Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(backend): Add checking permissions admin while using AdminAuthGuards #559

Merged
merged 14 commits into from
Oct 19, 2024
Merged

feat(backend): Add checking permissions admin while using AdminAuthGuards #559

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
db79ac7
refactor(backend): Admin authorization
aXenDeveloper Oct 16, 2024
19477e9
feat(backend): Add checking permissions admin while using AdminAuthGu…
aXenDeveloper Oct 16, 2024
bbd76fe
fix(frontend): Revalidate date when edit admin permissions in AdminCP
aXenDeveloper Oct 16, 2024
5579987
feat(frontend): Add checkPermissionSessionAdmin to checking permissio…
aXenDeveloper Oct 17, 2024
bfa3e95
feat(frontend): Add checkAdminPermissionMetadata
aXenDeveloper Oct 17, 2024
04416fe
feat(backend): Add checking admin permissions in ShowAdminNavService
aXenDeveloper Oct 17, 2024
8adb913
feat(frontend): Add checking admin permission for components
aXenDeveloper Oct 18, 2024
9f3146f
refactor(frontend)!: Auto Form
aXenDeveloper Oct 19, 2024
39dc5e7
chore(frontend): Fix small type errors
aXenDeveloper Oct 19, 2024
b382ee7
perf: Fix issue with theme editor while read CSS file
aXenDeveloper Oct 19, 2024
2301146
Merge pull request #562 from VitNode/refactor/auto-form
aXenDeveloper Oct 19, 2024
85455af
feat(backend): Add AdminPermission to resolvers
aXenDeveloper Oct 19, 2024
7e55312
feat(frontend): Add checking permissions for all routes in AdminCP
aXenDeveloper Oct 19, 2024
8396429
chore: Clean up
aXenDeveloper Oct 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ pnpm create vitnode-app@latest

| 🛠️ Software | Minimum | Recommended |
| :---------- | :------ | :---------- |
| Node.js | 18.17 | 20 |
| Node.js | 20 | 20 |
| PostgreSQL | 14 | 16 |

| 🖥️ Hardware | Minimum | Development |
Expand Down
50 changes: 30 additions & 20 deletions apps/backend/schema.gql
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,9 @@ enum AllowTypeFilesEnum {
}

type AuthorizationAdminSessionsObj {
files: FilesAuthorizationCoreSessions!
permissions: [PermissionsStaffObjWithoutPluginName!]!
restart_server: Boolean!
user: AuthorizationCurrentUserObj
user: UserWithDangerousInfo!
version: String!
}

Expand All @@ -22,7 +22,6 @@ type AuthorizationCoreMiddleware {
}

type AuthorizationCoreSessionsObj {
files: FilesAuthorizationCoreSessions!
plugin_default: String!
user: AuthorizationCurrentUserObj
}
Expand All @@ -31,6 +30,7 @@ type AuthorizationCurrentUserObj {
avatar: AvatarUser
avatar_color: String!
email: String!
files_permissions: FilesPermissionsCoreSessions!
group: GroupUser!
id: Int!
is_admin: Boolean!
Expand Down Expand Up @@ -134,13 +134,6 @@ type EditorShowCoreMiddleware {
sticky: Boolean!
}

type FilesAuthorizationCoreSessions {
allow_upload: Boolean!
max_storage_for_submit: Int!
space_used: Float!
total_max_storage: Int!
}

input FilesEditAdminEditorStyles {
allow_type: AllowTypeFilesEnum!
}
Expand All @@ -149,6 +142,13 @@ type FilesEditorShowCoreMiddleware {
allow_type: AllowTypeFilesEnum!
}

type FilesPermissionsCoreSessions {
allow_upload: Boolean!
max_storage_for_submit: Int!
space_used: Float!
total_max_storage: Int!
}

type GroupUser {
color: String
id: Int!
Expand Down Expand Up @@ -248,9 +248,9 @@ type Mutation {
admin__core_plugins__permissions_admin__delete(id: String!, parent_id: String, plugin_code: String!): String!
admin__core_plugins__upload(code: String, file: Upload!): String!
admin__core_security__captcha__edit(secret_key: String!, site_key: String!, type: CaptchaTypeEnum!): ShowAdminCaptchaSecurityObj!
admin__core_staff_administrators__create_edit(group_id: Int, permissions: [PermissionsStaffArgs!], unrestricted: Boolean!, user_id: Int): ShowAdminStaffAdministrators!
admin__core_staff_administrators__create_edit(group_id: Int, id: Int, permissions: [PermissionsStaffArgs!], user_id: Int): ShowAdminStaffAdministrators!
admin__core_staff_administrators__delete(id: Int!): String!
admin__core_staff_moderators__create(group_id: Int, unrestricted: Boolean!, user_id: Int): ShowAdminStaffModerators!
admin__core_staff_moderators__create(group_id: Int, user_id: Int): ShowAdminStaffModerators!
admin__core_staff_moderators__delete(id: Int!): String!
admin__core_styles__editor__edit(files: FilesEditAdminEditorStyles!, sticky: Boolean!): EditorShowCoreMiddleware!
admin__core_styles__nav__create(description: [StringLanguageInput!]!, external: Boolean!, href: String!, name: [StringLanguageInput!]!): ShowCoreNav!
Expand Down Expand Up @@ -291,28 +291,28 @@ type PageInfo {
}

type PermissionsStaff {
children: [String!]!
id: String!
permissions: [String!]!
}

input PermissionsStaffArgs {
permissions: [PermissionsStaffInput!]!
groups: [PermissionsStaffInput!]!
plugin_code: String!
}

input PermissionsStaffInput {
children: [String!]!
id: String!
permissions: [String!]!
}

type PermissionsStaffObj {
permissions: [PermissionsStaff!]!
groups: [PermissionsStaff!]!
plugin: String!
plugin_code: String!
}

type PermissionsStaffObjWithoutPluginName {
permissions: [PermissionsStaff!]!
groups: [PermissionsStaff!]!
plugin_code: String!
}

Expand Down Expand Up @@ -524,7 +524,6 @@ type ShowAdminStaffAdministrators {
id: Int!
permissions: [PermissionsStaffObjWithoutPluginName!]!
protected: Boolean!
unrestricted: Boolean!
updated: DateTime!
user_or_group: UserOrGroupCoreStaffUnion!
}
Expand All @@ -548,7 +547,6 @@ type ShowAdminStaffModerators {
created: DateTime!
id: Int!
protected: Boolean!
unrestricted: Boolean!
updated: DateTime!
user_or_group: UserOrGroupCoreStaffUnion!
}
Expand Down Expand Up @@ -825,4 +823,16 @@ type User {
name_seo: String!
}

union UserOrGroupCoreStaffUnion = StaffGroupUser | User
union UserOrGroupCoreStaffUnion = StaffGroupUser | User

type UserWithDangerousInfo {
avatar: AvatarUser
avatar_color: String!
email: String!
files_permissions: FilesPermissionsCoreSessions!
group: GroupUser!
id: Int!
language: String!
name: String!
name_seo: String!
}
8 changes: 5 additions & 3 deletions apps/frontend/src/app/[locale]/(main)/(layout)/error.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
'use client';

import { ErrorView } from 'vitnode-frontend/views/theme/views/error/error-view';
import { WrapperError } from 'vitnode-frontend/views/theme/views/error/wrapper-error';

export default function Error() {
return <ErrorView code="500" />;
export default function Error(
props: React.ComponentProps<typeof WrapperError>,
) {
return <WrapperError {...props} />;
}
8 changes: 5 additions & 3 deletions apps/frontend/src/app/[locale]/admin/(auth)/error.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
'use client';

import { ErrorView } from 'vitnode-frontend/views/theme/views/error/error-view';
import { WrapperError } from 'vitnode-frontend/views/theme/views/error/wrapper-error';

export default function Error() {
return <ErrorView code="500" />;
export default function Error(
props: React.ComponentProps<typeof WrapperError>,
) {
return <WrapperError {...props} />;
}
31 changes: 23 additions & 8 deletions apps/frontend/src/plugins/core/langs/en.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -333,15 +333,23 @@
},
"admin_permissions": {
"dashboard": "Dashboard",
"dashboard_can_manage_diagnostic_tools": "Can manage diagnostic tools?",
"can_manage_diagnostic_tools": "Can manage diagnostic tools?",
"settings": "Settings",
"settings_can_manage_settings_main": "Can manage main settings?",
"settings_can_manage_settings_security": "Can manage security settings?",
"settings_can_manage_settings_metadata": "Can manage metadata settings?",
"settings_can_manage_settings_email": "Can manage email settings?",
"settings_can_manage_settings_authorization": "Can manage authorization settings?",
"settings_can_manage_settings_legal": "Can manage legal settings?",
"settings_can_manage_settings_ai": "Can manage AI settings?"
"can_manage_settings_main": "Can manage main settings?",
"can_manage_settings_security": "Can manage security settings?",
"can_manage_settings_metadata": "Can manage metadata settings?",
"can_manage_settings_email": "Can manage email settings?",
"can_manage_settings_authorization": "Can manage authorization settings?",
"can_manage_settings_legal": "Can manage legal settings?",
"can_manage_settings_ai": "Can manage AI settings?",
"can_manage_plugins": "Can manage plugins?",
"styles": "Styles",
"can_manage_styles_theme-editor": "Can manage theme editor?",
"can_manage_styles_nav": "Can manage navigation?",
"can_manage_styles_editor": "Can manage editor?",
"can_manage_langs": "Can manage languages?",
"advanced": "Advanced",
"can_manage_advanced_files": "Can manage files?"
}
},
"admin_members": {
Expand All @@ -352,6 +360,13 @@
"staff": "Staff",
"staff_moderators": "Moderators",
"staff_administrators": "Administrators"
},
"admin_permissions": {
"users": "Users",
"can_manage_users": "Can manage users?",
"can_manage_groups": "Can manage groups?",
"staff": "Staff",
"can_manage_staff_administrators": "Can manage administrators?"
}
}
}
3 changes: 2 additions & 1 deletion packages/backend-ai-google/.swcrc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,5 +15,6 @@
},
"module": {
"type": "commonjs"
}
},
"minify": true
}
3 changes: 2 additions & 1 deletion packages/backend-ai-open-ai/.swcrc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,5 +15,6 @@
},
"module": {
"type": "commonjs"
}
},
"minify": true
}
3 changes: 2 additions & 1 deletion packages/backend-email-resend/.swcrc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,5 +15,6 @@
},
"module": {
"type": "commonjs"
}
},
"minify": true
}
3 changes: 2 additions & 1 deletion packages/backend-email-smtp/.swcrc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,5 +15,6 @@
},
"module": {
"type": "commonjs"
}
},
"minify": true
}
3 changes: 2 additions & 1 deletion packages/backend/.swcrc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,5 +15,6 @@
},
"module": {
"type": "commonjs"
}
},
"minify": true
}
8 changes: 8 additions & 0 deletions packages/backend/src/core/admin/ai/test/test.resolver.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
import { AdminAuthGuards, AdminPermission } from '@/utils';
import { UseGuards } from '@nestjs/common';
import { Args, Mutation, Resolver } from '@nestjs/graphql';

import { TestAdminCoreAiService } from './test.service';
Expand All @@ -7,6 +9,12 @@ export class TestAdminCoreAiResolver {
constructor(private readonly service: TestAdminCoreAiService) {}

@Mutation(() => String)
@UseGuards(AdminAuthGuards)
@AdminPermission({
plugin_code: 'core',
group: 'settings',
permission: 'can_manage_settings_ai',
})
async admin__core_ai__test(
@Args('prompt', { type: () => String }) prompt: string,
): Promise<string> {
Expand Down
7 changes: 6 additions & 1 deletion packages/backend/src/core/admin/email/logs/logs.resolver.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
import { AdminAuthGuards } from '@/utils';
import { AdminAuthGuards, AdminPermission } from '@/utils';
import { UseGuards } from '@nestjs/common';
import { Args, Query, Resolver } from '@nestjs/graphql';

Expand All @@ -11,6 +11,11 @@ export class LogsAdminEmailResolver {

@Query(() => LogsAdminEmailObj)
@UseGuards(AdminAuthGuards)
@AdminPermission({
plugin_code: 'core',
group: 'settings',
permission: 'can_manage_settings_email',
})
async admin__core_email__logs(
@Args() args: LogsAdminEmailArgs,
): Promise<LogsAdminEmailObj> {
Expand Down
7 changes: 6 additions & 1 deletion packages/backend/src/core/admin/email/settings/edit/edit.resolver.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
import { AdminAuthGuards } from '@/utils';
import { AdminAuthGuards, AdminPermission } from '@/utils';
import { UseGuards } from '@nestjs/common';
import { Args, Mutation, Resolver } from '@nestjs/graphql';

Expand All @@ -12,6 +12,11 @@ export class EditAdminEmailSettingsResolver {

@Mutation(() => ShowAdminEmailSettingsServiceObj)
@UseGuards(AdminAuthGuards)
@AdminPermission({
plugin_code: 'core',
group: 'settings',
permission: 'can_manage_settings_email',
})
async admin__core_email_settings__edit(
@Args() args: EditAdminEmailSettingsServiceArgs,
): Promise<ShowAdminEmailSettingsServiceObj> {
Expand Down
8 changes: 5 additions & 3 deletions packages/backend/src/core/admin/email/settings/edit/edit.service.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
import { FilesService } from '@/core/files/helpers/upload/upload.service';
import { InternalServerError } from '@/errors';
import { configPath, ConfigType, getConfigFile } from '@/providers/config';
import { Injectable } from '@nestjs/common';
import * as fs from 'fs';
Expand Down Expand Up @@ -53,7 +52,10 @@ export class EditAdminEmailSettingsService {

fs.writeFileSync(configPath, JSON.stringify(newData, null, 2), 'utf8');

// Still here? Something went wrong
throw new InternalServerError();
return {
color_primary,
is_enabled: true,
logo: newData.settings.email.logo,
};
}
}
7 changes: 6 additions & 1 deletion packages/backend/src/core/admin/email/settings/show/show.resolver.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
import { AdminAuthGuards } from '@/utils';
import { AdminAuthGuards, AdminPermission } from '@/utils';
import { UseGuards } from '@nestjs/common';
import { Query, Resolver } from '@nestjs/graphql';

Expand All @@ -11,6 +11,11 @@ export class ShowAdminEmailSettingsResolver {

@Query(() => ShowAdminEmailSettingsServiceObj)
@UseGuards(AdminAuthGuards)
@AdminPermission({
plugin_code: 'core',
group: 'settings',
permission: 'can_manage_settings_email',
})
admin__core_email_settings__show(): ShowAdminEmailSettingsServiceObj {
return this.service.show();
}
Expand Down
7 changes: 6 additions & 1 deletion packages/backend/src/core/admin/email/settings/test/test.resolver.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
import { CurrentUser, User } from '@/decorators';
import { AdminAuthGuards } from '@/utils';
import { AdminAuthGuards, AdminPermission } from '@/utils';
import { UseGuards } from '@nestjs/common';
import { Args, Mutation, Resolver } from '@nestjs/graphql';

Expand All @@ -12,6 +12,11 @@ export class TestAdminEmailSettingsResolver {

@Mutation(() => String)
@UseGuards(AdminAuthGuards)
@AdminPermission({
plugin_code: 'core',
group: 'settings',
permission: 'can_manage_settings_email',
})
async admin__core_email_settings__test(
@Args() args: TestAdminEmailSettingsServiceArgs,
@CurrentUser() user: User,
Expand Down
7 changes: 6 additions & 1 deletion packages/backend/src/core/admin/files/delete/delete.resolver.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
import { AdminAuthGuards } from '@/utils';
import { AdminAuthGuards, AdminPermission } from '@/utils';
import { UseGuards } from '@nestjs/common';
import { Args, Int, Mutation, Resolver } from '@nestjs/graphql';

Expand All @@ -10,6 +10,11 @@ export class DeleteAdminFilesResolver {

@Mutation(() => String)
@UseGuards(AdminAuthGuards)
@AdminPermission({
plugin_code: 'core',
group: 'files',
permission: 'can_manage_files',
})
async admin__core_files__delete(
@Args('id', { type: () => Int }) id: number,
): Promise<string> {
Expand Down
Loading