added rbac usage to readme and fixed 'server.see-label' permission (#32)

* fixed 'server.see-label' permission * added rbac usage to readme
hiqdev · May 25, 2020 · abc9a38 · abc9a38
1 parent b6c7fa9
commit abc9a38
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -35,6 +35,16 @@ or add
 
 to the require section of your composer.json.
 
+## Usage
+
+To add a role or permission you need to write it to `src/files/tree.php`.
+After adding roles you have to generate description to it by command:
+
+    ./vendor/bin/hidev rbac/reinit
+
+After these actions all rules are saved, and you need to check it by unit tests.
+Run `./vendor/bin/phpunit` and correct `CheckAccessTrait` to fix errors.
+
 ## License
 
 This project is released under the terms of the BSD-3-Clause [license](LICENSE).

diff --git a/src/files/items.php b/src/files/items.php
@@ -94,6 +94,7 @@
             'server.set-label',
             'consumption.read',
             'server.manage-settings',
+            'server.see-label',
         ],
     ],
     'role:server.manager' => [
@@ -106,6 +107,7 @@
             'server.pay',
             'server.sell',
             'server.set-label',
+            'server.see-label',
         ],
     ],
     'role:hub.user' => [
@@ -1169,6 +1171,14 @@
         'type' => 2,
         'description' => 'Prohibits manage-settings operation on the server',
     ],
+    'server.see-label' => [
+        'type' => 2,
+        'description' => 'Allows see-label operation on the server',
+    ],
+    'deny:server.see-label' => [
+        'type' => 2,
+        'description' => 'Prohibits see-label operation on the server',
+    ],
     'server.enable-block' => [
         'type' => 2,
         'description' => 'Allows enable-block operation on the server',

diff --git a/src/files/source/metadata.php b/src/files/source/metadata.php
@@ -1435,4 +1435,10 @@
     'zone.update' => [
         'description' => 'Allows updating of the zone',
     ],
-];
+    'deny:server.see-label' => [
+        'description' => 'Prohibits see-label operation on the server',
+    ],
+    'server.see-label' => [
+        'description' => 'Allows see-label operation on the server',
+    ],
+];
diff --git a/tests/unit/CheckAccessTrait.php b/tests/unit/CheckAccessTrait.php
@@ -171,7 +171,7 @@ public function testAccounter()
             'dns.create', 'dns.read', 'dns.update', 'dns.delete',
             'certificate.read', 'certificate.create', 'certificate.update', 'certificate.delete', 'certificate.pay', 'certificate.push',
             'contact.read', 'contact.create', 'contact.update', 'contact.delete', 'contact.force-verify',
-            'server.read', 'server.pay', 'server.sell', 'server.control-power', 'server.control-system', 'server.enable-block', 'server.disable-block', 'server.set-label', 'server.set-note',
+            'server.read', 'server.pay', 'server.sell', 'server.control-power', 'server.control-system', 'server.enable-block', 'server.disable-block', 'server.set-label', 'server.set-note', 'server.see-label',
             'consumption.read', 'consumption.update', 'consumption.delete',
             'document.read', 'document.create', 'document.update', 'document.delete',
             'document.generate', 'document.acceptance', 'document.invoice',
@@ -309,7 +309,7 @@ public function testMighty()
 
             'purse.update',
 
-            'server.enable-block', 'server.disable-block', 'server.set-label', 'server.set-note',
+            'server.enable-block', 'server.disable-block', 'server.set-label', 'server.set-note', 'server.see-label',
             'hub.read', 'hub.create', 'hub.update', 'hub.delete',
             'config.read', 'config.create', 'config.update', 'config.delete',
             'consumption.read', 'consumption.update', 'consumption.delete',