MASTER_4073-user_hasGrant #1107

alexm · 2022-10-26T06:29:29Z

alexm commented

2022-10-26 06:29:29 +00:00

No description provided.

alexm added the

CR / Tests passed

label 2022-10-26 06:29:29 +00:00

alexm added 1 commit 2022-10-26 06:29:31 +00:00

gitea/salix/pipeline/head This commit looks good Details

f65d06fc7d fixes #4073

alexm requested review from juan 2022-10-26 06:29:45 +00:00

juan requested changes 2022-10-26 18:49:39 +00:00

back/methods/account/privileges.js Outdated

						
				@ -49,3 +54,2 @@

				        const role = await models.Role.findById(roleFk, null, myOptions);

				        const hasRole = await models.Account.hasRole(userId, role.name, myOptions);

				            if (!hasRole)

juan commented

2022-10-26 18:41:20 +00:00

La comprovació de si hereda el rol (hasRole), en cas de no pasar rol, s'ha de fer sobre en el rol que te actualment userToUpdate. Si no, qualsevol usuari amb grant podría donar grant als demes usuaris independentment del rol que tinguen.

Es a dir, nomes pots asignar grant a un usuari, si tens grant, i si heretes el rol sobre el que vas a asignar grant.

La comprovació de si hereda el rol (`hasRole`), en cas de no pasar rol, s'ha de fer sobre en el rol que te actualment `userToUpdate`. Si no, qualsevol usuari amb grant podría donar grant als demes usuaris independentment del rol que tinguen. Es a dir, nomes pots asignar grant a un usuari, si tens grant, i si heretes el rol sobre el que vas a asignar grant.

alexm marked this conversation as resolved

db/changes/10490-august/00-user_hasGrant.sql Outdated

						
				@ -1 +1,4 @@

				ALTER TABLE `account`.`user` ADD hasGrant TINYINT(1) NOT NULL;

				INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId)

				    VALUES('Account', 'privileges', '*', 'ALLOW', 'ROLE', '$authenticated');

juan commented

2022-10-26 18:48:21 +00:00

No definir-ho ací, definir-ho com a ACL estatic en el fitxer del model Account.json, secció acls.

https://gitea.verdnatura.es/verdnatura/salix/src/branch/dev/back/models/account.json

No definir-ho ací, definir-ho com a ACL estatic en el fitxer del model Account.json, secció `acls`. https://gitea.verdnatura.es/verdnatura/salix/src/branch/dev/back/models/account.json

alexm marked this conversation as resolved

modules/account/front/privileges/locale/es.yml Outdated

						
				@ -1,2 +1,2 @@

				Privileges: Privilegios

				Has grant: Tiene privilegios

				Has grant: Puede dar privilegios

juan commented

2022-10-26 18:44:53 +00:00

Puede delegar privilegios

alexm marked this conversation as resolved

alexm added 1 commit 2022-10-27 07:01:22 +00:00

gitea/salix/pipeline/head This commit looks good Details

3ffc098b56 feat(privileges): check if user has role from userToUpdate

alexm requested review from juan 2022-10-27 07:01:36 +00:00

alexm added 1 commit 2022-10-27 07:28:21 +00:00

gitea/salix/pipeline/head There was a failure building this commit Details

5c65314162 use findById

juan requested changes 2022-10-27 13:40:25 +00:00

back/methods/account/privileges.js Outdated

						
				@ -52,3 +64,2 @@

				        if (!hasRole)

				            throw new UserError(`You don't have enough privileges`);

				            if (!hasRole || !hasRoleFromUser)