From 38dceaade103a4ed3a07cc1a41e1a8ae379f5344 Mon Sep 17 00:00:00 2001 From: Christian Hofmaier Date: Sun, 12 Apr 2020 23:51:15 +0000 Subject: [permissionmanager] split permissions in one file per module --- server/lib/permissions/index.js | 39 ++++++++++++---------- server/lib/permissions/modules/eventmanager.json | 12 +++++++ .../lib/permissions/modules/permissionmanager.json | 12 +++++++ server/lib/permissions/permissions.json | 22 ------------ 4 files changed, 45 insertions(+), 40 deletions(-) create mode 100644 server/lib/permissions/modules/eventmanager.json create mode 100644 server/lib/permissions/modules/permissionmanager.json delete mode 100644 server/lib/permissions/permissions.json diff --git a/server/lib/permissions/index.js b/server/lib/permissions/index.js index a0af9d4..f891004 100644 --- a/server/lib/permissions/index.js +++ b/server/lib/permissions/index.js @@ -1,36 +1,39 @@ /* global __appdir */ const path = require('path') -var permissions = require(path.join(__appdir, 'lib', 'permissions', 'permissions')) var db = require(path.join(__appdir, 'lib', 'sequelize')) +var requireDirectory = require('require-directory') +var data = requireDirectory(module, './modules') + updatePermissionDatabase() /* - * Update the permission-Database accordingly to the permission.json - */ + * Update the permission-database accordingly to the permission JSONs + */ function updatePermissionDatabase () { var permissionNames = [] - - // Insert / Update entries in Database which are in the permission.json - permissions.forEach(function (permission) { - permissionNames.push(permission.name) - upsert(db.permission, { name: permission.name, descr: permission.descr, groupdependent: permission.groupdependent }, { name: permission.name }) - }) - - // Delete entries from Database which are not in the permission.json + for (let module in data) { + data[module].forEach(function (permission) { + permissionNames.push(module + '.' + permission.name) + upsert(db.permission, { name: module + '.' + permission.name, descr: permission.description, groupdependent: permission.groupdependent }, { name: module + '.' + permission.name }) + }) + } + // Delete entries from DB which are not in the JSON files db.permission.destroy( { where: { [db.Op.not]: { name: permissionNames } } } ) + // (Re-)Create Superadmin Permission + upsert(db.permission, { name: 'superadmin', descr: 'Can do anything.', groupdependent: false }, { name: 'superadmin' }) } /* - * model: - * newItem: - * where: - * - * Updates or inserts the given newItem in the given model according to - * the where-clause. - */ + * model: + * newItem: + * where: + * + * Updates or inserts the given newItem in the given model according to + * the where-clause. + */ function upsert (model, newItem, where) { return model .findOne({ where: where }) diff --git a/server/lib/permissions/modules/eventmanager.json b/server/lib/permissions/modules/eventmanager.json new file mode 100644 index 0000000..97507ff --- /dev/null +++ b/server/lib/permissions/modules/eventmanager.json @@ -0,0 +1,12 @@ +[ + { + "name": "view", + "description": "View Events", + "groupdependent": false + }, + { + "name": "edit", + "description": "Edit Events", + "groupdependent": false + } +] \ No newline at end of file diff --git a/server/lib/permissions/modules/permissionmanager.json b/server/lib/permissions/modules/permissionmanager.json new file mode 100644 index 0000000..ee9b12b --- /dev/null +++ b/server/lib/permissions/modules/permissionmanager.json @@ -0,0 +1,12 @@ +[ + { + "name": "view", + "description": "View Roles", + "groupdependent": false + }, + { + "name": "edit", + "description": "Edit Roles", + "groupdependent": false + } +] \ No newline at end of file diff --git a/server/lib/permissions/permissions.json b/server/lib/permissions/permissions.json deleted file mode 100644 index f574367..0000000 --- a/server/lib/permissions/permissions.json +++ /dev/null @@ -1,22 +0,0 @@ -[ - { - "name": "superadmin", - "descr": "Can do anything. Is like superman.", - "groupdependent": false - }, - { - "name": "permissions.viewrole", - "descr": "For viewing the role list.", - "groupdependent": false - }, - { - "name": "permissions.editrole", - "descr": "For save/edit/delete roles.", - "groupdependent": false - }, - { - "name": "permissions.grantrevoke", - "descr": "For grant/revoke roles to/from users.", - "groupdependent": false - } -] \ No newline at end of file -- cgit v1.2.3-55-g7522