llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-05-23 02:35:49 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix "All" roles bug in permission edit page

Browse Source
This commit is contained in:
Yang Luo 2023-12-02 15:26:52 +08:00
parent 113c27db73
commit 947dcf6e75
4 changed files with 67 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
controllers/casbin_api.go
View File

@ -243,7 +243,13 @@ func (c *ApiController) GetAllObjects() {
return return
} }
c.ResponseOk(object.GetAllObjects(userId)) objects, err := object.GetAllObjects(userId)
if err != nil {
c.ResponseError(err.Error())
return
}
c.ResponseOk(objects)
} }
func (c *ApiController) GetAllActions() { func (c *ApiController) GetAllActions() {
@ -253,7 +259,13 @@ func (c *ApiController) GetAllActions() {
return return
} }
c.ResponseOk(object.GetAllActions(userId)) actions, err := object.GetAllActions(userId)
if err != nil {
c.ResponseError(err.Error())
return
}
c.ResponseOk(actions)
} }
func (c *ApiController) GetAllRoles() { func (c *ApiController) GetAllRoles() {
@ -263,5 +275,11 @@ func (c *ApiController) GetAllRoles() {
return return
} }
c.ResponseOk(object.GetAllRoles(userId)) roles, err := object.GetAllRoles(userId)
if err != nil {
c.ResponseError(err.Error())
return
}
c.ResponseOk(roles)
} }

6
object/permission.go
View File

@ -120,7 +120,11 @@ func checkPermissionValid(permission *Permission) error {
return nil return nil
} }
groupingPolicies := getGroupingPolicies(permission) groupingPolicies, err := getGroupingPolicies(permission)
if err != nil {
return err
}
if len(groupingPolicies) > 0 { if len(groupingPolicies) > 0 {
_, err = enforcer.AddGroupingPolicies(groupingPolicies) _, err = enforcer.AddGroupingPolicies(groupingPolicies)
if err != nil { if err != nil {

50
object/permission_enforcer.go
View File

@ -23,6 +23,7 @@ import (
"github.com/casbin/casbin/v2/log" "github.com/casbin/casbin/v2/log"
"github.com/casbin/casbin/v2/model" "github.com/casbin/casbin/v2/model"
"github.com/casdoor/casdoor/conf" "github.com/casdoor/casdoor/conf"
"github.com/casdoor/casdoor/util"
xormadapter "github.com/casdoor/xorm-adapter/v3" xormadapter "github.com/casdoor/xorm-adapter/v3"
) )
@ -137,6 +138,16 @@ func getPolicies(permission *Permission) [][]string {
} }
func getRolesInRole(roleId string, visited map[string]struct{}) ([]*Role, error) { func getRolesInRole(roleId string, visited map[string]struct{}) ([]*Role, error) {
roleOwner, roleName := util.GetOwnerAndNameFromId(roleId)
if roleName == "*" {
roles, err := GetRoles(roleOwner)
if err != nil {
return []*Role{}, err
}
return roles, nil
}
role, err := GetRole(roleId) role, err := GetRole(roleId)
if err != nil { if err != nil {
return []*Role{}, err return []*Role{}, err
@ -162,7 +173,7 @@ func getRolesInRole(roleId string, visited map[string]struct{}) ([]*Role, error)
return roles, nil return roles, nil
} }
func getGroupingPolicies(permission *Permission) [][]string { func getGroupingPolicies(permission *Permission) ([][]string, error) {
var groupingPolicies [][]string var groupingPolicies [][]string
domainExist := len(permission.Domains) > 0 domainExist := len(permission.Domains) > 0
@ -170,12 +181,18 @@ func getGroupingPolicies(permission *Permission) [][]string {
for _, roleId := range permission.Roles { for _, roleId := range permission.Roles {
visited := map[string]struct{}{} visited := map[string]struct{}{}
if roleId == "*" {
roleId = util.GetId(permission.Owner, "*")
}
rolesInRole, err := getRolesInRole(roleId, visited) rolesInRole, err := getRolesInRole(roleId, visited)
if err != nil { if err != nil {
panic(err) return nil, err
} }
for _, role := range rolesInRole { for _, role := range rolesInRole {
roleId := role.GetId() roleId = role.GetId()
for _, subUser := range role.Users { for _, subUser := range role.Users {
if domainExist { if domainExist {
for _, domain := range permission.Domains { for _, domain := range permission.Domains {
@ -198,7 +215,7 @@ func getGroupingPolicies(permission *Permission) [][]string {
} }
} }
return groupingPolicies return groupingPolicies, nil
} }
func addPolicies(permission *Permission) error { func addPolicies(permission *Permission) error {
@ -231,7 +248,10 @@ func addGroupingPolicies(permission *Permission) error {
return err return err
} }
groupingPolicies := getGroupingPolicies(permission) groupingPolicies, err := getGroupingPolicies(permission)
if err != nil {
return err
}
if len(groupingPolicies) > 0 { if len(groupingPolicies) > 0 {
_, err = enforcer.AddGroupingPolicies(groupingPolicies) _, err = enforcer.AddGroupingPolicies(groupingPolicies)
@ -249,7 +269,10 @@ func removeGroupingPolicies(permission *Permission) error {
return err return err
} }
groupingPolicies := getGroupingPolicies(permission) groupingPolicies, err := getGroupingPolicies(permission)
if err != nil {
return err
}
if len(groupingPolicies) > 0 { if len(groupingPolicies) > 0 {
_, err = enforcer.RemoveGroupingPolicies(groupingPolicies) _, err = enforcer.RemoveGroupingPolicies(groupingPolicies)
@ -287,7 +310,12 @@ func getAllValues(userId string, fn func(enforcer *casbin.Enforcer) []string) ([
return nil, err return nil, err
} }
for _, role := range GetAllRoles(userId) { allRoles, err := GetAllRoles(userId)
if err != nil {
return nil, err
}
for _, role := range allRoles {
permissionsByRole, err := GetPermissionsByRole(role) permissionsByRole, err := GetPermissionsByRole(role)
if err != nil { if err != nil {
return nil, err return nil, err
@ -321,17 +349,17 @@ func GetAllActions(userId string) ([]string, error) {
}) })
} }
func GetAllRoles(userId string) []string { func GetAllRoles(userId string) ([]string, error) {
roles, err := getRolesByUser(userId) roles, err := getRolesByUser(userId)
if err != nil { if err != nil {
panic(err) return nil, err
} }
var res []string res := []string{}
for _, role := range roles { for _, role := range roles {
res = append(res, role.Name) res = append(res, role.Name)
} }
return res return res, nil
} }
func GetBuiltInModel(modelText string) (model.Model, error) { func GetBuiltInModel(modelText string) (model.Model, error) {

4
web/src/PermissionEditPage.js
View File

@ -303,7 +303,7 @@ class PermissionEditPage extends React.Component {
{Setting.getLabel(i18next.t("role:Sub roles"), i18next.t("role:Sub roles - Tooltip"))} : {Setting.getLabel(i18next.t("role:Sub roles"), i18next.t("role:Sub roles - Tooltip"))} :
</Col> </Col>
<Col span={22} > <Col span={22} >
<Select disabled={!this.hasRoleDefinition(this.state.model)} virtual={false} mode="multiple" style={{width: "100%"}} value={this.state.permission.roles} <Select disabled={!this.hasRoleDefinition(this.state.model)} placeholder={this.hasRoleDefinition(this.state.model) ? "" : "This field is disabled because the model is empty or it doesn't support RBAC (in another word, doesn't contain [role_definition])"} virtual={false} mode="multiple" style={{width: "100%"}} value={this.state.permission.roles}
onChange={(value => {this.updatePermissionField("roles", value);})} onChange={(value => {this.updatePermissionField("roles", value);})}
options={[ options={[
Setting.getOption(i18next.t("organization:All"), "*"), Setting.getOption(i18next.t("organization:All"), "*"),
@ -323,7 +323,7 @@ class PermissionEditPage extends React.Component {
})} })}
options={[ options={[
Setting.getOption(i18next.t("organization:All"), "*"), Setting.getOption(i18next.t("organization:All"), "*"),
...this.state.permission.domains.map((domain) => Setting.getOption(domain, domain)), ...this.state.permission.domains.filter(domain => domain !== "*").map((domain) => Setting.getOption(domain, domain)),
]} ]}
/> />
</Col> </Col>