From 840fcee93d3d40a1a2d600d8ffd7041c3bac0ceb Mon Sep 17 00:00:00 2001 From: Matthieu Bessat Date: Fri, 29 Nov 2024 17:32:42 +0100 Subject: [PATCH] WIP: user groups --- TODO.md | 8 +++++++- config.toml | 19 +++++++++++++++++++ docs/draft.md | 25 +++++++++++++++++++++++++ src/controllers/ui/register.rs | 4 ++-- src/models/config.rs | 19 ++++++++++++++++++- 5 files changed, 71 insertions(+), 4 deletions(-) diff --git a/TODO.md b/TODO.md index b293fd5..fb12409 100644 --- a/TODO.md +++ b/TODO.md @@ -37,7 +37,7 @@ - [x] UserWebGUI: activate account with token -- [ ] feat(perms): add groups and roles +- [x] feat: add groups and roles models - [ ] UserWebGUI: add TOTP - [ ] send emails to users @@ -48,3 +48,9 @@ - [ ] AdminWebGUI: List users - [ ] AdminWebGUI: Assign groups to users - [ ] AdminWebGUI: Create invitation + +# Minimal flow + +- [ ] Invite user from command line bash script that will edit sqlite +- [ ] Activation UI +- [ ] Send email diff --git a/config.toml b/config.toml index 2b97bd9..fc3d532 100644 --- a/config.toml +++ b/config.toml @@ -48,9 +48,28 @@ slug = "basic" name = "Basic" description = "Basic user" default = true +permissions = [] [[roles]] slug = "admin" name = "Administrator" description = "Full power on organization instance" +permissions = [ + "InviteUser", # creation of user + "ListUsers", + "EnableUser", + "DisableUser", + "AssignUserGroups" +] +# [[groups]] +# slug = "ca_member" +# name = "G1" +# description = "Lorem ipsum" +# roles = [] + +# [[groups]] +# slug = "bureau" +# name = "G2" +# description = "Lorem ipseum" +# roles = ["admin"] diff --git a/docs/draft.md b/docs/draft.md index aa65361..01e7f1a 100644 --- a/docs/draft.md +++ b/docs/draft.md @@ -3,3 +3,28 @@ https://datatracker.ietf.org/doc/html/rfc6749 https://stackoverflow.com/questions/79118231/how-to-access-the-axum-request-path-in-a-minijinja-template + +# Need for groups and roles + +There is two kinds of role + +- Role that will be used interllay to the tapp +- Roles that will be used exteranlly on oauth2 clients. + +- For now we only have roles and not groups + +## Groups feature + +Group will be later used to combine multiple roles. + +# [[groups]] +# slug = "ca_member" +# name = "G1" +# description = "Lorem ipsum" +# roles = [] + +# [[groups]] +# slug = "bureau" +# name = "G2" +# description = "Lorem ipseum" +# roles = ["admin"] diff --git a/src/controllers/ui/register.rs b/src/controllers/ui/register.rs index 28ba1db..ab82f5f 100644 --- a/src/controllers/ui/register.rs +++ b/src/controllers/ui/register.rs @@ -47,7 +47,7 @@ pub async fn perform_register( password_hash, status: UserStatus::Active, - roles: Json(Vec::new()), // take the default role in the config + roles: Json(Vec::new()), activation_token: None, created_at: Utc::now(), website: None, @@ -93,7 +93,7 @@ pub async fn perform_register( StatusCode::OK, "pages/register", context!( - success => true + success => true ) ) } diff --git a/src/models/config.rs b/src/models/config.rs index a9512b0..88937c4 100644 --- a/src/models/config.rs +++ b/src/models/config.rs @@ -1,3 +1,5 @@ +use std::collections::HashSet; + use fully_pub::fully_pub; use serde::{Deserialize, Serialize}; @@ -48,6 +50,20 @@ struct Application { login_uri: String } + +#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Hash, Eq)] +#[fully_pub] +enum Permission { + ListUsers, + DisableUser, + EnableUser, + VerifyEmail, + InviteUser, + DeleteUser, + ResetUserPassword, + AssignUserGroups +} + #[derive(Debug, Clone, Serialize, Deserialize)] #[fully_pub] struct Role { @@ -55,7 +71,8 @@ struct Role { name: String, description: Option, #[serde(default = "_default_true")] - default: bool + default: bool, + permissions: HashSet } // todo: Role hierarchy https://en.wikipedia.org/wiki/Role_hierarchy