Skip to content
This repository has been archived by the owner on Apr 19, 2023. It is now read-only.

Commit

Permalink
🐛 Use integer IDs, not TWTs, in casbin policy
Browse files Browse the repository at this point in the history
  • Loading branch information
@AnandChowdhary
AnandChowdhary committed Sep 2, 2020
1 parent b3f2f9b commit 294a568
Show file tree
Hide file tree
Showing 2 changed files with 45 additions and 19 deletions.
58 changes: 42 additions & 16 deletions src/_staart/helpers/authorization.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ import { AccessTokenResponse, ApiKeyResponse } from "./jwt";
import { newEnforcer, Model, StringAdapter } from "casbin";
import { prisma } from "./prisma";
import { ScopesUser, ScopesGroup, ScopesAdmin } from "../../config";
import { readFileSync } from "fs-extra";
import { twtToId } from "./utils";
import { join } from "path";

/**
Expand Down Expand Up @@ -49,44 +49,70 @@ export const BaseScopesAdmin = {
const getPolicyForUser = async (userId: number) => {
let policy = "";
Object.values(ScopesUser).forEach((scope) => {
policy += `p, user-${userId}, user-${userId}, ${Acts.READ}${scope}\n`;
policy += `p, user-${userId}, user-${userId}, ${Acts.WRITE}${scope}\n`;
policy += `p, user-${twtToId(userId)}, user-${twtToId(userId)}, ${
Acts.READ
}${scope}\n`;
policy += `p, user-${twtToId(userId)}, user-${twtToId(userId)}, ${
Acts.WRITE
}${scope}\n`;
});
policy += `p, user-${userId}, user-${userId}, ${Acts.DELETE}\n`;
policy += `p, user-${twtToId(userId)}, user-${twtToId(userId)}, ${
Acts.DELETE
}\n`;
const memberships = await prisma.memberships.findMany({
where: { userId },
});
for await (const membership of memberships) {
policy += `p, user-${userId}, membership-${membership.id}, ${Acts.READ}\n`;
policy += `p, user-${userId}, membership-${membership.id}, ${Acts.WRITE}\n`;
policy += `p, user-${userId}, membership-${membership.id}, ${Acts.DELETE}\n`;
policy += `p, user-${twtToId(userId)}, membership-${twtToId(
membership.id
)}, ${Acts.READ}\n`;
policy += `p, user-${twtToId(userId)}, membership-${twtToId(
membership.id
)}, ${Acts.WRITE}\n`;
policy += `p, user-${twtToId(userId)}, membership-${twtToId(
membership.id
)}, ${Acts.DELETE}\n`;
if (membership.role === "ADMIN" || membership.role === "OWNER") {
const groupMemberships = await prisma.memberships.findMany({
where: { groupId: membership.groupId },
});
policy += `p, user-${userId}, group-${membership.groupId}, ${Acts.DELETE}\n`;
policy += `p, user-${twtToId(userId)}, group-${twtToId(
membership.groupId
)}, ${Acts.DELETE}\n`;
groupMemberships.forEach((groupMembership) => {
policy += `p, user-${userId}, membership-${groupMembership.id}, ${Acts.READ}\n`;
policy += `p, user-${twtToId(userId)}, membership-${twtToId(
groupMembership.id
)}, ${Acts.READ}\n`;
if (groupMembership.role !== "OWNER") {
policy += `p, user-${userId}, membership-${groupMembership.id}, ${Acts.WRITE}\n`;
policy += `p, user-${userId}, membership-${groupMembership.id}, ${Acts.DELETE}\n`;
policy += `p, user-${twtToId(userId)}, membership-${twtToId(
groupMembership.id
)}, ${Acts.WRITE}\n`;
policy += `p, user-${twtToId(userId)}, membership-${twtToId(
groupMembership.id
)}, ${Acts.DELETE}\n`;
}
});
}
Object.values(ScopesGroup).forEach((scope) => {
if (membership.role === "ADMIN" || membership.role === "OWNER") {
policy += `p, user-${userId}, group-${membership.groupId}, ${Acts.READ}${scope}\n`;
policy += `p, user-${userId}, group-${membership.groupId}, ${Acts.WRITE}${scope}\n`;
policy += `p, user-${twtToId(userId)}, group-${twtToId(
membership.groupId
)}, ${Acts.READ}${scope}\n`;
policy += `p, user-${twtToId(userId)}, group-${twtToId(
membership.groupId
)}, ${Acts.WRITE}${scope}\n`;
} else {
policy += `p, user-${userId}, group-${membership.groupId}, ${Acts.READ}${scope}\n`;
policy += `p, user-${twtToId(userId)}, group-${twtToId(
membership.groupId
)}, ${Acts.READ}${scope}\n`;
}
});
}
const userDetails = await getUserById(userId);
if (userDetails.role === "SUDO") {
Object.values(ScopesAdmin).forEach((scope) => {
policy += `p, user-${userId}, ${Acts.READ}, ${scope}\n`;
policy += `p, user-${userId}, ${Acts.WRITE}, ${scope}\n`;
policy += `p, user-${twtToId(userId)}, ${Acts.READ}, ${scope}\n`;
policy += `p, user-${twtToId(userId)}, ${Acts.WRITE}, ${scope}\n`;
});
}
console.log(policy);
Expand Down
6 changes: 3 additions & 3 deletions src/_staart/helpers/utils.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,11 +14,11 @@ import { ApiKeyResponse } from "./jwt";
*/
export type PartialBy<T, K extends keyof T> = Omit<T, K> & Partial<Pick<T, K>>;

export const twtToId = (twt: string, userId?: string) => {
if (twt.length < 10 && twt !== "me") return parseInt(twt);
export const twtToId = (twt: string | number, userId?: string) => {
if (String(twt).length < 10 && twt !== "me") return parseInt(String(twt));
return twt === "me" && userId
? parseInt(verify(userId, config("twtSecret"), 10), 10)
: parseInt(verify(twt, config("twtSecret"), 10), 10);
: parseInt(verify(String(twt), config("twtSecret"), 10), 10);
};

/**
Expand Down

0 comments on commit 294a568

Please sign in to comment.