feat: board access group permissions (#422)

* fix: cache is not exportet from react * fix: format issue * wip: add usage of group permissions * feat: show inherited groups and add manage group * refactor: improve board access management * chore: address pull request feedback * fix: type issues * fix: migrations * test: add unit tests for board permissions, permissions and board router * test: add unit tests for board router and get current user permissions method * fix: format issues * fix: deepsource issue
2024-05-04 18:34:41 +02:00
parent ca49a01352
commit b1e065f1da
42 changed files with 2375 additions and 423 deletions
--- a/packages/definitions/src/permissions.ts
+++ b/packages/definitions/src/permissions.ts
@@ -1,4 +1,4 @@
-import { objectKeys } from "@homarr/common";
+import { objectEntries, objectKeys } from "@homarr/common";

 export const boardPermissions = ["board-view", "board-change"] as const;
 export const groupPermissions = {
@@ -20,6 +20,21 @@ const groupPermissionParents = {
  admin: ["board-full-access", "integration-full-access"],
 } satisfies Partial<Record<GroupPermissionKey, GroupPermissionKey[]>>;

+export const getPermissionsWithParents = (
+  permissions: GroupPermissionKey[],
+): GroupPermissionKey[] => {
+  const res = permissions.map((permission) => {
+    return objectEntries(groupPermissionParents)
+      .filter(([_key, value]: [string, GroupPermissionKey[]]) =>
+        value.includes(permission),
+      )
+      .map(([key]) => getPermissionsWithParents([key]))
+      .flat();
+  });
+
+  return permissions.concat(res.flat());
+};
+
 const getPermissionsInner = (
  permissionSet: Set<GroupPermissionKey>,
  permissions: GroupPermissionKey[],
--- a/packages/definitions/src/test/permissions.spec.ts
+++ b/packages/definitions/src/test/permissions.spec.ts
@@ -0,0 +1,90 @@
+import { describe, expect, test } from "vitest";
+
+import type { GroupPermissionKey } from "../permissions";
+import {
+  getPermissionsWithChildren,
+  getPermissionsWithParents,
+} from "../permissions";
+
+describe("getPermissionsWithParents should return the correct permissions", () => {
+  test.each([
+    [
+      ["board-view-all"],
+      ["board-view-all", "board-modify-all", "board-full-access", "admin"],
+    ],
+    [["board-modify-all"], ["board-modify-all", "board-full-access", "admin"]],
+    [["board-create"], ["board-create", "board-full-access", "admin"]],
+    [["board-full-access"], ["board-full-access", "admin"]],
+    [
+      ["integration-use-all"],
+      [
+        "integration-use-all",
+        "integration-interact-all",
+        "integration-full-access",
+        "admin",
+      ],
+    ],
+    [
+      ["integration-create"],
+      ["integration-create", "integration-full-access", "admin"],
+    ],
+    [
+      ["integration-interact-all"],
+      ["integration-interact-all", "integration-full-access", "admin"],
+    ],
+    [["integration-full-access"], ["integration-full-access", "admin"]],
+    [["admin"], ["admin"]],
+  ] satisfies [GroupPermissionKey[], GroupPermissionKey[]][])(
+    "expect %s to return %s",
+    (input, expectedOutput) => {
+      expect(getPermissionsWithParents(input)).toEqual(
+        expect.arrayContaining(expectedOutput),
+      );
+    },
+  );
+});
+
+describe("getPermissionsWithChildren should return the correct permissions", () => {
+  test.each([
+    [["board-view-all"], ["board-view-all"]],
+    [["board-modify-all"], ["board-view-all", "board-modify-all"]],
+    [["board-create"], ["board-create"]],
+    [
+      ["board-full-access"],
+      ["board-full-access", "board-modify-all", "board-view-all"],
+    ],
+    [["integration-use-all"], ["integration-use-all"]],
+    [["integration-create"], ["integration-create"]],
+    [
+      ["integration-interact-all"],
+      ["integration-interact-all", "integration-use-all"],
+    ],
+    [
+      ["integration-full-access"],
+      [
+        "integration-full-access",
+        "integration-interact-all",
+        "integration-use-all",
+      ],
+    ],
+    [
+      ["admin"],
+      [
+        "admin",
+        "board-full-access",
+        "board-modify-all",
+        "board-view-all",
+        "integration-full-access",
+        "integration-interact-all",
+        "integration-use-all",
+      ],
+    ],
+  ] satisfies [GroupPermissionKey[], GroupPermissionKey[]][])(
+    "expect %s to return %s",
+    (input, expectedOutput) => {
+      expect(getPermissionsWithChildren(input)).toEqual(
+        expect.arrayContaining(expectedOutput),
+      );
+    },
+  );
+});