storage permissions

2026-05-01 15:33:57 +00:00 · 2024-07-30 13:01:34 +02:00
parent 53ee6eacb2
commit b0405855aa
5 changed files with 40 additions and 25 deletions
--- a/packages/api/src/controllers/auth.js
+++ b/packages/api/src/controllers/auth.js
@@ -6,7 +6,7 @@ const AD = require('activedirectory2').promiseWrapper;
 const crypto = require('crypto');
 const { getTokenSecret, getTokenLifetime } = require('../auth/authCommon');
 const { getAuthProvider } = require('../auth/authProvider');
-const { create } = require('lodash');
+const storage = require('./storage');

 const logger = getLogger('auth');

@@ -65,7 +65,16 @@ module.exports = {
    if (isAdminPage) {
      if (process.env.ADMIN_PASSWORD && process.env.ADMIN_PASSWORD == password) {
        return {
-          accessToken: jwt.sign({ login: 'admin' }, getTokenSecret(), { expiresIn: getTokenLifetime() }),
+          accessToken: jwt.sign(
+            {
+              login: 'superadmin',
+              permissions: await storage.loadSuperadminPermissions(),
+            },
+            getTokenSecret(),
+            {
+              expiresIn: getTokenLifetime(),
+            }
+          ),
        };
      }

--- a/packages/api/src/controllers/storage.js
+++ b/packages/api/src/controllers/storage.js
@@ -7,4 +7,8 @@ module.exports = {
  async getConnection({ conid }) {
    return null;
  },
+
+  async loadSuperadminPermissions() {
+    return [];
+  }
 };
--- a/packages/web/src/App.svelte
+++ b/packages/web/src/App.svelte
@@ -42,14 +42,16 @@
      const connections = await apiCall('connections/list');
      const settings = await getSettings();
      const apps = await getUsedApps();
-      loadedApi = settings && connections && config && apps;
+      const loadedApiValue = !!(settings && connections && config && apps);

-      if (loadedApi) {
+      if (loadedApiValue) {
        subscribeApiDependendStores();
        subscribeConnectionPingers();
        subscribePermissionCompiler();
      }

+      loadedApi = loadedApiValue;
+
      if (!loadedApi) {
        console.log('API not initialized correctly, trying again in 1s');
        setTimeout(loadApi, 1000);
--- a/packages/web/src/utility/hasPermission.ts
+++ b/packages/web/src/utility/hasPermission.ts
@@ -4,13 +4,17 @@ import { useConfig } from './metadataLoaders';
 let compiled = null;

 export default function hasPermission(tested) {
+  // console.log('TESTING PERM', tested, compiled, testPermission(tested, compiled));
  return testPermission(tested, compiled);
 }

 export function subscribePermissionCompiler() {
+  // console.log('subscribePermissionCompiler', compiled);
+
  useConfig().subscribe(value => {
    if (!value) return;
    const { permissions } = value;
    compiled = compilePermissions(permissions);
+    // console.log('COMPILED PERMS', compiled);
  });
 }
--- a/packages/web/src/widgets/WidgetIconPanel.svelte
+++ b/packages/web/src/widgets/WidgetIconPanel.svelte
@@ -12,20 +12,17 @@
  } from '../stores';
  import mainMenuDefinition from '../../../../app/src/mainMenuDefinition';
  import hasPermission from '../utility/hasPermission';
-  import { isAdminPage } from '../utility/pageDefs';

  let domSettings;
  let domMainMenu;

-  const isAdmin = isAdminPage();
-
  const widgets = [
    getCurrentConfig().storageDatabase && {
      icon: 'icon admin',
      name: 'admin',
      title: 'Administration',
    },
-    !isAdmin && {
+    {
      icon: 'icon database',
      name: 'database',
      title: 'Database connections',
@@ -34,32 +31,32 @@
    //   icon: 'fa-table',
    //   name: 'table',
    // },
-    !isAdmin && {
+    {
      icon: 'icon file',
      name: 'file',
      title: 'Favorites & Saved files',
    },
-    !isAdmin && {
+    {
      icon: 'icon history',
      name: 'history',
      title: 'Query history & Closed tabs',
    },
-    !isAdmin && {
+    {
      icon: 'icon archive',
      name: 'archive',
      title: 'Archive (saved tabular data)',
    },
-    !isAdmin && {
+    {
      icon: 'icon plugin',
      name: 'plugins',
      title: 'Extensions & Plugins',
    },
-    !isAdmin && {
+    {
      icon: 'icon cell-data',
      name: 'cell-data',
      title: 'Selected cell data detail view',
    },
-    !isAdmin && {
+    {
      icon: 'icon app',
      name: 'app',
      title: 'Application layers',
@@ -119,17 +116,16 @@

  <div class="flex1">&nbsp;</div>

-  {#if !isAdmin}
-    <div
-      class="wrapper"
-      title={`Toggle whether tabs from all databases are visible. Currently - ${$lockedDatabaseMode ? 'NO' : 'YES'}`}
-      on:click={() => {
-        $lockedDatabaseMode = !$lockedDatabaseMode;
-      }}
-    >
-      <FontIcon icon={$lockedDatabaseMode ? 'icon locked-database-mode' : 'icon unlocked-database-mode'} />
-    </div>
-  {/if}
+  <div
+    class="wrapper"
+    title={`Toggle whether tabs from all databases are visible. Currently - ${$lockedDatabaseMode ? 'NO' : 'YES'}`}
+    on:click={() => {
+      $lockedDatabaseMode = !$lockedDatabaseMode;
+    }}
+  >
+    <FontIcon icon={$lockedDatabaseMode ? 'icon locked-database-mode' : 'icon unlocked-database-mode'} />
+  </div>
+  
  <div class="wrapper" on:click={handleSettingsMenu} bind:this={domSettings}>
    <FontIcon icon="icon settings" />
  </div>