DeforaNetworks/corteza
DeforaNetworks/corteza
3
0
Fork 0
Code

Redo export RBAC rules

Browse Source
This commit is contained in:
Tomaž Jerman 2024-10-03 13:46:11 +02:00 committed by Jože Fortun
parent 7546d40ae9
commit a1484098f0
9 changed files with 7 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
server/compose/chart.cue
View File

@ -99,7 +99,6 @@ chart: {
"read": {} "read": {}
"update": {} "update": {}
"delete": {} "delete": {}
"export": description: "Access to export charts"
} }
} }

1
server/compose/module.cue
View File

@ -118,7 +118,6 @@ module: {
"read": {} "read": {}
"update": {} "update": {}
"delete": {} "delete": {}
"export": description: "Access to export modules"
"record.create": description: "Create record" "record.create": description: "Create record"
"owned-record.create": description: "Create record with custom owner" "owned-record.create": description: "Create record with custom owner"
"records.search": description: "List, search or filter records" "records.search": description: "List, search or filter records"

1
server/compose/namespace.cue
View File

@ -87,7 +87,6 @@ namespace: {
"charts.export": description: "Export charts on namespace" "charts.export": description: "Export charts on namespace"
"page.create": description: "Create page on namespace" "page.create": description: "Create page on namespace"
"pages.search": description: "List, search or filter pages on namespace" "pages.search": description: "List, search or filter pages on namespace"
"pages.export": description: "Export pages on namespace"
} }
} }

1
server/compose/page.cue
View File

@ -166,7 +166,6 @@ page: {
"read": {} "read": {}
"update": {} "update": {}
"delete": {} "delete": {}
"export": description: "Access to export pages"
"page-layout.create": description: "Create page layout on namespace" "page-layout.create": description: "Create page layout on namespace"
"page-layouts.search": description: "List, search or filter page layouts on namespace" "page-layouts.search": description: "List, search or filter page layouts on namespace"
} }

3
server/compose/rest/chart.go
View File

@ -16,7 +16,6 @@ type (
CanGrant bool `json:"canGrant"` CanGrant bool `json:"canGrant"`
CanUpdateChart bool `json:"canUpdateChart"` CanUpdateChart bool `json:"canUpdateChart"`
CanExportChart bool `json:"canExportChart"`
CanDeleteChart bool `json:"canDeleteChart"` CanDeleteChart bool `json:"canDeleteChart"`
} }
@ -43,7 +42,6 @@ type (
CanGrant(context.Context) bool CanGrant(context.Context) bool
CanUpdateChart(context.Context, *types.Chart) bool CanUpdateChart(context.Context, *types.Chart) bool
CanExportChart(context.Context, *types.Chart) bool
CanDeleteChart(context.Context, *types.Chart) bool CanDeleteChart(context.Context, *types.Chart) bool
} }
) )
@ -156,7 +154,6 @@ func (ctrl Chart) makePayload(ctx context.Context, c *types.Chart, err error) (*
CanGrant: ctrl.ac.CanGrant(ctx), CanGrant: ctrl.ac.CanGrant(ctx),
CanUpdateChart: ctrl.ac.CanUpdateChart(ctx, c), CanUpdateChart: ctrl.ac.CanUpdateChart(ctx, c),
CanExportChart: ctrl.ac.CanExportChart(ctx, c),
CanDeleteChart: ctrl.ac.CanDeleteChart(ctx, c), CanDeleteChart: ctrl.ac.CanDeleteChart(ctx, c),
}, nil }, nil
} }

4
server/compose/rest/module.go
View File

@ -24,7 +24,6 @@ type (
Fields []*moduleFieldPayload `json:"fields"` Fields []*moduleFieldPayload `json:"fields"`
CanGrant bool `json:"canGrant"` CanGrant bool `json:"canGrant"`
CanExport bool `json:"canExport"`
CanUpdateModule bool `json:"canUpdateModule"` CanUpdateModule bool `json:"canUpdateModule"`
CanDeleteModule bool `json:"canDeleteModule"` CanDeleteModule bool `json:"canDeleteModule"`
CanCreateRecord bool `json:"canCreateRecord"` CanCreateRecord bool `json:"canCreateRecord"`
@ -48,7 +47,6 @@ type (
moduleAccessController interface { moduleAccessController interface {
CanGrant(context.Context) bool CanGrant(context.Context) bool
CanExportModule(context.Context, *types.Module) bool
CanUpdateModule(context.Context, *types.Module) bool CanUpdateModule(context.Context, *types.Module) bool
CanDeleteModule(context.Context, *types.Module) bool CanDeleteModule(context.Context, *types.Module) bool
CanCreateRecordOnModule(context.Context, *types.Module) bool CanCreateRecordOnModule(context.Context, *types.Module) bool
@ -191,8 +189,6 @@ func (ctrl Module) makePayload(ctx context.Context, m *types.Module, err error)
CanGrant: ctrl.ac.CanGrant(ctx), CanGrant: ctrl.ac.CanGrant(ctx),
CanExport: ctrl.ac.CanExportModule(ctx, m),
CanUpdateModule: ctrl.ac.CanUpdateModule(ctx, m), CanUpdateModule: ctrl.ac.CanUpdateModule(ctx, m),
CanDeleteModule: ctrl.ac.CanDeleteModule(ctx, m), CanDeleteModule: ctrl.ac.CanDeleteModule(ctx, m),

11
server/compose/rest/namespace.go
View File

@ -36,11 +36,10 @@ type (
CanDeleteNamespace bool `json:"canDeleteNamespace"` CanDeleteNamespace bool `json:"canDeleteNamespace"`
CanManageNamespace bool `json:"canManageNamespace"` CanManageNamespace bool `json:"canManageNamespace"`
CanCreateModule bool `json:"canCreateModule"` CanCreateModule bool `json:"canCreateModule"`
CanExportModule bool `json:"canExportModule"` CanExportModules bool `json:"canExportModules"`
CanCreateChart bool `json:"canCreateChart"` CanCreateChart bool `json:"canCreateChart"`
CanExportChart bool `json:"canExportChart"` CanExportCharts bool `json:"canExportCharts"`
CanCreatePage bool `json:"canCreatePage"` CanCreatePage bool `json:"canCreatePage"`
CanExportPage bool `json:"canExportPage"`
} }
namespaceSetPayload struct { namespaceSetPayload struct {
@ -85,7 +84,6 @@ type (
CanCreateChartOnNamespace(context.Context, *types.Namespace) bool CanCreateChartOnNamespace(context.Context, *types.Namespace) bool
CanExportChartsOnNamespace(context.Context, *types.Namespace) bool CanExportChartsOnNamespace(context.Context, *types.Namespace) bool
CanCreatePageOnNamespace(context.Context, *types.Namespace) bool CanCreatePageOnNamespace(context.Context, *types.Namespace) bool
CanExportPagesOnNamespace(context.Context, *types.Namespace) bool
} }
) )
@ -365,11 +363,10 @@ func (ctrl Namespace) makePayload(ctx context.Context, ns *types.Namespace, err
CanManageNamespace: ctrl.ac.CanManageNamespace(ctx, ns), CanManageNamespace: ctrl.ac.CanManageNamespace(ctx, ns),
CanCreateModule: ctrl.ac.CanCreateModuleOnNamespace(ctx, ns), CanCreateModule: ctrl.ac.CanCreateModuleOnNamespace(ctx, ns),
CanExportModule: ctrl.ac.CanExportModulesOnNamespace(ctx, ns), CanExportModules: ctrl.ac.CanExportModulesOnNamespace(ctx, ns),
CanCreateChart: ctrl.ac.CanCreateChartOnNamespace(ctx, ns), CanCreateChart: ctrl.ac.CanCreateChartOnNamespace(ctx, ns),
CanExportChart: ctrl.ac.CanExportChartsOnNamespace(ctx, ns), CanExportCharts: ctrl.ac.CanExportChartsOnNamespace(ctx, ns),
CanCreatePage: ctrl.ac.CanCreatePageOnNamespace(ctx, ns), CanCreatePage: ctrl.ac.CanCreatePageOnNamespace(ctx, ns),
CanExportPage: ctrl.ac.CanExportPagesOnNamespace(ctx, ns),
}, nil }, nil
} }

3
server/compose/rest/page.go
View File

@ -20,7 +20,6 @@ type (
Children []*pagePayload `json:"children,omitempty"` Children []*pagePayload `json:"children,omitempty"`
CanGrant bool `json:"canGrant"` CanGrant bool `json:"canGrant"`
CanExportPage bool `json:"canExportPage"`
CanUpdatePage bool `json:"canUpdatePage"` CanUpdatePage bool `json:"canUpdatePage"`
CanDeletePage bool `json:"canDeletePage"` CanDeletePage bool `json:"canDeletePage"`
} }
@ -61,7 +60,6 @@ type (
CanGrant(context.Context) bool CanGrant(context.Context) bool
CanUpdatePage(context.Context, *types.Page) bool CanUpdatePage(context.Context, *types.Page) bool
CanExportPage(context.Context, *types.Page) bool
CanDeletePage(context.Context, *types.Page) bool CanDeletePage(context.Context, *types.Page) bool
} }
) )
@ -275,7 +273,6 @@ func (ctrl Page) makePayload(ctx context.Context, c *types.Page, err error) (*pa
CanGrant: ctrl.ac.CanGrant(ctx), CanGrant: ctrl.ac.CanGrant(ctx),
CanUpdatePage: ctrl.ac.CanUpdatePage(ctx, c), CanUpdatePage: ctrl.ac.CanUpdatePage(ctx, c),
CanExportPage: ctrl.ac.CanExportPage(ctx, c),
CanDeletePage: ctrl.ac.CanDeletePage(ctx, c), CanDeletePage: ctrl.ac.CanDeletePage(ctx, c),
}, nil }, nil
} }

52
server/compose/service/access_control.gen.go generated
View File

@ -167,11 +167,6 @@ func (svc accessControl) List() (out []map[string]string) {
"any": types.ChartRbacResource(0, 0), "any": types.ChartRbacResource(0, 0),
"op": "delete", "op": "delete",
}, },
{
"type": types.ChartResourceType,
"any": types.ChartRbacResource(0, 0),
"op": "export",
},
{ {
"type": types.ModuleResourceType, "type": types.ModuleResourceType,
"any": types.ModuleRbacResource(0, 0), "any": types.ModuleRbacResource(0, 0),
@ -187,11 +182,6 @@ func (svc accessControl) List() (out []map[string]string) {
"any": types.ModuleRbacResource(0, 0), "any": types.ModuleRbacResource(0, 0),
"op": "delete", "op": "delete",
}, },
{
"type": types.ModuleResourceType,
"any": types.ModuleRbacResource(0, 0),
"op": "export",
},
{ {
"type": types.ModuleResourceType, "type": types.ModuleResourceType,
"any": types.ModuleRbacResource(0, 0), "any": types.ModuleRbacResource(0, 0),
@ -282,11 +272,6 @@ func (svc accessControl) List() (out []map[string]string) {
"any": types.NamespaceRbacResource(0), "any": types.NamespaceRbacResource(0),
"op": "pages.search", "op": "pages.search",
}, },
{
"type": types.NamespaceResourceType,
"any": types.NamespaceRbacResource(0),
"op": "pages.export",
},
{ {
"type": types.PageResourceType, "type": types.PageResourceType,
"any": types.PageRbacResource(0, 0), "any": types.PageRbacResource(0, 0),
@ -302,11 +287,6 @@ func (svc accessControl) List() (out []map[string]string) {
"any": types.PageRbacResource(0, 0), "any": types.PageRbacResource(0, 0),
"op": "delete", "op": "delete",
}, },
{
"type": types.PageResourceType,
"any": types.PageRbacResource(0, 0),
"op": "export",
},
{ {
"type": types.PageResourceType, "type": types.PageResourceType,
"any": types.PageRbacResource(0, 0), "any": types.PageRbacResource(0, 0),
@ -505,13 +485,6 @@ func (svc accessControl) CanDeleteChart(ctx context.Context, r *types.Chart) boo
return svc.can(ctx, "delete", r) return svc.can(ctx, "delete", r)
} }
// CanExportChart checks if current user can access to export charts
//
// This function is auto-generated
func (svc accessControl) CanExportChart(ctx context.Context, r *types.Chart) bool {
return svc.can(ctx, "export", r)
}
// CanReadModule checks if current user can read // CanReadModule checks if current user can read
// //
// This function is auto-generated // This function is auto-generated
@ -533,13 +506,6 @@ func (svc accessControl) CanDeleteModule(ctx context.Context, r *types.Module) b
return svc.can(ctx, "delete", r) return svc.can(ctx, "delete", r)
} }
// CanExportModule checks if current user can access to export modules
//
// This function is auto-generated
func (svc accessControl) CanExportModule(ctx context.Context, r *types.Module) bool {
return svc.can(ctx, "export", r)
}
// CanCreateRecordOnModule checks if current user can create record // CanCreateRecordOnModule checks if current user can create record
// //
// This function is auto-generated // This function is auto-generated
@ -666,13 +632,6 @@ func (svc accessControl) CanSearchPagesOnNamespace(ctx context.Context, r *types
return svc.can(ctx, "pages.search", r) return svc.can(ctx, "pages.search", r)
} }
// CanExportPagesOnNamespace checks if current user can export pages on namespace
//
// This function is auto-generated
func (svc accessControl) CanExportPagesOnNamespace(ctx context.Context, r *types.Namespace) bool {
return svc.can(ctx, "pages.export", r)
}
// CanReadPage checks if current user can read // CanReadPage checks if current user can read
// //
// This function is auto-generated // This function is auto-generated
@ -694,13 +653,6 @@ func (svc accessControl) CanDeletePage(ctx context.Context, r *types.Page) bool
return svc.can(ctx, "delete", r) return svc.can(ctx, "delete", r)
} }
// CanExportPage checks if current user can access to export pages
//
// This function is auto-generated
func (svc accessControl) CanExportPage(ctx context.Context, r *types.Page) bool {
return svc.can(ctx, "export", r)
}
// CanCreatePageLayoutOnPage checks if current user can create page layout on namespace // CanCreatePageLayoutOnPage checks if current user can create page layout on namespace
// //
// This function is auto-generated // This function is auto-generated
@ -932,14 +884,12 @@ func rbacResourceOperations(r string) map[string]bool {
"read": true, "read": true,
"update": true, "update": true,
"delete": true, "delete": true,
"export": true,
} }
case types.ModuleResourceType: case types.ModuleResourceType:
return map[string]bool{ return map[string]bool{
"read": true, "read": true,
"update": true, "update": true,
"delete": true, "delete": true,
"export": true,
"record.create": true, "record.create": true,
"owned-record.create": true, "owned-record.create": true,
"records.search": true, "records.search": true,
@ -964,14 +914,12 @@ func rbacResourceOperations(r string) map[string]bool {
"charts.export": true, "charts.export": true,
"page.create": true, "page.create": true,
"pages.search": true, "pages.search": true,
"pages.export": true,
} }
case types.PageResourceType: case types.PageResourceType:
return map[string]bool{ return map[string]bool{
"read": true, "read": true,
"update": true, "update": true,
"delete": true, "delete": true,
"export": true,
"page-layout.create": true, "page-layout.create": true,
"page-layouts.search": true, "page-layouts.search": true,
} }