github_mirrors/puter
1
0
Fork 0
mirror of https://github.com/HeyPuter/puter.git synced 2025-02-02 23:28:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: add permission rewriter for app by name

Browse Source
This commit is contained in:
KernelDeimos 2024-06-20 00:31:57 -04:00
parent f6a4413411
commit 16c4907be5
1 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
packages/backend/src/services/ProtectedAppService.js
View File

@ -1,12 +1,28 @@
const { get_app } = require("../helpers");
const { UserActorType } = require("./auth/Actor");
const { PermissionImplicator, PermissionUtil } = require("./auth/PermissionService");
const { PermissionImplicator, PermissionUtil, PermissionRewriter } = require("./auth/PermissionService");
const BaseService = require("./BaseService");
class ProtectedAppService extends BaseService {
async _init () {
const svc_permission = this.services.get('permission');
svc_permission.register_rewriter(PermissionRewriter.create({
matcher: permission => {
if ( ! permission.startsWith('app:') ) return false;
const [_, specifier] = PermissionUtil.split(permission);
if ( specifier.startsWith('uid#') ) return false;
return true;
},
rewriter: async permission => {
const [_1, name, ...rest] = PermissionUtil.split(permission);
const app = await get_app({ name });
return PermissionUtil.join(
_1, `uid#${app.uid}`, ...rest,
);
},
}));
// track: object description in comment
// Owner of procted app has implicit permission to access it
svc_permission.register_implicator(PermissionImplicator.create({