mirror of
https://github.com/photoprism/photoprism.git
synced 2025-09-26 21:01:58 +08:00
Auth: Add "instance" and "service" roles, fix entity/auth_client.go #98
Signed-off-by: Michael Mayer <michael@photoprism.app>
This commit is contained in:
Michael Mayer
@@ -2,16 +2,17 @@ package acl
|
||||
|
||||
// Roles that can be granted Permissions to use a Resource.
|
||||
const (
|
||||
RoleDefault Role = "default"
|
||||
RoleAdmin Role = "admin"
|
||||
RoleUser Role = "user"
|
||||
RoleViewer Role = "viewer"
|
||||
RoleGuest Role = "guest"
|
||||
RoleVisitor Role = "visitor"
|
||||
RoleNode Role = "node"
|
||||
RolePortal Role = "portal"
|
||||
RoleClient Role = "client"
|
||||
RoleNone Role = ""
|
||||
RoleDefault Role = "default"
|
||||
RoleAdmin Role = "admin"
|
||||
RoleUser Role = "user"
|
||||
RoleViewer Role = "viewer"
|
||||
RoleGuest Role = "guest"
|
||||
RoleVisitor Role = "visitor"
|
||||
RoleInstance Role = "instance"
|
||||
RoleService Role = "service"
|
||||
RolePortal Role = "portal"
|
||||
RoleClient Role = "client"
|
||||
RoleNone Role = ""
|
||||
)
|
||||
|
||||
// Permissions to use a Resource that can be granted to a Role.
|
||||
|
||||
@@ -154,12 +154,13 @@ var (
|
||||
|
||||
// GrantDefaults defines default grants for all supported roles.
|
||||
var GrantDefaults = Roles{
|
||||
RoleAdmin: GrantFullAccess,
|
||||
RoleGuest: GrantReactShared,
|
||||
RoleVisitor: GrantViewShared,
|
||||
RoleNode: GrantSearchShared,
|
||||
RolePortal: GrantFullAccess,
|
||||
RoleClient: GrantFullAccess,
|
||||
RoleAdmin: GrantFullAccess,
|
||||
RoleGuest: GrantReactShared,
|
||||
RoleVisitor: GrantViewShared,
|
||||
RoleInstance: GrantSearchShared,
|
||||
RoleService: GrantSearchShared,
|
||||
RolePortal: GrantFullAccess,
|
||||
RoleClient: GrantFullAccess,
|
||||
}
|
||||
|
||||
// Allow checks if this Grant includes the specified Permission.
|
||||
|
||||
@@ -18,11 +18,12 @@ var UserRoles = RoleStrings{
|
||||
|
||||
// ClientRoles maps valid API client roles.
|
||||
var ClientRoles = RoleStrings{
|
||||
string(RoleAdmin): RoleAdmin,
|
||||
string(RoleNode): RoleNode,
|
||||
string(RolePortal): RolePortal,
|
||||
string(RoleClient): RoleClient,
|
||||
string(RoleNone): RoleNone,
|
||||
string(RoleAdmin): RoleAdmin,
|
||||
string(RoleInstance): RoleInstance,
|
||||
string(RoleService): RoleService,
|
||||
string(RolePortal): RolePortal,
|
||||
string(RoleClient): RoleClient,
|
||||
string(RoleNone): RoleNone,
|
||||
}
|
||||
|
||||
// Strings returns the roles as string slice.
|
||||
|
||||
@@ -44,12 +44,13 @@ var Rules = ACL{
|
||||
RoleClient: GrantFullAccess,
|
||||
},
|
||||
ResourcePlaces: Roles{
|
||||
RoleAdmin: GrantFullAccess,
|
||||
RoleGuest: GrantReactShared,
|
||||
RoleVisitor: GrantViewShared,
|
||||
RoleNode: GrantUseOwn,
|
||||
RolePortal: GrantUseOwn,
|
||||
RoleClient: GrantFullAccess,
|
||||
RoleAdmin: GrantFullAccess,
|
||||
RoleGuest: GrantReactShared,
|
||||
RoleVisitor: GrantViewShared,
|
||||
RoleInstance: GrantUseOwn,
|
||||
RoleService: GrantUseOwn,
|
||||
RolePortal: GrantUseOwn,
|
||||
RoleClient: GrantFullAccess,
|
||||
},
|
||||
ResourceLabels: Roles{
|
||||
RoleAdmin: GrantFullAccess,
|
||||
@@ -82,11 +83,12 @@ var Rules = ACL{
|
||||
RoleGuest: GrantUpdateOwn,
|
||||
},
|
||||
ResourceUsers: Roles{
|
||||
RoleAdmin: GrantManageOwn,
|
||||
RoleGuest: GrantViewUpdateOwn,
|
||||
RoleNode: GrantViewOwn,
|
||||
RolePortal: GrantFullAccess,
|
||||
RoleClient: GrantViewOwn,
|
||||
RoleAdmin: GrantManageOwn,
|
||||
RoleGuest: GrantViewUpdateOwn,
|
||||
RoleInstance: GrantViewOwn,
|
||||
RoleService: GrantViewOwn,
|
||||
RolePortal: GrantFullAccess,
|
||||
RoleClient: GrantViewOwn,
|
||||
},
|
||||
ResourceSessions: Roles{
|
||||
RoleAdmin: GrantManageOwn,
|
||||
@@ -112,30 +114,34 @@ var Rules = ACL{
|
||||
RoleClient: GrantPublishOwn,
|
||||
},
|
||||
ResourceMetrics: Roles{
|
||||
RoleAdmin: GrantFullAccess,
|
||||
RoleNode: GrantNone,
|
||||
RolePortal: GrantViewAll,
|
||||
RoleClient: GrantViewAll,
|
||||
RoleAdmin: GrantFullAccess,
|
||||
RoleInstance: GrantNone,
|
||||
RoleService: GrantViewAll,
|
||||
RolePortal: GrantViewAll,
|
||||
RoleClient: GrantViewAll,
|
||||
},
|
||||
ResourceVision: Roles{
|
||||
RoleAdmin: GrantFullAccess,
|
||||
RoleNode: GrantUseOwn,
|
||||
RolePortal: GrantUseOwn,
|
||||
RoleClient: GrantUseOwn,
|
||||
RoleAdmin: GrantFullAccess,
|
||||
RoleInstance: GrantUseOwn,
|
||||
RoleService: GrantUseOwn,
|
||||
RolePortal: GrantUseOwn,
|
||||
RoleClient: GrantUseOwn,
|
||||
},
|
||||
ResourceCluster: Roles{
|
||||
RoleAdmin: GrantFullAccess,
|
||||
RoleNode: GrantSearchDownloadUpdateOwn,
|
||||
RolePortal: GrantFullAccess,
|
||||
RoleClient: GrantSearchDownloadUpdateOwn,
|
||||
RoleAdmin: GrantFullAccess,
|
||||
RoleInstance: GrantSearchDownloadUpdateOwn,
|
||||
RoleService: GrantSearchDownloadUpdateOwn,
|
||||
RolePortal: GrantFullAccess,
|
||||
RoleClient: GrantSearchDownloadUpdateOwn,
|
||||
},
|
||||
ResourceFeedback: Roles{
|
||||
RoleAdmin: GrantFullAccess,
|
||||
},
|
||||
ResourceDefault: Roles{
|
||||
RoleAdmin: GrantFullAccess,
|
||||
RoleNode: GrantNone,
|
||||
RolePortal: GrantNone,
|
||||
RoleClient: GrantNone,
|
||||
RoleAdmin: GrantFullAccess,
|
||||
RoleInstance: GrantNone,
|
||||
RoleService: GrantNone,
|
||||
RolePortal: GrantNone,
|
||||
RoleClient: GrantNone,
|
||||
},
|
||||
}
|
||||
|
||||
@@ -23,7 +23,7 @@ const (
|
||||
ClientRegenerateSecret = "set a new randomly generated client secret"
|
||||
ClientEnable = "enable client authentication if disabled"
|
||||
ClientDisable = "disable client authentication"
|
||||
ClientSecretInfo = "\nPLEASE WRITE DOWN THE %s CLIENT SECRET, AS YOU WILL NOT BE ABLE TO SEE IT AGAIN:\n"
|
||||
ClientSecretInfo = "\nPLEASE WRITE DOWN THE %s CLIENT SECRET, AS YOU WILL NOT BE ABLE TO SEE IT AGAIN:"
|
||||
)
|
||||
|
||||
var (
|
||||
|
||||
@@ -540,6 +540,7 @@ func (m *Client) SetFormValues(frm form.Client) *Client {
|
||||
|
||||
// Set values from form.
|
||||
m.SetName(frm.Name())
|
||||
m.SetRole(frm.Role())
|
||||
m.SetProvider(frm.Provider())
|
||||
m.SetMethod(frm.Method())
|
||||
m.SetScope(frm.Scope())
|
||||
|
||||
Reference in New Issue
Block a user