mirror of
https://github.com/zoriya/Kyoo.git
synced 2025-06-06 23:24:14 -04:00
Adding permission groups
This commit is contained in:
Zoe Roux
parent
dcfb1e538c
commit
5f7604a563
@ -36,7 +36,7 @@ namespace Kyoo.Authentication
|
|||||||
/// <inheritdoc />
|
/// <inheritdoc />
|
||||||
public IFilterMetadata Create(PermissionAttribute attribute)
|
public IFilterMetadata Create(PermissionAttribute attribute)
|
||||||
{
|
{
|
||||||
return new PermissionValidator(attribute.Type, attribute.Kind, _options);
|
return new PermissionValidator(attribute.Type, attribute.Kind, attribute.Group, _options);
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <inheritdoc />
|
/// <inheritdoc />
|
||||||
@ -58,6 +58,11 @@ namespace Kyoo.Authentication
|
|||||||
/// The kind of permission needed
|
/// The kind of permission needed
|
||||||
/// </summary>
|
/// </summary>
|
||||||
private readonly Kind? _kind;
|
private readonly Kind? _kind;
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// The group of he permission
|
||||||
|
/// </summary>
|
||||||
|
private readonly Group _group = Group.Overall;
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// The permissions options to retrieve default permissions.
|
/// The permissions options to retrieve default permissions.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
@ -68,11 +73,13 @@ namespace Kyoo.Authentication
|
|||||||
/// </summary>
|
/// </summary>
|
||||||
/// <param name="permission">The permission to validate</param>
|
/// <param name="permission">The permission to validate</param>
|
||||||
/// <param name="kind">The kind of permission needed</param>
|
/// <param name="kind">The kind of permission needed</param>
|
||||||
|
/// <param name="group">The group of the permission</param>
|
||||||
/// <param name="options">The option containing default values.</param>
|
/// <param name="options">The option containing default values.</param>
|
||||||
public PermissionValidator(string permission, Kind kind, IOptionsMonitor<PermissionOption> options)
|
public PermissionValidator(string permission, Kind kind, Group group, IOptionsMonitor<PermissionOption> options)
|
||||||
{
|
{
|
||||||
_permission = permission;
|
_permission = permission;
|
||||||
_kind = kind;
|
_kind = kind;
|
||||||
|
_group = group;
|
||||||
_options = options;
|
_options = options;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -125,7 +132,7 @@ namespace Kyoo.Authentication
|
|||||||
}
|
}
|
||||||
|
|
||||||
string permStr = $"{permission.ToLower()}.{kind.ToString()!.ToLower()}";
|
string permStr = $"{permission.ToLower()}.{kind.ToString()!.ToLower()}";
|
||||||
string overallStr = $"overall.{kind.ToString()!.ToLower()}";
|
string overallStr = $"{_group.ToString()}.{kind.ToString()!.ToLower()}";
|
||||||
AuthenticateResult res = await context.HttpContext.AuthenticateAsync(JwtBearerDefaults.AuthenticationScheme);
|
AuthenticateResult res = await context.HttpContext.AuthenticateAsync(JwtBearerDefaults.AuthenticationScheme);
|
||||||
if (res.Succeeded)
|
if (res.Succeeded)
|
||||||
{
|
{
|
||||||
|
|||||||
@ -7,16 +7,20 @@ namespace Kyoo.Models.Permissions
|
|||||||
/// <summary>
|
/// <summary>
|
||||||
/// The kind of permission needed.
|
/// The kind of permission needed.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
/// <remarks>
|
|
||||||
/// The admin kind is used for configuration or security sensitive permissions to allow one
|
|
||||||
/// to use an overall permission without compromising security.
|
|
||||||
/// </remarks>
|
|
||||||
public enum Kind
|
public enum Kind
|
||||||
{
|
{
|
||||||
Read,
|
Read,
|
||||||
Write,
|
Write,
|
||||||
Create,
|
Create,
|
||||||
Delete,
|
Delete
|
||||||
|
}
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// The group of the permission.
|
||||||
|
/// </summary>
|
||||||
|
public enum Group
|
||||||
|
{
|
||||||
|
Overall,
|
||||||
Admin
|
Admin
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -34,6 +38,10 @@ namespace Kyoo.Models.Permissions
|
|||||||
/// The needed permission kind.
|
/// The needed permission kind.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
public Kind Kind { get; }
|
public Kind Kind { get; }
|
||||||
|
/// <summary>
|
||||||
|
/// The group of this permission
|
||||||
|
/// </summary>
|
||||||
|
public Group Group { get; }
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Ask a permission to run an action.
|
/// Ask a permission to run an action.
|
||||||
@ -43,12 +51,17 @@ namespace Kyoo.Models.Permissions
|
|||||||
/// (if the type ends with api, it will be removed. This allow you to use nameof(YourApi)).
|
/// (if the type ends with api, it will be removed. This allow you to use nameof(YourApi)).
|
||||||
/// </param>
|
/// </param>
|
||||||
/// <param name="permission">The kind of permission needed</param>
|
/// <param name="permission">The kind of permission needed</param>
|
||||||
public PermissionAttribute(string type, Kind permission)
|
/// <param name="group">
|
||||||
|
/// The group of this permission (allow grouped permission like overall.read
|
||||||
|
/// for all read permissions of this group)
|
||||||
|
/// </param>
|
||||||
|
public PermissionAttribute(string type, Kind permission, Group group = Group.Overall)
|
||||||
{
|
{
|
||||||
if (type.EndsWith("API", StringComparison.OrdinalIgnoreCase))
|
if (type.EndsWith("API", StringComparison.OrdinalIgnoreCase))
|
||||||
type = type[..^3];
|
type = type[..^3];
|
||||||
Type = type.ToLower();
|
Type = type.ToLower();
|
||||||
Kind = permission;
|
Kind = permission;
|
||||||
|
Group = group;
|
||||||
}
|
}
|
||||||
|
|
||||||
/// <inheritdoc />
|
/// <inheritdoc />
|
||||||
|
|||||||
@ -37,7 +37,7 @@ namespace Kyoo.Api
|
|||||||
/// <response code="200">Return the configuration value or the list of configurations</response>
|
/// <response code="200">Return the configuration value or the list of configurations</response>
|
||||||
/// <response code="404">No configuration exists for the given slug</response>
|
/// <response code="404">No configuration exists for the given slug</response>
|
||||||
[HttpGet("{slug}")]
|
[HttpGet("{slug}")]
|
||||||
[Permission(nameof(ConfigurationApi), Kind.Admin)]
|
[Permission(nameof(ConfigurationApi), Kind.Read, Group.Admin)]
|
||||||
public ActionResult<object> GetConfiguration(string slug)
|
public ActionResult<object> GetConfiguration(string slug)
|
||||||
{
|
{
|
||||||
try
|
try
|
||||||
@ -59,7 +59,7 @@ namespace Kyoo.Api
|
|||||||
/// <response code="200">Return the edited value</response>
|
/// <response code="200">Return the edited value</response>
|
||||||
/// <response code="404">No configuration exists for the given slug</response>
|
/// <response code="404">No configuration exists for the given slug</response>
|
||||||
[HttpPut("{slug}")]
|
[HttpPut("{slug}")]
|
||||||
[Permission(nameof(ConfigurationApi), Kind.Admin)]
|
[Permission(nameof(ConfigurationApi), Kind.Write, Group.Admin)]
|
||||||
public async Task<ActionResult<object>> EditConfiguration(string slug, [FromBody] object newValue)
|
public async Task<ActionResult<object>> EditConfiguration(string slug, [FromBody] object newValue)
|
||||||
{
|
{
|
||||||
try
|
try
|
||||||
|
|||||||
@ -51,8 +51,8 @@
|
|||||||
"password": "passphrase"
|
"password": "passphrase"
|
||||||
},
|
},
|
||||||
"permissions": {
|
"permissions": {
|
||||||
"default": ["overall.read", "overall.write", "overall.create", "overall.delete", "overall.admin"],
|
"default": ["overall.read", "overall.write", "overall.create", "overall.delete", "admin.read", "admin.write"],
|
||||||
"newUser": ["overall.read", "overall.write", "overall.create", "overall.delete", "overall.admin"]
|
"newUser": ["overall.read", "overall.write", "overall.create", "overall.delete", "admin.read", "admin.write"]
|
||||||
},
|
},
|
||||||
"profilePicturePath": "users/",
|
"profilePicturePath": "users/",
|
||||||
"clients": []
|
"clients": []
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user