dennii/dbgate
1
0
Fork 0
mirror of https://github.com/DeNNiiInc/dbgate.git synced 2026-05-01 01:33:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

permissins (per instance)

Browse Source
This commit is contained in:
Jan Prochazka
2020-12-10 11:54:28 +01:00
parent 698756b9d2
commit f993e82b0b
15 changed files with 114 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
packages/api/.covid-env
View File

@@ -8,3 +8,5 @@ PORT_mysql=3326
ENGINE_mysql=mysql@dbgate-plugin-mysql ENGINE_mysql=mysql@dbgate-plugin-mysql
SINGLE_CONNECTION=mysql SINGLE_CONNECTION=mysql
SINGLE_DATABASE=covid SINGLE_DATABASE=covid
PERMISSIONS=files/charts/read

18
packages/api/src/controllers/config.js
View File

@@ -11,17 +11,21 @@ module.exports = {
})) }))
: null; : null;
const startupPages = process.env.STARTUP_PAGES ? process.env.STARTUP_PAGES.split(',') : []; const startupPages = process.env.STARTUP_PAGES ? process.env.STARTUP_PAGES.split(',') : [];
const permissions = process.env.PERMISSIONS ? process.env.PERMISSIONS.split(',') : null;
const singleDatabase =
process.env.SINGLE_CONNECTION && process.env.SINGLE_DATABASE
? {
conid: process.env.SINGLE_CONNECTION,
database: process.env.SINGLE_DATABASE,
}
: null;
return { return {
runAsPortal: !!process.env.CONNECTIONS, runAsPortal: !!process.env.CONNECTIONS,
toolbar, toolbar,
startupPages, startupPages,
singleDatabase: singleDatabase,
process.env.SINGLE_CONNECTION && process.env.SINGLE_DATABASE permissions,
? {
conid: process.env.SINGLE_CONNECTION,
database: process.env.SINGLE_DATABASE,
}
: null,
}; };
}, },
}; };

6
packages/api/src/controllers/files.js
View File

@@ -1,6 +1,7 @@
const fs = require('fs-extra'); const fs = require('fs-extra');
const path = require('path'); const path = require('path');
const { filesdir } = require('../utility/directories'); const { filesdir } = require('../utility/directories');
const hasPermission = require('../utility/hasPermission');
const socket = require('../utility/socket'); const socket = require('../utility/socket');
const scheduler = require('./scheduler'); const scheduler = require('./scheduler');
@@ -19,6 +20,7 @@ function deserialize(format, text) {
module.exports = { module.exports = {
list_meta: 'get', list_meta: 'get',
async list({ folder }) { async list({ folder }) {
if (!hasPermission(`files/${folder}/read`)) return [];
const dir = path.join(filesdir(), folder); const dir = path.join(filesdir(), folder);
if (!(await fs.exists(dir))) return []; if (!(await fs.exists(dir))) return [];
const files = (await fs.readdir(dir)).map((file) => ({ folder, file })); const files = (await fs.readdir(dir)).map((file) => ({ folder, file }));
@@ -27,24 +29,28 @@ module.exports = {
delete_meta: 'post', delete_meta: 'post',
async delete({ folder, file }) { async delete({ folder, file }) {
if (!hasPermission(`files/${folder}/write`)) return;
await fs.unlink(path.join(filesdir(), folder, file)); await fs.unlink(path.join(filesdir(), folder, file));
socket.emitChanged(`files-changed-${folder}`); socket.emitChanged(`files-changed-${folder}`);
}, },
rename_meta: 'post', rename_meta: 'post',
async rename({ folder, file, newFile }) { async rename({ folder, file, newFile }) {
if (!hasPermission(`files/${folder}/write`)) return;
await fs.rename(path.join(filesdir(), folder, file), path.join(filesdir(), folder, newFile)); await fs.rename(path.join(filesdir(), folder, file), path.join(filesdir(), folder, newFile));
socket.emitChanged(`files-changed-${folder}`); socket.emitChanged(`files-changed-${folder}`);
}, },
load_meta: 'post', load_meta: 'post',
async load({ folder, file, format }) { async load({ folder, file, format }) {
if (!hasPermission(`files/${folder}/read`)) return null;
const text = await fs.readFile(path.join(filesdir(), folder, file), { encoding: 'utf-8' }); const text = await fs.readFile(path.join(filesdir(), folder, file), { encoding: 'utf-8' });
return deserialize(format, text); return deserialize(format, text);
}, },
save_meta: 'post', save_meta: 'post',
async save({ folder, file, data, format }) { async save({ folder, file, data, format }) {
if (!hasPermission(`files/${folder}/write`)) return;
const dir = path.join(filesdir(), folder); const dir = path.join(filesdir(), folder);
if (!(await fs.exists(dir))) { if (!(await fs.exists(dir))) {
await fs.mkdir(dir); await fs.mkdir(dir);

3
packages/api/src/controllers/plugins.js
View File

@@ -5,6 +5,7 @@ const { pluginsdir, datadir } = require('../utility/directories');
const socket = require('../utility/socket'); const socket = require('../utility/socket');
const requirePlugin = require('../shell/requirePlugin'); const requirePlugin = require('../shell/requirePlugin');
const downloadPackage = require('../utility/downloadPackage'); const downloadPackage = require('../utility/downloadPackage');
const hasPermission = require('../utility/hasPermission');
// async function loadPackageInfo(dir) { // async function loadPackageInfo(dir) {
// const readmeFile = path.join(dir, 'README.md'); // const readmeFile = path.join(dir, 'README.md');
@@ -106,6 +107,7 @@ module.exports = {
install_meta: 'post', install_meta: 'post',
async install({ packageName }) { async install({ packageName }) {
if (!hasPermission(`plugins/install`)) return;
const dir = path.join(pluginsdir(), packageName); const dir = path.join(pluginsdir(), packageName);
if (!(await fs.exists(dir))) { if (!(await fs.exists(dir))) {
await downloadPackage(packageName, dir); await downloadPackage(packageName, dir);
@@ -115,6 +117,7 @@ module.exports = {
uninstall_meta: 'post', uninstall_meta: 'post',
async uninstall({ packageName }) { async uninstall({ packageName }) {
if (!hasPermission(`plugins/install`)) return;
const dir = path.join(pluginsdir(), packageName); const dir = path.join(pluginsdir(), packageName);
await fs.rmdir(dir, { recursive: true }); await fs.rmdir(dir, { recursive: true });
socket.emitChanged(`installed-plugins-changed`); socket.emitChanged(`installed-plugins-changed`);

2
packages/api/src/controllers/scheduler.js
View File

@@ -3,6 +3,7 @@ const fs = require('fs-extra');
const path = require('path'); const path = require('path');
const cron = require('node-cron'); const cron = require('node-cron');
const runners = require('./runners'); const runners = require('./runners');
const hasPermission = require('../utility/hasPermission');
const scheduleRegex = /\s*\/\/\s*@schedule\s+([^\n]+)\n/; const scheduleRegex = /\s*\/\/\s*@schedule\s+([^\n]+)\n/;
@@ -26,6 +27,7 @@ module.exports = {
}, },
async reload() { async reload() {
if (!hasPermission('files/shell/read')) return;
const shellDir = path.join(filesdir(), 'shell'); const shellDir = path.join(filesdir(), 'shell');
await this.unload(); await this.unload();
if (!(await fs.exists(shellDir))) return; if (!(await fs.exists(shellDir))) return;

12
packages/api/src/utility/hasPermission.js Normal file
View File

@@ -0,0 +1,12 @@
const { compilePermissions, testPermission } = require('dbgate-tools');
let compiled = undefined;
function hasPermission(tested) {
if (compiled === undefined) {
compiled = compilePermissions(process.env.PERMISSIONS);
}
return testPermission(tested, compiled);
}
module.exports = hasPermission;

1
packages/tools/src/index.ts
View File

@@ -6,3 +6,4 @@ export * from './createBulkInsertStreamBase';
export * from './DatabaseAnalyser'; export * from './DatabaseAnalyser';
export * from './driverBase'; export * from './driverBase';
export * from './SqlDumper'; export * from './SqlDumper';
export * from './testPermission';

16
packages/tools/src/testPermission.ts Normal file
View File

@@ -0,0 +1,16 @@
import _escapeRegExp from 'lodash/escapeRegExp';
import _isString from 'lodash/isString';
export function compilePermissions(permissions: string[] | string) {
if (!permissions) return null;
if (_isString(permissions)) permissions = permissions.split(',');
return permissions.map((x) => new RegExp('^' + _escapeRegExp(x).replace(/\\\*/g, '.*') + '$'));
}
export function testPermission(tested: string, permissions: RegExp[]) {
if (!permissions) return true;
for (const permission of permissions) {
if (tested.match(permission)) return true;
}
return false;
}

10
packages/web/src/appobj/SavedFileAppObject.js
View File

@@ -10,8 +10,10 @@ import ScriptWriter from '../impexp/ScriptWriter';
import { extractPackageName } from 'dbgate-tools'; import { extractPackageName } from 'dbgate-tools';
import useShowModal from '../modals/showModal'; import useShowModal from '../modals/showModal';
import InputTextModal from '../modals/InputTextModal'; import InputTextModal from '../modals/InputTextModal';
import useHasPermission from '../utility/useHasPermission';
function Menu({ data, menuExt = null }) { function Menu({ data, menuExt = null }) {
const hasPermission = useHasPermission();
const showModal = useShowModal(); const showModal = useShowModal();
const handleDelete = () => { const handleDelete = () => {
axios.post('files/delete', data); axios.post('files/delete', data);
@@ -31,8 +33,12 @@ function Menu({ data, menuExt = null }) {
}; };
return ( return (
<> <>
<DropDownMenuItem onClick={handleDelete}>Delete</DropDownMenuItem> {hasPermission(`files/${data.folder}/write`) && (
<DropDownMenuItem onClick={handleRename}>Rename</DropDownMenuItem> <DropDownMenuItem onClick={handleDelete}>Delete</DropDownMenuItem>
)}
{hasPermission(`files/${data.folder}/write`) && (
<DropDownMenuItem onClick={handleRename}>Rename</DropDownMenuItem>
)}
{menuExt} {menuExt}
</> </>
); );

11
packages/web/src/charts/ChartToolbar.js
View File

@@ -1,12 +1,17 @@
import React from 'react'; import React from 'react';
import useHasPermission from '../utility/useHasPermission';
import ToolbarButton from '../widgets/ToolbarButton'; import ToolbarButton from '../widgets/ToolbarButton';
export default function ChartToolbar({ save }) { export default function ChartToolbar({ save }) {
const hasPermission = useHasPermission();
return ( return (
<> <>
<ToolbarButton onClick={save} icon="icon save"> {hasPermission('files/charts/write') && (
Save <ToolbarButton onClick={save} icon="icon save">
</ToolbarButton> Save
</ToolbarButton>
)}
</> </>
); );
} }

10
packages/web/src/query/QueryToolbar.js
View File

@@ -1,7 +1,9 @@
import React from 'react'; import React from 'react';
import useHasPermission from '../utility/useHasPermission';
import ToolbarButton from '../widgets/ToolbarButton'; import ToolbarButton from '../widgets/ToolbarButton';
export default function QueryToolbar({ execute, cancel, isDatabaseDefined, busy, save, format, isConnected, kill }) { export default function QueryToolbar({ execute, cancel, isDatabaseDefined, busy, save, format, isConnected, kill }) {
const hasPermission = useHasPermission();
return ( return (
<> <>
<ToolbarButton disabled={!isDatabaseDefined || busy} onClick={execute} icon="icon run"> <ToolbarButton disabled={!isDatabaseDefined || busy} onClick={execute} icon="icon run">
@@ -13,9 +15,11 @@ export default function QueryToolbar({ execute, cancel, isDatabaseDefined, busy,
<ToolbarButton disabled={!isConnected} onClick={kill} icon="icon close"> <ToolbarButton disabled={!isConnected} onClick={kill} icon="icon close">
Kill Kill
</ToolbarButton> </ToolbarButton>
<ToolbarButton onClick={save} icon="icon save"> {hasPermission('files/sql/write') && (
Save <ToolbarButton onClick={save} icon="icon save">
</ToolbarButton> Save
</ToolbarButton>
)}
<ToolbarButton onClick={format} icon="icon format-code"> <ToolbarButton onClick={format} icon="icon format-code">
Format Format
</ToolbarButton> </ToolbarButton>

10
packages/web/src/query/ShellToolbar.js
View File

@@ -1,7 +1,9 @@
import React from 'react'; import React from 'react';
import useHasPermission from '../utility/useHasPermission';
import ToolbarButton from '../widgets/ToolbarButton'; import ToolbarButton from '../widgets/ToolbarButton';
export default function ShellToolbar({ execute, cancel, busy, edit, save, editAvailable }) { export default function ShellToolbar({ execute, cancel, busy, edit, save, editAvailable }) {
const hasPermission = useHasPermission();
return ( return (
<> <>
<ToolbarButton disabled={busy} onClick={execute} icon="icon run"> <ToolbarButton disabled={busy} onClick={execute} icon="icon run">
@@ -13,9 +15,11 @@ export default function ShellToolbar({ execute, cancel, busy, edit, save, editAv
<ToolbarButton disabled={!editAvailable} onClick={edit} icon="icon show-wizard"> <ToolbarButton disabled={!editAvailable} onClick={edit} icon="icon show-wizard">
Show wizard Show wizard
</ToolbarButton> </ToolbarButton>
<ToolbarButton onClick={save} icon="icon save"> {hasPermission('files/shell/write') && (
Save <ToolbarButton onClick={save} icon="icon save">
</ToolbarButton> Save
</ToolbarButton>
)}
</> </>
); );
} }

6
packages/web/src/tabs/PluginTab.js
View File

@@ -9,6 +9,7 @@ import { extractPluginIcon, extractPluginAuthor } from '../plugins/manifestExtra
import FormStyledButton from '../widgets/FormStyledButton'; import FormStyledButton from '../widgets/FormStyledButton';
import axios from '../utility/axios'; import axios from '../utility/axios';
import { useInstalledPlugins } from '../utility/metadataLoaders'; import { useInstalledPlugins } from '../utility/metadataLoaders';
import useHasPermission from '../utility/useHasPermission';
const WhitePage = styled.div` const WhitePage = styled.div`
position: absolute; position: absolute;
@@ -56,6 +57,7 @@ function Delimiter() {
} }
function PluginTabCore({ packageName }) { function PluginTabCore({ packageName }) {
const hasPermission = useHasPermission();
const theme = useTheme(); const theme = useTheme();
const installed = useInstalledPlugins(); const installed = useInstalledPlugins();
const info = useFetch({ const info = useFetch({
@@ -98,10 +100,10 @@ function PluginTabCore({ packageName }) {
<Version>{manifest.version && manifest.version}</Version> <Version>{manifest.version && manifest.version}</Version>
</HeaderLine> </HeaderLine>
<HeaderLine> <HeaderLine>
{!installed.find((x) => x.name == packageName) && ( {hasPermission('plugins/install') && !installed.find((x) => x.name == packageName) && (
<FormStyledButton type="button" value="Install" onClick={handleInstall} /> <FormStyledButton type="button" value="Install" onClick={handleInstall} />
)} )}
{!!installed.find((x) => x.name == packageName) && ( {hasPermission('plugins/install') && !!installed.find((x) => x.name == packageName) && (
<FormStyledButton type="button" value="Uninstall" onClick={handleUninstall} /> <FormStyledButton type="button" value="Uninstall" onClick={handleUninstall} />
)} )}
</HeaderLine> </HeaderLine>

10
packages/web/src/utility/useHasPermission.js Normal file
View File

@@ -0,0 +1,10 @@
import React from 'react';
import { useConfig } from './metadataLoaders';
import { compilePermissions, testPermission } from 'dbgate-tools';
export default function useHasPermission() {
const config = useConfig();
const compiled = React.useMemo(() => compilePermissions(config.permissions), [config]);
const hasPermission = (tested) => testPermission(tested, compiled);
return hasPermission;
}

26
packages/web/src/widgets/FilesWidget.js
View File

@@ -8,6 +8,7 @@ import { WidgetsInnerContainer } from './WidgetStyles';
import { SavedSqlFileAppObject, SavedShellFileAppObject, SavedChartFileAppObject } from '../appobj/SavedFileAppObject'; import { SavedSqlFileAppObject, SavedShellFileAppObject, SavedChartFileAppObject } from '../appobj/SavedFileAppObject';
import WidgetColumnBar, { WidgetColumnBarItem } from './WidgetColumnBar'; import WidgetColumnBar, { WidgetColumnBarItem } from './WidgetColumnBar';
import { useFiles } from '../utility/metadataLoaders'; import { useFiles } from '../utility/metadataLoaders';
import useHasPermission from '../utility/useHasPermission';
function ClosedTabsList() { function ClosedTabsList() {
const tabs = useOpenedTabs(); const tabs = useOpenedTabs();
@@ -64,20 +65,27 @@ function SavedChartFilesList() {
} }
export default function FilesWidget() { export default function FilesWidget() {
const hasPermission = useHasPermission();
return ( return (
<WidgetColumnBar> <WidgetColumnBar>
<WidgetColumnBarItem title="Recently closed tabs" name="closedTabs" height="20%"> <WidgetColumnBarItem title="Recently closed tabs" name="closedTabs" height="20%">
<ClosedTabsList /> <ClosedTabsList />
</WidgetColumnBarItem> </WidgetColumnBarItem>
<WidgetColumnBarItem title="Saved SQL files" name="sqlFiles" height="20%"> {hasPermission('files/sql/read') && (
<SavedSqlFilesList /> <WidgetColumnBarItem title="Saved SQL files" name="sqlFiles" height="20%">
</WidgetColumnBarItem> <SavedSqlFilesList />
<WidgetColumnBarItem title="Saved shell files" name="shellFiles" height="20%"> </WidgetColumnBarItem>
<SavedShellFilesList /> )}
</WidgetColumnBarItem> {hasPermission('files/shell/read') && (
<WidgetColumnBarItem title="Saved charts" name="charts" height="20%"> <WidgetColumnBarItem title="Saved shell files" name="shellFiles" height="20%">
<SavedChartFilesList /> <SavedShellFilesList />
</WidgetColumnBarItem> </WidgetColumnBarItem>
)}
{hasPermission('files/charts/read') && (
<WidgetColumnBarItem title="Saved charts" name="charts" height="20%">
<SavedChartFilesList />
</WidgetColumnBarItem>
)}
</WidgetColumnBar> </WidgetColumnBar>
); );
} }