From 16c4907be592dae31ed3c1aa3fac3b9655255d6f Mon Sep 17 00:00:00 2001 From: KernelDeimos Date: Thu, 20 Jun 2024 00:31:57 -0400 Subject: [PATCH] feat: add permission rewriter for app by name --- .../src/services/ProtectedAppService.js | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/packages/backend/src/services/ProtectedAppService.js b/packages/backend/src/services/ProtectedAppService.js index a1a68e4ff..6628dd9e1 100644 --- a/packages/backend/src/services/ProtectedAppService.js +++ b/packages/backend/src/services/ProtectedAppService.js @@ -1,12 +1,28 @@ const { get_app } = require("../helpers"); const { UserActorType } = require("./auth/Actor"); -const { PermissionImplicator, PermissionUtil } = require("./auth/PermissionService"); +const { PermissionImplicator, PermissionUtil, PermissionRewriter } = require("./auth/PermissionService"); const BaseService = require("./BaseService"); class ProtectedAppService extends BaseService { async _init () { const svc_permission = this.services.get('permission'); + svc_permission.register_rewriter(PermissionRewriter.create({ + matcher: permission => { + if ( ! permission.startsWith('app:') ) return false; + const [_, specifier] = PermissionUtil.split(permission); + if ( specifier.startsWith('uid#') ) return false; + return true; + }, + rewriter: async permission => { + const [_1, name, ...rest] = PermissionUtil.split(permission); + const app = await get_app({ name }); + return PermissionUtil.join( + _1, `uid#${app.uid}`, ...rest, + ); + }, + })); + // track: object description in comment // Owner of procted app has implicit permission to access it svc_permission.register_implicator(PermissionImplicator.create({