[full-ci] Implement permission concept for handling user abilities #8431
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
JammingBen
changed the title
JammingBen
force-pushed
the
user-permissions
branch
2 times, most recently
from
57a0f52
to
009ebcf
Compare
5 tasks
JammingBen
force-pushed
the
user-permissions
branch
2 times, most recently
from
aa18463
to
6f88e92
Compare
|
Results for e2e-tests oCIS https://drone.owncloud.com/owncloud/web/32941/12/1 💥 To see the trace, please open the link in the console ...
npx playwright show-trace https://cache.owncloud.com/public/owncloud/web/32941/tracing/spaces-can-be-managed-in-the-admin-settings-alice-2023-2-17-11-37-10.zipnpx playwright show-trace https://cache.owncloud.com/public/owncloud/web/32941/tracing/spaces-can-be-managed-in-the-admin-settings-brian-2023-2-17-11-37-14.zip |
JammingBen
changed the title
JammingBen
commented
Feb 15, 2023
JammingBen
commented
Feb 15, 2023
JammingBen
changed the title
kulmann
requested changes
Feb 16, 2023
packages/web-app-admin-settings/src/mixins/general/resetLogo.ts
Outdated
Show resolved
Hide resolved
JammingBen
force-pushed
the
user-permissions
branch
from
d318322
to
f37a533
Compare
|
@kulmann This is in a finished state from my side (for now at least). The permissions coming from the server still have weird names, that's going to change in the future. Also, there still seem to be bugs with the default permissions of the |
kulmann
requested changes
Feb 17, 2023
|
Kudos, SonarCloud Quality Gate passed! |
This was referenced Feb 17, 2023
Open
86 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Until now, Web handles permission checks only based on role names. This PR adds support for permissions that come from the server. The lib
CASLhas been introduced for defining and enforcing those permissions.The permission concept is a bit complicated because it has 2 "layers": Permissions that are only related to the user and permissions that additionally relate to a resource (like share permissions, space roles). We only care about the former here! That distinction is very important to fully understand how the permissions are structured.
They can be found in packages/web-runtime/src/services/auth/abilities.ts and consist of an
actionand asubject. Actions have one of two suffixes:-all(system-wide permission) or-own(restricted to the current user). E.g.:{ action: 'create-all', subject: 'Account' }defines the permission to read all accounts of this system{ action: 'read-all', subject: 'Space' }defines the permission to read all spaces on this system{ action: 'create-own', subject: 'Space' }defines the permission to create a personal space on this systemAll available actions and subjects are defined in packages/web-pkg/src/utils/types.ts.
The
PermissionManagerhas been removed as we don't need it anymore.Note: Requires the latest server docker image!
Related Issue
Types of changes