Skip to content

Commit

Permalink
permissions: fix api calls for oauth/others, hide create doc for read…
Browse files Browse the repository at this point in the history 
… only
  • Loading branch information
@hayzamjs
hayzamjs committed Sep 5, 2024
1 parent 5488936 commit e302938
Show file tree
Hide file tree
Showing 3 changed files with 49 additions and 40 deletions.
49 changes: 28 additions & 21 deletions middleware/auth.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,10 @@ import (
func EnsureAuthenticated(authService *services.AuthService) func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if r.URL.Path == "/kal-api/auth/jwt/create" {
if r.URL.Path == "/kal-api/auth/jwt/create" ||
r.URL.Path == "/kal-api/auth/jwt/validate" ||
r.URL.Path == "/admin/error" ||
r.URL.Path == "/admin/404" {
next.ServeHTTP(w, r)
return
}
Expand Down Expand Up @@ -47,29 +50,33 @@ func hasPermissionForRoute(path string, permissions []string, isAdmin bool) bool
}

routePermissions := map[string]string{
"/auth/user": "read",
"/auth/users": "read",
"/auth/user/edit": "read",
"/auth/jwt/revoke": "read",
"/auth/jwt/validate": "read",
"/auth/user/upload-file": "read",
"/docs/documentations": "read",
"/docs/pages": "read",
"/docs/page-groups": "read",
"/docs/documentation": "read",
"/docs/page": "read",
"/docs/page-group": "read",
"/docs/documentation/edit": "write",
"/docs/documentation/version": "write",
"/docs/documentation/reorder-bulk": "write",
"/docs/page/edit": "write",
"/docs/page-group/edit": "write",
"/docs/documentation/delete": "delete",
"/docs/page/delete": "delete",
"/docs/page-group/delete": "delete",
"/kal-api/auth/user": "read",
"/kal-api/auth/users": "read",
"/kal-api/auth/user/edit": "read",
"/kal-api/auth/jwt/revoke": "read",
"/kal-api/auth/jwt/validate": "read",
"/kal-api/auth/user/upload-file": "read",
"/kal-api/docs/documentations": "read",
"/kal-api/docs/pages": "read",
"/kal-api/docs/page-groups": "read",
"/kal-api/docs/documentation": "read",
"/kal-api/docs/page": "read",
"/kal-api/docs/page-group": "read",
"/kal-api/docs/documentation/create": "write",
"/kal-api/docs/documentation/edit": "write",
"/kal-api/docs/documentation/version": "write",
"/kal-api/docs/documentation/reorder-bulk": "write",
"/kal-api/docs/page/create": "write",
"/kal-api/docs/page/edit": "write",
"/kal-api/docs/page-group/create": "write",
"/kal-api/docs/page-group/edit": "write",
"/kal-api/docs/documentation/delete": "delete",
"/kal-api/docs/page/delete": "delete",
"/kal-api/docs/page-group/delete": "delete",
}

requiredPermission, exists := routePermissions[path]

if !exists {
return false
}
Expand Down
34 changes: 18 additions & 16 deletions web/src/components/Sidebar/Sidebar.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ import { AuthContext, AuthContextType } from "../../context/AuthContext";
import { ModalContext } from "../../context/ModalContext";
import { Documentation } from "../../types/doc";
import { DOMEvent } from "../../types/dom";
import { handleError } from "../../utils/Common";
import { handleError, hasPermission } from "../../utils/Common";

export default function Sidebar() {
const { t } = useTranslation();
Expand Down Expand Up @@ -150,21 +150,23 @@ export default function Sidebar() {
/>
</NavLink>
</li>
<li>
<motion.button
onClick={() => {
openModal("createDocumentation", null);
navigate("/dashboard/create-documentation");
}}
whileHover={{ scale: 1.05 }}
className="flex w-full py-2 px-5 my-5 justify-center text-white bg-primary-700 hover:bg-primary-800 focus:ring-4 focus:outline-none focus:ring-primary-300 font-medium rounded-lg text-md text-center dark:bg-primary-600 dark:hover:bg-primary-700 dark:focus:ring-primary-800"
>
<span className=" px-1 pt-1 text-left items-center dark:text-white text-md text-sm">
{t("new_documentation")}
</span>
<Icon icon="ei:plus" className="w-7 h-7 dark:text-white" />
</motion.button>
</li>
{hasPermission(["all", "write"], userDetails) && (
<li>
<motion.button
onClick={() => {
openModal("createDocumentation", null);
navigate("/dashboard/create-documentation");
}}
whileHover={{ scale: 1.05 }}
className="flex w-full py-2 px-5 my-5 justify-center text-white bg-primary-700 hover:bg-primary-800 focus:ring-4 focus:outline-none focus:ring-primary-300 font-medium rounded-lg text-md text-center dark:bg-primary-600 dark:hover:bg-primary-700 dark:focus:ring-primary-800"
>
<span className=" px-1 pt-1 text-left items-center dark:text-white text-md text-sm">
{t("new_documentation")}
</span>
<Icon icon="ei:plus" className="w-7 h-7 dark:text-white" />
</motion.button>
</li>
)}
{!documentation || documentation.length <= 0 ? (
<motion.li
whileHover={{ scale: 1.05, originX: 0 }}
Expand Down
6 changes: 3 additions & 3 deletions web/src/pages/LoginPage.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,13 +79,13 @@ export default function LoginPage() {
return () => {
switch (provider) {
case "github":
window.location.href = `${baseURL}/oauth/github`;
window.location.href = `${baseURL}/kal-api/oauth/github`;
break;
case "google":
window.location.href = `${baseURL}/oauth/google`;
window.location.href = `${baseURL}/kal-api/oauth/google`;
break;
case "microsoft":
window.location.href = `${baseURL}/oauth/microsoft`;
window.location.href = `${baseURL}/kal-api/oauth/microsoft`;
break;
default:
break;
Expand Down

0 comments on commit e302938

Please sign in to comment.