Merge branch 'main' into blueprint-ce

FlowFuse · Aug 7, 2024 · 165939d · 165939d
2 parents 357eeb3 + 4899db5
commit 165939d
Show file tree

Hide file tree

Showing 7 changed files with 41 additions and 62 deletions.
diff --git a/forge/ee/routes/billing/index.js b/forge/ee/routes/billing/index.js
@@ -7,19 +7,11 @@
 
 const { Readable } = require('stream')
 
-const { registerPermissions } = require('../../../lib/permissions')
-const { Roles } = require('../../../lib/roles.js')
-
 /**
  * @typedef {import('stripe').Stripe.Event} StripeEvent
  */
 
 module.exports = async function (app) {
-    registerPermissions({
-        'team:billing:manual': { description: 'Setups up manual billing on a team', role: Roles.Admin },
-        'team:billing:trial': { description: 'Modify team trial settings', role: Roles.Admin }
-    })
-
     /** @type {import('stripe').Stripe} */
     const stripe = require('stripe')(app.config.billing.stripe.key)
 

diff --git a/forge/ee/routes/deviceEditor/index.js b/forge/ee/routes/deviceEditor/index.js
@@ -1,6 +1,4 @@
 const { generateToken } = require('../../../db/utils')
-const { registerPermissions } = require('../../../lib/permissions')
-const { Roles } = require('../../../lib/roles.js')
 
 /**
  * Routes releated to the EE forge api
@@ -12,9 +10,6 @@ module.exports = async function (app) {
     if (!app.comms) {
         return
     }
-    registerPermissions({
-        'device:editor': { description: 'Access the Device Editor', role: Roles.Member }
-    })
 
     /**
      * Add wildcard content parser for these routes

diff --git a/forge/ee/routes/flowBlueprints/index.js b/forge/ee/routes/flowBlueprints/index.js
@@ -1,19 +1,8 @@
-const { registerPermissions } = require('../../../lib/permissions')
-const { Roles } = require('../../../lib/roles.js')
-
 const hasValueChanged = (requestProp, existingProp) => (requestProp !== undefined && existingProp !== requestProp)
 
 module.exports = async function (app) {
     app.config.features.register('flowBlueprints', true, true)
 
-    registerPermissions({
-        'flow-blueprint:create': { description: 'Create a Flow Blueprint', role: Roles.Admin },
-        'flow-blueprint:list': { description: 'List all Flow Blueprints' },
-        'flow-blueprint:read': { description: 'View a Flow Blueprint' },
-        'flow-blueprint:delete': { description: 'Delete a Flow Blueprint', role: Roles.Admin },
-        'flow-blueprint:edit': { description: 'Edit a Flow Blueprint', role: Roles.Admin }
-    })
-
     app.get('/', {
         preHandler: app.needsPermission('flow-blueprint:list'),
         schema: {

diff --git a/forge/ee/routes/pipeline/index.js b/forge/ee/routes/pipeline/index.js
@@ -2,7 +2,6 @@ const { ValidationError } = require('sequelize')
 
 const { KEY_PROTECTED } = require('../../../db/models/ProjectSettings.js')
 const { ControllerError } = require('../../../lib/errors.js')
-const { registerPermissions } = require('../../../lib/permissions')
 const { Roles } = require('../../../lib/roles.js')
 
 // Declare getLogger functions to provide type hints / quick code nav / code completion
@@ -12,14 +11,6 @@ const getTeamLogger = (app) => { return app.auditLog.Team }
 module.exports = async function (app) {
     const teamLogger = getTeamLogger(app)
 
-    registerPermissions({
-        'pipeline:read': { description: 'View a pipeline', role: Roles.Member },
-        'pipeline:create': { description: 'Create a pipeline', role: Roles.Owner },
-        'pipeline:edit': { description: 'Edit a pipeline', role: Roles.Owner },
-        'pipeline:delete': { description: 'Delete a pipeline', role: Roles.Owner },
-        'application:pipeline:list': { description: 'List pipelines within an application', role: Roles.Member }
-    })
-
     app.addHook('preHandler', async (request, reply) => {
         if (request.params.pipelineId) {
             const pipelineId = request.params.pipelineId

diff --git a/forge/ee/routes/sharedLibrary/index.js b/forge/ee/routes/sharedLibrary/index.js
@@ -1,13 +1,4 @@
-const { registerPermissions } = require('../../../lib/permissions')
-const { Roles } = require('../../../lib/roles.js')
-
 module.exports = async function (app) {
-    registerPermissions({
-        'library:entry:create': { description: 'Create entries in a team library', role: Roles.Member },
-        'library:entry:list': { description: 'List entries in a team library', role: Roles.Member },
-        'library:entry:delete': { description: 'Delete an entry in a team library', role: Roles.Member }
-    })
-
     app.addHook('preHandler', app.verifySession)
     app.addHook('preHandler', async (request, response) => {
         // The request has a valid token, but need to check the token is allowed

diff --git a/forge/ee/routes/sso/index.js b/forge/ee/routes/sso/index.js
@@ -1,17 +1,6 @@
 const fp = require('fastify-plugin')
 
-const { registerPermissions } = require('../../../lib/permissions')
-const { Roles } = require('../../../lib/roles.js')
-
 module.exports = fp(async function (app, opts) {
-    registerPermissions({
-        'saml-provider:create': { description: 'Create a SAML Provider', role: Roles.Admin },
-        'saml-provider:list': { description: 'List all SAML Providers', role: Roles.Admin },
-        'saml-provider:read': { description: 'View a SAML Provider', role: Roles.Admin },
-        'saml-provider:delete': { description: 'Delete a SAML Provider', role: Roles.Admin },
-        'saml-provider:edit': { description: 'Edit a SAML Provider', role: Roles.Admin }
-    })
-
     // Get all
     app.get('/ee/sso/providers', {
         preHandler: app.needsPermission('saml-provider:list')

diff --git a/forge/lib/permissions.js b/forge/lib/permissions.js
@@ -1,5 +1,8 @@
 const { Roles } = require('./roles.js')
 const Permissions = {
+    /**
+     * OS Permissions
+     */
     // User Actions
     'user:create': { description: 'Create User', role: Roles.Admin },
     'user:list': { description: 'List platform users', role: Roles.Admin },
@@ -113,22 +116,51 @@ const Permissions = {
     'platform:stats:token': { description: 'Create/Delete platform stats token', role: Roles.Admin },
     'platform:audit-log': { description: 'View platform audit log', role: Roles.Admin },
 
-    // *** EE Permissions ***
-
+    /**
+     * EE Permissions
+     */
     // Device Groups
     'application:device-group:create': { description: 'Create a device group', role: Roles.Owner },
     'application:device-group:list': { description: 'List device groups', role: Roles.Member },
     'application:device-group:update': { description: 'Update a device group', role: Roles.Owner },
     'application:device-group:delete': { description: 'Delete a device group', role: Roles.Owner },
     'application:device-group:read': { description: 'View a device group', role: Roles.Member },
-    'application:device-group:membership:update': { description: 'Update a device group membership', role: Roles.Owner }
+    'application:device-group:membership:update': { description: 'Update a device group membership', role: Roles.Owner },
+
+    // Device Editor
+    'device:editor': { description: 'Access the Device Editor', role: Roles.Member },
+
+    // Team Billing
+    'team:billing:manual': { description: 'Setups up manual billing on a team', role: Roles.Admin },
+    'team:billing:trial': { description: 'Modify team trial settings', role: Roles.Admin },
+
+    // Flow Blueprints
+    'flow-blueprint:create': { description: 'Create a Flow Blueprint', role: Roles.Admin },
+    'flow-blueprint:list': { description: 'List all Flow Blueprints' },
+    'flow-blueprint:read': { description: 'View a Flow Blueprint' },
+    'flow-blueprint:delete': { description: 'Delete a Flow Blueprint', role: Roles.Admin },
+    'flow-blueprint:edit': { description: 'Edit a Flow Blueprint', role: Roles.Admin },
+
+    // Library
+    'library:entry:create': { description: 'Create entries in a team library', role: Roles.Member },
+    'library:entry:list': { description: 'List entries in a team library', role: Roles.Member },
+    'library:entry:delete': { description: 'Delete an entry in a team library', role: Roles.Member },
+
+    // Pipeline
+    'pipeline:read': { description: 'View a pipeline', role: Roles.Member },
+    'pipeline:create': { description: 'Create a pipeline', role: Roles.Owner },
+    'pipeline:edit': { description: 'Edit a pipeline', role: Roles.Owner },
+    'pipeline:delete': { description: 'Delete a pipeline', role: Roles.Owner },
+    'application:pipeline:list': { description: 'List pipelines within an application', role: Roles.Member },
+
+    // SAML
+    'saml-provider:create': { description: 'Create a SAML Provider', role: Roles.Admin },
+    'saml-provider:list': { description: 'List all SAML Providers', role: Roles.Admin },
+    'saml-provider:read': { description: 'View a SAML Provider', role: Roles.Admin },
+    'saml-provider:delete': { description: 'Delete a SAML Provider', role: Roles.Admin },
+    'saml-provider:edit': { description: 'Edit a SAML Provider', role: Roles.Admin }
 }
 
 module.exports = {
-    Permissions,
-    registerPermissions: function (newPermisssions) {
-        Object.keys(newPermisssions).forEach(key => {
-            Permissions[key] = newPermisssions[key]
-        })
-    }
+    Permissions
 }