mirror of
https://github.com/HeyPuter/puter.git
synced 2025-01-24 23:38:40 +08:00
dev: add virtual groups for computed permissions
This commit is contained in:
parent
a324c91560
commit
85020109b3
@ -309,6 +309,9 @@ const install = async ({ services, app, useapi, modapi }) => {
|
|||||||
const { GroupService } = require('./services/auth/GroupService');
|
const { GroupService } = require('./services/auth/GroupService');
|
||||||
services.registerService('group', GroupService);
|
services.registerService('group', GroupService);
|
||||||
|
|
||||||
|
const { VirtualGroupService } = require('./services/auth/VirtualGroupService');
|
||||||
|
services.registerService('virtual-group', VirtualGroupService);
|
||||||
|
|
||||||
const { PermissionAPIService } = require('./services/PermissionAPIService');
|
const { PermissionAPIService } = require('./services/PermissionAPIService');
|
||||||
services.registerService('__permission-api', PermissionAPIService);
|
services.registerService('__permission-api', PermissionAPIService);
|
||||||
|
|
||||||
|
34
src/backend/src/services/auth/VirtualGroupService.js
Normal file
34
src/backend/src/services/auth/VirtualGroupService.js
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
const BaseService = require("../BaseService");
|
||||||
|
|
||||||
|
class VirtualGroupService extends BaseService {
|
||||||
|
_construct () {
|
||||||
|
this.groups_ = {};
|
||||||
|
this.membership_implicators_ = [];
|
||||||
|
}
|
||||||
|
|
||||||
|
register_membership_implicator (implicator) {
|
||||||
|
this.membership_implicators_.push(implicator);
|
||||||
|
}
|
||||||
|
|
||||||
|
add_group (group) {
|
||||||
|
this.groups_[group.id] = group;
|
||||||
|
}
|
||||||
|
|
||||||
|
get_virtual_groups ({ actor }) {
|
||||||
|
const groups_set = {};
|
||||||
|
|
||||||
|
for ( const implicator of this.membership_implicators_ ) {
|
||||||
|
const groups = implicator.run({ actor });
|
||||||
|
for ( const group of groups ) {
|
||||||
|
groups_set[group] = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
const groups = Object.keys(groups_set).map(
|
||||||
|
id => this.groups_[id]);
|
||||||
|
|
||||||
|
return groups;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
module.exports = { VirtualGroupService };
|
@ -202,6 +202,31 @@ const PERMISSION_SCANNERS = [
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
name: 'user-virtual-group-user',
|
||||||
|
async scan (a) {
|
||||||
|
const svc_virtualGroup = await a.iget('services').get('virtual-group');
|
||||||
|
const { reading, actor, permission_options } = a.values();
|
||||||
|
const groups = svc_virtualGroup.get_virtual_groups({ actor });
|
||||||
|
|
||||||
|
for ( const group of groups ) {
|
||||||
|
for ( const perm_entry of group.permissions ) {
|
||||||
|
const { permission, data } = perm_entry;
|
||||||
|
if ( ! permission_options.includes(permission) ) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
reading.push({
|
||||||
|
$: 'option',
|
||||||
|
permission,
|
||||||
|
data,
|
||||||
|
holder_username: actor.type.user.username,
|
||||||
|
source: 'virtual-group',
|
||||||
|
vgroup_id: group.id,
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
{
|
{
|
||||||
name: 'user-app',
|
name: 'user-app',
|
||||||
async scan (a) {
|
async scan (a) {
|
||||||
|
Loading…
Reference in New Issue
Block a user