WIP - permissions

2025-12-28 05:43:03 +01:00
parent f4143ab106
commit 88f656c3f5
35 changed files with 3040 additions and 53 deletions
--- a/backend/src/rbac/role.controller.ts
+++ b/backend/src/rbac/role.controller.ts
@@ -0,0 +1,137 @@
+import {
+  Controller,
+  Get,
+  Post,
+  Put,
+  Delete,
+  Body,
+  Param,
+  UseGuards,
+  Inject,
+} from '@nestjs/common';
+import { JwtAuthGuard } from '../auth/jwt-auth.guard';
+import { Role } from '../models/role.model';
+import { RoleRule } from '../models/role-rule.model';
+import { Knex } from 'knex';
+
+export class CreateRoleDto {
+  name: string;
+  guardName?: string;
+  description?: string;
+}
+
+export class UpdateRoleDto {
+  name?: string;
+  description?: string;
+}
+
+export class CreateRoleRuleDto {
+  roleId: string;
+  rulesJson: any[]; // Array of CASL rules
+}
+
+export class UpdateRoleRuleDto {
+  rulesJson: any[];
+}
+
+@Controller('roles')
+@UseGuards(JwtAuthGuard)
+export class RoleController {
+  constructor(@Inject('KnexConnection') private readonly knex: Knex) {}
+
+  /**
+   * List all roles
+   */
+  @Get()
+  async list() {
+    return Role.query(this.knex).withGraphFetched('[roleRules]');
+  }
+
+  /**
+   * Get a single role by ID
+   */
+  @Get(':id')
+  async get(@Param('id') id: string) {
+    return Role.query(this.knex)
+      .findById(id)
+      .withGraphFetched('[roleRules, permissions]');
+  }
+
+  /**
+   * Create a new role
+   */
+  @Post()
+  async create(@Body() createDto: CreateRoleDto) {
+    return Role.query(this.knex).insert({
+      name: createDto.name,
+      guardName: createDto.guardName || 'api',
+      description: createDto.description,
+    });
+  }
+
+  /**
+   * Update a role
+   */
+  @Put(':id')
+  async update(@Param('id') id: string, @Body() updateDto: UpdateRoleDto) {
+    return Role.query(this.knex).patchAndFetchById(id, updateDto);
+  }
+
+  /**
+   * Delete a role
+   */
+  @Delete(':id')
+  async delete(@Param('id') id: string) {
+    await Role.query(this.knex).deleteById(id);
+    return { success: true };
+  }
+}
+
+@Controller('role-rules')
+@UseGuards(JwtAuthGuard)
+export class RoleRuleController {
+  constructor(@Inject('KnexConnection') private readonly knex: Knex) {}
+
+  /**
+   * Get rules for a role
+   */
+  @Get('role/:roleId')
+  async getForRole(@Param('roleId') roleId: string) {
+    return RoleRule.query(this.knex).where('roleId', roleId);
+  }
+
+  /**
+   * Create or update role rules
+   * This will replace existing rules for the role
+   */
+  @Post()
+  async createOrUpdate(@Body() dto: CreateRoleRuleDto) {
+    // Delete existing rules for this role
+    await RoleRule.query(this.knex).where('roleId', dto.roleId).delete();
+
+    // Insert new rules
+    return RoleRule.query(this.knex).insert({
+      roleId: dto.roleId,
+      rulesJson: dto.rulesJson,
+    });
+  }
+
+  /**
+   * Update role rules by ID
+   */
+  @Put(':id')
+  async update(@Param('id') id: string, @Body() dto: UpdateRoleRuleDto) {
+    return RoleRule.query(this.knex).patchAndFetchById(id, {
+      rulesJson: dto.rulesJson,
+    });
+  }
+
+  /**
+   * Delete role rules
+   */
+  @Delete(':id')
+  async delete(@Param('id') id: string) {
+    await RoleRule.query(this.knex).deleteById(id);
+    return { success: true };
+  }
+}