sh-edraft.de/open-redirect
5
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Compare commits

base: sh-edraft.de:4c0cc7faed8608039dd08a9448610a5283bc407f
Branches Tags
sh-edraft.de:dev
sh-edraft.de:master
sh-edraft.de:2025.05.02.9-dev
sh-edraft.de:2025.05.02.8-dev
sh-edraft.de:2025.05.02.7-dev
sh-edraft.de:2025.05.02.6-dev
sh-edraft.de:2025.05.02.5-dev
sh-edraft.de:2025.05.02.4-dev
sh-edraft.de:2025.05.02.3-dev
sh-edraft.de:2025.05.02.2-dev
sh-edraft.de:2025.05.02.1-dev
sh-edraft.de:2025.04.30.1-dev
sh-edraft.de:2025.04.18.7-dev
sh-edraft.de:2025.04.18.6-dev
sh-edraft.de:2025.04.18.5-dev
sh-edraft.de:2025.04.18.4-dev
sh-edraft.de:2025.04.18.3-dev
sh-edraft.de:2025.04.18.2-dev
sh-edraft.de:2025.04.18.1
sh-edraft.de:2025.03.21.1-dev
sh-edraft.de:2025.03.15.4-dev
sh-edraft.de:2025.03.15.3-dev
sh-edraft.de:2025.03.15.2-dev
sh-edraft.de:2025.03.15.1-dev
sh-edraft.de:2025.03.14.1
sh-edraft.de:2025.03.12.4-dev
sh-edraft.de:2025.03.12.3
sh-edraft.de:2025.03.12.2-dev
sh-edraft.de:2025.03.12.1-dev
sh-edraft.de:2025.03.11.3-dev
sh-edraft.de:2025.03.11.2-dev
sh-edraft.de:2025.03.11.1-dev
sh-edraft.de:2025.01.17.5-dev
sh-edraft.de:2025.01.17.4-dev
sh-edraft.de:2025.01.17.3-dev
sh-edraft.de:2025.01.17.2-dev
sh-edraft.de:2025.01.17.1-dev
..
compare: sh-edraft.de:b815710dd620e86abffa11447d10b9190c4481f3
Branches Tags
sh-edraft.de:dev
sh-edraft.de:master
sh-edraft.de:2025.05.02.9-dev
sh-edraft.de:2025.05.02.8-dev
sh-edraft.de:2025.05.02.7-dev
sh-edraft.de:2025.05.02.6-dev
sh-edraft.de:2025.05.02.5-dev
sh-edraft.de:2025.05.02.4-dev
sh-edraft.de:2025.05.02.3-dev
sh-edraft.de:2025.05.02.2-dev
sh-edraft.de:2025.05.02.1-dev
sh-edraft.de:2025.04.30.1-dev
sh-edraft.de:2025.04.18.7-dev
sh-edraft.de:2025.04.18.6-dev
sh-edraft.de:2025.04.18.5-dev
sh-edraft.de:2025.04.18.4-dev
sh-edraft.de:2025.04.18.3-dev
sh-edraft.de:2025.04.18.2-dev
sh-edraft.de:2025.04.18.1
sh-edraft.de:2025.03.21.1-dev
sh-edraft.de:2025.03.15.4-dev
sh-edraft.de:2025.03.15.3-dev
sh-edraft.de:2025.03.15.2-dev
sh-edraft.de:2025.03.15.1-dev
sh-edraft.de:2025.03.14.1
sh-edraft.de:2025.03.12.4-dev
sh-edraft.de:2025.03.12.3
sh-edraft.de:2025.03.12.2-dev
sh-edraft.de:2025.03.12.1-dev
sh-edraft.de:2025.03.11.3-dev
sh-edraft.de:2025.03.11.2-dev
sh-edraft.de:2025.03.11.1-dev
sh-edraft.de:2025.01.17.5-dev
sh-edraft.de:2025.01.17.4-dev
sh-edraft.de:2025.01.17.3-dev
sh-edraft.de:2025.01.17.2-dev
sh-edraft.de:2025.01.17.1-dev

1 Commits
4c0cc7faed ... b815710dd6

Author SHA1 Message Date
edraft
b815710dd6 Manage user space users #15
Some checks failed
Test API before pr merge / test-lint (pull_request) Failing after 10s
Details
Test before pr merge / test-translation-lint (pull_request) Successful in 36s
Details
Test before pr merge / test-lint (pull_request) Failing after 39s
Details
Test before pr merge / test-before-merge (pull_request) Failing after 1m28s
Details
2025-05-01 17:38:52 +02:00
19 changed files with 144 additions and 50 deletions
Show Stats Expand all files Collapse all files

2
api/src/api_graphql/abc/mutation_abc.py
View File

@ -1,5 +1,5 @@
from abc import abstractmethod
from typing import Type, Union
from typing import Type, Union, Any
from api_graphql.abc.query_abc import QueryABC
from api_graphql.field.mutation_field_builder import MutationFieldBuilder

12
api/src/api_graphql/abc/query_abc.py
View File

@ -240,6 +240,18 @@ class QueryABC(ObjectType):
):
await self._require_any_permission(field.require_any_permission)
if isinstance(field, MutationField):
if field.require_any is not None:
await self._require_any(
None,
*field.require_any,
*args,
**kwargs,
)
result = await resolver(*args, **kwargs)
return result
result = await resolver(*args, **kwargs)
if field.require_any is not None:

18
api/src/api_graphql/mutation.py
View File

@ -1,4 +1,6 @@
from api_graphql.abc.mutation_abc import MutationABC
from api_graphql.require_any_resolvers import has_assigned_user_spaces
from api_graphql.service.query_context import QueryContext
from service.permission.permissions_enum import Permissions
@ -51,26 +53,32 @@ class Mutation(MutationABC):
Permissions.user_spaces_update,
Permissions.user_spaces_delete,
],
[self._test],
[lambda ctx: True],
),
)
self.add_mutation_type(
"group",
"Group",
require_any_permission=[
require_any=(
[
Permissions.groups_create,
Permissions.groups_update,
Permissions.groups_delete,
],
[has_assigned_user_spaces],
),
)
self.add_mutation_type(
"shortUrl",
"ShortUrl",
require_any_permission=[
require_any=(
[
Permissions.short_urls_create,
Permissions.short_urls_update,
Permissions.short_urls_delete,
],
[has_assigned_user_spaces],
),
)
self.add_mutation_type(
@ -95,7 +103,3 @@ class Mutation(MutationABC):
"privacy",
"Privacy",
)
@staticmethod
async def _test(*args, **kwargs):
return True

13
api/src/api_graphql/mutations/group_mutation.py
View File

@ -4,6 +4,7 @@ from api_graphql.abc.mutation_abc import MutationABC
from api_graphql.field.mutation_field_builder import MutationFieldBuilder
from api_graphql.input.group_create_input import GroupCreateInput
from api_graphql.input.group_update_input import GroupUpdateInput
from api_graphql.require_any_resolvers import has_assigned_user_spaces
from core.logger import APILogger
from core.string import first_to_lower
from data.schemas.public.group import Group
@ -26,7 +27,7 @@ class GroupMutation(MutationABC):
.with_change_broadcast(
f"{first_to_lower(self.name.replace("Mutation", ""))}Change"
)
.with_require_any_permission([Permissions.groups_create])
.with_require_any([Permissions.groups_create], [has_assigned_user_spaces])
)
self.field(
@ -36,7 +37,7 @@ class GroupMutation(MutationABC):
.with_change_broadcast(
f"{first_to_lower(self.name.replace("Mutation", ""))}Change"
)
.with_require_any_permission([Permissions.groups_update])
.with_require_any([Permissions.groups_update], [has_assigned_user_spaces])
)
self.field(
@ -45,7 +46,7 @@ class GroupMutation(MutationABC):
.with_change_broadcast(
f"{first_to_lower(self.name.replace("Mutation", ""))}Change"
)
.with_require_any_permission([Permissions.groups_delete])
.with_require_any([Permissions.groups_delete], [has_assigned_user_spaces])
)
self.field(
@ -54,7 +55,7 @@ class GroupMutation(MutationABC):
.with_change_broadcast(
f"{first_to_lower(self.name.replace("Mutation", ""))}Change"
)
.with_require_any_permission([Permissions.groups_delete])
.with_require_any([Permissions.groups_delete], [has_assigned_user_spaces])
)
@staticmethod
@ -113,9 +114,7 @@ class GroupMutation(MutationABC):
raise ValueError(f"Group with id {obj.id} not found")
if obj.name is not None:
already_exists = await groupDao.find_by(
{Group.name: obj.name, Group.id: {"ne": obj.id}}
)
already_exists = await groupDao.find_by({Group.name: obj.name})
if len(already_exists) > 0:
raise ValueError(f"Group {obj.name} already exists")

17
api/src/api_graphql/mutations/short_url_mutation.py
View File

@ -3,6 +3,7 @@ from api_graphql.abc.mutation_abc import MutationABC
from api_graphql.field.mutation_field_builder import MutationFieldBuilder
from api_graphql.input.short_url_create_input import ShortUrlCreateInput
from api_graphql.input.short_url_update_input import ShortUrlUpdateInput
from api_graphql.require_any_resolvers import has_assigned_user_spaces
from core.logger import APILogger
from core.string import first_to_lower
from data.schemas.public.domain_dao import domainDao
@ -27,7 +28,9 @@ class ShortUrlMutation(MutationABC):
.with_change_broadcast(
f"{first_to_lower(self.name.replace("Mutation", ""))}Change"
)
.with_require_any_permission([Permissions.short_urls_create])
.with_require_any(
[Permissions.short_urls_create], [has_assigned_user_spaces]
)
)
self.field(
@ -37,7 +40,9 @@ class ShortUrlMutation(MutationABC):
.with_change_broadcast(
f"{first_to_lower(self.name.replace("Mutation", ""))}Change"
)
.with_require_any_permission([Permissions.short_urls_update])
.with_require_any(
[Permissions.short_urls_update], [has_assigned_user_spaces]
)
)
self.field(
@ -46,7 +51,9 @@ class ShortUrlMutation(MutationABC):
.with_change_broadcast(
f"{first_to_lower(self.name.replace("Mutation", ""))}Change"
)
.with_require_any_permission([Permissions.short_urls_delete])
.with_require_any(
[Permissions.short_urls_delete], [has_assigned_user_spaces]
)
)
self.field(
@ -55,7 +62,9 @@ class ShortUrlMutation(MutationABC):
.with_change_broadcast(
f"{first_to_lower(self.name.replace("Mutation", ""))}Change"
)
.with_require_any_permission([Permissions.short_urls_delete])
.with_require_any(
[Permissions.short_urls_delete], [has_assigned_user_spaces]
)
)
self.field(

26
api/src/api_graphql/mutations/user_space_mutation.py
View File

@ -29,9 +29,6 @@ class UserSpaceMutation(MutationABC):
)
)
async def _xzy(ctx: QueryContext):
pass
self.field(
MutationFieldBuilder("update")
.with_resolver(self.resolve_update)
@ -39,7 +36,10 @@ class UserSpaceMutation(MutationABC):
.with_change_broadcast(
f"{first_to_lower(self.name.replace("Mutation", ""))}Change"
)
.with_require_any([Permissions.user_spaces_update], [_xzy])
.with_require_any(
[Permissions.user_spaces_update],
[self._resolve_input_user_space_assigned],
)
)
self.field(
@ -48,7 +48,10 @@ class UserSpaceMutation(MutationABC):
.with_change_broadcast(
f"{first_to_lower(self.name.replace("Mutation", ""))}Change"
)
.with_require_any([Permissions.user_spaces_delete], [_xzy])
.with_require_any(
[Permissions.user_spaces_delete],
[self._resolve_input_user_space_assigned],
)
)
self.field(
@ -68,7 +71,8 @@ class UserSpaceMutation(MutationABC):
f"{first_to_lower(self.name.replace("Mutation", ""))}Change"
)
.with_require_any(
[Permissions.user_spaces_create, Permissions.user_spaces_update], [_xzy]
[Permissions.user_spaces_create, Permissions.user_spaces_update],
[self._resolve_input_user_space_assigned],
)
)
@ -139,3 +143,13 @@ class UserSpaceMutation(MutationABC):
async def resolve_invite_users(self, emails: list[str], *_):
pass
@staticmethod
async def _resolve_input_user_space_assigned(ctx: QueryContext):
check_dict = ctx.kwargs
if "input" in ctx.kwargs:
check_dict = ctx.kwargs["input"]
return "id" in check_dict and check_dict["id"] in [
x.id for x in await userSpaceDao.get_assigned_by_user_id(ctx.user.id)
]

22
api/src/api_graphql/query.py
View File

@ -15,6 +15,8 @@ from api_graphql.filter.user_filter import UserFilter
from api_graphql.filter.user_space_filter import UserSpaceFilter
from api_graphql.require_any_resolvers import (
by_group_assignment_resolver,
by_user_space_assignment_resolver,
has_assigned_user_spaces,
)
from data.schemas.administration.api_key import ApiKey
from data.schemas.administration.api_key_dao import apiKeyDao
@ -57,19 +59,21 @@ class Query(QueryABC):
.with_filter(PermissionFilter)
.with_sort(Sort[Permission])
)
self.field(
DaoFieldBuilder("roles")
.with_dao(roleDao)
.with_filter(RoleFilter)
.with_sort(Sort[Role])
.with_require_any_permission(
.with_require_any(
[
Permissions.roles,
Permissions.users_create,
Permissions.users_update,
Permissions.groups_create,
Permissions.groups_update,
]
],
[has_assigned_user_spaces],
)
)
@ -107,12 +111,13 @@ class Query(QueryABC):
.with_dao(domainDao)
.with_filter(DomainFilter)
.with_sort(Sort[Domain])
.with_require_any_permission(
.with_require_any(
[
Permissions.domains,
Permissions.domains_create,
Permissions.domains_update,
]
],
[has_assigned_user_spaces]
)
)
@ -127,10 +132,11 @@ class Query(QueryABC):
.with_dao(userSpaceDao)
.with_filter(UserSpaceFilter)
.with_sort(Sort[UserSpace])
.with_require_any_permission(
.with_require_any(
[
Permissions.user_spaces,
]
],
[lambda ctx: all(x.owner_id == ctx.user.id for x in ctx.data.nodes)]
)
)
@ -145,7 +151,7 @@ class Query(QueryABC):
Permissions.short_urls_create,
Permissions.short_urls_update,
],
[by_group_assignment_resolver],
[by_user_space_assignment_resolver, by_group_assignment_resolver],
)
)
@ -156,7 +162,7 @@ class Query(QueryABC):
.with_sort(Sort[ShortUrl])
.with_require_any(
[Permissions.short_urls],
[by_group_assignment_resolver],
[by_user_space_assignment_resolver, by_group_assignment_resolver],
)
)

13
api/src/api_graphql/require_any_resolvers.py
View File

@ -1,6 +1,7 @@
from api_graphql.service.collection_result import CollectionResult
from api_graphql.service.query_context import QueryContext
from data.schemas.public.group_dao import groupDao
from data.schemas.public.user_space_dao import userSpaceDao
from data.schemas.public.user_space_user_dao import userSpaceUserDao
from service.permission.permissions_enum import Permissions
@ -9,10 +10,13 @@ async def by_user_space_assignment_resolver(ctx: QueryContext) -> bool:
if not isinstance(ctx.data, CollectionResult):
return False
if len(ctx.data.nodes) == 0:
return True
user = ctx.user
assigned_user_space_ids = {
us.user_space_id for us in await userSpaceUserDao.find_by_user_id(user.id)
us.user_space_id for us in await userSpaceUserDao.get_by_user_id(user.id)
}
for node in ctx.data.nodes:
@ -23,7 +27,7 @@ async def by_user_space_assignment_resolver(ctx: QueryContext) -> bool:
if user_space.owner_id == user.id or user_space.id in assigned_user_space_ids:
return True
return False
return len(ctx.data.nodes) == 0
async def by_group_assignment_resolver(ctx: QueryContext) -> bool:
@ -47,3 +51,8 @@ async def by_group_assignment_resolver(ctx: QueryContext) -> bool:
)
return False
async def has_assigned_user_spaces(ctx: QueryContext):
user_spaces = await userSpaceDao.get_assigned_by_user_id(ctx.user.id)
return len(user_spaces) > 0

5
api/src/api_graphql/subscription.py
View File

@ -1,5 +1,6 @@
from api_graphql.abc.subscription_abc import SubscriptionABC
from api_graphql.field.subscription_field_builder import SubscriptionFieldBuilder
from api_graphql.require_any_resolvers import has_assigned_user_spaces
from service.permission.permissions_enum import Permissions
@ -68,10 +69,10 @@ class Subscription(SubscriptionABC):
self.subscribe(
SubscriptionFieldBuilder("groupChange")
.with_resolver(lambda message, *_: message.message)
.with_require_any_permission([Permissions.groups])
.with_require_any([Permissions.groups], [has_assigned_user_spaces])
)
self.subscribe(
SubscriptionFieldBuilder("shortUrlChange")
.with_resolver(lambda message, *_: message.message)
.with_require_any_permission([Permissions.short_urls])
.with_require_any([Permissions.short_urls], [has_assigned_user_spaces])
)

12
web/src/app/core/guard/permission.guard.ts
View File

@ -4,6 +4,7 @@ import { Logger } from 'src/app/service/logger.service';
import { ToastService } from 'src/app/service/toast.service';
import { AuthService } from 'src/app/service/auth.service';
import { PermissionsEnum } from 'src/app/model/auth/permissionsEnum';
import { SidebarService } from 'src/app/service/sidebar.service';
const log = new Logger('PermissionGuard');
@ -14,11 +15,20 @@ export class PermissionGuard {
constructor(
private router: Router,
private toast: ToastService,
private auth: AuthService
private auth: AuthService,
private sidebar: SidebarService
) {}
async canActivate(route: ActivatedRouteSnapshot): Promise<boolean> {
const permissions = route.data['permissions'] as PermissionsEnum[];
const isInUserSpace = route.data['isInUserSpace'] as boolean;
if (isInUserSpace) {
return (
this.sidebar.selectedUserSpace$.value !== undefined &&
this.sidebar.selectedUserSpace$.value !== null
);
}
if (!permissions || permissions.length === 0) {
return true;

1
web/src/app/core/init-keycloak.ts
View File

@ -13,6 +13,7 @@ export function initializeKeycloak(
},
initOptions: {
onLoad: 'check-sso',
checkLoginIframe: false,
},
enableBearerInterceptor: false,
});

1
web/src/app/model/entities/user-space.ts
View File

@ -4,6 +4,7 @@ import { DbModelWithHistory } from 'src/app/model/entities/db-model';
export interface UserSpace extends DbModelWithHistory {
id: number;
name: string;
owner?: User;
users?: User[];
}

3
web/src/app/modules/admin/admin.module.ts
View File

@ -18,7 +18,7 @@ const routes: Routes = [
m => m.GroupsModule
),
canActivate: [PermissionGuard],
data: { permissions: [PermissionsEnum.groups] },
data: { permissions: [PermissionsEnum.groups], isInUserSpace: true },
},
{
path: 'urls',
@ -32,6 +32,7 @@ const routes: Routes = [
PermissionsEnum.shortUrls,
PermissionsEnum.shortUrlsByAssignment,
],
isInUserSpace: true,
},
},
{

3
web/src/app/modules/admin/groups/groups.module.ts
View File

@ -22,6 +22,7 @@ const routes: Routes = [
canActivate: [PermissionGuard],
data: {
permissions: [PermissionsEnum.groupsCreate],
isInUserSpace: true,
},
},
{
@ -30,6 +31,7 @@ const routes: Routes = [
canActivate: [PermissionGuard],
data: {
permissions: [PermissionsEnum.groupsUpdate],
isInUserSpace: true,
},
},
{
@ -38,6 +40,7 @@ const routes: Routes = [
canActivate: [PermissionGuard],
data: {
permissions: [PermissionsEnum.groups],
isInUserSpace: true,
},
},
],

3
web/src/app/modules/admin/short-urls/short-urls.module.ts
View File

@ -22,6 +22,7 @@ const routes: Routes = [
canActivate: [PermissionGuard],
data: {
permissions: [PermissionsEnum.shortUrlsCreate],
isInUserSpace: true,
},
},
{
@ -30,6 +31,7 @@ const routes: Routes = [
canActivate: [PermissionGuard],
data: {
permissions: [PermissionsEnum.shortUrlsUpdate],
isInUserSpace: true,
},
},
{
@ -38,6 +40,7 @@ const routes: Routes = [
canActivate: [PermissionGuard],
data: {
permissions: [PermissionsEnum.shortUrls],
isInUserSpace: true,
},
},
],

4
web/src/app/modules/admin/short-urls/short-urls.page.ts
View File

@ -13,6 +13,7 @@ import { ConfigService } from 'src/app/service/config.service';
import { ResolvedTableColumn } from 'src/app/modules/shared/components/table/table.model';
import { SidebarService } from 'src/app/service/sidebar.service';
import { takeUntil } from 'rxjs/operators';
import { Router } from '@angular/router';
@Component({
selector: 'app-short-urls',
@ -61,7 +62,8 @@ export class ShortUrlsPage extends PageBase<
private toast: ToastService,
private confirmation: ConfirmationDialogService,
private config: ConfigService,
private sidebar: SidebarService
private sidebar: SidebarService,
private router: Router
) {
super(true, {
read: [],

9
web/src/app/modules/admin/user-spaces/user-spaces.data.service.ts
View File

@ -57,6 +57,10 @@ export class UserSpacesDataService
nodes {
id
name
owner {
id
username
}
...DB_MODEL
}
@ -85,6 +89,11 @@ export class UserSpacesDataService
id
name
owner {
id
username
}
users {
id
username

5
web/src/app/service/sidebar.data.service.ts
View File

@ -24,6 +24,11 @@ export class SidebarDataService {
nodes {
id
name
owner {
id
username
}
}
}
}

9
web/src/app/service/sidebar.service.ts
View File

@ -72,6 +72,9 @@ export class SidebarService {
// trust me, you'll need this async
async setElements() {
const isSelectedUserSpaceOwner =
this.selectedUserSpace$.value?.owner?.id === this.auth.user$.value?.id;
const elements: MenuElement[] = [
{
label: 'sidebar.user_spaces',
@ -108,6 +111,7 @@ export class SidebarService {
{
label: 'sidebar.user_space_edit',
icon: 'pi pi-pencil',
visible: isSelectedUserSpaceOwner,
routerLink: [
`/admin/rooms/edit/${this.selectedUserSpace$.value?.id}`,
],
@ -117,7 +121,7 @@ export class SidebarService {
icon: 'pi pi-tags',
routerLink: ['/admin/groups'],
visible:
this.selectedUserSpace$.value !== null &&
!!this.selectedUserSpace$.value ||
(await this.auth.hasAnyPermissionLazy([PermissionsEnum.groups])),
},
{
@ -125,7 +129,7 @@ export class SidebarService {
icon: 'pi pi-tag',
routerLink: ['/admin/urls'],
visible:
this.selectedUserSpace$.value !== null &&
!!this.selectedUserSpace$.value ||
(await this.auth.hasAnyPermissionLazy([
PermissionsEnum.shortUrls,
PermissionsEnum.shortUrlsByAssignment,
@ -134,6 +138,7 @@ export class SidebarService {
{
label: 'sidebar.user_space_delete',
icon: 'pi pi-trash',
visible: isSelectedUserSpaceOwner,
command: () => {
this.confirmation.confirmDialog({
header: 'dialog.delete.header',