Adding permission groups

2025-06-03 21:54:49 -04:00 · 2021-05-20 00:29:25 +02:00 · 2021-05-20 00:29:25 +02:00 · 5f7604a563
commit 5f7604a563
parent dcfb1e538c
4 changed files with 33 additions and 13 deletions
--- a/Kyoo.Authentication/Controllers/PremissionValidator.cs
+++ b/Kyoo.Authentication/Controllers/PremissionValidator.cs
@ -36,7 +36,7 @@ namespace Kyoo.Authentication
 		/// <inheritdoc />
 		public IFilterMetadata Create(PermissionAttribute attribute)
 		{
-			return new PermissionValidator(attribute.Type, attribute.Kind, _options);
+			return new PermissionValidator(attribute.Type, attribute.Kind, attribute.Group, _options);
 		}
 		
 		/// <inheritdoc />
@ -58,6 +58,11 @@ namespace Kyoo.Authentication
 			/// The kind of permission needed
 			/// </summary>
 			private readonly Kind? _kind;
+
+			/// <summary>
+			/// The group of he permission
+			/// </summary>
+			private readonly Group _group = Group.Overall;
 			/// <summary>
 			/// The permissions options to retrieve default permissions.
 			/// </summary>
@ -68,11 +73,13 @@ namespace Kyoo.Authentication
 			/// </summary>
 			/// <param name="permission">The permission to validate</param>
 			/// <param name="kind">The kind of permission needed</param>
+			/// <param name="group">The group of the permission</param>
 			/// <param name="options">The option containing default values.</param>
-			public PermissionValidator(string permission, Kind kind, IOptionsMonitor<PermissionOption> options)
+			public PermissionValidator(string permission, Kind kind, Group group, IOptionsMonitor<PermissionOption> options)
 			{
 				_permission = permission;
 				_kind = kind;
+				_group = group;
 				_options = options;
 			}

@ -125,7 +132,7 @@ namespace Kyoo.Authentication
 				}

 				string permStr = $"{permission.ToLower()}.{kind.ToString()!.ToLower()}";
-				string overallStr = $"overall.{kind.ToString()!.ToLower()}";
+				string overallStr = $"{_group.ToString()}.{kind.ToString()!.ToLower()}";
 				AuthenticateResult res = await context.HttpContext.AuthenticateAsync(JwtBearerDefaults.AuthenticationScheme);
 				if (res.Succeeded)
 				{
--- a/Kyoo.Common/Models/Attributes/PermissionAttribute.cs
+++ b/Kyoo.Common/Models/Attributes/PermissionAttribute.cs
@ -7,16 +7,20 @@ namespace Kyoo.Models.Permissions
 	/// <summary>
 	/// The kind of permission needed.
 	/// </summary>
-	/// <remarks>
-	/// The admin kind is used for configuration or security sensitive permissions to allow one
-	/// to use an overall permission without compromising security.
-	/// </remarks>
 	public enum Kind
 	{
 		Read,
 		Write,
 		Create,
-		Delete,
+		Delete
+	}
+
+	/// <summary>
+	/// The group of the permission.
+	/// </summary>
+	public enum Group
+	{
+		Overall,
 		Admin
 	}
 	
@ -34,6 +38,10 @@ namespace Kyoo.Models.Permissions
 		/// The needed permission kind.
 		/// </summary>
 		public Kind Kind { get; }
+		/// <summary>
+		/// The group of this permission
+		/// </summary>
+		public Group Group { get; }

 		/// <summary>
 		/// Ask a permission to run an action. 
@ -43,12 +51,17 @@ namespace Kyoo.Models.Permissions
 		/// (if the type ends with api, it will be removed. This allow you to use nameof(YourApi)).
 		/// </param>
 		/// <param name="permission">The kind of permission needed</param>
-		public PermissionAttribute(string type, Kind permission)
+		/// <param name="group">
+		/// The group of this permission (allow grouped permission like overall.read
+		/// for all read permissions of this group)
+		/// </param>
+		public PermissionAttribute(string type, Kind permission, Group group = Group.Overall)
 		{
 			if (type.EndsWith("API", StringComparison.OrdinalIgnoreCase))
 				type = type[..^3];
 			Type = type.ToLower();
 			Kind = permission;
+			Group = group;
 		}
 		
 		/// <inheritdoc />
--- a/Kyoo/Views/ConfigurationApi.cs
+++ b/Kyoo/Views/ConfigurationApi.cs
@ -37,7 +37,7 @@ namespace Kyoo.Api
 		/// <response code="200">Return the configuration value or the list of configurations</response>
 		/// <response code="404">No configuration exists for the given slug</response>
 		[HttpGet("{slug}")]
-		[Permission(nameof(ConfigurationApi), Kind.Admin)]
+		[Permission(nameof(ConfigurationApi), Kind.Read, Group.Admin)]
 		public ActionResult<object> GetConfiguration(string slug)
 		{
 			try
@ -59,7 +59,7 @@ namespace Kyoo.Api
 		/// <response code="200">Return the edited value</response>
 		/// <response code="404">No configuration exists for the given slug</response>
 		[HttpPut("{slug}")]
-		[Permission(nameof(ConfigurationApi), Kind.Admin)]
+		[Permission(nameof(ConfigurationApi), Kind.Write, Group.Admin)]
 		public async Task<ActionResult<object>> EditConfiguration(string slug, [FromBody] object newValue)
 		{
 			try
--- a/Kyoo/settings.json
+++ b/Kyoo/settings.json
@ -51,8 +51,8 @@
      "password": "passphrase"
    },
    "permissions": {
-      "default": ["overall.read", "overall.write", "overall.create", "overall.delete", "overall.admin"],
-      "newUser": ["overall.read", "overall.write", "overall.create", "overall.delete", "overall.admin"]
+      "default": ["overall.read", "overall.write", "overall.create", "overall.delete", "admin.read", "admin.write"],
+      "newUser": ["overall.read", "overall.write", "overall.create", "overall.delete", "admin.read", "admin.write"]
    },
    "profilePicturePath": "users/",
    "clients": []