feat (permissions): change the permissions mechanism

Related to issue #110

src/adonisjs/app/Controllers/Http/PermissionController.js

@@ -0,0 +1,37 @@
+'use strict'
+
+const uuidv4 = require('uuid/v4')
+
+
+const Permission = use('App/Models/v1/Permission')
+const Environment = use('App/Models/Environment')
+
+
+class PermissionController {
+  async store ({ request, response }) {
+    try {
+      let permission = new Permission()
+        permission.id = await uuidv4()
+
+		    permission.clearance = request.input('clearance')
+		    permission.subject_grade = request.input('subject_grade')
+		    permission.resource = request.input('resource')
+	  	  permission.resource_id = request.input('resource_id')
+
+
+        let environment = await Environment.findBy('name', request.input('environment'))
+        permission.environment_id = environment.id
+
+
+
+		    await permission.save()
+
+		    response.json('permission successfully created')
+	    } catch (e) {
+      		console.log(e)
+      return response.status(500).json({ message: e.message })
+    	}
+  }
+}
+
+module.exports = PermissionController

src/adonisjs/app/Controllers/Http/v1/CaseController.js

@@ -129,12 +129,10 @@ class CaseController {
   }
 
   /** * Update case details. PUT or PATCH case/:id */
-  async update ({ request, response }) {
+  async update ({ params, request, response }) {
     const trx = await Database.beginTransaction()
-
     try {
-      const c = await Case.find(request.input('caseId'))
-
+      const c = await Case.find(params.id)
       if (c != null) {
         c.title = request.input('title') || null
         c.description = request.input('description')|| null
@@ -150,33 +148,38 @@ class CaseController {
         cv.source = request.input('source')
         cv.id = await uuidv4()
         await c.versions().save(cv)
-
         const institutionAcronym = request.input('institution')
         if (institutionAcronym != null){
           let institution = await Institution.findBy('acronym', institutionAcronym)
           await c.institution().associate(institution)
         }
 
-        const permission = new Permission()
-        permission.id = await uuidv4()
-        permission.entity = request.input('permissionEntity')
-        permission.subject = request.input('permissionSubjectId')
-        permission.clearance = request.input('permissionClearance')
-        permission.table = 'cases'
-        permission.table_id = c.id
-        permission.save(trx)
+        // const permission = new Permission()
+        // permission.id = await uuidv4()
+        // permission.entity = request.input('permissionEntity')
+        // permission.subject = request.inpuission = new Permission()
+        // permission.id = await uuidv4()
+        // permission.entity = request.input('permissionEntity')
+        // permission.subject = request.input('permissionSubjectId')
+        // permission.clearance = request.input('permissionClearance')
+        // permission.table = 'cases'
+        // permission.table_id = c.id
+        // permission.t('permissionSubjectId')
+        // permission.clearance = request.input('permissionClearance')
+        // permission.table = 'cases'
+        // permission.table_id = c.id
+        // permission.save(trx)
 
         await c.save()
 
         trx.commit()
-
         return response.json(c)
 
       } else return response.status(500).json('case not found')
     } catch (e) {
       trx.rollback()
       console.log(e)
-      return response.status(500).json({ message: e })
+      return response.status(500).json({ message: e.message })
     }
   }
 

src/adonisjs/app/Controllers/Http/v1/UserController.js

@@ -219,7 +219,7 @@ class UserController {
                 THEN 'Feedback complete' ELSE case_properties.value END AS ?`,[propertyFilter])])
           .distinct('cases.id')
           .from('cases')
-          .leftJoin('permissions', 'cases.id', 'permissions.table_id')
+          // .leftJoin('permissions', 'cases.id', 'permissions.table_id')
           .join('case_properties', 'case_properties.case_id', 'cases.id')
           .join('properties', 'properties.id', 'case_properties.property_id')
           .join('users', 'users.id', 'cases.author_id')
@@ -234,21 +234,21 @@ class UserController {
               this.where('cases.specialty', 'like', specialtyFilter)
           })
 
-          .where(function(){
-            this
-            .where('cases.author_id', user.id)
-            .orWhere(function () {
-              this
-              .where('permissions.entity', 'institution')
-              .where('permissions.subject', user.institution_id)
-              .where('permissions.clearance', '>=', clearance)
-              .where(function(){
-                this
-                .whereNull('permissions.subject_grade')
-                .orWhere('permissions.subject_grade', user.grade)
-              })
-            })
-          })
+          // .where(function(){
+          //   this
+          //   .where('cases.author_id', user.id)
+          //   .orWhere(function () {
+          //     this
+          //     .where('permissions.resource', 'cases')
+          //     .where('permissions.resource_id', user.institution_id)
+          //     .where('permissions.clearance', '>=', clearance)
+          //     .where(function(){
+          //       this
+          //       .whereNull('permissions.subject_grade')
+          //       .orWhere('permissions.subject_grade', user.grade)
+          //     })
+          //   })
+          // })
           .orderBy('cases.created_at', 'desc')
       }else{
 
@@ -260,7 +260,7 @@ class UserController {
           'institutions.country AS institution_country', 'cases.created_at'])
           .distinct('cases.id')
           .from('cases')
-          .leftJoin('permissions', 'cases.id', 'permissions.table_id')
+          // .leftJoin('permissions', 'cases.id', 'permissions.table_id')
           .join('users', 'users.id', 'cases.author_id')
           .join('institutions', 'users.institution_id', 'institutions.id')
           .where('cases.published', '>=', publishedFilter)
@@ -271,21 +271,21 @@ class UserController {
               this.where('cases.specialty', 'like', specialtyFilter)
           })
 
-          .where(function(){
-            this
-            .where('cases.author_id', user.id)
-            .orWhere(function () {
-              this
-              .where('permissions.entity', 'institution')
-              .where('permissions.subject', user.institution_id)
-              .where('permissions.clearance', '>=', clearance)
-              .where(function(){
-                this
-                .whereNull('permissions.subject_grade')
-                .orWhere('permissions.subject_grade', user.grade)
-              })
-            })
-          })
+          // .where(function(){
+          //   this
+          //   .where('cases.author_id', user.id)
+          //   .orWhere(function () {
+          //     this
+          //     .where('permissions.entity', 'institution')
+          //     .where('permissions.subject', user.institution_id)
+          //     .where('permissions.clearance', '>=', clearance)
+          //     .where(function(){
+          //       this
+          //       .whereNull('permissions.subject_grade')
+          //       .orWhere('permissions.subject_grade', user.grade)
+          //     })
+          //   })
+          // })
           .orderBy('cases.created_at', 'desc')
       }
 

src/adonisjs/app/Middleware/CheckCasePermission.js

@@ -13,6 +13,7 @@ class CheckPermissionForGivenCase {
    */
   async handle ({ params, request, response, auth }, next, properties) {
     try {
+      console.log('kokokok')
 	    const loggedUserId = auth.user.id
       let sqlQuery = ''
       let caseId = ''

src/adonisjs/app/Middleware/CheckPermission.js

@@ -0,0 +1,64 @@
+'use strict'
+/** @typedef {import('@adonisjs/framework/src/Request')} Request */
+/** @typedef {import('@adonisjs/framework/src/Response')} Response */
+/** @typedef {import('@adonisjs/framework/src/View')} View */
+
+const Database = use('Database')
+
+class CheckPermission {
+  /**
+   * @param {object} ctx
+   * @param {Request} ctx.request
+   * @param {Function} next
+   */
+  async handle ({ params, request, response, auth }, next, properties) {
+    try {
+      let resourceId = params.id
+      if (resourceId == undefined){
+        resourceId = request.input('caseId')
+      }
+      const user = await auth.user
+      const resource = properties[0]
+      const clearance = properties[1]
+      // console.log(user.environment_id)
+      const environment =  await user.environment
+      // const environment =  await user.environment().fetch()
+
+      // c.versions = await c.versions().fetch()
+      console.log('clearance: '+clearance  )
+      console.log('resource: '+resource)
+      console.log('resourceId: '+resourceId)
+      console.log('environment: '+user.environment_id)
+
+      let queryResult
+      const clearances = ['read', 'comment', 'share', 'write', 'delete']
+      const clearanceIindex = clearances.indexOf(clearance)
+      // console.log('clearance '+ clearanceIindex)
+
+      queryResult = await Database
+        .from('permissions')
+        .leftJoin('environments', 'environments.id', 'permissions.environment_id')
+        // .where('environments.id', environment.id)
+
+        .leftJoin('users', 'users.environment_id', 'environments.id')
+        .where('users.environment_id', user.environment_id)
+        .where('permissions.clearance',  '>=', clearanceIindex)
+        .where('permissions.resource',  resource)
+        .where('permissions.resource_id',  resourceId)
+        .count()
+
+      console.log('queryResult '+queryResult[0]['count(*)'])
+      if (queryResult[0]['count(*)'] === 0) {
+        return response.status(500).json('you dont have permission to ' + clearance + ' such ' + resource)
+      } else {
+        await next()
+      }
+
+    } catch (e) {
+    	console.log(e)
+    	return response.status(500).json(e)
+    }
+  }
+}
+
+module.exports = CheckPermission

src/adonisjs/app/Models/Environment.js

@@ -0,0 +1,12 @@
+'use strict'
+
+/** @type {typeof import('@adonisjs/lucid/src/Lucid/Model')} */
+const Model = use('Model')
+
+class Environment extends Model {
+  static get incrementing () {
+    return false
+  }
+}
+
+module.exports = Environment

src/adonisjs/app/Models/v1/Permission.js

@@ -7,6 +7,10 @@ class Permission extends Model {
   static get incrementing () {
     return false
   }
+
+  environment () {
+    return this.belongsTo('App/Models/Environment')
+  }
 }
 
 module.exports = Permission

src/adonisjs/app/Models/v1/User.js

@@ -4,9 +4,11 @@
 const Hash = use('Hash')
 /** @type {typeof import('@adonisjs/lucid/src/Lucid/Model')} */
 const Model = use('Model')
-
 const Database = use('Database')
 
+const Environment = use('App/Models/Environment')
+
+
 class User extends Model {
   static get incrementing () {
     return false
@@ -26,6 +28,61 @@ class User extends Model {
       .withTimestamps()
   }
 
+  environment () {
+    return this.belongsTo('App/Models/Environment')
+  }
+  //  environment () {
+  //   return this.belongsTo('App/Models/Environment')
+  // }
+  // environment () {
+  //   return this
+  //     .belongsToMany('App/Models/Group')
+  //     .pivotTable('users_groups')
+  //     .withTimestamps()
+  // }
+
+//   async environment (){
+//     let queryResult = await Database
+//       .from('environments')
+//       .leftJoin('users', 'users.environment_id', 'environments.id')
+//       .where('users.id', this.id)
+//       // .where('users_environments.environment_id', caseId)
+//       // .whereIn('users_cases.permission', ['share', 'write', 'delete'])
+//       // .count()
+//       queryResult
+//       const result = JSON.stringify(queryResult)
+//       // console.log(queryResult[0]['id'])
+//       // console.log(queryResult[0]['name'])
+//
+//       // for (var r in result) {
+//       //   console.log(r)
+//       //
+//       // }
+//       // result.forEach((item, i) => {
+//       //   console.log(r)
+//       // });
+// console.log('result '+result)
+//       if (result.length==0){
+//         console.log('aquiiiiiiiiiiiiiii')
+//         // let environment
+//         // environment.name = 'public'
+//         return 'unicamp'
+//       }
+//       console.log(queryResult)
+//         if (queryResult[0]['count(*)'] === 0) {
+//           return response.status(500).json('you dont have permission to ' + properties[0] + ' such case')
+//         } else {
+//           const environment = new Environment()
+//           // environment.
+//           const environmet = Environment
+//           // console.log(result[0])
+//           return queryResult[0]['name']
+//           // await next()
+//         }
+//         return queryResult
+//
+//   }
+
   artifacts () {
     return this.hasMany('App/Models/v1/Artifact')
   }

src/adonisjs/database/migrations/1616133252647_drop_users_groups_schema.js

@@ -0,0 +1,22 @@
+'use strict'
+
+/** @type {import('@adonisjs/lucid/src/Schema')} */
+const Schema = use('Schema')
+
+class DropUsersGroupsSchema extends Schema {
+  up () {
+    this.dropIfExists('users_groups')
+  }
+
+  down () {
+    this.create('users_groups', (table) => {
+      table.uuid('user_id').references('id').inTable('users').index('user_id')
+      table.uuid('group_id').references('id').inTable('groups').index('group_id')
+      table.primary(['group_id', 'user_id'])
+
+      table.timestamps()
+    })
+  }
+}
+
+module.exports = DropUsersGroupsSchema