mirror/puter
1
0
Fork 0
mirror of https://github.com/HeyPuter/puter.git synced 2026-01-08 14:10:41 -06:00
Code Issues Packages Projects Releases Wiki Activity

dev: migrate svc_permission check() to scan()

Browse Source
This commit is contained in:
KernelDeimos
2024-07-23 19:24:40 -04:00
committed by Eric Dubé
parent 3b85e4eeba
commit 191be84e32
4 changed files with 16 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/backend/src/om/entitystorage/ProtectedAppES.js
View File

@@ -17,6 +17,7 @@
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
const { AppUnderUserActorType, UserActorType } = require("../../services/auth/Actor");
const { PermissionUtil } = require("../../services/auth/PermissionService");
const { Context } = require("../../util/context");
const { BaseES } = require("./BaseES");
@@ -84,11 +85,12 @@ class ProtectedAppES extends BaseES {
const app_uid = await entity.get('uid');
const svc_permission = services.get('permission');
const permission_to_check = `app:uid#${app_uid}:access`;
const perm = await svc_permission.check(
const reading = await svc_permission.scan(
actor, permission_to_check,
);
const options = PermissionUtil.reading_to_options(reading);
if ( perm ) return;
if ( options.length > 0 ) return;
// `true` here means "do not send downstream"
return true;

5
src/backend/src/routers/auth/check-app.js
View File

@@ -23,6 +23,7 @@ const { NodeUIDSelector, NodePathSelector } = require("../../filesystem/node/sel
const { NodeChildSelector } = require("../../filesystem/node/selectors");
const { get_app } = require("../../helpers");
const { UserActorType, Actor, AppUnderUserActorType } = require("../../services/auth/Actor");
const { PermissionUtil } = require("../../services/auth/PermissionService");
const { Context } = require("../../util/context");
module.exports = eggspress('/auth/check-app', {
@@ -68,7 +69,9 @@ module.exports = eggspress('/auth/check-app', {
}),
});
const authenticated = !! await svc_permission.check(app_actor, 'flag:app-is-authenticated');
const reading = await svc_permission.scan(app_actor, 'flag:app-is-authenticated');
const options = PermissionUtil.reading_to_options(reading);
const authenticated = options.length > 0;
let token;
if ( authenticated ) token = await svc_auth.get_user_app_token(app_uid);

5
src/backend/src/routers/hosting/puter-site.js
View File

@@ -26,6 +26,7 @@ const { TYPE_DIRECTORY } = require("../../filesystem/FSNodeContext");
const { LLRead } = require("../../filesystem/ll_operations/ll_read");
const { Actor, UserActorType, SiteActorType } = require("../../services/auth/Actor");
const APIError = require("../../api/APIError");
const { PermissionUtil } = require("../../services/auth/PermissionService");
const AT_DIRECTORY_NAMESPACE = '4aa6dc52-34c1-4b8a-b63c-a62b27f727cf';
@@ -251,9 +252,11 @@ class PuterSiteMiddleware extends AdvancedBase {
return {};
}
return await svc_permission.check(
const reading = await svc_permission.scan(
user_actor, `site:uid#${site.uuid}:access`
);
const options = PermissionUtil.reading_to_options(reading);
return options.length > 0;
})();
if ( ! perm ) {

6
src/backend/src/services/drivers/DriverService.js
View File

@@ -22,6 +22,7 @@ const { DriverError } = require("./DriverError");
const { TypedValue } = require("./meta/Runtime");
const BaseService = require("../BaseService");
const { Driver } = require("../../definitions/Driver");
const { PermissionUtil } = require("../auth/PermissionService");
/**
* DriverService provides the functionality of Puter drivers.
@@ -109,8 +110,9 @@ class DriverService extends BaseService {
const services = Context.get('services');
const svc_permission = services.get('permission');
const perm = await svc_permission.check(actor, `driver:${interface_name}:${method}`);
if ( ! perm ) {
const reading = await svc_permission.scan(actor, `driver:${interface_name}:${method}`);
const options = PermissionUtil.reading_to_options(reading);
if ( ! (options.length > 0) ) {
throw APIError.create('permission_denied');
}