diff --git a/domain/category/endpoint.go b/domain/category/endpoint.go index cbcc163b..e7001305 100644 --- a/domain/category/endpoint.go +++ b/domain/category/endpoint.go @@ -82,10 +82,10 @@ func (h *Handler) Add(w http.ResponseWriter, r *http.Request) { perm := pm.Permission{} perm.OrgID = ctx.OrgID - perm.Who = "user" + perm.Who = pm.UserPermission perm.WhoID = ctx.UserID - perm.Scope = "object" - perm.Location = "category" + perm.Scope = pm.ScopeRow + perm.Location = pm.LocationCategory perm.RefID = cat.RefID perm.Action = pm.CategoryView diff --git a/domain/permission/endpoint.go b/domain/permission/endpoint.go index 78016704..0fb7c808 100644 --- a/domain/permission/endpoint.go +++ b/domain/permission/endpoint.go @@ -30,7 +30,6 @@ import ( "github.com/documize/community/model/audit" "github.com/documize/community/model/permission" "github.com/documize/community/model/space" - "github.com/documize/community/model/user" ) // Handler contains the runtime information such as logging and database. @@ -178,10 +177,10 @@ func (h *Handler) SetSpacePermissions(w http.ResponseWriter, r *http.Request) { if !me { perm := permission.Permission{} perm.OrgID = ctx.OrgID - perm.Who = "user" + perm.Who = permission.UserPermission perm.WhoID = ctx.UserID - perm.Scope = "object" - perm.Location = "space" + perm.Scope = permission.ScopeRow + perm.Location = permission.LocationSpace perm.RefID = id perm.Action = "" // we send array for actions below @@ -236,9 +235,6 @@ func (h *Handler) GetSpacePermissions(w http.ResponseWriter, r *http.Request) { response.WriteServerError(w, method, err) return } - if len(perms) == 0 { - perms = []permission.Permission{} - } userPerms := make(map[string][]permission.Permission) for _, p := range perms { @@ -269,9 +265,6 @@ func (h *Handler) GetUserSpacePermissions(w http.ResponseWriter, r *http.Request response.WriteServerError(w, method, err) return } - if len(perms) == 0 { - perms = []permission.Permission{} - } record := permission.DecodeUserPermissions(perms) response.WriteJSON(w, record) @@ -293,9 +286,6 @@ func (h *Handler) GetCategoryViewers(w http.ResponseWriter, r *http.Request) { response.WriteServerError(w, method, err) return } - if len(u) == 0 { - u = []user.User{} - } response.WriteJSON(w, u) } @@ -316,9 +306,6 @@ func (h *Handler) GetCategoryPermissions(w http.ResponseWriter, r *http.Request) response.WriteServerError(w, method, err) return } - if len(u) == 0 { - u = []permission.Permission{} - } response.WriteJSON(w, u) } @@ -380,10 +367,10 @@ func (h *Handler) SetCategoryPermissions(w http.ResponseWriter, r *http.Request) for _, m := range model { perm := permission.Permission{} perm.OrgID = ctx.OrgID - perm.Who = "user" + perm.Who = permission.UserPermission perm.WhoID = m.UserID - perm.Scope = "object" - perm.Location = "category" + perm.Scope = permission.ScopeRow + perm.Location = permission.LocationCategory perm.RefID = m.CategoryID perm.Action = permission.CategoryView @@ -418,9 +405,6 @@ func (h *Handler) GetDocumentPermissions(w http.ResponseWriter, r *http.Request) response.WriteServerError(w, method, err) return } - if len(perms) == 0 { - perms = []permission.Permission{} - } userPerms := make(map[string][]permission.Permission) for _, p := range perms { @@ -451,9 +435,6 @@ func (h *Handler) GetUserDocumentPermissions(w http.ResponseWriter, r *http.Requ response.WriteServerError(w, method, err) return } - if len(perms) == 0 { - perms = []permission.Permission{} - } record := permission.DecodeUserDocumentPermissions(perms) response.WriteJSON(w, record) diff --git a/domain/space/endpoint.go b/domain/space/endpoint.go index 94d590a2..87a4f843 100644 --- a/domain/space/endpoint.go +++ b/domain/space/endpoint.go @@ -110,10 +110,10 @@ func (h *Handler) Add(w http.ResponseWriter, r *http.Request) { perm := permission.Permission{} perm.OrgID = sp.OrgID - perm.Who = "user" + perm.Who = permission.UserPermission perm.WhoID = ctx.UserID - perm.Scope = "object" - perm.Location = "space" + perm.Scope = permission.ScopeRow + perm.Location = permission.LocationSpace perm.RefID = sp.RefID perm.Action = "" // we send array for actions below @@ -800,10 +800,10 @@ func (h *Handler) Invite(w http.ResponseWriter, r *http.Request) { perm := permission.Permission{} perm.OrgID = sp.OrgID - perm.Who = "user" + perm.Who = permission.UserPermission perm.WhoID = u.RefID - perm.Scope = "object" - perm.Location = "space" + perm.Scope = permission.ScopeRow + perm.Location = permission.LocationSpace perm.RefID = sp.RefID perm.Action = "" // we send array for actions below diff --git a/domain/space/space.go b/domain/space/space.go index 676a53e3..24da1c5d 100644 --- a/domain/space/space.go +++ b/domain/space/space.go @@ -64,10 +64,10 @@ func inviteNewUserToSharedSpace(ctx domain.RequestContext, rt *env.Runtime, s *d perm := permission.Permission{} perm.OrgID = sp.OrgID - perm.Who = "user" + perm.Who = permission.UserPermission perm.WhoID = userID - perm.Scope = "object" - perm.Location = "space" + perm.Scope = permission.ScopeRow + perm.Location = permission.LocationSpace perm.RefID = sp.RefID perm.Action = "" // we send array for actions below diff --git a/domain/space/space_test.go b/domain/space/space_test.go index 9e5c8f89..fe3093f8 100644 --- a/domain/space/space_test.go +++ b/domain/space/space_test.go @@ -42,8 +42,8 @@ func TestSpace(t *testing.T) { perm.OrgID = ctx.OrgID perm.Who = "user" perm.WhoID = ctx.UserID - perm.Scope = "object" - perm.Location = "space" + perm.Scope = permission.ScopeRow + perm.Location = permission.LocationSpace perm.RefID = spaceID perm.Action = "" // we send array for actions below @@ -109,8 +109,8 @@ func TestSpace(t *testing.T) { perm.OrgID = ctx.OrgID perm.Who = "user" perm.WhoID = ctx.UserID - perm.Scope = "object" - perm.Location = "space" + perm.Scope = permission.ScopeRow + perm.Location = permission.LocationSpace perm.RefID = spaceID2 perm.Action = "" // we send array for actions below @@ -170,8 +170,8 @@ func TestSpace(t *testing.T) { perm.OrgID = ctx.OrgID perm.Who = "user" perm.WhoID = ctx.UserID - perm.Scope = "object" - perm.Location = "space" + perm.Scope = permission.ScopeRow + perm.Location = permission.LocationSpace perm.RefID = spaceID perm.Action = "" // we send array for actions below diff --git a/model/permission/common.go b/model/permission/common.go index 2b868d8c..29248c3e 100644 --- a/model/permission/common.go +++ b/model/permission/common.go @@ -15,17 +15,50 @@ import "time" // Permission represents a permission for a space and is persisted to the database. type Permission struct { - ID uint64 `json:"id"` - OrgID string `json:"orgId"` - Who string `json:"who"` // user, role - WhoID string `json:"whoId"` // either a user or role ID - Action Action `json:"action"` // view, edit, delete - Scope string `json:"scope"` // object, table - Location string `json:"location"` // table name - RefID string `json:"refId"` // id of row in table / blank when scope=table - Created time.Time `json:"created"` + ID uint64 `json:"id"` + OrgID string `json:"orgId"` + Who WhoType `json:"who"` // user, role + WhoID string `json:"whoId"` // either a user or role ID + Action Action `json:"action"` // view, edit, delete + Scope ScopeType `json:"scope"` // object, table + Location LocationType `json:"location"` // table name + RefID string `json:"refId"` // id of row in table / blank when scope=table + Created time.Time `json:"created"` } +// WhoType tell us if permission record represents user or group +type WhoType string + +const ( + // GroupPermission means permission is assigned to a group + GroupPermission WhoType = "role" + + // UserPermission means permission is assigned to a user + UserPermission WhoType = "user" +) + +// LocationType tells us the entity being permissioned +type LocationType string + +const ( + // LocationSpace means space is being permissioned + LocationSpace LocationType = "space" + + // LocationCategory means category is being permissioned + LocationCategory LocationType = "category" + + // LocationDocument means document is being permissioned + LocationDocument LocationType = "document" +) + +// ScopeType details at what level data is being protected, e.g. table, row +type ScopeType string + +const ( + // ScopeRow identifies row in table is being protected + ScopeRow ScopeType = "object" +) + // Action details type of action type Action string diff --git a/model/permission/document.go b/model/permission/document.go index 2083bca2..c49ee93e 100644 --- a/model/permission/document.go +++ b/model/permission/document.go @@ -67,12 +67,12 @@ func HasAnyDocumentPermission(p DocumentRecord) bool { func EncodeDocumentRecord(r DocumentRecord, a Action) (p Permission) { p = Permission{} p.OrgID = r.OrgID - p.Who = "user" + p.Who = UserPermission p.WhoID = r.UserID - p.Location = "document" + p.Location = LocationDocument p.RefID = r.DocumentID p.Action = a - p.Scope = "object" // default to row level permission + p.Scope = ScopeRow return } diff --git a/model/permission/space.go b/model/permission/space.go index 6d02ef0f..0ec34481 100644 --- a/model/permission/space.go +++ b/model/permission/space.go @@ -118,12 +118,12 @@ func HasAnyPermission(p Record) bool { func EncodeRecord(r Record, a Action) (p Permission) { p = Permission{} p.OrgID = r.OrgID - p.Who = "user" + p.Who = UserPermission p.WhoID = r.UserID - p.Location = "space" + p.Location = LocationSpace p.RefID = r.SpaceID p.Action = a - p.Scope = "object" // default to row level permission + p.Scope = ScopeRow return }