Gergő Jedlicska
968d2f2520
* wip * wip * feat(authz): wip policy shape * wip * fix(authz): canReadProject with latest pattern * wip * feat(shared): simplify authz checks and policies * feat(shared): port role weights into shared * test(shared): some more tests for authz * test(shared): more query project tests * typo! * feat(shared): ff loading refinements * feat(shared): example authorization policy integration * authz loaders init * chore(authz): naming etc * wip * fix(authz): authz error objects Co-authored-by: Kristaps Fabians Geikins <fabis94@users.noreply.github.com> Co-authored-by: Gergő Jedlicska <gjedlicska@users.noreply.github.com> * fix(authz): use correct role weights * chore(authz): use codes from errors in tests * chore(authz): wow * chore(authz): fix more tests, add more tests * chore(authz): fix some tests, add some tests (again) * fix(authz): fix tests again * fix(server): you need to await !!!! otherwise it crashes the server. --------- Co-authored-by: Charles Driesler <chuck@speckle.systems> Co-authored-by: Kristaps Fabians Geikins <fabis94@users.noreply.github.com> Co-authored-by: Gergő Jedlicska <gjedlicska@users.noreply.github.com>
78 lines
2.1 KiB
TypeScript
78 lines
2.1 KiB
TypeScript
import {
|
|
UserServerRole,
|
|
UserStreamRole
|
|
} from '@/modules/shared/domain/rolesAndScopes/types'
|
|
import { Roles } from '@/modules/core/helpers/mainConstants'
|
|
import { RoleInfo } from '@speckle/shared'
|
|
import { pick } from 'lodash'
|
|
|
|
// Conventions:
|
|
// "weight: 1000" => resource owner
|
|
// "weight: 100" => resource viewer / basic user
|
|
// Anything in between 100 and 1000 can be used for escalating privileges.
|
|
const keysToPick = ['weight', 'description'] as const
|
|
|
|
const coreUserRoles: Array<UserServerRole | UserStreamRole> = [
|
|
/**
|
|
* Roles for "this" server.
|
|
*/
|
|
{
|
|
name: Roles.Server.Admin,
|
|
...pick(RoleInfo.Server[Roles.Server.Admin], keysToPick),
|
|
resourceTarget: 'server',
|
|
aclTableName: 'server_acl',
|
|
public: false
|
|
},
|
|
{
|
|
name: Roles.Server.User,
|
|
...pick(RoleInfo.Server[Roles.Server.User], keysToPick),
|
|
resourceTarget: 'server',
|
|
aclTableName: 'server_acl',
|
|
public: false
|
|
},
|
|
// TODO: should this be dynamically pushed if guest role is enabled?
|
|
// feels risky, since feature can be toggled on and off,
|
|
// but user roles are not updated
|
|
// can leave the guest users in a broken state
|
|
{
|
|
name: Roles.Server.Guest,
|
|
...pick(RoleInfo.Server[Roles.Server.Guest], keysToPick),
|
|
resourceTarget: 'server',
|
|
aclTableName: 'server_acl',
|
|
public: false
|
|
},
|
|
{
|
|
name: Roles.Server.ArchivedUser,
|
|
...pick(RoleInfo.Server[Roles.Server.ArchivedUser], keysToPick),
|
|
resourceTarget: 'server',
|
|
aclTableName: 'server_acl',
|
|
public: false
|
|
},
|
|
/**
|
|
* Roles for streams.
|
|
*/
|
|
{
|
|
name: Roles.Stream.Owner,
|
|
...pick(RoleInfo.Stream[Roles.Stream.Owner], keysToPick),
|
|
resourceTarget: 'streams',
|
|
aclTableName: 'stream_acl',
|
|
public: true
|
|
},
|
|
{
|
|
name: Roles.Stream.Contributor,
|
|
...pick(RoleInfo.Stream[Roles.Stream.Contributor], keysToPick),
|
|
resourceTarget: 'streams',
|
|
aclTableName: 'stream_acl',
|
|
public: true
|
|
},
|
|
{
|
|
name: Roles.Stream.Reviewer,
|
|
...pick(RoleInfo.Stream[Roles.Stream.Reviewer], keysToPick),
|
|
resourceTarget: 'streams',
|
|
aclTableName: 'stream_acl',
|
|
public: true
|
|
}
|
|
]
|
|
|
|
export default coreUserRoles
|