WIP: user groups
This commit is contained in:
parent
69af48bb62
commit
840fcee93d
5 changed files with 71 additions and 4 deletions
8
TODO.md
8
TODO.md
|
@ -37,7 +37,7 @@
|
|||
|
||||
- [x] UserWebGUI: activate account with token
|
||||
|
||||
- [ ] feat(perms): add groups and roles
|
||||
- [x] feat: add groups and roles models
|
||||
|
||||
- [ ] UserWebGUI: add TOTP
|
||||
- [ ] send emails to users
|
||||
|
@ -48,3 +48,9 @@
|
|||
- [ ] AdminWebGUI: List users
|
||||
- [ ] AdminWebGUI: Assign groups to users
|
||||
- [ ] AdminWebGUI: Create invitation
|
||||
|
||||
# Minimal flow
|
||||
|
||||
- [ ] Invite user from command line bash script that will edit sqlite
|
||||
- [ ] Activation UI
|
||||
- [ ] Send email
|
||||
|
|
19
config.toml
19
config.toml
|
@ -48,9 +48,28 @@ slug = "basic"
|
|||
name = "Basic"
|
||||
description = "Basic user"
|
||||
default = true
|
||||
permissions = []
|
||||
|
||||
[[roles]]
|
||||
slug = "admin"
|
||||
name = "Administrator"
|
||||
description = "Full power on organization instance"
|
||||
permissions = [
|
||||
"InviteUser", # creation of user
|
||||
"ListUsers",
|
||||
"EnableUser",
|
||||
"DisableUser",
|
||||
"AssignUserGroups"
|
||||
]
|
||||
|
||||
# [[groups]]
|
||||
# slug = "ca_member"
|
||||
# name = "G1"
|
||||
# description = "Lorem ipsum"
|
||||
# roles = []
|
||||
|
||||
# [[groups]]
|
||||
# slug = "bureau"
|
||||
# name = "G2"
|
||||
# description = "Lorem ipseum"
|
||||
# roles = ["admin"]
|
||||
|
|
|
@ -3,3 +3,28 @@
|
|||
https://datatracker.ietf.org/doc/html/rfc6749
|
||||
|
||||
https://stackoverflow.com/questions/79118231/how-to-access-the-axum-request-path-in-a-minijinja-template
|
||||
|
||||
# Need for groups and roles
|
||||
|
||||
There is two kinds of role
|
||||
|
||||
- Role that will be used interllay to the tapp
|
||||
- Roles that will be used exteranlly on oauth2 clients.
|
||||
|
||||
- For now we only have roles and not groups
|
||||
|
||||
## Groups feature
|
||||
|
||||
Group will be later used to combine multiple roles.
|
||||
|
||||
# [[groups]]
|
||||
# slug = "ca_member"
|
||||
# name = "G1"
|
||||
# description = "Lorem ipsum"
|
||||
# roles = []
|
||||
|
||||
# [[groups]]
|
||||
# slug = "bureau"
|
||||
# name = "G2"
|
||||
# description = "Lorem ipseum"
|
||||
# roles = ["admin"]
|
||||
|
|
|
@ -47,7 +47,7 @@ pub async fn perform_register(
|
|||
|
||||
password_hash,
|
||||
status: UserStatus::Active,
|
||||
roles: Json(Vec::new()), // take the default role in the config
|
||||
roles: Json(Vec::new()),
|
||||
activation_token: None,
|
||||
created_at: Utc::now(),
|
||||
website: None,
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
use std::collections::HashSet;
|
||||
|
||||
use fully_pub::fully_pub;
|
||||
use serde::{Deserialize, Serialize};
|
||||
|
||||
|
@ -48,6 +50,20 @@ struct Application {
|
|||
login_uri: String
|
||||
}
|
||||
|
||||
|
||||
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Hash, Eq)]
|
||||
#[fully_pub]
|
||||
enum Permission {
|
||||
ListUsers,
|
||||
DisableUser,
|
||||
EnableUser,
|
||||
VerifyEmail,
|
||||
InviteUser,
|
||||
DeleteUser,
|
||||
ResetUserPassword,
|
||||
AssignUserGroups
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone, Serialize, Deserialize)]
|
||||
#[fully_pub]
|
||||
struct Role {
|
||||
|
@ -55,7 +71,8 @@ struct Role {
|
|||
name: String,
|
||||
description: Option<String>,
|
||||
#[serde(default = "_default_true")]
|
||||
default: bool
|
||||
default: bool,
|
||||
permissions: HashSet<Permission>
|
||||
}
|
||||
|
||||
// todo: Role hierarchy https://en.wikipedia.org/wiki/Role_hierarchy
|
||||
|
|
Loading…
Reference in a new issue