-
Notifications
You must be signed in to change notification settings - Fork 3
Add permissions for roles #88
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
Change: Add permissions for language to default roles | ||
|
||
ocis-settings has default roles and exposes the respective bundle uuids. We now added | ||
permissions for reading/writing the preferred language to the default roles. | ||
|
||
https://github.com/owncloud/ocis-accounts/pull/88 |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -6,6 +6,7 @@ import ( | |
mclient "github.com/micro/go-micro/v2/client" | ||
olog "github.com/owncloud/ocis-pkg/v2/log" | ||
settings "github.com/owncloud/ocis-settings/pkg/proto/v0" | ||
ssvc "github.com/owncloud/ocis-settings/pkg/service/v0" | ||
) | ||
|
||
const ( | ||
|
@@ -30,6 +31,17 @@ func RegisterSettingsBundles(l *olog.Logger) { | |
l.Info().Str("bundle", res.Bundle.Id).Msg("Successfully registered bundle") | ||
} | ||
} | ||
|
||
permissionRequests := generateProfilePermissionsRequests() | ||
for i := range permissionRequests { | ||
res, err := service.AddSettingToBundle(context.Background(), &permissionRequests[i]) | ||
bundleID := permissionRequests[i].BundleId | ||
if err != nil { | ||
l.Err(err).Str("bundle", bundleID).Str("setting", permissionRequests[i].Setting.Id).Msg("Error adding setting to bundle") | ||
} else { | ||
l.Info().Str("bundle", bundleID).Str("setting", res.Setting.Id).Msg("Successfully added setting to bundle") | ||
} | ||
} | ||
} | ||
|
||
var languageSetting = settings.Setting_SingleChoiceValue{ | ||
|
@@ -121,3 +133,136 @@ func generateBundleProfileRequest() settings.SaveBundleRequest { | |
}, | ||
} | ||
} | ||
|
||
func generateProfilePermissionsRequests() []settings.AddSettingToBundleRequest { | ||
// TODO: we don't want to set up permissions for settings manually in the future. Instead each setting should come with | ||
// a set of default permissions for the default roles (guest, user, admin). | ||
return []settings.AddSettingToBundleRequest{ | ||
{ | ||
BundleId: ssvc.BundleUUIDRoleAdmin, | ||
Setting: &settings.Setting{ | ||
Id: "7d81f103-0488-4853-bce5-98dcce36d649", | ||
Name: "language-create", | ||
DisplayName: "Permission to set the language", | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. do we have a way to translate those display names yet ? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Not in the services. The displayname is shown in the UI and transifex is used on it, but since this is dynamically rendered, I'm sure that transifex is not able to pick those strings, yet. Needs investigation or some help from the transifex gods. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. |
||
Resource: &settings.Resource{ | ||
Type: settings.Resource_TYPE_SETTING, | ||
Id: settingUUIDProfileLanguage, | ||
}, | ||
Value: &settings.Setting_PermissionValue{ | ||
PermissionValue: &settings.Permission{ | ||
Operation: settings.Permission_OPERATION_CREATE, | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. so setting the language is an act of creation ? 🤔 There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We have CREATE and UPDATE as separate operations. There are permissions for both. CREATE on first request, UPDATE on subsequent requests. The operation is one of the two things I wanted to discuss with Jörn, both Alex and myself were not too happy with it so far... but still, this reflects our current iteration. 🤷♂️ There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. |
||
Constraint: settings.Permission_CONSTRAINT_OWN, | ||
}, | ||
}, | ||
}, | ||
}, | ||
{ | ||
BundleId: ssvc.BundleUUIDRoleAdmin, | ||
Setting: &settings.Setting{ | ||
Id: "04ef2fd3-e724-48f6-a411-129dd461c820", | ||
Name: "language-read", | ||
DisplayName: "Permission to read the language", | ||
Resource: &settings.Resource{ | ||
Type: settings.Resource_TYPE_SETTING, | ||
Id: settingUUIDProfileLanguage, | ||
}, | ||
Value: &settings.Setting_PermissionValue{ | ||
PermissionValue: &settings.Permission{ | ||
Operation: settings.Permission_OPERATION_READ, | ||
Constraint: settings.Permission_CONSTRAINT_OWN, | ||
}, | ||
}, | ||
}, | ||
}, | ||
{ | ||
BundleId: ssvc.BundleUUIDRoleAdmin, | ||
Setting: &settings.Setting{ | ||
Id: "30ac1e63-10e2-4ef8-bf0a-941cd5b56c5c", | ||
Name: "language-update", | ||
DisplayName: "Permission to update the language", | ||
Resource: &settings.Resource{ | ||
Type: settings.Resource_TYPE_SETTING, | ||
Id: settingUUIDProfileLanguage, | ||
}, | ||
Value: &settings.Setting_PermissionValue{ | ||
PermissionValue: &settings.Permission{ | ||
Operation: settings.Permission_OPERATION_UPDATE, | ||
Constraint: settings.Permission_CONSTRAINT_OWN, | ||
}, | ||
}, | ||
}, | ||
}, | ||
{ | ||
BundleId: ssvc.BundleUUIDRoleUser, | ||
Setting: &settings.Setting{ | ||
Id: "640e00d2-4df8-41bd-b1c2-9f30a01e0e99", | ||
Name: "language-create", | ||
DisplayName: "Permission to set the language", | ||
Resource: &settings.Resource{ | ||
Type: settings.Resource_TYPE_SETTING, | ||
Id: settingUUIDProfileLanguage, | ||
}, | ||
Value: &settings.Setting_PermissionValue{ | ||
PermissionValue: &settings.Permission{ | ||
Operation: settings.Permission_OPERATION_CREATE, | ||
Constraint: settings.Permission_CONSTRAINT_OWN, | ||
}, | ||
}, | ||
}, | ||
}, | ||
{ | ||
BundleId: ssvc.BundleUUIDRoleUser, | ||
Setting: &settings.Setting{ | ||
Id: "dcaeb961-da25-46f2-9892-731603a20d3b", | ||
Name: "language-read", | ||
DisplayName: "Permission to read the language", | ||
Resource: &settings.Resource{ | ||
Type: settings.Resource_TYPE_SETTING, | ||
Id: settingUUIDProfileLanguage, | ||
}, | ||
Value: &settings.Setting_PermissionValue{ | ||
PermissionValue: &settings.Permission{ | ||
Operation: settings.Permission_OPERATION_READ, | ||
Constraint: settings.Permission_CONSTRAINT_OWN, | ||
}, | ||
}, | ||
}, | ||
}, | ||
{ | ||
BundleId: ssvc.BundleUUIDRoleUser, | ||
Setting: &settings.Setting{ | ||
Id: "e43f364c-ffa5-4080-9621-0d186632a169", | ||
Name: "language-update", | ||
DisplayName: "Permission to update the language", | ||
Resource: &settings.Resource{ | ||
Type: settings.Resource_TYPE_SETTING, | ||
Id: settingUUIDProfileLanguage, | ||
}, | ||
Value: &settings.Setting_PermissionValue{ | ||
PermissionValue: &settings.Permission{ | ||
Operation: settings.Permission_OPERATION_UPDATE, | ||
Constraint: settings.Permission_CONSTRAINT_OWN, | ||
}, | ||
}, | ||
}, | ||
}, | ||
{ | ||
BundleId: ssvc.BundleUUIDRoleGuest, | ||
Setting: &settings.Setting{ | ||
Id: "ca878636-8b1a-4fae-8282-8617a4c13597", | ||
Name: "language-read", | ||
DisplayName: "Permission to read the language", | ||
Resource: &settings.Resource{ | ||
Type: settings.Resource_TYPE_SETTING, | ||
Id: settingUUIDProfileLanguage, | ||
}, | ||
Value: &settings.Setting_PermissionValue{ | ||
PermissionValue: &settings.Permission{ | ||
Operation: settings.Permission_OPERATION_READ, | ||
Constraint: settings.Permission_CONSTRAINT_OWN, | ||
}, | ||
}, | ||
}, | ||
}, | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
make that
Debug
? otherwise the logs will get boring quickly... unless this is happening only once at the start of the service, in which case it's okThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Only happens once on service start.