8000 publish perm by molon · Pull Request #319 · qor5/admin · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

publish perm #319

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jul 16, 2024
Merged

publish perm #319

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions presets/const.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,10 @@ const (
PermActions = "presets:actions:*"
PermDoListingAction = "presets:do_listing_action:*"
PermBulkActions = "presets:bulk_actions:*"
PermDuplicate = "presets:duplicate:*"

permActions = "actions"
permBulkActions = "bulk_actions"
permActions = "actions"
permDoListingAction = "do_listing_action"
permBulkActions = "bulk_actions"
)

var PermRead = []string{PermList, PermGet}
Expand Down
4 changes: 2 additions & 2 deletions presets/listing_compo.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -629,7 +629,7 @@ func (c *ListingCompo) actionsComponent(ctx context.Context) (r h.HTMLComponent)
}

for _, ba := range c.lb.actions {
if c.lb.mb.Info().Verifier().SnakeDo(permActions, ba.name).WithReq(evCtx.R).IsAllowed() != nil {
if c.lb.mb.Info().Verifier().SnakeDo(permDoListingAction, ba.name).WithReq(evCtx.R).IsAllowed() != nil {
continue
}

Expand Down Expand Up @@ -866,7 +866,7 @@ func (c *ListingCompo) fetchAction(evCtx *web.EventContext, name string) (*Actio
return nil, errors.New("cannot find requested action")
}

if c.lb.mb.Info().Verifier().SnakeDo(permActions, action.name).WithReq(evCtx.R).IsAllowed() != nil {
if c.lb.mb.Info().Verifier().SnakeDo(permDoListingAction, action.name).WithReq(evCtx.R).IsAllowed() != nil {
return nil, perm.PermissionDenied
}

Expand Down
28 changes: 28 additions & 0 deletions publish/perm.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
package publish

import (
"net/http"

"github.com/qor5/x/v3/perm"
)

const (
PermAll = "publish:*"
PermPublish = "publish:publish"
PermUnpublish = "publish:unpublish"
PermSchedule = "publish:schedule" // Prerequisite: PermPublish/PermUnpublish
PermDuplicate = "publish:duplicate" // Prerequisite: presets.PermUpdate
)

func DeniedDo(verifier *perm.Verifier, obj any, r *http.Request, actions ...string) bool {
for _, action := range actions {
b := verifier.Do(action).WithReq(r)
if obj != nil {
b.ObjectOn(obj)
}
if b.IsAllowed() != nil {
return true

Check warning on line 24 in publish/perm.go

View check run for this annotation

Codecov / codecov/patch

publish/perm.go#L24 

Added line #L24 was not covered by tests
}
}
return false
}
11 changes: 11 additions & 0 deletions publish/publish_event.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
import (
"github.com/qor5/admin/v3/presets"
"github.com/qor5/web/v3"
"github.com/qor5/x/v3/perm"
"gorm.io/gorm"
)

Expand All @@ -15,6 +16,11 @@
if err != nil {
return
}

if DeniedDo(mb.Info().Verifier(), obj, ctx.R, PermPublish) {
return r, perm.PermissionDenied

Check warning on line 21 in publish/publish_event.go

View check run for this annotation

Codecov / codecov/patch

publish/publish_event.go#L21 

Added line #L21 was not covered by tests
}

reqCtx := publisher.WithContextValues(ctx.R.Context())
err = publisher.Publish(obj, reqCtx)
if err != nil {
Expand Down Expand Up @@ -45,6 +51,11 @@
if err != nil {
return
}

if DeniedDo(mb.Info().Verifier(), obj, ctx.R, PermUnpublish) {
return r, perm.PermissionDenied

Check warning on line 56 in publish/publish_event.go

View check run for this annotation

Codecov / codecov/patch

publish/publish_event.go#L56 

Added line #L56 was not covered by tests
}

reqCtx := publisher.WithContextValues(ctx.R.Context())
err = publisher.UnPublish(obj, reqCtx)
if err != nil {
Expand Down
7 changes: 3 additions & 4 deletions publish/schedule_event.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,16 +103,15 @@
}
}()

if mb.Info().Verifier().Do(presets.PermUpdate).WithReq(ctx.R).IsAllowed() != nil {
return r, perm.PermissionDenied
}

slug := ctx.Param(presets.ParamID)
obj := mb.NewModel()
obj, err = mb.Editing().Fetcher(obj, slug, ctx)
if err != nil {
return r, err
}
if DeniedDo(mb.Info().Verifier(), obj, ctx.R, PermPublish, PermUnpublish, PermSchedule) {
return r, perm.PermissionDenied
}

Check warning on line 114 in publish/schedule_event.go

View check run for this annotation

Codecov / codecov/patch

publish/schedule_event.go#L113-L114 

Added lines #L113 - L114 were not covered by tests

sc, ok := obj.(ScheduleInterface)
if !ok {
Expand Down
126 changes: 75 additions & 51 deletions publish/version_compo.go
View file
Open in desktop
6DB6
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@
ok bool
versionSwitch *v.VChipBuilder
publishBtn h.HTMLComponent
verifier = mb.Info().Verifier()
)
msgr := i18n.MustGetModuleMessages(ctx.R, I18nPublishKey, Messages_en_US).(*Messages)
utilsMsgr := i18n.MustGetModuleMessages(ctx.R, utils.I18nUtilsKey, utils.Messages_en_US).(*utils.Messages)
Expand All @@ -66,6 +67,11 @@
}
div := h.Div().Class("w-100 d-inline-flex")
div.AppendChildren(
utils.ConfirmDialog(msgr.Areyousure, web.Plaid().EventFunc(web.Var("locals.action")).
Query(presets.ParamID, primarySlugger.PrimarySlug()).Go(),
utilsMsgr),
)

if !config.Top {
div.Class("pb-4")
Expand All @@ -89,70 +95,87 @@
versionSwitch.AppendIcon("mdi-chevron-down")

div.AppendChildren(versionSwitch)
div.AppendChildren(v.VBtn(msgr.Duplicate).PrependIcon("mdi-file-document-multiple").
Height(40).Class("ml-2").Variant(v.VariantOutlined).
Attr("@click", fmt.Sprintf(`locals.action="%s";locals.commonConfirmDialog = true`, EventDuplicateVersion)))

if !DeniedDo(verifier, obj, ctx.R, presets.PermUpdate, PermDuplicate) {
div.AppendChildren(v.VBtn(msgr.Duplicate).PrependIcon("mdi-file-document-multiple").
Height(40).Class("ml-2").Variant(v.VariantOutlined).
Attr("@click", fmt.Sprintf(`locals.action="%s";locals.commonConfirmDialog = true`, EventDuplicateVersion)))
}
}

deniedPublish := DeniedDo(verifier, obj, ctx.R, PermPublish)
deniedUnpublish := DeniedDo(verifier, obj, ctx.R, PermUnpublish)
if status, ok = obj.(StatusInterface); ok {
switch status.EmbedStatus().Status {
case StatusDraft, StatusOffline:
publishEvent := fmt.Sprintf(`locals.action="%s";locals.commonConfirmDialog = true`, EventPublish)
if config.PublishEvent != nil {
publishEvent = config.PublishEvent(obj, field, ctx)
if !deniedPublish {
publishEvent := fmt.Sprintf(`locals.action="%s";locals.commonConfirmDialog = true`, EventPublish)
if config.PublishEvent != nil {
publishEvent = config.PublishEvent(obj, field, ctx)
}
publishBtn = h.Div(
v.VBtn(msgr.Publish).Attr("@click", publishEvent).Rounded("0").
Class("rounded-s ml-2").Variant(v.VariantFlat).Color(v.ColorPrimary).Height(40),
)
}
publishBtn = h.Div(< 9E12 /td>
v.VBtn(msgr.Publish).Attr("@click", publishEvent).Rounded("0").
Class("rounded-s ml-2").Variant(v.VariantFlat).Color(v.ColorPrimary).Height(40),
)
case StatusOnline:
unPublishEvent := fmt.Sprintf(`locals.action="%s";locals.commonConfirmDialog = true`, EventUnpublish)
if config.UnPublishEvent != nil {
unPublishEvent = config.UnPublishEvent(obj, field, ctx)
var unPublishEvent, rePublishEvent string
if !deniedUnpublish {
unPublishEvent = fmt.Sprintf(`locals.action="%s";locals.commonConfirmDialog = true`, EventUnpublish)
if config.UnPublishEvent != nil {
unPublishEvent = config.UnPublishEvent(obj, field, ctx)

Check warning on line 126 in publish/version_compo.go

View check run for this annotation

Codecov / codecov/patch

publish/version_compo.go#L126 

Added line #L126 was not covered by tests
}
}
rePublishEvent := fmt.Sprintf(`locals.action="%s";locals.commonConfirmDialog = true`, EventRepublish)
if config.RePublishEvent != nil {
rePublishEvent = config.RePublishEvent(obj, field, ctx)
if !deniedPublish {
rePublishEvent = fmt.Sprintf(`locals.action="%s";locals.commonConfirmDialog = true`, EventRepublish)
if config.RePublishEvent != nil {
rePublishEvent = config.RePublishEvent(obj, field, ctx)

Check warning on line 132 in publish/version_compo.go

View check run for this annotation

Codecov / codecov/patch

publish/version_compo.go#L132 

Added line #L132 was not covered by tests
}
}
if unPublishEvent != "" || rePublishEvent != "" {
publishBtn = h.Div(
h.Iff(unPublishEvent != "", func() h.HTMLComponent {
return v.VBtn(msgr.Unpublish).Attr("@click", unPublishEvent).
Class("ml-2").Variant(v.VariantFlat).Color(v.ColorError).Height(40)
}),
h.Iff(rePublishEvent != "", func() h.HTMLComponent {
return v.VBtn(msgr.Republish).Attr("@click", rePublishEvent).
Class("ml-2").Variant(v.VariantFlat).Color(v.ColorPrimary).Height(40)
}),
).Class("d-inline-flex")
}
publishBtn = h.Div(
v.VBtn(msgr.Unpublish).Attr("@click", unPublishEvent).
Class("ml-2").Variant(v.VariantFlat).Color(v.ColorError).Height(40),
v.VBtn(msgr.Republish).Attr("@click", rePublishEvent).
Class("ml-2").Variant(v.VariantFlat).Color(v.ColorPrimary).Height(40),
).Class("d-inline-flex")
}
div.AppendChildren(publishBtn)
// Publish/Unpublish/Republish ConfirmDialog
div.AppendChildren(
utils.ConfirmDialog(msgr.Areyousure, web.Plaid().EventFunc(web.Var("locals.action")).
Query(presets.ParamID, primarySlugger.PrimarySlug()).Go(),
utilsMsgr),
)
// Publish/Unpublish/Republish CustomDialog
if config.UnPublishEvent != nil || config.RePublishEvent != nil || config.PublishEvent != nil {
div.AppendChildren(web.Portal().Name(PortalPublishCustomDialog))
if publishBtn != nil {
div.AppendChildren(publishBtn)
// Publish/Unpublish/Republish CustomDialog
if config.UnPublishEvent != nil || config.RePublishEvent != nil || config.PublishEvent != nil {
div.AppendChildren(web.Portal().Name(PortalPublishCustomDialog))

Check warning on line 152 in publish/version_compo.go

View check run for this annotation

Codecov / codecov/patch

publish/version_compo.go#L152 

Added line #L152 was not covered by tests
}
}
}

if _, ok = obj.(ScheduleInterface); ok {
var scheduleBtn h.HTMLComponent
clickEvent := web.POST().
EventFunc(eventSchedulePublishDialog).
Query(presets.ParamOverlay, actions.Dialog).
Query(presets.ParamID, primarySlugger.PrimarySlug()).
URL(mb.Info().ListingHref()).Go()
if config.Top {
scheduleBtn = v.VAutocomplete().PrependInnerIcon("mdi-alarm").Density(v.DensityCompact).
Variant(v.FieldVariantSoloFilled).ModelValue("Schedule Publish Time").
BgColor(v.ColorPrimaryLighten2).Readonly(true).
Width(600).HideDetails(true).Attr("@click", clickEvent).Class("ml-2 text-caption")
} else {
scheduleBtn = v.VBtn("").Children(v.VIcon("mdi-alarm").Size(v.SizeXLarge)).Rounded("0").Class("ml-1 rounded-e").
Variant(v.VariantFlat).Color(v.ColorPrimary).Height(40).Attr("@click", clickEvent)
deniedSchedule := deniedPublish || deniedUnpublish || DeniedDo(verifier, obj, ctx.R, PermSchedule)
if !deniedSchedule {
var scheduleBtn h.HTMLComponent
clickEvent := web.POST().
EventFunc(eventSchedulePublishDialog).
Query(presets.ParamOverlay, actions.Dialog).
Query(presets.ParamID, primarySlugger.PrimarySlug()).
URL(mb.Info().ListingHref()).Go()
if config.Top {
scheduleBtn = v.VAutocomplete().PrependInnerIcon("mdi-alarm").Density(v.DensityCompact).
Variant(v.FieldVariantSoloFilled).ModelValue("Schedule Publish Time").
BgColor(v.ColorPrimaryLighten2).Readonly(true).
Width(600).HideDetails(true).Attr("@click", clickEvent).Class("ml-2 text-caption")
} else {
scheduleBtn = v.VBtn("").Children(v.VIcon("mdi-alarm").Size(v.SizeXLarge)).Rounded("0").Class("ml-1 rounded-e").
Variant(v.VariantFlat).Color(v.ColorPrimary).Height(40).Attr("@click", clickEvent)
}
div.AppendChildren(scheduleBtn)
// SchedulePublishDialog
div.AppendChildren(web.Portal().Name(PortalSchedulePublishDialog))
}
div.AppendChildren(scheduleBtn)
// SchedulePublishDialog
div.AppendChildren(web.Portal().Name(PortalSchedulePublishDialog))
}

children := []h.HTMLComponent{div}
Expand Down Expand Up @@ -317,8 +340,9 @@
versionName := obj.(VersionInterface).EmbedVersion().VersionName
status := obj.(StatusInterface).EmbedStatus().Status
disable := status == StatusOnline || status == StatusOffline
deniedUpdate := mb.Info().Verifier().Do(presets.PermUpdate).WithReq(ctx.R).IsAllowed() != nil
deniedDelete := mb.Info().Verifier().Do(presets.PermDelete).WithReq(ctx.R).IsAllowed() != nil
verifier := mb.Info().Verifier()
deniedUpdate := DeniedDo(verifier, obj, ctx.R, presets.PermUpdate)
deniedDelete := DeniedDo(verifier, obj, ctx.R, presets.PermDelete)
return h.Td().Children(
v.VBtn(msgr.Rename).Disabled(disable || deniedUpdate).PrependIcon("mdi-rename-box").Size(v.SizeXSmall).Color(v.ColorPrimary).Variant(v.VariantText).
On("click.stop", web.Plaid().
Expand Down
33 changes: 19 additions & 14 deletions publish/version_event.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,16 +31,17 @@
}
}()

if mb.Info().Verifier().Do(presets.PermDuplicate).WithReq(ctx.R).IsAllowed() != nil {
return r, perm.PermissionDenied
}

slug := ctx.Param(presets.ParamID)
obj := mb.NewModel()
if err = utils.PrimarySluggerWhere(db, mb.NewModel(), slug).First(obj).Error; err != nil {
obj, err = mb.Editing().Fetcher(obj, slug, ctx)
if err != nil {
return
}

if DeniedDo(mb.Info().Verifier(), obj, ctx.R, presets.PermUpdate, PermDuplicate) {
return r, perm.PermissionDenied

Check warning on line 42 in publish/version_event.go

View check run for this annotation

Codecov / codecov/patch

publish/version_event.go#L42 

Added line #L42 was not covered by tests
}

version := EmbedVersion(obj)
if version == nil {
err = errInvalidObject
Expand Down Expand Up @@ -131,18 +132,17 @@

func renameVersion(mb *presets.ModelBuilder) web.EventFunc {
return func(ctx *web.EventContext) (r web.EventResponse, err error) {
if mb.Info().Verifier().Do(presets.PermUpdate).WithReq(ctx.R).IsAllowed() != nil {
presets.ShowMessage(&r, perm.PermissionDenied.Error(), "warning")
return
}

id := ctx.R.FormValue(presets.ParamID)
obj := mb.NewModel()
obj, err = mb.Editing().Fetcher(obj, id, ctx)
if err != nil {
return
}

if DeniedDo(mb.Info().Verifier(), obj, ctx.R, presets.PermUpdate) {
return r, perm.PermissionDenied

Check warning on line 143 in publish/version_event.go

View check run for this annotation

Codecov / codecov/patch

publish/version_event.go#L142-L143 

Added lines #L142 - L143 were not covered by tests
}

name := ctx.R.FormValue("VersionName")
if err = reflectutils.Set(obj, "Version.VersionName", name); err != nil {
return
Expand Down Expand Up @@ -191,14 +191,19 @@
}
}()

if mb.Info().Verifier().Do(presets.PermDelete).WithReq(ctx.R).IsAllowed() != nil {
return r, perm.PermissionDenied
}

slug := ctx.R.FormValue(presets.ParamID)
if len(slug) <= 0 {
return r, errors.New("no delete_id")
}
obj := mb.NewModel()
obj, err = mb.Editing().Fetcher(obj, slug, ctx)
if err != nil {
return

Check warning on line 201 in publish/version_event.go

View check run for this annotation

Codecov / codecov/patch

publish/version_event.go#L201 

Added line #L201 was not covered by tests
}

if DeniedDo(mb.Info().Verifier(), obj, ctx.R, presets.PermDelete) {
return r, perm.PermissionDenied

Check warning on line 205 in publish/version_event.go

View check run for this annotation

Codecov / codecov/patch

publish/version_event.go#L205 

Added line #L205 was not covered by tests
}

if err := mb.Editing().Deleter(mb.NewModel(), slug, ctx); err != nil {
return r, err
Expand Down
Loading
0