Skip to content

[API] Privileges via Groups #105

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
6 of 10 tasks
andersevenrud opened this issue May 14, 2015 · 7 comments
Closed
6 of 10 tasks

[API] Privileges via Groups #105

andersevenrud opened this issue May 14, 2015 · 7 comments
Assignees
@andersevenrud
Labels
enhancement experimental open for suggestions request
Milestone
2.2.0

Comments

@andersevenrud
Copy link
Member

OS.js definately needs privilege support via groups. This is easily doable via the Handler.

It basically only needs to throw an Exception when calling certain functions server-side.

Demo handler will make all users have FULL PRIVILEGES

Groups:

admin - Full privileges

api - Core API Access
application - Application API
vfs - Filesystem read/write
upload - Filesystem upload
curl - cURL access

Frontend

  • Hide packages that you do not have privileges to
  • Add more user information in Settings application

PHP

  • Implement a check method
  • Implement check call in API methods
  • Add checks to packages
  • Filesystem paths etc

How to add privilege to a custom function:

class TestAPIHandler
  extends APIHandler
{

  public static function myFunction(Array $arguments) {
    // ...
  }

}

API::AddHandler('myFunction', Array('TestAPIHandler', 'myFunction'), Array(APIUser::GROUP_VFS, 'customgroup'));
API::SetHandler('TestAPIHandler');

Node

  • Implement a check method
  • Implement check call in API methods
  • Add checks to packages
  • Filesystem paths etc

How to add privilege to a custom function:


(function() {

  exports.register = function(CONFIG, API, HANDLER) {

    API.myFunction= function(args, callback, request, response) {

      if ( !HANDLER.checkPrivilege(request, response, ['groupname']) ) {
        return;
      }

      // ...
    };

  };

})();
@andersevenrud andersevenrud self-assigned this May 14, 2015
@andersevenrud andersevenrud added this to the 2.0.0-beta1 milestone May 14, 2015
andersevenrud added a commit that referenced this issue May 14, 2015
@andersevenrud
server-php: Group privilege support (#105)
f804ea5
@andersevenrud
Copy link
Member Author

@livep2000 It's on its way ;) It works in the PHP server now at least.

@andersevenrud
Copy link
Member Author

@khoaakt Just letting you know that I've started on this ;)

andersevenrud added a commit that referenced this issue May 14, 2015
@andersevenrud
Settings: Added user information to tab (#105)
db7a5c0
andersevenrud added a commit that referenced this issue May 14, 2015
@andersevenrud
server-node: Group privilege support (#105)
f677bdc
@andersevenrud
Copy link
Member Author

That was easier than I first thought... The ground-work is there now :)

@khoaakt
Copy link

khoaakt commented May 15, 2015

@andersevenrud Good job ;), but don't hurry because it will waste time for bug fixes

@livep2000
Copy link

@andersevenrud : love ye !

Got a custom handler running now, accessing my own userdatabase.
With use of the new nginx configuration file.

I'll wait a bit before I translate my sites usergroups to your privilege template.
But looks good so far!

Imre

@andersevenrud
Copy link
Member Author

@khoaakt I have no issues marked as bug. And have not recieved a bug-request in ages. ;)

@andersevenrud andersevenrud changed the title API Privileges via Groups [API] Privileges via Groups May 16, 2015
andersevenrud added a commit that referenced this issue Aug 24, 2015
@andersevenrud
Core: Added group support to package manifest (#105)
0f63bfb
@andersevenrud andersevenrud modified the milestones: 2.0.0, 2.0.0-beta1 Nov 30, 2015
@andersevenrud andersevenrud mentioned this issue Jan 27, 2016
Closed
40 tasks
@andersevenrud
Copy link
Member Author

Superseeded by #304

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@andersevenrud andersevenrud

Labels
enhancement experimental open for suggestions request
Projects
None yet
Milestone
2.2.0
Development

No branches or pull requests
3 participants
@andersevenrud @livep2000 @khoaakt