From 73f7359e31ea3866ae6448ab84e790728939ca5a Mon Sep 17 00:00:00 2001 From: kzalys Date: Tue, 20 Oct 2020 23:32:09 +0100 Subject: [PATCH] feat: Review role permissions (#139) * feat: Review role permissions * feat: Provide access to GetAuthorizedResources to all users --- config/role/role.yaml | 24 ++++++++++++++---------- routers/api/v2/router.go | 2 +- 2 files changed, 15 insertions(+), 11 deletions(-) diff --git a/config/role/role.yaml b/config/role/role.yaml index 55e1d39..89033c7 100644 --- a/config/role/role.yaml +++ b/config/role/role.yaml @@ -1,9 +1,10 @@ role: - # TODO: review permissions for roles after Auth System V2 is finished (https://github.com/unicsmcr/hs_auth/issues/81) unverified: - "hs:hs_auth:frontend:EmailUnverifiedPage" - "hs:hs_auth:frontend:EmailUnverifiedPageComponents" - "hs:hs_auth:frontend:VerifyEmailResend" + - "hs:hs_auth:api:v2:ResendEmailVerification?path_id=me" + - "hs:hs_auth:api:v2:GetAuthorizedResources" applicant: - "hs:hs_auth:frontend:ProfilePage" - "hs:hs_auth:frontend:ProfilePageComponents:Default" @@ -11,11 +12,13 @@ role: - "hs:hs_auth:frontend:CreateTeam" - "hs:hs_auth:frontend:JoinTeam" - "hs:hs_auth:frontend:LeaveTeam" - - "hs:hs_auth:api:v2:Register" - "hs:hs_auth:api:v2:GetUser?path_id=me" - - "hs:hs_auth:api:v2:Login" + - "hs:hs_auth:api:v2:GetUsers?query_team=me" - "hs:hs_auth:api:v2:CreateTeam" + - "hs:hs_auth:api:v2:SetTeam?path_id=me" + - "hs:hs_auth:api:v2:RemoveFromTeam?path_id=me" - "hs:hs_auth:api:v2:GetTeam?path_id=me" + - "hs:hs_auth:api:v2:GetAuthorizedResources" - "hs:hs_apply:apply" attendee: - "hs:hs_auth:frontend:ProfilePage" @@ -24,21 +27,22 @@ role: - "hs:hs_auth:frontend:CreateTeam" - "hs:hs_auth:frontend:JoinTeam" - "hs:hs_auth:frontend:LeaveTeam" - - "hs:hs_auth:api:v2:Register" - "hs:hs_auth:api:v2:GetUser?path_id=me" - - "hs:hs_auth:api:v2:Login" + - "hs:hs_auth:api:v2:GetUsers?query_team=me" - "hs:hs_auth:api:v2:CreateTeam" + - "hs:hs_auth:api:v2:SetTeam?path_id=me" + - "hs:hs_auth:api:v2:RemoveFromTeam?path_id=me" - "hs:hs_auth:api:v2:GetTeam?path_id=me" + - "hs:hs_auth:api:v2:GetAuthorizedResources" - "hs:hs_apply:apply" - "hs:hs_hub" volunteer: - "hs:hs_auth:frontend:ProfilePage" - "hs:hs_auth:frontend:ProfilePageComponents:Default" - - "hs:hs_auth:api:v2:Register" - - "hs:hs_auth:api:v2:GetUser?path_id=me" - - "hs:hs_auth:api:v2:Login" - - "hs:hs_auth:api:v2:CreateTeam" - - "hs:hs_auth:api:v2:GetTeam?path_id=me" + - "hs:hs_auth:api:v2:GetUser" + - "hs:hs_auth:api:v2:GetUsers" + - "hs:hs_auth:api:v2:GetTeams" + - "hs:hs_auth:api:v2:GetAuthorizedResources" - "hs:hs_apply:apply" - "hs:hs_hub" - "hs:hs_apply:review" diff --git a/routers/api/v2/router.go b/routers/api/v2/router.go index c0c9099..645bacd 100644 --- a/routers/api/v2/router.go +++ b/routers/api/v2/router.go @@ -77,7 +77,7 @@ func (r *apiV2Router) RegisterRoutes(routerGroup *gin.RouterGroup) { usersGroup.PUT("/:id/role", r.authorizer.WithAuthMiddleware(r, r.SetRole)) usersGroup.PUT("/:id/permissions", r.authorizer.WithAuthMiddleware(r, r.SetSpecialPermissions)) usersGroup.PUT("/:id/password", r.authorizer.WithAuthMiddleware(r, r.SetPassword)) - usersGroup.GET("/:id/password/resetEmail", r.authorizer.WithAuthMiddleware(r, r.GetPasswordResetEmail)) + usersGroup.GET("/:id/password/resetEmail", r.GetPasswordResetEmail) usersGroup.PUT("/:id/email/verify", r.authorizer.WithAuthMiddleware(r, r.VerifyEmail)) usersGroup.GET("/:id/email/verify", r.authorizer.WithAuthMiddleware(r, r.ResendEmailVerification))