liz/wikijs-fork
liz/wikijs-fork
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: group permissions

Browse Source
This commit is contained in:
Nicolas Giard 2018-10-14 17:38:39 -04:00
parent 74aa3d906b
commit c08b5ac837
19 changed files with 216 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

182
client/components/admin/admin-groups-edit.vue
View File

@ -10,7 +10,7 @@
v-spacer
v-btn(color='indigo', large, outline, to='/groups')
v-icon arrow_back
v-dialog(v-model='deleteGroupDialog', max-width='500')
v-dialog(v-model='deleteGroupDialog', max-width='500', v-if='!group.isSystem')
v-btn(color='red', large, outline, slot='activator')
v-icon(color='red') delete
v-card
@ -45,14 +45,29 @@
.caption.mt-3.grey--text ID: {{group.id}}
v-tab-item(key='permissions', :transition='false', :reverse-transition='false')
v-card
v-container.pa-3(fluid, grid-list-md)
v-layout(row, wrap)
v-flex(xs12, md6, lg4, v-for='pmGroup in permissions')
v-card.md2.grey.lighten-5(flat)
v-subheader {{pmGroup.category}}
v-card-text.pt-0
template(v-for='(pm, idx) in pmGroup.items')
v-checkbox.pt-0(
:key='pm.permission'
:label='pm.permission'
:hint='pm.hint'
persistent-hint
color='primary'
v-model='group.permissions'
:value='pm.permission'
:append-icon='pm.warning ? "warning" : null',
:disabled='(group.isSystem && pm.restrictedForSystem) || group.id === 1 || pm.disabled'
)
v-divider.mt-3(v-if='idx < pmGroup.items.length - 1')
v-tab-item(key='rules', :transition='false', :reverse-transition='false')
v-card
v-card-title.pb-0
v-subheader
v-icon.mr-2 border_color
.subheading Read and Write
v-spacer
v-btn(flat, outline)
v-icon(left) arrow_drop_down
@ -62,39 +77,12 @@
| Import Rules
.pa-3.pl-4
criterias
v-divider.my-0
v-card-title.pb-0
v-subheader
v-icon.mr-2 pageview
.subheading Read Only
v-spacer
v-btn(flat, outline)
v-icon(left) arrow_drop_down
| Load Preset
v-btn(flat, outline)
v-icon(left) vertical_align_bottom
| Import Rules
.pa-3.pl-4
criterias
v-divider.my-0
v-card-title.pb-0
v-subheader Legend
.px-4.pb-4
.body-1.px-1.py-2 Any number of rules can be used at the same time. However, some rules requires more processing time than others. Rule types are color-coded as followed:
.caption
v-icon(color='blue') stop
span Fast rules. None or insignificant latency introduced to all page loads.
.caption
v-icon(color='orange') stop
span Medium rules. Some latency added to all page loads.
.caption
v-icon(color='red') stop
span Slow rules. May adds noticeable latency to all page loads. Avoid using in multiple rules.
v-tab-item(key='users', :transition='false', :reverse-transition='false')
v-card
v-card-title.pb-0
v-btn(color='primary', @click='searchUserDialog = true')
v-spacer
v-btn(color='primary', outline, flat, @click='searchUserDialog = true')
v-icon(left) assignment_ind
| Assign User
v-data-table(
@ -148,12 +136,138 @@ export default {
group: {
id: 0,
name: '',
isSystem: false,
permissions: [],
pageRules: [],
users: []
},
name: '',
deleteGroupDialog: false,
searchUserDialog: false,
pagination: {},
permissions: [
{
category: 'Content',
items: [
{
permission: 'read:pages',
hint: 'Can view pages, as specified in the Page Rules',
warning: false,
restrictedForSystem: false,
disabled: false
},
{
permission: 'write:pages',
hint: 'Can view and create new pages, as specified in the Page Rules',
warning: false,
restrictedForSystem: false,
disabled: false
},
{
permission: 'manage:pages',
hint: 'Can view, create, edit and move existing pages as specified in the Page Rules',
warning: false,
restrictedForSystem: false,
disabled: false
},
{
permission: 'delete:pages',
hint: 'Can delete existing pages, as specified in the Page Rules',
warning: false,
restrictedForSystem: false,
disabled: false
},
{
permission: 'write:assets',
hint: 'Can upload assets (such as images and files), as specified in the Page Rules',
warning: false,
restrictedForSystem: false,
disabled: false
},
{
permission: 'read:comments',
hint: 'Can view comments, as specified in the Page Rules',
warning: false,
restrictedForSystem: false,
disabled: false
},
{
permission: 'write:comments',
hint: 'Can post new comments, as specified in the Page Rules',
warning: false,
restrictedForSystem: false,
disabled: false
}
]
},
{
category: 'Users',
items: [
{
permission: 'write:users',
hint: 'Can create or authorize new users, but not modify existing ones',
warning: false,
restrictedForSystem: true,
disabled: false
},
{
permission: 'manage:users',
hint: 'Can manage all users (but not users with administrative permissions)',
warning: false,
restrictedForSystem: true,
disabled: false
},
{
permission: 'write:groups',
hint: 'Can manage groups and assign CONTENT permissions / page rules',
warning: false,
restrictedForSystem: true,
disabled: false
},
{
permission: 'manage:groups',
hint: 'Can manage groups and assign ANY permissions (but not manage:system) / page rules',
warning: true,
restrictedForSystem: true,
disabled: false
}
]
},
{
category: 'Administration',
items: [
{
permission: 'manage:navigation',
hint: 'Can manage the site navigation',
warning: false,
restrictedForSystem: true,
disabled: false
},
{
permission: 'manage:theme',
hint: 'Can manage and modify themes',
warning: false,
restrictedForSystem: true,
disabled: false
},
{
permission: 'manage:api',
hint: 'Can generate and revoke API keys',
warning: true,
restrictedForSystem: true,
disabled: false
},
{
permission: 'manage:system',
hint: 'Can manage and access everything. Root administrator.',
warning: true,
restrictedForSystem: true,
disabled: true
}
]
}
],
users: [],
headers: [
{ text: 'ID', value: 'id', width: 50, align: 'right' },

19
client/components/admin/admin-groups.vue
View File

@ -17,7 +17,17 @@
v-card
.dialog-header.is-short New Group
v-card-text
v-text-field(v-model='newGroupName', label='Group Name', autofocus, counter='255', @keyup.enter='createGroup')
v-text-field.md2(
solo,
flat,
background-color='grey lighten-4'
prepend-icon='people'
v-model='newGroupName'
label='Group Name'
counter='255'
@keyup.enter='createGroup'
ref='groupNameInput'
)
v-card-chin
v-spacer
v-btn(flat, @click='newGroupDialog = false') Cancel
@ -38,6 +48,10 @@
td {{ props.item.userCount }}
td {{ props.item.createdAt | moment('calendar') }}
td {{ props.item.updatedAt | moment('calendar') }}
td
v-tooltip(left, v-if='props.item.isSystem')
v-icon(slot='activator') lock_outline
span System Group
template(slot='no-data')
v-alert.ma-3(icon='warning', :value='true', outline) No groups to display.
.text-xs-center.py-2(v-if='groups.length > 15')
@ -64,7 +78,8 @@ export default {
{ text: 'Name', value: 'name' },
{ text: 'Users', value: 'userCount', width: 200 },
{ text: 'Created', value: 'createdAt', width: 250 },
{ text: 'Last Updated', value: 'updatedAt', width: 250 }
{ text: 'Last Updated', value: 'updatedAt', width: 250 },
{ text: '', value: 'isSystem', width: 20, sortable: false }
],
search: ''
}

1
client/graph/admin/groups/groups-query-list.gql
View File

@ -3,6 +3,7 @@ query {
list {
id
name
isSystem
userCount
createdAt
updatedAt

4
client/graph/admin/groups/groups-query-single.gql
View File

@ -3,7 +3,9 @@ query ($id: Int!) {
single(id: $id) {
id
name
rights {
isSystem
permissions
pageRules {
id
path
role

2
client/scss/components/v-data-table.scss
View File

@ -1,4 +1,4 @@
.datatable {
.v-datatable {
.is-clickable {
cursor: pointer;
}

6
server/app/data.yml
View File

@ -76,6 +76,12 @@ jobs:
onInit: false
cron: false
concurrency: 1
groups:
defaultPermissions:
- 'manage:pages'
- 'write:assets'
- 'read:comments'
- 'write:comments'
telemetry:
BUGSNAG_ID: 'bb4b324d0675bcbba10025617fd2cec8'
BUGSNAG_REMOTE: 'https://notify.bugsnag.com'

4
server/graph/resolvers/group.js
View File

@ -39,7 +39,9 @@ module.exports = {
},
async create(obj, args) {
const group = await WIKI.models.groups.query().insertAndFetch({
name: args.name
name: args.name,
permissions: JSON.stringify(WIKI.data.groups.defaultPermissions),
isSystem: false
})
return {
responseResult: graphHelper.generateSuccess('Group created successfully.'),

2
server/graph/schemas/authentication.graphql
View File

@ -38,7 +38,7 @@ type AuthenticationMutation {
updateStrategies(
strategies: [AuthenticationStrategyInput]
): DefaultResponse
): DefaultResponse @auth(requires: ["manage:system"])
}
# -----------------------------------------------

21
server/graph/schemas/group.graphql
View File

@ -18,11 +18,11 @@ type GroupQuery {
list(
filter: String
orderBy: String
): [GroupMinimal]
): [GroupMinimal] @auth(requires: ["write:groups", "manage:groups", "manage:system"])
single(
id: Int!
): Group
): Group @auth(requires: ["write:groups", "manage:groups", "manage:system"])
}
# -----------------------------------------------
@ -32,26 +32,26 @@ type GroupQuery {
type GroupMutation {
create(
name: String!
): GroupResponse
): GroupResponse @auth(requires: ["write:groups", "manage:groups", "manage:system"])
update(
id: Int!
name: String!
): DefaultResponse
): DefaultResponse @auth(requires: ["write:groups", "manage:groups", "manage:system"])
delete(
id: Int!
): DefaultResponse
): DefaultResponse @auth(requires: ["write:groups", "manage:groups", "manage:system"])
assignUser(
groupId: Int!
userId: Int!
): DefaultResponse
): DefaultResponse @auth(requires: ["write:groups", "manage:groups", "manage:system"])
unassignUser(
groupId: Int!
userId: Int!
): DefaultResponse
): DefaultResponse @auth(requires: ["write:groups", "manage:groups", "manage:system"])
}
# -----------------------------------------------
@ -66,6 +66,7 @@ type GroupResponse {
type GroupMinimal {
id: Int!
name: String!
isSystem: Boolean!
userCount: Int
createdAt: Date!
updatedAt: Date!
@ -74,8 +75,10 @@ type GroupMinimal {
type Group {
id: Int!
name: String!
rights: [Right]
users: [User]
isSystem: Boolean!
permissions: [String]!
pageRules: [Right]
users: [UserMinimal]
createdAt: Date!
updatedAt: Date!
}

4
server/graph/schemas/localization.graphql
View File

@ -26,14 +26,14 @@ type LocalizationQuery {
type LocalizationMutation {
downloadLocale(
locale: String!
): DefaultResponse
): DefaultResponse @auth(requires: ["manage:system"])
updateLocale(
locale: String!
autoUpdate: Boolean!
namespacing: Boolean!
namespaces: [String]!
): DefaultResponse
): DefaultResponse @auth(requires: ["manage:system"])
}
# -----------------------------------------------

4
server/graph/schemas/logging.graphql
View File

@ -22,7 +22,7 @@ type LoggingQuery {
loggers(
filter: String
orderBy: String
): [Logger]
): [Logger] @auth(requires: ["manage:system"])
}
# -----------------------------------------------
@ -32,7 +32,7 @@ type LoggingQuery {
type LoggingMutation {
updateLoggers(
loggers: [LoggerInput]
): DefaultResponse
): DefaultResponse @auth(requires: ["manage:system"])
}
# -----------------------------------------------

6
server/graph/schemas/page.graphql
View File

@ -45,7 +45,7 @@ type PageMutation {
publishStartDate: Date
tags: [String]!
title: String!
): PageResponse
): PageResponse @auth(requires: ["write:pages", "manage:pages", "manage:system"])
update(
id: Int!
@ -60,11 +60,11 @@ type PageMutation {
publishStartDate: Date
tags: [String]
title: String
): PageResponse
): PageResponse @auth(requires: ["manage:pages", "manage:system"])
delete(
id: Int!
): DefaultResponse
): DefaultResponse @auth(requires: ["delete:pages", "manage:system"])
}
# -----------------------------------------------

4
server/graph/schemas/rendering.graphql
View File

@ -18,7 +18,7 @@ type RenderingQuery {
renderers(
filter: String
orderBy: String
): [Renderer]
): [Renderer] @auth(requires: ["manage:system"])
}
# -----------------------------------------------
@ -28,7 +28,7 @@ type RenderingQuery {
type RenderingMutation {
updateRenderers(
renderers: [RendererInput]
): DefaultResponse
): DefaultResponse @auth(requires: ["manage:system"])
}
# -----------------------------------------------

4
server/graph/schemas/search.graphql
View File

@ -18,7 +18,7 @@ type SearchQuery {
searchEngines(
filter: String
orderBy: String
): [SearchEngine]
): [SearchEngine] @auth(requires: ["manage:system"])
}
# -----------------------------------------------
@ -28,7 +28,7 @@ type SearchQuery {
type SearchMutation {
updateSearchEngines(
searchEngines: [SearchEngineInput]
): DefaultResponse
): DefaultResponse @auth(requires: ["manage:system"])
}
# -----------------------------------------------

4
server/graph/schemas/storage.graphql
View File

@ -18,7 +18,7 @@ type StorageQuery {
targets(
filter: String
orderBy: String
): [StorageTarget]
): [StorageTarget] @auth(requires: ["manage:system"])
}
# -----------------------------------------------
@ -28,7 +28,7 @@ type StorageQuery {
type StorageMutation {
updateTargets(
targets: [StorageTargetInput]
): DefaultResponse
): DefaultResponse @auth(requires: ["manage:system"])
}
# -----------------------------------------------

2
server/graph/schemas/system.graphql
View File

@ -15,7 +15,7 @@ extend type Mutation {
# -----------------------------------------------
type SystemQuery {
info: SystemInfo
info: SystemInfo @auth(requires: ["manage:system"])
}
# -----------------------------------------------

6
server/graph/schemas/theming.graphql
View File

@ -15,8 +15,8 @@ extend type Mutation {
# -----------------------------------------------
type ThemingQuery {
themes: [ThemingTheme]
config: ThemingConfig
themes: [ThemingTheme] @auth(requires: ["manage:theme", "manage:system"])
config: ThemingConfig @auth(requires: ["manage:theme", "manage:system"])
}
# -----------------------------------------------
@ -27,7 +27,7 @@ type ThemingMutation {
setConfig(
theme: String!
darkMode: Boolean!
): DefaultResponse
): DefaultResponse @auth(requires: ["manage:theme", "manage:system"])
}
# -----------------------------------------------

12
server/graph/schemas/user.graphql
View File

@ -18,15 +18,15 @@ type UserQuery {
list(
filter: String
orderBy: String
): [UserMinimal]
): [UserMinimal] @auth(requires: ["write:users", "manage:users", "manage:system"])
search(
query: String!
): [UserMinimal]
): [UserMinimal] @auth(requires: ["write:groups", "manage:groups", "write:users", "manage:users", "manage:system"])
single(
id: Int!
): User
): User @auth(requires: ["manage:users", "manage:system"])
}
# -----------------------------------------------
@ -41,7 +41,7 @@ type UserMutation {
provider: String!
providerId: String
role: UserRole!
): UserResponse
): UserResponse @auth(requires: ["write:users", "manage:users", "manage:system"])
update(
id: Int!
@ -50,11 +50,11 @@ type UserMutation {
provider: String
providerId: String
role: UserRole
): UserResponse
): UserResponse @auth(requires: ["manage:users", "manage:system"])
delete(
id: Int!
): DefaultResponse
): DefaultResponse @auth(requires: ["manage:users", "manage:system"])
resetPassword(
id: Int!

2
server/setup.js
View File

@ -142,7 +142,7 @@ module.exports = () => {
})
const guestGroup = await WIKI.models.groups.query().insert({
name: 'Guests',
permissions: JSON.stringify(['read:page:/']),
permissions: JSON.stringify(['read:pages']),
isSystem: true
})