New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(api): implement permissions system #927
base: master
Are you sure you want to change the base?
Conversation
3a0512c
to
33e9336
Compare
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #927 +/- ##
===========================================
+ Coverage 57.34% 70.00% +12.65%
===========================================
Files 196 100 -96
Lines 15607 11200 -4407
Branches 533 533
===========================================
- Hits 8950 7840 -1110
+ Misses 6408 3360 -3048
+ Partials 249 0 -249
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think there's a problem with the database_models
in database.go, see comment.
api/database/database.go
Outdated
@@ -153,8 +154,13 @@ func SetupDatabase() (*gorm.DB, error) { | |||
return db, nil | |||
} | |||
|
|||
var database_models []interface{} = []interface{}{ | |||
var database_models_1 []interface{} = []interface{}{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the tests don't work since you make two database models and try to migrate them both. Why did you add a database_models_1
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@viktorstrate the reason for this was due to some query size constraints atleast within mysql. I was going to investigate further to find a better solution. I will take a further look st this and hope its the cause I'd the failures
) | ||
|
||
// MigrateForPermissions Migrates new permissions into the system and upgrades system roles according to the new permissions. | ||
func MigrateForPermissions(db *gorm.DB) error { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should test this migration thoroughly before releasing, since it is a little more involved.
Just to make sure a lot of users databases doesn't get corrupted.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fully agree on this one, I've tested the scenarios I can think of albeit on a small dataset and only a few user's. These are as below.
- Migrating from an old version of photoview with various admin users, normal user & demo user
- Addition of a new permission
- Addition of an existing permission to a system user group doesn't add to the user group
- Addition of a new permission to a system user group automatically adds to the user group
admin: Boolean | ||
): User! @isAdmin | ||
roleId: ID | ||
admin: Boolean @deprecated(reason: "The roles system replaces the old admin boolean.") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I really like that you deprecated the old method. Then when we want to make a 3.0 release at some point, we can refactor out all the deprecations.
@@ -1,9 +1,16 @@ | |||
directive @isAuthorized on FIELD_DEFINITION | |||
directive @isAdmin on FIELD_DEFINITION | |||
directive @hasPermission(permission: Permission!) on FIELD_DEFINITION |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Having a @hasPermission
directive is awesome :)
Just an update for anyone interested on this. First of all I'll need some user's to test migrations if anyone see's this and is interested ping me a message on discord. I've not had much time to look at this as I had hoped but finally managed to get a look this afternoon at some of the test faliures and it's not mostly working. below is what's left/what I've changed since last pushing
I'm hoping I'll be able to finish this off during the week depending on how much dev time I get but I won't promise that just yet. |
0a091ee
to
ca1b1e3
Compare
@@ -104,7 +127,8 @@ type Query { | |||
type Mutation { | |||
"Authorizes a user and returns a token used to identify the new session" | |||
authorizeUser(username: String!, password: String!): AuthorizeResult! | |||
|
|||
createRole(role: NewRoleInput): Role! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Missing permission derectives on these 2 mutations
- Need to implement a delete mutation
NOTE: a few tests are not transactional due to concurent transactions this is the scanner tests.
ca1b1e3
to
2d30ece
Compare
items.push({ label: 'Loading...', value: '' }) | ||
} else { | ||
if (!data?.roles.find(role => role.id === props.selected)) { | ||
items.push({ label: 'Please Select', value: '' }) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Missing translation
No description provided.