mirror of
https://github.com/Unleash/unleash.git
synced 2024-12-22 19:07:54 +01:00
Add UPDATE and DELETE TAG_TYPE permissions (#951)
This commit is contained in:
parent
e42e0f620a
commit
132e801836
@ -309,3 +309,49 @@ test('Does not double check permission if not changing project when updating tog
|
||||
oldProjectId,
|
||||
);
|
||||
});
|
||||
|
||||
test('UPDATE_TAG_TYPE does not need projectId', async () => {
|
||||
const accessService = {
|
||||
hasPermission: jest.fn().mockReturnValue(true),
|
||||
};
|
||||
|
||||
const func = rbacMiddleware(config, { featureToggleStore }, accessService);
|
||||
const cb = jest.fn();
|
||||
const req: any = {
|
||||
user: new User({ username: 'user', id: 1 }),
|
||||
params: {},
|
||||
body: { name: 'new-tag-type', description: 'New tag type for testing' },
|
||||
};
|
||||
func(req, undefined, cb);
|
||||
|
||||
await req.checkRbac(perms.UPDATE_TAG_TYPE);
|
||||
expect(accessService.hasPermission).toHaveBeenCalledTimes(1);
|
||||
expect(accessService.hasPermission).toHaveBeenCalledWith(
|
||||
req.user,
|
||||
perms.UPDATE_TAG_TYPE,
|
||||
undefined,
|
||||
);
|
||||
});
|
||||
|
||||
test('DELETE_TAG_TYPE does not need projectId', async () => {
|
||||
const accessService = {
|
||||
hasPermission: jest.fn().mockReturnValue(true),
|
||||
};
|
||||
|
||||
const func = rbacMiddleware(config, { featureToggleStore }, accessService);
|
||||
const cb = jest.fn();
|
||||
const req: any = {
|
||||
user: new User({ username: 'user', id: 1 }),
|
||||
params: {},
|
||||
body: { name: 'new-tag-type', description: 'New tag type for testing' },
|
||||
};
|
||||
func(req, undefined, cb);
|
||||
|
||||
await req.checkRbac(perms.DELETE_TAG_TYPE);
|
||||
expect(accessService.hasPermission).toHaveBeenCalledTimes(1);
|
||||
expect(accessService.hasPermission).toHaveBeenCalledWith(
|
||||
req.user,
|
||||
perms.DELETE_TAG_TYPE,
|
||||
undefined,
|
||||
);
|
||||
});
|
||||
|
@ -1,7 +1,7 @@
|
||||
import { Request, Response } from 'express';
|
||||
import Controller from '../controller';
|
||||
|
||||
import { UPDATE_FEATURE } from '../../types/permissions';
|
||||
import { DELETE_TAG_TYPE, UPDATE_TAG_TYPE } from '../../types/permissions';
|
||||
import { extractUsername } from '../../util/extract-user';
|
||||
import { IUnleashConfig } from '../../types/option';
|
||||
import { IUnleashServices } from '../../types/services';
|
||||
@ -24,11 +24,11 @@ class TagTypeController extends Controller {
|
||||
this.logger = config.getLogger('/admin-api/tag-type.js');
|
||||
this.tagTypeService = tagTypeService;
|
||||
this.get('/', this.getTagTypes);
|
||||
this.post('/', this.createTagType, UPDATE_FEATURE);
|
||||
this.post('/', this.createTagType, UPDATE_TAG_TYPE);
|
||||
this.post('/validate', this.validate);
|
||||
this.get('/:name', this.getTagType);
|
||||
this.put('/:name', this.updateTagType, UPDATE_FEATURE);
|
||||
this.delete('/:name', this.deleteTagType, UPDATE_FEATURE);
|
||||
this.put('/:name', this.updateTagType, UPDATE_TAG_TYPE);
|
||||
this.delete('/:name', this.deleteTagType, DELETE_TAG_TYPE);
|
||||
}
|
||||
|
||||
async getTagTypes(req: Request, res: Response): Promise<void> {
|
||||
|
@ -21,3 +21,5 @@ export const UPDATE_ROLE = 'UPDATE_ROLE';
|
||||
export const UPDATE_API_TOKEN = 'UPDATE_API_TOKEN';
|
||||
export const CREATE_API_TOKEN = 'CREATE_API_TOKEN';
|
||||
export const DELETE_API_TOKEN = 'DELETE_API_TOKEN';
|
||||
export const UPDATE_TAG_TYPE = 'UPDATE_TAG_TYPE';
|
||||
export const DELETE_TAG_TYPE = 'DELETE_TAG_TYPE';
|
||||
|
26
src/migrations/20210922120521-add-tag-type-permission.js
Normal file
26
src/migrations/20210922120521-add-tag-type-permission.js
Normal file
@ -0,0 +1,26 @@
|
||||
'use strict';
|
||||
|
||||
exports.up = function (db, cb) {
|
||||
db.runSql(
|
||||
`
|
||||
INSERT INTO role_permission(role_id, permission)
|
||||
VALUES (2, 'UPDATE_TAG_TYPE'),
|
||||
(2, 'DELETE_TAG_TYPE');
|
||||
INSERT INTO role_permission(role_id, permission, project)
|
||||
VALUES (2, 'UPDATE_TAG_TYPE', 'default'),
|
||||
(2, 'DELETE_TAG_TYPE', 'default');
|
||||
`,
|
||||
cb,
|
||||
);
|
||||
};
|
||||
|
||||
exports.down = function (db, cb) {
|
||||
db.runSql(
|
||||
`
|
||||
DELETE
|
||||
FROM role_permission
|
||||
WHERE permission IN ('UPDATE_TAG_TYPE', 'DELETE_TAG_TYPE');
|
||||
`,
|
||||
cb,
|
||||
);
|
||||
};
|
Loading…
Reference in New Issue
Block a user