First commit

framework/unify/permissionManager.js

@@ -0,0 +1,485 @@
+/*
+
+	Copyright (c) 2020, 2023, The Unified Company.
+
+	This code is part of Unify.
+
+	This program is free software; you can redistribute it and/or modify
+	it under the terms of the ESA Software Community License - Strong Copyleft LICENSE,
+	as published by the ESA.
+	See the ESA Software Community License - Strong Copyleft LICENSE, for more details.
+
+	https://unifyjs.org 
+
+*/
+
+
+import unify		 			from '../unify/unify.js';
+
+import userPermission		 	from '../unify/userPermission.js';
+
+import validator				from '../unify/validator.js';
+
+
+class visitor{
+
+	value	= 2.0;
+	
+	label	= "Member";
+
+	color	= "black";
+	
+	type	= "userGroup";
+	
+}
+
+
+export default class permissionManager{
+
+	__className			= "permissionManager";
+
+	permissions	= new Array();
+
+
+
+	addPermission( user, type ) {
+
+		var currentPermission	= new userPermission( user, type, "allow" );
+		
+		this.permissions.push( currentPermission );
+
+	}
+
+	allow( user, type ) {
+
+		// If the user is not signed in and this method has this.user as first argument
+		// user == false, to prevent that everybody gets access:
+		if( !user ) {
+
+			return false;
+
+		}
+
+		this.addPermission( user, type );
+
+		//this.permissions[ user.id ] = currentPermission; // performance upgrade
+		
+	}
+
+	callPermissionMethod( object ) {
+
+		var clone = object.simpleClone();
+
+		if( object.type == "table" && !object.updated ) {
+
+			object.get();
+
+		}
+
+		object.permissionManager.permissions = new Array();
+
+		object.permissions = new Array(); // this is the working one
+
+		object.permission( clone );
+
+	}
+	
+	noPermissionsWarning( object ) {
+
+		if( object.permissionManager.permissions.length == 0 ) {
+
+			if( object.debug ) {
+
+				console.log("No permissions are set for this object, All request are rejected..");
+
+			}
+		}
+
+	}
+
+	createVisitor(  ) {
+	
+		var table 					= new global.user();
+		
+		table.username.value		= "Visitor";
+
+		table.id 					= 0;
+
+		table.groups				= new visitor();
+
+		return table;
+	
+	}
+
+	isAllowed( user, type, object ) {
+
+		if( !user ) {
+
+			// todo: do this in the core
+			user	= this.createVisitor(  );
+
+		}
+
+		if( object.permission ) {
+
+			this.callPermissionMethod( object );
+
+			this.noPermissionsWarning( object );
+
+		} 
+
+		var permission 		= new userPermission( user, type );
+		
+		if( this.permissions.length == 0 ) {
+		
+			return false;
+		
+		}
+
+		var isPermitted = this.checkPermissions( permission );
+
+		if( isPermitted ) {
+
+			return true;
+
+		} else {
+		
+			return false;
+
+		}
+
+	}
+
+	checkPermissions( permissionB ) {
+
+		for( var c = 0; c < this.permissions.length; c++ ) {
+		
+			var permission	= this.permissions[c];
+
+			if( this.checkPermission( permission, permissionB ) ) {
+			
+				return true;
+			
+			}
+			
+		}
+
+		return false;
+
+	}
+
+	checkCollectionPermission( permission, permissionB ) {
+	
+		var permissionA 		= new userPermission( permissionB.userObject, permission.type, permissionB.userObject );
+
+		if( this.comparePermission( permissionA, permissionB ) ) {
+		
+			return true;
+		
+		}
+	
+	/*
+		var users 	=  collection.querySelect();
+
+		for(var b = 0; b<users.length; b++) {
+		
+			var permissionA = {};
+			
+			permissionA.type	= permission.type;
+			permissionA.policy	= permission.policy;
+			permissionA.userObject	= users[b];
+
+			if( this.comparePermission( permissionA, permissionB ) ) {
+			
+				return true;
+			
+			}
+		}
+
+	*/
+	
+	}
+
+	checkRenderObjectPermissionUser( permissionA, permissionB, validator ) {
+
+		if( currentUser.value ) {
+					
+			var permissionA 		= new userPermission();
+			
+			permissionA.type		= permission.type;
+
+			permissionA.policy		= permission.policy;
+
+			permissionA.userObject	= currentUser[ b ];
+			
+			
+			if( this.comparePermission( permissionA, permissionB ) ) {
+			
+				validator.isValid = true;
+			
+			}
+			
+		}
+
+	}
+
+
+	
+	checkRenderobjectPermission( permission, permissionB ) {
+	
+		var userObject	= permission.userObject;
+
+		var users 		= userObject.rows;
+
+		var validator	= new validator();
+		
+		for( var b = 0; b < users.length; b++ ) {
+			
+			var currentUser = users[b];
+
+			this.checkRenderObjectPermissionUser( permissionA, permissionB, validator );
+
+			if( validator.isValid ) {
+
+				return true;
+
+			}
+
+		}
+
+	}
+	
+	checkUserGroupPermission( permission, permissionB ) {
+	
+		var user 		= permissionB.userObject;
+
+		var userGroup	= permission.userObject;
+
+		if(!user.groups) {
+
+			return false;
+		}
+
+		//console.log(user);
+
+		if( user.groups.value != userGroup.value ) {
+
+			return false;
+
+		}
+
+		if( permissionB.type != permission.type ) {
+
+			return false;
+
+		}
+
+		return true;
+		
+	}
+
+	isDefined( userObject, validator ) {
+
+		if( !userObject ) {
+		
+			validator.isValid	= false;
+		
+		}
+
+	}
+
+	isUserPlaceholder( userObject, validator ) {
+
+		if( userObject == "userplaceholder" ) {
+
+			validator.isValid	= false;
+
+		}
+
+	}
+	
+	validateVisitor( permission, permissionB, validator ) {
+
+		if( !permissionB.userObject ) {
+
+			if( permission.userObject.__className == "visitor" ) {
+
+				validator.isValid	= true;
+
+			} else {
+
+				validator.isValid	= false;
+
+			}
+
+		}
+
+	}
+
+	compareUser( permission, permissionB, validator ) {
+
+		if( this.comparePermission( permission, permissionB ) ) {
+		
+			validator.isValid	= true;
+		
+		}
+
+	}
+
+	compareCollection( permission, permissionB, validator ) {
+
+		if( this.checkCollectionPermission( permission, permissionB ) ) {
+		
+			validator.isValid	= true;
+		
+		}
+
+	}
+
+	compareRenderCollection( permission, permissionB, validator ) {
+
+		
+		if( this.checkRenderobjectPermission( permission, permissionB ) ) {
+		
+			validator.isValid	= true;
+		
+		}
+
+	}
+
+	compareUserGroup( permission, permissionB, validator ) {
+
+		if( this.checkUserGroupPermission( permission, permissionB ) ) {
+		
+			validator.isValid	= true;
+		
+		}
+
+	}
+
+	validateObjects( userObject, validator ) {
+
+		this.isDefined( userObject, validator );
+
+		this.isUserPlaceholder( userObject, validator );
+
+	}
+
+	compareObjects( userObject, permission, permissionB, validator ) {
+
+		switch( userObject.getClassName() ) {
+
+			case "user":
+
+				this.compareUser( permission, permissionB, validator );
+			
+			break;
+
+			case "userObject":
+
+				this.compareUser( permission, permissionB, validator );
+			
+			break;
+			
+			case "collection":
+			
+				this.compareCollection( permission, permissionB, validator );
+				
+			break;
+			
+			default:
+			
+				if( userObject.type == "renderCollection") {
+
+					this.compareRenderCollection( permission, permissionB, validator );
+
+				}
+				
+				if ( userObject.type == "userGroup") { 
+				
+					this.compareUserGroup( permission, permissionB, validator );
+
+				}
+
+				if ( userObject.isUser ) { 
+				
+					this.compareUser( permission, permissionB, validator );
+
+				}
+
+		}
+
+		return validator;
+
+	}
+
+	checkPermission( permission, permissionB ) {
+	
+		var userObject 		= permission.userObject;
+
+		var validator		= new Object();
+
+		validator.isValid	= true;
+
+		this.validateObjects( userObject, validator );
+
+		this.validateVisitor( permission, permissionB, validator );
+		
+
+		if( !validator.isValid ) {
+
+			return false;
+
+		}
+
+		validator.isValid	= false;
+
+		unify.extend( userObject );
+
+		this.compareObjects( userObject, permission, permissionB, validator );
+
+		return validator.isValid;
+
+	}
+	
+	comparePermission( permissionA, permissionB ) {
+
+		if( permissionA.userObject.id == 0 ) {
+
+			return false;
+
+		}
+
+		if( permissionA.userObject.id != permissionB.userObject.id ) {
+
+			return false;
+
+		}
+
+		if( permissionA.type != permissionB.type ) {
+
+			return false;
+
+		}
+
+		if( permissionA.policy != "allow" ) {
+
+			return false;
+
+		}
+
+		return true;
+
+	}
+	
+	deny( user, type ) {
+
+		var currentPermission 			= new userPermission( user, type );
+
+		this.permissions.push( currentPermission );
+
+	}
+
+}
+
+