feat: rbac

Peppermint-Lab · Nov 13, 2024 · 28a15ab · 28a15ab
1 parent a567edb
commit 28a15ab
Show file tree

Hide file tree

Showing 15 changed files with 1,125 additions and 646 deletions.
diff --git a/apps/api/src/controllers/data.ts b/apps/api/src/controllers/data.ts
@@ -1,11 +1,14 @@
 import { FastifyInstance, FastifyReply, FastifyRequest } from "fastify";
+import { requirePermission } from "../lib/roles";
 import { prisma } from "../prisma";
 
 export function dataRoutes(fastify: FastifyInstance) {
   // Get total count of all tickets
   fastify.get(
     "/api/v1/data/tickets/all",
-
+    {
+      preHandler: requirePermission(["issue::read"]),
+    },
     async (request: FastifyRequest, reply: FastifyReply) => {
       const result = await prisma.ticket.count({
         where: { hidden: false },
@@ -18,7 +21,9 @@ export function dataRoutes(fastify: FastifyInstance) {
   // Get total count of all completed tickets
   fastify.get(
     "/api/v1/data/tickets/completed",
-
+    {
+      preHandler: requirePermission(["issue::read"]),
+    },
     async (request: FastifyRequest, reply: FastifyReply) => {
       const result = await prisma.ticket.count({
         where: { isComplete: true, hidden: false },
@@ -31,7 +36,9 @@ export function dataRoutes(fastify: FastifyInstance) {
   // Get total count of all open tickets
   fastify.get(
     "/api/v1/data/tickets/open",
-
+    {
+      preHandler: requirePermission(["issue::read"]),
+    },
     async (request: FastifyRequest, reply: FastifyReply) => {
       const result = await prisma.ticket.count({
         where: { isComplete: false, hidden: false },
@@ -44,7 +51,9 @@ export function dataRoutes(fastify: FastifyInstance) {
   // Get total of all unsassigned tickets
   fastify.get(
     "/api/v1/data/tickets/unassigned",
-
+    {
+      preHandler: requirePermission(["issue::read"]),
+    },
     async (request: FastifyRequest, reply: FastifyReply) => {
       const result = await prisma.ticket.count({
         where: { userId: null, hidden: false, isComplete: false },

diff --git a/apps/api/src/controllers/notebook.ts b/apps/api/src/controllers/notebook.ts
@@ -1,5 +1,6 @@
 import { FastifyInstance, FastifyReply, FastifyRequest } from "fastify";
 import { track } from "../lib/hog";
+import { requirePermission } from "../lib/roles";
 import { checkSession } from "../lib/session";
 import { prisma } from "../prisma";
 
@@ -19,7 +20,9 @@ export function notebookRoutes(fastify: FastifyInstance) {
   // Create a new entry
   fastify.post(
     "/api/v1/notebook/note/create",
-
+    {
+      preHandler: requirePermission(["document::create"]),
+    },
     async (request: FastifyRequest, reply: FastifyReply) => {
       const { content, title }: any = request.body;
       const user = await checkSession(request);
@@ -43,7 +46,9 @@ export function notebookRoutes(fastify: FastifyInstance) {
   // Get all entries
   fastify.get(
     "/api/v1/notebooks/all",
-
+    {
+      preHandler: requirePermission(["document::read"]),
+    },
     async (request: FastifyRequest, reply: FastifyReply) => {
       const user = await checkSession(request);
 
@@ -58,7 +63,9 @@ export function notebookRoutes(fastify: FastifyInstance) {
   // Get a single entry
   fastify.get(
     "/api/v1/notebooks/note/:id",
-
+    {
+      preHandler: requirePermission(["document::read"]),
+    },
     async (request: FastifyRequest, reply: FastifyReply) => {
       const user = await checkSession(request);
 
@@ -75,14 +82,17 @@ export function notebookRoutes(fastify: FastifyInstance) {
   // Delete an entry
   fastify.delete(
     "/api/v1/notebooks/note/:id",
+    {
+      preHandler: requirePermission(["document::delete"]),
+    },
     async (request: FastifyRequest, reply: FastifyReply) => {
       const user = await checkSession(request);
       const { id }: any = request.params;
 
       await prisma.notes.delete({
-        where: { 
+        where: {
           id: id,
-          userId: user!.id 
+          userId: user!.id,
         },
       });
 
@@ -95,15 +105,18 @@ export function notebookRoutes(fastify: FastifyInstance) {
   // Update an entry
   fastify.put(
     "/api/v1/notebooks/note/:id/update",
+    {
+      preHandler: requirePermission(["document::update"]),
+    },
     async (request: FastifyRequest, reply: FastifyReply) => {
       const user = await checkSession(request);
       const { id }: any = request.params;
       const { content, title }: any = request.body;
 
       await prisma.notes.update({
-        where: { 
+        where: {
           id: id,
-          userId: user!.id 
+          userId: user!.id,
         },
         data: {
           title: title,

diff --git a/apps/api/src/controllers/roles.ts b/apps/api/src/controllers/roles.ts
@@ -98,7 +98,7 @@ export function roleRoutes(fastify: FastifyInstance) {
     },
     async (request: FastifyRequest, reply: FastifyReply) => {
       const { id }: any = request.params;
-      const { name, description, permissions, isDefault }: any = request.body;
+      const { name, description, permissions, isDefault, users }: any = request.body;
 
       try {
         const updatedRole = await prisma.role.update({
@@ -109,6 +109,9 @@ export function roleRoutes(fastify: FastifyInstance) {
             permissions,
             isDefault,
             updatedAt: new Date(),
+            users: {
+              set: Array.isArray(users) ? users.map(userId => ({ id: userId })) : [{ id: users }], // Ensure users is an array of objects with unique IDs when updating
+            },
           },
         });
 
@@ -156,7 +159,7 @@ export function roleRoutes(fastify: FastifyInstance) {
   fastify.post(
     "/api/v1/role/assign",
     {
-    //   preHandler: requirePermission(['role::assign']),
+      preHandler: requirePermission(['role::update']),
     },
     async (request: FastifyRequest, reply: FastifyReply) => {
       const { userId, roleId }: any = request.body;