WIP: user groups
This commit is contained in:
parent
69af48bb62
commit
840fcee93d
5 changed files with 71 additions and 4 deletions
8
TODO.md
8
TODO.md
|
@ -37,7 +37,7 @@
|
||||||
|
|
||||||
- [x] UserWebGUI: activate account with token
|
- [x] UserWebGUI: activate account with token
|
||||||
|
|
||||||
- [ ] feat(perms): add groups and roles
|
- [x] feat: add groups and roles models
|
||||||
|
|
||||||
- [ ] UserWebGUI: add TOTP
|
- [ ] UserWebGUI: add TOTP
|
||||||
- [ ] send emails to users
|
- [ ] send emails to users
|
||||||
|
@ -48,3 +48,9 @@
|
||||||
- [ ] AdminWebGUI: List users
|
- [ ] AdminWebGUI: List users
|
||||||
- [ ] AdminWebGUI: Assign groups to users
|
- [ ] AdminWebGUI: Assign groups to users
|
||||||
- [ ] AdminWebGUI: Create invitation
|
- [ ] AdminWebGUI: Create invitation
|
||||||
|
|
||||||
|
# Minimal flow
|
||||||
|
|
||||||
|
- [ ] Invite user from command line bash script that will edit sqlite
|
||||||
|
- [ ] Activation UI
|
||||||
|
- [ ] Send email
|
||||||
|
|
19
config.toml
19
config.toml
|
@ -48,9 +48,28 @@ slug = "basic"
|
||||||
name = "Basic"
|
name = "Basic"
|
||||||
description = "Basic user"
|
description = "Basic user"
|
||||||
default = true
|
default = true
|
||||||
|
permissions = []
|
||||||
|
|
||||||
[[roles]]
|
[[roles]]
|
||||||
slug = "admin"
|
slug = "admin"
|
||||||
name = "Administrator"
|
name = "Administrator"
|
||||||
description = "Full power on organization instance"
|
description = "Full power on organization instance"
|
||||||
|
permissions = [
|
||||||
|
"InviteUser", # creation of user
|
||||||
|
"ListUsers",
|
||||||
|
"EnableUser",
|
||||||
|
"DisableUser",
|
||||||
|
"AssignUserGroups"
|
||||||
|
]
|
||||||
|
|
||||||
|
# [[groups]]
|
||||||
|
# slug = "ca_member"
|
||||||
|
# name = "G1"
|
||||||
|
# description = "Lorem ipsum"
|
||||||
|
# roles = []
|
||||||
|
|
||||||
|
# [[groups]]
|
||||||
|
# slug = "bureau"
|
||||||
|
# name = "G2"
|
||||||
|
# description = "Lorem ipseum"
|
||||||
|
# roles = ["admin"]
|
||||||
|
|
|
@ -3,3 +3,28 @@
|
||||||
https://datatracker.ietf.org/doc/html/rfc6749
|
https://datatracker.ietf.org/doc/html/rfc6749
|
||||||
|
|
||||||
https://stackoverflow.com/questions/79118231/how-to-access-the-axum-request-path-in-a-minijinja-template
|
https://stackoverflow.com/questions/79118231/how-to-access-the-axum-request-path-in-a-minijinja-template
|
||||||
|
|
||||||
|
# Need for groups and roles
|
||||||
|
|
||||||
|
There is two kinds of role
|
||||||
|
|
||||||
|
- Role that will be used interllay to the tapp
|
||||||
|
- Roles that will be used exteranlly on oauth2 clients.
|
||||||
|
|
||||||
|
- For now we only have roles and not groups
|
||||||
|
|
||||||
|
## Groups feature
|
||||||
|
|
||||||
|
Group will be later used to combine multiple roles.
|
||||||
|
|
||||||
|
# [[groups]]
|
||||||
|
# slug = "ca_member"
|
||||||
|
# name = "G1"
|
||||||
|
# description = "Lorem ipsum"
|
||||||
|
# roles = []
|
||||||
|
|
||||||
|
# [[groups]]
|
||||||
|
# slug = "bureau"
|
||||||
|
# name = "G2"
|
||||||
|
# description = "Lorem ipseum"
|
||||||
|
# roles = ["admin"]
|
||||||
|
|
|
@ -47,7 +47,7 @@ pub async fn perform_register(
|
||||||
|
|
||||||
password_hash,
|
password_hash,
|
||||||
status: UserStatus::Active,
|
status: UserStatus::Active,
|
||||||
roles: Json(Vec::new()), // take the default role in the config
|
roles: Json(Vec::new()),
|
||||||
activation_token: None,
|
activation_token: None,
|
||||||
created_at: Utc::now(),
|
created_at: Utc::now(),
|
||||||
website: None,
|
website: None,
|
||||||
|
@ -93,7 +93,7 @@ pub async fn perform_register(
|
||||||
StatusCode::OK,
|
StatusCode::OK,
|
||||||
"pages/register",
|
"pages/register",
|
||||||
context!(
|
context!(
|
||||||
success => true
|
success => true
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
|
use std::collections::HashSet;
|
||||||
|
|
||||||
use fully_pub::fully_pub;
|
use fully_pub::fully_pub;
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
|
|
||||||
|
@ -48,6 +50,20 @@ struct Application {
|
||||||
login_uri: String
|
login_uri: String
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Hash, Eq)]
|
||||||
|
#[fully_pub]
|
||||||
|
enum Permission {
|
||||||
|
ListUsers,
|
||||||
|
DisableUser,
|
||||||
|
EnableUser,
|
||||||
|
VerifyEmail,
|
||||||
|
InviteUser,
|
||||||
|
DeleteUser,
|
||||||
|
ResetUserPassword,
|
||||||
|
AssignUserGroups
|
||||||
|
}
|
||||||
|
|
||||||
#[derive(Debug, Clone, Serialize, Deserialize)]
|
#[derive(Debug, Clone, Serialize, Deserialize)]
|
||||||
#[fully_pub]
|
#[fully_pub]
|
||||||
struct Role {
|
struct Role {
|
||||||
|
@ -55,7 +71,8 @@ struct Role {
|
||||||
name: String,
|
name: String,
|
||||||
description: Option<String>,
|
description: Option<String>,
|
||||||
#[serde(default = "_default_true")]
|
#[serde(default = "_default_true")]
|
||||||
default: bool
|
default: bool,
|
||||||
|
permissions: HashSet<Permission>
|
||||||
}
|
}
|
||||||
|
|
||||||
// todo: Role hierarchy https://en.wikipedia.org/wiki/Role_hierarchy
|
// todo: Role hierarchy https://en.wikipedia.org/wiki/Role_hierarchy
|
||||||
|
|
Loading…
Reference in a new issue