SERVICE_2FA,
ScopesUser,
ScopesGroup,
} from "../../config";
import { can, Acts } from "../helpers/authorization";
import { deleteItemFromCache } from "../helpers/cache";
import { ApiKeyResponse, couponCodeJwt } from "../helpers/jwt";
Expand Down Expand Up @@ -397,9 +402,34 @@ export const getUserAccessTokenScopesForUser = async (tokenUserId: number) => {
Object.values(ScopesUser).forEach((scope) => {
data[scope] = [];
[Acts.READ, Acts.WRITE].forEach((act) => {
data[scope].push(`${act}${scope}`);
data[scope].push({
value: `p, user-${tokenUserId}, user-${tokenUserId}, ${act}${scope}`,
name: `${act}${scope}`,
});
});
});
const memberships = await prisma.memberships.findMany({
where: { userId: tokenUserId },
});
data["delete:data"] = [
{
name: `${Acts.DELETE}user`,
value: `p, user-${tokenUserId}, user-${tokenUserId}, ${Acts.DELETE}${ScopesUser.INFO}`,
},
...memberships.map((membership) => ({
value: `p, user-${tokenUserId}, membership-${membership.id}, ${Acts.DELETE}${ScopesUser.MEMBERSHIPS}`,
name: `${Acts.DELETE}membership-${membership.id}`,
})),
...memberships
.filter(
(membership) =>
membership.role === "ADMIN" || membership.role === "OWNER"
)
.map((membership) => ({
value: `p, user-${tokenUserId}, group-${membership.groupId}, ${Acts.DELETE}${ScopesGroup.INFO}`,
name: `${Acts.DELETE}group-${membership.groupId}`,
})),
];

return data;
};
Expand Down

0 comments on commit 13490a1

Please sign in to comment.