Skip to content

Commit

Permalink
Allow maintenance of per-setting permissions - first draft, not beaut…
Browse files Browse the repository at this point in the history
…ified yet
  • Loading branch information
mrsimpson committed Nov 17, 2017
1 parent 8e6a4a8 commit eed869a
Show file tree
Hide file tree
Showing 12 changed files with 337 additions and 162 deletions.
12 changes: 6 additions & 6 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 3 additions & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,9 @@
"chat"
],
"scripts": {
"start": "meteor npm i && meteor",
"start": "meteor npm i && meteor run",
"debug": "meteor run --inspect",
"debug-brk": "meteor run --inspect-brk",
"lint": "eslint .",
"lint-fix": "eslint . --fix",
"stylelint": "stylelint packages/**/*.css",
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
RocketChat.authz.settingCachedCollectiong = new RocketChat.CachedCollection({
name: 'setting-permissions',
eventType: 'onLogged',
userRelated: false
});
RocketChat.authz.settingCachedCollectiong.init();

this.SettingPermissions = RocketChat.authz.settingCachedCollectiong.collection;
66 changes: 39 additions & 27 deletions packages/rocketchat-authorization/client/views/permissions.html
Original file line number Diff line number Diff line change
@@ -1,34 +1,46 @@
<template name="permissionsTable">
<table border="1" class="permission-grid secondary-background-color">
<thead class="content-background-color">
<tr>
<th class="border-component-color">&nbsp;</th>
{{#each role in allRoles}}
<th class="border-component-color" title="{{role.description}}">
<a href="{{pathFor "admin-permissions-edit" name=role._id}}">
{{role._id}}
<i class="icon-edit"></i>
</a>
</th>
{{/each}}
</tr>
</thead>
<tbody>
{{#each permission in permissions}}
<tr class="admin-table-row">
<td class="permission-name border-component-color" title="{{permissionDescription permission}}">{{permissionName permission}}<br>[{{permission._id}}]
</td>
{{#each role in allRoles}}
<td class="border-component-color">
<input type="checkbox" name="perm[{{_id}}][{{../_id}}]" class="role-permission"
value="1" checked="{{granted permission.roles role}}" data-role="{{role._id}}"
data-permission="{{permission._id}}">
</td>
{{/each}}
</tr>
{{/each}}
</tbody>
</table>
</template>
<template name="permissions">
<div class="permissions-manager">
{{#if hasPermission}}
<a href="{{pathFor "admin-permissions-new"}}" class="button primary new-role">{{_ "New_role"}}</a>
<table border="1" class="permission-grid secondary-background-color">
<thead class="content-background-color">
<tr>
<th class="border-component-color">&nbsp;</th>
{{#each role}}
<th class="border-component-color" title="{{description}}">
<a href="{{pathFor "admin-permissions-edit" name=_id}}">
{{_id}}
<i class="icon-edit"></i>
</a>
</th>
{{/each}}
</tr>
</thead>
<tbody>
{{#each permission}}
<tr class="admin-table-row">
<td class="permission-name border-component-color" title="{{_ permissionDescription}}">{{_ permissionName}}<br>[{{_id}}]</td>
{{#each role}}
<td class="border-component-color">
<input type="checkbox" name="perm[{{_id}}][{{../_id}}]" class="role-permission" value="1" checked="{{granted ../roles}}" data-role="{{_id}}" data-permission="{{../_id}}">
</td>
{{/each}}
</tr>
{{/each}}
</tbody>
</table>
{{> permissionsTable permissions=permissions allRoles=roles}}
{{#if settingPermissionExpanded}}
<div class="js-toggle-setting-permissions">{{_ "setting-permissions-collapse"}}</div>
{{> permissionsTable permissions=settingPermissions allRoles=roles}}
{{else}}
<div class="js-toggle-setting-permissions">{{_ "setting-permissions-expand"}}</div>
{{/if}}
{{else}}
{{_ "Not_authorized"}}
{{/if}}
Expand Down
75 changes: 51 additions & 24 deletions packages/rocketchat-authorization/client/views/permissions.js
Original file line number Diff line number Diff line change
@@ -1,66 +1,91 @@
/* globals ChatPermissions */

/* globals ChatPermissions, SettingPermissions */
Template.permissions.helpers({
role() {
roles() {
return Template.instance().roles.get();
},

permission() {
permissions() {
return ChatPermissions.find({}, {
sort: {
_id: 1
}
});
},

granted(roles) {
settingPermissions() {
return SettingPermissions.find({}, {
sort: {
_id: 1
}
});
},

hasPermission() {
return RocketChat.authz.hasAllPermission('access-permissions');
},

settingPermissionExpanded() {
return Template.instance().settingPermissionsExpanded.get();
}
});

Template.permissions.events({
'click .js-toggle-setting-permissions'(event, instance) {
instance.settingPermissionsExpanded.set(!instance.settingPermissionsExpanded.get());
}
});

Template.permissions.onCreated(function() {
this.settingPermissionsExpanded = new ReactiveVar(false);
this.roles = new ReactiveVar([]);

Tracker.autorun(() => {
this.roles.set(RocketChat.models.Roles.find().fetch());
});
});

Template.permissionsTable.helpers({
granted(roles, role) {
if (roles) {
if (roles.indexOf(this._id) !== -1) {
if (roles.indexOf(role._id) !== -1) {
return 'checked';
}
}
},

permissionName() {
return `${ this._id }`;
},

permissionDescription() {
return `${ this._id }_description`;
permissionName(permission) {
return t(permission._id);
},

hasPermission() {
return RocketChat.authz.hasAllPermission('access-permissions');
permissionDescription(permission) {
return t(`${ permission._id }_description`);
}
});

Template.permissions.events({
Template.permissionsTable.events({
'click .role-permission'(e, instance) {
const permission = e.currentTarget.getAttribute('data-permission');
const role = e.currentTarget.getAttribute('data-role');

if (instance.permissionByRole[permission].indexOf(role) === -1) {
if (!instance.permissionByRole[permission] // the permissino has this role not assigned at all (undefined)
|| instance.permissionByRole[permission].indexOf(role) === -1) {
return Meteor.call('authorization:addPermissionToRole', permission, role);
} else {
return Meteor.call('authorization:removeRoleFromPermission', permission, role);
}
}
});

Template.permissions.onCreated(function() {
this.roles = new ReactiveVar([]);

Template.permissionsTable.onCreated(function() {
this.permissionByRole = {};
this.actions = {
added: {},
removed: {}
};

Tracker.autorun(() => {
this.roles.set(RocketChat.models.Roles.find().fetch());
});

Tracker.autorun(() => {
ChatPermissions.find().observeChanges({
const observer = {
added: (id, fields) => {
this.permissionByRole[id] = fields.roles;
},
Expand All @@ -70,6 +95,8 @@ Template.permissions.onCreated(function() {
removed: (id) => {
delete this.permissionByRole[id];
}
});
};
ChatPermissions.find().observeChanges(observer);
SettingPermissions.find().observeChanges(observer);
});
});
4 changes: 4 additions & 0 deletions packages/rocketchat-authorization/lib/rocketchat.js
Original file line number Diff line number Diff line change
@@ -1 +1,5 @@
RocketChat.authz = {};

export const permissionLevel = {
SETTING: 'setting'
};
1 change: 1 addition & 0 deletions packages/rocketchat-authorization/package.js
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ Package.onUse(function(api) {
api.addFiles('lib/rocketchat.js', ['server', 'client']);

api.addFiles('client/lib/ChatPermissions.js', ['client']);
api.addFiles('client/lib/SettingPermissions.js', ['client']);
api.addFiles('client/lib/models/Roles.js', ['client']);
api.addFiles('client/lib/models/Users.js', ['client']);
api.addFiles('client/lib/models/Subscriptions.js', ['client']);
Expand Down
Original file line number Diff line number Diff line change
@@ -1,8 +1,26 @@
import {permissionLevel} from '../../lib/rocketchat';

Meteor.methods({
'permissions/get'(updatedAt) {
this.unblock();

const records = RocketChat.models.Permissions.find().fetch();
const records = RocketChat.models.Permissions.find({level: {$ne: permissionLevel.SETTING}}).fetch();

if (updatedAt instanceof Date) {
return {
update: records.filter((record) => {
return record._updatedAt > updatedAt;
}),
remove: RocketChat.models.Permissions.trashFindDeletedAfter(updatedAt, {}, {fields: {_id: 1, _deletedAt: 1}}).fetch()
};
}

return records;
},
'setting-permissions/get'(updatedAt) {
this.unblock();

const records = RocketChat.models.Permissions.find({level: permissionLevel.SETTING}).fetch();

if (updatedAt instanceof Date) {
return {
Expand All @@ -21,3 +39,4 @@ Meteor.methods({
RocketChat.models.Permissions.on('changed', (type, permission) => {
RocketChat.Notifications.notifyLoggedInThisInstance('permissions-changed', type, permission);
});

Loading

0 comments on commit eed869a

Please sign in to comment.