ApiPermission: added isCore column

This commit is contained in:
Roman 2024-03-27 14:12:01 +01:00
parent 603b3676d2
commit ee638914a8
17 changed files with 89 additions and 71 deletions

@ -62,7 +62,7 @@ namespace Core\API\ApiKey {
}
public static function getDefaultACL(Insert $insert): void {
$insert->addRow(self::getEndpoint(), [], "Allows users to create new API-Keys");
$insert->addRow(self::getEndpoint(), [], "Allows users to create new API-Keys", true);
}
}
@ -109,7 +109,7 @@ namespace Core\API\ApiKey {
}
public static function getDefaultACL(Insert $insert): void {
$insert->addRow(self::getEndpoint(), [], "Allows users to fetch new API-Key");
$insert->addRow(self::getEndpoint(), [], "Allows users to fetch new API-Keys", true);
}
}
@ -137,7 +137,7 @@ namespace Core\API\ApiKey {
}
public static function getDefaultACL(Insert $insert): void {
$insert->addRow(self::getEndpoint(), [], "Allows users to refresh API-Key");
$insert->addRow(self::getEndpoint(), [], "Allows users to refresh API-Keys", true);
}
}
@ -162,7 +162,7 @@ namespace Core\API\ApiKey {
}
public static function getDefaultACL(Insert $insert): void {
$insert->addRow(self::getEndpoint(), [], "Allows users to revoke API-Key");
$insert->addRow(self::getEndpoint(), [], "Allows users to revoke API-Keys", true);
}
}
}

@ -33,7 +33,7 @@ namespace Core\API\Database {
}
public static function getDefaultACL(Insert $insert): void {
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to view the database status");
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to view the database status", true);
}
}
@ -106,7 +106,7 @@ namespace Core\API\Database {
}
public static function getDefaultACL(Insert $insert): void {
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to migrate the database structure");
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to migrate the database structure", true);
}
}
}

@ -85,7 +85,7 @@ namespace Core\API\Groups {
}
public static function getDefaultACL(Insert $insert): void {
$insert->addRow(self::getEndpoint(), [Group::ADMIN, Group::SUPPORT], "Allows users to fetch available groups");
$insert->addRow(self::getEndpoint(), [Group::ADMIN, Group::SUPPORT], "Allows users to fetch available groups", true);
}
}
@ -112,7 +112,7 @@ namespace Core\API\Groups {
}
public static function getDefaultACL(Insert $insert): void {
$insert->addRow(self::getEndpoint(), [Group::ADMIN, Group::SUPPORT], "Allows users to get details about a group");
$insert->addRow(self::getEndpoint(), [Group::ADMIN, Group::SUPPORT], "Allows users to get details about a group", true);
}
}
@ -151,7 +151,7 @@ namespace Core\API\Groups {
}
public static function getDefaultACL(Insert $insert): void {
$insert->addRow(self::getEndpoint(), [Group::ADMIN, Group::SUPPORT], "Allows users to fetch members of a group");
$insert->addRow(self::getEndpoint(), [Group::ADMIN, Group::SUPPORT], "Allows users to fetch members of a group", true);
}
}
@ -195,7 +195,7 @@ namespace Core\API\Groups {
}
public static function getDefaultACL(Insert $insert): void {
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to create a new group");
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to create a new group", true);
}
}
@ -226,7 +226,7 @@ namespace Core\API\Groups {
}
public static function getDefaultACL(Insert $insert): void {
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to delete a group");
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to delete a group", true);
}
}
@ -268,7 +268,7 @@ namespace Core\API\Groups {
}
public static function getDefaultACL(Insert $insert): void {
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to add members to a group");
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to add members to a group", true);
}
}
@ -310,7 +310,7 @@ namespace Core\API\Groups {
}
public static function getDefaultACL(Insert $insert): void {
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to remove members from a group");
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to remove members from a group", true);
}
}
}

@ -135,7 +135,7 @@ namespace Core\API\Logs {
}
public static function getDefaultACL(Insert $insert): void {
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to fetch system logs");
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to fetch system logs", true);
}
}

@ -82,7 +82,7 @@ namespace Core\API\Mail {
}
public static function getDefaultACL(Insert $insert): void {
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to send a test email to verify configuration");
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to send a test email to verify configuration", true);
}
}

@ -109,7 +109,7 @@ namespace Core\API\Permission {
}
$sql = $this->context->getSQL();
$res = $sql->select("method", "groups", "description")
$res = $sql->select("method", "groups", "description", "isCore")
->from("ApiPermission")
->execute();
@ -117,16 +117,18 @@ namespace Core\API\Permission {
$this->lastError = $sql->getLastError();
if ($this->success) {
$permissions = array();
$permissions = [];
foreach ($res as $row) {
$method = $row["method"];
$description = $row["description"];
$groups = json_decode($row["groups"]);
$permissions[] = array(
$isCore = $row["isCore"];
$permissions[] = [
"method" => $method,
"groups" => $groups,
"description" => $description
);
"description" => $description,
"isCore" => $isCore
];
}
$this->result["permissions"] = $permissions;
$this->result["groups"] = $this->groups;
@ -136,7 +138,7 @@ namespace Core\API\Permission {
}
public static function getDefaultACL(Insert $insert): void {
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to fetch API permissions");
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to fetch API permissions", true);
}
}
@ -158,29 +160,37 @@ namespace Core\API\Permission {
$sql = $this->context->getSQL();
$methodParam = new StringType('method', 32);
$groupsParam = new Parameter('groups', Parameter::TYPE_ARRAY);
$descriptionParam = new StringType('method', 128);
$updateQuery = $sql->insert("ApiPermission", array("method", "groups"))
->onDuplicateKeyStrategy(new UpdateStrategy(array("method"), array("groups" => new Column("groups"))));
$updateQuery = $sql->insert("ApiPermission", ["method", "groups", "description"])
->onDuplicateKeyStrategy(new UpdateStrategy(["method"], [
"groups" => new Column("groups"),
"description" => new Column("description")
]));
$insertedMethods = array();
foreach ($permissions as $permission) {
if (!is_array($permission)) {
return $this->createError("Invalid data type found in parameter: permissions, expected: object");
} else if (!isset($permission["method"]) || !array_key_exists("groups", $permission)) {
return $this->createError("Invalid object found in parameter: permissions, expected keys 'method' and 'groups'");
} else if (!isset($permission["method"]) || !isset($permission["description"]) || !array_key_exists("groups", $permission)) {
return $this->createError("Invalid object found in parameter: permissions, expected keys: 'method', 'groups', 'description'");
} else if (!$methodParam->parseParam($permission["method"])) {
$expectedType = $methodParam->getTypeName();
return $this->createError("Invalid data type found for attribute 'method', expected: $expectedType");
} else if (!$groupsParam->parseParam($permission["groups"])) {
$expectedType = $groupsParam->getTypeName();
return $this->createError("Invalid data type found for attribute 'groups', expected: $expectedType");
} else if (!$descriptionParam->parseParam($permission["description"])) {
$expectedType = $descriptionParam->getTypeName();
return $this->createError("Invalid data type found for attribute 'description', expected: $expectedType");
} else if (empty(trim($methodParam->value))) {
return $this->createError("Method cannot be empty.");
} else {
$method = $methodParam->value;
$groups = $groupsParam->value;
$updateQuery->addRow($method, $groups);
$description = $descriptionParam->value;
$updateQuery->addRow($method, $groups, $description);
$insertedMethods[] = $method;
}
}
@ -205,8 +215,11 @@ namespace Core\API\Permission {
}
public static function getDefaultACL(Insert $insert): void {
$insert->addRow(self::getEndpoint(), [Group::ADMIN],
"Allows users to modify API permissions. This is restricted to the administrator and cannot be changed");
$insert->addRow(
self::getEndpoint(), [Group::ADMIN],
"Allows users to modify API permissions. This is restricted to the administrator and cannot be changed",
true
);
}
}
}

@ -105,7 +105,7 @@ namespace Core\API\Routes {
}
public static function getDefaultACL(Insert $insert): void {
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to fetch site routing");
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to fetch site routing", true);
}
}
@ -210,7 +210,7 @@ namespace Core\API\Routes {
}
public static function getDefaultACL(Insert $insert): void {
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to save the site routing");
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to save the site routing", true);
}
}
@ -248,7 +248,7 @@ namespace Core\API\Routes {
}
public static function getDefaultACL(Insert $insert): void {
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to add new routes");
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to add new routes", true);
}
}
@ -306,7 +306,7 @@ namespace Core\API\Routes {
}
public static function getDefaultACL(Insert $insert): void {
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to update existing routes");
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to update existing routes", true);
}
}
@ -335,7 +335,7 @@ namespace Core\API\Routes {
}
public static function getDefaultACL(Insert $insert): void {
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to remove routes");
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to remove routes", true);
}
}
@ -353,7 +353,7 @@ namespace Core\API\Routes {
}
public static function getDefaultACL(Insert $insert): void {
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to enable a route");
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to enable a route", true);
}
}
@ -371,7 +371,7 @@ namespace Core\API\Routes {
}
public static function getDefaultACL(Insert $insert): void {
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to disable a route");
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to disable a route", true);
}
}
@ -416,7 +416,7 @@ namespace Core\API\Routes {
}
public static function getDefaultACL(Insert $insert): void {
$insert->addRow(self::getEndpoint(), [Group::ADMIN, Group::SUPPORT], "Allows users to regenerate the routing cache");
$insert->addRow(self::getEndpoint(), [Group::ADMIN, Group::SUPPORT], "Allows users to regenerate the routing cache", true);
}
}
}

@ -50,7 +50,7 @@ namespace Core\API\Settings {
}
public static function getDefaultACL(Insert $insert): void {
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to fetch site settings");
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to fetch site settings", true);
}
}
@ -152,7 +152,7 @@ namespace Core\API\Settings {
}
public static function getDefaultACL(Insert $insert): void {
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to modify site settings");
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to modify site settings", true);
}
}
}

@ -99,6 +99,6 @@ class Stats extends Request {
}
public static function getDefaultACL(Insert $insert): void {
$insert->addRow(self::getEndpoint(), [Group::ADMIN, Group::SUPPORT], "Allows users to view site statistics");
$insert->addRow(self::getEndpoint(), [Group::ADMIN, Group::SUPPORT], "Allows users to view site statistics", true);
}
}

@ -211,7 +211,7 @@ namespace Core\API\User {
}
public static function getDefaultACL(Insert $insert): void {
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to create new users");
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to create new users", true);
}
}
@ -273,7 +273,7 @@ namespace Core\API\User {
}
public static function getDefaultACL(Insert $insert): void {
$insert->addRow(self::getEndpoint(), [Group::ADMIN, Group::SUPPORT], "Allows users to fetch all users");
$insert->addRow(self::getEndpoint(), [Group::ADMIN, Group::SUPPORT], "Allows users to fetch all users", true);
}
}
@ -316,7 +316,7 @@ namespace Core\API\User {
}
public static function getDefaultACL(Insert $insert): void {
$insert->addRow(self::getEndpoint(), [Group::ADMIN, Group::SUPPORT], "Allows users to get details about a user");
$insert->addRow(self::getEndpoint(), [Group::ADMIN, Group::SUPPORT], "Allows users to get details about a user", true);
}
}
@ -438,7 +438,7 @@ namespace Core\API\User {
}
public static function getDefaultACL(Insert $insert): void {
$insert->addRow(self::getEndpoint(), [Group::ADMIN, Group::SUPPORT], "Allows users to invite new users");
$insert->addRow(self::getEndpoint(), [Group::ADMIN, Group::SUPPORT], "Allows users to invite new users", true);
}
}
@ -853,7 +853,7 @@ namespace Core\API\User {
}
public static function getDefaultACL(Insert $insert): void {
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to modify other user's details");
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to modify other user's details", true);
}
}
@ -890,7 +890,7 @@ namespace Core\API\User {
}
public static function getDefaultACL(Insert $insert): void {
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to delete other users");
$insert->addRow(self::getEndpoint(), [Group::ADMIN], "Allows users to delete other users", true);
}
}

@ -116,7 +116,7 @@ namespace Core\API\Visitors {
}
public static function getDefaultACL(Insert $insert): void {
$insert->addRow(self::getEndpoint(), [Group::ADMIN, Group::SUPPORT], "Allows users to view visitor statistics");
$insert->addRow(self::getEndpoint(), [Group::ADMIN, Group::SUPPORT], "Allows users to view visitor statistics", true);
}
}
}

@ -38,7 +38,8 @@ class CreateDatabase extends DatabaseScript {
->addString("method", 32)
->addJson("groups", true, '[]')
->addString("description", 128, false, "")
->primaryKey("method");
->primaryKey("method")
->addBool("isCore", false);
self::loadDefaultACL($queries, $sql);
self::loadPatches($queries, $sql);
@ -121,7 +122,7 @@ class CreateDatabase extends DatabaseScript {
}
public static function loadDefaultACL(array &$queries, SQL $sql) {
$query = $sql->insert("ApiPermission", ["method", "groups", "description"]);
$query = $sql->insert("ApiPermission", ["method", "groups", "description", "isCore"]);
foreach (Request::getApiEndpoints() as $reflectionClass) {
$method = $reflectionClass->getName() . "::getDefaultACL";

@ -20,8 +20,6 @@ namespace Documents\Install {
use Core\Configuration\Configuration;
use Core\Configuration\CreateDatabase;
use Core\Driver\SQL\Expression\Count;
use Core\Driver\SQL\Query\Commit;
use Core\Driver\SQL\Query\StartTransaction;
use Core\Driver\SQL\SQL;
use Core\Elements\Body;
use Core\Elements\Head;
@ -363,24 +361,25 @@ namespace Documents\Install {
$msg = "";
$success = true;
$queries = CreateDatabase::createQueries($sql);
array_unshift($queries, new StartTransaction($sql));
$queries[] = new Commit($sql);
foreach ($queries as $query) {
try {
$sql->startTransaction();
foreach ($queries as $query) {
if (!$query->execute()) {
$msg = "Error creating tables: " . $sql->getLastError();
$success = false;
}
} finally {
if (!$success) {
$sql->rollback();
}
}
if (!$success) {
break;
}
}
} finally {
if (!$success) {
$sql->rollback();
} else {
$sql->commit();
}
}
if ($success) {
$context = $this->getDocument()->getContext();

@ -104,9 +104,12 @@ class Context {
}
public function parseCookies(): void {
if ($this->sql) {
if (isset($_COOKIE['session']) && is_string($_COOKIE['session']) && !empty($_COOKIE['session'])) {
$this->loadSession($_COOKIE['session']);
}
}
// set language by priority: 1. GET parameter, 2. cookie, 3. user's settings
if (isset($_GET['lang']) && is_string($_GET["lang"]) && !empty($_GET["lang"])) {

@ -45,12 +45,14 @@ if (!$context->isCLI()) {
$dockerYaml = null;
$database = $context->getConfig()->getDatabase();
if ($database->getProperty("isDocker", false) && !is_file("/.dockerenv")) {
if ($database !== null) {
if ($database->getProperty("isDocker", false) && !is_file("/.dockerenv")) {
if (function_exists("yaml_parse")) {
$dockerYaml = yaml_parse(file_get_contents("./docker-compose.yml"));
} else {
_exit("yaml_parse not found but required for docker file parsing.");
}
}
}
function connectSQL(): ?SQL {
@ -819,7 +821,7 @@ if (count($argv) < 2) {
if (array_key_exists($command, $registeredCommands)) {
// TODO: do we need this?
if ($database->getProperty("isDocker", false) && !is_file("/.dockerenv")) {
if ($database !== null && $database->getProperty("isDocker", false) && !is_file("/.dockerenv")) {
$requiresDocker = in_array($argv[2] ?? null, $registeredCommands[$command]["requiresDocker"] ?? []);
if ($requiresDocker) {
$containerName = $dockerYaml["services"]["php"]["container_name"];

@ -3,12 +3,12 @@ import {LocaleContext} from "shared/locale";
import {Link, useNavigate} from "react-router-dom";
import {Button, Checkbox, TextField, Paper, Table, TableBody, TableCell, TableContainer, TableHead, TableRow} from "@material-ui/core";
import {Add, Refresh} from "@material-ui/icons";
import {USER_GROUP_ADMIN} from "shared/constants";
export default function AccessControlList(props) {
// meta
const showDialog = props.showDialog;
const {translate: L, requestModules, currentLocale} = useContext(LocaleContext);
const navigate = useNavigate();
@ -74,7 +74,8 @@ export default function AccessControlList(props) {
<i>{permission.description}</i>
</TableCell>
{groups.map(group => <TableCell key={"perm-" + index + "-group-" + group.id} align={"center"}>
<Checkbox checked={!permission.groups.length || permission.groups.includes(group.id)} />
<Checkbox checked={!permission.groups.length || permission.groups.includes(group.id)}
disabled={permission.method.toLowerCase() === "permission/save" || !props.api.hasGroup(USER_GROUP_ADMIN)}/>
</TableCell>)}
</TableRow>
);
@ -118,7 +119,8 @@ export default function AccessControlList(props) {
<Button variant={"outlined"} color={"primary"} className={"m-1"} startIcon={<Refresh />} onClick={() => onFetchACL(true)}>
{L("general.reload")}
</Button>
<Button variant={"outlined"} className={"m-1"} startIcon={<Add />} onClick={() => navigate("/admin/acl/new")}>
<Button variant={"outlined"} className={"m-1"} startIcon={<Add />} disabled={!props.api.hasGroup(USER_GROUP_ADMIN)}
onClick={() => navigate("/admin/acl/new")}>
{L("general.add")}
</Button>
</div>

@ -68,8 +68,6 @@ export default function Overview(props) {
}
*/
console.log(stats);
return <>
<div className={"content-header"}>
<div className={"container-fluid"}>