Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor api key permissions #361

Draft
wants to merge 34 commits into
base: main
Choose a base branch
from
Draft

Refactor api key permissions #361

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
34 commits
Select commit Hold shift + click to select a range
58d172d
use RESOURCE_NAME for requests
Boy132 Jun 10, 2024
abaab2e
use RESOURCE_NAME for transformers
Boy132 Jun 10, 2024
3bf142c
add permissions field to api key
Boy132 Jun 10, 2024
f6a229c
add migration for new permissions field
Boy132 Jun 10, 2024
df7cd60
update tests
Boy132 Jun 10, 2024
ede3a57
remove debug log
Boy132 Jun 10, 2024
8e208c9
set column type to "json"
Boy132 Jun 10, 2024
2c05a6e
remove default attribute to fix tests
Boy132 Jun 10, 2024
19c6545
fix default value for permissions
Boy132 Jun 10, 2024
897af7b
Merge branch 'pelican-dev:main' into api-revamp/permissions
Boy132 Jun 10, 2024
feb0bd8
Merge branch 'main' into api-revamp/permissions
Boy132 Jun 13, 2024
9ebd093
fix after merge
Boy132 Jun 13, 2024
d1a072f
Merge branch 'pelican-dev:main' into api-revamp/permissions
Boy132 Jun 17, 2024
f2cb748
Merge branch 'pelican-dev:main' into api-revamp/permissions
Boy132 Jun 21, 2024
df3759b
Merge branch 'pelican-dev:main' into api-revamp/permissions
Boy132 Jun 26, 2024
71fbc32
Merge branch 'refs/heads/main' into api-revamp/permissions
Boy132 Jul 3, 2024
6b36258
Merge branch 'pelican-dev:main' into api-revamp/permissions
Boy132 Jul 4, 2024
01d53d4
Merge branch 'pelican-dev:main' into api-revamp/permissions
Boy132 Jul 8, 2024
9574f12
Merge branch 'pelican-dev:main' into api-revamp/permissions
Boy132 Jul 16, 2024
d587e82
Merge branch 'pelican-dev:main' into api-revamp/permissions
Boy132 Jul 20, 2024
2b03dac
fix after merge
Boy132 Jul 22, 2024
3e3edaf
Merge branch 'pelican-dev:main' into api-revamp/permissions
Boy132 Jul 23, 2024
268c46a
Merge branch 'pelican-dev:main' into api-revamp/permissions
Boy132 Aug 1, 2024
b667256
Merge branch 'pelican-dev:main' into api-revamp/permissions
Boy132 Aug 12, 2024
d9efa3c
Merge branch 'pelican-dev:main' into api-revamp/permissions
Boy132 Aug 19, 2024
d9dd303
allow to "register" custom permissions
Boy132 Aug 22, 2024
3f0acce
Merge branch 'pelican-dev:main' into api-revamp/permissions
Boy132 Sep 9, 2024
1261a8c
Merge branch 'main' into api-revamp/permissions
Boy132 Sep 27, 2024
8f608de
add "role" to default resource names
Boy132 Sep 27, 2024
9ae512f
fix after merge
Boy132 Sep 27, 2024
61674d4
Merge branch 'pelican-dev:main' into api-revamp/permissions
Boy132 Oct 10, 2024
f41ab43
Merge branch 'main' into api-revamp/permissions
Boy132 Oct 22, 2024
3cac310
fix phpstan
Boy132 Oct 22, 2024
3b3cf5a
Merge branch 'main' into api-revamp/permissions
Boy132 Oct 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 18 additions & 1 deletion app/Filament/Resources/ApiKeyResource/Pages/CreateApiKey.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
use Filament\Forms\Components\ToggleButtons;
use Filament\Forms\Form;
use Filament\Resources\Pages\CreateRecord;
use Illuminate\Database\Eloquent\Model;

class CreateApiKey extends CreateRecord
{
Expand Down Expand Up @@ -41,7 +42,7 @@ public function form(Form $form): Form
'md' => 2,
])
->schema(
collect(ApiKey::RESOURCES)->map(fn ($resource) => ToggleButtons::make("r_$resource")
collect(ApiKey::getPermissionList())->map(fn ($resource) => ToggleButtons::make('permissions_' . $resource)
->label(str($resource)->replace('_', ' ')->title())->inline()
->options([
0 => 'None',
Expand Down Expand Up @@ -87,4 +88,20 @@ public function form(Form $form): Form
->columnSpanFull(),
]);
}

protected function handleRecordCreation(array $data): Model
{
$permissions = [];

foreach (ApiKey::getPermissionList() as $permission) {
if (isset($data['permissions_' . $permission])) {
$permissions[$permission] = intval($data['permissions_' . $permission]);
unset($data['permissions_' . $permission]);
}
}

$data['permissions'] = $permissions;

return parent::handleRecordCreation($data);
}
}
16 changes: 9 additions & 7 deletions app/Http/Requests/Admin/Api/StoreApplicationApiKeyRequest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@
namespace App\Http\Requests\Admin\Api;

use App\Models\ApiKey;
use App\Services\Acl\Api\AdminAcl;
use App\Http\Requests\Admin\AdminFormRequest;

class StoreApplicationApiKeyRequest extends AdminFormRequest
Expand All @@ -16,9 +15,12 @@ public function rules(): array
{
$modelRules = ApiKey::getRules();

return collect(AdminAcl::getResourceList())->mapWithKeys(function ($resource) use ($modelRules) {
return [AdminAcl::COLUMN_IDENTIFIER . $resource => $modelRules['r_' . $resource]];
})->merge(['memo' => $modelRules['memo']])->toArray();
$rules = [
'memo' => $modelRules['memo'],
'permissions' => $modelRules['permissions'],
];

return $rules;
}

public function attributes(): array
Expand All @@ -30,8 +32,8 @@ public function attributes(): array

public function getKeyPermissions(): array
{
return collect($this->validated())->filter(function ($value, $key) {
return substr($key, 0, strlen(AdminAcl::COLUMN_IDENTIFIER)) === AdminAcl::COLUMN_IDENTIFIER;
})->toArray();
$data = $this->validated();

return array_keys($data['permissions']);
}
}
3 changes: 2 additions & 1 deletion app/Http/Requests/Api/Application/Allocations/DeleteAllocationRequest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,11 @@

use App\Services\Acl\Api\AdminAcl;
use App\Http\Requests\Api\Application\ApplicationApiRequest;
use App\Models\Allocation;

class DeleteAllocationRequest extends ApplicationApiRequest
{
protected ?string $resource = AdminAcl::RESOURCE_ALLOCATIONS;
protected ?string $resource = Allocation::RESOURCE_NAME;

protected int $permission = AdminAcl::WRITE;
}
3 changes: 2 additions & 1 deletion app/Http/Requests/Api/Application/Allocations/GetAllocationsRequest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,11 @@

use App\Services\Acl\Api\AdminAcl;
use App\Http\Requests\Api\Application\ApplicationApiRequest;
use App\Models\Allocation;

class GetAllocationsRequest extends ApplicationApiRequest
{
protected ?string $resource = AdminAcl::RESOURCE_ALLOCATIONS;
protected ?string $resource = Allocation::RESOURCE_NAME;

protected int $permission = AdminAcl::READ;
}
3 changes: 2 additions & 1 deletion app/Http/Requests/Api/Application/Allocations/StoreAllocationRequest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,11 @@

use App\Services\Acl\Api\AdminAcl;
use App\Http\Requests\Api\Application\ApplicationApiRequest;
use App\Models\Allocation;

class StoreAllocationRequest extends ApplicationApiRequest
{
protected ?string $resource = AdminAcl::RESOURCE_ALLOCATIONS;
protected ?string $resource = Allocation::RESOURCE_NAME;

protected int $permission = AdminAcl::WRITE;

Expand Down
3 changes: 2 additions & 1 deletion app/Http/Requests/Api/Application/DatabaseHosts/DeleteDatabaseHostRequest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,11 @@

use App\Services\Acl\Api\AdminAcl;
use App\Http\Requests\Api\Application\ApplicationApiRequest;
use App\Models\DatabaseHost;

class DeleteDatabaseHostRequest extends ApplicationApiRequest
{
protected ?string $resource = AdminAcl::RESOURCE_DATABASE_HOSTS;
protected ?string $resource = DatabaseHost::RESOURCE_NAME;

protected int $permission = AdminAcl::WRITE;
}
3 changes: 2 additions & 1 deletion app/Http/Requests/Api/Application/DatabaseHosts/GetDatabaseHostRequest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,11 @@

use App\Services\Acl\Api\AdminAcl;
use App\Http\Requests\Api\Application\ApplicationApiRequest;
use App\Models\DatabaseHost;

class GetDatabaseHostRequest extends ApplicationApiRequest
{
protected ?string $resource = AdminAcl::RESOURCE_DATABASE_HOSTS;
protected ?string $resource = DatabaseHost::RESOURCE_NAME;

protected int $permission = AdminAcl::READ;
}
2 changes: 1 addition & 1 deletion app/Http/Requests/Api/Application/DatabaseHosts/StoreDatabaseHostRequest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@

class StoreDatabaseHostRequest extends ApplicationApiRequest
{
protected ?string $resource = AdminAcl::RESOURCE_DATABASE_HOSTS;
protected ?string $resource = DatabaseHost::RESOURCE_NAME;

protected int $permission = AdminAcl::WRITE;

Expand Down
3 changes: 2 additions & 1 deletion app/Http/Requests/Api/Application/Eggs/GetEggRequest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,11 @@

use App\Http\Requests\Api\Application\ApplicationApiRequest;
use App\Services\Acl\Api\AdminAcl;
use App\Models\Egg;

class GetEggRequest extends ApplicationApiRequest
{
protected ?string $resource = AdminAcl::RESOURCE_EGGS;
protected ?string $resource = Egg::RESOURCE_NAME;

protected int $permission = AdminAcl::READ;
}
3 changes: 2 additions & 1 deletion app/Http/Requests/Api/Application/Eggs/GetEggsRequest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,11 @@

use App\Http\Requests\Api\Application\ApplicationApiRequest;
use App\Services\Acl\Api\AdminAcl;
use App\Models\Egg;

class GetEggsRequest extends ApplicationApiRequest
{
protected ?string $resource = AdminAcl::RESOURCE_EGGS;
protected ?string $resource = Egg::RESOURCE_NAME;

protected int $permission = AdminAcl::READ;
}
3 changes: 2 additions & 1 deletion app/Http/Requests/Api/Application/Mounts/DeleteMountRequest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,11 @@

use App\Services\Acl\Api\AdminAcl;
use App\Http\Requests\Api\Application\ApplicationApiRequest;
use App\Models\Mount;

class DeleteMountRequest extends ApplicationApiRequest
{
protected ?string $resource = AdminAcl::RESOURCE_MOUNTS;
protected ?string $resource = Mount::RESOURCE_NAME;

protected int $permission = AdminAcl::WRITE;
}
3 changes: 2 additions & 1 deletion app/Http/Requests/Api/Application/Mounts/GetMountRequest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,11 @@

use App\Services\Acl\Api\AdminAcl;
use App\Http\Requests\Api\Application\ApplicationApiRequest;
use App\Models\Mount;

class GetMountRequest extends ApplicationApiRequest
{
protected ?string $resource = AdminAcl::RESOURCE_MOUNTS;
protected ?string $resource = Mount::RESOURCE_NAME;

protected int $permission = AdminAcl::READ;
}
3 changes: 2 additions & 1 deletion app/Http/Requests/Api/Application/Mounts/StoreMountRequest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,11 @@

use App\Services\Acl\Api\AdminAcl;
use App\Http\Requests\Api\Application\ApplicationApiRequest;
use App\Models\Mount;

class StoreMountRequest extends ApplicationApiRequest
{
protected ?string $resource = AdminAcl::RESOURCE_MOUNTS;
protected ?string $resource = Mount::RESOURCE_NAME;

protected int $permission = AdminAcl::WRITE;
}
3 changes: 2 additions & 1 deletion app/Http/Requests/Api/Application/Nodes/DeleteNodeRequest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,11 @@

use App\Services\Acl\Api\AdminAcl;
use App\Http\Requests\Api\Application\ApplicationApiRequest;
use App\Models\Node;

class DeleteNodeRequest extends ApplicationApiRequest
{
protected ?string $resource = AdminAcl::RESOURCE_NODES;
protected ?string $resource = Node::RESOURCE_NAME;

protected int $permission = AdminAcl::WRITE;
}
3 changes: 2 additions & 1 deletion app/Http/Requests/Api/Application/Nodes/GetNodesRequest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,11 @@

use App\Services\Acl\Api\AdminAcl;
use App\Http\Requests\Api\Application\ApplicationApiRequest;
use App\Models\Node;

class GetNodesRequest extends ApplicationApiRequest
{
protected ?string $resource = AdminAcl::RESOURCE_NODES;
protected ?string $resource = Node::RESOURCE_NAME;

protected int $permission = AdminAcl::READ;
}
2 changes: 1 addition & 1 deletion app/Http/Requests/Api/Application/Nodes/StoreNodeRequest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@

class StoreNodeRequest extends ApplicationApiRequest
{
protected ?string $resource = AdminAcl::RESOURCE_NODES;
protected ?string $resource = Node::RESOURCE_NAME;

protected int $permission = AdminAcl::WRITE;

Expand Down
3 changes: 2 additions & 1 deletion app/Http/Requests/Api/Application/Roles/DeleteRoleRequest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,11 @@

use App\Services\Acl\Api\AdminAcl;
use App\Http\Requests\Api\Application\ApplicationApiRequest;
use App\Models\Role;

class DeleteRoleRequest extends ApplicationApiRequest
{
protected ?string $resource = AdminAcl::RESOURCE_ROLES;
protected ?string $resource = Role::RESOURCE_NAME;

protected int $permission = AdminAcl::WRITE;
}
3 changes: 2 additions & 1 deletion app/Http/Requests/Api/Application/Roles/GetRoleRequest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,11 @@

use App\Services\Acl\Api\AdminAcl;
use App\Http\Requests\Api\Application\ApplicationApiRequest;
use App\Models\Role;

class GetRoleRequest extends ApplicationApiRequest
{
protected ?string $resource = AdminAcl::RESOURCE_ROLES;
protected ?string $resource = Role::RESOURCE_NAME;

protected int $permission = AdminAcl::READ;
}
3 changes: 2 additions & 1 deletion app/Http/Requests/Api/Application/Roles/StoreRoleRequest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,11 @@

use App\Services\Acl\Api\AdminAcl;
use App\Http\Requests\Api\Application\ApplicationApiRequest;
use App\Models\Role;

class StoreRoleRequest extends ApplicationApiRequest
{
protected ?string $resource = AdminAcl::RESOURCE_ROLES;
protected ?string $resource = Role::RESOURCE_NAME;

protected int $permission = AdminAcl::WRITE;

Expand Down
3 changes: 2 additions & 1 deletion app/Http/Requests/Api/Application/Servers/Databases/GetServerDatabaseRequest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,11 @@

use App\Services\Acl\Api\AdminAcl;
use App\Http\Requests\Api\Application\ApplicationApiRequest;
use App\Models\Database;

class GetServerDatabaseRequest extends ApplicationApiRequest
{
protected ?string $resource = AdminAcl::RESOURCE_SERVER_DATABASES;
protected ?string $resource = Database::RESOURCE_NAME;

protected int $permission = AdminAcl::READ;
}
3 changes: 2 additions & 1 deletion app/Http/Requests/Api/Application/Servers/Databases/GetServerDatabasesRequest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,11 @@

use App\Services\Acl\Api\AdminAcl;
use App\Http\Requests\Api\Application\ApplicationApiRequest;
use App\Models\Database;

class GetServerDatabasesRequest extends ApplicationApiRequest
{
protected ?string $resource = AdminAcl::RESOURCE_SERVER_DATABASES;
protected ?string $resource = Database::RESOURCE_NAME;

protected int $permission = AdminAcl::READ;
}
3 changes: 2 additions & 1 deletion app/Http/Requests/Api/Application/Servers/Databases/StoreServerDatabaseRequest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,10 +9,11 @@
use App\Services\Acl\Api\AdminAcl;
use App\Services\Databases\DatabaseManagementService;
use App\Http\Requests\Api\Application\ApplicationApiRequest;
use App\Models\Database;

class StoreServerDatabaseRequest extends ApplicationApiRequest
{
protected ?string $resource = AdminAcl::RESOURCE_SERVER_DATABASES;
protected ?string $resource = Database::RESOURCE_NAME;

protected int $permission = AdminAcl::WRITE;

Expand Down
3 changes: 2 additions & 1 deletion app/Http/Requests/Api/Application/Servers/GetExternalServerRequest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,11 @@

use App\Services\Acl\Api\AdminAcl;
use App\Http\Requests\Api\Application\ApplicationApiRequest;
use App\Models\Server;

class GetExternalServerRequest extends ApplicationApiRequest
{
protected ?string $resource = AdminAcl::RESOURCE_SERVERS;
protected ?string $resource = Server::RESOURCE_NAME;

protected int $permission = AdminAcl::READ;
}
3 changes: 2 additions & 1 deletion app/Http/Requests/Api/Application/Servers/GetServerRequest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,11 @@

use App\Services\Acl\Api\AdminAcl;
use App\Http\Requests\Api\Application\ApplicationApiRequest;
use App\Models\Server;

class GetServerRequest extends ApplicationApiRequest
{
protected ?string $resource = AdminAcl::RESOURCE_SERVERS;
protected ?string $resource = Server::RESOURCE_NAME;

protected int $permission = AdminAcl::READ;
}
3 changes: 2 additions & 1 deletion app/Http/Requests/Api/Application/Servers/ServerWriteRequest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,11 @@

use App\Services\Acl\Api\AdminAcl;
use App\Http\Requests\Api\Application\ApplicationApiRequest;
use App\Models\Server;

class ServerWriteRequest extends ApplicationApiRequest
{
protected ?string $resource = AdminAcl::RESOURCE_SERVERS;
protected ?string $resource = Server::RESOURCE_NAME;

protected int $permission = AdminAcl::WRITE;
}
2 changes: 1 addition & 1 deletion app/Http/Requests/Api/Application/Servers/StoreServerRequest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@

class StoreServerRequest extends ApplicationApiRequest
{
protected ?string $resource = AdminAcl::RESOURCE_SERVERS;
protected ?string $resource = Server::RESOURCE_NAME;

protected int $permission = AdminAcl::WRITE;

Expand Down
2 changes: 1 addition & 1 deletion app/Http/Requests/Api/Application/Servers/UpdateServerStartupRequest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@

class UpdateServerStartupRequest extends ApplicationApiRequest
{
protected ?string $resource = AdminAcl::RESOURCE_SERVERS;
protected ?string $resource = Server::RESOURCE_NAME;

protected int $permission = AdminAcl::WRITE;

Expand Down
3 changes: 2 additions & 1 deletion app/Http/Requests/Api/Application/Users/DeleteUserRequest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,11 @@

use App\Services\Acl\Api\AdminAcl;
use App\Http\Requests\Api\Application\ApplicationApiRequest;
use App\Models\User;

class DeleteUserRequest extends ApplicationApiRequest
{
protected ?string $resource = AdminAcl::RESOURCE_USERS;
protected ?string $resource = User::RESOURCE_NAME;

protected int $permission = AdminAcl::WRITE;
}
Loading
Loading