Took another whack at permissions.
git-svn-id: https://www.unprompted.com/svn/projects/tildefriends/trunk@3958 ed5197a5-7fde-0310-b194-c3ffbd925b24
This commit is contained in:
parent
fc9c3982c2
commit
3464f1d189
@ -1 +1 @@
|
||||
{"type":"tildefriends-app","files":{"app.js":"&NhFznWHPiG2TKpaGK+DrqzCr67trV3wYgDS+xwZml+Q=.sha256","index.html":"&PrdNng+/SYCFSEbx+E7tMKxs4/ypPDxbRlak4tGN/SM=.sha256","lit.min.js":"&3FfrVflmGr0n4lvN0GriN1Qz1lEw31SbZxRSJrcXR28=.sha256","script.js":"&hgxmXRvzwz27iH2BATFq20aLX4rtvL/AI/5QJV487XM=.sha256"}}
|
||||
{"type":"tildefriends-app","files":{"app.js":"&ONpfDPCOakAWKWw0vPwQGPqMPbFNxZR/DOhIEQtK7Ac=.sha256","index.html":"&PrdNng+/SYCFSEbx+E7tMKxs4/ypPDxbRlak4tGN/SM=.sha256","lit.min.js":"&3FfrVflmGr0n4lvN0GriN1Qz1lEw31SbZxRSJrcXR28=.sha256","script.js":"&hgxmXRvzwz27iH2BATFq20aLX4rtvL/AI/5QJV487XM=.sha256"}}
|
@ -5,7 +5,8 @@ tfrpc.register(function delete_user(user) {
|
||||
});
|
||||
|
||||
async function main() {
|
||||
let data = {users: {}};
|
||||
let data = {users: {}, granted: await core.allPermissionsGranted()};
|
||||
print(JSON.stringify(data));
|
||||
for (let user of await core.users()) {
|
||||
data.users[user] = await core.permissionsForUser(user);
|
||||
}
|
||||
|
@ -1 +1 @@
|
||||
{"type":"tildefriends-app","files":{"app.js":"&W/og3+Bmi2YJJ9PudClLLIhK5ZgplUMpsOowSF5o05s=.sha256","index.html":"&ye2GeqCrDi3Dbl3UVIfE8H5GzCxN8O46FWj5zhLnZAw=.sha256","vue-material.js":"&K5cdLqXYCENPak/TCINHQhyJhpS4G9DlZHGwoh/LF2g=.sha256","tf-user.js":"&cI/JLy83mOngcqYCEP8Vej8urDvAQAV1WxFsL67/K3M=.sha256","tf-message.js":"&JVARtJEQkq3XjjL0Jv/NUDkO2WZnXGIqkWsqYvTPXBI=.sha256","tf.js":"&m6it9k3I6Ou1xhckbtoMlAg9Y1tca5HV9GUmuFqPD7k=.sha256","commonmark.min.js":"&EP0OeR9zyLwZannz+0ga4s9AGES2RLvvIIQYHqqV6+k=.sha256","vue.js":"&g1wvA+yHl1sVC+eufTsg9If7ZeVyMTBU+h0tks7ZNzE=.sha256","vue-material-theme-default-dark.css":"&RP2nr+2CR18BpHHw5ST9a5GJUCOG9n0G2kuGkcQioWE=.sha256","vue-material.min.css":"&kGbUM2QgFSyHZRzqQb0b+0S3EVIlZ0AXpdiAVjIhou8=.sha256","roboto.css":"&jJv43Om673mQO5JK0jj7714s5E+5Yrf82H6LcDx7wUs=.sha256","material-icons.css":"&a28PdcVvgq/DxyIvJAx/e+ZOEtOuHnr3kjLWKyzH11M=.sha256","tf-shared.js":"&LXyUSm6zSakN/ghJlZ1Qg2VJfV5alhN0gl8F7txIIOU=.sha256","style.css":"&qegBNCrVUihxffRUxGFuG/6u+0Y6d18zHtfNHBZtZ04=.sha256"}}
|
||||
{"type":"tildefriends-app","files":{"app.js":"&W/og3+Bmi2YJJ9PudClLLIhK5ZgplUMpsOowSF5o05s=.sha256","index.html":"&ye2GeqCrDi3Dbl3UVIfE8H5GzCxN8O46FWj5zhLnZAw=.sha256","vue-material.js":"&K5cdLqXYCENPak/TCINHQhyJhpS4G9DlZHGwoh/LF2g=.sha256","tf-user.js":"&cI/JLy83mOngcqYCEP8Vej8urDvAQAV1WxFsL67/K3M=.sha256","tf-message.js":"&JVARtJEQkq3XjjL0Jv/NUDkO2WZnXGIqkWsqYvTPXBI=.sha256","tf.js":"&WVJ7+D8VMeU7+yRnD3hDsmm2nIKZtO8WKIdB0v+GU14=.sha256","commonmark.min.js":"&EP0OeR9zyLwZannz+0ga4s9AGES2RLvvIIQYHqqV6+k=.sha256","vue.js":"&g1wvA+yHl1sVC+eufTsg9If7ZeVyMTBU+h0tks7ZNzE=.sha256","vue-material-theme-default-dark.css":"&RP2nr+2CR18BpHHw5ST9a5GJUCOG9n0G2kuGkcQioWE=.sha256","vue-material.min.css":"&kGbUM2QgFSyHZRzqQb0b+0S3EVIlZ0AXpdiAVjIhou8=.sha256","roboto.css":"&jJv43Om673mQO5JK0jj7714s5E+5Yrf82H6LcDx7wUs=.sha256","material-icons.css":"&a28PdcVvgq/DxyIvJAx/e+ZOEtOuHnr3kjLWKyzH11M=.sha256","tf-shared.js":"&LXyUSm6zSakN/ghJlZ1Qg2VJfV5alhN0gl8F7txIIOU=.sha256","style.css":"&qegBNCrVUihxffRUxGFuG/6u+0Y6d18zHtfNHBZtZ04=.sha256"}}
|
@ -178,8 +178,7 @@ window.addEventListener('load', function() {
|
||||
data: g_data,
|
||||
watch: {
|
||||
whoami: function(newValue, oldValue) {
|
||||
let self = this;
|
||||
setTimeout(function() { self.set_hash(); }, 100);
|
||||
tfrpc.rpc.refresh(newValue, this.selected, true);
|
||||
},
|
||||
selected: function(newValue, oldValue) {
|
||||
let self = this;
|
||||
|
@ -158,8 +158,6 @@ function socket(request, response, client) {
|
||||
if (process) {
|
||||
core.enableStats(process, message.enabled);
|
||||
}
|
||||
} else if (message.action == 'permission') {
|
||||
core.setPermission(process, message.id, message.granted);
|
||||
} else if (message.message == 'tfrpc') {
|
||||
if (message.id && g_calls[message.id]) {
|
||||
if (message.error !== undefined) {
|
||||
|
@ -479,23 +479,25 @@ function api_requestPermission(permission, id) {
|
||||
},
|
||||
];
|
||||
|
||||
div = document.createElement('div');
|
||||
for (let option of k_options) {
|
||||
let button = document.createElement('button');
|
||||
button.innerText = option.text;
|
||||
button.onclick = function() {
|
||||
send({action: 'permission', id: id, granted: option.grant[check.checked ? 1 : 0]});
|
||||
while (permissions.firstChild) {
|
||||
permissions.removeChild(permissions.firstChild);
|
||||
return new Promise(function(resolve, reject) {
|
||||
div = document.createElement('div');
|
||||
for (let option of k_options) {
|
||||
let button = document.createElement('button');
|
||||
button.innerText = option.text;
|
||||
button.onclick = function() {
|
||||
resolve(option.grant[check.checked ? 1 : 0]);
|
||||
while (permissions.firstChild) {
|
||||
permissions.removeChild(permissions.firstChild);
|
||||
}
|
||||
permissions.style.visibility = 'hidden';
|
||||
}
|
||||
permissions.style.visibility = 'hidden';
|
||||
div.appendChild(button);
|
||||
}
|
||||
div.appendChild(button);
|
||||
}
|
||||
container.appendChild(div);
|
||||
container.appendChild(div);
|
||||
|
||||
permissions.appendChild(container);
|
||||
permissions.style.visibility = 'visible';
|
||||
permissions.appendChild(container);
|
||||
permissions.style.visibility = 'visible';
|
||||
});
|
||||
}
|
||||
|
||||
function receive(message) {
|
||||
|
62
core/core.js
62
core/core.js
@ -149,8 +149,6 @@ async function getProcessBlob(blobId, key, options) {
|
||||
process.task = null;
|
||||
delete gProcesses[key];
|
||||
};
|
||||
process.promises = {};
|
||||
process.nextPromise = 1;
|
||||
var imports = {
|
||||
'core': {
|
||||
'broadcast': broadcast.bind(process),
|
||||
@ -179,51 +177,65 @@ async function getProcessBlob(blobId, key, options) {
|
||||
return [];
|
||||
}
|
||||
},
|
||||
'permissionsGranted': function() {
|
||||
let user = process?.credentials?.session?.name;
|
||||
if (user &&
|
||||
options?.packageOwner &&
|
||||
options?.packageName &&
|
||||
gGlobalSettings.userPermissions &&
|
||||
gGlobalSettings.userPermissions[user] &&
|
||||
gGlobalSettings.userPermissions[user][options.packageOwner]) {
|
||||
return gGlobalSettings.userPermissions[user][options.packageOwner][options.packageName];
|
||||
}
|
||||
},
|
||||
'allPermissionsGranted': function() {
|
||||
let user = process?.credentials?.session?.name;
|
||||
if (user &&
|
||||
options?.packageOwner &&
|
||||
options?.packageName &&
|
||||
gGlobalSettings.userPermissions &&
|
||||
gGlobalSettings.userPermissions[user]) {
|
||||
return gGlobalSettings.userPermissions[user];
|
||||
}
|
||||
},
|
||||
'permissionsForUser': function(user) {
|
||||
return (gGlobalSettings?.permissions ? gGlobalSettings.permissions[user] : []) ?? [];
|
||||
},
|
||||
'apps': user => getApps(user, process),
|
||||
'getSockets': getSockets,
|
||||
'permissionTest': function(permission) {
|
||||
let id = process.nextPromise++;
|
||||
let promise = new Promise(function(resolve, reject) {
|
||||
process.promises[id] = {resolve: resolve, reject: reject};
|
||||
});
|
||||
let user = process?.credentials?.session?.name;
|
||||
if (!user || !options?.packageOwner || !options?.packageName) {
|
||||
process.promises[id].reject(false);
|
||||
return;
|
||||
} else if (gGlobalSettings.userPermissions &&
|
||||
gGlobalSettings.userPermissions[user] &&
|
||||
gGlobalSettings.userPermissions[user][options.packageOwner] &&
|
||||
gGlobalSettings.userPermissions[user][options.packageOwner][options.packageName] &&
|
||||
gGlobalSettings.userPermissions[user][options.packageOwner][options.packageName][permission] !== undefined) {
|
||||
if (gGlobalSettings.userPermissions[user][options.packageOwner][options.packageName][permission]) {
|
||||
process.promises[id].resolve(true);
|
||||
return true;
|
||||
} else {
|
||||
process.promises[id].reject(false);
|
||||
return false;
|
||||
}
|
||||
|
||||
} else {
|
||||
process.app.send({action: 'requestPermission', permission: permission, id: id});
|
||||
promise.then(function(value) {
|
||||
return process.app.makeFunction(['requestPermission'])(permission).then(function(value) {
|
||||
if (value == 'allow') {
|
||||
storePermission(user, options.packageOwner, options.packageName, permission, true);
|
||||
return true;
|
||||
} else if (value == 'allow once') {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}).catch(function(value) {
|
||||
if (value == 'deny') {
|
||||
} else if (value == 'deny') {
|
||||
storePermission(user, options.packageOwner, options.packageName, permission, false);
|
||||
return false;
|
||||
} else if (value == 'deny once') {
|
||||
return false;
|
||||
}
|
||||
return false;
|
||||
}).catch(function() {
|
||||
return false;
|
||||
});
|
||||
}
|
||||
return promise;
|
||||
},
|
||||
}
|
||||
};
|
||||
@ -284,7 +296,11 @@ async function getProcessBlob(blobId, key, options) {
|
||||
if (process.credentials &&
|
||||
process.credentials.session &&
|
||||
process.credentials.session.name) {
|
||||
return ssb.appendMessageWithIdentity(process.credentials.session.name, id, message);
|
||||
return imports.core.permissionTest('ssb_append').then(function(value) {
|
||||
if (value) {
|
||||
return ssb.appendMessageWithIdentity(process.credentials.session.name, id, message);
|
||||
}
|
||||
});
|
||||
}
|
||||
};
|
||||
delete imports.ssb.addRpc;
|
||||
@ -733,17 +749,6 @@ loadSettings().then(function() {
|
||||
exit(1);
|
||||
});
|
||||
|
||||
function setPermission(process, id, allow) {
|
||||
if (process.promises[id]) {
|
||||
if (allow == 'allow' || allow == 'allow once') {
|
||||
process.promises[id].resolve(allow);
|
||||
} else {
|
||||
process.promises[id].reject(allow);
|
||||
}
|
||||
delete process.promises[id];
|
||||
}
|
||||
}
|
||||
|
||||
function storePermission(user, packageOwner, packageName, permission, allow) {
|
||||
if (!gGlobalSettings.userPermissions) {
|
||||
gGlobalSettings.userPermissions = {};
|
||||
@ -769,5 +774,4 @@ export {
|
||||
enableStats,
|
||||
invoke,
|
||||
getSessionProcessBlob,
|
||||
setPermission,
|
||||
};
|
||||
|
Loading…
Reference in New Issue
Block a user