Compare commits

...

1 commit

Author SHA1 Message Date
840fcee93d WIP: user groups 2024-11-29 17:32:42 +01:00
5 changed files with 71 additions and 4 deletions

View file

@ -37,7 +37,7 @@
- [x] UserWebGUI: activate account with token
- [ ] feat(perms): add groups and roles
- [x] feat: add groups and roles models
- [ ] UserWebGUI: add TOTP
- [ ] send emails to users
@ -48,3 +48,9 @@
- [ ] AdminWebGUI: List users
- [ ] AdminWebGUI: Assign groups to users
- [ ] AdminWebGUI: Create invitation
# Minimal flow
- [ ] Invite user from command line bash script that will edit sqlite
- [ ] Activation UI
- [ ] Send email

View file

@ -48,9 +48,28 @@ slug = "basic"
name = "Basic"
description = "Basic user"
default = true
permissions = []
[[roles]]
slug = "admin"
name = "Administrator"
description = "Full power on organization instance"
permissions = [
"InviteUser", # creation of user
"ListUsers",
"EnableUser",
"DisableUser",
"AssignUserGroups"
]
# [[groups]]
# slug = "ca_member"
# name = "G1"
# description = "Lorem ipsum"
# roles = []
# [[groups]]
# slug = "bureau"
# name = "G2"
# description = "Lorem ipseum"
# roles = ["admin"]

View file

@ -3,3 +3,28 @@
https://datatracker.ietf.org/doc/html/rfc6749
https://stackoverflow.com/questions/79118231/how-to-access-the-axum-request-path-in-a-minijinja-template
# Need for groups and roles
There is two kinds of role
- Role that will be used interllay to the tapp
- Roles that will be used exteranlly on oauth2 clients.
- For now we only have roles and not groups
## Groups feature
Group will be later used to combine multiple roles.
# [[groups]]
# slug = "ca_member"
# name = "G1"
# description = "Lorem ipsum"
# roles = []
# [[groups]]
# slug = "bureau"
# name = "G2"
# description = "Lorem ipseum"
# roles = ["admin"]

View file

@ -47,7 +47,7 @@ pub async fn perform_register(
password_hash,
status: UserStatus::Active,
roles: Json(Vec::new()), // take the default role in the config
roles: Json(Vec::new()),
activation_token: None,
created_at: Utc::now(),
website: None,
@ -93,7 +93,7 @@ pub async fn perform_register(
StatusCode::OK,
"pages/register",
context!(
success => true
success => true
)
)
}

View file

@ -1,3 +1,5 @@
use std::collections::HashSet;
use fully_pub::fully_pub;
use serde::{Deserialize, Serialize};
@ -48,6 +50,20 @@ struct Application {
login_uri: String
}
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Hash, Eq)]
#[fully_pub]
enum Permission {
ListUsers,
DisableUser,
EnableUser,
VerifyEmail,
InviteUser,
DeleteUser,
ResetUserPassword,
AssignUserGroups
}
#[derive(Debug, Clone, Serialize, Deserialize)]
#[fully_pub]
struct Role {
@ -55,7 +71,8 @@ struct Role {
name: String,
description: Option<String>,
#[serde(default = "_default_true")]
default: bool
default: bool,
permissions: HashSet<Permission>
}
// todo: Role hierarchy https://en.wikipedia.org/wiki/Role_hierarchy