forked from cory/tildefriends
Took another whack at permissions.
git-svn-id: https://www.unprompted.com/svn/projects/tildefriends/trunk@3958 ed5197a5-7fde-0310-b194-c3ffbd925b24
This commit is contained in:
parent
fc9c3982c2
commit
3464f1d189
@ -1 +1 @@
|
|||||||
{"type":"tildefriends-app","files":{"app.js":"&NhFznWHPiG2TKpaGK+DrqzCr67trV3wYgDS+xwZml+Q=.sha256","index.html":"&PrdNng+/SYCFSEbx+E7tMKxs4/ypPDxbRlak4tGN/SM=.sha256","lit.min.js":"&3FfrVflmGr0n4lvN0GriN1Qz1lEw31SbZxRSJrcXR28=.sha256","script.js":"&hgxmXRvzwz27iH2BATFq20aLX4rtvL/AI/5QJV487XM=.sha256"}}
|
{"type":"tildefriends-app","files":{"app.js":"&ONpfDPCOakAWKWw0vPwQGPqMPbFNxZR/DOhIEQtK7Ac=.sha256","index.html":"&PrdNng+/SYCFSEbx+E7tMKxs4/ypPDxbRlak4tGN/SM=.sha256","lit.min.js":"&3FfrVflmGr0n4lvN0GriN1Qz1lEw31SbZxRSJrcXR28=.sha256","script.js":"&hgxmXRvzwz27iH2BATFq20aLX4rtvL/AI/5QJV487XM=.sha256"}}
|
@ -5,7 +5,8 @@ tfrpc.register(function delete_user(user) {
|
|||||||
});
|
});
|
||||||
|
|
||||||
async function main() {
|
async function main() {
|
||||||
let data = {users: {}};
|
let data = {users: {}, granted: await core.allPermissionsGranted()};
|
||||||
|
print(JSON.stringify(data));
|
||||||
for (let user of await core.users()) {
|
for (let user of await core.users()) {
|
||||||
data.users[user] = await core.permissionsForUser(user);
|
data.users[user] = await core.permissionsForUser(user);
|
||||||
}
|
}
|
||||||
|
@ -1 +1 @@
|
|||||||
{"type":"tildefriends-app","files":{"app.js":"&W/og3+Bmi2YJJ9PudClLLIhK5ZgplUMpsOowSF5o05s=.sha256","index.html":"&ye2GeqCrDi3Dbl3UVIfE8H5GzCxN8O46FWj5zhLnZAw=.sha256","vue-material.js":"&K5cdLqXYCENPak/TCINHQhyJhpS4G9DlZHGwoh/LF2g=.sha256","tf-user.js":"&cI/JLy83mOngcqYCEP8Vej8urDvAQAV1WxFsL67/K3M=.sha256","tf-message.js":"&JVARtJEQkq3XjjL0Jv/NUDkO2WZnXGIqkWsqYvTPXBI=.sha256","tf.js":"&m6it9k3I6Ou1xhckbtoMlAg9Y1tca5HV9GUmuFqPD7k=.sha256","commonmark.min.js":"&EP0OeR9zyLwZannz+0ga4s9AGES2RLvvIIQYHqqV6+k=.sha256","vue.js":"&g1wvA+yHl1sVC+eufTsg9If7ZeVyMTBU+h0tks7ZNzE=.sha256","vue-material-theme-default-dark.css":"&RP2nr+2CR18BpHHw5ST9a5GJUCOG9n0G2kuGkcQioWE=.sha256","vue-material.min.css":"&kGbUM2QgFSyHZRzqQb0b+0S3EVIlZ0AXpdiAVjIhou8=.sha256","roboto.css":"&jJv43Om673mQO5JK0jj7714s5E+5Yrf82H6LcDx7wUs=.sha256","material-icons.css":"&a28PdcVvgq/DxyIvJAx/e+ZOEtOuHnr3kjLWKyzH11M=.sha256","tf-shared.js":"&LXyUSm6zSakN/ghJlZ1Qg2VJfV5alhN0gl8F7txIIOU=.sha256","style.css":"&qegBNCrVUihxffRUxGFuG/6u+0Y6d18zHtfNHBZtZ04=.sha256"}}
|
{"type":"tildefriends-app","files":{"app.js":"&W/og3+Bmi2YJJ9PudClLLIhK5ZgplUMpsOowSF5o05s=.sha256","index.html":"&ye2GeqCrDi3Dbl3UVIfE8H5GzCxN8O46FWj5zhLnZAw=.sha256","vue-material.js":"&K5cdLqXYCENPak/TCINHQhyJhpS4G9DlZHGwoh/LF2g=.sha256","tf-user.js":"&cI/JLy83mOngcqYCEP8Vej8urDvAQAV1WxFsL67/K3M=.sha256","tf-message.js":"&JVARtJEQkq3XjjL0Jv/NUDkO2WZnXGIqkWsqYvTPXBI=.sha256","tf.js":"&WVJ7+D8VMeU7+yRnD3hDsmm2nIKZtO8WKIdB0v+GU14=.sha256","commonmark.min.js":"&EP0OeR9zyLwZannz+0ga4s9AGES2RLvvIIQYHqqV6+k=.sha256","vue.js":"&g1wvA+yHl1sVC+eufTsg9If7ZeVyMTBU+h0tks7ZNzE=.sha256","vue-material-theme-default-dark.css":"&RP2nr+2CR18BpHHw5ST9a5GJUCOG9n0G2kuGkcQioWE=.sha256","vue-material.min.css":"&kGbUM2QgFSyHZRzqQb0b+0S3EVIlZ0AXpdiAVjIhou8=.sha256","roboto.css":"&jJv43Om673mQO5JK0jj7714s5E+5Yrf82H6LcDx7wUs=.sha256","material-icons.css":"&a28PdcVvgq/DxyIvJAx/e+ZOEtOuHnr3kjLWKyzH11M=.sha256","tf-shared.js":"&LXyUSm6zSakN/ghJlZ1Qg2VJfV5alhN0gl8F7txIIOU=.sha256","style.css":"&qegBNCrVUihxffRUxGFuG/6u+0Y6d18zHtfNHBZtZ04=.sha256"}}
|
@ -178,8 +178,7 @@ window.addEventListener('load', function() {
|
|||||||
data: g_data,
|
data: g_data,
|
||||||
watch: {
|
watch: {
|
||||||
whoami: function(newValue, oldValue) {
|
whoami: function(newValue, oldValue) {
|
||||||
let self = this;
|
tfrpc.rpc.refresh(newValue, this.selected, true);
|
||||||
setTimeout(function() { self.set_hash(); }, 100);
|
|
||||||
},
|
},
|
||||||
selected: function(newValue, oldValue) {
|
selected: function(newValue, oldValue) {
|
||||||
let self = this;
|
let self = this;
|
||||||
|
@ -158,8 +158,6 @@ function socket(request, response, client) {
|
|||||||
if (process) {
|
if (process) {
|
||||||
core.enableStats(process, message.enabled);
|
core.enableStats(process, message.enabled);
|
||||||
}
|
}
|
||||||
} else if (message.action == 'permission') {
|
|
||||||
core.setPermission(process, message.id, message.granted);
|
|
||||||
} else if (message.message == 'tfrpc') {
|
} else if (message.message == 'tfrpc') {
|
||||||
if (message.id && g_calls[message.id]) {
|
if (message.id && g_calls[message.id]) {
|
||||||
if (message.error !== undefined) {
|
if (message.error !== undefined) {
|
||||||
|
@ -479,23 +479,25 @@ function api_requestPermission(permission, id) {
|
|||||||
},
|
},
|
||||||
];
|
];
|
||||||
|
|
||||||
div = document.createElement('div');
|
return new Promise(function(resolve, reject) {
|
||||||
for (let option of k_options) {
|
div = document.createElement('div');
|
||||||
let button = document.createElement('button');
|
for (let option of k_options) {
|
||||||
button.innerText = option.text;
|
let button = document.createElement('button');
|
||||||
button.onclick = function() {
|
button.innerText = option.text;
|
||||||
send({action: 'permission', id: id, granted: option.grant[check.checked ? 1 : 0]});
|
button.onclick = function() {
|
||||||
while (permissions.firstChild) {
|
resolve(option.grant[check.checked ? 1 : 0]);
|
||||||
permissions.removeChild(permissions.firstChild);
|
while (permissions.firstChild) {
|
||||||
|
permissions.removeChild(permissions.firstChild);
|
||||||
|
}
|
||||||
|
permissions.style.visibility = 'hidden';
|
||||||
}
|
}
|
||||||
permissions.style.visibility = 'hidden';
|
div.appendChild(button);
|
||||||
}
|
}
|
||||||
div.appendChild(button);
|
container.appendChild(div);
|
||||||
}
|
|
||||||
container.appendChild(div);
|
|
||||||
|
|
||||||
permissions.appendChild(container);
|
permissions.appendChild(container);
|
||||||
permissions.style.visibility = 'visible';
|
permissions.style.visibility = 'visible';
|
||||||
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
function receive(message) {
|
function receive(message) {
|
||||||
|
62
core/core.js
62
core/core.js
@ -149,8 +149,6 @@ async function getProcessBlob(blobId, key, options) {
|
|||||||
process.task = null;
|
process.task = null;
|
||||||
delete gProcesses[key];
|
delete gProcesses[key];
|
||||||
};
|
};
|
||||||
process.promises = {};
|
|
||||||
process.nextPromise = 1;
|
|
||||||
var imports = {
|
var imports = {
|
||||||
'core': {
|
'core': {
|
||||||
'broadcast': broadcast.bind(process),
|
'broadcast': broadcast.bind(process),
|
||||||
@ -179,51 +177,65 @@ async function getProcessBlob(blobId, key, options) {
|
|||||||
return [];
|
return [];
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
'permissionsGranted': function() {
|
||||||
|
let user = process?.credentials?.session?.name;
|
||||||
|
if (user &&
|
||||||
|
options?.packageOwner &&
|
||||||
|
options?.packageName &&
|
||||||
|
gGlobalSettings.userPermissions &&
|
||||||
|
gGlobalSettings.userPermissions[user] &&
|
||||||
|
gGlobalSettings.userPermissions[user][options.packageOwner]) {
|
||||||
|
return gGlobalSettings.userPermissions[user][options.packageOwner][options.packageName];
|
||||||
|
}
|
||||||
|
},
|
||||||
|
'allPermissionsGranted': function() {
|
||||||
|
let user = process?.credentials?.session?.name;
|
||||||
|
if (user &&
|
||||||
|
options?.packageOwner &&
|
||||||
|
options?.packageName &&
|
||||||
|
gGlobalSettings.userPermissions &&
|
||||||
|
gGlobalSettings.userPermissions[user]) {
|
||||||
|
return gGlobalSettings.userPermissions[user];
|
||||||
|
}
|
||||||
|
},
|
||||||
'permissionsForUser': function(user) {
|
'permissionsForUser': function(user) {
|
||||||
return (gGlobalSettings?.permissions ? gGlobalSettings.permissions[user] : []) ?? [];
|
return (gGlobalSettings?.permissions ? gGlobalSettings.permissions[user] : []) ?? [];
|
||||||
},
|
},
|
||||||
'apps': user => getApps(user, process),
|
'apps': user => getApps(user, process),
|
||||||
'getSockets': getSockets,
|
'getSockets': getSockets,
|
||||||
'permissionTest': function(permission) {
|
'permissionTest': function(permission) {
|
||||||
let id = process.nextPromise++;
|
|
||||||
let promise = new Promise(function(resolve, reject) {
|
|
||||||
process.promises[id] = {resolve: resolve, reject: reject};
|
|
||||||
});
|
|
||||||
let user = process?.credentials?.session?.name;
|
let user = process?.credentials?.session?.name;
|
||||||
if (!user || !options?.packageOwner || !options?.packageName) {
|
if (!user || !options?.packageOwner || !options?.packageName) {
|
||||||
process.promises[id].reject(false);
|
return;
|
||||||
} else if (gGlobalSettings.userPermissions &&
|
} else if (gGlobalSettings.userPermissions &&
|
||||||
gGlobalSettings.userPermissions[user] &&
|
gGlobalSettings.userPermissions[user] &&
|
||||||
gGlobalSettings.userPermissions[user][options.packageOwner] &&
|
gGlobalSettings.userPermissions[user][options.packageOwner] &&
|
||||||
gGlobalSettings.userPermissions[user][options.packageOwner][options.packageName] &&
|
gGlobalSettings.userPermissions[user][options.packageOwner][options.packageName] &&
|
||||||
gGlobalSettings.userPermissions[user][options.packageOwner][options.packageName][permission] !== undefined) {
|
gGlobalSettings.userPermissions[user][options.packageOwner][options.packageName][permission] !== undefined) {
|
||||||
if (gGlobalSettings.userPermissions[user][options.packageOwner][options.packageName][permission]) {
|
if (gGlobalSettings.userPermissions[user][options.packageOwner][options.packageName][permission]) {
|
||||||
process.promises[id].resolve(true);
|
return true;
|
||||||
} else {
|
} else {
|
||||||
process.promises[id].reject(false);
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
process.app.send({action: 'requestPermission', permission: permission, id: id});
|
return process.app.makeFunction(['requestPermission'])(permission).then(function(value) {
|
||||||
promise.then(function(value) {
|
|
||||||
if (value == 'allow') {
|
if (value == 'allow') {
|
||||||
storePermission(user, options.packageOwner, options.packageName, permission, true);
|
storePermission(user, options.packageOwner, options.packageName, permission, true);
|
||||||
return true;
|
return true;
|
||||||
} else if (value == 'allow once') {
|
} else if (value == 'allow once') {
|
||||||
return true;
|
return true;
|
||||||
}
|
} else if (value == 'deny') {
|
||||||
return false;
|
|
||||||
}).catch(function(value) {
|
|
||||||
if (value == 'deny') {
|
|
||||||
storePermission(user, options.packageOwner, options.packageName, permission, false);
|
storePermission(user, options.packageOwner, options.packageName, permission, false);
|
||||||
return false;
|
return false;
|
||||||
} else if (value == 'deny once') {
|
} else if (value == 'deny once') {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
return false;
|
return false;
|
||||||
|
}).catch(function() {
|
||||||
|
return false;
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
return promise;
|
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
@ -284,7 +296,11 @@ async function getProcessBlob(blobId, key, options) {
|
|||||||
if (process.credentials &&
|
if (process.credentials &&
|
||||||
process.credentials.session &&
|
process.credentials.session &&
|
||||||
process.credentials.session.name) {
|
process.credentials.session.name) {
|
||||||
return ssb.appendMessageWithIdentity(process.credentials.session.name, id, message);
|
return imports.core.permissionTest('ssb_append').then(function(value) {
|
||||||
|
if (value) {
|
||||||
|
return ssb.appendMessageWithIdentity(process.credentials.session.name, id, message);
|
||||||
|
}
|
||||||
|
});
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
delete imports.ssb.addRpc;
|
delete imports.ssb.addRpc;
|
||||||
@ -733,17 +749,6 @@ loadSettings().then(function() {
|
|||||||
exit(1);
|
exit(1);
|
||||||
});
|
});
|
||||||
|
|
||||||
function setPermission(process, id, allow) {
|
|
||||||
if (process.promises[id]) {
|
|
||||||
if (allow == 'allow' || allow == 'allow once') {
|
|
||||||
process.promises[id].resolve(allow);
|
|
||||||
} else {
|
|
||||||
process.promises[id].reject(allow);
|
|
||||||
}
|
|
||||||
delete process.promises[id];
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
function storePermission(user, packageOwner, packageName, permission, allow) {
|
function storePermission(user, packageOwner, packageName, permission, allow) {
|
||||||
if (!gGlobalSettings.userPermissions) {
|
if (!gGlobalSettings.userPermissions) {
|
||||||
gGlobalSettings.userPermissions = {};
|
gGlobalSettings.userPermissions = {};
|
||||||
@ -769,5 +774,4 @@ export {
|
|||||||
enableStats,
|
enableStats,
|
||||||
invoke,
|
invoke,
|
||||||
getSessionProcessBlob,
|
getSessionProcessBlob,
|
||||||
setPermission,
|
|
||||||
};
|
};
|
||||||
|
Loading…
Reference in New Issue
Block a user