permission handling

2023-06-23 12:10:46 +02:00 · 2023-06-23 12:10:46 +02:00 · 3da69ef7f7
parent 1411fad64f
commit 3da69ef7f7
2 changed files with 13 additions and 9 deletions
--- a/modules/database/database.go
+++ b/modules/database/database.go
@ -37,12 +37,12 @@ func InitDatabase() {
 	db.AutoMigrate(&structs.Role{})
 	db.AutoMigrate(&structs.RolePermission{})

-	//createUser()
+	/* masterRoleId := handleMasterRolePermissions() */
+	handleMasterRolePermissions()
+	//createUser(masterRoleId)
 }

-func createUser() {
-	adminRoleId := createDefaultRole()
-
+func createUser(masterRoleId string) {
 	pw := []byte("haha")

 	hashedPassword, err := bcrypt.GenerateFromPassword(pw, bcrypt.DefaultCost)
@ -53,7 +53,7 @@ func createUser() {

 	DB.Create(&structs.User{
 		Id:        uuid.New().String(),
-		RoleId:    adminRoleId,
+		RoleId:    masterRoleId,
 		Username:  "Alex",
 		Email:     "alex@roese.dev",
 		Password:  string(hashedPassword),
@ -61,7 +61,7 @@ func createUser() {
 	})
 }

-func createDefaultRole() (roleId string) {
+func handleMasterRolePermissions() (roleId string) {
 	// create admin role if not already existing
 	role := structs.Role{
 		Id:           uuid.New().String(),
@ -127,9 +127,8 @@ func createDefaultRole() (roleId string) {

 		if len(outdatedPermissions) > 0 {
 			for _, outdatedPermission := range outdatedPermissions {
-				DB.Where("role_id = ?", outdatedPermission.RoleId).
-					Where("permission_id = ?", outdatedPermission.PermissionId).
-					Delete(&outdatedPermission)
+				// delete old permissions for all roles
+				DB.Where("permission_id = ?", outdatedPermission.PermissionId).Delete(&outdatedPermission)
 			}
 		}
 	} else { // admin role has no permissions - grant all permissions
--- a/modules/utils/globals.go
+++ b/modules/utils/globals.go
@ -91,6 +91,9 @@ const (
 	_groupTasks                 = "group_tasks."
 	PermissionGroupTasksHistory = _groupTasks + "history"

+	PermissionAllUsersActionChangeRole = "all_users.action.change_role"
+	PermissionScannerUseScanners       = "scanner.use_scanners"
+
 	_adminArea                       = "admin_area."
 	_adminAreaRoles                  = _adminArea + "roles."
 	PermissionAdminAreaAddRole       = _adminAreaRoles + "add_role"
@ -103,6 +106,8 @@ const (
 func GetSystemPermissions() []string {
 	return []string{
 		PermissionGroupTasksHistory,
+		PermissionAllUsersActionChangeRole,
+		PermissionScannerUseScanners,
 		PermissionAdminAreaAddRole,
 		PermissionAdminAreaUpdateRole,
 		PermissionAdminAreaDeleteRole,