verdnatura/salix
verdnatura
/
salix
3
5
Fork 0
Code Issues Pull Requests 49 Releases Wiki Activity

MASTER_4073-user_hasGrant #1107

Merged
alexm merged 4 commits from 4073-user-hasGrant-master into master 2022-10-28 11:15:58 +00:00
Conversation 0 Commits 4 Files Changed 12 +24 -7
5 changed files with 24 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 3ffc098b56 - Show all commits

17
back/methods/account/privileges.js
View File

@ -44,15 +44,28 @@ module.exports = Self => {
if (!user.hasGrant)
throw new UserError(`You don't have grant privilege`);
const userToUpdate = await models.Account.findById(id, ['name', 'hasGrant', 'roleFk'], myOptions);
const [userToUpdate] = await models.Account.find({
fields: ['id', 'name', 'hasGrant', 'roleFk', 'password'],
include: {
relation: 'role',
scope: {
fields: ['name']
}
},
where: {
alexm marked this conversation as resolved Outdated
juan commented 2022-10-26 18:41:20 +00:00
Outdated
Review
Copy Link

La comprovació de si hereda el rol (hasRole), en cas de no pasar rol, s'ha de fer sobre en el rol que te actualment userToUpdate. Si no, qualsevol usuari amb grant podría donar grant als demes usuaris independentment del rol que tinguen.

Es a dir, nomes pots asignar grant a un usuari, si tens grant, i si heretes el rol sobre el que vas a asignar grant.

La comprovació de si hereda el rol (`hasRole`), en cas de no pasar rol, s'ha de fer sobre en el rol que te actualment `userToUpdate`. Si no, qualsevol usuari amb grant podría donar grant als demes usuaris independentment del rol que tinguen. Es a dir, nomes pots asignar grant a un usuari, si tens grant, i si heretes el rol sobre el que vas a asignar grant.
id: id
}
}, myOptions);
if (hasGrant != null)
userToUpdate.hasGrant = hasGrant;
if (roleFk) {
const role = await models.Role.findById(roleFk, {fields: ['name']}, myOptions);
const hasRole = await models.Account.hasRole(userId, role.name, myOptions);
alexm marked this conversation as resolved Outdated
juan commented 2022-10-27 13:29:54 +00:00
Outdated
Review
Copy Link

Açò ha de ferse fora del if (!hasRole)

Açò ha de ferse fora del `if (!hasRole)`
const hasRoleFromUser = await models.Account.hasRole(userId, userToUpdate.role().name, myOptions);
if (!hasRole)
if (!hasRole || !hasRoleFromUser)
throw new UserError(`You don't own the role and you can't assign it to another user`);
userToUpdate.roleFk = roleFk;

7
back/models/account.json
View File

@ -102,6 +102,13 @@
"principalType": "ROLE",
"principalId": "$authenticated",
"permission": "ALLOW"
},
{
"property": "privileges",
"accessType": "*",
"principalType": "ROLE",
"principalId": "$authenticated",
"permission": "ALLOW"
}
]
}

3
db/changes/10490-august/00-user_hasGrant.sql
View File

@ -1,4 +1 @@
ALTER TABLE `account`.`user` ADD hasGrant TINYINT(1) NOT NULL;
INSERT INTO `salix`.`ACL` (model, property, accessType, permission, principalType, principalId)
VALUES('Account', 'privileges', '*', 'ALLOW', 'ROLE', '$authenticated');

2
modules/account/front/privileges/locale/es.yml
View File

@ -1,2 +1,2 @@
Privileges: Privilegios
Has grant: Puede dar privilegios
Has grant: Puede delegar privilegios
alexm marked this conversation as resolved Outdated
juan commented 2022-10-26 18:44:53 +00:00
Outdated
Review
Copy Link

Puede delegar privilegios

Puede delegar privilegios

2
package.json
View File

@ -37,7 +37,7 @@
"node-ssh": "^11.0.0",
"object-diff": "0.0.4",
"object.pick": "^1.3.0",
"puppeteer": "^18.0.5",
"puppeteer": "^19.0.0",
"read-chunk": "^3.2.0",
"require-yaml": "0.0.1",
"sharp": "^0.27.1",