10000 activity: add perm actions by molon · Pull Request #635 · qor5/admin · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

activity: add perm actions #635

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Oct 11, 2024
Merged

activity: add perm actions #635

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8ea950a
activity: add perm actions
molon Oct 11, 2024
dc63dce
activity: add test for update note without model_keys
molon Oct 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions activity/perm.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
package activity

const (
PermAll = "activity:*"
PermAddNote = "activity:add_note"
PermEditNote = "activity:edit_note"
PermDeleteNote = "activity:delete_note"
)
48 changes: 32 additions & 16 deletions activity/timeline.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -135,15 +135,21 @@
return h.Div().Attr("v-pre", true).Text(perm.PermissionDenied.Error()).MarshalHTML(ctx)
}

canAddNote := c.mb.Info().Verifier().Do(PermAddNote).WithReq(evCtx.R).IsAllowed() == nil
canEditNote := c.mb.Info().Verifier().Do(PermEditNote).WithReq(evCtx.R).IsAllowed() == nil
canDeleteNote := c.mb.Info().Verifier().Do(PermDeleteNote).WithReq(evCtx.R).IsAllowed() == nil

children := []h.HTMLComponent{
web.Scope().VSlot("{locals: xlocals, form}").Init("{showEditBox:false}").Children(
h.Div().Class("d-flex flex-column ga-4 mb-8").Children(
h.Div().Class("d-flex align-center ga-2").Children(
h.Div().Class("text-h6").Text(msgr.Activities),
v.VSpacer(),
v.VBtn(msgr.AddNote).Attr(":disabled", "xlocals.showEditBox || toplocals.editing").
Class("text-caption").Variant(v.VariantTonal).Color("grey-darken-3").Size(v.SizeSmall).PrependIcon("mdi-plus").
Attr("@click", "xlocals.showEditBox = true; toplocals.editing = true"),
h.Iff(canAddNote, func() h.HTMLComponent {
return v.VBtn(msgr.AddNote).Attr(":disabled", "xlocals.showEditBox || toplocals.editing").
Class("text-caption").Variant(v.VariantTonal).Color("grey-darken-3").Size(v.SizeSmall).PrependIcon("mdi-plus").
Attr("@click", "xlocals.showEditBox = true; toplocals.editing = true")
}),
),
v.VDivider(),
h.Div().Attr("v-if", "!!xlocals.showEditBox").Class("d-flex flex-column mb-n6").Style("position: relative").Children(
Expand Down Expand Up @@ -255,10 +261,14 @@
child = h.Div().Class("d-flex flex-column").Style("position: relative").Children(
h.Div().Attr("v-if", "isHovering && !xlocals.showEditBox && !toplocals.editing").Class("d-flex flex-row ga-1").
Style("position: absolute; top: 21px; right: 16px").Children(
v.VBtn("").Variant(v.VariantText).Color("grey-darken-3").Size(v.SizeXSmall).Icon("mdi-square-edit-outline").
Attr("@click", "xlocals.showEditBox = true; toplocals.editing = true"),
v.VBtn("").Variant(v.VariantText).Color("grey-darken-3").Size(v.SizeXSmall).Icon("mdi-delete").
Attr("@click", fmt.Sprintf(`toplocals.deletingLogID = %q`, idStr)),
h.Iff(canEditNote, func() h.HTMLComponent {
return v.VBtn("").Variant(v.VariantText).Color("grey-darken-3").Size(v.SizeXSmall).Icon("mdi-square-edit-outline").
Attr("@click", "xlocals.showEditBox = true; toplocals.editing = true")
}),
h.Iff(canDeleteNote, func() h.HTMLComponent {
return v.VBtn("").Variant(v.VariantText).Color("grey-darken-3").Size(v.SizeXSmall).Icon("mdi-delete").
Attr("@click", fmt.Sprintf(`toplocals.deletingLogID = %q`, idStr))
}),
),
child,
)
Expand Down Expand Up @@ -367,12 +377,14 @@

func (c *TimelineCompo) CreateNote(ctx context.Context, req CreateNoteRequest) (r web.EventResponse, _ error) {
if c.ModelName == "" || c.ModelKeys == "" {
return r, perm.PermissionDenied
presets.ShowMessage(&r, perm.PermissionDenied.Error(), v.ColorError)
return

Check warning on line 381 in activity/timeline.go

View check run for this annotation

Codecov / codecov/patch

activity/timeline.go#L380-L381 

Added lines #L380 - L381 were not covered by tests
}

evCtx, msgr := c.MustGetEventContext(ctx)
if c.mb.Info().Verifier().Do(presets.PermGet).WithReq(evCtx.R).IsAllowed() != nil {
return r, perm.PermissionDenied
if c.mb.Info().Verifier().Do(PermAddNote).WithReq(evCtx.R).IsAllowed() != nil {
presets.ShowMessage(&r, perm.PermissionDenied.Error(), v.ColorError)
return
}

req.Note = strings.TrimSpace(req.Note)
Expand Down Expand Up @@ -403,12 +415,14 @@

func (c *TimelineCompo) UpdateNote(ctx context.Context, req UpdateNoteRequest) (r web.EventResponse, _ error) {
if c.ModelName == "" || c.ModelKeys == "" {
return r, perm.PermissionDenied
presets.ShowMessage(&r, perm.PermissionDenied.Error(), v.ColorError)
return
}

evCtx, msgr := c.MustGetEventContext(ctx)
if c.mb.Info().Verifier().Do(presets.PermGet).WithReq(evCtx.R).IsAllowed() != nil {
return r, perm.PermissionDenied
if c.mb.Info().Verifier().Do(PermEditNote).WithReq(evCtx.R).IsAllowed() != nil {
presets.ShowMessage(&r, perm.PermissionDenied.Error(), v.ColorError)
return
}

req.Note = strings.TrimSpace(req.Note)
Expand Down Expand Up @@ -467,12 +481,14 @@

func (c *TimelineCompo) DeleteNote(ctx context.Context, req DeleteNoteRequest) (r web.EventResponse, _ error) {
if c.ModelName == "" || c.ModelKeys == "" {
return r, perm.PermissionDenied
presets.ShowMessage(&r, perm.PermissionDenied.Error(), v.ColorError)
return

Check warning on line 485 in activity/timeline.go

View check run for this annotation

Codecov / codecov/patch

activity/timeline.go#L484-L485 

Added lines #L484 - L485 were not covered by tests
}

evCtx, msgr := c.MustGetEventContext(ctx)
if c.mb.Info().Verifier().Do(presets.PermGet).WithReq(evCtx.R).IsAllowed() != nil {
return r, perm.PermissionDenied
if c.mb.Info().Verifier().Do(PermDeleteNote).WithReq(evCtx.R).IsAllowed() != nil {
presets.ShowMessage(&r, perm.PermissionDenied.Error(), v.ColorError)
return
}

user, err := c.ab.currentUserFunc(ctx)
Expand Down
224 changes: 224 additions & 0 deletions docs/docsrc/examples/examples_admin/activity_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import (
"github.com/qor5/admin/v3/activity"
"github.com/qor5/admin/v3/presets"
"github.com/qor5/web/v3/multipartestutils"
"github.com/qor5/x/v3/perm"
"github.com/theplant/gofixtures"
"gorm.io/gorm"
)
Expand Down Expand Up @@ -150,6 +151,78 @@ func TestActivity(t *testing.T) {
ExpectPortalUpdate0ContainsInOrder: []string{"WithActivityProduct 13", ">Add Note</v-btn>", "John", "Added a note", "The newest model of the off-legacy Air Jordans is ready to burst onto to the scene."},
ExpectPortalUpdate0NotContains: []string{"Created"},
},
{
Name: "without PermAddNote for ModelBuilder",
Debug: true,
HandlerMaker: func() http.Handler {
pb := presets.New()
pb.Permission(
perm.New().Policies(
perm.PolicyFor(perm.Anybody).WhoAre(perm.Allowed).ToDo(perm.Anything).On(perm.Anything),
perm.PolicyFor(perm.Anybody).WhoAre(perm.Denied).ToDo(activity.PermAddNote).On("*:presets:with_activity_products:*"),
),
)
activityExample(pb, TestDB, nil)
return pb
},
ReqFunc: func() *http.Request {
activityData.TruncatePut(dbr)
req := multipartestutils.NewMultipartBuilder().
PageURL("/with-activity-products?__execute_event__=presets_DetailingDrawer&id=13").
BuildEventFuncRequest()
return req
},
ExpectPortalUpdate0ContainsInOrder: []string{"WithActivityProduct 13", "John", "Added a note", "The newest model of the off-legacy Air Jordans is ready to burst onto to the scene."},
ExpectPortalUpdate0NotContains: []string{">Add Note</v-btn>"},
},
{
Name: "without PermEditNote for ModelBuilder",
Debug: true,
HandlerMaker: func() http.Handler {
pb := presets.New()
pb.Permission(
perm.New().Policies(
perm.PolicyFor(perm.Anybody).WhoAre(perm.Allowed).ToDo(perm.Anything).On(perm.Anything),
perm.PolicyFor(perm.Anybody).WhoAre(perm.Denied).ToDo(activity.PermEditNote).On("*:presets:with_activity_products:*"),
),
)
activityExample(pb, TestDB, nil)
return pb
},
ReqFunc: func() *http.Request {
activityData.TruncatePut(dbr)
req := multipartestutils.NewMultipartBuilder().
PageURL("/with-activity-products?__execute_event__=presets_DetailingDrawer&id=13").
BuildEventFuncRequest()
return req
},
ExpectPortalUpdate0ContainsInOrder: []string{"WithActivityProduct 13", ">Add Note</v-btn>", "John", "Added a note", "The newest model of the off-legacy Air Jordans is ready to burst onto to the scene."},
ExpectPortalUpdate0NotContains: []string{"mdi-square-edit-outline"},
},
{
Name: "without PermDeleteNote for ModelBuilder",
Debug: true,
HandlerMaker: func() http.Handler {
pb := presets.New()
pb.Permission(
perm.New().Policies(
perm.PolicyFor(perm.Anybody).WhoAre(perm.Allowed).ToDo(perm.Anything).On(perm.Anything),
perm.PolicyFor(perm.Anybody).WhoAre(perm.Denied).ToDo(activity.PermDeleteNote).On("*:presets:with_activity_products:*"),
),
)
activityExample(pb, TestDB, nil)
return pb
},
ReqFunc: func() *http.Request {
activityData.TruncatePut(dbr)
req := multipartestutils.NewMultipartBuilder().
PageURL("/with-activity-products?__execute_event__=presets_DetailingDrawer&id=13").
BuildEventFuncRequest()
return req
},
ExpectPortalUpdate0ContainsInOrder: []string{"WithActivityProduct 13", ">Add Note</v-btn>", "John", "Added a note", "The newest model of the off-legacy Air Jordans is ready to burst onto to the scene."},
ExpectPortalUpdate0NotContains: []string{"mdi-delete"},
},
{
Name: "Create note",
Debug: true,
Expand Down Expand Up @@ -179,6 +252,46 @@ func TestActivity(t *testing.T) {
},
ExpectRunScriptContainsInOrder: []string{"Successfully created note", "The iconic all-black look."},
},
{
Name: "Create note (without PermAddNote)",
Debug: true,
HandlerMaker: func() http.Handler {
pb := presets.New()
pb.Permission(
perm.New().Policies(
perm.PolicyFor(perm.Anybody).WhoAre(perm.Allowed).ToDo(perm.Anything).On(perm.Anything),
perm.PolicyFor(perm.Anybody).WhoAre(perm.Denied).ToDo(activity.PermAddNote).On("*:presets:with_activity_products:*"),
),
)
activityExample(pb, TestDB, nil)
return pb
},
ReqFunc: func() *http.Request {
activityData.TruncatePut(dbr)
req := multipartestutils.NewMultipartBuilder().
PageURL("/with-activity-products?__execute_event__=__dispatch_stateful_action__").
AddField("__action__", `
{
"compo_type": "*activity.TimelineCompo",
"compo": {
"id": "with-activity-products:13",
"model_name": "WithActivityProduct",
"model_keys": "13",
"model_link": "/examples/activity-example/with-activity-products/13"
},
"injector": "__activity:with-activity-products__",
"sync_query": false,
"method": "CreateNote",
"request": {
"note": "The iconic all-black look."
}
}
`).
BuildEventFuncRequest()
return req
},
ExpectRunScriptContainsInOrder: []string{"permission denied"},
},
{
Name: "create note with invalid data",
Debug: true,
Expand Down Expand Up @@ -250,6 +363,77 @@ func TestActivity(t *testing.T) {
},
ExpectPortalUpdate0ContainsInOrder: []string{"WithActivityProduct 13", ">Add Note</v-btn>", "A updated note", "edited at now"},
},
{
Name: "Update note without model_keys",
Debug: true,
ReqFunc: func() *http.Request {
activityData.TruncatePut(dbr)
req := multipartestutils.NewMultipartBuilder().
PageURL("/with-activity-products?__execute_event__=__dispatch_stateful_action__").
AddField("__action__", `
{
"compo_type": "*activity.TimelineC AE8F ompo",
"compo": {
"id": "with-activity-products:13",
"model_name": "WithActivityProduct",
"model_keys": "",
"model_link": "/examples/activity-example/with-activity-products/13"
},
"injector": "__activity:with-activity-products__",
"sync_query": false,
"method": "UpdateNote",
"request": {
"log_id": 45,
"note": "A updated note"
}
}
`).
BuildEventFuncRequest()
return req
},
ExpectRunScriptContainsInOrder: []string{"permission denied"},
},
{
Name: "Update note (without PermEditNote)",
Debug: true,
HandlerMaker: func() http.Handler {
pb := presets.New()
pb.Permission(
perm.New().Policies(
perm.PolicyFor(perm.Anybody).WhoAre(perm.Allowed).ToDo(perm.Anything).On(perm.Anything),
perm.PolicyFor(perm.Anybody).WhoAre(perm.Denied).ToDo(activity.PermEditNote).On("*:presets:with_activity_products:*"),
),
)
activityExample(pb, TestDB, nil)
return pb
},
ReqFunc: func() *http.Request {
activityData.TruncatePut(dbr)
req := multipartestutils.NewMultipartBuilder().
PageURL("/with-activity-products?__execute_event__=__dispatch_stateful_action__").
AddField("__action__", `
{
"compo_type": "*activity.TimelineCompo",
"compo": {
"id": "with-activity-products:13",
"model_name": "WithActivityProduct",
"model_keys": "13",
"model_link": "/examples/activity-example/with-activity-products/13"
},
"injector": "__activity:with-activity-products__",
"sync_query": false,
"method": "UpdateNote",
"request": {
"log_id": 45,
"note": "A updated note"
}
}
`).
BuildEventFuncRequest()
return req
},
ExpectRunScriptContainsInOrder: []string{"permission denied"},
},
{
Name: "Delete Note",
Debug: true,
Expand Down Expand Up @@ -279,6 +463,46 @@ func TestActivity(t *testing.T) {
},
ExpectRunScriptContainsInOrder: []string{"Successfully deleted note", "45"},
},
{
Name: "Delete Note (without PermDeleteNote)",
Debug: true,
HandlerMaker: func() http.Handler {
pb := presets.New()
pb.Permission(
perm.New().Policies(
perm.PolicyFor(perm.Anybody).WhoAre(perm.Allowed).ToDo(perm.Anything).On(perm.Anything),
perm.PolicyFor(perm.Anybody).WhoAre(perm.Denied).ToDo(activity.PermDeleteNote).On("*:presets:with_activity_products:*"),
),
)
activityExample(pb, TestDB, nil)
return pb
},
ReqFunc: func() *http.Request {
activityData.TruncatePut(dbr)
req := multipartestutils.NewMultipartBuilder().
PageURL("/with-activity-products?__execute_event__=__dispatch_stateful_action__").
AddField("__action__", `
{
"compo_type": "*activity.TimelineCompo",
"compo": {
"id": "with-activity-products:13",
"model_name": "WithActivityProduct",
"model_keys": "13",
"model_link": "/examples/activity-example/with-activity-products/13"
},
"injector": "__activity:with-activity-products__",
"sync_query": false,
"method": "DeleteNote",
"request": {
"log_id": 45
}
}
`).
BuildEventFuncRequest()
return req
},
ExpectRunScriptContainsInOrder: []string{"permission denied"},
},
}

for _, c := range cases {
Expand Down
Loading
0