Better handling of permissions

2025-01-31 13:07:25 +01:00
parent acfd2c7b14
commit f7dd0c60d6
12 changed files with 45 additions and 57 deletions
--- a/backend/api/events_routes.go
+++ b/backend/api/events_routes.go
@@ -10,14 +10,16 @@ var EventsRoutes = map[string]core.Handler{
 		Handler:     events.HandleEvents,
 		Middlewares: []core.Middleware{Methods("GET")}},
 	"/events/new": {
-		Handler:     events.HandleNew,
-		Middlewares: []core.Middleware{Methods("POST"), AuthJWT}},
+		Handler: events.HandleNew,
+		Middlewares: []core.Middleware{Methods("POST"),
+			HasPermissions("events", "insert"), AuthJWT}},
 	"/events/{event_uuid}": {
 		Handler:     events.HandleEvent,
 		Middlewares: []core.Middleware{Methods("GET")}},
 	"/events/{event_uuid}/delete": {
-		Handler:     events.HandleDelete,
-		Middlewares: []core.Middleware{Methods("DELETE"), AuthJWT}},
+		Handler: events.HandleDelete,
+		Middlewares: []core.Middleware{Methods("DELETE"),
+			HasPermissions("events", "delete"), AuthJWT}},
 	"/events/{event_uuid}/update": {
 		Handler: events.HandleUpdate,
 		Middlewares: []core.Middleware{
--- a/backend/api/middlewares.go
+++ b/backend/api/middlewares.go
@@ -159,24 +159,6 @@ func HasPermissions(resource string, actions ...string) core.Middleware {
 				return
 			}

-			// permissions := utils.MergeArrays(
-			// 	utils.Map(user.Roles, func(r models.Role) []models.Permission {
-			// 		return r.Permissions
-			// 	})...)
-			//
-			// for _, action := range actions {
-			// 	permission := utils.Find(permissions, func(p models.Permission, i int) bool {
-			// 		return resource == p.Resource && action == p.Action
-			// 	})
-			// 	if permission == nil {
-			// 		core.JSONError{
-			// 			Status:  core.Error,
-			// 			Message: fmt.Sprintf("The user doesn't have the proper permission %s:%s", resource, action),
-			// 		}.Respond(w, http.StatusUnauthorized)
-			// 		return
-			// 	}
-			// }
-
 			permissionsSet := make(map[string]struct{}) // Set to store unique permissions

 			// Populate the set with user's permissions
--- a/backend/api/permissions/permission.go
+++ b/backend/api/permissions/permission.go
@@ -9,21 +9,14 @@ import (
 )

 func HandlePermission(w http.ResponseWriter, r *http.Request) {
-	id := r.PathValue("permission_id")
-	var permission models.Permission
-	count, err := core.DB.NewSelect().
-		Model(&permission).
-		Where("id = ?", id).
+	resource := r.PathValue("resource")
+	action := r.PathValue("action")
+	var permissions models.Permission
+	err := core.DB.NewSelect().
+		Model(&permissions).
+		Where("resource = ? AND action = ?", resource, action).
 		Limit(1).
-		ScanAndCount(context.Background())
-
-	if count == 0 {
-		core.JSONSuccess{
-			Status:  core.Success,
-			Message: "Permission not found.",
-		}.Respond(w, http.StatusNotFound)
-		return
-	}
+		Scan(context.Background())

 	if err != nil {
 		core.JSONError{
@@ -35,7 +28,7 @@ func HandlePermission(w http.ResponseWriter, r *http.Request) {

 	core.JSONSuccess{
 		Status:  core.Success,
-		Message: "Permission found.",
-		Data:    permission,
+		Message: "Permissions found.",
+		Data:    permissions,
 	}.Respond(w, http.StatusOK)
 }
--- a/backend/api/permissions_routes.go
+++ b/backend/api/permissions_routes.go
@@ -14,12 +14,12 @@ var PermissionsRoutes = map[string]core.Handler{
 		Handler:     permissions.HandleResourceActions,
 		Middlewares: []core.Middleware{Methods("GET"), AuthJWT},
 	},
-	"/permissions/{permission_id}": {
-		Handler:     permissions.HandlePermission,
-		Middlewares: []core.Middleware{Methods("GET"), AuthJWT},
-	},
 	"/permissions/resources/{resource}": {
 		Handler:     permissions.HandlePermissionsResource,
 		Middlewares: []core.Middleware{Methods("GET"), AuthJWT},
 	},
+	"/permissions/resources/{resource}/{action}": {
+		Handler:     permissions.HandlePermission,
+		Middlewares: []core.Middleware{Methods("GET"), AuthJWT},
+	},
 }
--- a/backend/api/roles/add_permission.go
+++ b/backend/api/roles/add_permission.go
@@ -39,8 +39,9 @@ func HandleAddPermission(w http.ResponseWriter, r *http.Request) {
 	}

 	permissionRole := models.PermissionToRole{
-		PermissionID: permission.ID,
-		RoleID:       role.ID,
+		PermissionResource: permission.Resource,
+		PermissionAction:   permission.Action,
+		RoleID:             role.ID,
 	}
 	_, err = core.DB.NewInsert().Model(&permissionRole).Ignore().
 		Exec(ctx)
--- a/backend/api/roles/remove_permission.go
+++ b/backend/api/roles/remove_permission.go
@@ -26,7 +26,7 @@ func HandleRemovePermission(w http.ResponseWriter, r *http.Request) {
 	}

 	_, err = core.DB.NewDelete().Model((*models.PermissionToRole)(nil)).
-		Where("permission_id = ? AND role_id = ?", permission.ID, role_id).
+		Where("resource = ? AND action = ? AND role_id = ?", permission.Resource, permission.Action, role_id).
 		Exec(ctx)

 	if err != nil {
--- a/backend/core/models/permissions.go
+++ b/backend/core/models/permissions.go
@@ -8,8 +8,7 @@ type PermissionConditions struct {

 type Permission struct {
 	bun.BaseModel `bun:"table:permissions"`
-	ID            int                  `bun:"id,pk,autoincrement" json:"id"`
-	Resource      string               `bun:"resource,notnull,unique:permission" json:"resource"`
-	Action        string               `bun:"action,notnull,unique:permission" json:"action"`
+	Resource      string               `bun:"resource,pk" json:"resource"`
+	Action        string               `bun:"action,pk" json:"action"`
 	Conditions    PermissionConditions `bun:"conditions,type:jsonb" json:"conditions"`
 }
--- a/backend/core/models/permissions_to_roles.go
+++ b/backend/core/models/permissions_to_roles.go
@@ -6,11 +6,12 @@ import (
 )

 type PermissionToRole struct {
-	bun.BaseModel `bun:"table:permissions_to_users"`
+	bun.BaseModel `bun:"table:permissions_to_roles"`

-	PermissionID int       `bun:"permission_id,pk"`
-	RoleID       uuid.UUID `bun:"type:uuid,pk"`
+	PermissionAction   string    `bun:"action,pk"`
+	PermissionResource string    `bun:"resource,pk"`
+	RoleID             uuid.UUID `bun:"type:uuid,pk"`

-	Permission *Permission `bun:"rel:belongs-to,join:permission_id=id"`
+	Permission *Permission `bun:"rel:belongs-to,join:resource=resource,action=action"`
 	Role       *Role       `bun:"rel:belongs-to,join:role_id=id"`
 }
--- a/backend/core/models/roles.go
+++ b/backend/core/models/roles.go
@@ -10,5 +10,5 @@ type Role struct {
 	ID            uuid.UUID `bun:"id,pk,type:uuid,default:gen_random_uuid()" json:"id"`
 	Name          string    `bun:"name,unique,notnull" json:"name"`

-	Permissions []Permission `bun:"m2m:permissions_to_users,join:Role=Permission" json:"permissions,omitempty"`
+	Permissions []Permission `bun:"m2m:permissions_to_roles,join:Role=Permission" json:"permissions,omitempty"`
 }
--- a/backend/main.go
+++ b/backend/main.go
@@ -68,7 +68,7 @@ func main() {
 		"/": {
 			Handler: handler,
 			Middlewares: []core.Middleware{api.Methods("GET"),
-				api.HasPermissions("users", "insert", "jfkdjfdk"),
+				api.HasPermissions("blogs", "insert"),
 				api.AuthJWT,
 			}},
 		"/contact": {
--- a/frontend/app/layout.tsx
+++ b/frontend/app/layout.tsx
@@ -15,8 +15,19 @@ const geistMono = Geist_Mono({
 });

 export const metadata: Metadata = {
-	title: "Create Next App",
-	description: "Generated by create next app",
+	title: "Latosa Escrima France",
+	description: "Site officiel de Latosa Escrima France.",
+	openGraph: {
+		title: "Latosa Escrima France",
+		description: "Site officiel de Latosa Escrima France.",
+		type: "website",
+		countryName: "France",
+	},
+	applicationName: "Latosa Escrima France",
+	authors: {
+		name: "Wing Tsun Picardie",
+		url: "https://www.youtube.com/@WingTsunPicardie",
+	},
 };

 export default function RootLayout({
--- a/frontend/components/hero.tsx
+++ b/frontend/components/hero.tsx
@@ -18,7 +18,6 @@ const Hero = () => {
 							alt="logo"
 							className="h-16"
 						/>
-						<Badge variant="outline">Latosa-Escrima</Badge>
 						<div>
 							<h1 className="mb-6 text-pretty text-2xl font-bold text-primary lg:text-5xl">
 								Trouvez votre équilibre avec Latosa-Escrima