Compare commits
12 Commits
868337134d
...
d5e86acacf
| Author | SHA1 | Date | |
|---|---|---|---|
| d5e86acacf | |||
| 221ef192bc | |||
| 18664dbd8b | |||
| d097735965 | |||
| 992776b8a6 | |||
| 3f260b9029 | |||
| 65f40d0897 | |||
| 6d482c784f | |||
| dc07868d15 | |||
| 09a2f05ee5 | |||
| 5cec1cf561 | |||
| 3281764eff |
@ -45,6 +45,7 @@ func main() {
|
||||
cache := cache.NewClient(&cfg)
|
||||
|
||||
user.EnsureAdminUser(ctx, &cfg, repo)
|
||||
user.EnsureSystemPermissions(ctx, repo)
|
||||
|
||||
server := api.NewAPIServer(fmt.Sprintf("%s:%s", cfg.Host, cfg.Port), repo, fStorage, cache, &cfg)
|
||||
if err := server.Run(); err != nil {
|
||||
|
||||
@ -6,18 +6,62 @@ import (
|
||||
"net/http"
|
||||
|
||||
"gitea.local/admin/hspguard/internal/repository"
|
||||
"gitea.local/admin/hspguard/internal/util"
|
||||
"gitea.local/admin/hspguard/internal/web"
|
||||
"github.com/go-chi/chi/v5"
|
||||
"github.com/google/uuid"
|
||||
)
|
||||
|
||||
func (h *AdminHandler) GetPermissions(w http.ResponseWriter, r *http.Request) {
|
||||
userId, ok := util.GetRequestUserId(r.Context())
|
||||
if !ok {
|
||||
web.Error(w, "failed to get user id from auth session", http.StatusInternalServerError)
|
||||
func (h *AdminHandler) GetAllPermissions(w http.ResponseWriter, r *http.Request) {
|
||||
rows, err := h.repo.GetGroupedPermissions(r.Context())
|
||||
if err != nil {
|
||||
log.Println("ERR: Failed to list permissions from db:", err)
|
||||
web.Error(w, "failed to get all permissions", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
type RowDTO struct {
|
||||
Scope string `json:"scope"`
|
||||
Permissions []repository.Permission `json:"permissions"`
|
||||
}
|
||||
|
||||
if len(rows) == 0 {
|
||||
rows = make([]repository.GetGroupedPermissionsRow, 0)
|
||||
}
|
||||
|
||||
var mapped []RowDTO
|
||||
|
||||
for _, row := range rows {
|
||||
var permissions []repository.Permission
|
||||
|
||||
if err := json.Unmarshal(row.Permissions, &permissions); err != nil {
|
||||
log.Println("ERR: Failed to extract permissions from byte array:", err)
|
||||
web.Error(w, "failed to get permissions", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
log.Println("DEBUG: Appending row dto:", RowDTO{
|
||||
Scope: row.Scope,
|
||||
Permissions: permissions,
|
||||
})
|
||||
|
||||
mapped = append(mapped, RowDTO{
|
||||
Scope: row.Scope,
|
||||
Permissions: permissions,
|
||||
})
|
||||
}
|
||||
|
||||
encoder := json.NewEncoder(w)
|
||||
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
|
||||
if err := encoder.Encode(mapped); err != nil {
|
||||
web.Error(w, "failed to encode response", http.StatusInternalServerError)
|
||||
}
|
||||
}
|
||||
|
||||
func (h *AdminHandler) GetUserPermissions(w http.ResponseWriter, r *http.Request) {
|
||||
userId := chi.URLParam(r, "user_id")
|
||||
|
||||
permissions, err := h.repo.GetUserPermissions(r.Context(), uuid.MustParse(userId))
|
||||
if err != nil {
|
||||
log.Println("ERR: Failed to list permissions from db:", err)
|
||||
|
||||
@ -42,7 +42,8 @@ func (h *AdminHandler) RegisterRoutes(router chi.Router) {
|
||||
r.Get("/service-sessions", h.GetServiceSessions)
|
||||
r.Patch("/service-sessions/revoke/{id}", h.RevokeUserSession)
|
||||
|
||||
r.Get("/permissions", h.GetPermissions)
|
||||
r.Get("/permissions", h.GetAllPermissions)
|
||||
r.Get("/permissions/{user_id}", h.GetUserPermissions)
|
||||
})
|
||||
|
||||
router.Get("/api-services/client/{client_id}", h.GetApiServiceCID)
|
||||
|
||||
@ -11,28 +11,133 @@ import (
|
||||
"github.com/google/uuid"
|
||||
)
|
||||
|
||||
const createPermission = `-- name: CreatePermission :one
|
||||
INSERT into permissions (
|
||||
name, scope, description
|
||||
) VALUES (
|
||||
$1, $2, $3
|
||||
) RETURNING id, name, scope, description
|
||||
`
|
||||
|
||||
type CreatePermissionParams struct {
|
||||
Name string `json:"name"`
|
||||
Scope string `json:"scope"`
|
||||
Description *string `json:"description"`
|
||||
}
|
||||
|
||||
func (q *Queries) CreatePermission(ctx context.Context, arg CreatePermissionParams) (Permission, error) {
|
||||
row := q.db.QueryRow(ctx, createPermission, arg.Name, arg.Scope, arg.Description)
|
||||
var i Permission
|
||||
err := row.Scan(
|
||||
&i.ID,
|
||||
&i.Name,
|
||||
&i.Scope,
|
||||
&i.Description,
|
||||
)
|
||||
return i, err
|
||||
}
|
||||
|
||||
const findPermission = `-- name: FindPermission :one
|
||||
SELECT id, name, scope, description FROM permissions
|
||||
WHERE name = $1 AND scope = $2
|
||||
`
|
||||
|
||||
type FindPermissionParams struct {
|
||||
Name string `json:"name"`
|
||||
Scope string `json:"scope"`
|
||||
}
|
||||
|
||||
func (q *Queries) FindPermission(ctx context.Context, arg FindPermissionParams) (Permission, error) {
|
||||
row := q.db.QueryRow(ctx, findPermission, arg.Name, arg.Scope)
|
||||
var i Permission
|
||||
err := row.Scan(
|
||||
&i.ID,
|
||||
&i.Name,
|
||||
&i.Scope,
|
||||
&i.Description,
|
||||
)
|
||||
return i, err
|
||||
}
|
||||
|
||||
const getAllPermissions = `-- name: GetAllPermissions :many
|
||||
SELECT id, name, scope, description
|
||||
FROM permissions p
|
||||
ORDER BY p.scope
|
||||
`
|
||||
|
||||
func (q *Queries) GetAllPermissions(ctx context.Context) ([]Permission, error) {
|
||||
rows, err := q.db.Query(ctx, getAllPermissions)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
defer rows.Close()
|
||||
var items []Permission
|
||||
for rows.Next() {
|
||||
var i Permission
|
||||
if err := rows.Scan(
|
||||
&i.ID,
|
||||
&i.Name,
|
||||
&i.Scope,
|
||||
&i.Description,
|
||||
); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
items = append(items, i)
|
||||
}
|
||||
if err := rows.Err(); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return items, nil
|
||||
}
|
||||
|
||||
const getGroupedPermissions = `-- name: GetGroupedPermissions :many
|
||||
SELECT scope, json_agg(to_jsonb(permissions.*) ORDER BY name) as permissions
|
||||
FROM permissions
|
||||
GROUP BY scope
|
||||
`
|
||||
|
||||
type GetGroupedPermissionsRow struct {
|
||||
Scope string `json:"scope"`
|
||||
Permissions []byte `json:"permissions"`
|
||||
}
|
||||
|
||||
func (q *Queries) GetGroupedPermissions(ctx context.Context) ([]GetGroupedPermissionsRow, error) {
|
||||
rows, err := q.db.Query(ctx, getGroupedPermissions)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
defer rows.Close()
|
||||
var items []GetGroupedPermissionsRow
|
||||
for rows.Next() {
|
||||
var i GetGroupedPermissionsRow
|
||||
if err := rows.Scan(&i.Scope, &i.Permissions); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
items = append(items, i)
|
||||
}
|
||||
if err := rows.Err(); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return items, nil
|
||||
}
|
||||
|
||||
const getUserPermissions = `-- name: GetUserPermissions :many
|
||||
SELECT DISTINCT p.id,p.name,p.scope,p.description
|
||||
FROM permissions p
|
||||
|
||||
LEFT JOIN role_permissions rp_user
|
||||
ON p.id = rp_user.permission_id
|
||||
LEFT JOIN user_roles ur
|
||||
ON rp_user.role_id = ur.role_id AND ur.user_id = $1
|
||||
|
||||
LEFT JOIN user_groups ug
|
||||
ON ug.user_id = $1
|
||||
LEFT JOIN group_roles gr
|
||||
ON ug.group_id = gr.group_id
|
||||
LEFT JOIN role_permissions rp_group
|
||||
ON gr.role_id = rp_group.role_id AND rp_group.permission_id = p.id
|
||||
|
||||
LEFT JOIN user_permissions up
|
||||
ON up.user_id = $1 AND up.permission_id = p.id
|
||||
|
||||
LEFT JOIN group_permissions gp
|
||||
ON gp.group_id = ug.group_id AND gp.permission_id = p.id
|
||||
|
||||
WHERE ur.user_id IS NOT NULL
|
||||
OR gr.group_id IS NOT NULL
|
||||
OR up.user_id IS NOT NULL
|
||||
|
||||
70
internal/user/permissions.go
Normal file
70
internal/user/permissions.go
Normal file
@ -0,0 +1,70 @@
|
||||
package user
|
||||
|
||||
import (
|
||||
"context"
|
||||
"log"
|
||||
|
||||
"gitea.local/admin/hspguard/internal/repository"
|
||||
)
|
||||
|
||||
func String(s string) *string {
|
||||
return &s
|
||||
}
|
||||
|
||||
var (
|
||||
SYSTEM_SCOPE string = "system"
|
||||
SYSTEM_PERMISSIONS []repository.Permission = []repository.Permission{
|
||||
{
|
||||
Name: "log_into_guard",
|
||||
Description: String("Allow users to log into their accounts"),
|
||||
},
|
||||
{
|
||||
Name: "register",
|
||||
Description: String("Allow users to register new accounts"),
|
||||
},
|
||||
{
|
||||
Name: "edit_profile",
|
||||
Description: String("Allow users to edit their profiles"),
|
||||
},
|
||||
{
|
||||
Name: "recover_credentials",
|
||||
Description: String("Allow users to recover their password/email"),
|
||||
},
|
||||
{
|
||||
Name: "verify_profile",
|
||||
Description: String("Allow users to verify their accounts"),
|
||||
},
|
||||
{
|
||||
Name: "access_home_services",
|
||||
Description: String("Allow users to access home services and tools"),
|
||||
},
|
||||
{
|
||||
Name: "view_sessions",
|
||||
Description: String("Allow users to view their active sessions"),
|
||||
},
|
||||
{
|
||||
Name: "revoke_sessions",
|
||||
Description: String("Allow users to revoke their active sessions"),
|
||||
},
|
||||
}
|
||||
)
|
||||
|
||||
func EnsureSystemPermissions(ctx context.Context, repo *repository.Queries) {
|
||||
for _, permission := range SYSTEM_PERMISSIONS {
|
||||
_, err := repo.FindPermission(ctx, repository.FindPermissionParams{
|
||||
Name: permission.Name,
|
||||
Scope: SYSTEM_SCOPE,
|
||||
})
|
||||
if err != nil {
|
||||
log.Printf("INFO: Creating SYSTEM permission: '%s'\n", permission.Name)
|
||||
_, err = repo.CreatePermission(ctx, repository.CreatePermissionParams{
|
||||
Name: permission.Name,
|
||||
Scope: SYSTEM_SCOPE,
|
||||
Description: permission.Description,
|
||||
})
|
||||
if err != nil {
|
||||
log.Fatalf("ERR: Failed to create SYSTEM permission: '%s'\n", permission.Name)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1,14 +1,33 @@
|
||||
|
||||
-- name: GetAllPermissions :many
|
||||
SELECT *
|
||||
FROM permissions p
|
||||
ORDER BY p.scope;
|
||||
|
||||
-- name: GetGroupedPermissions :many
|
||||
SELECT scope, json_agg(to_jsonb(permissions.*) ORDER BY name) as permissions
|
||||
FROM permissions
|
||||
GROUP BY scope;
|
||||
|
||||
-- name: CreatePermission :one
|
||||
INSERT into permissions (
|
||||
name, scope, description
|
||||
) VALUES (
|
||||
$1, $2, $3
|
||||
) RETURNING *;
|
||||
|
||||
-- name: FindPermission :one
|
||||
SELECT * FROM permissions
|
||||
WHERE name = $1 AND scope = $2;
|
||||
|
||||
-- name: GetUserPermissions :many
|
||||
SELECT DISTINCT p.id,p.name,p.scope,p.description
|
||||
FROM permissions p
|
||||
|
||||
-- From roles assigned directly to the user
|
||||
LEFT JOIN role_permissions rp_user
|
||||
ON p.id = rp_user.permission_id
|
||||
LEFT JOIN user_roles ur
|
||||
ON rp_user.role_id = ur.role_id AND ur.user_id = $1
|
||||
|
||||
-- From roles assigned to user's groups
|
||||
LEFT JOIN user_groups ug
|
||||
ON ug.user_id = $1
|
||||
@ -16,15 +35,12 @@ LEFT JOIN group_roles gr
|
||||
ON ug.group_id = gr.group_id
|
||||
LEFT JOIN role_permissions rp_group
|
||||
ON gr.role_id = rp_group.role_id AND rp_group.permission_id = p.id
|
||||
|
||||
-- Direct permissions to user
|
||||
LEFT JOIN user_permissions up
|
||||
ON up.user_id = $1 AND up.permission_id = p.id
|
||||
|
||||
-- Direct permissions to user's groups
|
||||
LEFT JOIN group_permissions gp
|
||||
ON gp.group_id = ug.group_id AND gp.permission_id = p.id
|
||||
|
||||
WHERE ur.user_id IS NOT NULL
|
||||
OR gr.group_id IS NOT NULL
|
||||
OR up.user_id IS NOT NULL
|
||||
|
||||
@ -27,6 +27,7 @@ import VerifyAvatarPage from "./pages/Verify/Avatar";
|
||||
import VerifyReviewPage from "./pages/Verify/Review";
|
||||
import AdminUserSessionsPage from "./pages/Admin/UserSessions";
|
||||
import AdminServiceSessionsPage from "./pages/Admin/ServiceSessions";
|
||||
import AdminAppPermissionsPage from "./pages/Admin/AppPermissions";
|
||||
|
||||
const router = createBrowserRouter([
|
||||
{
|
||||
@ -93,6 +94,12 @@ const router = createBrowserRouter([
|
||||
{ index: true, element: <AdminServiceSessionsPage /> },
|
||||
],
|
||||
},
|
||||
{
|
||||
path: "app-permissions",
|
||||
children: [
|
||||
{ index: true, element: <AdminAppPermissionsPage /> },
|
||||
],
|
||||
},
|
||||
],
|
||||
},
|
||||
],
|
||||
|
||||
@ -3,9 +3,27 @@ import { axios, handleApiError } from "..";
|
||||
|
||||
export type FetchPermissionsResponse = AppPermission[];
|
||||
|
||||
export const getUserPermissionsApi = async (
|
||||
userId: string,
|
||||
): Promise<FetchPermissionsResponse> => {
|
||||
const response = await axios.get<FetchPermissionsResponse>(
|
||||
`/api/v1/admin/permissions/${userId}`,
|
||||
);
|
||||
|
||||
if (response.status !== 200 && response.status !== 201)
|
||||
throw await handleApiError(response);
|
||||
|
||||
return response.data;
|
||||
};
|
||||
|
||||
export type FetchGroupedPermissionsResponse = {
|
||||
scope: string;
|
||||
permissions: AppPermission[];
|
||||
}[];
|
||||
|
||||
export const getPermissionsApi =
|
||||
async (): Promise<FetchPermissionsResponse> => {
|
||||
const response = await axios.get<FetchPermissionsResponse>(
|
||||
async (): Promise<FetchGroupedPermissionsResponse> => {
|
||||
const response = await axios.get<FetchGroupedPermissionsResponse>(
|
||||
"/api/v1/admin/permissions",
|
||||
);
|
||||
|
||||
|
||||
@ -1,5 +1,13 @@
|
||||
import { useAuth } from "@/store/auth";
|
||||
import { Blocks, EarthLock, Home, User, UserLock, Users } from "lucide-react";
|
||||
import {
|
||||
Blocks,
|
||||
EarthLock,
|
||||
Home,
|
||||
KeyRound,
|
||||
User,
|
||||
UserLock,
|
||||
Users,
|
||||
} from "lucide-react";
|
||||
import { useCallback, type ReactNode } from "react";
|
||||
import { useLocation } from "react-router";
|
||||
|
||||
@ -93,6 +101,12 @@ export const useBarItems = (): [Item[], (item: Item) => boolean] => {
|
||||
tab: "admin.service-sessions",
|
||||
pathname: "/admin/service-sessions",
|
||||
},
|
||||
{
|
||||
icon: <KeyRound />,
|
||||
title: "App Permissions",
|
||||
tab: "admin.app-permissions",
|
||||
pathname: "/admin/app-permissions",
|
||||
},
|
||||
]
|
||||
: []),
|
||||
],
|
||||
|
||||
130
web/src/pages/Admin/AppPermissions/index.tsx
Normal file
130
web/src/pages/Admin/AppPermissions/index.tsx
Normal file
@ -0,0 +1,130 @@
|
||||
import { useEffect, type FC } from "react";
|
||||
import Breadcrumbs from "@/components/ui/breadcrumbs";
|
||||
import { usePermissions } from "@/store/admin/permissions";
|
||||
|
||||
interface DisplayPermission {
|
||||
name: string;
|
||||
description: string;
|
||||
}
|
||||
|
||||
interface IPermissionGroupProps {
|
||||
scope: string;
|
||||
permissions?: DisplayPermission[] | null | undefined;
|
||||
generatedPermissions?: DisplayPermission[] | null | undefined;
|
||||
}
|
||||
|
||||
const PermissionGroup: FC<IPermissionGroupProps> = ({
|
||||
scope,
|
||||
permissions,
|
||||
generatedPermissions,
|
||||
}) => {
|
||||
return (
|
||||
<div className="border dark:border-gray-800 border-gray-300 p-4 rounded mb-4">
|
||||
<h2 className="dark:text-gray-300 text-gray-800 text-lg font-semibold">
|
||||
{scope}
|
||||
</h2>
|
||||
|
||||
{(generatedPermissions?.length ?? 0) > 0 && (
|
||||
<>
|
||||
<p className="text-gray-500 text-sm mt-2 mb-4">Generated by Guard</p>
|
||||
|
||||
<ol
|
||||
className={`grid gap-4 gap-y-3 grid-cols-1 md:grid-cols-2 lg:grid-cols-3 xl:grid-cols-4 text-gray-800 dark:text-gray-300 font-medium mb-${permissions && permissions.length > 0 ? "6" : "2"}`}
|
||||
>
|
||||
{generatedPermissions!.map(({ name, description }) => (
|
||||
<li className="before:w-2 before:h-2 before:block before:translate-y-2 before:bg-gray-400 dark:before:bg-gray-700 before:rounded-xs flex flex-row items-start gap-2">
|
||||
<div className="flex flex-col gap-1">
|
||||
<label>{name}</label>
|
||||
<p className="text-xs text-gray-400 dark:text-gray-500">
|
||||
{description}
|
||||
</p>
|
||||
</div>
|
||||
</li>
|
||||
))}
|
||||
</ol>
|
||||
</>
|
||||
)}
|
||||
|
||||
{(permissions?.length ?? 0) > 0 && (
|
||||
<>
|
||||
<p className="text-gray-500 text-sm mt-2 mb-4">Manually Created</p>
|
||||
|
||||
<ol className="grid gap-4 gap-y-3 grid-cols-1 md:grid-cols-2 lg:grid-cols-3 xl:grid-cols-4 text-gray-800 dark:text-gray-300 font-medium">
|
||||
{permissions!.map(({ name, description }) => (
|
||||
<li className="before:w-2 before:h-2 before:block before:translate-y-2 before:bg-gray-400 dark:before:bg-gray-700 before:rounded-xs flex flex-row items-start gap-2">
|
||||
<div className="flex flex-col gap-1">
|
||||
<label>{name}</label>
|
||||
<p className="text-xs text-gray-400 dark:text-gray-500">
|
||||
{description}
|
||||
</p>
|
||||
</div>
|
||||
</li>
|
||||
))}
|
||||
</ol>
|
||||
</>
|
||||
)}
|
||||
</div>
|
||||
);
|
||||
};
|
||||
|
||||
const AdminAppPermissionsPage: FC = () => {
|
||||
const permissions = usePermissions((s) => s.permissions);
|
||||
const fetch = usePermissions((s) => s.fetch);
|
||||
|
||||
useEffect(() => {
|
||||
fetch();
|
||||
}, [fetch]);
|
||||
|
||||
return (
|
||||
<div className="relative flex flex-col items-stretch w-full">
|
||||
<div className="p-4">
|
||||
<Breadcrumbs
|
||||
className="pb-2"
|
||||
items={[
|
||||
{
|
||||
href: "/admin",
|
||||
label: "Admin",
|
||||
},
|
||||
{
|
||||
label: "App Permissions",
|
||||
},
|
||||
]}
|
||||
/>
|
||||
</div>
|
||||
<div className="px-7">
|
||||
{Object.keys(permissions).map((scope) => (
|
||||
<PermissionGroup
|
||||
scope={scope.toUpperCase()}
|
||||
generatedPermissions={permissions[scope].map((p) => ({
|
||||
name: p.name
|
||||
.split("_")
|
||||
.map((s) => s[0].toUpperCase() + s.slice(1))
|
||||
.join(" "),
|
||||
description: p.description,
|
||||
}))}
|
||||
/>
|
||||
))}
|
||||
{/* <PermissionGroup
|
||||
scope="Open Chat"
|
||||
generatedPermissions={["Access Open Chat"].map((name) => ({
|
||||
name,
|
||||
description: `You can ${name.toLowerCase()}`,
|
||||
}))}
|
||||
permissions={[
|
||||
"Receive Messages",
|
||||
"Send Messages",
|
||||
"View Status",
|
||||
"Post Status",
|
||||
"Use Ghost Mode",
|
||||
"Send Large Media",
|
||||
].map((name) => ({
|
||||
name,
|
||||
description: `You can ${name.toLowerCase()}`,
|
||||
}))}
|
||||
/> */}
|
||||
</div>
|
||||
</div>
|
||||
);
|
||||
};
|
||||
|
||||
export default AdminAppPermissionsPage;
|
||||
@ -25,6 +25,7 @@ const InfoCard = ({
|
||||
const AdminViewUserPage: FC = () => {
|
||||
const { userId } = useParams();
|
||||
const user = useUsers((state) => state.current);
|
||||
const userPermissions = useUsers((s) => s.userPermissions);
|
||||
// const loading = useApiServices((state) => state.fetchingApiService);
|
||||
|
||||
const loadUser = useUsers((state) => state.fetchUser);
|
||||
@ -117,6 +118,10 @@ const AdminViewUserPage: FC = () => {
|
||||
</div>
|
||||
</InfoCard>
|
||||
|
||||
<InfoCard title="Roles & Permissions">
|
||||
<pre>{JSON.stringify(userPermissions, null, 2)}</pre>
|
||||
</InfoCard>
|
||||
|
||||
{/* 🚀 Actions */}
|
||||
<div className="flex flex-wrap gap-4 mt-6 justify-between items-center">
|
||||
<Link to="/admin/users">
|
||||
|
||||
@ -1,4 +1,3 @@
|
||||
import { getPermissionsApi } from "@/api/admin/permissions";
|
||||
import Breadcrumbs from "@/components/ui/breadcrumbs";
|
||||
import { Button } from "@/components/ui/button";
|
||||
import Avatar from "@/feature/Avatar";
|
||||
@ -16,12 +15,6 @@ const AdminUsersPage: FC = () => {
|
||||
fetchUsers();
|
||||
}, [fetchUsers]);
|
||||
|
||||
useEffect(() => {
|
||||
getPermissionsApi().then((res) => {
|
||||
console.log("permissions response:", res);
|
||||
});
|
||||
}, []);
|
||||
|
||||
return (
|
||||
<div className="relative flex flex-col items-stretch w-full">
|
||||
<div className="p-4">
|
||||
|
||||
@ -76,21 +76,21 @@ const AuthorizePage: FC = () => {
|
||||
<div className="text-gray-400 dark:text-gray-600">
|
||||
<ArrowLeftRight />
|
||||
</div>
|
||||
<div className="w-12 h-12 rounded-full flex items-center justify-center overflow-hidden bg-gray-900 ring ring-gray-400 dark:ring dark:ring-gray-500">
|
||||
{/* <img
|
||||
{/* <div className="w-12 h-12 rounded-full flex items-center justify-center overflow-hidden bg-gray-900 ring ring-gray-400 dark:ring dark:ring-gray-500"> */}
|
||||
{/* <img
|
||||
src="https://lucide.dev/logo.dark.svg"
|
||||
className="w-8 h-8"
|
||||
/> */}
|
||||
{apiService?.icon_url ? (
|
||||
<img
|
||||
src={apiService.icon_url}
|
||||
className="w-full h-full"
|
||||
alt="service_icon"
|
||||
/>
|
||||
) : (
|
||||
<LayoutDashboard size={32} color="#fefefe" />
|
||||
)}
|
||||
</div>
|
||||
{apiService?.icon_url ? (
|
||||
<img
|
||||
src={apiService.icon_url}
|
||||
className="w-12 h-12"
|
||||
alt="service_icon"
|
||||
/>
|
||||
) : (
|
||||
<LayoutDashboard size={32} color="#fefefe" />
|
||||
)}
|
||||
{/* </div> */}
|
||||
</div>
|
||||
|
||||
<div className="px-4 sm:mt-4 mt-8">
|
||||
|
||||
32
web/src/store/admin/permissions.ts
Normal file
32
web/src/store/admin/permissions.ts
Normal file
@ -0,0 +1,32 @@
|
||||
import { getPermissionsApi } from "@/api/admin/permissions";
|
||||
import type { AppPermission } from "@/types";
|
||||
import { create } from "zustand";
|
||||
|
||||
export interface IAdminPermissionsState {
|
||||
permissions: Record<string, AppPermission[]>;
|
||||
fetching: boolean;
|
||||
|
||||
fetch: () => Promise<void>;
|
||||
}
|
||||
|
||||
export const usePermissions = create<IAdminPermissionsState>((set) => ({
|
||||
permissions: {},
|
||||
fetching: false,
|
||||
|
||||
fetch: async () => {
|
||||
set({ fetching: true });
|
||||
|
||||
try {
|
||||
const response = await getPermissionsApi();
|
||||
set({
|
||||
permissions: Object.fromEntries(
|
||||
response.map(({ scope, permissions }) => [scope, permissions]),
|
||||
),
|
||||
});
|
||||
} catch (err) {
|
||||
console.log("ERR: Failed to fetch admin permissions:", err);
|
||||
} finally {
|
||||
set({ fetching: false });
|
||||
}
|
||||
},
|
||||
}));
|
||||
@ -1,10 +1,11 @@
|
||||
import { getUserPermissionsApi } from "@/api/admin/permissions";
|
||||
import {
|
||||
adminGetUserApi,
|
||||
adminGetUsersApi,
|
||||
postUser,
|
||||
type CreateUserRequest,
|
||||
} from "@/api/admin/users";
|
||||
import type { UserProfile } from "@/types";
|
||||
import type { AppPermission, UserProfile } from "@/types";
|
||||
import { create } from "zustand";
|
||||
|
||||
export interface IUsersState {
|
||||
@ -14,14 +15,18 @@ export interface IUsersState {
|
||||
current: UserProfile | null;
|
||||
fetchingCurrent: boolean;
|
||||
|
||||
userPermissions: AppPermission[];
|
||||
fetchingPermissions: boolean;
|
||||
|
||||
creating: boolean;
|
||||
createUser: (req: CreateUserRequest) => Promise<boolean>;
|
||||
|
||||
fetchUsers: () => Promise<void>;
|
||||
fetchUser: (id: string) => Promise<void>;
|
||||
fetchUserPermissions: () => Promise<void>;
|
||||
}
|
||||
|
||||
export const useUsers = create<IUsersState>((set) => ({
|
||||
export const useUsers = create<IUsersState>((set, get) => ({
|
||||
users: [],
|
||||
fetching: false,
|
||||
|
||||
@ -30,6 +35,9 @@ export const useUsers = create<IUsersState>((set) => ({
|
||||
current: null,
|
||||
fetchingCurrent: false,
|
||||
|
||||
userPermissions: [],
|
||||
fetchingPermissions: false,
|
||||
|
||||
createUser: async (req: CreateUserRequest) => {
|
||||
set({ creating: true });
|
||||
|
||||
@ -70,4 +78,23 @@ export const useUsers = create<IUsersState>((set) => ({
|
||||
set({ fetchingCurrent: false });
|
||||
}
|
||||
},
|
||||
|
||||
fetchUserPermissions: async () => {
|
||||
const user = get().current;
|
||||
if (!user) {
|
||||
console.warn("Trying to fetch user permissions without selected user");
|
||||
return;
|
||||
}
|
||||
|
||||
set({ fetchingPermissions: true });
|
||||
|
||||
try {
|
||||
const response = await getUserPermissionsApi(user.id);
|
||||
set({ userPermissions: response });
|
||||
} catch (err) {
|
||||
console.log("ERR: Failed to fetch single user for admin:", err);
|
||||
} finally {
|
||||
set({ fetchingPermissions: false });
|
||||
}
|
||||
},
|
||||
}));
|
||||
|
||||
Reference in New Issue
Block a user